WorldWideScience

Sample records for attacking critical infrastructure

  1. RISK DISCLOSURE AGAINST ATTACK ON CRITICAL INFRASTRUCTURES

    Science.gov (United States)

    Yoshida, Mamoru; Kobayashi, Kiyoshi

    This paper analyzes the government's defensive and disclosure strategies to reduce the damage caused by terrorists that attack critical infrastructures using subjective game theory. The government recognizes a terrorist as a hidden opponent and the government's decision making about the policies against terror attacks depends on the belief about the existence of terrorist. In addition, it is not necessarily true that the government and the terrorist play the common game and make their decisions. Considering these points, the paper formulates the model in which the government and the terrorist formulate the subjective games respectively, and they induce the strategies using the equilibriums of their subjective games. The paper concluded that the government's disclosure about the implementation of the countermeasure, rather than the disclosure of warning level related with the belief about the existence of terrorist, brings about the higher increment of the subjective payoffs of the government.

  2. Cybersecurity protecting critical infrastructures from cyber attack and cyber warfare

    CERN Document Server

    Johnson, Thomas A

    2015-01-01

    The World Economic Forum regards the threat of cyber attack as one of the top five global risks confronting nations of the world today. Cyber attacks are increasingly targeting the core functions of the economies in nations throughout the world. The threat to attack critical infrastructures, disrupt critical services, and induce a wide range of damage is becoming more difficult to defend against. Cybersecurity: Protecting Critical Infrastructures from Cyber Attack and Cyber Warfare examines the current cyber threat landscape and discusses the strategies being used by governments and corporatio

  3. Critical location identification and vulnerability analysis of interdependent infrastructure systems under spatially localized attacks

    International Nuclear Information System (INIS)

    Ouyang, Min

    2016-01-01

    Infrastructure systems are usually spatially distributed in a wide area and are subject to many types of hazards. For each type of hazards, modeling their direct impact on infrastructure components and analyzing their induced system-level vulnerability are important for identifying mitigation strategies. This paper mainly studies spatially localized attacks that a set of infrastructure components located within or crossing a circle shaped spatially localized area is subject to damage while other components do not directly fail. For this type of attacks, taking interdependent power and gas systems in Harris County, Texas, USA as an example, this paper proposes an approach to exactly identify critical locations in interdependent infrastructure systems and make pertinent vulnerability analysis. Results show that (a) infrastructure interdependencies and attack radius largely affect the position of critical locations; (b) spatially localized attacks cause less vulnerability than equivalent random failures; (c) in most values of attack radius critical locations identified by considering only node failures do not change when considering both node and edge failures in the attack area; (d) for many values of attack radius critical locations identified by topology-based model are also critical from the flow-based perspective. - Highlights: • We propose a method to identify critical locations in interdependent infrastructures. • Geographical interdependencies and attack radius largely affect critical locations. • Localized attacks cause less vulnerability than equivalent random failures. • Whether considering both node and edge failures affects critical locations. • Topology-based critical locations are also critical from flow-based perspective.

  4. Cyber Attack on Critical Infrastructure and Its Influence on International Security

    OpenAIRE

    出口 雅史

    2017-01-01

     Since the internet appeared, with increasing cyber threats, the vulnerability of critical infrastructure has become a vital issue for international security. Although cyber attack was not lethal in the past, new type of cyber assaults such as stuxnet are able to damage not only computer system digitally, but also critical infrastructure physically. This article will investigate how the recent cyber attacks have threatened critical infrastructure and their influence on international security....

  5. Multi-stage crypto ransomware attacks: A new emerging cyber threat to critical infrastructure and industrial control systems

    OpenAIRE

    Aaron Zimba; Zhaoshun Wang; Hongsong Chen

    2018-01-01

    The inevitable integration of critical infrastructure to public networks has exposed the underlying industrial control systems to various attack vectors. In this paper, we model multi-stage crypto ransomware attacks, which are today an emerging cyber threat to critical infrastructure. We evaluate our modeling approach using multi-stage attacks by the infamous WannaCry ransomware. The static malware analysis results uncover the techniques employed by the ransomware to discover vulnerable nodes...

  6. Report of the Commission to Assess the Threat to the United States from Electromagnetic Pulse (EMP) Attack: Critical National Infrastructures

    National Research Council Canada - National Science Library

    Foster, Jr., John S; Gjelde, Earl; Graham, William R; Hermann, Robert J; Kluepfel, Henry M; Lawson, Richard L; Soper, Gordon K; Wood, Lowell L; Woodard, Joan B

    2008-01-01

    ...) attack on our critical national infrastructures. An earlier report, Report of the Commission to Assess the Threat to the United States from Electromagnetic Pulse (EMP), Volume 1: Executive Report (2004...

  7. Multi-stage crypto ransomware attacks: A new emerging cyber threat to critical infrastructure and industrial control systems

    Directory of Open Access Journals (Sweden)

    Aaron Zimba

    2018-03-01

    Full Text Available The inevitable integration of critical infrastructure to public networks has exposed the underlying industrial control systems to various attack vectors. In this paper, we model multi-stage crypto ransomware attacks, which are today an emerging cyber threat to critical infrastructure. We evaluate our modeling approach using multi-stage attacks by the infamous WannaCry ransomware. The static malware analysis results uncover the techniques employed by the ransomware to discover vulnerable nodes in different SCADA and production subnets, and for the subsequent network propagation. Based on the uncovered artifacts, we recommend a cascaded network segmentation approach, which prioritizes the security of production network devices. Keywords: Critical infrastructure, Cyber-attack, Industrial control system, Crypto ransomware, Vulnerability

  8. Network Attack Detection and Defense: Securing Industrial Control Systems for Critical Infrastructures (Dagstuhl Seminar 14292)

    NARCIS (Netherlands)

    Dacer, Marc; Kargl, Frank; König, Hartmut; Valdes, Alfonso

    2014-01-01

    This report documents the program and the outcomes of Dagstuhl Seminar 14292 “Network Attack Detection and Defense: Securing Industrial Control Systems for Critical Infrastructures”. The main objective of the seminar was to discuss new approaches and ideas for securing industrial control systems. It

  9. THE SECURITY OF CRITICAL ENERGY INFRASTRUCTURE IN THE AGE OF MULTIPLE ATTACK VECTORS: NATO’S MULTI-FACETED APPROACH

    Directory of Open Access Journals (Sweden)

    Sorin Dumitru Ducaru

    2017-06-01

    Full Text Available The current NATO threat landscape is characterized by a combination or “hybrid blend” of unconventional emerging challenges (like cyber and terrorist attacks and re-emerging conventional ones (like Russia’s recent military resurgence and assertiveness, that led to the illegal annexation of Crimea and destabilization in Eastern Ukraine. While the resurgence of the Russian military activity pushed the Alliance in the direction of re-discovering its deterrence and collective defence role, the new, not-traditional, trans-national and essentially non-military treats that generate effects below the threshold of an armed attack require a new paradigm shift with a focus on resilience although the protection of critical energy infrastructure is first and foremost a national responsibility, NATO can contribute to meeting the infrastructure protection challenge on many levels. Given the fact that its core deterrence and defence mandate relies in a great measure on the security of Allies’ energy infrastructure NATO’s role and actions in reducing the vulnerabilities and strengthening the resilience of such infrastructure can only increase. A multi-faceted, multi-stakeholder and networked approach is needed to be able to strengthen defences and resilience of critical infrastructure such as energy. Understanding and defending against cyber or terrorist threat vectors, increased situational awareness, education, training, exercises, trusted partnerships as well as increasing strategic security dialogue and cooperation are key for such a comprehensive/network approach to the challenge.

  10. Cyber Attacks: Emerging Threats to the 21st Century Critical Information Infrastructures

    Directory of Open Access Journals (Sweden)

    Cezar Vasilescu

    2012-06-01

    Full Text Available The paper explores the notion of cyber attack as a concept for understanding modern conflicts. It starts by elaborating a conceptual theoretical framework, observing that when it comes to cyber attacks, cyber war and cyber defense there are no internationally accepted definitions on the subject, mostly because of the relative recency of the terms. The second part analyzes the cyber realities of recent years, emphasizing the most advertised cyber attacks in the international mass media: Estonia (2007 and Georgia (2008, with a focus on two main lessons learned: how complicated is to define a cyber war and how difficult to defend against it. Crucial implications for world’s countries and the role of NATO in assuring an effective collective cyber defense are analyzed in the third part. The need for the development of strategic cyber defense documents (e.g. NATO Cyber Defense Policy, NATO Strategic Concept is further examined. It is suggested that particular attention should be paid to the development of a procedure for clearly discriminating between events (cyber attacks, cyber war, cyber crime, or cyber terrorism, and to a procedure for the conduct of nation’s legitimate military/civil cyber response operations.

  11. Critical infrastructure protection

    Energy Technology Data Exchange (ETDEWEB)

    Bradley, F. [Canadian Electricity Association, Toronto, ON (Canada)

    2003-04-01

    The need to protect critical electrical infrastructure from terrorist attacks, or other physical damage, including weather related events, or the potential impact of computer viruses and other attacks on IT resources are discussed. Activities of the North American Electric Reliability Council (NERC) are highlighted which seek to safeguard the North American bulk electric power system principally through the Information Sharing and Analysis Sector (ES-ISAC). ES-ISAC serves the electricity sector by facilitating communication between electric sector participants, federal government and other critical infrastructure industries by disseminating threat indications, analyses and warnings, together with interpretations, to assist the industry in taking infrastructure protection actions. Attention is drawn to the numerous cyber incidents in recent years, which although resulted in no loss of service to electricity customers so far, in at least one instance (the January 25th SOL-Slammer worm incident) resulted in degradation of service in a number of sectors, including financial, transportation and telecommunication services. The increasing frequency of cyber-based attacks, coupled with the industry's growing dependence on e-commerce and electronic controls, are good reasons to believe that critical infrastructure protection (CIP) poses a serious challenge to the industry's risk management practices. The Canadian Electricity Association (CEA) is an active participant in ES-ISAC and works cooperatively with a range of partners, such as the Edison Electric Institute and the American Public Power Association to ensure coordination and effective protection program delivery for the electric power sector. The Early Warning System (EWS) developed by the CIP Working Group is one of the results of this cooperation. EWS uses the Internet, e-mail, web-enabled cell phones and Blackberry hand-held devices to deliver real-time threat information to members on a 24/7 basis. EWS

  12. An Analysis of IT Governance Practices in the Federal Government: Protecting U.S. Critical Infrastructure from Cyber Terrorist Attacks

    Science.gov (United States)

    Johnson, R. LeWayne

    2012-01-01

    Much of the governing process in the United States (U.S.) today depends on a reliable and well protected public information technology (IT) infrastructure. The Department of Homeland Security (DHS) is tasked with the responsibility of protecting the country's IT infrastructure. Critics contend that the DHS has failed to address planning and…

  13. Cyber Attacks and Energy Infrastructures: Anticipating Risks

    International Nuclear Information System (INIS)

    Desarnaud, Gabrielle

    2017-01-01

    This study analyses the likelihood of cyber-attacks against European energy infrastructures and their potential consequences, particularly on the electricity grid. It also delivers a comparative analysis of measures taken by different European countries to protect their industries and collaborate within the European Union. The energy sector experiences an unprecedented digital transformation upsetting its activities and business models. Our energy infrastructures, sometimes more than a decade old and designed to remain functional for many years to come, now constantly interact with light digital components. The convergence of the global industrial system with the power of advanced computing and analytics reveals untapped opportunities at every step of the energy value chain. However, the introduction of digital elements in old and unprotected industrial equipment also exposes the energy industry to the cyber risk. One of the most compelling example of the type of threat the industry is facing, is the 2015 cyber-attack on the Ukraine power grid, which deprived about 200 000 people of electricity in the middle of the winter. The number and the level of technical expertise of cyber-attacks rose significantly after the discovery of the Stuxnet worm in the network of Natanz uranium enrichment site in 2010. Energy transition policies and the growing integration of renewable sources of energy will intensify this tendency, if cyber security measures are not part of the design of our future energy infrastructures. Regulators try to catch up and adapt, like in France where the authorities collaborate closely with the energy industry to set up a strict and efficient regulatory framework, and protect critical operators. This approach is adopted elsewhere in Europe, but common measures applicable to the whole European Union are essential to protect strongly interconnected energy infrastructures against a multiform threat that defies frontiers

  14. Modeling cascading failures in interdependent infrastructures under terrorist attacks

    International Nuclear Information System (INIS)

    Wu, Baichao; Tang, Aiping; Wu, Jie

    2016-01-01

    An attack strength degradation model has been introduced to further capture the interdependencies among infrastructures and model cascading failures across infrastructures when terrorist attacks occur. A medium-sized energy system including oil network and power network is selected for exploring the vulnerabilities from independent networks to interdependent networks, considering the structural vulnerability and the functional vulnerability. Two types of interdependencies among critical infrastructures are involved in this paper: physical interdependencies and geographical interdependencies, shown by tunable parameters based on the probabilities of failures of nodes in the networks. In this paper, a tolerance parameter α is used to evaluation of the overloads of the substations based on power flow redistribution in power transmission systems under the attack. The results of simulation show that the independent networks or interdependent networks will be collapsed when only a small fraction of nodes are attacked under the attack strength degradation model, especially for the interdependent networks. The methodology introduced in this paper with physical interdependencies and geographical interdependencies involved in can be applied to analyze the vulnerability of the interdependent infrastructures further, and provides the insights of vulnerability of interdependent infrastructures to mitigation actions for critical infrastructure protections. - Highlights: • An attack strength degradation model based on the specified locations has been introduced. • Interdependencies considering both physical and geographical have been analyzed. • The structural vulnerability and the functional vulnerability have been considered.

  15. Critical Infrastructures: Background, Policy, and Implementation

    National Research Council Canada - National Science Library

    Moteff, John D

    2005-01-01

    .... electricity, the power plants that generate it, and the electric grid upon which it is distributed). The national security community has been concerned for sometime about the vulnerability of critical infrastructure to both physical and cyber attack...

  16. Durability of critical infrastructures

    OpenAIRE

    Raluca Pascu; Ramiro Sofronie

    2011-01-01

    The paper deals with those infrastructures by which world society, under the pressure ofdemographic explosion, self-survives. The main threatening comes not from terrorist attacks, but fromthe great natural catastrophes and global climate change. It’s not for the first time in history when suchmeasures of self-protection are built up. First objective of this paper is to present the background fordurability analysis. Then, with the aid of these mathematical tools the absolute durability of thr...

  17. Cyberspace and Critical Information Infrastructures

    Directory of Open Access Journals (Sweden)

    Dan COLESNIUC

    2013-01-01

    Full Text Available Every economy of an advanced nation relies on information systems and interconnected networks, thus in order to ensure the prosperity of a nation, making cyberspace a secure place becomes as crucial as securing society. Cyber security means ensuring the safety of this cyberspace from threats which can take different forms, such as stealing secret information from national companies and government institutions, attacking infrastructure vital for the functioning of the nation or attacking the privacy of the single citizen. The critical information infrastructure (CII represents the indispensable "nervous system", that allow modern societies to work and live. Besides, without it, there would be no distribution of energy, no services like banking or finance, no air traffic control and so on. But at the same time, in the development process of CII, security was never considered a top priority and for this reason they are subject to a high risk in relation to the organized crime.

  18. 75 FR 75611 - Critical Infrastructure Protection Month, 2010

    Science.gov (United States)

    2010-12-03

    ...; and the public--to identify and protect our infrastructure from hazards or attack. These critical... cyber infrastructure more resilient. Working together, we can raise awareness of the important role our...

  19. How to Quantify Deterrence and Reduce Critical Infrastructure Risk

    OpenAIRE

    Taquechel, Eric F.; Lewis, Ted G.

    2012-01-01

    This article appeared in Homeland Security Affairs (August 2012), v.8, article 12 "We propose a definition of critical infrastructure deterrence and develop a methodology to explicitly quantify the deterrent effects of critical infrastructure security strategies. We leverage historical work on analyzing deterrence, game theory and utility theory. Our methodology quantifies deterrence as the extent to which an attacker's expected utility from an infrastructure attack changes after a defende...

  20. Critical Infrastructure Protection: Maintenance is National Security

    Directory of Open Access Journals (Sweden)

    Kris Hemme

    2015-10-01

    Full Text Available U.S. critical infrastructure protection (CIP necessitates both the provision of security from internal and external threats and the repair of physically damaged critical infrastructure which may disrupt services. For years, the U.S. infrastructure has been deteriorating, triggering enough damage and loss of life to give cause for major concern. CIP is typically only addressed after a major disaster or catastrophe due to the extreme scrutiny that follows these events. In fact, CIP has been addressed repeatedly since Presidential Decision Directive Sixty-Three (PDD Sixty-Three signed by President Bill Clinton on May Twenty-Second, 1998.[1] This directive highlighted critical infrastructure as “a growing potential vulnerability” and recognized that the United States has to view the U.S. national infrastructure from a security perspective due to its importance to national and economic security. CIP must be addressed in a preventive, rather than reactive, manner.[2] As such, there are sixteen critical infrastructure sectors, each with its own protection plan and unique natural and man-made threats, deteriorations, and risks. A disaster or attack on any one of these critical infrastructures could cause serious damage to national security and possibly lead to the collapse of the entire infrastructure. [1] The White House, Presidential Decision Directive/NSC–63 (Washington D.C.: The White House, May 22, 1998: 1–18, available at: http://www.epa.gov/watersecurity/tools/trainingcd/Guidance/pdd-63.pdf. [2] Ibid, 1.

  1. Defending Critical Infrastructure as Cyber Key Terrain

    Science.gov (United States)

    2016-08-01

    to Secure Cyberspace (NSSC) is as it lists three strategic objectives:4 1) Prevent cyber attacks against America’s critical infrastructures; 2...House, “National Strategy to Secure Cyberspace,” (Washington, DC: The White House, 2003) Trey Herr, "PrEP: A framework for malware & cyber weapons...David Kuipers and Mark Fabro. “Control Systems Cyber Security : Defense in Depth Strategies,” [United States: Department of Energy, 2006]: 4

  2. On localization attacks against cloud infrastructure

    Science.gov (United States)

    Ge, Linqiang; Yu, Wei; Sistani, Mohammad Ali

    2013-05-01

    One of the key characteristics of cloud computing is the device and location independence that enables the user to access systems regardless of their location. Because cloud computing is heavily based on sharing resource, it is vulnerable to cyber attacks. In this paper, we investigate a localization attack that enables the adversary to leverage central processing unit (CPU) resources to localize the physical location of server used by victims. By increasing and reducing CPU usage through the malicious virtual machine (VM), the response time from the victim VM will increase and decrease correspondingly. In this way, by embedding the probing signal into the CPU usage and correlating the same pattern in the response time from the victim VM, the adversary can find the location of victim VM. To determine attack accuracy, we investigate features in both the time and frequency domains. We conduct both theoretical and experimental study to demonstrate the effectiveness of such an attack.

  3. Research Note on the Energy Infrastructure Attack Database (EIAD

    Directory of Open Access Journals (Sweden)

    Jennifer Giroux

    2013-12-01

    Full Text Available The January 2013 attack on the In Amenas natural gas facility drew international attention. However this attack is part of a portrait of energy infrastructure targeting by non-state actors that spans the globe. Data drawn from the Energy Infrastructure Attack Database (EIAD shows that in the last decade there were, on average, nearly 400 annual attacks carried out by armed non-state actors on energy infrastructure worldwide, a figure that was well under 200 prior to 1999. This data reveals a global picture whereby violent non-state actors target energy infrastructures to air grievances, communicate to governments, impact state economic interests, or capture revenue in the form of hijacking, kidnapping ransoms, theft. And, for politically motivated groups, such as those engaged in insurgencies, attacking industry assets garners media coverage serving as a facilitator for international attention. This research note will introduce EIAD and position its utility within various research areas where the targeting of energy infrastructure, or more broadly energy infrastructure vulnerability, has been addressed, either directly or indirectly. We also provide a snapshot of the initial analysis of the data between 1980-2011, noting specific temporal and spatial trends, and then conclude with a brief discussion on the contribution of EIAD, highlighting future research trajectories. 

  4. Threat Assessment of Potential Terrorist Attacks to the Transport Infrastructure

    Directory of Open Access Journals (Sweden)

    Gabriel Nowacki

    2014-06-01

    Full Text Available The paper presents threat assessment of potential terrorist attacks to the transport infrastructure. The range of transportation infrastructure has spread and includes railway, inland waterways, road, maritime, air, intermodal transport infrastructure and intelligent transport systems (ITS. ITS service is the provision of an ITS application through a well-defined organisational and operational framework with the aim of contributing to the user safety, efficiency, comfort and/or to facilitate or support transport and travel operations. Terrorism means acts of violence committed by groups that view themselves as victimized by some notable historical wrong. Although these groups have no formal connection with governments, they usually have the financial and moral backing of sympathetic governments. Typically, they stage unexpected attacks on civilian targets, including transport infrastructure, with the aim of sowing fear and confusion. Based on the analyses, transportation infrastructure is potentially threatened with terrorism attacks, especially road and rail infrastructure (about 23 %, and to a smaller degree the maritime and air transport infrastructure (about 2 %. There were 90,3% of incidents involve land transport (74,5% – vehicles, 9,5% – buses, 6,3% - rail covered the 41-year period 1967-2007 in the USA. Legal steps to fight terrorism have been taken on the international level, furthermore, some institutions have been established for this purpose.

  5. Critical infrastructure systems of systems assessment methodology.

    Energy Technology Data Exchange (ETDEWEB)

    Sholander, Peter E.; Darby, John L.; Phelan, James M.; Smith, Bryan; Wyss, Gregory Dane; Walter, Andrew; Varnado, G. Bruce; Depoy, Jennifer Mae

    2006-10-01

    Assessing the risk of malevolent attacks against large-scale critical infrastructures requires modifications to existing methodologies that separately consider physical security and cyber security. This research has developed a risk assessment methodology that explicitly accounts for both physical and cyber security, while preserving the traditional security paradigm of detect, delay, and respond. This methodology also accounts for the condition that a facility may be able to recover from or mitigate the impact of a successful attack before serious consequences occur. The methodology uses evidence-based techniques (which are a generalization of probability theory) to evaluate the security posture of the cyber protection systems. Cyber threats are compared against cyber security posture using a category-based approach nested within a path-based analysis to determine the most vulnerable cyber attack path. The methodology summarizes the impact of a blended cyber/physical adversary attack in a conditional risk estimate where the consequence term is scaled by a ''willingness to pay'' avoidance approach.

  6. CRITICAL INFORMATION INFRASTRUCTURE SECURITY - NETWORK INTRUSION DETECTION SYSTEMS

    Directory of Open Access Journals (Sweden)

    Cristea DUMITRU

    2011-12-01

    Full Text Available Critical Information Infrastructure security will always be difficult to ensure, just because of the features that make it irreplaceable tor other critical infrastructures normal operation. It is decentralized, interconnected interdependent, controlled by multiple actors (mainly private and incorporating diverse types of technologies. It is almost axiomatic that the disruption of the Critical Information Infrastructure affects systems located much farther away, and the cyber problems have direct consequences on the real world. Indeed the Internet can be used as a multiplier in order to amplify the effects of an attack on some critical infrastructures. Security challenges increase with the technological progress. One of the last lines of defense which comes to complete the overall security scheme of the Critical Information Infrastructure is represented by the Network Intrusion Detection Systems.

  7. Protecting Critical Infrastructure by Identifying Pathways of Exposure to Risk

    Directory of Open Access Journals (Sweden)

    Philip O’Neill

    2013-08-01

    Full Text Available Increasingly, our critical infrastructure is managed and controlled by computers and the information networks that connect them. Cyber-terrorists and other malicious actors understand the economic and social impact that a successful attack on these systems could have. While it is imperative that we defend against such attacks, it is equally imperative that we realize how best to react to them. This article presents the strongest-path method of analyzing all potential pathways of exposure to risk – no matter how indirect or circuitous they may be – in a network model of infrastructure and operations. The method makes direct use of expert knowledge about entities and dependency relationships without the need for any simulation or any other models. By using path analysis in a directed graph model of critical infrastructure, planners can model and assess the effects of a potential attack and develop resilient responses.

  8. TCIA Secure Cyber Critical Infrastructure Modernization.

    Energy Technology Data Exchange (ETDEWEB)

    Keliiaa, Curtis M. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

    2017-02-01

    The Sandia National Laboratories (Sandia Labs) tribal cyber infrastructure assurance initiative was developed in response to growing national cybersecurity concerns in the the sixteen Department of Homeland Security (DHS) defined critical infrastructure sectors1. Technical assistance is provided for the secure modernization of critical infrastructure and key resources from a cyber-ecosystem perspective with an emphasis on enhanced security, resilience, and protection. Our purpose is to address national critical infrastructure challenges as a shared responsibility.

  9. DNS as critical infrastructure, the energy system case study

    NARCIS (Netherlands)

    Casalicchio, E.; Gheorghe, A.V.; Caselli, M.; Coletta, A.; Nai Fovino, I.

    2013-01-01

    Modern critical infrastructures (e.g., power plants, energy grids, oil pipelines, etc.), make nowadays extensive use of information and communication technologies (ICT). As a direct consequence their exposure to cyber-attacks is becoming a matter of public security. In this paper, we analyse a

  10. Cyber security deterrence and it protection for critical infrastructures

    CERN Document Server

    Martellini, Maurizio

    2013-01-01

    The experts of the International Working Group-Landau Network Centro Volta (IWG-LNCV) discuss aspects of cyber security and present possible methods of deterrence, defense and resilience against cyber attacks. This SpringerBrief covers state-of-the-art documentation on the deterrence power of cyber attacks and argues that nations are entering a new cyber arms race. The brief also provides a technical analysis of possible cyber attacks towards critical infrastructures in the chemical industry and chemical safety industry. The authors also propose modern analyses and a holistic approach to resil

  11. Emergent Risks In Critical Infrastructures

    Science.gov (United States)

    Dynes, Scott

    Firms cannot function successfully without managing a host of internal and external organizational and process interdependencies. Part of this involves business continuity planning, which directly aects how resilient arm and its business sector are in the face of disruptions. This paper presents the results of eld studies related to information risk management practices in the health care and retail sectors. The studies explore information risk management coordinating signals within and across rms in these sectors as well as the potential eects of cyber disruptions on the rms as stand-alone entities and as part of a critical infrastructure. The health care case study investigates the impact of the Zotob worm on the ability to deliver medical care and treatment. The retail study examines the resilience of certain elements of the food supply chain to cyber disruptions.

  12. Protecting National Critical Infrastructure against Radiological Threat

    International Nuclear Information System (INIS)

    Yaar, I.; Halevy, I.; Berenstein, Z.; Sharon, A.

    2014-01-01

    National Critical Infrastructure (NCI) such as transportation, water, energy etc., are essential elements in a developed country's economy. As learned after the 9/11 attackxx, a terror attack on these complex system may cause thousands of casualties and significant economic damage. The attack can be a conventional one; like the train bombing in Spainxxi or the bus bombing in Londonxxii, or a non-conventional one; like the Sarin attack on the underground train in Tokyo, Japanxxiii. A radiological attack on a NCI is also feasiblexxiv. This type of attack must be taken into consideration due to the vulnerability of ani infrastructure to such an attack, and the severe economic outcome of itxxv. The radioactive materials that might be used by terrorists were recently identified and categorized in one of the IAEA Nuclear Security Series publicationxxvi,xxvii. The most common and therefore reachable radio nuclides are the gamma emitters 60Co, 137Cs and 192Ir, the beta emitter 90Sr and the alpha emitters 241Pu, 238Pu and 241Am. A radiological event can be any of two principle scenarios. In the first scenario, a radiological dispersion device (RDD) or ôdirtyö bomb is used. This device consists of a radiation source which is detonated using conventional or improvised explosivesxxviii. Most of the casualties in this event will be from the explosion blast wave. However, some people might become contaminated with different levels of radiationxxix, some might need to go through some type of medical screening process and the costs of the total actions might be significantxxx. The second scenario involves a silent dispersion of radioactive material in a public site. In this event, there are no immediate known casualties, and the fact that people were exposed to radioactive material will be discovered only in the uncommon event when symptoms of radiation sickness will be identified due to exposure to high radiation dosexxxi, or if the radioactive material is discovered by a first

  13. Using Gamification to Raise Awareness of Cyber Threats to Critical National Infrastructure

    OpenAIRE

    Cook, Allan; Smith, Richard; Maglaras, Leandros; Janicke, Helge

    2016-01-01

    Linked to the SCIPS tabletop game Senior executives of critical national infrastructure facilities face competing requirements for investment budgets. Whilst the impact of a cyber attack upon such utilities is potentially catastrophic, the risks to continued operations from failing to upgrade ageing infrastructure, or not meeting mandated regulatory regimes, are considered higher given the demonstrable impact of such circumstances. As cyber attacks on critical national infrastructure remai...

  14. Security Economics and Critical National Infrastructure

    Science.gov (United States)

    Anderson, Ross; Fuloria, Shailendra

    There has been considerable effort and expenditure since 9/11 on the protection of ‘Critical National Infrastructure' against online attack. This is commonly interpreted to mean preventing online sabotage against utilities such as electricity,oil and gas, water, and sewage - including pipelines, refineries, generators, storage depots and transport facilities such as tankers and terminals. A consensus is emerging that the protection of such assets is more a matter of business models and regulation - in short, of security economics - than of technology. We describe the problems, and the state of play, in this paper. Industrial control systems operate in a different world from systems previously studied by security economists; we find the same issues (lock-in, externalities, asymmetric information and so on) but in different forms. Lock-in is physical, rather than based on network effects, while the most serious externalities result from correlated failure, whether from cascade failures, common-mode failures or simultaneous attacks. There is also an interesting natural experiment happening, in that the USA is regulating cyber security in the electric power industry, but not in oil and gas, while the UK is not regulating at all but rather encouraging industry's own efforts. Some European governments are intervening, while others are leaving cybersecurity entirely to plant owners to worry about. We already note some perverse effects of the U.S. regulation regime as companies game the system, to the detriment of overall dependability.

  15. Handbook on Securing Cyber-Physical Critical Infrastructure

    CERN Document Server

    Das, Sajal K; Zhang, Nan

    2012-01-01

    The worldwide reach of the Internet allows malicious cyber criminals to coordinate and launch attacks on both cyber and cyber-physical infrastructure from anywhere in the world. This purpose of this handbook is to introduce the theoretical foundations and practical solution techniques for securing critical cyber and physical infrastructures as well as their underlying computing and communication architectures and systems. Examples of such infrastructures include utility networks (e.g., electrical power grids), ground transportation systems (automotives, roads, bridges and tunnels), airports a

  16. The European cooperative approach to securing critical information infrastructure.

    Science.gov (United States)

    Purser, Steve

    2011-10-01

    This paper provides an overview of the EU approach to securing critical information infrastructure, as defined in the Action Plan contained in the Commission Communication of March 2009, entitled 'Protecting Europe from large-scale cyber-attacks and disruptions: enhancing preparedness, security and resilience' and further elaborated by the Communication of May 2011 on critical Information infrastructure protection 'Achievements and next steps: towards global cyber-security'. After explaining the need for pan-European cooperation in this area, the CIIP Action Plan is explained in detail. Finally, the current state of progress is summarised together with the proposed next steps.

  17. Critical infrastructure system security and resiliency

    CERN Document Server

    Biringer, Betty; Warren, Drake

    2013-01-01

    Security protections for critical infrastructure nodes are intended to minimize the risks resulting from an initiating event, whether it is an intentional malevolent act or a natural hazard. With an emphasis on protecting an infrastructure's ability to perform its mission or function, Critical Infrastructure System Security and Resiliency presents a practical methodology for developing an effective protection system that can either prevent undesired events or mitigate the consequences of such events.Developed at Sandia National Labs, the authors' analytical approach and

  18. After the year 2000: Critical infrastructure protection

    International Nuclear Information System (INIS)

    Dreicer, M.

    1999-01-01

    Presentation defines the critical infrastructure which includes: telecommunication, banking, transportation, electric energy, oil and gas supply, water supply, emergency services and government operations. The problem of protecting the critical infrastructure is is exposed in detail concerning physical protection and protection of information systems against cyberthreats

  19. Geographic Hotspots of Critical National Infrastructure.

    Science.gov (United States)

    Thacker, Scott; Barr, Stuart; Pant, Raghav; Hall, Jim W; Alderson, David

    2017-12-01

    Failure of critical national infrastructures can result in major disruptions to society and the economy. Understanding the criticality of individual assets and the geographic areas in which they are located is essential for targeting investments to reduce risks and enhance system resilience. Within this study we provide new insights into the criticality of real-life critical infrastructure networks by integrating high-resolution data on infrastructure location, connectivity, interdependence, and usage. We propose a metric of infrastructure criticality in terms of the number of users who may be directly or indirectly disrupted by the failure of physically interdependent infrastructures. Kernel density estimation is used to integrate spatially discrete criticality values associated with individual infrastructure assets, producing a continuous surface from which statistically significant infrastructure criticality hotspots are identified. We develop a comprehensive and unique national-scale demonstration for England and Wales that utilizes previously unavailable data from the energy, transport, water, waste, and digital communications sectors. The testing of 200,000 failure scenarios identifies that hotspots are typically located around the periphery of urban areas where there are large facilities upon which many users depend or where several critical infrastructures are concentrated in one location. © 2017 Society for Risk Analysis.

  20. The legal imperative to protect critical energy infrastructure

    Energy Technology Data Exchange (ETDEWEB)

    Shore, J.J.M.

    2008-03-15

    Canada's critical infrastructure is comprised of energy facilities, communications centres, finance, health care, food, government and transportation sectors. All sectors face a range of physical or cyber threats from terrorism and natural phenomenon. Failures or disruptions in the sectors can cascade through other systems and disrupt essential services. The power outage in 2003 demonstrated gaps in North America's emergency preparedness. In 2006, al-Qaida called for terrorist attacks on North American oil fields and pipelines, specifically targeting Canada. Studies have confirmed that Canada is vulnerable to attacks on energy infrastructure. Government agencies and the private sector must work ensure the safety of Canada's energy infrastructure, as the primary responsibility of government is the protection of its citizenry. The fulfilment of the government's commitment to national security cannot be achieved without protecting Canada's critical energy infrastructure. However, Canada has not yet provided a framework linking federal government with critical infrastructures, despite the fact that a draft strategy has been under development for several years. It was concluded that governments and the private sector should work together to reduce risks, protect the public, and secure the economy. National security litigation against the government and legal imperatives for energy facility owners and operators were also reviewed. 98 refs., 20 figs.

  1. Critical Infrastructure Protection: EMP Impacts on the U.S. Electric Grid

    Science.gov (United States)

    Boston, Edwin J., Jr.

    The purpose of this research is to identify the United States electric grid infrastructure systems vulnerabilities to electromagnetic pulse attacks and the cyber-based impacts of those vulnerabilities to the electric grid. Additionally, the research identifies multiple defensive strategies designed to harden the electric grid against electromagnetic pulse attack that include prevention, mitigation and recovery postures. Research results confirm the importance of the electric grid to the United States critical infrastructures system and that an electromagnetic pulse attack against the electric grid could result in electric grid degradation, critical infrastructure(s) damage and the potential for societal collapse. The conclusions of this research indicate that while an electromagnetic pulse attack against the United States electric grid could have catastrophic impacts on American society, there are currently many defensive strategies under consideration designed to prevent, mitigate and or recover from an electromagnetic pulse attack. However, additional research is essential to further identify future target hardening opportunities, efficient implementation strategies and funding resources.

  2. Network Randomization and Dynamic Defense for Critical Infrastructure Systems

    Energy Technology Data Exchange (ETDEWEB)

    Chavez, Adrian R. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Martin, Mitchell Tyler [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Hamlet, Jason [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Stout, William M.S. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Lee, Erik [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

    2015-04-01

    Critical Infrastructure control systems continue to foster predictable communication paths, static configurations, and unpatched systems that allow easy access to our nation's most critical assets. This makes them attractive targets for cyber intrusion. We seek to address these attack vectors by automatically randomizing network settings, randomizing applications on the end devices themselves, and dynamically defending these systems against active attacks. Applying these protective measures will convert control systems into moving targets that proactively defend themselves against attack. Sandia National Laboratories has led this effort by gathering operational and technical requirements from Tennessee Valley Authority (TVA) and performing research and development to create a proof-of-concept solution. Our proof-of-concept has been tested in a laboratory environment with over 300 nodes. The vision of this project is to enhance control system security by converting existing control systems into moving targets and building these security measures into future systems while meeting the unique constraints that control systems face.

  3. Critical energy infrastructure protection in Canada

    Energy Technology Data Exchange (ETDEWEB)

    Gendron, Angela [Canadian Centre for Intelligence and Security Studies, Carleton University (Canada)

    2010-12-15

    In Canada government acknowledged the need to protect energy assets against attacks. However, so far no strategy has been developed. The aim of this report is to present the characteristics of the energy sector in Canada, the threats, and how the government is responding to those threats. The energy sector in Canada is concentrated and diverse and is under not only terrorism or cyber attacks threats but also environmental threats. This report shows that the Government of Canada is focusing on the protection and assurance of important energy infrastructures but that they are facing several challenges resulting in long delays in the adoption of a formal strategy.

  4. 31 CFR 800.208 - Critical infrastructure.

    Science.gov (United States)

    2010-07-01

    ... 31 Money and Finance: Treasury 3 2010-07-01 2010-07-01 false Critical infrastructure. 800.208 Section 800.208 Money and Finance: Treasury Regulations Relating to Money and Finance (Continued) OFFICE... infrastructure means, in the context of a particular covered transaction, a system or asset, whether physical or...

  5. Extensible threat taxonomy for critical infrastructures

    NARCIS (Netherlands)

    Luiijf, H.A.M.; Nieuwenhuijs, A.H.

    2008-01-01

    The European Union-sponsored project Vital Infrastructure Threats and Assurance (VITA) has the objective of exploring and showing new paths in Critical Infrastructure Protection (CIP) R&D. This paper describes one of VITA’s results: the idea and the development of a novel extensible and generic

  6. Critical Infrastructure Information Disclosure and Homeland Security

    National Research Council Canada - National Science Library

    Moteff, John D; Stevens, Gina M

    2003-01-01

    Critical infrastructures have been defined as those systems and assets so vital to the United States that the incapacity of such systems and assets would have a debilitating impact on the United States...

  7. Critical Infrastructure Protection- Los Alamos National Laboratory

    Energy Technology Data Exchange (ETDEWEB)

    Bofman, Ryan K. [Los Alamos National Lab. (LANL), Los Alamos, NM (United States)

    2017-02-24

    Los Alamos National Laboratory (LANL) has been a key facet of Critical National Infrastructure since the nuclear bombing of Hiroshima exposed the nature of the Laboratory’s work in 1945. Common knowledge of the nature of sensitive information contained here presents a necessity to protect this critical infrastructure as a matter of national security. This protection occurs in multiple forms beginning with physical security, followed by cybersecurity, safeguarding of classified information, and concluded by the missions of the National Nuclear Security Administration.

  8. International Conference on Durability of Critical Infrastructure

    CERN Document Server

    Cherepetskaya, Elena; Pospichal, Vaclav

    2017-01-01

    This book presents the proceedings of the International Conference on Durability of Critical Infrastructure. Monitoring and Testing held in Satov, Czech Republic from 6 to 9 December 2016. It discusses the developments in the theoretical and practical aspects in the fields of Safety, Sustainability and Durability of the Critical Infrastructure. The contributions are dealing with monitoring and testing of structural and composite materials with a new methods for their using for protection and prevention of the selected objects.

  9. Collaborative Access Control For Critical Infrastructures

    Science.gov (United States)

    Baina, Amine; El Kalam, Anas Abou; Deswarte, Yves; Kaaniche, Mohamed

    A critical infrastructure (CI) can fail with various degrees of severity due to physical and logical vulnerabilities. Since many interdependencies exist between CIs, failures can have dramatic consequences on the entire infrastructure. This paper focuses on threats that affect information and communication systems that constitute the critical information infrastructure (CII). A new collaborative access control framework called PolyOrBAC is proposed to address security problems that are specific to CIIs. The framework offers each organization participating in a CII the ability to collaborate with other organizations while maintaining control of its resources and internal security policy. The approach is demonstrated on a practical scenario involving the electrical power grid.

  10. CRITICAL INFRASTRUCTURE PROTECTION WITHIN THE EUROPEAN UNION

    Directory of Open Access Journals (Sweden)

    Vasile N. POPA

    2013-01-01

    Full Text Available The new dynamics and intensity of the risks and threats posed to societal functioning and citizens’ security have acquired new meanings. Consequently, an integrated approach to the concept of ”critical infrastructure” is necessary. The critical nature of some of the basic characteristics of the critical infrastructures has made them acquire new meanings within the national/transnational strategic planning. Moreover, the complexity and importance of critical infrastructure protection for social stability have generated the correlaton of the strategies developed by states and organizations.

  11. 78 FR 11737 - Improving Critical Infrastructure Cybersecurity

    Science.gov (United States)

    2013-02-19

    ..., security, business confidentiality, privacy, and civil liberties. We can achieve these goals through a... security measures or controls on business confidentiality, and to protect individual privacy and civil... critical infrastructure demonstrate the need for improved cybersecurity. The cyber threat to critical...

  12. A threat analysis framework as applied to critical infrastructures in the Energy Sector.

    Energy Technology Data Exchange (ETDEWEB)

    Michalski, John T.; Duggan, David Patrick

    2007-09-01

    The need to protect national critical infrastructure has led to the development of a threat analysis framework. The threat analysis framework can be used to identify the elements required to quantify threats against critical infrastructure assets and provide a means of distributing actionable threat information to critical infrastructure entities for the protection of infrastructure assets. This document identifies and describes five key elements needed to perform a comprehensive analysis of threat: the identification of an adversary, the development of generic threat profiles, the identification of generic attack paths, the discovery of adversary intent, and the identification of mitigation strategies.

