An Analysis of the Effect of a Cyber Home Learning System on Korean Secondary School Students' English Language Achievement and Attitude

ERIC Educational Resources Information Center

Shin, Ji Hye; Albers, Peggy

2015-01-01

This study examined the effectiveness of a Cyber Home Learning System (CHLS), an online learning system currently being employed in South Korea to improve the access and quality of public education as well as to reduce private tutoring expenditures. The quasi-experimental research design used experiment and survey methods to learn about the impact…

Towards a Cyber Defense Framework for SCADA Systems Based on Power Consumption Monitoring

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hernandez Jimenez, Jarilyn M; Chen, Qian; Nichols, Jeff A.

Supervisory control and data acquisition (SCADA) is an industrial automation system that remotely monitor, and control critical infrastructures. SCADA systems are major targets for espionage and sabotage attackers. According to the 2015 Dell security annual threat report, the number of cyber-attacks against SCADA systems has doubled in the past year. Cyber-attacks (i.e., buffer overflow, rootkits and code injection) could cause serious financial losses and physical infrastructure damages. Moreover, some specific cyber-attacks against SCADA systems could become a threat to human life. Current commercial off-the-shelf security solutions are insufficient in protecting SCADA systems against sophisticated cyber-attacks. In 2014 a report bymore » Mandiant stated that only 69% of organizations learned about their breaches from third entities, meaning that these companies lack of their own detection system. Furthermore, these breaches are not detected in real-time or fast enough to prevent further damages. The average time between compromise and detection (for those intrusions that were detected) was 205 days. To address this challenge, we propose an Intrusion Detection System (IDS) that detects SCADA-specific cyber-attacks by analyzing the power consumption of a SCADA device. Specifically, to validate the proposed approach, we chose to monitor in real-time the power usage of a a Programmable Logic Controller (PLC). To this end, we configured the hardware of the tetsbed by installing the required sensors to monitor and collect its power consumption. After that two SCADA-specific cyber-attacks were simulated and TracerDAQ Pro was used to collect the power consumption of the PLC under normal and anomalous scenarios. Results showed that is possible to distinguish between the regular power usage of the PLC and when the PLC was under specific cyber-attacks.« less

Cyber-Threat Assessment for the Air Traffic Management System: A Network Controls Approach

NASA Technical Reports Server (NTRS)

Roy, Sandip; Sridhar, Banavar

2016-01-01

Air transportation networks are being disrupted with increasing frequency by failures in their cyber- (computing, communication, control) systems. Whether these cyber- failures arise due to deliberate attacks or incidental errors, they can have far-reaching impact on the performance of the air traffic control and management systems. For instance, a computer failure in the Washington DC Air Route Traffic Control Center (ZDC) on August 15, 2015, caused nearly complete closure of the Centers airspace for several hours. This closure had a propagative impact across the United States National Airspace System, causing changed congestion patterns and requiring placement of a suite of traffic management initiatives to address the capacity reduction and congestion. A snapshot of traffic on that day clearly shows the closure of the ZDC airspace and the resulting congestion at its boundary, which required augmented traffic management at multiple locations. Cyber- events also have important ramifications for private stakeholders, particularly the airlines. During the last few months, computer-system issues have caused several airlines fleets to be grounded for significant periods of time: these include United Airlines (twice), LOT Polish Airlines, and American Airlines. Delays and regional stoppages due to cyber- events are even more common, and may have myriad causes (e.g., failure of the Department of Homeland Security systems needed for security check of passengers, see [3]). The growing frequency of cyber- disruptions in the air transportation system reflects a much broader trend in the modern society: cyber- failures and threats are becoming increasingly pervasive, varied, and impactful. In consequence, an intense effort is underway to develop secure and resilient cyber- systems that can protect against, detect, and remove threats, see e.g. and its many citations. The outcomes of this wide effort on cyber- security are applicable to the air transportation infrastructure, and indeed security solutions are being implemented in the current system. While these security solutions are important, they only provide a piecemeal solution. Particular computers or communication channels are protected from particular attacks, without a holistic view of the air transportation infrastructure. On the other hand, the above-listed incidents highlight that a holistic approach is needed, for several reasons. First, the air transportation infrastructure is a large scale cyber-physical system with multiple stakeholders and diverse legacy assets. It is impractical to protect every cyber- asset from known and unknown disruptions, and instead a strategic view of security is needed. Second, disruptions to the cyber- system can incur complex propagative impacts across the air transportation network, including its physical and human assets. Also, these implications of cyber- events are exacerbated or modulated by other disruptions and operational specifics, e.g. severe weather, operator fatigue or error, etc. These characteristics motivate a holistic and strategic perspective on protecting the air transportation infrastructure from cyber- events. The analysis of cyber- threats to the air traffic system is also inextricably tied to the integration of new autonomy into the airspace. The replacement of human operators with cyber functions leaves the network open to new cyber threats, which must be modeled and managed. Paradoxically, the mitigation of cyber events in the airspace will also likely require additional autonomy, given the fast time scale and myriad pathways of cyber-attacks which must be managed. The assessment of new vulnerabilities upon integration of new autonomy is also a key motivation for a holistic perspective on cyber threats.

Possibilities of identifying cyber attack in noisy space of n-dimensional abstract system

NASA Astrophysics Data System (ADS)

Jašek, Roman; Dvořák, Jiří; Janková, Martina; Sedláček, Michal

2016-06-01

This article briefly mentions some selected options of current concept for identifying cyber attacks from the perspective of the new cyberspace of real system. In the cyberspace, there is defined n-dimensional abstract system containing elements of the spatial arrangement of partial system elements such as micro-environment of cyber systems surrounded by other suitably arranged corresponding noise space. This space is also gradually supplemented by a new image of dynamic processes in a discreet environment, and corresponding again to n-dimensional expression of time space defining existence and also the prediction for expected cyber attacksin the noise space. Noises are seen here as useful and necessary for modern information and communication technologies (e.g. in processes of applied cryptography in ICT) and then the so-called useless noises designed for initial (necessary) filtering of this highly aggressive environment and in future expectedly offensive background in cyber war (e.g. the destruction of unmanned means of an electromagnetic pulse, or for destruction of new safety barriers created on principles of electrostatic field or on other principles of modern physics, etc.). The key to these new options is the expression of abstract systems based on the models of microelements of cyber systems and their hierarchical concept in structure of n-dimensional system in given cyberspace. The aim of this article is to highlight the possible systemic expression of cyberspace of abstract system and possible identification in time-spatial expression of real environment (on microelements of cyber systems and their surroundings with noise characteristics and time dimension in dynamic of microelements' own time and externaltime defined by real environment). The article was based on a partial task of faculty specific research.

Possibilities of identifying cyber attack in noisy space of n-dimensional abstract system

DOE Office of Scientific and Technical Information (OSTI.GOV)

Jašek, Roman; Dvořák, Jiří; Janková, Martina

This article briefly mentions some selected options of current concept for identifying cyber attacks from the perspective of the new cyberspace of real system. In the cyberspace, there is defined n-dimensional abstract system containing elements of the spatial arrangement of partial system elements such as micro-environment of cyber systems surrounded by other suitably arranged corresponding noise space. This space is also gradually supplemented by a new image of dynamic processes in a discreet environment, and corresponding again to n-dimensional expression of time space defining existence and also the prediction for expected cyber attacksin the noise space. Noises are seen heremore » as useful and necessary for modern information and communication technologies (e.g. in processes of applied cryptography in ICT) and then the so-called useless noises designed for initial (necessary) filtering of this highly aggressive environment and in future expectedly offensive background in cyber war (e.g. the destruction of unmanned means of an electromagnetic pulse, or for destruction of new safety barriers created on principles of electrostatic field or on other principles of modern physics, etc.). The key to these new options is the expression of abstract systems based on the models of microelements of cyber systems and their hierarchical concept in structure of n-dimensional system in given cyberspace. The aim of this article is to highlight the possible systemic expression of cyberspace of abstract system and possible identification in time-spatial expression of real environment (on microelements of cyber systems and their surroundings with noise characteristics and time dimension in dynamic of microelements’ own time and externaltime defined by real environment). The article was based on a partial task of faculty specific research.« less

Resilience of Cyber Systems with Over- and Underregulation.

PubMed

Gisladottir, Viktoria; Ganin, Alexander A; Keisler, Jeffrey M; Kepner, Jeremy; Linkov, Igor

2017-09-01

Recent cyber attacks provide evidence of increased threats to our critical systems and infrastructure. A common reaction to a new threat is to harden the system by adding new rules and regulations. As federal and state governments request new procedures to follow, each of their organizations implements their own cyber defense strategies. This unintentionally increases time and effort that employees spend on training and policy implementation and decreases the time and latitude to perform critical job functions, thus raising overall levels of stress. People's performance under stress, coupled with an overabundance of information, results in even more vulnerabilities for adversaries to exploit. In this article, we embed a simple regulatory model that accounts for cybersecurity human factors and an organization's regulatory environment in a model of a corporate cyber network under attack. The resulting model demonstrates the effect of under- and overregulation on an organization's resilience with respect to insider threats. Currently, there is a tendency to use ad-hoc approaches to account for human factors rather than to incorporate them into cyber resilience modeling. It is clear that using a systematic approach utilizing behavioral science, which already exists in cyber resilience assessment, would provide a more holistic view for decisionmakers. © 2016 Society for Risk Analysis.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Li, Y; Liu, B; Liang, B

Purpose: Current CyberKnife treatment planning system (TPS) provided two dose calculation algorithms: Ray-tracing and Monte Carlo. Ray-tracing algorithm is fast, but less accurate, and also can’t handle irregular fields since a multi-leaf collimator system was recently introduced to CyberKnife M6 system. Monte Carlo method has well-known accuracy, but the current version still takes a long time to finish dose calculations. The purpose of this paper is to develop a GPU-based fast C/S dose engine for CyberKnife system to achieve both accuracy and efficiency. Methods: The TERMA distribution from a poly-energetic source was calculated based on beam’s eye view coordinate system,more » which is GPU friendly and has linear complexity. The dose distribution was then computed by inversely collecting the energy depositions from all TERMA points along 192 collapsed-cone directions. EGSnrc user code was used to pre-calculate energy deposition kernels (EDKs) for a series of mono-energy photons The energy spectrum was reconstructed based on measured tissue maximum ratio (TMR) curve, the TERMA averaged cumulative kernels was then calculated. Beam hardening parameters and intensity profiles were optimized based on measurement data from CyberKnife system. Results: The difference between measured and calculated TMR are less than 1% for all collimators except in the build-up regions. The calculated profiles also showed good agreements with the measured doses within 1% except in the penumbra regions. The developed C/S dose engine was also used to evaluate four clinical CyberKnife treatment plans, the results showed a better dose calculation accuracy than Ray-tracing algorithm compared with Monte Carlo method for heterogeneous cases. For the dose calculation time, it takes about several seconds for one beam depends on collimator size and dose calculation grids. Conclusion: A GPU-based C/S dose engine has been developed for CyberKnife system, which was proven to be efficient and accurate for clinical purpose, and can be easily implemented in TPS.« less

Cyber Vulnerabilities Within Critical Infrastructure: The Flaws of Industrial Control Systems in the Oil and Gas Industry

NASA Astrophysics Data System (ADS)

Alpi, Danielle Marie

The 16 sectors of critical infrastructure in the US are susceptible to cyber-attacks. Potential attacks come from internal and external threats. These attacks target the industrial control systems (ICS) of companies within critical infrastructure. Weakness in the energy sector's ICS, specifically the oil and gas industry, can result in economic and ecological disaster. The purpose of this study was to establish means for oil companies to identify and stop cyber-attacks specifically APT threats. This research reviewed current cyber vulnerabilities and ways in which a cyber-attack may be deterred. This research found that there are insecure devices within ICS that are not regularly updated. Therefore, security issues have amassed. Safety procedures and training thereof are often neglected. Jurisdiction is unclear in regard to critical infrastructure. The recommendations this research offers are further examination of information sharing methods, development of analytic platforms, and better methods for the implementation of defense-in-depth security measures.

Facilitating the Easy Use of Earth Observation Data in Earth System Models through CyberConnector

NASA Astrophysics Data System (ADS)

Di, L.; Sun, Z.; Zhang, C.

2017-12-01

Earth system models (ESM) are an important tool used to understand the Earth system and predict its future states. On other hand, Earth observations (EO) provides the current state of the system. EO data are very useful in ESM initialization, verification, validation, and inter-comparison. However, EO data often cannot directly be consumed by ESMs because of the syntactic and semantic mismatches between EO products and ESM requirements. In order to remove the mismatches, scientists normally spend long time to customize EO data for ESM consumption. CyberConnector, a NSF EarthCube building block, is intended to automate the data customization so that scientists can be relieved from the laborious EO data customization. CyberConnector uses web-service-based geospatial processing models (GPM) as the mechanism to automatically customize the EO data into the right products in the right form needed by ESMs. It can support many different ESMs through its standard interfaces. It consists of seven modules: GPM designer, GPM binder, GPM runner, GPM monitor, resource register, order manager, and result display. In CyberConnector, EO data instances and GPMs are independent and loosely coupled. A modeler only needs to create a GPM in the GMP designer for EO data customization. Once the modeler specifies a study area, the designed GPM will be activated and take the temporal and spatial extents as constraints to search the data sources and customize the available EO data into the ESM-acceptable form. The execution of GMP is completely automatic. Currently CyberConnector has been fully developed. In order to validate the feasibility, flexibility, and ESM independence of CyberConnector, three ESMs from different geoscience disciplines, including the Cloud-Resolving Model (CRM), the Finite Volume Coastal Ocean Model (FVCOM), and the Community Multiscale Air Quality Model (CMAQ), have been experimented with CyberConnector through closely collaborating with modelers. In the experiment, the time of traditional manual operation and CyberConnector operation was compared and other benefits were identified. The result indicates that CyberConnector can save about 80% of data customization time. In addition, it can simplify the steps to plug in a data source into an ESM and lower the entry barriers for beginners to use EO data in ESMs.

CYBER WARFARE GOVERNANCE: EVALUATION OF CURRENT INTERNATIONAL AGREEMENTS ON THE OFFENSIVE USE OF CYBER

DTIC Science & Technology

2015-10-01

AIR COMMAND AND STAFF COLLEGE DISTANCE LEARNING AIR UNIVERSITY CYBER WARFARE GOVERNANCE: EVALUATION OF CURRENT INTERNATIONAL AGREEMENTS ON THE...order to prevent catastrophic second and third order effects. Rule 43 “prohibits means or methods of cyber warfare that indiscriminate by nature...Means and methods of cyber warfare are indiscriminate by nature if they cannot be: directed at a specific military objective, or limited in their

Cyber Operational Architecture Training System Cyber for All

DTIC Science & Technology

2015-12-30

Ingenia Services, Inc. Camp H.M. Smith , HI Camp H.M. Smith , HI william.d.wells1.ctr@pacom.mil derek.bryan.ctr@pacom.mil ABSTRACT Current...War Innovation Center USPACOM J81 / Ingenia Services, Inc. Camp H.M. Smith , HI Camp H.M. Smith , HI william.d.wells1.ctr@pacom.mil derek.bryan.ctr

Cyber threats to health information systems: A systematic review.

PubMed

Luna, Raul; Rhine, Emily; Myhra, Matthew; Sullivan, Ross; Kruse, Clemens Scott

2016-01-01

Recent legislation empowering providers to embrace the electronic exchange of health information leaves the healthcare industry increasingly vulnerable to cybercrime. The objective of this systematic review is to identify the biggest threats to healthcare via cybercrime. The rationale behind this systematic review is to provide a framework for future research by identifying themes and trends of cybercrime in the healthcare industry. The authors conducted a systematic search through the CINAHL, Academic Search Complete, PubMed, and ScienceDirect databases to gather literature relative to cyber threats in healthcare. All authors reviewed the articles collected and excluded literature that did not focus on the objective. Researchers selected and examined 19 articles for common themes. The most prevalent cyber-criminal activity in healthcare is identity theft through data breach. Other concepts identified are internal threats, external threats, cyber-squatting, and cyberterrorism. The industry has now come to rely heavily on digital technologies, which increase risks such as denial of service and data breaches. Current healthcare cyber-security systems do not rival the capabilities of cyber criminals. Security of information is a costly resource and therefore many HCOs may hesitate to invest what is required to protect sensitive information.

Adaptive optimisation-offline cyber attack on remote state estimator

NASA Astrophysics Data System (ADS)

Huang, Xin; Dong, Jiuxiang

2017-10-01

Security issues of cyber-physical systems have received increasing attentions in recent years. In this paper, deception attacks on the remote state estimator equipped with the chi-squared failure detector are considered, and it is assumed that the attacker can monitor and modify all the sensor data. A novel adaptive optimisation-offline cyber attack strategy is proposed, where using the current and previous sensor data, the attack can yield the largest estimation error covariance while ensuring to be undetected by the chi-squared monitor. From the attacker's perspective, the attack is better than the existing linear deception attacks to degrade the system performance. Finally, some numerical examples are provided to demonstrate theoretical results.

Medical cyber-physical systems: A survey.

PubMed

Dey, Nilanjan; Ashour, Amira S; Shi, Fuqian; Fong, Simon James; Tavares, João Manuel R S

2018-03-10

Medical cyber-physical systems (MCPS) are healthcare critical integration of a network of medical devices. These systems are progressively used in hospitals to achieve a continuous high-quality healthcare. The MCPS design faces numerous challenges, including inoperability, security/privacy, and high assurance in the system software. In the current work, the infrastructure of the cyber-physical systems (CPS) are reviewed and discussed. This article enriched the researches of the networked Medical Device (MD) systems to increase the efficiency and safety of the healthcare. It also can assist the specialists of medical device to overcome crucial issues related to medical devices, and the challenges facing the design of the medical device's network. The concept of the social networking and its security along with the concept of the wireless sensor networks (WSNs) are addressed. Afterward, the CPS systems and platforms have been established, where more focus was directed toward CPS-based healthcare. The big data framework of CPSs is also included.

Optimizing CyberShake Seismic Hazard Workflows for Large HPC Resources

NASA Astrophysics Data System (ADS)

Callaghan, S.; Maechling, P. J.; Juve, G.; Vahi, K.; Deelman, E.; Jordan, T. H.

2014-12-01

The CyberShake computational platform is a well-integrated collection of scientific software and middleware that calculates 3D simulation-based probabilistic seismic hazard curves and hazard maps for the Los Angeles region. Currently each CyberShake model comprises about 235 million synthetic seismograms from about 415,000 rupture variations computed at 286 sites. CyberShake integrates large-scale parallel and high-throughput serial seismological research codes into a processing framework in which early stages produce files used as inputs by later stages. Scientific workflow tools are used to manage the jobs, data, and metadata. The Southern California Earthquake Center (SCEC) developed the CyberShake platform using USC High Performance Computing and Communications systems and open-science NSF resources.CyberShake calculations were migrated to the NSF Track 1 system NCSA Blue Waters when it became operational in 2013, via an interdisciplinary team approach including domain scientists, computer scientists, and middleware developers. Due to the excellent performance of Blue Waters and CyberShake software optimizations, we reduced the makespan (a measure of wallclock time-to-solution) of a CyberShake study from 1467 to 342 hours. We will describe the technical enhancements behind this improvement, including judicious introduction of new GPU software, improved scientific software components, increased workflow-based automation, and Blue Waters-specific workflow optimizations.Our CyberShake performance improvements highlight the benefits of scientific workflow tools. The CyberShake workflow software stack includes the Pegasus Workflow Management System (Pegasus-WMS, which includes Condor DAGMan), HTCondor, and Globus GRAM, with Pegasus-mpi-cluster managing the high-throughput tasks on the HPC resources. The workflow tools handle data management, automatically transferring about 13 TB back to SCEC storage.We will present performance metrics from the most recent CyberShake study, executed on Blue Waters. We will compare the performance of CPU and GPU versions of our large-scale parallel wave propagation code, AWP-ODC-SGT. Finally, we will discuss how these enhancements have enabled SCEC to move forward with plans to increase the CyberShake simulation frequency to 1.0 Hz.

CYBER DETERRENCE

DTIC Science & Technology

2016-02-11

directed.36 Protected systems operating on secure networks will weigh into the adversaries calculus of risk and cost of their actions versus this... calculus deterring them from attack. Our extended defense with forts and lookouts searching outside the perimeter providing current intelligence of any...Last accessed 30 January 2016). 51 Phil Stewart , U.S. Defense Chief says pre-emptive action possible over cyber threat, Oct 11, 2012, http

Cyber security evaluation of II&C technologies

DOE Office of Scientific and Technical Information (OSTI.GOV)

Thomas, Ken

The Light Water Reactor Sustainability (LWRS) Program is a research and development program sponsored by the Department of Energy, which is conducted in close collaboration with industry to provide the technical foundations for licensing and managing the long-term, safe and economical operation of current nuclear power plants The LWRS Program serves to help the US nuclear industry adopt new technologies and engineering solutions that facilitate the continued safe operation of the plants and extension of the current operating licenses. Within the LWRS Program, the Advanced Instrumentation, Information, and Control (II&C) Systems Technologies Pathway conducts targeted research and development (R&D) tomore » address aging and reliability concerns with the legacy instrumentation and control and related information systems of the U.S. operating light water reactor (LWR) fleet. The II&C Pathway is conducted by Idaho National Laboratory (INL). Cyber security is a common concern among nuclear utilities and other nuclear industry stakeholders regarding the digital technologies that are being developed under this program. This concern extends to the point of calling into question whether these types of technologies could ever be deployed in nuclear plants given the possibility that the information in them can be compromised and the technologies themselves can potentially be exploited to serve as attack vectors for adversaries. To this end, a cyber security evaluation has been conducted of these technologies to determine whether they constitute a threat beyond what the nuclear plants already manage within their regulatory-required cyber security programs. Specifically, the evaluation is based on NEI 08-09, which is the industry’s template for cyber security programs and evaluations, accepted by the Nuclear Regulatory Commission (NRC) as responsive to the requirements of the nuclear power plant cyber security regulation found in 10 CFR 73.54. The evaluation was conducted by a cyber security team with expertise in nuclear utility cyber security programs and experience in conducting these evaluations. The evaluation has determined that, for the most part, cyber security will not be a limiting factor in the application of these technologies to nuclear power plant applications.« less

Protecting against cyber threats in networked information systems

NASA Astrophysics Data System (ADS)

Ertoz, Levent; Lazarevic, Aleksandar; Eilertson, Eric; Tan, Pang-Ning; Dokas, Paul; Kumar, Vipin; Srivastava, Jaideep

2003-07-01

This paper provides an overview of our efforts in detecting cyber attacks in networked information systems. Traditional signature based techniques for detecting cyber attacks can only detect previously known intrusions and are useless against novel attacks and emerging threats. Our current research at the University of Minnesota is focused on developing data mining techniques to automatically detect attacks against computer networks and systems. This research is being conducted as a part of MINDS (Minnesota Intrusion Detection System) project at the University of Minnesota. Experimental results on live network traffic at the University of Minnesota show that the new techniques show great promise in detecting novel intrusions. In particular, during the past few months our techniques have been successful in automatically identifying several novel intrusions that could not be detected using state-of-the-art tools such as SNORT.

Cyber Security and Resilient Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Robert S. Anderson

2009-07-01

The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation’s cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested – both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments tomore » date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the next generation fighter jets or nuclear material safeguards systems in complex nuclear fuel cycle facilities. It is the intent of this paper to describe the cyber security programs that are currently in place, the experiences and successes achieved in industry including outreach and training, and suggestions about how other sectors and organizations can leverage this national expertise to help their monitoring and control systems become more secure.« less

Human Capital Development - Resilient Cyber Physical Systems

DTIC Science & Technology

2017-09-29

Human Capital Development – Resilient Cyber Physical Systems Technical Report SERC-2017-TR-113 September 29, 2017 Principal Investigator...4.2.2 Cyber Attack Taxonomy for Cyber Physical Systems .............................................................................. 43 4.2.3...Cyber- physical System Attack Taxonomy ................................................................................................ 44 4.2.4

Method and apparatus for detecting cyber attacks on an alternating current power grid

DOE Office of Scientific and Technical Information (OSTI.GOV)

McEachern, Alexander; Hofmann, Ronald

A method and apparatus for detecting cyber attacks on remotely-operable elements of an alternating current distribution grid. Two state estimates of the distribution grid are prepared, one of which uses micro-synchrophasors. A difference between the two state estimates indicates a possible cyber attack.

Cyber secure systems approach for NPP digital control systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

McCreary, T. J.; Hsu, A.

2006-07-01

Whether fossil or nuclear power, the chief operations goal is to generate electricity. The heart of most plant operations is the I and C system. With the march towards open architecture, the I and C system is more vulnerable than ever to system security attacks (denial of service, virus attacks and others), thus jeopardizing plant operations. Plant staff must spend large amounts of time and money setting up and monitoring a variety of security strategies to counter the threats and actual attacks to the system. This time and money is a drain on the financial performance of a plant andmore » distracts valuable operations resources from their real goals: product. The pendulum towards complete open architecture may have swung too far. Not all aspects of proprietary hardware and software are necessarily 'bad'. As the aging U.S. fleet of nuclear power plants starts to engage in replacing legacy control systems, and given the on-going (and legitimate) concern about the security of present digital control systems, decisions about how best to approach cyber security are vital to the specification and selection of control system vendors for these upgrades. The authors maintain that utilizing certain resources available in today's digital technology, plant control systems can be configured from the onset to be inherently safe, so that plant staff can concentrate on the operational issues of the plant. The authors postulate the concept of the plant I and C being bounded in a 'Cyber Security Zone' and present a design approach that can alleviate the concern and cost at the plant level of dealing with system security strategies. Present approaches through various IT cyber strategies, commercial software, and even postulated standards from various industry/trade organizations are almost entirely reactive and simply add to cost and complexity. This Cyber Security Zone design demonstrates protection from the four classes of cyber security attacks: 1)Threat from an intruder attempting to disrupt network communications by entering the system from an attached utility network or utilizing a modem connected to a control system PC that is in turn connected to a publicly accessible phone; 2)Threat from a user connecting an unauthorized computer to the control network; 3)Threat from a security attack when an unauthorized user gains access to a PC connected to the plant network;. 4)Threat from internal disruption (by plant staff, whether, malicious or otherwise) by unauthorized usage of files or file handling media that opens the system to security threat (as typified in current situation in most control rooms). The plant I and C system cyber security design and the plant specific procedures should adequately demonstrate protection from the four pertinent classes of cyber security attacks. The combination of these features should demonstrate that the system is not vulnerable to any analyzed cyber security attacks either from internal sources or through network connections. The authors will provide configurations that will demonstrate the Cyber Security Zone. (authors)« less

Cyber-Physical Attack-Resilient Wide-Area Monitoring, Protection, and Control for the Power Grid

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ashok, Aditya; Govindarasu, Manimaran; Wang, Jianhui

Cyber security and resiliency of Wide-Area Monitoring, Protection and Control (WAMPAC) applications is critically important to ensure secure, reliable, and economic operation of the bulk power system. WAMPAC relies heavily on the security of measurements and control commands transmitted over wide-area communication networks for real-time operational, protection, and control functions. Also, the current “N-1 security criteria” for grid operation is inadequate to address malicious cyber events and therefore it is important to fundamentally redesign WAMPAC and to enhance Energy Management System (EMS) applications to make them attack-resilient. In this paper, we propose an end-to-end defense-in-depth architecture for attack-resilient WAMPAC thatmore » addresses resilience at both the infrastructure layer and the application layers. Also, we propose an attack-resilient cyber-physical security framework that encompasses the entire security life cycle including risk assessment, attack prevention, attack detection, attack mitigation, and attack resilience. The overarching objective of this paper is to provide a broad scope that comprehensively describes most of the major research issues and potential solutions in the context of cyber-physical security of WAMPAC for the power grid.« less

Comparison of the learnability and retention between Blissymbols and CyberGlyphs.

PubMed

Alant, Erna; Life, Henriette; Harty, Michal

2005-01-01

There are a variety of graphic symbol sets/systems (GSSs) currently used in the field of augmentative and alternative communication (AAC). Various characteristics of these graphic symbol systems affect learnability and should be considered in order to make a meaningful match between the user of AAC and the system. Although a variety of studies on learnability of graphic systems have been conducted in the past, all studies conducted included participants from Western countries. To compare two symbol systems, namely Blissymbolics and CyberGlyphs in terms of learnability. To identify the overall performance between Blissymbolics and CyberGlyphs in terms of the percentage of symbols correctly identified at the various stages. A quasi-experimental crossover design between groups was carried out on two homogeneous groups of typically developing, Northern Sotho-speaking children. Data were obtained by teaching 80 different referents (40 from each symbol system) to 50 Northern Sotho speaking regular students from South Africa, ranging from grade 4 to 6. The participants were tested on symbol recognition at four different stages: after initial training, after a revision period, after a 7-day withdrawal period and after 30 days of withdrawal. The overall results indicated that the ease of learning and memory retention of the CyberGlyphs were higher than that of Blissymbols, irrespective of the group or the sequence of exposure. Possible reasons for the differences are discussed. CyberGlyphs seem to be more accessible as the symbols in general seem to be more detailed and also are meant to be hand drawn rather than computer or stencil produced. Within this context, CyberGlyphs could be easier to access visually than Blissymbolics, especially for children who do not have extensive experience in dealing with geometric shapes, particularly for the children who do not come from rich literacy backgrounds or who do not have rich visual perceptual experiences to draw from. Even though initial learning might be faster for CyberGlyphs than for Blissymbolics in certain populations, there may be other factors to consider when making a choice between the two graphic symbol systems. Within the clinical setting CyberGlyphs can provide the individual who uses AAC with a more user-friendly system as an entrance to the use of other graphic symbol systems. This may be especially important in contexts where issues surrounding poverty and lack of early exposure to literacy exist.

78 FR 9951 - Excepted Service

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-12

...) Not to exceed 3000 positions that require unique cyber security skills and knowledge to perform cyber..., distributed control systems security, cyber incident response, cyber exercise facilitation and management, cyber vulnerability detection and assessment, network and systems engineering, enterprise architecture...

Cyber threats within civil aviation

NASA Astrophysics Data System (ADS)

Heitner, Kerri A.

Existing security policies in civil aviation do not adequately protect against evolving cyber threats. Cybersecurity has been recognized as a top priority among some aviation industry leaders. Heightened concerns regarding cyber threats and vulnerabilities surround components utilized in compliance with the Federal Aviation Administration's (FAA) Next Generation Air Transportation (NextGen) implementation. Automated Dependent Surveillance-B (ADS-B) and Electronic Flight Bags (EFB) have both been exploited through the research of experienced computer security professionals. Civil aviation is essential to international infrastructure and if its critical assets were compromised, it could pose a great risk to public safety and financial infrastructure. The purpose of this research was to raise awareness of aircraft system vulnerabilities in order to provoke change among current national and international cybersecurity policies, procedures and standards. Although the education of cyber threats is increasing in the aviation industry, there is not enough urgency when creating cybersecurity policies. This project intended to answer the following questions: What are the cyber threats to ADS-B of an aircraft in-flight? What are the cyber threats to EFB? What is the aviation industry's response to the issue of cybersecurity and in-flight safety? ADS-B remains unencrypted while the FAA's mandate to implement this system is rapidly approaching. The cyber threat of both portable and non-portable EFB's have received increased publicity, however, airlines are not responding quick enough (if at all) to create policies for the use of these devices. Collectively, the aviation industry is not being proactive enough to protect its aircraft or airport network systems. That is not to say there are not leaders in cybersecurity advancement. These proactive organizations must set the standard for the future to better protect society and it's most reliable form of transportation.

Security Informatics Research Challenges for Mitigating Cyber Friendly Fire

DOE Office of Scientific and Technical Information (OSTI.GOV)

Carroll, Thomas E.; Greitzer, Frank L.; Roberts, Adam D.

This paper addresses cognitive implications and research needs surrounding the problem of cyber friendly re (FF). We dene cyber FF as intentional o*ensive or defensive cyber/electronic actions intended to protect cyber systems against enemy forces or to attack enemy cyber systems, which unintentionally harms the mission e*ectiveness of friendly or neutral forces. We describe examples of cyber FF and discuss how it ts within a general conceptual framework for cyber security failures. Because it involves human failure, cyber FF may be considered to belong to a sub-class of cyber security failures characterized as unintentional insider threats. Cyber FF is closelymore » related to combat friendly re in that maintaining situation awareness (SA) is paramount to avoiding unintended consequences. Cyber SA concerns knowledge of a system's topology (connectedness and relationships of the nodes in a system), and critical knowledge elements such as the characteristics and vulnerabilities of the components that comprise the system and its nodes, the nature of the activities or work performed, and the available defensive and o*ensive countermeasures that may be applied to thwart network attacks. We describe a test bed designed to support empirical research on factors a*ecting cyber FF. Finally, we discuss mitigation strategies to combat cyber FF, including both training concepts and suggestions for decision aids and visualization approaches.« less

INL Control System Situational Awareness Technology Annual Report 2012

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gordon Rueff; Bryce Wheeler; Todd Vollmer

The overall goal of this project is to develop an interoperable set of tools to provide a comprehensive, consistent implementation of cyber security and overall situational awareness of control and sensor network implementations. The operation and interoperability of these tools will fill voids in current technological offerings and address issues that remain an impediment to the security of control systems. This report provides an FY 2012 update on the Sophia, Mesh Mapper, Intelligent Cyber Sensor, and Data Fusion projects with respect to the year-two tasks and annual reporting requirements of the INL Control System Situational Awareness Technology report (July 2010).

Cyber attack analysis on cyber-physical systems: Detectability, severity, and attenuation strategy

NASA Astrophysics Data System (ADS)

Kwon, Cheolhyeon

Security of Cyber-Physical Systems (CPS) against malicious cyber attacks is an important yet challenging problem. Since most cyber attacks happen in erratic ways, it is usually intractable to describe and diagnose them systematically. Motivated by such difficulties, this thesis presents a set of theories and algorithms for a cyber-secure architecture of the CPS within the control theoretic perspective. Here, instead of identifying a specific cyber attack model, we are focused on analyzing the system's response during cyber attacks. Firstly, we investigate the detectability of the cyber attacks from the system's behavior under cyber attacks. Specifically, we conduct a study on the vulnerabilities in the CPS's monitoring system against the stealthy cyber attack that is carefully designed to avoid being detected by its detection scheme. After classifying three kinds of cyber attacks according to the attacker's ability to compromise the system, we derive the necessary and sufficient conditions under which such stealthy cyber attacks can be designed to cause the unbounded estimation error while not being detected. Then, the analytical design method of the optimal stealthy cyber attack that maximizes the estimation error is developed. The proposed stealthy cyber attack analysis is demonstrated with illustrative examples on Air Traffic Control (ATC) system and Unmanned Aerial Vehicle (UAV) navigation system applications. Secondly, in an attempt to study the CPSs' vulnerabilities in more detail, we further discuss a methodology to identify potential cyber threats inherent in the given CPSs and quantify the attack severity accordingly. We then develop an analytical algorithm to test the behavior of the CPS under various cyber attack combinations. Compared to a numerical approach, the analytical algorithm enables the prediction of the most effective cyber attack combinations without computing the severity of all possible attack combinations, thereby greatly reducing the computational cost. The proposed algorithm is validated through a linearized longitudinal motion of a UAV example. Finally, we propose an attack attenuation strategy via the controller design for CPSs that are robust to various types of cyber attacks. While the previous studies have investigated a secure control by assuming a specific attack strategy, in this research we propose a hybrid robust control scheme that contains multiple sub-controllers, each matched to a specific type of cyber attacks. Then the system can be adapted to various cyber attacks (including those that are not assumed for sub-controller design) by switching its sub-controllers to achieve the best performance. Then, a method for designing a secure switching logic to counter all possible cyber attacks is proposed and it verifies mathematically the system's performance and stability as well. The performance of the proposed control scheme is demonstrated by an example with the hybrid H2 - H-infinity controller applied to a UAV example.

On the Use of Offensive Cyber Capabilities: A Policy Analysis on Offensive US Cyber Policy

DTIC Science & Technology

2012-03-20

greater success in addressing systemic issues with the current networking structures in cyberspace (such as IPv4 , and border gateway protocol (BGP...PERFORMING ORGANIZATION NAME(S) AND ADDRESS (ES) Harvard Kennedy School,79 John F. Kennedy Street,Cambridge,MA,02138 8. PERFORMING ORGANIZATION...REPORT NUMBER 9. SPONSORING/MONITORING AGENCY NAME(S) AND ADDRESS (ES) 10. SPONSOR/MONITOR’S ACRONYM(S) 11. SPONSOR/MONITOR’S REPORT NUMBER(S) 12

International Cyber Incident Repository System: Information Sharing on a Global Scale

DOE Office of Scientific and Technical Information (OSTI.GOV)

Joyce, Amanda L.; Evans, PhD, Nathaniel; Tanzman, Edward A.

According to the 2016 Internet Security Threat Report, the largest number of cyber attacks were recorded last year (2015), reaching a total of 430 million incidents throughout the world. As the number of cyber incidents increases, the need for information and intelligence sharing increases, as well. This fairly large increase in cyber incidents is driving the need for an international cyber incident data reporting system. The goal of the cyber incident reporting system is to make available shared and collected information about cyber events among participating international parties. In its 2014 report, Insurance Industry Working Session Readout Report-Insurance for CyberRelatedmore » Critical Infrastructure Loss: Key Issues, on the outcomes of a working session on cyber insurance, the U.S. Department of Homeland Security observed that “many participants cited the need for a secure method through which organizations could pool and share cyber incident information” and noted that one underwriter emphasized the importance of internationally harmonized data taxonomies. This cyber incident data reporting system could benefit all nations that take part in reporting incidents to provide a more common operating picture. In addition, this reporting system could allow for trending and anticipated attacks and could potentially benefit participating members by enabling them to get in front of potential attacks. The purpose of this paper is to identify options for consideration for such a system in fostering cooperative cyber defense.« less

Cyber Friendly Fire: Research Challenges for Security Informatics

DOE Office of Scientific and Technical Information (OSTI.GOV)

Greitzer, Frank L.; Carroll, Thomas E.; Roberts, Adam D.

This paper addresses cognitive implications and research needs surrounding the problem of cyber friendly fire (FF). We define cyber FF as intentional offensive or defensive cyber/electronic actions intended to protect cyber systems against enemy forces or to attack enemy cyber systems, which unintention-ally harms the mission effectiveness of friendly or neutral forces. Just as with combat friendly fire, maintaining situation awareness (SA) is paramount to avoiding cyber FF incidents. Cyber SA concerns knowledge of a system’s topology (connectedness and relationships of the nodes in a system), and critical knowledge elements such as the characteristics and vulnerabilities of the components thatmore » comprise the system and its nodes, the nature of the activities or work performed, and the available defensive and offensive countermeasures that may be applied to thwart network attacks. Mitigation strategies to combat cyber FF— including both training concepts and suggestions for decision aids and visualization approaches—are discussed.« less

Assessment of current cybersecurity practices in the public domain : cyber indications and warnings domain.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hamlet, Jason R.; Keliiaa, Curtis M.

This report assesses current public domain cyber security practices with respect to cyber indications and warnings. It describes cybersecurity industry and government activities, including cybersecurity tools, methods, practices, and international and government-wide initiatives known to be impacting current practice. Of particular note are the U.S. Government's Trusted Internet Connection (TIC) and 'Einstein' programs, which are serving to consolidate the Government's internet access points and to provide some capability to monitor and mitigate cyber attacks. Next, this report catalogs activities undertaken by various industry and government entities. In addition, it assesses the benchmarks of HPC capability and other HPC attributes thatmore » may lend themselves to assist in the solution of this problem. This report draws few conclusions, as it is intended to assess current practice in preparation for future work, however, no explicit references to HPC usage for the purpose of analyzing cyber infrastructure in near-real-time were found in the current practice. This report and a related SAND2010-4766 National Cyber Defense High Performance Computing and Analysis: Concepts, Planning and Roadmap report are intended to provoke discussion throughout a broad audience about developing a cohesive HPC centric solution to wide-area cybersecurity problems.« less

Medical Differential Diagnosis (MDD) as the Architectural Framework for a Knowledge Model: A Vulnerability Detection and Threat Identification Methodology for Cyber-Crime and Cyber-Terrorism

ERIC Educational Resources Information Center

Conley-Ware, Lakita D.

2010-01-01

This research addresses a real world cyberspace problem, where currently no cross industry standard methodology exists. The goal is to develop a model for identification and detection of vulnerabilities and threats of cyber-crime or cyber-terrorism where cyber-technology is the vehicle to commit the criminal or terrorist act (CVCT). This goal was…

Temporal Cyber Attack Detection.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ingram, Joey Burton; Draelos, Timothy J.; Galiardi, Meghan

Rigorous characterization of the performance and generalization ability of cyber defense systems is extremely difficult, making it hard to gauge uncertainty, and thus, confidence. This difficulty largely stems from a lack of labeled attack data that fully explores the potential adversarial space. Currently, performance of cyber defense systems is typically evaluated in a qualitative manner by manually inspecting the results of the system on live data and adjusting as needed. Additionally, machine learning has shown promise in deriving models that automatically learn indicators of compromise that are more robust than analyst-derived detectors. However, to generate these models, most algorithms requiremore » large amounts of labeled data (i.e., examples of attacks). Algorithms that do not require annotated data to derive models are similarly at a disadvantage, because labeled data is still necessary when evaluating performance. In this work, we explore the use of temporal generative models to learn cyber attack graph representations and automatically generate data for experimentation and evaluation. Training and evaluating cyber systems and machine learning models requires significant, annotated data, which is typically collected and labeled by hand for one-off experiments. Automatically generating such data helps derive/evaluate detection models and ensures reproducibility of results. Experimentally, we demonstrate the efficacy of generative sequence analysis techniques on learning the structure of attack graphs, based on a realistic example. These derived models can then be used to generate more data. Additionally, we provide a roadmap for future research efforts in this area.« less

Impact of Protection Motivation Theory and General Deterrence Theory on the Behavioral Intention to Implement and Misuse Active Cyber Defense

ERIC Educational Resources Information Center

White, Jautau Kelton

2017-01-01

Current cybersecurity measures have become a major concern for commercial organizations in the United States. As the cyber-attack landscape expands and the skills and knowledge of the cyber-attacker become broader, the current measures that are taken and the laws structured around them are making it increasingly difficult for commercial…

Moving Target Techniques: Cyber Resilience throught Randomization, Diversity, and Dynamism

DTIC Science & Technology

2017-03-03

Moving Target Techniques: Cyber Resilience through Randomization, Diversity, and Dynamism Hamed Okhravi and Howard Shrobe Overview: The static...nature of computer systems makes them vulnerable to cyber attacks. Consider a situation where an attacker wants to compromise a remote system running... cyber resilience that attempts to rebalance the cyber landscape is known as cyber moving target (MT) (or just moving target) techniques. Moving target

Programmable Logic Controllers for Research on the Cyber Security of Industrial Power Plants

DTIC Science & Technology

2017-02-12

group . 15. SUBJECT TERMS Industrial control systems, cyber security 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF a. REPORT b. ABSTRACT c. THIS...currently valid OMB control number. PLEASE DO NOT RETURN YOUR FORM TO THE ABOVE ADDRESS. 1. REPORT DATE (00-MM-YYYY) ,2. REPORT TYPE 3. DATES COVERED...From- To) 12/02/2017 Final 15 August 2015 - 12 February 2017 4. TITLE AND SUBTITLE Sa. CONTRACT NUMBER Programmable Logic Controllers for Research

SU-F-T-554: Dark Current Effect On CyberKnife Beam Dosimetry

DOE Office of Scientific and Technical Information (OSTI.GOV)

Kim, H; Chang, A

Purpose: All RF linear accelerators produce dark current to varying degrees when an accelerating voltage and RF input is applied in the absence of electron gun injection. This study is to evaluate how dark current from the linear accelerator of CyberKnife affect the dose in the reference dosimetry. Methods: The G4 CyberKnife system with 6MV photon beam was used in this study. Using the ion chamber and the diode detector, the dose was measured in water with varying time delay between acquiring charges and staring beam-on after applying high-voltage into the linear accelerator. The dose was measured after the timemore » delay with over the range of 0 to 120 seconds in the accelerating high-voltage mode without beam-on, applying 0, 10, 50, 100, and 200 MUs. For the measurements, the collimator of 60 mm was used and the detectors were placed at the depths of 10 cm with the source-to-surface distance of 80 cm. Results: The dark current was constant over time regardless of MU. The dose due to the dark current increased over time linearly with the R-squared value of 0.9983 up to 4.4 cGy for the time 120 seconds. In the dose rate setting of 720 MU/min, the relative dose when applying the accelerating voltage without beam-on was increased over time up to 0.6% but it was less than the leakage radiation resulted from the accelerated head. As the reference dosimetry condition, when 100 MU was delivered after 10 seconds time delay, the relative dose increased by 0.7% but 6.7% for the low MU (10 MU). Conclusion: In the dosimetry using CyberKnife system, the constant dark current affected to the dose. Although the time delay in the accelerating high-voltage mode without beam-on is within 10 seconds, the dose less than 100 cGy can be overestimated more than 1%.« less

The Future Cybersecurity Workforce: Going Beyond Technical Skills for Successful Cyber Performance.

PubMed

Dawson, Jessica; Thomson, Robert

2018-01-01

One of the challenges in writing an article reviewing the current state of cyber education and workforce development is that there is a paucity of quantitative assessment regarding the cognitive aptitudes, work roles, or team organization required by cybersecurity professionals to be successful. In this review, we argue that the people who operate within the cyber domain need a combination of technical skills, domain specific knowledge, and social intelligence to be successful. They, like the networks they operate, must also be reliable, trustworthy, and resilient. Defining the knowledge, skills, attributes, and other characteristics is not as simple as defining a group of technical skills that people can be trained on; the complexity of the cyber domain makes this a unique challenge. There has been little research devoted to exactly what attributes individuals in the cyber domain need. What research does exist places an emphasis on technical and engineering skills while discounting the important social and organizational influences that dictate success or failure in everyday settings. This paper reviews the literature on cyber expertise and cyber workforce development to identify gaps and then argues for the important contribution of social fit in the highly complex and heterogenous cyber workforce. We then identify six assumptions for the future of cybersecurity workforce development, including the requirement for systemic thinkers, team players, a love for continued learning, strong communication ability, a sense of civic duty, and a blend of technical and social skill. Finally, we make recommendations for social and cognitive metrics which may be indicative of future performance in cyber work roles to provide a roadmap for future scholars.

The Prevalence of Cyber Bullying Victimization and Its Relationship to Academic, Social, and Emotional Adjustment among College Students

ERIC Educational Resources Information Center

Beebe, Jennifer Elizabeth

2010-01-01

The current study investigated the prevalence and frequency of cyber bullying victimization and examined the impact of cyber bullying on academic, social, and emotional college adjustment. Participants were recruited from two universities in the United States. Participants completed the Revised Cyber Bullying Survey (Kowalski & Limber, 2007)…

SAGA: A project to automate the management of software production systems

NASA Technical Reports Server (NTRS)

Campbell, R. H.

1983-01-01

The current work in progress for the SAGA project are described. The highlights of this research are: a parser independent SAGA editor, design for the screen editing facilities of the editor, delivery to NASA of release 1 of Olorin, the SAGA parser generator, personal workstation environment research, release 1 of the SAGA symbol table manager, delta generation in SAGA, requirements for a proof management system, documentation for and testing of the cyber pascal make prototype, a prototype cyber-based slicing facility, a June 1984 demonstration plan, SAGA utility programs, summary of UNIX software engineering support, and theorem prover review.

On Cyber Warfare Command and Control Systems

DTIC Science & Technology

2004-06-01

longer adequate to rely solely on the now traditional defense-in-depth strategy. We must recognize that we are engaged in a form of warfare, cyber warfare , and... warfare . This causes security devices to be used ineffectively and responses to be untimely. Cyber warfare then becomes a one-sided battle where the... cyber warfare strategy and tactics requires a cyber warfare command and control system. Responses to cyber attacks do not require offensive measures

Protecting Networks Via Automated Defense of Cyber Systems

DTIC Science & Technology

2016-09-01

autonomics, and artificial intelligence . Our conclusion is that automation is the future of cyber defense, and that advances are being made in each of...SUBJECT TERMS Internet of Things, autonomics, sensors, artificial intelligence , cyber defense, active cyber defense, automated indicator sharing...called Automated Defense of Cyber Systems, built upon three core technological components: sensors, autonomics, and artificial intelligence . Our

Engineering the smart factory

NASA Astrophysics Data System (ADS)

Harrison, Robert; Vera, Daniel; Ahmad, Bilal

2016-10-01

The fourth industrial revolution promises to create what has been called the smart factory. The vision is that within such modular structured smart factories, cyber-physical systems monitor physical processes, create a virtual copy of the physical world and make decentralised decisions. This paper provides a view of this initiative from an automation systems perspective. In this context it considers how future automation systems might be effectively configured and supported through their lifecycles and how integration, application modelling, visualisation and reuse of such systems might be best achieved. The paper briefly describes limitations in current engineering methods, and new emerging approaches including the cyber physical systems (CPS) engineering tools being developed by the automation systems group (ASG) at Warwick Manufacturing Group, University of Warwick, UK.

Towards A Theory of Autonomous Reconstitution of Compromised Cyber-Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ramuhalli, Pradeep; Halappanavar, Mahantesh; Coble, Jamie B.

The ability to maintain mission-critical operations in cyber-systems in the face of disruptions is critical. Faults in cyber systems can come from accidental sources (e.g., natural failure of a component) or deliberate sources (e.g., an intelligent adversary). Natural and intentional manipulation of data, computing, or coordination are the most impactful ways that an attacker can prevent an infrastructure from realizing its mission goals. Under these conditions, the ability to reconstitute critical infrastructure becomes important. Specifically, the question is: Given an intelligent adversary, how can cyber systems respond to keep critical infrastructure operational? In cyber systems, the distributed nature of themore » system poses serious difficulties in maintaining operations, in part due to the fact that a centralized command and control apparatus is unlikely to provide a robust framework for resilience. Resilience in cyber-systems, in general, has several components, and requires the ability to anticipate and withstand attacks or faults, as well as recover from faults and evolve the system to improve future resilience. The recovery effort (and any subsequent evolution) may require significant reconfiguration of the system (at all levels – hardware, software, services, permissions, etc.) if the system is to be made resilient to further attack or faults. This is especially important in the case of ongoing attacks, where reconfiguration decisions must be taken with care to avoid further compromising the system while maintaining continuity of operations. Collectively, we will label this recovery and evolution process as “reconstitution”. Currently, reconstitution is performed manually, generally after-the-fact, and usually consists of either standing up redundant systems, check-points (rolling back the configuration to a “clean” state), or re-creating the system using “gold-standard” copies. For enterprise systems, such reconstitution may be performed either directly on hardware, or using virtual machines. A significant challenge within this context is the ability to verify that the reconstitution is performed in a manner that renders the cyber-system resilient to ongoing and future attacks or faults. Fundamentally, the need is to determine optimal configuration of the cyber system when a fault is determined to be present. While existing theories for fault tolerance (for example, Byzantine fault tolerance) can guarantee resilience under certain conditions, in practice, these theories can break down in the face of an intelligent adversary. Further, it is difficult, in a dynamically evolving environment, to determine whether the necessary conditions for resilience have been met, resulting in difficulties in achieving resilient operation. In addition, existing theories do not sufficiently take into account the cost for attack and defense (the adversary is generally assumed to have infinite resources and time), hierarchy of importance (all network resources are assumed to be equally important), and the dynamic nature of some attacks (i.e., as the attack evolves, can resilience be maintained?). Alternative approaches to resilience based on a centralized command and control structure suffer from a single-point-failure. This paper presents preliminary research towards concepts for effective autonomous reconstitution of compromised cyber systems. We describe a mathematical framework as a first step towards a theoretical basis for autonomous reconstitution in dynamic cyber-system environments. We then propose formulating autonomous reconstitution as an optimization problem and describe some of the challenges associated with this formulation. This is followed by a brief discussion on potential solutions to these challenges.« less

DOE Office of Scientific and Technical Information (OSTI.GOV)

Casella, R.

RESTful (REpresentational State Transfer) web services are an alternative implementation to SOAP/RPC web services in a client/server model. BNLs IT Division has started deploying RESTful Web Services for enterprise data retrieval and manipulation. Data is currently used by system administrators for tracking configuration information and as it is expanded will be used by Cyber Security for vulnerability management and as an aid to cyber investigations. This talk will describe the implementation and outstanding issues as well as some of the reasons for choosing RESTful over SOAP/RPC and future directions.

Co-Simulation Platform For Characterizing Cyber Attacks in Cyber Physical Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sadi, Mohammad A. H.; Ali, Mohammad Hassan; Dasgupta, Dipankar

Smart grid is a complex cyber physical system containing a numerous and variety of sources, devices, controllers and loads. Communication/Information infrastructure is the backbone of the smart grid system where different grid components are connected with each other through this structure. Therefore, the drawbacks of the information technology related issues are also becoming a part of the smart grid. Further, smart grid is also vulnerable to the grid related disturbances. For such a dynamic system, disturbance and intrusion detection is a paramount issue. This paper presents a Simulink and OPNET based co-simulated test bed to carry out a cyber-intrusion inmore » a cyber-network for modern power systems and smart grid. The effect of the cyber intrusion on the physical power system is also presented. The IEEE 30 bus power system model is used to demonstrate the effectiveness of the simulated testbed. The experiments were performed by disturbing the circuit breakers reclosing time through a cyber-attack in the cyber network. Different disturbance situations in the proposed test system are considered and the results indicate the effectiveness of the proposed co-simulated scheme.« less

Generating realistic environments for cyber operations development, testing, and training

NASA Astrophysics Data System (ADS)

Berk, Vincent H.; Gregorio-de Souza, Ian; Murphy, John P.

