Model based verification of the Secure Socket Layer (SSL) Protocol for NASA systems

NASA Technical Reports Server (NTRS)

Powell, John D.; Gilliam, David

2004-01-01

The National Aeronautics and Space Administration (NASA) has tens of thousands of networked computer systems and applications. Software Security vulnerabilities present risks such as lost or corrupted data, information theft, and unavailability of critical systems. These risks represent potentially enormous costs to NASA. The NASA Code Q research initiative 'Reducing Software Security Risk (RSSR) Trough an Integrated Approach' offers formal verification of information technology (IT), through the creation of a Software Security Assessment Instrument (SSAI), to address software security risks.

6 CFR 27.210 - Submissions schedule.

Code of Federal Regulations, 2010 CFR

2010-01-01

... in any subsequent Federal Register notice. (2) Security Vulnerability Assessment. Unless otherwise notified, a covered facility must complete and submit a Security Vulnerability Assessment within 90... Department's approval of the facility's Site Security Plan. (2) Security Vulnerability Assessment. Unless...

6 CFR 27.240 - Review and approval of security vulnerability assessments.

Code of Federal Regulations, 2014 CFR

2014-01-01

... CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.240 Review and approval of security vulnerability assessments. (a) Review and Approval. The Department will review and... 6 Domestic Security 1 2014-01-01 2014-01-01 false Review and approval of security vulnerability...

6 CFR 27.240 - Review and approval of security vulnerability assessments.

Code of Federal Regulations, 2011 CFR

2011-01-01

... CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.240 Review and approval of security vulnerability assessments. (a) Review and Approval. The Department will review and... 6 Domestic Security 1 2011-01-01 2011-01-01 false Review and approval of security vulnerability...

6 CFR 27.240 - Review and approval of security vulnerability assessments.

Code of Federal Regulations, 2013 CFR

2013-01-01

... CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.240 Review and approval of security vulnerability assessments. (a) Review and Approval. The Department will review and... 6 Domestic Security 1 2013-01-01 2013-01-01 false Review and approval of security vulnerability...

6 CFR 27.240 - Review and approval of security vulnerability assessments.

Code of Federal Regulations, 2012 CFR

2012-01-01

... CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.240 Review and approval of security vulnerability assessments. (a) Review and Approval. The Department will review and... 6 Domestic Security 1 2012-01-01 2012-01-01 false Review and approval of security vulnerability...

6 CFR 27.235 - Alternative security program.

Code of Federal Regulations, 2010 CFR

2010-01-01

... submit an ASP in lieu of a Security Vulnerability Assessment, Site Security Plan, or both. (2) Tier 1... Tier 3 facilities may not submit an ASP in lieu of a Security Vulnerability Assessment. (b) The... Security Vulnerability Assessment or using the procedure specified in § 27.245 if the ASP is intended to...

Chemical Accident Prevention: Site Security

EPA Pesticide Factsheets

This chemical safety alert assists facilities that routinely handle extremely hazardous substances, along with SERCs, LEPCs, and emergency responders, in their efforts to reduce criminally caused releases and vulnerability to terrorist activity.

33 CFR 105.405 - Format and content of the Facility Security Plan (FSP).

Code of Federal Regulations, 2010 CFR

2010-07-01

... Vulnerability and Security Measures Summary (Form CG-6025) in appendix A to part 105-Facility Vulnerability and... resubmission of the FSP. (c) The Facility Vulnerability and Security Measures Summary (Form CG-6025) must be completed using information in the FSA concerning identified vulnerabilities and information in the FSP...

Securing General Aviation

DTIC Science & Technology

2009-03-03

ajor vulnerabilities still exist in ... general aviation security ,”3 the commission did not further elaborate on the nature of those vulnerabilities...commercial operations may make them an attractive alternative to terrorists seeking to identify and exploit vulnerabilities in aviation security . In this...3, 2003, p. A7. 2 See Report of the Aviation Security Advisory Committee Working Group on General Aviation Airport Security (October 1, 2003); and

Economic Analysis of Cyber Security

DTIC Science & Technology

2006-07-01

vulnerability databases and track the number of incidents reported by U.S. organizations. Many of these are private organizations, such as the security...VULNERABILITY AND ATTACK ESTIMATES Numerous organizations compile vulnerability databases and patch information, and track the number of reported incidents... database / security focus Databases of vulnerabilities identifying the software versions that are susceptible, including information on the method of

Security Vulnerability Profiles of Mission Critical Software: Empirical Analysis of Security Related Bug Reports

NASA Technical Reports Server (NTRS)

Goseva-Popstojanova, Katerina; Tyo, Jacob

2017-01-01

While some prior research work exists on characteristics of software faults (i.e., bugs) and failures, very little work has been published on analysis of software applications vulnerabilities. This paper aims to contribute towards filling that gap by presenting an empirical investigation of application vulnerabilities. The results are based on data extracted from issue tracking systems of two NASA missions. These data were organized in three datasets: Ground mission IVV issues, Flight mission IVV issues, and Flight mission Developers issues. In each dataset, we identified security related software bugs and classified them in specific vulnerability classes. Then, we created the security vulnerability profiles, i.e., determined where and when the security vulnerabilities were introduced and what were the dominating vulnerabilities classes. Our main findings include: (1) In IVV issues datasets the majority of vulnerabilities were code related and were introduced in the Implementation phase. (2) For all datasets, around 90 of the vulnerabilities were located in two to four subsystems. (3) Out of 21 primary classes, five dominated: Exception Management, Memory Access, Other, Risky Values, and Unused Entities. Together, they contributed from 80 to 90 of vulnerabilities in each dataset.

Cyber / Physical Security Vulnerability Assessment Integration

DOE Office of Scientific and Technical Information (OSTI.GOV)

MacDonald, Douglas G.; Simpkins, Bret E.

Abstract Both physical protection and cyber security domains offer solutions for the discovery of vulnerabilities through the use of various assessment processes and software tools. Each vulnerability assessment (VA) methodology provides the ability to identify and categorize vulnerabilities, and quantifies the risks within their own areas of expertise. Neither approach fully represents the true potential security risk to a site and/or a facility, nor comprehensively assesses the overall security posture. The technical approach to solving this problem was to identify methodologies and processes that blend the physical and cyber security assessments, and develop tools to accurately quantify the unaccounted formore » risk. SMEs from both the physical and the cyber security domains developed the blending methodologies, and cross trained each other on the various aspects of the physical and cyber security assessment processes. A local critical infrastructure entity volunteered to host a proof of concept physical/cyber security assessment, and the lessons learned have been leveraged by this effort. The four potential modes of attack an adversary can use in approaching a target are; Physical Only Attack, Cyber Only Attack, Physical Enabled Cyber Attack, and the Cyber Enabled Physical Attack. The Physical Only and the Cyber Only pathway analysis are two of the most widely analyzed attack modes. The pathway from an off-site location to the desired target location is dissected to ensure adversarial activity can be detected and neutralized by the protection strategy, prior to completion of a predefined task. This methodology typically explores a one way attack from the public space (or common area) inward towards the target. The Physical Enabled Cyber Attack and the Cyber Enabled Physical Attack are much more intricate. Both scenarios involve beginning in one domain to affect change in the other, then backing outward to take advantage of the reduced system effectiveness, before penetrating further into the defenses. The proper identification and assessment of the overlapping areas (and interaction between these areas) in the VA process is necessary to accurately assess the true risk.« less

AVQS: attack route-based vulnerability quantification scheme for smart grid.

PubMed

Ko, Jongbin; Lim, Hyunwoo; Lee, Seokjun; Shon, Taeshik

2014-01-01

A smart grid is a large, consolidated electrical grid system that includes heterogeneous networks and systems. Based on the data, a smart grid system has a potential security threat in its network connectivity. To solve this problem, we develop and apply a novel scheme to measure the vulnerability in a smart grid domain. Vulnerability quantification can be the first step in security analysis because it can help prioritize the security problems. However, existing vulnerability quantification schemes are not suitable for smart grid because they do not consider network vulnerabilities. We propose a novel attack route-based vulnerability quantification scheme using a network vulnerability score and an end-to-end security score, depending on the specific smart grid network environment to calculate the vulnerability score for a particular attack route. To evaluate the proposed approach, we derive several attack scenarios from the advanced metering infrastructure domain. The experimental results of the proposed approach and the existing common vulnerability scoring system clearly show that we need to consider network connectivity for more optimized vulnerability quantification.

Vulnerability to food insecurity in urban slums: experiences from Nairobi, Kenya.

PubMed

Kimani-Murage, E W; Schofield, L; Wekesah, F; Mohamed, S; Mberu, B; Ettarh, R; Egondi, T; Kyobutungi, C; Ezeh, A

2014-12-01

Food and nutrition security is critical for economic development due to the role of nutrition in healthy growth and human capital development. Slum residents, already grossly affected by chronic poverty, are highly vulnerable to different forms of shocks, including those arising from political instability. This study describes the food security situation among slum residents in Nairobi, with specific focus on vulnerability associated with the 2007/2008 postelection crisis in Kenya. The study from which the data is drawn was nested within the Nairobi Urban Health and Demographic Surveillance System (NUHDSS), which follows about 70,000 individuals from close to 30,000 households in two slums in Nairobi, Kenya. The study triangulates data from qualitative and quantitative sources. It uses qualitative data from 10 focus group discussions with community members and 12 key-informant interviews with community opinion leaders conducted in November 2010, and quantitative data involving about 3,000 households randomly sampled from the NUHDSS database in three rounds of data collection between March 2011 and January 2012. Food security was defined using the Household Food Insecurity Access Scale (HFIAS) criteria. The study found high prevalence of food insecurity; 85% of the households were food insecure, with 50% being severely food insecure. Factors associated with food security include level of income, source of livelihood, household size, dependence ratio; illness, perceived insecurity and slum of residence. The qualitative narratives highlighted household vulnerability to food insecurity as commonplace but critical during times of crisis. Respondents indicated that residents in the slums generally eat for bare survival, with little concern for quality. The narratives described heightened vulnerability during the 2007/2008 postelection violence in Kenya in the perception of slum residents. Prices of staple foods like maize flour doubled and simultaneously household purchasing power was eroded due to worsened unemployment situation. The use of negative coping strategies to address food insecurity such as reducing the number of meals, reducing food variety and quality, scavenging, and eating street foods was prevalent. In conclusion, this study describes the deeply intertwined nature of chronic poverty and acute crisis, and the subsequent high levels of food insecurity in urban slum settings. Households are extremely vulnerable to food insecurity; the situation worsening during periods of crisis in the perception of slum residents, engendering frequent use of negative coping strategies. Effective response to addressing vulnerability to household food insecurity among the urban poor should focus on both the underlying vulnerabilities of households due to chronic poverty and added impacts of acute crises.

6 CFR 27.400 - Chemical-terrorism vulnerability information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 6 Domestic Security 1 2011-01-01 2011-01-01 false Chemical-terrorism vulnerability information. 27.400 Section 27.400 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Other § 27.400 Chemical-terrorism vulnerability information. (a...

6 CFR 27.400 - Chemical-terrorism vulnerability information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Chemical-terrorism vulnerability information. 27.400 Section 27.400 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Other § 27.400 Chemical-terrorism vulnerability information. (a...

6 CFR 27.400 - Chemical-terrorism vulnerability information.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 6 Domestic Security 1 2012-01-01 2012-01-01 false Chemical-terrorism vulnerability information. 27.400 Section 27.400 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Other § 27.400 Chemical-terrorism vulnerability information. (a...

6 CFR 27.400 - Chemical-terrorism vulnerability information.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 6 Domestic Security 1 2013-01-01 2013-01-01 false Chemical-terrorism vulnerability information. 27.400 Section 27.400 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Other § 27.400 Chemical-terrorism vulnerability information. (a...

6 CFR 27.400 - Chemical-terrorism vulnerability information.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 6 Domestic Security 1 2014-01-01 2014-01-01 false Chemical-terrorism vulnerability information. 27.400 Section 27.400 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Other § 27.400 Chemical-terrorism vulnerability information. (a...

Cyber Security: Critical Infrastructure Controls Assessment Framework

DTIC Science & Technology

2011-05-01

the threats to and 3 • Patch and configuration management • Vulnerability and incident t 2 vulnerabilities • Recommendations to reduce 4 managemen 5... Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington VA 22202-4302. Respondents should be aware that notwithstanding any other...unclassified c. THIS PAGE unclassified Standard Form 298 (Rev. 8-98) Prescribed by ANSI Std Z39-18 Purpose P id i t hrov e an overv ew on assessmen

AVQS: Attack Route-Based Vulnerability Quantification Scheme for Smart Grid

PubMed Central

Lim, Hyunwoo; Lee, Seokjun; Shon, Taeshik

2014-01-01

A smart grid is a large, consolidated electrical grid system that includes heterogeneous networks and systems. Based on the data, a smart grid system has a potential security threat in its network connectivity. To solve this problem, we develop and apply a novel scheme to measure the vulnerability in a smart grid domain. Vulnerability quantification can be the first step in security analysis because it can help prioritize the security problems. However, existing vulnerability quantification schemes are not suitable for smart grid because they do not consider network vulnerabilities. We propose a novel attack route-based vulnerability quantification scheme using a network vulnerability score and an end-to-end security score, depending on the specific smart grid network environment to calculate the vulnerability score for a particular attack route. To evaluate the proposed approach, we derive several attack scenarios from the advanced metering infrastructure domain. The experimental results of the proposed approach and the existing common vulnerability scoring system clearly show that we need to consider network connectivity for more optimized vulnerability quantification. PMID:25152923

Multiple operating system rotation environment moving target defense

DOE Office of Scientific and Technical Information (OSTI.GOV)

Evans, Nathaniel; Thompson, Michael

Systems and methods for providing a multiple operating system rotation environment ("MORE") moving target defense ("MTD") computing system are described. The MORE-MTD system provides enhanced computer system security through a rotation of multiple operating systems. The MORE-MTD system increases attacker uncertainty, increases the cost of attacking the system, reduces the likelihood of an attacker locating a vulnerability, and reduces the exposure time of any located vulnerability. The MORE-MTD environment is effectuated by rotation of the operating systems at a given interval. The rotating operating systems create a consistently changing attack surface for remote attackers.

Achieving Homeland Security in a Time of Diminishing Resources

DTIC Science & Technology

2012-06-08

and merged over 22 federal agencies and programs under the DHS umbrella. The overall mission of DHS is to enact “ a concerted national effort to ensure... A concerted national effort to prevent terrorist attacks within the United States; reduce America’s vulnerability to terrorism, major disasters...activity or effort performed to protect a nation against attack or other threats National Security. Requirement to maintain the survival of the state

Energy technology evaluation report: Energy security

NASA Astrophysics Data System (ADS)

Koopman, R.; Lamont, A.; Schock, R.

1992-09-01

Energy security was identified in the National Energy Strategy (NES) as a major issue for the Department of Energy (DOE). As part of a process designed by the DOE to identify technologies important to implementing the NES, an expert working group was convened to consider which technologies can best contribute to reducing the nation's economic vulnerability to future disruptions of world oil supplies, the working definition of energy security. Other working groups were established to deal with economic growth, environmental quality, and technical foundations. Energy Security working group members were chosen to represent as broad a spectrum of energy supply and end-use technologies as possible and were selected for their established reputations as experienced experts with an ability to be objective. The time available for this evaluation was very short. The group evaluated technologies using criteria taken from the NES which can be summarized for energy security as follows: diversifying sources of world oil supply so as to decrease the increasing monopoly status of the Persian Gulf region; reducing the importance of oil use in the US economy to diminish the impact of future disruptions in oil supply; and increasing the preparedness of the US to deal with oil supply disruptions by having alternatives available at a known price. The result of the first phase of the evaluation process was the identification of technology groups determined to be clearly important for reducing US vulnerability to oil supply disruptions. The important technologies were mostly within the high leverage areas of oil and gas supply and transportation demand but also included hydrogen utilization, biomass, diversion resistant nuclear power, and substitute industrial feedstocks.

Achieving sustainable irrigation water withdrawals: global impacts on food security and land use

NASA Astrophysics Data System (ADS)

Liu, Jing; Hertel, Thomas W.; Lammers, Richard B.; Prusevich, Alexander; Baldos, Uris Lantz C.; Grogan, Danielle S.; Frolking, Steve

2017-10-01

Unsustainable water use challenges the capacity of water resources to ensure food security and continued growth of the economy. Adaptation policies targeting future water security can easily overlook its interaction with other sustainability metrics and unanticipated local responses to the larger-scale policy interventions. Using a global partial equilibrium grid-resolving model SIMPLE-G, and coupling it with the global Water Balance Model, we simulate the consequences of reducing unsustainable irrigation for food security, land use change, and terrestrial carbon. A variety of future (2050) scenarios are considered that interact irrigation productivity with two policy interventions— inter-basin water transfers and international commodity market integration. We find that pursuing sustainable irrigation may erode other development and environmental goals due to higher food prices and cropland expansion. This results in over 800 000 more undernourished people and 0.87 GtC additional emissions. Faster total factor productivity growth in irrigated sectors will encourage more aggressive irrigation water use in the basins where irrigation vulnerability is expected to be reduced by inter-basin water transfer. By allowing for a systematic comparison of these alternative adaptations to future irrigation vulnerability, the global gridded modeling approach offers unique insights into the multiscale nature of the water scarcity challenge.

Vulnerability survival analysis: a novel approach to vulnerability management

NASA Astrophysics Data System (ADS)

Farris, Katheryn A.; Sullivan, John; Cybenko, George

2017-05-01

Computer security vulnerabilities span across large, enterprise networks and have to be mitigated by security engineers on a routine basis. Presently, security engineers will assess their "risk posture" through quantifying the number of vulnerabilities with a high Common Vulnerability Severity Score (CVSS). Yet, little to no attention is given to the length of time by which vulnerabilities persist and survive on the network. In this paper, we review a novel approach to quantifying the length of time a vulnerability persists on the network, its time-to-death, and predictors of lower vulnerability survival rates. Our contribution is unique in that we apply the cox proportional hazards regression model to real data from an operational IT environment. This paper provides a mathematical overview of the theory behind survival analysis methods, a description of our vulnerability data, and an interpretation of the results.

6 CFR 27.255 - Recordkeeping requirements.

Code of Federal Regulations, 2010 CFR

2010-01-01

... audit required under § 27.225(e)) or Security Vulnerability Assessment, a record of the audit, including... retain records of submitted Top-Screens, Security Vulnerability Assessments, Site Security Plans, and all...

Importance of biometrics to addressing vulnerabilities of the U.S. infrastructure

NASA Astrophysics Data System (ADS)

Arndt, Craig M.; Hall, Nathaniel A.

2004-08-01

Human identification technologies are important threat countermeasures in minimizing select infrastructure vulnerabilities. Properly targeted countermeasures should be selected and integrated into an overall security solution based on disciplined analysis and modeling. Available data on infrastructure value, threat intelligence, and system vulnerabilities are carefully organized, analyzed and modeled. Prior to design and deployment of an effective countermeasure; the proper role and appropriateness of technology in addressing the overall set of vulnerabilities is established. Deployment of biometrics systems, as with other countermeasures, introduces potentially heightened vulnerabilities into the system. Heightened vulnerabilities may arise from both the newly introduced system complexities and an unfocused understanding of the set of vulnerabilities impacted by the new countermeasure. The countermeasure's own inherent vulnerabilities and those introduced by the system's integration with the existing system are analyzed and modeled to determine the overall vulnerability impact. The United States infrastructure is composed of government and private assets. The infrastructure is valued by their potential impact on several components: human physical safety, physical/information replacement/repair cost, potential contribution to future loss (criticality in weapons production), direct productivity output, national macro-economic output/productivity, and information integrity. These components must be considered in determining the overall impact of an infrastructure security breach. Cost/benefit analysis is then incorporated in the security technology deployment decision process. Overall security risks based on system vulnerabilities and threat intelligence determines areas of potential benefit. Biometric countermeasures are often considered when additional security at intended points of entry would minimize vulnerabilities.

Understanding security failures of two authentication and key agreement schemes for telecare medicine information systems.

PubMed

Mishra, Dheerendra

2015-03-01

Smart card based authentication and key agreement schemes for telecare medicine information systems (TMIS) enable doctors, nurses, patients and health visitors to use smart cards for secure login to medical information systems. In recent years, several authentication and key agreement schemes have been proposed to present secure and efficient solution for TMIS. Most of the existing authentication schemes for TMIS have either higher computation overhead or are vulnerable to attacks. To reduce the computational overhead and enhance the security, Lee recently proposed an authentication and key agreement scheme using chaotic maps for TMIS. Xu et al. also proposed a password based authentication and key agreement scheme for TMIS using elliptic curve cryptography. Both the schemes provide better efficiency from the conventional public key cryptography based schemes. These schemes are important as they present an efficient solution for TMIS. We analyze the security of both Lee's scheme and Xu et al.'s schemes. Unfortunately, we identify that both the schemes are vulnerable to denial of service attack. To understand the security failures of these cryptographic schemes which are the key of patching existing schemes and designing future schemes, we demonstrate the security loopholes of Lee's scheme and Xu et al.'s scheme in this paper.

33 CFR Appendix A to Part 105 - Facility Vulnerability and Security Measures Summary (Form CG-6025)

Code of Federal Regulations, 2010 CFR

2010-07-01

... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Facility Vulnerability and Security Measures Summary (Form CG-6025) A Appendix A to Part 105 Navigation and Navigable Waters COAST... Appendix A to Part 105—Facility Vulnerability and Security Measures Summary (Form CG-6025) ER22OC03.000...

Network Vulnerability Assessment of the U.S. Crude Pipeline Infrastructure

DTIC Science & Technology

2012-09-01

56 Clanton, “Oklahoma Oil Hub Helps Keep Oil Prices from Going Higher.” 57 Donald Furgeson, John Mahoney , and Brett Warfield...Vulnerability Assessment Matrix of the COTH.58 58 Furgeson, Mahoney , and Warfield, Security...Steinhäusler et al., “Security Risks to the Oil and Gas Industry: Terrorist Capabilities.” 71 Furgeson, Mahoney , and Warfield, Security Vulnerability

Land degradation and climate change: building climate resilience in agriculture

USDA-ARS?s Scientific Manuscript database

Land degradation and climate change pose enormous risks to global food security. Land degradation increases the vulnerability of agroecological systems to climate change and reduces the effectiveness of adaptation options. Yet these interactions have largely been omitted from climate impact assessme...

The national strategy for the physical protection of critical infrastructures and key assets

DOT National Transportation Integrated Search

2003-02-01

This document defines the road ahead for a core mission area identified in the President's National Strategy for Homeland Security-reducing the Nation's vulnerability to acts of terrorism by protecting our critical infrastructures and key assets from...

No Safe Havens.

ERIC Educational Resources Information Center

Trump, Kenneth S.; Lavarello, Curtis

2003-01-01

Discusses implications of national survey of school-based police that finds majority of respondents believe schools are vulnerable to a terrorist attack. Describes school board's role in improving school safety, steps school officials can take to reduce risk, and some practical, cost-effective measures to increase security. (PKP)

Security challenge to using smartphones for SHM

NASA Astrophysics Data System (ADS)

Abueh, Yeka; Liu, Hong

2016-04-01

Pervasive smartphones have demonstrated great potential in structural health monitoring (SHM) of civil infrastructures. Their sensing, processing, and communication capabilities along with crowdsourcing facility ease technical difficulties and reduce financial burdens of instrumentation and monitoring for SHM in civil infrastructures. However, smartphones are vulnerable to unintentional misuses and malicious attacks. This paper analyzes the vulnerabilities of smartphones in performing SHM and reveals the exploitation of those vulnerabilities. The work probes the attack surface of both devices and data. Device attack scenarios include hacking individual smartphones to modify the data stored on them and orchestrating smartphones to launch a distributed denial-of-service attack. Specifically, experiments are conducted to remotely access an Android smartphone and modify the sensing data of structural health stored on it. The work also presents a case study that reveals the sensitivity of a popular perturbation analysis method to faulty data delivered by a smartphone. The paper provides the direction of meeting the security challenge to using smartphones for SHM. As the first line of defense, device authentication is implemented in the smartphone to stop spoofing. Subsequently, message authentication is devised to maintain data integrity. There is a need to apply data science for the SHM immunity system against the sensitivity to data inaccuracy. The work also evaluates the cost-effectiveness of the proposed security measures, recommending varying levels of security to mitigate the adversaries to smartphones used in SHM systems. It calls for security solutions at the design stage of SHM systems rather than patching up after their implementations.

Security Vulnerability and Patch Management in Electric Utilities: A Data-Driven Analysis

DOE Office of Scientific and Technical Information (OSTI.GOV)

Li, Qinghua; Zhang, Fengli

This paper explores a real security vulnerability and patch management dataset from an electric utility in order to shed light on characteristics of the vulnerabilities that electric utility assets have and how they are remediated in practice. Specifically, it first analyzes the distribution of vulnerabilities over software, assets, and other metric. Then it analyzes how vulnerability features affect remediate actions.

Vulnerability Analysis and Evaluation of Urban Road System in Tianjin

NASA Astrophysics Data System (ADS)

Liu, Y. Q.; Wu, X.

In recent years, with the development of economy, the road construction of our country has entered into a period of rapid growth. The road transportation network has been expanding and the risk of disasters is increasing. In this paper we study the vulnerability of urban road system in Tianjin. After analyzed many risk factors of the urban road system security, including road construction, road traffic and the natural environment, we proposed an evaluation index of vulnerability of urban road system and established the corresponding evaluation index system. Based on the results of analysis and comprehensive evaluation, appropriate improvement measures and suggestions which may reduce the vulnerability of the road system and improve the safety and reliability of the road system are proposed.

Wireless Sensor Network Security Enhancement Using Directional Antennas: State of the Art and Research Challenges.

PubMed

Curiac, Daniel-Ioan

2016-04-07

Being often deployed in remote or hostile environments, wireless sensor networks are vulnerable to various types of security attacks. A possible solution to reduce the security risks is to use directional antennas instead of omnidirectional ones or in conjunction with them. Due to their increased complexity, higher costs and larger sizes, directional antennas are not traditionally used in wireless sensor networks, but recent technology trends may support this method. This paper surveys existing state of the art approaches in the field, offering a broad perspective of the future use of directional antennas in mitigating security risks, together with new challenges and open research issues.

Addressing the vulnerabilities of pass-thoughts

NASA Astrophysics Data System (ADS)

Fernandez, Gabriel C.; Danko, Amanda S.

2016-05-01

As biometrics become increasingly pervasive, consumer electronics are reaping the benefits of improved authentication methods. Leveraging the physical characteristics of a user reduces the burden of setting and remembering complex passwords, while enabling stronger security. Multi-factor systems lend further credence to this model, increasing security via multiple passive data points. In recent years, brainwaves have been shown to be another feasible source for biometric authentication. Physically unique to an individual in certain circumstances, the signals can also be changed by the user at will, making them more robust than static physical characteristics. No paradigm is impervious however, and even well-established medical technologies have deficiencies. In this work, a system for biometric authentication via brainwaves is constructed with electroencephalography (EEG). The efficacy of EEG biometrics via existing consumer electronics is evaluated, and vulnerabilities of such a system are enumerated. Impersonation attacks are performed to expose the extent to which the system is vulnerable. Finally, a multimodal system combining EEG with additional factors is recommended and outlined.

78 FR 7334 - Port Authority Access to Facility Vulnerability Assessments and the Integration of Security Systems

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-01

... to Facility Vulnerability Assessments and the Integration of Security Systems AGENCY: Coast Guard...-sharing measures. Security System Integration Alternatives Require each MTSA-regulated facility owner or... other forms of security system integration. Information Requested 1. We request comments on the...

Web vulnerability study of online pharmacy sites.

PubMed

Kuzma, Joanne

2011-01-01

Consumers are increasingly using online pharmacies, but these sites may not provide an adequate level of security with the consumers' personal data. There is a gap in this research addressing the problems of security vulnerabilities in this industry. The objective is to identify the level of web application security vulnerabilities in online pharmacies and the common types of flaws, thus expanding on prior studies. Technical, managerial and legal recommendations on how to mitigate security issues are presented. The proposed four-step method first consists of choosing an online testing tool. The next steps involve choosing a list of 60 online pharmacy sites to test, and then running the software analysis to compile a list of flaws. Finally, an in-depth analysis is performed on the types of web application vulnerabilities. The majority of sites had serious vulnerabilities, with the majority of flaws being cross-site scripting or old versions of software that have not been updated. A method is proposed for the securing of web pharmacy sites, using a multi-phased approach of technical and managerial techniques together with a thorough understanding of national legal requirements for securing systems.

An evaluation of security measures implemented to address physical threats to water infrastructure in the state of Mississippi.

PubMed

Barrett, Jason R; French, P Edward

2013-01-01

The events of September 11, 2001, increased and intensified domestic preparedness efforts in the United States against terrorism and other threats. The heightened focus on protecting this nation's critical infrastructure included legislation requiring implementation of extensive new security measures to better defend water supply systems against physical, chemical/biological, and cyber attacks. In response, municipal officials have implemented numerous safeguards to reduce the vulnerability of these systems to purposeful intrusions including ongoing vulnerability assessments, extensive personnel training, and highly detailed emergency response and communication plans. This study evaluates fiscal year 2010 annual compliance assessments of public water systems with security measures that were implemented by Mississippi's Department of Health as a response to federal requirements to address these potential terrorist threats to water distribution systems. The results show that 20 percent of the water systems in this state had at least one security violation on their 2010 Capacity Development Assessment, and continued perseverance from local governments is needed to enhance the resiliency and robustness of these systems against physical threats.

A code inspection process for security reviews

DOE Office of Scientific and Technical Information (OSTI.GOV)

Garzoglio, Gabriele; /Fermilab

2009-05-01

In recent years, it has become more and more evident that software threat communities are taking an increasing interest in Grid infrastructures. To mitigate the security risk associated with the increased numbers of attacks, the Grid software development community needs to scale up effort to reduce software vulnerabilities. This can be achieved by introducing security review processes as a standard project management practice. The Grid Facilities Department of the Fermilab Computing Division has developed a code inspection process, tailored to reviewing security properties of software. The goal of the process is to identify technical risks associated with an application andmore » their impact. This is achieved by focusing on the business needs of the application (what it does and protects), on understanding threats and exploit communities (what an exploiter gains), and on uncovering potential vulnerabilities (what defects can be exploited). The desired outcome of the process is an improvement of the quality of the software artifact and an enhanced understanding of possible mitigation strategies for residual risks. This paper describes the inspection process and lessons learned on applying it to Grid middleware.« less

A code inspection process for security reviews

NASA Astrophysics Data System (ADS)

Garzoglio, Gabriele

2010-04-01

In recent years, it has become more and more evident that software threat communities are taking an increasing interest in Grid infrastructures. To mitigate the security risk associated with the increased numbers of attacks, the Grid software development community needs to scale up effort to reduce software vulnerabilities. This can be achieved by introducing security review processes as a standard project management practice. The Grid Facilities Department of the Fermilab Computing Division has developed a code inspection process, tailored to reviewing security properties of software. The goal of the process is to identify technical risks associated with an application and their impact. This is achieved by focusing on the business needs of the application (what it does and protects), on understanding threats and exploit communities (what an exploiter gains), and on uncovering potential vulnerabilities (what defects can be exploited). The desired outcome of the process is an improvement of the quality of the software artifact and an enhanced understanding of possible mitigation strategies for residual risks. This paper describes the inspection process and lessons learned on applying it to Grid middleware.

Assessing the security vulnerabilities of correctional facilities

NASA Astrophysics Data System (ADS)

Spencer, Debra D.; Morrison, G. Steve

1998-12-01

The National Institute of Justice has tasked their satellite facility at Sandia National Laboratories and their Southeast Regional Technology Center in Charleston, South Carolina to devise new procedures and tools for helping correctional facilities to assess their security vulnerabilities. Thus, a team is visiting selected correctional facilities and performing vulnerability assessments. A vulnerability assessment helps identify the easiest paths for inmate escape, for introduction of contraband such as drugs or weapons, for unexpected intrusion from outside of the facility, and for the perpetration of violent acts on other inmates and correctional employees. In addition, the vulnerability assessment helps to quantify the security risks for the facility. From these assessments will come better procedures for performing vulnerability assessments in general at other correctional facilities, as well as the development of tools to assist with the performance of such vulnerability assessments.

Nested archetypes of vulnerability in African drylands: where lies potential for sustainable agricultural intensification?

NASA Astrophysics Data System (ADS)

Sietz, D.; Ordoñez, J. C.; Kok, M. T. J.; Janssen, P.; Hilderink, H. B. M.; Tittonell, P.; Van Dijk, H.

2017-09-01

Food production is key to achieving food security in the drylands of sub-Saharan Africa. Since agricultural productivity is limited, however, due to inherent agro-ecological constraints and land degradation, sustainable agricultural intensification has been widely discussed as an opportunity for improving food security and reducing vulnerability. Yet vulnerability determinants are distributed heterogeneously in the drylands of sub-Saharan Africa and sustainable intensification cannot be achieved everywhere in cost-effective and efficient ways. To better understand the heterogeneity of farming systems’ vulnerability in order to support decision making at regional scales, we present archetypes, i.e. socio-ecological patterns, of farming systems’ vulnerability in the drylands of sub-Saharan Africa and reveal their nestedness. We quantitatively indicated the most relevant farming systems’ properties at a sub-national resolution. These factors included water availability, agro-ecological potential, erosion sensitivity, population pressure, urbanisation, remoteness, governance, income and undernourishment. Cluster analysis revealed eight broad archetypes of vulnerability across all drylands of sub-Saharan Africa. The broad archetype representing better governance and highest remoteness in extremely dry and resource-constrained regions encompassed the largest area share (19%), mainly indicated in western Africa. Moreover, six nested archetypes were identified within those regions with better agropotential and prevalent agricultural livelihoods. Among these patterns, the nested archetype depicting regions with highest erosion sensitivity, severe undernourishment and lower agropotential represented the largest population (30%) and area (28%) share, mainly found in the Sahel region. The nested archetype indicating medium undernourishment, better governance and lowest erosion sensitivity showed particular potential for sustainable agricultural intensification, mainly in western and some parts of southeastern and eastern Africa. Insights into the nestedness of archetypes allowed a more differentiated discussion of vulnerability and sustainable intensification opportunities, enhancing the evaluation of key interlinkages between land management and food security. The archetypes may support the transfer of successful intensification strategies based on similarities among the drylands in sub-Saharan Africa.

SSL/TLS Vulnerability Detection Using Black Box Approach

NASA Astrophysics Data System (ADS)

Gunawan, D.; Sitorus, E. H.; Rahmat, R. F.; Hizriadi, A.

2018-03-01

Socket Secure Layer (SSL) and Transport Layer Security (TLS) are cryptographic protocols that provide data encryption to secure the communication over a network. However, in some cases, there are vulnerability found in the implementation of SSL/TLS because of weak cipher key, certificate validation error or session handling error. One of the most vulnerable SSL/TLS bugs is heartbleed. As the security is essential in data communication, this research aims to build a scanner that detect the SSL/TLS vulnerability by using black box approach. This research will focus on heartbleed case. In addition, this research also gathers information about existing SSL in the server. The black box approach is used to test the output of a system without knowing the process inside the system itself. For testing purpose, this research scanned websites and found that some of the websites still have SSL/TLS vulnerability. Thus, the black box approach can be used to detect the vulnerability without considering the source code and the process inside the application.

The Mission of the Polish Universities in Environmental Preservation.

ERIC Educational Resources Information Center

Mazurkiewicz, Boleslaw K.

In order to reduce pollution, secure long-term energy needs, retard the depletion of non-renewable resources, and harmonize industrialization with the vulnerable environment, Polish universities are directing their efforts toward intensification of ecological education and intensification of research activities. Its efforts are connected with…

Global Climate Change, Food Security and the U.S. Food System

NASA Technical Reports Server (NTRS)

Brown, Molly Elizabeth; Walsh, Margaret; Hauser, Rachel; Murray, Anthony; Jadin, Jenna; Baklund, Peter; Robinson, Paula

2013-01-01

Climate change influences on the major pillars of food security. Each of the four elements of food security (availability,access,utilization,andstability) is vulnerable to changes in climate. For example,reductions in production related to regional drought influence food availability at multiple scales. Changes in price influences the ability of certain populations to purchase food (access). Utilization maybe affected when production zones shift, reducing the availability of preferred or culturally appropriate types of food within a region. Stability of the food supply may be highly uncertain given an increased incidence of extreme climatic events and their influence on production patterns.

Homeland Security Vulnerabilities Of The US National Capital Region’s Bridges

DTIC Science & Technology

2016-06-10

THE HOMELAND SECURITY VULNERABILITIES OF THE US NATIONAL CAPITAL REGION’S BRIDGES A thesis presented to the Faculty of the U.S...AUG 2015 – JUNE 2016 4. TITLE AND SUBTITLE The Homeland Security Vulnerabilities of the US National Capital Region’s Bridges 5a. CONTRACT...degradation as the rest of the United States. The ground transportation infrastructure, especially the bridges , in the NCR presents an interesting case

Statistics of software vulnerability detection in certification testing

NASA Astrophysics Data System (ADS)

Barabanov, A. V.; Markov, A. S.; Tsirlov, V. L.

2018-05-01

The paper discusses practical aspects of introduction of the methods to detect software vulnerability in the day-to-day activities of the accredited testing laboratory. It presents the approval results of the vulnerability detection methods as part of the study of the open source software and the software that is a test object of the certification tests under information security requirements, including software for communication networks. Results of the study showing the allocation of identified vulnerabilities by types of attacks, country of origin, programming languages used in the development, methods for detecting vulnerability, etc. are given. The experience of foreign information security certification systems related to the detection of certified software vulnerabilities is analyzed. The main conclusion based on the study is the need to implement practices for developing secure software in the development life cycle processes. The conclusions and recommendations for the testing laboratories on the implementation of the vulnerability analysis methods are laid down.

DOE Office of Scientific and Technical Information (OSTI.GOV)

MacDonald, Douglas G.; Clements, Samuel L.; Patrick, Scott W.

Securing high value and critical assets is one of the biggest challenges facing this nation and others around the world. In modern integrated systems, there are four potential modes of attack available to an adversary: • physical only attack, • cyber only attack, • physical-enabled cyber attack, • cyber-enabled physical attack. Blended attacks involve an adversary working in one domain to reduce system effectiveness in another domain. This enables the attacker to penetrate further into the overall layered defenses. Existing vulnerability assessment (VA) processes and software tools which predict facility vulnerabilities typically evaluate the physical and cyber domains separately. Vulnerabilitiesmore » which result from the integration of cyber-physical control systems are not well characterized and are often overlooked by existing assessment approaches. In this paper, we modified modification of the timely detection methodology, used for decades in physical security VAs, to include cyber components. The Physical and Cyber Risk Analysis Tool (PACRAT) prototype illustrates an integrated vulnerability assessment that includes cyber-physical interdependencies. Information about facility layout, network topology, and emplaced safeguards is used to evaluate how well suited a facility is to detect, delay, and respond to attacks, to identify the pathways most vulnerable to attack, and to evaluate how often safeguards are compromised for a given threat or adversary type. We have tested the PACRAT prototype on critical infrastructure facilities and the results are promising. Future work includes extending the model to prescribe the recommended security improvements via an automated cost-benefit analysis.« less

Security and Vulnerability Assessment of Social Media Sites: An Exploratory Study

ERIC Educational Resources Information Center

Zhao, Jensen; Zhao, Sherry Y.

2015-01-01

While the growing popularity of social media has brought many benefits to society, it has also resulted in privacy and security threats. The authors assessed the security and vulnerability of 50 social media sites. The findings indicate that most sites (a) posted privacy and security policies but only a minority stated clearly their execution of…

Indirection and computer security.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Berg, Michael J.

2011-09-01

The discipline of computer science is built on indirection. David Wheeler famously said, 'All problems in computer science can be solved by another layer of indirection. But that usually will create another problem'. We propose that every computer security vulnerability is yet another problem created by the indirections in system designs and that focusing on the indirections involved is a better way to design, evaluate, and compare security solutions. We are not proposing that indirection be avoided when solving problems, but that understanding the relationships between indirections and vulnerabilities is key to securing computer systems. Using this perspective, we analyzemore » common vulnerabilities that plague our computer systems, consider the effectiveness of currently available security solutions, and propose several new security solutions.« less

6 CFR 27.105 - Definitions.

Code of Federal Regulations, 2010 CFR

2010-01-01

..., Security Vulnerability Assessment, and Site Security Plan, through which the Department will collect and analyze key data from chemical facilities. Chemical-terrorism Vulnerability Information or CVI shall mean...

Topological Vulnerability Analysis

NASA Astrophysics Data System (ADS)

Jajodia, Sushil; Noel, Steven

Traditionally, network administrators rely on labor-intensive processes for tracking network configurations and vulnerabilities. This requires a great deal of expertise, and is error prone because of the complexity of networks and associated security data. The interdependencies of network vulnerabilities make traditional point-wise vulnerability analysis inadequate. We describe a Topological Vulnerability Analysis (TVA) approach that analyzes vulnerability dependencies and shows all possible attack paths into a network. From models of the network vulnerabilities and potential attacker exploits, we compute attack graphs that convey the impact of individual and combined vulnerabilities on overall security. TVA finds potential paths of vulnerability through a network, showing exactly how attackers may penetrate a network. From this, we identify key vulnerabilities and provide strategies for protection of critical network assets.

Protecting Database Centric Web Services against SQL/XPath Injection Attacks

NASA Astrophysics Data System (ADS)

Laranjeiro, Nuno; Vieira, Marco; Madeira, Henrique

Web services represent a powerful interface for back-end database systems and are increasingly being used in business critical applications. However, field studies show that a large number of web services are deployed with security flaws (e.g., having SQL Injection vulnerabilities). Although several techniques for the identification of security vulnerabilities have been proposed, developing non-vulnerable web services is still a difficult task. In fact, security-related concerns are hard to apply as they involve adding complexity to already complex code. This paper proposes an approach to secure web services against SQL and XPath Injection attacks, by transparently detecting and aborting service invocations that try to take advantage of potential vulnerabilities. Our mechanism was applied to secure several web services specified by the TPC-App benchmark, showing to be 100% effective in stopping attacks, non-intrusive and very easy to use.

Wireless Sensor Network Security Enhancement Using Directional Antennas: State of the Art and Research Challenges

PubMed Central

Curiac, Daniel-Ioan

2016-01-01

Being often deployed in remote or hostile environments, wireless sensor networks are vulnerable to various types of security attacks. A possible solution to reduce the security risks is to use directional antennas instead of omnidirectional ones or in conjunction with them. Due to their increased complexity, higher costs and larger sizes, directional antennas are not traditionally used in wireless sensor networks, but recent technology trends may support this method. This paper surveys existing state of the art approaches in the field, offering a broad perspective of the future use of directional antennas in mitigating security risks, together with new challenges and open research issues. PMID:27070601

Investigative Operations: Use of Covert Testing to Identify Security Vulnerabilities and Fraud, Waste, and Abuse

DTIC Science & Technology

2007-11-14

including evaluations of controls over radioactive materials and security at America’s borders, airport security , sales of sensitive and surplus...officers. The details of this March 2006 report are classified; however, TSA has authorized this limited discussion. Airport Security Testing Sale of...of covert security vulnerability testing of numerous airports across the country. During these covert tests, our investigators passed through airport

The hack attack - Increasing computer system awareness of vulnerability threats

NASA Technical Reports Server (NTRS)

Quann, John; Belford, Peter

1987-01-01

The paper discusses the issue of electronic vulnerability of computer based systems supporting NASA Goddard Space Flight Center (GSFC) by unauthorized users. To test the security of the system and increase security awareness, NYMA, Inc. employed computer 'hackers' to attempt to infiltrate the system(s) under controlled conditions. Penetration procedures, methods, and descriptions are detailed in the paper. The procedure increased the security consciousness of GSFC management to the electronic vulnerability of the system(s).

Food Security, Institutional Framework and Technology: Examining the Nexus in Nigeria Using ARDL Approach

PubMed Central

Osabohien, Romanus; Osabuohien, Evans; Urhie, Ese

2018-01-01

Background: Growth in agricultural science and technology is deemed essential for in-creasing agricultural output; reduce the vulnerability of rural poverty and in turn, food security. Food security and growth in agricultural output depends on technological usages, which enhances the pro-ductive capacity of the agricultural sector. The indicators of food security utilised in this study in-clude: dietary energy supply, average value of food production, prevalence of food inadequacy, among others. Objective: In this paper, we examined the level of technology and how investment in the agriculture and technology can improve technical know-how in Nigeria with a view to achieving food security. Method: We carried out the analysis on how investment in technology and institutional framework can improve the level of food availability (a key component of food security) in Nigeria using econ-ometric technique based on Autoregressive Distribution Lag (ARDL) framework. Results: The results showed, inter alia, that in Nigeria, there is a high level of food insecurity as a result of low attention on food production occasioned by the pervasive influence of oil that become the major export product. Conclusion: It was noted that the availability of arable land was one of the major factors to increase food production to solve the challenge of food insecurity. Thus, the efforts of reducing the rate of food insecurity are essential in this regards. This can also be achieved, among others, by active interactions between government and farmers, to make contribution to important planning issues that relate to food production in the country and above all, social protection policies should be geared or channelled to agricultural sector to protect farmers who are vulnerable to shocks and avert risks associated with agriculture. PMID:29853816

Food Security, Institutional Framework and Technology: Examining the Nexus in Nigeria Using ARDL Approach.

PubMed

Osabohien, Romanus; Osabuohien, Evans; Urhie, Ese

2018-04-01

Growth in agricultural science and technology is deemed essential for in-creasing agricultural output; reduce the vulnerability of rural poverty and in turn, food security. Food security and growth in agricultural output depends on technological usages, which enhances the pro-ductive capacity of the agricultural sector. The indicators of food security utilised in this study in-clude: dietary energy supply, average value of food production, prevalence of food inadequacy, among others. In this paper, we examined the level of technology and how investment in the agriculture and technology can improve technical know-how in Nigeria with a view to achieving food security. We carried out the analysis on how investment in technology and institutional framework can improve the level of food availability (a key component of food security) in Nigeria using econ-ometric technique based on Autoregressive Distribution Lag (ARDL) framework. The results showed, inter alia, that in Nigeria, there is a high level of food insecurity as a result of low attention on food production occasioned by the pervasive influence of oil that become the major export product. It was noted that the availability of arable land was one of the major factors to increase food production to solve the challenge of food insecurity. Thus, the efforts of reducing the rate of food insecurity are essential in this regards. This can also be achieved, among others, by active interactions between government and farmers, to make contribution to important planning issues that relate to food production in the country and above all, social protection policies should be geared or channelled to agricultural sector to protect farmers who are vulnerable to shocks and avert risks associated with agriculture.

Barriers to Securing Data on Bluetooth®-Enabled Mobile Devices: A Phenomenological Study

ERIC Educational Resources Information Center

Hines, Natasha

2015-01-01

Company data on mobile devices is vulnerable and subject to unauthorized access. The general problem is that information security incidents compromise the integrity and authenticity of electronic data. The specific problem is that organizational security policies, procedures, and training do not adequately address the vulnerabilities associated…

Regulatory Guide on Conducting a Security Vulnerability Assessment

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ek, David R.

This document will provide guidelines on conducting a security vulnerability assessment at a facility regulated by the Radiation Protection Centre. The guidelines provide a performance approach assess security effectiveness. The guidelines provide guidance for a review following the objectives outlined in IAEA NSS#11 for Category 1, 2, & 3 sources.

Lack of security of networked medical equipment in radiology.

PubMed

Moses, Vinu; Korah, Ipeson

2015-02-01

OBJECTIVE. There are few articles in the literature describing the security and safety aspects of networked medical equipment in radiology departments. Most radiologists are unaware of the security issues. We review the security of the networked medical equipment of a typical radiology department. MATERIALS AND METHODS. All networked medical equipment in a radiology department was scanned for vulnerabilities with a port scanner and a network vulnerability scanner, and the vulnerabilities were classified using the Common Vulnerability Scoring System. A network sniffer was used to capture and analyze traffic on the radiology network for exposure of confidential patient data. We reviewed the use of antivirus software and firewalls on the networked medical equipment. USB ports and CD and DVD drives in the networked medical equipment were tested to see whether they allowed unauthorized access. Implementation of the virtual private network (VPN) that vendors use to access the radiology network was reviewed. RESULTS. Most of the networked medical equipment in our radiology department used vulnerable software with open ports and services. Of the 144 items scanned, 64 (44%) had at least one critical vulnerability, and 119 (83%) had at least one high-risk vulnerability. Most equipment did not encrypt traffic and allowed capture of confidential patient data. Of the 144 items scanned, two (1%) used antivirus software and three (2%) had a firewall enabled. The USB ports were not secure on 49 of the 58 (84%) items with USB ports, and the CD or DVD drive was not secure on 17 of the 31 (55%) items with a CD or DVD drive. One of three vendors had an insecure implementation of VPN access. CONCLUSION. Radiologists and the medical industry need to urgently review and rectify the security issues in existing networked medical equipment. We hope that the results of our study and this article also raise awareness among radiologists about the security issues of networked medical equipment.

Food security and nutritional outcomes among urban poor orphans in Nairobi, Kenya.

PubMed

Kimani-Murage, Elizabeth W; Holding, Penny A; Fotso, Jean-Christophe; Ezeh, Alex C; Madise, Nyovani J; Kahurani, Elizabeth N; Zulu, Eliya M

2011-06-01

The study examines the relationship between orphanhood status and nutritional status and food security among children living in the rapidly growing and uniquely vulnerable slum settlements in Nairobi, Kenya. The study was conducted between January and June 2007 among children aged 6-14 years, living in informal settlements of Nairobi, Kenya. Anthropometric measurements were taken using standard procedures and z scores generated using the NCHS/WHO reference. Data on food security were collected through separate interviews with children and their caregivers, and used to generate a composite food security score. Multiple regression analysis was done to determine factors related to vulnerability with regards to food security and nutritional outcomes. The results show that orphans were more vulnerable to food insecurity than non-orphans and that paternal orphans were the most vulnerable orphan group. However, these effects were not significant for nutritional status, which measures long-term food deficiencies. The results also show that the most vulnerable children are boys, those living in households with lowest socioeconomic status, with many dependants, and female-headed and headed by adults with low human capital (low education). This study provides useful insights to inform policies and practice to identify target groups and intervention programs to improve the welfare of orphans and vulnerable children living in urban poor communities.

33 CFR 105.410 - Submission and approval.

Code of Federal Regulations, 2010 CFR

2010-07-01

... operational characteristics of each facility and must complete a separate Facility Vulnerability and Security Measures Summary (Form CG-6025), in appendix A to part 105—Facility Vulnerability and Security Measures...

Cognitive vulnerability to depression in young people in secure accommodation: the influence of ethnicity and current suicidal ideation.

PubMed

Woolgar, Matthew; Tranah, Troy

2010-10-01

Young people in secure accommodation are at high risk of depression and self-harm. This study investigates the relationship between depressive symptoms, negative self-schemas and the cognitive vulnerability to depression in 38 young people in secure accommodation. The impact of a) current suicidal ideation and b) a previous history of self-harm behaviour on latent negative self-schemas was examined using a mood induction task. The low mood condition indicated these young people had a latent cognitive vulnerability to depression. However, this vulnerability was exacerbated in the context of current suicidal ideation but not by a history of self-harm behaviours. An unexpected finding was the negative self-schemas of young people from ethnic minority backgrounds were particularly susceptible to the mood induction. The findings are discussed both in terms of the cognitive vulnerabilities of adolescents detained in secure accommodation and the role of participant characteristics on the validity of mood induction studies in adolescence.

Supporting secure programming in web applications through interactive static analysis.

PubMed

Zhu, Jun; Xie, Jing; Lipford, Heather Richter; Chu, Bill

2014-07-01

Many security incidents are caused by software developers' failure to adhere to secure programming practices. Static analysis tools have been used to detect software vulnerabilities. However, their wide usage by developers is limited by the special training required to write rules customized to application-specific logic. Our approach is interactive static analysis, to integrate static analysis into Integrated Development Environment (IDE) and provide in-situ secure programming support to help developers prevent vulnerabilities during code construction. No additional training is required nor are there any assumptions on ways programs are built. Our work is motivated in part by the observation that many vulnerabilities are introduced due to failure to practice secure programming by knowledgeable developers. We implemented a prototype interactive static analysis tool as a plug-in for Java in Eclipse. Our technical evaluation of our prototype detected multiple zero-day vulnerabilities in a large open source project. Our evaluations also suggest that false positives may be limited to a very small class of use cases.

Supporting secure programming in web applications through interactive static analysis

PubMed Central

Zhu, Jun; Xie, Jing; Lipford, Heather Richter; Chu, Bill

2013-01-01

Many security incidents are caused by software developers’ failure to adhere to secure programming practices. Static analysis tools have been used to detect software vulnerabilities. However, their wide usage by developers is limited by the special training required to write rules customized to application-specific logic. Our approach is interactive static analysis, to integrate static analysis into Integrated Development Environment (IDE) and provide in-situ secure programming support to help developers prevent vulnerabilities during code construction. No additional training is required nor are there any assumptions on ways programs are built. Our work is motivated in part by the observation that many vulnerabilities are introduced due to failure to practice secure programming by knowledgeable developers. We implemented a prototype interactive static analysis tool as a plug-in for Java in Eclipse. Our technical evaluation of our prototype detected multiple zero-day vulnerabilities in a large open source project. Our evaluations also suggest that false positives may be limited to a very small class of use cases. PMID:25685513

77 FR 67557 - Special Conditions: ATR-GIE Avions de Transport Regional, Models ATR42-500 and ATR72-212A...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-13

... to, or access by, external systems and networks may result in security vulnerabilities to the... configuration may allow the exploitation of network security vulnerabilities resulting in intentional or..., Models ATR42-500 and ATR72-212A Airplanes; Aircraft Electronic System Security Protection From...