  13. Critical infrastructure security assessment, prevention, detection, response

    CERN Document Server

    FLAMMINI, F

    2012-01-01

    The most comprehensive handbook on critical infrastructures (CI), addressing both logical and physical security from an engineering point of view. The book surveys state-of-the-art methodologies and tools for CI analysis as well as strategies and technologies for CI protection.

  14. Critical infrastructure dependencies 1-0-1

    NARCIS (Netherlands)

    Luiijf, H.A.M.; Nieuwenhuijs, A.H.; Klaver, M.H.A.

    2008-01-01

    Most of our critical infrastructures consist of complex systems-of-systems that provide services or products. The coupling mechanism between the chained systems in such complex systems of systems is dependencies. Dependencies may propagate cascading failures. Most studies on dependencies in

  15. CHDS Sponsors Critical Infrastructure Protection Workshop

    OpenAIRE

    Center for Homeland Defense and Security

    2008-01-01

    Center for Homeland Defense and Security, PRESS RELEASES The NPS Center for Homeland Defense and Security in partnership with the U.S. Department of Homeland Security recently hosted its first Critical Infrastructure Protection Workshop. The workshop brought together practitioners and...

  16. Defense of Cyber Infrastructures Against Cyber-Physical Attacks Using Game-Theoretic Models.

    Science.gov (United States)

    Rao, Nageswara S V; Poole, Stephen W; Ma, Chris Y T; He, Fei; Zhuang, Jun; Yau, David K Y

    2016-04-01

    The operation of cyber infrastructures relies on both cyber and physical components, which are subject to incidental and intentional degradations of different kinds. Within the context of network and computing infrastructures, we study the strategic interactions between an attacker and a defender using game-theoretic models that take into account both cyber and physical components. The attacker and defender optimize their individual utilities, expressed as sums of cost and system terms. First, we consider a Boolean attack-defense model, wherein the cyber and physical subinfrastructures may be attacked and reinforced as individual units. Second, we consider a component attack-defense model wherein their components may be attacked and defended, and the infrastructure requires minimum numbers of both to function. We show that the Nash equilibrium under uniform costs in both cases is computable in polynomial time, and it provides high-level deterministic conditions for the infrastructure survival. When probabilities of successful attack and defense, and of incidental failures, are incorporated into the models, the results favor the attacker but otherwise remain qualitatively similar. This approach has been motivated and validated by our experiences with UltraScience Net infrastructure, which was built to support high-performance network experiments. The analytical results, however, are more general, and we apply them to simplified models of cloud and high-performance computing infrastructures. © 2015 Society for Risk Analysis.

  17. Cyber resilience: a review of critical national infrastructure and cyber security protection measures applied in the UK and USA.

    Science.gov (United States)

    Harrop, Wayne; Matteson, Ashley

    This paper presents cyber resilience as key strand of national security. It establishes the importance of critical national infrastructure protection and the growing vicarious nature of remote, well-planned, and well executed cyber attacks on critical infrastructures. Examples of well-known historical cyber attacks are presented, and the emergence of 'internet of things' as a cyber vulnerability issue yet to be tackled is explored. The paper identifies key steps being undertaken by those responsible for detecting, deterring, and disrupting cyber attacks on critical national infrastructure in the United Kingdom and the USA.

  18. 78 FR 57644 - Critical Infrastructure Partnership Advisory Council (CIPAC)

    Science.gov (United States)

    2013-09-19

    ... committee has completed its business. To accommodate as many speakers as possible, oral presentations will... infrastructure resilience. Topics such as the Executive Order for Improving Critical Infrastructure Cybersecurity...

  19. Critical Foundations: Protecting America's Infrastructures. The Report of the President's Commission on Critical Infrastructure Protection

    National Research Council Canada - National Science Library

    1997-01-01

    There is no doubt that our critical infrastructures are the best in the world-largely the result of the tremendous efficiency and global reach made possible by incorporation of our rapidly advancing...

  20. Neural Network Based Intrusion Detection System for Critical Infrastructures

    Energy Technology Data Exchange (ETDEWEB)

    Todd Vollmer; Ondrej Linda; Milos Manic

    2009-07-01

    Resiliency and security in control systems such as SCADA and Nuclear plant’s in today’s world of hackers and malware are a relevant concern. Computer systems used within critical infrastructures to control physical functions are not immune to the threat of cyber attacks and may be potentially vulnerable. Tailoring an intrusion detection system to the specifics of critical infrastructures can significantly improve the security of such systems. The IDS-NNM – Intrusion Detection System using Neural Network based Modeling, is presented in this paper. The main contributions of this work are: 1) the use and analyses of real network data (data recorded from an existing critical infrastructure); 2) the development of a specific window based feature extraction technique; 3) the construction of training dataset using randomly generated intrusion vectors; 4) the use of a combination of two neural network learning algorithms – the Error-Back Propagation and Levenberg-Marquardt, for normal behavior modeling. The presented algorithm was evaluated on previously unseen network data. The IDS-NNM algorithm proved to be capable of capturing all intrusion attempts presented in the network communication while not generating any false alerts.

  1. Dynamic Hazards In Critical Infrastructure Of State

    Directory of Open Access Journals (Sweden)

    Ostrowska Teresa

    2015-06-01

    Full Text Available The authors are interested in some aspects of a development project entitled “The methodology of risk assessment for the purposes of crisis management system RP (ID 193751”. The project funded by the National Research and Development Centre under the Competition 3/2012 (security and defense. As part of the project the following items were reviewed and analyzed: materials related to the Government Security Centre, already completed and available products of the project ID 193751, and literature relating to, among other things, crisis management, critical infrastructure, business continuity, security, and threats. The basic emphasis of the article is focused on the resource-critical infrastructure interpretation of the state, whereby the state is perceived as a complex administrative structure in which, on the basis of external and internal interactions of resources, the risk of threats measurement is done.

  2. Identification and Ranking of Critical Assets within an Electrical Grid under Threat of Cyber Attack

    Science.gov (United States)

    Boyer, Blake R.

    This paper examines the ranking of critical assets within an electrical grid under threat of cyber attack.1 Critical to this analysis is the assumption of zero hour exploits namely, the threat of an immediate attack as soon as a vulnerability is discovered. Modeling shows that over time load fluctuations as well as other system variations will change the importance of each asset in the delivery of bulk power. As opposed to classic stability studies where risk can be shown to be greatest during high load periods, the zero hour exploit-cyber-risk assumes that vulnerabilities will be attacked as soon as they are discovered. The probability of attacks is made uniform over time to include any and all possible attacks. Examining the impact of an attack and how the grid reacts immediately following an attack will identify and determine the criticality of each asset. This work endeavors to fulfill the NERC Critical Infrastructure Protection Requirements CIP-001-1 through CIP-009-2, cyber security requirements for the reliable supply of bulk power to customers throughout North America. 1Critical assets will here refer to facilities, systems, and equipment, which, if destroyed, degraded, or otherwise rendered unavailable, would affect the reliability or operability of the Bulk Electric System, NERC Glossary of Terms Used in Reliability Standards, 2009

  3. Critical Infrastructure References: Documented Literature Search

    Science.gov (United States)

    2012-10-01

    that the economy typically experiences following extreme events: (i) significant changes in consumption patterns due to lingering public fear and (ii...when making choices related to critical infrastructure and security. • The case studies are drawn from the Victorian Bushfires of 2009. o The first...case study covers the impact of the Victorian bushfires on environmental security, or more specifically, water supply. This case study highlights

  4. Critical Energy Infrastructure Protection in Canada

    Science.gov (United States)

    2010-12-01

    department for the Energy sector, has been pro- active and innovative in enhancing protection for national critical energy infrastructure (NCI). While...prospérité (PSP), mais des relations transfrontalières plus informelles entre les propriétaires/opérateurs et leurs associations industrielles ...create innovative solutions for CIP. 9. International Cooperation: participate in international CIP initiatives and to strengthen information-sharing

  5. DETERMINANTS OF RISK ASSESSMENT PROCESS IN CRITICAL ENERGY INFRASTRUCTURE

    Directory of Open Access Journals (Sweden)

    Przemysław Borkowski

    2016-06-01

    Full Text Available Article deals with the problem of risk assessment in critical energy infrastructure. Firstly the critical infrastructure in energy sector is discussed than risk identification methodology for application to critical infrastructure is proposed. Specific conditions resulting from features of critical infrastructure are addressed in the context of risk assessment procedure. The limits of such a procedure are outlined and critical factors influencing different stages of risk assessment process are researched in view of specificity of the sector.

  6. People at risk - nexus critical infrastructure and society

    Science.gov (United States)

    Heiser, Micha; Thaler, Thomas; Fuchs, Sven

    2016-04-01

    Strategic infrastructure networks include the highly complex and interconnected systems that are so vital to a city or state that any sudden disruption can result in debilitating impacts on human life, the economy and the society as a whole. Recently, various studies have applied complex network-based models to study the performance and vulnerability of infrastructure systems under various types of attacks and hazards - a major part of them is, particularly after the 9/11 incident, related to terrorism attacks. Here, vulnerability is generally defined as the performance drop of an infrastructure system under a given disruptive event. The performance can be measured by different metrics, which correspond to various levels of resilience. In this paper, we will address vulnerability and exposure of critical infrastructure in the Eastern Alps. The Federal State Tyrol is an international transport route and an essential component of the north-south transport connectivity in Europe. Any interruption of the transport flow leads to incommensurable consequences in terms of indirect losses, since the system does not feature redundant elements at comparable economic efficiency. Natural hazard processes such as floods, debris flows, rock falls and avalanches, endanger this infrastructure line, such as large flood events in 2005 or 2012, rock falls 2014, which had strong impacts to the critical infrastructure, such as disruption of the railway lines (in 2005 and 2012), highways and motorways (in 2014). The aim of this paper is to present how critical infrastructures as well as communities and societies are vulnerable and can be resilient against natural hazard risks and the relative cascading effects to different compartments (industrial, infrastructural, societal, institutional, cultural, etc.), which is the dominant by the type of hazard (avalanches, torrential flooding, debris flow, rock falls). Specific themes will be addressed in various case studies to allow cross

  7. 76 FR 55693 - Critical Infrastructure Partnership Advisory Council

    Science.gov (United States)

    2011-09-08

    ... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0055] Critical Infrastructure Partnership... Advisory Committee Meeting. SUMMARY: The Critical Infrastructure Partnership Advisory Council (CIPAC... meeting may adjourn early if the committee has completed its business. For additional information, please...

  8. Critical success factors in infrastructure projects

    Science.gov (United States)

    Zakaria, Siti Fairus; Zin, Rosli Mohamad; Mohamad, Ismail; Balubaid, Saeed; Mydin, Shaik Hussein; Mohd Rahim, E. M. Roodienyanto

    2017-11-01

    Construction of infrastructure project is different from buildings. The main difference is term of project site where infrastructure project need to command a long stretch while building mostly confine to a limited area. As such factors that are critical to infrastructure project may not be that significant to building project and vice versa. Flood mitigation can be classified under infrastructure projects under which their developments are planned by the government with the specific objective to reduce or avoid the negative effects of flood to the environment and livelihood. One of the indicators in project success is delay. The impact of project delay in construction industry is significant that it decelerates the projects implementation, specifically the government projects. This study attempted to identify and compare the success factors between infrastructure and building projects, as such comparison rarely found in the current literature. A model of flood mitigation projects' success factors was developed by merging the experts' views and reports from the existing literature. The experts' views were obtained from the responses to open-ended questions on the required fundamentals to achieve successful completion of flood mitigation projects. An affinity analysis was applied to these responses to develop the model. The developed model was then compared to the established success factors found in building project, extracted from the previous studies to identify the similarities and differences between the two models. This study would assist the government and construction players to become more effective in constructing successful flood mitigation projects for the future practice in a flood-prone country like Malaysia.

  9. Protecting infrastructure networks from cost-based attacks

    International Nuclear Information System (INIS)

    Wang Xingang; Guan Shuguang; Lai, Choy Heng

    2009-01-01

    It is well known that heterogeneous networks are vulnerable to the intentional removal of a small fraction of highly connected or loaded nodes, implying that to protect the network effectively, the important nodes should be allocated more defense resource than the others. However, if too much resource is allocated to the few important nodes, the numerous less-important nodes will be less protected, which if attacked together can still lead to devastating damage. A natural question is therefore how to efficiently distribute the limited defense resource among the network nodes such that the network damage is minimized against any attack strategy. In this paper, taking into account the factor of attack cost, the problem of network security is reconsidered in terms of efficient network defense against cost-based attacks. The results show that, for a general complex network, there exists an optimal distribution of the defense resource with which the network is best protected from cost-based attacks. Furthermore, it is found that the configuration of the optimal defense is dependent on the network parameters. Specifically, networks of larger size, sparser connection and more heterogeneous structure will more likely benefit from the defense optimization.

  10. Complexity and Vulnerability Analysis of Critical Infrastructures: A Methodological Approach

    Directory of Open Access Journals (Sweden)

    Yongliang Deng

    2017-01-01

    Full Text Available Vulnerability analysis of network models has been widely adopted to explore the potential impacts of random disturbances, deliberate attacks, and natural disasters. However, almost all these models are based on a fixed topological structure, in which the physical properties of infrastructure components and their interrelationships are not well captured. In this paper, a new research framework is put forward to quantitatively explore and assess the complexity and vulnerability of critical infrastructure systems. Then, a case study is presented to prove the feasibility and validity of the proposed framework. After constructing metro physical network (MPN, Pajek is employed to analyze its corresponding topological properties, including degree, betweenness, average path length, network diameter, and clustering coefficient. With a comprehensive understanding of the complexity of MPN, it would be beneficial for metro system to restrain original near-miss or accidents and support decision-making in emergency situations. Moreover, through the analysis of two simulation protocols for system component failure, it is found that the MPN turned to be vulnerable under the condition that the high-degree nodes or high-betweenness edges are attacked. These findings will be conductive to offer recommendations and proposals for robust design, risk-based decision-making, and prioritization of risk reduction investment.

  11. Water infrastructure protection against intentional attacks:An experience in Italy

    Institute of Scientific and Technical Information of China (English)

    Cristiana Di Cristo; Angelo Leopardi; Giovanni de Marinis

    2011-01-01

    In the last years many interesting studies were devoted to the development of technologies and methodologies for the protection of water supply systems against intentional attacks.However the application to real systems is still limited for different economical and technical reasons.The Water Engineering Laboratory (L.I.A.) of University of Cassino (Italy) was involved in two research projects financed by the European Commission in the framework of the European Programme for Critical Infrastructure Protection (E.P.C.I.P.).Both projects,developed in partnership with a large Italian Water Company,have the common objective of providing guidelines for enhancing security in water supply systems respect to the intentional contamination risk.The fmal product is represented by the arrangement of a general procedure for protection systems design of water networks.In the paper the procedure is described through the application to two real water systems,characterized by different size and behavior.

  12. Cyber Vulnerabilities Within Critical Infrastructure: The Flaws of Industrial Control Systems in the Oil and Gas Industry

    Science.gov (United States)

    Alpi, Danielle Marie

    The 16 sectors of critical infrastructure in the US are susceptible to cyber-attacks. Potential attacks come from internal and external threats. These attacks target the industrial control systems (ICS) of companies within critical infrastructure. Weakness in the energy sector's ICS, specifically the oil and gas industry, can result in economic and ecological disaster. The purpose of this study was to establish means for oil companies to identify and stop cyber-attacks specifically APT threats. This research reviewed current cyber vulnerabilities and ways in which a cyber-attack may be deterred. This research found that there are insecure devices within ICS that are not regularly updated. Therefore, security issues have amassed. Safety procedures and training thereof are often neglected. Jurisdiction is unclear in regard to critical infrastructure. The recommendations this research offers are further examination of information sharing methods, development of analytic platforms, and better methods for the implementation of defense-in-depth security measures.

  13. New concept of critical infrastructure strengthening

    International Nuclear Information System (INIS)

    Gazizov, Talgat R.; Orlov, Pavel E.; Zabolotsky, Alexander M.; Kuksenko, Sergey P.

    2016-01-01

    Strengthening of critical infrastructure is considered. Modal reservation of electronics is proposed as a new concept of the strengthening. The concept combines a widely used cold backup and a recently proposed modal filtration. It makes electronics reliable as well as protected against electromagnetic interference, especially the ultra-wide band pulses. New printed circuit board structure is suggested for implementation of the proposed concept. Results of simulation in time and frequency domains are presented for the suggested structures. Considerable attenuation of dangerous excitations shows that the new concept and structure are promising.

  14. New concept of critical infrastructure strengthening

    Energy Technology Data Exchange (ETDEWEB)

    Gazizov, Talgat R.; Orlov, Pavel E.; Zabolotsky, Alexander M.; Kuksenko, Sergey P. [Tomsk State University of Control Systems and Radioelectronics, 634050, Lenin Ave., Tomsk (Russian Federation)

    2016-06-08

    Strengthening of critical infrastructure is considered. Modal reservation of electronics is proposed as a new concept of the strengthening. The concept combines a widely used cold backup and a recently proposed modal filtration. It makes electronics reliable as well as protected against electromagnetic interference, especially the ultra-wide band pulses. New printed circuit board structure is suggested for implementation of the proposed concept. Results of simulation in time and frequency domains are presented for the suggested structures. Considerable attenuation of dangerous excitations shows that the new concept and structure are promising.

  15. Critical infrastructure protection research results of the first critical infrastructure protection research project in Hungary

    CERN Document Server

    Padányi, József

    2016-01-01

    This book presents recent research in the recognition of vulnerabilities of national systems and assets which gained special attention for the Critical Infrastructures in the last two decades. The book concentrates on R&D activities in the relation of Critical Infrastructures focusing on enhancing the performance of services as well as the level of security. The objectives of the book are based on a project entitled "Critical Infrastructure Protection Researches" (TÁMOP-4.2.1.B-11/2/KMR-2011-0001) which concentrated on innovative UAV solutions, robotics, cybersecurity, surface engineering, and mechatrinics and technologies providing safe operations of essential assets. This report is summarizing the methodologies and efforts taken to fulfill the goals defined. The project has been performed by the consortium of the Óbuda University and the National University of Public Service.

  16. Protecting water and wastewater infrastructure from cyber attacks

    Institute of Scientific and Technical Information of China (English)

    Srinivas Panguluri; William Phillips; John Cusimano

    2011-01-01

    Multiple organizations over the years have collected and analyzed data on cyber attacks and they all agree on one conclusion:cyber attacks are real and can cause significant damages.This paper presents some recent statistics on cyber attacks and resulting damages.Water and wastewater utilities must adopt countermeasures to prevent or minimize the damage in case of such attacks.Many unique challenges are faced by the water and wastewater industry while selecting and implementing security countermeasures; the key challenges are:1) the increasing interconnection of their business and control system networks,2) large variation of proprietary industrial control equipment utilized,3) multitude of cross-sector cyber-security standards,and 4) the differences in the equipment vendor's approaches to meet these security standards.The utilities can meet these challenges by voluntarily selecting and adopting security standards,conducting a gap analysis,performing vulnerability/risk analysis,and undertaking countermeasures that best meets their security and organizational requirements.Utilities should optimally utilize their limited resources to prepare and implement necessary programs that are designed to increase cyber-security over the years.Implementing cyber security does not necessarily have to be expensive,substantial improvements can be accomplished through policy,procedure,training and awareness.Utilities can also get creative and allocate more funding through annual budgets and reduce dependence upon capital improvement programs to achieve improvements in cyber-security.

  17. Protecting water and wastewater infrastructure from cyber attacks

    Science.gov (United States)

    Panguluri, Srinivas; Phillips, William; Cusimano, John

    2011-12-01

    Multiple organizations over the years have collected and analyzed data on cyber attacks and they all agree on one conclusion: cyber attacks are real and can cause significant damages. This paper presents some recent statistics on cyber attacks and resulting damages. Water and wastewater utilities must adopt countermeasures to prevent or minimize the damage in case of such attacks. Many unique challenges are faced by the water and wastewater industry while selecting and implementing security countermeasures; the key challenges are: 1) the increasing interconnection of their business and control system networks, 2) large variation of proprietary industrial control equipment utilized, 3) multitude of cross-sector cyber-security standards, and 4) the differences in the equipment vendor's approaches to meet these security standards. The utilities can meet these challenges by voluntarily selecting and adopting security standards, conducting a gap analysis, performing vulnerability/risk analysis, and undertaking countermeasures that best meets their security and organizational requirements. Utilities should optimally utilize their limited resources to prepare and implement necessary programs that are designed to increase cyber-security over the years. Implementing cyber security does not necessarily have to be expensive, substantial improvements can be accomplished through policy, procedure, training and awareness. Utilities can also get creative and allocate more funding through annual budgets and reduce dependence upon capital improvement programs to achieve improvements in cyber-security.

  18. Volcanic ash impacts on critical infrastructure

    Science.gov (United States)

    Wilson, Thomas M.; Stewart, Carol; Sword-Daniels, Victoria; Leonard, Graham S.; Johnston, David M.; Cole, Jim W.; Wardman, Johnny; Wilson, Grant; Barnard, Scott T.

    2012-01-01

    Volcanic eruptions can produce a wide range of hazards. Although phenomena such as pyroclastic flows and surges, sector collapses, lahars and ballistic blocks are the most destructive and dangerous, volcanic ash is by far the most widely distributed eruption product. Although ash falls rarely endanger human life directly, threats to public health and disruption to critical infrastructure services, aviation and primary production can lead to significant societal impacts. Even relatively small eruptions can cause widespread disruption, damage and economic loss. Volcanic eruptions are, in general, infrequent and somewhat exotic occurrences, and consequently in many parts of the world, the management of critical infrastructure during volcanic crises can be improved with greater knowledge of the likely impacts. This article presents an overview of volcanic ash impacts on critical infrastructure, other than aviation and fuel supply, illustrated by findings from impact assessment reconnaissance trips carried out to a wide range of locations worldwide by our international research group and local collaborators. ‘Critical infrastructure’ includes those assets, frequently taken for granted, which are essential for the functioning of a society and economy. Electricity networks are very vulnerable to disruption from volcanic ash falls. This is particularly the case when fine ash is erupted because it has a greater tendency to adhere to line and substation insulators, where it can cause flashover (unintended electrical discharge) which can in turn cause widespread and disruptive outages. Weather conditions are a major determinant of flashover risk. Dry ash is not conductive, and heavy rain will wash ash from insulators, but light rain/mist will mobilise readily-soluble salts on the surface of the ash grains and lower the ash layer’s resistivity. Wet ash is also heavier than dry ash, increasing the risk of line breakage or tower/pole collapse. Particular issues for water

  19. Vulnerability analysis and critical areas identification of the power systems under terrorist attacks

    Science.gov (United States)

    Wang, Shuliang; Zhang, Jianhua; Zhao, Mingwei; Min, Xu

    2017-05-01

    This paper takes central China power grid (CCPG) as an example, and analyzes the vulnerability of the power systems under terrorist attacks. To simulate the intelligence of terrorist attacks, a method of critical attack area identification according to community structures is introduced. Meanwhile, three types of vulnerability models and the corresponding vulnerability metrics are given for comparative analysis. On this basis, influence of terrorist attacks on different critical areas is studied. Identifying the vulnerability of different critical areas will be conducted. At the same time, vulnerabilities of critical areas under different tolerance parameters and different vulnerability models are acquired and compared. Results show that only a few number of vertex disruptions may cause some critical areas collapse completely, they can generate great performance losses the whole systems. Further more, the variation of vulnerability values under different scenarios is very large. Critical areas which can cause greater damage under terrorist attacks should be given priority of protection to reduce vulnerability. The proposed method can be applied to analyze the vulnerability of other infrastructure systems, they can help decision makers search mitigation action and optimum protection strategy.

  20. Attacks and their Defenses for Advanced Metering Infrastructure

    DEFF Research Database (Denmark)

    Lighari, Sheeraz Niaz; Hussain, Dil Muhammad Akbar; Bak-Jensen, Birgitte

    2014-01-01

    The smart grid is the digitized, modernized, updated version of archaic traditional electric grid. Advanced Metering Infrastructure (AMI) is an imperative part of the smart grid. It has replaced legacy metering, as it reports the energy consumption to the utility automatically through communicati...

  1. ShadowNet: An Active Defense Infrastructure for Insider Cyber Attack Prevention

    Energy Technology Data Exchange (ETDEWEB)

    Cui, Xiaohui [ORNL; Beaver, Justin M [ORNL; Treadwell, Jim N [ORNL

    2012-01-01

    The ShadowNet infrastructure for insider cyber attack prevention is comprised of a tiered server system that is able to dynamically redirect dangerous/suspicious network traffic away from production servers that provide web, ftp, database and other vital services to cloned virtual machines in a quarantined environment. This is done transparently from the point of view of both the attacker and normal users. Existing connections, such as SSH sessions, are not interrupted. Any malicious activity performed by the attacker on a quarantined server is not reflected on the production server. The attacker is provided services from the quarantined server, which creates the impression that the attacks performed are successful. The activities of the attacker on the quarantined system are able to be recorded much like a honeypot system for forensic analysis.

  2. 77 FR 59203 - Critical Infrastructure Partnership Advisory Council (CIPAC)

    Science.gov (United States)

    2012-09-26

    ... Infrastructure Partnership Advisory Council. [FR Doc. 2012-23666 Filed 9-25-12; 8:45 am] BILLING CODE 9910-9P-P ... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2012-0051] Critical Infrastructure Partnership... meeting. SUMMARY: The Critical Infrastructure Partnership Advisory Council (CIPAC) Plenary Meeting will be...

  3. 75 FR 60771 - Critical Infrastructure Partnership Advisory Council (CIPAC)

    Science.gov (United States)

    2010-10-01

    ... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2010-0080] Critical Infrastructure Partnership... that the meeting may adjourn early if the committee has completed its business. For additional..., Section Chief Partnership Programs, Partnership and Outreach Division, Office of Infrastructure Protection...

  4. Visualizing common operating picture of critical infrastructure

    Science.gov (United States)

    Rummukainen, Lauri; Oksama, Lauri; Timonen, Jussi; Vankka, Jouko

    2014-05-01

    This paper presents a solution for visualizing the common operating picture (COP) of the critical infrastructure (CI). The purpose is to improve the situational awareness (SA) of the strategic-level actor and the source system operator in order to support decision making. The information is obtained through the Situational Awareness of Critical Infrastructure and Networks (SACIN) framework. The system consists of an agent-based solution for gathering, storing, and analyzing the information, and a user interface (UI) is presented in this paper. The UI consists of multiple views visualizing information from the CI in different ways. Different CI actors are categorized in 11 separate sectors, and events are used to present meaningful incidents. Past and current states, together with geographical distribution and logical dependencies, are presented to the user. The current states are visualized as segmented circles to represent event categories. Geographical distribution of assets is displayed with a well-known map tool. Logical dependencies are presented in a simple directed graph, and users also have a timeline to review past events. The objective of the UI is to provide an easily understandable overview of the CI status. Therefore, testing methods, such as a walkthrough, an informal walkthrough, and the Situation Awareness Global Assessment Technique (SAGAT), were used in the evaluation of the UI. Results showed that users were able to obtain an understanding of the current state of CI, and the usability of the UI was rated as good. In particular, the designated display for the CI overview and the timeline were found to be efficient.

  5. RISK ANALYSIS AND EVALUATION FOR CRITICAL LOGISTICAL INFRASTRUCTURE

    Directory of Open Access Journals (Sweden)

    Sascha Düerkop

    2016-12-01

    Full Text Available Logistical infrastructure builds the backbone of an economy. Without an effective logistical infrastructure in place, the supply for both enterprises and consumers might not be met. But even a high-quality logistical infrastructure can be threatened by risks. Thus, it is important to identify, analyse, and evaluate risks for logistical infrastructure that might threaten logistical processes. Only if those risks are known and their impact estimated, decision makers can implement counteractive measures to reduce risks. In this article, we develop a network-based approach that allows for the evaluation of risks and their consequences onto the logistical network. We will demonstrate the relevance of this approach by applying it to the logistics network of the central German state of Hesse. Even though transport data is extensively tracked and recorded nowadays, typical daily risks, like accidents on a motorway, and extraordinary risks, like a bridge at risk to collapse, terrorist attacks or climate-related catastrophes, are not systematically anticipated. Several studies unveiled recently that the overall impact for an economy of possible failures of single nodes and/or edges in a network are not calculated, and particularly critical edges are not identified in advance. We address this information gap by a method that helps to identify and quantify risks in a given network. To reach this objective, we define a mathematical optimization model that quantifies the current “risk-related costs” of the overall network and quantify the risk by investigating the change of the overall costs in the case a risk is realized.

  6. The Framework for Simulation of Bioinspired Security Mechanisms against Network Infrastructure Attacks

    Directory of Open Access Journals (Sweden)

    Andrey Shorov

    2014-01-01

    Full Text Available The paper outlines a bioinspired approach named “network nervous system" and methods of simulation of infrastructure attacks and protection mechanisms based on this approach. The protection mechanisms based on this approach consist of distributed prosedures of information collection and processing, which coordinate the activities of the main devices of a computer network, identify attacks, and determine nessesary countermeasures. Attacks and protection mechanisms are specified as structural models using a set-theoretic approach. An environment for simulation of protection mechanisms based on the biological metaphor is considered; the experiments demonstrating the effectiveness of the protection mechanisms are described.

  7. The framework for simulation of bioinspired security mechanisms against network infrastructure attacks.

    Science.gov (United States)

    Shorov, Andrey; Kotenko, Igor

    2014-01-01

    The paper outlines a bioinspired approach named "network nervous system" and methods of simulation of infrastructure attacks and protection mechanisms based on this approach. The protection mechanisms based on this approach consist of distributed procedures of information collection and processing, which coordinate the activities of the main devices of a computer network, identify attacks, and determine necessary countermeasures. Attacks and protection mechanisms are specified as structural models using a set-theoretic approach. An environment for simulation of protection mechanisms based on the biological metaphor is considered; the experiments demonstrating the effectiveness of the protection mechanisms are described.

  8. Critical Infrastructure Awareness Required by Civil Emergency Planning

    NARCIS (Netherlands)

    Luiijf, H.A.M.; Klaver, M.H.A.

    2005-01-01

    Modern societies are increasingly dependent on a set of critical products and services which comprise the Critical Infrastructure (CI). This makes Critical infrastructures increasingly important as a planning factor in case of emergencies. For that reason, we studied a number of emergencies and a

  9. Risk and Interdependencies in Critical Infrastructures A Guideline for Analysis

    CERN Document Server

    Utne, Ingrid; Vatn, Jørn

    2012-01-01

    Today’s society is completely dependent on critical networks such as  water supply, sewage, electricity, ICT and transportation. Risk and vulnerability analyses are needed to grasp the impact of threats and hazards. However, these become quite complex as there are strong interdependencies both within and between infrastructure systems. Risk and Interdependencies in Critical Infrastructures: A  guideline for analysis provides methods for analyzing risks and interdependencies of critical infrastructures.  A number of analysis approaches are described and are adapted to each of these infrastructures. Various approaches are also revised, and all are supported by several examples and illustrations. Particular emphasis is given to the analysis of various interdependencies that often exist between the infrastructures.  Risk and Interdependencies in Critical Infrastructures: A  guideline for analysis provides a good tool to identify the hazards that are threatening your infrastructures, and will enhance the un...

  10. Review on modeling and simulation of interdependent critical infrastructure systems

    International Nuclear Information System (INIS)

    Ouyang, Min

    2014-01-01

    Modern societies are becoming increasingly dependent on critical infrastructure systems (CISs) to provide essential services that support economic prosperity, governance, and quality of life. These systems are not alone but interdependent at multiple levels to enhance their overall performance. However, recent worldwide events such as the 9/11 terrorist attack, Gulf Coast hurricanes, the Chile and Japanese earthquakes, and even heat waves have highlighted that interdependencies among CISs increase the potential for cascading failures and amplify the impact of both large and small scale initial failures into events of catastrophic proportions. To better understand CISs to support planning, maintenance and emergency decision making, modeling and simulation of interdependencies across CISs has recently become a key field of study. This paper reviews the studies in the field and broadly groups the existing modeling and simulation approaches into six types: empirical approaches, agent based approaches, system dynamics based approaches, economic theory based approaches, network based approaches, and others. Different studies for each type of the approaches are categorized and reviewed in terms of fundamental principles, such as research focus, modeling rationale, and the analysis method, while different types of approaches are further compared according to several criteria, such as the notion of resilience. Finally, this paper offers future research directions and identifies critical challenges in the field. - Highlights: • Modeling approaches on interdependent critical infrastructure systems are reviewed. • I mainly review empirical, agent-based, system-dynamics, economic, network approaches. • Studies by each approach are sorted out in terms of fundamental principles. • Different approaches are further compared with resilience as the main criterion

  11. Assessing Vulnerabilities, Risks, and Consequences of Damage to Critical Infrastructure

    International Nuclear Information System (INIS)

    Suski, N.; Wuest, C.

    2011-01-01

    Since the publication of 'Critical Foundations: Protecting America's Infrastructure,' there has been a keen understanding of the complexity, interdependencies, and shared responsibility required to protect the nation's most critical assets that are essential to our way of life. The original 5 sectors defined in 1997 have grown to 18 Critical Infrastructures and Key Resources (CIKR), which are discussed in the 2009 National Infrastructure Protection Plan (NIPP) and its supporting sector-specific plans. The NIPP provides the structure for a national program dedicated to enhanced protection and resiliency of the nation's infrastructure. Lawrence Livermore National Laboratory (LLNL) provides in-depth, multi-disciplinary assessments of threat, vulnerability, and consequence across all 18 sectors at scales ranging from specific facilities to infrastructures spanning multi-state regions, such as the Oil and Natural Gas (ONG) sector. Like many of the CIKR sectors, the ONG sector is comprised of production, processing, distribution, and storage of highly valuable and potentially dangerous commodities. Furthermore, there are significant interdependencies with other sectors, including transportation, communication, finance, and government. Understanding the potentially devastating consequences and collateral damage resulting from a terrorist attack or natural event is an important element of LLNL's infrastructure security programs. Our work began in the energy sector in the late 1990s and quickly expanded other critical infrastructure sectors. We have performed over 600 physical assessments with a particular emphasis on those sectors that utilize, store, or ship potentially hazardous materials and for whom cyber security is important. The success of our approach is based on building awareness of vulnerabilities and risks and working directly with industry partners to collectively advance infrastructure protection. This approach consists of three phases: The Pre

  12. Critical infrastructure monitoring using UAV imagery

    Science.gov (United States)

    Maltezos, Evangelos; Skitsas, Michael; Charalambous, Elisavet; Koutras, Nikolaos; Bliziotis, Dimitris; Themistocleous, Kyriacos

    2016-08-01

    The constant technological evolution in Computer Vision enabled the development of new techniques which in conjunction with the use of Unmanned Aerial Vehicles (UAVs) may extract high quality photogrammetric products for several applications. Dense Image Matching (DIM) is a Computer Vision technique that can generate a dense 3D point cloud of an area or object. The use of UAV systems and DIM techniques is not only a flexible and attractive solution to produce accurate and high qualitative photogrammetric results but also is a major contribution to cost effectiveness. In this context, this study aims to highlight the benefits of the use of the UAVs in critical infrastructure monitoring applying DIM. A Multi-View Stereo (MVS) approach using multiple images (RGB digital aerial and oblique images), to fully cover the area of interest, is implemented. The application area is an Olympic venue in Attica, Greece, at an area of 400 acres. The results of our study indicate that the UAV+DIM approach respond very well to the increasingly greater demands for accurate and cost effective applications when provided with, a 3D point cloud and orthomosaic.

  13. Assessing dependability and resilience in critical infrastructures: challenges and opportunities

    NARCIS (Netherlands)

    Avritzer, Alberto; Di Giandomenico, Felicita; Remke, Anne Katharina Ingrid; Riedl, Martin; Wolter, Katinka; Avritzer, Alberto; Vieira, Marco; van Moorsel, Aad

    2012-01-01

    Critical infrastructures (CI) are very complex and highly interdependent systems, networks and assets that provide essential services in our daily life. Most CI are either built upon or monitored and controlled by vulnerable information and communication technology (ICT) systems. Critical

  14. A fault diagnosis system for interdependent critical infrastructures based on HMMs

    International Nuclear Information System (INIS)

    Ntalampiras, Stavros; Soupionis, Yannis; Giannopoulos, Georgios

    2015-01-01

    Modern society depends on the smooth functioning of critical infrastructures which provide services of fundamental importance, e.g. telecommunications and water supply. These infrastructures may suffer from faults/malfunctions coming e.g. from aging effects or they may even comprise targets of terrorist attacks. Prompt detection and accommodation of these situations is of paramount significance. This paper proposes a probabilistic modeling scheme for analyzing malicious events appearing in interdependent critical infrastructures. The proposed scheme is based on modeling the relationship between datastreams coming from two network nodes by means of a hidden Markov model (HMM) trained on the parameters of linear time-invariant dynamic systems which estimate the relationships existing among the specific nodes over consecutive time windows. Our study includes an energy network (IEEE 30 model bus) operated via a telecommunications infrastructure. The relationships among the elements of the network of infrastructures are represented by an HMM and the novel data is categorized according to its distance (computed in the probabilistic space) from the training ones. We considered two types of cyber-attacks (denial of service and integrity/replay) and report encouraging results in terms of false positive rate, false negative rate and detection delay. - Highlights: • An HMM-based scheme is proposed for analyzing malicious events in critical infrastructures. • We use the IEEE 30 model bus operated via an emulated ICT infrastructure. • Novel data is categorized based on its probabilistic distance from the training one. • We considered two types of cyber-attacks and report results of extensive experiments

  15. Cyber Security Threats to Safety-Critical, Space-Based Infrastructures

    Science.gov (United States)

    Johnson, C. W.; Atencia Yepez, A.

    2012-01-01

    Space-based systems play an important role within national critical infrastructures. They are being integrated into advanced air-traffic management applications, rail signalling systems, energy distribution software etc. Unfortunately, the end users of communications, location sensing and timing applications often fail to understand that these infrastructures are vulnerable to a wide range of security threats. The following pages focus on concerns associated with potential cyber-attacks. These are important because future attacks may invalidate many of the safety assumptions that support the provision of critical space-based services. These safety assumptions are based on standard forms of hazard analysis that ignore cyber-security considerations This is a significant limitation when, for instance, security attacks can simultaneously exploit multiple vulnerabilities in a manner that would never occur without a deliberate enemy seeking to damage space based systems and ground infrastructures. We address this concern through the development of a combined safety and security risk assessment methodology. The aim is to identify attack scenarios that justify the allocation of additional design resources so that safety barriers can be strengthened to increase our resilience against security threats.

  16. PKI Layer Cake: New Collision Attacks against the Global X.509 Infrastructure

    Science.gov (United States)

    Kaminsky, Dan; Patterson, Meredith L.; Sassaman, Len

    Research unveiled in December of 2008 [15] showed how MD5's long-known flaws could be actively exploited to attack the real-worldCertification Authority infrastructure. In this paper, we demonstrate two new classes of collision, which will be somewhat trickier to address than previous attacks against X.509: the applicability of MD2 preimage attacks against the primary root certificate for Verisign, and the difficulty of validating X.509 Names contained within PKCS#10 Certificate Requests.We also draw particular attention to two possibly unrecognized vectors for implementation flaws that have been problematic in the past: the ASN.1 BER decoder required to parsePKCS#10, and the potential for SQL injection fromtext contained within its requests. Finally, we explore why the implications of these attacks are broader than some have realized - first, because Client Authentication is sometimes tied to X.509, and second, because Extended Validation certificates were only intended to stop phishing attacks from names similar to trusted brands. As per the work of Adam Barth and Collin Jackson [4], EV does not prevent an attacker who can synthesize or acquire a "low assurance" certificate for a given name from acquiring the "green bar" EV experience.

  17. Flood vulnerability of critical infrastructure in Cork, Ireland

    Directory of Open Access Journals (Sweden)

    de Bruijn Karin M.

    2016-01-01

    Full Text Available Recent flood events in Ireland and particularly in County Cork have caused significant disruption to health service provisions, interruption of water and power supplies, and damage to roads and other transportation infrastructure, affecting the lives of hundreds of thousands of people over a prolonged period of weeks. These events clearly reveal- the vulnerability of the critical infrastructure to flooding and the dependence of society on critical infrastructure. In order to reduce the flood vulnerability and increase the resilience of the critical infrastructure networks in the future, detailed evidence-based analysis and assessment is essential. To this end a case study has been carried out on Cork City which analyses this vulnerability as it was in 2009, and as it is currently, and identifies adaptation options to reduce the future vulnerability of critical infrastructure to flooding and to build a more resilient society. This paper describes the storyline approach and CIrcle tool and their application to Cork City which focused on the analysis of the flood vulnerability of critical infrastructure and the impacts of failure of the infrastructure for other critical functions and on society.

  18. 78 FR 76986 - Version 5 Critical Infrastructure Protection Reliability Standards

    Science.gov (United States)

    2013-12-20

    ...; Order No. 791] Version 5 Critical Infrastructure Protection Reliability Standards AGENCY: Federal Energy... 72755). The regulations approved certain reliability standards proposed by the North American Electric... Infrastructure Protection Reliability Standards, 145 FERC ] 61,160 (2013). This errata notice serves to correct P...

  19. 78 FR 27113 - Version 5 Critical Infrastructure Protection Reliability Standards

    Science.gov (United States)

    2013-05-09

    ... approve certain reliability standards proposed by the North American Electric Reliability Corporation... Infrastructure Protection Reliability Standards, 143 FERC ] 61,055 (2013). This errata notice serves to correct P... Commission 18 CFR Part 40 [Docket No. RM13-5-000] Version 5 Critical Infrastructure Protection Reliability...

  20. Critical Infrastructure Protection and Information Assurance (CIPIA) Fellow Program

    National Research Council Canada - National Science Library

    Chen, Peter

    2003-01-01

    LSU was one of the universities chosen to participate in the project of training new researchers to work on the Critical Infrastructure Protection and Information Assurance (CIPIA) areas. Three Ph.D...