2012-06-01

Training eective cyber operatives requires realistic network environments that incorporate the structural and social complexities representative of the real world. Network trac generators facilitate repeatable experiments for the development, training and testing of cyber operations. However, current network trac generators, ranging from simple load testers to complex frameworks, fail to capture the realism inherent in actual environments. In order to improve the realism of network trac generated by these systems, it is necessary to quantitatively measure the level of realism in generated trac with respect to the environment being mimicked. We categorize realism measures into statistical, content, and behavioral measurements, and propose various metrics that can be applied at each level to indicate how eectively the generated trac mimics the real world.

Holistic Context-Sensitivity for Run-Time Optimization of Flexible Manufacturing Systems.

PubMed

Scholze, Sebastian; Barata, Jose; Stokic, Dragan

2017-02-24

Highly flexible manufacturing systems require continuous run-time (self-) optimization of processes with respect to diverse parameters, e.g., efficiency, availability, energy consumption etc. A promising approach for achieving (self-) optimization in manufacturing systems is the usage of the context sensitivity approach based on data streaming from high amount of sensors and other data sources. Cyber-physical systems play an important role as sources of information to achieve context sensitivity. Cyber-physical systems can be seen as complex intelligent sensors providing data needed to identify the current context under which the manufacturing system is operating. In this paper, it is demonstrated how context sensitivity can be used to realize a holistic solution for (self-) optimization of discrete flexible manufacturing systems, by making use of cyber-physical systems integrated in manufacturing systems/processes. A generic approach for context sensitivity, based on self-learning algorithms, is proposed aiming at a various manufacturing systems. The new solution encompasses run-time context extractor and optimizer. Based on the self-learning module both context extraction and optimizer are continuously learning and improving their performance. The solution is following Service Oriented Architecture principles. The generic solution is developed and then applied to two very different manufacturing processes.

Holistic Context-Sensitivity for Run-Time Optimization of Flexible Manufacturing Systems

PubMed Central

Scholze, Sebastian; Barata, Jose; Stokic, Dragan

2017-01-01

Highly flexible manufacturing systems require continuous run-time (self-) optimization of processes with respect to diverse parameters, e.g., efficiency, availability, energy consumption etc. A promising approach for achieving (self-) optimization in manufacturing systems is the usage of the context sensitivity approach based on data streaming from high amount of sensors and other data sources. Cyber-physical systems play an important role as sources of information to achieve context sensitivity. Cyber-physical systems can be seen as complex intelligent sensors providing data needed to identify the current context under which the manufacturing system is operating. In this paper, it is demonstrated how context sensitivity can be used to realize a holistic solution for (self-) optimization of discrete flexible manufacturing systems, by making use of cyber-physical systems integrated in manufacturing systems/processes. A generic approach for context sensitivity, based on self-learning algorithms, is proposed aiming at a various manufacturing systems. The new solution encompasses run-time context extractor and optimizer. Based on the self-learning module both context extraction and optimizer are continuously learning and improving their performance. The solution is following Service Oriented Architecture principles. The generic solution is developed and then applied to two very different manufacturing processes. PMID:28245564

Cyber ACTS/SAASS: A Second Year of Command and Staff College for the Future Leaders of Our Cyber Forces

DTIC Science & Technology

2009-01-01

objectives. The Air Force is struggling to determine the best way of developing offensive and defensive capabilities for cyber warfare . Our warfighting...education (IDE) cyber warfare program at the Air Force Institute of Technology (AFIT), located at Wright-Patterson AFB, Ohio. I propose that the Air...Force create a two-year professional military education (PME) path consisting of ACSC followed by AFIT’s cyber warfare program, paralleling the current path of ACSC followed by SAASS.

Cyber-Physical System Security of Smart Grids

DOE Office of Scientific and Technical Information (OSTI.GOV)

Dagle, Jeffery E.

2012-01-31

Abstract—This panel presentation will provide perspectives of cyber-physical system security of smart grids. As smart grid technologies are deployed, the interconnected nature of these systems is becoming more prevalent and more complex, and the cyber component of this cyber-physical system is increasing in importance. Studying system behavior in the face of failures (e.g., cyber attacks) allows a characterization of the systems’ response to failure scenarios, loss of communications, and other changes in system environment (such as the need for emergent updates and rapid reconfiguration). The impact of such failures on the availability of the system can be assessed and mitigationmore » strategies considered. Scenarios associated with confidentiality, integrity, and availability are considered. The cyber security implications associated with the American Recovery and Reinvestment Act of 2009 in the United States are discussed.« less

The Future Cybersecurity Workforce: Going Beyond Technical Skills for Successful Cyber Performance

PubMed Central

Dawson, Jessica; Thomson, Robert

2018-01-01

One of the challenges in writing an article reviewing the current state of cyber education and workforce development is that there is a paucity of quantitative assessment regarding the cognitive aptitudes, work roles, or team organization required by cybersecurity professionals to be successful. In this review, we argue that the people who operate within the cyber domain need a combination of technical skills, domain specific knowledge, and social intelligence to be successful. They, like the networks they operate, must also be reliable, trustworthy, and resilient. Defining the knowledge, skills, attributes, and other characteristics is not as simple as defining a group of technical skills that people can be trained on; the complexity of the cyber domain makes this a unique challenge. There has been little research devoted to exactly what attributes individuals in the cyber domain need. What research does exist places an emphasis on technical and engineering skills while discounting the important social and organizational influences that dictate success or failure in everyday settings. This paper reviews the literature on cyber expertise and cyber workforce development to identify gaps and then argues for the important contribution of social fit in the highly complex and heterogenous cyber workforce. We then identify six assumptions for the future of cybersecurity workforce development, including the requirement for systemic thinkers, team players, a love for continued learning, strong communication ability, a sense of civic duty, and a blend of technical and social skill. Finally, we make recommendations for social and cognitive metrics which may be indicative of future performance in cyber work roles to provide a roadmap for future scholars. PMID:29946276

Cyber-Physical System Security of a Power Grid: State-of-the-Art

DOE PAGES

Sun, Chih -Che; Liu, Chen -Ching; Xie, Jing

2016-07-14

Here, as part of the smart grid development, more and more technologies are developed and deployed on the power grid to enhance the system reliability. A primary purpose of the smart grid is to significantly increase the capability of computer-based remote control and automation. As a result, the level of connectivity has become much higher, and cyber security also becomes a potential threat to the cyber-physical systems (CPSs). In this paper, a survey of the state-of-the-art is conducted on the cyber security of the power grid concerning issues of: the structure of CPSs in a smart grid; cyber vulnerability assessment;more » cyber protection systems; and testbeds of a CPS. At Washington State University (WSU), the Smart City Testbed (SCT) has been developed to provide a platform to test, analyze and validate defense mechanisms against potential cyber intrusions. A test case is provided in this paper to demonstrate how a testbed helps the study of cyber security and the anomaly detection system (ADS) for substations.« less

Cyber-Physical System Security of a Power Grid: State-of-the-Art

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sun, Chih -Che; Liu, Chen -Ching; Xie, Jing

Here, as part of the smart grid development, more and more technologies are developed and deployed on the power grid to enhance the system reliability. A primary purpose of the smart grid is to significantly increase the capability of computer-based remote control and automation. As a result, the level of connectivity has become much higher, and cyber security also becomes a potential threat to the cyber-physical systems (CPSs). In this paper, a survey of the state-of-the-art is conducted on the cyber security of the power grid concerning issues of: the structure of CPSs in a smart grid; cyber vulnerability assessment;more » cyber protection systems; and testbeds of a CPS. At Washington State University (WSU), the Smart City Testbed (SCT) has been developed to provide a platform to test, analyze and validate defense mechanisms against potential cyber intrusions. A test case is provided in this paper to demonstrate how a testbed helps the study of cyber security and the anomaly detection system (ADS) for substations.« less

The rate of cyber dating abuse among teens and how it relates to other forms of teen dating violence.

PubMed

Zweig, Janine M; Dank, Meredith; Yahner, Jennifer; Lachman, Pamela

2013-07-01

To date, little research has documented how teens might misuse technology to harass, control, and abuse their dating partners. This study examined the extent of cyber dating abuse-abuse via technology and new media-in youth relationships and how it relates to other forms of teen dating violence. A total of 5,647 youth from ten schools in three northeastern states participated in the survey, of which 3,745 reported currently being in a dating relationship or having been in one during the prior year (52 % were female; 74 % White). Just over a quarter of youth in a current or recent relationship said that they experienced some form of cyber dating abuse victimization in the prior year, with females reporting more cyber dating abuse victimization than males (particularly sexual cyber dating abuse). One out of ten youth said that they had perpetrated cyber dating abuse, with females reporting greater levels of non-sexual cyber dating abuse perpetration than males; by contrast, male youth were significantly more likely to report perpetrating sexual cyber dating abuse. Victims of sexual cyber dating abuse were seven times more likely to have also experienced sexual coercion (55 vs. 8 %) than were non-victims, and perpetrators of sexual cyber dating abuse were 17 times more likely to have also perpetrated sexual coercion (34 vs. 2 %) than were non-perpetrators. Implications for practice and future research are discussed.

Final Report for Bio-Inspired Approaches to Moving-Target Defense Strategies

DOE Office of Scientific and Technical Information (OSTI.GOV)

Fink, Glenn A.; Oehmen, Christopher S.

This report records the work and contributions of the NITRD-funded Bio-Inspired Approaches to Moving-Target Defense Strategies project performed by Pacific Northwest National Laboratory under the technical guidance of the National Security Agency’s R6 division. The project has incorporated a number of bio-inspired cyber defensive technologies within an elastic framework provided by the Digital Ants. This project has created the first scalable, real-world prototype of the Digital Ants Framework (DAF)[11] and integrated five technologies into this flexible, decentralized framework: (1) Ant-Based Cyber Defense (ABCD), (2) Behavioral Indicators, (3) Bioinformatic Clas- sification, (4) Moving-Target Reconfiguration, and (5) Ambient Collaboration. The DAF canmore » be used operationally to decentralize many such data intensive applications that normally rely on collection of large amounts of data in a central repository. In this work, we have shown how these component applications may be decentralized and may perform analysis at the edge. Operationally, this will enable analytics to scale far beyond current limitations while not suffering from the bandwidth or computational limitations of centralized analysis. This effort has advanced the R6 Cyber Security research program to secure digital infrastructures by developing a dynamic means to adaptively defend complex cyber systems. We hope that this work will benefit both our client’s efforts in system behavior modeling and cyber security to the overall benefit of the nation.« less

Cyberspace as a Complex Adaptive System and the Policy and Operational Implications for Cyber Warfare

DTIC Science & Technology

2014-05-22

CYBERSPACE AS A COMPLEX ADAPTIVE SYSTEM AND THE POLICY AND OPERTIONAL IMPLICATIONS FOR CYBER WARFARE A Monograph by Major Albert O. Olagbemiro...serves the US, especially in regards to the protect ion o f the 1S. SUBJECT TERMS omplex Adaptive System, Cyberspace, lnfosphere, Cyber Warfare ber...System and the Policy and Operational Implications for Cyber Warfare Approved by: __________________________________, Monograph Director Jeffrey

Institutional Foundations for Cyber Security: Current Responses and New Challenges

DTIC Science & Technology

2010-09-01

endowed with regional authority, they remain restricted in their capacity to respond to cyber criminals . National CERTs occupy a first-line responder role...economiccrime/ cybercrime/Documents/CountryProfiles/default_en.asp Federal Bureau of Investigation. (2006). Netting cyber criminals . Retrieved on February

Cyber Power

DTIC Science & Technology

2010-05-01

71 As we saw above, cyber criminals are also a significant current burden on the economy. Looking further ahead, as other states develop their...signed by 27 countries. But at- titudes may change over time if costs exceed benefits. For example, “Russian cyber - criminals no longer follow hands-off

Measuring Human Performance within Computer Security Incident Response Teams

DOE Office of Scientific and Technical Information (OSTI.GOV)

McClain, Jonathan T.; Silva, Austin Ray; Avina, Glory Emmanuel

Human performance has become a pertinen t issue within cyber security. However, this research has been stymied by the limited availability of expert cyber security professionals. This is partly attributable to the ongoing workload faced by cyber security professionals, which is compound ed by the limited number of qualified personnel and turnover of p ersonnel across organizations. Additionally, it is difficult to conduct research, and particularly, openly published research, due to the sensitivity inherent to cyber ope rations at most orga nizations. As an alternative, the current research has focused on data collection during cyb er security training exercises. Thesemore » events draw individuals with a range of knowledge and experience extending from seasoned professionals to recent college gradu ates to college students. The current paper describes research involving data collection at two separate cyber security exercises. This data collection involved multiple measures which included behavioral performance based on human - machine transactions and questionnaire - based assessments of cyber security experience.« less

Optimization and Control of Cyber-Physical Vehicle Systems

PubMed Central

Bradley, Justin M.; Atkins, Ella M.

2015-01-01

A cyber-physical system (CPS) is composed of tightly-integrated computation, communication and physical elements. Medical devices, buildings, mobile devices, robots, transportation and energy systems can benefit from CPS co-design and optimization techniques. Cyber-physical vehicle systems (CPVSs) are rapidly advancing due to progress in real-time computing, control and artificial intelligence. Multidisciplinary or multi-objective design optimization maximizes CPS efficiency, capability and safety, while online regulation enables the vehicle to be responsive to disturbances, modeling errors and uncertainties. CPVS optimization occurs at design-time and at run-time. This paper surveys the run-time cooperative optimization or co-optimization of cyber and physical systems, which have historically been considered separately. A run-time CPVS is also cooperatively regulated or co-regulated when cyber and physical resources are utilized in a manner that is responsive to both cyber and physical system requirements. This paper surveys research that considers both cyber and physical resources in co-optimization and co-regulation schemes with applications to mobile robotic and vehicle systems. Time-varying sampling patterns, sensor scheduling, anytime control, feedback scheduling, task and motion planning and resource sharing are examined. PMID:26378541

Optimization and Control of Cyber-Physical Vehicle Systems.

PubMed

Bradley, Justin M; Atkins, Ella M

2015-09-11

A cyber-physical system (CPS) is composed of tightly-integrated computation, communication and physical elements. Medical devices, buildings, mobile devices, robots, transportation and energy systems can benefit from CPS co-design and optimization techniques. Cyber-physical vehicle systems (CPVSs) are rapidly advancing due to progress in real-time computing, control and artificial intelligence. Multidisciplinary or multi-objective design optimization maximizes CPS efficiency, capability and safety, while online regulation enables the vehicle to be responsive to disturbances, modeling errors and uncertainties. CPVS optimization occurs at design-time and at run-time. This paper surveys the run-time cooperative optimization or co-optimization of cyber and physical systems, which have historically been considered separately. A run-time CPVS is also cooperatively regulated or co-regulated when cyber and physical resources are utilized in a manner that is responsive to both cyber and physical system requirements. This paper surveys research that considers both cyber and physical resources in co-optimization and co-regulation schemes with applications to mobile robotic and vehicle systems. Time-varying sampling patterns, sensor scheduling, anytime control, feedback scheduling, task and motion planning and resource sharing are examined.

Cyber Forensics Ontology for Cyber Criminal Investigation

NASA Astrophysics Data System (ADS)

Park, Heum; Cho, Sunho; Kwon, Hyuk-Chul

We developed Cyber Forensics Ontology for the criminal investigation in cyber space. Cyber crime is classified into cyber terror and general cyber crime, and those two classes are connected with each other. The investigation of cyber terror requires high technology, system environment and experts, and general cyber crime is connected with general crime by evidence from digital data and cyber space. Accordingly, it is difficult to determine relational crime types and collect evidence. Therefore, we considered the classifications of cyber crime, the collection of evidence in cyber space and the application of laws to cyber crime. In order to efficiently investigate cyber crime, it is necessary to integrate those concepts for each cyber crime-case. Thus, we constructed a cyber forensics domain ontology for criminal investigation in cyber space, according to the categories of cyber crime, laws, evidence and information of criminals. This ontology can be used in the process of investigating of cyber crime-cases, and for data mining of cyber crime; classification, clustering, association and detection of crime types, crime cases, evidences and criminals.

The U.S. Needs International Cyber Treaties

DTIC Science & Technology

2010-03-01

formed to deal with issues surrounding cyber warfare . However, no major treaties between nations exist regarding this form of combat. Examining...the history of cyber warfare , the inadequate international response, the obstacles to international agreement, and poor U.S. readiness demonstrates...the current need for the U.S. to lead the effort to codify treaties. First, a brief history of cyber warfare helps to shed light on the international

Cyber-Victimization and Its Psychosocial Consequences: Relationships with Behavior Management and Traditional Bullying

ERIC Educational Resources Information Center

Mindrila, Diana; Moore, Lori; Davis, Pamela

2015-01-01

The current study investigated the relationship between behavior management, traditional bullying, cyber-victimization, and several psychosocial consequences of cyber-victimization. Findings from previous research were used to specify a complex path model, which allowed the simultaneous estimation of multiple direct and indirect effects. Data were…

78 FR 26654 - Proposed Collection; Comments Requested; Extension of a Currently Approved Collection: InfraGard...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-07

.... The Department of Justice (DOJ), Federal Bureau of Investigation (FBI), Cyber Division's National... Industry Partnerships Unit, Federal Bureau of Investigation, Cyber Division, FBIHQ, 935 Pennsylvania Avenue... Industry Partnership Unit (NIPU) Cyber Division of the Federal Bureau of Investigation (FBI), Department of...

Problematic alcohol use as a risk factor for cyber aggression within romantic relationships.

PubMed

Crane, Cory A; Umehira, Nicole; Berbary, Cassandra; Easton, Caroline J

2018-06-06

Cyber aggression has emerged as a modern form of intimate partner violence which has yet to undergo sufficient research necessary to identify risk factors that may increase the likelihood or severity of cyber aggressive behavior toward a relationship partner. Prior research offers contradictory findings pertaining to the relationship between problematic alcohol use and cyber aggression. We recruited 100 (40 female) adult participants through online crowdsourcing to complete a series of questionnaires assessing traditional partner violence, cyber aggression, and problematic alcohol use. Forty-two percent of the sample reported perpetrating cyber relational aggression and 35% reported perpetrating cyber privacy invasion during the year prior to study participation. Traditional partner violence was associated with both forms of cyber aggression. Problematic alcohol use was only associated with privacy invasion after accounting for demographic factors and traditional partner violence. Cyber aggression was prevalent among the current adult sample. Results suggest that problematic alcohol use is a risk factor for cyber privacy invasion but not cyber relational aggression. Findings add to and clarify the nascent, conflicting results that have emerged from prior research on alcohol-related cyber aggression. (Am J Addict 2018;XX:1-7). © 2018 American Academy of Addiction Psychiatry.

FORMAL MODELING, MONITORING, AND CONTROL OF EMERGENCE IN DISTRIBUTED CYBER PHYSICAL SYSTEMS

DTIC Science & Technology

2018-02-23

FORMAL MODELING, MONITORING, AND CONTROL OF EMERGENCE IN DISTRIBUTED CYBER- PHYSICAL SYSTEMS UNIVERSITY OF TEXAS AT ARLINGTON FEBRUARY 2018 FINAL...COVERED (From - To) APR 2015 – APR 2017 4. TITLE AND SUBTITLE FORMAL MODELING, MONITORING, AND CONTROL OF EMERGENCE IN DISTRIBUTED CYBER- PHYSICAL ...dated 16 Jan 09 13. SUPPLEMENTARY NOTES 14. ABSTRACT This project studied emergent behavior in distributed cyber- physical systems (DCPS). Emergent

Information System Incidents: The Development of a Damage Assessment Model

DTIC Science & Technology

1999-12-01

Cyber criminals use creativity, knowledge, software, and hardware to attack and infiltrate information systems (IS) in order to copy, delete, or...the Internet led to an increase in cyber criminals and a variety or cyber crimes such as attacks, intrusions, introduction of viruses, and data theft...organizations on information systems is contributing to the increased number of cyber criminals . Additionally, the growing sophistication and availability of

Cyber Warfare: Protecting Military Systems

DTIC Science & Technology

2000-01-01

Software is a key component in nearly every critical system used by the Department of Defense. Attacking the software in a system- cyber warfare - is a...revolutionary method of pursuing war. This article describes various cyber warfare approaches and suggests methods to counter them.

Cyber Attacks and Terrorism: A Twenty-First Century Conundrum.

PubMed

Albahar, Marwan

2017-01-05

In the recent years, an alarming rise in the incidence of cyber attacks has made cyber security a major concern for nations across the globe. Given the current volatile socio-political environment and the massive increase in the incidence of terrorism, it is imperative that government agencies rapidly realize the possibility of cyber space exploitation by terrorist organizations and state players to disrupt the normal way of life. The threat level of cyber terrorism has never been as high as it is today, and this has created a lot of insecurity and fear. This study has focused on different aspects of cyber attacks and explored the reasons behind their increasing popularity among the terrorist organizations and state players. This study proposes an empirical model that can be used to estimate the risk levels associated with different types of cyber attacks and thereby provide a road map to conceptualize and formulate highly effective counter measures and cyber security policies.

A meta-analysis of sex differences in cyber-bullying behavior: the moderating role of age.

PubMed

Barlett, Christopher; Coyne, Sarah M

2014-01-01

The current research used meta-analysis to determine whether (a) sex differences emerged in cyber-bullying frequency, (b) if age moderated any sex effect, and (c) if any additional moderators (e.g., publication year and status, country and continent of data collection) influenced the sex effect. Theoretically, if cyber-bullying is considered a form of traditional bullying and aggression, males are likely to cyber-bully more than females. Conversely, if cyber-bullying is considered relational/indirect aggression, females will be slightly more likely to cyber-bully than males. Results from 122 effect size estimates showed that males were slightly more likely to cyber-bully than females; however, age moderated the overall effect. Specifically, females were more likely to report cyber-bullying during early to mid-adolescence than males, while males showed higher levels of cyber-bullying during later adolescence than females. Publication status and year and continent and country of data collection also moderated the overall effect. © 2014 Wiley Periodicals, Inc.

Implementation experiences of NASTRAN on CDC CYBER 74 SCOPE 3.4 operating system

NASA Technical Reports Server (NTRS)

Go, J. C.; Hill, R. G.

1973-01-01

The implementation of the NASTRAN system on the CDC CYBER 74 SCOPE 3.4 Operating System is described. The flexibility of the NASTRAN system made it possible to accomplish the change with no major problems. Various sizes of benchmark and test problems, ranging from two hours to less than one minute CP time were run on the CDC CYBER SCOPE 3.3, Univac EXEC-8, and CDC CYBER SCOPE 3.4. The NASTRAN installation deck is provided.

Cyber Threat Assessment of Uplink and Commanding System for Mission Operation

NASA Technical Reports Server (NTRS)

Ko, Adans Y.; Tan, Kymie M. C.; Cilloniz-Bicchi, Ferner; Faris, Grant

2014-01-01

Most of today's Mission Operations Systems (MOS) rely on Ground Data System (GDS) segment to mitigate cyber security risks. Unfortunately, IT security design is done separately from the design of GDS' mission operational capabilities. This incoherent practice leaves many security vulnerabilities in the system without any notice. This paper describes a new way to system engineering MOS, to include cyber threat risk assessments throughout the MOS development cycle, without this, it is impossible to design a dependable and reliable MOS to meet today's rapid changing cyber threat environment.

Department of Defense Information Network (DODIN): A Study of Current Cyber Threats and Best Practices for Network Security

DTIC Science & Technology

2016-06-10

DODIN) is being threatened by state actors, non-state actors, and continuous hacking and cyber-attacks. These threats against the network come in a...variety of forms; physical attacks from radio jamming, logical cyber threats from hacking , or a combination of both physical and logical attacks. Each...year the number of hacking attacks is increasing. Corporations like Symantec publish annual reports on cyber threats and provide tips for best

Cyber Bullying in ADHD and Asperger Syndrome Populations

ERIC Educational Resources Information Center

Kowalski, Robin M.; Fedina, Cristin

2011-01-01

Cyber bullying or electronic bullying refers to bullying that occurs through the Internet or cellular phones. With the rise of technology, researchers have shown a keen interest in the topic of cyber bullying. However, that interest has not extended to individuals with special needs. To address this gap in the literature, the current study…

Bullying and Cyber-Bullying in Higher Education: Current Institutional Practice and Prevention

ERIC Educational Resources Information Center

Early, Jeremy Scott

2014-01-01

Cyber-bullying led a Rutgers University student to commit suicide, which led the Federal government and institutions of higher education to take a closer look at bullying and cyber-bullying on college campuses. Congress introduced the "Tyler Clementi Higher Education Anti-Harassment Act" (Tyler Clementi Act) that would require…

Hurtful Cyber-Teasing and Violence: Who's Laughing out Loud?

ERIC Educational Resources Information Center

Madlock, Paul E.; Westerman, David

2011-01-01

The current study sought to specifically examine the affect of teasing by way of technology (cyber-teasing) and the importance of the redressive component of a tease. A triangulated approach was used here to gain better insight into the concept of "hurtful" cyber-teasing between romantic partners. A pretheoretical model was developed…

Cyber incivility @ work: the new age of interpersonal deviance.

PubMed

Giumetti, Gary W; McKibben, Eric S; Hatfield, Andrea L; Schroeder, Amber N; Kowalski, Robin M

2012-03-01

The current study was designed to extend the interpersonal deviance literature into the online domain by examining the incidence and impact of supervisor cyber incivility and neuroticism on employee outcomes at work. Conservation of Resources (COR) theory was used as the guiding framework because cyber incivility is thought to deplete energetic resources in much the same way that other stressors do, ultimately leading to negative outcomes like burnout. Results indicate that supervisor cyber incivility is positively related to burnout, absenteeism, and turnover intentions. Support was also found for the role of neuroticism as a moderator of the relationship between supervisor cyber incivility and outcomes. In general, the relations between cyber incivility and outcomes were stronger for those individuals reporting higher levels of neuroticism. Results are discussed in terms of COR theory, and possible mechanisms for the role of neuroticism in the stressor-strain relationship are discussed. The current study highlights the importance of understanding workplace online behavior and its impact on employee health and organizational well-being. Future research directions examining online interpersonal deviance are suggested.

Operational numerical weather prediction on the CYBER 205 at the National Meteorological Center

NASA Technical Reports Server (NTRS)

Deaven, D.

1984-01-01

The Development Division of the National Meteorological Center (NMC), having the responsibility of maintaining and developing the numerical weather forecasting systems of the center, is discussed. Because of the mission of NMC data products must be produced reliably and on time twice daily free of surprises for forecasters. Personnel of Development Division are in a rather unique situation. They must develop new advanced techniques for numerical analysis and prediction utilizing current state-of-the-art techniques, and implement them in an operational fashion without damaging the operations of the center. With the computational speeds and resources now available from the CYBER 205, Development Division Personnel will be able to introduce advanced analysis and prediction techniques into the operational job suite without disrupting the daily schedule. The capabilities of the CYBER 205 are discussed.

CORESAFE: A Formal Approach against Code Replacement Attacks on Cyber Physical Systems

DTIC Science & Technology

2018-04-19

AFRL-AFOSR-JP-TR-2018-0035 CORESAFE:A Formal Approach against Code Replacement Attacks on Cyber Physical Systems Sandeep Shukla INDIAN INSTITUTE OF...Formal Approach against Code Replacement Attacks on Cyber Physical Systems 5a.  CONTRACT NUMBER 5b.  GRANT NUMBER FA2386-16-1-4099 5c.  PROGRAM ELEMENT...Institute of Technology Kanpur India Final Report for AOARD Grant “CORESAFE: A Formal Approach against Code Replacement Attacks on Cyber Physical

Impacts of Technological Changes in the Cyber Environment on Software/Systems Engineering Workforce Development

DTIC Science & Technology

2010-04-01

for decoupled parallel development Ref: Barry Boehm 12 Impacts of Technological Changes in the Cyber Environment on Software/Systems Engineering... Pressman , R.S., Software Engineering: A Practitioner’s Approach, 13 Impacts of Technological Changes in the Cyber Environment on Software/Systems

77 FR 29616 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-18

.... DCIO 01 System name: Defense Industrial Base (DIB) Cyber Security/Information Assurance Records. System location: Director, Defense Industrial Base (DIB) Cyber Security/Information Assurance (CS/IA) Program, 1235 South Clark Street, Suite 1500, Arlington, VA 22202. DoD Cyber Crime Center, 911 Elkridge Landing...

Toward a theoretical framework for trustworthy cyber sensing

NASA Astrophysics Data System (ADS)

Xu, Shouhuai

2010-04-01

Cyberspace is an indispensable part of the economy and society, but has been "polluted" with many compromised computers that can be abused to launch further attacks against the others. Since it is likely that there always are compromised computers, it is important to be aware of the (dynamic) cyber security-related situation, which is however challenging because cyberspace is an extremely large-scale complex system. Our project aims to investigate a theoretical framework for trustworthy cyber sensing. With the perspective of treating cyberspace as a large-scale complex system, the core question we aim to address is: What would be a competent theoretical (mathematical and algorithmic) framework for designing, analyzing, deploying, managing, and adapting cyber sensor systems so as to provide trustworthy information or input to the higher layer of cyber situation-awareness management, even in the presence of sophisticated malicious attacks against the cyber sensor systems?

Gamification for Measuring Cyber Security Situational Awareness

DOE Office of Scientific and Technical Information (OSTI.GOV)

Fink, Glenn A.; Best, Daniel M.; Manz, David O.

Cyber defense competitions arising from U.S. service academy exercises, offer a platform for collecting data that can inform research that ranges from characterizing the ideal cyber warrior to describing behaviors during certain challenging cyber defense situations. This knowledge could lead to better preparation of cyber defenders in both military and civilian settings. This paper describes how one regional competition, the PRCCDC, a participant in the national CCDC program, conducted proof of concept experimentation to collect data during the annual competition for later analysis. The intent is to create an ongoing research agenda that expands on this current work and incorporatesmore » augmented cognition and gamification methods for measuring cybersecurity situational awareness under the stress of cyber attack.« less

The Shift of the University Paradigm and Reform of the Korean University Systems

ERIC Educational Resources Information Center

Lee, Hyun-Chong

2005-01-01

The 21st century society is characterised as a knowledge-based society, education mobility society, and cyber schooling society. This new paradigm of university enables us to restructure the university system in Korea. To establish an efficient and competitive education system, it is essential to change the current university system. Restructuring…

Computer simulations of space-borne meteorological systems on the CYBER 205

NASA Technical Reports Server (NTRS)

Halem, M.

1984-01-01

Because of the extreme expense involved in developing and flight testing meteorological instruments, an extensive series of numerical modeling experiments to simulate the performance of meteorological observing systems were performed on CYBER 205. The studies compare the relative importance of different global measurements of individual and composite systems of the meteorological variables needed to determine the state of the atmosphere. The assessments are made in terms of the systems ability to improve 12 hour global forecasts. Each experiment involves the daily assimilation of simulated data that is obtained from a data set called nature. This data is obtained from two sources: first, a long two-month general circulation integration with the GLAS 4th Order Forecast Model and second, global analysis prepared by the National Meteorological Center, NOAA, from the current observing systems twice daily.

Will electrical cyber-physical interdependent networks undergo first-order transition under random attacks?

NASA Astrophysics Data System (ADS)

Ji, Xingpei; Wang, Bo; Liu, Dichen; Dong, Zhaoyang; Chen, Guo; Zhu, Zhenshan; Zhu, Xuedong; Wang, Xunting

2016-10-01

Whether the realistic electrical cyber-physical interdependent networks will undergo first-order transition under random failures still remains a question. To reflect the reality of Chinese electrical cyber-physical system, the "partial one-to-one correspondence" interdependent networks model is proposed and the connectivity vulnerabilities of three realistic electrical cyber-physical interdependent networks are analyzed. The simulation results show that due to the service demands of power system the topologies of power grid and its cyber network are highly inter-similar which can effectively avoid the first-order transition. By comparing the vulnerability curves between electrical cyber-physical interdependent networks and its single-layer network, we find that complex network theory is still useful in the vulnerability analysis of electrical cyber-physical interdependent networks.

Development and Demonstration of a Security Core Component

DOE Office of Scientific and Technical Information (OSTI.GOV)

Turke, Andy

In recent years, the convergence of a number of trends has resulted in Cyber Security becoming a much greater concern for electric utilities. A short list of these trends includes: · Industrial Control Systems (ICSs) have evolved from depending on proprietary hardware and operating software toward using standard off-the-shelf hardware and operating software. This has meant that these ICSs can no longer depend on “security through obscurity. · Similarly, these same systems have evolved toward using standard communications protocols, further reducing their ability to rely upon obscurity. · The rise of the Internet and the accompanying demand for more datamore » about virtually everything has resulted in formerly isolated ICSs becoming at least partially accessible via Internet-connected networks. · “Cyber crime” has become commonplace, whether it be for industrial espionage, reconnaissance for a possible cyber attack, theft, or because some individual or group “has something to prove.” Electric utility system operators are experts at running the power grid. The reality is, especially at small and mid-sized utilities, these SCADA operators will by default be “on the front line” if and when a cyber attack occurs against their systems. These people are not computer software, networking, or cyber security experts, so they are ill-equipped to deal with a cyber security incident. Cyber Security Manager (CSM) was conceived, designed, and built so that it can be configured to know what a utility’s SCADA/EMS/DMS system looks like under normal conditions. To do this, CSM monitors log messages from any device that uses the syslog standard. It can also monitor a variety of statistics from the computers that make up the SCADA/EMS/DMS: outputs from host-based security tools, intrusion detection systems, SCADA alarms, and real-time SCADA values – even results from a SIEM (Security Information and Event Management) system. When the system deviates from “normal,” CSM can alert the operator in language that they understand that an incident may be occurring, provide actionable intelligence, and informing them what actions to take. These alarms may be viewed on CSM’s built-in user interface, sent to a SCADA alarm list, or communicated via email, phone, pager, or SMS message. In recognition of the fact that “real world” training for cyber security events is impractical, CSM has a built-in Operator Training Simulator capability. This can be used stand alone to create simulated event scenarios for training purposes. It may also be used in conjunction with the recipient’s SCADA/EMS/DMS Operator Training Simulator. In addition to providing cyber security situational awareness for electric utility operators, CSM also provides tools for analysts and support personnel; in fact, the majority of user interface displays are designed for use in analyzing current and past security events. CSM keeps security-related information in long-term storage, as well as writing any decisions it makes to a (syslog) log for use forensic or other post-event analysis.« less

Cyber-Informed Engineering

DOE Office of Scientific and Technical Information (OSTI.GOV)

Anderson, Robert S.; Benjamin, Jacob; Wright, Virginia L.

A continuing challenge for engineers who utilize digital systems is to understand the impact of cyber-attacks across the entire product and program lifecycle. This is a challenge due to the evolving nature of cyber threats that may impact the design, development, deployment, and operational phases of all systems. Cyber Informed Engineering is the process by which engineers are made aware of both how to use their engineering knowledge to positively impact the cyber security in the processes by which they architect and design components and the services and security of the components themselves.

Joint Interagency Coordination Group - Cyber: Empowering the Combatant Commanders against the no-borders threat

DTIC Science & Technology

2009-05-04

inconvenience and denial of Internet service, CNAs pose a threat to national security, if the right computer is hacked , to every day operations, if baking...expert J3: Current Operations Rep Private Sector/Civilian: cyber/CNA SME J5 Future Operations Rep Private Sector/Civilian: cyber/CND SME Table 2

Interval forecasting of cyber-attacks on industrial control systems

NASA Astrophysics Data System (ADS)

Ivanyo, Y. M.; Krakovsky, Y. M.; Luzgin, A. N.

2018-03-01

At present, cyber-security issues of industrial control systems occupy one of the key niches in a state system of planning and management Functional disruption of these systems via cyber-attacks may lead to emergencies related to loss of life, environmental disasters, major financial and economic damage, or disrupted activities of cities and settlements. There is then an urgent need to develop protection methods against cyber-attacks. This paper studied the results of cyber-attack interval forecasting with a pre-set intensity level of cyber-attacks. Interval forecasting is the forecasting of one interval from two predetermined ones in which a future value of the indicator will be obtained. For this, probability estimates of these events were used. For interval forecasting, a probabilistic neural network with a dynamic updating value of the smoothing parameter was used. A dividing bound of these intervals was determined by a calculation method based on statistical characteristics of the indicator. The number of cyber-attacks per hour that were received through a honeypot from March to September 2013 for the group ‘zeppo-norcal’ was selected as the indicator.

Protecting drinking water utilities from cyberthreats

DOE PAGES

Clark, Robert M.; Panguluri, Srinivas; Nelson, Trent D.; ...

2017-02-01

Cyber-security challenges have the potential for becoming one of the defining issues of our time. Cyber-attacks have become an ever-increasing threat and the United States (US) Federal Bureau of Investigation (FBI) now ranks cyber-crime as one of its most important law enforcement activities. In addition to the general problems associated with cyber-crime, critical infrastructure (CI) related to energy production, manufacturing, water supply and other systems have come under attack. For example, drinking water utilities are increasingly incorporating computer technology into their routine operations and are therefore increasingly vulnerable to cyber- threats. Systems control and data acquisition (SCADA) systems used tomore » manage automated physical processes essential to water treatment and distribution systems have become standard in medium to large drinking water utilities and in many small water systems. However, even with the application of standard information technology cybersecurity best practices these types of systems have proven to be vulnerable to cyber-attacks. In 2015, the US Department of Homeland Security (DHS) responded to 25 cybersecurity incidents in the Water Sector and to 46 incidents in the Energy Sector. Comparatively, between 2014 and 2015, the reported number of Water Sector incidents actually increased by 78.6% (from 14 to 25). The DHS is in a collaborative partnership with the US Environmental Protection Agency to ensure cybersecurity in the Water Sector. As a result of this partnership a number of guidance documents and techniques have been developed to counter cyber-attacks and minimize cyber vulnerability. These approaches are documented along with a summary of common vulnerabilities. However, a new approach which has great promise in protecting drinking water systems against hacking and cyber-attacks, based on the concept of unidirectional gateways, is presented and discussed.« less

Protecting drinking water utilities from cyberthreats

DOE Office of Scientific and Technical Information (OSTI.GOV)

Clark, Robert M.; Panguluri, Srinivas; Nelson, Trent D.

Cyber-security challenges have the potential for becoming one of the defining issues of our time. Cyber-attacks have become an ever-increasing threat and the United States (US) Federal Bureau of Investigation (FBI) now ranks cyber-crime as one of its most important law enforcement activities. In addition to the general problems associated with cyber-crime, critical infrastructure (CI) related to energy production, manufacturing, water supply and other systems have come under attack. For example, drinking water utilities are increasingly incorporating computer technology into their routine operations and are therefore increasingly vulnerable to cyber- threats. Systems control and data acquisition (SCADA) systems used tomore » manage automated physical processes essential to water treatment and distribution systems have become standard in medium to large drinking water utilities and in many small water systems. However, even with the application of standard information technology cybersecurity best practices these types of systems have proven to be vulnerable to cyber-attacks. In 2015, the US Department of Homeland Security (DHS) responded to 25 cybersecurity incidents in the Water Sector and to 46 incidents in the Energy Sector. Comparatively, between 2014 and 2015, the reported number of Water Sector incidents actually increased by 78.6% (from 14 to 25). The DHS is in a collaborative partnership with the US Environmental Protection Agency to ensure cybersecurity in the Water Sector. As a result of this partnership a number of guidance documents and techniques have been developed to counter cyber-attacks and minimize cyber vulnerability. These approaches are documented along with a summary of common vulnerabilities. However, a new approach which has great promise in protecting drinking water systems against hacking and cyber-attacks, based on the concept of unidirectional gateways, is presented and discussed.« less

Meta II: Multi-Model Language Suite for Cyber Physical Systems

DTIC Science & Technology

2013-03-01

AVM META) projects have developed tools for designing cyber physical (or Mechatronic ) Systems . These systems are increasingly complex, take much...projects have developed tools for designing cyber physical (CPS) (or Mechatronic ) systems . Exemplified by modern amphibious and ground military...and parametric interface of Simulink models and defines associations with CyPhy components and component interfaces. 2. Embedded Systems Modeling

DOE Office of Scientific and Technical Information (OSTI.GOV)

Borges, Raymond Charles; Beaver, Justin M; Buckner, Mark A

Power system disturbances are inherently complex and can be attributed to a wide range of sources, including both natural and man-made events. Currently, the power system operators are heavily relied on to make decisions regarding the causes of experienced disturbances and the appropriate course of action as a response. In the case of cyber-attacks against a power system, human judgment is less certain since there is an overt attempt to disguise the attack and deceive the operators as to the true state of the system. To enable the human decision maker, we explore the viability of machine learning as amore » means for discriminating types of power system disturbances, and focus specifically on detecting cyber-attacks where deception is a core tenet of the event. We evaluate various machine learning methods as disturbance discriminators and discuss the practical implications for deploying machine learning systems as an enhancement to existing power system architectures.« less

Real time test bed development for power system operation, control and cyber security

NASA Astrophysics Data System (ADS)

Reddi, Ram Mohan

The operation and control of the power system in an efficient way is important in order to keep the system secure, reliable and economical. With advancements in smart grid, several new algorithms have been developed for improved operation and control. These algorithms need to be extensively tested and validated in real time before applying to the real electric power grid. This work focuses on the development of a real time test bed for testing and validating power system control algorithms, hardware devices and cyber security vulnerability. The test bed developed utilizes several hardware components including relays, phasor measurement units, phasor data concentrator, programmable logic controllers and several software tools. Current work also integrates historian for power system monitoring and data archiving. Finally, two different power system test cases are simulated to demonstrate the applications of developed test bed. The developed test bed can also be used for power system education.

78 FR 50077 - Intent To Request Renewal From OMB of One Current Public Collection of Information: Pipeline...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-16

... maps, security plans, etc.); and Actual or suspected cyber-attacks that could impact pipeline... suspected attacks on pipeline systems, facilities, or assets; Bomb threats or weapons of mass destruction...

Nuclear Power Plant Cyber Security Discrete Dynamic Event Tree Analysis (LDRD 17-0958) FY17 Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Wheeler, Timothy A.; Denman, Matthew R.; Williams, R. A.

Instrumentation and control of nuclear power is transforming from analog to modern digital assets. These control systems perform key safety and security functions. This transformation is occurring in new plant designs as well as in the existing fleet of plants as the operation of those plants is extended to 60 years. This transformation introduces new and unknown issues involving both digital asset induced safety issues and security issues. Traditional nuclear power risk assessment tools and cyber security assessment methods have not been modified or developed to address the unique nature of cyber failure modes and of cyber security threat vulnerabilities.more » iii This Lab-Directed Research and Development project has developed a dynamic cyber-risk in- formed tool to facilitate the analysis of unique cyber failure modes and the time sequencing of cyber faults, both malicious and non-malicious, and impose those cyber exploits and cyber faults onto a nuclear power plant accident sequence simulator code to assess how cyber exploits and cyber faults could interact with a plants digital instrumentation and control (DI&C) system and defeat or circumvent a plants cyber security controls. This was achieved by coupling an existing Sandia National Laboratories nuclear accident dynamic simulator code with a cyber emulytics code to demonstrate real-time simulation of cyber exploits and their impact on automatic DI&C responses. Studying such potential time-sequenced cyber-attacks and their risks (i.e., the associated impact and the associated degree of difficulty to achieve the attack vector) on accident management establishes a technical risk informed framework for developing effective cyber security controls for nuclear power.« less

Rumination mediates the association between cyber-victimization and depressive symptoms.

PubMed

Feinstein, Brian A; Bhatia, Vickie; Davila, Joanne

2014-06-01

The current study examined the 3-week prospective associations between cyber-victimization and both depressive symptoms and rumination. In addition, a mediation model was tested, wherein rumination mediated the association between cyber-victimization and depressive symptoms. Participants (N = 565 college-age young adults) completed online surveys at two time points 3 weeks apart. Results indicated that cyber-victimization was associated with increases in both depressive symptoms and rumination over time. Furthermore, results of the path analysis indicated that cyber-victimization was associated with increases in rumination over time, which were then associated with greater depressive symptoms, providing support for the proposed mediation effect for women, but not men. Findings extend previous correlational findings by demonstrating that cyber-victimization is associated with increases in symptomatology over time. Findings also suggest that the negative consequences of cyber-victimization extend beyond mental health problems to maladaptive emotion regulation. In fact, rumination may be a mechanism through which cyber-victimization influences mental health problems, at least for women. Mental health professionals are encouraged to assess cyber-victimization as part of standard victimization assessments and to consider targeting maladaptive emotion regulation in addition to mental health problems in clients who have experienced cyber-victimization.

Security analysis of cyber-physical system

NASA Astrophysics Data System (ADS)

Li, Bo; Zhang, Lichen

2017-05-01

In recent years, Cyber-Physical System (CPS) has become an important research direction of academic circles and scientific and technological circles at home and abroad, is considered to be following the third wave of world information technology after the computer, the Internet. PS is a multi-dimensional, heterogeneous, deep integration of open systems, Involving the computer, communication, control and other disciplines of knowledge. As the various disciplines in the research theory and methods are significantly different, so the application of CPS has brought great challenges. This paper introduces the definition and characteristics of CPS, analyzes the current situation of CPS, analyzes the security threats faced by CPS, and gives the security solution for security threats. It also discusses CPS-specific security technology, to promote the healthy development of CPS in information security.

Space and Cyber: Shared Challenges, Shared Opportunities

DTIC Science & Technology

2011-11-15

adversaries to have effective capabilities against networks and computer systems, unlike those anywhere else—here, cyber criminals , proxies for hire, and...or unintentional, conditions can impact our ability to use space and cyber capabilities. As the tools and techniques developed by cyber criminals continue

75 FR 35508 - Draft Regulatory Guide: Issuance, Availability

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-22

... Systems and Networks,'' requires licensees to develop cyber-security plans and programs to protect critical digital assets, including digital safety systems, from malicious cyber attacks. Regulatory Guide 5.71, ``Cyber Security Programs for Nuclear Facilities,'' provides guidance to meet the requirements of...

Overview of the CERT Resilience Management Model (CERT-RMM)

DTIC Science & Technology

2014-01-23

Management Model (CERT®-RMM) Jim Cebula Technical Manager - Cyber Risk Management , CERT® Division Jim Cebula is the Technical Manager of the...Cyber Risk Management team in the Cyber Security Solutions Directorate of the CERT Division at the Software Engineering Institute (SEI), a unit of...Carnegie Mellon University. Cebula’s current activities include risk management methods along with assessment and management of operational

Fraud in Academic Publishing: Researchers Under Cyber-Attacks.

PubMed

Dadkhah, Mehdi; Borchardt, Glenn; Maliszewski, Tomasz

2017-01-01

Day by day, researchers receive new suspicious e-mails in their inboxes. Many of them do not have sufficient information about these types of e-mails, and may become victims of cyber-attacks. In this short communication, we review current cyber threats in academic publishing and try to present general guidelines for authors. Copyright © 2016 Elsevier Inc. All rights reserved.

The Perceptions of District Leaders of Cyber Charter Schools in the Commonwealth of Pennsylvania

ERIC Educational Resources Information Center

Miller, Norman J.

2012-01-01

Given the growth of cyber charter schools in the Commonwealth of Pennsylvania, more research is needed in this new wave of school reform. In fact, little research currently addresses the perceptions that district leaders have in regard to cyber charter schools and that is what this study proposed to address. District leaders interviewed included…

Establishing a Cyber Warrior Force

DTIC Science & Technology

2004-09-01

Cyber Warfare is widely touted to be the next generation of warfare. As America’s reliance on automated systems and information technology increases...so too does the potential vulnerability to cyber attack. Nation and non-nation states are developing the capability to wage cyber warfare . Historically

Reliability analysis for the smart grid : from cyber control and communication to physical manifestations of failure.

DOT National Transportation Integrated Search

2010-01-01

The Smart Grid is a cyber-physical system comprised of physical components, such as transmission lines and generators, and a : network of embedded systems deployed for their cyber control. Our objective is to qualitatively and quantitatively analyze ...

The Human Side of Cyber Conflict: Organizing, Training, and Equipping the Air Force Cyber Workforce

DTIC Science & Technology

2016-06-01

Breakdown of the 17D community as of 31 March 2014. (Reproduced from 17D Officer Assignment Team, Cyberspace Operations “Spread the Word” briefing, 9– 11 ...surety 3D0X4 Computer systems programs 3D1X1 Client systems 3D1X2 Cyber transport 3D1X3 Radio frequency transport 3D1X4 Spectrum operations 3D1X5 Radar...Computer systems programs 3D1X1 Client systems 3D1X2 Cyber transport systems 3D1X3 Radio frequency transmissionsystems FORCE DEVELOPMENT │ 123 Table 8

Use of CYBER 203 and CYBER 205 computers for three-dimensional transonic flow calculations

NASA Technical Reports Server (NTRS)

Melson, N. D.; Keller, J. D.

1983-01-01

Experiences are discussed for modifying two three-dimensional transonic flow computer programs (FLO 22 and FLO 27) for use on the CDC CYBER 203 computer system. Both programs were originally written for use on serial machines. Several methods were attempted to optimize the execution of the two programs on the vector machine: leaving the program in a scalar form (i.e., serial computation) with compiler software used to optimize and vectorize the program, vectorizing parts of the existing algorithm in the program, and incorporating a vectorizable algorithm (ZEBRA I or ZEBRA II) in the program. Comparison runs of the programs were made on CDC CYBER 175. CYBER 203, and two pipe CDC CYBER 205 computer systems.

Reconstruction of Cyber and Physical Software Using Novel Spread Method

NASA Astrophysics Data System (ADS)

Ma, Wubin; Deng, Su; Huang, Hongbin

2018-03-01

Cyber and Physical software has been concerned for many years since 2010. Actually, many researchers would disagree with the deployment of traditional Spread Method for reconstruction of Cyber and physical software, which embodies the key principles reconstruction of cyber physical system. NSM(novel spread method), our new methodology for reconstruction of cyber and physical software, is the solution to all of these challenges.

39 CFR 501.11 - Reporting Postage Evidencing System security weaknesses.

Code of Federal Regulations, 2014 CFR

2014-07-01

... any repeatable deviation from normal Postage Evidencing System performance. (3) Cyber attacks that... misappropriating assets or sensitive information, corrupting data, or causing operational disruption. Cyber attacks... causing denial-of-service attacks on Web sites. Cyber attacks may be carried out by third parties or...

39 CFR 501.11 - Reporting Postage Evidencing System security weaknesses.

Code of Federal Regulations, 2013 CFR

2013-07-01

... any repeatable deviation from normal Postage Evidencing System performance. (3) Cyber attacks that... misappropriating assets or sensitive information, corrupting data, or causing operational disruption. Cyber attacks... causing denial-of-service attacks on Web sites. Cyber attacks may be carried out by third parties or...

39 CFR 501.11 - Reporting Postage Evidencing System security weaknesses.

Code of Federal Regulations, 2012 CFR

2012-07-01

... any repeatable deviation from normal Postage Evidencing System performance. (3) Cyber attacks that... misappropriating assets or sensitive information, corrupting data, or causing operational disruption. Cyber attacks... causing denial-of-service attacks on Web sites. Cyber attacks may be carried out by third parties or...

Exploring Online Learning at Primary Schools: Students' Perspectives on Cyber Home Learning System through Video Conferencing (CHLS-VC)

ERIC Educational Resources Information Center

Lee, June; Yoon, Seo Young; Lee, Chung Hyun

2013-01-01

The purposes of the study are to investigate CHLS (Cyber Home Learning System) in online video conferencing environment in primary school level and to explore the students' responses on CHLS-VC (Cyber Home Learning System through Video Conferencing) in order to explore the possibility of using CHLS-VC as a supportive online learning system. The…

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sadi, Mohammad A. H.; Dasgupta, Dipankar; Ali, Mohammad Hassan

The important backbone of the smart grid is the cyber/information infrastructure, which is primarily used to communicate with different grid components. A smart grid is a complex cyber physical system containing a numerous and variety number of sources, devices, controllers and loads. Therefore, the smart grid is vulnerable to grid related disturbances. For such dynamic system, disturbance and intrusion detection is a paramount issue. This paper presents a Simulink and Opnet based co-simulated platform to carry out a cyber-intrusion in cyber network for modern power systems and the smart grid. The IEEE 30 bus power system model is used tomore » demonstrate the effectiveness of the simulated testbed. The experiments were performed by disturbing the circuit breakers reclosing time through a cyber-attack. Different disturbance situations in the considered test system are considered and the results indicate the effectiveness of the proposed co-simulated scheme.« less

13 CFR 107.50 - Definition of terms.

Code of Federal Regulations, 2014 CFR

2014-01-01

..., electric transmission systems, storage systems, and cyber security. (2) Installation and/or inspection... distribution systems, electric transmission systems, or grid cyber security. (3) Auditing or consulting...

13 CFR 107.50 - Definition of terms.

Code of Federal Regulations, 2013 CFR

2013-01-01

..., electric transmission systems, storage systems, and cyber security. (2) Installation and/or inspection... distribution systems, electric transmission systems, or grid cyber security. (3) Auditing or consulting...