Summary of vulnerability related technologies based on machine learning

NASA Astrophysics Data System (ADS)

Zhao, Lei; Chen, Zhihao; Jia, Qiong

2018-04-01

As the scale of information system increases by an order of magnitude, the complexity of system software is getting higher. The vulnerability interaction from design, development and deployment to implementation stages greatly increases the risk of the entire information system being attacked successfully. Considering the limitations and lags of the existing mainstream security vulnerability detection techniques, this paper summarizes the development and current status of related technologies based on the machine learning methods applied to deal with massive and irregular data, and handling security vulnerabilities.

Security of Small States, Problems of the States of the South Asian Region and Bangladesh’s Options for Security,

DTIC Science & Technology

1988-03-10

Ocean and the Pacific, such as, Sri Lanka, South Yemen, Malaysia and Egypt (not a small state but vulnerable) because of their strategic locations...400,000 Comoros 178 Djibouti 350 Ethiopia 2,960 Indonesia 20,000 Iran 20,000 Kenya 70,000 Kuwait 81,000 Madagascar 21 ,500 Malaysia 1,170,000 Maldives...step, Pakistan and India must freeze their conventional armaments at current levels. They should 79 ! F6 initiate talks to reduce conventional forces. The

Development of a security vulnerability assessment process for the RAMCAP chemical sector.

PubMed

Moore, David A; Fuller, Brad; Hazzan, Michael; Jones, J William

2007-04-11

The Department of Homeland Security (DHS), Directorate of Information Analysis & Infrastructure Protection (IAIP), Protective Services Division (PSD), contracted the American Society of Mechanical Engineers Innovative Technologies Institute, LLC (ASME ITI, LLC) to develop guidance on Risk Analysis and Management for Critical Asset Protection (RAMCAP). AcuTech Consulting Group (AcuTech) has been contracted by ASME ITI, LLC, to provide assistance by facilitating the development of sector-specific guidance on vulnerability analysis and management for critical asset protection for the chemical manufacturing, petroleum refining, and liquefied natural gas (LNG) sectors. This activity involves two key tasks for these three sectors: Development of a screening to supplement DHS understanding of the assets that are important to protect against terrorist attack and to prioritize the activities. Development of a standard security vulnerability analysis (SVA) framework for the analysis of consequences, vulnerabilities, and threats. This project involves the cooperative effort of numerous leading industrial companies, industry trade associations, professional societies, and security and safety consultants representative of those sectors. Since RAMCAP is a voluntary program for ongoing risk management for homeland security, sector coordinating councils are being asked to assist in communicating the goals of the program and in encouraging participation. The RAMCAP project will have a profound and positive impact on all sectors as it is fully developed, rolled-out and implemented. It will help define the facilities and operations of national and regional interest for the threat of terrorism, define standardized methods for analyzing consequences, vulnerabilities, and threats, and describe best security practices of the industry. This paper will describe the results of the security vulnerability analysis process that was developed and field tested for the chemical manufacturing sector. This method was developed through the cooperation of the many organizations and the individuals involved from the chemical sector RAMCAP development activities. The RAMCAP SVA method is intended to provide a common basis for making vulnerability assessments and risk-based decisions for homeland security. Mr. Moore serves as the coordinator for the chemical manufacturing, petroleum refining, and LNG sectors for the RAMCAP project and Dr. Jones is the chief technology officer for ASME-ITI, LLC for RAMCAP.

Transportation security research : coordination needed in selecting and implementing infrastructure vulnerability assessments

DOT National Transportation Integrated Search

2003-05-01

The Department of Transportation's (DOT) Research and Special Programs Administration (RSPA) began research in to assess the vulnerabilities of the nation's transportation infrastructure and develop needed improvements in security in June 2001. The g...

Selectively Encrypted Pull-Up Based Watermarking of Biometric data

NASA Astrophysics Data System (ADS)

Shinde, S. A.; Patel, Kushal S.

2012-10-01

Biometric authentication systems are becoming increasingly popular due to their potential usage in information security. However, digital biometric data (e.g. thumb impression) are themselves vulnerable to security attacks. There are various methods are available to secure biometric data. In biometric watermarking the data are embedded in an image container and are only retrieved if the secrete key is available. This container image is encrypted to have more security against the attack. As wireless devices are equipped with battery as their power supply, they have limited computational capabilities; therefore to reduce energy consumption we use the method of selective encryption of container image. The bit pull-up-based biometric watermarking scheme is based on amplitude modulation and bit priority which reduces the retrieval error rate to great extent. By using selective Encryption mechanism we expect more efficiency in time at the time of encryption as well as decryption. Significant reduction in error rate is expected to be achieved by the bit pull-up method.

Real-time network security situation visualization and threat assessment based on semi-Markov process

NASA Astrophysics Data System (ADS)

Chen, Junhua

2013-03-01

To cope with a large amount of data in current sensed environments, decision aid tools should provide their understanding of situations in a time-efficient manner, so there is an increasing need for real-time network security situation awareness and threat assessment. In this study, the state transition model of vulnerability in the network based on semi-Markov process is proposed at first. Once events are triggered by an attacker's action or system response, the current states of the vulnerabilities are known. Then we calculate the transition probabilities of the vulnerability from the current state to security failure state. Furthermore in order to improve accuracy of our algorithms, we adjust the probabilities that they exploit the vulnerability according to the attacker's skill level. In the light of the preconditions and post-conditions of vulnerabilities in the network, attack graph is built to visualize security situation in real time. Subsequently, we predict attack path, recognize attack intention and estimate the impact through analysis of attack graph. These help administrators to insight into intrusion steps, determine security state and assess threat. Finally testing in a network shows that this method is reasonable and feasible, and can undertake tremendous analysis task to facilitate administrators' work.

National Vulnerability Database (NVD)

National Institute of Standards and Technology Data Gateway

National Vulnerability Database (NVD) (Web, free access)   NVD is a comprehensive cyber security vulnerability database that integrates all publicly available U.S. Government vulnerability resources and provides references to industry resources. It is based on and synchronized with the CVE vulnerability naming standard.

Climate risk and food security in Mali: A historical perspective on adaptation

NASA Astrophysics Data System (ADS)

Giannini, Alessandra; Krishnamurthy, P. Krishna; Cousin, Rémi; Labidi, Naouar; Choularton, Richard J.

2017-02-01

We combine socioeconomic data from a large-scale household survey with historical climate data to map the climate sensitivity of availability and access dimensions of food security in Mali, and infer the ways in which at-risk communities may have been impacted by persistent climatic shift. Thirty years after 1982-1984, the period of most intense drought during the protracted late 20th century drying of the Sahel, the impact of drought on livelihoods and food security is still recognizable in the Sahelian center of Mali. This impact is expressed in the larger fraction of households in this Sahelian center of the country—the agro-ecological transition between pastoralism in the north, and sedentary agriculture in the south—who practice agriculture but not livestock raising, despite environmental conditions that are suitable to their combination. These households have lower food security and rely more frequently on detrimental nutrition-based coping strategies, such as reducing the quantity or quality of meals. In contrast, the more food secure households show a clear tendency toward livelihood diversification away from subsistence agriculture. These households produce less of what they consume, yet spend less on food in proportion. The analysis points to the value of interdisciplinary research—in this case bridging climate science and vulnerability analysis—to gain a dynamical understanding of complex systems, understanding which may be exploited to address real-world challenges, offering lessons about food security and local adaptation strategies in places among the most vulnerable to climate.

Application of Lightweight Formal Methods to Software Security

NASA Technical Reports Server (NTRS)

Gilliam, David P.; Powell, John D.; Bishop, Matt

2005-01-01

Formal specification and verification of security has proven a challenging task. There is no single method that has proven feasible. Instead, an integrated approach which combines several formal techniques can increase the confidence in the verification of software security properties. Such an approach which species security properties in a library that can be reused by 2 instruments and their methodologies developed for the National Aeronautics and Space Administration (NASA) at the Jet Propulsion Laboratory (JPL) are described herein The Flexible Modeling Framework (FMF) is a model based verijkation instrument that uses Promela and the SPIN model checker. The Property Based Tester (PBT) uses TASPEC and a Text Execution Monitor (TEM). They are used to reduce vulnerabilities and unwanted exposures in software during the development and maintenance life cycles.

Finding the ’RITE’ Acquisition Environment for Navy C2 Software

DTIC Science & Technology

2015-05-01

Boiler plate contract language - Gov purpose Rights • Adding expectation of quality to contracting language • Template SOW’s created Pr...Debugger MCCABE IQ Static Analysis Cyclomatic Complexity and KSLOC. All Languages HP Fortify Security Scan STIG and Vulnerabilities Security & IA...GSSAT (GOTS) Security Scan STIG and Vulnerabilities AutoIT Automated Test Scripting Engine for Automation Functional Testing TestComplete Automated

Livelihood Vulnerability Approach to Assess Climate Change Impacts to Mixed Agro-Livestock Smallholders Around the Gandaki River Basin of Nepal

NASA Astrophysics Data System (ADS)

Panthi, J., Sr.

2014-12-01

Climate change vulnerability depends upon various factors and differs between places, sectors and communities. People in developing countries whose subsistence livelihood depends upon agriculture and livestock are identified as particularly vulnerable. Nepal, where the majority of people are in a mixed agro-livestock system, is identified as the world's fourth most vulnerable country to climate change. However, there are few studies on how vulnerable mixed agro-livestock smallholders are and how their vulnerability differs across different ecological regions. This study aims to test two vulnerability assessment indices, livelihood vulnerability index (LVI) and IPCC vulnerability index (VI-IPCC), around the Gandaki river basin of Nepal. A total of 543 households practicing mixed agro-livestock were surveyed from three districts (Dhading, Syangja and Kapilvastu) representing the mountain, mid-hill and lowland altitudinal belts respectively. Data on socio-demographics, livelihoods, social networks, health, food and water security, natural disasters and climate variability were collected. Both indices differed across the three districts, with mixed agro-livestock smallholders of Dhading district found to be the most vulnerable and that of Syangja least vulnerable. This vulnerability index approach may be used to monitor rural vulnerability and/or evaluate potential program/policy effectiveness in poor countries like Nepal. The present findings are intended to help in designing intervention strategies to reduce vulnerability of mixed agro-livestock smallholders and other rural people in developing countries to climate change.

Cyber Security Assessment Report: Adventium Labs

DOE Office of Scientific and Technical Information (OSTI.GOV)

None

2007-12-31

Major control system components often have life spans of 15-20 years. Many systems in our Nation's critical infrastructure were installed before the Internet became a reality and security was a concern. Consequently, control systems are generally insecure. Security is now being included in the development of new control system devices; however, legacy control systems remain vulnerable. Most efforts to secure control systems are aimed at protecting network borers, but if an intruder gets inside the network these systems are vulnerable to a cyber attack.

Empirical Analysis and Automated Classification of Security Bug Reports

NASA Technical Reports Server (NTRS)

Tyo, Jacob P.

2016-01-01

With the ever expanding amount of sensitive data being placed into computer systems, the need for effective cybersecurity is of utmost importance. However, there is a shortage of detailed empirical studies of security vulnerabilities from which cybersecurity metrics and best practices could be determined. This thesis has two main research goals: (1) to explore the distribution and characteristics of security vulnerabilities based on the information provided in bug tracking systems and (2) to develop data analytics approaches for automatic classification of bug reports as security or non-security related. This work is based on using three NASA datasets as case studies. The empirical analysis showed that the majority of software vulnerabilities belong only to a small number of types. Addressing these types of vulnerabilities will consequently lead to cost efficient improvement of software security. Since this analysis requires labeling of each bug report in the bug tracking system, we explored using machine learning to automate the classification of each bug report as a security or non-security related (two-class classification), as well as each security related bug report as specific security type (multiclass classification). In addition to using supervised machine learning algorithms, a novel unsupervised machine learning approach is proposed. An ac- curacy of 92%, recall of 96%, precision of 92%, probability of false alarm of 4%, F-Score of 81% and G-Score of 90% were the best results achieved during two-class classification. Furthermore, an accuracy of 80%, recall of 80%, precision of 94%, and F-score of 85% were the best results achieved during multiclass classification.

A preliminary analysis of quantifying computer security vulnerability data in "the wild"

NASA Astrophysics Data System (ADS)

Farris, Katheryn A.; McNamara, Sean R.; Goldstein, Adam; Cybenko, George

2016-05-01

A system of computers, networks and software has some level of vulnerability exposure that puts it at risk to criminal hackers. Presently, most vulnerability research uses data from software vendors, and the National Vulnerability Database (NVD). We propose an alternative path forward through grounding our analysis in data from the operational information security community, i.e. vulnerability data from "the wild". In this paper, we propose a vulnerability data parsing algorithm and an in-depth univariate and multivariate analysis of the vulnerability arrival and deletion process (also referred to as the vulnerability birth-death process). We find that vulnerability arrivals are best characterized by the log-normal distribution and vulnerability deletions are best characterized by the exponential distribution. These distributions can serve as prior probabilities for future Bayesian analysis. We also find that over 22% of the deleted vulnerability data have a rate of zero, and that the arrival vulnerability data is always greater than zero. Finally, we quantify and visualize the dependencies between vulnerability arrivals and deletions through a bivariate scatterplot and statistical observations.

NASA's Research in Aircraft Vulnerability Mitigation

NASA Technical Reports Server (NTRS)

Allen, Cheryl L.

2005-01-01

Since its inception in 1958, the National Aeronautics and Space Administration s (NASA) role in civil aeronautics has been to develop high-risk, high-payoff technologies to meet critical national aviation challenges. Following the events of Sept. 11, 2001, NASA recognized that it now shared the responsibility for improving homeland security. The NASA Strategic Plan was modified to include requirements to enable a more secure air transportation system by investing in technologies and collaborating with other agencies, industry, and academia. NASA is conducting research to develop and advance innovative and commercially viable technologies that will reduce the vulnerability of aircraft to threats or hostile actions, and identify and inform users of potential vulnerabilities in a timely manner. Presented in this paper are research plans and preliminary status for mitigating the effects of damage due to direct attacks on civil transport aircraft. The NASA approach to mitigation includes: preventing loss of an aircraft due to a hit from man-portable air defense systems; developing fuel system technologies that prevent or minimize in-flight vulnerability to small arms or other projectiles; providing protection from electromagnetic energy attacks by detecting directed energy threats to aircraft and on/off-board systems; and minimizing the damage due to high-energy attacks (explosions and fire) by developing advanced lightweight, damage-resistant composites and structural concepts. An approach to preventing aircraft from being used as weapons of mass destruction will also be discussed.

An Enhanced Secure Identity-Based Certificateless Public Key Authentication Scheme for Vehicular Sensor Networks.

PubMed

Li, Congcong; Zhang, Xi; Wang, Haiping; Li, Dongfeng

2018-01-11

Vehicular sensor networks have been widely applied in intelligent traffic systems in recent years. Because of the specificity of vehicular sensor networks, they require an enhanced, secure and efficient authentication scheme. Existing authentication protocols are vulnerable to some problems, such as a high computational overhead with certificate distribution and revocation, strong reliance on tamper-proof devices, limited scalability when building many secure channels, and an inability to detect hardware tampering attacks. In this paper, an improved authentication scheme using certificateless public key cryptography is proposed to address these problems. A security analysis of our scheme shows that our protocol provides an enhanced secure anonymous authentication, which is resilient against major security threats. Furthermore, the proposed scheme reduces the incidence of node compromise and replication attacks. The scheme also provides a malicious-node detection and warning mechanism, which can quickly identify compromised static nodes and immediately alert the administrative department. With performance evaluations, the scheme can obtain better trade-offs between security and efficiency than the well-known available schemes.

Securing Digital Audio using Complex Quadratic Map

NASA Astrophysics Data System (ADS)

Suryadi, MT; Satria Gunawan, Tjandra; Satria, Yudi

2018-03-01

In This digital era, exchanging data are common and easy to do, therefore it is vulnerable to be attacked and manipulated from unauthorized parties. One data type that is vulnerable to attack is digital audio. So, we need data securing method that is not vulnerable and fast. One of the methods that match all of those criteria is securing the data using chaos function. Chaos function that is used in this research is complex quadratic map (CQM). There are some parameter value that causing the key stream that is generated by CQM function to pass all 15 NIST test, this means that the key stream that is generated using this CQM is proven to be random. In addition, samples of encrypted digital sound when tested using goodness of fit test are proven to be uniform, so securing digital audio using this method is not vulnerable to frequency analysis attack. The key space is very huge about 8.1×l031 possible keys and the key sensitivity is very small about 10-10, therefore this method is also not vulnerable against brute-force attack. And finally, the processing speed for both encryption and decryption process on average about 450 times faster that its digital audio duration.

An Architecture, System Engineering, and Acquisition Approach for Space System Software Resiliency

NASA Astrophysics Data System (ADS)

Phillips, Dewanne Marie

Software intensive space systems can harbor defects and vulnerabilities that may enable external adversaries or malicious insiders to disrupt or disable system functions, risking mission compromise or loss. Mitigating this risk demands a sustained focus on the security and resiliency of the system architecture including software, hardware, and other components. Robust software engineering practices contribute to the foundation of a resilient system so that the system "can take a hit to a critical component and recover in a known, bounded, and generally acceptable period of time". Software resiliency must be a priority and addressed early in the life cycle development to contribute a secure and dependable space system. Those who develop, implement, and operate software intensive space systems must determine the factors and systems engineering practices to address when investing in software resiliency. This dissertation offers methodical approaches for improving space system resiliency through software architecture design, system engineering, increased software security, thereby reducing the risk of latent software defects and vulnerabilities. By providing greater attention to the early life cycle phases of development, we can alter the engineering process to help detect, eliminate, and avoid vulnerabilities before space systems are delivered. To achieve this objective, this dissertation will identify knowledge, techniques, and tools that engineers and managers can utilize to help them recognize how vulnerabilities are produced and discovered so that they can learn to circumvent them in future efforts. We conducted a systematic review of existing architectural practices, standards, security and coding practices, various threats, defects, and vulnerabilities that impact space systems from hundreds of relevant publications and interviews of subject matter experts. We expanded on the system-level body of knowledge for resiliency and identified a new software architecture framework and acquisition methodology to improve the resiliency of space systems from a software perspective with an emphasis on the early phases of the systems engineering life cycle. This methodology involves seven steps: 1) Define technical resiliency requirements, 1a) Identify standards/policy for software resiliency, 2) Develop a request for proposal (RFP)/statement of work (SOW) for resilient space systems software, 3) Define software resiliency goals for space systems, 4) Establish software resiliency quality attributes, 5) Perform architectural tradeoffs and identify risks, 6) Conduct architecture assessments as part of the procurement process, and 7) Ascertain space system software architecture resiliency metrics. Data illustrates that software vulnerabilities can lead to opportunities for malicious cyber activities, which could degrade the space mission capability for the user community. Reducing the number of vulnerabilities by improving architecture and software system engineering practices can contribute to making space systems more resilient. Since cyber-attacks are enabled by shortfalls in software, robust software engineering practices and an architectural design are foundational to resiliency, which is a quality that allows the system to "take a hit to a critical component and recover in a known, bounded, and generally acceptable period of time". To achieve software resiliency for space systems, acquirers and suppliers must identify relevant factors and systems engineering practices to apply across the lifecycle, in software requirements analysis, architecture development, design, implementation, verification and validation, and maintenance phases.

Detection and Prevention of Insider Threats in Database Driven Web Services

NASA Astrophysics Data System (ADS)

Chumash, Tzvi; Yao, Danfeng

In this paper, we take the first step to address the gap between the security needs in outsourced hosting services and the protection provided in the current practice. We consider both insider and outsider attacks in the third-party web hosting scenarios. We present SafeWS, a modular solution that is inserted between server side scripts and databases in order to prevent and detect website hijacking and unauthorized access to stored data. To achieve the required security, SafeWS utilizes a combination of lightweight cryptographic integrity and encryption tools, software engineering techniques, and security data management principles. We also describe our implementation of SafeWS and its evaluation. The performance analysis of our prototype shows the overhead introduced by security verification is small. SafeWS will allow business owners to significantly reduce the security risks and vulnerabilities of outsourcing their sensitive customer data to third-party providers.

Cyber and Physical Security Vulnerability Assessment for IoT-Based Smart Homes

PubMed Central

2018-01-01

The Internet of Things (IoT) is an emerging paradigm focusing on the connection of devices, objects, or “things” to each other, to the Internet, and to users. IoT technology is anticipated to become an essential requirement in the development of smart homes, as it offers convenience and efficiency to home residents so that they can achieve better quality of life. Application of the IoT model to smart homes, by connecting objects to the Internet, poses new security and privacy challenges in terms of the confidentiality, authenticity, and integrity of the data sensed, collected, and exchanged by the IoT objects. These challenges make smart homes extremely vulnerable to different types of security attacks, resulting in IoT-based smart homes being insecure. Therefore, it is necessary to identify the possible security risks to develop a complete picture of the security status of smart homes. This article applies the operationally critical threat, asset, and vulnerability evaluation (OCTAVE) methodology, known as OCTAVE Allegro, to assess the security risks of smart homes. The OCTAVE Allegro method focuses on information assets and considers different information containers such as databases, physical papers, and humans. The key goals of this study are to highlight the various security vulnerabilities of IoT-based smart homes, to present the risks on home inhabitants, and to propose approaches to mitigating the identified risks. The research findings can be used as a foundation for improving the security requirements of IoT-based smart homes. PMID:29518023

Cyber and Physical Security Vulnerability Assessment for IoT-Based Smart Homes.

PubMed

Ali, Bako; Awad, Ali Ismail

2018-03-08

The Internet of Things (IoT) is an emerging paradigm focusing on the connection of devices, objects, or "things" to each other, to the Internet, and to users. IoT technology is anticipated to become an essential requirement in the development of smart homes, as it offers convenience and efficiency to home residents so that they can achieve better quality of life. Application of the IoT model to smart homes, by connecting objects to the Internet, poses new security and privacy challenges in terms of the confidentiality, authenticity, and integrity of the data sensed, collected, and exchanged by the IoT objects. These challenges make smart homes extremely vulnerable to different types of security attacks, resulting in IoT-based smart homes being insecure. Therefore, it is necessary to identify the possible security risks to develop a complete picture of the security status of smart homes. This article applies the operationally critical threat, asset, and vulnerability evaluation (OCTAVE) methodology, known as OCTAVE Allegro, to assess the security risks of smart homes. The OCTAVE Allegro method focuses on information assets and considers different information containers such as databases, physical papers, and humans. The key goals of this study are to highlight the various security vulnerabilities of IoT-based smart homes, to present the risks on home inhabitants, and to propose approaches to mitigating the identified risks. The research findings can be used as a foundation for improving the security requirements of IoT-based smart homes.

Change Detection Algorithms for Information Assurance of Computer Networks

DTIC Science & Technology

2002-01-01

original document contains color images. 14. ABSTRACT see report 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT 18...number of computer attacks increases steadily per year. At the time of this writing the Internet Security Systems’ baseline assessment is that a new...across a network by exploiting security flaws in widely-used services offered by vulnerable computers. In order to locate the vulnerable computers, the

Continuous Security Metrics for Prevalent Network Threats: Introduction and First Four Metrics

DTIC Science & Technology

2012-05-22

cyber at- tack. Recently, high -prole successful attacks have been detected against the International Mon- etary Fund, Citibank, Lockheed Martin, Google...RSA Security, Sony, and Oak Ridge National Laboratory[13]. These and other attacks have heightened securing networks as a high priority for many...of high -severity vulnerabilities found by network vulnerability scanners (e.g., [40]) and the numbers or percentages of hosts that are are not

SPCC- Software Elements for Security Partition Communication Controller

NASA Astrophysics Data System (ADS)

Herpel, H. J.; Willig, G.; Montano, G.; Tverdyshev, S.; Eckstein, K.; Schoen, M.

2016-08-01

Future satellite missions like Earth Observation, Telecommunication or any other kind are likely to be exposed to various threats aiming at exploiting vulnerabilities of the involved systems and communications. Moreover, the growing complexity of systems coupled with more ambitious types of operational scenarios imply increased security vulnerabilities in the future. In the paper we will describe an architecture and software elements to ensure high level of security on-board a spacecraft. First the threats to the Security Partition Communication Controller (SPCC) will be addressed including the identification of specific vulnerabilities to the SPCC. Furthermore, appropriate security objectives and security requirements are identified to be counter the identified threats. The security evaluation of the SPCC will be done in accordance to the Common Criteria (CC). The Software Elements for SPCC has been implemented on flight representative hardware which consists of two major elements: the I/O board and the SPCC board. The SPCC board provides the interfaces with ground while the I/O board interfaces with typical spacecraft equipment busses. Both boards are physically interconnected by a high speed spacewire (SpW) link.

The Global Threat Reduction Initiative's Orphan Source Recovery Project in the Russian Federation

DOE Office of Scientific and Technical Information (OSTI.GOV)

Russell, J. W.; Ahumada, A. D.; Blanchard, T. A.

After 9/11, officials at the United States Department of Energy (DOE), National Nuclear Security Administration (NNSA) grew more concerned about radiological materials that were vulnerable to theft and illicit use around the world. The concern was that terrorists could combine stolen radiological materials with explosives to build and detonate a radiological dispersal device (RDD), more commonly known as a “dirty bomb.” In response to this and other terrorist threats, the DOE/NNSA formed what is now known as the Global Threat Reduction Initiative (GTRI) to consolidate and accelerate efforts to reduce and protect vulnerable nuclear and radiological materials located at civilianmore » sites worldwide. Although a cooperative program was already underway in the Russian Federation to secure nuclear materials at a range of different facilities, thousands of sealed radioactive sources remained vulnerable at medical, research, and industrial sites. In response, GTRI began to focus efforts on addressing these materials. GTRI’s Russia Orphan Source Recovery Project, managed at the Nevada National Security Site’s North Las Vegas facility, was initiated in 2002. Throughout the life of the project, Joint Stock Company “Isotope” has served as the primary Russian subcontractor, and the organization has proven to be a successful partner. Since the first orphan source recovery of an industrial cobalt-60 irradiator with 647 curies (Ci) at an abandoned facility in Moscow in 2003, the GTRI Orphan Source Recovery Project in the Russian Federation has accomplished substantial levels of threat reduction. To date, GTRI has recovered and securely disposed of more than 5,100 sources totaling more that 628,000 Ci. This project serves as an extraordinary example of how international cooperation can be implemented by partners with mutual interests to achieve significant goals.« less

Energy Vulnerability Assessment for the US Pacific Islands. Technical Appendix 2

DOE Office of Scientific and Technical Information (OSTI.GOV)

Fesharaki, F.; Rizer, J.P.; Greer, L.S.

1994-05-01

The study, Energy Vulnerability Assessment of the US Pacific Islands, was mandated by the Congress of the United States as stated in House Resolution 776-220 of 1992, Section 1406. The resolution states that the US Secretary of Energy shall conduct a study of the implications of the unique vulnerabilities of the insular areas to an oil supply disruption. Such study shall outline how the insular areas shall gain access to vital oil supplies during times of national emergency. The resolution defines insular areas as the US Virgin Islands, Puerto Rico, Guam, American Samoa, the Commonwealth of the Northern Mariana Islands,more » and Palau. The US Virgin Islands and Puerto Rico are not included in this report. The US Department of Energy (USDOE) has broadened the scope of the study contained in the House Resolution to include emergency preparedness and response strategies which would reduce vulnerability to an oil supply disruption as well as steps to ameliorate adverse economic consequences. This includes a review of alternative energy technologies with respect to their potential for reducing dependence on imported petroleum. USDOE has outlined the four tasks of the energy vulnerability assessment as the following: (1) for each island, determine crude oil and refined product demand/supply, and characterize energy and economic infrastructure; (2) forecast global and regional oil trade flow patterns, energy demand/supply, and economic activities; (3) formulate oil supply disruption scenarios and ascertain the general and unique vulnerabilities of these islands to oil supply disruptions; and (4) outline emergency preparedness and response options to secure oil supplies in the short run, and reduce dependence on imported oil in the longer term.« less

A Secure and Efficient Audit Mechanism for Dynamic Shared Data in Cloud Storage

PubMed Central

2014-01-01

With popularization of cloud services, multiple users easily share and update their data through cloud storage. For data integrity and consistency in the cloud storage, the audit mechanisms were proposed. However, existing approaches have some security vulnerabilities and require a lot of computational overheads. This paper proposes a secure and efficient audit mechanism for dynamic shared data in cloud storage. The proposed scheme prevents a malicious cloud service provider from deceiving an auditor. Moreover, it devises a new index table management method and reduces the auditing cost by employing less complex operations. We prove the resistance against some attacks and show less computation cost and shorter time for auditing when compared with conventional approaches. The results present that the proposed scheme is secure and efficient for cloud storage services managing dynamic shared data. PMID:24959630

A secure and efficient audit mechanism for dynamic shared data in cloud storage.

PubMed

Kwon, Ohmin; Koo, Dongyoung; Shin, Yongjoo; Yoon, Hyunsoo

2014-01-01

With popularization of cloud services, multiple users easily share and update their data through cloud storage. For data integrity and consistency in the cloud storage, the audit mechanisms were proposed. However, existing approaches have some security vulnerabilities and require a lot of computational overheads. This paper proposes a secure and efficient audit mechanism for dynamic shared data in cloud storage. The proposed scheme prevents a malicious cloud service provider from deceiving an auditor. Moreover, it devises a new index table management method and reduces the auditing cost by employing less complex operations. We prove the resistance against some attacks and show less computation cost and shorter time for auditing when compared with conventional approaches. The results present that the proposed scheme is secure and efficient for cloud storage services managing dynamic shared data.

Hazard-Specific Vulnerability Mapping for Water Security in a Shale Gas Context

NASA Astrophysics Data System (ADS)

Allen, D. M.; Holding, S.; McKoen, Z.

2015-12-01

Northeast British Columbia (NEBC) is estimated to hold large reserves of unconventional natural gas and has experienced rapid growth in shale gas development activities over recent decades. Shale gas development has the potential to impact the quality and quantity of surface and ground water. Robust policies and sound water management are required to protect water security in relation to the water-energy nexus surrounding shale gas development. In this study, hazard-specific vulnerability mapping was conducted across NEBC to identify areas most vulnerable to water quality and quantity deterioration due to shale gas development. Vulnerability represents the combination of a specific hazard threat and the susceptibility of the water system to that threat. Hazard threats (i.e. potential contamination sources and water abstraction) were mapped spatially across the region. The shallow aquifer susceptibility to contamination was characterised using the DRASTIC aquifer vulnerability approach, while the aquifer susceptibility to abstraction was mapped according to aquifer productivity. Surface water susceptibility to contamination was characterised on a watershed basis to describe the propensity for overland flow (i.e. contaminant transport), while watershed discharge estimates were used to assess surface water susceptibility to water abstractions. The spatial distribution of hazard threats and susceptibility were combined to form hazard-specific vulnerability maps for groundwater quality, groundwater quantity, surface water quality and surface water quantity. The vulnerability maps identify priority areas for further research, monitoring and policy development. Priority areas regarding water quality occur where hazard threat (contamination potential) coincide with high aquifer susceptibility or high overland flow potential. Priority areas regarding water quantity occur where demand is estimated to represent a significant proportion of estimated supply. The identification of priority areas allows for characterization of the vulnerability of water security in the region. This vulnerability mapping approach, using the hazard threat and susceptibility indicators, can be applied to other shale gas areas to assess vulnerability to shale gas activities and support water security.

Vulnerability to shocks in the global seafood trade network

NASA Astrophysics Data System (ADS)

Gephart, Jessica A.; Rovenskaya, Elena; Dieckmann, Ulf; Pace, Michael L.; Brännström, Åke

2016-03-01

Trade can allow countries to overcome local or regional losses (shocks) to their food supply, but reliance on international food trade also exposes countries to risks from external perturbations. Countries that are nutritionally or economically dependent on international trade of a commodity may be adversely affected by such shocks. While exposure to shocks has been studied in financial markets, communication networks, and some infrastructure systems, it has received less attention in food-trade networks. Here, we develop a forward shock-propagation model to quantify how trade flows are redistributed under a range of shock scenarios and assess the food-security outcomes by comparing changes in national fish supplies to indices of each country’s nutritional fish dependency. Shock propagation and distribution among regions are modeled on a network of historical bilateral seafood trade data from UN Comtrade using 205 reporting territories grouped into 18 regions. In our model exposure to shocks increases with total imports and the number of import partners. We find that Central and West Africa are the most vulnerable to shocks, with their vulnerability increasing when a willingness-to-pay proxy is included. These findings suggest that countries can reduce their overall vulnerability to shocks by reducing reliance on imports and diversifying food sources. As international seafood trade grows, identifying these types of potential risks and vulnerabilities is important to build a more resilient food system.

Physical security and IT convergence: Managing the cyber-related risks.

PubMed

McCreight, Tim; Leece, Doug

The convergence of physical security devices into the corporate network is increasing, due to the perceived economic benefits and efficiencies gained from using one enterprise network. Bringing these two networks together is not without risk. Physical devices like closed circuit television cameras (CCTV), card access readers, and heating, ventilation and air conditioning controllers (HVAC) are typically not secured to the standards we expect for corporate computer networks. These devices can pose significant risks to the corporate network by creating new avenues to exploit vulnerabilities in less-than-secure implementations of physical systems. The ASIS Information Technology Security Council (ITSC) developed a white paper describing steps organisations can take to reduce the risks this convergence can pose, and presented these concepts at the 2015 ASIS/ISC2 Congress in Anaheim, California. 1 This paper expands upon the six characteristics described by ITSC, and provides business continuity planners with information on how to apply these recommendations to physical security devices that use the corporate network.

Securing your Site in Development and Beyond

DOE Office of Scientific and Technical Information (OSTI.GOV)

Akopov, Mikhail S.

Why wait until production deployment, or even staging and testing deployment to identify security vulnerabilities? Using tools like Burp Suite, you can find security vulnerabilities before they creep up on you. Prevent cross-site scripting attacks, and establish a firmer trust between your website and your client. Verify that Apache/Nginx have the correct SSL Ciphers set. We explore using these tools and more to validate proper Apache/Nginx configurations, and to be compliant with modern configuration standards as part of the development cycle. Your clients can use tools like https://securityheaders.io and https://ssllabs.com to get a graded report on your level of compliancemore » with OWASP Secure Headers Project and SSLLabs recommendations. Likewise, you should always use the same sites to validate your configurations. Burp Suite will find common misconfigurations and will also perform more thorough security testing of your applications. In this session you will see examples of vulnerabilities that were detected early on, as well has how to integrate these practices into your daily workflow.« less

Benefit adequacy among elderly Social Security retired-worker beneficiaries and the SSI federal benefit rate.

PubMed

Rupp, Kalman; Strand, Alexander; Davies, Paul; Sears, Jim

2007-01-01

Both target effectiveness and administrative simplicity are desirable properties in the design of minimum benefit packages for public retirement programs. The federal benefit rate (FBR) of the Supplemental Security Income (SSI) program has been proposed by some analysts as a potentially attractive basis of establishing a new minimum benefit for Social Security on both of these grounds. This type of proposal is related to a broader array of minimum benefit proposals that would establish a Social Security benefit floor based on the poverty rate. In contrast to Social Security, the SSI program is means tested, including both an income and asset screen and also a categorical eligibility screen (the requirement to qualify as aged or disabled). The SSI FBR provides an inflation-adjusted, guaranteed income floor for aged and disabled people with low assets. The FBR has been perceived by proponents as a minimal measure of Social Security benefit adequacy because it represents a subpoverty income level for a family of one or two depending on marital status. For this same reason it has been seen as a target-effective tool of designing a minimum Social Security benefit. An FBR-based minimum benefit has also been viewed as administratively simple to implement; the benefit can be calculated from Social Security administrative records using a completely automated electronic process. Therefore-in contrast to the SSI program itself-an FBR-based minimum benefit would incur virtually no ongoing administrative costs, would not require a separate application for a means-tested program, and would avoid the perception of welfare stigma. While these ideas have been discussed in the literature and among policymakers in the United States over the years, and similar proposals have been considered or implemented in several foreign countries, there have been no previous analyses measuring the size of the potentially affected beneficiary population. Nor has there been any systematic assessment of the FBR as a measure of benefit adequacy or the tradeoffs between potential target effectiveness and administrative simplicity. Based on a series of simulations, we assess the FBR as a potential foundation for minimum Social Security benefits and we examine the tradeoffs between administrative simplicity and target effectiveness using microdata from the 1996 panel of the Survey of Income and Program Participation (SIPP). Our empirical analysis is limited to Social Security retired-worker beneficiaries aged 65 or older. We start with the assessment of the FBR as a measure of benefit adequacy. We are particularly concerned about two types of error: (1) incorrectly identifying some Social Security beneficiaries as "economically vulnerable," and (2) incorrectly identifying others as "not economically vulnerable." Operationally we measure economic vulnerability by two alternative standards. One of our measures considers beneficiaries with family income below the official poverty threshold as vulnerable. Our second measure is more restrictive; it uses a family income threshold equal to 75 percent of the official poverty threshold. We find that a substantial minority of retired workers have Social Security benefits below the FBR. The results also show that the FBR-based measure of Social Security benefit adequacy is very imprecise in terms of identifying economically vulnerable people. We estimate that the vast majority of beneficiaries with Social Security benefits below the FBR are not economically vulnerable. Conversely, an FBR-level Social Security benefit threshold fails to identify some beneficiaries who are economically vulnerable. Thus an FBR-level minimum benefit would be poorly targeted in terms of both types of errors we are concerned about. An FBR-level minimum benefit would provide minimum Social Security benefits to many people who are clearly not poor. Conversely, an FBR-level minimum benefit would not provide any income relief to some who are poor. The administrative simplicity behind these screening errors also results in additional program cost that may be perceived as substantial. We estimate that an FBR-level minimum benefit would increase aggregate program cost for retired workers aged 65 or older by roughly 2 percent. There are two fundamental reasons for these findings. First, the concept of an FBR-level minimum benefit looks at the individual or married couple in artificial isolation; however, the family is the main consumption unit in our society. The income of an unmarried partner or family members other than a married spouse is ignored. Second, individuals and couples may also have income from sources other than Social Security or SSI, which is also ignored by a simple FBR-based minimum benefit concept. The substantial empirical magnitude of measurement error arising from these conceptual simplifications naturally leads to the assessment of the tradeoff between target effectiveness and administrative simplicity. To facilitate this analysis, we simulate the potential effect of alternative screening methods designed to increase target effectiveness; while reducing program cost, such alternatives also may increase administrative complexity. For example, considering the combined Social Security benefit of a married couple (rather than looking at the husband and wife in isolation) might substantially increase target effectiveness with a relatively small increase in administrative complexity. Adding a family income screen might increase administrative complexity to a greater degree, but also would increase target effectiveness dramatically. The results also suggest that at some point adding new screens-such as a comprehensive asset test-may drastically increase administrative complexity with diminishing returns in terms of increased target effectiveness and reduced program cost. Whether a broad-based minimum benefit concept that is not tied to previous work experience is perceived by policymakers as desirable or not may depend on several factors not addressed in this article. However, to the extent that this type of minimum benefit design is regarded as potentially desirable, the tradeoffs between administrative simplicity and target effectiveness need to be considered.

Preventing infant abductions: an infant security program transitioned into an interdisciplinary model.

PubMed

Hiner, Jacqueline; Pyka, Jeanine; Burks, Colleen; Pisegna, Lily; Gador, Rachel Ann

2012-01-01

Ensuring the safety of infants born in a hospital is a top priority and, therefore, requires a solid infant security plan. Using an interdisciplinary approach and a systematic change process, nursing leadership in collaboration with clinical nurses and security personnel analyzed the infant security program at this community hospital to identify vulnerabilities. By establishing an interdisciplinary approach to infant security, participants were able to unravel a complicated concept, systematically analyze the gaps, and agree to a plan of action. This resulted in improved communication and clarification of roles between the nursing and security divisions. Supply costs decreased by 17.4% after the first year of implementation. Most importantly, this project enhanced and strengthened the existing infant abduction prevention measures, hard wired the importance of infant security, and minimized vulnerabilities.

Final Technical Report. Project Boeing SGS

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bell, Thomas E.

Boeing and its partner, PJM Interconnection, teamed to bring advanced “defense-grade” technologies for cyber security to the US regional power grid through demonstration in PJM’s energy management environment. Under this cooperative project with the Department of Energy, Boeing and PJM have developed and demonstrated a host of technologies specifically tailored to the needs of PJM and the electric sector as a whole. The team has demonstrated to the energy industry a combination of processes, techniques and technologies that have been successfully implemented in the commercial, defense, and intelligence communities to identify, mitigate and continuously monitor the cyber security of criticalmore » systems. Guided by the results of a Cyber Security Risk-Based Assessment completed in Phase I, the Boeing-PJM team has completed multiple iterations through the Phase II Development and Phase III Deployment phases. Multiple cyber security solutions have been completed across a variety of controls including: Application Security, Enhanced Malware Detection, Security Incident and Event Management (SIEM) Optimization, Continuous Vulnerability Monitoring, SCADA Monitoring/Intrusion Detection, Operational Resiliency, Cyber Range simulations and hands on cyber security personnel training. All of the developed and demonstrated solutions are suitable for replication across the electric sector and/or the energy sector as a whole. Benefits identified include; Improved malware and intrusion detection capability on critical SCADA networks including behavioral-based alerts resulting in improved zero-day threat protection; Improved Security Incident and Event Management system resulting in better threat visibility, thus increasing the likelihood of detecting a serious event; Improved malware detection and zero-day threat response capability; Improved ability to systematically evaluate and secure in house and vendor sourced software applications; Improved ability to continuously monitor and maintain secure configuration of network devices resulting in reduced vulnerabilities for potential exploitation; Improved overall cyber security situational awareness through the integration of multiple discrete security technologies into a single cyber security reporting console; Improved ability to maintain the resiliency of critical systems in the face of a targeted cyber attack of other significant event; Improved ability to model complex networks for penetration testing and advanced training of cyber security personnel« less

Vulnerability

NASA Technical Reports Server (NTRS)

Taback, I.

1979-01-01

The discussion of vulnerability begins with a description of some of the electrical characteristics of fibers before definiting how vulnerability calculations are done. The vulnerability results secured to date are presented. The discussion touches on post exposure vulnerability. After a description of some shock hazard work now underway, the discussion leads into a description of the planned effort and some preliminary conclusions are presented.

Analyzing Risks and Vulnerabilities of Various Computer Systems and Undergoing Exploitation using Embedded Devices

NASA Technical Reports Server (NTRS)

Branch, Drew Alexander

2014-01-01

Security is one of the most if not the most important areas today. After the several attacks on the United States, security everywhere has heightened from airports to communication among the military branches legionnaires. With advanced persistent threats (APTs) on the rise following Stuxnet, government branches and agencies are required, more than ever, to follow several standards, policies and procedures to reduce the likelihood of a breach. Attack vectors today are very advanced and are going to continue to get more and more advanced as security controls advance. This creates a need for networks and systems to be in an updated, patched and secured state in a launch control system environment. Attacks on critical systems are becoming more and more relevant and frequent. Nation states are hacking into critical networks that might control electrical power grids or water dams as well as carrying out advanced persistent threat (APTs) attacks on government entities. NASA, as an organization, must protect its self from attacks from all different types of attackers with different motives. Although the International Space Station was created, there is still competition between the different space programs. With that in mind, NASA might get attacked and breached for various reasons such as espionage or sabotage. My project will provide a way for NASA to complete an in house penetration test which includes: asset discovery, vulnerability scans, exploit vulnerabilities and also provide forensic information to harden systems. Completing penetration testing is a part of the compliance requirements of the Federal Information Security Act (FISMA) and NASA NPR 2810.1 and related NASA Handbooks. This project is to demonstrate how in house penetration testing can be conducted that will satisfy all of the compliance requirements of the National Institute of Standards and Technology (NIST), as outlined in FISMA. By the end of this project, I hope to have carried out the tasks stated above as well as gain an immense knowledge about compliance, security tools, networks and network devices, as well as policies and procedures.

DARKDROID: Exposing the Dark Side of Android Marketplaces

DTIC Science & Technology

2016-06-01

Moreover, our approaches can detect apps containing both intentional and unintentional vulnerabilities, such as unsafe code loading mechanisms and...Security, Static Analysis, Dynamic Analysis, Malware Detection , Vulnerability Scanning 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT UU 18...applications in a DoD context. ................... 1 1.2.2 Develop sophisticated whole-system static analyses to detect malicious Android applications

Knowledge-Base Semantic Gap Analysis for the Vulnerability Detection

NASA Astrophysics Data System (ADS)

Wu, Raymond; Seki, Keisuke; Sakamoto, Ryusuke; Hisada, Masayuki

Web security became an alert in internet computing. To cope with ever-rising security complexity, semantic analysis is proposed to fill-in the gap that the current approaches fail to commit. Conventional methods limit their focus to the physical source codes instead of the abstraction of semantics. It bypasses new types of vulnerability and causes tremendous business loss.

Water Security - National and Global Issues

NASA Astrophysics Data System (ADS)

Tindall, J. A.; Campbell, A. A.; Moran, E. H.

2010-12-01

Water is fundamental to human life. Disruption of water supplies by the Water Threats and Hazards Triad (WTHT) — man-made, natural, and technological hazards — could threaten the delivery of vital human services, endanger public health and the environment, potentially cause mass casualties, and threaten population sustainability, social stability, and homeland security. Water distribution systems extend over vast areas and are therefore vulnerable to a wide spectrum of threats — from natural hazards such as large forest fires that result in runoff and debris flow that clog reservoirs, and reduce, disrupt, or contaminate water supply and quality to threats from natural, man-made, or political extremist attacks. Our research demonstrates how devising concepts and counter measures to protect water supplies will assist the public, policy makers, and planners at local, Tribal, State, and Federal levels to develop solutions for national and international water-security and sustainability issues. Water security is an issue in which the entire global community is stakeholders.

Doorstep: A doorbell security system for the prevention of doorstep crime.

PubMed

Ennis, Andrew; Cleland, Ian; Patterson, Timothy; Nugent, Chris D; Cruciani, Federico; Paggetti, Cristiano; Morrison, Gareth; Taylor, Richard

2016-08-01

Safety and security rank highly in the priorities of older people on both an individual and policy level. Older people are commonly targeted as victims of doorstep crime, as they can be perceived as being vulnerable. As a result, this can have a major effect on the victim's health and wellbeing. There have been numerous prevention strategies implemented in an attempt to combat and reduce the number of doorstep crimes. There is, however, little information available detailing the effectiveness of these strategies and how they impact on the fear of crime, particularly with repeat victims. There is therefore clear merit in the creation and piloting of a technology based solution to combat doorstep crime. This paper presents a developed solution to provide increased security for older people within their home.

Precautionary Savings in Mexico: Evidence from the Mexican Health and Aging Study

PubMed Central

Velandia Naranjo, Durfari; van Gameren, Edwin

2016-01-01

Precautionary saving is the additional saving done by individuals to protect them financially in situations of uncertainty and reduce their vulnerability for negative shocks that may affect their consumption levels. This paper investigates the existence and extent of savings motivated by precaution in Mexico for people aged between 50 and 75, using data from the Mexican Health and Ageing Study 2003. The empirical strategy is based on a test of the direct relationship between the accumulated wealth and the uncertainty generated by the social security status, in particular the availability of health insurance, accounting also for the expectation to receive a retirement pension. The endogeneity-corrected estimates do not yield results that unequivocally support the existence of private savings as a risk protection mechanism, implying that the public protection system has an important role in reducing the vulnerability of the population studied. PMID:27698512

An Enhanced Secure Identity-Based Certificateless Public Key Authentication Scheme for Vehicular Sensor Networks

PubMed Central

Li, Congcong; Zhang, Xi; Wang, Haiping; Li, Dongfeng

2018-01-01

Vehicular sensor networks have been widely applied in intelligent traffic systems in recent years. Because of the specificity of vehicular sensor networks, they require an enhanced, secure and efficient authentication scheme. Existing authentication protocols are vulnerable to some problems, such as a high computational overhead with certificate distribution and revocation, strong reliance on tamper-proof devices, limited scalability when building many secure channels, and an inability to detect hardware tampering attacks. In this paper, an improved authentication scheme using certificateless public key cryptography is proposed to address these problems. A security analysis of our scheme shows that our protocol provides an enhanced secure anonymous authentication, which is resilient against major security threats. Furthermore, the proposed scheme reduces the incidence of node compromise and replication attacks. The scheme also provides a malicious-node detection and warning mechanism, which can quickly identify compromised static nodes and immediately alert the administrative department. With performance evaluations, the scheme can obtain better trade-offs between security and efficiency than the well-known available schemes. PMID:29324719

Using software security analysis to verify the secure socket layer (SSL) protocol

NASA Technical Reports Server (NTRS)

Powell, John D.

2004-01-01

nal Aeronautics and Space Administration (NASA) have tens of thousands of networked computer systems and applications. Software Security vulnerabilities present risks such as lost or corrupted data, information the3, and unavailability of critical systems. These risks represent potentially enormous costs to NASA. The NASA Code Q research initiative 'Reducing Software Security Risk (RSSR) Trough an Integrated Approach '' offers, among its capabilities, formal verification of software security properties, through the use of model based verification (MBV) to address software security risks. [1,2,3,4,5,6] MBV is a formal approach to software assurance that combines analysis of software, via abstract models, with technology, such as model checkers, that provide automation of the mechanical portions of the analysis process. This paper will discuss: The need for formal analysis to assure software systems with respect to software and why testing alone cannot provide it. The means by which MBV with a Flexible Modeling Framework (FMF) accomplishes the necessary analysis task. An example of FMF style MBV in the verification of properties over the Secure Socket Layer (SSL) communication protocol as a demonstration.

Energy Security: Reducing Vulnerabilities to Global Energy Networks

DTIC Science & Technology

2009-03-01

plug-in hybrid vehicles, promote renewable energy sources, invest in low- emission coal plants , advance technologies in bio-fuels, and begin the...Zhongyuan Petroleum Prospecting, a subsidiary of the China Petrochemical Corporation, is the primary oil firm operating in Gambella. Nigeria is the...of the global warming issues and the burning of oil, in particular, is blamed for about 42 percent of the CO2 emissions . 31 Left unchecked, the

[Tuberculosis among the socially vulnerable populations; perspectives from human security concept].

PubMed

Ishikawa, Nobukatsu

2009-07-01

Tuberculosis (TB) has been and will continue to be the disease of the poor and the socially vulnerable. Current TB epidemiology in Japan shows increasing proportion of TB among the economically and socially poor or vulnerable populations. Though there is no universally recognized set of the definitions, the economically poor who are covered under the social security services including the homeless, foreign migrants, or the aged over 80 years may be considered as consisting the "socially vulnerable population" for TB in Japan. TB among the socially vulnerable has several characteristics, for example, patients are often detected with severe conditions due to delayed diagnosis, and have high defaulter rate during treatment, which causes immature death, or drug-resistant disease. Stop TB Strategy by WHO, responding to the Millennium Development Goals, proposes a new approach which focuses on empowering the patients and the community. Observations from various studies show that DOTS contributes to empowering the patients and the communities. Further effort will be needed to reorient TB programs towards the perspective of patients' empowerment. Solely relying on static analyses of TB among the socially vulnerable has its limitations. Dynamic approach, which utilizes human security concepts such as empowerment and patients' perspective, will be required not only to control TB among the socially vulnerable population but also to holistically tackle the problem of TB for Japan.

Evaluating Common Privacy Vulnerabilities in Internet Service Providers

NASA Astrophysics Data System (ADS)

Kotzanikolaou, Panayiotis; Maniatis, Sotirios; Nikolouzou, Eugenia; Stathopoulos, Vassilios

Privacy in electronic communications receives increased attention in both research and industry forums, stemming from both the users' needs and from legal and regulatory requirements in national or international context. Privacy in internet-based communications heavily relies on the level of security of the Internet Service Providers (ISPs), as well as on the security awareness of the end users. This paper discusses the role of the ISP in the privacy of the communications. Based on real security audits performed in national-wide ISPs, we illustrate privacy-specific threats and vulnerabilities that many providers fail to address when implementing their security policies. We subsequently provide and discuss specific security measures that the ISPs can implement, in order to fine-tune their security policies in the context of privacy protection.

Development of an Audit Classification Index (ACI) for Federal E-Learning Systems Security Vulnerabilities

ERIC Educational Resources Information Center

Johnson, Gerald D.