  1. 76 FR 50487 - Protected Critical Infrastructure Information (PCII) Stakeholder Survey

    Science.gov (United States)

    2011-08-15

    ... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0018] Protected Critical Infrastructure Information (PCII) Stakeholder Survey AGENCY: National Protection and Programs Directorate, DHS. ACTION: 30... Department of Homeland Security (DHS), National Protection and Programs Directorate (NPPD), Office of...

  2. 76 FR 17935 - Protected Critical Infrastructure Information (PCII) Stakeholder Survey

    Science.gov (United States)

    2011-03-31

    ... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0018] Protected Critical Infrastructure Information (PCII) Stakeholder Survey AGENCY: National Protection and Programs Directorate, DHS. ACTION: 60... Department of Homeland Security (DHS), National Protection and Programs Directorate (NPPD), Office of...

  3. DURIP: Mitigating Attacks on Mobile Devices and Critical Cellular Infrastructure

    Science.gov (United States)

    2016-03-03

    services. From mobile banking and location- based services to the real-time streaming of music and video, cellular networks now provide advanced voice...time streaming of music and video, cellular networks now provide advanced voice and data services to more than 4.5 billion subscribers around the world...will receive scholarships or fellowships for further studies in science , mathematics, engineering or technology fields: Student Metrics This section

  4. Risk Assessment Methodology for Protecting Our Critical Physical Infrastructures

    Energy Technology Data Exchange (ETDEWEB)

    BIRINGER,BETTY E.; DANNEELS,JEFFREY J.

    2000-12-13

    Critical infrastructures are central to our national defense and our economic well-being, but many are taken for granted. Presidential Decision Directive (PDD) 63 highlights the importance of eight of our critical infrastructures and outlines a plan for action. Greatly enhanced physical security systems will be required to protect these national assets from new and emerging threats. Sandia National Laboratories has been the lead laboratory for the Department of Energy (DOE) in developing and deploying physical security systems for the past twenty-five years. Many of the tools, processes, and systems employed in the protection of high consequence facilities can be adapted to the civilian infrastructure.

  5. Critical infrastructure – content, structure and problems of its protection

    Directory of Open Access Journals (Sweden)

    Ladislav Hofreiter

    2014-06-01

    Full Text Available Security, economic and social stability of the country, its functionality but also protecting the lives and property of citizens are dependent on the proper functioning of many infrastructure systems of state. Disruptions, lack or destruction of such systems, institutions, facilities and other services could cause disruption of social stability and national security, provoke a crisis situation or seriously affect the operation of state and local governments in crisis situations. This is known as critical infrastructure. It is in the interest of the State to the critical infrastructure effectively protected.

  6. Intelligent monitoring, control, and security of critical infrastructure systems

    CERN Document Server

    Polycarpou, Marios

    2015-01-01

    This book describes the challenges that critical infrastructure systems face, and presents state of the art solutions to address them. How can we design intelligent systems or intelligent agents that can make appropriate real-time decisions in the management of such large-scale, complex systems? What are the primary challenges for critical infrastructure systems? The book also provides readers with the relevant information to recognize how important infrastructures are, and their role in connection with a society’s economy, security and prosperity. It goes on to describe state-of-the-art solutions to address these points, including new methodologies and instrumentation tools (e.g. embedded software and intelligent algorithms) for transforming and optimizing target infrastructures. The book is the most comprehensive resource to date for professionals in both the private and public sectors, while also offering an essential guide for students and researchers in the areas of modeling and analysis of critical in...

  7. Critical Infrastructure Interdependency Modeling: A Survey of U.S. and International Research

    Energy Technology Data Exchange (ETDEWEB)

    2006-08-01

    The Nation’s health, wealth, and security rely on the production and distribution of certain goods and services. The array of physical assets, processes, and organizations across which these goods and services move are called "critical infrastructures".1 This statement is as true in the U.S. as in any country in the world. Recent world events such as the 9-11 terrorist attacks, London bombings, and gulf coast hurricanes have highlighted the importance of stable electric, gas and oil, water, transportation, banking and finance, and control and communication infrastructure systems. Be it through direct connectivity, policies and procedures, or geospatial proximity, most critical infrastructure systems interact. These interactions often create complex relationships, dependencies, and interdependencies that cross infrastructure boundaries. The modeling and analysis of interdependencies between critical infrastructure elements is a relatively new and very important field of study. The U.S. Technical Support Working Group (TSWG) has sponsored this survey to identify and describe this current area of research including the current activities in this field being conducted both in the U.S. and internationally. The main objective of this study is to develop a single source reference of critical infrastructure interdependency modeling tools (CIIMT) that could be applied to allow users to objectively assess the capabilities of CIIMT. This information will provide guidance for directing research and development to address the gaps in development. The results will inform researchers of the TSWG Infrastructure Protection Subgroup of research and development efforts and allow a more focused approach to addressing the needs of CIIMT end-user needs. This report first presents the field of infrastructure interdependency analysis, describes the survey methodology, and presents the leading research efforts in both a cumulative table and through individual datasheets. Data was

  8. Analysis of Critical Infrastructure Dependencies and Interdependencies

    Energy Technology Data Exchange (ETDEWEB)

    Petit, Frederic [Argonne National Lab. (ANL), Argonne, IL (United States); Verner, Duane [Argonne National Lab. (ANL), Argonne, IL (United States); Brannegan, David [Argonne National Lab. (ANL), Argonne, IL (United States); Buehring, William [Argonne National Lab. (ANL), Argonne, IL (United States); Dickinson, David [Argonne National Lab. (ANL), Argonne, IL (United States); Guziel, Karen [Argonne National Lab. (ANL), Argonne, IL (United States); Haffenden, Rebecca [Argonne National Lab. (ANL), Argonne, IL (United States); Phillips, Julia [Argonne National Lab. (ANL), Argonne, IL (United States); Peerenboom, James [Argonne National Lab. (ANL), Argonne, IL (United States)

    2015-06-01

    The report begins by defining dependencies and interdependencies and exploring basic concepts of dependencies in order to facilitate a common understanding and consistent analytical approaches. Key concepts covered include; Characteristics of dependencies: upstream dependencies, internal dependencies, and downstream dependencies; Classes of dependencies: physical, cyber, geographic, and logical; and Dimensions of dependencies: operating environment, coupling and response behavior, type of failure, infrastructure characteristics, and state of operations From there, the report proposes a multi-phase roadmap to support dependency and interdependency assessment activities nationwide, identifying a range of data inputs, analysis activities, and potential products for each phase, as well as key steps needed to progress from one phase to the next. The report concludes by outlining a comprehensive, iterative, and scalable framework for analyzing dependencies and interdependencies that stakeholders can integrate into existing risk and resilience assessment efforts.

  9. Development of the efficient emergency preparedness system for the nuclear critical infrastructure

    International Nuclear Information System (INIS)

    Kostadinov, V.; Marn, J.; Petelin, S.

    2007-01-01

    The evaluation of the critical nuclear infrastructure vulnerability to threats like human occurrences, terrorist attacks and natural disasters and the preparation of emergency response plans with the estimation of optimized costs are of the vital importance for the assurance of a safe nuclear facilities operation and the national security. In the past national emergency systems did not include vulnerability assessments of the critical nuclear infrastructure as the important part of the comprehensive preparedness framework. The fundamental aims of the efficient emergency preparedness and response system are to provide a sustained emergency readiness and to prevent an emergency situation and accidents. But when an event happens the mission is to mitigate consequences and to protect the people and environment against the nuclear and radiological damage. The efficient emergency response system, which would be activated in the case of the nuclear and/or radiological emergency and release of the radioactivity to the environment, is an important element of a comprehensive system of the nuclear and radiation safety. In the article the new methodology for the critical nuclear infrastructure vulnerability assessment as a missing part of an efficient emergency preparedness system is presented. It can help the overall national energy sectors to identify and better understand the terrorist threats and vulnerabilities of their critical infrastructure. The presented methodology could also facilitate national agencies to develop and implement a vulnerability awareness and education programs for their critical assets to enhance the security, reliability and safe operation of the whole energy infrastructure. The vulnerability assessment methodology will also assist nuclear power plants to develop, validate, and disseminate the assessment and survey of new efficient countermeasures. The significant benefits of the new vulnerability assessment research are to increase nuclear power

  10. A reference model for model-based design of critical infrastructure protection systems

    Science.gov (United States)

    Shin, Young Don; Park, Cheol Young; Lee, Jae-Chon

    2015-05-01

    Today's war field environment is getting versatile as the activities of unconventional wars such as terrorist attacks and cyber-attacks have noticeably increased lately. The damage caused by such unconventional wars has also turned out to be serious particularly if targets are critical infrastructures that are constructed in support of banking and finance, transportation, power, information and communication, government, and so on. The critical infrastructures are usually interconnected to each other and thus are very vulnerable to attack. As such, to ensure the security of critical infrastructures is very important and thus the concept of critical infrastructure protection (CIP) has come. The program to realize the CIP at national level becomes the form of statute in each country. On the other hand, it is also needed to protect each individual critical infrastructure. The objective of this paper is to study on an effort to do so, which can be called the CIP system (CIPS). There could be a variety of ways to design CIPS's. Instead of considering the design of each individual CIPS, a reference model-based approach is taken in this paper. The reference model represents the design of all the CIPS's that have many design elements in common. In addition, the development of the reference model is also carried out using a variety of model diagrams. The modeling language used therein is the systems modeling language (SysML), which was developed and is managed by Object Management Group (OMG) and a de facto standard. Using SysML, the structure and operational concept of the reference model are designed to fulfil the goal of CIPS's, resulting in the block definition and activity diagrams. As a case study, the operational scenario of the nuclear power plant while being attacked by terrorists is studied using the reference model. The effectiveness of the results is also analyzed using multiple analysis models. It is thus expected that the approach taken here has some merits

  11. Seismic Barrier Protection of Critical Infrastructure

    Science.gov (United States)

    2017-05-14

    structures , earthquake mitigation I. Introduction Damage caused by earthquakes to critical structures such as nuclear power plants, regional hospitals...the seismic power drop in dB to magnitude drop using the seismic moment magnitude scale, Mw. In figures 5 and 6, the V-trench structure as modeled...representing geological media and V-shaped muffler borehole / trench component structures . Bottom: In this simple analysis, the power drop observed

  12. Synthesis centers as critical research infrastructure

    Science.gov (United States)

    Baron, Jill S.; Specht, Alison; Garnier, Eric; Bishop, Pamela; Campbell, C. Andrew; Davis, Frank W.; Fady, Bruno; Field, Dawn; Gross, Louis J.; Guru, Siddeswara M.; Halpern, Benjamin S; Hampton, Stephanie E.; Leavitt, Peter R.; Meagher, Thomas R.; Ometto, Jean; Parker, John N.; Price, Richard; Rawson, Casey H.; Rodrigo, Allen; Sheble, Laura A.; Winter, Marten

    2017-01-01

    investment to maximize benefits to science and society is justified. In particular, we argue that synthesis centers represent community infrastructure more akin to research vessels than to term-funded centers of science and technology (e.g., NSF Science and Technology Centers). Through our experience running synthesis centers and, in some cases, developing postfederal funding models, we offer our perspective on the purpose and value of synthesis centers. We present case studies of different outcomes of transition plans and argue for a fundamental shift in the conception of synthesis science and the strategic funding of these centers by government funding agencies.

  13. Situational Management Of Critical Infrastructure Resources Under Threat

    Directory of Open Access Journals (Sweden)

    Krupa Tadeusz

    2015-06-01

    Full Text Available This article presents a synthesis of knowledge about safety management procedures for critical infrastructure in the context of risk management theory and the provisions of the Polish law on emergency management launched on of April 26, 2007. In this paper, the inadequacy of the accepted procedures at present is highlighted, as well as their continuous improvement and adaptation to prevailing political, legal, social, and economic conditions. This paper proposes using the concept of situational management and knowledge management to develop a new method of predicting, preventing, and responding to emerging crises within critical infrastructure. The considerations presented in this paper lead to a proposed concept system supporting critical infrastructure safety management through the implementation of knowledge management methods.

  14. Challenges in the vulnerability and risk analysis of critical infrastructures

    International Nuclear Information System (INIS)

    Zio, Enrico

    2016-01-01

    The objective of this paper is to provide a systematic view on the problem of vulnerability and risk analysis of critical infrastructures. Reflections are made on the inherent complexities of these systems, related challenges are identified and possible ways forward for their analysis and management are indicated. Specifically: the framework of vulnerability and risk analysis is examined in relation to its application for the protection and resilience of critical infrastructures; it is argued that the complexity of these systems is a challenging characteristic, which calls for the integration of different modeling perspectives and new approaches of analysis; examples of are given in relation to the Internet and, particularly, the electric power grid, as representative of critical infrastructures and the associated complexity; the integration of different types of analyses and methods of system modeling is put forward for capturing the inherent structural and dynamic complexities of critical infrastructures and eventually evaluating their vulnerability and risk characteristics, so that decisions on protections and resilience actions can be taken with the required confidence. - Highlights: • The problem of the protection and resilience of CIs is the focus of the work. • The vulnerability and risk analysis framework for this is critically examined. • The complexity of CIs is presented as a challenge for system modeling and analysis. • The integration of different modeling perspectives of analysis is put forward as a solution. • The extension of the analysis framework to new methods for dealing with surprises and black swans is advocated.

  15. Risk analysis of critical infrastructures emphasizing electricity supply and interdependencies

    International Nuclear Information System (INIS)

    Kjølle, G.H.; Utne, I.B.; Gjerde, O.

    2012-01-01

    Failures in critical infrastructures can cause major damage to society. Wide-area interruptions (blackouts) in the electricity supply system have severe impacts on societal critical functions and other critical infrastructures, but there is no agreed-upon framework on how to analyze and predict the reliability of electricity supply. Thus, there is a need for an approach to cross-sector risk analyses, which facilitates risk analysis of outages in the electricity supply system and enables investigation of cascading failures and consequences in other infrastructures. This paper presents such an approach, which includes contingency analysis (power flow) and reliability analysis of power systems, as well as use of a cascade diagram for investigating interdependencies. A case study was carried out together with the Emergency Preparedness Group in the city of Oslo, Norway and the network company Hafslund Nett. The case study results highlight the need for cross-sector analyses by showing that the total estimated societal costs are substantially higher when cascading effects and consequences to other infrastructures are taken into account compared to only considering the costs of electricity interruptions as seen by the network company. The approach is a promising starting point for cross-sector risk analysis of electricity supply interruptions and consequences for dependent infrastructures.

  16. A Comprehensive Assessment Model for Critical Infrastructure Protection

    Directory of Open Access Journals (Sweden)

    Häyhtiö Markus

    2017-12-01

    Full Text Available International business demands seamless service and IT-infrastructure throughout the entire supply chain. However, dependencies between different parts of this vulnerable ecosystem form a fragile web. Assessment of the financial effects of any abnormalities in any part of the network is demanded in order to protect this network in a financially viable way. Contractual environment between the actors in a supply chain, different business domains and functions requires a management model, which enables a network wide protection for critical infrastructure. In this paper authors introduce such a model. It can be used to assess financial differences between centralized and decentralized protection of critical infrastructure. As an end result of this assessment business resilience to unknown threats can be improved across the entire supply chain.

  17. Optimal recovery sequencing for critical infrastructure resilience assessment.

    Energy Technology Data Exchange (ETDEWEB)

    Vugrin, Eric D.; Brown, Nathanael J. K.; Turnquist, Mark Alan (Cornell University, Ithaca, NY)

    2010-09-01

    Critical infrastructure resilience has become a national priority for the U. S. Department of Homeland Security. System resilience has been studied for several decades in many different disciplines, but no standards or unifying methods exist for critical infrastructure resilience analysis. This report documents the results of a late-start Laboratory Directed Research and Development (LDRD) project that investigated the identification of optimal recovery strategies that maximize resilience. To this goal, we formulate a bi-level optimization problem for infrastructure network models. In the 'inner' problem, we solve for network flows, and we use the 'outer' problem to identify the optimal recovery modes and sequences. We draw from the literature of multi-mode project scheduling problems to create an effective solution strategy for the resilience optimization model. We demonstrate the application of this approach to a set of network models, including a national railroad model and a supply chain for Army munitions production.

  18. relevance of information warfare models to critical infrastructure

    African Journals Online (AJOL)

    ismith

    Critical infrastructure models, strategies and policies should take information ... gain an advantage over a competitor or adversary through the use of one's own .... digital communications system, where the vehicles are analogous to bits or packets, ..... performance degraded, causing an increase in traffic finding a new route.

  19. NEW ASPECTS REGARDING THE EVALUATION OF INVESTMENTS IN CRITICAL INFRASTRUCTURE

    Directory of Open Access Journals (Sweden)

    Lupan Mariana

    2009-05-01

    Full Text Available The additional risks associated to the actual global and contagious crisis put a severe pressure on the investments in critical infrastructure and there is a real need for new valuations especially those regarding the synergic financing strategies in crit

  20. DIESIS : An Interoperable European Federated Simulation Network for Critical Infrastructures

    NARCIS (Netherlands)

    Rome, E.; Bologna, S.; Gelenbe, E.; Luiijf, H.A.M.; Masucci, V.

    2009-01-01

    Critical Infrastructures (CI) that are vital for a society and an economy, such as telecommunication systems, energy supply systems, transport systems and others, are getting more and more complex. Dependencies emerge in various ways, due to the use of information and communication technologies,

  1. Identification of critical locations across multiple infrastructures for terrorist actions

    International Nuclear Information System (INIS)

    Patterson, S.A.; Apostolakis, G.E.

    2007-01-01

    This paper presents a possible approach to ranking geographic regions that can influence multiple infrastructures. Once ranked, decision makers can determine whether these regions are critical locations based on their susceptibility to terrorist acts. We identify these locations by calculating a value for a geographic region that represents the combined values to the decision makers of all the infrastructures crossing through that region. These values, as well as the size of the geographic region, are conditional on an assumed destructive threat of a given size. In our case study, the threat is assumed to be minor, e.g., a bomb that can affect objects within 7 m of it. This approach first requires an assessment of the users of the system. During this assessment, each user is assigned a performance index (PI) based on the disutility of the loss of each infrastructure's resource via multi-attribute utility theory (MAUT). A Monte Carlo network analysis is then performed to develop importance measures (IM) for the elements of each infrastructure for their ability to service each user. We combine the IMs with the user PIs to a value that we call valued worth (VW) for each infrastructure's elements independently. Then we use spatial analysis techniques within a geographic information system (GIS) to combine the VWs of each infrastructure's elements in a geographic area, conditional on the threat, into a total value we call geographic valued worth (GVW). The GVW is displayed graphically in the GIS system in a color scheme that shows the numerical ranking of these geographic areas. The map and rankings are then submitted to the decision makers to better allocate anti-terrorism resources. A case study of this methodology is performed on the Massachusetts Institute of Technology (MIT) campus. The results of the study show how the methodology can bring attention to areas that are important when several infrastructures are considered, but may be ignored when infrastructures

  2. Protection of critical infrastructure using fiber optic sensors embedded in technical textiles

    Science.gov (United States)

    Krebber, Katerina; Lenke, Philipp; Liehr, Sascha; Noether, Nils; Wendt, Mario; Wosniok, Aleksander

    2010-04-01

    Terrorists and criminals more and more attack and destroy important infrastructures like routes, railways, bridges, tunnels, dikes and dams, important buildings. Therefore, reliable on-line and long-term monitoring systems are required to protect such critical infrastructures. Fiber optic sensors are well-suited for that. They can be installed over many kilometers and are able to measure continuously distributed strain, pressure, temperature and further mechanical and physical quantities. The very tiny optical fibers can be integrated into structures and materials and can provide information about any significant changes or damages of the structures. These so-called smart materials and smart structures are able to monitor itself or its environment. Particularly smart technical textiles with embedded fiber optic sensors have become very attractive because of their high importance for the structural health monitoring of geotechnical and masonry infrastructures. Such textiles are usually used for reinforcement of the structures; the embedded fiber optic sensors provide information about the condition of the structures and detect the presence of any damages and destructions in real time. Thus, critical infrastructures can be preventively protected. The paper will introduce this innovative field and will present the results achieved within several German and European projects.

  3. Safeguarding information intensive critical infrastructures against novel types of emerging failures

    Energy Technology Data Exchange (ETDEWEB)

    Balducelli, C. [ENEA-Italian National Agency for new Technology, Energy and the Environment Via Anguillasere 301, 00060 Rome (Italy)]. E-mail: claudio.balducelli@casaccia.enea.it; Bologna, S. [ENEA-Italian National Agency for new Technology, Energy and the Environment Via Anguillasere 301, 00060 Rome (Italy); Lavalle, L. [ENEA-Italian National Agency for new Technology, Energy and the Environment Via Anguillasere 301, 00060 Rome (Italy); Vicoli, G. [ENEA-Italian National Agency for new Technology, Energy and the Environment Via Anguillasere 301, 00060 Rome (Italy)

    2007-09-15

    The complexity of information intensive critical infrastructures, like electricity networks, telecommunication networks and public transportation networks is today augmented much more than in the past: such complexity augments the number of possible failures and anomalous working conditions and consequently decreases the survivability of the infrastructures. In this paper, the possibility is investigated to detect early anomalies and failures inside information intensive critical infrastructures by the introduction of anomaly detectors being 'self-aware' about the normal working conditions of the infrastructure itself. This approach has the objective to improve the performance of the most popular signature-based algorithms for intrusion detection, and makes use of different classes of time-oriented algorithms based on artificial intelligence paradigm. It has the advantage to work also in presence of unknown and unexpected types of attacks or failures. The tests, to evaluate the performance of the utilised detectors, are executed inside an emulated supervisory control and data acquisition (SCADA) system of an electrical power transmission grid, and a proposal for the future integration inside real SCADA systems is also reported.

  4. Safeguarding information intensive critical infrastructures against novel types of emerging failures

    International Nuclear Information System (INIS)

    Balducelli, C.; Bologna, S.; Lavalle, L.; Vicoli, G.

    2007-01-01

    The complexity of information intensive critical infrastructures, like electricity networks, telecommunication networks and public transportation networks is today augmented much more than in the past: such complexity augments the number of possible failures and anomalous working conditions and consequently decreases the survivability of the infrastructures. In this paper, the possibility is investigated to detect early anomalies and failures inside information intensive critical infrastructures by the introduction of anomaly detectors being 'self-aware' about the normal working conditions of the infrastructure itself. This approach has the objective to improve the performance of the most popular signature-based algorithms for intrusion detection, and makes use of different classes of time-oriented algorithms based on artificial intelligence paradigm. It has the advantage to work also in presence of unknown and unexpected types of attacks or failures. The tests, to evaluate the performance of the utilised detectors, are executed inside an emulated supervisory control and data acquisition (SCADA) system of an electrical power transmission grid, and a proposal for the future integration inside real SCADA systems is also reported

  5. 6 CFR 29.8 - Disclosure of Protected Critical Infrastructure Information.

    Science.gov (United States)

    2010-01-01

    ... 6 Domestic Security 1 2010-01-01 2010-01-01 false Disclosure of Protected Critical Infrastructure... PROTECTED CRITICAL INFRASTRUCTURE INFORMATION § 29.8 Disclosure of Protected Critical Infrastructure... Infrastructure Protection, or either's designee may choose to provide or authorize access to PCII under one or...

  6. Safety impacts of bicycle infrastructure: A critical review.

    Science.gov (United States)

    DiGioia, Jonathan; Watkins, Kari Edison; Xu, Yanzhi; Rodgers, Michael; Guensler, Randall

    2017-06-01

    This paper takes a critical look at the present state of bicycle infrastructure treatment safety research, highlighting data needs. Safety literature relating to 22 bicycle treatments is examined, including findings, study methodologies, and data sources used in the studies. Some preliminary conclusions related to research efficacy are drawn from the available data and findings in the research. While the current body of bicycle safety literature points toward some defensible conclusions regarding the safety and effectiveness of certain bicycle treatments, such as bike lanes and removal of on-street parking, the vast majority treatments are still in need of rigorous research. Fundamental questions arise regarding appropriate exposure measures, crash measures, and crash data sources. This research will aid transportation departments with regard to decisions about bicycle infrastructure and guide future research efforts toward understanding safety impacts of bicycle infrastructure. Copyright © 2017 Elsevier Ltd and National Safety Council. All rights reserved.

  7. Concepts to Analyze the Vulnerability of Critical Infrastructures - Taking into account Cybernetics

    Directory of Open Access Journals (Sweden)

    Frédéric Petit

    2010-02-01

    Full Text Available Critical Infrastructures (CIs are complex systems. For their operations, these infrastructures are increasingly using Supervisory Control And Data Acquisition (SCADA systems. Management practices are therefore highly dependent on the cyber tools, but also on the data needed to make these tools work. Therefore, CIs are greatly vulnerable to degradation of data. In this context, this paper aims at presenting the fundamentals of a method for analyzing the vulnerabilities of CIs towards the use of cyber data. By characterizing cyber vulnerability of CIs, it will be possible to improve the resilience of these networks and to foster a proactive approach to risk management not only by considering cybernetics from a cyber-attack point of view but also by considering the consequences of the use of corrupted data.

  8. 'System-of-systems' approach for interdependent critical infrastructures

    International Nuclear Information System (INIS)

    Eusgeld, Irene; Nan, Cen; Dietz, Sven

    2011-01-01

    The study of the interdependencies within critical infrastructures (CI) is a growing field of research as the importance of potential failure propagation among infrastructures may lead to cascades affecting all supply networks. New powerful methods are required to model and describe such 'systems-of-systems' (SoS) as a whole. An overall model is required to provide security and reliability assessment taking into account various kinds of threats and failures. A significant challenge associated with this model may be to create 'what-if' scenarios for the analysis of interdependencies. In this paper the interdependencies between industrial control systems (ICS), in particular SCADA (Supervisory Control and Data Acquisition), and the underlying critical infrastructures to address the vulnerabilities related to the coupling of these systems are analyzed. The modeling alternatives for system-of-systems, integrated versus coupled models, are discussed. An integrated model contains detailed low level models of (sub)systems as well as a high level model, covering all hierarchical levels. On the other hand, a coupled model aggregates different simulated outputs of the low level models as inputs at a higher level. Strengths and weaknesses of both approaches are analyzed and a model architecture for SCADA and the 'system under control' are proposed. Furthermore, the HLA simulation standard is introduced and discussed in this paper as a promising approach to represent interdependencies between infrastructures. To demonstrate the capabilities of the HLA standard for the interdependencies study, an exemplary application and some first results are also briefly presented in this paper.

  9. Increasing impacts of climate extremes on critical infrastructures in Europe

    Science.gov (United States)

    Forzieri, Giovanni; Bianchi, Alessandra; Feyen, Luc; Silva, Filipe Batista e.; Marin, Mario; Lavalle, Carlo; Leblois, Antoine

    2016-04-01

    The projected increases in exposure to multiple climate hazards in many regions of Europe, emphasize the relevance of a multi-hazard risk assessment to comprehensively quantify potential impacts of climate change and develop suitable adaptation strategies. In this context, quantifying the future impacts of climatic extremes on critical infrastructures is crucial due to their key role for human wellbeing and their effects on the overall economy. Critical infrastructures describe the existing assets and systems that are essential for the maintenance of vital societal functions, health, safety, security, economic or social well-being of people, and the disruption or destruction of which would have a significant impact as a result of the failure to maintain those functions. We assess the direct damages of heat and cold waves, river and coastal flooding, droughts, wildfires and windstorms to energy, transport, industry and social infrastructures in Europe along the 21st century. The methodology integrates in a coherent framework climate hazard, exposure and vulnerability components. Overall damage is expected to rise up to 38 billion €/yr, ten time-folds the current climate damage, with drastic variations in risk scenarios. Exemplificative are drought and heat-related damages that could represent 70% of the overall climate damage in 2080s versus the current 12%. Many regions, prominently Southern Europe, will likely suffer multiple stresses and systematic infrastructure failures due to climate extremes if no suitable adaptation measures will be taken.

  10. Design of a Mobile Agent-Based Adaptive Communication Middleware for Federations of Critical Infrastructure Simulations

    Science.gov (United States)

    Görbil, Gökçe; Gelenbe, Erol

    The simulation of critical infrastructures (CI) can involve the use of diverse domain specific simulators that run on geographically distant sites. These diverse simulators must then be coordinated to run concurrently in order to evaluate the performance of critical infrastructures which influence each other, especially in emergency or resource-critical situations. We therefore describe the design of an adaptive communication middleware that provides reliable and real-time one-to-one and group communications for federations of CI simulators over a wide-area network (WAN). The proposed middleware is composed of mobile agent-based peer-to-peer (P2P) overlays, called virtual networks (VNets), to enable resilient, adaptive and real-time communications over unreliable and dynamic physical networks (PNets). The autonomous software agents comprising the communication middleware monitor their performance and the underlying PNet, and dynamically adapt the P2P overlay and migrate over the PNet in order to optimize communications according to the requirements of the federation and the current conditions of the PNet. Reliable communications is provided via redundancy within the communication middleware and intelligent migration of agents over the PNet. The proposed middleware integrates security methods in order to protect the communication infrastructure against attacks and provide privacy and anonymity to the participants of the federation. Experiments with an initial version of the communication middleware over a real-life networking testbed show that promising improvements can be obtained for unicast and group communications via the agent migration capability of our middleware.

  11. Ontario-U.S. power outages : impacts on critical infrastructure

    International Nuclear Information System (INIS)

    2006-01-01

    This paper described the power outage and resulting blackout that occurred on August 14, 2003 and identified how critical infrastructure was directly and interdependently impacted in Canada. The aim of the paper was to assist critical infrastructure protection and emergency management professionals in assessing the potential impacts of large-scale critical infrastructure disruptions. Information for the study was acquired from Canadian and American media reports and cross-sectoral information sharing with provincial and federal governments and the private sector. The blackout impacted most of the sources and means of generating, transmitting and distributing power within the area, which in turn impacted all critical infrastructure sectors. Landline and cellular companies experienced operational difficulties, which meant that emergency responders were impacted. Newspapers and the electronic media struggled to release information to the public. The banking and finance industry experienced an immediate degradation of services. The power outage caused shipping and storage difficulties for commercial retailers and dairy producers. A number of incidents were reported where only partially treated waste water was released into neighbouring waterways. The timing of the blackout coincided with the closures of workplaces and created additional difficulties on transportation networks. Many gas station pumps were inoperable. Police, fire departments and ambulance services experienced a dramatic increase in the volume of calls received, and all branches of the emergency services sector encountered transportation delays and difficulties with communications equipment. Nuclear reactors were also impacted. An estimated 150,000 Government of Canada employees were unable to report to work. Estimates have indicated that the power outage cost Ontario's economy between $1 and $2 billion. The outage negatively impacted 82 per cent of small businesses in Ontario. 170 refs., 3 figs

  12. Homeland Security -- Reducing the Vulnerability of Public and Private Information Infrastructures to Terrorism: An Overview

    National Research Council Canada - National Science Library

    Seifert, Jeffrey W

    2002-01-01

    This report assesses the impact of the September 11, 2001 attacks on public and private information infrastructures in the context of critical infrastructure protection, continuity of operations (COOP...

  13. What's My Lane? Identifying the State Government Role in Critical Infrastructure Protection

    OpenAIRE

    Donnelly, Timothy S.

    2012-01-01

    Approved for public release; distribution is unlimited What constitutes an effective Critical Infrastructure and Key Resources (CIKR) protection program for Massachusetts This study evaluates existing literature regarding CIKR to extrapolate an infrastructure protection role for Massachusetts. By reviewing historical events and government strategies regarding infrastructure protection, Chapters I and II will provide scope and context for issues surrounding critical infrastructure. Chapter ...

  14. CRITICAL SUCCESS FACTORS FOR INFRASTRUCTURE EUROPEAN FUNDED PROJECTS

    Directory of Open Access Journals (Sweden)

    Sebastian-Ion Ceptureanu

    2016-07-01

    Full Text Available Absorption of European funds is on top of Romania’s public agenda for the last years although the first programming period has ended and the necessary lessons were learned so far. To have a high degree of absorption of funds provided by the EU must be of quality projects and their implementation to be successful. Through this work we aimed to investigate the success factors of infrastructure projects with European funding in Romania, Bulgaria, Moldova, Ukraine, Serbia and Kosovo, and identify critical success factors of these projects through a research surveying the teams of consultants and support personnel from the countries in an international consulting company. The research results are therefore constitute the empirical evidence of what constitutes critical success factors of infrastructure projects financed by the European Union and can be used as a starting point for scientific studies of the management of European projects or other actions that investigates measures that can be taken to improve the success rate of projects implemented in the area mentioned above.One of the contributions of this paper is to identify the critical success factors of success factors present in literature. With more so as they are critical success factors of infrastructure projects with European funding still required field studies and analysis performed in the present context. In addition, the critical factors were operationalized in a conceptual framework. Moreover, this framework includes leadership style of project manager as critical success factor has been identified in the research as the most important in the context in which it was conducted. As such, this paper demonstrates, with the necessary limitations, the importance of management style of project managers in the context of specific European funded infrastructure projects. And this is happening even though there are sophisticated project management tools availabe and relevant knowledge exists

  15. 78 FR 6807 - Critical Infrastructure Protection and Cyber Security Trade Mission to Saudi Arabia and Kuwait...

    Science.gov (United States)

    2013-01-31

    ... coordinating and sponsoring an executive-led Critical Infrastructure Protection and Cyber Security mission to... on the cyber security, critical infrastructure protection, and emergency management, ports of entry... security, including border protection, civil defense capabilities, and coast guard and maritime...

  16. Anti-social networking: crowdsourcing and the cyber defence of national critical infrastructures.

    Science.gov (United States)

    Johnson, Chris W

    2014-01-01

    We identify four roles that social networking plays in the 'attribution problem', which obscures whether or not cyber-attacks were state-sponsored. First, social networks motivate individuals to participate in Distributed Denial of Service attacks by providing malware and identifying potential targets. Second, attackers use an individual's social network to focus attacks, through spear phishing. Recipients are more likely to open infected attachments when they come from a trusted source. Third, social networking infrastructures create disposable architectures to coordinate attacks through command and control servers. The ubiquitous nature of these architectures makes it difficult to determine who owns and operates the servers. Finally, governments recruit anti-social criminal networks to launch attacks on third-party infrastructures using botnets. The closing sections identify a roadmap to increase resilience against the 'dark side' of social networking.

  17. Protective design of critical infrastructure with high performance concretes

    International Nuclear Information System (INIS)

    Riedel, W.; Nöldgen, M.; Stolz, A.; Roller, C.

    2012-01-01

    Conclusions: High performance concrete constructions will allow innovative design solutions for critical infrastructures. Validation of engineering methods can reside on large and model scale experiments conducted on conventional concrete structures. New consistent impact experiments show extreme protection potential for UHPC. Modern FEM with concrete models and explicit rebar can model HPC and UHPC penetration resistance. SDOF and TDOF approaches are valuable design tools on local and global level. Combination of at least 2 out of 3 design methods FEM – XDOF- EXP allow reliable prediction and efficient innovative designs

  18. Enabling software defined networking experiments in networked critical infrastructures

    Directory of Open Access Journals (Sweden)

    Béla Genge

    2014-05-01

    Full Text Available Nowadays, the fact that Networked Critical Infrastructures (NCI, e.g., power plants, water plants, oil and gas distribution infrastructures, and electricity grids, are targeted by significant cyber threats is well known. Nevertheless, recent research has shown that specific characteristics of NCI can be exploited in the enabling of more efficient mitigation techniques, while novel techniques from the field of IP networks can bring significant advantages. In this paper we explore the interconnection of NCI communication infrastructures with Software Defined Networking (SDN-enabled network topologies. SDN provides the means to create virtual networking services and to implement global networking decisions. It relies on OpenFlow to enable communication with remote devices and has been recently categorized as the “Next Big Technology”, which will revolutionize the way decisions are implemented in switches and routers. Therefore, the paper documents the first steps towards enabling an SDN-NCI and presents the impact of a Denial of Service experiment over traffic resulting from an XBee sensor network which is routed across an emulated SDN network.

  19. Review of Cyber-Physical Attacks and Counter Defense Mechanisms for Advanced Metering Infrastructure in Smart Grid

    OpenAIRE

    Wei, Longfei; Rondon, Luis Puche; Moghadasi, Amir; Sarwat, Arif I.

    2018-01-01

    The Advanced Metering Infrastructure (AMI) is a vital element in the current development of the smart grid. AMI technologies provide electric utilities with an effective way of continuous monitoring and remote control of smart grid components. However, owing to its increasing scale and cyber-physical nature, the AMI has been faced with security threats in both cyber and physical domains. This paper provides a comprehensive review of the crucial cyber-physical attacks and counter defense mecha...

  20. Examining Cybersecurity of Cyberphysical Systems for Critical Infrastructures Through Work Domain Analysis.

    Science.gov (United States)

    Wang, Hao; Lau, Nathan; Gerdes, Ryan M

    2018-04-01

    The aim of this study was to apply work domain analysis for cybersecurity assessment and design of supervisory control and data acquisition (SCADA) systems. Adoption of information and communication technology in cyberphysical systems (CPSs) for critical infrastructures enables automated and distributed control but introduces cybersecurity risk. Many CPSs employ SCADA industrial control systems that have become the target of cyberattacks, which inflict physical damage without use of force. Given that absolute security is not feasible for complex systems, cyberintrusions that introduce unanticipated events will occur; a proper response will in turn require human adaptive ability. Therefore, analysis techniques that can support security assessment and human factors engineering are invaluable for defending CPSs. We conducted work domain analysis using the abstraction hierarchy (AH) to model a generic SCADA implementation to identify the functional structures and means-ends relations. We then adopted a case study approach examining the Stuxnet cyberattack by developing and integrating AHs for the uranium enrichment process, SCADA implementation, and malware to investigate the interactions between the three aspects of cybersecurity in CPSs. The AHs for modeling a generic SCADA implementation and studying the Stuxnet cyberattack are useful for mapping attack vectors, identifying deficiencies in security processes and features, and evaluating proposed security solutions with respect to system objectives. Work domain analysis is an effective analytical method for studying cybersecurity of CPSs for critical infrastructures in a psychologically relevant manner. Work domain analysis should be applied to assess cybersecurity risk and inform engineering and user interface design.

  1. Defense Industrial Base: Critical Infrastructure and Key Resources Sector-Specific Plan as Input to the National Infrastructure Protection Plan

    National Research Council Canada - National Science Library

    2007-01-01

    This Defense Industrial Base (DIB) Sector-Specific Plan (SSP), developed in collaboration with industry and government security partners, provides sector-level critical infrastructure and key resources (CI/KR...

  2. Advanced simulation for analysis of critical infrastructure : abstract cascades, the electric power grid, and Fedwire.

    Energy Technology Data Exchange (ETDEWEB)

    Glass, Robert John, Jr.; Stamber, Kevin Louis; Beyeler, Walter Eugene

    2004-08-01

    Critical Infrastructures are formed by a large number of components that interact within complex networks. As a rule, infrastructures contain strong feedbacks either explicitly through the action of hardware/software control, or implicitly through the action/reaction of people. Individual infrastructures influence others and grow, adapt, and thus evolve in response to their multifaceted physical, economic, cultural, and political environments. Simply put, critical infrastructures are complex adaptive systems. In the Advanced Modeling and Techniques Investigations (AMTI) subgroup of the National Infrastructure Simulation and Analysis Center (NISAC), we are studying infrastructures as complex adaptive systems. In one of AMTI's efforts, we are focusing on cascading failure as can occur with devastating results within and between infrastructures. Over the past year we have synthesized and extended the large variety of abstract cascade models developed in the field of complexity science and have started to apply them to specific infrastructures that might experience cascading failure. In this report we introduce our comprehensive model, Polynet, which simulates cascading failure over a wide range of network topologies, interaction rules, and adaptive responses as well as multiple interacting and growing networks. We first demonstrate Polynet for the classical Bac, Tang, and Wiesenfeld or BTW sand-pile in several network topologies. We then apply Polynet to two very different critical infrastructures: the high voltage electric power transmission system which relays electricity from generators to groups of distribution-level consumers, and Fedwire which is a Federal Reserve service for sending large-value payments between banks and other large financial institutions. For these two applications, we tailor interaction rules to represent appropriate unit behavior and consider the influence of random transactions within two stylized networks: a regular homogeneous array

  3. Trust and Reputation Management for Critical Infrastructure Protection

    Science.gov (United States)

    Caldeira, Filipe; Monteiro, Edmundo; Simões, Paulo

    Today's Critical Infrastructures (CI) depend of Information and Communication Technologies (ICT) to deliver their services with the required level of quality and availability. ICT security plays a major role in CI protection and risk prevention for single and also for interconnected CIs were cascading effects might occur because of the interdependencies that exist among different CIs. This paper addresses the problem of ICT security in interconnected CIs. Trust and reputation management using the Policy Based Management paradigm is the proposed solution to be applied at the CI interconnection points for information exchange. The proposed solution is being applied to the Security Mediation Gateway being developed in the European FP7 MICIE project, to allow for information exchange among interconnected CIs.

  4. Cyber Security Insider Threats :: Government’s Role in Protecting India’s Critical Infrastructure Sectors

    OpenAIRE

    Vohra, Pulkit

    2014-01-01

    This research identifies the problem of insider threats in the critical infrastructure sectors of India. It is structured to answer the research question: "Why insider threats should be the primary concern for Indian government to protect its critical infrastructure sectors.” It defines the critical infrastructure sectors and portrays the cyber security scenario of India. Also, through the research study, it identifies the lack of awareness and non-seriousness of employees in the critical sec...

  5. the GFCE-Meridian Good Practice Guide on Critical Information Infrastructure Protection for governmental policy-makers

    NARCIS (Netherlands)

    Luiijf, H.A.M.; Schie, T.C.C. van; Ruijven, T.W.J. van; Huistra, A.W.W.