On a simulation study of cyber attacks on vehicle-to-infrastructure communication (V2I) in Intelligent Transportation System (ITS)

NASA Astrophysics Data System (ADS)

Ekedebe, Nnanna; Yu, Wei; Song, Houbing; Lu, Chao

2015-05-01

An intelligent transportation system (ITS) is one typical cyber-physical system (CPS) that aims to provide efficient, effective, reliable, and safe driving experiences with minimal congestion and effective traffic flow management. In order to achieve these goals, various ITS technologies need to work synergistically. Nonetheless, ITS's reliance on wireless connectivity makes it vulnerable to cyber threats. Thus, it is critical to understand the impact of cyber threats on ITS. In this paper, using real-world transportation dataset, we evaluated the consequences of cyber threats - attacks against service availability by jamming the communication channel of ITS. In this way, we can have a better understanding of the importance of ensuring adequate security respecting safety and life-critical ITS applications before full and expensive real-world deployments. Our experimental data shows that cyber threats against service availability could adversely affect traffic efficiency and safety performances evidenced by exacerbated travel time, fuel consumed, and other evaluated performance metrics as the communication network is compromised. Finally, we discuss a framework to make ITS secure and more resilient against cyber threats.

Longitudinal Associations in Youth Involvement as Victimized, Bullying, or Witnessing Cyberbullying.

PubMed

Holfeld, Brett; Mishna, Faye

2018-04-01

Although cyberbullying has been linked to cyber victimization, it is unknown whether witnessing cyberbullying impacts and is impacted by experiences of cyberbullying and victimization. In the current study, we examine the frequency of youth involved as victimized, bullying, and witnessing cyberbullying and how these experiences are associated across three academic years. Participants comprised 670 Canadian students who began the longitudinal study in grades 4, 7, or 10 at Time 1 (T1). Cyber witnessing represented the largest role of youth involvement in cyberbullying. Cyber witnessing was positively associated with both cyberbullying and victimization. Cyber victimization at T1 was positively associated with cyber witnessing at T2, which was positively related to both cyberbullying and victimization at T3. Findings highlight the significance of addressing the role of cyber witnesses in cyberbullying prevention and intervention efforts.

Advanced Cyber Industrial Control System Tactics, Techniques, and Procedures (ACI TTP) for Department of Defense (DOD) Industrial Control Systems (ICS)

DTIC Science & Technology

2016-08-10

enable JCS managers to detect advanced cyber attacks, mitigate the effects of those attacks, and recover their networks following an attack. It also... managers of ICS networks to Detect, Mitigate, and Recover from nation-state-level cyber attacks (strategic, deliberate, well-trained, and funded...Successful Detection of cyber anomalies is best achieved when IT and ICS managers remain in close coordination. The Integrity Checks Table

78 FR 79411 - Announcement of Competition Under the America COMPETES Act

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-30

... announces the Cyber Grand Challenge (CGC), a prize competition under 15 U.S.C. 3719, the America COMPETES... cyber defense systems. The CGC seeks to engender a new generation of autonomous cyber defense... experts. FOR FURTHER INFORMATION CONTACT: All questions regarding the competition may be sent to Cyber...

INDUSTRIAL CONTROL SYSTEM CYBER SECURITY: QUESTIONS AND ANSWERS RELEVANT TO NUCLEAR FACILITIES, SAFEGUARDS AND SECURITY

DOE Office of Scientific and Technical Information (OSTI.GOV)

Robert S. Anderson; Mark Schanfein; Trond Bjornard

2011-07-01

Typical questions surrounding industrial control system (ICS) cyber security always lead back to: What could a cyber attack do to my system(s) and; how much should I worry about it? These two leading questions represent only a fraction of questions asked when discussing cyber security as it applies to any program, company, business, or organization. The intent of this paper is to open a dialog of important pertinent questions and answers that managers of nuclear facilities engaged in nuclear facility security and safeguards should examine, i.e., what questions should be asked; and how do the answers affect an organization's abilitymore » to effectively safeguard and secure nuclear material. When a cyber intrusion is reported, what does that mean? Can an intrusion be detected or go un-noticed? Are nuclear security or safeguards systems potentially vulnerable? What about the digital systems employed in process monitoring, and international safeguards? Organizations expend considerable efforts to ensure that their facilities can maintain continuity of operations against physical threats. However, cyber threats particularly on ICSs may not be well known or understood, and often do not receive adequate attention. With the disclosure of the Stuxnet virus that has recently attacked nuclear infrastructure, many organizations have recognized the need for an urgent interest in cyber attacks and defenses against them. Several questions arise including discussions about the insider threat, adequate cyber protections, program readiness, encryption, and many more. These questions, among others, are discussed so as to raise the awareness and shed light on ways to protect nuclear facilities and materials against such attacks.« less

76 FR 19333 - Commission Information Collection Activities (FERC-725B); Comment Request; Submitted for OMB Review

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-07

... the Bulk-Power System to comply with specific requirements to safeguard critical cyber assets.\\2\\ These standards help protect the nation's Bulk-Power System against potential disruptions from cyber... recordkeeping requirements. Specifically, CIP- 008-1 requires responsible entities to report cyber security...

GeoBrain Computational Cyber-laboratory for Earth Science Studies

NASA Astrophysics Data System (ADS)

Deng, M.; di, L.

2009-12-01

Computational approaches (e.g., computer-based data visualization, analysis and modeling) are critical for conducting increasingly data-intensive Earth science (ES) studies to understand functions and changes of the Earth system. However, currently Earth scientists, educators, and students have met two major barriers that prevent them from being effectively using computational approaches in their learning, research and application activities. The two barriers are: 1) difficulties in finding, obtaining, and using multi-source ES data; and 2) lack of analytic functions and computing resources (e.g., analysis software, computing models, and high performance computing systems) to analyze the data. Taking advantages of recent advances in cyberinfrastructure, Web service, and geospatial interoperability technologies, GeoBrain, a project funded by NASA, has developed a prototype computational cyber-laboratory to effectively remove the two barriers. The cyber-laboratory makes ES data and computational resources at large organizations in distributed locations available to and easily usable by the Earth science community through 1) enabling seamless discovery, access and retrieval of distributed data, 2) federating and enhancing data discovery with a catalogue federation service and a semantically-augmented catalogue service, 3) customizing data access and retrieval at user request with interoperable, personalized, and on-demand data access and services, 4) automating or semi-automating multi-source geospatial data integration, 5) developing a large number of analytic functions as value-added, interoperable, and dynamically chainable geospatial Web services and deploying them in high-performance computing facilities, 6) enabling the online geospatial process modeling and execution, and 7) building a user-friendly extensible web portal for users to access the cyber-laboratory resources. Users can interactively discover the needed data and perform on-demand data analysis and modeling through the web portal. The GeoBrain cyber-laboratory provides solutions to meet common needs of ES research and education, such as, distributed data access and analysis services, easy access to and use of ES data, and enhanced geoprocessing and geospatial modeling capability. It greatly facilitates ES research, education, and applications. The development of the cyber-laboratory provides insights, lessons-learned, and technology readiness to build more capable computing infrastructure for ES studies, which can meet wide-range needs of current and future generations of scientists, researchers, educators, and students for their formal or informal educational training, research projects, career development, and lifelong learning.

Dataset of anomalies and malicious acts in a cyber-physical subsystem.

PubMed

Laso, Pedro Merino; Brosset, David; Puentes, John

2017-10-01

This article presents a dataset produced to investigate how data and information quality estimations enable to detect aNomalies and malicious acts in cyber-physical systems. Data were acquired making use of a cyber-physical subsystem consisting of liquid containers for fuel or water, along with its automated control and data acquisition infrastructure. Described data consist of temporal series representing five operational scenarios - Normal, aNomalies, breakdown, sabotages, and cyber-attacks - corresponding to 15 different real situations. The dataset is publicly available in the .zip file published with the article, to investigate and compare faulty operation detection and characterization methods for cyber-physical systems.

MIT Lincoln Laboratory 2011 Facts

DTIC Science & Technology

2011-01-01

currently valid OMB control number. 1. REPORT DATE 2011 2. REPORT TYPE 3. DATES COVERED 00-00-2011 to 00-00-2011 4. TITLE AND SUBTITLE MIT Lincoln...primary mission areas—space control ; air and missile defense; communication systems; intelligence, surveillance, and reconnaissance systems; advanced...electronics; tactical systems; homeland protection and chemical and biological defense; cyber security; and air traffic control . Two of the

Metaphors for cyber security.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Moore, Judy Hennessey; Parrott, Lori K.; Karas, Thomas H.

2008-08-01

This report is based upon a workshop, called 'CyberFest', held at Sandia National Laboratories on May 27-30, 2008. Participants in the workshop came from organizations both outside and inside Sandia. The premise of the workshop was that thinking about cyber security from a metaphorical perspective could lead to a deeper understanding of current approaches to cyber defense and perhaps to some creative new approaches. A wide range of metaphors was considered, including those relating to: military and other types of conflict, biological, health care, markets, three-dimensional space, and physical asset protection. These in turn led to consideration of a varietymore » of possible approaches for improving cyber security in the future. From the proposed approaches, three were formulated for further discussion. These approaches were labeled 'Heterogeneity' (drawing primarily on the metaphor of biological diversity), 'Motivating Secure Behavior' (taking a market perspective on the adoption of cyber security measures) and 'Cyber Wellness' (exploring analogies with efforts to improve individual and public health).« less

Perceived Parenting and Adolescent Cyber-Bullying: Examining the Intervening Role of Autonomy and Relatedness Need Satisfaction, Empathic Concern and Recognition of Humanness.

PubMed

Fousiani, Kyriaki; Dimitropoulou, Panagiota; Michaelides, Michalis P; Van Petegem, Stijn

Due to the progress in information technology, cyber-bullying is becoming one of the most common forms of interpersonal harm, especially among teenagers. The present study ( N  = 548) aimed to investigate the relation between perceived parenting style (in terms of autonomy support and psychological control) and cyber-bullying in adolescence. Thereby, the study tested for the intervening role of adolescent need satisfaction (i.e., autonomy and relatedness), empathic concern towards others, and adolescents' recognition of full humanness to cyber-bullying offenders and victims. Findings revealed both a direct and an indirect relation between parenting and cyber-bullying. More specifically, parental psychological control directly predicted cyber-bullying, whereas parental autonomy support related to less cyber-bullying indirectly, as it was associated with the satisfaction of adolescents' need for autonomy, which predicted more empathic concern towards others, which in turn differentially related to recognition of humanness to victims and bullies. The discussion focuses on the implications of the current findings.

Development concepts of a Smart Cyber Operating Theater (SCOT) using ORiN technology.

PubMed

Okamoto, Jun; Masamune, Ken; Iseki, Hiroshi; Muragaki, Yoshihiro

2018-02-23

Currently, networking has not progressed in the treatment room. Almost every medical device in the treatment room operates as a stand-alone device. In this project, we aim to develop a networked operating room called "Smart Cyber Operating Theater (SCOT)". Medical devices are connected using Open Resource interface for the Network (ORiN) technology. In this paper, we describe the concept of the SCOT project. SCOT is integrated using the communication interface ORiN, which was originally developed for industry. One feature of ORiN is that the system can be constructed flexibly. ORiN creates abstracts of the same type of devices and increases the robustness of the system for device exchange. By using ORiN technology, we are developing new applications, such as decision-making navigation or a precision guided treatment system.

Using CyberShake Workflows to Manage Big Seismic Hazard Data on Large-Scale Open-Science HPC Resources

NASA Astrophysics Data System (ADS)

Callaghan, S.; Maechling, P. J.; Juve, G.; Vahi, K.; Deelman, E.; Jordan, T. H.

2015-12-01

The CyberShake computational platform, developed by the Southern California Earthquake Center (SCEC), is an integrated collection of scientific software and middleware that performs 3D physics-based probabilistic seismic hazard analysis (PSHA) for Southern California. CyberShake integrates large-scale and high-throughput research codes to produce probabilistic seismic hazard curves for individual locations of interest and hazard maps for an entire region. A recent CyberShake calculation produced about 500,000 two-component seismograms for each of 336 locations, resulting in over 300 million synthetic seismograms in a Los Angeles-area probabilistic seismic hazard model. CyberShake calculations require a series of scientific software programs. Early computational stages produce data used as inputs by later stages, so we describe CyberShake calculations using a workflow definition language. Scientific workflow tools automate and manage the input and output data and enable remote job execution on large-scale HPC systems. To satisfy the requests of broad impact users of CyberShake data, such as seismologists, utility companies, and building code engineers, we successfully completed CyberShake Study 15.4 in April and May 2015, calculating a 1 Hz urban seismic hazard map for Los Angeles. We distributed the calculation between the NSF Track 1 system NCSA Blue Waters, the DOE Leadership-class system OLCF Titan, and USC's Center for High Performance Computing. This study ran for over 5 weeks, burning about 1.1 million node-hours and producing over half a petabyte of data. The CyberShake Study 15.4 results doubled the maximum simulated seismic frequency from 0.5 Hz to 1.0 Hz as compared to previous studies, representing a factor of 16 increase in computational complexity. We will describe how our workflow tools supported splitting the calculation across multiple systems. We will explain how we modified CyberShake software components, including GPU implementations and migrating from file-based communication to MPI messaging, to greatly reduce the I/O demands and node-hour requirements of CyberShake. We will also present performance metrics from CyberShake Study 15.4, and discuss challenges that producers of Big Data on open-science HPC resources face moving forward.

Developing information-space Confidence Building Measures (CBMs) between India and Pakistan

DOE Office of Scientific and Technical Information (OSTI.GOV)

Yamin, Tughral

The Internet has changed the world in ways hitherto unknown. The international financial system, air, land and maritime transport systems are all digitally linked. Similarly most militaries are fully or partially networked. This has not only sped up the decision making processes at all levels, it has also rendered these systems vulnerable to cyber-attacks. Cyber-warfare is now recognized as the most potent form of non-kinetic war fighting. In order to prevent large scale network-attacks, cyber-powers are simultaneously spending a lot of time, money and effort to erect redundant cyber-defenses and enhancing their offensive cyber capabilities. Difficulties in creating a stablemore » environment in information-space stem from differing national perceptions regarding the freedom of the Internet, application of international law and problems associated with attribution. This paper discusses a range of Confidence Building Measures that can be created between India and Pakistan in information-space to control malicious cyber behavior and avert an inadvertent war.« less

Cybersecurity Awareness in the Power Grid

DOE Office of Scientific and Technical Information (OSTI.GOV)

Scholtz, Jean; Franklin, Lyndsey; Le Blanc, Katya L.

2016-07-10

We report on a series of interviews and observations conducted with control room dispatchers in a bulk electrical system. These dispatchers must react quickly to incidents as they happen in order to ensure the reliability and safe operation of the power grid. They do not have the time to evaluate incidents for signs of cyber-attack as part of their initial response. Cyber-attack detection involves multiple personnel from a variety of roles at both local and regional levels. Smart grid technology will improve detection and defense capabilities of the future grid, however, the current infrastructure remains a mixture of old andmore » new equipment which will continue to operate for some time. Thus, research still needs to focus on strategies for the detection of malicious activity on current infrastructure as well as protection and remediation.« less

75 FR 52518 - Meeting of the Chief of Naval Operations (CNO) Executive Panel

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-26

...The Chief of Naval Operations (CNO) Executive Panel will report on the findings and recommendations of the Cyber Warfare Subcommittee to the CNO. The meeting will consist of discussions of current and future Navy strategy, plans, and policies in support of the organizing, manning, training, and equipping of Cyber Warfare forces for current and future operations.

Towards Resilient Critical Infrastructures: Application of Type-2 Fuzzy Logic in Embedded Network Security Cyber Sensor

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ondrej Linda; Todd Vollmer; Jim Alves-Foss

2011-08-01

Resiliency and cyber security of modern critical infrastructures is becoming increasingly important with the growing number of threats in the cyber-environment. This paper proposes an extension to a previously developed fuzzy logic based anomaly detection network security cyber sensor via incorporating Type-2 Fuzzy Logic (T2 FL). In general, fuzzy logic provides a framework for system modeling in linguistic form capable of coping with imprecise and vague meanings of words. T2 FL is an extension of Type-1 FL which proved to be successful in modeling and minimizing the effects of various kinds of dynamic uncertainties. In this paper, T2 FL providesmore » a basis for robust anomaly detection and cyber security state awareness. In addition, the proposed algorithm was specifically developed to comply with the constrained computational requirements of low-cost embedded network security cyber sensors. The performance of the system was evaluated on a set of network data recorded from an experimental cyber-security test-bed.« less

Operational advantages of using Cyber Electronic Warfare (CEW) in the battlefield

NASA Astrophysics Data System (ADS)

Yasar, Nurgul; Yasar, Fatih M.; Topcu, Yucel

2012-06-01

While cyberspace is emerging as a new battlefield, conventional Electronic Warfare (EW) methods and applications are likely to change. Cyber Electronic Warfare (CEW) concept which merges cyberspace capabilities with traditional EW methods, is a new and enhanced form of the electronic attack. In this study, cyberspace domain of the battlefield is emphazised and the feasibility of integrating Cyber Warfare (CW) concept into EW measures is researched. The SWOT (Strengths, Weaknesses, Opportunities and Threats) analysis method is used to state the operational advantages of using CEW concept in the battlefield. The operational advantages of CEW are assessed by means of its effects on adversary air defense systems, communication networks and information systems. Outstanding technological and operational difficulties are pointed out as well. As a result, a comparison of CEW concept and conventional EW applications is presented. It is concluded that, utilization of CEW concept is feasible at the battlefield and it may yield important operational advantages. Even though the computers of developed military systems are less complex than normal computers, they are not subjected to cyber threats since they are closed systems. This concept intends to show that these closed systems are also open to the cyber threats. As a result of the SWOT analysis, CEW concept provides Air Forces to be used in cyber operations effectively. On the other hand, since its Collateral Damage Criteria (CDC) is low, the usage of cyber electronic attack systems seems to grow up.

Detection of complex cyber attacks

NASA Astrophysics Data System (ADS)

Gregorio-de Souza, Ian; Berk, Vincent H.; Giani, Annarita; Bakos, George; Bates, Marion; Cybenko, George; Madory, Doug

2006-05-01

One significant drawback to currently available security products is their inabilty to correlate diverse sensor input. For instance, by only using network intrusion detection data, a root kit installed through a weak username-password combination may go unnoticed. Similarly, an administrator may never make the link between deteriorating response times from the database server and an attacker exfiltrating trusted data, if these facts aren't presented together. Current Security Information Management Systems (SIMS) can collect and represent diverse data but lack sufficient correlation algorithms. By using a Process Query System, we were able to quickly bring together data flowing from many sources, including NIDS, HIDS, server logs, CPU load and memory usage, etc. We constructed PQS models that describe dynamic behavior of complicated attacks and failures, allowing us to detect and differentiate simultaneous sophisticated attacks on a target network. In this paper, we discuss the benefits of implementing such a multistage cyber attack detection system using PQS. We focus on how data from multiple sources can be combined and used to detect and track comprehensive network security events that go unnoticed using conventional tools.

IEC 61850: Technology Standards and Cyber-Security Threats

DOE Office of Scientific and Technical Information (OSTI.GOV)

Youssef, Tarek A; El Hariri, mohamed; Bugay, Nicole

Substations constitute a fundamental part in providing reliable electricity to consumers. For a substation to maintain electricity reliability and its own real-time operability, communication between its components is inevitable. Before the emergence of IEC 61850, inter-substation communication was established via expensive copper wires with limited capabilities. IEC 61850 is the standard set by the International Electrotechnical Commission (IEC) Technical Committee Number 57 Working Group 10 and IEEE for Ethernet (IEEE 802.3)-based communication in electrical substations. Like many power grid systems standards, IEC 61850 was set without extensive consideration for critical security measures. This paper discusses IEC 61850 technology standards andmore » applications thoroughly and points out major security vulnerabilities it introduces in the context of current cyber-physical smart grid systems.« less

DETERMINING ELECTRONIC AND CYBER ATTACK RISK LEVEL FOR UNMANNED AIRCRAFT IN A CONTESTED ENVIRONMENT

DTIC Science & Technology

2016-08-01

AIR COMMAND AND STAFF COLLEGE AIR UNIVERSITY DETERMINING ELECTRONIC AND CYBER ATTACK RISK LEVEL FOR UNMANNED AIRCRAFT IN A CONTESTED ENVIRONMENT...iii ABSTRACT During operations in a contested air environment, adversary electronic warfare (EW) and cyber-attack capability will pose a high...10 Russian Federation Electronic Warfare Systems ...................................................12 Chinese Cyber Warfare Program

Time-Centric Models For Designing Embedded Cyber-physical Systems

DTIC Science & Technology

2009-10-09

Time -centric Models For Designing Embedded Cyber- physical Systems John C. Eidson Edward A. Lee Slobodan Matic Sanjit A. Seshia Jia Zou Electrical... Time -centric Models For Designing Embedded Cyber-physical Systems ∗ John C. Eidson , Edward A. Lee, Slobodan Matic, Sanjit A. Seshia, Jia Zou...implementations, such a uniform notion of time cannot be precisely realized. Time triggered networks [10] and time synchronization [9] can be used to

Designing and Evaluating Participatory Cyber-Infrastructure Systems for Multi-Scale Citizen Science

ERIC Educational Resources Information Center

Newman, Gregory J.

2010-01-01

Widespread and continuous spatial and temporal environmental data is essential for effective environmental monitoring, sustainable natural resource management, and ecologically responsible decisions. Our environmental monitoring, data management and reporting enterprise is not matched to current problems, concerns, and decision-making needs.…

Cyber and physical equipment digital control system in Industry 4.0 item designing company

NASA Astrophysics Data System (ADS)

Gurjanov, A. V.; Zakoldaev, D. A.; Shukalov, A. V.; Zharinov, I. O.

2018-05-01

The problem of organization of digital control of the item designing company equipped with cyber and physical systems is being studied. A scheme of cyber and physical systems and personnel interaction in the Industry 4.0 smart factory company is presented. A scheme of assembly units transportation in the Industry 4.0 smart factory company is provided. A scheme of digital control system in the Industry 4.0 smart factory company is given.

Autonomous perception and decision making in cyber-physical systems

NASA Astrophysics Data System (ADS)

Sarkar, Soumik

2011-07-01

The cyber-physical system (CPS) is a relatively new interdisciplinary technology area that includes the general class of embedded and hybrid systems. CPSs require integration of computation and physical processes that involves the aspects of physical quantities such as time, energy and space during information processing and control. The physical space is the source of information and the cyber space makes use of the generated information to make decisions. This dissertation proposes an overall architecture of autonomous perception-based decision & control of complex cyber-physical systems. Perception involves the recently developed framework of Symbolic Dynamic Filtering for abstraction of physical world in the cyber space. For example, under this framework, sensor observations from a physical entity are discretized temporally and spatially to generate blocks of symbols, also called words that form a language. A grammar of a language is the set of rules that determine the relationships among words to build sentences. Subsequently, a physical system is conjectured to be a linguistic source that is capable of generating a specific language. The proposed technology is validated on various (experimental and simulated) case studies that include health monitoring of aircraft gas turbine engines, detection and estimation of fatigue damage in polycrystalline alloys, and parameter identification. Control of complex cyber-physical systems involve distributed sensing, computation, control as well as complexity analysis. A novel statistical mechanics-inspired complexity analysis approach is proposed in this dissertation. In such a scenario of networked physical systems, the distribution of physical entities determines the underlying network topology and the interaction among the entities forms the abstract cyber space. It is envisioned that the general contributions, made in this dissertation, will be useful for potential application areas such as smart power grids and buildings, distributed energy systems, advanced health care procedures and future ground and air transportation systems.

Cyber Security for Lighting Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

None

Fact sheet discusses cyber threats unique to lighting control systems in buildings and helps facility managers identify the types of lighting control systems that could introduce cybersecurity risks. Download the fact sheet.

The AFIT of Today is the Air Force of Tomorrow

DTIC Science & Technology

2012-05-11

Engineering • Operations Research • Space Systems • Systems Engineering • Air Mobility • Combating Weapons of Mass Destruction • Cost Analysis • Cyber...Fight - Win Graduate Certificate Programs • Systems Engineering • Space Systems • Advanced Geospatial Intelligence • Combating Weapons of Mass ...over five years • Critical enabler for SSA: extending the satellite catalog to small objects Current Works: • Converting satellite catalog to KAM Tori

CyberPetri at CDX 2016: Real-time Network Situation Awareness

DOE Office of Scientific and Technical Information (OSTI.GOV)

Arendt, Dustin L.; Best, Daniel M.; Burtner, Edwin R.

CyberPetri is a novel visualization technique that provides a flexible map of the network based on available characteristics, such as IP address, operating system, or service. Previous work introduced CyberPetri as a visualization feature in Ocelot, a network defense tool that helped security analysts understand and respond to an active defense scenario. In this paper we present a case study in which we use the CyberPetri visualization technique to support real-time situation awareness during the 2016 Cyber Defense Exercise.

Cyber situational awareness and differential hardening

NASA Astrophysics Data System (ADS)

Dwivedi, Anurag; Tebben, Dan

2012-06-01

The advent of cyber threats has created a need for a new network planning, design, architecture, operations, control, situational awareness, management, and maintenance paradigms. Primary considerations include the ability to assess cyber attack resiliency of the network, and rapidly detect, isolate, and operate during deliberate simultaneous attacks against the network nodes and links. Legacy network planning relied on automatic protection of a network in the event of a single fault or a very few simultaneous faults in mesh networks, but in the future it must be augmented to include improved network resiliency and vulnerability awareness to cyber attacks. Ability to design a resilient network requires the development of methods to define, and quantify the network resiliency to attacks, and to be able to develop new optimization strategies for maintaining operations in the midst of these newly emerging cyber threats. Ways to quantify resiliency, and its use in visualizing cyber vulnerability awareness and in identifying node or link criticality, are presented in the current work, as well as a methodology of differential network hardening based on the criticality profile of cyber network components.

AN ANTIFRAGILE APPROACH TO PREPARING FOR CYBER CONFLICT

DTIC Science & Technology

2017-04-05

Cyber Strategic Approach The need to protect critical infrastructure, sensitive unclassified and classified data, and Command and Control systems that...high-reward approaches , particularly those that are non -material in nature. Finally, a systemic focus on feedback, memory and continuous...AIR WAR COLLEGE AIR UNIVERSITY AN ANTIFRAGILE APPROACH TO PREPARING FOR CYBER CONFLICT by Lance Baxter, Lt Col, USAF A Research

Simulating cyber warfare and cyber defenses: information value considerations

NASA Astrophysics Data System (ADS)

Stytz, Martin R.; Banks, Sheila B.

2011-06-01

Simulating cyber warfare is critical to the preparation of decision-makers for the challenges posed by cyber attacks. Simulation is the only means we have to prepare decision-makers for the inevitable cyber attacks upon the information they will need for decision-making and to develop cyber warfare strategies and tactics. Currently, there is no theory regarding the strategies that should be used to achieve objectives in offensive or defensive cyber warfare, and cyber warfare occurs too rarely to use real-world experience to develop effective strategies. To simulate cyber warfare by affecting the information used for decision-making, we modify the information content of the rings that are compromised during in a decision-making context. The number of rings affected and value of the information that is altered (i.e., the closeness of the ring to the center) is determined by the expertise of the decision-maker and the learning outcome(s) for the simulation exercise. We determine which information rings are compromised using the probability that the simulated cyber defenses that protect each ring can be compromised. These probabilities are based upon prior cyber attack activity in the simulation exercise as well as similar real-world cyber attacks. To determine which information in a compromised "ring" to alter, the simulation environment maintains a record of the cyber attacks that have succeeded in the simulation environment as well as the decision-making context. These two pieces of information are used to compute an estimate of the likelihood that the cyber attack can alter, destroy, or falsify each piece of information in a compromised ring. The unpredictability of information alteration in our approach adds greater realism to the cyber event. This paper suggests a new technique that can be used for cyber warfare simulation, the ring approach for modeling context-dependent information value, and our means for considering information value when assigning cyber resources to information protection tasks. The first section of the paper introduces the cyber warfare simulation challenge and the reasons for its importance. The second section contains background information related to our research. The third section contains a discussion of the information ring technique and its use for simulating cyber attacks. The fourth section contains a summary and suggestions for research.

DSB Task Force on Cyber Supply Chain

DTIC Science & Technology

2017-04-01

seeking to exploit a maliciously inserted vulnerability must execute each step in the kill chain:  Intelligence and planning: gathering...are intended to take a comprehensive approach in considering all aspects of system security, including cybersecurity , and address initial steps to...specific integrated circuits (ASICs). That need is likely to grow for systems that support intelligent or autonomous capabilities. The current

Propagating Mixed Uncertainties in Cyber Attacker Payoffs: Exploration of Two-Phase Monte Carlo Sampling and Probability Bounds Analysis

DOE Office of Scientific and Technical Information (OSTI.GOV)

Chatterjee, Samrat; Tipireddy, Ramakrishna; Oster, Matthew R.

Securing cyber-systems on a continual basis against a multitude of adverse events is a challenging undertaking. Game-theoretic approaches, that model actions of strategic decision-makers, are increasingly being applied to address cybersecurity resource allocation challenges. Such game-based models account for multiple player actions and represent cyber attacker payoffs mostly as point utility estimates. Since a cyber-attacker’s payoff generation mechanism is largely unknown, appropriate representation and propagation of uncertainty is a critical task. In this paper we expand on prior work and focus on operationalizing the probabilistic uncertainty quantification framework, for a notional cyber system, through: 1) representation of uncertain attacker andmore » system-related modeling variables as probability distributions and mathematical intervals, and 2) exploration of uncertainty propagation techniques including two-phase Monte Carlo sampling and probability bounds analysis.« less

Formulation of Policy for Cyber Crime in Criminal Law Revision Concept of Bill Book of Criminal Law (A New Penal Code)

NASA Astrophysics Data System (ADS)

Soponyono, Eko; Deva Bernadhi, Brav

2017-04-01

Development of national legal systems is aimed to establish the public welfare and the protection of the public. Many attempts has been carried out to renew material criminal law and those efforts results in the formulation of the concept of the draft Law Book of the Law of Criminal Law in the form of concept criminal code draft. The basic ideas in drafting rules and regulation based on the values inside the idology of Pancasila are balance among various norm and rules in society. The design concept of the New Criminal Code Act is anticipatory and proactive to formulate provisions on Crime in Cyberspace and Crime on Information and Electronic Transactions. Several issues compiled in this paper are whether the policy in formulation of cyber crime is embodied in the provisions of the current legislation and what the policies formulation of cyber crime is in the concept of the bill book of law - criminal law recently?.

Experiences with explicit finite-difference schemes for complex fluid dynamics problems on STAR-100 and CYBER-203 computers

NASA Technical Reports Server (NTRS)

Kumar, A.; Rudy, D. H.; Drummond, J. P.; Harris, J. E.

1982-01-01

Several two- and three-dimensional external and internal flow problems solved on the STAR-100 and CYBER-203 vector processing computers are described. The flow field was described by the full Navier-Stokes equations which were then solved by explicit finite-difference algorithms. Problem results and computer system requirements are presented. Program organization and data base structure for three-dimensional computer codes which will eliminate or improve on page faulting, are discussed. Storage requirements for three-dimensional codes are reduced by calculating transformation metric data in each step. As a result, in-core grid points were increased in number by 50% to 150,000, with a 10% execution time increase. An assessment of current and future machine requirements shows that even on the CYBER-205 computer only a few problems can be solved realistically. Estimates reveal that the present situation is more storage limited than compute rate limited, but advancements in both storage and speed are essential to realistically calculate three-dimensional flow.

Moving Secure Software Assurance into Higher Education: A Roadmap for Change

DTIC Science & Technology

2011-06-02

Summarized: The Issue: 6/2/20118 Software defects are currently a fact of life Software defects are avenues of security vulnerabilities that cyber ... criminals , terrorists, or hostile nations can exploit. We (THE ENTIRE INDUSTY) need to change the way we build systems Decrease the number of defects

Adolescent predictors of young adult cyber-bullying perpetration and victimization among Australian youth

PubMed Central

Hemphill, Sheryl A.; Heerde, Jessica A.

2014-01-01

Purpose The purpose of the current paper was to examine the adolescent risk and protective factors (at the individual, peer group, and family level) for young adult cyber-bullying perpetration and victimization. Methods Data from 2006 (Grade 9) to 2010 (young adulthood) were analyzed from a community sample of 927 Victorian students originally recruited as a state-wide representative sample in Grade 5 (age 10–11 years) in 2002 and followed up to age 18–19 years in 2010 (N = 809). Participants completed a self-report survey on adolescent risk and protective factors and traditional and cyber-bullying perpetration and victimization, and young adult cyber-bullying perpetration and victimization. Results As young adults, 5.1% self-reported cyber-bullying perpetration only, 5.0% cyber-bullying victimization only, and 9.5% reported both cyber-bullying perpetration and victimization. In fully adjusted logistic regression analyses, the adolescent predictors of cyber-bullying perpetration only were traditional bullying perpetration, traditional bullying perpetration and victimization, and poor family management. For young adulthood cyber-bullying victimization only, the adolescent predictor was emotion control. The adolescent predictors for young adult cyber-bullying perpetration and victimization were traditional bullying perpetration and cyber-bullying perpetration and victimization. Conclusions Based on the results of this study, possible targets for prevention and early intervention are reducing adolescent involvement in (traditional or cyber-) bullying through the development of social skills and conflict resolution skills. In addition, another important prevention target is to support families with adolescents to ensure they set clear rules and monitor adolescent’s behavior. Universal programs that assist adolescents to develop skills in emotion control are warranted. PMID:24939014

Cyber Risk Management for Critical Infrastructure: A Risk Analysis Model and Three Case Studies.

PubMed

Paté-Cornell, M-Elisabeth; Kuypers, Marshall; Smith, Matthew; Keller, Philip

2018-02-01

Managing cyber security in an organization involves allocating the protection budget across a spectrum of possible options. This requires assessing the benefits and the costs of these options. The risk analyses presented here are statistical when relevant data are available, and system-based for high-consequence events that have not happened yet. This article presents, first, a general probabilistic risk analysis framework for cyber security in an organization to be specified. It then describes three examples of forward-looking analyses motivated by recent cyber attacks. The first one is the statistical analysis of an actual database, extended at the upper end of the loss distribution by a Bayesian analysis of possible, high-consequence attack scenarios that may happen in the future. The second is a systems analysis of cyber risks for a smart, connected electric grid, showing that there is an optimal level of connectivity. The third is an analysis of sequential decisions to upgrade the software of an existing cyber security system or to adopt a new one to stay ahead of adversaries trying to find their way in. The results are distributions of losses to cyber attacks, with and without some considered countermeasures in support of risk management decisions based both on past data and anticipated incidents. © 2017 Society for Risk Analysis.

Resurrecting Letters of Marque and Reprisal to Address Modern Threats

DTIC Science & Technology

2013-03-01

history 4 and economics. Unfortunately, bringing maritime pirates and cyber criminals to justice has proven difficult under current norms of... cyber criminals have cost companies and consumers hundreds of millions of dollars and valuable intellectual property.79 The National Security Strategy

Breaking the cyber-security dilemma: aligning security needs and removing vulnerabilities.

PubMed

Dunn Cavelty, Myriam

2014-09-01

Current approaches to cyber-security are not working. Rather than producing more security, we seem to be facing less and less. The reason for this is a multi-dimensional and multi-faceted security dilemma that extends beyond the state and its interaction with other states. It will be shown how the focus on the state and "its" security crowds out consideration for the security of the individual citizen, with detrimental effects on the security of the whole system. The threat arising from cyberspace to (national) security is presented as possible disruption to a specific way of life, one building on information technologies and critical functions of infrastructures, with relatively little consideration for humans directly. This non-focus on people makes it easier for state actors to militarize cyber-security and (re-)assert their power in cyberspace, thereby overriding the different security needs of human beings in that space. Paradoxically, the use of cyberspace as a tool for national security, both in the dimension of war fighting and the dimension of mass-surveillance, has detrimental effects on the level of cyber-security globally. A solution out of this dilemma is a cyber-security policy that is decidedly anti-vulnerability and at the same time based on strong considerations for privacy and data protection. Such a security would have to be informed by an ethics of the infosphere that is based on the dignity of information related to human beings.

Cross-Layer Damage Assessment for Cyber Situational Awareness

NASA Astrophysics Data System (ADS)

Liu, Peng; Jia, Xiaoqi; Zhang, Shengzhi; Xiong, Xi; Jhi, Yoon-Chan; Bai, Kun; Li, Jason

Damage assessment plays a very important role in securing enterprise networks and systems. Gaining good awareness about the effects and impact of cyber attack actions would enable security officers to make the right cyber defense decisions and take the right cyber defense actions. A good number of damage assessment techniques have been proposed in the literature, but they typically focus on a single abstraction level (of the software system in concern). As a result, existing damage assessment techniques and tools are still very limited in satisfying the needs of comprehensive damage assessment which should not result in any “blind spots”.

A Cyber Security Self-Assessment Method for Nuclear Power Plants

DOE Office of Scientific and Technical Information (OSTI.GOV)

Glantz, Clifford S.; Coles, Garill A.; Bass, Robert B.

2004-11-01

A cyber security self-assessment method (the Method) has been developed by Pacific Northwest National Laboratory. The development of the Method was sponsored and directed by the U.S. Nuclear Regulatory Commission. Members of the Nuclear Energy Institute Cyber Security Task Force also played a substantial role in developing the Method. The Method's structured approach guides nuclear power plants in scrutinizing their digital systems, assessing the potential consequences to the plant of a cyber exploitation, identifying vulnerabilities, estimating cyber security risks, and adopting cost-effective protective measures. The focus of the Method is on critical digital assets. A critical digital asset is amore » digital device or system that plays a role in the operation, maintenance, or proper functioning of a critical system (i.e., a plant system that can impact safety, security, or emergency preparedness). A critical digital asset may have a direct or indirect connection to a critical system. Direct connections include both wired and wireless communication pathways. Indirect connections include sneaker-net pathways by which software or data are manually transferred from one digital device to another. An indirect connection also may involve the use of instructions or data stored on a critical digital asset to make adjustments to a critical system. The cyber security self-assessment begins with the formation of an assessment team, and is followed by a six-stage process.« less

Adolescents' Involvement in Cyber Bullying and Perceptions of School: The Importance of Perceived Peer Acceptance for Female Adolescents.

PubMed

Betts, Lucy R; Spenser, Karin A; Gardner, Sarah E

2017-01-01

Young people are spending increasing amounts of time using digital technology and, as such, are at great risk of being involved in cyber bullying as a victim, bully, or bully/victim. Despite cyber bullying typically occurring outside the school environment, the impact of being involved in cyber bullying is likely to spill over to school. Fully 285 11- to 15-year-olds (125 male and 160 female, M age  = 12.19 years, SD  = 1.03) completed measures of cyber bullying involvement, self-esteem, trust, perceived peer acceptance, and perceptions of the value of learning and the importance of school. For young women, involvement in cyber bullying as a victim, bully, or bully/victim negatively predicted perceptions of learning and school, and perceived peer acceptance mediated this relationship. The results indicated that involvement in cyber bullying negatively predicted perceived peer acceptance which, in turn, positively predicted perceptions of learning and school. For young men, fulfilling the bully/victim role negatively predicted perceptions of learning and school. Consequently, for young women in particular, involvement in cyber bullying spills over to impact perceptions of learning. The findings of the current study highlight how stressors external to the school environment can adversely impact young women's perceptions of school and also have implications for the development of interventions designed to ameliorate the effects of cyber bullying.

Game Theory and Uncertainty Quantification for Cyber Defense Applications

DOE Office of Scientific and Technical Information (OSTI.GOV)

Chatterjee, Samrat; Halappanavar, Mahantesh; Tipireddy, Ramakrishna

Cyber-system defenders face the challenging task of protecting critical assets and information continually against multiple types of malicious attackers. Defenders typically operate within resource constraints while attackers operate at relatively low costs. As a result, design and development of resilient cyber-systems that can support mission goals under attack while accounting for the dynamics between attackers and defenders is an important research problem.

DOE Office of Scientific and Technical Information (OSTI.GOV)

MacDonald, Douglas G.; Clements, Samuel L.; Patrick, Scott W.

Securing high value and critical assets is one of the biggest challenges facing this nation and others around the world. In modern integrated systems, there are four potential modes of attack available to an adversary: • physical only attack, • cyber only attack, • physical-enabled cyber attack, • cyber-enabled physical attack. Blended attacks involve an adversary working in one domain to reduce system effectiveness in another domain. This enables the attacker to penetrate further into the overall layered defenses. Existing vulnerability assessment (VA) processes and software tools which predict facility vulnerabilities typically evaluate the physical and cyber domains separately. Vulnerabilitiesmore » which result from the integration of cyber-physical control systems are not well characterized and are often overlooked by existing assessment approaches. In this paper, we modified modification of the timely detection methodology, used for decades in physical security VAs, to include cyber components. The Physical and Cyber Risk Analysis Tool (PACRAT) prototype illustrates an integrated vulnerability assessment that includes cyber-physical interdependencies. Information about facility layout, network topology, and emplaced safeguards is used to evaluate how well suited a facility is to detect, delay, and respond to attacks, to identify the pathways most vulnerable to attack, and to evaluate how often safeguards are compromised for a given threat or adversary type. We have tested the PACRAT prototype on critical infrastructure facilities and the results are promising. Future work includes extending the model to prescribe the recommended security improvements via an automated cost-benefit analysis.« less

Vectorization of transport and diffusion computations on the CDC Cyber 205

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abu-Shumays, I.K.

1986-01-01

The development and testing of alternative numerical methods and computational algorithms specifically designed for the vectorization of transport and diffusion computations on a Control Data Corporation (CDC) Cyber 205 vector computer are described. Two solution methods for the discrete ordinates approximation to the transport equation are summarized and compared. Factors of 4 to 7 reduction in run times for certain large transport problems were achieved on a Cyber 205 as compared with run times on a CDC-7600. The solution of tridiagonal systems of linear equations, central to several efficient numerical methods for multidimensional diffusion computations and essential for fluid flowmore » and other physics and engineering problems, is also dealt with. Among the methods tested, a combined odd-even cyclic reduction and modified Cholesky factorization algorithm for solving linear symmetric positive definite tridiagonal systems is found to be the most effective for these systems on a Cyber 205. For large tridiagonal systems, computation with this algorithm is an order of magnitude faster on a Cyber 205 than computation with the best algorithm for tridiagonal systems on a CDC-7600.« less

Positioning navigation and timing service applications in cyber physical systems

NASA Astrophysics Data System (ADS)

Qu, Yi; Wu, Xiaojing; Zeng, Lingchuan

2017-10-01

The positioning navigation and timing (PNT) architecture was discussed in detail, whose history, evolvement, current status and future plan were presented, main technologies were listed, advantages and limitations of most technologies were compared, novel approaches were introduced, and future capacities were sketched. The concept of cyber-physical system (CPS) was described and their primary features were interpreted. Then the three-layer architecture of CPS was illustrated. Next CPS requirements on PNT services were analyzed, including requirements on position reference and time reference, requirements on temporal-spatial error monitor, requirements on dynamic services, real-time services, autonomous services, security services and standard services. Finally challenges faced by PNT applications in CPS were concluded. The conclusion was expected to facilitate PNT applications in CPS, and furthermore to provide references to the design and implementation of both architectures.

Cyber War: The Next Frontier for NATO

DTIC Science & Technology

2015-03-01

cyber-attacks as a way to advance their agenda. Common examples of cyber- attacks include computer viruses, worms , malware, and distributed denial of...take advantage of security holes and cause damage to computer systems, steal financial data, or acquire sensitive secrets. As technology becomes

Cyber Incidents Involving Control Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Robert J. Turk

2005-10-01

The Analysis Function of the US-CERT Control Systems Security Center (CSSC) at the Idaho National Laboratory (INL) has prepared this report to document cyber security incidents for use by the CSSC. The description and analysis of incidents reported herein support three CSSC tasks: establishing a business case; increasing security awareness and private and corporate participation related to enhanced cyber security of control systems; and providing informational material to support model development and prioritize activities for CSSC. The stated mission of CSSC is to reduce vulnerability of critical infrastructure to cyber attack on control systems. As stated in the Incident Managementmore » Tool Requirements (August 2005) ''Vulnerability reduction is promoted by risk analysis that tracks actual risk, emphasizes high risk, determines risk reduction as a function of countermeasures, tracks increase of risk due to external influence, and measures success of the vulnerability reduction program''. Process control and Supervisory Control and Data Acquisition (SCADA) systems, with their reliance on proprietary networks and hardware, have long been considered immune to the network attacks that have wreaked so much havoc on corporate information systems. New research indicates this confidence is misplaced--the move to open standards such as Ethernet, Transmission Control Protocol/Internet Protocol, and Web technologies is allowing hackers to take advantage of the control industry's unawareness. Much of the available information about cyber incidents represents a characterization as opposed to an analysis of events. The lack of good analyses reflects an overall weakness in reporting requirements as well as the fact that to date there have been very few serious cyber attacks on control systems. Most companies prefer not to share cyber attack incident data because of potential financial repercussions. Uniform reporting requirements will do much to make this information available to Department of Homeland Security (DHS) and others who require it. This report summarizes the rise in frequency of cyber attacks, describes the perpetrators, and identifies the means of attack. This type of analysis, when used in conjunction with vulnerability analyses, can be used to support a proactive approach to prevent cyber attacks. CSSC will use this document to evolve a standardized approach to incident reporting and analysis. This document will be updated as needed to record additional event analyses and insights regarding incident reporting. This report represents 120 cyber security incidents documented in a number of sources, including: the British Columbia Institute of Technology (BCIT) Industrial Security Incident Database, the 2003 CSI/FBI Computer Crime and Security Survey, the KEMA, Inc., Database, Lawrence Livermore National Laboratory, the Energy Incident Database, the INL Cyber Incident Database, and other open-source data. The National Memorial Institute for the Prevention of Terrorism (MIPT) database was also interrogated but, interestingly, failed to yield any cyber attack incidents. The results of this evaluation indicate that historical evidence provides insight into control system related incidents or failures; however, that the limited available information provides little support to future risk estimates. The documented case history shows that activity has increased significantly since 1988. The majority of incidents come from the Internet by way of opportunistic viruses, Trojans, and worms, but a surprisingly large number are directed acts of sabotage. A substantial number of confirmed, unconfirmed, and potential events that directly or potentially impact control systems worldwide are also identified. Twelve selected cyber incidents are presented at the end of this report as examples of the documented case studies (see Appendix B).« less

Good Things in Small Packages: Micro Worlds and Cyber Security

DOE Office of Scientific and Technical Information (OSTI.GOV)

David I Gertman

2013-11-01

Cyber events, as perpetrated by terrorists and nation states, have become commonplace as evidenced in national and international news media. Cyber attacks affect day-to-day activities of end users through exploitation of social networks, businesses such as banking and stock exchanges, and government entities including Departments of Defense. They are becoming more frequent and sophisticated. Currently, efforts are directed to understanding the methods employed by attackers and towards dissecting the planning and activities of the perpetrator, including review of psychosocial factors.

Toward Intelligent Autonomous Agents for Cyber Defense: Report of the 2017 Workshop by the North Atlantic Treaty Organization (NATO) Research Group IST-152 RTG

DTIC Science & Technology

2018-04-18

Significant research is currently conducted on dynamic learning and threat detection. However, this work is held back by gaps in validation methods ...and network path rotation (e.g., Stream Splitting MTD). Agents can also employ various cyber-deception methods , including direct observation hiding...ARL-SR-0395 ● APR 2018 US Army Research Laboratory Toward Intelligent Autonomous Agents for Cyber Defense: Report of the 2017

Toward Intelligent Autonomous Agents for Cyber Defense: Report of the 2017 Workshop by the North Atlantic Treaty Organization (NATO) Research Group IST-152-RTG

DTIC Science & Technology

2018-04-01

Significant research is currently conducted on dynamic learning and threat detection. However, this work is held back by gaps in validation methods ...and network path rotation (e.g., Stream Splitting MTD). Agents can also employ various cyber-deception methods , including direct observation hiding...ARL-SR-0395 ● APR 2018 US Army Research Laboratory Toward Intelligent Autonomous Agents for Cyber Defense: Report of the 2017

Evaluation of a Cyber Security System for Hospital Network.

PubMed

Faysel, Mohammad A

2015-01-01

Most of the cyber security systems use simulated data in evaluating their detection capabilities. The proposed cyber security system utilizes real hospital network connections. It uses a probabilistic data mining algorithm to detect anomalous events and takes appropriate response in real-time. On an evaluation using real-world hospital network data consisting of incoming network connections collected for a 24-hour period, the proposed system detected 15 unusual connections which were undetected by a commercial intrusion prevention system for the same network connections. Evaluation of the proposed system shows a potential to secure protected patient health information on a hospital network.

Cyber Security Testing and Training Programs for Industrial Control Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Daniel Noyes

2012-03-01

Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall securitymore » posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These trainings vary from web-based cyber security trainings for control systems engineers to more advanced hands-on training that culminates with a Red Team/ Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors.« less

Bullying in school and cyberspace: Associations with depressive symptoms in Swiss and Australian adolescents

PubMed Central

2010-01-01

Background Cyber-bullying (i.e., bullying via electronic means) has emerged as a new form of bullying that presents unique challenges to those victimised. Recent studies have demonstrated that there is a significant conceptual and practical overlap between both types of bullying such that most young people who are cyber-bullied also tend to be bullied by more traditional methods. Despite the overlap between traditional and cyber forms of bullying, it remains unclear if being a victim of cyber-bullying has the same negative consequences as being a victim of traditional bullying. Method The current study investigated associations between cyber versus traditional bullying and depressive symptoms in 374 and 1320 students from Switzerland and Australia respectively (52% female; Age: M = 13.8, SD = 1.0). All participants completed a bullying questionnaire (assessing perpetration and victimisation of traditional and cyber forms of bullying behaviour) in addition to scales on depressive symptoms. Results Across both samples, traditional victims and bully-victims reported more depressive symptoms than bullies and non-involved children. Importantly, victims of cyber-bullying reported significantly higher levels of depressive symptoms, even when controlling for the involvement in traditional bullying/victimisation. Conclusions Overall, cyber-victimisation emerged as an additional risk factor for depressive symptoms in adolescents involved in bullying. PMID:21092266

Impact modeling and prediction of attacks on cyber targets

NASA Astrophysics Data System (ADS)

Khalili, Aram; Michalk, Brian; Alford, Lee; Henney, Chris; Gilbert, Logan

2010-04-01

In most organizations, IT (information technology) infrastructure exists to support the organization's mission. The threat of cyber attacks poses risks to this mission. Current network security research focuses on the threat of cyber attacks to the organization's IT infrastructure; however, the risks to the overall mission are rarely analyzed or formalized. This connection of IT infrastructure to the organization's mission is often neglected or carried out ad-hoc. Our work bridges this gap and introduces analyses and formalisms to help organizations understand the mission risks they face from cyber attacks. Modeling an organization's mission vulnerability to cyber attacks requires a description of the IT infrastructure (network model), the organization mission (business model), and how the mission relies on IT resources (correlation model). With this information, proper analysis can show which cyber resources are of tactical importance in a cyber attack, i.e., controlling them enables a large range of cyber attacks. Such analysis also reveals which IT resources contribute most to the organization's mission, i.e., lack of control over them gravely affects the mission. These results can then be used to formulate IT security strategies and explore their trade-offs, which leads to better incident response. This paper presents our methodology for encoding IT infrastructure, organization mission and correlations, our analysis framework, as well as initial experimental results and conclusions.

Multinational Experiment 7. Outcome 3 - Cyber Domain Objective 3.4: Cyber Situational Awareness Standard Operating Procedure

DTIC Science & Technology

2012-12-01

and activity coordination (for example, SOC management ). 10. In Reference D the information sharing framework represents a hub & node model in... management , vulnerabilities, critical assets, threats, impacts on operations etc. UNCLASSIFIED UNCLASSIFIED 6 PART 3 - CYBER SITUATIONAL AWARENESS...limit the effect of cyber incidents. 23. Tasks of the SOC include: • System maintenance and management including applying the directed security

The system of technical diagnostics of the industrial safety information network

NASA Astrophysics Data System (ADS)

Repp, P. V.

2017-01-01

This research is devoted to problems of safety of the industrial information network. Basic sub-networks, ensuring reliable operation of the elements of the industrial Automatic Process Control System, were identified. The core tasks of technical diagnostics of industrial information safety were presented. The structure of the technical diagnostics system of the information safety was proposed. It includes two parts: a generator of cyber-attacks and the virtual model of the enterprise information network. The virtual model was obtained by scanning a real enterprise network. A new classification of cyber-attacks was proposed. This classification enables one to design an efficient generator of cyber-attacks sets for testing the virtual modes of the industrial information network. The numerical method of the Monte Carlo (with LPτ - sequences of Sobol), and Markov chain was considered as the design method for the cyber-attacks generation algorithm. The proposed system also includes a diagnostic analyzer, performing expert functions. As an integrative quantitative indicator of the network reliability the stability factor (Kstab) was selected. This factor is determined by the weight of sets of cyber-attacks, identifying the vulnerability of the network. The weight depends on the frequency and complexity of cyber-attacks, the degree of damage, complexity of remediation. The proposed Kstab is an effective integral quantitative measure of the information network reliability.