2012-01-01

As U.S federal government agencies have increased the use of the Internet to utilize technologies such as e-learning, U.S. federal government information systems have become more exposed to security vulnerabilities that may contribute to system attacks and system exploitation. U.S. federal government agencies are required to come up with their own…

A Systems Engineering Framework for Implementing a Security and Critical Patch Management Process in Diverse Environments (Academic Departments' Workstations)

ERIC Educational Resources Information Center

Mohammadi, Hadi

2014-01-01

Use of the Patch Vulnerability Management (PVM) process should be seriously considered for any networked computing system. The PVM process prevents the operating system (OS) and software applications from being attacked due to security vulnerabilities, which lead to system failures and critical data leakage. The purpose of this research is to…

Evaluating the Generality and Limits of Blind Return-Oriented Programming Attacks

DTIC Science & Technology

2015-12-01

consider a recently proposed information disclosure vulnerability called blind return-oriented programming (BROP). Under certain conditions, this...implementation disclosure attacks 15. NUMBER OF PAGES 75 16. PRICE CODE 17. SECURITY CLASSIFICATION OF REPORT Unclassified 18. SECURITY CLASSIFICATION OF...Science iii THIS PAGE INTENTIONALLY LEFT BLANK iv ABSTRACT We consider a recently proposed information disclosure vulnerability called blind return

Design and development of a prototypical software for semi-automatic generation of test methodologies and security checklists for IT vulnerability assessment in small- and medium-sized enterprises (SME)

NASA Astrophysics Data System (ADS)

Möller, Thomas; Bellin, Knut; Creutzburg, Reiner

2015-03-01

The aim of this paper is to show the recent progress in the design and prototypical development of a software suite Copra Breeder* for semi-automatic generation of test methodologies and security checklists for IT vulnerability assessment in small and medium-sized enterprises.

An Empirical Measure of Computer Security Strength for Vulnerability Remediation

ERIC Educational Resources Information Center

Villegas, Rafael

2010-01-01

Remediating all vulnerabilities on computer systems in a timely and cost effective manner is difficult given that the window of time between the announcement of a new vulnerability and an automated attack has decreased. Hence, organizations need to prioritize the vulnerability remediation process on their computer systems. The goal of this…

On the security flaws in ID-based password authentication schemes for telecare medical information systems.

PubMed

Mishra, Dheerendra

2015-01-01

Telecare medical information systems (TMIS) enable healthcare delivery services. However, access of these services via public channel raises security and privacy issues. In recent years, several smart card based authentication schemes have been introduced to ensure secure and authorized communication between remote entities over the public channel for the (TMIS). We analyze the security of some of the recently proposed authentication schemes of Lin, Xie et al., Cao and Zhai, and Wu and Xu's for TMIS. Unfortunately, we identify that these schemes failed to satisfy desirable security attributes. In this article we briefly discuss four dynamic ID-based authentication schemes and demonstrate their failure to satisfy desirable security attributes. The study is aimed to demonstrate how inefficient password change phase can lead to denial of server scenario for an authorized user, and how an inefficient login phase causes the communication and computational overhead and decrease the performance of the system. Moreover, we show the vulnerability of Cao and Zhai's scheme to known session specific temporary information attack, vulnerability of Wu and Xu's scheme to off-line password guessing attack, and vulnerability of Xie et al.'s scheme to untraceable on-line password guessing attack.

Feature-based alert correlation in security systems using self organizing maps

NASA Astrophysics Data System (ADS)

Kumar, Munesh; Siddique, Shoaib; Noor, Humera

2009-04-01

The security of the networks has been an important concern for any organization. This is especially important for the defense sector as to get unauthorized access to the sensitive information of an organization has been the prime desire for cyber criminals. Many network security techniques like Firewall, VPN Concentrator etc. are deployed at the perimeter of network to deal with attack(s) that occur(s) from exterior of network. But any vulnerability that causes to penetrate the network's perimeter of defense, can exploit the entire network. To deal with such vulnerabilities a system has been evolved with the purpose of generating an alert for any malicious activity triggered against the network and its resources, termed as Intrusion Detection System (IDS). The traditional IDS have still some deficiencies like generating large number of alerts, containing both true and false one etc. By automatically classifying (correlating) various alerts, the high-level analysis of the security status of network can be identified and the job of network security administrator becomes much easier. In this paper we propose to utilize Self Organizing Maps (SOM); an Artificial Neural Network for correlating large amount of logged intrusion alerts based on generic features such as Source/Destination IP Addresses, Port No, Signature ID etc. The different ways in which alerts can be correlated by Artificial Intelligence techniques are also discussed. . We've shown that the strategy described in the paper improves the efficiency of IDS by better correlating the alerts, leading to reduced false positives and increased competence of network administrator.

Livestock and food security: vulnerability to population growth and climate change

PubMed Central

Godber, Olivia F; Wall, Richard

2014-01-01

Livestock production is an important contributor to sustainable food security for many nations, particularly in low-income areas and marginal habitats that are unsuitable for crop production. Animal products account for approximately one-third of global human protein consumption. Here, a range of indicators, derived from FAOSTAT and World Bank statistics, are used to model the relative vulnerability of nations at the global scale to predicted climate and population changes, which are likely to impact on their use of grazing livestock for food. Vulnerability analysis has been widely used in global change science to predict impacts on food security and famine. It is a tool that is useful to inform policy decision making and direct the targeting of interventions. The model developed shows that nations within sub-Saharan Africa, particularly in the Sahel region, and some Asian nations are likely to be the most vulnerable. Livestock-based food security is already compromised in many areas on these continents and suffers constraints from current climate in addition to the lack of economic and technical support allowing mitigation of predicted climate change impacts. Governance is shown to be a highly influential factor and, paradoxically, it is suggested that current self-sufficiency may increase future potential vulnerability because trade networks are poorly developed. This may be relieved through freer trade of food products, which is also associated with improved governance. Policy decisions, support and interventions will need to be targeted at the most vulnerable nations, but given the strong influence of governance, to be effective, any implementation will require considerable care in the management of underlying structural reform. PMID:24692268

Security Investment in Contagious Networks.

PubMed

Hasheminasab, Seyed Alireza; Tork Ladani, Behrouz

2018-01-16

Security of the systems is normally interdependent in such a way that security risks of one part affect other parts and threats spread through the vulnerable links in the network. So, the risks of the systems can be mitigated through investments in the security of interconnecting links. This article takes an innovative look at the problem of security investment of nodes on their vulnerable links in a given contagious network as a game-theoretic model that can be applied to a variety of applications including information systems. In the proposed game model, each node computes its corresponding risk based on the value of its assets, vulnerabilities, and threats to determine the optimum level of security investments on its external links respecting its limited budget. Furthermore, direct and indirect nonlinear influences of a node's security investment on the risks of other nodes are considered. The existence and uniqueness of the game's Nash equilibrium in the proposed game are also proved. Further analysis of the model in a practical case revealed that taking advantage of the investment effects of other players, perfectly rational players (i.e., those who use the utility function of the proposed game model) make more cost-effective decisions than selfish nonrational or semirational players. © 2018 Society for Risk Analysis.

78 FR 43863 - Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-22

... verifying that cleared contractors mitigate and ensuring identified security vulnerabilities. This public... information in ISFD. In turn, this will allow DSS to better tailor vulnerability assessments and other..., prior to annual vulnerability assessments, so that accurate information is continually maintained in...

Efficiency vs. Security: Information Technology Consolidations - Resilience, Complexity, and Monoculture

DTIC Science & Technology

infrastructure. This may result in vulnerabilities not typically considered by policymakers, due to concentration and homogenization of critical...Resilience of a system is counter-proportional to the product of vulnerability and spectral radius; therefore, any increase in vulnerability, spectral

Secure ICCP Final Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Rice, Mark J.; Bonebrake, Christopher A.; Dayley, Greg K.

Inter-Control Center Communications Protocol (ICCP), defined by the IEC 60870-6 TASE.2 standard, was developed to enable data exchange over wide area networks between electric system entities, including utility control centers, Independent System Operators (ISOs), Regional Transmission Operators (RTOs) and Independent Power Producers (IPP) also known as Non-Utility Generators (NUG). ICCP is an unprotected protocol, and as a result is vulnerable to such actions as integrity violation, interception or alteration, spoofing, and eavesdropping. Because of these vulnerabilities with unprotected ICCP communication, security enhancements, referred to as Secure ICCP, have been added and are included in the ICCP products that utilities havemore » received since 2003 when the standard was defined. This has resulted in an ICCP product whose communication can be encrypted and authenticated to address these vulnerabilities.« less

Do You Ignore Information Security in Your Journal Website?

PubMed

Dadkhah, Mehdi; Borchardt, Glenn; Lagzian, Mohammad

2017-08-01

Nowadays, web-based applications extend to all businesses due to their advantages and easy usability. The most important issue in web-based applications is security. Due to their advantages, most academic journals are now using these applications, with papers being submitted and published through their websites. As these websites are resources for knowledge, information security is primary for maintaining their integrity. In this opinion piece, we point out vulnerabilities in certain websites and introduce the potential for future threats. We intend to present how some journals are vulnerable and what will happen if a journal can be infected by attackers. This opinion is not a technical manual in information security, it is a short inspection that we did to improve the security of academic journals.

Cybersecurity in Hospitals: A Systematic, Organizational Perspective.

PubMed

Jalali, Mohammad S; Kaiser, Jessica P

2018-05-28

Cybersecurity incidents are a growing threat to the health care industry in general and hospitals in particular. The health care industry has lagged behind other industries in protecting its main stakeholder (ie, patients), and now hospitals must invest considerable capital and effort in protecting their systems. However, this is easier said than done because hospitals are extraordinarily technology-saturated, complex organizations with high end point complexity, internal politics, and regulatory pressures. The purpose of this study was to develop a systematic and organizational perspective for studying (1) the dynamics of cybersecurity capability development at hospitals and (2) how these internal organizational dynamics interact to form a system of hospital cybersecurity in the United States. We conducted interviews with hospital chief information officers, chief information security officers, and health care cybersecurity experts; analyzed the interview data; and developed a system dynamics model that unravels the mechanisms by which hospitals build cybersecurity capabilities. We then use simulation analysis to examine how changes to variables within the model affect the likelihood of cyberattacks across both individual hospitals and a system of hospitals. We discuss several key mechanisms that hospitals use to reduce the likelihood of cybercriminal activity. The variable that most influences the risk of cyberattack in a hospital is end point complexity, followed by internal stakeholder alignment. Although resource availability is important in fueling efforts to close cybersecurity capability gaps, low levels of resources could be compensated for by setting a high target level of cybersecurity. To enhance cybersecurity capabilities at hospitals, the main focus of chief information officers and chief information security officers should be on reducing end point complexity and improving internal stakeholder alignment. These strategies can solve cybersecurity problems more effectively than blindly pursuing more resources. On a macro level, the cyber vulnerability of a country's hospital infrastructure is affected by the vulnerabilities of all individual hospitals. In this large system, reducing variation in resource availability makes the whole system less vulnerable-a few hospitals with low resources for cybersecurity threaten the entire infrastructure of health care. In other words, hospitals need to move forward together to make the industry less attractive to cybercriminals. Moreover, although compliance is essential, it does not equal security. Hospitals should set their target level of cybersecurity beyond the requirements of current regulations and policies. As of today, policies mostly address data privacy, not data security. Thus, policy makers need to introduce policies that not only raise the target level of cybersecurity capabilities but also reduce the variability in resource availability across the entire health care system. ©Mohammad S Jalali, Jessica P Kaiser. Originally published in the Journal of Medical Internet Research (http://www.jmir.org), 28.05.2018.

Report: Information Security Series: Security Practices Comprehensive Environmental Response, Compensation, and Liability Information System

EPA Pesticide Factsheets

Report #2006-P-00019, March 28, 2006. OSWER’s implemented practices to ensure production servers were being monitored for known vulnerabilities and personnel with significant security responsibility completed the Agency’s recommended security training.

The Dollar’s Vulnerability and the Threat to National Security

DTIC Science & Technology

2011-01-01

Monetary Fund (IMF) and the World Bank.31 The system attempted to lower trade barriers by reconciling exchange rate stability and domestic economic...2010). 41 Michael Mussa, " Exchange Rate Adjustments Needed to Reduce Global Payment Imbalances," In Dollar Adjustment: How Far? Against What?, by C...two scenarios for dollar depreciation that help answer this question. The first scenario occurs over 20 years at an annual depreciation rate of 1.75

CrossTalk: The Journal of Defense Software Engineering. Volume 19, Number 9

DTIC Science & Technology

2006-09-01

it does. Several freely down- loadable methodologies have emerged to support the developer in modeling threats to applications and other soft...SECURIS. Model -Driven Develop - ment and Analysis of Secure Information Systems <www.sintef.no/ content/page1_1824.aspx>. 10. The SECURIS Project ...By applying these methods to the SDLC , we can actively reduce the number of known vulnerabilities in software as it is developed . For

Threat driven modeling framework using petri nets for e-learning system.

PubMed

Khamparia, Aditya; Pandey, Babita

2016-01-01

Vulnerabilities at various levels are main cause of security risks in e-learning system. This paper presents a modified threat driven modeling framework, to identify the threats after risk assessment which requires mitigation and how to mitigate those threats. To model those threat mitigations aspects oriented stochastic petri nets are used. This paper included security metrics based on vulnerabilities present in e-learning system. The Common Vulnerability Scoring System designed to provide a normalized method for rating vulnerabilities which will be used as basis in metric definitions and calculations. A case study has been also proposed which shows the need and feasibility of using aspect oriented stochastic petri net models for threat modeling which improves reliability, consistency and robustness of the e-learning system.

Climate challenges, vulnerabilities, and food security

PubMed Central

Nelson, Margaret C.; Ingram, Scott E.; Dugmore, Andrew J.; Streeter, Richard; Peeples, Matthew A.; McGovern, Thomas H.; Hegmon, Michelle; Arneborg, Jette; Brewington, Seth; Spielmann, Katherine A.; Simpson, Ian A.; Strawhacker, Colleen; Comeau, Laura E. L.; Torvinen, Andrea; Madsen, Christian K.; Hambrecht, George; Smiarowski, Konrad

2016-01-01

This paper identifies rare climate challenges in the long-term history of seven areas, three in the subpolar North Atlantic Islands and four in the arid-to-semiarid deserts of the US Southwest. For each case, the vulnerability to food shortage before the climate challenge is quantified based on eight variables encompassing both environmental and social domains. These data are used to evaluate the relationship between the “weight” of vulnerability before a climate challenge and the nature of social change and food security following a challenge. The outcome of this work is directly applicable to debates about disaster management policy. PMID:26712017

Climate challenges, vulnerabilities, and food security.

PubMed

Nelson, Margaret C; Ingram, Scott E; Dugmore, Andrew J; Streeter, Richard; Peeples, Matthew A; McGovern, Thomas H; Hegmon, Michelle; Arneborg, Jette; Kintigh, Keith W; Brewington, Seth; Spielmann, Katherine A; Simpson, Ian A; Strawhacker, Colleen; Comeau, Laura E L; Torvinen, Andrea; Madsen, Christian K; Hambrecht, George; Smiarowski, Konrad

2016-01-12

This paper identifies rare climate challenges in the long-term history of seven areas, three in the subpolar North Atlantic Islands and four in the arid-to-semiarid deserts of the US Southwest. For each case, the vulnerability to food shortage before the climate challenge is quantified based on eight variables encompassing both environmental and social domains. These data are used to evaluate the relationship between the "weight" of vulnerability before a climate challenge and the nature of social change and food security following a challenge. The outcome of this work is directly applicable to debates about disaster management policy.

Exploring the impact of the 2008 global food crisis on food security among vulnerable households in rural South Africa

PubMed Central

Nawrotzki, Raphael J.; Robson, Kristin; Gutilla, Margaret J.; Hunter, Lori M.; Twine, Wayne; Norlund, Petra

2015-01-01

Recurring food crises endanger the livelihoods of millions of households in developing countries around the globe. Owing to the importance of this issue, we explore recent changes in food security between the years 2004 and 2010 in a rural district in Northeastern South Africa. Our study window spans the time of the 2008 global food crises and allows the investigation of its impacts on rural South African populations. Grounded in the sustainable livelihood framework, we examine differences in food security trajectories among vulnerable sub populations. A unique panel data set of 8,147 households, provided by the Agincourt Health and Demographic Surveillance System (Agincourt HDSS), allows us to employ a longitudinal multilevel modeling approach to estimate adjusted growth curves for the differential change in food security across time. We observe an overall improvement in food security that leveled off after 2008, most likely resulting from the global food crisis. In addition, we discover significant differences in food security trajectories for various sub populations. For example, female-headed households and those living in areas with better access to natural resources differentially improved their food security situation, compared to male-headed households and those households with lower levels of natural resource access. However, former Mozambican refugees witnessed a decline in food security. Therefore, poverty alleviation programs for the Agincourt region should work to improve the food security of vulnerable households, such as former Mozambican refugees. PMID:26594259

Cryptanalysis and security enhancement of optical cryptography based on computational ghost imaging

NASA Astrophysics Data System (ADS)

Yuan, Sheng; Yao, Jianbin; Liu, Xuemei; Zhou, Xin; Li, Zhongyang

2016-04-01

Optical cryptography based on computational ghost imaging (CGI) has attracted much attention of researchers because it encrypts plaintext into a random intensity vector rather than complexed-valued function. This promising feature of the CGI-based cryptography reduces the amount of data to be transmitted and stored and therefore brings convenience in practice. However, we find that this cryptography is vulnerable to chosen-plaintext attack because of the linear relationship between the input and output of the encryption system, and three feasible strategies are proposed to break it in this paper. Even though a large number of plaintexts need to be chosen in these attack methods, it means that this cryptography still exists security risks. To avoid these attacks, a security enhancement method utilizing an invertible matrix modulation is further discussed and the feasibility is verified by numerical simulations.

6 CFR 27.220 - Tiering.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 6 Domestic Security 1 2014-01-01 2014-01-01 false Tiering. 27.220 Section 27.220 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical... Risk-Based Tiering. Following review of a covered facility's Security Vulnerability Assessment, the...

6 CFR 27.220 - Tiering.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 6 Domestic Security 1 2013-01-01 2013-01-01 false Tiering. 27.220 Section 27.220 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical... Risk-Based Tiering. Following review of a covered facility's Security Vulnerability Assessment, the...

6 CFR 27.220 - Tiering.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 6 Domestic Security 1 2011-01-01 2011-01-01 false Tiering. 27.220 Section 27.220 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical... Risk-Based Tiering. Following review of a covered facility's Security Vulnerability Assessment, the...

6 CFR 27.220 - Tiering.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 6 Domestic Security 1 2012-01-01 2012-01-01 false Tiering. 27.220 Section 27.220 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical... Risk-Based Tiering. Following review of a covered facility's Security Vulnerability Assessment, the...

Defining Resilience and Vulnerability Based on Ontology Engineering Approach

NASA Astrophysics Data System (ADS)

Kumazawa, T.; Matsui, T.; Endo, A.

2014-12-01

It is necessary to reflect the concepts of resilience and vulnerability into the assessment framework of "Human-Environmental Security", but it is also in difficulty to identify the linkage between both concepts because of the difference of the academic community which has discussed each concept. The authors have been developing the ontology which deals with the sustainability of the social-ecological systems (SESs). Resilience and vulnerability are also the concepts in the target world which this ontology covers. Based on this point, this paper aims at explicating the semantic relationship between the concepts of resilience and vulnerability based on ontology engineering approach. For this purpose, we first examine the definitions of resilience and vulnerability which the existing literatures proposed. Second, we incorporate the definitions in the ontology dealing with sustainability of SESs. Finally, we focus on the "Water-Energy-Food Nexus Index" to assess Human-Environmental Security, and clarify how the concepts of resilience and vulnerability are linked semantically through the concepts included in these index items.

75 FR 71721 - Pittsburgh Area Maritime Security Committee; Vacancies

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-24

...: Identifying critical port infrastructure and operations; Identifying risks (threats, vulnerabilities, and... considering consequences and vulnerabilities, how they may change over time, and what additional mitigation...

Exploring the Public Health Impacts of Private Security Guards on People Who Use Drugs: a Qualitative Study.

PubMed

Markwick, Nicole; McNeil, Ryan; Small, Will; Kerr, Thomas

2015-12-01

Private security guards occupy an increasingly prominent role in the policing of private and public spaces. There are growing concerns regarding security guards' potential to shape violence, discrimination, and adverse health outcomes among vulnerable populations, including people who use drugs (PWUD). This is relevant in Vancouver, Canada, where private security guards have increasingly been employed by private organizations to manage public and private spaces, including those within urban drug scenes. This qualitative study sought to understand interactions between PWUD and private security guards and explore their impacts on health care access, risks, and harms among PWUD. Semi-structured interviews were conducted with 30 PWUD recruited from two ongoing prospective cohort studies. Interviews were transcribed and analyzed using a coding framework comprised of a priori and emergent categories. Study data indicate that participants experience pervasive, discriminatory profiling and surveillance by security guards, which exacerbates existing social marginalization and structural vulnerability, particularly among PWUD of Aboriginal ancestry. Participants reported that security guards restrict PWUD's access to public and private spaces, including pharmacies and hospitals. PWUD also reported that their interactions with security guards often involved interpersonal violence and aggression, experiences that served to increase their vulnerability to subsequent risks and harms. Our findings highlight that private security forces contribute significantly to the everyday violence experienced by PWUD within drug scenes and elsewhere and do so in a manner very similar to that of traditional police forces. These findings point to the urgent need for greater oversight and training of private security guards in order to protect the health and safety of PWUD.

Impact of Security Awareness Programs on End-User Security Behavior: A Quantitative Study of Federal Workers

ERIC Educational Resources Information Center

Smith, Gwendolynn T.

2012-01-01

The increasing dependence on technology presented more vulnerability to security breaches of information and the need to assess security awareness levels in federal organizations, as well as other organizations. Increased headlines of security breaches of federal employees' security actions prompted this study. The research study reviewed the…

Livestock and food security: vulnerability to population growth and climate change.

PubMed

Godber, Olivia F; Wall, Richard

2014-10-01

Livestock production is an important contributor to sustainable food security for many nations, particularly in low-income areas and marginal habitats that are unsuitable for crop production. Animal products account for approximately one-third of global human protein consumption. Here, a range of indicators, derived from FAOSTAT and World Bank statistics, are used to model the relative vulnerability of nations at the global scale to predicted climate and population changes, which are likely to impact on their use of grazing livestock for food. Vulnerability analysis has been widely used in global change science to predict impacts on food security and famine. It is a tool that is useful to inform policy decision making and direct the targeting of interventions. The model developed shows that nations within sub-Saharan Africa, particularly in the Sahel region, and some Asian nations are likely to be the most vulnerable. Livestock-based food security is already compromised in many areas on these continents and suffers constraints from current climate in addition to the lack of economic and technical support allowing mitigation of predicted climate change impacts. Governance is shown to be a highly influential factor and, paradoxically, it is suggested that current self-sufficiency may increase future potential vulnerability because trade networks are poorly developed. This may be relieved through freer trade of food products, which is also associated with improved governance. Policy decisions, support and interventions will need to be targeted at the most vulnerable nations, but given the strong influence of governance, to be effective, any implementation will require considerable care in the management of underlying structural reform. © 2014 The Authors. Global Change Biology Published by John Wiley & Sons Ltd.

75 FR 60133 - Detroit Area Maritime Security Committee (AMSC); Vacancies

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-29

... (threats, vulnerabilities, and consequences); Determining mitigation strategies and implementation methods... consequences and vulnerabilities, how they may change over time, and what additional mitigation strategies can...

75 FR 24961 - Pittsburgh Area Maritime Security Committee; Vacancies

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-06

... critical port infrastructure and operations; Identifying risks (threats, vulnerabilities, and consequences... and vulnerabilities, how they may change over time, and what additional mitigation strategies can be...

A Methodology for Dynamic Security Risk Quantification and Optimal Resource Allocation of Security Assets

DOE Office of Scientific and Technical Information (OSTI.GOV)

Brigantic, Robert T.; Betzsold, Nick J.; Bakker, Craig KR

In this presentation we overview a methodology for dynamic security risk quantification and optimal resource allocation of security assets for high profile venues. This methodology is especially applicable to venues that require security screening operations such as mass transit (e.g., train or airport terminals), critical infrastructure protection (e.g., government buildings), and largescale public events (e.g., concerts or professional sports). The method starts by decomposing the three core components of risk -- threat, vulnerability, and consequence -- into their various subcomponents. For instance, vulnerability can be decomposed into availability, accessibility, organic security, and target hardness and each of these can bemore » evaluated against the potential threats of interest for the given venue. Once evaluated, these subcomponents are rolled back up to compute the specific value for the vulnerability core risk component. Likewise, the same is done for consequence and threat, and then risk is computed as the product of these three components. A key aspect of our methodology is dynamically quantifying risk. That is, we incorporate the ability to uniquely allow the subcomponents and core components, and in turn, risk, to be quantified as a continuous function of time throughout the day, week, month, or year as appropriate.« less

Examining the Impact of Non-Technical Security Management Factors on Information Security Management in Health Informatics

ERIC Educational Resources Information Center

Imam, Abbas H.

2013-01-01

Complexity of information security has become a major issue for organizations due to incessant threats to information assets. Healthcare organizations are particularly concerned with security owing to the inherent vulnerability of sensitive information assets in health informatics. While the non-technical security management elements have been at…

State of security at US colleges and universities: a national stakeholder assessment and recommendations.

PubMed

Greenberg, Sheldon F

2007-09-01

In 2004 the US Department of Justice, Office of Community Oriented Policing Services, sponsored a National Summit on Campus Public Safety. The summit brought together various stakeholders including campus police and security officials, local police chiefs, college and university faculty and administrators, federal officials, students and parents, and community leaders to address the issues and complexities of campus safety. Delegates to the summit identified key issues in campus safety and security, which included establishing a national center on campus safety, balancing traditional open environments with the need to secure vulnerable sites, improving coordination with state and local police, reducing internal fragmentation, elevating professionalism, and increasing eligibility of campus police and security agencies to compete for federal law enforcement funds. Focus on "active shooters" on campus, resulting from the Virginia Tech incident, should not diminish attention placed on the broader, more prevalent safety and security issues facing the nation's educational campuses. Recommendations resulting from the summit called for establishing a national agenda on campus safety, formation of a national center on campus public safety, and increased opportunity for campus police and security agencies to compete for federal and state funds.

Aviation security : vulnerabilities still exist in the aviation security system

DOT National Transportation Integrated Search

2000-04-06

The testimony today discusses the Federal Aviation Administration's (FAA) efforts to implement and improve security in two key areas: air traffic control computer systems and airport passenger screening checkpoints. Computer systems-and the informati...

Safe teleradiology: information assurance as project planning methodology.

PubMed

Collmann, Jeff; Alaoui, Adil; Nguyen, Dan; Lindisch, David

2005-01-01

The Georgetown University Medical Center Department of Radiology used a tailored version of OCTAVE, a self-directed information security risk assessment method, to design a teleradiology system that complied with the regulation implementing the security provisions of the Health Insurance Portability and Accountability Act (HIPAA) of 1996. The system addressed threats to and vulnerabilities in the privacy and security of protected health information. By using OCTAVE, Georgetown identified the teleradiology program's critical assets, described threats to the assurance of those assets, developed and ran vulnerability scans of a system pilot, evaluated the consequences of security breaches, and developed a risk management plan to mitigate threats to program assets, thereby implementing good information assurance practices. This case study illustrates the basic point that prospective, comprehensive planning to protect the privacy and security of an information system strategically benefits program management as well as system security.

Worldwide Emerging Environmental Issues Affecting the U.S. Military. April 2006 Report

DTIC Science & Technology

2006-04-01

Knowledge and Security Some of the most prominent discussions are as follows: - Dissolving coral reef shells are explained by greater increases in CO2...levels within oceanic waters. Especially vulnerable are cold sea corals and recently discovered planktonic organisms. Increases of CO2 reduce pH...leading to acidification . The panelists at the EGU Assembly suggested that 1/3 of all CO2 is absorbed into oceans and that it has recently been

33 CFR 103.310 - Responsibilities of the Area Maritime Security (AMS) Committee.

Code of Federal Regulations, 2010 CFR

2010-07-01

... (threats, vulnerabilities, and consequences); (3) Determine mitigation strategies and implementation... consequences and vulnerabilities, how they may change over time, and what additional mitigation strategies can...

Alexa, Can I Trust You?

PubMed Central

Chung, Hyunji; Iorga, Michaela; Voas, Jeffrey; Lee, Sangjin

2017-01-01

Security diagnostics expose vulnerabilities and privacy threats that exist in commercial Intelligent Virtual Assistants (IVA) – diagnostics offer the possibility of securer IVA ecosystems. PMID:29213147

E-mail security. An overview of threats and safeguards.

PubMed

Stine, Kevin; Scholl, Matthew

2010-04-01

Not everyone in the organization needs to know how to secure the e-mail service, but anyone who handles patient information must understand e-mail's vulnerabilities and recognize when a system is secure enough to transmit sensitive information.

Security: Progress and Challenges

ERIC Educational Resources Information Center

Luker, Mark A.

2004-01-01

The Homepage column in the March/April 2003 issue of "EDUCAUSE Review" explained the national implication of security vulnerabilities in higher education and the role of the EDUCAUSE/Internet2 Computer and Network Security Task Force in representing the higher education sector in the development of the National Strategy to Secure Cyberspace. Among…

A Security Audit Framework to Manage Information System Security

NASA Astrophysics Data System (ADS)

Pereira, Teresa; Santos, Henrique

The widespread adoption of information and communication technology have promoted an increase dependency of organizations in the performance of their Information Systems. As a result, adequate security procedures to properly manage information security must be established by the organizations, in order to protect their valued or critical resources from accidental or intentional attacks, and ensure their normal activity. A conceptual security framework to manage and audit Information System Security is proposed and discussed. The proposed framework intends to assist organizations firstly to understand what they precisely need to protect assets and what are their weaknesses (vulnerabilities), enabling to perform an adequate security management. Secondly, enabling a security audit framework to support the organization to assess the efficiency of the controls and policy adopted to prevent or mitigate attacks, threats and vulnerabilities, promoted by the advances of new technologies and new Internet-enabled services, that the organizations are subject of. The presented framework is based on a conceptual model approach, which contains the semantic description of the concepts defined in information security domain, based on the ISO/IEC_JCT1 standards.

Securing America’s Passenger-Rail Systems

DTIC Science & Technology

2007-01-01

around the world highlight the vulnerability of rail travel and the importance of rail security for these passengers. The use of passenger rail and...take to U.S. railways. Recent attacks on passenger-rail systems around the world highlight the vulnerability of rail travel and the importance of rail...rails (Boardman, 2005), making more than 3.5 billion trips (APTA, 2006).1 And these estimates do not count the passengers traveling on the National

Intentional cargo disruption by nefarious means: Examining threats, systemic vulnerabilities and securitisation measures in complex global supply chains.

PubMed

McGreevy, Conor; Harrop, Wayne

2015-01-01

Global trade and commerce requires products to be securely contained and transferred in a timely way across great distances and between national boundaries. Throughout the process, cargo and containers are stored, handled and checked by a range of authorities and authorised agents. Intermodal transportation involves the use of container ships, planes, railway systems, land bridges, road networks and barges. This paper examines the the nefarious nature of intentional disruption and nefarious risks associated with the movement of cargo and container freight. The paper explores main threats, vulnerabilities and security measures relevant to significant intermodal transit risk issues such as theft, piracy, terrorism, contamination, counterfeiting and product tampering. Three risk and vulnerability models are examined and basic standards and regulations that are relevant to safe and secure transit of container goods across international supply networks are outlined.

On the security of a simple three-party key exchange protocol without server's public keys.

PubMed

Nam, Junghyun; Choo, Kim-Kwang Raymond; Park, Minkyu; Paik, Juryon; Won, Dongho

2014-01-01

Authenticated key exchange protocols are of fundamental importance in securing communications and are now extensively deployed for use in various real-world network applications. In this work, we reveal major previously unpublished security vulnerabilities in the password-based authenticated three-party key exchange protocol according to Lee and Hwang (2010): (1) the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2) the protocol cannot protect clients' passwords against an offline dictionary attack; and (3) the indistinguishability-based security of the protocol can be easily broken even in the presence of a passive adversary. We also propose an improved password-based authenticated three-party key exchange protocol that addresses the security vulnerabilities identified in the Lee-Hwang protocol.

On the Security of a Simple Three-Party Key Exchange Protocol without Server's Public Keys

PubMed Central

Nam, Junghyun; Choo, Kim-Kwang Raymond; Park, Minkyu; Paik, Juryon; Won, Dongho

2014-01-01

Authenticated key exchange protocols are of fundamental importance in securing communications and are now extensively deployed for use in various real-world network applications. In this work, we reveal major previously unpublished security vulnerabilities in the password-based authenticated three-party key exchange protocol according to Lee and Hwang (2010): (1) the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2) the protocol cannot protect clients' passwords against an offline dictionary attack; and (3) the indistinguishability-based security of the protocol can be easily broken even in the presence of a passive adversary. We also propose an improved password-based authenticated three-party key exchange protocol that addresses the security vulnerabilities identified in the Lee-Hwang protocol. PMID:25258723

Security Enhanced User Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography

PubMed Central

Choi, Younsung; Lee, Donghoon; Kim, Jiye; Jung, Jaewook; Nam, Junghyun; Won, Dongho

2014-01-01

Wireless sensor networks (WSNs) consist of sensors, gateways and users. Sensors are widely distributed to monitor various conditions, such as temperature, sound, speed and pressure but they have limited computational ability and energy. To reduce the resource use of sensors and enhance the security of WSNs, various user authentication protocols have been proposed. In 2011, Yeh et al. first proposed a user authentication protocol based on elliptic curve cryptography (ECC) for WSNs. However, it turned out that Yeh et al.'s protocol does not provide mutual authentication, perfect forward secrecy, and key agreement between the user and sensor. Later in 2013, Shi et al. proposed a new user authentication protocol that improves both security and efficiency of Yeh et al.'s protocol. However, Shi et al.'s improvement introduces other security weaknesses. In this paper, we show that Shi et al.'s improved protocol is vulnerable to session key attack, stolen smart card attack, and sensor energy exhausting attack. In addition, we propose a new, security-enhanced user authentication protocol using ECC for WSNs. PMID:24919012

Security enhanced user authentication protocol for wireless sensor networks using elliptic curves cryptography.

PubMed

Choi, Younsung; Lee, Donghoon; Kim, Jiye; Jung, Jaewook; Nam, Junghyun; Won, Dongho

2014-06-10

Wireless sensor networks (WSNs) consist of sensors, gateways and users. Sensors are widely distributed to monitor various conditions, such as temperature, sound, speed and pressure but they have limited computational ability and energy. To reduce the resource use of sensors and enhance the security of WSNs, various user authentication protocols have been proposed. In 2011, Yeh et al. first proposed a user authentication protocol based on elliptic curve cryptography (ECC) for WSNs. However, it turned out that Yeh et al.'s protocol does not provide mutual authentication, perfect forward secrecy, and key agreement between the user and sensor. Later in 2013, Shi et al. proposed a new user authentication protocol that improves both security and efficiency of Yeh et al.'s protocol. However, Shi et al.'s improvement introduces other security weaknesses. In this paper, we show that Shi et al.'s improved protocol is vulnerable to session key attack, stolen smart card attack, and sensor energy exhausting attack. In addition, we propose a new, security-enhanced user authentication protocol using ECC for WSNs.

Assessing the Agricultural Vulnerability for India under Changing Climate

NASA Astrophysics Data System (ADS)

Sharma, Tarul; Vardhan Murari, Harsha; Karmakar, Subhankar; Ghosh, Subimal; Singh, Jitendra

2016-04-01

Global climate change has proven to show majorly negative impacts for the far future. These negative impacts adversely affect almost all the fields including agriculture, water resources, tourism, and marine ecosystem. Among these, the effects on agriculture are considered to be of prime importance since its regional impacts can directly affect the global food security. Under such lines, it becomes essential to understand how climate change directs agricultural production for a region along with its vulnerability. In India, rice and wheat are considered as major staple diet and hence understanding its production loss/gain due to regional vulnerability to climate change becomes necessary. Here, an attempt has been made to understand the agricultural vulnerability for rice and wheat, considering yield as a function of temperature and precipitation during growing period. In order to accomplish this objective, the ratio of actual to potential evapo-transpiration has been considered which serves as a reliable indicator; with more this ratio towards unity, less vulnerable will be the region. The current objective needs an integration of climatic, hydrological and agricultural parameters; that can be achieved by simulating a climate data driven hydrologic (Variable Infiltration Capacity, VIC) model and a crop (Decision Support System for Agrotechnology Transfer, DSSAT) model. The proposed framework is an attempt to derive a crop vulnerability map that can facilitate in strategizing adaption practices which can reduce the adverse impacts of climate change in future.

Threats and risks to information security: a practical analysis of free access wireless networks

NASA Astrophysics Data System (ADS)

Quirumbay, Daniel I.; Coronel, Iván. A.; Bayas, Marcia M.; Rovira, Ronald H.; Gromaszek, Konrad; Tleshova, Akmaral; Kozbekova, Ainur

2017-08-01

Nowadays, there is an ever-growing need to investigate, consult and communicate through the internet. This need leads to the intensification of free access to the web in strategic and functional points for the benefit of the community. However, this open access is also related to the increase of information insecurity. The existing works on computer security primarily focus on the development of techniques to reduce cyber-attacks. However, these approaches do not address the sector of inexperienced users who have difficulty understanding browser settings. Two methods can solve this problem: first the development of friendly browsers with intuitive setups for new users and on the other hand, by implementing awareness programs on essential security without deepening on technical information. This article addresses an analysis of the vulnerabilities of wireless equipment that provides internet service in the open access zones and the potential risks that could be found when using these means.

32 CFR 2001.48 - Loss, possible compromise or unauthorized disclosure.

Code of Federal Regulations, 2010 CFR

2010-07-01

... governments normally will not be advised of any security system vulnerabilities that contributed to the... INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION Safeguarding § 2001.48 Loss, possible compromise or unauthorized disclosure. (a...

10 CFR 1017.5 - Requesting a deviation.

Code of Federal Regulations, 2010 CFR

2010-01-01

... create a potential or real vulnerability); or (3) An exception (i.e., an approved deviation from a requirement in these regulations for which DOE accepts the risk of a safeguards and security vulnerability...

Protecting water and wastewater infrastructure from cyber attacks

NASA Astrophysics Data System (ADS)

Panguluri, Srinivas; Phillips, William; Cusimano, John

2011-12-01

Multiple organizations over the years have collected and analyzed data on cyber attacks and they all agree on one conclusion: cyber attacks are real and can cause significant damages. This paper presents some recent statistics on cyber attacks and resulting damages. Water and wastewater utilities must adopt countermeasures to prevent or minimize the damage in case of such attacks. Many unique challenges are faced by the water and wastewater industry while selecting and implementing security countermeasures; the key challenges are: 1) the increasing interconnection of their business and control system networks, 2) large variation of proprietary industrial control equipment utilized, 3) multitude of cross-sector cyber-security standards, and 4) the differences in the equipment vendor's approaches to meet these security standards. The utilities can meet these challenges by voluntarily selecting and adopting security standards, conducting a gap analysis, performing vulnerability/risk analysis, and undertaking countermeasures that best meets their security and organizational requirements. Utilities should optimally utilize their limited resources to prepare and implement necessary programs that are designed to increase cyber-security over the years. Implementing cyber security does not necessarily have to be expensive, substantial improvements can be accomplished through policy, procedure, training and awareness. Utilities can also get creative and allocate more funding through annual budgets and reduce dependence upon capital improvement programs to achieve improvements in cyber-security.

Methods to Secure Databases Against Vulnerabilities

DTIC Science & Technology

2015-12-01

for several languages such as C, C++, PHP, Java and Python [16]. MySQL will work well with very large databases. The documentation references...using Eclipse and connected to each database management system using Python and Java drivers provided by MySQL , MongoDB, and Datastax (for Cassandra...tiers in Python and Java . Problem MySQL MongoDB Cassandra 1. Injection a. Tautologies Vulnerable Vulnerable Not Vulnerable b. Illegal query

Automated Software Vulnerability Analysis

NASA Astrophysics Data System (ADS)

Sezer, Emre C.; Kil, Chongkyung; Ning, Peng

Despite decades of research, software continues to have vulnerabilities. Successful exploitations of these vulnerabilities by attackers cost millions of dollars to businesses and individuals. Unfortunately, most effective defensive measures, such as patching and intrusion prevention systems, require an intimate knowledge of the vulnerabilities. Many systems for detecting attacks have been proposed. However, the analysis of the exploited vulnerabilities is left to security experts and programmers. Both the human effortinvolved and the slow analysis process are unfavorable for timely defensive measure to be deployed. The problem is exacerbated by zero-day attacks.

Securing Public Safety Vehicles: Reducing Vulnerabilities by Leveraging Smart Technology and Design Strategies

DTIC Science & Technology

2013-12-01

Protective Equipment Sizing and Design ,” Human Factors: The Journal of the Human Factors and Ergonomics Society 55, no. 1 (2013): 6–35; Hsiao...firefighters. The information will be used to improve apparatus design , revise NFPA 1901 Standard for Automotive Fire Apparatus, and improve cab, seat ... Design .” Human Factors: The Journal of the Human Factors and Ergonomics Society 55, no. 1 (2013): 6–35. ———. Sizing Firefighters and Fire Apparatus

The biological threat to U.S. water supplies: Toward a national water security policy.

PubMed

Nuzzo, Jennifer B

2006-01-01

In addition to providing potable drinking water, U.S. water systems are critical to the maintenance of many vital public services, such as fire suppression and power generation. Disruption of these systems would produce severe public health and safety risks, as well as considerable economic losses. Thus, water systems have been designated as critical to national security by the U.S. government. Previous outbreaks of waterborne disease have demonstrated the vulnerability of both the water supply and the public's health to biological contamination of drinking water. Such experiences suggest that a biological attack, or even a credible threat of an attack, on water infrastructure could seriously jeopardize the public's health, its confidence, and the economic vitality of a community. Despite these recognized vulnerabilities, protecting water supplies from a deliberate biological attack has not been sufficiently addressed. Action in this area has suffered from a lack of scientific understanding of the true vulnerability of water supplies to intentional contamination with bioweapons, insufficient tools for detecting biological agents, and a lack of funds to implement security improvements. Much of what is needed to address the vulnerability of the national water supply falls outside the influence of individual utilities. This includes developing a national research agenda to appropriately identify and characterize waterborne threats and making funds available to implement security improvements.

CONFU: Configuration Fuzzing Testing Framework for Software Vulnerability Detection

PubMed Central

Dai, Huning; Murphy, Christian; Kaiser, Gail

2010-01-01

Many software security vulnerabilities only reveal themselves under certain conditions, i.e., particular configurations and inputs together with a certain runtime environment. One approach to detecting these vulnerabilities is fuzz testing. However, typical fuzz testing makes no guarantees regarding the syntactic and semantic validity of the input, or of how much of the input space will be explored. To address these problems, we present a new testing methodology called Configuration Fuzzing. Configuration Fuzzing is a technique whereby the configuration of the running application is mutated at certain execution points, in order to check for vulnerabilities that only arise in certain conditions. As the application runs in the deployment environment, this testing technique continuously fuzzes the configuration and checks “security invariants” that, if violated, indicate a vulnerability. We discuss the approach and introduce a prototype framework called ConFu (CONfiguration FUzzing testing framework) for implementation. We also present the results of case studies that demonstrate the approach’s feasibility and evaluate its performance. PMID:21037923

An index to determine vulnerability of communities in a coastal zone: a case study of Baler, Aurora, Philippines.

PubMed

Orencio, Pedcris M; Fujii, Masahiko

2013-02-01

A coastal community vulnerability index (CCVI) was constructed to evaluate the vulnerability of coastal communities (Buhangin, Pingit, Reserva, Sabang, and Zabali) in the municipality of Baler, Aurora, Philippines. This index was composed of weighted averages of seven vulnerability factors namely geographical, economic and livelihood, food security, environmental, policy and institutional, demographic, and capital good. Factor values were computed based on scores that described range of conditions that influence communities' susceptibility to hazard effects. Among the factors evaluated, economic and livelihood, policy and institutional and food security contributed to CCVI across communities. Only small variations on CCVI values (i.e., 0.47-0.53) were observed as factor values cancelled out one another during combination process. Overall, Sabang received the highest CCVI, which was contributed mainly by geographical and demographic factors. This technique to determine factors that influenced communities' vulnerability can provide information for local governments in enhancing policies on risk mitigation and adaptation.

75 FR 18819 - Second DRAFT NIST Interagency Report (NISTIR) 7628, Smart Grid Cyber Security Strategy and...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-13

...-0143-01] Second DRAFT NIST Interagency Report (NISTIR) 7628, Smart Grid Cyber Security Strategy and... (NIST) seeks comments on the second draft of NISTIR 7628, Smart Grid Cyber Security Strategy and..., vulnerability categories, bottom-up analysis, individual logical interface diagrams, and the cyber security...

Embedding Secure Coding Instruction into the IDE: Complementing Early and Intermediate CS Courses with ESIDE

ERIC Educational Resources Information Center

Whitney, Michael; Lipford, Heather Richter; Chu, Bill; Thomas, Tyler

2018-01-01

Many of the software security vulnerabilities that people face today can be remediated through secure coding practices. A critical step toward the practice of secure coding is ensuring that our computing students are educated on these practices. We argue that secure coding education needs to be included across a computing curriculum. We are…

Safer stops for vulnerable customers

DOT National Transportation Integrated Search

2003-03-01

This synthesis report presents a brief synopsis of the current literature and technologies being used in the development of safer and more secure bus stops. While the focus is more specifically with regard to vulnerable populations - women, children,...

Predicting Vulnerability Risks Using Software Characteristics

ERIC Educational Resources Information Center

Roumani, Yaman

2012-01-01

Software vulnerabilities have been regarded as one of the key reasons for computer security breaches that have resulted in billions of dollars in losses per year (Telang and Wattal 2005). With the growth of the software industry and the Internet, the number of vulnerability attacks and the ease with which an attack can be made have increased. From…

Security Vulnerability Profiles of NASA Mission Software: Empirical Analysis of Security Related Bug Reports

NASA Technical Reports Server (NTRS)

Goseva-Popstojanova, Katerina; Tyo, Jacob P.; Sizemore, Brian

2017-01-01

NASA develops, runs, and maintains software systems for which security is of vital importance. Therefore, it is becoming an imperative to develop secure systems and extend the current software assurance capabilities to cover information assurance and cybersecurity concerns of NASA missions. The results presented in this report are based on the information provided in the issue tracking systems of one ground mission and one flight mission. The extracted data were used to create three datasets: Ground mission IVV issues, Flight mission IVV issues, and Flight mission Developers issues. In each dataset, we identified the software bugs that are security related and classified them in specific security classes. This information was then used to create the security vulnerability profiles (i.e., to determine how, why, where, and when the security vulnerabilities were introduced) and explore the existence of common trends. The main findings of our work include:- Code related security issues dominated both the Ground and Flight mission IVV security issues, with 95 and 92, respectively. Therefore, enforcing secure coding practices and verification and validation focused on coding errors would be cost effective ways to improve mission's security. (Flight mission Developers issues dataset did not contain data in the Issue Category.)- In both the Ground and Flight mission IVV issues datasets, the majority of security issues (i.e., 91 and 85, respectively) were introduced in the Implementation phase. In most cases, the phase in which the issues were found was the same as the phase in which they were introduced. The most security related issues of the Flight mission Developers issues dataset were found during Code Implementation, Build Integration, and Build Verification; the data on the phase in which these issues were introduced were not available for this dataset.- The location of security related issues, as the location of software issues in general, followed the Pareto principle. Specifically, for all three datasets, from 86 to 88 the security related issues were located in two to four subsystems.- The severity levels of most security issues were moderate, in all three datasets.- Out of 21 primary security classes, five dominated: Exception Management, Memory Access, Other, Risky Values, and Unused Entities. Together, these classes contributed from around 80 to 90 of all security issues in each dataset. This again proves the Pareto principle of uneven distribution of security issues, in this case across CWE classes, and supports the fact that addressing these dominant security classes provides the most cost efficient way to improve missions' security. The findings presented in this report uncovered the security vulnerability profiles and identified the common trends and dominant classes of security issues, which in turn can be used to select the most efficient secure design and coding best practices compiled by the part of the SARP project team associated with the NASA's Johnson Space Center. In addition, these findings provide valuable input to the NASA IVV initiative aimed at identification of the two 25 CWEs of ground and flight missions.

78 FR 42101 - Boston Area Maritime Security Advisory Committee; Vacancies

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-15

...: Identifying critical port infrastructure and operations; Identifying risks (threats, vulnerabilities, and... years of experience related to maritime or port security operations. AMSC Membership The Boston AMSC has... security industries. In support of the USCG policy on gender and ethnic nondiscrimination, we encourage...

77 FR 39249 - Boston Area Maritime Security Advisory Committee; Vacancies

Federal Register 2010, 2011, 2012, 2013, 2014

2012-07-02

...: Identifying critical port infrastructure and operations; Identifying risks (threats, vulnerabilities, and... years of experience related to maritime or port security operations. AMSC Membership The Boston AMSC has... security industries. In support of the USCG policy on gender and ethnic diversity, we encourage qualified...

Interactive Programming Support for Secure Software Development

ERIC Educational Resources Information Center

Xie, Jing

2012-01-01

Software vulnerabilities originating from insecure code are one of the leading causes of security problems people face today. Unfortunately, many software developers have not been adequately trained in writing secure programs that are resistant from attacks violating program confidentiality, integrity, and availability, a style of programming…

High Assurance Models for Secure Systems

ERIC Educational Resources Information Center

Almohri, Hussain M. J.

2013-01-01

Despite the recent advances in systems and network security, attacks on large enterprise networks consistently impose serious challenges to maintaining data privacy and software service integrity. We identify two main problems that contribute to increasing the security risk in a networked environment: (i) vulnerable servers, workstations, and…

VMSoar: a cognitive agent for network security

NASA Astrophysics Data System (ADS)

Benjamin, David P.; Shankar-Iyer, Ranjita; Perumal, Archana

2005-03-01

VMSoar is a cognitive network security agent designed for both network configuration and long-term security management. It performs automatic vulnerability assessments by exploring a configuration"s weaknesses and also performs network intrusion detection. VMSoar is built on the Soar cognitive architecture, and benefits from the general cognitive abilities of Soar, including learning from experience, the ability to solve a wide range of complex problems, and use of natural language to interact with humans. The approach used by VMSoar is very different from that taken by other vulnerability assessment or intrusion detection systems. VMSoar performs vulnerability assessments by using VMWare to create a virtual copy of the target machine then attacking the simulated machine with a wide assortment of exploits. VMSoar uses this same ability to perform intrusion detection. When trying to understand a sequence of network packets, VMSoar uses VMWare to make a virtual copy of the local portion of the network and then attempts to generate the observed packets on the simulated network by performing various exploits. This approach is initially slow, but VMSoar"s learning ability significantly speeds up both vulnerability assessment and intrusion detection. This paper describes the design and implementation of VMSoar, and initial experiments with Windows NT and XP.

Aviation Security: Vulnerabilities in, and Alternatives for, Preboard Screening Security Operations

DTIC Science & Technology

2001-09-25

establishing the certification program. This regulation is particularly significant because it is to include requirements mandated by the Airport Security Improvement...Assessment of Airport Security Screener Performance and Retention, Sept. 15, 2000. Page 8 GAO-01-1171T Criteria for Assessing Shifting responsibility for...airline and airport security officials to assess each option for reassigning screening responsibility against the key criteria- Specifically, we asked

Better Safe than Sorry: Panic Buttons as a Security Measure in an Academic Medical Library

ERIC Educational Resources Information Center

McMullen, Karen D.; Kane, Laura Townsend

2008-01-01

In the wake of recent tragedies, campus security has become a hot issue nationwide. Campus libraries, as traditional meeting spots for varied groups of people, are particularly vulnerable to security issues. Safety and security problems that can occur at any library generally include theft, vandalism, arson, antisocial behavior, and assaults on…

Information Technology Security Professionals' Knowledge and Use Intention Based on UTAUT Model

ERIC Educational Resources Information Center

Kassa, Woldeloul

2016-01-01

Information technology (IT) security threats and vulnerabilities have become a major concern for organizations in the United States. However, there has been little research on assessing the effect of IT security professionals' knowledge on the use of IT security controls. This study examined the unified theory of acceptance and use of technology…

Mixed-Method Quasi-Experimental Study of Outcomes of a Large-Scale Multilevel Economic and Food Security Intervention on HIV Vulnerability in Rural Malawi.