    2016-01-01

    Critical Information Infrastructure Protection (CIIP) is a complex but important topic for nations. Nations at large critically depend on Critical Infrastructure (CI) services such as energy supply, telecommunications, financial systems, drinking water, and governmental services. Critical

  6. INFRASTRUCTURE

    CERN Document Server

    A.Gaddi

    2011-01-01

    Between the end of March to June 2011, there has been no detector downtime during proton fills due to CMS Infrastructures failures. This exceptional performance is a clear sign of the high quality work done by the CMS Infrastructures unit and its supporting teams. Powering infrastructure At the end of March, the EN/EL group observed a problem with the CMS 48 V system. The problem was a lack of isolation between the negative (return) terminal and earth. Although at that moment we were not seeing any loss of functionality, in the long term it would have led to severe disruption to the CMS power system. The 48 V system is critical to the operation of CMS: in addition to feeding the anti-panic lights, essential for the safety of the underground areas, it powers all the PLCs (Twidos) that control AC power to the racks and front-end electronics of CMS. A failure of the 48 V system would bring down the whole detector and lead to evacuation of the cavern. EN/EL technicians have made an accurate search of the fault, ...

  7. Information Sharing: Practices That Can Benefit Critical Infrastructure Protection

    National Research Council Canada - National Science Library

    2001-01-01

    .... Information sharing and coordination are key elements in developing comprehensive and practical approaches to defending against computer-based, or cyber, attacks, which could threaten the national welfare...

  8. Economics in Criticality and Restoration of Energy Infrastructures.

    Energy Technology Data Exchange (ETDEWEB)

    Boyd, Gale A.; Flaim, Silvio J.; Folga, Stephen M.; Gotham, Douglas J.; McLamore, Michael R.; Novak, Mary H.; Roop, Joe M.; Rossmann, Charles G.; Shamsuddin, Shabbir A.; Zeichner, Lee M.; Stamber, Kevin L.

    2005-03-01

    Economists, systems analysts, engineers, regulatory specialists, and other experts were assembled from academia, the national laboratories, and the energy industry to discuss present restoration practices (many have already been defined to the level of operational protocols) in the sectors of the energy infrastructure as well as other infrastructures, to identify whether economics, a discipline concerned with the allocation of scarce resources, is explicitly or implicitly a part of restoration strategies, and if there are novel economic techniques and solution methods that could be used help encourage the restoration of energy services more quickly than present practices or to restore service more efficiently from an economic perspective. AcknowledgementsDevelopment of this work into a coherent product with a useful message has occurred thanks to the thoughtful support of several individuals:Kenneth Friedman, Department of Energy, Office of Energy Assurance, provided the impetus for the work, as well as several suggestions and reminders of direction along the way. Funding from DOE/OEA was critical to the completion of this effort.Arnold Baker, Chief Economist, Sandia National Laboratories, and James Peerenboom, Director, Infrastructure Assurance Center, Argonne National Laboratory, provided valuable contacts that helped to populate the authoring team with the proper mix of economists, engineers, and systems and regulatory specialists to meet the objectives of the work.Several individuals provided valuable review of the document at various stages of completion, and provided suggestions that were valuable to the editing process. This list of reviewers includes Jeffrey Roark, Economist, Tennessee Valley Authority; James R. Dalrymple, Manager of Transmission System Services and Transmission/Power Supply, Tennessee Valley Authority; William Mampre, Vice President, EN Engineering; Kevin Degenstein, EN Engineering; and Patrick Wilgang, Department of Energy, Office of

  9. 2008 Defense Industrial Base Critical Infrastructure Protection Conference (DIB-CBIP)

    Science.gov (United States)

    2008-04-09

    a cloak -and- dagger thing. It’s about computer architecture and the soundness of electronic systems." Joel Brenner, ODNI Counterintelligence Office...to support advanced network exploitation and launch attacks on the informational and physical elements of our cyber infrastructure. In order to...entities and is vulnerable to attacks and manipulation. Operations in the cyber domain have the ability to impact operations in other war-fighting

  10. Protecting America: Reorganizing the Nation's Security Forces to Ensure the Protection of Our Critical Infrastructure

    National Research Council Canada - National Science Library

    Williams

    2004-01-01

    .... This national strategy amplified the significant responsibilities of states, localities, the private sector, and private citizens to protect and defend our communities and our critical infrastructure...

  11. 76 FR 76021 - Critical Infrastructure Protection Month, 2011

    Science.gov (United States)

    2011-12-06

    ..., we must also address the growing threat cyber attacks present to our transportation networks... action against cyber threats. To ensure the safety of our most vital operations, we are working to give.... These efforts will bolster our ability to withstand any attack, whether virtual or physical. During...

  12. Methodologies and applications for critical infrastructure protection: State-of-the-art

    International Nuclear Information System (INIS)

    Yusta, Jose M.; Correa, Gabriel J.; Lacal-Arantegui, Roberto

    2011-01-01

    This work provides an update of the state-of-the-art on energy security relating to critical infrastructure protection. For this purpose, this survey is based upon the conceptual view of OECD countries, and specifically in accordance with EU Directive 114/08/EC on the identification and designation of European critical infrastructures, and on the 2009 US National Infrastructure Protection Plan. The review discusses the different definitions of energy security, critical infrastructure and key resources, and shows some of the experie'nces in countries considered as international reference on the subject, including some information-sharing issues. In addition, the paper carries out a complete review of current methodologies, software applications and modelling techniques around critical infrastructure protection in accordance with their functionality in a risk management framework. The study of threats and vulnerabilities in critical infrastructure systems shows two important trends in methodologies and modelling. A first trend relates to the identification of methods, techniques, tools and diagrams to describe the current state of infrastructure. The other trend accomplishes a dynamic behaviour of the infrastructure systems by means of simulation techniques including systems dynamics, Monte Carlo simulation, multi-agent systems, etc. - Highlights: → We examine critical infrastructure protection experiences, systems and applications. → Some international experiences are reviewed, including EU EPCIP Plan and the US NIPP programme. → We discuss current methodologies and applications on critical infrastructure protection, with emphasis in electric networks.

  13. Onsite and Electric Backup Capabilities at Critical Infrastructure Facilities in the United States

    Energy Technology Data Exchange (ETDEWEB)

    Phillips, Julia A. [Argonne National Lab. (ANL), Argonne, IL (United States); Wallace, Kelly E. [Argonne National Lab. (ANL), Argonne, IL (United States); Kudo, Terence Y. [Argonne National Lab. (ANL), Argonne, IL (United States); Eto, Joseph H. [Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States)

    2016-04-01

    The following analysis, conducted by Argonne National Laboratory’s (Argonne’s) Risk and Infrastructure Science Center (RISC), details an analysis of electric power backup of national critical infrastructure as captured through the Department of Homeland Security’s (DHS’s) Enhanced Critical Infrastructure Program (ECIP) Initiative. Between January 1, 2011, and September 2014, 3,174 ECIP facility surveys have been conducted. This study focused first on backup capabilities by infrastructure type and then expanded to infrastructure type by census region.

  14. Integrating Critical Disability Studies into the Historiography of Infrastructures

    DEFF Research Database (Denmark)

    Galis, Vasilis; Tympas, Aristotle; Tzokas, Spyros

    Infrastructures are habitually associated with enabling, with facilitating mobility. Attention to accidents and related failures of infrastructures, due to accidental or endemic reasons, has substantially enriched the historiography of infrastructures while, at the same time, pointing to limits...... infrastructures became sites for regulating and controlling certain groups. Seen like this, transport technologies, at remote national borders and in the heart of a national metropolis, were a key field for sociotechnical battles that produced dis/abled-displaced bodies, that is, a new corporeal subject. Dis...... idea of the human being “(Shildrick, 2010)....

  15. Applying IPFIX Protocol for Detection of Distributed Denial of Service Attacks against Cloud Infrastructure

    Directory of Open Access Journals (Sweden)

    M. R. Mukhtarov

    2011-12-01

    Full Text Available The way of monitoring deviations in network traffic behavior inside “Cloud Infrastructure” using IPFIX protocol is suggested in the paper. The proposed algorithm is applied for registration of “Distributed Denial of Service” attacks against “Cloud Infrastructure”.

  16. 77 FR 35700 - Protected Critical Infrastructure Information (PCII) Program Survey

    Science.gov (United States)

    2012-06-14

    ... (NPPD), Office of Infrastructure Protection (IP), Infrastructure Information Collection Division (IICD... Information Collection Request should be forwarded to DHS/NPPD/IP/IICD, 245 Murray Lane, SW., Mailstop 0602, Arlington, VA 20598-0602. Email requests should go to Vickie Bovell, [email protected] . Written...

  17. Maritime Protection of Critical Infrastructure Assets in the Campeche Sound

    National Research Council Canada - National Science Library

    Tiburcio, Felix M

    2005-01-01

    Following the 9/11 terrorist events in the United States the Mexican Navy developed strategies designed to prevent similar attacks on the strategic facilities located in the Campeche Sound in the Gulf of Mexico...

  18. Criticality analysis of the EU gas infrastructure: heightened security requirements for gas control and management centres; Kritikalitaetsanalyse der EU-Gasinfrastruktur: Erhoehte Sicherheitsanforderungen an Gasleit- und -kontrollzentren

    Energy Technology Data Exchange (ETDEWEB)

    Nerlich, Uwe; Umbach, Frank [Centre for European Security Strategies (CESS), Muenchen/Berlin (Germany)

    2009-11-15

    Since the terror attacks of 2001 critical infrastructure objects have gained substantially in strategic importance in the eyes of the German government and EU authorities as well as the European industry. This has not only been due to the worldwide increase in terrorist attacks on energy infrastructure objects but also to the attacks of Madrid on 11 March 2004 and London on 7 July 2005, which have shown that Europe is no longer being spared from terrorism. Strategies for the abatement of these hazards and their repercussions are therefore more urgently needed than ever before. This requires a differentiated assessment of the situation, as has been carried out, for example, in raising the security requirements and investigating the vulnerability of the gas management and control centres of the EU's Octavio project.

  19. Guarding America: Security Guards and U.S. Critical Infrastructure Protection

    National Research Council Canada - National Science Library

    Parfomak, Paul W

    2004-01-01

    The Bush Administration's 2003 National Strategy for the Physical Protection of Critical Infrastructures and Key Assets indicates that security guards are an important source of protection for critical facilities...

  20. INFRASTRUCTURE

    CERN Multimedia

    A. Gaddi

    2012-01-01

    The CMS Infrastructures teams are constantly ensuring the smooth operation of the different services during this critical period when the detector is taking data at full speed. A single failure would spoil hours of high luminosity beam and everything is put in place to avoid such an eventuality. In the meantime however, the fast approaching LS1 requires that we take a look at the various activities to take place from the end of the year onwards. The list of infrastructures consolidation and upgrade tasks is already long and will touch all the services (cooling, gas, inertion, powering, etc.). The definitive list will be available just before the LS1 start. One activity performed by the CMS cooling team that is worth mentioning is the maintenance of the cooling circuits at the CMS Electronics Integration Centre (EIC) at building 904. The old chiller has been replaced by a three-units cooling plant that also serves the HVAC system for the new CSC and RPC factories. The commissioning of this new plant has tak...

  1. 78 FR 73202 - Review and Revision of the National Critical Infrastructure Security and Resilience (NCISR...

    Science.gov (United States)

    2013-12-05

    ... critical physical and cyber infrastructure. IV. NCISR R&D Plan Outline Below is the list of the topic areas... research and development topics are welcomed. V. Specific Questions Answers to the below specific questions... Critical Infrastructure Security and Resilience (NCISR) Research and Development (R&D) Plan Outline and...

  2. 77 FR 21989 - Critical Infrastructure Private Sector Clearance Program Request

    Science.gov (United States)

    2012-04-12

    ... Advisors email the form to the individual who then emails back the completed form, minus their date and... official who nominated the applicant and by the Assistant Secretary for Infrastructure Protection. Upon...

  3. Critical Infrastructure: Control Systems and the Terrorist Threat

    National Research Council Canada - National Science Library

    Shea, Dana A

    2003-01-01

    .... Industrial control computer systems involved in this infrastructure are specific points of vulnerability, as cyber-security for these systems has not been previously perceived as a high priority...

  4. Critical Infrastructure: Control Systems and the Terrorist Threat

    National Research Council Canada - National Science Library

    Shea, Dana A

    2004-01-01

    .... Industrial control computer systems involved in this infrastructure are specific points of vulnerability, as cyber-security for these systems has not been previously perceived as a high priority...

  5. Recovery from chemical, biological, and radiological incidents. Critical infrastructure and economic impact considerations

    Energy Technology Data Exchange (ETDEWEB)

    Franco, David Oliver [Sandia National Lab. (SNL-CA), Livermore, CA (United States); Yang, Lynn I. [Sandia National Lab. (SNL-CA), Livermore, CA (United States); Hammer, Ann E. [Sandia National Lab. (SNL-CA), Livermore, CA (United States)

    2012-06-01

    To restore regional lifeline services and economic activity as quickly as possible after a chemical, biological or radiological incident, emergency planners and managers will need to prioritize critical infrastructure across many sectors for restoration. In parallel, state and local governments will need to identify and implement measures to promote reoccupation and economy recovery in the region. This document provides guidance on predisaster planning for two of the National Disaster Recovery Framework Recovery Support Functions: Infrastructure Systems and Economic Recovery. It identifies key considerations for infrastructure restoration, outlines a process for prioritizing critical infrastructure for restoration, and identifies critical considerations for promoting regional economic recovery following a widearea disaster. Its goal is to equip members of the emergency preparedness community to systematically prioritize critical infrastructure for restoration, and to develop effective economic recovery plans in preparation for a widearea CBR disaster.

  6. Safety issues in cultural heritage management and critical infrastructures management

    Science.gov (United States)

    Soldovieri, Francesco; Masini, Nicola; Alvarez de Buergo, Monica; Dumoulin, Jean

    2013-12-01

    This special issue is the fourth of its kind in Journal of Geophysics and Engineering , containing studies and applications of geophysical methodologies and sensing technologies for the knowledge, conservation and security of products of human activity ranging from civil infrastructures to built and cultural heritage. The first discussed the application of novel instrumentation, surface and airborne remote sensing techniques, as well as data processing oriented to both detection and characterization of archaeological buried remains and conservation of cultural heritage (Eppelbaum et al 2010). The second stressed the importance of an integrated and multiscale approach for the study and conservation of architectural, archaeological and artistic heritage, from SAR to GPR to imaging based diagnostic techniques (Masini and Soldovieri 2011). The third enlarged the field of analysis to civil engineering structures and infrastructures, providing an overview of the effectiveness and the limitations of single diagnostic techniques, which can be overcome through the integration of different methods and technologies and/or the use of robust and novel data processing techniques (Masini et al 2012). As a whole, the special issue put in evidence the factors that affect the choice of diagnostic strategy, such as the material, the spatial characteristics of the objects or sites, the value of the objects to be investigated (cultural or not), the aim of the investigation (knowledge, conservation, restoration) and the issues to be addressed (monitoring, decay assessment). In order to complete the overview of the application fields of sensing technologies this issue has been dedicated to monitoring of cultural heritage and critical infrastructures to address safety and security issues. Particular attention has been paid to the data processing methods of different sensing techniques, from infrared thermography through GPR to SAR. Cascini et al (2013) present the effectiveness of a

  7. Magnus effects at high angles of attack and critical Reynolds numbers

    Science.gov (United States)

    Seginer, A.; Ringel, M.

    1983-01-01

    The Magnus force and moment experienced by a yawed, spinning cylinder were studied experimentally in low speed and subsonic flows at high angles of attack and critical Reynolds numbers. Flow-field visualization aided in describing a flow model that divides the Magnus phenomenon into a subcritical region, where reverse Magnus loads are experienced, and a supercritical region where these loads are not encountered. The roles of the spin rate, angle of attack, and crossflow Reynolds number in determining the boundaries of the subcritical region and the variations of the Magnus loads were studied.

  8. The impact of natural hazard on critical infrastructure systems: definition of an ontology

    Science.gov (United States)

    Dimauro, Carmelo; Bouchon, Sara; Frattini, Paolo; Giusto, Claudia

    2013-04-01

    According to the Council of the European Union Directive (2008), 'critical infrastructure' means an asset, system or part thereof which is essential for the maintenance of vital societal functions, health, safety, security, economic or social well-being of people, and the disruption or destruction of which would have a significant impact as a result of the failure to maintain those functions. Critical infrastructure networks are exposed to natural events, such as floods, storms, landslides, earthquakes, etc. Recent natural disasters show that socio-economic consequences can be very much aggravated by the impact on these infrastructures. Though, there is still a lack of a recognized approach or methodology to assess the vulnerability of critical infrastructure assets against natural threats. The difficulty to define such an approach is increased by the need to consider a very high number of natural events, which differ in nature, magnitude and probability, as well as the need to assess the vulnerability of a high variety of infrastructure assets (e.g. bridges, roads, tunnels, pipelines, etc.) To meet this challenge, the objective of the THREVI2 EU-CIPS project is to create a database linking the relationships between natural hazards and critical infrastructure assets. The query of the database will allow the end-users (critical infrastructure protection authorities and operators) to identify the relevant scenarios according to the own priorities and criteria. The database builds on an ontology optimized for the assessment of the impact of threats on critical infrastructures. The ontology aims at capturing the existing knowledge on natural hazards, critical infrastructures assets and their related vulnerabilities. Natural phenomena that can threaten critical infrastructures are classified as "events", and organized in a genetic-oriented hierarchy. The main attributes associated to each event are the probability, the magnitude and the "modus". The modus refers to the

  9. Critical supply network protection against intentional attacks: A game-theoretical model

    International Nuclear Information System (INIS)

    Bricha, Naji; Nourelfath, Mustapha

    2013-01-01

    A crucial issue in today's critical supply chains is how to protect facilities against intentional attacks, since it has become unacceptable to ignore the high impact of low probability disruptions caused by these attacks. This article develops a game-theoretical model to deal with the protection of facilities, in the context of the uncapacitated fixed-charge location problem. Given a set of investment alternatives for protecting the facilities against identified threats, the objective is to select the optimal defence strategy. The attacker is considered as a player who tries to maximise the expected damage while weighing against the attacks expenditures. The conflict on facilities vulnerability is modelled using the concept of contest. The vulnerability of a facility is defined by its destruction probability. Contest success functions determine the vulnerability of each facility dependent on the relative investments of the defender and the attacker on each facility, and on the characteristics of the contest. A method is developed to evaluate the utilities of the players (i.e., the defender and the attacker). This method evaluates many expected costs, including the cost needed to restore disabled facilities, the backorder cost, and the cost incurred because of the increase in transportation costs after attacks. In fact, when one or several facilities are unavailable, transportation costs will increase since reassigned customers may receive shipments from facilities which are farther away. The model considers a non-cooperative two-period game between the players, and an algorithm is presented to determine the equilibrium solution and the optimal defence strategy. An illustrative example is presented. The approach is compared to other suggested strategies, and some managerial insights are provided in the context of facility location

  10. Critical Infrastructure for Ocean Research and Societal Needs in 2030

    Energy Technology Data Exchange (ETDEWEB)

    National Research Council

    2011-04-22

    The United States has jurisdiction over 3.4 million square miles of ocean expanse greater than the land area of all fifty states combined. This vast marine area offers researchers opportunities to investigate the ocean's role in an integrated Earth system, but also presents challenges to society, including damaging tsunamis and hurricanes, industrial accidents, and outbreaks of waterborne diseases. The 2010 Gulf of Mexico Deepwater Horizon oil spill and 2011 Japanese earthquake and tsunami are vivid reminders that a broad range of infrastructure is needed to advance our still-incomplete understanding of the ocean. The National Research Council (NRC)'s Ocean Studies Board was asked by the National Science and Technology Council's Subcommittee on Ocean Science and Technology, comprised of 25 U.S. government agencies, to examine infrastructure needs for ocean research in the year 2030. This request reflects concern, among a myriad of marine issues, over the present state of aging and obsolete infrastructure, insufficient capacity, growing technological gaps, and declining national leadership in marine technological development; issues brought to the nation's attention in 2004 by the U.S. Commission on Ocean Policy. A 15-member committee of experts identified four themes that encompass 32 future ocean research questions enabling stewardship of the environment, protecting life and property, promoting economic vitality, and increasing fundamental scientific understanding. Many of the questions in the report (e.g., sea level rise, sustainable fisheries, the global water cycle) reflect challenging, multidisciplinary science questions that are clearly relevant today, and are likely to take decades of effort to solve. As such, U.S. ocean research will require a growing suite of ocean infrastructure for a range of activities, such as high quality, sustained time series observations or autonomous monitoring at a broad range of spatial and temporal scales

  11. Fragility: The Next Wave in Critical Infrastructure Protection

    OpenAIRE

    Allan McDougall

    2009-01-01

    In North America today, we are about to embark on a significant effort to repair, or even upgrade, many aspects of our infrastructure. Many of these efforts are linked to economic recovery packages. Others are based on sheer need. The challenge for decision makers and planners involves ensuring that scarce economic resources are put to their best use. Understanding the concept of fragility plays a pivotal part in reaching that understanding.Fragility, like many other systems—particularly Info...

  12. Integration of resilience capabilities for Critical Infrastructures into the Emergency Management set-up

    DEFF Research Database (Denmark)

    Kozine, Igor; Andersen, Henning Boje

    2015-01-01

    We suggest an approach for maintaining and enhancing resilience that integrates the resilience capabilities of Critical Infrastructures (CIs) into the emergency management cycle (prevention, preparedness, response, and recovery). This allows emergency services to explicitly address resilience...

  13. Government of Canada position paper on a national strategy for critical infrastructure protection

    Energy Technology Data Exchange (ETDEWEB)

    NONE

    2004-11-01

    The Government of Canada's position on the development of a comprehensive national approach to critical infrastructure protection (CIP) was presented along with a policy framework for developing a national cyber security strategy and a review of the Emergency Preparedness Act. Canada's national critical infrastructure (NCI) is defined as physical and information technology facilities, networks, services and assets, which if destroyed, would have a serious impact on health, safety, security and economics. The CIP strategy includes an NCI assurance program for various sectors of the economy, including the energy, transportation, finance, health care, food, communications, water, safety and manufacturing sectors. It also includes CIP for the government sector. This report described the key elements of an NCI protection strategy. These include guiding principles, risk management, information sharing, inventory of critical infrastructure assets, threats and warnings, critical infrastructure interdependencies, governance mechanisms, research and development, and international cooperation. refs., tabs., figs.

  14. Planning virtual infrastructures for time critical applications with multiple deadline constraints

    NARCIS (Netherlands)

    Wang, J.; Taal, A.; Martin, P.; Hu, Y.; Zhou, H.; Pang, J.; de Laat, C.; Zhao, Z.

    2017-01-01

    Executing time critical applications within cloud environments while satisfying execution deadlines and response time requirements is challenging due to the difficulty of securing guaranteed performance from the underlying virtual infrastructure. Cost-effective solutions for hosting such

  15. 78 FR 39712 - Critical Infrastructure Protection and Cyber Security Trade Mission to Saudi Arabia and Kuwait...

    Science.gov (United States)

    2013-07-02

    ... DEPARTMENT OF COMMERCE International Trade Administration Critical Infrastructure Protection and Cyber Security Trade Mission to Saudi Arabia and Kuwait Clarification and Amendment AGENCY... cyber-security firms and trade organizations which have not already submitted an application are...

  16. Reliability issues related to the usage of Cloud Computing in Critical Infrastructures

    OpenAIRE

    Diez Gonzalez, Oscar Manuel; Silva Vazquez, Andrés

    2011-01-01

    The use of cloud computing is extending to all kind of systems, including the ones that are part of Critical Infrastructures, and measuring the reliability is becoming more difficult. Computing is becoming the 5th utility, in part thanks to the use of cloud services. Cloud computing is used now by all types of systems and organizations, including critical infrastructure, creating hidden inter-dependencies on both public and private cloud models. This paper investigates the use of cloud co...

  17. System for critical infrastructure security based on multispectral observation-detection module

    Science.gov (United States)

    Trzaskawka, Piotr; Kastek, Mariusz; Życzkowski, Marek; Dulski, Rafał; Szustakowski, Mieczysław; Ciurapiński, Wiesław; Bareła, Jarosław

    2013-10-01

    Recent terrorist attacks and possibilities of such actions in future have forced to develop security systems for critical infrastructures that embrace sensors technologies and technical organization of systems. The used till now perimeter protection of stationary objects, based on construction of a ring with two-zone fencing, visual cameras with illumination are efficiently displaced by the systems of the multisensor technology that consists of: visible technology - day/night cameras registering optical contrast of a scene, thermal technology - cheap bolometric cameras recording thermal contrast of a scene and active ground radars - microwave and millimetre wavelengths that record and detect reflected radiation. Merging of these three different technologies into one system requires methodology for selection of technical conditions of installation and parameters of sensors. This procedure enables us to construct a system with correlated range, resolution, field of view and object identification. Important technical problem connected with the multispectral system is its software, which helps couple the radar with the cameras. This software can be used for automatic focusing of cameras, automatic guiding cameras to an object detected by the radar, tracking of the object and localization of the object on the digital map as well as target identification and alerting. Based on "plug and play" architecture, this system provides unmatched flexibility and simplistic integration of sensors and devices in TCP/IP networks. Using a graphical user interface it is possible to control sensors and monitor streaming video and other data over the network, visualize the results of data fusion process and obtain detailed information about detected intruders over a digital map. System provide high-level applications and operator workload reduction with features such as sensor to sensor cueing from detection devices, automatic e-mail notification and alarm triggering. The paper presents

  18. A Game Theoretic Approach to Cyber Attack Prediction

    Energy Technology Data Exchange (ETDEWEB)

    Peng Liu

    2005-11-28

    The area investigated by this project is cyber attack prediction. With a focus on correlation-based prediction, current attack prediction methodologies overlook the strategic nature of cyber attack-defense scenarios. As a result, current cyber attack prediction methodologies are very limited in predicting strategic behaviors of attackers in enforcing nontrivial cyber attacks such as DDoS attacks, and may result in low accuracy in correlation-based predictions. This project develops a game theoretic framework for cyber attack prediction, where an automatic game-theory-based attack prediction method is proposed. Being able to quantitatively predict the likelihood of (sequences of) attack actions, our attack prediction methodology can predict fine-grained strategic behaviors of attackers and may greatly improve the accuracy of correlation-based prediction. To our best knowledge, this project develops the first comprehensive framework for incentive-based modeling and inference of attack intent, objectives, and strategies; and this project develops the first method that can predict fine-grained strategic behaviors of attackers. The significance of this research and the benefit to the public can be demonstrated to certain extent by (a) the severe threat of cyber attacks to the critical infrastructures of the nation, including many infrastructures overseen by the Department of Energy, (b) the importance of cyber security to critical infrastructure protection, and (c) the importance of cyber attack prediction to achieving cyber security.

  19. On the Effectiveness of Security Countermeasures for Critical Infrastructures.

    Science.gov (United States)

    Hausken, Kjell; He, Fei

    2016-04-01

    A game-theoretic model is developed where an infrastructure of N targets is protected against terrorism threats. An original threat score is determined by the terrorist's threat against each target and the government's inherent protection level and original protection. The final threat score is impacted by the government's additional protection. We investigate and verify the effectiveness of countermeasures using empirical data and two methods. The first is to estimate the model's parameter values to minimize the sum of the squared differences between the government's additional resource investment predicted by the model and the empirical data. The second is to develop a multivariate regression model where the final threat score varies approximately linearly relative to the original threat score, sectors, and threat scenarios, and depends nonlinearly on the additional resource investment. The model and method are offered as tools, and as a way of thinking, to determine optimal resource investments across vulnerable targets subject to terrorism threats. © 2014 Society for Risk Analysis.

  20. Fragility: The Next Wave in Critical Infrastructure Protection

    Directory of Open Access Journals (Sweden)

    Allan McDougall

    2009-01-01

    Full Text Available In North America today, we are about to embark on a significant effort to repair, or even upgrade, many aspects of our infrastructure. Many of these efforts are linked to economic recovery packages. Others are based on sheer need. The challenge for decision makers and planners involves ensuring that scarce economic resources are put to their best use. Understanding the concept of fragility plays a pivotal part in reaching that understanding.Fragility, like many other systems—particularly Information Technology (IT systems—works on the concept of subjects and objects. Subjects are those entities that seek to exploit the services (or capacity offered by the object. Objects, on the other hand, are those entities that deliver some good or service to the overall system. Of course, something may act as the object in one pairing and the subject in another pairing—they are not exclusive in nature.

  1. Resilience? Insights into the role of Critical Infrastructures Disaster Mitigation Strategies

    Directory of Open Access Journals (Sweden)

    Sara Bouchon

    2012-11-01

    Full Text Available Critical infrastructures (CI systems provide essential services “for the maintenance of critical societal functions, including the supply chain, health, safety, security and economic or social well-being of the people” (European Commission, 2008. These systems are exposed to a great number of hazards and threats, which may result in severe consequences for the population, the socio-economic system, and the environment. The issue is particularly relevant at urban level, where the disruption of one CI system can propagate to the other systems and paralyze the entire area. It is therefore necessary, not only to protect CIs through Critical Infrastructure Protection (CIP strategies, but also to enhance the resilience of these areas. This article aims thus at providing some insights related to the evolution of the critical infrastructures disaster mitigation strategies from the sole protection towards resilience: what kind of strategies based on resilience can be developed to address CIs disruption at local or regional level? To what extent do these strategies contribute to increase the resilience level of the entire urban or metropolitan area? The first section focuses on the urban critical infrastructures systems as well as on the way their disruption can impact urban areas. The second section provides with some examples of key measures to operationalize resilience in the field of critical infrastructure disaster mitigation strategies. The last section highlights how the key measures developed to enhance the resilience against CI disruptions can benefit also to broader urban resilience. 

  2. Insurance and critical infrastructure protection : is there a connection in an environment of terrorism?

    International Nuclear Information System (INIS)

    Rowlands, D.; Devlin, R.A.

    2006-01-01

    This paper investigated the potential role of the insurance industry in enhancing the protection of critical energy infrastructure (CEI). This analysis was conducted in the context of increased concerns about deliberate acts of sabotage related to terrorist activities. A theoretical insurance market analysis was applied to a CEI scenario in order to examine the effects that insurance might have on the vulnerability of the system and subsequent remediation activities. Classical insurance market structures were examined, and problems associated with adverse selection, moral hazards and the role of government were identified. Issues concerning incentive effects induced by insurance were reviewed, as well as issues concerning the interdependence between different operators of the CEI system. An updated literature review was also provided. Results of the study suggested that corporate losses to CEI owners may be far less than the social cost of energy disruption, which in turn provides a reasonable rationale for government as opposed to private intervention. In terms of remediation, the immediate impact of a crippled CEI would overwhelm any private organization, and response would need to be coordinated through public structures. Terrorism insurance, while available, provides relatively large deductibles, as insurance companies are unwilling to accept the risks of moderate damage that may arise. There does not appear to be any evidence that private insurers will be able to provide significant relief from terrorist attacks, and it is unlikely that a private insurance market for terrorism will emerge. An absence of information regarding terrorist activities constrains both insurance purchasers from choosing the best mix of risk management tools, as well as insurance companies seeking to establish the appropriate pricing and conditions for different contracts. It was concluded that governments should support CEI firms in their own efforts to understand the threats; aid in

  3. Interconnectedness and interdependencies of critical infrastructures in the US economy: Implications for resilience

    Science.gov (United States)

    Chopra, Shauhrat S.; Khanna, Vikas

    2015-10-01

    Natural disasters in 2011 yielded close to 55 billion in economic damages alone in the United States (US), which highlights the need to reduce impacts of such disasters or other deliberate attacks. The US Department of Homeland Security (DHS) identifies a list of 16 Critical Infrastructure Sectors (CIS) whose incapacity due to disruptions would have a debilitating impact on the nation's economy. The goal of this work is to understand the implications of interdependencies among CIS on the resilience of the US economic system as a whole. We develop a framework that combines the empirical economic input-output (EIO) model with graph theory based techniques for understanding interdependencies, interconnectedness and resilience in the US economic system. By representing the US economy as a network, we are able to analyze its topology by separately looking at its unweighted and weighted forms. Topological analysis of the US EIO network suggests that it exhibits small world properties for the unweighted case, and in the weighted case, the throughput of industry sectors follows a power-law with an exponential cutoff. Implications of these topological properties are discussed in the paper. We also simulate hypothetical disruptions on CIS in order to identify industrial sectors that experience the largest economic impacts, and to quantify systemic vulnerability in economic terms. In addition, insights from community detection and hypothetical disruption scenarios help assess vulnerability of individual industrial communities to disruptions on individual CIS. These methodologies also provide insights regarding the extent of coupling between each CIS in the US EIO network. Based on our analysis, we observe that excessive interconnectedness and interdependencies of CIS results in high systemic vulnerability. This information can guide policymakers to design policies that improve resilience of economic networks, and evaluate policies that might indirectly increase coupling

  4. 76 FR 58730 - Version 4 Critical Infrastructure Protection Reliability Standards

    Science.gov (United States)

    2011-09-22

    ... Critical Cyber Assets; (3) internal, management, approval of the risk-based assessment; (4) external review... consider applicable features of the NIST Risk Management Framework to ensure protection of all cyber... activities in the Risk Management Framework has an associated NIST security standard and/or guidance document...

  5. 77 FR 72673 - Critical Infrastructure Protection and Resilience Month, 2012

    Science.gov (United States)

    2012-12-05

    ... why my Administration continues to make cybersecurity a national security priority. As we continue to... secure. This month, we rededicate ourselves to raising awareness of the importance of critical... of the United States to recognize the importance of protecting our Nation's resources and to observe...

  6. The Effects of Denial-of-Service Attacks on Secure Time-Critical Communications in the Smart Grid

    Energy Technology Data Exchange (ETDEWEB)

    Zhang, Fengli [Univ. of Arkansas, Fayetteville, AR (United States); Li, QInghua [Univ. of Arkansas, Fayetteville, AR (United States); Mantooth, Homer Alan [Univ. of Arkansas, Fayetteville, AR (United States); Ross, Chase [Univ. of Arkansas, Fayetteville, AR (United States); Yang, Jing [Univ. of Arkansas, Fayetteville, AR (United States); Di, Jia [Univ. of Arkansas, Fayetteville, AR (United States); Balda, Juan Carlos [Univ. of Arkansas, Fayetteville, AR (United States)

    2016-04-02

    According to IEC 61850, many smart grid communications require messages to be delivered in a very short time. –Trip messages and sample values applied to the transmission level: 3 ms –Interlocking messages applied to the distribution level: 10 ms •Time-critical communications are vulnerable to denial-of-service (DoS) attacks –Flooding attack: Attacker floods many messages to the target network/machine. We conducted systematic, experimental study about how DoS attacks affect message delivery delays.

  7. Seismic Barrier Protection of Critical Infrastructure from Earthquakes

    Science.gov (United States)

    2017-05-01

    We observe that such barrier structures reduce seismic wave powers by 10 – 40 dB that would otherwise reach the foundation location. Moreover, the... structure composed of opposing boreholes or trenches to mitigate seismic waves from diffracting and traveling in the vertical plane. Computational...seismic wave propagation models suggest that air or fluid filled subsurface V- shaped muffler structures are critical to the redirection and self

  8. No Dark Corners: Defending Against Insider Threats to Critical Infrastructure

    Science.gov (United States)

    2009-09-01

    latter do not unfairly affect an applicant’s livelihood by making adverse hiring decisions before the legal system has decided actual guilt (Pre...object that changing demographics may also account for crime, thus bringing into question Broken Windows as a panacea . One criticism even went so... panacea or as the sole explanation for decreases in crime, himself taking account of other factors, including Newman’s work, it is more accurate to

  9. A database of volcanic hazards and their physical impacts to critical infrastructure

    Science.gov (United States)

    Wilson, Grant; Wilson, Thomas; Deligne, Natalia

    2013-04-01

    Approximately 10% of the world's population lives within 100 km of historically active volcanoes. Consequently, considerable critical infrastructure is at risk of being affected by volcanic eruptions, where critical infrastructure includes: electricity and wastewater networks; water supply systems; transport routes; communications; and buildings. Appropriate risk management strategies are required to minimise the risk to infrastructure, which necessitates detailed understanding of both volcanic hazards and infrastructure parameters and vulnerabilities. To address this, we are developing a database of the physical impacts and vulnerability of critical infrastructure observed during/following historic eruptions, placed in the context of event-specific volcanic hazard and infrastructure parameters. Our database considers: volcanic hazard parameters for each case study eruption (tephra thickness, dynamic pressure of PDCs, etc.); inventory of infrastructure elements present within the study area (geographical extent, age, etc.); the type and number of impacts and disruption caused to particular infrastructure sectors; and the quantified assessment of the vulnerability of built environments. Data have been compiled from a wide range of literature, focussing in particular on impact assessment studies which document in detail the damage sustained by critical infrastructure during a given eruption. We are creating a new vulnerability ranking to quantify the vulnerability of built environments affected by volcanic eruptions. The ranking is based upon a range of physical impacts and service disruption criteria, and is assigned to each case study. This ranking will permit comparison of vulnerabilities between case studies as well as indicate expected vulnerability during future eruptions. We are also developing hazard intensity thresholds indicating when specific damage states are expected for different critical infrastructure sectors. Finally, we have developed a data quality

  10. Assessing the dynamic material criticality of infrastructure transitions: A case of low carbon electricity

    International Nuclear Information System (INIS)

    Roelich, Katy; Dawson, David A.; Purnell, Phil; Knoeri, Christof; Revell, Ruairi; Busch, Jonathan; Steinberger, Julia K.

    2014-01-01

    Highlights: • We present a method to analyse material criticality of infrastructure transitions. • Criticality is defined as the potential for, and exposure to, supply disruption. • Our method is dynamic reducing the probability of lock-in to at-risk technologies. • We show that supply disruption potential is reducing but exposure is increasing. - Abstract: Decarbonisation of existing infrastructure systems requires a dynamic roll-out of technology at an unprecedented scale. The potential disruption in supply of critical materials could endanger such a transition to low-carbon infrastructure and, by extension, compromise energy security more broadly because low carbon technologies are reliant on these materials in a way that fossil-fuelled energy infrastructure is not. Criticality is currently defined as the combination of the potential for supply disruption and the exposure of a system of interest to that disruption. We build on this definition and develop a dynamic approach to quantifying criticality, which monitors the change in criticality during the transition towards a low-carbon infrastructure goal. This allows us to assess the relative risk of different technology pathways to reach a particular goal and reduce the probability of being ‘locked in’ to currently attractive but potentially future-critical technologies. To demonstrate, we apply our method to criticality of the proposed UK electricity system transition, with a focus on neodymium. We anticipate that the supply disruption potential of neodymium will decrease by almost 30% by 2050; however, our results show the criticality of low carbon electricity production increases ninefold over this period, as a result of increasing exposure to neodymium-reliant technologies

  11. What’s My Lane? Identifying the State Government Role in Critical Infrastructure Protection

    Science.gov (United States)

    2012-03-01

    Marsh Commission. The GMU research program was developed with Congressional funding, the results of which have produced numerous research papers ...acknowledging that not all attacks or accidents can be prevented, turn to criticality as a crutch —pouring more and more resources into all

  12. Modelling a critical infrastructure-driven spatial database for proactive disaster management: A developing country context

    Directory of Open Access Journals (Sweden)

    David O. Baloye

    2016-04-01

    Full Text Available The understanding and institutionalisation of the seamless link between urban critical infrastructure and disaster management has greatly helped the developed world to establish effective disaster management processes. However, this link is conspicuously missing in developing countries, where disaster management has been more reactive than proactive. The consequence of this is typified in poor response time and uncoordinated ways in which disasters and emergency situations are handled. As is the case with many Nigerian cities, the challenges of urban development in the city of Abeokuta have limited the effectiveness of disaster and emergency first responders and managers. Using geospatial techniques, the study attempted to design and deploy a spatial database running a web-based information system to track the characteristics and distribution of critical infrastructure for effective use during disaster and emergencies, with the purpose of proactively improving disaster and emergency management processes in Abeokuta. Keywords: Disaster Management; Emergency; Critical Infrastructure; Geospatial Database; Developing Countries; Nigeria

  13. INFRASTRUCTURE

    CERN Multimedia

    A. Gaddi and P. Tropea

    2011-01-01

    Most of the work relating to Infrastructure has been concentrated in the new CSC and RPC manufactory at building 904, on the Prevessin site. Brand new gas distribution, powering and HVAC infrastructures are being deployed and the production of the first CSC chambers has started. Other activities at the CMS site concern the installation of a new small crane bridge in the Cooling technical room in USC55, in order to facilitate the intervention of the maintenance team in case of major failures of the chilled water pumping units. The laser barrack in USC55 has been also the object of a study, requested by the ECAL community, for the new laser system that shall be delivered in few months. In addition, ordinary maintenance works have been performed during the short machine stops on all the main infrastructures at Point 5 and in preparation to the Year-End Technical Stop (YETS), when most of the systems will be carefully inspected in order to ensure a smooth running through the crucial year 2012. After the incide...

  14. INFRASTRUCTURE

    CERN Multimedia

    A. Gaddi and P. Tropea

    2012-01-01

    The CMS Infrastructures teams are preparing for the LS1 activities. A long list of maintenance, consolidation and upgrade projects for CMS Infrastructures is on the table and is being discussed among Technical Coordination and sub-detector representatives. Apart from the activities concerning the cooling infrastructures (see below), two main projects have started: the refurbishment of the SX5 building, from storage area to RP storage and Muon stations laboratory; and the procurement of a new dry-gas (nitrogen and dry air) plant for inner detector flushing. We briefly present here the work done on the first item, leaving the second one for the next CMS Bulletin issue. The SX5 building is entering its third era, from main assembly building for CMS from 2000 to 2007, to storage building from 2008 to 2012, to RP storage and Muon laboratory during LS1 and beyond. A wall of concrete blocks has been erected to limit the RP zone, while the rest of the surface has been split between the ME1/1 and the CSC/DT laborat...

  15. A Systems-Based Risk Assessment Framework for Intentional Electromagnetic Interference (IEMI) on Critical Infrastructures.