Effects of traditional and cyber homophobic bullying in childhood on depression, anxiety, and physical pain in emerging adulthood and the moderating effects of social support among gay and bisexual men in Taiwan

PubMed Central

Wang, Chien-Chuan; Lin, Huang-Chi; Chen, Mu-Hong; Ko, Nai-Ying; Chang, Yu-Ping; Lin, I-Mei; Yen, Cheng-Fang

2018-01-01

Objective This study examined the differences in the current levels of depression, anxiety, and physical pain in emerging adulthood among gay and bisexual men with various experiences of traditional and cyber homophobic bullying based on gender role nonconformity and sexual orientation and the moderating effects of family and peer support. Methods A total of 500 gay or bisexual men (age 20–25 years) in Taiwan were recruited from August 2015 to July 2017. The levels of depression, anxiety, and physical pain among gay or bisexual men who had experienced both traditional and cyber homophobic bullying (n=109), only traditional or cyber bullying (n=173), and neither traditional nor cyber bullying during childhood (n=218) were compared. The moderating effects of family and peer support on the effects of homophobic bullying victimization on depression, anxiety, and physical pain were also examined. Results Victims of any type of homophobic bullying in childhood had more severe depression, anxiety, and physical pain in emerging adulthood than nonvictims. Victims of both traditional and cyber homophobic bullying had more severe anxiety in adulthood than victims of only traditional or cyber homophobic bullying. Family but not peer support in childhood moderated the effects of homophobic bullying victimization on current levels of anxiety and physical pain in emerging adulthood among gay and bisexual men. Conclusion The results of the present study support that early prevention and intervention for homophobic bullying and enhancement of family support are essential to reduce mental health problems in emergent adults among gay and bisexual men. PMID:29872298

Effects of traditional and cyber homophobic bullying in childhood on depression, anxiety, and physical pain in emerging adulthood and the moderating effects of social support among gay and bisexual men in Taiwan.

PubMed

Wang, Chien-Chuan; Lin, Huang-Chi; Chen, Mu-Hong; Ko, Nai-Ying; Chang, Yu-Ping; Lin, I-Mei; Yen, Cheng-Fang

2018-01-01

This study examined the differences in the current levels of depression, anxiety, and physical pain in emerging adulthood among gay and bisexual men with various experiences of traditional and cyber homophobic bullying based on gender role nonconformity and sexual orientation and the moderating effects of family and peer support. A total of 500 gay or bisexual men (age 20-25 years) in Taiwan were recruited from August 2015 to July 2017. The levels of depression, anxiety, and physical pain among gay or bisexual men who had experienced both traditional and cyber homophobic bullying (n=109), only traditional or cyber bullying (n=173), and neither traditional nor cyber bullying during childhood (n=218) were compared. The moderating effects of family and peer support on the effects of homophobic bullying victimization on depression, anxiety, and physical pain were also examined. Victims of any type of homophobic bullying in childhood had more severe depression, anxiety, and physical pain in emerging adulthood than nonvictims. Victims of both traditional and cyber homophobic bullying had more severe anxiety in adulthood than victims of only traditional or cyber homophobic bullying. Family but not peer support in childhood moderated the effects of homophobic bullying victimization on current levels of anxiety and physical pain in emerging adulthood among gay and bisexual men. The results of the present study support that early prevention and intervention for homophobic bullying and enhancement of family support are essential to reduce mental health problems in emergent adults among gay and bisexual men.

Cyber Forensics and Security as an ABET-CAC Accreditable Program

ERIC Educational Resources Information Center

Wood, David F.; Kohun, Frederick G.; Ali, Azad; Paullet, Karen; Davis, Gary A.

2010-01-01

This paper frames the recent ABET accreditation model with respect to the balance between IS programs and innovation. With the current relaxation of the content of the information systems requirement by ABET, it is possible to include innovation into the accreditation umbrella. To this extent this paper provides a curricular model that provides…

Cyber Warfare as a Form of Conflict: Evaluation of Models of Cyber Conflict as a Prototype to Conceptual Analysis

ERIC Educational Resources Information Center

Liles, Samuel P.

2012-01-01

In April 2007, what has been incorrectly called the first cyber war and since then referred more correctly as a cyber riot, an attack on the domain name systems and the various servers of Estonia occurred. It was perpetrated by ethnic Russians living in Estonia who were incensed by the movement of a bronze war memorial for Russian soldiers to a…

The past, present and future of cyber-physical systems: a focus on models.

PubMed

Lee, Edward A

2015-02-26

This paper is about better engineering of cyber-physical systems (CPSs) through better models. Deterministic models have historically proven extremely useful and arguably form the kingpin of the industrial revolution and the digital and information technology revolutions. Key deterministic models that have proven successful include differential equations, synchronous digital logic and single-threaded imperative programs. Cyber-physical systems, however, combine these models in such a way that determinism is not preserved. Two projects show that deterministic CPS models with faithful physical realizations are possible and practical. The first project is PRET, which shows that the timing precision of synchronous digital logic can be practically made available at the software level of abstraction. The second project is Ptides (programming temporally-integrated distributed embedded systems), which shows that deterministic models for distributed cyber-physical systems have practical faithful realizations. These projects are existence proofs that deterministic CPS models are possible and practical.

The Past, Present and Future of Cyber-Physical Systems: A Focus on Models

PubMed Central

Lee, Edward A.

2015-01-01

This paper is about better engineering of cyber-physical systems (CPSs) through better models. Deterministic models have historically proven extremely useful and arguably form the kingpin of the industrial revolution and the digital and information technology revolutions. Key deterministic models that have proven successful include differential equations, synchronous digital logic and single-threaded imperative programs. Cyber-physical systems, however, combine these models in such a way that determinism is not preserved. Two projects show that deterministic CPS models with faithful physical realizations are possible and practical. The first project is PRET, which shows that the timing precision of synchronous digital logic can be practically made available at the software level of abstraction. The second project is Ptides (programming temporally-integrated distributed embedded systems), which shows that deterministic models for distributed cyber-physical systems have practical faithful realizations. These projects are existence proofs that deterministic CPS models are possible and practical. PMID:25730486

Cyber-physical approach to the network-centric robotics control task

NASA Astrophysics Data System (ADS)

Muliukha, Vladimir; Ilyashenko, Alexander; Zaborovsky, Vladimir; Lukashin, Alexey

2016-10-01

Complex engineering tasks concerning control for groups of mobile robots are developed poorly. In our work for their formalization we use cyber-physical approach, which extends the range of engineering and physical methods for a design of complex technical objects by researching the informational aspects of communication and interaction between objects and with an external environment [1]. The paper analyzes network-centric methods for control of cyber-physical objects. Robots or cyber-physical objects interact with each other by transmitting information via computer networks using preemptive queueing system and randomized push-out mechanism [2],[3]. The main field of application for the results of our work is space robotics. The selection of cyber-physical systems as a special class of designed objects is due to the necessity of integrating various components responsible for computing, communications and control processes. Network-centric solutions allow using universal means for the organization of information exchange to integrate different technologies for the control system.

Cyber-Physical Human Systems: Putting People in the Loop.

PubMed

Sowe, Sulayman K; Zettsu, Koji; Simmon, Eric; de Vaulx, Frederic; Bojanova, Irena

2016-01-01

This article outlines the challenge to understand how to integrate people into a new generation of cyber-physical-human systems (CPHSs) and proposes a human service capability description model to help.

An Ontology for Identifying Cyber Intrusion Induced Faults in Process Control Systems

NASA Astrophysics Data System (ADS)

Hieb, Jeffrey; Graham, James; Guan, Jian

This paper presents an ontological framework that permits formal representations of process control systems, including elements of the process being controlled and the control system itself. A fault diagnosis algorithm based on the ontological model is also presented. The algorithm can identify traditional process elements as well as control system elements (e.g., IP network and SCADA protocol) as fault sources. When these elements are identified as a likely fault source, the possibility exists that the process fault is induced by a cyber intrusion. A laboratory-scale distillation column is used to illustrate the model and the algorithm. Coupled with a well-defined statistical process model, this fault diagnosis approach provides cyber security enhanced fault diagnosis information to plant operators and can help identify that a cyber attack is underway before a major process failure is experienced.

Feasibility Study on Applying Radiophotoluminescent Glass Dosimeters for CyberKnife SRS Dose Verification

PubMed Central

Hsu, Shih-Ming; Hung, Chao-Hsiung; Liao, Yi-Jen; Fu, Hsiao-Mei; Tsai, Jo-Ting

2017-01-01

CyberKnife is one of multiple modalities for stereotactic radiosurgery (SRS). Due to the nature of CyberKnife and the characteristics of SRS, dose evaluation of the CyberKnife procedure is critical. A radiophotoluminescent glass dosimeter was used to verify the dose accuracy for the CyberKnife procedure and validate a viable dose verification system for CyberKnife treatment. A radiophotoluminescent glass dosimeter, thermoluminescent dosimeter, and Kodak EDR2 film were used to measure the lateral dose profile and percent depth dose of CyberKnife. A Monte Carlo simulation for dose verification was performed using BEAMnrc to verify the measured results. This study also used a radiophotoluminescent glass dosimeter coupled with an anthropomorphic phantom to evaluate the accuracy of the dose given by CyberKnife. Measurements from the radiophotoluminescent glass dosimeter were compared with the results of a thermoluminescent dosimeter and EDR2 film, and the differences found were less than 5%. The radiophotoluminescent glass dosimeter has some advantages in terms of dose measurements over CyberKnife, such as repeatability, stability, and small effective size. These advantages make radiophotoluminescent glass dosimeters a potential candidate dosimeter for the CyberKnife procedure. This study concludes that radiophotoluminescent glass dosimeters are a promising and reliable dosimeter for CyberKnife dose verification with clinically acceptable accuracy within 5%. PMID:28046056

Cyber and the American Way of War

DTIC Science & Technology

2015-04-13

perfect fit in the American way of war, cyber’s uniqueness will challenge the current American way of war. To operate effectively in war that includes...Counter Terrorism Reference Center. 36 Danzig, Richard J. Surviving on a Diet of Poisoned Fruit: Reducing the National Security Risks of America’s

Towards A Taxonomy Of Attacks Against Energy Control Systems

NASA Astrophysics Data System (ADS)

Fleury, Terry; Khurana, Himanshu; Welch, Von

Control systems in the energy sector (e.g., supervisory control and data acquisition (SCADA) systems) involve a hierarchy of sensing, monitoring and control devices connected to centralized control stations or centers. The incorporation of commercial off-the-shelf technologies in energy control systems makes them vulnerable to cyber attacks. A taxonomy of cyber attacks against control systems can assist the energy sector in managing the cyber threat. This paper takes the first step towards a taxonomy by presenting a comprehensive model of attacks, vulnerabilities and damage related to control systems. The model is populated based on a survey of the technical literature from industry, academia and national laboratories.

Leaks in the National Information Infrastructure Dam: Who Should Protect It?

DTIC Science & Technology

2004-04-01

have paid off cyber criminals who threatened to attack their computer systems and destroy their data unless a ‘ransom’ was paid. These cyber...sharing information with law enforcement and appropriate industry groups will we be able to identify and prosecute cyber criminals , identify new

Design of Hack-Resistant Diabetes Devices and Disclosure of Their Cyber Safety.

PubMed

Sackner-Bernstein, Jonathan

2017-03-01

The focus of the medical device industry and regulatory bodies on cyber security parallels that in other industries, primarily on risk assessment and user education as well as the recognition and response to infiltration. However, transparency of the safety of marketed devices is lacking and developers are not embracing optimal design practices with new devices. Achieving cyber safe diabetes devices: To improve understanding of cyber safety by clinicians and patients, and inform decision making on use practices of medical devices requires disclosure by device manufacturers of the results of their cyber security testing. Furthermore, developers should immediately shift their design processes to deliver better cyber safety, exemplified by use of state of the art encryption, secure operating systems, and memory protections from malware.

Improving Cyber-Security of Smart Grid Systems via Anomaly Detection and Linguistic Domain Knowledge

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ondrej Linda; Todd Vollmer; Milos Manic

The planned large scale deployment of smart grid network devices will generate a large amount of information exchanged over various types of communication networks. The implementation of these critical systems will require appropriate cyber-security measures. A network anomaly detection solution is considered in this work. In common network architectures multiple communications streams are simultaneously present, making it difficult to build an anomaly detection solution for the entire system. In addition, common anomaly detection algorithms require specification of a sensitivity threshold, which inevitably leads to a tradeoff between false positives and false negatives rates. In order to alleviate these issues, thismore » paper proposes a novel anomaly detection architecture. The designed system applies the previously developed network security cyber-sensor method to individual selected communication streams allowing for learning accurate normal network behavior models. Furthermore, the developed system dynamically adjusts the sensitivity threshold of each anomaly detection algorithm based on domain knowledge about the specific network system. It is proposed to model this domain knowledge using Interval Type-2 Fuzzy Logic rules, which linguistically describe the relationship between various features of the network communication and the possibility of a cyber attack. The proposed method was tested on experimental smart grid system demonstrating enhanced cyber-security.« less

RFID as a Tool in Cyber Warfare

DTIC Science & Technology

2010-11-01

RTO-MP-IST-091 P4 - 1 RFID as a Tool in Cyber Warfare Mikko Kiviharju P.O.Box 10 FIN-11311 Riihimaki FINLAND mikko.kiviharju@mil.fi...auditing existing systems and planning new establishments. 1 INTRODUCTION Cyber warfare , especially computer network operations (CNO) have a deep...SUBTITLE RFID as a Tool in Cyber Warfare 5a. CONTRACT NUMBER 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 6. AUTHOR(S) 5d. PROJECT NUMBER 5e. TASK

An analytic approach to cyber adversarial dynamics

NASA Astrophysics Data System (ADS)

Sweeney, Patrick; Cybenko, George

2012-06-01

To date, cyber security investment by both the government and commercial sectors has been largely driven by the myopic best response of players to the actions of their adversaries and their perception of the adversarial environment. However, current work in applying traditional game theory to cyber operations typically assumes that games exist with prescribed moves, strategies, and payos. This paper presents an analytic approach to characterizing the more realistic cyber adversarial metagame that we believe is being played. Examples show that understanding the dynamic metagame provides opportunities to exploit an adversary's anticipated attack strategy. A dynamic version of a graph-based attack-defend game is introduced, and a simulation shows how an optimal strategy can be selected for success in the dynamic environment.

Identification of Successive ``Unobservable'' Cyber Data Attacks in Power Systems Through Matrix Decomposition

NASA Astrophysics Data System (ADS)

Gao, Pengzhi; Wang, Meng; Chow, Joe H.; Ghiocel, Scott G.; Fardanesh, Bruce; Stefopoulos, George; Razanousky, Michael P.

2016-11-01

This paper presents a new framework of identifying a series of cyber data attacks on power system synchrophasor measurements. We focus on detecting "unobservable" cyber data attacks that cannot be detected by any existing method that purely relies on measurements received at one time instant. Leveraging the approximate low-rank property of phasor measurement unit (PMU) data, we formulate the identification problem of successive unobservable cyber attacks as a matrix decomposition problem of a low-rank matrix plus a transformed column-sparse matrix. We propose a convex-optimization-based method and provide its theoretical guarantee in the data identification. Numerical experiments on actual PMU data from the Central New York power system and synthetic data are conducted to verify the effectiveness of the proposed method.

Mapping developmental precursors of cyber-aggression: trajectories of risk predict perpetration and victimization.

PubMed

Modecki, Kathryn L; Barber, Bonnie L; Vernon, Lynette; Vernon, Lynnette

2013-05-01

Technologically mediated contexts are social arenas in which adolescents can be both perpetrators and victims of aggression. Yet, there remains little understanding of the developmental etiology of cyber aggression, itself, as experienced by either perpetrators or victims. The current study examines 3-year latent within-person trajectories of known correlates of cyber-aggression: problem behavior, (low) self-esteem, and depressed mood, in a large and diverse sample of youth (N = 1,364; 54.6% female; 12-14 years old at T1). Findings demonstrate that developmental increases in problem behavior across grades 8-10 predict both cyber-perpetration and victimization in grade 11. Developmental decreases in self-esteem also predicted both grade 11 perpetration and victimization. Finally, early depressed mood predicted both perpetration and victimization later on, regardless of developmental change in depressed mood in the interim. Our results reveal a clear link between risky developmental trajectories across the early high school years and later cyber-aggression and imply that mitigating trajectories of risk early on may lead to decreases in cyber-aggression at a later date.

Cyber security issues in online games

NASA Astrophysics Data System (ADS)

Zhao, Chen

2018-04-01

With the rapid development of the Internet, online gaming has become a way of entertainment for many young people in the modern era. However, in recent years, cyber security issues in online games have emerged in an endless stream, which have also caused great attention of many game operators. Common cyber security problems in the game include information disclosure and cyber-attacks. These problems will directly or indirectly cause economic losses to gamers. Many gaming companies are enhancing the stability and security of their network or gaming systems in order to enhance the gaming user experience. This article has carried out the research of the cyber security issues in online games by introducing the background and some common cyber security threats, and by proposing the latent solution. Finally, it speculates the future research direction of the cyber security issues of online games in the hope of providing feasible solution and useful information for game operators.

Mission Assurance Modeling and Simulation: A Cyber Security Roadmap

NASA Technical Reports Server (NTRS)

Gendron, Gerald; Roberts, David; Poole, Donold; Aquino, Anna

2012-01-01

This paper proposes a cyber security modeling and simulation roadmap to enhance mission assurance governance and establish risk reduction processes within constrained budgets. The term mission assurance stems from risk management work by Carnegie Mellon's Software Engineering Institute in the late 19905. By 2010, the Defense Information Systems Agency revised its cyber strategy and established the Program Executive Officer-Mission Assurance. This highlights a shift from simply protecting data to balancing risk and begins a necessary dialogue to establish a cyber security roadmap. The Military Operations Research Society has recommended a cyber community of practice, recognizing there are too few professionals having both cyber and analytic experience. The authors characterize the limited body of knowledge in this symbiotic relationship. This paper identifies operational and research requirements for mission assurance M&S supporting defense and homeland security. M&S techniques are needed for enterprise oversight of cyber investments, test and evaluation, policy, training, and analysis.

CPAD: Cyber-Physical Attack Detection

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ferragut, Erik M; Laska, Jason A

The CPAD technology relates to anomaly detection and more specifically to cyber physical attack detection. It infers underlying physical relationships between components by analyzing the sensor measurements of a system. It then uses these measurements to detect signs of a non-physically realizable state, which is indicative of an integrity attack on the system. CPAD can be used on any highly-instrumented cyber-physical system to detect integrity attacks and identify the component or components compromised. It has applications to power transmission and distribution, nuclear and industrial plants, and complex vehicles.

Emulytics for Cyber-Enabled Physical Attack Scenarios: Interim LDRD Report of Year One Results.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Clem, John; Urias, Vincent; Atkins, William Dee

Sandia National Laboratories has funded the research and development of a new capability to interactively explore the effects of cyber exploits on the performance of physical protection systems. This informal, interim report of progress summarizes the project’s basis and year one (of two) accomplishments. It includes descriptions of confirmed cyber exploits against a representative testbed protection system and details the development of an emulytics capability to support live, virtual, and constructive experiments. This work will support stakeholders to better engineer, operate, and maintain reliable protection systems.

Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture

DOEpatents

Muller, George; Perkins, Casey J.; Lancaster, Mary J.; MacDonald, Douglas G.; Clements, Samuel L.; Hutton, William J.; Patrick, Scott W.; Key, Bradley Robert

2015-07-28

Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture are described. According to one aspect, a computer-implemented security evaluation method includes accessing information regarding a physical architecture and a cyber architecture of a facility, building a model of the facility comprising a plurality of physical areas of the physical architecture, a plurality of cyber areas of the cyber architecture, and a plurality of pathways between the physical areas and the cyber areas, identifying a target within the facility, executing the model a plurality of times to simulate a plurality of attacks against the target by an adversary traversing at least one of the areas in the physical domain and at least one of the areas in the cyber domain, and using results of the executing, providing information regarding a security risk of the facility with respect to the target.

Command and Control, Cyber, Communications, Intelligence, Surveillance and Reconnaissance (CRISR) and Cyber Tactical Measures

DTIC Science & Technology

2016-09-01

between U.S. bases and the theater of operations. • Cyber Attack capabilities designed to disrupt U.S. command and control systems and critical...operational area. Key area-denial capabilities include: • Air forces and air defense systems, both fixed and mobile, designed to deny local U.S. air...Precision-guided rockets, artillery, missiles, and mortars (G-RAMM) designed to attack surface targets, including landing forces, with much greater accuracy

3 CFR 13652 - Executive Order 13652 of September 30, 2013. Continuance of Certain Federal Advisory Committees

Code of Federal Regulations, 2014 CFR

2014-01-01

... sectors and their functional systems, physical assets, and cyber networks. “(a) Membership. The NIAC shall... critical infrastructure and their supporting functional systems, physical assets, and cyber networks, and...

Fuzzy Logic Based Anomaly Detection for Embedded Network Security Cyber Sensor

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ondrej Linda; Todd Vollmer; Jason Wright

Resiliency and security in critical infrastructure control systems in the modern world of cyber terrorism constitute a relevant concern. Developing a network security system specifically tailored to the requirements of such critical assets is of a primary importance. This paper proposes a novel learning algorithm for anomaly based network security cyber sensor together with its hardware implementation. The presented learning algorithm constructs a fuzzy logic rule based model of normal network behavior. Individual fuzzy rules are extracted directly from the stream of incoming packets using an online clustering algorithm. This learning algorithm was specifically developed to comply with the constrainedmore » computational requirements of low-cost embedded network security cyber sensors. The performance of the system was evaluated on a set of network data recorded from an experimental test-bed mimicking the environment of a critical infrastructure control system.« less

Security Hardened Cyber Components for Nuclear Power Plants: Phase I SBIR Final Technical Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Franusich, Michael D.

SpiralGen, Inc. built a proof-of-concept toolkit for enhancing the cyber security of nuclear power plants and other critical infrastructure with high-assurance instrumentation and control code. The toolkit is based on technology from the DARPA High-Assurance Cyber Military Systems (HACMS) program, which has focused on applying the science of formal methods to the formidable set of problems involved in securing cyber physical systems. The primary challenges beyond HACMS in developing this toolkit were to make the new technology usable by control system engineers and compatible with the regulatory and commercial constraints of the nuclear power industry. The toolkit, packaged as amore » Simulink add-on, allows a system designer to assemble a high-assurance component from formally specified and proven blocks and generate provably correct control and monitor code for that subsystem.« less

Cyber physical systems role in manufacturing technologies

NASA Astrophysics Data System (ADS)

Al-Ali, A. R.; Gupta, Ragini; Nabulsi, Ahmad Al

2018-04-01

Empowered by the recent development in single System-on-Chip, Internet of Things, and cloud computing technologies, cyber physical systems are evolving as a major controller during and post the manufacturing products process. In additional to their real physical space, cyber products nowadays have a virtual space. A product virtual space is a digital twin that is attached to it to enable manufacturers and their clients to better manufacture, monitor, maintain and operate it throughout its life time cycles, i.e. from the product manufacturing date, through operation and to the end of its lifespan. Each product is equipped with a tiny microcontroller that has a unique identification number, access code and WiFi conductivity to access it anytime and anywhere during its life cycle. This paper presents the cyber physical systems architecture and its role in manufacturing. Also, it highlights the role of Internet of Things and cloud computing in industrial manufacturing and factory automation.

Human-Technology Centric In Cyber Security Maintenance For Digital Transformation Era

NASA Astrophysics Data System (ADS)

Ali, Firkhan Ali Bin Hamid; Zalisham Jali, Mohd, Dr

2018-05-01

The development of the digital transformation in the organizations has become more expanding in these present and future years. This is because of the active demand to use the ICT services among all the organizations whether in the government agencies or private sectors. While digital transformation has led manufacturers to incorporate sensors and software analytics into their offerings, the same innovation has also brought pressure to offer clients more accommodating appliance deployment options. So, their needs a well plan to implement the cyber infrastructures and equipment. The cyber security play important role to ensure that the ICT components or infrastructures execute well along the organization’s business successful. This paper will present a study of security management models to guideline the security maintenance on existing cyber infrastructures. In order to perform security model for the currently existing cyber infrastructures, combination of the some security workforces and security process of extracting the security maintenance in cyber infrastructures. In the assessment, the focused on the cyber security maintenance within security models in cyber infrastructures and presented a way for the theoretical and practical analysis based on the selected security management models. Then, the proposed model does evaluation for the analysis which can be used to obtain insights into the configuration and to specify desired and undesired configurations. The implemented cyber security maintenance within security management model in a prototype and evaluated it for practical and theoretical scenarios. Furthermore, a framework model is presented which allows the evaluation of configuration changes in the agile and dynamic cyber infrastructure environments with regard to properties like vulnerabilities or expected availability. In case of a security perspective, this evaluation can be used to monitor the security levels of the configuration over its lifetime and to indicate degradations.

75 FR 76041 - Notice; Applications and Amendments to Facility Operating Licenses Involving Proposed No...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-07

... 73.54 are implemented in order to identify, evaluate, and mitigate cyber attacks up to and including... communications systems and networks are protected from cyber attacks. The proposed change requiring the... 10 CFR 73.54 Rule are protected from cyber attacks and has no impact on the probability or...

The game-theoretic national interstate economic model : an integrated framework to quantify the economic impacts of cyber-terrorist behavior.

DOT National Transportation Integrated Search

2014-12-01

This study suggests an integrated framework to quantify cyber attack impacts on the U.S. airport security system. A cyber attack by terrorists on the U.S. involves complex : strategic behavior by the terrorists because they could plan to invade an ai...

75 FR 65618 - Commission Information Collection Activities (FERC-725B); Comment Request; Extension

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-26

... requirements to safeguard critical cyber assets.\\4\\ These standards help protect the nation's Bulk-Power System against potential disruptions from cyber attacks.\\5\\ \\3\\ CIP-002-1, CIP-003-1, CIP-004-1, CIP-005-1, CIP... Cyber Asset Identification. Security Management Controls. Personnel and Training. Electronic Security...

75 FR 62592 - Applications and Amendments to Facility Operating Licenses Involving Proposed No Significant...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-12

... Operating Licenses include: (1) The proposed Cyber Security Plan for CCNPP, Ginna, and NMPNS, (2) an... provisions of the Nuclear Regulatory Commission-approved Cyber Security Plan for CCNPP, Ginna, and NMPNS as... Communication Systems and Networks,'' establish the requirements for a cyber security program. This regulation...

Developing the Cyber Defenders of Tomorrow with Regional Collegiate Cyber Defense Competitions (CCDC)

ERIC Educational Resources Information Center

Carlin, Anna; Manson, Daniel P.; Zhu, Jake

2010-01-01

With the projected higher demand for Network Systems Analysts and increasing computer crime, network security specialists are an organization's first line of defense. The principle function of this paper is to provide the evolution of Collegiate Cyber Defense Competitions (CCDC), event planning required, soliciting sponsors, recruiting personnel…

High Assurance Control of Cyber-Physical Systems with Application to Unmanned Aircraft Systems

NASA Astrophysics Data System (ADS)

Kwon, Cheolhyeon

With recent progress in the networked embedded control technology, cyber attacks have become one of the major threats to Cyber-Physical Systems (CPSs) due to their close integration of physical processes, computational resources, and communication capabilities. While CPSs have various applications in both military and civilian uses, their on-board automation and communication afford significant advantages over a system without such abilities, but these benefits come at the cost of possible vulnerability to cyber attacks. Traditionally, most cyber security studies in CPSs are mainly based on the computer security perspective, focusing on issues such as the trustworthiness of data flow, without rigorously considering the system's physical processes such as real-time dynamic behaviors. While computer security components are key elements in the hardware/software layer, these methods alone are not sufficient for diagnosing the healthiness of the CPSs' physical behavior. In seeking to address this problem, this research work proposes a control theoretic perspective approach which can accurately represent the interactions between the physical behavior and the logical behavior (computing resources) of the CPS. Then a controls domain aspect is explored extending beyond just the logical process of the CPS to include the underlying physical behavior. This approach will allow the CPS whose physical operations are robust/resilient to the damage caused by cyber attacks, successfully complementing the existing CPS security architecture. It is important to note that traditional fault-tolerant/robust control methods could not be directly applicable to achieve resiliency against malicious cyber attacks which can be designed sophisticatedly to spoof the security/safety monitoring system (note this is different from common faults). Thus, security issues at this layer require different risk management to detect cyber attacks and mitigate their impact within the context of a unified physical and logical process model of the CPS. Specifically, three main tasks are discussed in this presentation: (i) we first investigate diverse granularity of the interactions inside the CPS and propose feasible cyber attack models to characterize the compromised behavior of the CPS with various measures, from its severity to detectability; (ii) based on this risk information, our approach to securing the CPS addresses both monitoring of and high assurance control design against cyber attacks by developing on-line safety assessment and mitigation algorithms; and (iii) by extending the developed theories and methods from a single CPS to multiple CPSs, we examine the security and safety of multi-CPS network that are strongly dependent on the network topology, cooperation protocols between individual CPSs, etc. The effectiveness of the analytical findings is demonstrated and validated with illustrative examples, especially unmanned aircraft system (UAS) applications.

Design of Hack-Resistant Diabetes Devices and Disclosure of Their Cyber Safety

PubMed Central

Sackner-Bernstein, Jonathan

2017-01-01

Background: The focus of the medical device industry and regulatory bodies on cyber security parallels that in other industries, primarily on risk assessment and user education as well as the recognition and response to infiltration. However, transparency of the safety of marketed devices is lacking and developers are not embracing optimal design practices with new devices. Achieving cyber safe diabetes devices: To improve understanding of cyber safety by clinicians and patients, and inform decision making on use practices of medical devices requires disclosure by device manufacturers of the results of their cyber security testing. Furthermore, developers should immediately shift their design processes to deliver better cyber safety, exemplified by use of state of the art encryption, secure operating systems, and memory protections from malware. PMID:27837161

Network Intrusion Detection and Visualization using Aggregations in a Cyber Security Data Warehouse

DOE Office of Scientific and Technical Information (OSTI.GOV)

Czejdo, Bogdan; Ferragut, Erik M; Goodall, John R

2012-01-01

The challenge of achieving situational understanding is a limiting factor in effective, timely, and adaptive cyber-security analysis. Anomaly detection fills a critical role in network assessment and trend analysis, both of which underlie the establishment of comprehensive situational understanding. To that end, we propose a cyber security data warehouse implemented as a hierarchical graph of aggregations that captures anomalies at multiple scales. Each node of our pro-posed graph is a summarization table of cyber event aggregations, and the edges are aggregation operators. The cyber security data warehouse enables domain experts to quickly traverse a multi-scale aggregation space systematically. We describemore » the architecture of a test bed system and a summary of results on the IEEE VAST 2012 Cyber Forensics data.« less

CrossTalk. The Journal of Defense Software Engineering. Volume 27, Number 2. March/April 2014

DTIC Science & Technology

2014-04-01

Consequently, it is no wonder that we subconsciously and consciously expect that same level of consistency to hold in the cyber domains, though...including: cyber defense, synthetic biology, advanced design tools, AI learning, and quantum compilers. He is currently a co-PI for a DARPA-funded

Understanding and Responding to Adolescent Girls' Online Cruelty

ERIC Educational Resources Information Center

Sokal, Laura

2012-01-01

Many school counsellors have identified "cyber-bullying" among adolescent girls as a growing concern. In order to respond to this issue, this article begins with a new model of cyber-communications from the unique perspective of adolescent girls. Next, it explores the limitations of responding to this model, based on current understandings of…

Mapping Developmental Precursors of Cyber-Aggression: Trajectories of Risk Predict Perpetration and Victimization

ERIC Educational Resources Information Center

Modecki, Kathryn L.; Barber, Bonnie L.; Vernon, Lynnette

2013-01-01

Technologically mediated contexts are social arenas in which adolescents can be both perpetrators and victims of aggression. Yet, there remains little understanding of the developmental etiology of cyber aggression, itself, as experienced by either perpetrators or victims. The current study examines 3-year latent within-person trajectories of…

Computer program for prediction of capture maneuver probability for an on-off reaction controlled upper stage

NASA Technical Reports Server (NTRS)

Knauber, R. N.

1982-01-01

A FORTRAN coded computer program which computes the capture transient of a launch vehicle upper stage at the ignition and/or separation event is presented. It is for a single degree-of-freedom on-off reaction jet attitude control system. The Monte Carlo method is used to determine the statistical value of key parameters at the outcome of the event. Aerodynamic and booster induced disturbances, vehicle and control system characteristics, and initial conditions are treated as random variables. By appropriate selection of input data pitch, yaw and roll axes can be analyzed. Transient response of a single deterministic case can be computed. The program is currently set up on a CDC CYBER 175 computer system but is compatible with ANSI FORTRAN computer language. This routine has been used over the past fifteen (15) years for the SCOUT Launch Vehicle and has been run on RECOMP III, IBM 7090, IBM 360/370, CDC6600 and CDC CYBER 175 computers with little modification.

The Emergence of Dominant Design(s) in Large Scale Cyber-Infrastructure Systems

ERIC Educational Resources Information Center

Diamanti, Eirini Ilana

2012-01-01

Cyber-infrastructure systems are integrated large-scale IT systems designed with the goal of transforming scientific practice by enabling multi-disciplinary, cross-institutional collaboration. Their large scale and socio-technical complexity make design decisions for their underlying architecture practically irreversible. Drawing on three…

Cyber Friendly Fire

DOE Office of Scientific and Technical Information (OSTI.GOV)

Greitzer, Frank L.; Carroll, Thomas E.; Roberts, Adam D.

Cyber friendly fire (FF) is a new concept that has been brought to the attention of Department of Defense (DoD) stakeholders through two workshops that were planned and conducted by the Air Force Research Laboratory (AFRL) and research conducted for AFRL by the Pacific Northwest National Laboratory. With this previous work in mind, we offer a definition of cyber FF as intentional offensive or defensive cyber/electronic actions intended to protect cyber systems against enemy forces or to attack enemy cyber systems, which unintentionally harms the mission effectiveness of friendly or neutral forces. Just as with combat friendly fire, a fundamentalmore » need in avoiding cyber FF is to maintain situation awareness (SA). We suggest that cyber SA concerns knowledge of a system's topology (connectedness and relationships of the nodes in a system), and critical knowledge elements such as the characteristics and vulnerabilities of the components that comprise the system (and that populate the nodes), the nature of the activities or work performed, and the available defensive (and offensive) countermeasures that may be applied to thwart network attacks. A training implication is to raise awareness and understanding of these critical knowledge units; an approach to decision aids and/or visualizations is to focus on supporting these critical knowledge units. To study cyber FF, we developed an unclassified security test range comprising a combination of virtual and physical devices that present a closed network for testing, simulation, and evaluation. This network offers services found on a production network without the associated costs of a real production network. Containing enough detail to appear realistic, this virtual and physical environment can be customized to represent different configurations. For our purposes, the test range was configured to appear as an Internet-connected Managed Service Provider (MSP) offering specialized web applications to the general public. The network is essentially divided into a production component that hosts the web and network services, and a user component that hosts thirty employee workstations and other end devices. The organization's network is separated from the Internet by a Cisco ASA network security device that both firewalls and detects intrusions. Business sensitive information is stored in various servers. This includes data comprising thousands of internal documents, such as finance and technical designs, email messages for the organization's employees including the CEO, CFO, and CIO, the organization's source code, and Personally Identifiable client data. Release of any of this information to unauthorized parties would have a significant, detrimental impact on the organization's reputation, which would harm earnings. The valuable information stored in these servers pose obvious points of interest for an adversary. We constructed several scenarios around this environment to support studies in cyber SA and cyber FF that may be run in the test range. We describe mitigation strategies to combat cyber FF including both training concepts and suggestions for decision aids and visualization approaches. Finally, we discuss possible future research directions.« less

Longitudinal predictors of cyber and traditional bullying perpetration in Australian secondary school students

PubMed Central

Hemphill, Sheryl A.; Kotevski, Aneta; Tollit, Michelle; Smith, Rachel; Herrenkohl, Todd I.; Toumbourou, John W.; Catalano, Richard F.

2013-01-01

Purpose Cyber bullying perpetration (using communication technology to engage in bullying) is a recent phenomenon that has generated much concern. There are few prospective longitudinal studies of cyber bullying. The current paper examines the individual, peer, family and school risk factors for both cyber and traditional bullying (the latter is bullying that does not utilize technology) in adolescents. Methods This paper draws on a rich data set from the International Youth Development Study, a longitudinal study of students in Victoria, Australia and Washington State, United States, which began in 2002. In this paper, data from almost 700 Victorian students recruited in Grade 5 is analyzed to examine Grade 7 (aged 12-13 years) predictors of traditional and cyber bullying perpetration in Grade 9 (aged 14-15 years). Results Fifteen per cent of students engaged in cyber bullying, 21% in traditional bullying and 7% in both. There are similarities and important differences in the predictors of cyber and traditional bullying. In the fully adjusted model, only prior engagement in relational aggression (a covert form of bullying such as spreading rumors about another student) predicted cyber bullying perpetration. For traditional bullying, previous relational aggression was also predictive, as was having been a victim and perpetrator of traditional bullying, family conflict, and academic failure. Conclusions The use of evidence-based bullying prevention programs is supported to reduce experiences of all forms of bullying perpetration(cyber, traditional, and relational aggression). In addition, for traditional bullying perpetration, addressing family conflict and student academic support are also important. PMID:22727078

Final Technical Report. Project Boeing SGS

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bell, Thomas E.

Boeing and its partner, PJM Interconnection, teamed to bring advanced “defense-grade” technologies for cyber security to the US regional power grid through demonstration in PJM’s energy management environment. Under this cooperative project with the Department of Energy, Boeing and PJM have developed and demonstrated a host of technologies specifically tailored to the needs of PJM and the electric sector as a whole. The team has demonstrated to the energy industry a combination of processes, techniques and technologies that have been successfully implemented in the commercial, defense, and intelligence communities to identify, mitigate and continuously monitor the cyber security of criticalmore » systems. Guided by the results of a Cyber Security Risk-Based Assessment completed in Phase I, the Boeing-PJM team has completed multiple iterations through the Phase II Development and Phase III Deployment phases. Multiple cyber security solutions have been completed across a variety of controls including: Application Security, Enhanced Malware Detection, Security Incident and Event Management (SIEM) Optimization, Continuous Vulnerability Monitoring, SCADA Monitoring/Intrusion Detection, Operational Resiliency, Cyber Range simulations and hands on cyber security personnel training. All of the developed and demonstrated solutions are suitable for replication across the electric sector and/or the energy sector as a whole. Benefits identified include; Improved malware and intrusion detection capability on critical SCADA networks including behavioral-based alerts resulting in improved zero-day threat protection; Improved Security Incident and Event Management system resulting in better threat visibility, thus increasing the likelihood of detecting a serious event; Improved malware detection and zero-day threat response capability; Improved ability to systematically evaluate and secure in house and vendor sourced software applications; Improved ability to continuously monitor and maintain secure configuration of network devices resulting in reduced vulnerabilities for potential exploitation; Improved overall cyber security situational awareness through the integration of multiple discrete security technologies into a single cyber security reporting console; Improved ability to maintain the resiliency of critical systems in the face of a targeted cyber attack of other significant event; Improved ability to model complex networks for penetration testing and advanced training of cyber security personnel« less

Cyber security best practices for the nuclear industry

DOE Office of Scientific and Technical Information (OSTI.GOV)

Badr, I.

2012-07-01

When deploying software based systems, such as, digital instrumentation and controls for the nuclear industry, it is vital to include cyber security assessment as part of architecture and development process. When integrating and delivering software-intensive systems for the nuclear industry, engineering teams should make use of a secure, requirements driven, software development life cycle, ensuring security compliance and optimum return on investment. Reliability protections, data loss prevention, and privacy enforcement provide a strong case for installing strict cyber security policies. (authors)

Vulnerability of water supply systems to cyber-physical attacks

NASA Astrophysics Data System (ADS)

Galelli, Stefano; Taormina, Riccardo; Tippenhauer, Nils; Salomons, Elad; Ostfeld, Avi

2016-04-01

The adoption of smart meters, distributed sensor networks and industrial control systems has largely improved the level of service provided by modern water supply systems. Yet, the progressive computerization exposes these critical infrastructures to cyber-physical attacks, which are generally aimed at stealing critical information (cyber-espionage) or causing service disruption (denial-of-service). Recent statistics show that water and power utilities are undergoing frequent attacks - such as the December power outage in Ukraine - , attracting the interest of operators and security agencies. Taking the security of Water Distribution Networks (WDNs) as domain of study, our work seeks to characterize the vulnerability of WDNs to cyber-physical attacks, so as to conceive adequate defense mechanisms. We extend the functionality of EPANET, which models hydraulic and water quality processes in pressurized pipe networks, to include a cyber layer vulnerable to repeated attacks. Simulation results on a medium-scale network show that several hydraulic actuators (valves and pumps, for example) can be easily attacked, causing both service disruption - i.e., water spillage and loss of pressure - and structural damages - e.g., pipes burst. Our work highlights the need for adequate countermeasures, such as attacks detection and reactive control systems.

Using Robots and Contract Learning to Teach Cyber-Physical Systems to Undergraduates

ERIC Educational Resources Information Center

Crenshaw, T. L. A.

2013-01-01

Cyber-physical systems are a genre of networked real-time systems that monitor and control the physical world. Examples include unmanned aerial vehicles and industrial robotics. The experts who develop these complex systems are retiring much faster than universities are graduating engineering majors. As a result, it is important for undergraduates…

A Baseline Patient Model to Support Testing of Medical Cyber-Physical Systems.

PubMed

Silva, Lenardo C; Perkusich, Mirko; Almeida, Hyggo O; Perkusich, Angelo; Lima, Mateus A M; Gorgônio, Kyller C

2015-01-01

Medical Cyber-Physical Systems (MCPS) are currently a trending topic of research. The main challenges are related to the integration and interoperability of connected medical devices, patient safety, physiologic closed-loop control, and the verification and validation of these systems. In this paper, we focus on patient safety and MCPS validation. We present a formal patient model to be used in health care systems validation without jeopardizing the patient's health. To determine the basic patient conditions, our model considers the four main vital signs: heart rate, respiratory rate, blood pressure and body temperature. To generate the vital signs we used regression models based on statistical analysis of a clinical database. Our solution should be used as a starting point for a behavioral patient model and adapted to specific clinical scenarios. We present the modeling process of the baseline patient model and show its evaluation. The conception process may be used to build different patient models. The results show the feasibility of the proposed model as an alternative to the immediate need for clinical trials to test these medical systems.

Potential Collaborative Research topics with Korea’s Agency for Defense Development

DOE Office of Scientific and Technical Information (OSTI.GOV)

Farrar, Charles R.; Todd, Michael D.

2012-08-23

This presentation provides a high level summary of current research activities at the Los Alamos National Laboratory (LANL)-University of California Jacobs School of Engineering (UCSD) Engineering Institute that will be presented at Korea's Agency for Defense Development (ADD). These research activities are at the basic engineering science level with different level of maturity ranging from initial concepts to field proof-of-concept demonstrations. We believe that all of these activities are appropriate for collaborative research activities with ADD subject to approval by each institution. All the activities summarized herein have the common theme that they are multi-disciplinary in nature and typically involvedmore » the integration of high-fidelity predictive modeling, advanced sensing technologies and new development in information technology. These activities include: Wireless Sensor Systems, Swarming Robot sensor systems, Advanced signal processing (compressed sensing) and pattern recognition, Model Verification and Validation, Optimal/robust sensor system design, Haptic systems for large-scale data processing, Cyber-physical security for robots, Multi-source energy harvesting, Reliability-based approaches to damage prognosis, SHMTools software development, and Cyber-physical systems advanced study institute.« less

New Capabilities for Cyber Charter School Leadership: An Emerging Imperative for Integrating Educational Technology and Educational Leadership Knowledge

ERIC Educational Resources Information Center

Kowch, Eugene

2009-01-01

Cyber charter schools (CCS) and cyber schools may soon become the most "disruptive innovation" in the education system (Christensen, Horn & Johnson, 2008) so the author urges educational technologists to take up the imperative to develop new administration knowledge among the students along with educational technology skills to support future…

Principles of designing cyber-physical system of producing mechanical assembly components at Industry 4.0 enterprise

NASA Astrophysics Data System (ADS)

Gurjanov, A. V.; Zakoldaev, D. A.; Shukalov, A. V.; Zharinov, I. O.

2018-03-01

The task of developing principles of cyber-physical system constitution at the Industry 4.0 company of the item designing components of mechanical assembly production is being studied. The task has been solved by analyzing the components and technologies, which have some practical application in the digital production organization. The list of components has been defined and the authors proposed the scheme of the components and technologies interconnection in the Industry 4.0 of mechanical assembly production to make an uninterrupted manufacturing route of the item designing components with application of some cyber-physical systems.

Study on perception and control layer of mine CPS with mixed logic dynamic approach

NASA Astrophysics Data System (ADS)

Li, Jingzhao; Ren, Ping; Yang, Dayu

2017-01-01

Mine inclined roadway transportation system of mine cyber physical system is a hybrid system consisting of a continuous-time system and a discrete-time system, which can be divided into inclined roadway signal subsystem, error-proofing channel subsystems, anti-car subsystems, and frequency control subsystems. First, to ensure stable operation, improve efficiency and production safety, this hybrid system model with n inputs and m outputs is constructed and analyzed in detail, then its steady schedule state to be solved. Second, on the basis of the formal modeling for real-time systems, we use hybrid toolbox for system security verification. Third, the practical application of mine cyber physical system shows that the method for real-time simulation of mine cyber physical system is effective.

An assessment of the cyber security legislation and its impact on the United States electrical sector

NASA Astrophysics Data System (ADS)

Born, Joshua

The purpose of this research was to examine the cyber-security posture for the United States' electrical grid, which comprises a major component of critical infrastructure for the country. The United States electrical sector is so vast, that the Department of Homeland Security (DHS) estimates, it contains more than 6,413 power plants (this includes 3,273 traditional electric utilities and 1,738 nonutility power producers) with approximately 1,075 gigawatts of energy produced on a daily basis. A targeted cyber-security attack against the electric grid would likely have catastrophic results and could even serve as a precursor to a physical attack against the United States. A recent report by the consulting firm Black and Veatch found that one of the top five greatest concerns for United States electric utilities is the risk that cybersecurity poses to their industry and yet, only one-third state they are currently prepared to meet the increasingly likely threat. The report goes on to state, "only 32% of electric utilities surveyed had integrated security systems with the proper segmentation, monitoring and redundancies needed for cyber threat protection. Another 48 % said they did not" Recent estimates indicate that a large-scale cyber-attack against this sector could cost the United States economy as much as a trillion dollars within a weeks' time. Legislative efforts in the past have primarily been focused on creating mandates that encourage public and private partnership, which have been not been adopted as quickly as desired. With 85 % of all electric utilities being privately owned, it is key that the public and private sector partner in order to mitigate risks and respond as a cohesive unit in the event of a major attack. Keywords: Cybersecurity, Professor Riddell, cyber security, energy, intelligence, outlook, electrical, compliance, legislation, partnerships, critical infrastructure.

A Probabilistic Risk Mitigation Model for Cyber-Attacks to PMU Networks

DOE Office of Scientific and Technical Information (OSTI.GOV)

Mousavian, Seyedamirabbas; Valenzuela, Jorge; Wang, Jianhui

The power grid is becoming more dependent on information and communication technologies. Complex networks of advanced sensors such as phasor measurement units (PMUs) are used to collect real time data to improve the observability of the power system. Recent studies have shown that the power grid has significant cyber vulnerabilities which could increase when PMUs are used extensively. Therefore, recognizing and responding to vulnerabilities are critical to the security of the power grid. This paper proposes a risk mitigation model for optimal response to cyber-attacks to PMU networks. We model the optimal response action as a mixed integer linear programmingmore » (MILP) problem to prevent propagation of the cyber-attacks and maintain the observability of the power system.« less

Markov Task Network: A Framework for Service Composition under Uncertainty in Cyber-Physical Systems.

PubMed

Mohammed, Abdul-Wahid; Xu, Yang; Hu, Haixiao; Agyemang, Brighter

2016-09-21

In novel collaborative systems, cooperative entities collaborate services to achieve local and global objectives. With the growing pervasiveness of cyber-physical systems, however, such collaboration is hampered by differences in the operations of the cyber and physical objects, and the need for the dynamic formation of collaborative functionality given high-level system goals has become practical. In this paper, we propose a cross-layer automation and management model for cyber-physical systems. This models the dynamic formation of collaborative services pursuing laid-down system goals as an ontology-oriented hierarchical task network. Ontological intelligence provides the semantic technology of this model, and through semantic reasoning, primitive tasks can be dynamically composed from high-level system goals. In dealing with uncertainty, we further propose a novel bridge between hierarchical task networks and Markov logic networks, called the Markov task network. This leverages the efficient inference algorithms of Markov logic networks to reduce both computational and inferential loads in task decomposition. From the results of our experiments, high-precision service composition under uncertainty can be achieved using this approach.

How Institutional and University Counselor Policies Effectively Respond to Victims of Cyber Violent Acts: A Multisite Case Study

ERIC Educational Resources Information Center

Richards, Gretchen M.

2012-01-01

This multisite case study examined how institutional and university counselor policies effectively respond to cyber violent acts. Stake's (2006) multisite case study methodology was used to identify seven themes from current literature. Two sites with four participants were selected. The participants included two counseling directors and the…

Confronting Cyber-Bullying: What Schools Need to Know to Control Misconduct and Avoid Legal Consequences

ERIC Educational Resources Information Center

Shariff, Shaheen

2009-01-01

This book is directed to academics, educators, and government policy-makers who are concerned about addressing emerging cyber-bullying and anti-authority student expressions through the use of cell phone and Internet technologies. There is a current policy vacuum relating to the extent of educators' legal responsibilities to intervene when such…

Analytics for Cyber Network Defense

DOE Office of Scientific and Technical Information (OSTI.GOV)

Plantenga, Todd.; Kolda, Tamara Gibson

2011-06-01

This report provides a brief survey of analytics tools considered relevant to cyber network defense (CND). Ideas and tools come from elds such as statistics, data mining, and knowledge discovery. Some analytics are considered standard mathematical or statistical techniques, while others re ect current research directions. In all cases the report attempts to explain the relevance to CND with brief examples.

Correlates of cyber dating abuse among teens.

PubMed

Zweig, Janine M; Lachman, Pamela; Yahner, Jennifer; Dank, Meredith

2014-08-01

Recent advancements in technology (e.g., social networking, texting) have created new ways for dating youth to relate to one another, including in abusive ways via "cyber dating abuse." Cyber dating abuse is a form of teen dating violence that overlaps with other types of abuse (e.g., psychological) but also has several unique characteristics. Given the phenomenon's limited presence in dating violence literature, we focus on identifying how experiencing cyber dating abuse relates to youths' individual behaviors and experiences (e.g., substance use, sexual activity), psychosocial adjustment, school connection, family relationships, and partner relationships. A total of 3,745 youth (52% female, 74% White) in three northeastern states participated in the survey and reported currently being in a dating relationship or having been in one during the prior year. We found that experiences of cyber dating abuse were most significantly correlated with being female, committing a greater variety of delinquent behaviors, having had sexual activity in one's lifetime, having higher levels of depressive symptoms, and having higher levels of anger/hostility. Further, cyber dating abuse appeared somewhat more strongly related to depressive symptoms and delinquency than did other forms of teen dating violence and abuse.

A Probabilistic Framework for Quantifying Mixed Uncertainties in Cyber Attacker Payoffs

DOE Office of Scientific and Technical Information (OSTI.GOV)

Chatterjee, Samrat; Tipireddy, Ramakrishna; Oster, Matthew R.

Quantification and propagation of uncertainties in cyber attacker payoffs is a key aspect within multiplayer, stochastic security games. These payoffs may represent penalties or rewards associated with player actions and are subject to various sources of uncertainty, including: (1) cyber-system state, (2) attacker type, (3) choice of player actions, and (4) cyber-system state transitions over time. Past research has primarily focused on representing defender beliefs about attacker payoffs as point utility estimates. More recently, within the physical security domain, attacker payoff uncertainties have been represented as Uniform and Gaussian probability distributions, and mathematical intervals. For cyber-systems, probability distributions may helpmore » address statistical (aleatory) uncertainties where the defender may assume inherent variability or randomness in the factors contributing to the attacker payoffs. However, systematic (epistemic) uncertainties may exist, where the defender may not have sufficient knowledge or there is insufficient information about the attacker’s payoff generation mechanism. Such epistemic uncertainties are more suitably represented as generalizations of probability boxes. This paper explores the mathematical treatment of such mixed payoff uncertainties. A conditional probabilistic reasoning approach is adopted to organize the dependencies between a cyber-system’s state, attacker type, player actions, and state transitions. This also enables the application of probabilistic theories to propagate various uncertainties in the attacker payoffs. An example implementation of this probabilistic framework and resulting attacker payoff distributions are discussed. A goal of this paper is also to highlight this uncertainty quantification problem space to the cyber security research community and encourage further advancements in this area.« less

Towards an integrated defense system for cyber security situation awareness experiment

NASA Astrophysics Data System (ADS)

Zhang, Hanlin; Wei, Sixiao; Ge, Linqiang; Shen, Dan; Yu, Wei; Blasch, Erik P.; Pham, Khanh D.; Chen, Genshe

2015-05-01

In this paper, an implemented defense system is demonstrated to carry out cyber security situation awareness. The developed system consists of distributed passive and active network sensors designed to effectively capture suspicious information associated with cyber threats, effective detection schemes to accurately distinguish attacks, and network actors to rapidly mitigate attacks. Based on the collected data from network sensors, image-based and signals-based detection schemes are implemented to detect attacks. To further mitigate attacks, deployed dynamic firewalls on hosts dynamically update detection information reported from the detection schemes and block attacks. The experimental results show the effectiveness of the proposed system. A future plan to design an effective defense system is also discussed based on system theory.

32 CFR 236.1 - Purpose.

Code of Federal Regulations, 2013 CFR

2013-07-01

... DEFENSE (DOD)-DEFENSE INDUSTRIAL BASE (DIB) VOLUNTARY CYBER SECURITY AND INFORMATION ASSURANCE (CS/IA) ACTIVITIES § 236.1 Purpose. Cyber threats to DIB unclassified information systems represent an unacceptable...

32 CFR 236.1 - Purpose.

Code of Federal Regulations, 2012 CFR

2012-07-01

... DEFENSE (DOD)-DEFENSE INDUSTRIAL BASE (DIB) VOLUNTARY CYBER SECURITY AND INFORMATION ASSURANCE (CS/IA) ACTIVITIES § 236.1 Purpose. Cyber threats to DIB unclassified information systems represent an unacceptable...