PubMed

Weinhardt, Lance S; Galvao, Loren W; Yan, Alice F; Stevens, Patricia; Mwenyekonde, Thokozani Ng'ombe; Ngui, Emmanuel; Emer, Lindsay; Grande, Katarina M; Mkandawire-Valhmu, Lucy; Watkins, Susan C

2017-03-01

The objective of the Savings, Agriculture, Governance, and Empowerment for Health (SAGE4Health) study was to evaluate the impact of a large-scale multi-level economic and food security intervention on health outcomes and HIV vulnerability in rural Malawi. The study employed a quasi-experimental non-equivalent control group design to compare intervention participants (n = 598) with people participating in unrelated programs in distinct but similar geographical areas (control, n = 301). We conducted participant interviews at baseline, 18-, and 36-months on HIV vulnerability and related health outcomes, food security, and economic vulnerability. Randomly selected households (n = 1002) were interviewed in the intervention and control areas at baseline and 36 months. Compared to the control group, the intervention led to increased HIV testing (OR 1.90; 95 % CI 1.29-2.78) and HIV case finding (OR = 2.13; 95 % CI 1.07-4.22); decreased food insecurity (OR = 0.74; 95 % CI 0.63-0.87), increased nutritional diversity, and improved economic resilience to shocks. Most effects were sustained over a 3-year period. Further, no significant differences in change were found over the 3-year study period on surveys of randomly selected households in the intervention and control areas. Although there were general trends toward improvement in the study area, only intervention participants' outcomes were significantly better. Results indicate the intervention can improve economic and food security and HIV vulnerability through increased testing and case finding. Leveraging the resources of economic development NGOs to deliver locally-developed programs with scientific funding to conduct controlled evaluations has the potential to accelerate the scientific evidence base for the effects of economic development programs on health.

One health security: an important component of the global health security agenda.

PubMed

Gronvall, Gigi; Boddie, Crystal; Knutsson, Rickard; Colby, Michelle

2014-01-01

The objectives of the Global Health Security Agenda (GHSA) will require not only a "One Health" approach to counter natural disease threats against humans, animals, and the environment, but also a security focus to counter deliberate threats to human, animal, and agricultural health and to nations' economies. We have termed this merged approach "One Health Security." It will require the integration of professionals with expertise in security, law enforcement, and intelligence to join the veterinary, agricultural, environmental, and human health experts essential to One Health and the GHSA. Working across such different professions, which occasionally have conflicting aims and different professional cultures, poses multiple challenges, but a multidisciplinary and multisectoral approach is necessary to prevent disease threats; detect them as early as possible (when responses are likely to be most effective); and, in the case of deliberate threats, find who may be responsible. This article describes 2 project areas that exemplify One Health Security that were presented at a workshop in January 2014: the US government and private industry efforts to reduce vulnerabilities to foreign animal diseases, especially foot-and-mouth disease; and AniBioThreat, an EU project to counter deliberate threats to agriculture by raising awareness and implementing prevention and response policies and practices.

Working to eat: Vulnerability, food insecurity, and obesity among migrant and seasonal farmworker families.

PubMed

Borre, Kristen; Ertle, Luke; Graff, Mariaelisa

2010-04-01

Food insecurity and obesity have potential health consequences for migrant and seasonal farm workers (MSFW). Thirty-six Latino MSFW working in eastern North Carolina whose children attended Migrant Head Start completed interviews, focus groups and home visits. Content analysis, nutrient analysis, and non-parametric statistical analysis produced results. MSFW (63.8%) families were food insecure; of those, 34.7% experienced hunger. 32% of pre-school children were food insecure. Food secure families spent more money on food. Obesity was prevalent in adults and children but the relationship to food insecurity remains unclear. Strategies to reduce risk of foods insecurity were employed by MSFW, but employer and community assistance is needed to reduce their risk. Food insecurity is rooted in the cultural lifestyle of farmwork, poverty, and dependency. MSFW obesity and food insecurity require further study to determine the relationship with migration and working conditions. Networking and social support are important for MSFW families to improve food security. Policies and community/workplace interventions could reduce risk of food insecurity and improve the health of workers. (c) 2010 Wiley-Liss, Inc.

Network Security Is Manageable

ERIC Educational Resources Information Center

Roberts, Gary

2006-01-01

An effective systems librarian must understand security vulnerabilities and be proactive in preventing problems. Specifics of future attacks or security challenges cannot possibly be anticipated, but this paper suggests some simple measures that can be taken to make attacks less likely to occur: program the operating system to get automatic…

Security proof of counterfactual quantum cryptography against general intercept-resend attacks and its vulnerability

NASA Astrophysics Data System (ADS)

Zhang, Sheng; Wang, Jian; Tang, Chao-Jing

2012-06-01

Counterfactual quantum cryptography, recently proposed by Noh, is featured with no transmission of signal particles. This exhibits evident security advantages, such as its immunity to the well-known photon-number-splitting attack. In this paper, the theoretical security of counterfactual quantum cryptography protocol against the general intercept-resend attacks is proved by bounding the information of an eavesdropper Eve more tightly than in Yin's proposal [Phys. Rev. A 82 042335 (2010)]. It is also shown that practical counterfactual quantum cryptography implementations may be vulnerable when equipped with imperfect apparatuses, by proving that a negative key rate can be achieved when Eve launches a time-shift attack based on imperfect detector efficiency.

Enhancement of A5/1 encryption algorithm

NASA Astrophysics Data System (ADS)

Thomas, Ria Elin; Chandhiny, G.; Sharma, Katyayani; Santhi, H.; Gayathri, P.

2017-11-01

Mobiles have become an integral part of today’s world. Various standards have been proposed for the mobile communication, one of them being GSM. With the rising increase of mobile-based crimes, it is necessary to improve the security of the information passed in the form of voice or data. GSM uses A5/1 for its encryption. It is known that various attacks have been implemented, exploiting the vulnerabilities present within the A5/1 algorithm. Thus, in this paper, we proceed to look at what these vulnerabilities are, and propose the enhanced A5/1 (E-A5/1) where, we try to improve the security provided by the A5/1 algorithm by XORing the key stream generated with a pseudo random number, without increasing the time complexity. We need to study what the vulnerabilities of the base algorithm (A5/1) is, and try to improve upon its security. This will help in the future releases of the A5 family of algorithms.

Information Assurance as a System of Systems in the Submarine Force

DTIC Science & Technology

2013-09-01

cause and effect on overall ship mission and vulnerabilities . Organizational governance must raise the level of awareness as to network security...understand the cause and effect on overall ship mission and vulnerabilities . Organizational governance must raise the level of awareness as to network...Table 2. Assessment Scale– Vulnerability Severity (After NIST 800–30 Rev1 2012, F-2

Combatting Inherent Vulnerabilities of CFAR Algorithms and a New Robust CFAR Design

DTIC Science & Technology

1993-09-01

elements of any automatic radar system. Unfortunately, CFAR systems are inherently vulnerable to degradation caused by large clutter edges, multiple ...edges, multiple targets, and electronic countermeasures (ECM) environments. 20 Distribution, Availability of Abstract 21 Abstract Security...inherently vulnerable to degradation caused by large clutter edges, multiple targets and jamming environments. This thesis presents eight popular and studied

Study on the Groundwater Vulnerability Assessment in Sanjiang Plain in Northeast China

NASA Astrophysics Data System (ADS)

Tang, Y.; Tang, W. K.; Liu, C.

2012-12-01

The Sanjiang Plain is located in eastern part of China's Heilongjiang Province.It's total area is 109 000 km2, with cultivated land area being 3.6677 million hm2. It is a major national commodity grain base. Rice planting area in Sanjiang Plain has been increasing year by year. Groundwater exploitation is increasing rapidly as a result of rapid increase of paddy field area. It is necessary to research and analyze spatial diversity of groundwater pollution vulnerability for Sanjiang Plain, so as to fulfill the goal of integrated planning, rational utilization of land and water resource, avoiding or minimizing groundwater contamination, and protecting grain security of China. Based on the commonly used DRASTIC method internationally, and according to hydrogeology, land use and other characteristics of Sanjiang Plain, this paper establishes groundwater vulnerability assessment index system. Since the Sanjiang Plain is an area that gives priority to agriculture, and impact of agricultural land and agricultural activity on groundwater vulnerability can not be ignored. Two indicators of agricultural land use rate (L) and population density (P) are increased in the DRASTC index system, the remaining 5 indicators are groundwater depth (D), aquifer net recharge(R), aquifer media type (A), soil type(S), aquifer hydraulic conductivity (C). Taking ArcGis as a calculation analysis platform to assess groundwater vulnerability of the Sanjiang Plain, by using hierarchical analysis method of the fuzzy mathematics method to calculate each index weigh of evaluation vulnerability. This paper applies 6 levels of assessment standard as follows: vulnerability index DI <2 stands for not vulnerable; 2 8 stands for extremely vulnerable. Groundwater vulnerably contaminated area is delineated based on the groundwater vulnerability spatial distribution of Sanjiang Plain. Reasonable land use plan should be made, and strictly groundwater protection measures should be taken to reduce the risk of groundwater contamination.

Cyber Security for the Spaceport Command and Control System: Vulnerability Management and Compliance Analysis

NASA Technical Reports Server (NTRS)

Gunawan, Ryan A.

2016-01-01

With the rapid development of the Internet, the number of malicious threats to organizations is continually increasing. In June of 2015, the United States Office of Personnel Management (OPM) had a data breach resulting in the compromise of millions of government employee records. The National Aeronautics and Space Administration (NASA) is not exempt from these attacks. Cyber security is becoming a critical facet to the discussion of moving forward with projects. The Spaceport Command and Control System (SCCS) project at the Kennedy Space Center (KSC) aims to develop the launch control system for the next generation launch vehicle in the coming decades. There are many ways to increase the security of the network it uses, from vulnerability management to ensuring operating system images are compliant with securely configured baselines recommended by the United States Government.

Traditional and alternative community food security interventions in Montréal, Québec: different practices, different people.

PubMed

Roncarolo, Federico; Adam, Caroline; Bisset, Sherri; Potvin, Louise

2015-04-01

Food insecurity is steadily increasing in developed countries. Traditional interventions adopted to tackle food insecurity, like food banks, address the urgent need for food. By contrast, alternative interventions, such as community gardens and kitchens, are oriented towards social integration and the development of mutual aid networks. The objective of this paper is to examine whether the populations served by traditional and alternative interventions in food security differ according to measures of vulnerability. We studied newly registered participants to food security interventions. Participants were selected from a random sample of food security community organizations in a two-stage cluster sampling frame. The categorizing variable was participation in a community organization providing either traditional interventions or alternative interventions. Seven measures of vulnerability were used: food security; perceived health; civic participation; perceived social support of the primary network, social isolation, income and education. Regression multilevel models were used to assess associations. 711 participants in traditional interventions and 113 in alternative interventions were enrolled in the study. Between group differences were found with respect to food insecurity, health status perception, civic participation, education and income, but not with respect to social isolation or perceived social support from primary social network. Traditional and alternative food security interventions seem to reach different populations. Participants in traditional interventions were found to have less access to resources, compared to those in alternative interventions. Thus, new participants in traditional interventions may have higher levers of vulnerability than those in alternative interventions.

Control Systems Cyber Security:Defense in Depth Strategies

DOE Office of Scientific and Technical Information (OSTI.GOV)

David Kuipers; Mark Fabro

2006-05-01

Information infrastructures across many public and private domains share several common attributes regarding IT deployments and data communications. This is particularly true in the control systems domain. A majority of the systems use robust architectures to enhance business and reduce costs by increasing the integration of external, business, and control system networks. However, multi-network integration strategies often lead to vulnerabilities that greatly reduce the security of an organization, and can expose mission-critical control systems to cyber threats. This document provides guidance and direction for developing ‘defense-in-depth’ strategies for organizations that use control system networks while maintaining a multi-tier information architecturemore » that requires: Maintenance of various field devices, telemetry collection, and/or industrial-level process systems Access to facilities via remote data link or modem Public facing services for customer or corporate operations A robust business environment that requires connections among the control system domain, the external Internet, and other peer organizations.« less

Control Systems Cyber Security: Defense-in-Depth Strategies

DOE Office of Scientific and Technical Information (OSTI.GOV)

Mark Fabro

2007-10-01

Information infrastructures across many public and private domains share several common attributes regarding IT deployments and data communications. This is particularly true in the control systems domain. A majority of the systems use robust architectures to enhance business and reduce costs by increasing the integration of external, business, and control system networks. However, multi-network integration strategies often lead to vulnerabilities that greatly reduce the security of an organization, and can expose mission-critical control systems to cyber threats. This document provides guidance and direction for developing ‘defense-in-depth’ strategies for organizations that use control system networks while maintaining a multi-tier information architecturemore » that requires: • Maintenance of various field devices, telemetry collection, and/or industrial-level process systems • Access to facilities via remote data link or modem • Public facing services for customer or corporate operations • A robust business environment that requires connections among the control system domain, the external Internet, and other peer organizations.« less

Climate change and marine fisheries: Least developed countries top global index of vulnerability

PubMed Central

Blasiak, Robert; Spijkers, Jessica; Tokunaga, Kanae; Pittman, Jeremy; Yagi, Nobuyuki; Österblom, Henrik

2017-01-01

Future impacts of climate change on marine fisheries have the potential to negatively influence a wide range of socio-economic factors, including food security, livelihoods and public health, and even to reshape development trajectories and spark transboundary conflict. Yet there is considerable variability in the vulnerability of countries around the world to these effects. We calculate a vulnerability index of 147 countries by drawing on the most recent data related to the impacts of climate change on marine fisheries. Building on the Intergovernmental Panel on Climate Change framework for vulnerability, we first construct aggregate indices for exposure, sensitivity and adaptive capacity using 12 primary variables. Seven out of the ten most vulnerable countries on the resulting index are Small Island Developing States, and the top quartile of the index includes countries located in Africa (17), Asia (7), North America and the Caribbean (4) and Oceania (8). More than 87% of least developed countries are found within the top half of the vulnerability index, while the bottom half includes all but one of the Organization for Economic Co-operation and Development member states. This is primarily due to the tremendous variation in countries’ adaptive capacity, as no such trends are evident from the exposure or sensitivity indices. A negative correlation exists between vulnerability and per capita carbon emissions, and the clustering of states at different levels of development across the vulnerability index suggests growing barriers to meeting global commitments to reducing inequality, promoting human well-being and ensuring sustainable cities and communities. The index provides a useful tool for prioritizing the allocation of climate finance, as well as activities aimed at capacity building and the transfer of marine technology. PMID:28632781

Drivers and Pattern of Social Vulnerability to Flood in Metropolitan Lagos, Nigeria

NASA Astrophysics Data System (ADS)

Fasona, M.

2016-12-01

Lagos is Africa's second largest city and a city-state in southwest Nigeria. Population and economic activities in the city are concentrated in the greater Lagos metropolitan area - a group of barrier islands less than a thousand square kilometer. Several physical factors and critical human-environmental conditions contribute to high flood vulnerability across the city. Flood impact is highly denominated and the poor tend to suffer more due to higher risk of exposure and poor adaptive capacity. In this study we present the pattern of social vulnerability to flooding across the Lagos metropolis and argued that the pattern substantially reflects the pattern and severity of flooding impact on people across the metropolis. Twenty nine social indicators and experiences including poverty profile, housing conditions, education, population and demography, social network, and communication, among others, were considered. The data were collated through field survey and subjected to principal component analysis. The results were processed into raster surfaces using GIS for social vulnerability characterization at neighborhood levels. The results suggest the social status indicators, neighborhood standing and social networks indictors, the indicators of emergency responses and security, and the neighborhood conditions, in that order, are the most important determinants of social vulnerability. Six of the 16 LGAs in metropolitan Lagos have high social vulnerability. Neighborhoods that combine poor social status indicators and poor neighborhood standing and social networks are found to have high social vulnerability whereas other poor neighborhoods with strong social networks performed better. We conclude that improved human living condition and social network and communication in poor urban neighborhoods are important to reducing social vulnerability to flooding in the metropolis.

A Security Analysis of the 802.11s Wireless Mesh Network Routing Protocol and Its Secure Routing Protocols

PubMed Central

Tan, Whye Kit; Lee, Sang-Gon; Lam, Jun Huy; Yoo, Seong-Moo

2013-01-01

Wireless mesh networks (WMNs) can act as a scalable backbone by connecting separate sensor networks and even by connecting WMNs to a wired network. The Hybrid Wireless Mesh Protocol (HWMP) is the default routing protocol for the 802.11s WMN. The routing protocol is one of the most important parts of the network, and it requires protection, especially in the wireless environment. The existing security protocols, such as the Broadcast Integrity Protocol (BIP), Counter with cipher block chaining message authentication code protocol (CCMP), Secure Hybrid Wireless Mesh Protocol (SHWMP), Identity Based Cryptography HWMP (IBC-HWMP), Elliptic Curve Digital Signature Algorithm HWMP (ECDSA-HWMP), and Watchdog-HWMP aim to protect the HWMP frames. In this paper, we have analyzed the vulnerabilities of the HWMP and developed security requirements to protect these identified vulnerabilities. We applied the security requirements to analyze the existing secure schemes for HWMP. The results of our analysis indicate that none of these protocols is able to satisfy all of the security requirements. We also present a quantitative complexity comparison among the protocols and an example of a security scheme for HWMP to demonstrate how the result of our research can be utilized. Our research results thus provide a tool for designing secure schemes for the HWMP. PMID:24002231

A security analysis of the 802.11s wireless mesh network routing protocol and its secure routing protocols.

PubMed

Tan, Whye Kit; Lee, Sang-Gon; Lam, Jun Huy; Yoo, Seong-Moo

2013-09-02

Wireless mesh networks (WMNs) can act as a scalable backbone by connecting separate sensor networks and even by connecting WMNs to a wired network. The Hybrid Wireless Mesh Protocol (HWMP) is the default routing protocol for the 802.11s WMN. The routing protocol is one of the most important parts of the network, and it requires protection, especially in the wireless environment. The existing security protocols, such as the Broadcast Integrity Protocol (BIP), Counter with cipher block chaining message authentication code protocol (CCMP), Secure Hybrid Wireless Mesh Protocol (SHWMP), Identity Based Cryptography HWMP (IBC-HWMP), Elliptic Curve Digital Signature Algorithm HWMP (ECDSA-HWMP), and Watchdog-HWMP aim to protect the HWMP frames. In this paper, we have analyzed the vulnerabilities of the HWMP and developed security requirements to protect these identified vulnerabilities. We applied the security requirements to analyze the existing secure schemes for HWMP. The results of our analysis indicate that none of these protocols is able to satisfy all of the security requirements. We also present a quantitative complexity comparison among the protocols and an example of a security scheme for HWMP to demonstrate how the result of our research can be utilized. Our research results thus provide a tool for designing secure schemes for the HWMP.

Hacking and securing the AR.Drone 2.0 quadcopter: investigations for improving the security of a toy

NASA Astrophysics Data System (ADS)

Pleban, Johann-Sebastian; Band, Ricardo; Creutzburg, Reiner

2014-02-01

In this article we describe the security problems of the Parrot AR.Drone 2.0 quadcopter. Due to the fact that it is promoted as a toy with low acquisition costs, it may end up being used by many individuals which makes it a target for harmful attacks. In addition, the videostream of the drone could be of interest for a potential attacker due to its ability of revealing confidential information. Therefore, we will perform a security threat analysis on this particular drone. We will set the focus mainly on obvious security vulnerabilities like the unencrypted Wi-Fi connection or the user management of the GNU/Linux operating system which runs on the drone. We will show how the drone can be hacked in order to hijack the AR.Drone 2.0. Our aim is to sensitize the end-user of AR.Drones by describing the security vulnerabilities and to show how the AR.Drone 2.0 could be secured from unauthorized access. We will provide instructions to secure the drones Wi-Fi connection and its operation with the official Smartphone App and third party PC software.

Relevance of Global Health Security to the US Export Economy.

PubMed

Cassell, Cynthia H; Bambery, Zoe; Roy, Kakoli; Meltzer, Martin I; Ahmed, Zara; Payne, Rebecca L; Bunnell, Rebecca E

To reduce the health security risk and impact of outbreaks around the world, the US Centers for Disease Control and Prevention and its partners are building capabilities to prevent, detect, and contain outbreaks in 49 global health security priority countries. We examine the extent of economic vulnerability to the US export economy posed by trade disruptions in these 49 countries. Using 2015 US Department of Commerce data, we assessed the value of US exports and the number of US jobs supported by those exports. US exports to the 49 countries exceeded $308 billion and supported more than 1.6 million jobs across all US states in agriculture, manufacturing, mining, oil and gas, services, and other sectors. These exports represented 13.7% of all US export revenue worldwide and 14.3% of all US jobs supported by all US exports. The economic linkages between the United States and these global health security priority countries illustrate the importance of ensuring that countries have the public health capacities needed to control outbreaks at their source before they become pandemics.

Relevance of Global Health Security to the US Export Economy

PubMed Central

Cassell, Cynthia H.; Bambery, Zoe; Roy, Kakoli; Meltzer, Martin I.; Ahmed, Zara; Payne, Rebecca L.

2017-01-01

To reduce the health security risk and impact of outbreaks around the world, the US Centers for Disease Control and Prevention and its partners are building capabilities to prevent, detect, and contain outbreaks in 49 global health security priority countries. We examine the extent of economic vulnerability to the US export economy posed by trade disruptions in these 49 countries. Using 2015 US Department of Commerce data, we assessed the value of US exports and the number of US jobs supported by those exports. US exports to the 49 countries exceeded $308 billion and supported more than 1.6 million jobs across all US states in agriculture, manufacturing, mining, oil and gas, services, and other sectors. These exports represented 13.7% of all US export revenue worldwide and 14.3% of all US jobs supported by all US exports. The economic linkages between the United States and these global health security priority countries illustrate the importance of ensuring that countries have the public health capacities needed to control outbreaks at their source before they become pandemics. PMID:29199867

Exploring the meaning of health security for disaster resilience through people's perspectives in Bangladesh.

PubMed

Ray-Bennett, Nibedita S; Collins, Andrew; Bhuiya, Abbas; Edgeworth, Ross; Nahar, Papreen; Alamgir, Fariba

2010-05-01

There has been significant interest in the rhetoric of health security in recent years from both global and local perspectives. Understanding health in the context of disaster vulnerability presents an opportunity to examine how improved health might reduce the effects of environmental disasters and other crises. To this end, a project was implemented in Bangladesh to establish the potential of a health security approach for disaster resilience amongst people living in high risk environments. This paper explores what we might mean by health security through engaging community level perspectives in the southeast coastal belt of Bangladesh, an area prone to cyclone and flood. This has been examined with respect to variation in gender and wealth of households. Household surveys, interviews and focus group discussions were some of the methods used to collect data. The findings show that health related coping strategies and agentive capabilities in the context of impending crises vary from one micro-context to the next. This suggests a dynamic and integrative resilience that could be built on further, but one which remains remote from wider discourses on health security. Copyright 2010 Elsevier Ltd. All rights reserved.

Time Pattern Locking Scheme for Secure Multimedia Contents in Human-Centric Device

PubMed Central

Kim, Hyun-Woo; Kim, Jun-Ho; Park, Jong Hyuk; Jeong, Young-Sik

2014-01-01

Among the various smart multimedia devices, multimedia smartphones have become the most widespread due to their convenient portability and real-time information sharing, as well as various other built-in features. Accordingly, since personal and business activities can be carried out using multimedia smartphones without restrictions based on time and location, people have more leisure time and convenience than ever. However, problems such as loss, theft, and information leakage because of convenient portability have also increased proportionally. As a result, most multimedia smartphones are equipped with various built-in locking features. Pattern lock, personal identification numbers, and passwords are the most used locking features on current smartphones, but these are vulnerable to shoulder surfing and smudge attacks, allowing malicious users to bypass the security feature easily. In particular, the smudge attack technique is a convenient way to unlock multimedia smartphones after they have been stolen. In this paper, we propose the secure locking screen using time pattern (SLSTP) focusing on improved security and convenience for users to support human-centric multimedia device completely. The SLSTP can provide a simple interface to users and reduce the risk factors pertaining to security leakage to malicious third parties. PMID:25202737

Time pattern locking scheme for secure multimedia contents in human-centric device.

PubMed

Kim, Hyun-Woo; Kim, Jun-Ho; Park, Jong Hyuk; Jeong, Young-Sik

2014-01-01

Among the various smart multimedia devices, multimedia smartphones have become the most widespread due to their convenient portability and real-time information sharing, as well as various other built-in features. Accordingly, since personal and business activities can be carried out using multimedia smartphones without restrictions based on time and location, people have more leisure time and convenience than ever. However, problems such as loss, theft, and information leakage because of convenient portability have also increased proportionally. As a result, most multimedia smartphones are equipped with various built-in locking features. Pattern lock, personal identification numbers, and passwords are the most used locking features on current smartphones, but these are vulnerable to shoulder surfing and smudge attacks, allowing malicious users to bypass the security feature easily. In particular, the smudge attack technique is a convenient way to unlock multimedia smartphones after they have been stolen. In this paper, we propose the secure locking screen using time pattern (SLSTP) focusing on improved security and convenience for users to support human-centric multimedia device completely. The SLSTP can provide a simple interface to users and reduce the risk factors pertaining to security leakage to malicious third parties.

Quantitative analysis of Indonesia's reserves and energy security as an evaluation by the nation in facing global competition

NASA Astrophysics Data System (ADS)

Wiratama, Hadi; Yerido, Hezron; Tetrisyanda, Rizki; Ginting, Rizqy R.; Wibawa, Gede

2015-12-01

Energy security has become a serious concern for all countries in the world and each country has its own definiton for measuring its energy security. The objective of this study was to measure energy security of Indonesia quantitatively by comparing it with other countries and provide some recommendations for enhancing the energy security. In this study, the database was developed from various sources and was cross-checked to confirm validity of the data. Then the parameters of energy security were defined, where all of data will be processed towards the selected parameters. These parameters (e.g. Primary Energy mix, TPES/capita, FEC/capita, Self Sufficiency, Refining capacity, Overseas Energy Resources, Resources diversification) are the standards used to produce an analysis or evaluation of national energy management. Energy balances for Indonesia and 10 selected countries (USA, Germany, Russia, England, Japan, China, South Korea, Singapore, Thailand and India) were presented from 2009 to 2013. With a base index of 1.0 for Indonesia, calculated energy security index capable of representing Indonesia energy security compared relatively to other countries were also presented and discussed in detail. In 2012, Indonesia security index is ranked 11 from 11 countries, while USA and South Korea are the highest with security index of 3.36 and 2.89, respectively. According to prediction for 2025, Indonesia energy security is ranked 10 from 11 countries with only Thailand has lower security index (0.98). This result shows that Indonesia energy security was vulnerable to crisis and must be improved. Therefore this study proposed some recommendations to improve Indonesia energy security. Indonesia need to increase oil production by constructing new refinery plants, developing infrastructure for energy distribution to reduce the potential of energy shortage and accelerating the utilization of renewable energy to reduce the excessive use of primary energy. From energy policy proposed in this study, Indonesia energy security for 2025 could be improved to ranked 8 of 11 countries, better than Malaysia, Thailand and Singapore.

Quantitative analysis of Indonesia’s reserves and energy security as an evaluation by the nation in facing global competition

DOE Office of Scientific and Technical Information (OSTI.GOV)

Wiratama, Hadi; Yerido, Hezron; Tetrisyanda, Rizki

Energy security has become a serious concern for all countries in the world and each country has its own definiton for measuring its energy security. The objective of this study was to measure energy security of Indonesia quantitatively by comparing it with other countries and provide some recommendations for enhancing the energy security. In this study, the database was developed from various sources and was cross-checked to confirm validity of the data. Then the parameters of energy security were defined, where all of data will be processed towards the selected parameters. These parameters (e.g. Primary Energy mix, TPES/capita, FEC/capita, Selfmore » Sufficiency, Refining capacity, Overseas Energy Resources, Resources diversification) are the standards used to produce an analysis or evaluation of national energy management. Energy balances for Indonesia and 10 selected countries (USA, Germany, Russia, England, Japan, China, South Korea, Singapore, Thailand and India) were presented from 2009 to 2013. With a base index of 1.0 for Indonesia, calculated energy security index capable of representing Indonesia energy security compared relatively to other countries were also presented and discussed in detail. In 2012, Indonesia security index is ranked 11 from 11 countries, while USA and South Korea are the highest with security index of 3.36 and 2.89, respectively. According to prediction for 2025, Indonesia energy security is ranked 10 from 11 countries with only Thailand has lower security index (0.98). This result shows that Indonesia energy security was vulnerable to crisis and must be improved. Therefore this study proposed some recommendations to improve Indonesia energy security. Indonesia need to increase oil production by constructing new refinery plants, developing infrastructure for energy distribution to reduce the potential of energy shortage and accelerating the utilization of renewable energy to reduce the excessive use of primary energy. From energy policy proposed in this study, Indonesia energy security for 2025 could be improved to ranked 8 of 11 countries, better than Malaysia, Thailand and Singapore.« less

Breaking the cyber-security dilemma: aligning security needs and removing vulnerabilities.

PubMed

Dunn Cavelty, Myriam

2014-09-01

Current approaches to cyber-security are not working. Rather than producing more security, we seem to be facing less and less. The reason for this is a multi-dimensional and multi-faceted security dilemma that extends beyond the state and its interaction with other states. It will be shown how the focus on the state and "its" security crowds out consideration for the security of the individual citizen, with detrimental effects on the security of the whole system. The threat arising from cyberspace to (national) security is presented as possible disruption to a specific way of life, one building on information technologies and critical functions of infrastructures, with relatively little consideration for humans directly. This non-focus on people makes it easier for state actors to militarize cyber-security and (re-)assert their power in cyberspace, thereby overriding the different security needs of human beings in that space. Paradoxically, the use of cyberspace as a tool for national security, both in the dimension of war fighting and the dimension of mass-surveillance, has detrimental effects on the level of cyber-security globally. A solution out of this dilemma is a cyber-security policy that is decidedly anti-vulnerability and at the same time based on strong considerations for privacy and data protection. Such a security would have to be informed by an ethics of the infosphere that is based on the dignity of information related to human beings.

A Polynomial Subset-Based Efficient Multi-Party Key Management System for Lightweight Device Networks.

PubMed

Mahmood, Zahid; Ning, Huansheng; Ghafoor, AtaUllah

2017-03-24

Wireless Sensor Networks (WSNs) consist of lightweight devices to measure sensitive data that are highly vulnerable to security attacks due to their constrained resources. In a similar manner, the internet-based lightweight devices used in the Internet of Things (IoT) are facing severe security and privacy issues because of the direct accessibility of devices due to their connection to the internet. Complex and resource-intensive security schemes are infeasible and reduce the network lifetime. In this regard, we have explored the polynomial distribution-based key establishment schemes and identified an issue that the resultant polynomial value is either storage intensive or infeasible when large values are multiplied. It becomes more costly when these polynomials are regenerated dynamically after each node join or leave operation and whenever key is refreshed. To reduce the computation, we have proposed an Efficient Key Management (EKM) scheme for multiparty communication-based scenarios. The proposed session key management protocol is established by applying a symmetric polynomial for group members, and the group head acts as a responsible node. The polynomial generation method uses security credentials and secure hash function. Symmetric cryptographic parameters are efficient in computation, communication, and the storage required. The security justification of the proposed scheme has been completed by using Rubin logic, which guarantees that the protocol attains mutual validation and session key agreement property strongly among the participating entities. Simulation scenarios are performed using NS 2.35 to validate the results for storage, communication, latency, energy, and polynomial calculation costs during authentication, session key generation, node migration, secure joining, and leaving phases. EKM is efficient regarding storage, computation, and communication overhead and can protect WSN-based IoT infrastructure.

A Polynomial Subset-Based Efficient Multi-Party Key Management System for Lightweight Device Networks

PubMed Central

Mahmood, Zahid; Ning, Huansheng; Ghafoor, AtaUllah

2017-01-01

Wireless Sensor Networks (WSNs) consist of lightweight devices to measure sensitive data that are highly vulnerable to security attacks due to their constrained resources. In a similar manner, the internet-based lightweight devices used in the Internet of Things (IoT) are facing severe security and privacy issues because of the direct accessibility of devices due to their connection to the internet. Complex and resource-intensive security schemes are infeasible and reduce the network lifetime. In this regard, we have explored the polynomial distribution-based key establishment schemes and identified an issue that the resultant polynomial value is either storage intensive or infeasible when large values are multiplied. It becomes more costly when these polynomials are regenerated dynamically after each node join or leave operation and whenever key is refreshed. To reduce the computation, we have proposed an Efficient Key Management (EKM) scheme for multiparty communication-based scenarios. The proposed session key management protocol is established by applying a symmetric polynomial for group members, and the group head acts as a responsible node. The polynomial generation method uses security credentials and secure hash function. Symmetric cryptographic parameters are efficient in computation, communication, and the storage required. The security justification of the proposed scheme has been completed by using Rubin logic, which guarantees that the protocol attains mutual validation and session key agreement property strongly among the participating entities. Simulation scenarios are performed using NS 2.35 to validate the results for storage, communication, latency, energy, and polynomial calculation costs during authentication, session key generation, node migration, secure joining, and leaving phases. EKM is efficient regarding storage, computation, and communication overhead and can protect WSN-based IoT infrastructure. PMID:28338632

Surface transportation vulnerability assessment : general distribution version

DOT National Transportation Integrated Search

2001-10-25

The United States possesses an effective and efficient surface transportation infrastructure that : promotes both the well-being of its citizens as well as important economic and national security : goals. The level of security afforded this infrastr...

Aviation security : terrorist acts illustrate severe weaknesses in aviation security

DOT National Transportation Integrated Search

2001-09-20

This is the statement of Gerald L. Dillingham, Director, Physical Infrastructure Issues before the Subcommittee on Transportation, Senate and House Committees on Appropriations regarding vulnerabilities to terrorist attacks of the nation's aviation s...

32 CFR 2001.40 - General.

Code of Federal Regulations, 2011 CFR

2011-07-01

... crucial nature of the information; analysis of known and anticipated threats; vulnerability; and... Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION Safeguarding § 2001.40 General...

32 CFR 2001.40 - General.

Code of Federal Regulations, 2014 CFR

2014-07-01

... crucial nature of the information; analysis of known and anticipated threats; vulnerability; and... Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION Safeguarding § 2001.40 General...

32 CFR 2001.40 - General.

Code of Federal Regulations, 2010 CFR

2010-07-01

... crucial nature of the information; analysis of known and anticipated threats; vulnerability; and... Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION Safeguarding § 2001.40 General...

32 CFR 2001.40 - General.

Code of Federal Regulations, 2013 CFR

2013-07-01

... crucial nature of the information; analysis of known and anticipated threats; vulnerability; and... Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION Safeguarding § 2001.40 General...

32 CFR 2001.40 - General.

Code of Federal Regulations, 2012 CFR

2012-07-01

... crucial nature of the information; analysis of known and anticipated threats; vulnerability; and... Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION Safeguarding § 2001.40 General...

Vulnerability mitigation : technology assessment and deployment

DOT National Transportation Integrated Search

2003-01-01

Because of the new terrorist threats since the September 11, 2001 attacks, rapid development, prototyping, and deployment of systems has been necessary. A well integrated physical security system that combines state of the art security and informatio...

Security and privacy preserving approaches in the eHealth clouds with disaster recovery plan.

PubMed

Sahi, Aqeel; Lai, David; Li, Yan

2016-11-01

Cloud computing was introduced as an alternative storage and computing model in the health sector as well as other sectors to handle large amounts of data. Many healthcare companies have moved their electronic data to the cloud in order to reduce in-house storage, IT development and maintenance costs. However, storing the healthcare records in a third-party server may cause serious storage, security and privacy issues. Therefore, many approaches have been proposed to preserve security as well as privacy in cloud computing projects. Cryptographic-based approaches were presented as one of the best ways to ensure the security and privacy of healthcare data in the cloud. Nevertheless, the cryptographic-based approaches which are used to transfer health records safely remain vulnerable regarding security, privacy, or the lack of any disaster recovery strategy. In this paper, we review the related work on security and privacy preserving as well as disaster recovery in the eHealth cloud domain. Then we propose two approaches, the Security-Preserving approach and the Privacy-Preserving approach, and a disaster recovery plan. The Security-Preserving approach is a robust means of ensuring the security and integrity of Electronic Health Records, and the Privacy-Preserving approach is an efficient authentication approach which protects the privacy of Personal Health Records. Finally, we discuss how the integrated approaches and the disaster recovery plan can ensure the reliability and security of cloud projects. Copyright © 2016 Elsevier Ltd. All rights reserved.

Chemical facility vulnerability assessment project.

PubMed

Jaeger, Calvin D

2003-11-14

Sandia National Laboratories, under the direction of the Office of Science and Technology, National Institute of Justice, conducted the chemical facility vulnerability assessment (CFVA) project. The primary objective of this project was to develop, test and validate a vulnerability assessment methodology (VAM) for determining the security of chemical facilities against terrorist or criminal attacks (VAM-CF). The project also included a report to the Department of Justice for Congress that in addition to describing the VAM-CF also addressed general observations related to security practices, threats and risks at chemical facilities and chemical transport. In the development of the VAM-CF Sandia leveraged the experience gained from the use and development of VAs in other areas and the input from the chemical industry and Federal agencies. The VAM-CF is a systematic, risk-based approach where risk is a function of the severity of consequences of an undesired event, the attack potential, and the likelihood of adversary success in causing the undesired event. For the purpose of the VAM-CF analyses Risk is a function of S, L(A), and L(AS), where S is the severity of consequence of an event, L(A) is the attack potential and L(AS) likelihood of adversary success in causing a catastrophic event. The VAM-CF consists of 13 basic steps. It involves an initial screening step, which helps to identify and prioritize facilities for further analysis. This step is similar to the prioritization approach developed by the American Chemistry Council (ACC). Other steps help to determine the components of the risk equation and ultimately the risk. The VAM-CF process involves identifying the hazardous chemicals and processes at a chemical facility. It helps chemical facilities to focus their attention on the most critical areas. The VAM-CF is not a quantitative analysis but, rather, compares relative security risks. If the risks are deemed too high, recommendations are developed for measures to reduce the risk. This paper will briefly discuss the CFVA project and VAM-CF process.

Cyber Incidents Involving Control Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Robert J. Turk

2005-10-01

The Analysis Function of the US-CERT Control Systems Security Center (CSSC) at the Idaho National Laboratory (INL) has prepared this report to document cyber security incidents for use by the CSSC. The description and analysis of incidents reported herein support three CSSC tasks: establishing a business case; increasing security awareness and private and corporate participation related to enhanced cyber security of control systems; and providing informational material to support model development and prioritize activities for CSSC. The stated mission of CSSC is to reduce vulnerability of critical infrastructure to cyber attack on control systems. As stated in the Incident Managementmore » Tool Requirements (August 2005) ''Vulnerability reduction is promoted by risk analysis that tracks actual risk, emphasizes high risk, determines risk reduction as a function of countermeasures, tracks increase of risk due to external influence, and measures success of the vulnerability reduction program''. Process control and Supervisory Control and Data Acquisition (SCADA) systems, with their reliance on proprietary networks and hardware, have long been considered immune to the network attacks that have wreaked so much havoc on corporate information systems. New research indicates this confidence is misplaced--the move to open standards such as Ethernet, Transmission Control Protocol/Internet Protocol, and Web technologies is allowing hackers to take advantage of the control industry's unawareness. Much of the available information about cyber incidents represents a characterization as opposed to an analysis of events. The lack of good analyses reflects an overall weakness in reporting requirements as well as the fact that to date there have been very few serious cyber attacks on control systems. Most companies prefer not to share cyber attack incident data because of potential financial repercussions. Uniform reporting requirements will do much to make this information available to Department of Homeland Security (DHS) and others who require it. This report summarizes the rise in frequency of cyber attacks, describes the perpetrators, and identifies the means of attack. This type of analysis, when used in conjunction with vulnerability analyses, can be used to support a proactive approach to prevent cyber attacks. CSSC will use this document to evolve a standardized approach to incident reporting and analysis. This document will be updated as needed to record additional event analyses and insights regarding incident reporting. This report represents 120 cyber security incidents documented in a number of sources, including: the British Columbia Institute of Technology (BCIT) Industrial Security Incident Database, the 2003 CSI/FBI Computer Crime and Security Survey, the KEMA, Inc., Database, Lawrence Livermore National Laboratory, the Energy Incident Database, the INL Cyber Incident Database, and other open-source data. The National Memorial Institute for the Prevention of Terrorism (MIPT) database was also interrogated but, interestingly, failed to yield any cyber attack incidents. The results of this evaluation indicate that historical evidence provides insight into control system related incidents or failures; however, that the limited available information provides little support to future risk estimates. The documented case history shows that activity has increased significantly since 1988. The majority of incidents come from the Internet by way of opportunistic viruses, Trojans, and worms, but a surprisingly large number are directed acts of sabotage. A substantial number of confirmed, unconfirmed, and potential events that directly or potentially impact control systems worldwide are also identified. Twelve selected cyber incidents are presented at the end of this report as examples of the documented case studies (see Appendix B).« less

A lightweight and secure two factor anonymous authentication protocol for Global Mobility Networks.

PubMed

Baig, Ahmed Fraz; Hassan, Khwaja Mansoor Ul; Ghani, Anwar; Chaudhry, Shehzad Ashraf; Khan, Imran; Ashraf, Muhammad Usman

2018-01-01

Global Mobility Networks(GLOMONETs) in wireless communication permits the global roaming services that enable a user to leverage the mobile services in any foreign country. Technological growth in wireless communication is also accompanied by new security threats and challenges. A threat-proof authentication protocol in wireless communication may overcome the security flaws by allowing only legitimate users to access a particular service. Recently, Lee et al. found Mun et al. scheme vulnerable to different attacks and proposed an advanced secure scheme to overcome the security flaws. However, this article points out that Lee et al. scheme lacks user anonymity, inefficient user authentication, vulnerable to replay and DoS attacks and Lack of local password verification. Furthermore, this article presents a more robust anonymous authentication scheme to handle the threats and challenges found in Lee et al.'s protocol. The proposed protocol is formally verified with an automated tool(ProVerif). The proposed protocol has superior efficiency in comparison to the existing protocols.

A lightweight and secure two factor anonymous authentication protocol for Global Mobility Networks

PubMed Central

2018-01-01

Global Mobility Networks(GLOMONETs) in wireless communication permits the global roaming services that enable a user to leverage the mobile services in any foreign country. Technological growth in wireless communication is also accompanied by new security threats and challenges. A threat-proof authentication protocol in wireless communication may overcome the security flaws by allowing only legitimate users to access a particular service. Recently, Lee et al. found Mun et al. scheme vulnerable to different attacks and proposed an advanced secure scheme to overcome the security flaws. However, this article points out that Lee et al. scheme lacks user anonymity, inefficient user authentication, vulnerable to replay and DoS attacks and Lack of local password verification. Furthermore, this article presents a more robust anonymous authentication scheme to handle the threats and challenges found in Lee et al.’s protocol. The proposed protocol is formally verified with an automated tool(ProVerif). The proposed protocol has superior efficiency in comparison to the existing protocols. PMID:29702675

45 CFR 164.308 - Administrative safeguards.

Code of Federal Regulations, 2010 CFR

2010-10-01

..., contain, and correct security violations. (ii) Implementation specifications: (A) Risk analysis (Required). Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the... vulnerabilities to a reasonable and appropriate level to comply with § 164.306(a). (C) Sanction policy (Required...

Public views on multiple dimensions of security : nuclear waepons, terrorism, energy, and the environment : 2007.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Herron, Kerry Gale; Jenkins-Smith, Hank C.

2008-01-01

We analyze and compare findings from identical national surveys of the US general public on nuclear security and terrorism administered by telephone and Internet in mid-2007. Key areas of investigation include assessments of threats to US security; valuations of US nuclear weapons and nuclear deterrence; perspectives on nuclear proliferation, including the specific cases of North Korea and Iran; and support for investments in nuclear weapons capabilities. Our analysis of public views on terrorism include assessments of the current threat, progress in the struggle against terrorism, preferences for responding to terrorist attacks at different levels of assumed casualties, and support formore » domestic policies intended to reduce the threat of terrorism. Also we report findings from an Internet survey conducted in mid 2007 that investigates public views of US energy security, to include: energy supplies and reliability; energy vulnerabilities and threats, and relationships among security, costs, energy dependence, alternative sources, and research and investment priorities. We analyze public assessments of nuclear energy risks and benefits, nuclear materials management issues, and preferences for the future of nuclear energy in the US. Additionally, we investigate environmental issues as they relate to energy security, to include expected implications of global climate change, and relationships among environmental issues and potential policy options.« less

Building a Practical Framework for Enterprise-Wide Security Management

DTIC Science & Technology

2004-04-28

management. They have found that current efforts to manage security vulnerabilities and security risks only take an enterprise so far, with results...analyzed reports to determine the cause of the increase. Slide 5 © 2004 by Carnegie Mellon University Version 1.0 Secure IT 2004 - page 5 Attack...Nearly 1 in 5 of those surveyed reported that none of their IT staff have any formal security training. [A survey of 896 Computing Technology

Cybersecurity in Hospitals: A Systematic, Organizational Perspective

PubMed Central

Kaiser, Jessica P

2018-01-01

Background Cybersecurity incidents are a growing threat to the health care industry in general and hospitals in particular. The health care industry has lagged behind other industries in protecting its main stakeholder (ie, patients), and now hospitals must invest considerable capital and effort in protecting their systems. However, this is easier said than done because hospitals are extraordinarily technology-saturated, complex organizations with high end point complexity, internal politics, and regulatory pressures. Objective The purpose of this study was to develop a systematic and organizational perspective for studying (1) the dynamics of cybersecurity capability development at hospitals and (2) how these internal organizational dynamics interact to form a system of hospital cybersecurity in the United States. Methods We conducted interviews with hospital chief information officers, chief information security officers, and health care cybersecurity experts; analyzed the interview data; and developed a system dynamics model that unravels the mechanisms by which hospitals build cybersecurity capabilities. We then use simulation analysis to examine how changes to variables within the model affect the likelihood of cyberattacks across both individual hospitals and a system of hospitals. Results We discuss several key mechanisms that hospitals use to reduce the likelihood of cybercriminal activity. The variable that most influences the risk of cyberattack in a hospital is end point complexity, followed by internal stakeholder alignment. Although resource availability is important in fueling efforts to close cybersecurity capability gaps, low levels of resources could be compensated for by setting a high target level of cybersecurity. Conclusions To enhance cybersecurity capabilities at hospitals, the main focus of chief information officers and chief information security officers should be on reducing end point complexity and improving internal stakeholder alignment. These strategies can solve cybersecurity problems more effectively than blindly pursuing more resources. On a macro level, the cyber vulnerability of a country’s hospital infrastructure is affected by the vulnerabilities of all individual hospitals. In this large system, reducing variation in resource availability makes the whole system less vulnerable—a few hospitals with low resources for cybersecurity threaten the entire infrastructure of health care. In other words, hospitals need to move forward together to make the industry less attractive to cybercriminals. Moreover, although compliance is essential, it does not equal security. Hospitals should set their target level of cybersecurity beyond the requirements of current regulations and policies. As of today, policies mostly address data privacy, not data security. Thus, policy makers need to introduce policies that not only raise the target level of cybersecurity capabilities but also reduce the variability in resource availability across the entire health care system. PMID:29807882

Reducing Cascading Failure Risk by Increasing Infrastructure Network Interdependence

DOE Office of Scientific and Technical Information (OSTI.GOV)

Korkali, Mert; Veneman, Jason G.; Tivnan, Brian F.

Increased coupling between critical infrastructure networks, such as power and communication systems, has important implications for the reliability and security of these systems. To understand the effects of power-communication coupling, several researchers have studied models of interdependent networks and reported that increased coupling can increase vulnerability. However, these conclusions come largely from models that have substantially different mechanisms of cascading failure, relative to those found in actual power and communication networks, and that do not capture the benefits of connecting systems with complementary capabilities. In order to understand the importance of these details, this paper compares network vulnerability in simplemore » topological models and in models that more accurately capture the dynamics of cascading in power systems. First, we compare a simple model of topological contagion to a model of cascading in power systems and find that the power grid model shows a higher level of vulnerability, relative to the contagion model. Second, we compare a percolation model of topological cascading in coupled networks to three different models of power networks coupled to communication systems. Again, the more accurate models suggest very different conclusions than the percolation model. In all but the most extreme case, the physics-based power grid models indicate that increased power-communication coupling decreases vulnerability. This is opposite from what one would conclude from the percolation model, in which zero coupling is optimal. Only in an extreme case, in which communication failures immediately cause grid failures, did we find that increased coupling can be harmful. Together, these results suggest design strategies for reducing the risk of cascades in interdependent infrastructure systems.« less

Reducing Cascading Failure Risk by Increasing Infrastructure Network Interdependence

DOE PAGES

Korkali, Mert; Veneman, Jason G.; Tivnan, Brian F.; ...

2017-03-20

Increased coupling between critical infrastructure networks, such as power and communication systems, has important implications for the reliability and security of these systems. To understand the effects of power-communication coupling, several researchers have studied models of interdependent networks and reported that increased coupling can increase vulnerability. However, these conclusions come largely from models that have substantially different mechanisms of cascading failure, relative to those found in actual power and communication networks, and that do not capture the benefits of connecting systems with complementary capabilities. In order to understand the importance of these details, this paper compares network vulnerability in simplemore » topological models and in models that more accurately capture the dynamics of cascading in power systems. First, we compare a simple model of topological contagion to a model of cascading in power systems and find that the power grid model shows a higher level of vulnerability, relative to the contagion model. Second, we compare a percolation model of topological cascading in coupled networks to three different models of power networks coupled to communication systems. Again, the more accurate models suggest very different conclusions than the percolation model. In all but the most extreme case, the physics-based power grid models indicate that increased power-communication coupling decreases vulnerability. This is opposite from what one would conclude from the percolation model, in which zero coupling is optimal. Only in an extreme case, in which communication failures immediately cause grid failures, did we find that increased coupling can be harmful. Together, these results suggest design strategies for reducing the risk of cascades in interdependent infrastructure systems.« less

Securing Information with Complex Optical Encryption Networks

DTIC Science & Technology

2015-08-11

Network Security, Network Vulnerability , Multi-dimentional Processing, optoelectronic devices 16. SECURITY CLASSIFICATION OF: 17. LIMITATION... optoelectronic devices and systems should be analyzed before the retrieval, any hostile hacker will need to possess multi-disciplinary scientific...sophisticated optoelectronic principles and systems where he/she needs to process the information. However, in the military applications, most military

Examining the Relationship of Business Operations and the Information Security Culture in the United States

ERIC Educational Resources Information Center

Wynn, Cynthia L.

2017-01-01

An increase in information technology has caused and increased in threats towards information security. Threats are malware, viruses, sabotage from employees, and hacking into computer systems. Organizations have to find new ways to combat vulnerabilities and threats of internal and external threats to protect their information security and…

CIOs Uncensored: Security Smarts.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Johnson, Gerald R.

2008-02-25

This commentary for the CIOs Uncensored section of InformationWeek will discuss PNNL’s “defense in depth” approach to cyber security. It will cover external and internal safeguards, as well as the all-important role of employees in the cyber security equation. For employees are your greatest vulnerability – and your last line of defense.

Information Security Issues in Higher Education and Institutional Research

ERIC Educational Resources Information Center

Custer, William L.

2010-01-01

Information security threats to educational institutions and their data assets have worsened significantly over the past few years. The rich data stores of institutional research are especially vulnerable, and threats from security breaches represent no small risk. New genres of threat require new kinds of controls if the institution is to prevent…

Developing measurement indices to enhance protection and resilience of critical infrastructure and key resources.

PubMed

Fisher, Ronald E; Norman, Michael

2010-07-01

The US Department of Homeland Security (DHS) is developing indices to better assist in the risk management of critical infrastructures. The first of these indices is the Protective Measures Index - a quantitative index that measures overall protection across component categories: physical security, security management, security force, information sharing, protective measures and dependencies. The Protective Measures Index, which can also be recalculated as the Vulnerability Index, is a way to compare differing protective measures (eg fence versus security training). The second of these indices is the Resilience Index, which assesses a site's resilience and consists of three primary components: robustness, resourcefulness and recovery. The third index is the Criticality Index, which assesses the importance of a facility. The Criticality Index includes economic, human, governance and mass evacuation impacts. The Protective Measures Index, Resilience Index and Criticality Index are being developed as part of the Enhanced Critical Infrastructure Protection initiative that DHS protective security advisers implement across the nation at critical facilities. This paper describes two core themes: determination of the vulnerability, resilience and criticality of a facility and comparison of the indices at different facilities.

Cyber Security Threats to Safety-Critical, Space-Based Infrastructures

NASA Astrophysics Data System (ADS)

Johnson, C. W.; Atencia Yepez, A.

2012-01-01

Space-based systems play an important role within national critical infrastructures. They are being integrated into advanced air-traffic management applications, rail signalling systems, energy distribution software etc. Unfortunately, the end users of communications, location sensing and timing applications often fail to understand that these infrastructures are vulnerable to a wide range of security threats. The following pages focus on concerns associated with potential cyber-attacks. These are important because future attacks may invalidate many of the safety assumptions that support the provision of critical space-based services. These safety assumptions are based on standard forms of hazard analysis that ignore cyber-security considerations This is a significant limitation when, for instance, security attacks can simultaneously exploit multiple vulnerabilities in a manner that would never occur without a deliberate enemy seeking to damage space based systems and ground infrastructures. We address this concern through the development of a combined safety and security risk assessment methodology. The aim is to identify attack scenarios that justify the allocation of additional design resources so that safety barriers can be strengthened to increase our resilience against security threats.

Security risk assessment: applying the concepts of fuzzy logic.