    Science.gov (United States)

    Oakes, Benjamin Donald; Mattsson, Lars-Göran; Näsman, Per; Glazunov, Andrés Alayón

    2018-01-03

    Modern infrastructures are becoming increasingly dependent on electronic systems, leaving them more vulnerable to electrical surges or electromagnetic interference. Electromagnetic disturbances appear in nature, e.g., lightning and solar wind; however, they may also be generated by man-made technology to maliciously damage or disturb electronic equipment. This article presents a systematic risk assessment framework for identifying possible, consequential, and plausible intentional electromagnetic interference (IEMI) attacks on an arbitrary distribution network infrastructure. In the absence of available data on IEMI occurrences, we find that a systems-based risk assessment is more useful than a probabilistic approach. We therefore modify the often applied definition of risk, i.e., a set of triplets containing scenario, probability, and consequence, to a set of quadruplets: scenario, resource requirements, plausibility, and consequence. Probability is "replaced" by resource requirements and plausibility, where the former is the minimum amount and type of equipment necessary to successfully carry out an attack scenario and the latter is a subjective assessment of the extent of the existence of attackers who possess the motivation, knowledge, and resources necessary to carry out the scenario. We apply the concept of intrusion areas and classify electromagnetic source technology according to key attributes. Worst-case scenarios are identified for different quantities of attacker resources. The most plausible and consequential of these are deemed the most important scenarios and should provide useful decision support in a countermeasures effort. Finally, an example of the proposed risk assessment framework, based on notional data, is provided on a hypothetical water distribution network. © 2017 Society for Risk Analysis.

  16. Applying the Msharpp Method in Risk Assessment for the Water Supply Critical Infrastructure Sector

    Directory of Open Access Journals (Sweden)

    Badea Dorel

    2015-06-01

    Full Text Available The paper highlights a manner to assess risks for an important sector of critical infrastructure, that of water supply, frequently regulated in international legal systems. We took into consideration the fact that risk is a problem related to the processes of decision making under conditions of uncertainty in most cases, so that by this approach we bring to the attention of critical infrastructure managers, drawing on their experience, a simple method that can be considered in a preliminary stage of risk assessment specific to water supply.

  17. Methodology for prioritizing cyber-vulnerable critical infrastructure equipment and mitigation strategies.

    Energy Technology Data Exchange (ETDEWEB)

    Dawson, Lon Andrew; Stinebaugh, Jennifer A.

    2010-04-01

    The Department of Homeland Security (DHS), National Cyber Security Division (NSCD), Control Systems Security Program (CSSP), contracted Sandia National Laboratories to develop a generic methodology for prioritizing cyber-vulnerable, critical infrastructure assets and the development of mitigation strategies for their loss or compromise. The initial project has been divided into three discrete deliverables: (1) A generic methodology report suitable to all Critical Infrastructure and Key Resource (CIKR) Sectors (this report); (2) a sector-specific report for Electrical Power Distribution; and (3) a sector-specific report for the water sector, including generation, water treatment, and wastewater systems. Specific reports for the water and electric sectors are available from Sandia National Laboratories.

  18. Systematic risk assessment methodology for critical infrastructure elements - Oil and Gas subsectors

    Science.gov (United States)

    Gheorghiu, A.-D.; Ozunu, A.

    2012-04-01

    The concern for the protection of critical infrastructure has been rapidly growing in the last few years in Europe. The level of knowledge and preparedness in this field is beginning to develop in a lawfully organized manner, for the identification and designation of critical infrastructure elements of national and European interest. Oil and gas production, refining, treatment, storage and transmission by pipelines facilities, are considered European critical infrastructure sectors, as per Annex I of the Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection. Besides identifying European and national critical infrastructure elements, member states also need to perform a risk analysis for these infrastructure items, as stated in Annex II of the above mentioned Directive. In the field of risk assessment, there are a series of acknowledged and successfully used methods in the world, but not all hazard identification and assessment methods and techniques are suitable for a given site, situation, or type of hazard. As Theoharidou, M. et al. noted (Theoharidou, M., P. Kotzanikolaou, and D. Gritzalis 2009. Risk-Based Criticality Analysis. In Critical Infrastructure Protection III. Proceedings. Third Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection. Hanover, New Hampshire, USA, March 23-25, 2009: revised selected papers, edited by C. Palmer and S. Shenoi, 35-49. Berlin: Springer.), despite the wealth of knowledge already created, there is a need for simple, feasible, and standardized criticality analyses. The proposed systematic risk assessment methodology includes three basic steps: the first step (preliminary analysis) includes the identification of hazards (including possible natural hazards) for each installation/section within a given site, followed by a criterial analysis and then a detailed analysis step

  19. Cyber and physical infrastructure interdependencies.

    Energy Technology Data Exchange (ETDEWEB)

    Phillips, Laurence R.; Kelic, Andjelka; Warren, Drake E.

    2008-09-01

    The goal of the work discussed in this document is to understand the risk to the nation of cyber attacks on critical infrastructures. The large body of research results on cyber attacks against physical infrastructure vulnerabilities has not resulted in clear understanding of the cascading effects a cyber-caused disruption can have on critical national infrastructures and the ability of these affected infrastructures to deliver services. This document discusses current research and methodologies aimed at assessing the translation of a cyber-based effect into a physical disruption of infrastructure and thence into quantification of the economic consequences of the resultant disruption and damage. The document discusses the deficiencies of the existing methods in correlating cyber attacks with physical consequences. The document then outlines a research plan to correct those deficiencies. When completed, the research plan will result in a fully supported methodology to quantify the economic consequences of events that begin with cyber effects, cascade into other physical infrastructure impacts, and result in degradation of the critical infrastructure's ability to deliver services and products. This methodology enables quantification of the risks to national critical infrastructure of cyber threats. The work addresses the electric power sector as an example of how the methodology can be applied.

  20. System Dynamics Approach for Critical Infrastructure and Decision Support. A Model for a Potable Water System.

    Science.gov (United States)

    Pasqualini, D.; Witkowski, M.

    2005-12-01

    The Critical Infrastructure Protection / Decision Support System (CIP/DSS) project, supported by the Science and Technology Office, has been developing a risk-informed Decision Support System that provides insights for making critical infrastructure protection decisions. The system considers seventeen different Department of Homeland Security defined Critical Infrastructures (potable water system, telecommunications, public health, economics, etc.) and their primary interdependencies. These infrastructures have been modeling in one model called CIP/DSS Metropolitan Model. The modeling approach used is a system dynamics modeling approach. System dynamics modeling combines control theory and the nonlinear dynamics theory, which is defined by a set of coupled differential equations, which seeks to explain how the structure of a given system determines its behavior. In this poster we present a system dynamics model for one of the seventeen critical infrastructures, a generic metropolitan potable water system (MPWS). Three are the goals: 1) to gain a better understanding of the MPWS infrastructure; 2) to identify improvements that would help protect MPWS; and 3) to understand the consequences, interdependencies, and impacts, when perturbations occur to the system. The model represents raw water sources, the metropolitan water treatment process, storage of treated water, damage and repair to the MPWS, distribution of water, and end user demand, but does not explicitly represent the detailed network topology of an actual MPWS. The MPWS model is dependent upon inputs from the metropolitan population, energy, telecommunication, public health, and transportation models as well as the national water and transportation models. We present modeling results and sensitivity analysis indicating critical choke points, negative and positive feedback loops in the system. A general scenario is also analyzed where the potable water system responds to a generic disruption.

  1. Assessing the Vulnerability of Large Critical Infrastructure Using Fully-Coupled Blast Effects Modeling

    Energy Technology Data Exchange (ETDEWEB)

    McMichael, L D; Noble, C R; Margraf, J D; Glascoe, L G

    2009-03-26

    Structural failures, such as the MacArthur Maze I-880 overpass in Oakland, California and the I-35 bridge in Minneapolis, Minnesota, are recent examples of our national infrastructure's fragility and serve as an important reminder of such infrastructure in our everyday lives. These two failures, as well as the World Trade Center's collapse and the levee failures in New Orleans, highlight the national importance of protecting our infrastructure as much as possible against acts of terrorism and natural hazards. This paper describes a process for evaluating the vulnerability of critical infrastructure to large blast loads using a fully-coupled finite element approach. A description of the finite element software and modeling technique is discussed along with the experimental validation of the numerical tools. We discuss how such an approach can be used for specific problems such as modeling the progressive collapse of a building.

  2. INFRASTRUCTURE

    CERN Multimedia

    Andrea Gaddi

    2010-01-01

    In addition to the intense campaign of replacement of the leaky bushing on the Endcap circuits, other important activities have also been completed, with the aim of enhancing the overall reliability of the cooling infrastructures at CMS. Remaining with the Endcap circuit, the regulating valve that supplies cold water to the primary side of the circuit heat-exchanger, is not well adapted in flow capability and a new part has been ordered, to be installed during a stop of LHC. The instrumentation monitoring of the refilling rate of the circuits has been enhanced and we can now detect leaks as small as 0.5 cc/sec, on circuits that have nominal flow rates of some 20 litres/sec. Another activity starting now that the technical stop is over is the collection of spare parts that are difficult to find on the market. These will be stored at P5 with the aim of reducing down-time in case of component failure. Concerning the ventilation infrastructures, it has been noticed that in winter time the relative humidity leve...

  3. Counter terrorism functions to enhance critical infrastructure resilience against CBRNe terrorism

    NARCIS (Netherlands)

    Bonsen, I.M.; Gaasbeek, R.C.

    2009-01-01

    Current approaches in critical infrastructure protection use long lists of items that fail to give its user a structured answer to the state of protection of its object. The functionality approach uses different terrorist functions to structure the threat (which are to have intent, to scout, to

  4. Interdependency control : compensation strategies for the inherent vulnerability of critical infrastructure networks

    International Nuclear Information System (INIS)

    Mao, D.; Sotoodeh, M.; Monu, K.; Marti, J.R.; Srivastava, K.D.

    2009-01-01

    Today's increasingly interacting national critical infrastructures (NCIs) can tolerate most stochastic local disturbances. However, they are extremely fragile under global disturbances, as the latter may either push the whole system into a critical state or reveal many unexpected hidden interdependencies, inducing or triggering cascading failures among all possible layers. This robust yet fragile duality is an inherent vulnerability of modern infrastructures. It is therefore expected that weather-related disasters will be more frequent under a changing climate. This paper proposed an interdependency control strategy (ICS) that would maintain the survival of the most critical services, and compensate for this inherent vulnerability during emergency states. The paper also proposed a generalized adjacency matrix (GAM) to represent the physical interdependencies intra/inter of various infrastructure networks. The vulnerable section in the network can be identified, based on computed results of GAM, number of islands in the network, and influence domain(s) of each component. These features render ICS more effective and convincing. Last, the paper proposed a survivability index for isolated sub-networks and described relevant measures for improving this index during the four phases of emergency management. It was concluded that the proposed strategy is an effective means to reduce the inherent vulnerability and increase the resiliency of these critical infrastructures networks. 20 refs., 5 figs

  5. A Good Practice Guide on Critical Infor-mation Infrastructure Protection

    NARCIS (Netherlands)

    Luiijf, H.A.M.; Schie, T.C.C. van

    2017-01-01

    Early 2016, the Meridian Process and the GFCE tasked the Netherlands Organisation for Applied Scientific Research TNO to develop a Good Practice Guide on Critical Information Infrastructure Protection (CIIP) for governmental policy-makers [1]. The guide primarily aims at governmental policy-makers,

  6. Geovisualization applications to examine and explore high-density and hierarchical critical infrastructure data

    Science.gov (United States)

    Edsall, Robert; Hembree, Harvey

    2018-05-01

    The geospatial research and development team in the National and Homeland Security Division at Idaho National Laboratory was tasked with providing tools to derive insight from the substantial amount of data currently available - and continuously being produced - associated with the critical infrastructure of the US. This effort is in support of the Department of Homeland Security, whose mission includes the protection of this infrastructure and the enhancement of its resilience to hazards, both natural and human. We present geovisual-analytics-based approaches for analysis of vulnerabilities and resilience of critical infrastructure, designed so that decision makers, analysts, and infrastructure owners and managers can manage risk, prepare for hazards, and direct resources before and after an incident that might result in an interruption in service. Our designs are based on iterative discussions with DHS leadership and analysts, who in turn will use these tools to explore and communicate data in partnership with utility providers, law enforcement, and emergency response and recovery organizations, among others. In most cases these partners desire summaries of large amounts of data, but increasingly, our users seek the additional capability of focusing on, for example, a specific infrastructure sector, a particular geographic region, or time period, or of examining data in a variety of generalization or aggregation levels. These needs align well with tenets of in-formation-visualization design; in this paper, selected applications among those that we have designed are described and positioned within geovisualization, geovisual analytical, and information visualization frameworks.

  7. INFRASTRUCTURE

    CERN Multimedia

    Andrea Gaddi

    With all the technical services running, the attention has moved toward the next shutdown that will be spent to perform those modifications needed to enhance the reliability of CMS Infrastructures. Just to give an example for the cooling circuit, a set of re-circulating bypasses will be installed into the TS/CV area to limit the pressure surge when a circuit is partially shut-off. This problem has affected especially the Endcap Muon cooling circuit in the past. Also the ventilation of the UXC55 has to be revisited, allowing the automatic switching to full extraction in case of magnet quench. (Normally 90% of the cavern air is re-circulated by the ventilation system.) Minor modifications will concern the gas distribution, while the DSS action-matrix has to be refined according to the experience gained with operating the detector for a while. On the powering side, some LV power lines have been doubled and the final schematics of the UPS coverage for the counting rooms have been released. The most relevant inte...

  8. INFRASTRUCTURE

    CERN Multimedia

    A. Gaddi and P. Tropea

    2013-01-01

      Most of the CMS infrastructures at P5 will go through a heavy consolidation-work period during LS1. All systems, from the cryogenic plant of the superconducting magnet to the rack powering in the USC55 counting rooms, from the cooling circuits to the gas distribution, will undergo consolidation work. As announced in the last issue of the CMS Bulletin, we present here one of the consolidation projects of LS1: the installation of a new dry-gas plant for inner detectors inertion. So far the oxygen and humidity suppression inside the CMS Tracker and Pixel volumes were assured by flushing dry nitrogen gas evaporated from a large liquid nitrogen tank. For technical reasons, the maximum flow is limited to less than 100 m3/h and the cost of refilling the tank every two weeks with liquid nitrogen is quite substantial. The new dry-gas plant will supply up to 400 m3/h of dry nitrogen (or the same flow of dry air, during shut-downs) with a comparatively minimal operation cost. It has been evaluated that the...

  9. INFRASTRUCTURE

    CERN Document Server

    Andrea Gaddi

    2010-01-01

    During the last six months, the main activity on the cooling circuit has essentially been preventive maintenance. At each short machine technical stop, a water sample is extracted out of every cooling circuit to measure the induced radioactivity. Soon after, a visual check of the whole detector cooling network is done, looking for water leaks in sensitive locations. Depending on sub-system availability, the main water filters are replaced; the old ones are inspected and sent to the CERN metallurgical lab in case of suspicious sediments. For the coming winter technical stop, a number of corrective maintenance activities and infrastructure consolidation work-packages are foreseen. A few faulty valves, found on the muon system cooling circuit, will be replaced; the cooling gauges for TOTEM and CASTOR, in the CMS Forward region, will be either changed or shielded against the magnetic stray field. The demineralizer cartridges will be replaced as well. New instrumentation will also be installed in the SCX5 PC farm ...

  10. INFRASTRUCTURE

    CERN Multimedia

    Andrea Gaddi.

    The various water-cooling circuits ran smoothly over the summer. The overall performance of the cooling system is satisfactory, even if some improvements are possible, concerning the endcap water-cooling and the C6F14 circuits. In particular for the endcap cooling circuit, we aim to lower the water temperature, to provide more margin for RPC detectors. An expert-on-call piquet has been established during the summer global run, assuring the continuous supervision of the installations. An effort has been made to collect and harmonize the existing documentation on the cooling infrastructures at P5. The last six months have seen minor modifications to the electrical power network at P5. Among these, the racks in USC55 for the Tracker and Sniffer systems, which are backed up by the diesel generator in case of power outage, have been equipped with new control boxes to allow a remote restart. Other interventions have concerned the supply of assured power to those installations that are essential for CMS to run eff...

  11. INFRASTRUCTURE

    CERN Multimedia

    A. Gaddi

    The long winter shut-down allows for modifications that will improve the reliability of the detector infrastructures at P5. The annual maintenance of detector services is taking place as well. This means a full stop of water-cooling circuits from November 24th with a gradual restart from mid January 09. The annual maintenance service includes the cleaning of the two SF5 cooling towers, service of the chiller plants on the surface, and the cryogenic plant serving the CMS Magnet. In addition, the overall site power is reduced from 8MW to 2MW, compatible with the switchover to the Swiss power network in winter. Full power will be available again from end of January. Among the modification works planned, the Low Voltage cabinets are being refurbished; doubling the cable sections and replacing the 40A circuit breakers with 60A types. This will reduce the overheating that has been experienced. Moreover, two new LV transformers will be bought and pre-cabled in order to assure a quick swap in case of failure of any...

  12. INFRASTRUCTURE

    CERN Document Server

    A. Gaddi

    2011-01-01

    During the last winter technical stop, a number of corrective maintenance activities and infrastructure consolidation work-packages were completed. On the surface, the site cooling facility has passed the annual maintenance process that includes the cleaning of the two evaporative cooling towers, the maintenance of the chiller units and the safety checks on the software controls. In parallel, CMS teams, reinforced by PH-DT group personnel, have worked to shield the cooling gauges for TOTEM and CASTOR against the magnetic stray field in the CMS Forward region, to add labels to almost all the valves underground and to clean all the filters in UXC55, USC55 and SCX5. Following the insertion of TOTEM T1 detector, the cooling circuit has been branched off and commissioned. The demineraliser cartridges have been replaced as well, as they were shown to be almost saturated. New instrumentation has been installed in the SCX5 PC farm cooling and ventilation network, in order to monitor the performance of the HVAC system...

  13. Trustworthy Critical Infrastructures via Physics-Aware Just-Ahead-Of-Time Verification

    CERN Multimedia

    CERN. Geneva

    2017-01-01

    Dr. Saman Zonouz, assistant professor at Rutgers University, NJ and the director of the 4N6 Cyber Security and Forensics Laboratory is visiting CERN for a collaboration meeting. His previous works and research interests include PLC program analysis, security of embedded systems, and malware analysis and reverse engineering. Before the collaboration meeting, Dr. Zonouz is giving a 30-minutes-long talk, titled 'Trustworthy Critical Infrastructures via Physics-Aware Just-Ahead-Of-Time Verification', followed by Q&A and discussions. You can find the abstract of the talk below. The presentation is open to anyone interested, but please register on Indico to know the size of the room needed. (Please note the new room: 31/3-004, IT Auditorium.) Abstract Critical cyber-physical infrastructures, such as the power grid, integrate networks of computational and physical processes to provide the people across the globe with essential functionalities and services. Protecting these critical infrastructu...

  14. A Virtual Environment for Resilient Infrastructure Modeling and Design

    Science.gov (United States)

    2015-09-01

    Security CI Critical Infrastructure CID Center for Infrastructure Defense CSV Comma Separated Value DAD Defender-Attacker-Defender DHS Department...responses to disruptive events (e.g., cascading failure behavior) in a context- rich , controlled environment for exercises, education, and training...The general attacker-defender (AD) and defender-attacker-defender ( DAD ) models for CI are defined in Brown et al. (2006). These models help

  15. Supervisory Control and Data Acquisition (SCADA) Systems and Cyber-Security: Best Practices to Secure Critical Infrastructure

    Science.gov (United States)

    Morsey, Christopher

    2017-01-01

    In the critical infrastructure world, many critical infrastructure sectors use a Supervisory Control and Data Acquisition (SCADA) system. The sectors that use SCADA systems are the electric power, nuclear power and water. These systems are used to control, monitor and extract data from the systems that give us all the ability to light our homes…

  16. A Methodology and Toolkit for Deploying Reliable Security Policies in Critical Infrastructures

    Directory of Open Access Journals (Sweden)

    Faouzi Jaïdi

    2018-01-01

    Full Text Available Substantial advances in Information and Communication Technologies (ICT bring out novel concepts, solutions, trends, and challenges to integrate intelligent and autonomous systems in critical infrastructures. A new generation of ICT environments (such as smart cities, Internet of Things, edge-fog-social-cloud computing, and big data analytics is emerging; it has different applications to critical domains (such as transportation, communication, finance, commerce, and healthcare and different interconnections via multiple layers of public and private networks, forming a grid of critical cyberphysical infrastructures. Protecting sensitive and private data and services in critical infrastructures is, at the same time, a main objective and a great challenge for deploying secure systems. It essentially requires setting up trusted security policies. Unfortunately, security solutions should remain compliant and regularly updated to follow and track the evolution of security threats. To address this issue, we propose an advanced methodology for deploying and monitoring the compliance of trusted access control policies. Our proposal extends the traditional life cycle of access control policies with pertinent activities. It integrates formal and semiformal techniques allowing the specification, the verification, the implementation, the reverse-engineering, the validation, the risk assessment, and the optimization of access control policies. To automate and facilitate the practice of our methodology, we introduce our system SVIRVRO that allows managing the extended life cycle of access control policies. We refer to an illustrative example to highlight the relevance of our contributions.

  17. Intrusion-Tolerant Replication under Attack

    Science.gov (United States)

    Kirsch, Jonathan

    2010-01-01

    Much of our critical infrastructure is controlled by large software systems whose participants are distributed across the Internet. As our dependence on these critical systems continues to grow, it becomes increasingly important that they meet strict availability and performance requirements, even in the face of malicious attacks, including those…

  18. Managing the complexity of critical infrastructures a modelling and simulation approach

    CERN Document Server

    Rosato, Vittorio; Kyriakides, Elias; Rome, Erich

    2016-01-01

    This book is open access under a CC BY 4.0 license. This book summarizes work being pursued in the context of the CIPRNet (Critical Infrastructure Preparedness and Resilience Research Network) research project, co-funded by the European Union under the Seventh Framework Programme (FP7). The project is intended to provide concrete and on-going support to the Critical Infrastructure Protection (CIP) research communities, enhancing their preparedness for CI-related emergencies, while also providing expertise and technologies for other stakeholders to promote their understanding and mitigation of the consequences of CI disruptions, leading to enhanced resilience. The book collects the tutorial material developed by the authors for several courses on the modelling, simulation and analysis of CIs, representing extensive and integrated CIP expertise. It will help CI stakeholders, CI operators and civil protection authorities understand the complex system of CIs, and help them adapt to these changes and threats in or...

  19. A novel critical infrastructure resilience assessment approach using dynamic Bayesian networks

    Science.gov (United States)

    Cai, Baoping; Xie, Min; Liu, Yonghong; Liu, Yiliu; Ji, Renjie; Feng, Qiang

    2017-10-01

    The word resilience originally originates from the Latin word "resiliere", which means to "bounce back". The concept has been used in various fields, such as ecology, economics, psychology, and society, with different definitions. In the field of critical infrastructure, although some resilience metrics are proposed, they are totally different from each other, which are determined by the performances of the objects of evaluation. Here we bridge the gap by developing a universal critical infrastructure resilience metric from the perspective of reliability engineering. A dynamic Bayesian networks-based assessment approach is proposed to calculate the resilience value. A series, parallel and voting system is used to demonstrate the application of the developed resilience metric and assessment approach.

  20. Integrating cyber attacks within fault trees

    International Nuclear Information System (INIS)

    Nai Fovino, Igor; Masera, Marcelo; De Cian, Alessio

    2009-01-01

    In this paper, a new method for quantitative security risk assessment of complex systems is presented, combining fault-tree analysis, traditionally used in reliability analysis, with the recently introduced Attack-tree analysis, proposed for the study of malicious attack patterns. The combined use of fault trees and attack trees helps the analyst to effectively face the security challenges posed by the introduction of modern ICT technologies in the control systems of critical infrastructures. The proposed approach allows considering the interaction of malicious deliberate acts with random failures. Formal definitions of fault tree and attack tree are provided and a mathematical model for the calculation of system fault probabilities is presented.

  1. Integrating cyber attacks within fault trees

    Energy Technology Data Exchange (ETDEWEB)

    Nai Fovino, Igor [Joint Research Centre - EC, Institute for the Protection and Security of the Citizen, Ispra, VA (Italy)], E-mail: igor.nai@jrc.it; Masera, Marcelo [Joint Research Centre - EC, Institute for the Protection and Security of the Citizen, Ispra, VA (Italy); De Cian, Alessio [Department of Electrical Engineering, University di Genova, Genoa (Italy)

    2009-09-15

    In this paper, a new method for quantitative security risk assessment of complex systems is presented, combining fault-tree analysis, traditionally used in reliability analysis, with the recently introduced Attack-tree analysis, proposed for the study of malicious attack patterns. The combined use of fault trees and attack trees helps the analyst to effectively face the security challenges posed by the introduction of modern ICT technologies in the control systems of critical infrastructures. The proposed approach allows considering the interaction of malicious deliberate acts with random failures. Formal definitions of fault tree and attack tree are provided and a mathematical model for the calculation of system fault probabilities is presented.

  2. Organizational Strategies for Critical Transportation Infrastructure: Characteristics of Urban Resilience. The Case of Montreal.

    Science.gov (United States)

    Beauregard, Stéphane; Therrien, Marie-Christine; Normandin, Julie-Maude

    2010-05-01

    Organizational Strategies for Critical Transportation Infrastructure: Characteristics of Urban Resilience. The Case of Montreal. Stéphane Beauregard M.Sc. Candidate École nationale d'administration publique Julie-Maude Normandin Ph.D. Candidate École nationale d'administration publique Marie-Christine Therrien Professor École nationale d'administration publique The proposed paper presents preliminary results on the resilience of organizations managing critical infrastructure in the Metropolitan Montreal area (Canada). A resilient city is characterized by a network of infrastructures and individuals capable of maintaining their activities in spite of a disturbance (Godschalk, 2002). Critical infrastructures provide essential services for the functioning of society. In a crisis situation, the interruption or a decrease in performance of critical infrastructures could have important impacts on the population. They are also vulnerable to accidents and cascading effects because on their complexity and tight interdependence (Perrow, 1984). For these reasons, protection and security of the essential assets and networks are one of the objectives of organizations and governments. But prevention and recovery are two endpoints of a continuum which include also intermediate concerns: ensuring organizational robustness or failing with elegance rather than catastrophically. This continuum also includes organizational resilience (or system), or the ability to recover quickly after an interruption has occurred. Wildavsky (1988) proposes that anticipation strategies work better against known problems while resilience strategies focus on unknown problems. Anticipation policies can unnecessarily immobilize investments against risks, while resilience strategies include the potential for a certain sacrifice in the interests of a more long-term survival and adaptation to changing threats. In addition, a too large confidence in anticipation strategies can bring loss of capacity of an

  3. METHODS OF MANAGING TRAFFIC DISTRIBUTION IN INFORMATION AND COMMUNICATION NETWORKS OF CRITICAL INFRASTRUCTURE SYSTEMS

    OpenAIRE

    Kosenko, Viktor; Persiyanova, Elena; Belotskyy, Oleksiy; Malyeyeva, Olga

    2017-01-01

    The subject matter of the article is information and communication networks (ICN) of critical infrastructure systems (CIS). The goal of the work is to create methods for managing the data flows and resources of the ICN of CIS to improve the efficiency of information processing. The following tasks were solved in the article: the data flow model of multi-level ICN structure was developed, the method of adaptive distribution of data flows was developed, the method of network resource assignment...

  4. Vulnerability assessment as a missing part of efficient regulatory emergency preparedness system for nuclear critical infrastructure

    International Nuclear Information System (INIS)

    Kostadinov, V.

    2007-01-01

    One introduces a new model to assess the vulnerability of the nuclear infrastructure critical facilities. The new procedure of the vulnerability assessment (the VA) aims to reevaluate the efficiency of the present-day safeguards. On the basis of deeper insight into the VA new strategy and of the elaborated procedure to analyze the hazards for the nuclear power facilities one recommends the key safeguards affecting the damage magnitude [ru

  5. Flood Risk Assessment on Selected Critical Infrastructure in Kota Marudu Town, Sabah, Malaysia

    Directory of Open Access Journals (Sweden)

    Ayog Janice Lynn

    2017-01-01

    Full Text Available This study investigates the risk of flood on selected critical infrastructure in a flood-prone catchment in Sabah, Malaysia. Kota Marudu, located in the Bandau floodplain, one of the Sabah’s northern water catchments, was selected as the study site due to its frequent flood occurrence and large floodplain coverage. Two of its largest rivers, namely Sungai Bongon and Sungai Bandau, tends to flood during rainy season and cause temporary displacements of thousands of people living in the floodplain. A total of 362 respondents participated in the questionnaire survey in order to gather information on historical flood occurrence. Three flood depth groups were determined, which are 1 less than 0.3 meter, 2 0.3 – 0.6 meter and 3 more than 0.6 meter, while three categories of critical infrastructure were defined, namely transportation system, communication system and buildings. It is found that the transportation system encounters the most severe impact as flood inundation increases, where 92% of the respondents believe that the transportation access should be abandoned when flood depth is more than 0.6m. The findings of this study will be used for detailed risk assessment, specifically on the vulnerability of the critical infrastructures to flood in this floodplain.

  6. The strategy for the development of information society in Serbia by 2020: Information security and critical infrastructure

    Directory of Open Access Journals (Sweden)

    Danijela D. Protić

    2012-10-01

    Full Text Available The development of technology has changed the world economy and induced new political trends. The European Union (EU and many non-EU member states apply the strategies of information society development that raise the level of information security (IS. The Serbian Government (Government has adopted the Strategy for Information Society in Serbia by 2020 (Strategy, and pointed to the challenges for the development of a modern Serbian information society. This paper presents an overview of the open-ended questions about IS, critical infrastructures and protection of critical infrastructures. Based on publicly available data, some critical national infrastructures are listed. As a possible solution to the problem of IS, the Public Key Infrastructure (PKI-based Information security integrated information system (ISIIS is presented. The ISIIS provides modularity and interoperability of critical infrastructures both in Serbia and neighboring countries.

  7. The role of minimum supply and social vulnerability assessment for governing critical infrastructure failure: current gaps and future agenda

    Directory of Open Access Journals (Sweden)

    M. Garschagen

    2018-04-01

    Full Text Available Increased attention has lately been given to the resilience of critical infrastructure in the context of natural hazards and disasters. The major focus therein is on the sensitivity of critical infrastructure technologies and their management contingencies. However, strikingly little attention has been given to assessing and mitigating social vulnerabilities towards the failure of critical infrastructure and to the development, design and implementation of minimum supply standards in situations of major infrastructure failure. Addressing this gap and contributing to a more integrative perspective on critical infrastructure resilience is the objective of this paper. It asks which role social vulnerability assessments and minimum supply considerations can, should and do – or do not – play for the management and governance of critical infrastructure failure. In its first part, the paper provides a structured review on achievements and remaining gaps in the management of critical infrastructure and the understanding of social vulnerabilities towards disaster-related infrastructure failures. Special attention is given to the current state of minimum supply concepts with a regional focus on policies in Germany and the EU. In its second part, the paper then responds to the identified gaps by developing a heuristic model on the linkages of critical infrastructure management, social vulnerability and minimum supply. This framework helps to inform a vision of a future research agenda, which is presented in the paper's third part. Overall, the analysis suggests that the assessment of socially differentiated vulnerabilities towards critical infrastructure failure needs to be undertaken more stringently to inform the scientifically and politically difficult debate about minimum supply standards and the shared responsibilities for securing them.

  8. The role of minimum supply and social vulnerability assessment for governing critical infrastructure failure: current gaps and future agenda

    Science.gov (United States)

    Garschagen, Matthias; Sandholz, Simone

    2018-04-01

    Increased attention has lately been given to the resilience of critical infrastructure in the context of natural hazards and disasters. The major focus therein is on the sensitivity of critical infrastructure technologies and their management contingencies. However, strikingly little attention has been given to assessing and mitigating social vulnerabilities towards the failure of critical infrastructure and to the development, design and implementation of minimum supply standards in situations of major infrastructure failure. Addressing this gap and contributing to a more integrative perspective on critical infrastructure resilience is the objective of this paper. It asks which role social vulnerability assessments and minimum supply considerations can, should and do - or do not - play for the management and governance of critical infrastructure failure. In its first part, the paper provides a structured review on achievements and remaining gaps in the management of critical infrastructure and the understanding of social vulnerabilities towards disaster-related infrastructure failures. Special attention is given to the current state of minimum supply concepts with a regional focus on policies in Germany and the EU. In its second part, the paper then responds to the identified gaps by developing a heuristic model on the linkages of critical infrastructure management, social vulnerability and minimum supply. This framework helps to inform a vision of a future research agenda, which is presented in the paper's third part. Overall, the analysis suggests that the assessment of socially differentiated vulnerabilities towards critical infrastructure failure needs to be undertaken more stringently to inform the scientifically and politically difficult debate about minimum supply standards and the shared responsibilities for securing them.

  9. Development of a structural health monitoring system for the life assessment of critical transportation infrastructure.

    Energy Technology Data Exchange (ETDEWEB)

    Roach, Dennis Patrick; Jauregui, David Villegas (New Mexico State University, Las Cruces, NM); Daumueller, Andrew Nicholas (New Mexico State University, Las Cruces, NM)

    2012-02-01

    Recent structural failures such as the I-35W Mississippi River Bridge in Minnesota have underscored the urgent need for improved methods and procedures for evaluating our aging transportation infrastructure. This research seeks to develop a basis for a Structural Health Monitoring (SHM) system to provide quantitative information related to the structural integrity of metallic structures to make appropriate management decisions and ensuring public safety. This research employs advanced structural analysis and nondestructive testing (NDT) methods for an accurate fatigue analysis. Metal railroad bridges in New Mexico will be the focus since many of these structures are over 100 years old and classified as fracture-critical. The term fracture-critical indicates that failure of a single component may result in complete collapse of the structure such as the one experienced by the I-35W Bridge. Failure may originate from sources such as loss of section due to corrosion or cracking caused by fatigue loading. Because standard inspection practice is primarily visual, these types of defects can go undetected due to oversight, lack of access to critical areas, or, in riveted members, hidden defects that are beneath fasteners or connection angles. Another issue is that it is difficult to determine the fatigue damage that a structure has experienced and the rate at which damage is accumulating due to uncertain history and load distribution in supporting members. A SHM system has several advantages that can overcome these limitations. SHM allows critical areas of the structure to be monitored more quantitatively under actual loading. The research needed to apply SHM to metallic structures was performed and a case study was carried out to show the potential of SHM-driven fatigue evaluation to assess the condition of critical transportation infrastructure and to guide inspectors to potential problem areas. This project combines the expertise in transportation infrastructure at New

  10. Critical infrastructures at risk: A need for a new conceptual approach and extended analytical tools

    International Nuclear Information System (INIS)

    Kroeger, Wolfgang

    2008-01-01

    Recent decades have witnessed on the one hand a much greater and tighter integration of goods or services supply systems and growing interconnectedness as well as changing organizational and operational factors, and on the other hand an increased social vulnerability in the face of accidental or intentional disruption. The work of the International Risk Governance Council (IRGC) in the field of critical infrastructures has focused on both the risks associated with five individual infrastructures and the issues associated with the increasing interdependence between them. This paper presents a selection of system weaknesses and a number of policy options that have been identified and highlights issues for further investigation and dialogue with stakeholders. Furthermore, the need to extend current modeling and simulation techniques in order to cope with the increasing system complexity is elaborated. An object-oriented, hybrid modeling approach promising to overcome some of the shortcomings of traditional methods is presented

  11. PROTECTING CRITICAL DATABASES – TOWARDS A RISK-BASED ASSESSMENT OF CRITICAL INFORMATION INFRASTRUCTURES (CIIS IN SOUTH AFRICA

    Directory of Open Access Journals (Sweden)

    Mzukisi N Njotini

    2013-04-01

    Full Text Available South Africa has made great strides towards protecting critical information infrastructures (CIIs. For example, South Africa recognises the significance of safeguarding places or areas that are essential to the national security of South Africa or the economic and social well-being of South African citizens. For this reason South Africa has established mechanisms to assist in preserving the integrity and security of CIIs. The measures provide inter alia for the identification of CIIs; the registration of the full names, address and contact details of the CII administrators (the persons who manage CIIs; the identification of the location(s of CIIs or their component parts; and the outlining of the general descriptions of information or data stored in CIIs.It is argued that the measures to protect CIIs in South Africa are inadequate. In particular, the measures rely on a one-size-fits-all approach to identify and classify CIIs. For this reason the South African measures are likely to lead to the adoption of a paradigm that considers every infrastructure, data or database, regardless of its significance or importance, to be key or critical.

  12. The ISTIMES project: a new integrated system for monitoring critical transport infrastructures interested by natural hazards

    Science.gov (United States)

    Proto, Monica; Massimo, Bavusi; Francesco, Soldovieri

    2010-05-01

    The research project "Integrated System for Transport Infrastructure surveillance and Monitoring by Electromagnetic Sensing" (ISTIMES), was approved in the 7th Framework Programme, in the Joint Call ICT and Security and started on 1st July 2009. The purpose of ISTIMES project is to design, assess and promote an ICT-based system, exploiting distributed and local sensors, for non-destructive electromagnetic monitoring in order to achieve the critical transport infrastructures more reliable and safe. The transportation sector's components are susceptible to the consequences of natural disasters and can also be attractive as terrorist targets. The sector's size, its physically dispersed and decentralized nature, the many public and private entities involved in its operations, the critical importance of cost considerations, and the inherent requirement of convenient accessibility to its services by all users - make the transportation particularly vulnerable to security and safety threats. As well known, the surface transportation system consists of interconnected infrastructures including highways, transit systems, railroads, airports, waterways, pipelines and ports, and the vehicles, aircraft, and vessels that operate along these networks. Thus, interdependencies exist between transportation and nearly every other sector of the economy and the effective operation of this system is essential to the European economic productivity; therefore, transportation sector protection is of paramount importance since threats to it may impact other industries that rely on it. The system exploits an open network architecture that can accommodate a wide range of sensors, static and mobile, and can be easily scaled up to allow the integration of additional sensors and interfacing with other networks. It relies on heterogeneous state-of-the-art electromagnetic sensors, enabling a self-organizing, self-healing, ad-hoc networking of terrestrial sensors, supported by specific satellite

  13. Reliability and vulnerability analyses of critical infrastructures: Comparing two approaches in the context of power systems

    International Nuclear Information System (INIS)

    Johansson, Jonas; Hassel, Henrik; Zio, Enrico

    2013-01-01

    Society depends on services provided by critical infrastructures, and hence it is important that they are reliable and robust. Two main approaches for gaining knowledge required for designing and improving critical infrastructures are reliability analysis and vulnerability analysis. The former analyses the ability of the system to perform its intended function; the latter analyses its inability to withstand strains and the effects of the consequent failures. The two approaches have similarities but also some differences with respect to what type of information they generate about the system. In this view, the main purpose of this paper is to discuss and contrast these approaches. To strengthen the discussion and exemplify its findings, a Monte Carlo-based reliability analysis and a vulnerability analysis are considered in their application to a relatively simple, but representative, system the IEEE RTS96 electric power test system. The exemplification reveals that reliability analysis provides a good picture of the system likely behaviour, but fails to capture a large portion of the high consequence scenarios, which are instead captured in the vulnerability analysis. Although these scenarios might be estimated to have small probabilities of occurrence, they should be identified, considered and treated cautiously, as probabilistic analyses should not be the only input to decision-making for the design and protection of critical infrastructures. The general conclusion that can be drawn from the findings of the example is that vulnerability analysis should be used to complement reliability studies, as well as other forms of probabilistic risk analysis. Measures should be sought for reducing both the vulnerability, i.e. improving the system ability to withstand strains and stresses, and the reliability, i.e. improving the likely behaviour

  14. The Influence of State Policies on Critical Infrastructure Resilience: An Approach for Analyzing Transportation and Capital Investment

    Energy Technology Data Exchange (ETDEWEB)

    Wall, Thomas [Argonne National Lab. (ANL), Argonne, IL (United States); Trail, Jessica [Argonne National Lab. (ANL), Argonne, IL (United States); Gevondyan, Erna [Argonne National Lab. (ANL), Argonne, IL (United States); Phillips, Julia [Argonne National Lab. (ANL), Argonne, IL (United States); Ford, Janet [Argonne National Lab. (ANL), Argonne, IL (United States); Marks, James [Argonne National Lab. (ANL), Argonne, IL (United States)

    2017-09-01

    During times of crisis, communities and regions rely heavily on critical infrastructure systems to support their emergency management response and recovery activities. Therefore, the resilience of critical infrastructure systems to crises is a pivotal factor to a community’s overall resilience. Critical infrastructure resilience can be influenced by many factors, including State policies – which are not always uniform in their structure or application across the United States – were identified by the U.S. Department of Homeland Security as an area of particular interest with respect to their the influence on the resilience of critical infrastructure systems. This study focuses on developing an analytical methodology to assess links between policy and resilience, and applies that methodology to critical infrastructure in the Transportation Systems Sector. Specifically, this study seeks to identify potentially influential linkages between State transportation capital funding policies and the resilience of bridges located on roadways that are under the management of public agencies. This study yielded notable methodological outcomes, including the general capability of the analytical methodology to yield – in the case of some States – significant results connecting State policies with critical infrastructure resilience, with the suggestion that further refinement of the methodology may be beneficial.