A Taxonomy on Accountability and Privacy Issues in Smart Grids

NASA Astrophysics Data System (ADS)

Naik, Ameya; Shahnasser, Hamid

2017-07-01

Cyber-Physical Systems (CPS) are combinations of computation, networking, and physical processes. Embedded computers and networks monitor control the physical processes, which affect computations and vice versa. Two applications of cyber physical systems include health-care and smart grid. In this paper, we have considered privacy aspects of cyber-physical system applicable to smart grid. Smart grid in collaboration with different stockholders can help in the improvement of power generation, communication, circulation and consumption. The proper management with monitoring feature by customers and utility of energy usage can be done through proper transmission and electricity flow; however cyber vulnerability could be increased due to an increased assimilation and linkage. This paper discusses various frameworks and architectures proposed for achieving accountability in smart grids by addressing privacy issues in Advance Metering Infrastructure (AMI). This paper also highlights additional work needed for accountability in more precise specifications such as uncertainty or ambiguity, indistinct, unmanageability, and undetectably.

A Cyber-ITS Framework for Massive Traffic Data Analysis Using Cyber Infrastructure

PubMed Central

Fontaine, Michael D.

2013-01-01

Traffic data is commonly collected from widely deployed sensors in urban areas. This brings up a new research topic, data-driven intelligent transportation systems (ITSs), which means to integrate heterogeneous traffic data from different kinds of sensors and apply it for ITS applications. This research, taking into consideration the significant increase in the amount of traffic data and the complexity of data analysis, focuses mainly on the challenge of solving data-intensive and computation-intensive problems. As a solution to the problems, this paper proposes a Cyber-ITS framework to perform data analysis on Cyber Infrastructure (CI), by nature parallel-computing hardware and software systems, in the context of ITS. The techniques of the framework include data representation, domain decomposition, resource allocation, and parallel processing. All these techniques are based on data-driven and application-oriented models and are organized as a component-and-workflow-based model in order to achieve technical interoperability and data reusability. A case study of the Cyber-ITS framework is presented later based on a traffic state estimation application that uses the fusion of massive Sydney Coordinated Adaptive Traffic System (SCATS) data and GPS data. The results prove that the Cyber-ITS-based implementation can achieve a high accuracy rate of traffic state estimation and provide a significant computational speedup for the data fusion by parallel computing. PMID:23766690

COMCAN; COMCAN2A; system safety common cause analysis. [IBM360; CDC CYBER176,175; FORTRAN IV (30%) and BAL (70%) (IBM360), FORTRAN IV (97%) and COMPASS (3%) (CDC CYBER176)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Burdick, G.R.; Wilson, J.R.

COMCAN2A and COMCAN are designed to analyze complex systems such as nuclear plants for common causes of failure. A common cause event, or common mode failure, is a secondary cause that could contribute to the failure of more than one component and violates the assumption of independence. Analysis of such events is an integral part of system reliability and safety analysis. A significant common cause event is a secondary cause common to all basic events in one or more minimal cut sets. Minimal cut sets containing events from components sharing a common location or a common link are called commonmore » cause candidates. Components share a common location if no barrier insulates any one of them from the secondary cause. A common link is a dependency among components which cannot be removed by a physical barrier (e.g., a common energy source or common maintenance instructions).IBM360;CDC CYBER176,175; FORTRAN IV (30%) and BAL (70%) (IBM360), FORTRAN IV (97%) and COMPASS (3%) (CDC CYBER176).; OS/360 (IBM360) and NOS/BE 1.4 (CDC CYBER176), NOS 1.3 (CDC CYBER175); 140K bytes of memory for COMCAN and 242K (octal) words of memory for COMCAN2A.« less

A Cyber-ITS framework for massive traffic data analysis using cyber infrastructure.

PubMed

Xia, Yingjie; Hu, Jia; Fontaine, Michael D

2013-01-01

Traffic data is commonly collected from widely deployed sensors in urban areas. This brings up a new research topic, data-driven intelligent transportation systems (ITSs), which means to integrate heterogeneous traffic data from different kinds of sensors and apply it for ITS applications. This research, taking into consideration the significant increase in the amount of traffic data and the complexity of data analysis, focuses mainly on the challenge of solving data-intensive and computation-intensive problems. As a solution to the problems, this paper proposes a Cyber-ITS framework to perform data analysis on Cyber Infrastructure (CI), by nature parallel-computing hardware and software systems, in the context of ITS. The techniques of the framework include data representation, domain decomposition, resource allocation, and parallel processing. All these techniques are based on data-driven and application-oriented models and are organized as a component-and-workflow-based model in order to achieve technical interoperability and data reusability. A case study of the Cyber-ITS framework is presented later based on a traffic state estimation application that uses the fusion of massive Sydney Coordinated Adaptive Traffic System (SCATS) data and GPS data. The results prove that the Cyber-ITS-based implementation can achieve a high accuracy rate of traffic state estimation and provide a significant computational speedup for the data fusion by parallel computing.

32 CFR 236.1 - Purpose.

Code of Federal Regulations, 2014 CFR

2014-07-01

... DEFENSE (DoD)-DEFENSE INDUSTRIAL BASE (DIB) VOLUNTARY CYBER SECURITY AND INFORMATION ASSURANCE (CS/IA) ACTIVITIES § 236.1 Purpose. Cyber threats to DIB unclassified information systems represent an unacceptable...

32 CFR 236.3 - Policy.

Code of Federal Regulations, 2012 CFR

2012-07-01

... DEFENSE (DOD)-DEFENSE INDUSTRIAL BASE (DIB) VOLUNTARY CYBER SECURITY AND INFORMATION ASSURANCE (CS/IA... systems. (b) Increase the Government and DIB situational awareness of the extent and severity of cyber...

32 CFR 236.3 - Policy.

Code of Federal Regulations, 2013 CFR

2013-07-01

... DEFENSE (DOD)-DEFENSE INDUSTRIAL BASE (DIB) VOLUNTARY CYBER SECURITY AND INFORMATION ASSURANCE (CS/IA... systems. (b) Increase the Government and DIB situational awareness of the extent and severity of cyber...

New Educational Modules Using a Cyber-Distribution System Testbed

DOE PAGES

Xie, Jing; Bedoya, Juan Carlos; Liu, Chen-Ching; ...

2018-03-30

At Washington State University (WSU), a modern cyber-physical system testbed has been implemented based on an industry grade distribution management system (DMS) that is integrated with remote terminal units (RTUs), smart meters, and a solar photovoltaic (PV). In addition, the real model from the Avista Utilities distribution system in Pullman, WA, is modeled in DMS. The proposed testbed environment allows students and instructors to utilize these facilities for innovations in learning and teaching. For power engineering education, this testbed helps students understand the interaction between a cyber system and a physical distribution system through industrial level visualization. The testbed providesmore » a distribution system monitoring and control environment for students. Compared with a simulation based approach, the testbed brings the students' learning environment a step closer to the real world. The educational modules allow students to learn the concepts of a cyber-physical system and an electricity market through an integrated testbed. Furthermore, the testbed provides a platform in the study mode for students to practice working on a real distribution system model. Here, this paper describes the new educational modules based on the testbed environment. Three modules are described together with the underlying educational principles and associated projects.« less

New Educational Modules Using a Cyber-Distribution System Testbed

DOE Office of Scientific and Technical Information (OSTI.GOV)

Xie, Jing; Bedoya, Juan Carlos; Liu, Chen-Ching

At Washington State University (WSU), a modern cyber-physical system testbed has been implemented based on an industry grade distribution management system (DMS) that is integrated with remote terminal units (RTUs), smart meters, and a solar photovoltaic (PV). In addition, the real model from the Avista Utilities distribution system in Pullman, WA, is modeled in DMS. The proposed testbed environment allows students and instructors to utilize these facilities for innovations in learning and teaching. For power engineering education, this testbed helps students understand the interaction between a cyber system and a physical distribution system through industrial level visualization. The testbed providesmore » a distribution system monitoring and control environment for students. Compared with a simulation based approach, the testbed brings the students' learning environment a step closer to the real world. The educational modules allow students to learn the concepts of a cyber-physical system and an electricity market through an integrated testbed. Furthermore, the testbed provides a platform in the study mode for students to practice working on a real distribution system model. Here, this paper describes the new educational modules based on the testbed environment. Three modules are described together with the underlying educational principles and associated projects.« less

Cyber-Physical Test Platform for Microgrids: Combining Hardware, Hardware-in-the-Loop, and Network-Simulator-in-the-Loop

DOE Office of Scientific and Technical Information (OSTI.GOV)

Nelson, Austin; Chakraborty, Sudipta; Wang, Dexin

This paper presents a cyber-physical testbed, developed to investigate the complex interactions between emerging microgrid technologies such as grid-interactive power sources, control systems, and a wide variety of communication platforms and bandwidths. The cyber-physical testbed consists of three major components for testing and validation: real time models of a distribution feeder model with microgrid assets that are integrated into the National Renewable Energy Laboratory's (NREL) power hardware-in-the-loop (PHIL) platform; real-time capable network-simulator-in-the-loop (NSIL) models; and physical hardware including inverters and a simple system controller. Several load profiles and microgrid configurations were tested to examine the effect on system performance withmore » increasing channel delays and router processing delays in the network simulator. Testing demonstrated that the controller's ability to maintain a target grid import power band was severely diminished with increasing network delays and laid the foundation for future testing of more complex cyber-physical systems.« less

Cyber-intrusion Auto-response and Policy Management System (CAPMS)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Lusk, Steve; Lawrence, David; Suvana, Prakash

The Cyber-intrusion Auto-response and Policy Management System (CAPMS) project was funded by a grant from the US Department of Energy (DOE) Cybersecurity for Energy Delivery Systems (CEDS) program with contributions from two partner electric utilities: Southern California Edison (SCE) and Duke Energy. The goal of the project was to demonstrate protecting smart grid assets from a cyber attack in a way that “does not impede critical energy delivery functions.” This report summarizes project goals and activities for the CAPMS project and explores what did and did not work as expected. It concludes with an assessment of possible benefits and valuemore » of the system for the future.« less

32 CFR 236.3 - Policy.

Code of Federal Regulations, 2014 CFR

2014-07-01

... DEFENSE (DoD)-DEFENSE INDUSTRIAL BASE (DIB) VOLUNTARY CYBER SECURITY AND INFORMATION ASSURANCE (CS/IA... systems. (b) Increase the Government and DIB situational awareness of the extent and severity of cyber...

Towards a Multiscale Approach to Cybersecurity Modeling

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hogan, Emilie A.; Hui, Peter SY; Choudhury, Sutanay

2013-11-12

We propose a multiscale approach to modeling cyber networks, with the goal of capturing a view of the network and overall situational awareness with respect to a few key properties--- connectivity, distance, and centrality--- for a system under an active attack. We focus on theoretical and algorithmic foundations of multiscale graphs, coming from an algorithmic perspective, with the goal of modeling cyber system defense as a specific use case scenario. We first define a notion of \\emph{multiscale} graphs, in contrast with their well-studied single-scale counterparts. We develop multiscale analogs of paths and distance metrics. As a simple, motivating example ofmore » a common metric, we present a multiscale analog of the all-pairs shortest-path problem, along with a multiscale analog of a well-known algorithm which solves it. From a cyber defense perspective, this metric might be used to model the distance from an attacker's position in the network to a sensitive machine. In addition, we investigate probabilistic models of connectivity. These models exploit the hierarchy to quantify the likelihood that sensitive targets might be reachable from compromised nodes. We believe that our novel multiscale approach to modeling cyber-physical systems will advance several aspects of cyber defense, specifically allowing for a more efficient and agile approach to defending these systems.« less

Simulations in Cyber-Security: A Review of Cognitive Modeling of Network Attackers, Defenders, and Users.

PubMed

Veksler, Vladislav D; Buchler, Norbou; Hoffman, Blaine E; Cassenti, Daniel N; Sample, Char; Sugrim, Shridat

2018-01-01

Computational models of cognitive processes may be employed in cyber-security tools, experiments, and simulations to address human agency and effective decision-making in keeping computational networks secure. Cognitive modeling can addresses multi-disciplinary cyber-security challenges requiring cross-cutting approaches over the human and computational sciences such as the following: (a) adversarial reasoning and behavioral game theory to predict attacker subjective utilities and decision likelihood distributions, (b) human factors of cyber tools to address human system integration challenges, estimation of defender cognitive states, and opportunities for automation, (c) dynamic simulations involving attacker, defender, and user models to enhance studies of cyber epidemiology and cyber hygiene, and (d) training effectiveness research and training scenarios to address human cyber-security performance, maturation of cyber-security skill sets, and effective decision-making. Models may be initially constructed at the group-level based on mean tendencies of each subject's subgroup, based on known statistics such as specific skill proficiencies, demographic characteristics, and cultural factors. For more precise and accurate predictions, cognitive models may be fine-tuned to each individual attacker, defender, or user profile, and updated over time (based on recorded behavior) via techniques such as model tracing and dynamic parameter fitting.

A continuous arc delivery optimization algorithm for CyberKnife m6.

PubMed

Kearney, Vasant; Descovich, Martina; Sudhyadhom, Atchar; Cheung, Joey P; McGuinness, Christopher; Solberg, Timothy D

2018-06-01

This study aims to reduce the delivery time of CyberKnife m6 treatments by allowing for noncoplanar continuous arc delivery. To achieve this, a novel noncoplanar continuous arc delivery optimization algorithm was developed for the CyberKnife m6 treatment system (CyberArc-m6). CyberArc-m6 uses a five-step overarching strategy, in which an initial set of beam geometries is determined, the robotic delivery path is calculated, direct aperture optimization is conducted, intermediate MLC configurations are extracted, and the final beam weights are computed for the continuous arc radiation source model. This algorithm was implemented on five prostate and three brain patients, previously planned using a conventional step-and-shoot CyberKnife m6 delivery technique. The dosimetric quality of the CyberArc-m6 plans was assessed using locally confined mutual information (LCMI), conformity index (CI), heterogeneity index (HI), and a variety of common clinical dosimetric objectives. Using conservative optimization tuning parameters, CyberArc-m6 plans were able to achieve an average CI difference of 0.036 ± 0.025, an average HI difference of 0.046 ± 0.038, and an average LCMI of 0.920 ± 0.030 compared with the original CyberKnife m6 plans. Including a 5 s per minute image alignment time and a 5-min setup time, conservative CyberArc-m6 plans achieved an average treatment delivery speed up of 1.545x ± 0.305x compared with step-and-shoot plans. The CyberArc-m6 algorithm was able to achieve dosimetrically similar plans compared to their step-and-shoot CyberKnife m6 counterparts, while simultaneously reducing treatment delivery times. © 2018 American Association of Physicists in Medicine.

Effects-Based Operations in the Cyber Domain

DTIC Science & Technology

2017-05-03

as the joint targeting methodology . The description that Batschelet gave the traditional targeting methodology included a process of, “Decide, Detect...technology, requires new planning and methodology to fight back. This paper evaluates current Department of Defense doctrine to look at ways to conduct...developing its cyber tactics, techniques, and procedures, which, includes various targeting methodologies , such as the use of effects-based

A Comparison of Preservice Teachers' Responses to Cyber versus Traditional Bullying Scenarios: Similarities and Differences and Implications for Practice

ERIC Educational Resources Information Center

Boulton, Michael J.; Hardcastle, Katryna; Down, James; Fowles, John; Simmonds, Jennifer A.

2014-01-01

Prior studies indicate that teachers differ in how they respond to different kinds of traditional bullying, and that their beliefs predict their intervention intentions. The current study provided the first extension of this work into the realm of cyber bullying. Preservice teachers in the United Kingdom ("N" = 222) were presented with…

Cyber Charter Schools and Students with Dis/abilities: Rebooting the IDEA to Address Equity, Access, and Compliance

ERIC Educational Resources Information Center

Collins, Kathleen M.; Green, Preston C., III; Nelson, Steven L.; Madahar, Santosh

2015-01-01

This article takes up the question of equity, access, and cyber charter schools from the perspective of disability studies in education (DSE). DSE positions inclusion and educational access as social justice concerns. In doing so, we assert the importance of making visible the social justice implications of the current laws that impact cyber…

Cyber Bullying and Physical Bullying in Adolescent Suicide: The Role of Violent Behavior and Substance Use

ERIC Educational Resources Information Center

Litwiller, Brett J.; Brausch, Amy M.

2013-01-01

The impact of bullying in all forms on the mental health and safety of adolescents is of particular interest, especially in the wake of new methods of bullying that victimize youths through technology. The current study examined the relationship between victimization from both physical and cyber bullying and adolescent suicidal behavior. Violent…

Secure it now or secure it later: the benefits of addressing cyber-security from the outset

NASA Astrophysics Data System (ADS)

Olama, Mohammed M.; Nutaro, James

2013-05-01

The majority of funding for research and development (R&D) in cyber-security is focused on the end of the software lifecycle where systems have been deployed or are nearing deployment. Recruiting of cyber-security personnel is similarly focused on end-of-life expertise. By emphasizing cyber-security at these late stages, security problems are found and corrected when it is most expensive to do so, thus increasing the cost of owning and operating complex software systems. Worse, expenditures on expensive security measures often mean less money for innovative developments. These unwanted increases in cost and potential slowing of innovation are unavoidable consequences of an approach to security that finds and remediate faults after software has been implemented. We argue that software security can be improved and the total cost of a software system can be substantially reduced by an appropriate allocation of resources to the early stages of a software project. By adopting a similar allocation of R&D funds to the early stages of the software lifecycle, we propose that the costs of cyber-security can be better controlled and, consequently, the positive effects of this R&D on industry will be much more pronounced.

CrossTalk. The Journal of Defense Software Engineering. Volume 25, Number 6

DTIC Science & Technology

2012-12-01

Cyber Security Threat Definition Communicable Noncommunicable Based on Risky Behavior Coordinated Trojan horse programs Threats hidden in a...for Cyber Security Threats Cyber Security Threat Communicable Noncommunicable Risky Behaviors Coordinated Type of Intervention (at the System...types of data are breached. Further, educational materials on risky behaviors (e.g., for home Internet users) as well as recommended guide- lines for

Comparative Analysis of Curricula for Bachelor's Degree in Cyber Security in the USA and Ukraine

ERIC Educational Resources Information Center

Bystrova, Bogdana

2017-01-01

At the present stage of science and technology development the need to strengthen cyber security in every developed country and transform it into one of the most important sectors of society is growing. The peculiarities of the professional training of cyber security bachelors in the U.S. higher education system have been defined. The relevance of…

Using Discrete Event Simulation to Model Attacker Interactions with Cyber and Physical Security Systems

DOE PAGES

Perkins, Casey; Muller, George

2015-10-08

The number of connections between physical and cyber security systems is rapidly increasing due to centralized control from automated and remotely connected means. As the number of interfaces between systems continues to grow, the interactions and interdependencies between them cannot be ignored. Historically, physical and cyber vulnerability assessments have been performed independently. This independent evaluation omits important aspects of the integrated system, where the impacts resulting from malicious or opportunistic attacks are not easily known or understood. Here, we describe a discrete event simulation model that uses information about integrated physical and cyber security systems, attacker characteristics and simple responsemore » rules to identify key safeguards that limit an attacker's likelihood of success. Key features of the proposed model include comprehensive data generation to support a variety of sophisticated analyses, and full parameterization of safeguard performance characteristics and attacker behaviours to evaluate a range of scenarios. Lastly, we also describe the core data requirements and the network of networks that serves as the underlying simulation structure.« less

Using Discrete Event Simulation to Model Attacker Interactions with Cyber and Physical Security Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Perkins, Casey; Muller, George

The number of connections between physical and cyber security systems is rapidly increasing due to centralized control from automated and remotely connected means. As the number of interfaces between systems continues to grow, the interactions and interdependencies between them cannot be ignored. Historically, physical and cyber vulnerability assessments have been performed independently. This independent evaluation omits important aspects of the integrated system, where the impacts resulting from malicious or opportunistic attacks are not easily known or understood. Here, we describe a discrete event simulation model that uses information about integrated physical and cyber security systems, attacker characteristics and simple responsemore » rules to identify key safeguards that limit an attacker's likelihood of success. Key features of the proposed model include comprehensive data generation to support a variety of sophisticated analyses, and full parameterization of safeguard performance characteristics and attacker behaviours to evaluate a range of scenarios. Lastly, we also describe the core data requirements and the network of networks that serves as the underlying simulation structure.« less

Cyber security with radio frequency interferences mitigation study for satellite systems

NASA Astrophysics Data System (ADS)

Wang, Gang; Wei, Sixiao; Chen, Genshe; Tian, Xin; Shen, Dan; Pham, Khanh; Nguyen, Tien M.; Blasch, Erik

2016-05-01

Satellite systems including the Global Navigation Satellite System (GNSS) and the satellite communications (SATCOM) system provide great convenience and utility to human life including emergency response, wide area efficient communications, and effective transportation. Elements of satellite systems incorporate technologies such as navigation with the global positioning system (GPS), satellite digital video broadcasting, and information transmission with a very small aperture terminal (VSAT), etc. The satellite systems importance is growing in prominence with end users' requirement for globally high data rate transmissions; the cost reduction of launching satellites; development of smaller sized satellites including cubesat, nanosat, picosat, and femtosat; and integrating internet services with satellite networks. However, with the promising benefits, challenges remain to fully develop secure and robust satellite systems with pervasive computing and communications. In this paper, we investigate both cyber security and radio frequency (RF) interferences mitigation for satellite systems, and demonstrate that they are not isolated. The action space for both cyber security and RF interferences are firstly summarized for satellite systems, based on which the mitigation schemes for both cyber security and RF interferences are given. A multi-layered satellite systems structure is provided with cross-layer design considering multi-path routing and channel coding, to provide great security and diversity gains for secure and robust satellite systems.

DOE/DHS INDUSTRIAL CONTROL SYSTEM CYBER SECURITY PROGRAMS: A MODEL FOR USE IN NUCLEAR FACILITY SAFEGUARDS AND SECURITY

DOE Office of Scientific and Technical Information (OSTI.GOV)

Robert S. Anderson; Mark Schanfein; Trond Bjornard

2011-07-01

Many critical infrastructure sectors have been investigating cyber security issues for several years especially with the help of two primary government programs. The U.S. Department of Energy (DOE) National SCADA Test Bed and the U.S. Department of Homeland Security (DHS) Control Systems Security Program have both implemented activities aimed at securing the industrial control systems that operate the North American electric grid along with several other critical infrastructure sectors (ICS). These programs have spent the last seven years working with industry including asset owners, educational institutions, standards and regulating bodies, and control system vendors. The programs common mission is tomore » provide outreach, identification of cyber vulnerabilities to ICS and mitigation strategies to enhance security postures. The success of these programs indicates that a similar approach can be successfully translated into other sectors including nuclear operations, safeguards, and security. The industry regulating bodies have included cyber security requirements and in some cases, have incorporated sets of standards with penalties for non-compliance such as the North American Electric Reliability Corporation Critical Infrastructure Protection standards. These DOE and DHS programs that address security improvements by both suppliers and end users provide an excellent model for nuclear facility personnel concerned with safeguards and security cyber vulnerabilities and countermeasures. It is not a stretch to imagine complete surreptitious collapse of protection against the removal of nuclear material or even initiation of a criticality event as witnessed at Three Mile Island or Chernobyl in a nuclear ICS inadequately protected against the cyber threat.« less

A preliminary cyber-physical security assessment of the Robot Operating System (ROS)

NASA Astrophysics Data System (ADS)

McClean, Jarrod; Stull, Christopher; Farrar, Charles; Mascareñas, David

2013-05-01

Over the course of the last few years, the Robot Operating System (ROS) has become a highly popular software framework for robotics research. ROS has a very active developer community and is widely used for robotics research in both academia and government labs. The prevalence and modularity of ROS cause many people to ask the question: "What prevents ROS from being used in commercial or government applications?" One of the main problems that is preventing this increased use of ROS in these applications is the question of characterizing its security (or lack thereof). In the summer of 2012, a crowd sourced cyber-physical security contest was launched at the cyber security conference DEF CON 20 to begin the process of characterizing the security of ROS. A small-scale, car-like robot was configured as a cyber-physical security "honeypot" running ROS. DEFFCON-20 attendees were invited to find exploits and vulnerabilities in the robot while network traffic was collected. The results of this experiment provided some interesting insights and opened up many security questions pertaining to deployed robotic systems. The Federal Aviation Administration is tasked with opening up the civil airspace to commercial drones by September 2015 and driverless cars are already legal for research purposes in a number of states. Given the integration of these robotic devices into our daily lives, the authors pose the following question: "What security exploits can a motivated person with little-to-no experience in cyber security execute, given the wide availability of free cyber security penetration testing tools such as Metasploit?" This research focuses on applying common, low-cost, low-overhead, cyber-attacks on a robot featuring ROS. This work documents the effectiveness of those attacks.

Poster - 49: Assessment of Synchrony respiratory compensation error for CyberKnife liver treatment

DOE Office of Scientific and Technical Information (OSTI.GOV)

Liu, Ming; Cygler,

The goal of this work is to quantify respiratory motion compensation errors for liver tumor patients treated by the CyberKnife system with Synchrony tracking, to identify patients with the smallest tracking errors and to eventually help coach patient’s breathing patterns to minimize dose delivery errors. The accuracy of CyberKnife Synchrony respiratory motion compensation was assessed for 37 patients treated for liver lesions by analyzing data from system logfiles. A predictive model is used to modulate the direction of individual beams during dose delivery based on the positions of internally implanted fiducials determined using an orthogonal x-ray imaging system and themore » current location of LED external markers. For each x-ray pair acquired, system logfiles report the prediction error, the difference between the measured and predicted fiducial positions, and the delivery error, which is an estimate of the statistical error in the model overcoming the latency between x-ray acquisition and robotic repositioning. The total error was calculated at the time of each x-ray pair, for the number of treatment fractions and the number of patients, giving the average respiratory motion compensation error in three dimensions. The 99{sup th} percentile for the total radial error is 3.85 mm, with the highest contribution of 2.79 mm in superior/inferior (S/I) direction. The absolute mean compensation error is 1.78 mm radially with a 1.27 mm contribution in the S/I direction. Regions of high total error may provide insight into features predicting groups of patients with larger or smaller total errors.« less

Prevalence and Correlates of the Perpetration of Cyber Dating Abuse among Early Adolescents.

PubMed

Peskin, Melissa F; Markham, Christine M; Shegog, Ross; Temple, Jeff R; Baumler, Elizabeth R; Addy, Robert C; Hernandez, Belinda; Cuccaro, Paula; Gabay, Efrat K; Thiel, Melanie; Emery, Susan Tortolero

2017-02-01

Much is known about the prevalence and correlates of dating violence, especially the perpetration of physical dating violence, among older adolescents. However, relatively little is known about the prevalence and correlates of the perpetration of cyber dating abuse, particularly among early adolescents. In this study, using a predominantly ethnic-minority sample of sixth graders who reported ever having had a boyfriend/girlfriend (n = 424, 44.2 % female), almost 15 % reported perpetrating cyber dating abuse at least once during their lifetime. Furthermore, using a cross-sectional design, across multiple levels of the socio-ecological model, the individual-level factors of (a) norms for violence for boys against girls, (b) having a current boyfriend/girlfriend, and (c) participation in bullying perpetration were correlates of the perpetration of cyber dating abuse. Collectively, the findings suggest that dating violence interventions targeting these particular correlates in early adolescents are warranted. Future studies are needed to establish causation and to further investigate the relative importance of correlates of the perpetration of cyber dating abuse among early adolescents that have been reported among older adolescents.

Maritime Cyber Security University Research: Phase 1

DTIC Science & Technology

2016-05-01

the global economy . The vulnerabilities associated with reliance on digital systems in the maritime environment must be continuously examined. System...Report: Modern maritime systems are highly complex digital systems to ensure the safety and efficient operation of the shipping traffic so vital to...entrances to our " digital ports" and work to develop practical cyber security solutions to protect the nation’s maritime infrastructure. 17. Key

Seeking Balance in Cyber Education

DTIC Science & Technology

2015-02-01

properties that can be applied to computer systems, networks, and software. For example, in our Introduction to Cyber Security Course, given to...Below is the submittal schedule for the areas of emphasis we are looking for: Data Mining in Metrics? Jul/ JAug 2015 Issue Submission Deadline: Feb...Phone Arena. PhoneArena.com, 12 Nov. 2013. Web. 08 Aug. 2014. 8. Various. “SI110: Introduction to Cyber Security, Technical Foundations.” SI110

Cyber Security Audit and Attack Detection Toolkit

DOE Office of Scientific and Technical Information (OSTI.GOV)

Peterson, Dale

2012-05-31

This goal of this project was to develop cyber security audit and attack detection tools for industrial control systems (ICS). Digital Bond developed and released a tool named Bandolier that audits ICS components commonly used in the energy sector against an optimal security configuration. The Portaledge Project developed a capability for the PI Historian, the most widely used Historian in the energy sector, to aggregate security events and detect cyber attacks.

High Fidelity Simulations of Large-Scale Wireless Networks (Plus-Up)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Onunkwo, Uzoma

Sandia has built a strong reputation in scalable network simulation and emulation for cyber security studies to protect our nation’s critical information infrastructures. Georgia Tech has preeminent reputation in academia for excellence in scalable discrete event simulations, with strong emphasis on simulating cyber networks. Many of the experts in this field, such as Dr. Richard Fujimoto, Dr. George Riley, and Dr. Chris Carothers, have strong affiliations with Georgia Tech. The collaborative relationship that we intend to immediately pursue is in high fidelity simulations of practical large-scale wireless networks using ns-3 simulator via Dr. George Riley. This project will have mutualmore » benefits in bolstering both institutions’ expertise and reputation in the field of scalable simulation for cyber-security studies. This project promises to address high fidelity simulations of large-scale wireless networks. This proposed collaboration is directly in line with Georgia Tech’s goals for developing and expanding the Communications Systems Center, the Georgia Tech Broadband Institute, and Georgia Tech Information Security Center along with its yearly Emerging Cyber Threats Report. At Sandia, this work benefits the defense systems and assessment area with promise for large-scale assessment of cyber security needs and vulnerabilities of our nation’s critical cyber infrastructures exposed to wireless communications.« less

Terra Defender Cyber-Physical Wargame

DTIC Science & Technology

2017-04-01

Army position unless so designated by other authorized documents. Citation of manufacturer’s or trade names does not constitute an official...person shall be subject to any penalty for failing to comply with a collection of information if it does not display a currently valid OMB control ...helped to achieve a better understanding of how Army supervisory control and data acquisition (SCADA) system and device security can be modeled and

A simple method for serving Web hypermaps with dynamic database drill-down

PubMed Central

Boulos, Maged N Kamel; Roudsari, Abdul V; Carson, Ewart R

2002-01-01

Background HealthCyberMap aims at mapping parts of health information cyberspace in novel ways to deliver a semantically superior user experience. This is achieved through "intelligent" categorisation and interactive hypermedia visualisation of health resources using metadata, clinical codes and GIS. HealthCyberMap is an ArcView 3.1 project. WebView, the Internet extension to ArcView, publishes HealthCyberMap ArcView Views as Web client-side imagemaps. The basic WebView set-up does not support any GIS database connection, and published Web maps become disconnected from the original project. A dedicated Internet map server would be the best way to serve HealthCyberMap database-driven interactive Web maps, but is an expensive and complex solution to acquire, run and maintain. This paper describes HealthCyberMap simple, low-cost method for "patching" WebView to serve hypermaps with dynamic database drill-down functionality on the Web. Results The proposed solution is currently used for publishing HealthCyberMap GIS-generated navigational information maps on the Web while maintaining their links with the underlying resource metadata base. Conclusion The authors believe their map serving approach as adopted in HealthCyberMap has been very successful, especially in cases when only map attribute data change without a corresponding effect on map appearance. It should be also possible to use the same solution to publish other interactive GIS-driven maps on the Web, e.g., maps of real world health problems. PMID:12437788

Combining Traditional Cyber Security Audit Data with Psychosocial Data: Towards Predictive Modeling for Insider Threat Mitigation

DOE Office of Scientific and Technical Information (OSTI.GOV)

Greitzer, Frank L.; Frincke, Deborah A.

2010-09-01

The purpose of this chapter is to motivate the combination of traditional cyber security audit data with psychosocial data, so as to move from an insider threat detection stance to one that enables prediction of potential insider presence. Two distinctive aspects of the approach are the objective of predicting or anticipating potential risks and the use of organizational data in addition to cyber data to support the analysis. The chapter describes the challenges of this endeavor and progress in defining a usable set of predictive indicators, developing a framework for integrating the analysis of organizational and cyber security data tomore » yield predictions about possible insider exploits, and developing the knowledge base and reasoning capability of the system. We also outline the types of errors that one expects in a predictive system versus a detection system and discuss how those errors can affect the usefulness of the results.« less

Protecting water and wastewater infrastructure from cyber attacks

NASA Astrophysics Data System (ADS)

Panguluri, Srinivas; Phillips, William; Cusimano, John

2011-12-01

Multiple organizations over the years have collected and analyzed data on cyber attacks and they all agree on one conclusion: cyber attacks are real and can cause significant damages. This paper presents some recent statistics on cyber attacks and resulting damages. Water and wastewater utilities must adopt countermeasures to prevent or minimize the damage in case of such attacks. Many unique challenges are faced by the water and wastewater industry while selecting and implementing security countermeasures; the key challenges are: 1) the increasing interconnection of their business and control system networks, 2) large variation of proprietary industrial control equipment utilized, 3) multitude of cross-sector cyber-security standards, and 4) the differences in the equipment vendor's approaches to meet these security standards. The utilities can meet these challenges by voluntarily selecting and adopting security standards, conducting a gap analysis, performing vulnerability/risk analysis, and undertaking countermeasures that best meets their security and organizational requirements. Utilities should optimally utilize their limited resources to prepare and implement necessary programs that are designed to increase cyber-security over the years. Implementing cyber security does not necessarily have to be expensive, substantial improvements can be accomplished through policy, procedure, training and awareness. Utilities can also get creative and allocate more funding through annual budgets and reduce dependence upon capital improvement programs to achieve improvements in cyber-security.

Simulations in Cyber-Security: A Review of Cognitive Modeling of Network Attackers, Defenders, and Users

PubMed Central

Veksler, Vladislav D.; Buchler, Norbou; Hoffman, Blaine E.; Cassenti, Daniel N.; Sample, Char; Sugrim, Shridat

2018-01-01

Computational models of cognitive processes may be employed in cyber-security tools, experiments, and simulations to address human agency and effective decision-making in keeping computational networks secure. Cognitive modeling can addresses multi-disciplinary cyber-security challenges requiring cross-cutting approaches over the human and computational sciences such as the following: (a) adversarial reasoning and behavioral game theory to predict attacker subjective utilities and decision likelihood distributions, (b) human factors of cyber tools to address human system integration challenges, estimation of defender cognitive states, and opportunities for automation, (c) dynamic simulations involving attacker, defender, and user models to enhance studies of cyber epidemiology and cyber hygiene, and (d) training effectiveness research and training scenarios to address human cyber-security performance, maturation of cyber-security skill sets, and effective decision-making. Models may be initially constructed at the group-level based on mean tendencies of each subject's subgroup, based on known statistics such as specific skill proficiencies, demographic characteristics, and cultural factors. For more precise and accurate predictions, cognitive models may be fine-tuned to each individual attacker, defender, or user profile, and updated over time (based on recorded behavior) via techniques such as model tracing and dynamic parameter fitting. PMID:29867661

A Multi-Component Automated Laser-Origami System for Cyber-Manufacturing

NASA Astrophysics Data System (ADS)

Ko, Woo-Hyun; Srinivasa, Arun; Kumar, P. R.

2017-12-01

Cyber-manufacturing systems can be enhanced by an integrated network architecture that is easily configurable, reliable, and scalable. We consider a cyber-physical system for use in an origami-type laser-based custom manufacturing machine employing folding and cutting of sheet material to manufacture 3D objects. We have developed such a system for use in a laser-based autonomous custom manufacturing machine equipped with real-time sensing and control. The basic elements in the architecture are built around the laser processing machine. They include a sensing system to estimate the state of the workpiece, a control system determining control inputs for a laser system based on the estimated data and user’s job requests, a robotic arm manipulating the workpiece in the work space, and middleware, named Etherware, supporting the communication among the systems. We demonstrate automated 3D laser cutting and bending to fabricate a 3D product as an experimental result.

The Students' Experiences of Ethics in Online Systems: A Phenomenological Study

ERIC Educational Resources Information Center

Mosalanejad, Leili; Dehghani, Ali; Abdolahifard, Khadije

2014-01-01

Cyber ethics is the philosophical study of ethics pertaining to computer networks encompassing users' behavior, what networked computers are programmed to do, and how this affects the individuals and the society. This study aimed to investigate the students' experiences of ethics in cyber systems.In the present study, the researchers conducted…

A Portfolio for Optimal Collaboration of Human and Cyber Physical Production Systems in Problem-Solving

ERIC Educational Resources Information Center

Ansari, Fazel; Seidenberg, Ulrich

2016-01-01

This paper discusses the complementarity of human and cyber physical production systems (CPPS). The discourse of complementarity is elaborated by defining five criteria for comparing the characteristics of human and CPPS. Finally, a management portfolio matrix is proposed for examining the feasibility of optimal collaboration between them. The…

Agent-Centric Approach for Cybersecurity Decision-Support with Partial Observability

DOE Office of Scientific and Technical Information (OSTI.GOV)

Tipireddy, Ramakrishna; Chatterjee, Samrat; Paulson, Patrick R.

Generating automated cyber resilience policies for real-world settings is a challenging research problem that must account for uncertainties in system state over time and dynamics between attackers and defenders. In addition to understanding attacker and defender motives and tools, and identifying “relevant” system and attack data, it is also critical to develop rigorous mathematical formulations representing the defender’s decision-support problem under uncertainty. Game-theoretic approaches involving cyber resource allocation optimization with Markov decision processes (MDP) have been previously proposed in the literature. Moreover, advancements in reinforcement learning approaches have motivated the development of partially observable stochastic games (POSGs) in various multi-agentmore » problem domains with partial information. Recent advances in cyber-system state space modeling have also generated interest in potential applicability of POSGs for cybersecurity. However, as is the case in strategic card games such as poker, research challenges using game-theoretic approaches for practical cyber defense applications include: 1) solving for equilibrium and designing efficient algorithms for large-scale, general problems; 2) establishing mathematical guarantees that equilibrium exists; 3) handling possible existence of multiple equilibria; and 4) exploitation of opponent weaknesses. Inspired by advances in solving strategic card games while acknowledging practical challenges associated with the use of game-theoretic approaches in cyber settings, this paper proposes an agent-centric approach for cybersecurity decision-support with partial system state observability.« less

Disentangling functions of online aggression: The Cyber-Aggression Typology Questionnaire (CATQ).

PubMed

Runions, Kevin C; Bak, Michal; Shaw, Thérèse

2017-01-01

Aggression in online contexts has received much attention over the last decade, yet there is a need for measures identifying the proximal psychological drivers of cyber-aggressive behavior. The purpose of this study was to present data on the newly developed Cyber-Aggression Typology Questionnaire (CATQ) designed to distinguish between four distinct types of cyber-aggression on dimensions of motivational valence and self-control. A sample 314 undergraduate students participated in the study. The results confirmed the predicted four-factor structure providing evidence for distinct and independent impulsive-aversive, controlled-aversive, impulsive-appetitive, and controlled-appetitive cyber-aggression types. Further analyses with the Berlin Cyberbullying Questionnaire, Reactive Proactive Aggression Questionnaire, and the Behavior Inhibition and Activation Systems Scale provide support for convergent and divergent validity. Understanding the motivations facilitating cyber-aggressive behavior could aid researchers in the development of new prevention and intervention strategies that focus on individual differences in maladaptive proximal drivers of aggression. Aggr. Behav. 43:74-84, 2017. © 2016 Wiley Periodicals, Inc. © 2016 Wiley Periodicals, Inc.

Exposure to Sexual Stimuli Induces Greater Discounting Leading to Increased Involvement in Cyber Delinquency Among Men.

PubMed

Cheng, Wen; Chiou, Wen-Bin

2018-02-01

People frequently encounter sexual stimuli during Internet use. Research has shown that stimuli inducing sexual motivation can lead to greater impulsivity in men, as manifested in greater temporal discounting (i.e., a tendency to prefer smaller, immediate gains to larger, future ones). Extant findings in crime research suggest that delinquents tend to focus on short-term gains while failing to adequately think through the longer-term consequences of delinquent behavior. We experimentally tested the possibility that exposure to sexual stimuli is associated with the tendency to engage in cyber delinquency among men, as a result of their overly discounting remote consequences. In Experiment 1, participants exposed to pictures of "sexy" women were more likely to discount the future and were more inclined to make cyber-delinquent choices (e.g., cyberbullying, cyber fraud, cyber theft, and illegal downloading), compared with male participants who rated the sex appeal of less sexy opposite-sex pictures. However, these relationships were not observed in female participants exposed to either highly or less sexy pictures of men. In Experiment 2, male participants exposed to sexual primes showed a greater willingness to purchase a wide range of counterfeit rather than authentic products online and experienced a higher likelihood of logging into the other person's Facebook webpage (i.e., invading online privacy). The discounting tendency mediated the link between exposure to sexual primes and the inclination to engage in cyber-delinquent behavior. These findings provide insight into a strategy for reducing men's involvement in cyber delinquency; that is, through less exposure to sexual stimuli and promotion of delayed gratification. The current results suggest that the high availability of sexual stimuli in cyberspace may be more closely associated with men's cyber-delinquent behavior than previously thought.

Application of the JDL data fusion process model for cyber security

NASA Astrophysics Data System (ADS)

Giacobe, Nicklaus A.

2010-04-01

A number of cyber security technologies have proposed the use of data fusion to enhance the defensive capabilities of the network and aid in the development of situational awareness for the security analyst. While there have been advances in fusion technologies and the application of fusion in intrusion detection systems (IDSs), in particular, additional progress can be made by gaining a better understanding of a variety of data fusion processes and applying them to the cyber security application domain. This research explores the underlying processes identified in the Joint Directors of Laboratories (JDL) data fusion process model and further describes them in a cyber security context.

Challenges and Requirements for the Application of Industry 4.0: A Special Insight with the Usage of Cyber-Physical System

NASA Astrophysics Data System (ADS)

Mueller, Egon; Chen, Xiao-Li; Riedel, Ralph

2017-09-01

Considered as a top priority of industrial development, Industry 4.0 (or Industrie 4.0 as the German version) has being highlighted as the pursuit of both academy and practice in companies. In this paper, based on the review of state of art and also the state of practice in different countries, shortcomings have been revealed as the lacking of applicable framework for the implementation of Industrie 4.0. Therefore, in order to shed some light on the knowledge of the details, a reference architecture is developed, where four perspectives namely manufacturing process, devices, software and engineering have been highlighted. Moreover, with a view on the importance of Cyber-Physical systems, the structure of Cyber-Physical System are established for the in-depth analysis. Further cases with the usage of Cyber-Physical System are also arranged, which attempts to provide some implications to match the theoretical findings together with the experience of companies. In general, results of this paper could be useful for the extending on the theoretical understanding of Industrie 4.0. Additionally, applied framework and prototypes based on the usage of Cyber-Physical Systems are also potential to help companies to design the layout of sensor nets, to achieve coordination and controlling of smart machines, to realize synchronous production with systematic structure, and to extend the usage of information and communication technologies to the maintenance scheduling.

Mitigating Cyber Security Risk in Satellite Ground Systems

DTIC Science & Technology

2015-04-01

because cyber security in government remains shrouded in secrecy. However, using the Defense Operational Test and Evaluation Office’s (DOT& E ) FY14...report on cybersecurity one grasps the seriousness of the problem. DOT& E reported only 85% of networks in DoD were compliant with the cyber...security regulations discussed later in this paper. Not until compliance is near 100% could DOT& E conceive with confidence that DoD networks were safe

Tactical Cyber: Building a Strategy for Cyber Support to Corps and Below

DTIC Science & Technology

2017-01-01

freedom of maneuver.2 And the proliferation of social media , unmanned systems, and other informa- tion and communication technologies among adversaries and...effects through cyber operations 2.1.1. Deny/degrade/disrupt enemy communication that uses the “local Internet” and social media for C2 and propaganda...policy challenges to help make communities throughout the world safer and more secure, healthier and more prosperous. RAND is nonprofit, nonpartisan

Phase-Space Detection of Cyber Events

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hernandez Jimenez, Jarilyn M; Ferber, Aaron E; Prowell, Stacy J

Energy Delivery Systems (EDS) are a network of processes that produce, transfer and distribute energy. EDS are increasingly dependent on networked computing assets, as are many Industrial Control Systems. Consequently, cyber-attacks pose a real and pertinent threat, as evidenced by Stuxnet, Shamoon and Dragonfly. Hence, there is a critical need for novel methods to detect, prevent, and mitigate effects of such attacks. To detect cyber-attacks in EDS, we developed a framework for gathering and analyzing timing data that involves establishing a baseline execution profile and then capturing the effect of perturbations in the state from injecting various malware. The datamore » analysis was based on nonlinear dynamics and graph theory to improve detection of anomalous events in cyber applications. The goal was the extraction of changing dynamics or anomalous activity in the underlying computer system. Takens' theorem in nonlinear dynamics allows reconstruction of topologically invariant, time-delay-embedding states from the computer data in a sufficiently high-dimensional space. The resultant dynamical states were nodes, and the state-to-state transitions were links in a mathematical graph. Alternatively, sequential tabulation of executing instructions provides the nodes with corresponding instruction-to-instruction links. Graph theorems guarantee graph-invariant measures to quantify the dynamical changes in the running applications. Results showed a successful detection of cyber events.« less

Federation of UML models for cyber physical use cases

DOE Office of Scientific and Technical Information (OSTI.GOV)

This method employs the concept of federation, which is defined as the use of existing models that represent aspects of a system in specific domains (such as physical and cyber security domains) and building interfaces to link all of domain models. Federation seeks to build on existing bodies of work. Some examples include the Common Information Models (CIM) maintained by the International Electrotechnical Commission Technical Committee 57 (IEC TC 57) for the electric power industry. Another relevant model is the CIM maintained by the Distributed Management Task Force (DMTF)? this CIM defines a representation of the managed elements in anmore » Information Technology (IT) environment. The power system is an example of a cyber-physical system, where the cyber systems, consisting of computing infrastructure such as networks and devices, play a critical role in the operation of the underlying physical electricity delivery system. Measurements from remote field devices are relayed to control centers through computer networks, and the data is processed to determine suitable control actions. Control decisions are then relayed back to field devices. It has been observed that threat actors may be able to successfully compromise this cyber layer in order to impact power system operation. Therefore, future control center applications must be wary of potentially compromised measurements coming from field devices. In order to ensure the integrity of the field measurements, these applications could make use of compromise indicators from alternate sources of information such as cyber security. Thus, modern control applications may require access to data from sources that are not defined in the local information model. In such cases, software application interfaces will require integration of data objects from cross-domain data models. When incorporating or federating different domains, it is important to have subject matter experts work together, recognizing that not everyone has the same knowledge, responsibilities, focus, or skill set.« less

Integrating autonomous distributed control into a human-centric C4ISR environment

NASA Astrophysics Data System (ADS)

Straub, Jeremy

2017-05-01

This paper considers incorporating autonomy into human-centric Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance (C4ISR) environments. Specifically, it focuses on identifying ways that current autonomy technologies can augment human control and the challenges presented by additive autonomy. Three approaches to this challenge are considered, stemming from prior work in two converging areas. In the first, the problem is approached as augmenting what humans currently do with automation. In the alternate approach, the problem is approached as treating humans as actors within a cyber-physical system-of-systems (stemming from robotic distributed computing). A third approach, combines elements of both of the aforementioned.

Cyber / Physical Security Vulnerability Assessment Integration

DOE Office of Scientific and Technical Information (OSTI.GOV)

MacDonald, Douglas G.; Simpkins, Bret E.

Abstract Both physical protection and cyber security domains offer solutions for the discovery of vulnerabilities through the use of various assessment processes and software tools. Each vulnerability assessment (VA) methodology provides the ability to identify and categorize vulnerabilities, and quantifies the risks within their own areas of expertise. Neither approach fully represents the true potential security risk to a site and/or a facility, nor comprehensively assesses the overall security posture. The technical approach to solving this problem was to identify methodologies and processes that blend the physical and cyber security assessments, and develop tools to accurately quantify the unaccounted formore » risk. SMEs from both the physical and the cyber security domains developed the blending methodologies, and cross trained each other on the various aspects of the physical and cyber security assessment processes. A local critical infrastructure entity volunteered to host a proof of concept physical/cyber security assessment, and the lessons learned have been leveraged by this effort. The four potential modes of attack an adversary can use in approaching a target are; Physical Only Attack, Cyber Only Attack, Physical Enabled Cyber Attack, and the Cyber Enabled Physical Attack. The Physical Only and the Cyber Only pathway analysis are two of the most widely analyzed attack modes. The pathway from an off-site location to the desired target location is dissected to ensure adversarial activity can be detected and neutralized by the protection strategy, prior to completion of a predefined task. This methodology typically explores a one way attack from the public space (or common area) inward towards the target. The Physical Enabled Cyber Attack and the Cyber Enabled Physical Attack are much more intricate. Both scenarios involve beginning in one domain to affect change in the other, then backing outward to take advantage of the reduced system effectiveness, before penetrating further into the defenses. The proper identification and assessment of the overlapping areas (and interaction between these areas) in the VA process is necessary to accurately assess the true risk.« less

Neural Cognition and Affective Computing on Cyber Language.

PubMed

Huang, Shuang; Zhou, Xuan; Xue, Ke; Wan, Xiqiong; Yang, Zhenyi; Xu, Duo; Ivanović, Mirjana; Yu, Xueer

2015-01-01

Characterized by its customary symbol system and simple and vivid expression patterns, cyber language acts as not only a tool for convenient communication but also a carrier of abundant emotions and causes high attention in public opinion analysis, internet marketing, service feedback monitoring, and social emergency management. Based on our multidisciplinary research, this paper presents a classification of the emotional symbols in cyber language, analyzes the cognitive characteristics of different symbols, and puts forward a mechanism model to show the dominant neural activities in that process. Through the comparative study of Chinese, English, and Spanish, which are used by the largest population in the world, this paper discusses the expressive patterns of emotions in international cyber languages and proposes an intelligent method for affective computing on cyber language in a unified PAD (Pleasure-Arousal-Dominance) emotional space.

Neural Cognition and Affective Computing on Cyber Language

PubMed Central

Huang, Shuang; Zhou, Xuan; Xue, Ke; Wan, Xiqiong; Yang, Zhenyi; Xu, Duo; Ivanović, Mirjana

2015-01-01

Characterized by its customary symbol system and simple and vivid expression patterns, cyber language acts as not only a tool for convenient communication but also a carrier of abundant emotions and causes high attention in public opinion analysis, internet marketing, service feedback monitoring, and social emergency management. Based on our multidisciplinary research, this paper presents a classification of the emotional symbols in cyber language, analyzes the cognitive characteristics of different symbols, and puts forward a mechanism model to show the dominant neural activities in that process. Through the comparative study of Chinese, English, and Spanish, which are used by the largest population in the world, this paper discusses the expressive patterns of emotions in international cyber languages and proposes an intelligent method for affective computing on cyber language in a unified PAD (Pleasure-Arousal-Dominance) emotional space. PMID:26491431

Cyber physical systems based on cloud computing and internet of things for energy efficiency

NASA Astrophysics Data System (ADS)

Suciu, George; Butca, Cristina; Suciu, Victor; Cretu, Alexandru; Fratu, Octavian

2016-12-01

Cyber Physical Systems (CPS) and energy efficiency play a major role in the context of industry expansion. Management practices for improving efficiency in the field of energy consumption became a priority of many major industries who are inefficient in terms of exploitation costs. The effort of adopting energy management means in an organization is quite challenging due to the lack of resources and expertise. One major problem consists in the lack of knowledge for energy management and practices. This paper aims to present authors' concept in creating a Cyber Physical Energy System (CPES) that will change organizations' way of consuming energy, by making them aware of their use. The presented concept will consider the security of the whole system and the easy integration with the existing electric network infrastructure.

Key issues and technical route of cyber physical distribution system

NASA Astrophysics Data System (ADS)

Zheng, P. X.; Chen, B.; Zheng, L. J.; Zhang, G. L.; Fan, Y. L.; Pei, T.

2017-01-01

Relying on the National High Technology Research and Development Program, this paper introduced the key issues in Cyber Physical Distribution System (CPDS), mainly includes: composite modelling method and interaction mechanism, system planning method, security defence technology, distributed control theory. Then on this basis, the corresponding technical route is proposed, and a more detailed research framework along with main schemes to be adopted is also presented.

Maritime Cyber Security University Research

DTIC Science & Technology

2016-05-01

traffic so vital to the global economy . The vulnerabilities associated with reliance on digital systems in the maritime environment must be continuously...Abstract (MAXIMUM 200 WORDS) Modern maritime systems are highly complex digital systems to ensure the safety and efficient operation of the shipping...integrity of the entrances to our " digital ports" and work to develop practical cyber security solutions to protect the nation’s maritime

Security and Privacy in Cyber-Physical Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Fink, Glenn A.; Edgar, Thomas W.; Rice, Theora R.