PubMed

Bajpai, Shailendra; Sachdeva, Anish; Gupta, J P

2010-01-15

Chemical process industries (CPI) handling hazardous chemicals in bulk can be attractive targets for deliberate adversarial actions by terrorists, criminals and disgruntled employees. It is therefore imperative to have comprehensive security risk management programme including effective security risk assessment techniques. In an earlier work, it has been shown that security risk assessment can be done by conducting threat and vulnerability analysis or by developing Security Risk Factor Table (SRFT). HAZOP type vulnerability assessment sheets can be developed that are scenario based. In SRFT model, important security risk bearing factors such as location, ownership, visibility, inventory, etc., have been used. In this paper, the earlier developed SRFT model has been modified using the concepts of fuzzy logic. In the modified SRFT model, two linguistic fuzzy scales (three-point and four-point) are devised based on trapezoidal fuzzy numbers. Human subjectivity of different experts associated with previous SRFT model is tackled by mapping their scores to the newly devised fuzzy scale. Finally, the fuzzy score thus obtained is defuzzyfied to get the results. A test case of a refinery is used to explain the method and compared with the earlier work.

The public transportation system security and emergency preparedness planning guide

DOT National Transportation Integrated Search

2003-01-01

Recent events have focused renewed attention on the vulnerability of the nation's critical infrastructure to major events, including terrorism. The Public Transportation System Security and Emergency Preparedness Planning Guide has been prepared to s...

78 FR 9951 - Excepted Service

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-12

...) Not to exceed 3000 positions that require unique cyber security skills and knowledge to perform cyber..., distributed control systems security, cyber incident response, cyber exercise facilitation and management, cyber vulnerability detection and assessment, network and systems engineering, enterprise architecture...

U.S. Patent Pending, Cyberspace Security System for Complex Systems, U.S. Patent Application No.: 14/134,949

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, Robert K; Sheldon, Frederick T; Mili, Ali

A computer implemented method monetizes the security of a cyber-system in terms of losses each stakeholder may expect to lose if a security break down occurs. A non-transitory media stores instructions for generating a stake structure that includes costs that each stakeholder of a system would lose if the system failed to meet security requirements and generating a requirement structure that includes probabilities of failing requirements when computer components fails. The system generates a vulnerability model that includes probabilities of a component failing given threats materializing and generates a perpetrator model that includes probabilities of threats materializing. The system generatesmore » a dot product of the stakes structure, the requirement structure, the vulnerability model and the perpetrator model. The system can further be used to compare, contrast and evaluate alternative courses of actions best suited for the stakeholders and their requirements.« less

Methods and protocol of a mixed method quasi-experiment to evaluate the effects of a structural economic and food security intervention on HIV vulnerability in rural Malawi: The SAGE4Health Study.

PubMed

Weinhardt, Lance S; Galvao, Loren W; Mwenyekonde, Thokozani; Grande, Katarina M; Stevens, Patricia; Yan, Alice F; Mkandawire-Valhmu, Lucy; Masanjala, Winford; Kibicho, Jennifer; Ngui, Emmanuel; Emer, Lindsay; Watkins, Susan C

2014-01-01

Poverty and lack of a predictable, stable source of food are two fundamental determinants of ill health, including HIV/AIDS. Conversely, episodes of poor health and death from HIV can disrupt the ability to maintain economic stability in affected households, especially those that rely on subsistence farming. However, little empirical research has examined if, and how, improvements in people's economic status and food security translate into changes in HIV vulnerability. In this paper, we describe in detail the methods and protocol of an academic-NGO collaboration on a quasi-experimental, longitudinal study of the mechanisms and magnitude of the impact of a multilevel economic and food security program (Support to Able-Bodied Vulnerable Groups to Achieve Food Security; SAFE), as implemented by CARE. Primary outcomes include HIV vulnerability (i.e., HIV risk behaviors, HIV infection), economic status (i.e., income, household assets) and food security (including anthropometric measures). We recruited participants from two types of areas of rural central Malawi: traditional authorities (TA) selected by CARE to receive the SAFE program (intervention group) and TAs receiving other unrelated CARE programming (controls). In the intervention TAs, we recruited 598 program participants (398 women, 200 men) and interviewed them at baseline and 18- and 36-month follow-ups; we interviewed 301 control households. In addition, we conducted random surveys (n = 1002) in the intervention and control areas with a 36-month assessment interval, prior to and after implementation of SAFE. Thus, we are examining intervention outcomes both in direct SAFE program participants and their larger communities. We are using multilevel modeling to examine mediators and moderators of the effects of SAFE on HIV outcomes at the individual and community levels and determine the ways in which changes in HIV outcomes feed back into economic outcomes and food security at later interviews. Finally, we are conducting a qualitative end-of-program evaluation consisting of in-depth interviews with 90 SAFE participants. In addition to examining pathways linking structural factors to HIV vulnerability, this research will yield important information for understanding the impact of a multilevel environmental/structural intervention on HIV, with the potential for other sustainable long-term public health benefits.

The impact of the 2008 financial crisis on food security and food expenditures in Mexico: a disproportionate effect on the vulnerable.

PubMed

Vilar-Compte, Mireya; Sandoval-Olascoaga, Sebastian; Bernal-Stuart, Ana; Shimoga, Sandhya; Vargas-Bustamante, Arturo

2015-11-01

The present paper investigated the impact of the 2008 financial crisis on food security in Mexico and how it disproportionally affected vulnerable households. A generalized ordered logistic regression was estimated to assess the impact of the crisis on households' food security status. An ordinary least squares and a quantile regression were estimated to evaluate the effect of the financial crisis on a continuous proxy measure of food security defined as the share of a household's current income devoted to food expenditures. Setting Both analyses were performed using pooled cross-sectional data from the Mexican National Household Income and Expenditure Survey 2008 and 2010. The analytical sample included 29,468 households in 2008 and 27,654 in 2010. The generalized ordered logistic model showed that the financial crisis significantly (P<0·05) decreased the probability of being food secure, mildly or moderately food insecure, compared with being severely food insecure (OR=0·74). A similar but smaller effect was found when comparing severely and moderately food-insecure households with mildly food-insecure and food-secure households (OR=0·81). The ordinary least squares model showed that the crisis significantly (P<0·05) increased the share of total income spent on food (β coefficient of 0·02). The quantile regression confirmed the findings suggested by the generalized ordered logistic model, showing that the effects of the crisis were more profound among poorer households. The results suggest that households that were more vulnerable before the financial crisis saw a worsened effect in terms of food insecurity with the crisis. Findings were consistent with both measures of food security--one based on self-reported experience and the other based on food spending.

Semantic policy and adversarial modeling for cyber threat identification and avoidance

NASA Astrophysics Data System (ADS)

DeFrancesco, Anton; McQueary, Bruce

2009-05-01

Today's enterprise networks undergo a relentless barrage of attacks from foreign and domestic adversaries. These attacks may be perpetrated with little to no funding, but may wreck incalculable damage upon the enterprises security, network infrastructure, and services. As more services come online, systems that were once in isolation now provide information that may be combined dynamically with information from other systems to create new meaning on the fly. Security issues are compounded by the potential to aggregate individual pieces of information and infer knowledge at a higher classification than any of its constituent parts. To help alleviate these challenges, in this paper we introduce the notion of semantic policy and discuss how it's use is evolving from a robust approach to access control to preempting and combating attacks in the cyber domain, The introduction of semantic policy and adversarial modeling to network security aims to ask 'where is the network most vulnerable', 'how is the network being attacked', and 'why is the network being attacked'. The first aspect of our approach is integration of semantic policy into enterprise security to augment traditional network security with an overall awareness of policy access and violations. This awareness allows the semantic policy to look at the big picture - analyzing trends and identifying critical relations in system wide data access. The second aspect of our approach is to couple adversarial modeling with semantic policy to move beyond reactive security measures and into a proactive identification of system weaknesses and areas of vulnerability. By utilizing Bayesian-based methodologies, the enterprise wide meaning of data and semantic policy is applied to probability and high-level risk identification. This risk identification will help mitigate potential harm to enterprise networks by enabling resources to proactively isolate, lock-down, and secure systems that are most vulnerable.

An Enhanced Lightweight Anonymous Authentication Scheme for a Scalable Localization Roaming Service in Wireless Sensor Networks.

PubMed

Chung, Youngseok; Choi, Seokjin; Lee, Youngsook; Park, Namje; Won, Dongho

2016-10-07

More security concerns and complicated requirements arise in wireless sensor networks than in wired networks, due to the vulnerability caused by their openness. To address this vulnerability, anonymous authentication is an essential security mechanism for preserving privacy and providing security. Over recent years, various anonymous authentication schemes have been proposed. Most of them reveal both strengths and weaknesses in terms of security and efficiency. Recently, Farash et al. proposed a lightweight anonymous authentication scheme in ubiquitous networks, which remedies the security faults of previous schemes. However, their scheme still suffers from certain weaknesses. In this paper, we prove that Farash et al.'s scheme fails to provide anonymity, authentication, or password replacement. In addition, we propose an enhanced scheme that provides efficiency, as well as anonymity and security. Considering the limited capability of sensor nodes, we utilize only low-cost functions, such as one-way hash functions and bit-wise exclusive-OR operations. The security and lightness of the proposed scheme mean that it can be applied to roaming service in localized domains of wireless sensor networks, to provide anonymous authentication of sensor nodes.

An Enhanced Lightweight Anonymous Authentication Scheme for a Scalable Localization Roaming Service in Wireless Sensor Networks

PubMed Central

Chung, Youngseok; Choi, Seokjin; Lee, Youngsook; Park, Namje; Won, Dongho

2016-01-01

More security concerns and complicated requirements arise in wireless sensor networks than in wired networks, due to the vulnerability caused by their openness. To address this vulnerability, anonymous authentication is an essential security mechanism for preserving privacy and providing security. Over recent years, various anonymous authentication schemes have been proposed. Most of them reveal both strengths and weaknesses in terms of security and efficiency. Recently, Farash et al. proposed a lightweight anonymous authentication scheme in ubiquitous networks, which remedies the security faults of previous schemes. However, their scheme still suffers from certain weaknesses. In this paper, we prove that Farash et al.’s scheme fails to provide anonymity, authentication, or password replacement. In addition, we propose an enhanced scheme that provides efficiency, as well as anonymity and security. Considering the limited capability of sensor nodes, we utilize only low-cost functions, such as one-way hash functions and bit-wise exclusive-OR operations. The security and lightness of the proposed scheme mean that it can be applied to roaming service in localized domains of wireless sensor networks, to provide anonymous authentication of sensor nodes. PMID:27739417

SECURITY MODELING FOR MARITIME PORT DEFENSE RESOURCE ALLOCATION

DOE Office of Scientific and Technical Information (OSTI.GOV)

Harris, S.; Dunn, D.

2010-09-07

Redeployment of existing law enforcement resources and optimal use of geographic terrain are examined for countering the threat of a maritime based small-vessel radiological or nuclear attack. The evaluation was based on modeling conducted by the Savannah River National Laboratory that involved the development of options for defensive resource allocation that can reduce the risk of a maritime based radiological or nuclear threat. A diverse range of potential attack scenarios has been assessed. As a result of identifying vulnerable pathways, effective countermeasures can be deployed using current resources. The modeling involved the use of the Automated Vulnerability Evaluation for Risksmore » of Terrorism (AVERT{reg_sign}) software to conduct computer based simulation modeling. The models provided estimates for the probability of encountering an adversary based on allocated resources including response boats, patrol boats and helicopters over various environmental conditions including day, night, rough seas and various traffic flow rates.« less

Impacts of multiple global environmental changes on African crop yield and water use efficiency: Implications to food and water security

NASA Astrophysics Data System (ADS)

Pan, S.; Yang, J.; Zhang, J.; Xu, R.; Dangal, S. R. S.; Zhang, B.; Tian, H.

2016-12-01

Africa is one of the most vulnerable regions in the world to climate change and climate variability. Much concern has been raised about the impacts of climate and other environmental factors on water resource and food security through the climate-water-food nexus. Understanding the responses of crop yield and water use efficiency to environmental changes is particularly important because Africa is well known for widespread poverty, slow economic growth and agricultural systems particularly sensitive to frequent and persistent droughts. However, the lack of integrated understanding has limited our ability to quantify and predict the potential of Africa's agricultural sustainability and freshwater supply, and to better manage the system for meeting an increasing food demand in a way that is socially and environmentally or ecologically sustainable. By using the Dynamic Land Ecosystem Model (DLEM-AG2) driven by spatially-explicit information on land use, climate and other environmental changes, we have assessed the spatial and temporal patterns of crop yield, evapotranspiration (ET) and water use efficiency across entire Africa in the past 35 years (1980-2015) and the rest of the 21st century (2016-2099). Our preliminary results indicate that African crop yield in the past three decades shows an increasing trend primarily due to cropland expansion (about 50%), elevated atmospheric CO2 concentration, and nitrogen deposition. However, crop yield shows substantially spatial and temporal variation due to inter-annual and inter-decadal climate variability and spatial heterogeneity of environmental drivers. Climate extremes especially droughts and heat wave have largely reduced crop yield in the most vulnerable regions. Our results indicate that N fertilizer could be a major driver to improve food security in Africa. Future climate warming could reduce crop yield and shift cropland distribution. Our study further suggests that improving water use efficiency through land management practices including the increased uses of fertilizers and irrigation will be the key for reducing the loss of crop yield in a warming climate and extreme weather.

U.S. Military Technology Dependence: The Hidden Vulnerability to National Security

DTIC Science & Technology

2016-06-10

10-06-2016 4. TITLE AND SUBTITLE 5a. CONTRACT NUMBER U.S. MILITARY TECHNOLOGY DEPENDENCE : THE HIDDEN Sb. GRANT NUMBER VULNERABILITY TO NATIONAL...14. ABSTRACT Because the U.S. has a technological culture, the U.S. military has become technology dependent . This dependence has made the military...technology dependent that the organization no longer recognizes that technology has made it more vulnerable strategically, operationally, and tactically. The

Transformation-aware Exploit Generation using a HI-CFG

DTIC Science & Technology

2013-05-16

testing has many limitations of its own: it can require significant target -specific setup to perform well; it is unlikely to trigger vulnerabilities...check fails represents a potential vulnerability, but a conservative analysis can produce false positives , so we can use exploit generation to find...warnings that correspond to true positives . We can also find potentially vulnerable instructions in the course of a manual binary- level security audit

The Role of the Appropriate Adult in Supporting Vulnerable Adults in Custody: Comparing the Perspectives of Service Users and Service Providers

ERIC Educational Resources Information Center

Jessiman, Tricia; Cameron, Ailsa

2017-01-01

Background: Police custody sergeants have a duty to secure an AA to safeguard the rights and welfare of vulnerable people detained or questioned by the police. This study focuses on the role of the AA in supporting vulnerable adults and seeks to examine what stakeholders would expect from an effective AA service. Methods: This was a qualitative…

Analysis of Human Disturbance and Ecological Security Evolution in Oasis in Arid Area Based on LUCC: A Case Study of Oasis in the Northern Tianshan Mountain Slope Economic Zone

NASA Astrophysics Data System (ADS)

Song, W. J.; Chen, M. H.; Zhang, Q.; Liu, S. S.; Yang, J. N.

2017-07-01

Oases in arid areas are environmentally and economically vulnerable regions. Study on ecological security of oases in arid areas is of great significance to the stability and the economic development of oases. Based on Land Use/Land Cover data in 1965, 1980, 1995, 2005 and 2015, the study analyze the temporal and spatial changes in human disturbance and ecological security of oases in the Northern Tianshan Mountain Slope Economic Zone (NTMSEZ) in recent 50 years by establishing the ecological security index (ESI) through human disturbance index and landscape vulnerability index. The results showed that: in recent 50 years, the human disturbance of the NTMSEZ has been increased to current moderate human impacts. Urban construction, oasis expansion and farmland reclamation are the main factors of the increment. The human disturbance in Urumchi, Shihezi, Kuitun, Miquan and Changji is higher than that in other oases and that in core areas of oasis is higher than other areas. The ESI of the NTMSEZ increases firstly and then decreases. In most areas, the ESI is “relatively unsafe” and “critical”. However, there are increasingly more vulnerable areas, moving northwestwards and expanding southwards. The ESI gradually presents a “NW-SE” trend of zonal distribution pattern.

6 CFR 27.105 - Definitions.

Code of Federal Regulations, 2013 CFR

2013-01-01

... Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM... analyze key data from chemical facilities. Chemical-terrorism Vulnerability Information or CVI shall mean... or terrorist incident shall mean any incident or attempt that constitutes terrorism or terrorist...

6 CFR 27.105 - Definitions.

Code of Federal Regulations, 2014 CFR

2014-01-01

... Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM... analyze key data from chemical facilities. Chemical-terrorism Vulnerability Information or CVI shall mean... or terrorist incident shall mean any incident or attempt that constitutes terrorism or terrorist...

6 CFR 27.105 - Definitions.

Code of Federal Regulations, 2012 CFR

2012-01-01

... Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM... analyze key data from chemical facilities. Chemical-terrorism Vulnerability Information or CVI shall mean... or terrorist incident shall mean any incident or attempt that constitutes terrorism or terrorist...

6 CFR 27.105 - Definitions.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM... analyze key data from chemical facilities. Chemical-terrorism Vulnerability Information or CVI shall mean... or terrorist incident shall mean any incident or attempt that constitutes terrorism or terrorist...

Aviation security : vulnerabilities in, and alternatives for, pre-board screening security operations

DOT National Transportation Integrated Search

2001-09-25

This is the statement of Gerald L. Dillingham, Director, Physical Infrastructure Issues before the Committee on Governmental Affairs and Its Subcommittee on Oversight of Governmental Management, Restructuring and the District of Columbia, U.S. Senate...

78 FR 16694 - Chemical Security Assessment Tool (CSAT)

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-18

... information provided. Comments that include trade secrets, confidential commercial or financial information... secrets, confidential commercial or financial information, CVI, SSI, or PCII should be appropriately... Department make the instruments (e.g., Top-Screen, Security Vulnerability Assessment [SVA]/ Alternative...

Aviation security : vulnerabilities in, and alternatives for, preboard screening security operations

DOT National Transportation Integrated Search

2001-09-25

This is the statement of Gerald L. Dillingham, Director, Physical Infrastructure Issues before the Committee on Governmental Affairs and Its Subcommittee on Oversight of Governmental Management, Restructuring and the District of Columbia, U.S. Senate...

Report: EPA Needs to Strengthen Financial Database Security Oversight and Monitor Compliance

EPA Pesticide Factsheets

Report #2007-P-00017, March 29, 2007. Weaknesses in how EPA offices monitor databases for known security vulnerabilities, communicate the status of critical system patches, and monitor the access to database administrator accounts and privileges.

Aviation Security-Related Findings and Recommendations of the 9/11 Commission

DTIC Science & Technology

2005-03-30

The 9/11 Commission found that al Qaeda operatives exploited known weaknesses in U.S. aviation security to carry out the terrorist attacks of...September 11, 2001. While legislation and administration actions after September 11, 2001 were implemented to strengthen aviation security , the 9/11...Commission concluded that several weaknesses continue to exist. These include perceived vulnerabilities in cargo and general aviation security as well as

Environmental security as related to scale mismatches of disturbance patterns in a panarchy of social-ecological landscapes

Treesearch

Giovanni Zurlini; Irene Petrosillo; Nicola Zaccarelli; Kurt Riitters

2008-01-01

Environmental security, as the opposite of environmental fragility (vulnerability), is multilayered, multi-scale and complex, existing in both the objective realm of biophysics and society, and the subjective realm of individual human perception. For ecological risk assessments (ERAs), the relevant objects of environmental security are social-ecological landscapes (...

Elevating Virtual Machine Introspection for Fine-Grained Process Monitoring: Techniques and Applications

ERIC Educational Resources Information Center

Srinivasan, Deepa

2013-01-01

Recent rapid malware growth has exposed the limitations of traditional in-host malware-defense systems and motivated the development of secure virtualization-based solutions. By running vulnerable systems as virtual machines (VMs) and moving security software from inside VMs to the outside, the out-of-VM solutions securely isolate the anti-malware…

Food Vulnerability and Alluvial Farming for Food Security in Central Dry Zone Area of Myanmar

NASA Astrophysics Data System (ADS)

Boori, M. S.; Choudhary, K.; Evers, M.; Kupriyanov, A.

2017-10-01

The central dry zone area of Myanmar is the most water stressed and also one of the most food insecure regions in the country. In the Dry Zone area, the total population is 10.1 million people in 54 townships, in which approximately 43 % live in below poverty line and 40-50 % of the rural population is landless. Agriculture is the most important economic sector in Myanmar as it is essential for national food security and a major source of livelihood for its people. In this region the adverse effects of climate change such as late or early onset of monsoon season, longer dry spells, erratic rainfall, increasing temperature, heavy rains, stronger typhoons, extreme spatial-temporal variability of rainfall, high intensities, limited rainfall events in the growing season, heat stress, drought, flooding, sea water intrusion, land degradation, desertification, deforestation and other natural disasters are believed to be a major constraint to food insecurity. For food vulnerability, we use following indicators: slope, precipitation, vegetation, soil, erosion, land degradation and harvest failure in ArcGIS software. The erosion is influenced by rainfall and slope, while land degradation is directly related to vegetation, drainage and soil. While harvest failure can be generate by rainfall and flood potential zones. Results show that around 45 % study area comes under very high erosion danger level, 70 % under average harvest failure, 59 % intermediate land degradation area and the overall around 45 % study area comes under insecure food vulnerability zone. Our analysis shows an increase in alluvial farming by 1745.33 km2 since 1988 to reduce the insecure food vulnerability. Food vulnerability map is also relevant to increased population and low income areas. The extreme climatic events are likely increase in frequency and magnitude of serious drought periods and extreme floods. Food insecurity is an important thing that must be reviewed because it relates to the lives of many people. This paper is helpful for identifying the areas of food needs in central dry zone area of Myanmar.

Risks, benefits and survival strategies-views from female sex workers in Savannakhet, Laos

PubMed Central

2012-01-01

Background Female sex workers (FSWs) are vulnerable to sexually transmitted infections (STIs) and encounter socio-economic and health problems, including STIs/HIV, unintended pregnancy and complications from unsafe abortion, stigma, violence, and drug addiction. Reducing risks associated with sex work requires an understanding of the social and cultural context in which sex workers live and work. This study aimed to explore the working environment and perceived risks among FSWs in Savannakhet province in Laos. Methods Five focus group discussions (FGDs) and seven interviews were conducted with FSWs in Kaysone Phomvihan district in Laos. Latent content analysis was used to analyze the transcribed text. Results The results revealed that the FSWs were aware of risks but they also talked about benefits related to their work. The risks were grouped into six categories: STIs/HIV, unintended pregnancy, stigma, violence, being cheated, and social and economic insecurity. The reported benefits were financial security, fulfilling social obligations, and sexual pleasure. The FSWs reported using a number of strategies to reduce risks and increase benefits. Conclusions The desire to be self-sufficient and earn as much money as possible put the FSWs in disadvantaged and vulnerable situations. Fear of financial insecurity, obligations to support one’s family and the need to secure the future influenced FSWs’ decisions to have safe or unsafe sex. The FSWs were, however, not only victims. They also had some control over their lives and working environment, with most viewing their work as an easy and good way of earning money. PMID:23164407

UGV: security analysis of subsystem control network

NASA Astrophysics Data System (ADS)

Abbott-McCune, Sam; Kobezak, Philip; Tront, Joseph; Marchany, Randy; Wicks, Al

2013-05-01

Unmanned Ground vehicles (UGVs) are becoming prolific in the heterogeneous superset of robotic platforms. The sensors which provide odometry, localization, perception, and vehicle diagnostics are fused to give the robotic platform a sense of the environment it is traversing. The automotive industry CAN bus has dominated the industry due to the fault tolerance and the message structure allowing high priority messages to reach the desired node in a real time environment. UGVs are being researched and produced at an accelerated rate to preform arduous, repetitive, and dangerous missions that are associated with a military action in a protracted conflict. The technology and applications of the research will inevitably be turned into dual-use platforms to aid civil agencies in the performance of their various operations. Our motivation is security of the holistic system; however as subsystems are outsourced in the design, the overall security of the system may be diminished. We will focus on the CAN bus topology and the vulnerabilities introduced in UGVs and recognizable security vulnerabilities that are inherent in the communications architecture. We will show how data can be extracted from an add-on CAN bus that can be customized to monitor subsystems. The information can be altered or spoofed to force the vehicle to exhibit unwanted actions or render the UGV unusable for the designed mission. The military relies heavily on technology to maintain information dominance, and the security of the information introduced onto the network by UGVs must be safeguarded from vulnerabilities that can be exploited.

511, America's traveler information number. Deployment assistance report #3, 511 and homeland security.

DOT National Transportation Integrated Search

2002-06-01

Today, transportation agencies are beginning to address the need for threat and vulnerability assessments, and re-examine how existing emergency management plans will be implemented during a homeland security emergency or alert. Travel information is...

State of Maryland Intelligent Transportation Systems: Security and Implementation Recommendations.

DOT National Transportation Integrated Search

1997-11-01

At the direction of the Volpe National Transportation Systems Center of the US Department of Transportation (US DOT), a two-phase study of the security vulnerability of Maryland Intelligent Transportation Systems (ITS) was conducted from July until N...

Homeland security and virtual reality: building a Strategic Adaptive Response System (STARS).

PubMed

Swift, Christopher; Rosen, Joseph M; Boezer, Gordon; Lanier, Jaron; Henderson, Joseph V; Liu, Alan; Merrell, Ronald C; Nguyen, Sinh; Demas, Alex; Grigg, Elliot B; McKnight, Matthew F; Chang, Janelle; Koop, C Everett

2005-01-01

The advent of the Global War on Terrorism (GWOT) underscored the need to improve the U.S. disaster response paradigm. Existing systems involve numerous agencies spread across disparate functional and geographic jurisdictions. The current architecture remains vulnerable to sophisticated terrorist strikes. To address these vulnerabilities, we must continuously adapt and improve our Homeland Security architecture. Virtual Reality (VR) technologies will help model those changes and integrate technologies. This paper provides a broad overview of the strategic threats, together with a detailed examination of how specific VR technologies could be used to ensure successful disaster responses.

Protocol vulnerability detection based on network traffic analysis and binary reverse engineering.

PubMed

Wen, Shameng; Meng, Qingkun; Feng, Chao; Tang, Chaojing

2017-01-01

Network protocol vulnerability detection plays an important role in many domains, including protocol security analysis, application security, and network intrusion detection. In this study, by analyzing the general fuzzing method of network protocols, we propose a novel approach that combines network traffic analysis with the binary reverse engineering method. For network traffic analysis, the block-based protocol description language is introduced to construct test scripts, while the binary reverse engineering method employs the genetic algorithm with a fitness function designed to focus on code coverage. This combination leads to a substantial improvement in fuzz testing for network protocols. We build a prototype system and use it to test several real-world network protocol implementations. The experimental results show that the proposed approach detects vulnerabilities more efficiently and effectively than general fuzzing methods such as SPIKE.

Climate change and nutrition: creating a climate for nutrition security.

PubMed

Tirado, M C; Crahay, P; Mahy, L; Zanev, C; Neira, M; Msangi, S; Brown, R; Scaramella, C; Costa Coitinho, D; Müller, A

2013-12-01

Climate change further exacerbates the enormous existing burden of undernutrition. It affects food and nutrition security and undermines current efforts to reduce hunger and promote nutrition. Undernutrition in turn undermines climate resilience and the coping strategies of vulnerable populations. The objectives of this paper are to identify and undertake a cross-sectoral analysis of the impacts of climate change on nutrition security and the existing mechanisms, strategies, and policies to address them. A cross-sectoral analysis of the impacts of climate change on nutrition security and the mechanisms and policies to address them was guided by an analytical framework focused on the three 'underlying causes' of undernutrition: 1) household food access, 2) maternal and child care and feeding practices, 3) environmental health and health access. The analytical framework includes the interactions of the three underlying causes of undernutrition with climate change,vulnerability, adaptation and mitigation. Within broad efforts on climate change mitigation and adaptation and climate-resilient development, a combination of nutrition-sensitive adaptation and mitigation measures, climate-resilient and nutrition-sensitive agricultural development, social protection, improved maternal and child care and health, nutrition-sensitive risk reduction and management, community development measures, nutrition-smart investments, increased policy coherence, and institutional and cross-sectoral collaboration are proposed as a means to address the impacts of climate change to food and nutrition security. This paper proposes policy directions to address nutrition in the climate change agenda and recommendations for consideration by the UN Framework Convention on Climate Change (UNFCCC). Nutrition and health stakeholders need to be engaged in key climate change adaptation and mitigation initiatives, including science-based assessment by the Intergovernmental Panel on Climate Change (IPCC), and policies and actions formulated by the UN Framework Convention on Climate Change (UNFCCC). Improved multi-sectoral coordination and political will is required to integrate nutrition-sensitive actions into climate-resilient sustainable development efforts in the UNFCCC work and in the post 2015 development agenda. Placing human rights at the center of strategies to mitigate and adapt to the impacts of climate change and international solidarity is essential to advance sustainable development and to create a climate for nutrition security.

A Security Analysis on Kempf-Koodli's Security Scheme for Fast Mobile IPv6

NASA Astrophysics Data System (ADS)

You, Ilsun; Sakurai, Kouichi; Hori, Yoshiaki

Recently, the security scheme, proposed by Kempf and Koodli, has been adopted as a security standard for Fast handover for Mobile IPv6. But, it does not prevent denial of service attacks while resulting in high computation cost. More importantly, we find that it is still vulnerable to redirection attacks because it fails to secure the Unsolicited Neighbor Advertisement messages. In this paper, Kempf-Koodli's scheme is formally analyzed through BAN-logic and its weaknesses are demonstrated.

Purposefully Manufactured Vulnerabilities in U.S. Government Technology Microchips: Risks and Homeland Security Implications

DTIC Science & Technology

2012-12-01

2. REPORT DATE December 2012 3. REPORT TYPE AND DATES COVERED Master’s Thesis 4 . TITLE AND SUBTITLE PURPOSEFULLY MANUFACTURED VULNERABILITIES...31  Figure 4 .  FPGA Application Uses...21  Table 4 .  Top Foundries Worldwide: Headquarter Location and Manufacturing Location

Discovering and Mitigating Software Vulnerabilities through Large-Scale Collaboration

ERIC Educational Resources Information Center

Zhao, Mingyi

2016-01-01

In today's rapidly digitizing society, people place their trust in a wide range of digital services and systems that deliver latest news, process financial transactions, store sensitive information, etc. However, this trust does not have a solid foundation, because software code that supports this digital world has security vulnerabilities. These…

EPA Recognized for Research on Reducing Risks to Drinking ...

EPA Pesticide Factsheets

Technical Brief Threat Ensemble Vulnerability Assessment (TEVA) among finalists for Edelman Award On February 7, 2008, the Institute for Operations Research and the Management Sciences (INFORMS ® of Hanover, MD) announced that a TEVA Research project is one of six finalists vying for this year’s prestigious Franz Edelman Award. The project is called “Reducing Security Risks in American Drinking Water Systems.” Edelman Award Information This is the thirty-seventh year of the Edelman competition. Every year, the competition recognizes outstanding operations research-based projects that transform companies, entire industries, and people’s lives. Operations research uses advanced analytical methods to make optimal decisions in order to solve complex problems. The winner of the award will be announced in mid-April 2008. Past Edelman Award finalists include Travelocity; IBM; Merrill Lynch; the Memorial Sloan-Kettering Cancer Center; and Georgia Tech. The winning team for 2007 reduced both patient suffering and health care costs from the treatment of prostate and breast cancer. The Edelman competition attests to the contributions of operations research in the profit and nonprofit sectors. It is estimated that the cumulative dollar benefits from Edelman finalist projects between 1984 and 2006 reached the $100 billion mark. TEVA Research Program The TEVA research program has focused on reducing the security risks to drinking water systems. Ad

Transportation security : federal action needed to help address security challenges

DOT National Transportation Integrated Search

2003-06-30

The economic well being of the U.S. is dependent on the expeditious flow of people and goods through the transportation system. The attacks on September 11, 2001, illustrate the threats and vulnerabilities of the transportation system. Prior to Septe...

76 FR 81516 - Homeland Security Advisory Council

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-28

... security; and provide information on the threat of an electromagnetic pulse attack and its associated... Operational Update. Electromagnetic Pulse (EMP) Threat--Lessons Learned and Areas of Vulnerability, and... and the potential threat of an electromagnetic pulse attack. Both will include lessons learned and...

Security Assessment Of A Turbo-Gas Power Plant

NASA Astrophysics Data System (ADS)

Masera, Marcelo; Fovino, Igor Nai; Leszczyna, Rafal

Critical infrastructures are exposed to new threats due to the large number of vulnerabilities and architectural weaknesses introduced by the extensive use of information and communication technologies. This paper presents the results of an exhaustive security assessment for a turbo-gas power plant.

Safeguarding Databases Basic Concepts Revisited.

ERIC Educational Resources Information Center

Cardinali, Richard

1995-01-01

Discusses issues of database security and integrity, including computer crime and vandalism, human error, computer viruses, employee and user access, and personnel policies. Suggests some precautions to minimize system vulnerability such as careful personnel screening, audit systems, passwords, and building and software security systems. (JKP)

Systemic Vulnerabilities

DTIC Science & Technology

2014-10-01

CRm CAL FA~WR£S Q I • Software Engineering Institute I Ccamt>gw l\\~llon Lniwndty 34 Basic attack tree Destroy Building Generate Sufficient...by computer-security company marketing literature that touts 11hacker proof software,11 11triple-DES security,11 and the like. In truth, unbreakable

On the security of two remote user authentication schemes for telecare medical information systems.

PubMed

Kim, Kee-Won; Lee, Jae-Dong

2014-05-01

The telecare medical information systems (TMISs) support convenient and rapid health-care services. A secure and efficient authentication scheme for TMIS provides safeguarding patients' electronic patient records (EPRs) and helps health care workers and medical personnel to rapidly making correct clinical decisions. Recently, Kumari et al. proposed a password based user authentication scheme using smart cards for TMIS, and claimed that the proposed scheme could resist various malicious attacks. However, we point out that their scheme is still vulnerable to lost smart card and cannot provide forward secrecy. Subsequently, Das and Goswami proposed a secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. They simulated their scheme for the formal security verification using the widely-accepted automated validation of Internet security protocols and applications (AVISPA) tool to ensure that their scheme is secure against passive and active attacks. However, we show that their scheme is still vulnerable to smart card loss attacks and cannot provide forward secrecy property. The proposed cryptanalysis discourages any use of the two schemes under investigation in practice and reveals some subtleties and challenges in designing this type of schemes.

Information Security Controls against Cross-Site Request Forgery Attacks on Software Applications of Automated Systems

NASA Astrophysics Data System (ADS)

Barabanov, A. V.; Markov, A. S.; Tsirlov, V. L.

2018-05-01

This paper presents statistical results and their consolidation, which were received in the study into security of various web-application against cross-site request forgery attacks. Some of the results were received in the study carried out within the framework of certification for compliance with information security requirements. The paper provides the results of consolidating information about the attack and protection measures, which are currently used by the developers of web-applications. It specifies results of the study, which demonstrate various distribution types: distribution of identified vulnerabilities as per the developer type (Russian and foreign), distribution of the security measures used in web-applications, distribution of the identified vulnerabilities as per the programming languages, data on the number of security measures that are used in the studied web-applications. The results of the study show that in most cases the developers of web-applications do not pay due attention to protection against cross-site request forgery attacks. The authors give recommendations to the developers that are planning to undergo a certification process for their software applications.

Risk Assessment for Mobile Systems Through a Multilayered Hierarchical Bayesian Network.

PubMed

Li, Shancang; Tryfonas, Theo; Russell, Gordon; Andriotis, Panagiotis

2016-08-01

Mobile systems are facing a number of application vulnerabilities that can be combined together and utilized to penetrate systems with devastating impact. When assessing the overall security of a mobile system, it is important to assess the security risks posed by each mobile applications (apps), thus gaining a stronger understanding of any vulnerabilities present. This paper aims at developing a three-layer framework that assesses the potential risks which apps introduce within the Android mobile systems. A Bayesian risk graphical model is proposed to evaluate risk propagation in a layered risk architecture. By integrating static analysis, dynamic analysis, and behavior analysis in a hierarchical framework, the risks and their propagation through each layer are well modeled by the Bayesian risk graph, which can quantitatively analyze risks faced to both apps and mobile systems. The proposed hierarchical Bayesian risk graph model offers a novel way to investigate the security risks in mobile environment and enables users and administrators to evaluate the potential risks. This strategy allows to strengthen both app security as well as the security of the entire system.

Design of a Secure Authentication and Key Agreement Scheme Preserving User Privacy Usable in Telecare Medicine Information Systems.

PubMed

Arshad, Hamed; Rasoolzadegan, Abbas

2016-11-01

Authentication and key agreement schemes play a very important role in enhancing the level of security of telecare medicine information systems (TMISs). Recently, Amin and Biswas demonstrated that the authentication scheme proposed by Giri et al. is vulnerable to off-line password guessing attacks and privileged insider attacks and also does not provide user anonymity. They also proposed an improved authentication scheme, claiming that it resists various security attacks. However, this paper demonstrates that Amin and Biswas's scheme is defenseless against off-line password guessing attacks and replay attacks and also does not provide perfect forward secrecy. This paper also shows that Giri et al.'s scheme not only suffers from the weaknesses pointed out by Amin and Biswas, but it also is vulnerable to replay attacks and does not provide perfect forward secrecy. Moreover, this paper proposes a novel authentication and key agreement scheme to overcome the mentioned weaknesses. Security and performance analyses show that the proposed scheme not only overcomes the mentioned security weaknesses, but also is more efficient than the previous schemes.

Reinforcements, ammunition limits, and termination of neutralization engagements in ASSESS

DOE Office of Scientific and Technical Information (OSTI.GOV)

Paulus, W.K.; Mondragon, J.

1991-01-01

This paper reports on the ASSESS Neutralization Analysis module (Neutralization) which is part of Analytic system and Software for Evaluation of Safeguards and Security, ASSESS, a vulnerability assessment tool. Neutralization models a fire fight engagement between security inspectors (SIs) and adversaries. The model has been improved to represent more realistically the addition of reinforcements to an engagement, the criteria for declaring an engagement terminated, and the amount of ammunition which security forces can use. SI reinforcements must prevent adversaries from achieving their purpose even if an initial security force has been overcome. The reinforcements must be timely. A variety ofmore » reinforcement timeliness cases can be modeled. Reinforcements that are not timely are shown to be ineffective in the calculated results. Engagements may terminate before all combatants on one side are neutralized if they recognize that they are losing. A winner is declared when the number of survivors on one side is reduced to a user specified level. Realistically, the amount of ammunition that can be carried into an engagement is limited. Neutralization now permits the analyst to specify the number of rounds available to the security forces initially and the quantity of resupply that is introduced with reinforcements. These new capabilities all contribute toward more realistic modeling of neutralization engagements.« less

Identifying Vulnerabilities and Hardening Attack Graphs for Networked Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Saha, Sudip; Vullinati, Anil K.; Halappanavar, Mahantesh

We investigate efficient security control methods for protecting against vulnerabilities in networked systems. A large number of interdependent vulnerabilities typically exist in the computing nodes of a cyber-system; as vulnerabilities get exploited, starting from low level ones, they open up the doors to more critical vulnerabilities. These cannot be understood just by a topological analysis of the network, and we use the attack graph abstraction of Dewri et al. to study these problems. In contrast to earlier approaches based on heuristics and evolutionary algorithms, we study rigorous methods for quantifying the inherent vulnerability and hardening cost for the system. Wemore » develop algorithms with provable approximation guarantees, and evaluate them for real and synthetic attack graphs.« less

Why and How the Dairy Farmers of India are Vulnerable to the Impacts of Climate Variability and Change?

NASA Astrophysics Data System (ADS)

Radhakrishnan, A.; Gupta, J.

2017-12-01

Climate change and variability has added many atrociousness to India's food security challenges and the relationship between the asset components of farmers and climate change is always complex. In India, dairy farming substantially contributes towards the food security and always plays a supportive role to agriculture from the adversities. This study provides an overview of the socio economic and livelihood vulnerability of small holder dairy farmers of India to climate change and variability in three dimensions — sensitivity, exposure and adaptive capacity by combining 70 indicators and 12 major components. The livelihood and socio economic vulnerability of dairy farmers to climate change and variability is assessed at taluka level in India through detailed house hold level data of livelihoods of Western Ghats region of India collected by several levels of survey and through Participatory Rural Appraisal (PRA) techniques from selected farmers complemented by thirty years of gridded weather data and other secondary data sources. The index score of dairy based livelihoods of Maharashtra was highly negative compared to other states with about 50 percent of farmers having high level of vulnerability with significant tradeoff between milk productivity and health, food, natural disasters-climate variability components. It finds that ensuring food security in the scenario of climate change will be a dreadful challenge and recommends identification of different potential options depending on local contexts at grass root level, the adoption of sustainable agricultural practices, focusing on improving the adaptive capacity component, provision of livelihood security, preparing the extensionists of Krishi Vigyan Kendras (KVKs)- universities to deal with the risks through extensive training programmes, long-term relief measures in the event of natural disasters, workshops on climate science and communication and promoting farmer centric extension system.

LMIP/AAA: Local Authentication, Authorization and Accounting (AAA) Protocol for Mobile IP

NASA Astrophysics Data System (ADS)

Chenait, Manel

Mobile IP represents a simple and scalable global mobility solution. However, it inhibits various vulnerabilities to malicious attacks and, therefore, requires the integration of appropriate security services. In this paper, we discuss two authentication schemes suggested for Mobile IP: standard authentication and Mobile IP/AAA authentication. In order to provide Mobile IP roaming services including identity verication, we propose an improvement to Mobile/AAA authentication scheme by applying a local politic key management in each domain, hence we reduce hando latency by avoiding the involvement of AAA infrastructure during mobile node roaming.

7 CFR 1730.20 - General.

Code of Federal Regulations, 2010 CFR

2010-01-01

..., individually or regionally performing a system security Vulnerability and Risk Assessment (VRA), establishing... electrical condition and security of its electric system and for the quality of services provided to its... sufficient resources to operate and maintain its system and annually exercise its ERP in accordance with the...

Security Isn't Just for Techies Anymore

ERIC Educational Resources Information Center

Mills, Lane B.

2004-01-01

School district networks are particularly difficult to protect given the diverse types of users, software, equipment and connections that most school districts provide. Vulnerabilities to the security of school district's technology infrastructure can relate to users, data, software, hardware and transmission. This article discusses different…

A New Privacy-Preserving Handover Authentication Scheme for Wireless Networks

PubMed Central

Wang, Changji; Yuan, Yuan; Wu, Jiayuan

2017-01-01

Handover authentication is a critical issue in wireless networks, which is being used to ensure mobile nodes wander over multiple access points securely and seamlessly. A variety of handover authentication schemes for wireless networks have been proposed in the literature. Unfortunately, existing handover authentication schemes are vulnerable to a few security attacks, or incur high communication and computation costs. Recently, He et al. proposed a handover authentication scheme PairHand and claimed it can resist various attacks without rigorous security proofs. In this paper, we show that PairHand does not meet forward secrecy and strong anonymity. More seriously, it is vulnerable to key compromise attack, where an adversary can recover the private key of any mobile node. Then, we propose a new efficient and provably secure handover authentication scheme for wireless networks based on elliptic curve cryptography. Compared with existing schemes, our proposed scheme can resist key compromise attack, and achieves forward secrecy and strong anonymity. Moreover, it is more efficient in terms of computation and communication. PMID:28632171

A New Privacy-Preserving Handover Authentication Scheme for Wireless Networks.

PubMed

Wang, Changji; Yuan, Yuan; Wu, Jiayuan

2017-06-20

Handover authentication is a critical issue in wireless networks, which is being used to ensure mobile nodes wander over multiple access points securely and seamlessly. A variety of handover authentication schemes for wireless networks have been proposed in the literature. Unfortunately, existing handover authentication schemes are vulnerable to a few security attacks, or incur high communication and computation costs. Recently, He et al. proposed a handover authentication scheme PairHand and claimed it can resist various attacks without rigorous security proofs. In this paper, we show that PairHand does not meet forward secrecy and strong anonymity. More seriously, it is vulnerable to key compromise attack, where an adversary can recover the private key of any mobile node. Then, we propose a new efficient and provably secure handover authentication scheme for wireless networks based on elliptic curve cryptography. Compared with existing schemes, our proposed scheme can resist key compromise attack, and achieves forward secrecy and strong anonymity. Moreover, it is more efficient in terms of computation and communication.

Security of BB84 with weak randomness and imperfect qubit encoding

NASA Astrophysics Data System (ADS)

Zhao, Liang-Yuan; Yin, Zhen-Qiang; Li, Hong-Wei; Chen, Wei; Fang, Xi; Han, Zheng-Fu; Huang, Wei

2018-03-01

The main threats for the well-known Bennett-Brassard 1984 (BB84) practical quantum key distribution (QKD) systems are that its encoding is inaccurate and measurement device may be vulnerable to particular attacks. Thus, a general physical model or security proof to tackle these loopholes simultaneously and quantitatively is highly desired. Here we give a framework on the security of BB84 when imperfect qubit encoding and vulnerability of measurement device are both considered. In our analysis, the potential attacks to measurement device are generalized by the recently proposed weak randomness model which assumes the input random numbers are partially biased depending on a hidden variable planted by an eavesdropper. And the inevitable encoding inaccuracy is also introduced here. From a fundamental view, our work reveals the potential information leakage due to encoding inaccuracy and weak randomness input. For applications, our result can be viewed as a useful tool to quantitatively evaluate the security of a practical QKD system.

Extreme rainfall, vulnerability and risk: a continental-scale assessment for South America.

PubMed

Vörösmarty, Charles J; Bravo de Guenni, Lelys; Wollheim, Wilfred M; Pellerin, Brian; Bjerklie, David; Cardoso, Manoel; D'Almeida, Cassiano; Green, Pamela; Colon, Lilybeth

2013-11-13

Extreme weather continues to preoccupy society as a formidable public safety concern bearing huge economic costs. While attention has focused on global climate change and how it could intensify key elements of the water cycle such as precipitation and river discharge, it is the conjunction of geophysical and socioeconomic forces that shapes human sensitivity and risks to weather extremes. We demonstrate here the use of high-resolution geophysical and population datasets together with documentary reports of rainfall-induced damage across South America over a multi-decadal, retrospective time domain (1960-2000). We define and map extreme precipitation hazard, exposure, affectedpopulations, vulnerability and risk, and use these variables to analyse the impact of floods as a water security issue. Geospatial experiments uncover major sources of risk from natural climate variability and population growth, with change in climate extremes bearing a minor role. While rural populations display greatest relative sensitivity to extreme rainfall, urban settings show the highest rates of increasing risk. In the coming decades, rapid urbanization will make South American cities the focal point of future climate threats but also an opportunity for reducing vulnerability, protecting lives and sustaining economic development through both traditional and ecosystem-based disaster risk management systems.

Reducing Cascading Failure Risk by Increasing Infrastructure Network Interdependence.

PubMed

Korkali, Mert; Veneman, Jason G; Tivnan, Brian F; Bagrow, James P; Hines, Paul D H

2017-03-20

Increased interconnection between critical infrastructure networks, such as electric power and communications systems, has important implications for infrastructure reliability and security. Others have shown that increased coupling between networks that are vulnerable to internetwork cascading failures can increase vulnerability. However, the mechanisms of cascading in these models differ from those in real systems and such models disregard new functions enabled by coupling, such as intelligent control during a cascade. This paper compares the robustness of simple topological network models to models that more accurately reflect the dynamics of cascading in a particular case of coupled infrastructures. First, we compare a topological contagion model to a power grid model. Second, we compare a percolation model of internetwork cascading to three models of interdependent power-communication systems. In both comparisons, the more detailed models suggest substantially different conclusions, relative to the simpler topological models. In all but the most extreme case, our model of a "smart" power network coupled to a communication system suggests that increased power-communication coupling decreases vulnerability, in contrast to the percolation model. Together, these results suggest that robustness can be enhanced by interconnecting networks with complementary capabilities if modes of internetwork failure propagation are constrained.

Reducing Cascading Failure Risk by Increasing Infrastructure Network Interdependence

NASA Astrophysics Data System (ADS)

Korkali, Mert; Veneman, Jason G.; Tivnan, Brian F.; Bagrow, James P.; Hines, Paul D. H.

2017-03-01

Increased interconnection between critical infrastructure networks, such as electric power and communications systems, has important implications for infrastructure reliability and security. Others have shown that increased coupling between networks that are vulnerable to internetwork cascading failures can increase vulnerability. However, the mechanisms of cascading in these models differ from those in real systems and such models disregard new functions enabled by coupling, such as intelligent control during a cascade. This paper compares the robustness of simple topological network models to models that more accurately reflect the dynamics of cascading in a particular case of coupled infrastructures. First, we compare a topological contagion model to a power grid model. Second, we compare a percolation model of internetwork cascading to three models of interdependent power-communication systems. In both comparisons, the more detailed models suggest substantially different conclusions, relative to the simpler topological models. In all but the most extreme case, our model of a “smart” power network coupled to a communication system suggests that increased power-communication coupling decreases vulnerability, in contrast to the percolation model. Together, these results suggest that robustness can be enhanced by interconnecting networks with complementary capabilities if modes of internetwork failure propagation are constrained.

Reducing Cascading Failure Risk by Increasing Infrastructure Network Interdependence

PubMed Central

Korkali, Mert; Veneman, Jason G.; Tivnan, Brian F.; Bagrow, James P.; Hines, Paul D. H.

2017-01-01

Increased interconnection between critical infrastructure networks, such as electric power and communications systems, has important implications for infrastructure reliability and security. Others have shown that increased coupling between networks that are vulnerable to internetwork cascading failures can increase vulnerability. However, the mechanisms of cascading in these models differ from those in real systems and such models disregard new functions enabled by coupling, such as intelligent control during a cascade. This paper compares the robustness of simple topological network models to models that more accurately reflect the dynamics of cascading in a particular case of coupled infrastructures. First, we compare a topological contagion model to a power grid model. Second, we compare a percolation model of internetwork cascading to three models of interdependent power-communication systems. In both comparisons, the more detailed models suggest substantially different conclusions, relative to the simpler topological models. In all but the most extreme case, our model of a “smart” power network coupled to a communication system suggests that increased power-communication coupling decreases vulnerability, in contrast to the percolation model. Together, these results suggest that robustness can be enhanced by interconnecting networks with complementary capabilities if modes of internetwork failure propagation are constrained. PMID:28317835

Vulnerability Discovery: Bridging the Gap Between Analysis and Engineering

DTIC Science & Technology

2006-01-01

work in selected technologies © 2006 Carnegie Mellon University 16 An Easy Target: ActiveX 1995 – OLE 2  COM  ActiveX 2000 – CERT/CC... ActiveX Security Workshop 2005 – VU#680526  New vector for exploiting COM vulnerabilities via Internet Explorer discovered 2006 – Dranzer, the COM Object

Edgeware Security Risk Management: A Three Essay Thesis on Cloud, Virtualization and Wireless Grid Vulnerabilities

ERIC Educational Resources Information Center

Brooks, Tyson T.

2013-01-01

This thesis identifies three essays which contribute to the foundational understanding of the vulnerabilities and risk towards potentially implementing wireless grid Edgeware technology in a virtualized cloud environment. Since communication networks and devices are subject to becoming the target of exploitation by hackers (e.g. individuals who…

SPAR: a security- and power-aware routing protocol for wireless ad hoc and sensor networks

NASA Astrophysics Data System (ADS)

Oberoi, Vikram; Chigan, Chunxiao

2005-05-01

Wireless Ad Hoc and Sensor Networks (WAHSNs) are vulnerable to extensive attacks as well as severe resource constraints. To fulfill the security needs, many security enhancements have been proposed. Like wise, from resource constraint perspective, many power aware schemes have been proposed to save the battery power. However, we observe that for the severely resource limited and extremely vulnerable WAHSNs, taking security or power (or any other resource) alone into consideration for protocol design is rather inadequate toward the truly "secure-and-useful" WAHSNs. For example, from resource constraint perspective, we identify one of the potential problems, the Security-Capable-Congestion (SCC) behavior, for the WAHSNs routing protocols where only the security are concerned. On the other hand, the design approach where only scarce resource is concerned, such as many power-aware WAHSNs protocols, leaves security unconsidered and is undesirable to many WAHSNs application scenarios. Motivated by these observations, we propose a co-design approach, where both the high security and effective resource consumption are targeted for WAHSNs protocol design. Specifically, we propose a novel routing protocol, Security- and Power- Aware Routing (SPAR) protocol based on this co-design approach. In SPAR, the routing decisions are made based on both security and power as routing criteria. The idea of the SPAR mechanism is routing protocol independent and therefore can be broadly integrated into any of the existing WAHSNs routing protocols. The simulation results show that SPAR outperforms the WAHSNs routing protocols where security or power alone is considered, significantly. This research finding demonstrates the proposed security- and resource- aware co-design approach is promising towards the truly "secure-and-useful" WAHSNs.

Security and SCADA protocols

DOE Office of Scientific and Technical Information (OSTI.GOV)

Igure, V. M.; Williams, R. D.