  15. Critical health infrastructure for refugee resettlement in rural Australia: case study of four rural towns.

    Science.gov (United States)

    Sypek, Scott; Clugston, Gregory; Phillips, Christine

    2008-12-01

    To explore the reported impact of regional resettlement of refugees on rural health services, and identify critical health infrastructure for refugee resettlement. Comparative case study, using interviews and situational analysis. Four rural communities in New South Wales, which had been the focus of regional resettlement of refugees since 1999. Refugees, general practitioners, practice managers and volunteer support workers in each town (n = 24). The capacity of health care workers to provide comprehensive care is threatened by low numbers of practitioners, and high levels of turnover of health care staff, which results in attrition of specialised knowledge among health care workers treating refugees. Critical health infrastructure includes general practices with interest and surge capacity, subsidised dental services, mental health support services; clinical support services for rural practitioners; care coordination in the early settlement period; and a supported volunteer network. The need for intensive medical support is greatest in the early resettlement period for 'catch-up' primary health care. The difficulties experienced by rural Australia in securing equitable access to health services are amplified for refugees. While there are economic arguments about resettlement of refugees in regional Australia, the fragility of health services in regional Australia should also be factored into considerations about which towns are best suited to regional resettlement.

  16. Resilience framework for critical infrastructures: An empirical study in a nuclear plant

    International Nuclear Information System (INIS)

    Labaka, Leire; Hernantes, Josune; Sarriegi, Jose M.

    2015-01-01

    The safety and proper functioning of Critical Infrastructures (CIs) are essential for ensuring the welfare of society, which puts the issue of improving their resilience level at the forefront of the field of crisis management. Most of the resilience-building principles defined in the literature do not cover all the dimensions that make up resilience and most of them only focus within the boundaries of the CI, neglecting the role of the external agents that also have an influence on enhancing resilience. Furthermore, most of the principles that are present in the literature are theoretical and difficult to implement in practice. In light of this situation, the aim of this research is to present a holistic resilience framework for critical infrastructures in order to improve their resilience level by taking into account internal and external agents and covering all the resilience dimensions. Furthermore, this framework has been defined in close collaboration with the general management of CIs to facilitate its implementation in practice. Finally, in order to illustrate the value added of this framework it was implemented in a nuclear plant. - Highlights: • Resilience protects against foreseen and unpredicted events. • There are two types of resilience: internal resilience and external resilience. • Sixteen policies and thirty sub-policies assist on building resilience. • Power nuclear plant focused on risk management approach rather than resilience. • The plant’s event driven risk management was enhanced with an all hazard approach

  17. Computer Attack and Cyber Terrorism: Vulnerabilities and Policy Issues for Congress

    National Research Council Canada - National Science Library

    Wilson, Clay

    2003-01-01

    Persistent computer security vulnerabilities may expose U.S. critical infrastructure and government computer systems to possible cyber attack by terrorists, possibly affecting the economy or other areas of national security...

  18. Attacks on computer systems

    Directory of Open Access Journals (Sweden)

    Dejan V. Vuletić

    2012-01-01

    Full Text Available Computer systems are a critical component of the human society in the 21st century. Economic sector, defense, security, energy, telecommunications, industrial production, finance and other vital infrastructure depend on computer systems that operate at local, national or global scales. A particular problem is that, due to the rapid development of ICT and the unstoppable growth of its application in all spheres of the human society, their vulnerability and exposure to very serious potential dangers increase. This paper analyzes some typical attacks on computer systems.

  19. Method of optimum channel switching in equipment of infocommunication network in conditions of cyber attacks to their telecommunication infrastructure.

    Science.gov (United States)

    Kochedykov, S. S.; Noev, A. N.; Dushkin, A. V.; Gubin, I. A.

    2018-05-01

    On the basis of the mathematical graph theory, the method of optimum switching of infocommunication networks in the conditions of cyber attacks is developed. The idea of representation of a set of possible ways on the graph in the form of the multilevel tree ordered by rules of algebra of a logic theory is the cornerstone of a method. As a criterion of optimization, the maximum of network transmission capacity to which assessment Ford- Falkerson's theorem is applied is used. The method is realized in the form of a numerical algorithm, which can be used not only for design, but also for operational management of infocommunication networks in conditions of violation of the functioning of their switching centers.

  20. Will climate change increase the risk for critical infrastructure failures in Europe due to extreme precipitation?

    Science.gov (United States)

    Nissen, Katrin; Ulbrich, Uwe

    2016-04-01

    An event based detection algorithm for extreme precipitation is applied to a multi-model ensemble of regional climate model simulations. The algorithm determines extent, location, duration and severity of extreme precipitation events. We assume that precipitation in excess of the local present-day 10-year return value will potentially exceed the capacity of the drainage systems that protect critical infrastructure elements. This assumption is based on legislation for the design of drainage systems which is in place in many European countries. Thus, events exceeding the local 10-year return value are detected. In this study we distinguish between sub-daily events (3 hourly) with high precipitation intensities and long-duration events (1-3 days) with high precipitation amounts. The climate change simulations investigated here were conducted within the EURO-CORDEX framework and exhibit a horizontal resolution of approximately 12.5 km. The period between 1971-2100 forced with observed and scenario (RCP 8.5 and RCP 4.5) greenhouse gas concentrations was analysed. Examined are changes in event frequency, event duration and size. The simulations show an increase in the number of extreme precipitation events for the future climate period over most of the area, which is strongest in Northern Europe. Strength and statistical significance of the signal increase with increasing greenhouse gas concentrations. This work has been conducted within the EU project RAIN (Risk Analysis of Infrastructure Networks in response to extreme weather).

  1. Development of an Automated Security Risk Assessment Methodology Tool for Critical Infrastructures.

    Energy Technology Data Exchange (ETDEWEB)

    Jaeger, Calvin Dell; Roehrig, Nathaniel S.; Torres, Teresa M.

    2008-12-01

    This document presents the security automated Risk Assessment Methodology (RAM) prototype tool developed by Sandia National Laboratories (SNL). This work leverages SNL's capabilities and skills in security risk analysis and the development of vulnerability assessment/risk assessment methodologies to develop an automated prototype security RAM tool for critical infrastructures (RAM-CITM). The prototype automated RAM tool provides a user-friendly, systematic, and comprehensive risk-based tool to assist CI sector and security professionals in assessing and managing security risk from malevolent threats. The current tool is structured on the basic RAM framework developed by SNL. It is envisioned that this prototype tool will be adapted to meet the requirements of different CI sectors and thereby provide additional capabilities.

  2. Monitoring and Control of Urban Critical Infrastructures: A Novel Approach to System Design and Data Fusion

    Directory of Open Access Journals (Sweden)

    Mario La Manna

    2015-02-01

    Full Text Available The monitoring and control of urban critical infrastructures consists of the protection of assets such as houses, offices, government and private buildings, with low cost, high quality and high dependability. In order to satisfy all these requirements at the same time, the control of a number of assets has to be performed by means of automated systems based on networks of heterogeneous sensors. This new concept idea is based on the use of unmanned operations at each of the many remote assets (each asset is monitored through a network of sensors and a man-in-the-loop automated control in a central site (Operational Center, which performs alarm detection and system management.

  3. Optimisation of Critical Infrastructure Protection: The SiVe Project on Airport Security

    Science.gov (United States)

    Breiing, Marcus; Cole, Mara; D'Avanzo, John; Geiger, Gebhard; Goldner, Sascha; Kuhlmann, Andreas; Lorenz, Claudia; Papproth, Alf; Petzel, Erhard; Schwetje, Oliver

    This paper outlines the scientific goals, ongoing work and first results of the SiVe research project on critical infrastructure security. The methodology is generic while pilot studies are chosen from airport security. The outline proceeds in three major steps, (1) building a threat scenario, (2) development of simulation models as scenario refinements, and (3) assessment of alternatives. Advanced techniques of systems analysis and simulation are employed to model relevant airport structures and processes as well as offences. Computer experiments are carried out to compare and optimise alternative solutions. The optimality analyses draw on approaches to quantitative risk assessment recently developed in the operational sciences. To exploit the advantages of the various techniques, an integrated simulation workbench is build up in the project.

  4. Funding models for financing water infrastructure in South Africa: framework and critical analysis of alternatives

    CSIR Research Space (South Africa)

    Ruiters, C

    2013-04-01

    Full Text Available by putting in place new institutional structures and funding models for effective strategies leading to prompt water infrastructure provision. The research identified several funding models for financing water infrastructure development projects. The existing...

  5. Building safeguards infrastructure

    International Nuclear Information System (INIS)

    McClelland-Kerr, J.; Stevens, J.

    2010-01-01

    Much has been written in recent years about the nuclear renaissance - the rebirth of nuclear power as a clean and safe source of electricity around the world. Those who question the nuclear renaissance often cite the risk of proliferation, accidents or an attack on a facility as concerns, all of which merit serious consideration. The integration of three areas - sometimes referred to as 3S, for safety, security and safeguards - is essential to supporting the clean and safe growth of nuclear power, and the infrastructure that supports these three areas should be robust. The focus of this paper will be on the development of the infrastructure necessary to support safeguards, and the integration of safeguards infrastructure with other elements critical to ensuring nuclear energy security

  6. Unraveling Structural Infrasound: understanding the science for persistent remote monitoring of critical infrastructure (Invited)

    Science.gov (United States)

    McKenna, S. M.; Diaz-Alvarez, H.; McComas, S.; Costley, D.; Whitlow, R. D.; Jordan, A. M.; Taylor, O.

    2013-12-01

    In 2006, the Engineer Research and Development Center (ERDC) began a program designed to meet the capability gap associated with remote assessment of critical infrastructure. This program addresses issues arising from the use of geophysical techniques to solve engineering problems through persistent monitoring of critical infrastructure using infrasound. In the original 2006-2009 study of a railroad bridge in Ft. Leonard Wood, MO, the fundamental modes of motion of the structure were detected at up to 30 km away, with atmospheric excitation deemed to be the source driver. Follow-on research focused on the mechanically driven modes excited by traffic, with directional acoustic emanations. The success of the Ft. Wood ambient excitation study resulted in several subsequent programs to push the boundaries of this new technique for standoff assessment, discussed herein. Detection of scour and river system health monitoring are serious problems for monitoring civil infrastructure, from both civilian and military perspectives. Knowledge of overall system behavior over time is crucial for assessment of bridge foundations and barge navigation. This research focuses on the same steel-truss bridge from the Ft. Wood study, and analyzes 3D and 2D substructure models coupled with the superstructure reaction loads to assess the modal deformations within the infrasound bandwidth and the correlation to scour of embedment material. The Urban infrasound program is infrasound modeling, data analysis, and sensor research leading to the detection, classification and localization of threat activities in complex propagation environments. Three seismo-acoustic arrays were deployed on rooftops across the Southern Methodist University campus in Dallas, Texas, to characterize the urban infrasound environment. Structural sources within 15 km of the arrays have been identified through signal processing and confirmed through acoustical models. Infrasound is also being studied as a means of

  7. Constructing vulnerabilty and protective measures indices for the enhanced critical infrastructure protection program.

    Energy Technology Data Exchange (ETDEWEB)

    Fisher, R. E.; Buehring, W. A.; Whitfield, R. G.; Bassett, G. W.; Dickinson, D. C.; Haffenden, R. A.; Klett, M. S.; Lawlor, M. A.; Decision and Information Sciences; LANL

    2009-10-14

    The US Department of Homeland Security (DHS) has directed its Protective Security Advisors (PSAs) to form partnerships with the owners and operators of assets most essential to the Nation's well being - a subclass of critical infrastructure and key resources (CIKR) - and to conduct site visits for these and other high-risk assets as part of the Enhanced Critical Infrastructure Protection (ECIP) Program. During each such visit, the PSA documents information about the facility's current CIKR protection posture and overall security awareness. The primary goals for ECIP site visits (DHS 2009) are to: (1) inform facility owners and operators of the importance of their facilities as an identified high-priority CIKR and the need to be vigilant in light of the ever-present threat of terrorism; (2) identify protective measures currently in place at these facilities, provide comparisons of CIKR protection postures across like assets, and track the implementation of new protective measures; and (3) enhance existing relationships among facility owners and operators; DHS; and various Federal, State, local tribal, and territorial partners. PSAs conduct ECIP visits to assess overall site security; educate facility owners and operators about security; help owners and operators identify gaps and potential improvements; and promote communication and information sharing among facility owners and operators, DHS, State governments, and other security partners. Information collected during ECIP visits is used to develop metrics; conduct sector-by-sector and cross-sector vulnerability comparisons; identify security gaps and trends across CIKR sectors and subsectors; establish sector baseline security survey results; and track progress toward improving CIKR security through activities, programs, outreach, and training (Snyder 2009). The data being collected are used in a framework consistent with the National Infrastructure Protection Plan (NIPP) risk criteria (DHS 2009). The

  8. Constructing a resilience index for the Enhanced Critical Infrastructure Protection Program

    Energy Technology Data Exchange (ETDEWEB)

    Fisher, R. E.; Bassett, G. W.; Buehring, W. A.; Collins, M. J.; Dickinson, D. C.; Eaton, L. K.; Haffenden, R. A.; Hussar, N. E.; Klett, M. S.; Lawlor, M. A.; Millier, D. J.; Petit, F. D.; Peyton, S. M.; Wallace, K. E.; Whitfield, R. G.; Peerenboom, J P

    2010-10-14

    Following recommendations made in Homeland Security Presidential Directive 7, which established a national policy for the identification and increased protection of critical infrastructure and key resources (CIKR) by Federal departments and agencies, the U.S. Department of Homeland Security (DHS) in 2006 developed the Enhanced Critical Infrastructure Protection (ECIP) program. The ECIP program aimed to provide a closer partnership with state, regional, territorial, local, and tribal authorities in fulfilling the national objective to improve CIKR protection. The program was specifically designed to identify protective measures currently in place in CIKR and to inform facility owners/operators of the benefits of new protective measures. The ECIP program also sought to enhance existing relationships between DHS and owners/operators of CIKR and to build relationships where none existed (DHS 2008; DHS 2009). In 2009, DHS and its protective security advisors (PSAs) began assessing CIKR assets using the ECIP program and ultimately produced individual protective measure and vulnerability values through the protective measure and vulnerability indices (PMI/VI). The PMI/VI assess the protective measures posture of individual facilities at their 'weakest link,' allowing for a detailed analysis of the most vulnerable aspects of the facilities (Schneier 2003), while maintaining the ability to produce an overall protective measures picture. The PMI has six main components (physical security, security management, security force, information sharing, protective measures assessments, and dependencies) and focuses on actions taken by a facility to prevent or deter the occurrence of an incident (Argonne National Laboratory 2009). As CIKR continue to be assessed using the PMI/VI and owners/operators better understand how they can prevent or deter incidents, academic research, practitioner emphasis, and public policy formation have increasingly focused on resilience as a

  9. Using attack-defense trees to analyze threats and countermeasures in an ATM: A case study

    NARCIS (Netherlands)

    Fraile, Marlon; Ford, Margaret; Gadyatskaya, Olga; Kumar, Rajesh; Stoelinga, Mariëlle Ida Antoinette; Trujillo-Rasua, Rolando

    2016-01-01

    Securing automated teller machines (ATMs), as critical and complex infrastructure, requires a precise understanding of the associated threats. This paper reports on the application of attack-defense trees to model and analyze the security of ATMs.We capture the most dangerous multi-stage attack

  10. Natural disaster risk analysis for critical infrastructure systems: An approach based on statistical learning theory

    International Nuclear Information System (INIS)

    Guikema, Seth D.

    2009-01-01

    Probabilistic risk analysis has historically been developed for situations in which measured data about the overall reliability of a system are limited and expert knowledge is the best source of information available. There continue to be a number of important problem areas characterized by a lack of hard data. However, in other important problem areas the emergence of information technology has transformed the situation from one characterized by little data to one characterized by data overabundance. Natural disaster risk assessments for events impacting large-scale, critical infrastructure systems such as electric power distribution systems, transportation systems, water supply systems, and natural gas supply systems are important examples of problems characterized by data overabundance. There are often substantial amounts of information collected and archived about the behavior of these systems over time. Yet it can be difficult to effectively utilize these large data sets for risk assessment. Using this information for estimating the probability or consequences of system failure requires a different approach and analysis paradigm than risk analysis for data-poor systems does. Statistical learning theory, a diverse set of methods designed to draw inferences from large, complex data sets, can provide a basis for risk analysis for data-rich systems. This paper provides an overview of statistical learning theory methods and discusses their potential for greater use in risk analysis

  11. The Resource Hazards Model for the Critical Infrastructure of the State Emergency Management Process

    Directory of Open Access Journals (Sweden)

    Ostrowska Teresa

    2014-08-01

    Full Text Available This paper presents an investigation of the relevant factors related to the construction of a resource model which is designed to be useful in the management processes of the operation of critical infrastructure (CI for state emergencies. The genesis of the research lay in the perceived need for effective protection of multidimensional CI methodologies, and it was influenced by the nature of the physical characteristics of the available resources. It was necessary to establish a clear structure and well defined objectives and to assess the functional and structural resources required, as well as the potential relational susceptibilities deriving from a number of possible threats and the possible seriousness of a specific range of incidents and their possible consequences. The interdependence of CI stocks is shown by the use of tables of resource classes. The dynamics of the interaction of CI resources are modeled by examining how using clusters of potential risks can at any given time create a class of compounds related to susceptibilities and threats to the resources. As a result, the model can be used to conduct multi-dimensional risk calculations for crisis management CI resource configurations.

  12. A Conceptual Framework for Vulnerability Assessment of Climate Change Impact on Critical Oil and Gas Infrastructure in the Niger Delta

    Directory of Open Access Journals (Sweden)

    Justin Udie

    2018-02-01

    Full Text Available The impact of climate change on the Niger Delta is severe, as extreme weather events have inflicted various degrees of stress on critical oil/gas infrastructure. Typically, assets managers and government agencies lack a clear framework for evaluating the vulnerability of these systems. This paper presents a participatory framework for the vulnerability assessment of critical oil/gas infrastructure to climate change impacts in the Niger Delta context. Through a critical review of relevant literature and triangulating observational and exploratory data from the field, this paper has developed a conceptual framework with three elements: (1 a preliminary scoping activity; (2 the vulnerability assessment; and (3 mainstreaming the results into institutional asset management codes. Scoping involves the definition of research aims and objectives, review of prevailing climate burdens and impacts, exploratory investigation, screening for new (planned assets and selection of relevant infrastructure. The emphasis on screening for planned infrastructure is to facilitate the incorporation of sustainable adaptive capacities into the original design of identified systems. A conceptual framework for vulnerability assessment is presented as a robust systematic iterative model for the evaluation of selected assets using an appropriate methodology. In this study, analytic hierarchy process (AHP is applied while mainstreaming as part of the research framework is emphasised to aid commercial implementation from an expert-based perspective. The study recommends the use of other suitable methodologies and systematic approaches to test the flexibility of the framework.

  13. Challenges in the Protection of US Critical Infrastructure in the Cyber Realm

    Science.gov (United States)

    2014-05-22

    means.37 When nations begin to discuss cyber warfare they need to clarify what they mean. Examples of significant differences in meanings are Germany ...and the United States. Germany defines a cyber attack as an IT attack in the cyber realm directed against one or several other IT systems and aimed at...electrical power. However, the grids themselves suffer from the consequences of underinvestment and deregulation . Newer industrial control systems use

  14. Engaging the Nation’s Critical Infrastructure Sector to Deter Cyber Threats

    Science.gov (United States)

    2013-03-01

    is the component of CyberOps that extends cyber power beyond the defensive boundaries of the GIG to detect, deter, deny, and defeat adversaries... economy .16 DDOS attacks are based on multiple, malware infected personal computers, organized into networks called botnets, and are directed by...not condemn the actions of those involved. Of the two attacks on Estonia and Georgia, it was Estonia that had the greatest damage to its economy

  15. On a simulation study of cyber attacks on vehicle-to-infrastructure communication (V2I) in Intelligent Transportation System (ITS)

    Science.gov (United States)

    Ekedebe, Nnanna; Yu, Wei; Song, Houbing; Lu, Chao

    2015-05-01

    An intelligent transportation system (ITS) is one typical cyber-physical system (CPS) that aims to provide efficient, effective, reliable, and safe driving experiences with minimal congestion and effective traffic flow management. In order to achieve these goals, various ITS technologies need to work synergistically. Nonetheless, ITS's reliance on wireless connectivity makes it vulnerable to cyber threats. Thus, it is critical to understand the impact of cyber threats on ITS. In this paper, using real-world transportation dataset, we evaluated the consequences of cyber threats - attacks against service availability by jamming the communication channel of ITS. In this way, we can have a better understanding of the importance of ensuring adequate security respecting safety and life-critical ITS applications before full and expensive real-world deployments. Our experimental data shows that cyber threats against service availability could adversely affect traffic efficiency and safety performances evidenced by exacerbated travel time, fuel consumed, and other evaluated performance metrics as the communication network is compromised. Finally, we discuss a framework to make ITS secure and more resilient against cyber threats.

  16. Quantitative physical models of volcanic phenomena for hazards assessment of critical infrastructures

    Science.gov (United States)

    Costa, Antonio

    2016-04-01

    Volcanic hazards may have destructive effects on economy, transport, and natural environments at both local and regional scale. Hazardous phenomena include pyroclastic density currents, tephra fall, gas emissions, lava flows, debris flows and avalanches, and lahars. Volcanic hazards assessment is based on available information to characterize potential volcanic sources in the region of interest and to determine whether specific volcanic phenomena might reach a given site. Volcanic hazards assessment is focussed on estimating the distances that volcanic phenomena could travel from potential sources and their intensity at the considered site. Epistemic and aleatory uncertainties strongly affect the resulting hazards assessment. Within the context of critical infrastructures, volcanic eruptions are rare natural events that can create severe hazards. In addition to being rare events, evidence of many past volcanic eruptions is poorly preserved in the geologic record. The models used for describing the impact of volcanic phenomena generally represent a range of model complexities, from simplified physics based conceptual models to highly coupled thermo fluid dynamical approaches. Modelling approaches represent a hierarchy of complexity, which reflects increasing requirements for well characterized data in order to produce a broader range of output information. In selecting models for the hazard analysis related to a specific phenomenon, questions that need to be answered by the models must be carefully considered. Independently of the model, the final hazards assessment strongly depends on input derived from detailed volcanological investigations, such as mapping and stratigraphic correlations. For each phenomenon, an overview of currently available approaches for the evaluation of future hazards will be presented with the aim to provide a foundation for future work in developing an international consensus on volcanic hazards assessment methods.

  17. The role of network theory and object-oriented modeling within a framework for the vulnerability analysis of critical infrastructures

    International Nuclear Information System (INIS)

    Eusgeld, Irene; Kroeger, Wolfgang; Sansavini, Giovanni; Schlaepfer, Markus; Zio, Enrico

    2009-01-01

    A framework for the analysis of the vulnerability of critical infrastructures has been proposed by some of the authors. The framework basically consists of two successive stages: (i) a screening analysis for identifying the parts of the critical infrastructure most relevant with respect to its vulnerability and (ii) a detailed modeling of the operational dynamics of the identified parts for gaining insights on the causes and mechanisms responsible for the vulnerability. In this paper, a critical presentation is offered of the results of a set of investigations aimed at evaluating the potentials of (i) using network analysis based on measures of topological interconnection and reliability efficiency, for the screening task; (ii) using object-oriented modeling as the simulation framework to capture the detailed dynamics of the operational scenarios involving the most vulnerable parts of the critical infrastructure as identified by the preceding network analysis. A case study based on the Swiss high-voltage transmission system is considered. The results are cross-compared and evaluated; the needs of further research are defined

  18. A GIS Inventory of Critical Coastal Infrastructure Land Use in Caribbean Island Small Island Developing States: Classification and Criteria Methodology

    Science.gov (United States)

    D'aversa, N.; Becker, A.; Bove, G.

    2017-12-01

    Caribbean Small Island Developing States (SIDS) face significant natural hazard risks, as demonstrated by recent Hurricanes Jose, Irma, and Maria. Scientists project storms to become more intense and sea level rise to increase over the next century. As a result, the Inter-American Development Bank projections suggest that Caribbean nations could face climate-related losses in excess of $22 billion annually by 2050. Critical infrastructure that supports island economies, such as airports, seaports, cruise ports, and energy facilities, are typically located in the coastal zone with high exposure to natural hazards. Despite the increasing danger from climate driven natural hazards in coastal zones in the region, there is very little data available to identify how much land and associated infrastructure is at risk. This work focuses on the criteria and data standards developed for this new region-wide GIS database, which will then be used to formulate a risk assessment. Results will be integrated into a single, comprehensive source for data of lands identified as critical coastal infrastructure and used to address such questions as: How much of the Caribbean SIDS infrastructure lands are at risk from sea level rise? How might demand for such lands change in the future, based on historical trends? Answers to these questions will help decision makers understand how to prioritize resilience investment decisions in the coming decades.

  19. Primer to Design Safe School Projects in Case of Terrorist Attacks and School Shootings. Buildings and Infrastructure Protection Series. FEMA-428/BIPS-07/January 2012. Edition 2

    Science.gov (United States)

    Chipley, Michael; Lyon, Wesley; Smilowitz, Robert; Williams, Pax; Arnold, Christopher; Blewett, William; Hazen, Lee; Krimgold, Fred

    2012-01-01

    This publication, part of the new Building and Infrastructure Protection Series (BIPS) published by the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) Infrastructure Protection and Disaster Management Division (IDD), serves to advance high performance and integrated design for buildings and infrastructure. This…

  20. Center for Strategic Leadership. Issue Paper, August 2003, Volume 06-03. The National Infrastructure Simulation and Analysis Center (NISAC): A New Contributor to Strategic Leader Education and Formulation of Critical Infrastructure Policies and Decisions

    National Research Council Canada - National Science Library

    Wimbish, William

    2003-01-01

    ...) community in educating future strategic leaders about the realities of the Nation's infrastructure system and in researching the effects that new government security policies and actions would have on the nation's critical assets and public and private sector services.

  1. Shadows of Stuxnet: Recommendations for U.S. Policy on Critical Infrastructure Cyber Defense Derived from the Stuxnet Attack

    Science.gov (United States)

    2016-03-01

    wastewater, oil and natural gas, chemical, transportation, pharmaceutical, pulp and paper, food and beverage , and discrete manufacturing (e.g...4302, and to the Office of Management and Budget, Paperwork Reduction Project (0704-0188) Washington, DC 20503. 1. AGENCY USE ONLY (Leave blank) 2... Management xiv PDD presidential decision directive PPD 21 Presidential Policy Directive 21 PLC programmable logic controller SCADA supervisory

  2. Report of the Commission to Assess the Threat to the United States from Electromagnetic Pulse (EMP) Attack: Critical National Infrastructures

    Science.gov (United States)

    2008-04-01

    electrically powered machinery. Butchering , cleaning, and packaging of poultry , pork, beef, fish, and other meat products also are typically...components. Egg farms and poultry farms typically sustain dense populations in carefully controlled environments using automated feeding, water- ing, and air...The United States is also a world leader in the production of meats, poultry , and fish. Of the world’s 183 nations, only a few are net exporters of

  3. Freight railway transport: Critical variables to improve the transport applied to infrastructure costs and its associated traffic flow

    Energy Technology Data Exchange (ETDEWEB)

    Zakowska, L.; Pulawska-Obiedowska, S.

    2016-07-01

    The developed societies have as challenge, among others, to achieve a mobility development based on economic models of low carbon and energy efficient, making it accessible to the entire population. In this context, the sustainable mobility seems to meet the economic, social and environmental needs, minimizing their negative impact. There are three factors that are relevant: (1) infrastructures; (2) modes of transport more ecological and safe, and (3) operations and services for passengers and freights.The objective of this research is to provide guidance to investment in sustainable transport infrastructures that are truly useful and effective. In particular we have studied the case of the railway, using the following information: details of the infrastructure; cost of construction (per kilometre); maintenance cost, and life cycle. This information may be relevant to consider their possible business models.The methodology of this research was focused in the detailed analysis of the infrastructure use and maintenance criteria, the market opportunities for freight development and the available data to validate the obtained results from the software tool reached in this work. Our research includes the different following aspects:• Evaluation of the supported traffic by the rail line.• Relevant items to be considered in the rail infrastructure. Defining the track, we can group items in two sets: civil and rail installations.• Rolling stock available. Locomotives and wagons are modelled to introduce the data as convenience for the user.Besides our research includes the development of software, Decision System Tool (DST), for studying the construction and maintenance cost of railway infrastructure. It is developed in a common and open source program, providing the user the interaction with the critical variable of the line. It has been adjusted using the following references: MOM PlanCargorail; EcoTransIT, and Projects funded by Framework Program of EU (New

  4. The role of hosting providers in fighting command and control infrastructure of financial malware

    NARCIS (Netherlands)

    Tajalizadehkhoob, S.; Hernandez Ganan, C.; Noroozian, A.; van Eeten, M.J.G.

    2017-01-01

    A variety of botnets are used in attacks on financial services. Banks and security firms invest a lot of effort in detecting and combating malware-assisted takeover of customer accounts. A critical resource of these botnets is their command-and-control (C&C) infrastructure. Attackers rent or

  5. False Positive and False Negative Effects on Network Attacks

    Science.gov (United States)

    Shang, Yilun

    2018-01-01

    Robustness against attacks serves as evidence for complex network structures and failure mechanisms that lie behind them. Most often, due to detection capability limitation or good disguises, attacks on networks are subject to false positives and false negatives, meaning that functional nodes may be falsely regarded as compromised by the attacker and vice versa. In this work, we initiate a study of false positive/negative effects on network robustness against three fundamental types of attack strategies, namely, random attacks (RA), localized attacks (LA), and targeted attack (TA). By developing a general mathematical framework based upon the percolation model, we investigate analytically and by numerical simulations of attack robustness with false positive/negative rate (FPR/FNR) on three benchmark models including Erdős-Rényi (ER) networks, random regular (RR) networks, and scale-free (SF) networks. We show that ER networks are equivalently robust against RA and LA only when FPR equals zero or the initial network is intact. We find several interesting crossovers in RR and SF networks when FPR is taken into consideration. By defining the cost of attack, we observe diminishing marginal attack efficiency for RA, LA, and TA. Our finding highlights the potential risk of underestimating or ignoring FPR in understanding attack robustness. The results may provide insights into ways of enhancing robustness of network architecture and improve the level of protection of critical infrastructures.

  6. Advanced methodology for risk and vulnerability assessment of interdependency of critical infrastructure in respect to urban floods

    Directory of Open Access Journals (Sweden)

    Serre Damien

    2016-01-01

    Full Text Available The behaviour of the urban network infrastructures, and their interactions during flood events, will have direct and indirect consequences on the flood risk level in the built environment. By urban network infrastructures we include all the urban technical networks like transportation, energy, water supply, waste water, telecommunication…able to spread the flood risk in cities, qualified as critical infrastructures due to their major roles for modern living standards. From history, most of cities in the world have been built close to coast lines or to river to beneficiate this means of communication and trade. Step by step, to avoid being flooded, defences like levees have been built. The capacity of the levees to retain the floods depends on their conditions, their performance level and the capacity of the authorities to well maintain these infrastructures. But recent history shows the limits of a flood risk management strategy focused on protection, leading to levee breaks these last decades. Then, in case of levee break, cities will be flooded. The urban technical networks, due to the way they have been designed, their conditions and their locations in the city, will play a major role in the diffusion of the flood extent. Also, the flood risk will have consequences in some not flooded neighbourhoods due to networks collapses and complex interdependencies. This article describes some methods to design spatial decision support systems in that context.

  7. Attacker-defender game from a network science perspective

    Science.gov (United States)

    Li, Ya-Peng; Tan, Suo-Yi; Deng, Ye; Wu, Jun

    2018-05-01

    Dealing with the protection of critical infrastructures, many game-theoretic methods have been developed to study the strategic interactions between defenders and attackers. However, most game models ignore the interrelationship between different components within a certain system. In this paper, we propose a simultaneous-move attacker-defender game model, which is a two-player zero-sum static game with complete information. The strategies and payoffs of this game are defined on the basis of the topology structure of the infrastructure system, which is represented by a complex network. Due to the complexity of strategies, the attack and defense strategies are confined by two typical strategies, namely, targeted strategy and random strategy. The simulation results indicate that in a scale-free network, the attacker virtually always attacks randomly in the Nash equilibrium. With a small cost-sensitive parameter, representing the degree to which costs increase with the importance of a target, the defender protects the hub targets with large degrees preferentially. When the cost-sensitive parameter exceeds a threshold, the defender switches to protecting nodes randomly. Our work provides a new theoretical framework to analyze the confrontations between the attacker and the defender on critical infrastructures and deserves further study.

  8. 6 CFR 29.7 - Safeguarding of Protected Critical Infrastructure Information.

    Science.gov (United States)

    2010-01-01

    ... Infrastructure Information. 29.7 Section 29.7 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE..., and consistent with the Act, for Automated Information Systems that contain PCII. Such security requirements will be in conformance with the information technology security requirements in the Federal...

  9. 77 FR 37060 - Critical Infrastructure and Key Resources (CIKR) Asset Protection Technical Assistance Program...

    Science.gov (United States)

    2012-06-20

    .../IP/IICD, 245 Murray Lane SW., Mailstop 0602, Arlington, VA 20598-0602. Email requests should go to...), National Protection and Programs Directorate (NPPD), Office of Infrastructure Protection (IP... the following methods: Federal eRulemaking Portal: http://www.regulations.gov . Email: Include the...

  10. U.S. National Cyberstrategy and Critical Infrastructure: The Protection Mandate and Its Execution

    Science.gov (United States)

    2013-09-01

    revising this thesis, and balancing the coordination needed for: (1) Piano; (2) Soccer /Baseball; (3) Cubmaster Cub Scout Pack-135; (4) Hospitality...disease and pest response; and provides nutritional assistance. Provides the financial infrastructure of the nation. This sector consists of commercial

  11. Cyber Risk Management for Critical Infrastructure: A Risk Analysis Model and Three Case Studies.

    Science.gov (United States)

    Paté-Cornell, M-Elisabeth; Kuypers, Marshall; Smith, Matthew; Keller, Philip

    2018-02-01

    Managing cyber security in an organization involves allocating the protection budget across a spectrum of possible options. This requires assessing the benefits and the costs of these options. The risk analyses presented here are statistical when relevant data are available, and system-based for high-consequence events that have not happened yet. This article presents, first, a general probabilistic risk analysis framework for cyber security in an organization to be specified. It then describes three examples of forward-looking analyses motivated by recent cyber attacks. The first one is the statistical analysis of an actual database, extended at the upper end of the loss distribution by a Bayesian analysis of possible, high-consequence attack scenarios that may happen in the future. The second is a systems analysis of cyber risks for a smart, connected electric grid, showing that there is an optimal level of connectivity. The third is an analysis of sequential decisions to upgrade the software of an existing cyber security system or to adopt a new one to stay ahead of adversaries trying to find their way in. The results are distributions of losses to cyber attacks, with and without some considered countermeasures in support of risk management decisions based both on past data and anticipated incidents. © 2017 Society for Risk Analysis.

  12. Surety of the nation`s critical infrastructures: The challenge restructuring poses to the telecommunications sector

    Energy Technology Data Exchange (ETDEWEB)

    Cox, R.; Drennen, T.E.; Gilliom, L.; Harris, D.L.; Kunsman, D.M.; Skroch, M.J.

    1998-04-01

    The telecommunications sector plays a pivotal role in the system of increasingly connected and interdependent networks that make up national infrastructure. An assessment of the probable structure and function of the bit-moving industry in the twenty-first century must include issues associated with the surety of telecommunications. The term surety, as used here, means confidence in the acceptable behavior of a system in both intended and unintended circumstances. This paper outlines various engineering approaches to surety in systems, generally, and in the telecommunications infrastructure, specifically. It uses the experience and expectations of the telecommunications system of the US as an example of the global challenges. The paper examines the principal factors underlying the change to more distributed systems in this sector, assesses surety issues associated with these changes, and suggests several possible strategies for mitigation. It also studies the ramifications of what could happen if this sector became a target for those seeking to compromise a nation`s security and economic well being. Experts in this area generally agree that the U. S. telecommunications sector will eventually respond in a way that meets market demands for surety. Questions remain open, however, about confidence in the telecommunications sector and the nation`s infrastructure during unintended circumstances--such as those posed by information warfare or by cascading software failures. Resolution of these questions is complicated by the lack of clear accountability of the private and the public sectors for the surety of telecommunications.

  13. Methods of securing and controlling critical infrastructure assets allocated in information and communications technology sector companies in leading

    Directory of Open Access Journals (Sweden)

    Piotr Sieńko

    2015-12-01

    Full Text Available Critical Infrastructure (CI plays a significant role in maintaining public order and national security. The state may use many different methods to protect and control CI allocated to commercial companies. This article describes the three most important ones: legislation, ownership and government institutions and agencies. The data presented in this paper is the result of research done on the most developed countries in the EU (United Kingdom, France, Germany and Italy and their strategic enterprises in the ICT sector, one of the most important sectors in any national security system.

  14. Policies to Avoid Cost Overruns in Infrastructure Projects: Critical Evaluation and Recommendations

    Directory of Open Access Journals (Sweden)

    Hans Lind

    2014-09-01

    Full Text Available Many infrastructure projects have cost overruns and there has been a lot of research both on why these cost overruns occur and what can be done to reduce hem. Bent Flyvbjerg is the leading researcher in the area and in this article his proposals are used as the starting point. Besides a literature review, a questionnaire was sent out to experienced Swedish project managers to find out what they thought could reduce cost overruns. The literature review and the questionnaire were the foundation for the proposals formulated in this article. Proposals concerned three areas: (1. Organisational macro-structure, e.g. using more PPP projects but also decentralisation of budgets where cost overruns in one project in a region lead to less alternative projects in the specific region. (2. Organisational quality: It should be easy to see when and where cost overruns occur and who was responsible. There should be a well-developed knowledge management system in the organisation and an organisation culture of openness with a focus on improvements. (3. Organisational processes, e.g. a systematic use of external reviewers in different stages of a project.   Keywords: Cost overruns, Infrastructure projects, Policy measures

  15. Detection and Identification of People at a Critical Infrastructure Facilities of Trafic Buildings

    Directory of Open Access Journals (Sweden)

    Rastislav PIRNÍK

    2014-12-01

    Full Text Available This paper focuses on identification of persons entering objects of crucial infrastructure and subsequent detection of movement in parts of objects. It explains some of the technologies and approaches to processing specific image information within existing building apparatus. The article describes the proposed algorithm for detection of persons. It brings a fresh approach to detection of moving objects (groups of persons involved in enclosed areas focusing on securing freely accessible places in buildings. Based on the designed algorithm of identification with presupposed utilisation of 3D application, motion trajectory of persons in delimited space can be automatically identified. The application was created in opensource software tool using the OpenCV library.

  16. EU-INTACT-case studies: Impact of extreme weather on critical Infrastructure

    Directory of Open Access Journals (Sweden)

    van Ruiten Kees

    2016-01-01

    One of the case studies is located in the Netherlands and deals with the port of Rotterdam. The situation in Rotterdam is representative for many other main ports in Europe. These ports are all situated in a delta area, near the sea and rivers or canals. Also, these ports are close to urban areas and industrial complexes. Finally, these ports have a multimodal transport infrastructure to and from its hinterland, which is also vulnerable for extreme weather events. The case study is not only significant for the development of methods and tools, but also of direct interest for the region itself. The combination of the National Water safety policy and the best practices from the INTACT cases offer challenges to create better adaptation options and coping capacity to these relatively unforeseen and unexpected impacts based on climate change scenario’s and socio-economic megatrends.

  17. A Tool for Rating the Resilience of Critical Infrastructures in Extreme Fires

    Science.gov (United States)

    2014-05-01

    Rapid Rise Fire Tests of Protection Materials for Structural Steel - Efectis Nederland Report – 2008-Efectis-R0695, Fire Testing Procedure for Concrete...extreme fire conditions such as ASTM E1529 [5], NFPA 502 [8], UL 1709 [4] and Efectis Nederland BV report [9]. One of the critical features of a

  18. Pipe Penetrating Radar: a New Tool for the Assessment of Critical Infrastructure

    Science.gov (United States)

    Ekes, C.; Neducz, B.

    2012-04-01

    This paper describes the development of Pipe Penetrating Radar (PPR), the underground in-pipe application of GPR, a non-destructive testing method that can detect defects and cavities within and outside mainline diameter (>18 in / 450mm) non-metallic (concrete, PVC, HDPE, etc.) underground pipes. The method uses two or more high frequency GPR antennae carried by a robot into underground pipes. The radar data is transmitted to the surface via fibre optic cable and is recorded together with the output from CCTV (and optionally sonar and laser). Proprietary software analyzes the data and pinpoints defects or cavities within and outside the pipe. Thus the testing can identify existing pipe and pipe bedding symptoms that can be addressed to prevent catastrophic failure due to sinkhole development and can provide useful information about the remaining service life of the pipe. The key innovative aspect is the unique ability to map pipe wall thickness and deterioration including cracks and voids outside the pipe, enabling accurate predictability of needed intervention or the timing of replacement. This reliable non-destructive testing method significantly impacts subsurface infrastructure condition based asset management by supplying previously unattainable measurable conditions. Keywords: pipe penetrating radar (PPR), ground penetrating radar (GPR), pipe inspection, concrete deterioration, municipal engineering

  19. Understanding How Components of Organisations Contribute to Attacks

    DEFF Research Database (Denmark)

    Gu, Min; Aslanyan, Zaruhi; Probst, Christian W.

    2016-01-01

    Attacks on organisations today explore many different layers, including buildings infrastructure, IT infrastructure, and human factor – the physical, virtual, and social layer. Identifying possible attacks, understanding their impact, and attributing their origin and contributing factors is diffi......Attacks on organisations today explore many different layers, including buildings infrastructure, IT infrastructure, and human factor – the physical, virtual, and social layer. Identifying possible attacks, understanding their impact, and attributing their origin and contributing factors...... is difficult. Recently, system models have been used for automatically identifying possible attacks on the modelled organisation. The generated attacks consider all three layers, making the contribution of building infrastructure, computer infrastructure, and humans (insiders and outsiders) explicit. However......, this contribution is only visible in the attack trees as part of the performed steps; it cannot be mapped back to the model directly since the actions usually involve several elements (attacker and targeted actor or asset). Especially for large attack trees, understanding the relations between several model...