As you have seen from the previous chapters, cyber-physical systems (CPS) are broadly used across technology and industrial domains. While these systems enable process optimization and efficiency and allow previously impossible functionality, security and privacy are key concerns for their design, development, and operation. CPS have been key components utilized in some of the highest publicized security breaches over the last decade. In this chapter, we will look over the CPS described in the previous chapters from a security perspective. In this chapter, we explain classical information and physical security fundamentals in the context of CPS and contextualize them acrossmore » application domains. We give examples where the interplay of functionality and diverse communication can introduce unexpected vulnerabilities and produce larger impacts. We will discuss how CPS security and privacy is inherently different from that of pure cyber or physical systems and what may be done to secure these systems, considering their emergent cyber-physical properties. Finally, we will discuss security and privacy implications of merging infrastructural and personal CPS. Our hope is to impart the knowledge of what CPS security and privacy are, why they are important, and explain existing processes and challenges.« less

Cyber Security Assessment Report: Adventium Labs

DOE Office of Scientific and Technical Information (OSTI.GOV)

None

2007-12-31

Major control system components often have life spans of 15-20 years. Many systems in our Nation's critical infrastructure were installed before the Internet became a reality and security was a concern. Consequently, control systems are generally insecure. Security is now being included in the development of new control system devices; however, legacy control systems remain vulnerable. Most efforts to secure control systems are aimed at protecting network borers, but if an intruder gets inside the network these systems are vulnerable to a cyber attack.

Cyber-Critical Infrastructure Protection Using Real-Time Payload-Based Anomaly Detection

NASA Astrophysics Data System (ADS)

Düssel, Patrick; Gehl, Christian; Laskov, Pavel; Bußer, Jens-Uwe; Störmann, Christof; Kästner, Jan

With an increasing demand of inter-connectivity and protocol standardization modern cyber-critical infrastructures are exposed to a multitude of serious threats that may give rise to severe damage for life and assets without the implementation of proper safeguards. Thus, we propose a method that is capable to reliably detect unknown, exploit-based attacks on cyber-critical infrastructures carried out over the network. We illustrate the effectiveness of the proposed method by conducting experiments on network traffic that can be found in modern industrial control systems. Moreover, we provide results of a throughput measuring which demonstrate the real-time capabilities of our system.

High-Assurance Spiral

DTIC Science & Technology

2017-11-01

Public Release; Distribution Unlimited. PA# 88ABW-2017-5388 Date Cleared: 30 OCT 2017 13. SUPPLEMENTARY NOTES 14. ABSTRACT Cyber- physical systems... physical processes that interact in intricate manners. This makes verification of the software complex and unwieldy. In this report, an approach towards...resulting implementations. 15. SUBJECT TERMS Cyber- physical systems, Formal guarantees, Code generation 16. SECURITY CLASSIFICATION OF: 17

A cyber physical system approach for composite part: From smart manufacturing to predictive maintenance

NASA Astrophysics Data System (ADS)

Quaranta, Giacomo; Abisset-Chavanne, Emmanuelle; Chinesta, Francisco; Duval, Jean-Louis

2018-05-01

In this work, a Cyber Physical System called Hybrid Twin is proposed for composite parts manufactured from RTM. This allows to introduce in the virtual twin of the parts the defect and the final properties induced by the real manufacturing process and to use on line data collection for predictive maintenance.

Resilient control of cyber-physical systems against intelligent attacker: a hierarchal stackelberg game approach

NASA Astrophysics Data System (ADS)

Yuan, Yuan; Sun, Fuchun; Liu, Huaping

2016-07-01

This paper is concerned with the resilient control under denial-of-service attack launched by the intelligent attacker. The resilient control system is modelled as a multi-stage hierarchical game with a corresponding hierarchy of decisions made at cyber and physical layer, respectively. Specifically, the interaction in the cyber layer between different security agents is modelled as a static infinite Stackelberg game, while in the underlying physical layer the full-information H∞ minimax control with package drops is modelled as a different Stackelberg game. Both games are solved sequentially, which is consistent with the actual situations. Finally, the proposed method is applied to the load frequency control of the power system, which demonstrates its effectiveness.

Panel summary of cyber-physical systems (CPS) and Internet of Things (IoT) opportunities with information fusion

NASA Astrophysics Data System (ADS)

Blasch, Erik; Kadar, Ivan; Grewe, Lynne L.; Brooks, Richard; Yu, Wei; Kwasinski, Andres; Thomopoulos, Stelios; Salerno, John; Qi, Hairong

2017-05-01

During the 2016 SPIE DSS conference, nine panelists were invited to highlight the trends and opportunities in cyber-physical systems (CPS) and Internet of Things (IoT) with information fusion. The world will be ubiquitously outfitted with many sensors to support our daily living thorough the Internet of Things (IoT), manage infrastructure developments with cyber-physical systems (CPS), as well as provide communication through networked information fusion technology over the internet (NIFTI). This paper summarizes the panel discussions on opportunities of information fusion to the growing trends in CPS and IoT. The summary includes the concepts and areas where information supports these CPS/IoT which includes situation awareness, transportation, and smart grids.

Cyber for the Middleweight Fighter: Recommendations for Cyberspace Capabilities for the United States Marine Corps

DTIC Science & Technology

2013-02-14

L acts to “provided resources for national and joint kinetic attack requirements.”24 Additionally, the Marine Corps Force Structure Review Group...for unusual system activity and searching for signs of known malware, unlike what is depicted in movies such as Hackers, where opposing cyber...never admitted involvement but the attacks originated in Russia. The FBI code name for the inquiry was Moonlight Maze. 29. Jeffrey Carr, Inside Cyber

A Cyber Fleet In BeingConsidering Maritime Strategy as a Basis for Cyber Strategy

DTIC Science & Technology

2014-04-01

has watched a war movie or visited a battlefield can visualize the confrontation of soldiers and how an army moves. It is intuitive in a way that... America the Vulnerable (New York: Penguin Press, 2011). Mike Bordick, AF Cyber Superiority Architecture, Headquarters Air Force Space Command/A6I...and Control System (CSCS), Air Force Space Command document, 23 September 2012. 1 Joel Brenner, America the Vulnerable (New York: Penguin

Complex Failure Forewarning System - DHS Conference Proceedings

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, Robert K; Hively, Lee M; Prowell, Stacy J

2011-01-01

As the critical infrastructures of the United States have become more and more dependent on public and private networks, the potential for widespread national impact resulting from disruption or failure of these networks has also increased. Securing the nation s critical infrastructures requires protecting not only their physical systems but, just as important, the cyber portions of the systems on which they rely. A failure is inclusive of random events, design flaws, and instabilities caused by cyber (and/or physical) attack. One such domain, aging bridges, is used to explain the Complex Structure Failure Forewarning System. We discuss the workings ofmore » such a system in the context of the necessary sensors, command and control and data collection as well as the cyber security efforts that would support this system. Their application and the implications of this computing architecture are also discussed, with respect to our nation s aging infrastructure.« less

3 CFR 9029 - Proclamation 9029 of September 30, 2013. National Cybersecurity Awareness Month, 2013

Code of Federal Regulations, 2014 CFR

2014-01-01

... aspect of our lives, and protecting our digital infrastructure from cyber threats is one of our highest... disruptive cyber incidents. My Administration is dedicated to building a system of protections in both the...

A Pacific Ocean general circulation model for satellite data assimilation

NASA Technical Reports Server (NTRS)

Chao, Y.; Halpern, D.; Mechoso, C. R.

1991-01-01

A tropical Pacific Ocean General Circulation Model (OGCM) to be used in satellite data assimilation studies is described. The transfer of the OGCM from a CYBER-205 at NOAA's Geophysical Fluid Dynamics Laboratory to a CRAY-2 at NASA's Ames Research Center is documented. Two 3-year model integrations from identical initial conditions but performed on those two computers are compared. The model simulations are very similar to each other, as expected, but the simulations performed with the higher-precision CRAY-2 is smoother than that with the lower-precision CYBER-205. The CYBER-205 and CRAY-2 use 32 and 64-bit mantissa arithmetic, respectively. The major features of the oceanic circulation in the tropical Pacific, namely the North Equatorial Current, the North Equatorial Countercurrent, the South Equatorial Current, and the Equatorial Undercurrent, are realistically produced and their seasonal cycles are described. The OGCM provides a powerful tool for study of tropical oceans and for the assimilation of satellite altimetry data.

Modeling Cyber Conflicts Using an Extended Petri Net Formalism

DOE Office of Scientific and Technical Information (OSTI.GOV)

Zakrzewska, Anita N; Ferragut, Erik M

2011-01-01

When threatened by automated attacks, critical systems that require human-controlled responses have difficulty making optimal responses and adapting protections in real- time and may therefore be overwhelmed. Consequently, experts have called for the development of automatic real-time reaction capabilities. However, a technical gap exists in the modeling and analysis of cyber conflicts to automatically understand the repercussions of responses. There is a need for modeling cyber assets that accounts for concurrent behavior, incomplete information, and payoff functions. Furthermore, we address this need by extending the Petri net formalism to allow real-time cyber conflicts to be modeled in a way thatmore » is expressive and concise. This formalism includes transitions controlled by players as well as firing rates attached to transitions. This allows us to model both player actions and factors that are beyond the control of players in real-time. We show that our formalism is able to represent situational aware- ness, concurrent actions, incomplete information and objective functions. These factors make it well-suited to modeling cyber conflicts in a way that allows for useful analysis. MITRE has compiled the Common Attack Pattern Enumera- tion and Classification (CAPEC), an extensive list of cyber attacks at various levels of abstraction. CAPEC includes factors such as attack prerequisites, possible countermeasures, and attack goals. These elements are vital to understanding cyber attacks and to generating the corresponding real-time responses. We demonstrate that the formalism can be used to extract precise models of cyber attacks from CAPEC. Several case studies show that our Petri net formalism is more expressive than other models, such as attack graphs, for modeling cyber conflicts and that it is amenable to exploring cyber strategies.« less

Peer and cyber aggression in secondary school students: the role of moral disengagement, hostile attribution bias, and outcome expectancies.

PubMed

Pornari, Chrisa D; Wood, Jane

2010-01-01

This study investigated the relationship between cognitive mechanisms, applied by people to rationalize and justify harmful acts, and engagement in traditional peer and cyber aggression among school children. We examined the contribution of moral disengagement (MD), hostile attribution bias, and outcome expectancies, and we further explored the individual contribution of each MD mechanism. Our aim was to identify shared and unique cognitive factors of the two forms of aggression. Three hundred and thirty-nine secondary school children completed self-report measures that assessed MD, hostile attribution bias, outcome expectancies, and their roles and involvement in traditional and cyber aggression. We found that the MD total score positively related to both forms of peer-directed aggression. Furthermore, traditional peer aggression positively related to children's moral justification, euphemistic language, displacement of responsibility and outcome expectancies, and negatively associated with hostile attribution bias. Moral justification also related positively to cyber aggression. Cyber aggression and cyber victimization were associated with high levels of traditional peer aggression and victimization, respectively. The results suggest that MD is a common feature of both traditional and cyber peer aggression, but it seems that traditional forms of aggression demand a higher level of rationalization or justification. Moreover, the data suggest that the expectation of positive outcomes from harmful behavior facilitates engagement in traditional peer aggression. The differential contribution of specific cognitive mechanisms indicates the need for future research to elaborate on the current findings, in order to advance theory and inform existing and future school interventions tackling aggression and bullying. (c) 2009 Wiley-Liss, Inc.

Open cyberGIS software for geospatial research and education in the big data era

NASA Astrophysics Data System (ADS)

Wang, Shaowen; Liu, Yan; Padmanabhan, Anand

CyberGIS represents an interdisciplinary field combining advanced cyberinfrastructure, geographic information science and systems (GIS), spatial analysis and modeling, and a number of geospatial domains to improve research productivity and enable scientific breakthroughs. It has emerged as new-generation GIS that enable unprecedented advances in data-driven knowledge discovery, visualization and visual analytics, and collaborative problem solving and decision-making. This paper describes three open software strategies-open access, source, and integration-to serve various research and education purposes of diverse geospatial communities. These strategies have been implemented in a leading-edge cyberGIS software environment through three corresponding software modalities: CyberGIS Gateway, Toolkit, and Middleware, and achieved broad and significant impacts.

A performance study of unmanned aerial vehicle-based sensor networks under cyber attack

NASA Astrophysics Data System (ADS)

Puchaty, Ethan M.

In UAV-based sensor networks, an emerging area of interest is the performance of these networks under cyber attack. This study seeks to evaluate the performance trade-offs from a System-of-Systems (SoS) perspective between various UAV communications architecture options in the context two missions: tracking ballistic missiles and tracking insurgents. An agent-based discrete event simulation is used to model a sensor communication network consisting of UAVs, military communications satellites, ground relay stations, and a mission control center. Network susceptibility to cyber attack is modeled with probabilistic failures and induced data variability, with performance metrics focusing on information availability, latency, and trustworthiness. Results demonstrated that using UAVs as routers increased network availability with a minimal latency penalty and communications satellite networks were best for long distance operations. Redundancy in the number of links between communication nodes helped mitigate cyber-caused link failures and add robustness in cases of induced data variability by an adversary. However, when failures were not independent, redundancy and UAV routing were detrimental in some cases to network performance. Sensitivity studies indicated that long cyber-caused downtimes and increasing failure dependencies resulted in build-ups of failures and caused significant degradations in network performance.

Situational awareness of a coordinated cyber attack

NASA Astrophysics Data System (ADS)

Sudit, Moises; Stotz, Adam; Holender, Michael

2005-03-01

As technology continues to advance, services and capabilities become computerized, and an ever increasing amount of business is conducted electronically the threat of cyber attacks gets compounded by the complexity of such attacks and the criticality of the information which must be secured. A new age of virtual warfare has dawned in which seconds can differentiate between the protection of vital information and/or services and a malicious attacker attaining their goal. In this paper we present a novel approach in the real-time detection of multistage coordinated cyber attacks and the promising initial testing results we have obtained. We introduce INFERD (INformation Fusion Engine for Real-time Decision-making), an adaptable information fusion engine which performs fusion at levels zero, one, and two to provide real-time situational assessment and its application to the cyber domain in the ECCARS (Event Correlation for Cyber Attack Recognition System) system. The advantages to our approach are fourfold: (1) The complexity of the attacks which we consider, (2) the level of abstraction in which the analyst interacts with the attack scenarios, (3) the speed at which the information fusion is presented and performed, and (4) our disregard for ad-hoc rules or a priori parameters.

Finding Malicious Cyber Discussions in Social Media

DTIC Science & Technology

2015-12-11

automatically filter cyber discussions from Stack Exchange, Reddit, and Twitter posts written in English. Criminal hackers often use social media...monitoring hackers on Facebook and in private chat rooms. As a result, system administrators were prepared to counter distributed denial-of-service

Computer-Aided Process and Tools for Mobile Software Acquisition

DTIC Science & Technology

2013-07-30

moldo^j= pmlkploba=obmloq=pbofbp= Computer-Aided Process and Tools for Mobile Software Acquisition 30 July 2013 LT Christopher Bonine , USN, Dr...Christopher Bonine is a lieutenant in the United States Navy. He is currently assigned to the Navy Cyber Defense Operations Command in Norfolk, VA. He has...interests are in development and implementation of cyber security policy. Bonine has a master’s in computer science from the Naval Postgraduate School

Forewarning of Failure in Complex Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, Robert K; Hively, Lee M; Prowell, Stacy J

2011-01-01

As the critical infrastructures of the United States have become more and more dependent on public and private networks, the potential for widespread national impact resulting from disruption or failure of these networks has also increased. Securing the nation s critical infrastructures requires protecting not only their physical systems but, just as important, the cyber portions of the systems on which they rely. A failure is inclusive of random events, design flaws, and instabilities caused by cyber (and/or physical) attack. One such domain is failure in critical equipment. A second is aging bridges. We discuss the workings of such amore » system in the context of the necessary sensors, command and control and data collection as well as the cyber security efforts that would support this system. Their application and the implications of this computing architecture are also discussed, with respect to our nation s aging infrastructure.« less

A Cyber Situational Awareness Model for Network Administrators

DTIC Science & Technology

2017-03-01

environments, the Internet of Things, artificial intelligence , and so on. As users’ data requirements grow more complex, they demand information...security of systems of interest. Further, artificial intelligence is a powerful concept in information technology. Therefore, new research should...look into how to use artificial intelligence to develop CSA. Human interaction with cyber systems is not making networks and their components safer

Automatic Response to Intrusion

DTIC Science & Technology

2002-10-01

Computing Corporation Sidewinder Firewall [18] SRI EMERALD Basic Security Module (BSM) and EMERALD File Transfer Protocol (FTP) Monitors...the same event TCP Wrappers [24] Internet Security Systems RealSecure [31] SRI EMERALD IDIP monitor NAI Labs Generic Software Wrappers Prototype...included EMERALD , NetRadar, NAI Labs UNIX wrappers, ARGuE, MPOG, NetRadar, CyberCop Server, Gauntlet, RealSecure, and the Cyber Command System

An Evaluation method for C2 Cyber-Physical Systems Reliability Based on Deep Learning

DTIC Science & Technology

2014-06-01

the reliability testing data of the system, we obtain the prior distribution of the relia- bility is 1 1( ) ( ; , )R LG R r  . By Bayes theo- rem ...criticality cyber-physical sys- tems[C]//Proc of ICDCS. Piscataway, NJ: IEEE, 2010:169-178. [17] Zimmer C, Bhat B, Muller F, et al. Time-based intrusion de

Fall 2014 SEI Research Review High Confidence Cyber Physical Systems

DTIC Science & Technology

2014-10-28

2014 Carnegie Mellon University Fall 2014 SEI Research Review High Confidence Cyber Physical Systems Software Engineering Institute Carnegie... Research Review de Niz Oct 28th, 2014 © 2014 Carnegie Mellon University Copyright 2014 Carnegie Mellon University This material is based upon work...Software Engineering Institute, a federally funded research and development center. Any opinions, findings and conclusions or recommendations expressed

Is It Time for a US Cyber Force?

DTIC Science & Technology

2015-02-17

network of information technology (IT) and resident data, including the Internet , telecommunications networks, computer systems, and embedded processors...and controllers.13 JP 3-12 further goes on to explain cyberspace in terms of three layers: physical network, logical network, and cyber- persona .14...zero day) vulnerabilities against Microsoft operating system code using trusted hardware vendor certificates to cloak their presence. Though not

Protecting ICS Systems Within the Energy Sector from Cyber Attacks

NASA Astrophysics Data System (ADS)

Barnes, Shaquille

Advance persistent threat (APT) groups are continuing to attack the energy sector through cyberspace, which poses a risk to our society, national security, and economy. Industrial control systems (ICSs) are not designed to handle cyber-attacks, which is why asset owners need to implement the correct proactive and reactive measures to mitigate the risk to their ICS environments. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) responded to 290 incidents for fiscal year 2016, where 59 of those incidents came from the Energy Sector. APT groups know how vulnerable energy sector ICS systems are and the destruction they can cause when they go offline such as loss of production, loss of life, and economic impact. Defending against APT groups requires more than just passive controls such as firewalls and antivirus solutions. Asset owners should implement a combination of best practices and active defense in their environment to defend against APT groups. Cyber-attacks against critical infrastructure will become more complex and harder to detect and respond to with traditional security controls. The purpose of this paper was to provide asset owners with the correct security controls and methodologies to help defend against APT groups.

Development of a smart flood warning system in urban areas: A case study of Huwei area in Taiwan

NASA Astrophysics Data System (ADS)

Yang, Sheng-Chi; Hsu, Hao-Ming; Kao, Hong-Ming

2016-04-01

In this study, we developed a smart flood warning system to clearly understand flood propagations in urban areas. The science and technology park of Huwei, located in the southwest of Taiwan, was selected as a study area. It was designated to be an important urban area of optoelectronics and biotechnology. The region has an area about 1 km2 with approximately 1 km in both length and width. The discrepancy between the highest and lowest elevations is 6.3 m and its elevation decreases along the northeast to the southwest. It is an isolated urban drainage area due to its urban construction plan. The storm sewer system in this region includes three major networks that collect the runoff and drain to the detention pond where is located in the southwest corner of the region. The proposed smart flood warning system combines three important parts, i.e. the physical world, the cyber-physical interface, and the cyber space, to identify how the flood affects urban areas from now until the next three hours. In the physical world, when a rainfall event occurs, monitoring sensors (e.g. rainfall gauges and water level gauges built in the sewer system and ground surface), which are established in several essential locations of the study area, collect in situ hydrological data and then these data being transported to the cyber-physical interface. The cyber-physical interface is a data preprocess space that includes data analysis, quality control and assurance, and data integration and standardization to produce the validated data. In the cyber space, it has missions to receive the validated data from the cyber-physical interface and to run the time machine that has flood analyses of data mining, inundation scenarios simulation, risk and economic assessments, and so on, based on the validated data. After running the time machine, it offers the analyzed results related to flooding planning, mitigation, response, and recovery. According to the analyzed results, the decision supporting system, therefore, can publish warning information in urban areas at the right time. Keywords: flood warning system, flood mitigation, inundation.

Minding the Cyber-Physical Gap: Model-Based Analysis and Mitigation of Systemic Perception-Induced Failure.

PubMed

Mordecai, Yaniv; Dori, Dov

2017-07-17

The cyber-physical gap (CPG) is the difference between the 'real' state of the world and the way the system perceives it. This discrepancy often stems from the limitations of sensing and data collection technologies and capabilities, and is inevitable at some degree in any cyber-physical system (CPS). Ignoring or misrepresenting such limitations during system modeling, specification, design, and analysis can potentially result in systemic misconceptions, disrupted functionality and performance, system failure, severe damage, and potential detrimental impacts on the system and its environment. We propose CPG-Aware Modeling & Engineering (CPGAME), a conceptual model-based approach to capturing, explaining, and mitigating the CPG. CPGAME enhances the systems engineer's ability to cope with CPGs, mitigate them by design, and prevent erroneous decisions and actions. We demonstrate CPGAME by applying it for modeling and analysis of the 1979 Three Miles Island 2 nuclear accident, and show how its meltdown could be mitigated. We use ISO-19450:2015-Object Process Methodology as our conceptual modeling framework.

Predictors of Workplace Bullying and Cyber-Bullying in New Zealand

PubMed Central

Gardner, Dianne; O’Driscoll, Michael; Cooper-Thomas, Helena D.; Roche, Maree; Bentley, Tim; Catley, Bevan; Teo, Stephen T. T.; Trenberth, Linda

2016-01-01

Background: The negative effects of in-person workplace bullying (WB) are well established. Less is known about cyber-bullying (CB), in which negative behaviours are mediated by technology. Drawing on the conservation of resources theory, the current research examined how individual and organisational factors were related to WB and CB at two time points three months apart. Methods: Data were collected by means of an online self-report survey. Eight hundred and twenty-six respondents (58% female, 42% male) provided data at both time points. Results: One hundred and twenty-three (15%) of participants had been bullied and 23 (2.8%) of participants had been cyber-bullied within the last six months. Women reported more WB, but not more CB, than men. Worse physical health, higher strain, more destructive leadership, more team conflict and less effective organisational strategies were associated with more WB. Managerial employees experienced more CB than non-managerial employees. Poor physical health, less organisational support and less effective organisational strategies were associated with more CB. Conclusion: Rates of CB were lower than those of WB, and very few participants reported experiencing CB without also experiencing WB. Both forms of bullying were associated with poorer work environments, indicating that, where bullying is occurring, the focus should be on organisational systems and processes. PMID:27128929

Predictors of Workplace Bullying and Cyber-Bullying in New Zealand.

PubMed

Gardner, Dianne; O'Driscoll, Michael; Cooper-Thomas, Helena D; Roche, Maree; Bentley, Tim; Catley, Bevan; Teo, Stephen T T; Trenberth, Linda

2016-04-27

The negative effects of in-person workplace bullying (WB) are well established. Less is known about cyber-bullying (CB), in which negative behaviours are mediated by technology. Drawing on the conservation of resources theory, the current research examined how individual and organisational factors were related to WB and CB at two time points three months apart. Data were collected by means of an online self-report survey. Eight hundred and twenty-six respondents (58% female, 42% male) provided data at both time points. One hundred and twenty-three (15%) of participants had been bullied and 23 (2.8%) of participants had been cyber-bullied within the last six months. Women reported more WB, but not more CB, than men. Worse physical health, higher strain, more destructive leadership, more team conflict and less effective organisational strategies were associated with more WB. Managerial employees experienced more CB than non-managerial employees. Poor physical health, less organisational support and less effective organisational strategies were associated with more CB. Rates of CB were lower than those of WB, and very few participants reported experiencing CB without also experiencing WB. Both forms of bullying were associated with poorer work environments, indicating that, where bullying is occurring, the focus should be on organisational systems and processes.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Onyeji, Ijeoma; Bazilian, Morgan; Bronk, Chris

Both the number and security implications of sophisticated cyber attacks on companies providing critical energy infrastructures are increasing. As power networks and, to a certain extent, oil and gas infrastructure both upstream and downstream, are becoming increasingly integrated with information communication technology systems, they are growing more susceptible to cyber attacks.

Cyber Physical System Modelling of Distribution Power Systems for Dynamic Demand Response

NASA Astrophysics Data System (ADS)

Chu, Xiaodong; Zhang, Rongxiang; Tang, Maosen; Huang, Haoyi; Zhang, Lei

2018-01-01

Dynamic demand response (DDR) is a package of control methods to enhance power system security. A CPS modelling and simulation platform for DDR in distribution power systems is presented in this paper. CPS modelling requirements of distribution power systems are analyzed. A coupled CPS modelling platform is built for assessing DDR in the distribution power system, which combines seamlessly modelling tools of physical power networks and cyber communication networks. Simulations results of IEEE 13-node test system demonstrate the effectiveness of the modelling and simulation platform.

Automating Information Assurance for Cyber Situational Awareness within a Smart Cloud System of Systems

DTIC Science & Technology

2014-03-01

Humanitarian Assistance and Disaster Relief HTML HyperText Markup Language IA Information Assurance IAI Israel Aerospace Industries IASA Information ...decision maker at the Command and Control “mini cloud” was of upmost interest . This discussion not only confirmed the need to have information ...2) monitoring for specific cyber attacks on a specified system, (3) alerting information of interest to an operator, and finally (4) allowing the

Experimental Validation of a Resilient Monitoring and Control System

DOE Office of Scientific and Technical Information (OSTI.GOV)

Wen-Chiao Lin; Kris R. E. Villez; Humberto E. Garcia

2014-05-01

Complex, high performance, engineering systems have to be closely monitored and controlled to ensure safe operation and protect public from potential hazards. One of the main challenges in designing monitoring and control algorithms for these systems is that sensors and actuators may be malfunctioning due to malicious or natural causes. To address this challenge, this paper addresses a resilient monitoring and control (ReMAC) system by expanding previously developed resilient condition assessment monitoring systems and Kalman filter-based diagnostic methods and integrating them with a supervisory controller developed here. While the monitoring and diagnostic algorithms assess plant cyber and physical health conditions,more » the supervisory controller selects, from a set of candidates, the best controller based on the current plant health assessments. To experimentally demonstrate its enhanced performance, the developed ReMAC system is then used for monitoring and control of a chemical reactor with a water cooling system in a hardware-in-the-loop setting, where the reactor is computer simulated and the water cooling system is implemented by a machine condition monitoring testbed at Idaho National Laboratory. Results show that the ReMAC system is able to make correct plant health assessments despite sensor malfunctioning due to cyber attacks and make decisions that achieve best control actions despite possible actuator malfunctioning. Monitoring challenges caused by mismatches between assumed system component models and actual measurements are also identified for future work.« less

Porous TiO₂-Based Gas Sensors for Cyber Chemical Systems to Provide Security and Medical Diagnosis.

PubMed

Galstyan, Vardan

2017-12-19

Gas sensors play an important role in our life, providing control and security of technical processes, environment, transportation and healthcare. Consequently, the development of high performance gas sensor devices is the subject of intense research. TiO₂, with its excellent physical and chemical properties, is a very attractive material for the fabrication of chemical sensors. Meanwhile, the emerging technologies are focused on the fabrication of more flexible and smart systems for precise monitoring and diagnosis in real-time. The proposed cyber chemical systems in this paper are based on the integration of cyber elements with the chemical sensor devices. These systems may have a crucial effect on the environmental and industrial safety, control of carriage of dangerous goods and medicine. This review highlights the recent developments on fabrication of porous TiO₂-based chemical gas sensors for their application in cyber chemical system showing the convenience and feasibility of such a model to provide the security and to perform the diagnostics. The most of reports have demonstrated that the fabrication of doped, mixed and composite structures based on porous TiO₂ may drastically improve its sensing performance. In addition, each component has its unique effect on the sensing properties of material.

Porous TiO2-Based Gas Sensors for Cyber Chemical Systems to Provide Security and Medical Diagnosis

PubMed Central

2017-01-01

Gas sensors play an important role in our life, providing control and security of technical processes, environment, transportation and healthcare. Consequently, the development of high performance gas sensor devices is the subject of intense research. TiO2, with its excellent physical and chemical properties, is a very attractive material for the fabrication of chemical sensors. Meanwhile, the emerging technologies are focused on the fabrication of more flexible and smart systems for precise monitoring and diagnosis in real-time. The proposed cyber chemical systems in this paper are based on the integration of cyber elements with the chemical sensor devices. These systems may have a crucial effect on the environmental and industrial safety, control of carriage of dangerous goods and medicine. This review highlights the recent developments on fabrication of porous TiO2-based chemical gas sensors for their application in cyber chemical system showing the convenience and feasibility of such a model to provide the security and to perform the diagnostics. The most of reports have demonstrated that the fabrication of doped, mixed and composite structures based on porous TiO2 may drastically improve its sensing performance. In addition, each component has its unique effect on the sensing properties of material. PMID:29257076

On the Adaptive Protection of Microgrids: A Review on How to Mitigate Cyber Attacks and Communication Failures

DOE Office of Scientific and Technical Information (OSTI.GOV)

Habib, Hany F; Lashway, Christopher R; Mohammed, Osama A

One main challenge in the practical implementation of a microgrid is the design of an adequate protection scheme in both grid connected and islanded modes. Conventional overcurrent protection schemes face selectivity and sensitivity issues during grid and microgrid faults since the fault current level is different in both cases for the same relay. Various approaches have been implemented in the past to deal with this problem, yet the most promising ones are the implementation of adaptive protection techniques abiding by the IEC 61850 communication standard. This paper presents a critical review of existing adaptive protection schemes, the technical challenges formore » the use of classical protection techniques and the need for an adaptive, smart protection system. However, the risk of communication link failures and cyber security threats still remain a challenge in implementing a reliable adaptive protection scheme. A contingency is needed where a communication issue prevents the relay from adjusting to a lower current level during islanded mode. An adaptive protection scheme is proposed that utilizes energy storage (ES) and hybrid ES (HESS) already available in the network as a mechanism to source the higher fault current. Four common grid ES and HESS are reviewed for their suitability in feeding the fault while some solutions are proposed.« less

A Mathematical Framework for the Analysis of Cyber-Resilient Control Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Melin, Alexander M; Ferragut, Erik M; Laska, Jason A

2013-01-01

The increasingly recognized vulnerability of industrial control systems to cyber-attacks has inspired a considerable amount of research into techniques for cyber-resilient control systems. The majority of this effort involves the application of well known information security (IT) techniques to control system networks. While these efforts are important to protect the control systems that operate critical infrastructure, they are never perfectly effective. Little research has focused on the design of closed-loop dynamics that are resilient to cyber-attack. The majority of control system protection measures are concerned with how to prevent unauthorized access and protect data integrity. We believe that the abilitymore » to analyze how an attacker can effect the closed loop dynamics of a control system configuration once they have access is just as important to the overall security of a control system. To begin to analyze this problem, consistent mathematical definitions of concepts within resilient control need to be established so that a mathematical analysis of the vulnerabilities and resiliencies of a particular control system design methodology and configuration can be made. In this paper, we propose rigorous definitions for state awareness, operational normalcy, and resiliency as they relate to control systems. We will also discuss some mathematical consequences that arise from the proposed definitions. The goal is to begin to develop a mathematical framework and testable conditions for resiliency that can be used to build a sound theoretical foundation for resilient control research.« less

TECHcitement: Advances in Technological Education, 2006

ERIC Educational Resources Information Center

American Association of Community Colleges (NJ1), 2006

2006-01-01

This publication includes 13 articles: (1) ATE [Advanced Technological Education] Attuned to Global Competition; (2) Materials Science Center Supplies Information on Often-Overlooked Field; (3) CSEC [Cyber Security Education Consortium] Builds Corps of Cyber Technicians; (4) KCTCS [Kentucky Community and Technical College System] Is U.S. Partner…

Computer Maintenance Operations Center (CMOC), showing duplexed cyber 170174 computers ...

Library of Congress Historic Buildings Survey, Historic Engineering Record, Historic Landscapes Survey

Computer Maintenance Operations Center (CMOC), showing duplexed cyber 170-174 computers - Beale Air Force Base, Perimeter Acquisition Vehicle Entry Phased-Array Warning System, Techinical Equipment Building, End of Spencer Paul Road, north of Warren Shingle Road (14th Street), Marysville, Yuba County, CA

Collaborative Defense of Transmission and Distribution Protection and Control Devices Against Cyber Attacks (CODEF) DE-OE0000674. ABB Inc. Final Scientific/Technical Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Nuqui, Reynaldo

This report summarizes the activities conducted under the DOE-OE funded project DEOE0000674, where ABB Inc. (ABB), in collaboration with University of Illinois at Urbana-Champaign (UIUC), Bonneville Power Administration (BPA), and Ameren-Illinois (Ameren-IL) pursued the development of a system of collaborative defense of electrical substation’s intelligent electronic devices against cyber-attacks (CODEF). An electrical substation with CODEF features will be more capable of mitigating cyber-attacks especially those that seek to control switching devices. It leverages the security extensions of IEC 61850 to empower existing devices to collaborate in identifying and blocking malicious intents to trip circuit breakers, mis-coordinate devices settings, even thoughmore » the commands and the measurements comply with correct syntax. The CODEF functions utilize the physics of electromagnetic systems, electric power engineering principles, and computer science to bring more in depth cyber defense closer to the protected substation devices.« less

The Need for Cyber-Informed Engineering Expertise for Nuclear Research Reactors

DOE Office of Scientific and Technical Information (OSTI.GOV)

Anderson, Robert Stephen

Engineering disciplines may not currently understand or fully embrace cyber security aspects as they apply towards analysis, design, operation, and maintenance of nuclear research reactors. Research reactors include a wide range of diverse co-located facilities and designs necessary to meet specific operational research objectives. Because of the nature of research reactors (reduced thermal energy and fission product inventory), hazards and risks may not have received the same scrutiny as normally associated with power reactors. Similarly, security may not have been emphasized either. However, the lack of sound cybersecurity defenses may lead to both safety and security impacts. Risk management methodologiesmore » may not contain the foundational assumptions required to address the intelligent adversary’s capabilities in malevolent cyber attacks. Although most research reactors are old and may not have the same digital footprint as newer facilities, any digital instrument and control function must be considered as a potential attack platform that can lead to sabotage or theft of nuclear material, especially for some research reactors that store highly enriched uranium. This paper will provide a discussion about the need for cyber-informed engineering practices that include the entire engineering lifecycle. Cyber-informed engineering as referenced in this paper is the inclusion of cybersecurity aspects into the engineering process. A discussion will consider several attributes of this process evaluating the long-term goal of developing additional cyber safety basis analysis and trust principles. With a culture of free information sharing exchanges, and potentially a lack of security expertise, new risk analysis and design methodologies need to be developed to address this rapidly evolving (cyber) threatscape.« less

Cyber-Defense Return on Investment for NAVFAC Energy Technologies

DTIC Science & Technology

2017-12-01

Stakeholder input is important to properly develop a tool that reflects the legitimate concerns of those who routinely design , operate, and use control ...cybersecurity results with no control system network connectivity at all. Both are extreme scenarios, unless electrical engineers can design a...support of a Department of Defense (DOD) effort to improve cyber- security in relation to DOD installation control systems. Space and Naval Warfare

Federating Cyber and Physical Models for Event-Driven Situational Awareness

DOE Office of Scientific and Technical Information (OSTI.GOV)

Stephan, Eric G.; Pawlowski, Ronald A.; Sridhar, Siddharth

The purpose of this paper is to describe a novel method to improve electric power system monitoring and control software application interoperability. This method employs the concept of federation, which is defined as the use of existing models that represent aspects of a system in specific domains (such as physical and cyber security domains) and building interface to link all of domain models.

Model Based Verification of Cyber Range Event Environments

DTIC Science & Technology

2015-11-13

Commercial and Open Source Systems," in SOSP, Cascais, Portugal, 2011. [3] Sanjai Narain, Sharad Malik, and Ehab Al-Shaer, "Towards Eliminating...Configuration Errors in Cyber Infrastructure," in 4th IEEE Symposium on Configuration Analytics and Automation, Arlington, VA, 2011. [4] Sanjai Narain...Verlag, 2010. [5] Sanjai Narain, "Network Configuration Management via Model Finding," in 19th Large Installation System Administration Conference, San

Cyber Hygiene for Control System Security

DOE PAGES

Oliver, David

2015-10-08

There are many resources from government and private industry available to assist organizations in reducing their attack surface and enhancing their security posture. Furthermore, standards are being written and improved upon to make the practice of securing a network more manageable. And while the specifics of network security are complex, most system vulnerabilities can be mitigated using fairly simple cyber hygiene techniques like those offered above.

Contract-Based Integration of Cyber-Physical Analyses

DTIC Science & Technology

2014-10-14

for cyber-physical systems , 2013 [3] Torngren et al. Integrating viewpoints in the development of mechatronic products, 2013 [4] Rajhans et al...Conference on Embedded Software Report Documentation Page Form ApprovedOMB No. 0704-0188 Public reporting burden for the collection of information is...failures 5 Analytic aspect of integration Sensor Sampling PID Controller Actuator Controller Communication bus Sensor board CPU Actuator board System Bin

Cyber bullying and physical bullying in adolescent suicide: the role of violent behavior and substance use.

PubMed

Litwiller, Brett J; Brausch, Amy M

2013-05-01

The impact of bullying in all forms on the mental health and safety of adolescents is of particular interest, especially in the wake of new methods of bullying that victimize youths through technology. The current study examined the relationship between victimization from both physical and cyber bullying and adolescent suicidal behavior. Violent behavior, substance use, and unsafe sexual behavior were tested as mediators between two forms of bullying, cyber and physical, and suicidal behavior. Data were taken from a large risk-behavior screening study with a sample of 4,693 public high school students (mean age = 16.11, 47 % female). The study's findings showed that both physical bullying and cyber bullying associated with substance use, violent behavior, unsafe sexual behavior, and suicidal behavior. Substance use, violent behavior, and unsafe sexual behavior also all associated with suicidal behavior. Substance use and violent behavior partially mediated the relationship between both forms of bullying and suicidal behavior. The comparable amount of variance in suicidal behavior accounted for by both cyber bullying and physical bullying underscores the important of further cyber bullying research. The direct association of each risk behavior with suicidal behavior also underscores the importance of reducing risk behaviors. Moreover, the role of violence and substance use as mediating behaviors offers an explanation of how risk behaviors can increase an adolescent's likelihood of suicidal behavior through habituation to physical pain and psychological anxiety.

Data fusion in cyber security: first order entity extraction from common cyber data

NASA Astrophysics Data System (ADS)

Giacobe, Nicklaus A.

2012-06-01

The Joint Directors of Labs Data Fusion Process Model (JDL Model) provides a framework for how to handle sensor data to develop higher levels of inference in a complex environment. Beginning from a call to leverage data fusion techniques in intrusion detection, there have been a number of advances in the use of data fusion algorithms in this subdomain of cyber security. While it is tempting to jump directly to situation-level or threat-level refinement (levels 2 and 3) for more exciting inferences, a proper fusion process starts with lower levels of fusion in order to provide a basis for the higher fusion levels. The process begins with first order entity extraction, or the identification of important entities represented in the sensor data stream. Current cyber security operational tools and their associated data are explored for potential exploitation, identifying the first order entities that exist in the data and the properties of these entities that are described by the data. Cyber events that are represented in the data stream are added to the first order entities as their properties. This work explores typical cyber security data and the inferences that can be made at the lower fusion levels (0 and 1) with simple metrics. Depending on the types of events that are expected by the analyst, these relatively simple metrics can provide insight on their own, or could be used in fusion algorithms as a basis for higher levels of inference.

Cyber dating abuse in affective and sexual relationships: a literature review.

PubMed

Flach, Roberta Matassoli Duran; Deslandes, Suely Ferreira

2017-07-27

Cyber culture with its related e-commerce, expanded since the 2000s through the advent of social network platforms, incites participants to engage in hyper-exposure and spectacularization of their private lives, with inherent consequences for personal image and privacy, publicizing private matters (especially those pertaining to sexuality and corporality) in the digital media. This raises the need to understand how the phenomenon of cyber dating abuse in affective and sexual relationships is conceptualized and characterized in scientific studies, which health problems are associated with it, and which social technologies are suggested for intervention. This form of abuse is a new expression of intimate partner violence that involves, among other practices, posting embarrassing photos and videos and intimate messages without prior consent, with the purpose of humiliating and defaming the person. The current study is an integrative systematic review, including 35 articles, with a predominance of studies in the United States (22). Types of cyber dating abuse range from direct aggression to stalking. Despite the high prevalence, especially among adolescents and youth, the literature highlights that this type of cyber abuse is often taken for granted. The suggested interventions are mostly for prevention and awareness-raising concerning relationship abuse, action by school counselors, and family orientation. The high reciprocity of cyber dating abuse between males and females indicates that future studies should attempt to elucidate how the dynamics of gender violence are reproduced or subverted by it.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Stewart, John; Halbgewachs, Ron; Chavez, Adrian

The manner in which the control systems are being designed and operated in the energy sector is undergoing some of the most significant changes in history due to the evolution of technology and the increasing number of interconnections to other system. With these changes however come two significant challenges that the energy sector must face; 1) Cyber security is more important than ever before, and 2) Cyber security is more complicated than ever before. A key requirement in helping utilities and vendors alike in meeting these challenges is interoperability. While interoperability has been present in much of the discussions relatingmore » to technology utilized within the energy sector and especially the Smart Grid, it has been absent in the context of cyber security. The Lemnos project addresses these challenges by focusing on the interoperability of devices utilized within utility control systems which support critical cyber security functions. In theory, interoperability is possible with many of the cyber security solutions available to utilities today. The reality is that the effort required to achieve cyber security interoperability is often a barrier for utilities. For example, consider IPSec, a widely-used Internet Protocol to define Virtual Private Networks, or tunnels , to communicate securely through untrusted public and private networks. The IPSec protocol suite has a significant number of configuration options and encryption parameters to choose from, which must be agreed upon and adopted by both parties establishing the tunnel. The exercise in getting software or devices from different vendors to interoperate is labor intensive and requires a significant amount of security expertise by the end user. Scale this effort to a significant number of devices operating over a large geographical area and the challenge becomes so overwhelming that it often leads utilities to pursue solutions from a single vendor. These single vendor solutions may inadvertently lock utilities into proprietary and closed systems.« less

Cyber War Game in Temporal Networks

DTIC Science & Technology

2016-02-09

Boston, Massachusetts 02115, United States of America * jianxi.gao@gmail.com Abstract In a cyber war game where a network is fully distributed and... game with minimum effort. Given the system goal states of attackers and defenders, we study what strategies attackers or defenders can take to reach

78 FR 22909 - Mondelez Global LLC, Business Services Center, Including On-Site Leased Workers From Abacus...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-04-17

... Solutions, American Cybersystems, Inc., Collabera, Hewlett-Packard, Kelly Services, Kforce, Inc., Lancesoft..., Business Services Center, including on-site leased workers from Abacus Service Corporation, American Cyber..., American CyberSystems, Inc., Collabera, Hewlett-Packard, Kelly Services, Kforce, Inc., Lancesoft...

ViNEL: A Virtual Networking Lab for Cyber Defense Education

ERIC Educational Resources Information Center

Reinicke, Bryan; Baker, Elizabeth; Toothman, Callie

2018-01-01

Professors teaching cyber security classes often face challenges when developing workshops for their students: How does one quickly and efficiently configure and deploy an operating system for a temporary learning/testing environment? Faculty teaching these classes spend countless hours installing, configuring and deploying multiple system…

ACHIEVING MISSION ASSURANCE AGAINST A CYBER THREAT WITH THE DEFENSE ACQUISITION SYSTEM

DTIC Science & Technology

2016-02-13

assurance to be “ baked in” to system design. Second, FMAs and vulnerability assessments should be conducted prior to every acquisition milestone...of FMAs enables the long sought after “ baking in” of mission assurance. Conducting an FMA is not a trivial task, nor is it exclusively a cyber...drive mission assurance to be “ baked in” to system design. Secondly, conducting discrete CH events before each milestone is fundamental to achieving

SEI Software Engineering Education Directory.

DTIC Science & Technology

1987-02-01

Software Design and Development Gilbert. Philip Systems: CDC Cyber 170/750 CDC Cyber 170760 DEC POP 11/44 PRIME AT&T 3B5 IBM PC IBM XT IBM RT...Macintosh VAx 8300 Software System Development and Laboratory CS 480/480L U P X T Textbooks: Software Design and Development Gilbert, Philip Systems: CDC...Acting Chair (618) 692-2386 Courses: Software Design and Development CS 424 U P E Y Textbooks: Software Design and Development, Gilbert, Philip Topics

Main control computer security model of closed network systems protection against cyber attacks

NASA Astrophysics Data System (ADS)

Seymen, Bilal

2014-06-01

The model that brings the data input/output under control in closed network systems, that maintains the system securely, and that controls the flow of information through the Main Control Computer which also brings the network traffic under control against cyber-attacks. The network, which can be controlled single-handedly thanks to the system designed to enable the network users to make data entry into the system or to extract data from the system securely, intends to minimize the security gaps. Moreover, data input/output record can be kept by means of the user account assigned for each user, and it is also possible to carry out retroactive tracking, if requested. Because the measures that need to be taken for each computer on the network regarding cyber security, do require high cost; it has been intended to provide a cost-effective working environment with this model, only if the Main Control Computer has the updated hardware.

Air Force Cyber Warfare: Now and the Future

DTIC Science & Technology

2013-10-01

cyber warfare in popular culture. Most of them focus on the individual s uncanny grasp of technology the ability to exploit any system with a dizzying flurry of keystrokes or to fend off adversaries with a smartphone, a paper clip, and an ingenious plan. These socially awkward heroes and heroines fill the silver screen with visions of a new kind of warfare. Contradicting these stereotypes, Air Force cyber operations are carefully planned and controlled by disciplined, rigorously trained operators. Rather than acting alone, these professionals produce effects in support of

Using a Prediction Model to Manage Cyber Security Threats.

PubMed

Jaganathan, Venkatesh; Cherurveettil, Priyesh; Muthu Sivashanmugam, Premapriya

2015-01-01

Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization.

Using a Prediction Model to Manage Cyber Security Threats

PubMed Central

Muthu Sivashanmugam, Premapriya

2015-01-01

Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization. PMID:26065024

Novel mechanism of network protection against the new generation of cyber attacks

NASA Astrophysics Data System (ADS)

Milovanov, Alexander; Bukshpun, Leonid; Pradhan, Ranjit

2012-06-01

A new intelligent mechanism is presented to protect networks against the new generation of cyber attacks. This mechanism integrates TCP/UDP/IP protocol stack protection and attacker/intruder deception to eliminate existing TCP/UDP/IP protocol stack vulnerabilities. It allows to detect currently undetectable, highly distributed, low-frequency attacks such as distributed denial-of-service (DDoS) attacks, coordinated attacks, botnet, and stealth network reconnaissance. The mechanism also allows insulating attacker/intruder from the network and redirecting the attack to a simulated network acting as a decoy. As a result, network security personnel gain sufficient time to defend the network and collect the attack information. The presented approach can be incorporated into wireless or wired networks that require protection against known and the new generation of cyber attacks.

Design of Cyber Attack Precursor Symptom Detection Algorithm through System Base Behavior Analysis and Memory Monitoring

NASA Astrophysics Data System (ADS)

Jung, Sungmo; Kim, Jong Hyun; Cagalaban, Giovanni; Lim, Ji-Hoon; Kim, Seoksoo

More recently, botnet-based cyber attacks, including a spam mail or a DDos attack, have sharply increased, which poses a fatal threat to Internet services. At present, antivirus businesses make it top priority to detect malicious code in the shortest time possible (Lv.2), based on the graph showing a relation between spread of malicious code and time, which allows them to detect after malicious code occurs. Despite early detection, however, it is not possible to prevent malicious code from occurring. Thus, we have developed an algorithm that can detect precursor symptoms at Lv.1 to prevent a cyber attack using an evasion method of 'an executing environment aware attack' by analyzing system behaviors and monitoring memory.

A CyberCIEGE Scenario Illustrating Secrecy Issues in an Internal Corporate Network Connected to the Internet

DTIC Science & Technology

2004-09-01

to provide access to and protect are the NG Game Code, Employee Files, E -MAIL, Marketing Plans and Legacy Code. The NG Game Code is the MOST...major hit. E -MAIL is classified NON- SENSITIVE. The Marketing Plans are for the NG Game Code. They contain information concerning what the new...simulation games currently on the market except that, rather than allowing players to choose rides, refreshments and facilities, CyberCIEGE will

76 FR 7187 - Priorities for Addressing Risks to the Reliability of the Bulk-Power System; Reliability...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-09

... emerging challenges facing the power grid? b. Do the CIP standards assure cyber security, including... Smart Grid applications have non-cyber reliability implications that need to be addressed? d. What steps... (NERC). Ronald L. Litzinger, President, Southern California Edison Company. Stephen J. Wright...

Department of Defense Information Enterprise: Strategic Plan 2010-2012

DTIC Science & Technology

2010-04-01

migrate from circuit-based technology to a converged (voice, video , and data) IP network and UC services environment. Ensure the optimal...Kevin Coleman, “Cyber Attacks on Supply Chain Systems,” Defense Tech, April 15, 2009 8 Lolita C. Baldor, “Federal Web Sites Knocked Out by Cyber Attack

New Project Incubator

DTIC Science & Technology

2018-04-30

quality assurance, parts, materials, processes, and domain-specific considerations such as radiation effects in space missions which are all part of MA...Bulletin, 138(2), p.211. Katz, R. and Allen, T.J. (1982). Investigating the Not Invented Here (NIH) syndrome : A look at the performance, tenure, and...actual modularity of a cyber-physical system is particularly acute . As Lee [2008] points out, cyber-physical systems have always been held to a higher

Adapting iterative algorithms for solving large sparse linear systems for efficient use on the CDC CYBER 205

NASA Technical Reports Server (NTRS)

Kincaid, D. R.; Young, D. M.

1984-01-01

Adapting and designing mathematical software to achieve optimum performance on the CYBER 205 is discussed. Comments and observations are made in light of recent work done on modifying the ITPACK software package and on writing new software for vector supercomputers. The goal was to develop very efficient vector algorithms and software for solving large sparse linear systems using iterative methods.

Cyber threat impact assessment and analysis for space vehicle architectures

NASA Astrophysics Data System (ADS)

McGraw, Robert M.; Fowler, Mark J.; Umphress, David; MacDonald, Richard A.

2014-06-01

This paper covers research into an assessment of potential impacts and techniques to detect and mitigate cyber attacks that affect the networks and control systems of space vehicles. Such systems, if subverted by malicious insiders, external hackers and/or supply chain threats, can be controlled in a manner to cause physical damage to the space platforms. Similar attacks on Earth-borne cyber physical systems include the Shamoon, Duqu, Flame and Stuxnet exploits. These have been used to bring down foreign power generation and refining systems. This paper discusses the potential impacts of similar cyber attacks on space-based platforms through the use of simulation models, including custom models developed in Python using SimPy and commercial SATCOM analysis tools, as an example STK/SOLIS. The paper discusses the architecture and fidelity of the simulation model that has been developed for performing the impact assessment. The paper walks through the application of an attack vector at the subsystem level and how it affects the control and orientation of the space vehicle. SimPy is used to model and extract raw impact data at the bus level, while STK/SOLIS is used to extract raw impact data at the subsystem level and to visually display the effect on the physical plant of the space vehicle.

Data-Aware Retrodiction for Asynchronous Harmonic Measurement in a Cyber-Physical Energy System.

PubMed

Liu, Youda; Wang, Xue; Liu, Yanchi; Cui, Sujin

2016-08-18

Cyber-physical energy systems provide a networked solution for safety, reliability and efficiency problems in smart grids. On the demand side, the secure and trustworthy energy supply requires real-time supervising and online power quality assessing. Harmonics measurement is necessary in power quality evaluation. However, under the large-scale distributed metering architecture, harmonic measurement faces the out-of-sequence measurement (OOSM) problem, which is the result of latencies in sensing or the communication process and brings deviations in data fusion. This paper depicts a distributed measurement network for large-scale asynchronous harmonic analysis and exploits a nonlinear autoregressive model with exogenous inputs (NARX) network to reorder the out-of-sequence measuring data. The NARX network gets the characteristics of the electrical harmonics from practical data rather than the kinematic equations. Thus, the data-aware network approximates the behavior of the practical electrical parameter with real-time data and improves the retrodiction accuracy. Theoretical analysis demonstrates that the data-aware method maintains a reasonable consumption of computing resources. Experiments on a practical testbed of a cyber-physical system are implemented, and harmonic measurement and analysis accuracy are adopted to evaluate the measuring mechanism under a distributed metering network. Results demonstrate an improvement of the harmonics analysis precision and validate the asynchronous measuring method in cyber-physical energy systems.