2006-07-01

Supervisory control and data acquisition (SCADA) networks have replaced discrete wiring for many industrial processes, and the efficiency of the network alternative suggests a trend toward more SCADA networks in the future. This paper broadly considers SCADA to include distributed control systems (DCS) and digital control systems. These networks offer many advantages, but they also introduce potential vulnerabilities that can be exploited by adversaries. Inter-connectivity exposes SCADA networks to many of the same threats that face the public internet and many of the established defenses therefore show promise if adapted to the SCADA differences. This paper provides an overview ofmore » security issues in SCADA networks and ongoing efforts to improve the security of these networks. Initially, a few samples from the range of threats to SCADA network security are offered. Next, attention is focused on security assessment of SCADA communication protocols. Three challenges must be addressed to strengthen SCADA networks. Access control mechanisms need to be introduced or strengthened, improvements are needed inside of the network to enhance security and network monitoring, and SCADA security management improvements and policies are needed. This paper discusses each of these challenges. This paper uses the Profibus protocol as an example to illustrate some of the vulnerabilities that arise within SCADA networks. The example Profibus security assessment establishes a network model and an attacker model before proceeding to a list of example attacks. (authors)« less

Remote Sensing-based Models of Soil Vulnerability to Compaction and Erosion from Off-highway Vehicles

NASA Astrophysics Data System (ADS)

Villarreal, M. L.; Webb, R. H.; Norman, L.; Psillas, J.; Rosenberg, A.; Carmichael, S.; Petrakis, R.; Sparks, P.

2014-12-01

Intensive off-road vehicle use for immigration, smuggling, and security of the United States-Mexico border has prompted concerns about long-term human impacts on sensitive desert ecosystems. To help managers identify areas susceptible to soil erosion from vehicle disturbances, we developed a series of erosion potential models based on factors from the Revised Universal Soil Loss Equation (RUSLE), with particular focus on the management factor (P-factor) and vegetation cover (C-factor). To better express the vulnerability of soils to human disturbances, a soil compaction index (applied as the P-factor) was calculated as the difference in saturated hydrologic conductivity (Ks) between disturbed and undisturbed soils, which was then scaled up to remote sensing-based maps of vehicle tracks and digital soils maps. The C-factor was improved using a satellite-based vegetation index, which was better correlated with estimated ground cover (r2 = 0.77) than data derived from regional land cover maps (r2 = 0.06). RUSLE factors were normalized to give equal weight to all contributing factors, which provided more management-specific information on vulnerable areas where vehicle compaction of sensitive soils intersects with steep slopes and low vegetation cover. Resulting spatial data on vulnerability and erosion potential provide land managers with information to identify critically disturbed areas and potential restoration sites where off-road driving should be restricted to reduce further degradation.

NV: Nessus Vulnerability Visualization for the Web

DOE Office of Scientific and Technical Information (OSTI.GOV)

Harrison, Lane; Spahn, Riley B; Iannacone, Michael D

2012-01-01

Network vulnerability is a critical component of network se- curity. Yet vulnerability analysis has received relatively lit- tle attention from the security visualization community. In this paper we describe nv, a web-based Nessus vulnerability visualization. Nv utilizes treemaps and linked histograms to allow system administrators to discover, analyze, and man- age vulnerabilities on their networks. In addition to visual- izing single Nessus scans, nv supports the analysis of sequen- tial scans by showing which vulnerabilities have been fixed, remain open, or are newly discovered. Nv was also designed to operate completely in-browser, to avoid sending sensitive data to outside servers.more » We discuss the design of nv, as well as provide case studies demonstrating vulnerability analysis workflows which include a multiple-node testbed and data from the 2011 VAST Challenge.« less

Economic vulnerability to health shocks and coping strategies: evidence from Andhra Pradesh, India.

PubMed

Dhanaraj, Sowmya

2016-07-01

Empirical research has shown that households in developing countries are unable to sustain current levels of consumption during and after severe health crises due to substantial increase in medical expenditure and/or loss of income. Health events are also found to have an adverse impact on nutritional status and educational attainment of household members. Thus, in this study, we investigate: who are vulnerable to welfare loss from health shocks, what are the household responses to cope with the economic burden of health shocks and if policy responses like state health insurance schemes are effective in reducing the economic vulnerability. We use self-reported measures of health shocks and coping strategies from the longitudinal survey of the ongoing Young Lives project in India [Andhra Pradesh (AP)] to identify the characteristics of vulnerable groups and perform three-level random intercept logistic regression that takes into account contextual or environmental factors. What emerges is socioeconomic status of household (determined by education, wealth, occupation and caste/religious group) and its demographic characteristics like gender of the household head and proportion of elderly and disabled members matter for outcomes related to health events. Households adopt different strategies to cope with the economic costs of ill-health; borrowing is the most widely used strategy. For credit, majority of households rely on informal sources (moneylenders, friends, relatives, etc.) and have little or no access to formal sources. However, health shock to main breadwinner leads to households adopting costly strategies like reducing consumption or sending children to work. We found no evidence that the state health insurance scheme reduced the household welfare loss from health shocks and their coping strategies. The results suggest that health insurance schemes have to be complemented with access to micro-credit and social security schemes for self-employed persons/workers in informal sector to reduce the economic burden faced by households due to health shocks. © The Author 2016. Published by Oxford University Press. All rights reserved. For permissions, please email: journals.permissions@oup.com.

Connecting the Spots: Combating Transnational Terrorist Groups Through Leveraging Indigenous Security Forces

DTIC Science & Technology

2009-04-01

terrorist social networks are quite vulnerable to penetration and exploitation by indigenous personnel working in the communities where the groups operate...LEVERAGING INDIGENOUS SECURITY FORCES by Mack-Jan H. Spencer, Maj, USAF A Research Report Submitted to the Faculty In Partial Fulfillment of the...4. TITLE AND SUBTITLE Connecting the Spots: Combating Transnational Terrorist Groups Through Leveraging Indigenous Security Forces 5a. CONTRACT

Information Assurance Study

DTIC Science & Technology

1998-01-01

usually written up by Logistics or Maintenance (4790 is the Maintenance “ Bible ”). If need be, and if resources are available, one could collect all...Public domain) SATAN (System Administration Tool for Analyzing Networks) (Public Domain) STAT ( Security Test and Analysis Tool) (Harris Corporation...Service-Filtering Tools 1. TCP/IP wrapper program • Tools to Scan Hosts for Known Vulnerabilities 1. ISS (Internet Security Scanner) 2. SATAN (Security

Data security issues arising from integration of wireless access into healthcare networks.

PubMed

Frenzel, John C

2003-04-01

The versatility of having Ethernet speed connectivity without wires is rapidly driving adoption of wireless data networking by end users across all types of industry. Designed to be easy to configure and work among diverse platforms, wireless brings online data to mobile users. This functionality is particularly useful in modern clinical medicine. Wireless presents operators of networks containing or transmitting sensitive and confidential data with several new types of security vulnerabilities, and potentially opens previously protected core network resources to outside attack. Herein, we review the types of vulnerabilities, the tools necessary to exploit them, and strategies to thwart a successful attack.

Design of Provider-Provisioned Website Protection Scheme against Malware Distribution

NASA Astrophysics Data System (ADS)

Yagi, Takeshi; Tanimoto, Naoto; Hariu, Takeo; Itoh, Mitsutaka

Vulnerabilities in web applications expose computer networks to security threats, and many websites are used by attackers as hopping sites to attack other websites and user terminals. These incidents prevent service providers from constructing secure networking environments. To protect websites from attacks exploiting vulnerabilities in web applications, service providers use web application firewalls (WAFs). WAFs filter accesses from attackers by using signatures, which are generated based on the exploit codes of previous attacks. However, WAFs cannot filter unknown attacks because the signatures cannot reflect new types of attacks. In service provider environments, the number of exploit codes has recently increased rapidly because of the spread of vulnerable web applications that have been developed through cloud computing. Thus, generating signatures for all exploit codes is difficult. To solve these problems, our proposed scheme detects and filters malware downloads that are sent from websites which have already received exploit codes. In addition, to collect information for detecting malware downloads, web honeypots, which automatically extract the communication records of exploit codes, are used. According to the results of experiments using a prototype, our scheme can filter attacks automatically so that service providers can provide secure and cost-effective network environments.

Multiple stressors in Southern Africa: the link between HIV/AIDS, food insecurity, poverty and children's vulnerability now and in the future

PubMed Central

Drimie, Scott; Casale, Marisa

2009-01-01

Several countries in Southern Africa now see large numbers of their population barely subsisting at poverty levels in years without shocks, and highly vulnerable to the vagaries of the weather, the economy and government policy. The combination of HIV/AIDS, food insecurity and a weakened capacity for governments to deliver basic social services has led to the region experiencing an acute phase of a long-term emergency. “Vulnerability” is a term commonly used by scientists and practitioners to describe these deteriorating conditions. There is particular concern about the “vulnerability” of children in this context and implications for children's future security. Through a review of literature and recent case studies, and using a widely accepted conceptualisation of vulnerability as a lens, we reflect on what the regional livelihoods crisis could mean for children's future wellbeing. We argue that an increase in factors determining the vulnerability of households — both through greater intensity and frequency of shocks and stresses (“external” vulnerability) and undermined resilience or ability to cope (“internal” vulnerability) — are threatening not only current welfare of children, but also their longer-term security. The two specific pathways we explore are (1) erosive coping strategies employed by families and individuals; and (2) their inability to plan for the future. We conclude that understanding and responding to this crisis requires looking at the complexity of these multiple stressors, to try to comprehend their interconnections and causal links. Policy and programme responses have, to date, largely failed to take into account the complex and multi-dimensional nature of this crisis. There is a misfit between the problem and the institutional response, as responses from national and international players have remained relatively static. Decisive, well-informed and holistic interventions are needed to break the potential negative cycle that threatens the future security of Southern Africa's children. PMID:22380976

Climate-smart agriculture for food security

NASA Astrophysics Data System (ADS)

Lipper, Leslie; Thornton, Philip; Campbell, Bruce M.; Baedeker, Tobias; Braimoh, Ademola; Bwalya, Martin; Caron, Patrick; Cattaneo, Andrea; Garrity, Dennis; Henry, Kevin; Hottle, Ryan; Jackson, Louise; Jarvis, Andrew; Kossam, Fred; Mann, Wendy; McCarthy, Nancy; Meybeck, Alexandre; Neufeldt, Henry; Remington, Tom; Sen, Pham Thi; Sessa, Reuben; Shula, Reynolds; Tibu, Austin; Torquebiau, Emmanuel F.

2014-12-01

Climate-smart agriculture (CSA) is an approach for transforming and reorienting agricultural systems to support food security under the new realities of climate change. Widespread changes in rainfall and temperature patterns threaten agricultural production and increase the vulnerability of people dependent on agriculture for their livelihoods, which includes most of the world's poor. Climate change disrupts food markets, posing population-wide risks to food supply. Threats can be reduced by increasing the adaptive capacity of farmers as well as increasing resilience and resource use efficiency in agricultural production systems. CSA promotes coordinated actions by farmers, researchers, private sector, civil society and policymakers towards climate-resilient pathways through four main action areas: (1) building evidence; (2) increasing local institutional effectiveness; (3) fostering coherence between climate and agricultural policies; and (4) linking climate and agricultural financing. CSA differs from 'business-as-usual' approaches by emphasizing the capacity to implement flexible, context-specific solutions, supported by innovative policy and financing actions.

The Impact of Terrorism on School Safety Planning.

ERIC Educational Resources Information Center

Trump, Kenneth S.

2002-01-01

Discusses why history and "thinking outside of the box" should encourage schools to acknowledge that they are potentially vulnerable targets of terrorism. Presents new safety and security issues raised by the threat of terrorism, including anthrax scares, cell phone use, and field trips. Describes "heightened security"…

Report: Survey Results on Information Used by Water Utilities to Conduct Vulnerability Assessments

EPA Pesticide Factsheets

Report #2004-M-0001, November 21, 2003. EPA developed a Strategic Plan for Homeland Security (Plan), dated Sept 2002, which states that EPA will work with the States, tribes, drinking water utilities, and others to enhance the security of water utilities.

DOE/DHS INDUSTRIAL CONTROL SYSTEM CYBER SECURITY PROGRAMS: A MODEL FOR USE IN NUCLEAR FACILITY SAFEGUARDS AND SECURITY

DOE Office of Scientific and Technical Information (OSTI.GOV)

Robert S. Anderson; Mark Schanfein; Trond Bjornard

2011-07-01

Many critical infrastructure sectors have been investigating cyber security issues for several years especially with the help of two primary government programs. The U.S. Department of Energy (DOE) National SCADA Test Bed and the U.S. Department of Homeland Security (DHS) Control Systems Security Program have both implemented activities aimed at securing the industrial control systems that operate the North American electric grid along with several other critical infrastructure sectors (ICS). These programs have spent the last seven years working with industry including asset owners, educational institutions, standards and regulating bodies, and control system vendors. The programs common mission is tomore » provide outreach, identification of cyber vulnerabilities to ICS and mitigation strategies to enhance security postures. The success of these programs indicates that a similar approach can be successfully translated into other sectors including nuclear operations, safeguards, and security. The industry regulating bodies have included cyber security requirements and in some cases, have incorporated sets of standards with penalties for non-compliance such as the North American Electric Reliability Corporation Critical Infrastructure Protection standards. These DOE and DHS programs that address security improvements by both suppliers and end users provide an excellent model for nuclear facility personnel concerned with safeguards and security cyber vulnerabilities and countermeasures. It is not a stretch to imagine complete surreptitious collapse of protection against the removal of nuclear material or even initiation of a criticality event as witnessed at Three Mile Island or Chernobyl in a nuclear ICS inadequately protected against the cyber threat.« less

Performance Analysis of Cyber Security Awareness Delivery Methods

NASA Astrophysics Data System (ADS)

Abawajy, Jemal; Kim, Tai-Hoon

In order to decrease information security threats caused by human-related vulnerabilities, an increased concentration on information security awareness and training is necessary. There are numerous information security awareness training delivery methods. The purpose of this study was to determine what delivery method is most successful in providing security awareness training. We conducted security awareness training using various delivery methods such as text based, game based and a short video presentation with the aim of determining user preference delivery methods. Our study suggests that a combined delvery methods are better than individual secrity awareness delivery method.

Software Development Life Cycle Security Issues

NASA Astrophysics Data System (ADS)

Kaur, Daljit; Kaur, Parminder

2011-12-01

Security is now-a-days one of the major problems because of many reasons. Security is now-a-days one of the major problems because of many reasons. The main cause is that software can't withstand security attacks because of vulnerabilities in it which are caused by defective specifications design and implementation. We have conducted a survey asking software developers, project managers and other people in software development about their security awareness and implementation in Software Development Life Cycle (SDLC). The survey was open to participation for three weeks and this paper explains the survey results.

Security engineering: systems engineering of security through the adaptation and application of risk management

NASA Technical Reports Server (NTRS)

Gilliam, David P.; Feather, Martin S.

2004-01-01

Information Technology (IT) Security Risk Management is a critical task in the organization, which must protect its resources and data against the loss of confidentiality, integrity, and availability. As systems become more complex and diverse, and more vulnerabilities are discovered while attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security. This paper describes an approach to address IT security risk through risk management and mitigation in both the institution and in the project life cycle.

The impact of the 2008 financial crisis on food security and food expenditures in Mexico: a disproportionate effect on the vulnerable

PubMed Central

Vilar-Compte, Mireya; Sandoval-Olascoaga, Sebastian; Bernal-Stuart, Ana; Shimoga, Sandhya; Vargas-Bustamante, Arturo

2015-01-01

Objective The present paper investigated the impact of the 2008 financial crisis on food security in Mexico and how it disproportionally affected vulnerable households. Design A generalized ordered logistic regression was estimated to assess the impact of the crisis on households’ food security status. An ordinary least squares and a quantile regression were estimated to evaluate the effect of the financial crisis on a continuous proxy measure of food security defined as the share of a household’s current income devoted to food expenditures. Setting Both analyses were performed using pooled cross-sectional data from the Mexican National Household Income and Expenditure Survey 2008 and 2010. Subjects The analytical sample included 29 468 households in 2008 and 27 654 in 2010. Results The generalized ordered logistic model showed that the financial crisis significantly (P < 0·05) decreased the probability of being food secure, mildly or moderately food insecure, compared with being severely food insecure (OR = 0·74). A similar but smaller effect was found when comparing severely and moderately food-insecure households with mildly food-insecure and food-secure households (OR = 0·81). The ordinary least squares model showed that the crisis significantly (P < 0·05) increased the share of total income spent on food (β coefficient of 0·02). The quantile regression confirmed the findings suggested by the generalized ordered logistic model, showing that the effects of the crisis were more profound among poorer households. Conclusions The results suggest that households that were more vulnerable before the financial crisis saw a worsened effect in terms of food insecurity with the crisis. Findings were consistent with both measures of food security – one based on self-reported experience and the other based on food spending. PMID:25428800

Research and application of ARP protocol vulnerability attack and defense technology based on trusted network

NASA Astrophysics Data System (ADS)

Xi, Huixing

2017-03-01

With the continuous development of network technology and the rapid spread of the Internet, computer networks have been around the world every corner. However, the network attacks frequently occur. The ARP protocol vulnerability is one of the most common vulnerabilities in the TCP / IP four-layer architecture. The network protocol vulnerabilities can lead to the intrusion and attack of the information system, and disable or disable the normal defense function of the system [1]. At present, ARP spoofing Trojans spread widely in the LAN, the network security to run a huge hidden danger, is the primary threat to LAN security. In this paper, the author summarizes the research status and the key technologies involved in ARP protocol, analyzes the formation mechanism of ARP protocol vulnerability, and analyzes the feasibility of the attack technique. Based on the summary of the common defensive methods, the advantages and disadvantages of each defense method. At the same time, the current defense method is improved, and the advantage of the improved defense algorithm is given. At the end of this paper, the appropriate test method is selected and the test environment is set up. Experiment and test are carried out for each proposed improved defense algorithm.

Protection of data carriers using secure optical codes

NASA Astrophysics Data System (ADS)

Peters, John A.; Schilling, Andreas; Staub, René; Tompkin, Wayne R.

2006-02-01

Smartcard technologies, combined with biometric-enabled access control systems, are required for many high-security government ID card programs. However, recent field trials with some of the most secure biometric systems have indicated that smartcards are still vulnerable to well equipped and highly motivated counterfeiters. In this paper, we present the Kinegram Secure Memory Technology which not only provides a first-level visual verification procedure, but also reinforces the existing chip-based security measures. This security concept involves the use of securely-coded data (stored in an optically variable device) which communicates with the encoded hashed information stored in the chip memory via a smartcard reader device.

Performance Analysis of Physical Layer Security of Opportunistic Scheduling in Multiuser Multirelay Cooperative Networks

PubMed Central

Shim, Kyusung; Do, Nhu Tri; An, Beongku

2017-01-01

In this paper, we study the physical layer security (PLS) of opportunistic scheduling for uplink scenarios of multiuser multirelay cooperative networks. To this end, we propose a low-complexity, yet comparable secrecy performance source relay selection scheme, called the proposed source relay selection (PSRS) scheme. Specifically, the PSRS scheme first selects the least vulnerable source and then selects the relay that maximizes the system secrecy capacity for the given selected source. Additionally, the maximal ratio combining (MRC) technique and the selection combining (SC) technique are considered at the eavesdropper, respectively. Investigating the system performance in terms of secrecy outage probability (SOP), closed-form expressions of the SOP are derived. The developed analysis is corroborated through Monte Carlo simulation. Numerical results show that the PSRS scheme significantly improves the secure ability of the system compared to that of the random source relay selection scheme, but does not outperform the optimal joint source relay selection (OJSRS) scheme. However, the PSRS scheme drastically reduces the required amount of channel state information (CSI) estimations compared to that required by the OJSRS scheme, specially in dense cooperative networks. PMID:28212286

Using cyber vulnerability testing techniques to expose undocumented security vulnerabilities in DCS and SCADA equipment

DOE Office of Scientific and Technical Information (OSTI.GOV)

Pollet, J.

2006-07-01

This session starts by providing an overview of typical DCS (Distributed Control Systems) and SCADA (Supervisory Control and Data Acquisition) architectures, and exposes cyber security vulnerabilities that vendors never admit, but are found through a comprehensive cyber testing process. A complete assessment process involves testing all of the layers and components of a SCADA or DCS environment, from the perimeter firewall all the way down to the end devices controlling the process, including what to look for when conducting a vulnerability assessment of real-time control systems. The following systems are discussed: 1. Perimeter (isolation from corporate IT or other non-criticalmore » networks) 2. Remote Access (third Party access into SCADA or DCS networks) 3. Network Architecture (switch, router, firewalls, access controls, network design) 4. Network Traffic Analysis (what is running on the network) 5. Host Operating Systems Hardening 6. Applications (how they communicate with other applications and end devices) 7. End Device Testing (PLCs, RTUs, DCS Controllers, Smart Transmitters) a. System Discovery b. Functional Discovery c. Attack Methodology i. DoS Tests (at what point does the device fail) ii. Malformed Packet Tests (packets that can cause equipment failure) iii. Session Hijacking (do anything that the operator can do) iv. Packet Injection (code and inject your own SCADA commands) v. Protocol Exploitation (Protocol Reverse Engineering / Fuzzing) This paper will provide information compiled from over five years of conducting cyber security testing on control systems hardware, software, and systems. (authors)« less

77 FR 74685 - Chemical Facility Anti-Terrorism Standards (CFATS) Chemical-Terrorism Vulnerability Information...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-12-17

... Programs Directorate (NPPD), Office of Infrastructure Protection (IP), Infrastructure Security Compliance... questions about this Information Collection Request should be forwarded to DHS/NPPD/IP/ISCD CFATS Program... to the DHS/NPPD/IP/ISCD CFATS Program Manager at the Department of Homeland Security, 245 Murray Lane...

Moving Secure Software Assurance into Higher Education: A Roadmap for Change

DTIC Science & Technology

2011-06-02

Summarized: The Issue: 6/2/20118 Software defects are currently a fact of life Software defects are avenues of security vulnerabilities that cyber ... criminals , terrorists, or hostile nations can exploit. We (THE ENTIRE INDUSTY) need to change the way we build systems Decrease the number of defects

76 FR 4123 - Homeland Security Advisory Council

Federal Register 2010, 2011, 2012, 2013, 2014

2011-01-24

.... The closed portions of the meeting will address threats to our homeland security, results of a cyber... designed to keep our country safe. A briefing on the Cyber Storm III Exercise will include lessons learned and vulnerabilities of cyber assets, as well as potential methods to improve a Federal response to a...

Security of Personal Computer Systems: A Management Guide.

ERIC Educational Resources Information Center

Steinauer, Dennis D.

This report describes management and technical security considerations associated with the use of personal computer systems as well as other microprocessor-based systems designed for use in a general office environment. Its primary objective is to identify and discuss several areas of potential vulnerability and associated protective measures. The…

77 FR 38467 - Special Conditions: Gulfstream Aerospace LP (GALP), Model Gulfstream G280 Airplane; Isolation or...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-28

... network security vulnerabilities and increased risks potentially resulting in unsafe conditions for the... Gulfstream G280 Airplane; Isolation or Aircraft Electronic System Security Protection From Unauthorized... connectivity of the passenger service computer systems to the airplane critical systems and data networks. The...

Surface transportation security : TSA has taken actions to manage risk, improve coordination, and measure performance, but additional actions would enhance its efforts, April 21, 2010.

DOT National Transportation Integrated Search

2010-04-21

Terrorist attacks on surface transportation facilities in Moscow, Mumbai, London, and Madrid caused casualties and highlighted the vulnerability of such systems. The Transportation Security Administration (TSA), within the Department of Homeland Secu...

Designing, Implementing, and Evaluating Secure Web Browsers

ERIC Educational Resources Information Center

Grier, Christopher L.

2009-01-01

Web browsers are plagued with vulnerabilities, providing hackers with easy access to computer systems using browser-based attacks. Efforts that retrofit existing browsers have had limited success since modern browsers are not designed to withstand attack. To enable more secure web browsing, we design and implement new web browsers from the ground…

Genesis: A Framework for Achieving Software Component Diversity

DTIC Science & Technology

2007-01-01

correctly—the initial filters develop to fix the Hotmail vulnerability could be circumvented by using alternate character encodings4. Hence, we focus on...Remotely Exploitable Cross-Site Scripting in Hotmail and Yahoo, (March 2004); http://www.greymagic.com/security/advisories/gm005-mc/. 4...EyeonSecurity, Microsoft Passport Account Hijack Attack: Hacking Hotmail and More, Hacker’s Digest. 5. Y.-W. Huang et al., Web Application Security Assessment by

Comment on "Secure quantum private information retrieval using phase-encoded queries"

NASA Astrophysics Data System (ADS)

Shi, Run-hua; Mu, Yi; Zhong, Hong; Zhang, Shun

2016-12-01

In this Comment, we reexamine the security of phase-encoded quantum private query (QPQ). We find that the current phase-encoded QPQ protocols, including their applications, are vulnerable to a probabilistic entangle-and-measure attack performed by the owner of the database. Furthermore, we discuss how to overcome this security loophole and present an improved cheat-sensitive QPQ protocol without losing the good features of the original protocol.

Security Risk Assessment Process for UAS in the NAS CNPC Architecture

NASA Technical Reports Server (NTRS)

Iannicca, Dennis C.; Young, Dennis P.; Thadani, Suresh K.; Winter, Gilbert A.

2013-01-01

This informational paper discusses the risk assessment process conducted to analyze Control and Non-Payload Communications (CNPC) architectures for integrating civil Unmanned Aircraft Systems (UAS) into the National Airspace System (NAS). The assessment employs the National Institute of Standards and Technology (NIST) Risk Management framework to identify threats, vulnerabilities, and risks to these architectures and recommends corresponding mitigating security controls. This process builds upon earlier work performed by RTCA Special Committee (SC) 203 and the Federal Aviation Administration (FAA) to roadmap the risk assessment methodology and to identify categories of information security risks that pose a significant impact to aeronautical communications systems. A description of the deviations from the typical process is described in regards to this aeronautical communications system. Due to the sensitive nature of the information, data resulting from the risk assessment pertaining to threats, vulnerabilities, and risks is beyond the scope of this paper.

Security Risk Assessment Process for UAS in the NAS CNPC Architecture

NASA Technical Reports Server (NTRS)

Iannicca, Dennis Christopher; Young, Daniel Paul; Suresh, Thadhani; Winter, Gilbert A.

2013-01-01

This informational paper discusses the risk assessment process conducted to analyze Control and Non-Payload Communications (CNPC) architectures for integrating civil Unmanned Aircraft Systems (UAS) into the National Airspace System (NAS). The assessment employs the National Institute of Standards and Technology (NIST) Risk Management framework to identify threats, vulnerabilities, and risks to these architectures and recommends corresponding mitigating security controls. This process builds upon earlier work performed by RTCA Special Committee (SC) 203 and the Federal Aviation Administration (FAA) to roadmap the risk assessment methodology and to identify categories of information security risks that pose a significant impact to aeronautical communications systems. A description of the deviations from the typical process is described in regards to this aeronautical communications system. Due to the sensitive nature of the information, data resulting from the risk assessment pertaining to threats, vulnerabilities, and risks is beyond the scope of this paper

Towards guidelines for post-disaster vulnerability reduction in informal settlements.

PubMed

Doberstein, Brent; Stager, Heather

2013-01-01

Although the development community has long recognised that securing land tenure and improving housing design can benefit significantly informal settlement residents, there is little research on these issues in communities exposed to natural disasters and hazards. Informal settlements often are located on land left vacant because of inherent risks, such as floodplains, and there is a long history worldwide of disasters affecting informal settlements. This research tackles the following questions: how can informal settlement vulnerabilities be reduced in a post-disaster setting?; and what are the key issues to address in post-disaster reconstruction? The main purpose of the paper is to develop a set of initial guidelines for post-disaster risk reduction in informal settlements, stressing connections to tenure and housing/community design in the reconstruction process. The paper examines disaster and reconstruction responses in two disaster-affected regions-Jimani, Dominican Republic, and Vargas State, Venezuela-where informal settlements have been hit particularly hard. © 2013 The Author(s). Journal compilation © Overseas Development Institute, 2013.

From Secure Memories to Smart Card Security

NASA Astrophysics Data System (ADS)

Handschuh, Helena; Trichina, Elena

Non-volatile memory is essential in most embedded security applications. It will store the key and other sensitive materials for cryptographic and security applications. In this chapter, first an overview is given of current flash memory architectures. Next the standard security features which form the basis of so-called secure memories are described in more detail. Smart cards are a typical embedded application that is very vulnerable to attacks and that at the same time has a high need for secure non-volatile memory. In the next part of this chapter, the secure memories of so-called flash-based high-density smart cards are described. It is followed by a detailed analysis of what the new security challenges for such objects are.

Approach to estimation of level of information security at enterprise based on genetic algorithm

NASA Astrophysics Data System (ADS)

V, Stepanov L.; V, Parinov A.; P, Korotkikh L.; S, Koltsov A.

2018-05-01

In the article, the way of formalization of different types of threats of information security and vulnerabilities of an information system of the enterprise and establishment is considered. In a type of complexity of ensuring information security of application of any new organized system, the concept and decisions in the sphere of information security are expedient. One of such approaches is the method of a genetic algorithm. For the enterprises of any fields of activity, the question of complex estimation of the level of security of information systems taking into account the quantitative and qualitative factors characterizing components of information security is relevant.

SPAN security policies and guidelines

NASA Technical Reports Server (NTRS)

Sisson, Patricia L.; Green, James L.

1989-01-01

A guide is provided to system security with emphasis on requirements and guidelines that are necessary to maintain an acceptable level of security on the network. To have security for the network, each node on the network must be secure. Therefore, each system manager, must strictly adhere to the requirements and must consider implementing the guidelines discussed. There are areas of vulnerability within the operating system that may not be addressed. However, when a requirement or guideline is discussed, implementation techniques are included. Information related to computer and data security is discussed to provide information on implementation options. The information is presented as it relates to a VAX computer environment.

Secure Control Systems for the Energy Sector

DOE Office of Scientific and Technical Information (OSTI.GOV)

Smith, Rhett; Campbell, Jack; Hadley, Mark

2012-03-31

Schweitzer Engineering Laboratories (SEL) will conduct the Hallmark Project to address the need to reduce the risk of energy disruptions because of cyber incidents on control systems. The goals is to develop solutions that can be both applied to existing control systems and designed into new control systems to add the security measures needed to mitigate energy network vulnerabilities. The scope of the Hallmark Project contains four primary elements: 1. Technology transfer of the Secure Supervisory Control and Data Acquisition (SCADA) Communications Protocol (SSCP) from Pacific Northwest National Laboratories (PNNL) to Schweitzer Engineering Laboratories (SEL). The project shall use thismore » technology to develop a Federal Information Processing Standard (FIPS) 140-2 compliant original equipment manufacturer (OEM) module to be called a Cryptographic Daughter Card (CDC) with the ability to directly connect to any PC enabling that computer to securely communicate across serial to field devices. Validate the OEM capabilities with another vendor. 2. Development of a Link Authenticator Module (LAM) using the FIPS 140-2 validated Secure SCADA Communications Protocol (SSCP) CDC module with a central management software kit. 3. Validation of the CDC and Link Authenticator modules via laboratory and field tests. 4. Creation of documents that record the impact of the Link Authenticator to the operators of control systems and on the control system itself. The information in the documents can assist others with technology deployment and maintenance.« less

Free and Open Source Software for land degradation vulnerability assessment

NASA Astrophysics Data System (ADS)

Imbrenda, Vito; Calamita, Giuseppe; Coluzzi, Rosa; D'Emilio, Mariagrazia; Lanfredi, Maria Teresa; Perrone, Angela; Ragosta, Maria; Simoniello, Tiziana

2013-04-01

Nowadays the role of FOSS software in scientific research is becoming increasingly important. Besides the important issues of reduced costs for licences, legality and security there are many other reasons that make FOSS software attractive. Firstly, making the code opened is a warranty of quality permitting to thousands of developers around the world to check the code and fix bugs rather than rely on vendors claims. FOSS communities are usually enthusiastic about helping other users for solving problems and expand or customize software (flexibility). Most important for this study, the interoperability allows to combine the user-friendly QGIS with the powerful GRASS-GIS and the richness of statistical methods of R in order to process remote sensing data and to perform geo-statistical analysis in one only environment. This study is focused on the land degradation (i.e. the reduction in the capacity of the land to provide ecosystem goods and services and assure its functions) and in particular on the estimation of the vulnerability levels in order to suggest appropriate policy actions to reduce/halt land degradation impacts, using the above mentioned software. The area investigated is the Basilicata Region (Southern Italy) where large natural areas are mixed with anthropized areas. To identify different levels of vulnerability we adopted the Environmentally Sensitive Areas (ESAs) model, based on the combination of indicators related to soil, climate, vegetation and anthropic stress. Such indicators were estimated by using the following data-sources: - Basilicata Region Geoportal to assess soil vulnerability; - DESERTNET2 project to evaluate potential vegetation vulnerability and climate vulnerability; - NDVI-MODIS satellite time series (2000-2010) with 250m resolution, available as 16-day composite from the NASA LP DAAC to characterize the dynamic component of vegetation; - Agricultural Census data 2010, Corine Land Cover 2006 and morphological information to assess the vulnerability to anthropic factors mainly connected with agricultural and grazing management. To achieve the final ESAs Index depicting the overall vulnerability to degradation of the investigated area we applied the geometric mean to cross normalized indices related to each examined component. In this context QGIS was used to display data and to perform basic GIS calculations, whereas GRASS was used for map-algebra operations and image processing. Finally R was used for computing statistical analysis (Principal Component Analysis) aimed to determine the relative importance of each adopted indicator. Our results show that GRASS, QGIS and R software are suitable to map land degradation vulnerability and identify highly vulnerable areas in which rehabilitation/recovery interventions are urgent. In addition they allow us to put into evidence the most important drivers of degradation thus supplying basic information for the setting up of intervention strategies. Ultimately, Free Open Source Software deliver a fair chance for geoscientific investigations thanks to their high interoperability and flexibility enabling to preserve the accuracy of the data and to reduce processing time. Moreover, the presence of several communities that steadily support users allows for achieving high quality results, making free open source software a valuable and easy alternative to conventional commercial software.

Minimizing Expected Maximum Risk from Cyber-Attacks with Probabilistic Attack Success

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bhuiyan, Tanveer H.; Nandi, Apurba; Medal, Hugh

The goal of our work is to enhance network security by generating partial cut-sets, which are a subset of edges that remove paths from initially vulnerable nodes (initial security conditions) to goal nodes (critical assets), on an attack graph given costs for cutting an edge and a limited overall budget.

On the Use of Software Metrics as a Predictor of Software Security Problems

DTIC Science & Technology

2013-01-01

models to determine if additional metrics are required to increase the accuracy of the model: non-security SCSA warnings, code churn and size, the...vulnerabilities reported by testing and those found in the field. Summary of Most Important Results We evaluated our model on three commercial telecommunications

Report: EPA Needs to Assess the Quality of Vulnerability Assessments Related to the Security of the Nation’s Water Supply

EPA Pesticide Factsheets

Report #2003-M-00013, September 24, 2003. In connection with our ongoing evaluation of the Environmental Protection Agency’s (EPA’s) activities to enhance the security of the Nation’s water supply, we noted an issue that requires your immediate attention.

75 FR 14429 - Agency Information Collection Activities; Submission for Office of Management and Budget Review...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-25

... regular security audits and have been certified for operation. The CPSC observes all industry and Federal government best practices for network security. CPSC staff regularly analyzes its systems for vulnerabilities and malware, and monitor the network for real-time intrusion attempts. B. Estimated Burden The CPSC...

A Framework For Analyzing And Mitigating The Vulnerabilities Of Complex Systems Via Attack And Protection Trees

DTIC Science & Technology

2007-07-01

Systems, Ciudad Real, Spain, 2002. [Ame00] "Metamorphosis," in American Heritage Dictionary of the English Language Fourth ed: Houghton Mifflin Company...Beyond Fear: Thinking Sensibly About Security in an Uncertain World. New York: Copernicus Books, 2003. [Sch99] Schneier, B. "Modeling Security

A Vulnerability Assessment of the U.S. Small Business B2C E-Commerce Network Systems

ERIC Educational Resources Information Center

Zhao, Jensen J.; Truell, Allen D.; Alexander, Melody W.; Woosley, Sherry A.

2011-01-01

Objective: This study assessed the security vulnerability of the U.S. small companies' business-to-consumer (B2C) e-commerce network systems. Background: As the Internet technologies have been changing the way business is conducted, the U.S. small businesses are investing in such technologies and taking advantage of e-commerce to access global…

Livelihood Cycle and Vulnerability of Rural Households to Climate Change and Hazards in Bangladesh.

PubMed

Alam, G M Monirul

2017-05-01

Rural riverine households in Bangladesh are confronted with many climate-driven hazards, including riverbank erosion, which results in loss of productive land and other natural resources of the riverine households, and thus threatens their livelihoods and food security. This study assesses the main drivers of vulnerability and livelihood cycle of vulnerable riparian households in Bangladesh. The study utilises the IPCC framework of vulnerability and develops a weighted approach by employing the livelihood vulnerability index and the climate vulnerability index. The results reveal that the livelihood vulnerability index and the climate vulnerability index differ across locations, however, a high index value for both measures indicates the households' high livelihood vulnerability to climate change and hazards. The main drivers that influence the vulnerability dimensions are livelihood strategies and access to food, water and health facilities. These hazard-prone households are also vulnerable due to their existing low livelihood status that leads to a vicious cycle of poverty. The findings of this study are crucial for policymakers to formulate and implement effective strategies and programs to minimise vulnerability and to enhance the local adaptation processes in order to improve such households' livelihood across Bangladesh.

Livelihood Cycle and Vulnerability of Rural Households to Climate Change and Hazards in Bangladesh

NASA Astrophysics Data System (ADS)

Alam, G. M. Monirul

2017-05-01

Rural riverine households in Bangladesh are confronted with many climate-driven hazards, including riverbank erosion, which results in loss of productive land and other natural resources of the riverine households, and thus threatens their livelihoods and food security. This study assesses the main drivers of vulnerability and livelihood cycle of vulnerable riparian households in Bangladesh. The study utilises the IPCC framework of vulnerability and develops a weighted approach by employing the livelihood vulnerability index and the climate vulnerability index. The results reveal that the livelihood vulnerability index and the climate vulnerability index differ across locations, however, a high index value for both measures indicates the households' high livelihood vulnerability to climate change and hazards. The main drivers that influence the vulnerability dimensions are livelihood strategies and access to food, water and health facilities. These hazard-prone households are also vulnerable due to their existing low livelihood status that leads to a vicious cycle of poverty. The findings of this study are crucial for policymakers to formulate and implement effective strategies and programs to minimise vulnerability and to enhance the local adaptation processes in order to improve such households' livelihood across Bangladesh.

Cyber threat model for tactical radio networks

NASA Astrophysics Data System (ADS)

Kurdziel, Michael T.

2014-05-01

The shift to a full information-centric paradigm in the battlefield has allowed ConOps to be developed that are only possible using modern network communications systems. Securing these Tactical Networks without impacting their capabilities has been a challenge. Tactical networks with fixed infrastructure have similar vulnerabilities to their commercial counterparts (although they need to be secure against adversaries with greater capabilities, resources and motivation). However, networks with mobile infrastructure components and Mobile Ad hoc Networks (MANets) have additional unique vulnerabilities that must be considered. It is useful to examine Tactical Network based ConOps and use them to construct a threat model and baseline cyber security requirements for Tactical Networks with fixed infrastructure, mobile infrastructure and/or ad hoc modes of operation. This paper will present an introduction to threat model assessment. A definition and detailed discussion of a Tactical Network threat model is also presented. Finally, the model is used to derive baseline requirements that can be used to design or evaluate a cyber security solution that can be scaled and adapted to the needs of specific deployments.

2006 Homeland Security Symposium and Exposition. Held in Arlington, VA on 29-31 March 2006

DTIC Science & Technology

2006-03-31

Consequences , Vulnerabilities, and Threats) Prioritize Implement Protective Programs Measure Effectiveness 9March 2006 Major NIPP Theme: Sector Partnership... effect of exposure • Full understanding of the levels of exposure that mark the onset of miosis • Refined human operational exposure standard for GB...Untitled Document 2006 Homeland Security Symposium and Exposition.html[7/7/2016 11:38:26 AM] 2006 Homeland Security Symposium and Exposition

Cybersecurity and medical devices: A practical guide for cardiac electrophysiologists

PubMed Central

Kramer, Daniel B.; Foo Kune, Denis; Auto de Medeiros, Julio; Yan, Chen; Xu, Wenyuan; Crawford, Thomas; Fu, Kevin

2017-01-01

Abstract Medical devices increasingly depend on software. While this expands the ability of devices to perform key therapeutic and diagnostic functions, reliance on software inevitably causes exposure to hazards of security vulnerabilities. This article uses a recent high‐profile case example to outline a proactive approach to security awareness that incorporates a scientific, risk‐based analysis of security concerns that supports ongoing discussions with patients about their medical devices. PMID:28512774

Illegal Immigration in the United States: Implications for Rule of Law and National Security

DTIC Science & Technology

2012-02-15

AIR WAR COLLEGE AIR UNIVERSITY ILLEGAL IMMIGRATION IN THE UNITED STATES: IMPLICATIONS FOR RULE OF LAW AND NATIONAL SECURITY By Paul A...government’s failure to strictly enforce immigration laws presents national security vulnerabilities and is subversive to the rule of law . Without...the rule of law , serious social tensions will occur that impel states and localities to fill the void left by the lack of immigration enforcement. In

LATIN AMERICAN AND CARIBBEAN WORKSHOP ON THE SUSTAINABILITY OF RADIOACTIVE SOURCE PHYSICAL PROTECTION UPGRADES HOSTED IN GUATEMALA

DOE Office of Scientific and Technical Information (OSTI.GOV)

Greenberg, Raymond; Watson, Erica E.; Morris, Frederic A.

2009-10-07

The Global Threat Reduction Initiative (GTRI) reduces and protects vulnerable nuclear and radiological material located at civilian sites worldwide. The GTRI program has worked successfully to remove and protect nuclear and radioactive materials, including orphaned and disused high-activity sources, and is now working to ensure sustainability. Internationally, over 40 countries are cooperating with GTRI to enhance the security of radiological materials. GTRI is now seeking to develop and enhance sustainability by coordinating its resources with those of the partner country, other donor countries, and international organizations such as the International Atomic Energy Agency (IAEA).

IT Security Support for the Spaceport Command Control Systems Development Ground Support Development Operations

NASA Technical Reports Server (NTRS)

Branch, Drew A.

2014-01-01

Security is one of the most if not the most important areas today. After the several attacks on the United States, security everywhere has heightened from airports to the communication among the military branches legionnaires. With advanced persistent threats (APT's) on the rise following Stuxnet, government branches and agencies are required, more than ever, to follow several standards, policies and procedures to reduce the likelihood of a breach. Attack vectors today are very advanced and are going to continue to get more and more advanced as security controls advance. This creates a need for networks and systems to be in an updated and secured state in a launch control system environment. FISMA is a law that is mandated by the government to follow when government agencies secure networks and devices. My role on this project is to ensure network devices and systems are in compliance with NIST, as outlined in FISMA. I will achieve this by providing assistance with security plan documentation and collection, system hardware and software inventory, malicious code and malware scanning, and configuration of network devices i.e. routers and IDS's/IPS's. In addition, I will be completing security assessments on software and hardware, vulnerability assessments and reporting, and conducting patch management and risk assessments. A guideline that will help with compliance with NIST is the SANS Top 20 Critical Controls. SANS Top 20 Critical Controls as well as numerous security tools, security software and the conduction of research will be used to successfully complete the tasks given to me. This will ensure compliance with FISMA and NIST, secure systems and a secured network. By the end of this project, I hope to have carried out the tasks stated above as well as gain an immense knowledge about compliance, security tools, networks and network devices, as well as policies and procedures.

IT Security Support for the Spaceport Command Control Systems Development Ground Support Development Operations

NASA Technical Reports Server (NTRS)

Branch, Drew

2013-01-01

Security is one of the most if not the most important areas today. After the several attacks on the United States, security everywhere was heightened from Airports to the communication among the military branches legionnaires. With advanced persistent threats (APTs) on the rise following Stuxnet, government branches and agencies are required, more than ever, to follow several standards, policies and procedures to reduce the likelihood of a breach. Attack vectors today are very advanced and are going to continue to get more and more advanced as security controls advance. This creates a need for networks and systems to be in an updated and secured state in a launch control system environment. FISMA is a law that is mandated by the government to follow when government agencies secure networks and devices. My role on this project is to ensure network devices and systems are in compliance with NIST, as outlined in FISMA. I will achieve this by providing assistance with security plan documentation and collection, system hardware and software inventory, malicious code and malware scanning and configuration of network devices i.e. routers and IDSsIPSs. In addition I will be completing security assessments on software and hardware, vulnerability assessments and reporting, conducting patch management and risk assessments. A guideline that will help with compliance with NIST is the SANS Top 20 Critical Controls. SANS Top 20 Critical Controls as well as numerous security tools, security software and the conduction of research will be used to successfully complete the tasks given to me. This will ensure compliance with FISMA and NIST, secure systems and a secured network. By the end of this project, I hope to have carried out stated above as well as gain an immense knowledge about compliance, security tools, networks and network devices, policies and procedures.

Managing vulnerabilities and achieving compliance for Oracle databases in a modern ERP environment

NASA Astrophysics Data System (ADS)

Hölzner, Stefan; Kästle, Jan

In this paper we summarize good practices on how to achieve compliance for an Oracle database in combination with an ERP system. We use an integrated approach to cover both the management of vulnerabilities (preventive measures) and the use of logging and auditing features (detective controls). This concise overview focusses on the combination Oracle and SAP and it’s dependencies, but also outlines security issues that arise with other ERP systems. Using practical examples, we demonstrate common vulnerabilities and coutermeasures as well as guidelines for the use of auditing features.

Cyber Security: Assessing Our Vulnerabilities and Developing an Effective Defense

NASA Astrophysics Data System (ADS)

Spafford, Eugene H.

The number and sophistication of cyberattacks continues to increase, but no national policy is in place to confront them. Critical systems need to be built on secure foundations, rather than the cheapest general-purpose platform. A program that combines education in cyber security, increasing resources for law enforcement, development of reliable systems for critical applications, and expanding research support in multiple areas of security and reliability is essential to combat risks that are far beyond the nuisances of spam email and viruses, and involve widespread espionage, theft, and attacks on essential services.

Secure Transportation of HEU in Romania

DOE Office of Scientific and Technical Information (OSTI.GOV)

None

2009-07-06

The National Nuclear Security Administration has announced the final shipments of Russian-origin highly enriched uranium (HEU) nuclear fuel from Romania. The material was removed and returned to Russia by air for storage at two secure nuclear facilities, making Romania the first country to remove all HEU since President Obama outlined his commitment to securing all vulnerable nuclear material around the world within four years. This was also the first time NNSA has shipped spent HEU by airplane, a development that will help accelerate efforts to meet the Presidents objective.

Design and Implementation of a Secure Modbus Protocol

NASA Astrophysics Data System (ADS)

Fovino, Igor Nai; Carcano, Andrea; Masera, Marcelo; Trombetta, Alberto

The interconnectivity of modern and legacy supervisory control and data acquisition (SCADA) systems with corporate networks and the Internet has significantly increased the threats to critical infrastructure assets. Meanwhile, traditional IT security solutions such as firewalls, intrusion detection systems and antivirus software are relatively ineffective against attacks that specifically target vulnerabilities in SCADA protocols. This paper describes a secure version of the Modbus SCADA protocol that incorporates integrity, authentication, non-repudiation and anti-replay mechanisms. Experimental results using a power plant testbed indicate that the augmented protocol provides good security functionality without significant overhead.

Chemical plants remain vulnerable to terrorists: a call to action.

PubMed

Lippin, Tobi Mae; McQuiston, Thomas H; Bradley-Bull, Kristin; Burns-Johnson, Toshiba; Cook, Linda; Gill, Michael L; Howard, Donna; Seymour, Thomas A; Stephens, Doug; Williams, Brian K

2006-09-01

U.S. chemical plants currently have potentially catastrophic vulnerabilities as terrorist targets. The possible consequences of these vulnerabilities echo from the tragedies of the Bhopal incident in 1984 to the terrorist attacks on 11 September 2001 and, most recently, Hurricanes Katrina and Rita. Findings from a 2004 nationwide participatory research study of 125 local union leaders at sites with very large volumes of highly hazardous chemicals suggest that voluntary efforts to achieve chemical plant security are not succeeding. Study respondents reported that companies had only infrequently taken actions that are most effective in preventing or in preparing to respond to a terrorist threat. In addition, companies reportedly often failed to involve key stakeholders, including workers, local unions, and the surrounding communities, in these efforts. The environmental health community thus has an opportunity to play a key role in advocating for and supporting improvements in prevention of and preparation for terrorist attacks. Policy-level recommendations to redress chemical site vulnerabilities and the related ongoing threats to the nation's security are as follows: a) specify detailed requirements for chemical site assessment and security ; b) mandate audit inspections supported by significant penalties for cases of noncompliance ; c) require progress toward achieving inherently safer processes, including the minimizing of storage of highly hazardous chemicals ; d) examine and require additional effective actions in prevention, emergency preparedness, and response and remediation ; e) mandate and fund the upgrading of emergency communication systems ; and f) involve workers and community members in plan creation and equip and prepare them to prevent and respond effectively to an incident.

Chemical Plants Remain Vulnerable to Terrorists: A Call to Action

PubMed Central

Lippin, Tobi Mae; McQuiston, Thomas H.; Bradley-Bull, Kristin; Burns-Johnson, Toshiba; Cook, Linda; Gill, Michael L.; Howard, Donna; Seymour, Thomas A.; Stephens, Doug; Williams, Brian K.

2006-01-01

U.S. chemical plants currently have potentially catastrophic vulnerabilities as terrorist targets. The possible consequences of these vulnerabilities echo from the tragedies of the Bhopal incident in 1984 to the terrorist attacks on 11 September 2001 and, most recently, Hurricanes Katrina and Rita. Findings from a 2004 nationwide participatory research study of 125 local union leaders at sites with very large volumes of highly hazardous chemicals suggest that voluntary efforts to achieve chemical plant security are not succeeding. Study respondents reported that companies had only infrequently taken actions that are most effective in preventing or in preparing to respond to a terrorist threat. In addition, companies reportedly often failed to involve key stakeholders, including workers, local unions, and the surrounding communities, in these efforts. The environmental health community thus has an opportunity to play a key role in advocating for and supporting improvements in prevention of and preparation for terrorist attacks. Policy-level recommendations to redress chemical site vulnerabilities and the related ongoing threats to the nation’s security are as follows: a) specify detailed requirements for chemical site assessment and security; b) mandate audit inspections supported by significant penalties for cases of noncompliance; c) require progress toward achieving inherently safer processes, including the minimizing of storage of highly hazardous chemicals; d) examine and require additional effective actions in prevention, emergency preparedness, and response and remediation; e) mandate and fund the upgrading of emergency communication systems; and f) involve workers and community members in plan creation and equip and prepare them to prevent and respond effectively to an incident. PMID:16966080

An integrated water-energy-food-livelihoods approach for assessing environmental livelihood security

NASA Astrophysics Data System (ADS)

Biggs, E. M.; Duncan, J.; Boruff, B.; Bruce, E.; Neef, A.; McNeill, K.; van Ogtrop, F. F.; Haworth, B.; Duce, S.; Horsley, J.; Pauli, N.; Curnow, J.; Imanari, Y.

2015-12-01

Environmental livelihood security refers to the challenges of maintaining global food security and universal access to freshwater and energy to sustain livelihoods and promote inclusive economic growth, whilst sustaining key environmental systems' functionality, particularly under variable climatic regimes. Environmental security is a concept complementary to sustainable development, and considers the increased vulnerability people have to certain environmental stresses, such as climatic change. Bridging links between the core component concepts of environmental security is integral to future human security, and in an attempt to create this bridge, the nexus approach to human protection has been created, where water resource availability underpins food, water and energy security. The water-energy-food nexus has an influential role in attaining human security, yet little research has made the link between the nexus and livelihoods. In this research we provide a critical appraisal of the synergies between water-energy-food nexus framings and sustainable livelihoods approaches, both of which aim to promote sustainable development. In regions where livelihoods are dependent on environmental conditions, the concept of sustainable development is critical for ensuring future environmental and human security. Given our appraisal we go on to develop an integrated framework for assessing environmental livelihood security of multiscale and multi-level systems. This framework provides a tangible approach for assessing changes in the water-energy-food-livelihood indicators of a system. Examples of where system applications may occur are discussed for the Southeast Asia and Oceania region. Our approach will be particularly useful for policy-makers to inform evidence-based decision-making, especially in localities where climate change increases the vulnerability of impoverished communities and extenuates environmental livelihood insecurity.

Auditing Albaha University Network Security using in-house Developed Penetration Tool

NASA Astrophysics Data System (ADS)

Alzahrani, M. E.