  20. The effects of green infrastructure on exceedance of critical shear stress in Blunn Creek watershed

    Science.gov (United States)

    Shannak, Sa'd.

    2017-10-01

    Green infrastructure (GI) has attracted city planners and watershed management professional as a new approach to control urban stormwater runoff. Several regulatory enforcements of GI implementation created an urgent need for quantitative information on GI practice effectiveness, namely for sediment and stream erosion. This study aims at investigating the capability and performance of GI in reducing stream bank erosion in the Blackland Prairie ecosystem. To achieve the goal of this study, we developed a methodology to represent two types of GI (bioretention and permeable pavement) into the Soil Water Assessment Tool, we also evaluated the shear stress and excess shear stress for stream flows in conjunction with different levels of adoption of GI, and estimated potential stream bank erosion for different median soil particle sizes using real and design storms. The results provided various configurations of GI schemes in reducing the negative impact of urban stormwater runoff on stream banks. Results showed that combining permeable pavement and bioretention resulted in the greatest reduction in runoff volumes, peak flows, and excess shear stress under both real and design storms. Bioretention as a stand-alone resulted in the second greatest reduction, while the installation of detention pond only had the least reduction percentages. Lastly, results showed that the soil particle with median diameter equals to 64 mm (small cobbles) had the least excess shear stress across all design storms, while 0.5 mm (medium sand) soil particle size had the largest magnitude of excess shear stress. The current study provides several insights into a watershed scale for GI planning and watershed management to effectively reduce the negative impact of urban stormwater runoff and control streambank erosion.

  1. Critical Review of Technical Questions Facing Low Impact Development and Green Infrastructure: A Perspective from the Great Plains.

    Science.gov (United States)

    Vogel, Jason R; Moore, Trisha L; Coffman, Reid R; Rodie, Steven N; Hutchinson, Stacy L; McDonough, Kelsey R; McLemore, Alex J; McMaine, John T

    2015-09-01

    Since its inception, Low Impact Development (LID) has become part of urban stormwater management across the United States, marking progress in the gradual transition from centralized to distributed runoff management infrastructure. The ultimate goal of LID is full, cost-effective implementation to maximize watershed-scale ecosystem services and enhance resilience. To reach that goal in the Great Plains, the multi-disciplinary author team presents this critical review based on thirteen technical questions within the context of regional climate and socioeconomics across increasing complexities in scale and function. Although some progress has been made, much remains to be done including continued basic and applied research, development of local LID design specifications, local demonstrations, and identifying funding mechanisms for these solutions. Within the Great Plains and beyond, by addressing these technical questions within a local context, the goal of widespread acceptance of LID can be achieved, resulting in more effective and resilient stormwater management.

  2. Building Critical Infrastructure resilience capacities into the Emergency Management set-up: a reference framework

    DEFF Research Database (Denmark)

    Trucco, P.; Petrenj, B.; Kozine, Igor

    proposes a comprehensive framework to identify, build and enhance specific capabilities, both intra- and inter-organisational, needed to manage (prepare, cope and recover from) CI disruptions. This allows emergency services to assess and explicitly address resilience improvement measures while planning......, resources and processes specifically arranged to accomplish a critical task and assure a key objective. Each capability contributes to one or more resilience capacities (preventive, absorptive, adaptive and restorative). An overall resilience capability building cycle completes the framework, enabling...... a systematic implementation of relevant capabilities and making gap analysis with regard to resilience deficits. The planning of training exercises to enhance CI resilience can also benefit from the approach....

  3. CORESAFE: A Formal Approach against Code Replacement Attacks on Cyber Physical Systems

    Science.gov (United States)

    2018-04-19

    AFRL-AFOSR-JP-TR-2018-0035 CORESAFE:A Formal Approach against Code Replacement Attacks on Cyber Physical Systems Sandeep Shukla INDIAN INSTITUTE OF...Formal Approach against Code Replacement Attacks on Cyber Physical Systems 5a.  CONTRACT NUMBER 5b.  GRANT NUMBER FA2386-16-1-4099 5c.  PROGRAM ELEMENT...SUPPLEMENTARY NOTES 14.  ABSTRACT Industrial Control Systems (ICS) used in manufacturing, power generators and other critical infrastructure monitoring and

  4. Defending networks against denial-of-service attacks

    Science.gov (United States)

    Gelenbe, Erol; Gellman, Michael; Loukas, George

    2004-11-01

    Denial of service attacks, viruses and worms are common tools for malicious adversarial behavior in networks. Experience shows that over the last few years several of these techniques have probably been used by governments to impair the Internet communications of various entities, and we can expect that these and other information warfare tools will be used increasingly as part of hostile behavior either independently, or in conjunction with other forms of attack in conventional or asymmetric warfare, as well as in other forms of malicious behavior. In this paper we concentrate on Distributed Denial of Service Attacks (DDoS) where one or more attackers generate flooding traffic and direct it from multiple sources towards a set of selected nodes or IP addresses in the Internet. We first briefly survey the literature on the subject, and discuss some examples of DDoS incidents. We then present a technique that can be used for DDoS protection based on creating islands of protection around a critical information infrastructure. This technique, that we call the CPN-DoS-DT (Cognitive Packet Networks DoS Defence Technique), creates a self-monitoring sub-network surrounding each critical infrastructure node. CPN-DoS-DT is triggered by a DDoS detection scheme, and generates control traffic from the objects of the DDoS attack to the islands of protection where DDOS packet flows are destroyed before they reach the critical infrastructure. We use mathematical modelling, simulation and experiments on our test-bed to show the positive and negative outcomes that may result from both the attack, and the CPN-DoS-DT protection mechanism, due to imperfect detection and false alarms.

  5. Cyber Threats to Nuclear Infrastructures

    International Nuclear Information System (INIS)

    Anderson, Robert S.; Moskowitz, Paul; Schanfein, Mark; Bjornard, Trond; St. Michel, Curtis

    2010-01-01

    Nuclear facility personnel expend considerable efforts to ensure that their facilities can maintain continuity of operations against both natural and man-made threats. Historically, most attention has been placed on physical security. Recently however, the threat of cyber-related attacks has become a recognized and growing world-wide concern. Much attention has focused on the vulnerability of the electric grid and chemical industries to cyber attacks, in part, because of their use of Supervisory Control and Data Acquisition (SCADA) systems. Lessons learned from work in these sectors indicate that the cyber threat may extend to other critical infrastructures including sites where nuclear and radiological materials are now stored. In this context, this white paper presents a hypothetical scenario by which a determined adversary launches a cyber attack that compromises the physical protection system and results in a reduced security posture at such a site. The compromised security posture might then be malevolently exploited in a variety of ways. The authors conclude that the cyber threat should be carefully considered for all nuclear infrastructures.

  6. Cyber Threats to Nuclear Infrastructures

    Energy Technology Data Exchange (ETDEWEB)

    Robert S. Anderson; Paul Moskowitz; Mark Schanfein; Trond Bjornard; Curtis St. Michel

    2010-07-01

    Nuclear facility personnel expend considerable efforts to ensure that their facilities can maintain continuity of operations against both natural and man-made threats. Historically, most attention has been placed on physical security. Recently however, the threat of cyber-related attacks has become a recognized and growing world-wide concern. Much attention has focused on the vulnerability of the electric grid and chemical industries to cyber attacks, in part, because of their use of Supervisory Control and Data Acquisition (SCADA) systems. Lessons learned from work in these sectors indicate that the cyber threat may extend to other critical infrastructures including sites where nuclear and radiological materials are now stored. In this context, this white paper presents a hypothetical scenario by which a determined adversary launches a cyber attack that compromises the physical protection system and results in a reduced security posture at such a site. The compromised security posture might then be malevolently exploited in a variety of ways. The authors conclude that the cyber threat should be carefully considered for all nuclear infrastructures.

  7. Examining the Interrelationship among Critical Success Factors of Public Private Partnership Infrastructure Projects

    Directory of Open Access Journals (Sweden)

    Shiying Shi

    2016-12-01

    Full Text Available Examining the interrelationships among critical success factors (CSFs for public private partnership (PPP projects is of importance for improving PPP project performance and maintaining the sustainability of PPP project implementation. Previous studies mostly focused on the identification of the CSFs for PPP projects; limited studies investigated the interrelationships among CSFs. Hence, the research objectives are (a to determine the interrelationships among CSFs of PPP projects taking into account the public and (b to identify influence paths contributing to take advantage of CSFs in the process of PPP implementation. A literature review and expert interviews were adopted to construct the CSFs framework; nine hypotheses were constructed and tested by the structural equation modelling (SEM based on the data collected from a questionnaire survey. This research reveals that the relationship between public and private partners is the leader-follower relationship, not the partnership relationship, in PPP projects, indicating that the responsibilities, power or resources existing among partners are very unequal. It also highlights that public involvement has a negative effect on the process of service provisions, and costs and risks exist in the process of public involvement in PPP projects. The determined interrelationships among CSFs will contribute to the sustainability and success of a PPP project.

  8. How Critical Is Critical Infrastructure?

    Science.gov (United States)

    2015-09-01

    manager conducting a risk self-assessment will likely be subconsciously biased to assess greater risks than actually exist. This problem can be... bias .” The optimism bias extends beyond MBA students. People under estimate their risk for car accidents, think the chances of divorce are low, and...Decisions about Health, Wealth, and Happiness (New Haven, CT: Yale University Press, 2008), 20. 29 others.80 Optimism bias is evident in compulsive

  9. Post-Disaster Supply Chain Interdependent Critical Infrastructure System Restoration: A Review of Data Necessary and Available for Modeling

    Directory of Open Access Journals (Sweden)

    Varun Ramachandran

    2016-01-01

    Full Text Available The majority of restoration strategies in the wake of large-scale disasters have focused on short-term emergency response solutions. Few consider medium- to long-term restoration strategies to reconnect urban areas to national 'supply chain interdependent critical infrastructure systems' (SCICI. These SCICI promote the effective flow of goods, services, and information vital to the economic vitality of an urban environment. To re-establish the connectivity that has been broken during a disaster between the different SCICI, relationships between these systems must be identified, formulated, and added to a common framework to form a system-level restoration plan. To accomplish this goal, a considerable collection of SCICI data is necessary. The aim of this paper is to review what data are required for model construction, the accessibility of these data, and their integration with each other. While a review of publically available data reveals a dearth of real-time data to assist modeling long-term recovery following an extreme event, a significant amount of static data does exist and these data can be used to model the complex interdependencies needed. For the sake of illustration, a particular SCICI (transportation is used to highlight the challenges of determining the interdependencies and creating models capable of describing the complexity of an urban environment with the data publically available. Integration of such data as is derived from public domain sources is readily achieved in a geospatial environment, after all geospatial infrastructure data are the most abundant data source and while significant quantities of data can be acquired through public sources, a significant effort is still required to gather, develop, and integrate these data from multiple sources to build a complete model. Therefore, while continued availability of high quality, public information is essential for modeling efforts in academic as well as government

  10. Post-disaster supply chain interdependent critical infrastructure system restoration: A review of data necessary and available for modeling

    Science.gov (United States)

    Ramachandran, Varun; Long, Suzanna K.; Shoberg, Thomas G.; Corns, Steven; Carlo, Hector J.

    2016-01-01

    The majority of restoration strategies in the wake of large-scale disasters have focused on short-term emergency response solutions. Few consider medium- to long-term restoration strategies to reconnect urban areas to national supply chain interdependent critical infrastructure systems (SCICI). These SCICI promote the effective flow of goods, services, and information vital to the economic vitality of an urban environment. To re-establish the connectivity that has been broken during a disaster between the different SCICI, relationships between these systems must be identified, formulated, and added to a common framework to form a system-level restoration plan. To accomplish this goal, a considerable collection of SCICI data is necessary. The aim of this paper is to review what data are required for model construction, the accessibility of these data, and their integration with each other. While a review of publically available data reveals a dearth of real-time data to assist modeling long-term recovery following an extreme event, a significant amount of static data does exist and these data can be used to model the complex interdependencies needed. For the sake of illustration, a particular SCICI (transportation) is used to highlight the challenges of determining the interdependencies and creating models capable of describing the complexity of an urban environment with the data publically available. Integration of such data as is derived from public domain sources is readily achieved in a geospatial environment, after all geospatial infrastructure data are the most abundant data source and while significant quantities of data can be acquired through public sources, a significant effort is still required to gather, develop, and integrate these data from multiple sources to build a complete model. Therefore, while continued availability of high quality, public information is essential for modeling efforts in academic as well as government communities, a more

  11. Landslides affecting critical infrastructures: the use of a GB-InSAR based warning system in Calatabiano (Southern Italy).

    Science.gov (United States)

    Nolesini, Teresa; Frodella, William; Bardi, Federica; Intrieri, Emanuele; Carlà, Tommaso; Solari, Lorenzo; Dotta, Giulia; Ferrigno, Federica; Casagli, Nicola

    2017-04-01

    Landslides represent one of the most frequent geo-hazard, not only causing a serious threat to human lives, but also determining socio-economic losses, countable in billions of Euros and expressed in terms of damage to property, infrastructures and environmental degradation. Recent events show a significant increase in the number of disasters with natural and/or technological causes, which could have potentially serious consequences for Critical Infrastructures (CI). Where these infrastructures tend to fail or to be destroyed, the resulting cascade effect (chain of accidents) could lead to catastrophic damage and affect people, the environment and the economy. In the field of landslide detection, mapping, monitoring and management, the availability of advanced remote sensing technologies, which allow systematic and easily updatable acquisitions of data, may enhance the implementation of near real time monitoring activity and the production of landslide maps, optimizing field work. This work aims at presenting an example of the advantages given by the combined use of advanced remote sensing techniques, such as Ground-Based Interferometric Synthetic Aperture Radar (GB-InSAR), Terrestrial Laser Scanning (TLS) and Infrared Thermography (IRT), in order to monitor and map the Calatabiano landslide, located in the Catania Province (Sicily Island, Southern Italy). The landslide occurred on October 24th 2015, after a period of heavy rainfall, causing the rupture of a water pipeline transect of the aqueduct supplying water to the city of Messina. As a consequence of this event a considerable lack in water resources occurred for a large number of the city inhabitants. A provisional by-pass, consisting of three 350 m long pipes passing through the landslide area, was implemented in order to restore the city water supplies during the emergency management phase. In this framework an integrated monitoring network was implemented, in order to assess the residual risk by analyzing

  12. Critical infrastructure protection decision support system decision model : overview and quick-start user's guide.

    Energy Technology Data Exchange (ETDEWEB)

    Samsa, M.; Van Kuiken, J.; Jusko, M.; Decision and Information Sciences

    2008-12-01

    The Critical Infrastructure Protection Decision Support System Decision Model (CIPDSS-DM) is a useful tool for comparing the effectiveness of alternative risk-mitigation strategies on the basis of CIPDSS consequence scenarios. The model is designed to assist analysts and policy makers in evaluating and selecting the most effective risk-mitigation strategies, as affected by the importance assigned to various impact measures and the likelihood of an incident. A typical CIPDSS-DM decision map plots the relative preference of alternative risk-mitigation options versus the annual probability of an undesired incident occurring once during the protective life of the investment, assumed to be 20 years. The model also enables other types of comparisons, including a decision map that isolates a selected impact variable and displays the relative preference for the options of interest--parameterized on the basis of the contribution of the isolated variable to total impact, as well as the likelihood of the incident. Satisfaction/regret analysis further assists the analyst or policy maker in evaluating the confidence with which one option can be selected over another.

  13. Critical Data Source; Tool or Even Infrastructure? Challenges of Geographic Information Systems and Remote Sensing for Disaster Risk Governance

    Directory of Open Access Journals (Sweden)

    Alexander Fekete

    2015-09-01

    Full Text Available Disaster risk information is spatial in nature and Geographic Information Systems (GIS and Remote Sensing (RS play an important key role by the services they provide to society. In this context, to risk management and governance, in general, and to civil protection, specifically (termed differently in many countries, and includes, for instance: civil contingencies in the UK, homeland security in the USA, disaster risk reduction at the UN level. The main impetus of this article is to summarize key contributions and challenges in utilizing and accepting GIS and RS methods and data for disaster risk governance, which includes public bodies, but also risk managers in industry and practitioners in search and rescue organizations. The article analyzes certain method developments, such as vulnerability indicators, crowdsourcing, and emerging concepts, such as Volunteered Geographic Information, but also investigates the potential of the topic Critical Infrastructure as it could be applied on spatial assets and GIS and RS itself. Intended to stimulate research on new and emerging fields, this article’s main contribution is to move spatial research toward a more reflective stance where opportunities and challenges are equally and transparently addressed in order to gain more scientific quality. As a conclusion, GIS and RS can play a pivotal role not just in delivering data but also in connecting and analyzing data in a more integrative, holistic way.

  14. One-sided muon tomography - A portable method for imaging critical infrastructure with a single muon detector

    Energy Technology Data Exchange (ETDEWEB)

    Boniface, K., E-mail: bonifak@mcmaster.ca [McMaster Univ., Hamilton, Ontario (Canada); Jonkmans, G. [Defence R& D Canada, Centre for Security Science, Ottawa, Ontario (Canada); Anghel, V.; Erlandson, A.; Thompson, M.; Livingstone, S. [Canadian Nuclear Laboratories, Chalk River, Ontario (Canada)

    2014-07-01

    High-energy muons generated from cosmic-ray particle showers have been shown to exhibit properties ideal for imaging the interior of large structures. This paper explores the possibility of using a single portable muon detector in conjunction with image reconstruction methods used in nuclear medicine to reconstruct a 3D image of the interior of man-made large structures such as the Zero Energy Deuterium (ZED-2) research reactor at Atomic Energy of Canada Ltd (AECL) Chalk River Laboratories (CRL). The ZED-2 reactor core and muon detector arrangement are modeled in GEANT4 and measurements of the resultant muon throughput and angular distribution at several angles of rotation around the reactor are generated. Statistical analysis is then performed on these measurements based on the well-defined flux and angular distribution of muons expected near the surface of the earth. The results of this analysis are shown to produce reconstructed images of the spatial distribution of nuclear fuel within the core for multiple fuel configurations. This “one-sided tomography” concept is a possible candidate for examining the internal structure of larger critical facilities, for example the Fukushima Daiichi power plant where the integrity of the containment infrastructure and the location of the reactor fuel is unknown. (author)

  15. Handling Worldwide LHC Computing Grid Critical Service Incidents : The infrastructure and experience behind nearly 5 years of GGUS ALARMs

    CERN Multimedia

    Dimou, M; Dulov, O; Grein, G

    2013-01-01

    In the Wordwide LHC Computing Grid (WLCG) project the Tier centres are of paramount importance for storing and accessing experiment data and for running the batch jobs necessary for experiment production activities. Although Tier2 sites provide a significant fraction of the resources a non-availability of resources at the Tier0 or the Tier1s can seriously harm not only WLCG Operations but also the experiments' workflow and the storage of LHC data which are very expensive to reproduce. This is why availability requirements for these sites are high and committed in the WLCG Memorandum of Understanding (MoU). In this talk we describe the workflow of GGUS ALARMs, the only 24/7 mechanism available to LHC experiment experts for reporting to the Tier0 or the Tier1s problems with their Critical Services. Conclusions and experience gained from the detailed drills performed in each such ALARM for the last 4 years are explained and the shift with time of Type of Problems met. The physical infrastructure put in place to ...

  16. Assessment of municipal infrastructure development and its critical influencing factors in urban China: A FA and STIRPAT approach.

    Directory of Open Access Journals (Sweden)

    Yu Li

    Full Text Available Municipal infrastructure is a fundamental facility for the normal operation and development of an urban city and is of significance for the stable progress of sustainable urbanization around the world, especially in developing countries. Based on the municipal infrastructure data of the prefecture-level cities in China, municipal infrastructure development is assessed comprehensively using a FA (factor analysis model, and then the stochastic model STIRPAT (stochastic impacts by regression on population, affluence and technology is examined to investigate key factors that influence municipal infrastructure of cities in various stages of urbanization and economy. This study indicates that the municipal infrastructure development in urban China demonstrates typical characteristics of regional differentiation, in line with the economic development pattern. Municipal infrastructure development in cities is primarily influenced by income, industrialization and investment. For China and similar developing countries under transformation, national public investment remains the primary driving force of economy as well as the key influencing factor of municipal infrastructure. Contribution from urbanization and the relative consumption level, and the tertiary industry is still scanty, which is a crux issue for many developing countries under transformation. With economic growth and the transformation requirements, the influence of the conventional factors such as public investment and industrialization on municipal infrastructure development would be expected to decline, meanwhile, other factors like the consumption and tertiary industry driven model and the innovation society can become key contributors to municipal infrastructure sustainability.

  17. Assessment of municipal infrastructure development and its critical influencing factors in urban China: A FA and STIRPAT approach.

    Science.gov (United States)

    Li, Yu; Zheng, Ji; Li, Fei; Jin, Xueting; Xu, Chen

    2017-01-01

    Municipal infrastructure is a fundamental facility for the normal operation and development of an urban city and is of significance for the stable progress of sustainable urbanization around the world, especially in developing countries. Based on the municipal infrastructure data of the prefecture-level cities in China, municipal infrastructure development is assessed comprehensively using a FA (factor analysis) model, and then the stochastic model STIRPAT (stochastic impacts by regression on population, affluence and technology) is examined to investigate key factors that influence municipal infrastructure of cities in various stages of urbanization and economy. This study indicates that the municipal infrastructure development in urban China demonstrates typical characteristics of regional differentiation, in line with the economic development pattern. Municipal infrastructure development in cities is primarily influenced by income, industrialization and investment. For China and similar developing countries under transformation, national public investment remains the primary driving force of economy as well as the key influencing factor of municipal infrastructure. Contribution from urbanization and the relative consumption level, and the tertiary industry is still scanty, which is a crux issue for many developing countries under transformation. With economic growth and the transformation requirements, the influence of the conventional factors such as public investment and industrialization on municipal infrastructure development would be expected to decline, meanwhile, other factors like the consumption and tertiary industry driven model and the innovation society can become key contributors to municipal infrastructure sustainability.

  18. Protecting Critical Rail Infrastructure

    Science.gov (United States)

    2006-12-01

    Gulliver.Trb.Org/Publications/Sr/Sr270.Pdf. 38. Allan J. DeBlasio, Terrance J. Regan, Margaret E . Zirker, Katherine S. Fichter, Kristin Lovejoy ...getrpt?GAO-04-598T. 4. Ibid. 5. Thomas H. Kean, Lee H. Hamilton, Richard Ben-Veniste, Fred F. Fielding, Jamie S. Gorelick, Slade Gorton, Bob Kerrey...Committee, Current and Projected National Security Threats to the United States, Vice Admiral Lowell E . Jacoby, United States Navy, Director, Defense

  19. Cybersecurity for Critical Infrastructure

    Science.gov (United States)

    2015-04-01

    mere intrusion and resulted in physical damage to some computers, an incident of this nature on a private company such as Sony should not be...Baker, Major, USAF A Research Report Submitted to the Faculty In Partial Fulfillment of the Graduation Requirements for the Degree of MASTER...iv Introduction……………………………………………………………………………….……....1 Was the Sony Incident a Cyber Attack………………………………………………….………..3 Defining Cyber

  20. SPECIAL AND MILITARY COMMUNICATIONS AND INFORMATION SYSTEMS AS VITAL PART OF THE CRITICAL INFRASTRUCTURES IN ROMANIA. SECURING THEIR PHYSICAL AND INFORMATIONAL PROTECTION

    Directory of Open Access Journals (Sweden)

    Constantin MINCU

    2012-11-01

    Full Text Available The article presents several arguments on the need to study the critical infrastructure in Romania including various systems (networks and special military communications. It emphasizes the role and place of such systems and networks to provide national defense and security and the risks and vulnerabilities faced by these infrastructures, and some necessary measures to be taken for the physical and informational protection in the case of hostile military actions, natural disasters or other negative phenomena. Finally some conclusions and proposals are formulated.

  1. The Pedagogy of Complex Work Support Systems: Infrastructuring Practices and the Production of Critical Awareness in Risk Auditing

    Science.gov (United States)

    Mathisen, Arve; Nerland, Monika

    2012-01-01

    This paper employs a socio-technical perspective to explore the role of complex work support systems in organising knowledge and providing opportunities for learning in professional work. Drawing on concepts from infrastructure studies, such systems are seen as work infrastructures which connect information, knowledge, standards and work…

  2. Fatal injection: a survey of modern code injection attack countermeasures

    Directory of Open Access Journals (Sweden)

    Dimitris Mitropoulos

    2017-11-01

    Full Text Available With a code injection attack (CIA an attacker can introduce malicious code into a computer program or system that fails to properly encode data that comes from an untrusted source. A CIA can have different forms depending on the execution context of the application and the location of the programming flaw that leads to the attack. Currently, CIAs are considered one of the most damaging classes of application attacks since they can severely affect an organisation’s infrastructure and cause financial and reputational damage to it. In this paper we examine and categorize the countermeasures developed to detect the various attack forms. In particular, we identify two distinct categories. The first incorporates static program analysis tools used to eliminate flaws that can lead to such attacks during the development of the system. The second involves the use of dynamic detection safeguards that prevent code injection attacks while the system is in production mode. Our analysis is based on nonfunctional characteristics that are considered critical when creating security mechanisms. Such characteristics involve usability, overhead, implementation dependencies, false positives and false negatives. Our categorization and analysis can help both researchers and practitioners either to develop novel approaches, or use the appropriate mechanisms according to their needs.

  3. Vulnerability of water supply systems to cyber-physical attacks

    Science.gov (United States)

    Galelli, Stefano; Taormina, Riccardo; Tippenhauer, Nils; Salomons, Elad; Ostfeld, Avi

    2016-04-01

    The adoption of smart meters, distributed sensor networks and industrial control systems has largely improved the level of service provided by modern water supply systems. Yet, the progressive computerization exposes these critical infrastructures to cyber-physical attacks, which are generally aimed at stealing critical information (cyber-espionage) or causing service disruption (denial-of-service). Recent statistics show that water and power utilities are undergoing frequent attacks - such as the December power outage in Ukraine - , attracting the interest of operators and security agencies. Taking the security of Water Distribution Networks (WDNs) as domain of study, our work seeks to characterize the vulnerability of WDNs to cyber-physical attacks, so as to conceive adequate defense mechanisms. We extend the functionality of EPANET, which models hydraulic and water quality processes in pressurized pipe networks, to include a cyber layer vulnerable to repeated attacks. Simulation results on a medium-scale network show that several hydraulic actuators (valves and pumps, for example) can be easily attacked, causing both service disruption - i.e., water spillage and loss of pressure - and structural damages - e.g., pipes burst. Our work highlights the need for adequate countermeasures, such as attacks detection and reactive control systems.

  4. Proactive Routing Mutation Against Stealthy Distributed Denial of Service Attacks – Metrics, Modeling and Analysis

    Energy Technology Data Exchange (ETDEWEB)

    Duan, Qi; Al-Shaer, Ehab; Chatterjee, Samrat; Halappanavar, Mahantesh; Oehmen, Christopher S.

    2018-04-01

    The Infrastructure Distributed Denial of Service (IDDoS) attacks continue to be one of the most devastating challenges facing cyber systems. The new generation of IDDoS attacks exploit the inherent weakness of cyber infrastructure including deterministic nature of routes, skew distribution of flows, and Internet ossification to discover the network critical links and launch highly stealthy flooding attacks that are not observable at the victim end. In this paper, first, we propose a new metric to quantitatively measure the potential susceptibility of any arbitrary target server or domain to stealthy IDDoS attacks, and es- timate the impact of such susceptibility on enterprises. Second, we develop a proactive route mutation technique to minimize the susceptibility to these attacks by dynamically changing the flow paths periodically to invalidate the adversary knowledge about the network and avoid targeted critical links. Our proposed approach actively changes these network paths while satisfying security and qualify of service requirements. We present an integrated approach of proactive route mutation that combines both infrastructure-based mutation that is based on reconfiguration of switches and routers, and middle-box approach that uses an overlay of end-point proxies to construct a virtual network path free of critical links to reach a destination. We implemented the proactive path mutation technique on a Software Defined Network using the OpendDaylight controller to demonstrate a feasible deployment of this approach. Our evaluation validates the correctness, effectiveness, and scalability of the proposed approaches.

  5. Mathematical modelling of tsunami impacts on critical infrastructures: exposure and severity associated with debris transport at Sines port, Portugal.

    Science.gov (United States)

    Conde, Daniel; Baptista, Maria Ana; Sousa Oliveira, Carlos; Ferreira, Rui M. L.

    2015-04-01

    a flux-splitting technique with a reviewed Roe-Riemann solver and appropriate source-term formulations to ensure full conservativeness. Additionally, STAV-2D features Lagrangian-Eulerian coupling enabling solid transport simulation under both continuum and discrete approaches, and has been validated with both laboratory data and paleo-tsunami evidence (Conde, 2013a; Conde, 2013b). The interactions between the inundating flow and coal stockpiles or natural mobile bed reaches were simulated using a continuum debris-flow approach, featuring fractional solid transport, while the containers at the new terminal were advected with an explicit Lagrangian method. The meshwork employed at the port models the existing geometry and structures in great detail, enabling explicitly resolved interactions between the current infrastructure and the overland propagating tsunami. The obtained preliminary results suggest that several structures, some of them critical in a nationwide context, are exposed to tsunami actions. The coal deposition pattern and the final location of monitored containers were determined for two magnitude scenarios (8.5 Mw and 9.5 Mw) in the case of a tsunami generated at the Horseshoe fault and one magnitude scenario (9.5 Mw) for a tsunami generated at the Gorringe bank. The inland washing of the coal stockpiles may impose great loss of both economical and environmental value, while the impact of large mobile debris, such as the containers in the terminal area, significantly increases the severity of infrastructural damage. Acknowledgements This work was partially funded by FEDER, program COMPETE, and by national funds through the Portuguese Foundation for Science and Technology (FCT) with project RECI/ECM-HID/0371/2012. References Baptista M.A. & Miranda, J.M. (2009), Revision of the Portuguese catalog of tsunamis. Nat. Hazards Earth Syst. Sci., 9, 25-42. Canelas, R.; Murillo, J. & Ferreira, R.M.L. (2013), Two-dimensional depth-averaged modelling of dam

  6. Enhancing Critical Infrastructure and Key Resources (CIKR) Level-0 Physical Process Security Using Field Device Distinct Native Attribute Features

    Energy Technology Data Exchange (ETDEWEB)

    Lopez, Juan [Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States); Liefer, Nathan C. [Wright-Patterson AFB, Dayton, OH (United States); Busho, Colin R. [Wright-Patterson AFB, Dayton, OH (United States); Temple, Michael A. [Wright-Patterson AFB, Dayton, OH (United States)

    2017-12-04

    Here, the need for improved Critical Infrastructure and Key Resource (CIKR) security is unquestioned and there has been minimal emphasis on Level-0 (PHY Process) improvements. Wired Signal Distinct Native Attribute (WS-DNA) Fingerprinting is investigated here as a non-intrusive PHY-based security augmentation to support an envisioned layered security strategy. Results are based on experimental response collections from Highway Addressable Remote Transducer (HART) Differential Pressure Transmitter (DPT) devices from three manufacturers (Yokogawa, Honeywell, Endress+Hauer) installed in an automated process control system. Device discrimination is assessed using Time Domain (TD) and Slope-Based FSK (SB-FSK) fingerprints input to Multiple Discriminant Analysis, Maximum Likelihood (MDA/ML) and Random Forest (RndF) classifiers. For 12 different classes (two devices per manufacturer at two distinct set points), both classifiers performed reliably and achieved an arbitrary performance benchmark of average cross-class percent correct of %C > 90%. The least challenging cross-manufacturer results included near-perfect %C ≈ 100%, while the more challenging like-model (serial number) discrimination results included 90%< %C < 100%, with TD Fingerprinting marginally outperforming SB-FSK Fingerprinting; SB-FSK benefits from having less stringent response alignment and registration requirements. The RndF classifier was most beneficial and enabled reliable selection of dimensionally reduced fingerprint subsets that minimize data storage and computational requirements. The RndF selected feature sets contained 15% of the full-dimensional feature sets and only suffered a worst case %CΔ = 3% to 4% performance degradation.

  7. Critical analysis of the Bennett-Riedel attack on secure cryptographic key distributions via the Kirchhoff-Law-Johnson-noise scheme.

    Directory of Open Access Journals (Sweden)

    Laszlo B Kish

    Full Text Available Recently, Bennett and Riedel (BR (http://arxiv.org/abs/1303.7435v1 argued that thermodynamics is not essential in the Kirchhoff-law-Johnson-noise (KLJN classical physical cryptographic exchange method in an effort to disprove the security of the KLJN scheme. They attempted to demonstrate this by introducing a dissipation-free deterministic key exchange method with two batteries and two switches. In the present paper, we first show that BR's scheme is unphysical and that some elements of its assumptions violate basic protocols of secure communication. All our analyses are based on a technically unlimited Eve with infinitely accurate and fast measurements limited only by the laws of physics and statistics. For non-ideal situations and at active (invasive attacks, the uncertainly principle between measurement duration and statistical errors makes it impossible for Eve to extract the key regardless of the accuracy or speed of her measurements. To show that thermodynamics and noise are essential for the security, we crack the BR system with 100% success via passive attacks, in ten different ways, and demonstrate that the same cracking methods do not function for the KLJN scheme that employs Johnson noise to provide security underpinned by the Second Law of Thermodynamics. We also present a critical analysis of some other claims by BR; for example, we prove that their equations for describing zero security do not apply to the KLJN scheme. Finally we give mathematical security proofs for each BR-attack against the KLJN scheme and conclude that the information theoretic (unconditional security of the KLJN method has not been successfully challenged.

  8. Critical analysis of the Bennett-Riedel attack on secure cryptographic key distributions via the Kirchhoff-Law-Johnson-noise scheme.

    Science.gov (United States)

    Kish, Laszlo B; Abbott, Derek; Granqvist, Claes G

    2013-01-01

    Recently, Bennett and Riedel (BR) (http://arxiv.org/abs/1303.7435v1) argued that thermodynamics is not essential in the Kirchhoff-law-Johnson-noise (KLJN) classical physical cryptographic exchange method in an effort to disprove the security of the KLJN scheme. They attempted to demonstrate this by introducing a dissipation-free deterministic key exchange method with two batteries and two switches. In the present paper, we first show that BR's scheme is unphysical and that some elements of its assumptions violate basic protocols of secure communication. All our analyses are based on a technically unlimited Eve with infinitely accurate and fast measurements limited only by the laws of physics and statistics. For non-ideal situations and at active (invasive) attacks, the uncertainly principle between measurement duration and statistical errors makes it impossible for Eve to extract the key regardless of the accuracy or speed of her measurements. To show that thermodynamics and noise are essential for the security, we crack the BR system with 100% success via passive attacks, in ten different ways, and demonstrate that the same cracking methods do not function for the KLJN scheme that employs Johnson noise to provide security underpinned by the Second Law of Thermodynamics. We also present a critical analysis of some other claims by BR; for example, we prove that their equations for describing zero security do not apply to the KLJN scheme. Finally we give mathematical security proofs for each BR-attack against the KLJN scheme and conclude that the information theoretic (unconditional) security of the KLJN method has not been successfully challenged.

  9. Attack surfaces

    DEFF Research Database (Denmark)

    Gruschka, Nils; Jensen, Meiko

    2010-01-01

    The new paradigm of cloud computing poses severe security risks to its adopters. In order to cope with these risks, appropriate taxonomies and classification criteria for attacks on cloud computing are required. In this work-in-progress paper we present one such taxonomy based on the notion...... of attack surfaces of the cloud computing scenario participants....

  10. The Application of Biometrics in Critical Infrastructures Operations: Guidance for Security Managers. ERNCIP Thematic Group Applied Biometrics for CIP. Deliverable: Guidance for Security Managers - Task 2

    OpenAIRE

    REJMAN-GREENE Marek; BRZOZOWSKI Krzysztof; MANSFIELD Tony; SANCHEZ-REILLO Raul; WAGGETT Peter; WHITAKER Geoff

    2015-01-01

    Biometric technologies have advanced considerably over the past decade, and have paved the way for more widespread use by governments, commercial enterprises and, more recently, by the consumer through the introduction of sensors and apps on mobile phones. This report provides introductory information about the application of these technologies to achieve secure recognition of individuals by organisations which form part of critical infrastructures in the EU. As a specific example, it offers ...

  11. An operational-oriented approach to the assessment of low probability seismic ground motions for critical infrastructures

    Science.gov (United States)

    Garcia-Fernandez, Mariano; Assatourians, Karen; Jimenez, Maria-Jose

    2018-01-01

    Extreme natural hazard events have the potential to cause significant disruption to critical infrastructure (CI) networks. Among them, earthquakes represent a major threat as sudden-onset events with limited, if any, capability of forecast, and high damage potential. In recent years, the increased exposure of interdependent systems has heightened concern, motivating the need for a framework for the management of these increased hazards. The seismic performance level and resilience of existing non-nuclear CIs can be analyzed by identifying the ground motion input values leading to failure of selected key elements. Main interest focuses on the ground motions exceeding the original design values, which should correspond to low probability occurrence. A seismic hazard methodology has been specifically developed to consider low-probability ground motions affecting elongated CI networks. The approach is based on Monte Carlo simulation, which allows for building long-duration synthetic earthquake catalogs to derive low-probability amplitudes. This approach does not affect the mean hazard values and allows obtaining a representation of maximum amplitudes that follow a general extreme-value distribution. This facilitates the analysis of the occurrence of extremes, i.e., very low probability of exceedance from unlikely combinations, for the development of, e.g., stress tests, among other applications. Following this methodology, extreme ground-motion scenarios have been developed for selected combinations of modeling inputs including seismic activity models (source model and magnitude-recurrence relationship), ground motion prediction equations (GMPE), hazard levels, and fractiles of extreme ground motion. The different results provide an overview of the effects of different hazard modeling inputs on the generated extreme motion hazard scenarios. This approach to seismic hazard is at the core of the risk analysis procedure developed and applied to European CI transport

  12. Development and utilization of USGS ShakeCast for rapid post-earthquake assessment of critical facilities and infrastructure

    Science.gov (United States)

    Wald, David J.; Lin, Kuo-wan; Kircher, C.A.; Jaiswal, Kishor; Luco, Nicolas; Turner, L.; Slosky, Daniel

    2017-01-01

    The ShakeCast system is an openly available, near real-time post-earthquake information management system. ShakeCast is widely used by public and private emergency planners and responders, lifeline utility operators and transportation engineers to automatically receive and process ShakeMap products for situational awareness, inspection priority, or damage assessment of their own infrastructure or building portfolios. The success of ShakeCast to date and its broad, critical-user base mandates improved software usability and functionality, including improved engineering-based damage and loss functions. In order to make the software more accessible to novice users—while still utilizing advanced users’ technical and engineering background—we have developed a “ShakeCast Workbook”, a well documented, Excel spreadsheet-based user interface that allows users to input notification and inventory data and export XML files requisite for operating the ShakeCast system. Users will be able to select structure based on a minimum set of user-specified facility (building location, size, height, use, construction age, etc.). “Expert” users will be able to import user-modified structural response properties into facility inventory associated with the HAZUS Advanced Engineering Building Modules (AEBM). The goal of the ShakeCast system is to provide simplified real-time potential impact and inspection metrics (i.e., green, yellow, orange and red priority ratings) to allow users to institute customized earthquake response protocols. Previously, fragilities were approximated using individual ShakeMap intensity measures (IMs, specifically PGA and 0.3 and 1s spectral accelerations) for each facility but we are now performing capacity-spectrum damage state calculations using a more robust characterization of spectral deamnd.We are also developing methods for the direct import of ShakeMap’s multi-period spectra in lieu of the assumed three-domain design spectrum (at 0.3s for

  13. Effects of a significant New Madrid Seismic Zone event on oil and natural gas pipelines and their cascading effects to critical infrastructures

    Science.gov (United States)

    Fields, Damon E.

    Critical Infrastructure Protection (CIP) is a construct that relates preparedness and responsiveness to natural or man-made disasters that involve vulnerable assets deemed essential for the functioning of our economy and society. Infrastructure systems (power grids, bridges, airports, etc.) are vulnerable to disastrous types of events--natural or man-made. Failures of these systems can have devastating effects on communities and entire regions. CIP relates our willingness, ability, and capability to defend, mitigate, and re-constitute those assets that succumb to disasters affecting one or more infrastructure sectors. This qualitative research utilized ethnography and employed interviews with subject matter experts (SMEs) from various fields of study regarding CIP with respect to oil and natural gas pipelines in the New Madrid Seismic Zone. The study focused on the research question: What can be done to mitigate vulnerabilities in the oil and natural gas infrastructures, along with the potential cascading effects to interdependent systems, associated with a New Madrid fault event? The researcher also analyzed National Level Exercises (NLE) and real world events, and associated After Action Reports (AAR) and Lessons Learned (LL) in order to place a holistic lens across all infrastructures and their dependencies and interdependencies. Three main themes related to the research question emerged: (a) preparedness, (b) mitigation, and (c) impacts. These themes comprised several dimensions: (a) redundancy, (b) node hardening, (c) education, (d) infrastructure damage, (e) cascading effects, (f) interdependencies, (g) exercises, and (h) earthquake readiness. As themes and dimensions are analyzed, they are considered against findings in AARs and LL from previous real world events and large scale exercise events for validation or rejection.

  14. Heart Attack

    Science.gov (United States)

    ... properly causes your body's blood sugar levels to rise, increasing your risk of heart attack. Metabolic syndrome. This occurs when you have obesity, high blood pressure and high blood sugar. Having metabolic ...

  15. Heart Attack

    Science.gov (United States)

    ... family history of heart attack race – African Americans, Mexican Americans, Native Americans, and native Hawaiians are at ... Your doctor will prescribe the medicines that are right for you. If you have had a heart ...

  16. "Measuring Operational Effectiveness of Information Technology Infrastructure Library (IIL) and the Impact of Critical Facilities Inclusion in the Process."