Gbps wireless transceivers for high bandwidth interconnections in distributed cyber physical systems

NASA Astrophysics Data System (ADS)

Saponara, Sergio; Neri, Bruno

2015-05-01

In Cyber Physical Systems there is a growing use of high speed sensors like photo and video camera, radio and light detection and ranging (Radar/Lidar) sensors. Hence Cyber Physical Systems can benefit from the high communication data rate, several Gbps, that can be provided by mm-wave wireless transceivers. At such high frequency the wavelength is few mm and hence the whole transceiver including the antenna can be integrated in a single chip. To this aim this paper presents the design of 60 GHz transceiver architecture to ensure connection distances up to 10 m and data rate up to 4 Gbps. At 60 GHz there are more than 7 GHz of unlicensed bandwidth (available for free for development of new services). By using a CMOS SOI technology RF, analog and digital baseband circuitry can be integrated in the same chip minimizing noise coupling. Even the antenna is integrated on chip reducing cost and size vs. classic off-chip antenna solutions. Therefore the proposed transceiver can enable at physical layer the implementation of low cost nodes for a Cyber Physical System with data rates of several Gbps and with a communication distance suitable for home/office scenarios, or on-board vehicles such as cars, trains, ships, airplanes

A Testbed Environment for Buildings-to-Grid Cyber Resilience Research and Development

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sridhar, Siddharth; Ashok, Aditya; Mylrea, Michael E.

The Smart Grid is characterized by the proliferation of advanced digital controllers at all levels of its operational hierarchy from generation to end consumption. Such controllers within modern residential and commercial buildings enable grid operators to exercise fine-grained control over energy consumption through several emerging Buildings-to-Grid (B2G) applications. Though this capability promises significant benefits in terms of operational economics and improved reliability, cybersecurity weaknesses in the supporting infrastructure could be exploited to cause a detrimental effect and this necessitates focused research efforts on two fronts. First, the understanding of how cyber attacks in the B2G space could impact grid reliabilitymore » and to what extent. Second, the development and validation of cyber-physical application-specific countermeasures that are complementary to traditional infrastructure cybersecurity mechanisms for enhanced cyber attack detection and mitigation. The PNNL B2G testbed is currently being developed to address these core research needs. Specifically, the B2G testbed combines high-fidelity buildings+grid simulators, industry-grade building automation and Supervisory Control and Data Acquisition (SCADA) systems in an integrated, realistic, and reconfigurable environment capable of supporting attack-impact-detection-mitigation experimentation. In this paper, we articulate the need for research testbeds to model various B2G applications broadly by looking at the end-to-end operational hierarchy of the Smart Grid. Finally, the paper not only describes the architecture of the B2G testbed in detail, but also addresses the broad spectrum of B2G resilience research it is capable of supporting based on the smart grid operational hierarchy identified earlier.« less

Cyber security risk assessment for SCADA and DCS networks.

PubMed

Ralston, P A S; Graham, J H; Hieb, J L

2007-10-01

The growing dependence of critical infrastructures and industrial automation on interconnected physical and cyber-based control systems has resulted in a growing and previously unforeseen cyber security threat to supervisory control and data acquisition (SCADA) and distributed control systems (DCSs). It is critical that engineers and managers understand these issues and know how to locate the information they need. This paper provides a broad overview of cyber security and risk assessment for SCADA and DCS, introduces the main industry organizations and government groups working in this area, and gives a comprehensive review of the literature to date. Major concepts related to the risk assessment methods are introduced with references cited for more detail. Included are risk assessment methods such as HHM, IIM, and RFRM which have been applied successfully to SCADA systems with many interdependencies and have highlighted the need for quantifiable metrics. Presented in broad terms is probability risk analysis (PRA) which includes methods such as FTA, ETA, and FEMA. The paper concludes with a general discussion of two recent methods (one based on compromise graphs and one on augmented vulnerability trees) that quantitatively determine the probability of an attack, the impact of the attack, and the reduction in risk associated with a particular countermeasure.

Improvements of cyberspace and effects to the battlefield

NASA Astrophysics Data System (ADS)

Gedıklı, Münir

2014-06-01

Wars previously being executed at land and sea have also become applicable in air and space due to the advancements of aircraft and satellite systems. Rapid improvements in information technologies have triggered the concept of cyberspace which is considered as the fifth dimension of war. While transferring information quickly from physical area to electronic/digital area, cyberspace has caused to emerge a lot of threats and methods like cyber-attack, cyber-crime, cyber war which are spreading too rapidly. Individuals, institutions and establishments have begun to take their own cyber security precautions to cope with these threats. This study gives information about the concepts and advances on cyberspace in order to raise comprehensive awareness. The study also focuses on the effects of these improvements in the battlefield, and analyzes them.

CyberShake: Running Seismic Hazard Workflows on Distributed HPC Resources

NASA Astrophysics Data System (ADS)

Callaghan, S.; Maechling, P. J.; Graves, R. W.; Gill, D.; Olsen, K. B.; Milner, K. R.; Yu, J.; Jordan, T. H.

2013-12-01

As part of its program of earthquake system science research, the Southern California Earthquake Center (SCEC) has developed a simulation platform, CyberShake, to perform physics-based probabilistic seismic hazard analysis (PSHA) using 3D deterministic wave propagation simulations. CyberShake performs PSHA by simulating a tensor-valued wavefield of Strain Green Tensors, and then using seismic reciprocity to calculate synthetic seismograms for about 415,000 events per site of interest. These seismograms are processed to compute ground motion intensity measures, which are then combined with probabilities from an earthquake rupture forecast to produce a site-specific hazard curve. Seismic hazard curves for hundreds of sites in a region can be used to calculate a seismic hazard map, representing the seismic hazard for a region. We present a recently completed PHSA study in which we calculated four CyberShake seismic hazard maps for the Southern California area to compare how CyberShake hazard results are affected by different SGT computational codes (AWP-ODC and AWP-RWG) and different community velocity models (Community Velocity Model - SCEC (CVM-S4) v11.11 and Community Velocity Model - Harvard (CVM-H) v11.9). We present our approach to running workflow applications on distributed HPC resources, including systems without support for remote job submission. We show how our approach extends the benefits of scientific workflows, such as job and data management, to large-scale applications on Track 1 and Leadership class open-science HPC resources. We used our distributed workflow approach to perform CyberShake Study 13.4 on two new NSF open-science HPC computing resources, Blue Waters and Stampede, executing over 470 million tasks to calculate physics-based hazard curves for 286 locations in the Southern California region. For each location, we calculated seismic hazard curves with two different community velocity models and two different SGT codes, resulting in over 1100 hazard curves. We will report on the performance of this CyberShake study, four times larger than previous studies. Additionally, we will examine the challenges we face applying these workflow techniques to additional open-science HPC systems and discuss whether our workflow solutions continue to provide value to our large-scale PSHA calculations.

Using cyber vulnerability testing techniques to expose undocumented security vulnerabilities in DCS and SCADA equipment

DOE Office of Scientific and Technical Information (OSTI.GOV)

Pollet, J.

2006-07-01

This session starts by providing an overview of typical DCS (Distributed Control Systems) and SCADA (Supervisory Control and Data Acquisition) architectures, and exposes cyber security vulnerabilities that vendors never admit, but are found through a comprehensive cyber testing process. A complete assessment process involves testing all of the layers and components of a SCADA or DCS environment, from the perimeter firewall all the way down to the end devices controlling the process, including what to look for when conducting a vulnerability assessment of real-time control systems. The following systems are discussed: 1. Perimeter (isolation from corporate IT or other non-criticalmore » networks) 2. Remote Access (third Party access into SCADA or DCS networks) 3. Network Architecture (switch, router, firewalls, access controls, network design) 4. Network Traffic Analysis (what is running on the network) 5. Host Operating Systems Hardening 6. Applications (how they communicate with other applications and end devices) 7. End Device Testing (PLCs, RTUs, DCS Controllers, Smart Transmitters) a. System Discovery b. Functional Discovery c. Attack Methodology i. DoS Tests (at what point does the device fail) ii. Malformed Packet Tests (packets that can cause equipment failure) iii. Session Hijacking (do anything that the operator can do) iv. Packet Injection (code and inject your own SCADA commands) v. Protocol Exploitation (Protocol Reverse Engineering / Fuzzing) This paper will provide information compiled from over five years of conducting cyber security testing on control systems hardware, software, and systems. (authors)« less

SLAE–CPS: Smart Lean Automation Engine Enabled by Cyber-Physical Systems Technologies

PubMed Central

Ma, Jing; Wang, Qiang; Zhao, Zhibiao

2017-01-01

In the context of Industry 4.0, the demand for the mass production of highly customized products will lead to complex products and an increasing demand for production system flexibility. Simply implementing lean production-based human-centered production or high automation to improve system flexibility is insufficient. Currently, lean automation (Jidoka) that utilizes cyber-physical systems (CPS) is considered a cost-efficient and effective approach for improving system flexibility under shrinking global economic conditions. Therefore, a smart lean automation engine enabled by CPS technologies (SLAE–CPS), which is based on an analysis of Jidoka functions and the smart capacity of CPS technologies, is proposed in this study to provide an integrated and standardized approach to design and implement a CPS-based smart Jidoka system. A set of comprehensive architecture and standardized key technologies should be presented to achieve the above-mentioned goal. Therefore, a distributed architecture that joins service-oriented architecture, agent, function block (FB), cloud, and Internet of things is proposed to support the flexible configuration, deployment, and performance of SLAE–CPS. Then, several standardized key techniques are proposed under this architecture. The first one is for converting heterogeneous physical data into uniform services for subsequent abnormality analysis and detection. The second one is a set of Jidoka scene rules, which is abstracted based on the analysis of the operator, machine, material, quality, and other factors in different time dimensions. These Jidoka rules can support executive FBs in performing different Jidoka functions. Finally, supported by the integrated and standardized approach of our proposed engine, a case study is conducted to verify the current research results. The proposed SLAE–CPS can serve as an important reference value for combining the benefits of innovative technology and proper methodology. PMID:28657577

SLAE-CPS: Smart Lean Automation Engine Enabled by Cyber-Physical Systems Technologies.

PubMed

Ma, Jing; Wang, Qiang; Zhao, Zhibiao

2017-06-28

In the context of Industry 4.0, the demand for the mass production of highly customized products will lead to complex products and an increasing demand for production system flexibility. Simply implementing lean production-based human-centered production or high automation to improve system flexibility is insufficient. Currently, lean automation (Jidoka) that utilizes cyber-physical systems (CPS) is considered a cost-efficient and effective approach for improving system flexibility under shrinking global economic conditions. Therefore, a smart lean automation engine enabled by CPS technologies (SLAE-CPS), which is based on an analysis of Jidoka functions and the smart capacity of CPS technologies, is proposed in this study to provide an integrated and standardized approach to design and implement a CPS-based smart Jidoka system. A set of comprehensive architecture and standardized key technologies should be presented to achieve the above-mentioned goal. Therefore, a distributed architecture that joins service-oriented architecture, agent, function block (FB), cloud, and Internet of things is proposed to support the flexible configuration, deployment, and performance of SLAE-CPS. Then, several standardized key techniques are proposed under this architecture. The first one is for converting heterogeneous physical data into uniform services for subsequent abnormality analysis and detection. The second one is a set of Jidoka scene rules, which is abstracted based on the analysis of the operator, machine, material, quality, and other factors in different time dimensions. These Jidoka rules can support executive FBs in performing different Jidoka functions. Finally, supported by the integrated and standardized approach of our proposed engine, a case study is conducted to verify the current research results. The proposed SLAE-CPS can serve as an important reference value for combining the benefits of innovative technology and proper methodology.

Minding the Cyber-Physical Gap: Model-Based Analysis and Mitigation of Systemic Perception-Induced Failure

PubMed Central

2017-01-01

The cyber-physical gap (CPG) is the difference between the ‘real’ state of the world and the way the system perceives it. This discrepancy often stems from the limitations of sensing and data collection technologies and capabilities, and is inevitable at some degree in any cyber-physical system (CPS). Ignoring or misrepresenting such limitations during system modeling, specification, design, and analysis can potentially result in systemic misconceptions, disrupted functionality and performance, system failure, severe damage, and potential detrimental impacts on the system and its environment. We propose CPG-Aware Modeling & Engineering (CPGAME), a conceptual model-based approach to capturing, explaining, and mitigating the CPG. CPGAME enhances the systems engineer’s ability to cope with CPGs, mitigate them by design, and prevent erroneous decisions and actions. We demonstrate CPGAME by applying it for modeling and analysis of the 1979 Three Miles Island 2 nuclear accident, and show how its meltdown could be mitigated. We use ISO-19450:2015—Object Process Methodology as our conceptual modeling framework. PMID:28714910

Obstacle Recognition Based on Machine Learning for On-Chip LiDAR Sensors in a Cyber-Physical System

PubMed Central

Beruvides, Gerardo

2017-01-01

Collision avoidance is an important feature in advanced driver-assistance systems, aimed at providing correct, timely and reliable warnings before an imminent collision (with objects, vehicles, pedestrians, etc.). The obstacle recognition library is designed and implemented to address the design and evaluation of obstacle detection in a transportation cyber-physical system. The library is integrated into a co-simulation framework that is supported on the interaction between SCANeR software and Matlab/Simulink. From the best of the authors’ knowledge, two main contributions are reported in this paper. Firstly, the modelling and simulation of virtual on-chip light detection and ranging sensors in a cyber-physical system, for traffic scenarios, is presented. The cyber-physical system is designed and implemented in SCANeR. Secondly, three specific artificial intelligence-based methods for obstacle recognition libraries are also designed and applied using a sensory information database provided by SCANeR. The computational library has three methods for obstacle detection: a multi-layer perceptron neural network, a self-organization map and a support vector machine. Finally, a comparison among these methods under different weather conditions is presented, with very promising results in terms of accuracy. The best results are achieved using the multi-layer perceptron in sunny and foggy conditions, the support vector machine in rainy conditions and the self-organized map in snowy conditions. PMID:28906450

Obstacle Recognition Based on Machine Learning for On-Chip LiDAR Sensors in a Cyber-Physical System.

PubMed

Castaño, Fernando; Beruvides, Gerardo; Haber, Rodolfo E; Artuñedo, Antonio

2017-09-14

Collision avoidance is an important feature in advanced driver-assistance systems, aimed at providing correct, timely and reliable warnings before an imminent collision (with objects, vehicles, pedestrians, etc.). The obstacle recognition library is designed and implemented to address the design and evaluation of obstacle detection in a transportation cyber-physical system. The library is integrated into a co-simulation framework that is supported on the interaction between SCANeR software and Matlab/Simulink. From the best of the authors' knowledge, two main contributions are reported in this paper. Firstly, the modelling and simulation of virtual on-chip light detection and ranging sensors in a cyber-physical system, for traffic scenarios, is presented. The cyber-physical system is designed and implemented in SCANeR. Secondly, three specific artificial intelligence-based methods for obstacle recognition libraries are also designed and applied using a sensory information database provided by SCANeR. The computational library has three methods for obstacle detection: a multi-layer perceptron neural network, a self-organization map and a support vector machine. Finally, a comparison among these methods under different weather conditions is presented, with very promising results in terms of accuracy. The best results are achieved using the multi-layer perceptron in sunny and foggy conditions, the support vector machine in rainy conditions and the self-organized map in snowy conditions.

A developmental approach to learning causal models for cyber security

NASA Astrophysics Data System (ADS)

Mugan, Jonathan

2013-05-01

To keep pace with our adversaries, we must expand the scope of machine learning and reasoning to address the breadth of possible attacks. One approach is to employ an algorithm to learn a set of causal models that describes the entire cyber network and each host end node. Such a learning algorithm would run continuously on the system and monitor activity in real time. With a set of causal models, the algorithm could anticipate novel attacks, take actions to thwart them, and predict the second-order effects flood of information, and the algorithm would have to determine which streams of that flood were relevant in which situations. This paper will present the results of efforts toward the application of a developmental learning algorithm to the problem of cyber security. The algorithm is modeled on the principles of human developmental learning and is designed to allow an agent to learn about the computer system in which it resides through active exploration. Children are flexible learners who acquire knowledge by actively exploring their environment and making predictions about what they will find,1, 2 and our algorithm is inspired by the work of the developmental psychologist Jean Piaget.3 Piaget described how children construct knowledge in stages and learn new concepts on top of those they already know. Developmental learning allows our algorithm to focus on subsets of the environment that are most helpful for learning given its current knowledge. In experiments, the algorithm was able to learn the conditions for file exfiltration and use that knowledge to protect sensitive files.

Analysis of white box test of cyber-physical system

NASA Astrophysics Data System (ADS)

Li, Bo; Zhang, Lichen

2017-05-01

The Cyber-Physical System is a complex system in which the information system is closely integrated with the physical system. Through the environment detection and the combination of computing, communication and control process, the physical real-time perception and dynamic control function are realized. CPS is another information revolution after the Internet, and his presence will change the way people interact with the physical world. In this paper, the concept of CPS and white box testing is introduced, and then the white box test for CPS hardware, software, network and system is discussed in detail. Finally, the research on CPS is prospected.

Development of a support software system for real-time HAL/S applications

NASA Technical Reports Server (NTRS)

Smith, R. S.

1984-01-01

Methodologies employed in defining and implementing a software support system for the HAL/S computer language for real-time operations on the Shuttle are detailed. Attention is also given to the management and validation techniques used during software development and software maintenance. Utilities developed to support the real-time operating conditions are described. With the support system being produced on Cyber computers and executable code then processed through Cyber or PDP machines, the support system has a production level status and can serve as a model for other software development projects.

Cyberspace security system

DOEpatents

Abercrombie, Robert K; Sheldon, Frederick T; Ferragut, Erik M

2014-06-24

A system evaluates reliability, performance and/or safety by automatically assessing the targeted system's requirements. A cost metric quantifies the impact of failures as a function of failure cost per unit of time. The metrics or measurements may render real-time (or near real-time) outcomes by initiating active response against one or more high ranked threats. The system may support or may be executed in many domains including physical domains, cyber security domains, cyber-physical domains, infrastructure domains, etc. or any other domains that are subject to a threat or a loss.

Normative beliefs about aggression and cyber aggression among young adults: a longitudinal investigation.

PubMed

Wright, Michelle F; Li, Yan

2013-01-01

This longitudinal study examined normative beliefs about aggression (e.g., face-to-face, cyber) in relation to the engagement in cyber aggression 6 months later among 126 (69 women) young adults. Participants completed electronically administered measures assessing their normative beliefs, face-to-face and cyber aggression at Time 1, and cyber aggression 6 months later (Time 2). We found that men reported more cyber relational and verbal aggression when compared to women. After controlling for each other, Time 1 face-to-face relational aggression was positively related to Time 2 cyber relational aggression, whereas Time 1 face-to-face verbal aggression was positively related to Time 2 cyber verbal aggression. Normative beliefs regarding cyber aggression was positively related to both forms of cyber aggression 6 months later, after controlling for normative beliefs about face-to-face aggression. Furthermore, a significant two-way interaction between Time 1 cyber relational aggression and normative beliefs about cyber relational aggression was found. Follow-up analysis showed that Time 1 cyber relational aggression was more strongly related to Time 2 cyber relational aggression when young adults held higher normative beliefs about cyber relational aggression. A similar two-way interaction was found for cyber verbal aggression such that the association between Time 1 and Time 2 cyber verbal aggression was stronger at higher levels of normative beliefs about cyber verbal aggression. Results are discussed in terms of the social cognitive and behavioral mechanisms associated with the engagement of cyber aggression. © 2013 Wiley Periodicals, Inc.

Present and Future of Cyber Education in Korea: Suggestion for Its Promising Future Based on Representative Practices.

ERIC Educational Resources Information Center

Kim, Youngsoo; Lee, Jong Yeon

1999-01-01

Provides an overview of cyber education in Korea that is meeting the educational needs of corporations as well as universities. Topics include Web pages; plans for performance evaluation; system architecture; and future possibilities, including service providers, information infrastructure, and rules and regulations. (Contains 23 references.) (LRW)

DEMO: Action Recommendation for Cyber Resilience

DOE Office of Scientific and Technical Information (OSTI.GOV)

Rodriguez, Luke R.; Curtis, Darren S.; Choudhury, Sutanay

In this demonstration we show the usefulness of our unifying graph-based model for the representation of infrastructure, behavior, and missions of cyber enterprise in both a software simulation and on an Amazon Web Services (AWS) instance. We show the effectiveness of our recommendation algorithm for preserving various system health metrics in both cases.

Towards Co-Engineering Communicating Autonomous Cyber-Physical Systems

NASA Technical Reports Server (NTRS)

Bujorianu, Marius C.; Bujorianu, Manuela L.

2009-01-01

In this paper, we sketch a framework for interdisciplinary modeling of space systems, by proposing a holistic view. We consider different system dimensions and their interaction. Specifically, we study the interactions between computation, physics, communication, uncertainty and autonomy. The most comprehensive computational paradigm that supports a holistic perspective on autonomous space systems is given by cyber-physical systems. For these, the state of art consists of collaborating multi-engineering efforts that prompt for an adequate formal foundation. To achieve this, we propose a leveraging of the traditional content of formal modeling by a co-engineering process.

Characterization of attacks on public telephone networks

NASA Astrophysics Data System (ADS)

Lorenz, Gary V.; Manes, Gavin W.; Hale, John C.; Marks, Donald; Davis, Kenneth; Shenoi, Sujeet

2001-02-01

The U.S. Public Telephone Network (PTN) is a massively connected distributed information systems, much like the Internet. PTN signaling, transmission and operations functions must be protected from physical and cyber attacks to ensure the reliable delivery of telecommunications services. The increasing convergence of PTNs with wireless communications systems, computer networks and the Internet itself poses serious threats to our nation's telecommunications infrastructure. Legacy technologies and advanced services encumber well-known and as of yet undiscovered vulnerabilities that render them susceptible to cyber attacks. This paper presents a taxonomy of cyber attacks on PTNs in converged environments that synthesizes exploits in computer and communications network domains. The taxonomy provides an opportunity for the systematic exploration of mitigative and preventive strategies, as well as for the identification and classification of emerging threats.

A game-theoretic method for cross-layer stochastic resilient control design in CPS

NASA Astrophysics Data System (ADS)

Shen, Jiajun; Feng, Dongqin

2018-03-01

In this paper, the cross-layer security problem of cyber-physical system (CPS) is investigated from the game-theoretic perspective. Physical dynamics of plant is captured by stochastic differential game with cyber-physical influence being considered. The sufficient and necessary condition for the existence of state-feedback equilibrium strategies is given. The attack-defence cyber interactions are formulated by a Stackelberg game intertwined with stochastic differential game in physical layer. The condition such that the Stackelberg equilibrium being unique and the corresponding analytical solutions are both provided. An algorithm is proposed for obtaining hierarchical security strategy by solving coupled games, which ensures the operational normalcy and cyber security of CPS subject to uncertain disturbance and unexpected cyberattacks. Simulation results are given to show the effectiveness and performance of the proposed algorithm.

Nondeducibility-Based Analysis of Cyber-Physical Systems

NASA Astrophysics Data System (ADS)

Gamage, Thoshitha; McMillin, Bruce

Controlling information flow in a cyber-physical system (CPS) is challenging because cyber domain decisions and actions manifest themselves as visible changes in the physical domain. This paper presents a nondeducibility-based observability analysis for CPSs. In many CPSs, the capacity of a low-level (LL) observer to deduce high-level (HL) actions ranges from limited to none. However, a collaborative set of observers strategically located in a network may be able to deduce all the HL actions. This paper models a distributed power electronics control device network using a simple DC circuit in order to understand the effect of multiple observers in a CPS. The analysis reveals that the number of observers required to deduce all the HL actions in a system increases linearly with the number of configurable units. A simple definition of nondeducibility based on the uniqueness of low-level projections is also presented. This definition is used to show that a system with two security domain levels could be considered “nondeducibility secure” if no unique LL projections exist.

Autonomous, Decentralized Grid Architecture: Prosumer-Based Distributed Autonomous Cyber-Physical Architecture for Ultra-Reliable Green Electricity Networks

DOE Office of Scientific and Technical Information (OSTI.GOV)

None

2012-01-11

GENI Project: Georgia Tech is developing a decentralized, autonomous, internet-like control architecture and control software system for the electric power grid. Georgia Tech’s new architecture is based on the emerging concept of electricity prosumers—economically motivated actors that can produce, consume, or store electricity. Under Georgia Tech’s architecture, all of the actors in an energy system are empowered to offer associated energy services based on their capabilities. The actors achieve their sustainability, efficiency, reliability, and economic objectives, while contributing to system-wide reliability and efficiency goals. This is in marked contrast to the current one-way, centralized control paradigm.

The reduction, verification and interpretation of MAGSAT magnetic data over Canada

NASA Technical Reports Server (NTRS)

Coles, R. L. (Principal Investigator); Haines, G. V.; Vanbeek, G. J.; Walker, J. K.; Newitt, L. R.

1982-01-01

Consideration is being given to representing the magnetic field in the area 40 deg N to 83 deg N by means of functions in spherical coordinates. A solution to Laplace's equation for the magnetic potential over a restricted area was found, and programming and testing are currently being carried out. Magnetic anomaly modelling is proceeding. The program SPHERE, which was adapted to function correctly on the Cyber computer, is now operational, for deriving gravity and magnetic models in a spherical coordinate system.

ModelPlex: Verified Runtime Validation of Verified Cyber-Physical System Models

DTIC Science & Technology

2014-07-01

nondeterministic choice (〈∪〉), deterministic assignment (〈:=〉) and logical con- nectives (∧ r etc.) replace current facts with simpler ones or branch...By sequent proof rule ∃ r , this existentially quantified variable is instantiated with an arbitrary term θ, which is often a new logical variable...that is implicitly existentially quantified [27]. Weakening (Wr) removes facts that are no longer necessary. (〈∗〉) ∃X〈x :=X〉φ 〈x := ∗〉φ 1 (∃ r ) Γ ` φ(θ

Kicking the digital dog: a longitudinal investigation of young adults' victimization and cyber-displaced aggression.

PubMed

Wright, Michelle F; Li, Yan

2012-09-01

Using the general strain theory as a theoretical framework, the present longitudinal study investigated both face-to-face and cyber victimization in relation to cyber-displaced aggression. Longitudinal data were collected from 130 (70 women) young adults who completed measures assessing their victimization (face-to-face and cyber), cyber aggression, and both face-to-face and cyber-displaced aggression. Findings indicated that victimization in both social contexts (face-to-face and cyber) contributed to cyber-displaced aggression 6 months later (Time 2), after controlling for gender, cyber aggression, face-to-face displaced aggression, and cyber-displaced aggression at Time 1. A significant two-way interaction revealed that Time 1 cyber victimization was more strongly related to Time 2 cyber-displaced aggression when young adults had higher levels of face-to-face victimization at Time 1. Implications of these findings are discussed as well as a call for more research investigating displaced aggression in the cyber context.

Towards a Standard for Highly Secure SCADA Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Carlson, R.

1998-09-25

The critical energy inkstructures include gas, OL and electric power. These Mrastructures are complex and interdependent nmvorks that are vital to the national secwiy and social well being of our nation. Many electric power systems depend upon gas and oil, while fossil energy delive~ systems depend upon elecnic power. The control mechanisms for these Mrastructures are often referred to as SCADA (Supmivry CkmdandDaU Ac@itz&z) systems. SCADA systems provide remote monitoring and centralized control for a distributed tmnsportation infmsmucture in order to facilitate delivery of a commodi~. AIthough many of the SCADA concepts developed in this paper can be applied tomore » automotive mmsponation systems, we will use transportation to refer to the movement of electrici~, gas, and oil. \\ Recently, there have been seveml reports suggesting that the widespread and increasing use of SCADA for control of energy systems provides an increasing opportuni~ for an advers~ to cause serious darnage to the energy inbstmcturei~. This damage could arise through cyber infiltration of the SCADA networks, by physically tampering with the control networks, or through a combination of both means. SCADA system threats decompose into cyber and physical threats. One solution to the SCADA security problem is to design a standard for a highly secure KA.DA system that is both cyber, and physdly secure. Not all-physical threats are possible to guard again% but of those threats that are, high security SCADA provides confidence that the system will continue to operate in their presence. One of the most important problems in SCADA securi~ is the relationship between the cyber and physical vulnerabilities. Cyber intrusion increases physical Vulnerabilities, while in the dual problem physical tampering increases cyber vulnerabilit.ies. There is potential for feedback and the precise dynamics need to be understood. As a first step towards a stan~ the goal of this paper is to facilitate a discussion of the requirements analysis for a highly secure SCADA system. The fi-arnework for the discussion consists of the identification of SCADA security investment areas coupled with the tradeoffs that will force compromises in the solution. For example, computational and bandwidth requirements of a security standard could force the replacement of entire SCADA systems. The requirements for a real-time response in a cascading electric power failure could pose limitations on authentication and encryption mechanisms. The shortest path to the development of a high securi~ SC.ADA standard will be achieved by leveraging existing standards efforts and ensuring that security is being properly addressed in those standards. The Utility Communications Architecture 2.o (UC@, for real-time utili~ decision control, represents one such standard. The development of a SCADA secwiy specification is a complex task that will benefit from a systems engineering approach.« less

Data-Aware Retrodiction for Asynchronous Harmonic Measurement in a Cyber-Physical Energy System

PubMed Central

Liu, Youda; Wang, Xue; Liu, Yanchi; Cui, Sujin

2016-01-01

Cyber-physical energy systems provide a networked solution for safety, reliability and efficiency problems in smart grids. On the demand side, the secure and trustworthy energy supply requires real-time supervising and online power quality assessing. Harmonics measurement is necessary in power quality evaluation. However, under the large-scale distributed metering architecture, harmonic measurement faces the out-of-sequence measurement (OOSM) problem, which is the result of latencies in sensing or the communication process and brings deviations in data fusion. This paper depicts a distributed measurement network for large-scale asynchronous harmonic analysis and exploits a nonlinear autoregressive model with exogenous inputs (NARX) network to reorder the out-of-sequence measuring data. The NARX network gets the characteristics of the electrical harmonics from practical data rather than the kinematic equations. Thus, the data-aware network approximates the behavior of the practical electrical parameter with real-time data and improves the retrodiction accuracy. Theoretical analysis demonstrates that the data-aware method maintains a reasonable consumption of computing resources. Experiments on a practical testbed of a cyber-physical system are implemented, and harmonic measurement and analysis accuracy are adopted to evaluate the measuring mechanism under a distributed metering network. Results demonstrate an improvement of the harmonics analysis precision and validate the asynchronous measuring method in cyber-physical energy systems. PMID:27548171

Multicriteria Decision Framework for Cybersecurity Risk Assessment and Management.

PubMed

Ganin, Alexander A; Quach, Phuoc; Panwar, Mahesh; Collier, Zachary A; Keisler, Jeffrey M; Marchese, Dayton; Linkov, Igor

2017-09-05

Risk assessors and managers face many difficult challenges related to novel cyber systems. Among these challenges are the constantly changing nature of cyber systems caused by technical advances, their distribution across the physical, information, and sociocognitive domains, and the complex network structures often including thousands of nodes. Here, we review probabilistic and risk-based decision-making techniques applied to cyber systems and conclude that existing approaches typically do not address all components of the risk assessment triplet (threat, vulnerability, consequence) and lack the ability to integrate across multiple domains of cyber systems to provide guidance for enhancing cybersecurity. We present a decision-analysis-based approach that quantifies threat, vulnerability, and consequences through a set of criteria designed to assess the overall utility of cybersecurity management alternatives. The proposed framework bridges the gap between risk assessment and risk management, allowing an analyst to ensure a structured and transparent process of selecting risk management alternatives. The use of this technique is illustrated for a hypothetical, but realistic, case study exemplifying the process of evaluating and ranking five cybersecurity enhancement strategies. The approach presented does not necessarily eliminate biases and subjectivity necessary for selecting countermeasures, but provides justifiable methods for selecting risk management actions consistent with stakeholder and decisionmaker values and technical data. Published 2017. This article is a U.S. Government work and is in the public domain in the U.S.A.

[Cyber-bullying in adolescents: associated psychosocial problems and comparison with school bullying].

PubMed

Kubiszewski, V; Fontaine, R; Huré, K; Rusch, E

2013-04-01

The aim of this study was to determine the prevalence of adolescents engaged in cyber-bullying and then to identify whether students involved in cyber- and school bullying present the same characteristics of internalizing problems (insomnia, perceived social disintegration, psychological distress) and externalizing problems (general aggressiveness, antisocial behavior). Semi-structured interviews were conducted with 738 adolescents from a high-school and a middle-school (mean age=14.8 ± 2.7). The Electronic Bullying Questionnaire and the Olweus Bully/Victim Questionnaire were used to identify profiles of cyber-bullying (cyber-victim, cyber-bully, cyber-bully/victim and cyber-neutral) and school bullying (victim, bully, bully/victim and neutral). Internalizing problems were investigated using the Athens Insomnia Scale, a Perceived Social Disintegration Scale and a Psychological Distress Scale. Externalizing problems were assessed using a General Aggressiveness Scale and an Antisocial Behavior Scale. Almost one student in four was involved in cyber-bullying (16.4% as cyber-victim, 4.9% as cyber-bully and 5.6% as cyber-bully/victim); 14% of our sample was engaged in school bullying as a victim, 7.2% as a bully and 2.8% as a bully/victim. The majority of adolescents involved in cyber-bullying were not involved in school bullying. With regard to the problems associated with school bullying, internalizing problems were more prevalent in victims and bully/victims, whereas externalizing problems were more common in bullies and bully/victims. A similar pattern was found in cyber-bullying where internalizing problems were characteristic of cyber-victims and cyber-bully/victims. Insomnia was elevated in the cyber-bully group which is specific to cyberbullying. General aggressiveness and antisocial behavior were more prevalent in cyber-bullies and cyber-bully/victims. Looking at the differences between types of bullying, victims of "school only" and "school and cyber" bullying had higher scores for insomnia and perceived social disintegration than victims of "cyber only" bullying or students "non-involved". Higher general aggressiveness scores were observed for "school only" bullies and "school and cyber" bullies than for bullies in "cyber only" bullying or students "non-involved". Regarding antisocial behavior, "school only" bullies, "cyber only" bullies, "school and cyber" bullies had higher scores than students "non-involved". This study highlights the importance of investigating both school and cyber-bullying as many psychosocial problems are linked to these two specific and highly prevalent forms of bullying. Copyright © 2012 L’Encéphale, Paris. Published by Elsevier Masson SAS. All rights reserved.

Cyber Security Research Frameworks For Coevolutionary Network Defense

DOE Office of Scientific and Technical Information (OSTI.GOV)

Rush, George D.; Tauritz, Daniel Remy

Several architectures have been created for developing and testing systems used in network security, but most are meant to provide a platform for running cyber security experiments as opposed to automating experiment processes. In the first paper, we propose a framework termed Distributed Cyber Security Automation Framework for Experiments (DCAFE) that enables experiment automation and control in a distributed environment. Predictive analysis of adversaries is another thorny issue in cyber security. Game theory can be used to mathematically analyze adversary models, but its scalability limitations restrict its use. Computational game theory allows us to scale classical game theory to larger,more » more complex systems. In the second paper, we propose a framework termed Coevolutionary Agent-based Network Defense Lightweight Event System (CANDLES) that can coevolve attacker and defender agent strategies and capabilities and evaluate potential solutions with a custom network defense simulation. The third paper is a continuation of the CANDLES project in which we rewrote key parts of the framework. Attackers and defenders have been redesigned to evolve pure strategy, and a new network security simulation is devised which specifies network architecture and adds a temporal aspect. We also add a hill climber algorithm to evaluate the search space and justify the use of a coevolutionary algorithm.« less

LINEBACKER: LINE-speed Bio-inspired Analysis and Characterization for Event Recognition

DOE Office of Scientific and Technical Information (OSTI.GOV)

Oehmen, Christopher S.; Bruillard, Paul J.; Matzke, Brett D.

2016-08-04

The cyber world is a complex domain, with digital systems mediating a wide spectrum of human and machine behaviors. While this is enabling a revolution in the way humans interact with each other and data, it also is exposing previously unreachable infrastructure to a worldwide set of actors. Existing solutions for intrusion detection and prevention that are signature-focused typically seek to detect anomalous and/or malicious activity for the sake of preventing or mitigating negative impacts. But a growing interest in behavior-based detection is driving new forms of analysis that move the emphasis from static indicators (e.g. rule-based alarms or tripwires)more » to behavioral indicators that accommodate a wider contextual perspective. Similar to cyber systems, biosystems have always existed in resource-constrained hostile environments where behaviors are tuned by context. So we look to biosystems as an inspiration for addressing behavior-based cyber challenges. In this paper, we introduce LINEBACKER, a behavior-model based approach to recognizing anomalous events in network traffic and present the design of this approach of bio-inspired and statistical models working in tandem to produce individualized alerting for a collection of systems. Preliminary results of these models operating on historic data are presented along with a plugin to support real-world cyber operations.« less

Predictors of willingness to use cyber counseling for college students with disabilities.

PubMed

Lan, Chu-Mei

2016-04-01

Cyber counseling is a new method for assisting people in coping with distress. People in Taiwan are more familiar with face-to-face counseling than with cyber counseling. Using computers is the most popular activity among college students with disabilities. Cyber counseling is effective for lessening client disturbance. Therefore, cyber counseling is an alternative to face-to-face counseling. This study measured the willingness of college students with disabilities to use cyber counseling to meet their mental health needs. In addition, the predictors of the willingness to use cyber counseling were explored. The subjects were college students with disabilities who were recruited from universities in Southern Taiwan through the Internet and in college counseling centers. A total of 214 structured questionnaires were collected and subsequently analyzed using SPSS Version 18.0 through stepwise regression for discovering the crucial predictors of the willingness of college students to use cyber counseling. The crucial predictors of the willingness of college students to use cyber counseling were cyber-counseling needs, the need for cyber-counseling methods (the need to use various cyber-counseling methods), a help-seeking attitude in cyber counseling, a hearing disorder, cyber counseling need for academic achievement, and grade level. The explained proportion of variance was 65.4%. The willingness of college students with disabilities to use cyber counseling was explained according to cyber-counseling needs, cyber-counseling attitudes, disease type, and grades. Based on the results, this study offers specific suggestions and future directions for research on cyber counseling for college students with disabilities. Copyright © 2016 Elsevier Inc. All rights reserved.

Risk Assessment of Power System considering the CPS of Transformers

NASA Astrophysics Data System (ADS)

Zhou, Long; Peng, Zewu; Liu, Xindong; Li, Canbing; Chen, Can

2018-02-01

This paper constructs a risk assessment framework of power system for device-level information security, analyzes the typical protection configuration of power transformers, and takes transformer gas protection and differential protection as examples to put forward a method that analyzes the cyber security in electric power system, which targets transformer protection parameters. We estimate the risk of power system accounting for the cyber security of transformer through utilizing Monte Carlo method and two indexes, which are the loss of load probability and the expected demand not supplied. The proposed approach is tested with IEEE 9 bus system and IEEE 118 bus system.

Finite Energy and Bounded Actuator Attacks on Cyber-Physical Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Djouadi, Seddik M; Melin, Alexander M; Ferragut, Erik M

As control system networks are being connected to enterprise level networks for remote monitoring, operation, and system-wide performance optimization, these same connections are providing vulnerabilities that can be exploited by malicious actors for attack, financial gain, and theft of intellectual property. Much effort in cyber-physical system (CPS) protection has focused on protecting the borders of the system through traditional information security techniques. Less effort has been applied to the protection of cyber-physical systems from intelligent attacks launched after an attacker has defeated the information security protections to gain access to the control system. In this paper, attacks on actuator signalsmore » are analyzed from a system theoretic context. The threat surface is classified into finite energy and bounded attacks. These two broad classes encompass a large range of potential attacks. The effect of theses attacks on a linear quadratic (LQ) control are analyzed, and the optimal actuator attacks for both finite and infinite horizon LQ control are derived, therefore the worst case attack signals are obtained. The closed-loop system under the optimal attack signals is given and a numerical example illustrating the effect of an optimal bounded attack is provided.« less

Three tenets for secure cyber-physical system design and assessment

NASA Astrophysics Data System (ADS)

Hughes, Jeff; Cybenko, George

2014-06-01

This paper presents a threat-driven quantitative mathematical framework for secure cyber-physical system design and assessment. Called The Three Tenets, this originally empirical approach has been used by the US Air Force Research Laboratory (AFRL) for secure system research and development. The Tenets were first documented in 2005 as a teachable methodology. The Tenets are motivated by a system threat model that itself consists of three elements which must exist for successful attacks to occur: - system susceptibility; - threat accessibility and; - threat capability. The Three Tenets arise naturally by countering each threat element individually. Specifically, the tenets are: Tenet 1: Focus on What's Critical - systems should include only essential functions (to reduce susceptibility); Tenet 2: Move Key Assets Out-of-Band - make mission essential elements and security controls difficult for attackers to reach logically and physically (to reduce accessibility); Tenet 3: Detect, React, Adapt - confound the attacker by implementing sensing system elements with dynamic response technologies (to counteract the attackers' capabilities). As a design methodology, the Tenets mitigate reverse engineering and subsequent attacks on complex systems. Quantified by a Bayesian analysis and further justified by analytic properties of attack graph models, the Tenets suggest concrete cyber security metrics for system assessment.

Providing security assurance in line with national DBT assumptions

NASA Astrophysics Data System (ADS)

Bajramovic, Edita; Gupta, Deeksha

2017-01-01

As worldwide energy requirements are increasing simultaneously with climate change and energy security considerations, States are thinking about building nuclear power to fulfill their electricity requirements and decrease their dependence on carbon fuels. New nuclear power plants (NPPs) must have comprehensive cybersecurity measures integrated into their design, structure, and processes. In the absence of effective cybersecurity measures, the impact of nuclear security incidents can be severe. Some of the current nuclear facilities were not specifically designed and constructed to deal with the new threats, including targeted cyberattacks. Thus, newcomer countries must consider the Design Basis Threat (DBT) as one of the security fundamentals during design of physical and cyber protection systems of nuclear facilities. IAEA NSS 10 describes the DBT as "comprehensive description of the motivation, intentions and capabilities of potential adversaries against which protection systems are designed and evaluated". Nowadays, many threat actors, including hacktivists, insider threat, cyber criminals, state and non-state groups (terrorists) pose security risks to nuclear facilities. Threat assumptions are made on a national level. Consequently, threat assessment closely affects the design structures of nuclear facilities. Some of the recent security incidents e.g. Stuxnet worm (Advanced Persistent Threat) and theft of sensitive information in South Korea Nuclear Power Plant (Insider Threat) have shown that these attacks should be considered as the top threat to nuclear facilities. Therefore, the cybersecurity context is essential for secure and safe use of nuclear power. In addition, States should include multiple DBT scenarios in order to protect various target materials, types of facilities, and adversary objectives. Development of a comprehensive DBT is a precondition for the establishment and further improvement of domestic state nuclear-related regulations in the field of physical and cyber protection. These national regulations have to be met later on by I&C platform suppliers, electrical systems suppliers, system integrators and turn-key providers.

Cyber Exercise Playbook

DTIC Science & Technology

2014-11-01

unclassified tools and techniques that can be shared with PNs, to include social engineering, spear phishing , fake web sites, physical access attempts, and...and instead rely on commercial services such as Yahoo or Google . Some nations have quite advanced cyber security practices, but may take vastly...unauthorized access to data/systems Inject external network scanning, email phishing , malicious website access, social engineering Sample

DOE Office of Scientific and Technical Information (OSTI.GOV)

Troy Hiltbrand; Daniel Jones

As we look at the cyber security ecosystem, are we planning to fight the battle as we did yesterday, with firewalls and intrusion detection systems (IDS), or are we sensing a change in how security is evolving and planning accordingly? With the technology enablement and possible financial benefits of cloud computing, the traditional tools for establishing and maintaining our cyber security ecosystems are being dramatically altered.

The Relationships between Cyber Bullying, Academic Constructs, and Extracurricular Participation among Middle Schoolers

ERIC Educational Resources Information Center

Shamel, Kimberly A.

2013-01-01

Bullying is a large scale social problem impacting educational systems nationwide, and has been linked to negative outcomes for both bullies and targets. Bullying has become more highly technological and is most often referred to as cyber bullying. Bullies have begun to use the internet, social networking sites, e-mail, instant messaging (IM),…

For the Common Defense of Cyberspace: Implications of a US Cyber Militia on Department of Defense Cyber Operations

DTIC Science & Technology

2015-06-12

the Common Defense of Cyberspace: Implications of a US Cyber Militia on Department of Defense Cyber Operations 5a. CONTRACT NUMBER 5b. GRANT ...20130423/ NEWS/304230016/Navy-wants-1-000-more-cyber-warriors. 33 Edward Cardon , “Army Cyber Capabilities” (Lecture, Advanced Operations Course...Finally, once a cyber security professional is trained, many argue, to include the head of Army’s Cyber Command, Lieutenant General Edward Cardon

Efficient evaluation of wireless real-time control networks.

PubMed

Horvath, Peter; Yampolskiy, Mark; Koutsoukos, Xenofon

2015-02-11

In this paper, we present a system simulation framework for the design and performance evaluation of complex wireless cyber-physical systems. We describe the simulator architecture and the specific developments that are required to simulate cyber-physical systems relying on multi-channel, multihop mesh networks. We introduce realistic and efficient physical layer models and a system simulation methodology, which provides statistically significant performance evaluation results with low computational complexity. The capabilities of the proposed framework are illustrated in the example of WirelessHART, a centralized, real-time, multi-hop mesh network designed for industrial control and monitor applications.

Extending human proprioception to cyber-physical systems

NASA Astrophysics Data System (ADS)

Keller, Kevin; Robinson, Ethan; Dickstein, Leah; Hahn, Heidi A.; Cattaneo, Alessandro; Mascareñas, David

2016-04-01

Despite advances in computational cognition, there are many cyber-physical systems where human supervision and control is desirable. One pertinent example is the control of a robot arm, which can be found in both humanoid and commercial ground robots. Current control mechanisms require the user to look at several screens of varying perspective on the robot, then give commands through a joystick-like mechanism. This control paradigm fails to provide the human operator with an intuitive state feedback, resulting in awkward and slow behavior and underutilization of the robot's physical capabilities. To overcome this bottleneck, we introduce a new human-machine interface that extends the operator's proprioception by exploiting sensory substitution. Humans have a proprioceptive sense that provides us information on how our bodies are configured in space without having to directly observe our appendages. We constructed a wearable device with vibrating actuators on the forearm, where frequency of vibration corresponds to the spatial configuration of a robotic arm. The goal of this interface is to provide a means to communicate proprioceptive information to the teleoperator. Ultimately we will measure the change in performance (time taken to complete the task) achieved by the use of this interface.

Lessons Learned in Over a Decade of Technical Support for U.S. Nuclear Cyber Security Programmes

DOE Office of Scientific and Technical Information (OSTI.GOV)

Glantz, Clifford S.; Landine, Guy P.; Craig, Philip A.

Pacific Northwest National Laboratory’s (PNNL) nuclear cyber security team has been providing technical support to the U.S. Nuclear Regulatory Commission (NRC) since 2002. This team has provided cyber security technical experties in conducting cyber security inspections, developing of regulatory rules and guidance, reviewing facility cyber security plans, developing inspection guidance, and developing and teaching NRC inspectors how to conduct cyber security assessments. The extensive experience the PNNL team has gathered has allowed them to compile a lenghty list of recommendations on how to improve cyber security programs and conduct assessments. A selected set of recommendations are presented, including the needmore » to: integrate an array of defenisve strategies into a facility’s cyber security program, coordinate physical and cyber security activities, train phycial security forces to resist a cyber-enabled physical attack, improve estimates of the consequences of a cyber attack, properly resource cyber security assessments, appropropriately account for insider threats, routinely monitor security devices for potential attacks, supplement compliance-based requirements with risk-based decision making, and introduce the concept of resilience into cyber security programs.« less

QuEST for malware type-classification

NASA Astrophysics Data System (ADS)

Vaughan, Sandra L.; Mills, Robert F.; Grimaila, Michael R.; Peterson, Gilbert L.; Oxley, Mark E.; Dube, Thomas E.; Rogers, Steven K.

2015-05-01

Current cyber-related security and safety risks are unprecedented, due in no small part to information overload and skilled cyber-analyst shortages. Advances in decision support and Situation Awareness (SA) tools are required to support analysts in risk mitigation. Inspired by human intelligence, research in Artificial Intelligence (AI) and Computational Intelligence (CI) have provided successful engineering solutions in complex domains including cyber. Current AI approaches aggregate large volumes of data to infer the general from the particular, i.e. inductive reasoning (pattern-matching) and generally cannot infer answers not previously programmed. Whereas humans, rarely able to reason over large volumes of data, have successfully reached the top of the food chain by inferring situations from partial or even partially incorrect information, i.e. abductive reasoning (pattern-completion); generating a hypothetical explanation of observations. In order to achieve an engineering advantage in computational decision support and SA we leverage recent research in human consciousness, the role consciousness plays in decision making, modeling the units of subjective experience which generate consciousness, qualia. This paper introduces a novel computational implementation of a Cognitive Modeling Architecture (CMA) which incorporates concepts of consciousness. We apply our model to the malware type-classification task. The underlying methodology and theories are generalizable to many domains.

Decentralized State Estimation and Remedial Control Action for Minimum Wind Curtailment Using Distributed Computing Platform

DOE PAGES

Liu, Ren; Srivastava, Anurag K.; Bakken, David E.; ...

2017-08-17

Intermittency of wind energy poses a great challenge for power system operation and control. Wind curtailment might be necessary at the certain operating condition to keep the line flow within the limit. Remedial Action Scheme (RAS) offers quick control action mechanism to keep reliability and security of the power system operation with high wind energy integration. In this paper, a new RAS is developed to maximize the wind energy integration without compromising the security and reliability of the power system based on specific utility requirements. A new Distributed Linear State Estimation (DLSE) is also developed to provide the fast andmore » accurate input data for the proposed RAS. A distributed computational architecture is designed to guarantee the robustness of the cyber system to support RAS and DLSE implementation. The proposed RAS and DLSE is validated using the modified IEEE-118 Bus system. Simulation results demonstrate the satisfactory performance of the DLSE and the effectiveness of RAS. Real-time cyber-physical testbed has been utilized to validate the cyber-resiliency of the developed RAS against computational node failure.« less

Decentralized State Estimation and Remedial Control Action for Minimum Wind Curtailment Using Distributed Computing Platform

DOE Office of Scientific and Technical Information (OSTI.GOV)

Liu, Ren; Srivastava, Anurag K.; Bakken, David E.

Intermittency of wind energy poses a great challenge for power system operation and control. Wind curtailment might be necessary at the certain operating condition to keep the line flow within the limit. Remedial Action Scheme (RAS) offers quick control action mechanism to keep reliability and security of the power system operation with high wind energy integration. In this paper, a new RAS is developed to maximize the wind energy integration without compromising the security and reliability of the power system based on specific utility requirements. A new Distributed Linear State Estimation (DLSE) is also developed to provide the fast andmore » accurate input data for the proposed RAS. A distributed computational architecture is designed to guarantee the robustness of the cyber system to support RAS and DLSE implementation. The proposed RAS and DLSE is validated using the modified IEEE-118 Bus system. Simulation results demonstrate the satisfactory performance of the DLSE and the effectiveness of RAS. Real-time cyber-physical testbed has been utilized to validate the cyber-resiliency of the developed RAS against computational node failure.« less

Managing large-scale workflow execution from resource provisioning to provenance tracking: The CyberShake example

USGS Publications Warehouse

Deelman, E.; Callaghan, S.; Field, E.; Francoeur, H.; Graves, R.; Gupta, N.; Gupta, V.; Jordan, T.H.; Kesselman, C.; Maechling, P.; Mehringer, J.; Mehta, G.; Okaya, D.; Vahi, K.; Zhao, L.

2006-01-01

This paper discusses the process of building an environment where large-scale, complex, scientific analysis can be scheduled onto a heterogeneous collection of computational and storage resources. The example application is the Southern California Earthquake Center (SCEC) CyberShake project, an analysis designed to compute probabilistic seismic hazard curves for sites in the Los Angeles area. We explain which software tools were used to build to the system, describe their functionality and interactions. We show the results of running the CyberShake analysis that included over 250,000 jobs using resources available through SCEC and the TeraGrid. ?? 2006 IEEE.