2018-03-01

Network security becomes very important aspect in any enterprise/organization computer network. If important information of the organization can be accessed by anyone it may be used against the organization for further own interest. Thus, network security comes into it roles. One of important aspect of security management is security audit. Security performance of Albaha university network is relatively low (in term of the total controls outlined in the ISO 27002 security control framework). This paper proposes network security audit tool to address issues in Albaha University network. The proposed penetration tool uses Nessus and Metasploit tool to find out the vulnerability of a site. A regular self-audit using inhouse developed tool will increase the overall security and performance of Albaha university network. Important results of the penetration test are discussed.

Vulnerability and Productivity Impacts of Farm-Level Interventions in the Brazilian Sertão

NASA Astrophysics Data System (ADS)

Burney, J. A.

2014-12-01

The Brazilian Sertão exemplifies the complex dynamics between climate, land use, agricultural production, and food security presently playing out across the world's semi-arid tropics. Regional climate change in the past half-century is some of the most dramatic in the world -- +2 degrees average warming in many districts and -300mm rainfall. Crop yields have improved weakly or remained stagnant, in stark contrast with the rest of Brazil. As a result many smallholder farmers have increasingly turned to milk production, but they remain dependent on rainfall for forage growth. During droughts they thus face a choice between overgrazing and letting their cattle die. As a result, deforestation of the native Caatinga biome has been rampant, with estimates of 85% loss. We present the results of controlled tests, conducted with over one hundred farmers, of several on-farm interventions meant to boost on-farm productivity, reduce vulnerability to rainfall shocks, and lessen the incentives for deforestation. These interventions -- water cisterns, smallholder irrigation systems, balancing of animal feed ratios, and cultivation and use of palma forrageira as cattle feed -- are described and presented with results of their impact on productivity and vulnerability/resilience metrics. Estimates of larger-scale social benefits and future land-use change impacts are also discussed.

Extreme rainfall, vulnerability and risk: a continental-scale assessment for South America

USGS Publications Warehouse

Vorosmarty, Charles J.; de Guenni, Lelys Bravo; Wollheim, Wilfred M.; Pellerin, Brian A.; Bjerklie, David M.; Cardoso, Manoel; D'Almeida, Cassiano; Colon, Lilybeth

2013-01-01

Extreme weather continues to preoccupy society as a formidable public safety concern bearing huge economic costs. While attention has focused on global climate change and how it could intensify key elements of the water cycle such as precipitation and river discharge, it is the conjunction of geophysical and socioeconomic forces that shapes human sensitivity and risks to weather extremes. We demonstrate here the use of high-resolution geophysical and population datasets together with documentary reports of rainfall-induced damage across South America over a multi-decadal, retrospective time domain (1960–2000). We define and map extreme precipitation hazard, exposure, affectedpopulations, vulnerability and risk, and use these variables to analyse the impact of floods as a water security issue. Geospatial experiments uncover major sources of risk from natural climate variability and population growth, with change in climate extremes bearing a minor role. While rural populations display greatest relative sensitivity to extreme rainfall, urban settings show the highest rates of increasing risk. In the coming decades, rapid urbanization will make South American cities the focal point of future climate threats but also an opportunity for reducing vulnerability, protecting lives and sustaining economic development through both traditional and ecosystem-based disaster risk management systems.

Global learning for local solutions: Reducing vulnerability of marine-dependent coastal communities

NASA Astrophysics Data System (ADS)

Salim, S. S.; Paytan, A.

2016-12-01

The project `Global learning for local solutions: Reducing vulnerability of marine-dependent coastal communities' (GULLS) falls within the Belmont Forum and G8 Research Councils Initiative on Multilateral Research Funding. Participants include teams from nine countries: Australia, Brazil, India, Madagascar, Mozambique, New Zealand, South Africa, the United Kingdom and the United States of America. The project focuses on five regional `hotspots' of climate and social change, defined as fast-warming marine areas and areas experiencing social tensions as a result of change: south-east Australia, Brazil, India, South Africa, and the Mozambique Channel and adjacent countries of Mozambique and Madagascar. These areas require most urgent attention and serve as valuable case studies for wider applications. The project aims to assist coastal communities and other stakeholders dependent on marine resources to adapt to climate change and variability through an integrated and trans-disciplinary approach. Combining best available global knowledge with local knowledge and conditions, it is exploring adaptation options and approaches to strengthen resilience at local and community levels, with a focus on options for reconciling the needs for food security with long-term sustainability and conservation. The project will also contribute to capacity development and empowering fishing communities and other fisheries-dependent stakeholders.A standardized vulnerability assessment framework is being developed that will be used to integrate results from natural, social and economic studies in order to identify needs and options for strengthening management and existing policies. Structured comparisons between the hot-spots will assist global efforts for adaptation and strengthening resilience in marine and coastal social-ecological systems.

Grid Transmission Expansion Planning Model Based on Grid Vulnerability

NASA Astrophysics Data System (ADS)

Tang, Quan; Wang, Xi; Li, Ting; Zhang, Quanming; Zhang, Hongli; Li, Huaqiang

2018-03-01

Based on grid vulnerability and uniformity theory, proposed global network structure and state vulnerability factor model used to measure different grid models. established a multi-objective power grid planning model which considering the global power network vulnerability, economy and grid security constraint. Using improved chaos crossover and mutation genetic algorithm to optimize the optimal plan. For the problem of multi-objective optimization, dimension is not uniform, the weight is not easy given. Using principal component analysis (PCA) method to comprehensive assessment of the population every generation, make the results more objective and credible assessment. the feasibility and effectiveness of the proposed model are validated by simulation results of Garver-6 bus system and Garver-18 bus.

What's wrong with hazard-ranking systems? An expository note.

PubMed

Cox, Louis Anthony Tony

2009-07-01

Two commonly recommended principles for allocating risk management resources to remediate uncertain hazards are: (1) select a subset to maximize risk-reduction benefits (e.g., maximize the von Neumann-Morgenstern expected utility of the selected risk-reducing activities), and (2) assign priorities to risk-reducing opportunities and then select activities from the top of the priority list down until no more can be afforded. When different activities create uncertain but correlated risk reductions, as is often the case in practice, then these principles are inconsistent: priority scoring and ranking fails to maximize risk-reduction benefits. Real-world risk priority scoring systems used in homeland security and terrorism risk assessment, environmental risk management, information system vulnerability rating, business risk matrices, and many other important applications do not exploit correlations among risk-reducing opportunities or optimally diversify risk-reducing investments. As a result, they generally make suboptimal risk management recommendations. Applying portfolio optimization methods instead of risk prioritization ranking, rating, or scoring methods can achieve greater risk-reduction value for resources spent.

The myth of secure computing.

PubMed

Austin, Robert D; Darby, Christopher A

2003-06-01

Few senior executives pay a whole lot of attention to computer security. They either hand off responsibility to their technical people or bring in consultants. But given the stakes involved, an arm's-length approach is extremely unwise. According to industry estimates, security breaches affect 90% of all businesses every year and cost some $17 billion. Fortunately, the authors say, senior executives don't need to learn about the more arcane aspects of their company's IT systems in order to take a hands-on approach. Instead, they should focus on the familiar task of managing risk. Their role should be to assess the business value of their information assets, determine the likelihood that those assets will be compromised, and then tailor a set of risk abatement processes to their company's particular vulnerabilities. This approach, which views computer security as an operational rather than a technical challenge, is akin to a classic quality assurance program in that it attempts to avoid problems rather than fix them and involves all employees, not just IT staffers. The goal is not to make computer systems completely secure--that's impossible--but to reduce the business risk to an acceptable level. This article looks at the types of threats a company is apt to face. It also examines the processes a general manager should spearhead to lessen the likelihood of a successful attack. The authors recommend eight processes in all, ranging from deciding how much protection each digital asset deserves to insisting on secure software to rehearsing a response to a security breach. The important thing to realize, they emphasize, is that decisions about digital security are not much different from other cost-benefit decisions. The tools general managers bring to bear on other areas of the business are good models for what they need to do in this technical space.

The new world of retirement income security in America.

PubMed

Quinn, Joseph F; Cahill, Kevin E

2016-01-01

We have entered a new world of retirement income security in America, with older individuals more exposed to market risk and more vulnerable to financial insecurity than prior generations. This reflects an evolution that has altered the historical vision of a financially secure retirement supported by Social Security, a defined-benefit pension plan, and individual savings. Today, 2 of these 3 retirement income sources-pensions and savings-are absent or of modest importance for many older Americans. Retirement income security now often requires earnings from continued work later in life, which exacerbates the economic vulnerability of certain segments of the population, including persons with disabilities, the oldest-old, single women, and individuals with intermittent work histories. Because of the unprecedented aging of our society, further changes to the retirement income landscape are inevitable, but policymakers do have options to help protect the financial stability of older Americans. We can begin by promoting savings at all (especially younger) ages and by removing barriers that discourage work later in life. For individuals already on the cusp of retirement, more needs to be done to educate the public about the value of delaying the receipt of Social Security benefits. Inaction now could mean a return to the days when old age and poverty were closely linked. The negative repercussions of this would extend well beyond traditional economic measures, as physical and mental health outcomes are closely tied to financial security. (PsycINFO Database Record (c) 2016 APA, all rights reserved).

Finding Malicious Cyber Discussions in Social Media

DTIC Science & Technology

2016-02-02

the author and are not necessarily endorsed by the United States Government. media discussions). This process is labor intensive and some- times...Twitter tweets [Twit- ter, 2016] provides some useful evidence that a vulnerability listed in the National Vulnerability Database (NVD) [NIST, 2017] base ...sifiers, we used a keyword- based approach that had been developed by security analysts to detect cyber discussions. This approach searches for 200

Vulnerability Assessment Using a Fuzzy Logic Based Method

DTIC Science & Technology

1993-12-01

evaluating computer security vulnerabilities is very labor intensive. To help ease this workload, this thesis presents two automated methods possibly...eal 3n, 0 e) 0 n It -f0 . nts reg"roreg Iths OU raen estre -tte In Vt )thef awfict Of this ~.,i~t 14,-, A I’ K1- 2 3" toe 17 %1d3.rV. ~ 0 C .~ Ats ,glt

Securing Information in the Healthcare Industry: Network Security, Incident Management, and Insider Threat

DTIC Science & Technology

2010-09-23

Chris, ―An Analysis of Breaches Affecting 500 or More Individuals in Healthcare‖, HITRUST, August 2010. 2. ―2009 Annual Study: Cost of a Data Breach ,‖ Ponemon...penalties for willful neglect • Loss of human life? — While many concerns focus on a data breach , some vulnerabilities can be more severe

Research on information security system of waste terminal disposal process

NASA Astrophysics Data System (ADS)

Zhou, Chao; Wang, Ziying; Guo, Jing; Guo, Yajuan; Huang, Wei

2017-05-01

Informatization has penetrated the whole process of production and operation of electric power enterprises. It not only improves the level of lean management and quality service, but also faces severe security risks. The internal network terminal is the outermost layer and the most vulnerable node of the inner network boundary. It has the characteristics of wide distribution, long depth and large quantity. The user and operation and maintenance personnel technical level and security awareness is uneven, which led to the internal network terminal is the weakest link in information security. Through the implementation of security of management, technology and physics, we should establish an internal network terminal security protection system, so as to fully protect the internal network terminal information security.

Identifying Electricity Capacity at Risk to Changes in Climate and Water Resources in the United States

NASA Astrophysics Data System (ADS)

Miara, A.; Macknick, J.; Vorosmarty, C. J.; Corsi, F.; Fekete, B. M.; Newmark, R. L.; Tidwell, V. C.; Cohen, S. M.

2016-12-01

Thermoelectric plants supply 85% of electricity generation in the United States. Under a warming climate, the performance of these power plants may be reduced, as thermoelectric generation is dependent upon cool ambient temperatures and sufficient water supplies at adequate temperatures. In this study, we assess the vulnerability and reliability of 1,100 operational power plants (2015) across the contiguous United States under a comprehensive set of climate scenarios (five Global Circulation Models each with four Representative Concentration Pathways). We model individual power plant capacities using the Thermoelectric Power and Thermal Pollution model (TP2M) coupled with the Water Balance Model (WBM) at a daily temporal resolution and 5x5 km spatial resolution. Together, these models calculate power plant capacity losses that account for geophysical constraints and river network dynamics. Potential losses at the single-plant level are put into a regional energy security context by assessing the collective system-level reliability at the North-American Electricity Reliability Corporation (NERC) regions. Results show that the thermoelectric sector at the national level has low vulnerability under the contemporary climate and that system-level reliability in terms of available thermoelectric resources relative to thermoelectric demand is sufficient. Under future climates scenarios, changes in water availability and warm ambient temperatures lead to constraints on operational capacity and increased vulnerability at individual power plant sites across all regions in the United States. However, there is a strong disparity in regional vulnerability trends and magnitudes that arise from each region's climate, hydrology and technology mix. Despite increases in vulnerabilities at the individual power plant level, regional energy systems may still be reliable (with no system failures) due to sufficient back-up reserve capacities.

A cost-effectiveness analysis of water security and water quality: impacts of climate and land-use change on the River Thames system.

PubMed

Whitehead, P G; Crossman, J; Balana, B B; Futter, M N; Comber, S; Jin, L; Skuras, D; Wade, A J; Bowes, M J; Read, D S

2013-11-13

The catchment of the River Thames, the principal river system in southern England, provides the main water supply for London but is highly vulnerable to changes in climate, land use and population. The river is eutrophic with significant algal blooms with phosphorus assumed to be the primary chemical indicator of ecosystem health. In the Thames Basin, phosphorus is available from point sources such as wastewater treatment plants and from diffuse sources such as agriculture. In order to predict vulnerability to future change, the integrated catchments model for phosphorus (INCA-P) has been applied to the river basin and used to assess the cost-effectiveness of a range of mitigation and adaptation strategies. It is shown that scenarios of future climate and land-use change will exacerbate the water quality problems, but a range of mitigation measures can improve the situation. A cost-effectiveness study has been undertaken to compare the economic benefits of each mitigation measure and to assess the phosphorus reductions achieved. The most effective strategy is to reduce fertilizer use by 20% together with the treatment of effluent to a high standard. Such measures will reduce the instream phosphorus concentrations to close to the EU Water Framework Directive target for the Thames.

Impact of the Social Café Meals program: a qualitative investigation.

PubMed

Allen, Louise; O'Connor, Jacklin; Amezdroz, Emily; Bucello, Pieta; Mitchell, Hannah; Thomas, Arabella; Kleve, Sue; Bernardi, Anthony; Wallis, Liza; Palermo, Claire

2014-01-01

Social Café Meals Programs aim to reduce food insecurity and social exclusion by providing participants access to subsidised meals in mainstream local cafés. This study aimed to explore the program's ability to address social exclusion and food insecurity and the impact of the program on the community. A qualitative evaluation approach was utilised whereby in-depth interviews were conducted with café owners, café staff and current program members of two Social Café Meals Programs operating in the south-eastern suburbs of Melbourne. Twelve program members and six café staff completed an in-depth interview at the local cafés. Data were analysed using a thematic analysis approach focusing on the lived experience of the café owners, staff and program members. Four key themes were identified. The program (i) improved food access for vulnerable groups and (ii) created community cohesiveness. (iii) The café environment was important in facilitating program use by community members. (iv) Café owners felt rewarded for their community contribution via the program. Social Café Meals Programs may provide a solution to improving food security and reducing social exclusion and may be considered as a strategy for improving nutrition and social health for at-risk and vulnerable groups.

Prevention of Information Leakage by Photo-Coupling in Smart Card

NASA Astrophysics Data System (ADS)

Shen, Sung-Shiou; Chiu, Jung-Hui

Advances in smart card technology encourages smart card use in more sensitive applications, such as storing important information and securing application. Smart cards are however vulnerable to side channel attacks. Power consumption and electromagnetic radiation of the smart card can leak information about the secret data protected by the smart card. Our paper describes two possible hardware countermeasures that protect against side channel information leakage. We show that power analysis can be prevented by adopting photo-coupling techniques. This method involves the use of LED with photovoltaic cells and photo-couplers on the power, reset, I/O and clock lines of the smart card. This method reduces the risk of internal data bus leakage on the external data lines. Moreover, we also discuss the effectiveness of reducing electromagnetic radiation by using embedded metal plates.

Megacity precipitationsheds reveal tele-connected water security challenges

PubMed Central

Wang-Erlandsson, Lan; Gordon, Line J.

2018-01-01

Urbanization is a global process that has taken billions of people from the rural countryside to concentrated urban centers, adding pressure to existing water resources. Many cities are specifically reliant on renewable freshwater regularly refilled by precipitation, rather than fossil groundwater or desalination. A precipitationshed can be considered the “watershed of the sky” and identifies the origin of precipitation falling in a given region. In this paper, we use this concept to determine the sources of precipitation that supply renewable water in the watersheds of the largest cities of the world. We quantify the sources of precipitation for 29 megacities and analyze their differences between dry and wet years. Our results reveal that 19 of 29 megacities depend for more than a third of their water supply on evaporation from land. We also show that for many of the megacities, the terrestrial dependence is higher in dry years. This high dependence on terrestrial evaporation for their precipitation exposes these cities to potential land-use change that could reduce the evaporation that generates precipitation. Combining indicators of water stress, moisture recycling exposure, economic capacity, vegetation-regulated evaporation, land-use change, and dry-season moisture recycling sensitivity reveals four highly vulnerable megacities (Karachi, Shanghai, Wuhan, and Chongqing). A further six megacities were found to have medium vulnerability with regard to their water supply. We conclude that understanding how upwind landscapes affect downwind municipal water resources could be a key component for understanding the complexity of urban water security. PMID:29534109

Consistent Condom Use by Female Sex Workers in Kolkata, India: Testing Theories of Economic Insecurity, Behavior Change, Life Course Vulnerability and Empowerment.

PubMed

Fehrenbacher, Anne E; Chowdhury, Debasish; Ghose, Toorjo; Swendeman, Dallas

2016-10-01

Consistent condom use (CCU) is the primary HIV/STI prevention option available to sex workers globally but may be undermined by economic insecurity, life-course vulnerabilities, behavioral factors, disempowerment, or lack of effective interventions. This study examines predictors of CCU in a random household survey of brothel-based female sex workers (n = 200) in two neighborhoods served by Durbar (the Sonagachi Project) in Kolkata, India. Multivariate logistic regression analyses indicated that CCU was significantly associated with perceived HIV risk, community mobilization participation, working more days in sex work, and higher proportion of occasional clients to regular clients. Exploratory analyses stratifying by economic insecurity indicators (i.e., debt, savings, income, housing security) indicate that perceived HIV risk and community mobilization were only associated with CCU for economically secure FSW. Interventions with FSW must prioritize economic security and access to social protections as economic insecurity may undermine the efficacy of more direct condom use intervention strategies.

Augmenting Probabilistic Risk Assesment with Malevolent Initiators

DOE Office of Scientific and Technical Information (OSTI.GOV)

Curtis Smith; David Schwieder

2011-11-01

As commonly practiced, the use of probabilistic risk assessment (PRA) in nuclear power plants only considers accident initiators such as natural hazards, equipment failures, and human error. Malevolent initiators are ignored in PRA, but are considered the domain of physical security, which uses vulnerability assessment based on an officially specified threat (design basis threat). This paper explores the implications of augmenting and extending existing PRA models by considering new and modified scenarios resulting from malevolent initiators. Teaming the augmented PRA models with conventional vulnerability assessments can cost-effectively enhance security of a nuclear power plant. This methodology is useful for operatingmore » plants, as well as in the design of new plants. For the methodology, we have proposed an approach that builds on and extends the practice of PRA for nuclear power plants for security-related issues. Rather than only considering 'random' failures, we demonstrated a framework that is able to represent and model malevolent initiating events and associated plant impacts.« less

A security vulnerabilities assessment tool for interim storage facilities of low-level radioactive wastes.

PubMed

Bible, J; Emery, R J; Williams, T; Wang, S

2006-11-01

Limited permanent low-level radioactive waste (LLRW) disposal capacity and correspondingly high disposal costs have resulted in the creation of numerous interim storage facilities for either decay-in-storage operations or longer term accumulation efforts. These facilities, which may be near the site of waste generation or in distal locations, often were not originally designed for the purpose of LLRW storage, particularly with regard to security. Facility security has become particularly important in light of the domestic terrorist acts of 2001, wherein LLRW, along with many other sources of radioactivity, became recognized commodities to those wishing to create disruption through the purposeful dissemination of radioactive materials. Since some LLRW materials may be in facilities that may exhibit varying degrees of security control sophistication, a security vulnerabilities assessment tool grounded in accepted criminal justice theory and security practice has been developed. The tool, which includes dedicated sections on general security, target hardening, criminalization benefits, and the presence of guardians, can be used by those not formally schooled in the security profession to assess the level of protection afforded to their respective facilities. The tool equips radiation safety practitioners with the ability to methodically and systematically assess the presence or relative status of various facility security aspects, many of which may not be considered by individuals from outside the security profession. For example, radiation safety professionals might not ordinarily consider facility lighting aspects, which is a staple for the security profession since it is widely known that crime disproportionately occurs more frequently at night or in poorly lit circumstances. Likewise, the means and associated time dimensions for detecting inventory discrepancies may not be commonly considered. The tool provides a simple means for radiation safety professionals to assess, and perhaps enhance in a reasonable fashion, the security of their interim storage operations. Aspects of the assessment tool can also be applied to other activities involving the protection of sources of radiation as well.

The hobbyist phenomenon in physical security.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Michaud, E. C.

Pro-Ams (professional amateurs) are groups of people who work on a problem as amateurs or unpaid persons in a given field at professional levels of competence. Astronomy is a good example of Pro-Am activity. At Galaxy Zoo, Pro-Ams evaluate data generated by professional observatories and are able to evaluate the millions of galaxies that have been observed but not classified, and report their findings at professional levels for fun. To allow the archiving of millions of galaxies that have been observed but not classified, the website has been engineered so that the public can view and classify galaxies even ifmore » they are not professional astronomers. In this endeavor, it has been found that amateurs can easily outperform automated vision systems. Today in the world of physical security, Pro-Ams are playing an ever-increasing role. Traditionally, locksmiths, corporations, and government organizations have been largely responsible for developing standards, uncovering vulnerabilities, and devising best security practices. Increasingly, however, nonprofit sporting organizations and clubs are doing this. They can be found all over the world, from Europe to the US and now South East Asia. Examples include TOOOL (The Open Organization of Lockpickers), the Longhorn Lockpicking Club, Sportsfreunde der Sperrtechnik - Deustcheland e.V., though there are many others. Members of these groups have been getting together weekly to discuss many elements of security, with some groups specializing in specific areas of security. When members are asked why they participate in these hobbyist groups, they usually reply (with gusto) that they do it for fun, and that they view defeating locks and other security devices as an interesting and entertaining puzzle. A lot of what happens at these clubs would not be possible if it weren't for 'Super Abundance', the ability to easily acquire (at little or no cost) the products, security tools, technologies, and intellectual resources traditionally limited to corporations, government organizations, or wealthy individuals. With this new access comes new discoveries. For example, hobbyist sport lockpicking groups discovered - and publicized - a number of new vulnerabilities between 2004 and 2009 that resulted in the majority of high-security lock manufacturers having to make changes and improvements to their products. A decade ago, amateur physical security discoveries were rare, at least those discussed publicly. In the interim, Internet sites such as lockpicking.org, lockpicking101.com and others have provided an online meeting place for people to trade tips, find friends with similar interests, and develop tools. The open, public discussion of software vulnerabilities, in contrast, has been going on for a long time. These two industries, physical security and software, have very different upgrade mechanisms. With software, a patch can typically be deployed quickly to fix a serious vulnerability, whereas a hardware fix for a physical security device or system can take upwards of months to implement in the field, especially if (as is often the case) hardware integrators are involved. Even when responding to publicly announced security vulnerabilities, manufacturers of physical security devices such as locks, intrusion detectors, or access control devices rarely view hobbyists as a positive resource. This is most unfortunate. In the field of software, it is common to speak of Open Source versus Closed Source. An Open Source software company may choose to distribute their software with a particular license, and give it away openly, with full details and all the lines of source code made available. Linux is a very popular example of this. A Close Source company, in contrast, chooses not to reveal its source code and will license its software products in a restrictive manor. Slowly, the idea of Open Source is now coming to the world of physical security. In the case of locks, it provides an alternative to the traditional Closed Source world of locksmiths. Now locks are physical objects, and can therefore be disassembled. As such, they have always been Open Source in a limited sense. Secrecy, in fact, is very difficult to maintain for a lock that is widely distributed. Having direct access to the lock design provides the hobbyist with a very open environment for finding security flaws, even if the lock manufacturer attempts to follow a Close Source model. It is clear that the field of physical security is going the digital route with companies such as Medeco, Mul-T-Lock, and Abloy manufacturing electromechanical locks. Various companies have already begun to add microcontrollers, cryptographic chip sets, solid-state sensors, and a number of other high-tech improvements to their product lineup in an effort to thwart people from defeating their security products.« less

Risk assessment by dynamic representation of vulnerability, exploitation, and impact

NASA Astrophysics Data System (ADS)

Cam, Hasan

2015-05-01

Assessing and quantifying cyber risk accurately in real-time is essential to providing security and mission assurance in any system and network. This paper presents a modeling and dynamic analysis approach to assessing cyber risk of a network in real-time by representing dynamically its vulnerabilities, exploitations, and impact using integrated Bayesian network and Markov models. Given the set of vulnerabilities detected by a vulnerability scanner in a network, this paper addresses how its risk can be assessed by estimating in real-time the exploit likelihood and impact of vulnerability exploitation on the network, based on real-time observations and measurements over the network. The dynamic representation of the network in terms of its vulnerabilities, sensor measurements, and observations is constructed dynamically using the integrated Bayesian network and Markov models. The transition rates of outgoing and incoming links of states in hidden Markov models are used in determining exploit likelihood and impact of attacks, whereas emission rates help quantify the attack states of vulnerabilities. Simulation results show the quantification and evolving risk scores over time for individual and aggregated vulnerabilities of a network.

Fully integrated automated security surveillance system: managing a changing world through managed technology and product applications

NASA Astrophysics Data System (ADS)

Francisco, Glen; Brown, Todd

2012-06-01

Integrated security systems are essential to pre-empting criminal assaults. Nearly 500,000 sites have been identified (source: US DHS) as critical infrastructure sites that would suffer severe damage if a security breach should occur. One major breach in any of 123 U.S. facilities, identified as "most critical", threatens more than 1,000,000 people. The vulnerabilities of critical infrastructure are expected to continue and even heighten over the coming years.

A New Operating System for Security Tagged Architecture Hardware in Support of Multiple Independent Levels of Security (MILS) Compliant System

DTIC Science & Technology

2014-04-01

important data structures of RTEMS are introduced. Section 3.2.2 discusses the problems we found in RTEMS that may cause security vulnerabilities...the important data structures in RTEMS: Object, which is a critical data structure in the SCORE, tasks threads. Approved for Public Release...these important system codes. The example code shows a possibility that a user can delete a system thread. Therefore, in order to protect system

The study and implementation of the wireless network data security model

NASA Astrophysics Data System (ADS)

Lin, Haifeng

2013-03-01

In recent years, the rapid development of Internet technology and the advent of information age, people are increasing the strong demand for the information products and the market for information technology. Particularly, the network security requirements have become more sophisticated. This paper analyzes the wireless network in the data security vulnerabilities. And a list of wireless networks in the framework is the serious defects with the related problems. It has proposed the virtual private network technology and wireless network security defense structure; and it also given the wireless networks and related network intrusion detection model for the detection strategies.

Genie: An Inference Engine with Applications to Vulnerability Analysis.

DTIC Science & Technology

1986-06-01

Stanford Artifcial intelligence Laboratory, 1976. 15 D. A. Waterman and F. Hayes-Roth, eds. Pattern-Directed Inference Systems. Academic Press, Inc...Continue an reverse aide It nlecessary mid Identify by block rnmbor) ; f Expert Systems Artificial Intelligence % Vulnerability Analysis Knowledge...deduction it is used wherever possible in data -driven mode (forward chaining). Production rules - JIM 0 g79OOFMV55@S I INCLASSTpnF SECURITY CLASSIFICATION OF

Survey of Malware Threats and Recommendations to Improve Cybersecurity for Industrial Control Systems Version 1.0

DTIC Science & Technology

2015-02-01

not normally blocked by enterprise firewalls . • Some malware exploited zero-day vulnerabilities as well as attempted to exploit vulnerabilities for...servers, receiving updates, and exfiltrating data. Firewalls are routinely configured to block incoming connections while malware within a target...implemented with layers of technical security controls (e.g., ICS-aware firewalls ) to control network traffic and prevent the spread of malware . Intrusion

49 CFR 1503.3 - Reports by the public of security problems, deficiencies, and vulnerabilities.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 1503.3 Reports; 601 South 12th Street; Arlington, VA 20598-6002; (2) Internet at http://www.tsa.gov/contact, selecting “Security Issues”; or (3) Telephone (toll-free) at 1-866-289-9673. (b) Reports submitted by mail will receive a receipt through the mail, reports submitted by the Internet will receive an...

49 CFR 1503.3 - Reports by the public of security problems, deficiencies, and vulnerabilities.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 1503.3 Reports; 601 South 12th Street; Arlington, VA 20598-6002; (2) Internet at http://www.tsa.gov/contact, selecting “Security Issues”; or (3) Telephone (toll-free) at 1-866-289-9673. (b) Reports submitted by mail will receive a receipt through the mail, reports submitted by the Internet will receive an...

49 CFR 1503.3 - Reports by the public of security problems, deficiencies, and vulnerabilities.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 1503.3 Reports; 601 South 12th Street; Arlington, VA 20598-6002; (2) Internet at http://www.tsa.gov/contact, selecting “Security Issues”; or (3) Telephone (toll-free) at 1-866-289-9673. (b) Reports submitted by mail will receive a receipt through the mail, reports submitted by the Internet will receive an...

49 CFR 1503.3 - Reports by the public of security problems, deficiencies, and vulnerabilities.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 1503.3 Reports; 601 South 12th Street; Arlington, VA 20598-6002; (2) Internet at http://www.tsa.gov/contact, selecting “Security Issues”; or (3) Telephone (toll-free) at 1-866-289-9673. (b) Reports submitted by mail will receive a receipt through the mail, reports submitted by the Internet will receive an...

National Summit on Campus Public Safety. Strategies for Colleges and Universities in a Homeland Security Environment

ERIC Educational Resources Information Center

US Department of Justice, 2005

2005-01-01

The aftermath of September 11, 2001 prompted the reexamination of the nation's defenses and vulnerabilities in light of new realities. Every sector of society, particularly those who protect the well being of communities, required change. Safety and security operations on the nation's college and university campuses are no exception. The nation's…

The Security of Machine Learning

DTIC Science & Technology

2008-04-24

Machine learning has become a fundamental tool for computer security, since it can rapidly evolve to changing and complex situations. That...adaptability is also a vulnerability: attackers can exploit machine learning systems. We present a taxonomy identifying and analyzing attacks against machine ...We use our framework to survey and analyze the literature of attacks against machine learning systems. We also illustrate our taxonomy by showing

Workshop on Education in Computer Security (WECS6) (6th): Avoiding Fear, Uncertainty and Doubt Through Effective Security Education, Held in Monterey, California on 12-16 July 2004

DTIC Science & Technology

2004-07-01

Melissa ) is created in the controlled environment and propagated. The students learn how viruses are written, how they are propagated via mediums like...vulnerabilities and threats, establishing disaster response and recovery procedures. Joseph Giordano , Technical Advisor, Information Warfare Branch, AFRL 60 The

Qualitative Case Study Exploring Operational Barriers Impeding Small and Private, Nonprofit Higher Education Institutions from Implementing Information Security Controls

ERIC Educational Resources Information Center

Liesen, Joseph J.

2017-01-01

The higher education industry uses the very latest technologies to effectively prepare students for their careers, but these technologies often contain vulnerabilities that can be exploited via their connection to the Internet. The complex task of securing information and computing systems is made more difficult at institutions of higher education…

Collaboration using roles. [in computer network security

NASA Technical Reports Server (NTRS)

Bishop, Matt

1990-01-01

Segregation of roles into alternative accounts is a model which provides not only the ability to collaborate but also enables accurate accounting of resources consumed by collaborative projects, protects the resources and objects of such a project, and does not introduce new security vulnerabilities. The implementation presented here does not require users to remember additional passwords and provides a very simple consistent interface.

Are Vulnerability Disclosure Deadlines Justified?

DOE Office of Scientific and Technical Information (OSTI.GOV)

Miles McQueen; Jason L. Wright; Lawrence Wellman

2011-09-01

Vulnerability research organizations Rapid7, Google Security team, and Zero Day Initiative recently imposed grace periods for public disclosure of vulnerabilities. The grace periods ranged from 45 to 182 days, after which disclosure might occur with or without an effective mitigation from the affected software vendor. At this time there is indirect evidence that the shorter grace periods of 45 and 60 days may not be practical. However, there is strong evidence that the recently announced Zero Day Initiative grace period of 182 days yields benefit in speeding up the patch creation process, and may be practical for many software products.more » Unfortunately, there is also evidence that the 182 day grace period results in more vulnerability announcements without an available patch.« less

Topological Vulnerability Evaluation Model Based on Fractal Dimension of Complex Networks.

PubMed

Gou, Li; Wei, Bo; Sadiq, Rehan; Sadiq, Yong; Deng, Yong

2016-01-01

With an increasing emphasis on network security, much more attentions have been attracted to the vulnerability of complex networks. In this paper, the fractal dimension, which can reflect space-filling capacity of networks, is redefined as the origin moment of the edge betweenness to obtain a more reasonable evaluation of vulnerability. The proposed model combining multiple evaluation indexes not only overcomes the shortage of average edge betweenness's failing to evaluate vulnerability of some special networks, but also characterizes the topological structure and highlights the space-filling capacity of networks. The applications to six US airline networks illustrate the practicality and effectiveness of our proposed method, and the comparisons with three other commonly used methods further validate the superiority of our proposed method.

An Improved and Secure Biometric Authentication Scheme for Telecare Medicine Information Systems Based on Elliptic Curve Cryptography.

PubMed

Chaudhry, Shehzad Ashraf; Mahmood, Khalid; Naqvi, Husnain; Khan, Muhammad Khurram

2015-11-01

Telecare medicine information system (TMIS) offers the patients convenient and expedite healthcare services remotely anywhere. Patient security and privacy has emerged as key issues during remote access because of underlying open architecture. An authentication scheme can verify patient's as well as TMIS server's legitimacy during remote healthcare services. To achieve security and privacy a number of authentication schemes have been proposed. Very recently Lu et al. (J. Med. Syst. 39(3):1-8, 2015) proposed a biometric based three factor authentication scheme for TMIS to confiscate the vulnerabilities of Arshad et al.'s (J. Med. Syst. 38(12):136, 2014) scheme. Further, they emphasized the robustness of their scheme against several attacks. However, in this paper we establish that Lu et al.'s scheme is vulnerable to numerous attacks including (1) Patient anonymity violation attack, (2) Patient impersonation attack, and (3) TMIS server impersonation attack. Furthermore, their scheme does not provide patient untraceability. We then, propose an improvement of Lu et al.'s scheme. We have analyzed the security of improved scheme using popular automated tool ProVerif. The proposed scheme while retaining the plusses of Lu et al.'s scheme is also robust against known attacks.

An Improvement of Robust and Efficient Biometrics Based Password Authentication Scheme for Telecare Medicine Information Systems Using Extended Chaotic Maps.

PubMed

Moon, Jongho; Choi, Younsung; Kim, Jiye; Won, Dongho

2016-03-01

Recently, numerous extended chaotic map-based password authentication schemes that employ smart card technology were proposed for Telecare Medical Information Systems (TMISs). In 2015, Lu et al. used Li et al.'s scheme as a basis to propose a password authentication scheme for TMISs that is based on biometrics and smart card technology and employs extended chaotic maps. Lu et al. demonstrated that Li et al.'s scheme comprises some weaknesses such as those regarding a violation of the session-key security, a vulnerability to the user impersonation attack, and a lack of local verification. In this paper, however, we show that Lu et al.'s scheme is still insecure with respect to issues such as a violation of the session-key security, and that it is vulnerable to both the outsider attack and the impersonation attack. To overcome these drawbacks, we retain the useful properties of Lu et al.'s scheme to propose a new password authentication scheme that is based on smart card technology and requires the use of chaotic maps. Then, we show that our proposed scheme is more secure and efficient and supports security properties.

Cyber Security Testing and Training Programs for Industrial Control Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Daniel Noyes

2012-03-01

Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall securitymore » posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These trainings vary from web-based cyber security trainings for control systems engineers to more advanced hands-on training that culminates with a Red Team/ Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors.« less

Experiences of structural vulnerability among exotic dancers in Baltimore, Maryland: co-occurring social and economic antecedents of HIV/STI risk

PubMed Central

Brantley, Meredith L.; Footer, Katherine; Lim, Sahnah; Kerrigan, Deanna; Sherman, Susan G.

2017-01-01

Women who grow up in an environment of economic scarcity often face limited opportunities for upward mobility, as a result of challenges securing stable housing, quality education, and high-paying, steady employment. Chronically unstable women often also have reduced capacity to protect themselves against HIV/STI related harm when engaging in sexual activity or illicit drug use. Characterizing and targeting the structural contexts that facilitate HIV/STI risk are critical to effective design and implementation of drug and sexual harm reduction interventions. This study explores the nature and progression of structural vulnerability experienced by female exotic dancers during their early lives through the initial months of exotic dancing. We also examine the roles of drug use and social relationships regarding experiences of structural vulnerability and engagement in sexual risk behavior. We conducted semi-structured in-depth interviews with exotic dancers working in Baltimore City and County exotic dance clubs during July 2014 and May 2015. Using thematic analysis, interviews revealed important individual, social, and economic effects of structural vulnerability. Many dancers depicted early experiences of residential transience, violence, and independence, and were raised in an environment of social and economic scarcity. The accumulation of chronic, overlapping social and economic disadvantage continued upon entry into dancing. Substance use emerged as an important issue for the majority of women, operating cyclically as both precursor to and product of accumulating social and economic hardship. Dancers also revealed social strategies that buffered the effects of structural vulnerability and minimized exposure to workplace-related drug and sexual risks. This study provides insight on an understudied group of at-risk women with a unique demographic profile. Findings illustrate how the effects of structural vulnerability, substance abuse, social strategies, and opportunities for economic gain through sexual services in the workplace converge to produce varying levels of HIV/STI risk among exotic dancers. PMID:29040840

Varying geospatial analyses to assess climate risk and adaptive capacity in a hotter, drier Southwestern United States

NASA Astrophysics Data System (ADS)

Elias, E.; Reyes, J. J.; Steele, C. M.; Rango, A.

2017-12-01

Assessing vulnerability of agricultural systems to climate variability and change is vital in securing food systems and sustaining rural livelihoods. Farmers, ranchers, and forest landowners rely on science-based, decision-relevant, and localized information to maintain production, ecological viability, and economic returns. This contribution synthesizes a collection of research on the future of agricultural production in the American Southwest (SW). Research was based on a variety of geospatial methodologies and datasets to assess the vulnerability of rangelands and livestock, field crops, specialty crops, and forests in the SW to climate-risk and change. This collection emerged from the development of regional vulnerability assessments for agricultural climate-risk by the U.S. Department of Agriculture (USDA) Climate Hub Network, established to deliver science-based information and technologies to enable climate-informed decision-making. Authors defined vulnerability differently based on their agricultural system of interest, although each primarily focuses on biophysical systems. We found that an inconsistent framework for vulnerability and climate risk was necessary to adequately capture the diversity, variability, and heterogeneity of SW landscapes, peoples, and agriculture. Through the diversity of research questions and methodologies, this collection of articles provides valuable information on various aspects of SW vulnerability. All articles relied on geographic information systems technology, with highly variable levels of complexity. Agricultural articles used National Agricultural Statistics Service data, either as tabular county level summaries or through the CropScape cropland raster datasets. Most relied on modeled historic and future climate information, but with differing assumptions regarding spatial resolution and temporal framework. We assert that it is essential to evaluate climate risk using a variety of complementary methodologies and perspectives. In addition, we found that spatial analysis supports informed adaptation, within and outside the SW United States. The persistence and adaptive capacity of agriculture in the water-limited Southwest serves as an instructive example and may offer solutions to reduce future climate risk.

Cybersecurity and Optimization in Smart “Autonomous” Buildings

DOE Office of Scientific and Technical Information (OSTI.GOV)

Mylrea, Michael E.; Gourisetti, Sri Nikhil Gup

Significant resources have been invested in making buildings “smart” by digitizing, networking and automating key systems and operations. Smart autonomous buildings create new energy efficiency, economic and environmental opportunities. But as buildings become increasingly networked to the Internet, they can also become more vulnerable to various cyber threats. Automated and Internet-connected buildings systems, equipment, controls, and sensors can significantly increase cyber and physical vulnerabilities that threaten the confidentiality, integrity, and availability of critical systems in organizations. Securing smart autonomous buildings presents a national security and economic challenge to the nation. Ignoring this challenge threatens business continuity and the availability ofmore » critical infrastructures that are enabled by smart buildings. In this chapter, the authors address challenges and explore new opportunities in securing smart buildings that are enhanced by machine learning, cognitive sensing, artificial intelligence (AI) and smart-energy technologies. The chapter begins by identifying cyber-threats and challenges to smart autonomous buildings. Then it provides recommendations on how AI enabled solutions can help smart buildings and facilities better protect, detect and respond to cyber-physical threats and vulnerabilities. Next, the chapter will provide case studies that examine how combining AI with innovative smart-energy technologies can increase both cybersecurity and energy efficiency savings in buildings. The chapter will conclude by proposing recommendations for future cybersecurity and energy optimization research for examining AI enabled smart-energy technology.« less

Sustainable Food Security Measurement: A Systemic Methodology

NASA Astrophysics Data System (ADS)

Findiastuti, W.; Singgih, M. L.; Anityasari, M.

2017-04-01

Sustainable food security measures how a region provides food for its people without endangered the environment. In Indonesia, it was legally measured in Food Security and Vulnerability (FSVA). However, regard to sustainable food security policy, the measurement has not encompassed the environmental aspect. This will lead to lack of environmental aspect information for adjusting the next strategy. This study aimed to assess Sustainable Food security by encompassing both food security and environment aspect using systemic eco-efficiency. Given existing indicator of cereal production level, total emission as environment indicator was generated by constructing Causal Loop Diagram (CLD). Then, a stock-flow diagram was used to develop systemic simulation model. This model was demonstrated for Indonesian five provinces. The result showed there was difference between food security order with and without environmental aspect assessment.

Network Security Risk Assessment System Based on Attack Graph and Markov Chain

NASA Astrophysics Data System (ADS)

Sun, Fuxiong; Pi, Juntao; Lv, Jin; Cao, Tian

2017-10-01

Network security risk assessment technology can be found in advance of the network problems and related vulnerabilities, it has become an important means to solve the problem of network security. Based on attack graph and Markov chain, this paper provides a Network Security Risk Assessment Model (NSRAM). Based on the network infiltration tests, NSRAM generates the attack graph by the breadth traversal algorithm. Combines with the international standard CVSS, the attack probability of atomic nodes are counted, and then the attack transition probabilities of ones are calculated by Markov chain. NSRAM selects the optimal attack path after comprehensive measurement to assessment network security risk. The simulation results show that NSRAM can reflect the actual situation of network security objectively.

Ethical Justification for Conducting Public Health Surveillance Without Patient Consent

PubMed Central

Heilig, Charles M.; White, Angela

2012-01-01

Public health surveillance by necessity occurs without explicit patient consent. There is strong legal and scientific support for maintaining name-based reporting of infectious diseases and other types of public health surveillance. We present conditions under which surveillance without explicit patient consent is ethically justifiable using principles of contemporary clinical and public health ethics. Overriding individual autonomy must be justified in terms of the obligation of public health to improve population health, reduce inequities, attend to the health of vulnerable and systematically disadvantaged persons, and prevent harm. In addition, data elements collected without consent must represent the minimal necessary interference, lead to effective public health action, and be maintained securely. PMID:22095338

Research on the information security system in electrical gis system in mobile application

NASA Astrophysics Data System (ADS)

Zhou, Chao; Feng, Renjun; Jiang, Haitao; Huang, Wei; Zhu, Daohua

2017-05-01

With the rapid development of social informatization process, the demands of government, enterprise, and individuals for spatial information becomes larger. In addition, the combination of wireless network technology and spatial information technology promotes the generation and development of mobile technologies. In today’s rapidly developed information technology field, network technology and mobile communication have become the two pillar industries by leaps and bounds. They almost absorbed and adopted all the latest information, communication, computer, electronics and so on new technologies. Concomitantly, the network coverage is more and more big, the transmission rate is faster and faster, the volume of user’s terminal is smaller and smaller. What’s more, from LAN to WAN, from wired network to wireless network, from wired access to mobile wireless access, people’s demand for communication technology is increasingly higher. As a result, mobile communication technology is facing unprecedented challenges as well as unprecedented opportunities. When combined with the existing mobile communication network, it led to the development of leaps and bounds. However, due to the inherent dependence of the system on the existing computer communication network, information security problems cannot be ignored. Today’s information security has penetrated into all aspects of life. Information system is a complex computer system, and it’s physical, operational and management vulnerabilities constitute the security vulnerability of the system. Firstly, this paper analyzes the composition of mobile enterprise network and information security threat. Secondly, this paper puts forward the security planning and measures, and constructs the information security structure.

Improvement of a uniqueness-and-anonymity-preserving user authentication scheme for connected health care.

PubMed

Xie, Qi; Liu, Wenhao; Wang, Shengbao; Han, Lidong; Hu, Bin; Wu, Ting

2014-09-01

Patient's privacy-preserving, security and mutual authentication between patient and the medical server are the important mechanism in connected health care applications, such as telecare medical information systems and personally controlled health records systems. In 2013, Wen showed that Das et al.'s scheme is vulnerable to the replay attack, user impersonation attacks and off-line guessing attacks, and then proposed an improved scheme using biometrics, password and smart card to overcome these weaknesses. However, we show that Wen's scheme is still vulnerable to off-line password guessing attacks, does not provide user's anonymity and perfect forward secrecy. Further, we propose an improved scheme to fix these weaknesses, and use the applied pi calculus based formal verification tool ProVerif to prove the security and authentication.

Cryptanalysis on a scheme to share information via employing a discrete algorithm to quantum states

NASA Astrophysics Data System (ADS)

Amellal, H.; Meslouhi, A.; El Baz, M.; Hassouni, Y.; El Allati, A.

2017-03-01

Recently, Yang and Hwang [Int. J. Theor. Phys. 53, 224 (2014)] demonstrated that the scheme to share information via employing discrete algorithm to quantum states presented by Kang and Fang [Commun. Theor. Phys. 55, 239 (2011)] suffers from a major vulnerability allowing an eavesdropper to perform a measurement and resend attack. By introducing an additional checking state framework, the authors have proposed an improved protocol to overcome this weakness. This work calls into question the invoked vulnerability in order to clarify a misinterpretation in the same protocol stages also introduce a possible leakage information strategy, known as a faked state attack, despite the proposed improvement, which means that the same security problem may persist. Finally, an upgrading technic was introduced in order to enhance the security transmission.

Three-factor anonymous authentication and key agreement scheme for Telecare Medicine Information Systems.

PubMed

Arshad, Hamed; Nikooghadam, Morteza

2014-12-01

Nowadays, with comprehensive employment of the internet, healthcare delivery services is provided remotely by telecare medicine information systems (TMISs). A secure mechanism for authentication and key agreement is one of the most important security requirements for TMISs. Recently, Tan proposed a user anonymity preserving three-factor authentication scheme for TMIS. The present paper shows that Tan's scheme is vulnerable to replay attacks and Denial-of-Service attacks. In order to overcome these security flaws, a new and efficient three-factor anonymous authentication and key agreement scheme for TMIS is proposed. Security and performance analysis shows superiority of the proposed scheme in comparison with previously proposed schemes that are related to security of TMISs.

Security breaches: tips for assessing and limiting your risks.

PubMed

Coons, Leeanne R

2011-01-01

As part of their compliance planning, medical practices should undergo a risk assessment to determine any vulnerability within the practice relative to security breaches. Practices should also implement safeguards to limit their risks. Such safeguards include facility access controls, information and electronic media management, use of business associate agreements, and education and enforcement. Implementation of specific policies and procedures to address security incidents is another critical step that medical practices should take as part of their security incident prevention plan. Medical practices should not only develop policies and procedures to prevent, detect, contain, and correct security violations, but should make sure that such policies and procedures are actually implemented in their everyday operations.

Critical field-exponents for secure message-passing in modular networks

NASA Astrophysics Data System (ADS)

Shekhtman, Louis M.; Danziger, Michael M.; Bonamassa, Ivan; Buldyrev, Sergey V.; Caldarelli, Guido; Zlatić, Vinko; Havlin, Shlomo

2018-05-01

We study secure message-passing in the presence of multiple adversaries in modular networks. We assume a dominant fraction of nodes in each module have the same vulnerability, i.e., the same entity spying on them. We find both analytically and via simulations that the links between the modules (interlinks) have effects analogous to a magnetic field in a spin-system in that for any amount of interlinks the system no longer undergoes a phase transition. We then define the exponents δ, which relates the order parameter (the size of the giant secure component) at the critical point to the field strength (average number of interlinks per node), and γ, which describes the susceptibility near criticality. These are found to be δ = 2 and γ = 1 (with the scaling of the order parameter near the critical point given by β = 1). When two or more vulnerabilities are equally present in a module we find δ = 1 and γ = 0 (with β ≥ 2). Apart from defining a previously unidentified universality class, these exponents show that increasing connections between modules is more beneficial for security than increasing connections within modules. We also measure the correlation critical exponent ν, and the upper critical dimension d c , finding that ν {d}c=3 as for ordinary percolation, suggesting that for secure message-passing d c = 6. These results provide an interesting analogy between secure message-passing in modular networks and the physics of magnetic spin-systems.

Research on offense and defense technology for iOS kernel security mechanism

NASA Astrophysics Data System (ADS)

Chu, Sijun; Wu, Hao

2018-04-01

iOS is a strong and widely used mobile device system. It's annual profits make up about 90% of the total profits of all mobile phone brands. Though it is famous for its security, there have been many attacks on the iOS operating system, such as the Trident apt attack in 2016. So it is important to research the iOS security mechanism and understand its weaknesses and put forward targeted protection and security check framework. By studying these attacks and previous jailbreak tools, we can see that an attacker could only run a ROP code and gain kernel read and write permissions based on the ROP after exploiting kernel and user layer vulnerabilities. However, the iOS operating system is still protected by the code signing mechanism, the sandbox mechanism, and the not-writable mechanism of the system's disk area. This is far from the steady, long-lasting control that attackers expect. Before iOS 9, breaking these security mechanisms was usually done by modifying the kernel's important data structures and security mechanism code logic. However, after iOS 9, the kernel integrity protection mechanism was added to the 64-bit operating system and none of the previous methods were adapted to the new versions of iOS [1]. But this does not mean that attackers can not break through. Therefore, based on the analysis of the vulnerability of KPP security mechanism, this paper implements two possible breakthrough methods for kernel security mechanism for iOS9 and iOS10. Meanwhile, we propose a defense method based on kernel integrity detection and sensitive API call detection to defense breakthrough method mentioned above. And we make experiments to prove that this method can prevent and detect attack attempts or invaders effectively and timely.

The Predictive Validity of the Short-Term Assessment of Risk and Treatability (START) for Multiple Adverse Outcomes in a Secure Psychiatric Inpatient Setting.

PubMed

O'Shea, Laura E; Picchioni, Marco M; Dickens, Geoffrey L

2016-04-01

The Short-Term Assessment of Risk and Treatability (START) aims to assist mental health practitioners to estimate an individual's short-term risk for a range of adverse outcomes via structured consideration of their risk ("Vulnerabilities") and protective factors ("Strengths") in 20 areas. It has demonstrated predictive validity for aggression but this is less established for other outcomes. We collated START assessments for N = 200 adults in a secure mental health hospital and ascertained 3-month risk event incidence using the START Outcomes Scale. The specific risk estimates, which are the tool developers' suggested method of overall assessment, predicted aggression, self-harm/suicidality, and victimization, and had incremental validity over the Strength and Vulnerability scales for these outcomes. The Strength scale had incremental validity over the Vulnerability scale for aggressive outcomes; therefore, consideration of protective factors had demonstrable value in their prediction. Further evidence is required to support use of the START for the full range of outcomes it aims to predict. © The Author(s) 2015.

Security Events and Vulnerability Data for Cybersecurity Risk Estimation.

PubMed

Allodi, Luca; Massacci, Fabio

2017-08-01

Current industry standards for estimating cybersecurity risk are based on qualitative risk matrices as opposed to quantitative risk estimates. In contrast, risk assessment in most other industry sectors aims at deriving quantitative risk estimations (e.g., Basel II in Finance). This article presents a model and methodology to leverage on the large amount of data available from the IT infrastructure of an organization's security operation center to quantitatively estimate the probability of attack. Our methodology specifically addresses untargeted attacks delivered by automatic tools that make up the vast majority of attacks in the wild against users and organizations. We consider two-stage attacks whereby the attacker first breaches an Internet-facing system, and then escalates the attack to internal systems by exploiting local vulnerabilities in the target. Our methodology factors in the power of the attacker as the number of "weaponized" vulnerabilities he/she can exploit, and can be adjusted to match the risk appetite of the organization. We illustrate our methodology by using data from a large financial institution, and discuss the significant mismatch between traditional qualitative risk assessments and our quantitative approach. © 2017 Society for Risk Analysis.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Canavan, G.H.

At low force levels stability indices depend primarily on the number of vulnerable missiles and the number of weapons on them. The index reduces to a product of the number of vulnerable missiles and the differences between normalized second and first strikes by vulnerable weapons. As the number of weapons per vulnerable missile decreases, the index rapidly approaches stability. Further reductions in vulnerable and survivable missiles and weapons do not affect stability, although they do reduce first and second strikes. Modest weapon reconstitution degrades stability significantly.

Geohazards and Poverty: An Ecosystem Services Approach in Bangladesh

NASA Astrophysics Data System (ADS)

Hutton, C.; Nicholls, R. J.; Lazar, A.

2014-12-01

The Ecosystem Services (ES) of river deltas often support high population densities, estimated at over 500 million people globally, with particular concentrations in South, South-East and East Asia and Africa. Further, a large proportion of delta populations experience extremes of poverty and are highly vulnerable to the environmental and ecological stress and degradation that is occurring. A systems dynamics approach is adopted to provide policy makers with the knowledge and tools to enable them to evaluate the effects of Geohazards and environmental stressors and associated policy decisions on people's livelihoods (Ecosystem Services for Poverty Alleviation - ESPA Deltas). This is done by a multidisciplinary and multi-national team of policy analysts, social and natural scientists and engineers. The work presents a participatory approach to formally evaluating ecosystem services and poverty in the context of the wide range of environmetnal stressors and hazards. These changes include subsidence and sea level rise, land degradation and population pressure in delta regions. The approach will be developed, tested and applied in coastal Bangladesh. Rural livelihoods are inextricably linked with the natural ecosystems and low income farmers are highly vulnerable to changes in ecosystem services as they are impacted by geohazards and environmental stressors. Their health, wellbeing and financial security are under threat from many directions such as unreliable supplies of clean water, increasing salinisation of soils and flood, while in the longer term they are threatened by subsidence and sea-level rise. This study will contribute to the understanding of this present vulnerability and help the people who develop the relevant policy to make more informed choices about how best to reduce this vulnerability.

The relationship between vulnerable attachment style, psychopathology, drug abuse, and retention in treatment among methadone maintenance treatment patients.

PubMed

Potik, David; Peles, Einat; Abramsohn, Yahli; Adelson, Miriam; Schreiber, Shaul

2014-01-01

The relationship between vulnerable attachment style, psychopathology, drug abuse, and retention in treatment among patients in methadone maintenance treatment (MMT) was examined by the Vulnerable Attachment Style Questionnaire (VASQ), the Symptom Checklist-90 (SCL-90), and drug abuse urine tests. After six years, retention in treatment and repeated urine test results were studied. Patients with vulnerable attachment style (a high VASQ score) had higher rates of drug abuse and higher psychopathology levels compared to patients with secure attachment style, especially on the interpersonal sensitivity, anxiety, hostility, phobic anxiety, and paranoid ideation scales. Drug abstinence at baseline was related to retention in treatment and to higher rates of drug abstinence after six years in MMT, whereas a vulnerable attachment style could not predict drug abstinence and retention in treatment. Clinical Implications concerning treatment of drug abusing populations and methodological issues concerning the VASQ's subscales are also discussed.

Supervisory Control and Data Acquisition (SCADA) Security Awareness In a Resource Constrained Learning Environment

DTIC Science & Technology

2014-06-16

SCADA systems. These professionals should be aware of the vulnerabilities so they can take intelligent precautions to mitigate attacks. SCADA...vulnerabilities • Describe mitigation options for protecting a system from SCADA attacks For students that go on to pursue a degree in Computer...from SCADA attacks For students who do not remain in the IT realm, this introduction provides an awareness to help them mitigate threats for their

Risk Assessment Methodology for Water utilities (RAM-W) : the foundation for emergency response planning.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Danneels, Jeffrey John

2005-03-01

Concerns about acts of terrorism against critical infrastructures have been on the rise for several years. Critical infrastructures are those physical structures and information systems (including cyber) essential to the minimum operations of the economy and government. The President's Commission on Critical Infrastructure Protection (PCCIP) probed the security of the nation's critical infrastructures. The PCCIP determined the water infrastructure is highly vulnerable to a range of potential attacks. In October 1997, the PCCIP proposed a public/private partnership between the federal government and private industry to improve the protection of the nation's critical infrastructures. In early 2000, the EPA partnered withmore » the Awwa Research Foundation (AwwaRF) and Sandia National Laboratories to create the Risk Assessment Methodology for Water Utilities (RAM-W{trademark}). Soon thereafter, they initiated an effort to create a template and minimum requirements for water utility Emergency Response Plans (ERP). All public water utilities in the US serving populations greater than 3,300 are required to undertaken both a vulnerability assessment and the development of an emergency response plan. This paper explains the initial steps of RAM-W{trademark} and then demonstrates how the security risk assessment is fundamental to the ERP. During the development of RAM-W{trademark}, Sandia performed several security risk assessments at large metropolitan water utilities. As part of the scope of that effort, ERPs at each utility were reviewed to determine how well they addressed significant vulnerabilities uncovered during the risk assessment. The ERP will contain responses to other events as well (e.g. natural disasters) but should address all major findings in the security risk assessment.« less

A rhythm-based authentication scheme for smart media devices.

PubMed

Lee, Jae Dong; Jeong, Young-Sik; Park, Jong Hyuk

2014-01-01

In recent years, ubiquitous computing has been rapidly emerged in our lives and extensive studies have been conducted in a variety of areas related to smart devices, such as tablets, smartphones, smart TVs, smart refrigerators, and smart media devices, as a measure for realizing the ubiquitous computing. In particular, smartphones have significantly evolved from the traditional feature phones. Increasingly higher-end smartphone models that can perform a range of functions are now available. Smart devices have become widely popular since they provide high efficiency and great convenience for not only private daily activities but also business endeavors. Rapid advancements have been achieved in smart device technologies to improve the end users' convenience. Consequently, many people increasingly rely on smart devices to store their valuable and important data. With this increasing dependence, an important aspect that must be addressed is security issues. Leaking of private information or sensitive business data due to loss or theft of smart devices could result in exorbitant damage. To mitigate these security threats, basic embedded locking features are provided in smart devices. However, these locking features are vulnerable. In this paper, an original security-locking scheme using a rhythm-based locking system (RLS) is proposed to overcome the existing security problems of smart devices. RLS is a user-authenticated system that addresses vulnerability issues in the existing locking features and provides secure confidentiality in addition to convenience.

A Rhythm-Based Authentication Scheme for Smart Media Devices

PubMed Central

Lee, Jae Dong; Park, Jong Hyuk

2014-01-01

In recent years, ubiquitous computing has been rapidly emerged in our lives and extensive studies have been conducted in a variety of areas related to smart devices, such as tablets, smartphones, smart TVs, smart refrigerators, and smart media devices, as a measure for realizing the ubiquitous computing. In particular, smartphones have significantly evolved from the traditional feature phones. Increasingly higher-end smartphone models that can perform a range of functions are now available. Smart devices have become widely popular since they provide high efficiency and great convenience for not only private daily activities but also business endeavors. Rapid advancements have been achieved in smart device technologies to improve the end users' convenience. Consequently, many people increasingly rely on smart devices to store their valuable and important data. With this increasing dependence, an important aspect that must be addressed is security issues. Leaking of private information or sensitive business data due to loss or theft of smart devices could result in exorbitant damage. To mitigate these security threats, basic embedded locking features are provided in smart devices. However, these locking features are vulnerable. In this paper, an original security-locking scheme using a rhythm-based locking system (RLS) is proposed to overcome the existing security problems of smart devices. RLS is a user-authenticated system that addresses vulnerability issues in the existing locking features and provides secure confidentiality in addition to convenience. PMID:25110743

Sun-Burned: Space Weather's Impact on United States National Security

NASA Astrophysics Data System (ADS)

Stebbins, B.

2014-12-01

The heightened media attention surrounding the 2013-14 solar maximum presented an excellent opportunity to examine the ever-increasing vulnerability of US national security and its Department of Defense to space weather. This vulnerability exists for three principal reasons: 1) a massive US space-based infrastructure; 2) an almost exclusive reliance on an aging and stressed continental US power grid; and 3) a direct dependence upon a US economy adapted to the conveniences of space and uninterrupted power. I tailored my research and work for the national security policy maker and military strategists in an endeavor to initiate and inform a substantive dialogue on America's preparation for, and response to, a major solar event that would severely degrade core national security capabilities, such as military operations. Significant risk to the Department of Defense exists from powerful events that could impact its space-based infrastructure and even the terrestrial power grid. Given this ever-present and increasing risk to the United States, my work advocates raising the issue of space weather and its impacts to the level of a national security threat. With the current solar cycle having already peaked and the next projected solar maximum just a decade away, the government has a relatively small window to make policy decisions that prepare the nation and its Defense Department to mitigate impacts from these potentially catastrophic phenomena.

ASSOCIATIONS BETWEEN EARLY MATERNAL DEPRESSIVE SYMPTOM TRAJECTORIES AND TODDLERS' FELT SECURITY AT 18 MONTHS: ARE BOYS AND GIRLS AT DIFFERENTIAL RISK?

PubMed

Beeghly, Marjorie; Partridge, Ty; Tronick, Ed; Muzik, Maria; Rahimian Mashhadi, Mahya; Boeve, Jordan L; Irwin, Jessica L

2017-01-01

The goal of this study was to evaluate whether there are sex differences in children's vulnerability to caregiving risk, as indexed by trajectories of maternal depressive symptoms assessed from 2 to 18 months' postpartum, and children's rated attachment security in toddlerhood, adjusting for maternal social support and demographic risk. Analyses utilized longitudinal data collected for 182 African American mother-child dyads from economically diverse backgrounds. Participants were recruited at the time of the child's birth and followed to 18 months' postpartum. Results of conditional latent growth models indicated that an increasing rate of change in level of maternal depressive symptoms over time negatively predicted toddlers' felt attachment security. Higher social support was associated with decreasing levels of maternal depressive symptoms over time whereas higher demographic risk was associated with increasing levels of maternal depressive symptoms. A subsequent multigroup conditional latent growth model revealed that child sex moderated these associations. For male (but not female) children, a rapid increase in maternal depressive symptoms was associated with lower felt attachment security at 18 months. These findings suggest that boys, as compared to girls, may be more vulnerable to early caregiving risks such as maternal depression, with negative consequences for mother-child attachment security in toddlerhood. © 2017 Michigan Association for Infant Mental Health.

Maritime Cyber Security University Research

DTIC Science & Technology

2016-05-01

traffic so vital to the global economy . The vulnerabilities associated with reliance on digital systems in the maritime environment must be continuously...Abstract (MAXIMUM 200 WORDS) Modern maritime systems are highly complex digital systems to ensure the safety and efficient operation of the shipping...integrity of the entrances to our " digital ports" and work to develop practical cyber security solutions to protect the nation’s maritime

Maritime Cyber Security University Research: Phase 1

DTIC Science & Technology

2016-05-01

the global economy . The vulnerabilities associated with reliance on digital systems in the maritime environment must be continuously examined. System...Report: Modern maritime systems are highly complex digital systems to ensure the safety and efficient operation of the shipping traffic so vital to...entrances to our " digital ports" and work to develop practical cyber security solutions to protect the nation’s maritime infrastructure. 17. Key

Agencies Should Assess Vulnerabilities and Improve Guidance for Protecting Export-Controlled Information at Companies

DTIC Science & Technology

2006-12-01

Supplement DOD Department of Defense DOL Department of Labor DTSA Defense Technology Security Administration EAR Export Administration Regulations...and outreach to companies on the export regulations. DOD: The Defense Technology Security Administration ( DTSA ) represents DOD on export control...and technologies, which DOD oversees. DTSA serves an advisory role in State’s and Commerce’s export license review processes and offers technical

U.S. Energy Security -- The Campaign We Must Win

DTIC Science & Technology

2009-03-23

population.2 Our industry, commerce, transportation and economic livelihood require the uninterrupted supply of energy. In all its forms, energy underpins...mitigate our vulnerability to unstable oil prices. Rising global demand and competition threatens our ability to secure long term economical access... economically while strengthening our enemies. This research paper addresses the effectiveness of U.S. energy policy and proposes a new approach that seeks to

Taking Up the Security Challenge of Climate Change

DTIC Science & Technology

2009-05-26

Climate change , in which man-made global warming is a major factor, will likely have dramatic and long-lasting consequences with profound security...effects of climate change are greatest, particularly in weak states that are already vulnerable to environmental destabilization. Two things are vitally...important: stemming the tide of climate change and adapting to its far-reaching consequences. This project examines the destabilizing effects of climate

A novel income security intervention to address poverty in a primary care setting: a retrospective chart review.

PubMed

Jones, Marcella K; Bloch, Gary; Pinto, Andrew D

2017-08-17

To examine the development and implementation of a novel income security intervention in primary care. A retrospective, descriptive chart review of all patients referred to the Income Security Heath Promotion service during the first year of the service (December 2013-December 2014). A multisite interdisciplinary primary care organisation in inner city Toronto, Canada, serving over 40 000 patients. The study population included 181 patients (53% female, mean age 48 years) who were referred to the Income Security Health Promotion service and engaged in care. The Income Security Health Promotion service consists of a trained health promoter who provides a mixture of expert advice and case management to patients to improve income security. An advisory group, made up of physicians, social workers, a community engagement specialist and a clinical manager, supports the service. Sociodemographic information, health status, referral information and encounter details were collected from patient charts. Encounters focused on helping patients with increasing their income (77.4%), reducing their expenses (58.6%) and improving their financial literacy (26.5%). The health promoter provided an array of services to patients, including assistance with taxes, connecting to community services, budgeting and accessing free services. The service could be improved with more specific goal setting, better links to other members of the healthcare team and implementing routine follow-up with each patient after discharge. Income Security Health Promotion is a novel service within primary care to assist vulnerable patients with a key social determinant of health. This study is a preliminary look at understanding the functioning of the service. Future research will examine the impact of the Income Security Health Promotion service on income security, financial literacy, engagement with health services and health outcomes. © Article author(s) (or their employer(s) unless otherwise stated in the text of the article) 2017. All rights reserved. No commercial use is permitted unless otherwise expressly granted.

Cyber Threat Assessment of Uplink and Commanding System for Mission Operation

NASA Technical Reports Server (NTRS)

Ko, Adans Y.; Tan, Kymie M. C.; Cilloniz-Bicchi, Ferner; Faris, Grant

2014-01-01

Most of today's Mission Operations Systems (MOS) rely on Ground Data System (GDS) segment to mitigate cyber security risks. Unfortunately, IT security design is done separately from the design of GDS' mission operational capabilities. This incoherent practice leaves many security vulnerabilities in the system without any notice. This paper describes a new way to system engineering MOS, to include cyber threat risk assessments throughout the MOS development cycle, without this, it is impossible to design a dependable and reliable MOS to meet today's rapid changing cyber threat environment.

Groundwater vulnerability mapping of Qatar aquifers

NASA Astrophysics Data System (ADS)

Baalousha, Husam Musa

2016-12-01

Qatar is one of the most arid countries in the world with limited water resources. With little rainfall and no surface water, groundwater is the only natural source of fresh water in the country. Whilst the country relies mainly on desalination of seawater to secure water supply, groundwater has extensively been used for irrigation over the last three decades, which caused adverse environmental impact. Vulnerability assessment is a widely used tool for groundwater protection and land-use management. Aquifers in Qatar are carbonate with lots of fractures, depressions and cavities. Karst aquifers are generally more vulnerable to contamination than other aquifers as any anthropogenic-sourced contaminant, especially above a highly fractured zone, can infiltrate quickly into the aquifer and spread over a wide area. The vulnerability assessment method presented in this study is based on two approaches: DRASTIC and EPIK, within the framework of Geographical Information System (GIS). Results of this study show that DRASTIC vulnerability method suits Qatar hydrogeological settings more than EPIK. The produced vulnerability map using DRASTIC shows coastal and karst areas have the highest vulnerability class. The southern part of the country is located in the low vulnerability class due to occurrence of shale formation within aquifer media, which averts downward movement of contaminants.

Space Station Program threat and vulnerability analysis

NASA Technical Reports Server (NTRS)

Van Meter, Steven D.; Veatch, John D.

1987-01-01

An examination has been made of the physical security of the Space Station Program at the Kennedy Space Center in a peacetime environment, in order to furnish facility personnel with threat/vulnerability information. A risk-management approach is used to prioritize threat-target combinations that are characterized in terms of 'insiders' and 'outsiders'. Potential targets were identified and analyzed with a view to their attractiveness to an adversary, as well as to the consequentiality of the resulting damage.

Examination of Terrestrial Nuclear Energy’s Relevance to U.S. National Security

DTIC Science & Technology

2011-03-24

Atomic Scientists (ECAS), an organization which he co-founded, Professor Einstein made an appeal to raise money to fund a ―great educational task‖2 to...100 gigawatts of total generating capacity.11 As of 2009, these commercial reactors met 20% of U.S. electrical 3 energy demand.12 In 2008 this...allows imported energy, but only if the imported energy does not create vulnerability, such as economic, political, or military vulnerability.40

Susceptibility of South Korea to hydrologic extremes affecting the global food system

NASA Astrophysics Data System (ADS)

Puma, M. J.; Chon, S. Y.

2015-12-01

Food security in South Korea is closely linked to trade in the global food system. The country's production of major grains declined from 5.8 million metric tons (mmt) in 1998 to 4.8 mmt in 2014, which coincided with a shift in grain self sufficiency from 43% down to 24% over this same period. Many factors led to these changes, including reductions in domestic agricultural land, governmental policies supporting industry over agriculture, and a push towards trade liberalization. South Korea's self sufficiency is now one of the lowest among Organisation for Economic Co-operation and Development (OECD) countries, leaving it vulnerable to disruptions in the global food system. Here we explore this vulnerability by assessing how global trade disruptions would affect Korea's food security. We impose historical extreme drought and flood events that would possibly affect today's major food producing regions concurrently. Next we compute food supply deficits in South Korea that might result from these events. Our analyses provide a framework for formulating domestic food policies to enhance South Korea's food security in the increasingly fragile global food system.

A secure and efficiently searchable health information architecture.

PubMed

Yasnoff, William A

2016-06-01

Patient-centric repositories of health records are an important component of health information infrastructure. However, patient information in a single repository is potentially vulnerable to loss of the entire dataset from a single unauthorized intrusion. A new health record storage architecture, the personal grid, eliminates this risk by separately storing and encrypting each person's record. The tradeoff for this improved security is that a personal grid repository must be sequentially searched since each record must be individually accessed and decrypted. To allow reasonable search times for large numbers of records, parallel processing with hundreds (or even thousands) of on-demand virtual servers (now available in cloud computing environments) is used. Estimated search times for a 10 million record personal grid using 500 servers vary from 7 to 33min depending on the complexity of the query. Since extremely rapid searching is not a critical requirement of health information infrastructure, the personal grid may provide a practical and useful alternative architecture that eliminates the large-scale security vulnerabilities of traditional databases by sacrificing unnecessary searching speed. Copyright © 2016 Elsevier Inc. All rights reserved.

Aviation Security: Technology's Role in Addressing Vulnerabilities

DOT National Transportation Integrated Search

1996-09-19

This is the statement of Keith O. Fultz, Assistant Comptroller General, Resources, Community, and Economic Development Division, General Accounting Office (GAO), before the Committee on Science, House of Representatives, on the serious vulnerabilitie...

INTERNATIONAL COOPERATION ON RADIOLOGICAL THREAT REDUCTION PROGRAMS IN RUSSIA

DOE Office of Scientific and Technical Information (OSTI.GOV)

Landers, Christopher C.; Tatyrek, Aaron P.

Since its inception in 2004, the United States Department of Energy’s Global Threat Reduction Initiative (GTRI) has provided the Russian Federation with significant financial and technical assistance to secure its highly vulnerable and dangerous radiological material. The three program areas of this assistance are the removal of radioisotope thermoelectric generators (RTG), the physical protection of vulnerable in-use radiological material of concern, and the recovery of disused or abandoned radiological material of concern. Despite the many successes of the GTRI program in Russia, however, there is still a need for increased international cooperation in these efforts. Furthermore, concerns exist over howmore » the Russian government will ensure that the security of its radiological materials provided through GTRI will be sustained. This paper addresses these issues and highlights the successes of GTRI efforts and ongoing activities.« less

Scalable Asset Discovery, Vulnerability Scanning, and Penetration Testing for Remote Sites and Wireless Spectrums Utilizing an Embedded Linux Plug - PwniPlug and the Raspberry Pi B+ as a Sample Pen Test

NASA Technical Reports Server (NTRS)

Ganzy, Ethan G.

2014-01-01

All devices attached to the NASA KSC network are subject to security vulnerability scanning and/or penetration testing. In today's changing environment, vulnerable and/or unprotected systems can easily be overlooked. Systems that are not properly managed can become a potential threat to the operational integrity of our systems and networks. This includes all NASA (internal and external) information systems within NASA KSC Internet Protocol (IP) address space, and NASA KSC facilities. The Office of the Chief Information Officer (OCIO) recommends that all NASA Centers and information systems be subject to penetration testing on a regular interval in accordance with the guidelines identified by the National Institute of Standards and Technology (NIST). (ITS-HBK-2810.04-02A) Protecting information and equipment at NASA is an area of increasing concern. In addition to the CPU's on the network; Supervisory, Control and Data Acquisition (SCADA) systems are especially vulnerable because these systems have lacked standards, use embedded controllers with little computational power and informal software, are connected to physical processes, have few operators, and are increasingly also being connected to corporate networks. The scope of work is comprised of several individual components which together build upon previous work by Drew Branch, NASA KSC Intern. The Pwn Plug is the selected COTS (Commercial-Off-The-Shelf) device chosen to test simplification of mandatory IT Security tasks. The device will be utilized to provide services to NASA KSC and enable an assessment of infrastructure soundness and regulatory compliance in an efficient, economical, and business responsive manner. The Pwn Plug is designed as a pen testing appliance which provides a hardware platform that can support commercial penetration testing efforts at significantly reduced costs. The expected outcomes are: 1) External Penetration Testing, 2) Social Engineering, 3) Procedural Documentation, 4) Recommended Remediation Action Plan, 5) System Retest & Remediation Attestation and 6) Final Reports, out briefing and Presentation. Due to physical and material constraints beyond intern and mentor control, the project was redefined as a working pen-test scenario. Limitations of lab availability and tools dictated an academic exercise. This report was developed within the scenario guidelines suggested by the project mentor. The guidelines were to be creative in developing a Pen Test program for a client.

Improving the Automated Detection and Analysis of Secure Coding Violations

DTIC Science & Technology

2014-06-01

eliminating software vulnerabilities and other flaws. The CERT Division produces books and courses that foster a security mindset in developers, and...website also provides a virtual machine containing a complete build of the Rosecheckers project on Linux . The Rosecheckers project leverages the...Compass/ROSE6 project developed at Law- rence Livermore National Laboratory. This project provides a high-level API for accessing the abstract syntax tree

ATIP Report: Cyber Security Research in China

DTIC Science & Technology

2015-06-05

vulnerabilities. ATIP Document ID: 150605AR CYBER SECURITY RESEARCH IN CHINA 17 Le GUAN et al. at SKLOIS of IIE, CAS proposed a solution named “ Mimosa ...that protects RSA private keys against the above software-based and physical memory attacks. When the Mimosa service is in idle, private keys are...encrypted and reside in memory as ciphertext. During the cryptographic computing, Mimosa uses hardware transactional memory (HTM) to ensure that (a

A Fundamental Key to Next-Generation Directed-Energy Systems

DTIC Science & Technology

2012-01-01

and be inherently safe to operate. By design, they must minimize or eliminate the risk of hostile attack or collateral damage especially during...bile Construction Battalion (NMCB) 7’s convoy security element are secured following an escort mission from a forward operating base. The Cougar -type...profile, small, lightweight DE systems means: • Less vulnerability to attack • Greater mobility and maneuverability • Simplified logistics with

Resilient National Security and Emergency Preparedness Communications: Service Metrics

DTIC Science & Technology

2015-10-01

the East Coast of the United States after a tornado . Emergency management services are immediately called into duty to protect, provide, and secure...channel, radios that are vulnerable to congestion during heavy usage. During a tornado emergency prior to the hurricane, in a period of only 10...In terms of Survivability, the probability of a tornado occurring in any given year in this location is P( tornado ) = 0.05. The

The Challenge of Compliance: Food Security in Rural Households Affected by Welfare Reform. Food Assistance Needs of the South's Vulnerable Population.

ERIC Educational Resources Information Center

Monroe, Pamela A.; O'Neil, Carol; Tiller, Vicky V.; Smith, Jennifer

A study examined welfare reform and food security issues. Interviews were conducted with 32 rural Louisiana women in 1997-98 when they were receiving welfare payments, in 1998-99 when they were in transition, and in 2000-01 when none received Temporary Assistance for Needy Families (TANF). Most women were African-American; about half had not…

Network security vulnerabilities and personal privacy issues in Healthcare Information Systems: a case study in a private hospital in Turkey.

PubMed

Namoğlu, Nihan; Ulgen, Yekta

2013-01-01

Healthcare industry has become widely dependent on information technology and internet as it moves from paper to electronic records. Healthcare Information System has to provide a high quality service to patients and a productive knowledge share between healthcare staff by means of patient data. With the internet being commonly used across hospitals, healthcare industry got its own share from cyber threats like other industries in the world. The challenge is allowing knowledge transfer to hospital staff while still ensuring compliance with security mandates. Working in collaboration with a private hospital in Turkey; this study aims to reveal the essential elements of a 21st century business continuity plan for hospitals while presenting the security vulnerabilities in the current hospital information systems and personal privacy auditing standards proposed by regulations and laws. We will survey the accreditation criteria in Turkey and counterparts in US and EU. We will also interview with medical staff in the hospital to understand the needs for personal privacy and the technical staff to perceive the technical requirements in terms of network security configuration and deployment. As hospitals are adopting electronic transactions, it should be considered a must to protect these electronic health records in terms of personal privacy aspects.

An effective and secure key-management scheme for hierarchical access control in E-medicine system.

PubMed

Odelu, Vanga; Das, Ashok Kumar; Goswami, Adrijit

2013-04-01

Recently several hierarchical access control schemes are proposed in the literature to provide security of e-medicine systems. However, most of them are either insecure against 'man-in-the-middle attack' or they require high storage and computational overheads. Wu and Chen proposed a key management method to solve dynamic access control problems in a user hierarchy based on hybrid cryptosystem. Though their scheme improves computational efficiency over Nikooghadam et al.'s approach, it suffers from large storage space for public parameters in public domain and computational inefficiency due to costly elliptic curve point multiplication. Recently, Nikooghadam and Zakerolhosseini showed that Wu-Chen's scheme is vulnerable to man-in-the-middle attack. In order to remedy this security weakness in Wu-Chen's scheme, they proposed a secure scheme which is again based on ECC (elliptic curve cryptography) and efficient one-way hash function. However, their scheme incurs huge computational cost for providing verification of public information in the public domain as their scheme uses ECC digital signature which is costly when compared to symmetric-key cryptosystem. In this paper, we propose an effective access control scheme in user hierarchy which is only based on symmetric-key cryptosystem and efficient one-way hash function. We show that our scheme reduces significantly the storage space for both public and private domains, and computational complexity when compared to Wu-Chen's scheme, Nikooghadam-Zakerolhosseini's scheme, and other related schemes. Through the informal and formal security analysis, we further show that our scheme is secure against different attacks and also man-in-the-middle attack. Moreover, dynamic access control problems in our scheme are also solved efficiently compared to other related schemes, making our scheme is much suitable for practical applications of e-medicine systems.

Statistical security for Social Security.

PubMed

Soneji, Samir; King, Gary

2012-08-01

The financial viability of Social Security, the single largest U.S. government program, depends on accurate forecasts of the solvency of its intergenerational trust fund. We begin by detailing information necessary for replicating the Social Security Administration's (SSA's) forecasting procedures, which until now has been unavailable in the public domain. We then offer a way to improve the quality of these procedures via age- and sex-specific mortality forecasts. The most recent SSA mortality forecasts were based on the best available technology at the time, which was a combination of linear extrapolation and qualitative judgments. Unfortunately, linear extrapolation excludes known risk factors and is inconsistent with long-standing demographic patterns, such as the smoothness of age profiles. Modern statistical methods typically outperform even the best qualitative judgments in these contexts. We show how to use such methods, enabling researchers to forecast using far more information, such as the known risk factors of smoking and obesity and known demographic patterns. Including this extra information makes a substantial difference. For example, by improving only mortality forecasting methods, we predict three fewer years of net surplus, $730 billion less in Social Security Trust Funds, and program costs that are 0.66% greater for projected taxable payroll by 2031 compared with SSA projections. More important than specific numerical estimates are the advantages of transparency, replicability, reduction of uncertainty, and what may be the resulting lower vulnerability to the politicization of program forecasts. In addition, by offering with this article software and detailed replication information, we hope to marshal the efforts of the research community to include ever more informative inputs and to continue to reduce uncertainties in Social Security forecasts.

Asian longhorned beetle complicates the relationship between taxonomic diversity and pest vulnerability in street tree assemblages

EPA Science Inventory

Urban foresters routinely emphasise the importance of taxonomic diversity to reduce the vulnerability of tree assemblages to invasive pests, but it is unclear to what extent diversity reduces vulnerability to polyphagous (i.e. generalist) pests. Drawing on field data from seven c...

Negative emotionality moderates associations among attachment, toddler sleep, and later problem behaviors.

PubMed

Troxel, Wendy M; Trentacosta, Christopher J; Forbes, Erika E; Campbell, Susan B

2013-02-01

Secure parent-child relationships are implicated in children's self-regulation, including the ability to self-soothe at bedtime. Sleep, in turn, may serve as a pathway linking attachment security with subsequent emotional and behavioral problems in children. We used path analysis to examine the direct relationship between attachment security and maternal reports of sleep problems during toddlerhood and the degree to which sleep serves as a pathway linking attachment with subsequent teacher-reported emotional and behavioral problems. We also examined infant negative emotionality as a vulnerability factor that may potentiate attachment-sleep-adjustment outcomes. Data were drawn from 776 mother-infant dyads participating in the National Institute of Child and Human Development Study of Early Child Care. After statistically adjusting for mother and child characteristics, including child sleep and emotional and behavioral problems at 24 months, we found no evidence for a statistically significant direct path between attachment security and sleep problems at 36 months; however, there was a direct relationship between sleep problems at 36 months and internalizing problems at 54 months. Path models that examined the moderating influence of infant negative emotionality demonstrated significant direct relationships between attachment security and toddler sleep problems and between sleep problems and subsequent emotional and behavioral problems, but only among children characterized by high negative emotionality at 6 months. In addition, among this subset, there was a significant indirect path between attachment and internalizing problems through sleep problems. These longitudinal findings implicate sleep as one critical pathway linking attachment security with adjustment difficulties, particularly among temperamentally vulnerable children. PsycINFO Database Record (c) 2013 APA, all rights reserved.

Negative Emotionality Moderates Associations among Attachment, Toddler Sleep, and Later Problem Behaviors

PubMed Central

Troxel, Wendy M.; Trentacosta, Christopher J.; Forbes, Erika E.; Campbell, Susan B.

2013-01-01

Secure parent-child relationships are implicated in children’s self-regulation, including the ability to self-soothe at bedtime. Sleep, in turn, may serve as a pathway linking attachment security with subsequent emotional and behavioral problems in children. We used path analysis to examine the direct relationship between attachment security and maternal-reports of sleep problems during toddlerhood, and the degree to which sleep serves as a pathway linking attachment with subsequent teacher-reported emotional and behavioral problems. We also examined infant negative emotionality as a vulnerability factor that may potentiate attachment-sleep-adjustment outcomes. Data were drawn from 776 mother-infant dyads participating in the NICHD Study of Early Child Care (SECC). In the full sample, after statistically adjusting for mother and child characteristics, including child sleep and emotional and behavioral problems at 24 months, we did not find evidence for a statistically significant direct path between attachment security and sleep problems at 36 months; however, there was a direct relationship between sleep problems at 36 months and internalizing problems at 54 months. Path models that examined the moderating influence of infant negative emotionality demonstrated significant direct relationships between attachment security and toddler sleep problems, and sleep problems and subsequent emotional and behavioral problems, but only among children characterized by high negative emotionality at 6 months of age. In addition, among this subset, there was a significant indirect path between attachment and internalizing problems through sleep problems. These longitudinal findings implicate sleep as one critical pathway linking attachment security with adjustment difficulties, particularly among temperamentally vulnerable children. PMID:23421840

WILDFIRE IGNITION RESISTANCE ESTIMATOR WIZARD SOFTWARE DEVELOPMENT REPORT

DOE Office of Scientific and Technical Information (OSTI.GOV)

Phillips, M.; Robinson, C.; Gupta, N.

2012-10-10

This report describes the development of a software tool, entitled “WildFire Ignition Resistance Estimator Wizard” (WildFIRE Wizard, Version 2.10). This software was developed within the Wildfire Ignition Resistant Home Design (WIRHD) program, sponsored by the U. S. Department of Homeland Security, Science and Technology Directorate, Infrastructure Protection & Disaster Management Division. WildFIRE Wizard is a tool that enables homeowners to take preventive actions that will reduce their home’s vulnerability to wildfire ignition sources (i.e., embers, radiant heat, and direct flame impingement) well in advance of a wildfire event. This report describes the development of the software, its operation, its technicalmore » basis and calculations, and steps taken to verify its performance.« less

Childbirth Pain, Attachment Orientations, and Romantic Partner Support During Labor and Delivery.

PubMed

Wilson, Carol L; Simpson, Jeffry A

2016-12-01

Attachment anxiety is associated with greater perceived physical pain, whereas social support is associated with lower pain perceptions. Few studies, however, have examined the joint effects of attachment and support on acute physical pain in a dyadic context. In this study, first-time expectant mothers ( N =140) and their male partners completed romantic attachment measures (prenatally) and postnatal assessments of women's pain and men's emotional support during labor and delivery. More securely attached women benefited from emotional support in terms of reduced pain, more avoidantly attached women reported greater pain when given more support, and more anxiously attached women reported greater pain, regardless of their partner's support. These results advance our understanding of which women are most vulnerable to painful childbirth.

Best Practices for the Security of Radioactive Materials

DOE Office of Scientific and Technical Information (OSTI.GOV)

Coulter, D.T.; Musolino, S.

2009-05-01

This work is funded under a grant provided by the US Department of Health and Human Services, Centers for Disease Control. The Department of Health and Mental Hygiene (DOHMH) awarded a contract to Brookhaven National Laboratory (BNL) to develop best practices guidance for Office of Radiological Health (ORH) licensees to increase on-site security to deter and prevent theft of radioactive materials (RAM). The purpose of this document is to describe best practices available to manage the security of radioactive materials in medical centers, hospitals, and research facilities. There are thousands of such facilities in the United States, and recent studiesmore » suggest that these materials may be vulnerable to theft or sabotage. Their malevolent use in a radiological-dispersion device (RDD), viz., a dirty bomb, can have severe environmental- and economic- impacts, the associated area denial, and potentially large cleanup costs, as well as other effects on the licensees and the public. These issues are important to all Nuclear Regulatory Commission and Agreement State licensees, and to the general public. This document outlines approaches for the licensees possessing these materials to undertake security audits to identify vulnerabilities in how these materials are stored or used, and to describe best practices to upgrade or enhance their security. Best practices can be described as the most efficient (least amount of effort/cost) and effective (best results) way of accomplishing a task and meeting an objective, based on repeatable procedures that have proven themselves over time for many people and circumstances. Best practices within the security industry include information security, personnel security, administrative security, and physical security. Each discipline within the security industry has its own 'best practices' that have evolved over time into common ones. With respect to radiological devices and radioactive-materials security, industry best practices encompass both physical security (hardware and engineering) and administrative procedures. Security regimes for these devices and materials typically use a defense-in-depth- or layered-security approach to eliminate single points of failure. The Department of Energy, the Department of Homeland Security, the Department of Defense, the American Society of Industrial Security (ASIS), the Security Industry Association (SIA) and Underwriters Laboratory (UL) all rovide design guidance and hardware specifications. With a graded approach, a physical-security specialist can tailor an integrated security-management system in the most appropriate cost-effective manner to meet the regulatory and non-regulatory requirements of the licensee or client.« less

TH-A-12A-01: Medical Physicist's Role in Digital Information Security: Threats, Vulnerabilities and Best Practices

DOE Office of Scientific and Technical Information (OSTI.GOV)

McDonald, K; Curran, B

I. Information Security Background (Speaker = Kevin McDonald) Evolution of Medical Devices Living and Working in a Hostile Environment Attack Motivations Attack Vectors Simple Safety Strategies Medical Device Security in the News Medical Devices and Vendors Summary II. Keeping Radiation Oncology IT Systems Secure (Speaker = Bruce Curran) Hardware Security Double-lock Requirements “Foreign” computer systems Portable Device Encryption Patient Data Storage System Requirements Network Configuration Isolating Critical Devices Isolating Clinical Networks Remote Access Considerations Software Applications / Configuration Passwords / Screen Savers Restricted Services / access Software Configuration Restriction Use of DNS to restrict accesse. Patches / Upgrades Awareness Intrusionmore » Prevention Intrusion Detection Threat Risk Analysis Conclusion Learning Objectives: Understanding how Hospital IT Requirements affect Radiation Oncology IT Systems. Illustrating sample practices for hardware, network, and software security. Discussing implementation of good IT security practices in radiation oncology. Understand overall risk and threats scenario in a networked environment.« less

Network Security via Biometric Recognition of Patterns of Gene Expression

NASA Technical Reports Server (NTRS)

Shaw, Harry C.

2016-01-01

Molecular biology provides the ability to implement forms of information and network security completely outside the bounds of legacy security protocols and algorithms. This paper addresses an approach which instantiates the power of gene expression for security. Molecular biology provides a rich source of gene expression and regulation mechanisms, which can be adopted to use in the information and electronic communication domains. Conventional security protocols are becoming increasingly vulnerable due to more intensive, highly capable attacks on the underlying mathematics of cryptography. Security protocols are being undermined by social engineering and substandard implementations by IT (Information Technology) organizations. Molecular biology can provide countermeasures to these weak points with the current security approaches. Future advances in instruments for analyzing assays will also enable this protocol to advance from one of cryptographic algorithms to an integrated system of cryptographic algorithms and real-time assays of gene expression products.

Network Security via Biometric Recognition of Patterns of Gene Expression

NASA Technical Reports Server (NTRS)

Shaw, Harry C.

2016-01-01

Molecular biology provides the ability to implement forms of information and network security completely outside the bounds of legacy security protocols and algorithms. This paper addresses an approach which instantiates the power of gene expression for security. Molecular biology provides a rich source of gene expression and regulation mechanisms, which can be adopted to use in the information and electronic communication domains. Conventional security protocols are becoming increasingly vulnerable due to more intensive, highly capable attacks on the underlying mathematics of cryptography. Security protocols are being undermined by social engineering and substandard implementations by IT organizations. Molecular biology can provide countermeasures to these weak points with the current security approaches. Future advances in instruments for analyzing assays will also enable this protocol to advance from one of cryptographic algorithms to an integrated system of cryptographic algorithms and real-time expression and assay of gene expression products.

Routing architecture and security for airborne networks

NASA Astrophysics Data System (ADS)

Deng, Hongmei; Xie, Peng; Li, Jason; Xu, Roger; Levy, Renato

2009-05-01

Airborne networks are envisioned to provide interconnectivity for terrestial and space networks by interconnecting highly mobile airborne platforms. A number of military applications are expected to be used by the operator, and all these applications require proper routing security support to establish correct route between communicating platforms in a timely manner. As airborne networks somewhat different from traditional wired and wireless networks (e.g., Internet, LAN, WLAN, MANET, etc), security aspects valid in these networks are not fully applicable to airborne networks. Designing an efficient security scheme to protect airborne networks is confronted with new requirements. In this paper, we first identify a candidate routing architecture, which works as an underlying structure for our proposed security scheme. And then we investigate the vulnerabilities and attack models against routing protocols in airborne networks. Based on these studies, we propose an integrated security solution to address routing security issues in airborne networks.

On the Security of a Two-Factor Authentication and Key Agreement Scheme for Telecare Medicine Information Systems.

PubMed

Arshad, Hamed; Teymoori, Vahid; Nikooghadam, Morteza; Abbassi, Hassan

2015-08-01

Telecare medicine information systems (TMISs) aim to deliver appropriate healthcare services in an efficient and secure manner to patients. A secure mechanism for authentication and key agreement is required to provide proper security in these systems. Recently, Bin Muhaya demonstrated some security weaknesses of Zhu's authentication and key agreement scheme and proposed a security enhanced authentication and key agreement scheme for TMISs. However, we show that Bin Muhaya's scheme is vulnerable to off-line password guessing attacks and does not provide perfect forward secrecy. Furthermore, in order to overcome the mentioned weaknesses, we propose a new two-factor anonymous authentication and key agreement scheme using the elliptic curve cryptosystem. Security and performance analyses demonstrate that the proposed scheme not only overcomes the weaknesses of Bin Muhaya's scheme, but also is about 2.73 times faster than Bin Muhaya's scheme.

Legislation.

ERIC Educational Resources Information Center

Florio, David H.

1981-01-01

Nearly all educational programs which receive federal funding are vulnerable to budget cuts. Educators need to view budget reductions in terms of economic priorities. Education must be seen as part of the economic productivity, social fabric, and security of the nation. (JN)

Rethinking Defensive Information Warfare

DTIC Science & Technology

2004-06-01

Countless studies, however, have demonstrated the weakness in this system.15 The tension between easily remembered passwords and suffi...vulnerabilities Undiscovered flaws The patch model for Internet security has failed spectacularly. Caida , 2004 Signature-Based Defense Anti virus, intrusion

Expanding the Department of Defense’s Role in Cyber Civil Support

DTIC Science & Technology

2011-06-17

vulnerability of this very crucial domain. They include the Y2K problem, the Estonia cyber-attacks in 2007, and the role of cyber in the Russian-Georgia...cyber security vulnerabilities associated with critical infrastructure. The Year 2000 Challenge The Year 2000 ( Y2K ) problem was the result of...and microprocessors failed to make the correct transition from 1999 to 2000.19 One of the most critical concerns with Y2K was the potential cascading

Design and Development of Layered Security: Future Enhancements and Directions in Transmission

PubMed Central

Shahzad, Aamir; Lee, Malrey; Kim, Suntae; Kim, Kangmin; Choi, Jae-Young; Cho, Younghwa; Lee, Keun-Kwang

2016-01-01

Today, security is a prominent issue when any type of communication is being undertaken. Like traditional networks, supervisory control and data acquisition (SCADA) systems suffer from a number of vulnerabilities. Numerous end-to-end security mechanisms have been proposed for the resolution of SCADA-system security issues, but due to insecure real-time protocol use and the reliance upon open protocols during Internet-based communication, these SCADA systems can still be compromised by security challenges. This study reviews the security challenges and issues that are commonly raised during SCADA/protocol transmissions and proposes a secure distributed-network protocol version 3 (DNP3) design, and the implementation of the security solution using a cryptography mechanism. Due to the insecurities found within SCADA protocols, the new development consists of a DNP3 protocol that has been designed as a part of the SCADA system, and the cryptographically derived security is deployed within the application layer as a part of the DNP3 stack. PMID:26751443

Design and Development of Layered Security: Future Enhancements and Directions in Transmission.

PubMed

Shahzad, Aamir; Lee, Malrey; Kim, Suntae; Kim, Kangmin; Choi, Jae-Young; Cho, Younghwa; Lee, Keun-Kwang

2016-01-06

Today, security is a prominent issue when any type of communication is being undertaken. Like traditional networks, supervisory control and data acquisition (SCADA) systems suffer from a number of vulnerabilities. Numerous end-to-end security mechanisms have been proposed for the resolution of SCADA-system security issues, but due to insecure real-time protocol use and the reliance upon open protocols during Internet-based communication, these SCADA systems can still be compromised by security challenges. This study reviews the security challenges and issues that are commonly raised during SCADA/protocol transmissions and proposes a secure distributed-network protocol version 3 (DNP3) design, and the implementation of the security solution using a cryptography mechanism. Due to the insecurities found within SCADA protocols, the new development consists of a DNP3 protocol that has been designed as a part of the SCADA system, and the cryptographically derived security is deployed within the application layer as a part of the DNP3 stack.

Color image encryption using random transforms, phase retrieval, chaotic maps, and diffusion

NASA Astrophysics Data System (ADS)

Annaby, M. H.; Rushdi, M. A.; Nehary, E. A.

2018-04-01

The recent tremendous proliferation of color imaging applications has been accompanied by growing research in data encryption to secure color images against adversary attacks. While recent color image encryption techniques perform reasonably well, they still exhibit vulnerabilities and deficiencies in terms of statistical security measures due to image data redundancy and inherent weaknesses. This paper proposes two encryption algorithms that largely treat these deficiencies and boost the security strength through novel integration of the random fractional Fourier transforms, phase retrieval algorithms, as well as chaotic scrambling and diffusion. We show through detailed experiments and statistical analysis that the proposed enhancements significantly improve security measures and immunity to attacks.

Towards a Relation Extraction Framework for Cyber-Security Concepts

DOE Office of Scientific and Technical Information (OSTI.GOV)

Jones, Corinne L; Bridges, Robert A; Huffer, Kelly M

In order to assist security analysts in obtaining information pertaining to their network, such as novel vulnerabilities, exploits, or patches, information retrieval methods tailored to the security domain are needed. As labeled text data is scarce and expensive, we follow developments in semi-supervised NLP and implement a bootstrapping algorithm for extracting security entities and their relationships from text. The algorithm requires little input data, specifically, a few relations or patterns (heuristics for identifying relations), and incorporates an active learning component which queries the user on the most important decisions to prevent drifting the desired relations. Preliminary testing on a smallmore » corpus shows promising results, obtaining precision of .82.« less

Internet of Things (IoT) Based Design of a Secure and Lightweight Body Area Network (BAN) Healthcare System.

PubMed

Deng, Yong-Yuan; Chen, Chin-Ling; Tsaur, Woei-Jiunn; Tang, Yung-Wen; Chen, Jung-Hsuan

2017-12-15

As sensor networks and cloud computation technologies have rapidly developed over recent years, many services and applications integrating these technologies into daily life have come together as an Internet of Things (IoT). At the same time, aging populations have increased the need for expanded and more efficient elderly care services. Fortunately, elderly people can now wear sensing devices which relay data to a personal wireless device, forming a body area network (BAN). These personal wireless devices collect and integrate patients' personal physiological data, and then transmit the data to the backend of the network for related diagnostics. However, a great deal of the information transmitted by such systems is sensitive data, and must therefore be subject to stringent security protocols. Protecting this data from unauthorized access is thus an important issue in IoT-related research. In regard to a cloud healthcare environment, scholars have proposed a secure mechanism to protect sensitive patient information. Their schemes provide a general architecture; however, these previous schemes still have some vulnerability, and thus cannot guarantee complete security. This paper proposes a secure and lightweight body-sensor network based on the Internet of Things for cloud healthcare environments, in order to address the vulnerabilities discovered in previous schemes. The proposed authentication mechanism is applied to a medical reader to provide a more comprehensive architecture while also providing mutual authentication, and guaranteeing data integrity, user untraceability, and forward and backward secrecy, in addition to being resistant to replay attack.

Vulnerability of water supply systems to cyber-physical attacks

NASA Astrophysics Data System (ADS)

Galelli, Stefano; Taormina, Riccardo; Tippenhauer, Nils; Salomons, Elad; Ostfeld, Avi

2016-04-01

The adoption of smart meters, distributed sensor networks and industrial control systems has largely improved the level of service provided by modern water supply systems. Yet, the progressive computerization exposes these critical infrastructures to cyber-physical attacks, which are generally aimed at stealing critical information (cyber-espionage) or causing service disruption (denial-of-service). Recent statistics show that water and power utilities are undergoing frequent attacks - such as the December power outage in Ukraine - , attracting the interest of operators and security agencies. Taking the security of Water Distribution Networks (WDNs) as domain of study, our work seeks to characterize the vulnerability of WDNs to cyber-physical attacks, so as to conceive adequate defense mechanisms. We extend the functionality of EPANET, which models hydraulic and water quality processes in pressurized pipe networks, to include a cyber layer vulnerable to repeated attacks. Simulation results on a medium-scale network show that several hydraulic actuators (valves and pumps, for example) can be easily attacked, causing both service disruption - i.e., water spillage and loss of pressure - and structural damages - e.g., pipes burst. Our work highlights the need for adequate countermeasures, such as attacks detection and reactive control systems.

GIS Analysis of Changes in Ecological Vulnerability Using a SPCA Model in the Loess Plateau of Northern Shaanxi, China

PubMed Central

Kang, Hou; Xuxiang, Li; Jing, Zhang

2015-01-01

Changes in ecological vulnerability were analyzed for Northern Shaanxi, China using a geographic information system (GIS). An evaluation model was developed using a spatial principal component analysis (SPCA) model containing land use, soil erosion, topography, climate, vegetation and social economy variables. Using this model, an ecological vulnerability index was computed for the research region. Using natural breaks classification (NBC), the evaluation results were divided into five types: potential, slight, light, medium and heavy. The results indicate that there is greater than average optimism about the conditions of the study region, and the ecological vulnerability index (EVI) of the southern eight counties is lower than that of the northern twelve counties. From 1997 to 2011, the ecological vulnerability index gradually decreased, which means that environmental security was gradually enhanced, although there are still some places that have gradually deteriorated over the past 15 years. In the study area, government and economic factors and precipitation are the main reasons for the changes in ecological vulnerability. PMID:25898407

IPCC Climate Change 2013: Impacts, Adaptation and Vulnerability: Key findings and lessons learned

NASA Astrophysics Data System (ADS)

Giorgi, Filippo; Field, Christopher; Barros, Vicente

2014-05-01

The Working Group II contribution to the Fifth Assessment Report of the Intergivernmental Panel on Climate Change, Impacts, Adaptation and Vulnerability, will be completed and approved in March 2014. It includes two parts, Part A covering Global and Sectoral Aspects, and Part B, covering Regional Aspects. The WGII report spans a very broad range of topics which are approached in a strong interdisciplinary context. It highlights how observed impacts of climate change are now widespread and consequential, particularly for natural systems, and can be observed on all continents and across the oceans. Vulnerability to climate change depends on interactions with non-climatic stressors and inequalities, resulting in highly differential risks associated with climate change. It is also found that adaptation is already occurring across scales and is embedded in many planning processes. Continued sustained warming thrughout the 21st century will exacerbate risks and vulnerabilities across multiple sectors, such as freshwater resources, terrestrial and inland water systems, coastal and marine systems, food production, human health, security and livelihood. The report stresses how risks and vulnerabilities need to be assessed within a multi-stressor and regionally specific context, and can be reduced and managed by adopting climate-resilient pathwyas combining suitable adaptation and mitigation options with synergies and tradeoffs occurring both within and across regions. The Working group II report includes a large number of Chapters (30) and contributors (310 including authors and review editors), with expertise in a broad range of disciplines, from the physical science to the impact and socio-economic sciences. The communication across chapters and disciplines has been a challenge, and will continue to be one as the Global Change problem will increasingly require a fully integrated and holistic approach. Note that text on this abstract is not approved at the time its submission, but it will be discussed in the report.

Crop yield risk analysis and mitigation of smallholder farmers at quaternary catchment level: Case study of B72A in Olifants river basin, South Africa

NASA Astrophysics Data System (ADS)

Magombeyi, Manuel S.; Taigbenu, Akpofure E.

Currently, Sub-Sahara is experiencing increased frequency of disasters either as floods or droughts which depletes the scarce resources available to sustain increasing populations. Success in preventing food shortages in the African continent can only be achieved by understanding the vulnerability and risk of the majority of smallholder farmers under rainfed and supplementary irrigation coupled with appropriate interventions. Increased frequency of floods, droughts and dry spells pose an increasing threat to the smallholder farmers’ food security and water resources availability in B72A quaternary catchment of the Olifants river basin in South Africa. This paper links maize crop yield risk and smallholder farmer vulnerability arising from droughts by applying a set of interdisciplinary indicators (physical and socio-economic) encompassing gender and institutional vulnerabilities. For the study area, the return period of droughts and dry spells was 2 years. The growing season for maize crop was 121 days on average. Soil water deficit during critical growth stages may reduce potential yields by up to 62%, depending on the length and severity of the moisture deficit. To minimize grain yield loss and avoid total crop failures from intra-seasonal dry spells, farmers applied supplementary irrigation either from river water or rainwater harvested into small reservoirs. Institutional vulnerability was evidenced by disjointed water management institutions with lack of comprehension of roles of higher level institutions by lower level ones. Women are most hit by droughts as they derived more than 90% of their family income from agriculture activities. An enhanced understanding of the vulnerability and risk exposure will assist in developing technologies and policies that conform to the current livelihood strategies of smallholder, resource-constrained farmers. Development of such knowledge base for a catchment opens avenues for computational modeling of the impacts of different types of disasters under different scenarios.