Cyber Warfare: China’s Strategy to Dominate in Cyber Space

DTIC Science & Technology

2011-06-10

CYBER WARFARE : CHINA‘S STRATEGY TO DOMINATE IN CYBER SPACE A thesis presented to the Faculty of the U.S. Army Command and...warfare supports the use of cyber warfare in future conflict. The IW militia unit organization provides each Chinese military region commander with...China, Strategy, Cyber Warfare , Cyber Space, Information Warfare, Electronic Warfare 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT 18

U.S. Command Relationships in the Conduct of Cyber Warfare: Establishment, Exercise, and Institutionalization of Cyber Coordinating Authority

DTIC Science & Technology

2010-05-03

FINAL 3. DATES COVERED (From - To) 4. TITLE AND SUBTITLE U.S. Command Relationships in the Conduct of Cyber Warfare : Establishment...U.S. Command Relationships in the Conduct of Cyber Warfare : Establishment, Exercise, and Institutionalization of Cyber Coordinating Authority...Relationships in the Conduct of Cyber Warfare : Establishment, Exercise, and Institutionalization of Cyber Coordinating Authority The character of

Enhanced Training for Cyber Situational Awareness in Red versus Blue Team Exercises

DOE Office of Scientific and Technical Information (OSTI.GOV)

Carbajal, Armida J.; Stevens-Adams, Susan Marie; Silva, Austin Ray

This report summarizes research conducted through the Sandia National Laboratories Enhanced Training for Cyber Situational Awareness in Red Versus Blue Team Exercises Laboratory Directed Research and Development project. The objective of this project was to advance scientific understanding concerning how to best structure training for cyber defenders. Two modes of training were considered. The baseline training condition (Tool-Based training) was based on current practices where classroom instruction focuses on the functions of a software tool with various exercises in which students apply those functions. In the second training condition (Narrative-Based training), classroom instruction addressed software functions, but in the contextmore » of adversary tactics and techniques. It was hypothesized that students receiving narrative-based training would gain a deeper conceptual understanding of the software tools and this would be reflected in better performance within a red versus blue team exercise.« less

From MetroII to Metronomy, Designing Contract-based Function-Architecture Co-simulation Framework for Timing Verification of Cyber-Physical Systems

DTIC Science & Technology

2015-03-13

A. Lee. “A Programming Model for Time - Synchronized Distributed Real- Time Systems”. In: Proceedings of Real Time and Em- bedded Technology and Applications Symposium. 2007, pp. 259–268. ...From MetroII to Metronomy, Designing Contract-based Function-Architecture Co-simulation Framework for Timing Verification of Cyber-Physical Systems...the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data

Characterizing and Measuring Maliciousness for Cybersecurity Risk Assessment

PubMed Central

King, Zoe M.; Henshel, Diane S.; Flora, Liberty; Cains, Mariana G.; Hoffman, Blaine; Sample, Char

2018-01-01

Cyber attacks have been increasingly detrimental to networks, systems, and users, and are increasing in number and severity globally. To better predict system vulnerabilities, cybersecurity researchers are developing new and more holistic approaches to characterizing cybersecurity system risk. The process must include characterizing the human factors that contribute to cyber security vulnerabilities and risk. Rationality, expertise, and maliciousness are key human characteristics influencing cyber risk within this context, yet maliciousness is poorly characterized in the literature. There is a clear absence of literature pertaining to human factor maliciousness as it relates to cybersecurity and only limited literature relating to aspects of maliciousness in other disciplinary literatures, such as psychology, sociology, and law. In an attempt to characterize human factors as a contribution to cybersecurity risk, the Cybersecurity Collaborative Research Alliance (CSec-CRA) has developed a Human Factors risk framework. This framework identifies the characteristics of an attacker, user, or defender, all of whom may be adding to or mitigating against cyber risk. The maliciousness literature and the proposed maliciousness assessment metrics are discussed within the context of the Human Factors Framework and Ontology. Maliciousness is defined as the intent to harm. Most maliciousness cyber research to date has focused on detecting malicious software but fails to analyze an individual’s intent to do harm to others by deploying malware or performing malicious attacks. Recent efforts to identify malicious human behavior as it relates to cybersecurity, include analyzing motives driving insider threats as well as user profiling analyses. However, cyber-related maliciousness is neither well-studied nor is it well understood because individuals are not forced to expose their true selves to others while performing malicious attacks. Given the difficulty of interviewing malicious-behaving individuals and the potential untrustworthy nature of their responses, we aim to explore the maliciousness as a human factor through the observable behaviors and attributes of an individual from their actions and interactions with society and networks, but to do so we will need to develop a set of analyzable metrics. The purpose of this paper is twofold: (1) to review human maliciousness-related literature in diverse disciplines (sociology, economics, law, psychology, philosophy, informatics, terrorism, and cybersecurity); and (2) to identify an initial set of proposed assessment metrics and instruments that might be culled from in a future effort to characterize human maliciousness within the cyber realm. The future goal is to integrate these assessment metrics into holistic cybersecurity risk analyses to determine the risk an individual poses to themselves as well as other networks, systems, and/or users. PMID:29459838

Characterizing and Measuring Maliciousness for Cybersecurity Risk Assessment.

PubMed

King, Zoe M; Henshel, Diane S; Flora, Liberty; Cains, Mariana G; Hoffman, Blaine; Sample, Char

2018-01-01

Cyber attacks have been increasingly detrimental to networks, systems, and users, and are increasing in number and severity globally. To better predict system vulnerabilities, cybersecurity researchers are developing new and more holistic approaches to characterizing cybersecurity system risk. The process must include characterizing the human factors that contribute to cyber security vulnerabilities and risk. Rationality, expertise, and maliciousness are key human characteristics influencing cyber risk within this context, yet maliciousness is poorly characterized in the literature. There is a clear absence of literature pertaining to human factor maliciousness as it relates to cybersecurity and only limited literature relating to aspects of maliciousness in other disciplinary literatures, such as psychology, sociology, and law. In an attempt to characterize human factors as a contribution to cybersecurity risk, the Cybersecurity Collaborative Research Alliance (CSec-CRA) has developed a Human Factors risk framework. This framework identifies the characteristics of an attacker, user, or defender, all of whom may be adding to or mitigating against cyber risk. The maliciousness literature and the proposed maliciousness assessment metrics are discussed within the context of the Human Factors Framework and Ontology. Maliciousness is defined as the intent to harm. Most maliciousness cyber research to date has focused on detecting malicious software but fails to analyze an individual's intent to do harm to others by deploying malware or performing malicious attacks. Recent efforts to identify malicious human behavior as it relates to cybersecurity, include analyzing motives driving insider threats as well as user profiling analyses. However, cyber-related maliciousness is neither well-studied nor is it well understood because individuals are not forced to expose their true selves to others while performing malicious attacks. Given the difficulty of interviewing malicious-behaving individuals and the potential untrustworthy nature of their responses, we aim to explore the maliciousness as a human factor through the observable behaviors and attributes of an individual from their actions and interactions with society and networks, but to do so we will need to develop a set of analyzable metrics. The purpose of this paper is twofold: (1) to review human maliciousness-related literature in diverse disciplines (sociology, economics, law, psychology, philosophy, informatics, terrorism, and cybersecurity); and (2) to identify an initial set of proposed assessment metrics and instruments that might be culled from in a future effort to characterize human maliciousness within the cyber realm. The future goal is to integrate these assessment metrics into holistic cybersecurity risk analyses to determine the risk an individual poses to themselves as well as other networks, systems, and/or users.

Improving Control System Cyber-State Awareness using Known Secure Sensor Measurements

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ondrej Linda; Milos Manic; Miles McQueen

Abstract—This paper presents design and simulation of a low cost and low false alarm rate method for improved cyber-state awareness of critical control systems - the Known Secure Sensor Measurements (KSSM) method. The KSSM concept relies on physical measurements to detect malicious falsification of the control systems state. The KSSM method can be incrementally integrated with already installed control systems for enhanced resilience. This paper reviews the previously developed theoretical KSSM concept and then describes a simulation of the KSSM system. A simulated control system network is integrated with the KSSM components. The effectiveness of detection of various intrusion scenariosmore » is demonstrated on several control system network topologies.« less

Cyber-Terrorism and Cyber-Crime: There Is a Difference

DTIC Science & Technology

The terms cyber -terrorism and cyber -crime have many varying definitions depending on who is defining them. For example, individuals with expertise in...considerations and, when investigating a cyber -attack, procedural considerations. By examining the strengths and weaknesses of several definitions offered by...national security, law enforcement, industry, law, and scholars, this research constructs a list of parameters to consider when formulating definitions for cyber -terrorism and cyber -crime.

In vivo dose measurement using TLDs and MOSFET dosimeters for cardiac radiosurgery.

PubMed

Gardner, Edward A; Sumanaweera, Thilaka S; Blanck, Oliver; Iwamura, Alyson K; Steel, James P; Dieterich, Sonja; Maguire, Patrick

2012-05-10

In vivo measurements were made of the dose delivered to animal models in an effort to develop a method for treating cardiac arrhythmia using radiation. This treatment would replace RF energy (currently used to create cardiac scar) with ionizing radiation. In the current study, the pulmonary vein ostia of animal models were irradiated with 6 MV X-rays in order to produce a scar that would block aberrant signals characteristic of atrial fibrillation. The CyberKnife radiosurgery system was used to deliver planned treatments of 20-35 Gy in a single fraction to four animals. The Synchrony system was used to track respiratory motion of the heart, while the contractile motion of the heart was untracked. The dose was measured on the epicardial surface near the right pulmonary vein and on the esophagus using surgically implanted TLD dosimeters, or in the coronary sinus using a MOSFET dosimeter placed using a catheter. The doses measured on the epicardium with TLDs averaged 5% less than predicted for those locations, while doses measured in the coronary sinus with the MOSFET sensor nearest the target averaged 6% less than the predicted dose. The measurements on the esophagus averaged 25% less than predicted. These results provide an indication of the accuracy with which the treatment planning methods accounted for the motion of the target, with its respiratory and cardiac components. This is the first report on the accuracy of CyberKnife dose delivery to cardiac targets.

Multicenter evaluation of a synthetic single-crystal diamond detector for CyberKnife small field size output factors.

PubMed

Russo, Serenella; Masi, Laura; Francescon, Paolo; Frassanito, Maria Cristina; Fumagalli, Maria Luisa; Marinelli, Marco; Falco, Maria Daniela; Martinotti, Anna Stefania; Pimpinella, Maria; Reggiori, Giacomo; Verona Rinati, Gianluca; Vigorito, Sabrina; Mancosu, Pietro

2016-04-01

The aim of the present work was to evaluate small field size output factors (OFs) using the latest diamond detector commercially available, PTW-60019 microDiamond, over different CyberKnife systems. OFs were measured also by silicon detectors routinely used by each center, considered as reference. Five Italian CyberKnife centers performed OFs measurements for field sizes ranging from 5 to 60mm, defined by fixed circular collimators (5 centers) and by Iris(™) variable aperture collimator (4 centers). Setup conditions were: 80cm source to detector distance, and 1.5cm depth in water. To speed up measurements two diamond detectors were used and their equivalence was evaluated. MonteCarlo (MC) correction factors for silicon detectors were used for comparing the OF measurements. Considering OFs values averaged over all centers, diamond data resulted lower than uncorrected silicon diode ones. The agreement between diamond and MC corrected silicon values was within 0.6% for all fixed circular collimators. Relative differences between microDiamond and MC corrected silicon diodes data for Iris(™) collimator were lower than 1.0% for all apertures in the totality of centers. The two microDiamond detectors showed similar characteristics, in agreement with the technical specifications. Excellent agreement between microDiamond and MC corrected silicon diode detectors OFs was obtained for both collimation systems fixed cones and Iris(™), demonstrating the microDiamond could be a suitable detector for CyberKnife commissioning and routine checks. These results obtained in five centers suggest that for CyberKnife systems microDiamond can be used without corrections even at the smallest field size. Copyright © 2016 Associazione Italiana di Fisica Medica. Published by Elsevier Ltd. All rights reserved.

Defense of Cyber Infrastructures Against Cyber-Physical Attacks Using Game-Theoretic Models

DOE PAGES

Rao, Nageswara S. V.; Poole, Stephen W.; Ma, Chris Y. T.; ...

2015-04-06

The operation of cyber infrastructures relies on both cyber and physical components, which are subject to incidental and intentional degradations of different kinds. Within the context of network and computing infrastructures, we study the strategic interactions between an attacker and a defender using game-theoretic models that take into account both cyber and physical components. The attacker and defender optimize their individual utilities expressed as sums of cost and system terms. First, we consider a Boolean attack-defense model, wherein the cyber and physical sub-infrastructures may be attacked and reinforced as individual units. Second, we consider a component attack-defense model wherein theirmore » components may be attacked and defended, and the infrastructure requires minimum numbers of both to function. We show that the Nash equilibrium under uniform costs in both cases is computable in polynomial time, and it provides high-level deterministic conditions for the infrastructure survival. When probabilities of successful attack and defense, and of incidental failures are incorporated into the models, the results favor the attacker but otherwise remain qualitatively similar. This approach has been motivated and validated by our experiences with UltraScience Net infrastructure, which was built to support high-performance network experiments. In conclusion, the analytical results, however, are more general, and we apply them to simplified models of cloud and high-performance computing infrastructures.« less

Defense of Cyber Infrastructures Against Cyber-Physical Attacks Using Game-Theoretic Models

DOE Office of Scientific and Technical Information (OSTI.GOV)

Rao, Nageswara S. V.; Poole, Stephen W.; Ma, Chris Y. T.

The operation of cyber infrastructures relies on both cyber and physical components, which are subject to incidental and intentional degradations of different kinds. Within the context of network and computing infrastructures, we study the strategic interactions between an attacker and a defender using game-theoretic models that take into account both cyber and physical components. The attacker and defender optimize their individual utilities expressed as sums of cost and system terms. First, we consider a Boolean attack-defense model, wherein the cyber and physical sub-infrastructures may be attacked and reinforced as individual units. Second, we consider a component attack-defense model wherein theirmore » components may be attacked and defended, and the infrastructure requires minimum numbers of both to function. We show that the Nash equilibrium under uniform costs in both cases is computable in polynomial time, and it provides high-level deterministic conditions for the infrastructure survival. When probabilities of successful attack and defense, and of incidental failures are incorporated into the models, the results favor the attacker but otherwise remain qualitatively similar. This approach has been motivated and validated by our experiences with UltraScience Net infrastructure, which was built to support high-performance network experiments. In conclusion, the analytical results, however, are more general, and we apply them to simplified models of cloud and high-performance computing infrastructures.« less

Defense of Cyber Infrastructures Against Cyber-Physical Attacks Using Game-Theoretic Models.

PubMed

Rao, Nageswara S V; Poole, Stephen W; Ma, Chris Y T; He, Fei; Zhuang, Jun; Yau, David K Y

2016-04-01

The operation of cyber infrastructures relies on both cyber and physical components, which are subject to incidental and intentional degradations of different kinds. Within the context of network and computing infrastructures, we study the strategic interactions between an attacker and a defender using game-theoretic models that take into account both cyber and physical components. The attacker and defender optimize their individual utilities, expressed as sums of cost and system terms. First, we consider a Boolean attack-defense model, wherein the cyber and physical subinfrastructures may be attacked and reinforced as individual units. Second, we consider a component attack-defense model wherein their components may be attacked and defended, and the infrastructure requires minimum numbers of both to function. We show that the Nash equilibrium under uniform costs in both cases is computable in polynomial time, and it provides high-level deterministic conditions for the infrastructure survival. When probabilities of successful attack and defense, and of incidental failures, are incorporated into the models, the results favor the attacker but otherwise remain qualitatively similar. This approach has been motivated and validated by our experiences with UltraScience Net infrastructure, which was built to support high-performance network experiments. The analytical results, however, are more general, and we apply them to simplified models of cloud and high-performance computing infrastructures. © 2015 Society for Risk Analysis.

Personnel Recovery in Space

DTIC Science & Technology

2016-07-13

adequate security testing , and segment their networks and systems into separate defended enclaves. Finally, cyber defenders should posi- tion themselves...explicitly tied to following security practices, and there should be consequences for security failures that are regularly tested via a continuing testing ...program. Users should be routinely tested and probed, and those who do not perform well should face escalating consequences. For example, cyber

New Tools for a New Terrain Air Force Support to Special Operations in the Cyber Environment

DTIC Science & Technology

2016-08-01

54 3 PREFACE As a career targeteer for the US...capabilities of a toolkit of cyber options, from hardware on the front lines to “digital reachback” relationships with USCYBERCOM, is to leave...of career fields, including, but not limited to, cyberspace operations, intelligence, aircrew operations, command and control systems operations, and

Dynamic Analytics-Driven Assessment of Vulnerabilities and Exploitation

DTIC Science & Technology

2016-07-15

integration with big data technologies such as Hadoop , nor does it natively support exporting of events to external relational databases. OSSIM supports...power of big data analytics to determine correlations and temporal causality among vulnerabilities and cyber events. The vulnerability dependencies...via the SCAPE (formerly known as LLCySA [6]). This is illustrated as a big data cyber analytic system architecture in

Self-Development for Cyber Warriors

DTIC Science & Technology

2011-11-10

Aggressive self-development is a critical task for the cyber warfare professional. No matter the quality, formal training and education programs age...Books and Science Fiction); Technology and Cyber-Related Magazines and Blogs; Specific Cyber Warfare Journal and Magazine Articles; Key Documents on...the strengths and weaknesses of the major donor career fields to the cyber workforce, and a Self-Assessment of Cyber Domain Expertise for readers who wish to assess their own cyber warfare expertise.

Cyber-physical experiments on the efficiency of swimming protocols

NASA Astrophysics Data System (ADS)

Wei, Nathaniel; Floryan, Daniel; van Buren, Tyler; Smits, Alexander

2016-11-01

We present results from experiments on a biologically inspired cyber-physical system, composed of a two-dimensional heaving and pitching rigid airfoil attached to a six component load cell, mounted to a traverse that can move along a water channel. A feedback controller, influenced by the apparatus of Mackowski and Williamson, introduces the effects of a fictional drag force specified by a virtual body profile and drives the traverse accordingly. Free-swimming protocols using the force-feedback system are compared with similar motions on a motionless traverse. The propulsive efficiency of burst-and-coast kinematics is also considered. Of particular interest are (1) the implementation of the cyber-physical control system with respect to the accessible experimental parameter space, (2) the impact of force-based streamwise actuation on experimental data, and (3) the effects of burst-and-coast motions on propulsive efficiency. The work was supported by the Office of Naval Research (ONR) under MURI Grant N00014-14-1-0533.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Happenny, Sean F.

The United States’ power infrastructure is aging, underfunded, and vulnerable to cyber attack. Emerging smart grid technologies may take some of the burden off of existing systems and make the grid as a whole more efficient, reliable, and secure. The Pacific Northwest National Laboratory (PNNL) is funding research into several aspects of smart grid technology and grid security, creating a software simulation tool that will allow researchers to test power distribution networks utilizing different smart grid technologies to determine how the grid and these technologies react under different circumstances. Demonstrating security in embedded systems is another research area PNNL ismore » tackling. Many of the systems controlling the U.S. critical infrastructure, such as the power grid, lack integrated security and the networks protecting them are becoming easier to breach. Providing a virtual power substation network to each student team at the National Collegiate Cyber Defense Competition, thereby supporting the education of future cyber security professionals, is another way PNNL is helping to strengthen the security of the nation’s power infrastructure.« less

Cybersecurity through Real-Time Distributed Control Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Kisner, Roger A; Manges, Wayne W; MacIntyre, Lawrence Paul

2010-04-01

Critical infrastructure sites and facilities are becoming increasingly dependent on interconnected physical and cyber-based real-time distributed control systems (RTDCSs). A mounting cybersecurity threat results from the nature of these ubiquitous and sometimes unrestrained communications interconnections. Much work is under way in numerous organizations to characterize the cyber threat, determine means to minimize risk, and develop mitigation strategies to address potential consequences. While it seems natural that a simple application of cyber-protection methods derived from corporate business information technology (IT) domain would lead to an acceptable solution, the reality is that the characteristics of RTDCSs make many of those methods inadequatemore » and unsatisfactory or even harmful. A solution lies in developing a defense-in-depth approach that ranges from protection at communications interconnect levels ultimately to the control system s functional characteristics that are designed to maintain control in the face of malicious intrusion. This paper summarizes the nature of RTDCSs from a cybersecurity perspec tive and discusses issues, vulnerabilities, candidate mitigation approaches, and metrics.« less

Impact of Alleged Russian Cyber Attacks

DTIC Science & Technology

2009-05-01

security. 15. SUBJECT TERMS Cyber Security, Cyber Warfare , Estonia, Georgia, Russian Federation Cyber Strategy, Convention on Cybercrime, NATO Center...Federation ......................................................................................... 33  X.  The Future of Russian Cyber Warfare ................................................................... 39...Issue 15.09); Binoy Kampmark, Cyber Warfare Between Estonia And Russia, (Contemporary Review: Autumn, 2003), p 288-293; Jaak Aaviksoo, Address by the

Big Five Personality Traits of Cybercrime Victims.

PubMed

van de Weijer, Steve G A; Leukfeldt, E Rutger

2017-07-01

The prevalence of cybercrime has increased rapidly over the last decades and has become part of the everyday life of citizens. It is, therefore, of great importance to gain more knowledge on the factors related to an increased or decreased likelihood of becoming a cybercrime victim. The current study adds to the existing body of knowledge using a large representative sample of Dutch individuals (N = 3,648) to study the relationship between cybercrime victimization and the key traits from the Big Five model of personality (i.e., extraversion, agreeableness, conscientiousness, emotional stability, and openness to experience). First, multinomial logistic regression analyses were used to examine the associations between the personality traits and three victim groups, that is, cybercrime victims versus nonvictims, traditional crime victims versus nonvictims, and cybercrime victims versus traditional crime victims. Next, logistic regression analyses were performed to predict victimization of cyber-dependent crimes (i.e., hacking and virus infection) and cyber-enabled crimes (i.e., online intimidation, online consumer fraud, and theft from bank account). The analyses show that personality traits are not specifically associated with cybercrime victimization, but rather with victimization in general. Only those with higher scores on emotional stability were less likely to become a victim of cybercrime than traditional crime. Furthermore, the results indicate that there are little differences between personality traits related to victimization of cyber-enabled and cyber-dependent crimes. Only individuals with higher scores on openness to experience have higher odds of becoming a victim of cyber-enabled crimes.

A novel apparatus for testing binocular function using the 'CyberDome' three-dimensional hemispherical visual display system.

PubMed

Handa, T; Ishikawa, H; Shimizu, K; Kawamura, R; Nakayama, H; Sawada, K

2009-11-01

Virtual reality has recently been highlighted as a promising medium for visual presentation and entertainment. A novel apparatus for testing binocular visual function using a hemispherical visual display system, 'CyberDome', has been developed and tested. Subjects comprised 40 volunteers (mean age, 21.63 years) with corrected visual acuity of -0.08 (LogMAR) or better, and stereoacuity better than 100 s of arc on the Titmus stereo test. Subjects were able to experience visual perception like being surrounded by visual images, a feature of the 'CyberDome' hemispherical visual display system. Visual images to the right and left eyes were projected and superimposed on the dome screen, allowing test images to be seen independently by each eye using polarizing glasses. The hemispherical visual display was 1.4 m in diameter. Three test parameters were evaluated: simultaneous perception (subjective angle of strabismus), motor fusion amplitude (convergence and divergence), and stereopsis (binocular disparity at 1260, 840, and 420 s of arc). Testing was performed in volunteer subjects with normal binocular vision, and results were compared with those using a major amblyoscope. Subjective angle of strabismus and motor fusion amplitude showed a significant correlation between our test and the major amblyoscope. All subjects could perceive the stereoscopic target with a binocular disparity of 480 s of arc. Our novel apparatus using the CyberDome, a hemispherical visual display system, was able to quantitatively evaluate binocular function. This apparatus offers clinical promise in the evaluation of binocular function.

A Hierarchical Security Architecture for Cyber-Physical Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Quanyan Zhu; Tamer Basar

2011-08-01

Security of control systems is becoming a pivotal concern in critical national infrastructures such as the power grid and nuclear plants. In this paper, we adopt a hierarchical viewpoint to these security issues, addressing security concerns at each level and emphasizing a holistic cross-layer philosophy for developing security solutions. We propose a bottom-up framework that establishes a model from the physical and control levels to the supervisory level, incorporating concerns from network and communication levels. We show that the game-theoretical approach can yield cross-layer security strategy solutions to the cyber-physical systems.

A new strategy of CyberKnife treatment system based radiosurgery followed by early use of adjuvant bevacizumab treatment for brain metastasis with extensive cerebral edema.

PubMed

Wang, Yang; Wang, Enmin; Pan, Li; Dai, Jiazhong; Zhang, Nan; Wang, Xin; Liu, Xiaoxia; Mei, Guanghai; Sheng, Xiaofang

2014-09-01

Bevacizumab blocks the effects of vascular endothelial growth factor in leakage-prone capillaries and has been suggested as a new treatment for cerebral radiation edema and necrosis. CyberKnife is a new, frameless stereotactic radiosurgery system. This work investigated the safety and efficacy of CyberKnife followed by early bevacizumab treatment for brain metastasis with extensive cerebral edema. The eligibility criteria of the patients selected for radiosurgery followed by early use of adjuvant bevacizumab treatment were: (1) brain tumors from metastasis with one solitary brain lesion and symptomatic extensive cerebral edema; (2) >18 years of age; (3) the patient refused surgery due to the physical conditions and the risk of surgery; (4) no contraindications for bevacizumab. (5) bevacizumab was applied for a minimum of 2 injections and a maximum of 6 injections with a 2-week interval between treatments, beginning within 2 weeks of the CyberKnife therapy; (6) Karnofsky performance status (KPS) ≥30. Tumor size and edema were monitored by magnetic resonance imaging (MRI). Dexamethasone dosage, KPS, adverse event occurrence and associated clinical outcomes were also recorded. Eight patients were accrued for this new treatment. Radiation dose ranged from 20 to 33 Gy in one to five sessions, prescribed to the 61-71 % isodose line. Bevacizumab therapy was administered 3-10 days after completion of CyberKnife treatment for a minimum of two cycles (5 mg/kg, at 2-week intervals). MRI revealed average reductions of 55.8 % (post-gadolinium) and 63.4 % (T2/FLAIR). Seven patients showed significant clinical neurological improvements. Dexamethasone was reduced in all patients, with five successfully discontinuing dexamethasone treatment 4 weeks after bevacizumab initiation. Hypertension, a bevacizumab-related adverse event, occurred in one patient. After 3-8 months, all patients studied were alive and primary brain metastases were under control, 2 developed new brain metastases and underwent salvage CyberKnife treatment. Recurrent edema and emerging radiation necrosis were not observed. CyberKnife radiosurgery followed by early use of bevacizumab is promising and appears safe for treatment of brain metastases with extensive cerebral edema.

Effects of Gain/Loss Framing in Cyber Defense Decision-Making

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bos, Nathan; Paul, Celeste; Gersh, John

Cyber defense requires decision making under uncertainty. Yet this critical area has not been a strong focus of research in judgment and decision-making. Future defense systems, which will rely on software-defined networks and may employ ‘moving target’ defenses, will increasingly automate lower level detection and analysis, but will still require humans in the loop for higher level judgment. We studied the decision making process and outcomes of 17 experienced network defense professionals who worked through a set of realistic network defense scenarios. We manipulated gain versus loss framing in a cyber defense scenario, and found significant effects in one ofmore » two focal problems. Defenders that began with a network already in quarantine (gain framing) used a quarantine system more than those that did not (loss framing). We also found some difference in perceived workload and efficacy. Alternate explanations of these findings and implications for network defense are discussed.« less

Situational Awareness of Network System Roles (SANSR)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Huffer, Kelly M; Reed, Joel W

In a large enterprise it is difficult for cyber security analysts to know what services and roles every machine on the network is performing (e.g., file server, domain name server, email server). Using network flow data, already collected by most enterprises, we developed a proof-of-concept tool that discovers the roles of a system using both clustering and categorization techniques. The tool's role information would allow cyber analysts to detect consequential changes in the network, initiate incident response plans, and optimize their security posture. The results of this proof-of-concept tool proved to be quite accurate on three real data sets. Wemore » will present the algorithms used in the tool, describe the results of preliminary testing, provide visualizations of the results, and discuss areas for future work. Without this kind of situational awareness, cyber analysts cannot quickly diagnose an attack or prioritize remedial actions.« less

Vortex-Induced Vibrations of a Flexibly-Mounted Cyber-Physical Rectangular Plate

NASA Astrophysics Data System (ADS)

Onoue, Kyohei; Strom, Benjamin; Song, Arnold; Breuer, Kenneth

2013-11-01

We have developed a cyber-physical system to explore the vortex-induced vibration (VIV) behavior of a flat plate mounted on a virtual spring damper support. The plate is allowed to oscillate about its mid-chord and the measured angular position, velocity, and torque are used as inputs to a feedback control system that provides a restoring torque and can simulate a wide range of structural dynamic behavior. A series of experiments were carried out using different sized plates, and over a range of freestream velocities, equilibrium angles of attack, and simulated stiffness and damping. We observe a synchronization phenomenon over a wide range of parameter space, wherein the plate oscillates at moderate to large amplitude with a frequency dictated by the natural structural frequency of the system. Additionally, the existence of bistable states is reflected in the hysteretic response of the system. The cyber-physical damping extracts energy from the flow and the efficiency of this harvesting mechanism is characterized over a range of dimensionless stiffness and damping parameters. This research is funded by the Air Force Office of Scientific Research (AFOSR).

Towards a cyber-physical era: soft computing framework based multi-sensor array for water quality monitoring

NASA Astrophysics Data System (ADS)

Bhardwaj, Jyotirmoy; Gupta, Karunesh K.; Gupta, Rajiv

2018-02-01

New concepts and techniques are replacing traditional methods of water quality parameter measurement systems. This paper introduces a cyber-physical system (CPS) approach for water quality assessment in a distribution network. Cyber-physical systems with embedded sensors, processors and actuators can be designed to sense and interact with the water environment. The proposed CPS is comprised of sensing framework integrated with five different water quality parameter sensor nodes and soft computing framework for computational modelling. Soft computing framework utilizes the applications of Python for user interface and fuzzy sciences for decision making. Introduction of multiple sensors in a water distribution network generates a huge number of data matrices, which are sometimes highly complex, difficult to understand and convoluted for effective decision making. Therefore, the proposed system framework also intends to simplify the complexity of obtained sensor data matrices and to support decision making for water engineers through a soft computing framework. The target of this proposed research is to provide a simple and efficient method to identify and detect presence of contamination in a water distribution network using applications of CPS.

Evaluation of U.S. Navy Surface Ship Operations in the Information Domain

DTIC Science & Technology

2013-03-01

information dominance . An evaluation of past experiences and current technology will be used to recommend how to employ current surface assets information operations (IO) capabilities. This thesis also will include an evaluation of current topics regarding information dominance and the cyber domain, focusing on the areas of electronic warfare, cyberwarfare, and military information support operations

Anatomy of a Security Operations Center

NASA Technical Reports Server (NTRS)

Wang, John

2010-01-01

Many agencies and corporations are either contemplating or in the process of building a cyber Security Operations Center (SOC). Those Agencies that have established SOCs are most likely working on major revisions or enhancements to existing capabilities. As principle developers of the NASA SOC; this Presenters' goals are to provide the GFIRST community with examples of some of the key building blocks of an Agency scale cyber Security Operations Center. This presentation viII include the inputs and outputs, the facilities or shell, as well as the internal components and the processes necessary to maintain the SOC's subsistence - in other words, the anatomy of a SOC. Details to be presented include the SOC architecture and its key components: Tier 1 Call Center, data entry, and incident triage; Tier 2 monitoring, incident handling and tracking; Tier 3 computer forensics, malware analysis, and reverse engineering; Incident Management System; Threat Management System; SOC Portal; Log Aggregation and Security Incident Management (SIM) systems; flow monitoring; IDS; etc. Specific processes and methodologies discussed include Incident States and associated Work Elements; the Incident Management Workflow Process; Cyber Threat Risk Assessment methodology; and Incident Taxonomy. The Evolution of the Cyber Security Operations Center viII be discussed; starting from reactive, to proactive, and finally to proactive. Finally, the resources necessary to establish an Agency scale SOC as well as the lessons learned in the process of standing up a SOC viII be presented.

Identification and Ranking of Critical Assets within an Electrical Grid under Threat of Cyber Attack

NASA Astrophysics Data System (ADS)

Boyer, Blake R.

This paper examines the ranking of critical assets within an electrical grid under threat of cyber attack.1 Critical to this analysis is the assumption of zero hour exploits namely, the threat of an immediate attack as soon as a vulnerability is discovered. Modeling shows that over time load fluctuations as well as other system variations will change the importance of each asset in the delivery of bulk power. As opposed to classic stability studies where risk can be shown to be greatest during high load periods, the zero hour exploit-cyber-risk assumes that vulnerabilities will be attacked as soon as they are discovered. The probability of attacks is made uniform over time to include any and all possible attacks. Examining the impact of an attack and how the grid reacts immediately following an attack will identify and determine the criticality of each asset. This work endeavors to fulfill the NERC Critical Infrastructure Protection Requirements CIP-001-1 through CIP-009-2, cyber security requirements for the reliable supply of bulk power to customers throughout North America. 1Critical assets will here refer to facilities, systems, and equipment, which, if destroyed, degraded, or otherwise rendered unavailable, would affect the reliability or operability of the Bulk Electric System, NERC Glossary of Terms Used in Reliability Standards, 2009

Cybersecurity and Optimization in Smart “Autonomous” Buildings

DOE Office of Scientific and Technical Information (OSTI.GOV)

Mylrea, Michael E.; Gourisetti, Sri Nikhil Gup

Significant resources have been invested in making buildings “smart” by digitizing, networking and automating key systems and operations. Smart autonomous buildings create new energy efficiency, economic and environmental opportunities. But as buildings become increasingly networked to the Internet, they can also become more vulnerable to various cyber threats. Automated and Internet-connected buildings systems, equipment, controls, and sensors can significantly increase cyber and physical vulnerabilities that threaten the confidentiality, integrity, and availability of critical systems in organizations. Securing smart autonomous buildings presents a national security and economic challenge to the nation. Ignoring this challenge threatens business continuity and the availability ofmore » critical infrastructures that are enabled by smart buildings. In this chapter, the authors address challenges and explore new opportunities in securing smart buildings that are enhanced by machine learning, cognitive sensing, artificial intelligence (AI) and smart-energy technologies. The chapter begins by identifying cyber-threats and challenges to smart autonomous buildings. Then it provides recommendations on how AI enabled solutions can help smart buildings and facilities better protect, detect and respond to cyber-physical threats and vulnerabilities. Next, the chapter will provide case studies that examine how combining AI with innovative smart-energy technologies can increase both cybersecurity and energy efficiency savings in buildings. The chapter will conclude by proposing recommendations for future cybersecurity and energy optimization research for examining AI enabled smart-energy technology.« less

The European cooperative approach to securing critical information infrastructure.

PubMed

Purser, Steve

2011-10-01

This paper provides an overview of the EU approach to securing critical information infrastructure, as defined in the Action Plan contained in the Commission Communication of March 2009, entitled 'Protecting Europe from large-scale cyber-attacks and disruptions: enhancing preparedness, security and resilience' and further elaborated by the Communication of May 2011 on critical Information infrastructure protection 'Achievements and next steps: towards global cyber-security'. After explaining the need for pan-European cooperation in this area, the CIIP Action Plan is explained in detail. Finally, the current state of progress is summarised together with the proposed next steps.

Final LDRD Report: Using Linkography of Cyber Attack Patterns to Inform Honeytoken Placement.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Mitchell, Robert; Jarocki, John Charles; Fisher, Andrew N

The war to establish cyber supremacy continues, and the literature is crowded with strictly technical cyber security measures. We present the results of a three year LDRD project using Linkography, a methodology new to the field of cyber security, we establish the foundation neces- sary to track and profile the microbehavior of humans attacking cyber systems. We also propose ways to leverage this understanding to influence and deceive these attackers. We studied the sci- ence of linkography, applied it to the cyber security domain, implemented a software package to manage linkographs, generated the preprocessing blocks necessary to ingest raw data,more » produced machine learning models, created ontology refinement algorithms and prototyped a web applica- tion for researchers and practitioners to apply linkography. Machine learning produced some of our key results: We trained and validated multinomial classifiers with a real world data set and predicted the attacker's next category of action with 86 to 98% accuracy; dimension reduction techniques indicated that the linkography-based features were among the most powerful. We also discovered ontology refinement algorithms that advanced the state of the art in linkography in general and cyber security in particular. We conclude that linkography is a viable tool for cyber security; we look forward to expanding our work to other data sources and using our prediction results to enable adversary deception techniques. Acknowledgements Thanks to Phil Bennett, Michael Bernard, Jeffrey Bigg, Marshall Daniels, Tyler Dean, David Dug- gan, Carson Kent, Josh Maine, Marci McBride, Nick Peterson, Katie Rodhouse, Asael Sorenson, Roger Suppona, Scott Watson and David Zage. We acknowledge support for this work by the LDRD Program at Sandia National Laboratories. Sandia National Laboratories is a multi-mission laboratory operated by Sandia Corporation for the United States Department of Energy's National Nuclear Security Administration under Contract DE-AC04-94AL85000. This page intentionally left blank.« less

On effectiveness of network sensor-based defense framework

NASA Astrophysics Data System (ADS)

Zhang, Difan; Zhang, Hanlin; Ge, Linqiang; Yu, Wei; Lu, Chao; Chen, Genshe; Pham, Khanh

2012-06-01

Cyber attacks are increasing in frequency, impact, and complexity, which demonstrate extensive network vulnerabilities with the potential for serious damage. Defending against cyber attacks calls for the distributed collaborative monitoring, detection, and mitigation. To this end, we develop a network sensor-based defense framework, with the aim of handling network security awareness, mitigation, and prediction. We implement the prototypical system and show its effectiveness on detecting known attacks, such as port-scanning and distributed denial-of-service (DDoS). Based on this framework, we also implement the statistical-based detection and sequential testing-based detection techniques and compare their respective detection performance. The future implementation of defensive algorithms can be provisioned in our proposed framework for combating cyber attacks.

Cyber Power in the 21st Century

DTIC Science & Technology

2008-12-01

Cyber Warfare .................................................................86 V. Conclusions and Recommendations...40 2 – Asymmetric Effects of Cyber Warfare ........................................................................41 1 CYBER POWER... cyber warfare capabilities with other elements of national power, as evidenced by the concept of “informationization” (xinxihua) put forward in

Psychological Needs as a Predictor of Cyber Bullying: A Preliminary Report on College Students

ERIC Educational Resources Information Center

Dilmac, Bulent

2009-01-01

Recent surveys show that cyber bullying is a pervasive problem in North America. Many news stories have reported cyber bullying incidents around the world. Reports on the prevalence of cyber bullying and victimization as a result of cyber bullying increase yearly. Although we know what cyber bullying is it is important that we learn more about the…

The cyber threat, trophy information and the fortress mentality.

PubMed

Scully, Tim

2011-10-01

'It won't happen to me' is a prevalent mindset among senior executives in the private and public sectors when considering targeted cyber intrusions. This is exacerbated by the long-term adoption of a 'fortress mentality' towards cyber security, and by the attitude of many of our cyber-security professionals, who speak a different language when it comes to communicating cyber-security events to senior executives. The prevailing approaches to cyber security have clearly failed. Almost every week another serious, targeted cyber intrusion is reported, but reported intrusions are only the tip of the iceberg. Why have we got it so wrong? It must be acknowledged that cyber security is no longer the domain of cyber-security experts alone. Many more of us at various levels of leadership must understand, and be more deeply engaged in, the cyber-security challenge if we are to deal with the threat holistically and effectively. Governments cannot combat the cyber threat alone, particularly the so-called advanced persistent threat; they must work closely with industry as trusted partners. Industry will be the 'boots on the ground' in cyber security, but there are challenges to building this relationship, which must be based on sound principles.

The association between cyber victimization and subsequent cyber aggression: the moderating effect of peer rejection.

PubMed

Wright, Michelle F; Li, Yan

2013-05-01

Adolescents experience various forms of strain in their lives that may contribute jointly to their engagement in cyber aggression. However, little attention has been given to this idea. To address this gap in the literature, the present longitudinal study examined the moderating influence of peer rejection on the relationship between cyber victimization at Time 1 (T1) and subsequent cyber aggression at Time 2 (T2; 6 months later) among 261 (150 girls) 6th, 7th, and 8th graders. Our findings indicated that both peer rejection and cyber victimization were related to T2 peer-nominated and self-reported cyber aggression, both relational and verbal, after controlling for gender and T1 cyber aggression. Furthermore, T1 cyber victimization was related more strongly to T2 peer-nominated and self-reported cyber aggression at higher levels of T1 peer rejection. These results extend previous findings regarding the relationship between peer rejection and face-to-face aggressive behaviors to the cyber context. In addition, our findings underscore the importance of utilizing multiple methods, such as peer-nomination and self-report, to assess cyber aggression in a school setting.

Examining Acquisition Leaders Readiness to Support Future LandCyber Operations

DTIC Science & Technology

2014-04-15

Their article acknowledged the need for educational training as a forum where cyberspace concerns can be discussed by senior leaders. While their... article focused on senior leaders’ cyber development, 19 this cyberspace training and curriculum can be extended to educate leaders at all levels...systems. The literature reviewed included peer-reviewed articles and publications, DoD and Army doctrines, policies, studies, instructions, reports, and

Examining Acquisition Leaders’ Readiness to Support Future LandCyber Operations

DTIC Science & Technology

2014-04-15

Their article acknowledged the need for educational training as a forum where cyberspace concerns can be discussed by senior leaders. While their... article focused on senior leaders’ cyber development, 19 this cyberspace training and curriculum can be extended to educate leaders at all levels...systems. The literature reviewed included peer-reviewed articles and publications, DoD and Army doctrines, policies, studies, instructions, reports, and

Awaiting Cyber 9/11

DTIC Science & Technology

2013-01-01

tremendously dangerous and sophisticated virus that successfully attacked a SCADA system is now available for free on the Internet, where one can find...security for the public and private sectors. To develop this capability, the Nation needs to undergo a paradigm shift on how it views the cyber... for communications and trade were extraordinarily important for the security and prosperity of Britain. Today, the security and prosperity of the

The Temporal Association Between Traditional and Cyber Dating Abuse Among Adolescents.

PubMed

Temple, Jeff R; Choi, Hye Jeong; Brem, Meagan; Wolford-Clevenger, Caitlin; Stuart, Gregory L; Peskin, Melissa Fleschler; Elmquist, JoAnna

2016-02-01

While research has explored adolescents' use of technology to perpetrate dating violence, little is known about how traditional in-person and cyber abuse are linked, and no studies have examined their relationship over time. Using our sample of 780 diverse adolescents (58 % female), we found that traditional and cyber abuse were positively associated, and cyber abuse perpetration and victimization were correlated at each time point. Cyber abuse perpetration in the previous year (spring 2013) predicted cyber abuse perpetration 1 year later (spring 2014), while controlling for traditional abuse and demographic variables. In addition, physical violence victimization and cyber abuse perpetration and victimization predicted cyber abuse victimization the following year. These findings highlight the reciprocal nature of cyber abuse and suggest that victims may experience abuse in multiple contexts.

The Temporal Association between Traditional and Cyber Dating Abuse among Adolescents

PubMed Central

Temple, Jeff R.; Choi, Hye Jeong; Brem, Meagan; Wolford-Clevenger, Caitlin; Stuart, Gregory L.; Peskin, Melissa Fleschler; Elmquist, JoAnna

2015-01-01

While research has explored adolescents’ use of technology to perpetrate dating violence, little is known about how traditional in-person and cyber abuse are linked, and no studies have examined their relationship over time. Using our sample of 780 diverse adolescents (58% female), we found that traditional and cyber abuse were positively associated, and cyber abuse perpetration and victimization were correlated at each time point. Cyber abuse perpetration in the previous year (spring 2013) predicted cyber abuse perpetration one year later (spring 2014), while controlling for traditional abuse and demographic variables. In addition, physical violence victimization and cyber abuse perpetration and victimization predicted cyber abuse victimization the following year. These findings highlight the reciprocal nature of cyber abuse and suggest that victims may experience abuse in multiple contexts. PMID:26525389

Offensive Cyber Capability: Can it Reduce Cyberterrorism

DTIC Science & Technology

2010-12-02

33 Lech J. Janczewski, and Andrew M. Colarik, eds., Cyber Warfare and Cyber Terrorism (New York: Information Science Reference, 2008...Science and Business Media, 2008. Janczewski, Lech , J. and Andrew M. Colarik, eds., Cyber Warfare and Cyber Terrorism. New York: Information Science

Traditional and cyber aggressors and victims: a comparison of psychosocial characteristics.

PubMed

Sontag, Lisa M; Clemans, Katherine H; Graber, Julia A; Lyndon, Sarah T

2011-04-01

To date, relatively little is known about differences between perpetrators and victims of cyber and traditional forms of aggression. Hence, this study investigated differences among traditional and cyber aggressors and victims on psychosocial characteristics typically examined in research on traditional aggression and victimization, specifically effortful control, manipulativeness, remorselessness, proactive and reactive aggression, and anxious/depressive symptoms. Participants (N = 300; 63.2% female; M age = 12.89, SD = .95; 52% Caucasian, 27% African American, 11% Latino, and 10% other) were categorized based on aggressor type (non/low aggressor, traditional-only, cyber-only, and combined traditional and cyber) and victim type (non-victim, traditional-only, cyber-only, and combined traditional and cyber). Cyber aggressors reported lower levels of reactive aggression compared to traditional-only and combined aggressors. Combined aggressors demonstrated the poorest psychosocial profile compared to all other aggressor groups. For victimization, cyber-only and combined victims reported higher levels of reactive aggression and were more likely to be cyber aggressors themselves compared to traditional-only victims and non-victims. Findings suggest that there may be unique aspects about cyber aggression and victimization that warrant further investigation.

META II: Formal Co-Verification of Correctness of Large-Scale Cyber-Physical Systems During Design (Mod 0006). Volume 2

DTIC Science & Technology

2012-03-01

REPORT DOCUMENTATION PAGE Form Approved OMB No. 0704-0188 The public reporting burden for this collection of information is estimated to average 1 hour...currently valid OMB control number. PLEASE DO NOT RETURN YOUR FORM TO THE ABOVE ADDRESS. 1 . REPORT DATE (DD-MM-YY) 2. REPORT TYPE 3. DATES COVERED (From...13. SUPPLEMENTARY NOTES Report contains color. PA Case Number: 88ABW-2012-1688; Clearance Date: 23 Mar 2012. See also Volume 1 , AFRL-RZ-WP-TR

Cyber Warfare: An Evolution in Warfare not Just War Theory

DTIC Science & Technology

2013-04-05

cyber warfare is greatly debated. While some argue that Just War Theory is irrelevant to cyber warfare , a careful analysis demonstrates that it is a...useful tool for considering the morality of cyber warfare . This paper examines the application of Just War Theory to cyber warfare and contends that...Just War Theory is a useful tool for considering the morality of cyber warfare .

Cyber Security: Assessing Our Vulnerabilities and Developing an Effective Defense

NASA Astrophysics Data System (ADS)

Spafford, Eugene H.

The number and sophistication of cyberattacks continues to increase, but no national policy is in place to confront them. Critical systems need to be built on secure foundations, rather than the cheapest general-purpose platform. A program that combines education in cyber security, increasing resources for law enforcement, development of reliable systems for critical applications, and expanding research support in multiple areas of security and reliability is essential to combat risks that are far beyond the nuisances of spam email and viruses, and involve widespread espionage, theft, and attacks on essential services.

A computer program for estimation from incomplete multinomial data

NASA Technical Reports Server (NTRS)

Credeur, K. R.

1978-01-01

Coding is given for maximum likelihood and Bayesian estimation of the vector p of multinomial cell probabilities from incomplete data. Also included is coding to calculate and approximate elements of the posterior mean and covariance matrices. The program is written in FORTRAN 4 language for the Control Data CYBER 170 series digital computer system with network operating system (NOS) 1.1. The program requires approximately 44000 octal locations of core storage. A typical case requires from 72 seconds to 92 seconds on CYBER 175 depending on the value of the prior parameter.

Cybersecurity for distributed energy resources and smart inverters

DOE PAGES

Qi, Junjian; Hahn, Adam; Lu, Xiaonan; ...

2016-12-01

The increased penetration of distributed energy resources (DER) will significantly increase the number of devices that are owned and controlled by consumers and third parties. These devices have a significant dependency on digital communication and control, which presents a growing risk from cyber attacks. This paper proposes a holistic attack-resilient framework to protect the the integrated DER and the critical power grid infrastructure from malicious cyber attacks, helping ensure the secure integration of DER without harming the grid reliability and stability. Specifically, we discuss the architecture of the cyber-physical power system with a high penetration of DER and analyze themore » unique cybersecurity challenges introduced by DER integration. Next, we summarize important attack scenarios against DER, propose a systematic DER resilience analysis methodology, and develop effective and quantifiable resilience metrics and design principles. Lastly, we introduce attack prevention, detection, and response measures specifically designed for DER integration across cyber, physical device, and utility layers of the future smart grid.« less

Cybersecurity for distributed energy resources and smart inverters

DOE Office of Scientific and Technical Information (OSTI.GOV)

Qi, Junjian; Hahn, Adam; Lu, Xiaonan

The increased penetration of distributed energy resources (DER) will significantly increase the number of devices that are owned and controlled by consumers and third parties. These devices have a significant dependency on digital communication and control, which presents a growing risk from cyber attacks. This paper proposes a holistic attack-resilient framework to protect the the integrated DER and the critical power grid infrastructure from malicious cyber attacks, helping ensure the secure integration of DER without harming the grid reliability and stability. Specifically, we discuss the architecture of the cyber-physical power system with a high penetration of DER and analyze themore » unique cybersecurity challenges introduced by DER integration. Next, we summarize important attack scenarios against DER, propose a systematic DER resilience analysis methodology, and develop effective and quantifiable resilience metrics and design principles. Lastly, we introduce attack prevention, detection, and response measures specifically designed for DER integration across cyber, physical device, and utility layers of the future smart grid.« less

Cyber Warfare/Cyber Terrorism

DTIC Science & Technology

2004-03-19

Section 1 of this paper provides an overview of cyber warfare as an element of information warfare, starting with the general background of the...alternative form of conflict, reviews the traditional principles of warfare and why they may or may not apply to cyber warfare , and proposes new principles of...warfare that may be needed to conduct cyber warfare . Section 1 concludes with a review of offensive and defensive cyber warfare concepts. Section 2

Refocusing Cyber Warfare Thought

DTIC Science & Technology

2013-02-01

January–February 2013 Air & Space Power Journal | 44 FeatureCyber Focus Refocusing Cyber Warfare Thought Maj Sean C. Butler, USAF In September 2007...1. REPORT DATE FEB 2013 2. REPORT TYPE 3. DATES COVERED 00-00-2013 to 00-00-2013 4. TITLE AND SUBTITLE Refocusing Cyber Warfare Thought 5a...2013 Air & Space Power Journal | 45 Butler Refocusing Cyber Warfare Thought FeatureCyber Focus characterized by the use of electronics and the

Nodes and Codes: The Reality of Cyber Warfare

DTIC Science & Technology

2012-05-17

Nodes and Codes explores the reality of cyber warfare through the story of Stuxnet, a string of weaponized code that reached through a domain...nodes. Stuxnet served as a proof-of-concept for cyber weapons and provided a comparative laboratory to study the reality of cyber warfare from the...military powers most often associated with advanced, offensive cyber attack capabilities. The reality of cyber warfare holds significant operational

76 FR 22409 - Nationwide Cyber Security Review (NCSR) Assessment

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-21

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0012] Nationwide Cyber Security Review (NCSR...), National Cyber Security Division (NCSD), Cyber Security Evaluation Program (CSEP), will submit the... for all levels of government to complete a cyber network security assessment so that a full measure of...

Providing security for automated process control systems at hydropower engineering facilities

NASA Astrophysics Data System (ADS)

Vasiliev, Y. S.; Zegzhda, P. D.; Zegzhda, D. P.

2016-12-01

This article suggests the concept of a cyberphysical system to manage computer security of automated process control systems at hydropower engineering facilities. According to the authors, this system consists of a set of information processing tools and computer-controlled physical devices. Examples of cyber attacks on power engineering facilities are provided, and a strategy of improving cybersecurity of hydropower engineering systems is suggested. The architecture of the multilevel protection of the automated process control system (APCS) of power engineering facilities is given, including security systems, control systems, access control, encryption, secure virtual private network of subsystems for monitoring and analysis of security events. The distinctive aspect of the approach is consideration of interrelations and cyber threats, arising when SCADA is integrated with the unified enterprise information system.

Army Science Planning and Strategy Meeting: The Fog of Cyber War

DTIC Science & Technology

2016-12-01

computing , which, depending upon the situation, some refer to as a fog rather than a cloud . These seemingly disparate notions of fog merge when one...Chiang M. CYRUS: towards client- defined cloud storage. Proceedings of the Tenth European Conference on Computer Systems; 2015 Apr 21; Bordeaux...Army Science Planning and Strategy Meeting: The Fog of Cyber War by Alexander Kott and Ananthram Swami Computational and Information Sciences

High Frontier: The Journal for Space and Cyberspace Professionals. Volume 6, Number 4, August 2010

DTIC Science & Technology

2010-08-01

information that warfighters rely on is likely to be useless (a three-way disaster is, anyway, logically impossible; if the global information grid...processing, exploitation, and dissemination (TCPED) of information . Space and cyber systems collectively provide the core functionality of the TCPED...rather than crisis management procedures. Space and cyber operations have several similarities dur- ing and can be extremely useful for informing Phase

A Cyber Pearl Harbor

DTIC Science & Technology

2016-02-03

specific intrusions that can vary in costs and damage. These medium- potential tools are used to access systems, sustain access, and hide access. In the...appropriate response. A cyber intrusion aimed at spying or extracting data will drive different international and domestic responses than a weapon...stealing credit cards or data to a DDoS or creating and selling malware to the highest bidder. Insecure cyberspace is a crime syndicate’s dream in

Active Cyber Defense: Enhancing National Cyber Defense

DTIC Science & Technology

2011-12-01

Prevention System ISP Internet Service Provider IT Information Technology IWM Information Warfare Monitor LOAC Law of Armed Conflict NATO...the Information Warfare Monitor ( IWM ) discovered that GhostNet had infected 1,295 computers in 103 countries. As many as thirty percent of these...By monitoring the computers in Dharamsala and at various Tibetan missions, IWM was able to determine the IP addresses of the servers hosting Gh0st

2008 Defense Industrial Base Critical Infrastructure Protection Conference (DIB-CBIP)

DTIC Science & Technology

2008-04-09

a cloak -and- dagger thing. It’s about computer architecture and the soundness of electronic systems." Joel Brenner, ODNI Counterintelligence Office...to support advanced network exploitation and launch attacks on the informational and physical elements of our cyber infrastructure. In order to...entities and is vulnerable to attacks and manipulation. Operations in the cyber domain have the ability to impact operations in other war-fighting