    Science.gov (United States)

    Woodell, Eric A.

    2013-01-01

    Information Technology (IT) professionals use the Information Technology Infrastructure Library (ITIL) process to better manage their business operations, measure performance, improve reliability and lower costs. This study examined the operational results of those data centers using ITIL against those that do not, and whether the results change…

  17. ATTACK WARNING: Costs to Modernize NORAD's Computer System Significantly Understated

    National Research Council Canada - National Science Library

    Cross, F

    1991-01-01

    ...) Integrated Tactical Warning and Attack Assessment (ITW/AA) system. These subsystems provide critical strategic surveillance and attack warning and assessment information to United States and Canadian leaders...

  18. Cyberwarfare on the Electricity Infrastructure

    Energy Technology Data Exchange (ETDEWEB)

    Murarka, N.; Ramesh, V.C.

    2000-03-20

    The report analyzes the possibility of cyberwarfare on the electricity infrastructure. The ongoing deregulation of the electricity industry makes the power grid all the more vulnerable to cyber attacks. The report models the power system information system components, models potential threats and protective measures. It therefore offers a framework for infrastructure protection.

  19. Increasing the resilience and security of the United States' power infrastructure

    Energy Technology Data Exchange (ETDEWEB)

    Happenny, Sean F. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States)

    2015-08-01

    The United States' power infrastructure is aging, underfunded, and vulnerable to cyber attack. Emerging smart grid technologies may take some of the burden off of existing systems and make the grid as a whole more efficient, reliable, and secure. The Pacific Northwest National Laboratory (PNNL) is funding research into several aspects of smart grid technology and grid security, creating a software simulation tool that will allow researchers to test power infrastructure control and distribution paradigms by utilizing different smart grid technologies to determine how the grid and these technologies react under different circumstances. Understanding how these systems behave in real-world conditions will lead to new ways to make our power infrastructure more resilient and secure. Demonstrating security in embedded systems is another research area PNNL is tackling. Many of the systems controlling the U.S. critical infrastructure, such as the power grid, lack integrated security and the aging networks protecting them are becoming easier to attack.

  20. Collaborative Attack Mitigation and Response: A survey

    NARCIS (Netherlands)

    Steinberger, Jessica; Sperotto, Anna; Baier, Harald; Pras, Aiko

    2015-01-01

    Over recent years, network-based attacks have become to one of the top causes of network infrastructure and service outages. To counteract a network-based attack, an approach is to move mitigation from the target network to the networks of Internet Service Providers (ISP). However, it remains

  1. Defense strategies for cloud computing multi-site server infrastructures

    Energy Technology Data Exchange (ETDEWEB)

    Rao, Nageswara S. [ORNL; Ma, Chris Y. T. [Hang Seng Management College, Hon Kong; He, Fei [Texas A& M University, Kingsville, TX, USA

    2018-01-01

    We consider cloud computing server infrastructures for big data applications, which consist of multiple server sites connected over a wide-area network. The sites house a number of servers, network elements and local-area connections, and the wide-area network plays a critical, asymmetric role of providing vital connectivity between them. We model this infrastructure as a system of systems, wherein the sites and wide-area network are represented by their cyber and physical components. These components can be disabled by cyber and physical attacks, and also can be protected against them using component reinforcements. The effects of attacks propagate within the systems, and also beyond them via the wide-area network.We characterize these effects using correlations at two levels using: (a) aggregate failure correlation function that specifies the infrastructure failure probability given the failure of an individual site or network, and (b) first-order differential conditions on system survival probabilities that characterize the component-level correlations within individual systems. We formulate a game between an attacker and a provider using utility functions composed of survival probability and cost terms. At Nash Equilibrium, we derive expressions for the expected capacity of the infrastructure given by the number of operational servers connected to the network for sum-form, product-form and composite utility functions.

  2. The political attack ad

    Directory of Open Access Journals (Sweden)

    Palma Peña-Jiménez, Ph.D.

    2011-01-01

    Full Text Available During election campaigns the political spot has a clear objective: to win votes. This message is communicated to the electorate through television and Internet, and usually presents a negative approach, which includes a direct critical message against the opponent, rather than an exposition of proposals. This article is focused on the analysis of the campaign attack video ad purposely created to encourage the disapproval of the political opponent among voters. These ads focus on discrediting the opponent, many times, through the transmission of ad hominem messages, instead of disseminating the potential of the political party and the virtues and manifesto of its candidate. The article reviews the development of the attack ad since its first appearance, which in Spain dates back to 1996, when the famous Doberman ad was broadcast, and examines the most memorable campaign attack ads.

  3. Monitoring of levees, bridges, pipelines, and other critical infrastructure during the 2011 flooding in the Mississippi River Basin: Chapter J in 2011 floods of the central United States

    Science.gov (United States)

    Densmore, Brenda K.; Burton, Bethany L.; Dietsch, Benjamin J.; Cannia, James C.; Huizinga, Richard J.

    2014-01-01

    During the 2011 Mississippi River Basin flood, the U.S. Geological Survey evaluated aspects of critical river infrastructure at the request of and in support of local, State, and Federal Agencies. Geotechnical and hydrographic data collected by the U.S. Geological Survey at numerous locations were able to provide needed information about 2011 flood effects to those managing the critical infrastructure. These data were collected and processed in a short time frame to provide managers the ability to make a timely evaluation of the safety of the infrastructure and, when needed, to take action to secure and protect critical infrastructure. Critical infrastructure surveyed by the U.S. Geological Survey included levees, bridges, pipeline crossings, power plant intakes and outlets, and an electrical transmission tower. Capacitively coupled resistivity data collected along the flood-protection levees surrounding the Omaha Public Power District Nebraska City power plant (Missouri River Levee Unit R573), mapped the near-subsurface electrical properties of the levee and the materials immediately below it. The near-subsurface maps provided a better understanding of the levee construction and the nature of the lithology beneath the levee. Comparison of the capacitively coupled resistivity surveys and soil borings indicated that low-resistivity value material composing the levee generally is associated with lean clay and silt to about 2 to 4 meters below the surface, overlying a more resistive layer associated with sand deposits. In general, the resistivity structure becomes more resistive to the south and the southern survey sections correlate well with the borehole data that indicate thinner clay and silt at the surface and thicker sand sequences at depth in these sections. With the resistivity data Omaha Public Power District could focus monitoring efforts on areas with higher resistivity values (coarser-grained deposits or more loosely compacted section), which typically are

  4. Cyber attacks against state estimation in power systems: Vulnerability analysis and protection strategies

    Science.gov (United States)

    Liu, Xuan

    Power grid is one of the most critical infrastructures in a nation and could suffer a variety of cyber attacks. With the development of Smart Grid, false data injection attack has recently attracted wide research interest. This thesis proposes a false data attack model with incomplete network information and develops optimal attack strategies for attacking load measurements and the real-time topology of a power grid. The impacts of false data on the economic and reliable operations of power systems are quantitatively analyzed in this thesis. To mitigate the risk of cyber attacks, a distributed protection strategies are also developed. It has been shown that an attacker can design false data to avoid being detected by the control center if the network information of a power grid is known to the attacker. In practice, however, it is very hard or even impossible for an attacker to obtain all network information of a power grid. In this thesis, we propose a local load redistribution attacking model based on incomplete network information and show that an attacker only needs to obtain the network information of the local attacking region to inject false data into smart meters in the local region without being detected by the state estimator. A heuristic algorithm is developed to determine a feasible attacking region by obtaining reduced network information. This thesis investigates the impacts of false data on the operations of power systems. It has been shown that false data can be designed by an attacker to: 1) mask the real-time topology of a power grid; 2) overload a transmission line; 3) disturb the line outage detection based on PMU data. To mitigate the risk of cyber attacks, this thesis proposes a new protection strategy, which intends to mitigate the damage effects of false data injection attacks by protecting a small set of critical measurements. To further reduce the computation complexity, a mixed integer linear programming approach is also proposed to

  5. Attack Methodology Analysis: Emerging Trends in Computer-Based Attack Methodologies and Their Applicability to Control System Networks

    Energy Technology Data Exchange (ETDEWEB)

    Bri Rolston

    2005-06-01

    Threat characterization is a key component in evaluating the threat faced by control systems. Without a thorough understanding of the threat faced by critical infrastructure networks, adequate resources cannot be allocated or directed effectively to the defense of these systems. Traditional methods of threat analysis focus on identifying the capabilities and motivations of a specific attacker, assessing the value the adversary would place on targeted systems, and deploying defenses according to the threat posed by the potential adversary. Too many effective exploits and tools exist and are easily accessible to anyone with access to an Internet connection, minimal technical skills, and a significantly reduced motivational threshold to be able to narrow the field of potential adversaries effectively. Understanding how hackers evaluate new IT security research and incorporate significant new ideas into their own tools provides a means of anticipating how IT systems are most likely to be attacked in the future. This research, Attack Methodology Analysis (AMA), could supply pertinent information on how to detect and stop new types of attacks. Since the exploit methodologies and attack vectors developed in the general Information Technology (IT) arena can be converted for use against control system environments, assessing areas in which cutting edge exploit development and remediation techniques are occurring can provide significance intelligence for control system network exploitation, defense, and a means of assessing threat without identifying specific capabilities of individual opponents. Attack Methodology Analysis begins with the study of what exploit technology and attack methodologies are being developed in the Information Technology (IT) security research community within the black and white hat community. Once a solid understanding of the cutting edge security research is established, emerging trends in attack methodology can be identified and the gap between

  6. The Vulnerability of Nuclear Facilities to Cyber Attack; Strategic Insights: Spring 2010

    OpenAIRE

    Kesler, Brent

    2011-01-01

    This article appeared in Strategic Insights, Spring 2011 In June 2010, U.S. Senators Susan Collins, Joseph Lieberman, and Tom Carper introduced the Protecting Cyberspace as a National Asset Act. One of its many aims is to protect critical infrastructures in the United States from cyber attack. In January 2011, Brandon Milhorn, staff director of the Senate Homeland Security and Governmental Affairs Committee, defended the bill, saying that it would prevent a hacker from opening ...

  7. New York Solar Smart DG Hub-Resilient Solar Project: Economic and Resiliency Impact of PV and Storage on New York Critical Infrastructure

    Energy Technology Data Exchange (ETDEWEB)

    Anderson, Kate; Burman, Kari; Simpkins, Travis; Helson, Erica; Lisell, Lars, Case, Tria

    2016-06-01

    Resilient PV, which is solar paired with storage ('solar-plus-storage'), provides value both during normal grid operation and power outages as opposed to traditional solar PV, which functions only when the electric grid is operating. During normal grid operations, resilient PV systems help host sites generate revenue and/or reduce electricity bill charges. During grid outages, resilient PV provides critical emergency power that can help people in need and ease demand on emergency fuel supplies. The combination of grid interruptions during recent storms, the proliferation of solar PV, and the growing deployment of battery storage technologies has generated significant interest in using these assets for both economic and resiliency benefits. This report analyzes the technical and economic viability for resilient PV on three critical infrastructure sites in New York City (NYC): a school that is part of a coastal storm shelter system, a fire station, and a NYCHA senior center that serves as a cooling center during heat emergencies. This analysis differs from previous solar-plus-storage studies by placing a monetary value on resiliency and thus, in essence, modeling a new revenue stream for the avoided cost of a power outage. Analysis results show that resilient PV is economically viable for NYC's critical infrastructure and that it may be similarly beneficial to other commercial buildings across the city. This report will help city building owners, managers, and policymakers better understand the economic and resiliency benefits of resilient PV. As NYC fortifies its building stock against future storms of increasing severity, resilient PV can play an important role in disaster response and recovery while also supporting city greenhouse gas emission reduction targets and relieving stress to the electric grid from growing power demands.

  8. Scenario-based resilience assessment framework for critical infrastructure systems: Case study for seismic resilience of seaports

    International Nuclear Information System (INIS)

    Shafieezadeh, Abdollah; Ivey Burden, Lindsay

    2014-01-01

    A number of metrics in the past have been proposed and numerically implemented to assess the overall performance of large systems during natural disasters and their recovery in the aftermath of the events. Among such performance measures, resilience is a reliable metric. This paper proposes a probabilistic framework for scenario-based resilience assessment of infrastructure systems. The method accounts for uncertainties in the process including the correlation of the earthquake intensity measures, fragility assessment of structural components, estimation of repair requirements, the repair process, and finally the service demands. The proposed method is applied to a hypothetical seaport terminal and the system level performance of the seaport is assessed using various performance metrics. Results of this analysis have shown that medium to large seismic events may significantly disrupt the operation of seaports right after the event and the recovery process may take months. The proposed framework will enable port stakeholders to systematically assess the most-likely performance of the system during expected future earthquake events. - Highlights: • A scenario-based framework for seismic resilience assessment of systems is presented. • Seismic resilience of a hypothetical seaport with realistic settings is studied. • Berth availability is found to govern seaport functionality following earthquakes

  9. Making green infrastructure healthier infrastructure

    Directory of Open Access Journals (Sweden)

    Mare Lõhmus

    2015-11-01

    Full Text Available Increasing urban green and blue structure is often pointed out to be critical for sustainable development and climate change adaptation, which has led to the rapid expansion of greening activities in cities throughout the world. This process is likely to have a direct impact on the citizens’ quality of life and public health. However, alongside numerous benefits, green and blue infrastructure also has the potential to create unexpected, undesirable, side-effects for health. This paper considers several potential harmful public health effects that might result from increased urban biodiversity, urban bodies of water, and urban tree cover projects. It does so with the intent of improving awareness and motivating preventive measures when designing and initiating such projects. Although biodiversity has been found to be associated with physiological benefits for humans in several studies, efforts to increase the biodiversity of urban environments may also promote the introduction and survival of vector or host organisms for infectious pathogens with resulting spread of a variety of diseases. In addition, more green connectivity in urban areas may potentiate the role of rats and ticks in the spread of infectious diseases. Bodies of water and wetlands play a crucial role in the urban climate adaptation and mitigation process. However, they also provide habitats for mosquitoes and toxic algal blooms. Finally, increasing urban green space may also adversely affect citizens allergic to pollen. Increased awareness of the potential hazards of urban green and blue infrastructure should not be a reason to stop or scale back projects. Instead, incorporating public health awareness and interventions into urban planning at the earliest stages can help insure that green and blue infrastructure achieves full potential for health promotion.

  10. Making green infrastructure healthier infrastructure.

    Science.gov (United States)

    Lõhmus, Mare; Balbus, John

    2015-01-01

    Increasing urban green and blue structure is often pointed out to be critical for sustainable development and climate change adaptation, which has led to the rapid expansion of greening activities in cities throughout the world. This process is likely to have a direct impact on the citizens' quality of life and public health. However, alongside numerous benefits, green and blue infrastructure also has the potential to create unexpected, undesirable, side-effects for health. This paper considers several potential harmful public health effects that might result from increased urban biodiversity, urban bodies of water, and urban tree cover projects. It does so with the intent of improving awareness and motivating preventive measures when designing and initiating such projects. Although biodiversity has been found to be associated with physiological benefits for humans in several studies, efforts to increase the biodiversity of urban environments may also promote the introduction and survival of vector or host organisms for infectious pathogens with resulting spread of a variety of diseases. In addition, more green connectivity in urban areas may potentiate the role of rats and ticks in the spread of infectious diseases. Bodies of water and wetlands play a crucial role in the urban climate adaptation and mitigation process. However, they also provide habitats for mosquitoes and toxic algal blooms. Finally, increasing urban green space may also adversely affect citizens allergic to pollen. Increased awareness of the potential hazards of urban green and blue infrastructure should not be a reason to stop or scale back projects. Instead, incorporating public health awareness and interventions into urban planning at the earliest stages can help insure that green and blue infrastructure achieves full potential for health promotion.

  11. Resource-poor settings: infrastructure and capacity building: care of the critically ill and injured during pandemics and disasters: CHEST consensus statement.

    Science.gov (United States)

    Geiling, James; Burkle, Frederick M; Amundson, Dennis; Dominguez-Cherit, Guillermo; Gomersall, Charles D; Lim, Matthew L; Luyckx, Valerie; Sarani, Babak; Uyeki, Timothy M; West, T Eoin; Christian, Michael D; Devereaux, Asha V; Dichter, Jeffrey R; Kissoon, Niranjan

    2014-10-01

    Planning for mass critical care (MCC) in resource-poor or constrained settings has been largely ignored, despite their large populations that are prone to suffer disproportionately from natural disasters. Addressing MCC in these settings has the potential to help vast numbers of people and also to inform planning for better-resourced areas. The Resource-Poor Settings panel developed five key question domains; defining the term resource poor and using the traditional phases of disaster (mitigation/preparedness/response/recovery), literature searches were conducted to identify evidence on which to answer the key questions in these areas. Given a lack of data upon which to develop evidence-based recommendations, expert-opinion suggestions were developed, and consensus was achieved using a modified Delphi process. The five key questions were then separated as follows: definition, infrastructure and capacity building, resources, response, and reconstitution/recovery of host nation critical care capabilities and research. Addressing these questions led the panel to offer 33 suggestions. Because of the large number of suggestions, the results have been separated into two sections: part 1, Infrastructure/Capacity in this article, and part 2, Response/Recovery/Research in the accompanying article. Lack of, or presence of, rudimentary ICU resources and limited capacity to enhance services further challenge resource-poor and constrained settings. Hence, capacity building entails preventative strategies and strengthening of primary health services. Assistance from other countries and organizations is needed to mount a surge response. Moreover, planning should include when to disengage and how the host nation can provide capacity beyond the mass casualty care event.

  12. Protecting and securing the energy infrastructure

    Energy Technology Data Exchange (ETDEWEB)

    Gillham, B. [Conoco Canada Ltd., Calgary, AB (Canada)

    2002-07-01

    Critical Infrastructure Protection (CIP) includes protection against physical and cyber attacks as well as potential interruptions and vulnerabilities such as natural disasters and human error. CIP makes it possible to deal with the consequences of infrastructure failures that can have regional, national and international impacts. The energy sector is challenged because there has been an irreversible move to automated control systems and electronic transactions. In addition, due to mergers and joint ventures, the line between traditional oil, natural gas companies and power companies is not perfectly clear. Energy industries can no longer be seen in isolation of each other because they depend on other critical infrastructures. Industry should lead CIP programs through risk management assessments, develop and implement global information technology standards, and enhance response and recovery planning. The National Petroleum Council (NPC) will continue to develop the capabilities of the newly formed Information Sharing and Assessment Centre (ISAC). The sector will also continue to develop common vulnerability assessment goals. It was noted that response and recovery plans must include the cyber dimension, because there has been an increasing number of scans and probes from the Internet since the events of September 11, 2001. It was noted that physical incidents can often turn into cyber incidents and vice versa.

  13. An experience of knowledge co-production for setting up landslide risk management processes in a critical infrastructure: the case of Campania Region (Southern Italy)

    Science.gov (United States)

    Rianna, Guido; Roca Collell, Marta; Uzielli, Marco; Van Ruiten, Kees; Mercogliano, Paola; Ciervo, Fabio; Reder, Alfredo

    2017-04-01

    In Campania Region (Southern Italy), expected increases in heavy rainfall events under the effect of climate changes and demographic pressure could entail a growth of occurrence of weather induced landslides and associated damages. Indeed, already in recent years, pyroclastic covers mantling the slopes of a large part of the Region have been affected by numerous events often causing victims and damages to infrastructures serving the urban centers. Due to the strategic relevance of the area, landslide events affecting volcanic layers in Campania Region are one of the five case studies investigated in the FP7 European Project INTACT about the impacts of extreme weather on critical infrastructure. The main aim of INTACT project is to increase the resilience of critical infrastructures (CI) facing extreme weather events improving the awareness of stakeholders and asset managers about such phenomena and their potential variations due to Climate Changes and providing tools to support risk management strategies. A WIKI has been designed as a remote support for all stages of the risk process through brief theoretical explanations (in Wiki style) about tools and methods proposed and reports on the findings and hints returned by case studies investigations. In order to have a product tailored to the needs and background of CI owners, managers and policy makers, an intense effort of knowledge co-production between researchers and stakeholders have been carried out in different case studies through questionnaires, meetings, workshops and/or 1-to-1 interviews. This work presents the different tools and approaches adopted to facilitate the exchange with stakeholders in the Campanian case study such as the "Storytelling approach", aiming to stress the need for a comprehensive and overall approach to the issue between the different disaster management phases (mitigation, preparedness, response and recovery) and actors; the CIRCLE approach developed by Deltares, partner in INTACT

  14. Building safeguards infrastructure

    International Nuclear Information System (INIS)

    Stevens, Rebecca S.; McClelland-Kerr, John

    2009-01-01

    Much has been written in recent years about the nuclear renaissance - the rebirth of nuclear power as a clean and safe source of electricity around the world. Those who question the nuclear renaissance often cite the risk of proliferation, accidents or an attack on a facility as concerns, all of which merit serious consideration. The integration of these three areas - sometimes referred to as 3S, for safety, security and safeguards - is essential to supporting the growth of nuclear power, and the infrastructure that supports them should be strengthened. The focus of this paper will be on the role safeguards plays in the 3S concept and how to support the development of the infrastructure necessary to support safeguards. The objective of this paper has been to provide a working definition of safeguards infrastructure, and to discuss xamples of how building safeguards infrastructure is presented in several models. The guidelines outlined in the milestones document provide a clear path for establishing both the safeguards and the related infrastructures needed to support the development of nuclear power. The model employed by the INSEP program of engaging with partner states on safeguards-related topics that are of current interest to the level of nuclear development in that state provides another way of approaching the concept of building safeguards infrastructure. The Next Generation Safeguards Initiative is yet another approach that underscored five principal areas for growth, and the United States commitment to working with partners to promote this growth both at home and abroad.

  15. Greening infrastructure

    CSIR Research Space (South Africa)

    Van Wyk, Llewellyn V

    2014-10-01

    Full Text Available The development and maintenance of infrastructure is crucial to improving economic growth and quality of life (WEF 2013). Urban infrastructure typically includes bulk services such as water, sanitation and energy (typically electricity and gas...

  16. Bike Infrastructures

    DEFF Research Database (Denmark)

    Silva, Victor; Harder, Henrik; Jensen, Ole B.

    Bike Infrastructures aims to identify bicycle infrastructure typologies and design elements that can help promote cycling significantly. It is structured as a case study based research where three cycling infrastructures with distinct typologies were analyzed and compared. The three cases......, the findings of this research project can also support bike friendly design and planning, and cyclist advocacy....

  17. The critical success factor approach to strategic alignment: seeking a trail from a health organization's goals to its management information infrastructure.

    Science.gov (United States)

    Tan, J K

    1999-11-01

    The critical success factor (CSF) approach is a technique that will aid health administrators, planners and managers to identify, specify and sort among the most relevant and critical factors determining an organization's survival and success. Following a top-down management perspective, this paper discusses the CSF methodology as a strategic information management process comprising several important phases: (i) understanding the external factors such as the organization's industry, market and environment; (ii) achieving strong support and championship from top management; (iii) encouraging the proactive involvement of management and staff in generic CSF identification; (iv) educating and directing the participation of staff members in CSF verification and further refinement of generic CSFs into specific CSFs; and (v) aggregating, prioritizing and translating activity-related CSFs into organizational information requirements for the design of the organization's management information infrastructure. The implementation of this CSF approach is illustrated in the context of a British Columbia community hospital, with insights provided into key issues for future health researchers and practitioners.

  18. Protecting Accelerator Control Systems in the Face of Sophisticated Cyber Attacks

    International Nuclear Information System (INIS)

    Hartman, Steven M.

    2012-01-01

    Cyber security for industrial control systems has received significant attention in the past two years. The news coverage of the Stuxnet attack, believed to be targeted at the control system for a uranium enrichment plant, brought the issue to the attention of news media and policy makers. This has led to increased scrutiny of control systems for critical infrastructure such as power generation and distribution, and industrial systems such as chemical plants and petroleum refineries. The past two years have also seen targeted network attacks aimed at corporate and government entities including US Department of Energy National Laboratories. Both of these developments have potential repercussions for the control systems of particle accelerators. The need to balance risks from potential attacks with the operational needs of an accelerator present a unique challenge for the system architecture and access model.

  19. Heart Attack Recovery FAQs

    Science.gov (United States)

    ... recommendations to make a full recovery. View an animation of a heart attack . Heart Attack Recovery Questions ... Support Network Popular Articles 1 Understanding Blood Pressure Readings 2 Sodium and Salt 3 Heart Attack Symptoms ...

  20. Public-Private Partnerships for the Provision of Port Infrastructure: An Explorative Multi-Actor Perspective on Critical Success Factors1

    Directory of Open Access Journals (Sweden)

    Geoffrey Aerts

    2014-12-01

    Full Text Available Public-private cooperation on the level of project finance, and provision of large-scale infrastructure projects, is increasing on the global level. This paper uses a multi-actor analysis, in order to explore the critical success factors (CSFs for sound implementation of public-private partnerships (PPPs in the port context, and to determine the diverging opinions of stakeholders with regard to the importance of these CSFs. The results indicate that eight CSFs are of superior importance in port PPPs: the concreteness and preciseness of the concession agreement, the ability to appropriately allocate and share risk, the technical feasibility of the project, the commitment made by partners, the attractiveness of the financial package, a clear definition of responsibilities, the presence of a strong private consortium and a realistic cost/benefit assessment. The reason for their importance is their deal-breaking character, which can lead to a total failure of PPP projects during the early stages of project conception.

  1. Advanced methods for the risk, vulnerability and resilience assessment of safety-critical engineering components, systems and infrastructures, in the presence of uncertainties

    International Nuclear Information System (INIS)

    Pedroni, Nicolas

    2016-01-01

    Safety-critical industrial installations (e.g., nuclear plants) and infrastructures (e.g., power transmission networks) are complex systems composed by a multitude and variety of heterogeneous 'elements', which are highly interconnected and mutually dependent. In addition, such systems are affected by large uncertainties in the characterization of the failure and recovery behavior of their components, interconnections and interactions. Such characteristics raise concerns with respect to the system risk, vulnerability and resilience properties, which have to be accurately and precisely assessed for decision making purposes. In general, this entails the following main steps: (1) representation of the system to capture its main features; (2) construction of a mathematical model of the system; (3) simulation of the behavior of the system under various uncertain conditions to evaluate the relevant risk, vulnerability and resilience metrics by propagating the uncertainties through the mathematical model; (4) decision making to (optimally) determine the set of protective actions to effectively reduce (resp., increase) the system risk and vulnerability (resp., resilience). New methods to address these issues have been developed in this dissertation. Specifically, the research works have been carried out along two main axes: (1) the study of approaches for uncertainty modeling and quantification; (2) the development of advanced computational methods for the efficient system modeling, simulation and analysis in the presence of uncertainties. (author)

  2. Determinants of Critical Infrastructure Resources

    Directory of Open Access Journals (Sweden)

    Ostrowska Teresa

    2017-12-01

    Full Text Available This article is devoted to the issue of how resources are interpreted in the form of technology reactors that, as a result of unexpected circumstances, turn into pyramidal or avalanche threat dynamics. Counteracting such catastrophic, terrorist, or war situations cannot begin in the face of mass casualties or significant material losses that will require reconstruction and the work of many generations. The decisive factor is the correct long-term operation and management of the economy. The starting point of this article is the concept of resource and structural-functional relationships of resources and all their possible interpretations consistent with the functionalities they play in the human environment, human aggregates, and whole nations. The aim is to draw the reader's attention to the importance (semiotics of qualitative specifications and dynamically changing determinants contained in the material and structural-functional properties of the resources and their channel (information communication.

  3. Cyber security of critical infrastructures

    Directory of Open Access Journals (Sweden)

    Leandros A. Maglaras

    2018-03-01

    Full Text Available Modern Supervisory Control and Data Acquisition (SCADA systems are essential for monitoring and managing electric power generation, transmission and distribution. In the age of the Internet of Things, SCADA has evolved into big, complex and distributed systems that are prone to be conventional in addition to new threats. Many security methods can be applied to such systems, having in mind that both high efficiency, real time intrusion identification and low overhead are required. Keywords: SCADA systems, Security

  4. Putting the Critical Back in Critical Infrastructure

    Science.gov (United States)

    2015-12-01

    more clearly understood, programmatically consumable, and 95 Carmen Ferro, David Henry , and...Bassett, W. A. Buehring, M. J. Collins, D. C. Dickinson, L. K. Eaton, K. E. Wallace , R. G. Whitfield, and J. P. Peerenboom. Constructing a Resilience

  5. Revisiting the Estonian Cyber Attacks: Digital Threats and Multinational Responses

    Directory of Open Access Journals (Sweden)

    Stephen Herzog

    2011-01-01

    Full Text Available In April 2007, the Estonian Government moved a memorial commemorating the Soviet liberation of the country from the Nazis to a less prominent and visible location in Tallinn. This decision triggered rioting among Russian-speaking minorities and cyber terrorism targeting Estonia's critical economic and political infrastructure. Drawing upon the Estonian cyber attacks, this article argues that globalization and the Internet have enabled transnational groups—such as the Russian diaspora—to avenge their grievances by threatening the sovereignty of nation-states in cyberspace. Sophisticated and virtually untraceable political "hacktivists" may now possess the ability to disrupt or destroy government operations, banking transactions, city power grids, and even military weapon systems. Fortunately, western countries banded together to effectively combat the Estonian cyber attacks and minimize their effects. However, this article concludes that in the age of globalization, interdependence, and digital interconnectedness, nation-states must engage in increased cooperative cyber-defense activities to counter and prevent devastating Internet attacks and their implications.

  6. Protecting ICS Systems Within the Energy Sector from Cyber Attacks

    Science.gov (United States)

    Barnes, Shaquille

    Advance persistent threat (APT) groups are continuing to attack the energy sector through cyberspace, which poses a risk to our society, national security, and economy. Industrial control systems (ICSs) are not designed to handle cyber-attacks, which is why asset owners need to implement the correct proactive and reactive measures to mitigate the risk to their ICS environments. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) responded to 290 incidents for fiscal year 2016, where 59 of those incidents came from the Energy Sector. APT groups know how vulnerable energy sector ICS systems are and the destruction they can cause when they go offline such as loss of production, loss of life, and economic impact. Defending against APT groups requires more than just passive controls such as firewalls and antivirus solutions. Asset owners should implement a combination of best practices and active defense in their environment to defend against APT groups. Cyber-attacks against critical infrastructure will become more complex and harder to detect and respond to with traditional security controls. The purpose of this paper was to provide asset owners with the correct security controls and methodologies to help defend against APT groups.

  7. MFC Communications Infrastructure Study

    Energy Technology Data Exchange (ETDEWEB)

    Michael Cannon; Terry Barney; Gary Cook; George Danklefsen, Jr.; Paul Fairbourn; Susan Gihring; Lisa Stearns

    2012-01-01

    Unprecedented growth of required telecommunications services and telecommunications applications change the way the INL does business today. High speed connectivity compiled with a high demand for telephony and network services requires a robust communications infrastructure.   The current state of the MFC communication infrastructure limits growth opportunities of current and future communication infrastructure services. This limitation is largely due to equipment capacity issues, aging cabling infrastructure (external/internal fiber and copper cable) and inadequate space for telecommunication equipment. While some communication infrastructure improvements have been implemented over time projects, it has been completed without a clear overall plan and technology standard.   This document identifies critical deficiencies with the current state of the communication infrastructure in operation at the MFC facilities and provides an analysis to identify needs and deficiencies to be addressed in order to achieve target architectural standards as defined in STD-170. The intent of STD-170 is to provide a robust, flexible, long-term solution to make communications capabilities align with the INL mission and fit the various programmatic growth and expansion needs.

  8. Optimizing the Long-Term Capacity Expansion and Protection of Iraqi Oil Infrastructure

    National Research Council Canada - National Science Library

    Brown, Patrick S

    2005-01-01

    This thesis introduces a tri-level defender-attacker-defender optimization model that prescribes how Iraq's oil infrastructure can, over time, be expanded, protected, and operated, even in the face of insurgent attacks...

  9. Defense and attack of complex and dependent systems

    International Nuclear Information System (INIS)

    Hausken, Kjell

    2010-01-01

    A framework is constructed for how to analyze the strategic defense of an infrastructure subject to attack by a strategic attacker. Merging operations research, reliability theory, and game theory for optimal analytical impact, the optimization program for the defender and attacker is specified. Targets can be in parallel, series, combined series-parallel, complex, k-out-of-n redundancy, independent, interdependent, and dependent. The defender and attacker determine how much to invest in defending versus attacking each of multiple targets. A target can have economic, human, and symbolic values, subjectively assessed by the defender and attacker. A contest success function determines the probability of a successful attack on each target, dependent on the investments by the defender and attacker into each target, and on characteristics of the contest. The defender minimizes the expected damage plus the defense costs. The attacker maximizes the expected damage minus the attack costs. Each agent is concerned about how his investments vary across the targets, and the impact on his utilities. Interdependent systems are analyzed where the defense and attack on one target impacts all targets. Dependent systems are analyzed applying Markov analysis and repeated games where a successful attack on one target in the first period impacts the unit costs of defense and attack, and the contest intensity, for the other target in the second period.

  10. Defense and attack of complex and dependent systems

    Energy Technology Data Exchange (ETDEWEB)

    Hausken, Kjell, E-mail: kjell.hausken@uis.n [Faculty of Social Sciences, University of Stavanger, N-4036 Stavanger (Norway)

    2010-01-15

    A framework is constructed for how to analyze the strategic defense of an infrastructure subject to attack by a strategic attacker. Merging operations research, reliability theory, and game theory for optimal analytical impact, the optimization program for the defender and attacker is specified. Targets can be in parallel, series, combined series-parallel, complex, k-out-of-n redundancy, independent, interdependent, and dependent. The defender and attacker determine how much to invest in defending versus attacking each of multiple targets. A target can have economic, human, and symbolic values, subjectively assessed by the defender and attacker. A contest success function determines the probability of a successful attack on each target, dependent on the investments by the defender and attacker into each target, and on characteristics of the contest. The defender minimizes the expected damage plus the defense costs. The attacker maximizes the expected damage minus the attack costs. Each agent is concerned about how his investments vary across the targets, and the impact on his utilities. Interdependent systems are analyzed where the defense and attack on one target impacts all targets. Dependent systems are analyzed applying Markov analysis and repeated games where a successful attack on one target in the first period impacts the unit costs of defense and attack, and the contest intensity, for the other target in the second period.

  11. Impact modeling and prediction of attacks on cyber targets

    Science.gov (United States)

    Khalili, Aram; Michalk, Brian; Alford, Lee; Henney, Chris; Gilbert, Logan

    2010-04-01

    In most organizations, IT (information technology) infrastructure exists to support the organization's mission. The threat of cyber attacks poses risks to this mission. Current network security research focuses on the threat of cyber attacks to the organization's IT infrastructure; however, the risks to the overall mission are rarely analyzed or formalized. This connection of IT infrastructure to the organization's mission is often neglected or carried out ad-hoc. Our work bridges this gap and introduces analyses and formalisms to help organizations understand the mission risks they face from cyber attacks. Modeling an organization's mission vulnerability to cyber attacks requires a description of the IT infrastructure (network model), the organization mission (business model), and how the mission relies on IT resources (correlation model). With this information, proper analysis can show which cyber resources are of tactical importance in a cyber attack, i.e., controlling them enables a large range of cyber attacks. Such analysis also reveals which IT resources contribute most to the organization's mission, i.e., lack of control over them gravely affects the mission. These results can then be used to formulate IT security strategies and explore their trade-offs, which leads to better incident response. This paper presents our methodology for encoding IT infrastructure, organization mission and correlations, our analysis framework, as well as initial experimental results and conclusions.

  12. Terrorists and Suicide Attacks

    National Research Council Canada - National Science Library

    Cronin, Audrey K

    2003-01-01

    Suicide attacks by terrorist organizations have become more prevalent globally, and assessing the threat of suicide attacks against the United States and its interests at home and abroad has therefore...

  13. Solidarity under Attack

    DEFF Research Database (Denmark)

    Meret, Susi; Goffredo, Sergio

    2017-01-01

    https://www.opendemocracy.net/can-europe-make-it/susi-meret-sergio-goffredo/solidarity-under-attack......https://www.opendemocracy.net/can-europe-make-it/susi-meret-sergio-goffredo/solidarity-under-attack...

  14. Pericarditis - after heart attack

    Science.gov (United States)

    ... include: A previous heart attack Open heart surgery Chest trauma A heart attack that has affected the thickness of your heart muscle Symptoms Symptoms include: Anxiety Chest pain from the swollen pericardium rubbing on the ...

  15. Heart attack first aid

    Science.gov (United States)

    First aid - heart attack; First aid - cardiopulmonary arrest; First aid - cardiac arrest ... A heart attack occurs when the blood flow that carries oxygen to the heart is blocked. The heart muscle ...

  16. Railway infrastructure security

    CERN Document Server

    Sforza, Antonio; Vittorini, Valeria; Pragliola, Concetta

    2015-01-01

    This comprehensive monograph addresses crucial issues in the protection of railway systems, with the objective of enhancing the understanding of railway infrastructure security. Based on analyses by academics, technology providers, and railway operators, it explains how to assess terrorist and criminal threats, design countermeasures, and implement effective security strategies. In so doing, it draws upon a range of experiences from different countries in Europe and beyond. The book is the first to be devoted entirely to this subject. It will serve as a timely reminder of the attractiveness of the railway infrastructure system as a target for criminals and terrorists and, more importantly, as a valuable resource for stakeholders and professionals in the railway security field aiming to develop effective security based on a mix of methodological, technological, and organizational tools. Besides researchers and decision makers in the field, the book will appeal to students interested in critical infrastructur...

  17. Chapter 2. Surge capacity and infrastructure considerations for mass critical care. Recommendations and standard operating procedures for intensive care unit and hospital preparations for an influenza epidemic or mass disaster.

    Science.gov (United States)

    Hick, John L; Christian, Michael D; Sprung, Charles L

    2010-04-01

    To provide recommendations and standard operating procedures for intensive care unit (ICU) and hospital preparations for a mass disaster or influenza epidemic with a specific focus on surge capacity and infrastructure considerations. Based on a literature review and expert opinion, a Delphi process was used to define the essential topics including surge capacity and infrastructure considerations. Key recommendations include: (1) hospitals should increase their ICU beds to the maximal extent by expanding ICU capacity and expanding ICUs into other areas; (2) hospitals should have appropriate beds and monitors for these expansion areas; hospitals should develop contingency plans at the facility and government (local, state, provincial, national) levels to provide additional ventilators; (3) hospitals should develop a phased staffing plan (nursing and physician) for ICUs that provides sufficient patient care supervision during contingency and crisis situations; (4) hospitals should provide expert input to the emergency management personnel at the hospital both during planning for surge capacity as well as during response; (5) hospitals should assure that adequate infrastructure support is present to support critical care activities; (6) hospitals should prioritize locations for expansion by expanding existing ICUs, using postanesthesia care units and emergency departments to capacity, then step-down units, large procedure suites, telemetry units and finally hospital wards. Judicious planning and adoption of protocols for surge capacity and infrastructure considerations are necessary to optimize outcomes during a pandemic.

  18. Infrastructural Fractals

    DEFF Research Database (Denmark)

    Bruun Jensen, Casper

    2007-01-01

    . Instead, I outline a fractal approach to the study of space, society, and infrastructure. A fractal orientation requires a number of related conceptual reorientations. It has implications for thinking about scale and perspective, and (sociotechnical) relations, and for considering the role of the social...... and a fractal social theory....

  19. Vulnerabilities of the security of nuclear material due to cyber attacks

    International Nuclear Information System (INIS)

    Daschil, F.

    2002-01-01

    Full text: The spread of new communication and computer technologies is now the potential for a dedicated, sophisticated adversary to conduct coordinated strikes against the computers, communications systems, and databases of nuclear material security systems. All weapons of cyber war, like viruses, Trojans, access to computer systems are potential risks for the security of nuclear material. New forms of destruction of electronic devices, e.g. Transient Electromagnetic Devices (TED), that could, in the hands of enemies, criminals, or terrorist pose a significant threat to nuclear safety infrastructure components that are based on micro-circuits and computer or micro-processor control. These examples shows the necessity to clearly identify possible risks as: information and communication based disorders and other disruptions and attacks; partial or complete failure of systems causing the risk of unexpected reaction or unmanageable situations; cracking of access codes and elimination of alarm equipment could give easy access to nuclear material; computer manipulation or complete computer and system takeover due to brute force attacks, viruses, Trojans and worms could lead to malfunctions, disruptions and nuclear disasters; computer spying and brute force attacks could give detailed information about technical, organizational and organizational data; combined actions of physical, electronic and computer attacks. The paper gives an overview of potential computer and communication safety gaps and points out strategic implications as the identification of the critical infrastructure, surveillance of computer systems, data access and communication paths. The basic necessity of the development of computer and communication breakdown backup systems as well as measures of precaution against cyber attacks is shown in the paper. (author)

  20. Composite Dos Attack Model

    Directory of Open Access Journals (Sweden)

    Simona Ramanauskaitė

    2012-04-01

    Full Text Available Preparation for potential threats is one of the most important phases ensuring system security. It allows evaluating possible losses, changes in the attack process, the effectiveness of used countermeasures, optimal system settings, etc. In cyber-attack cases, executing real experiments can be difficult for many reasons. However, mathematical or programming models can be used instead of conducting experiments in a real environment. This work proposes a composite denial of service attack model that combines bandwidth exhaustion, filtering and memory depletion models for a more real representation of similar cyber-attacks. On the basis of the introduced model, different experiments were done. They showed the main dependencies of the influence of attacker and victim’s properties on the success probability of denial of service attack. In the future, this model can be used for the denial of service attack or countermeasure optimization.

  1. Terrorism and Security Issues Facing the Water Infrastructure Sector

    National Research Council Canada - National Science Library

    Copeland, Claudia; Cody, Betsy

    2005-01-01

    Damage to or destruction of the nation's water supply and water quality infrastructure by terrorist attack could disrupt the delivery of vital human services in this country, threatening public health...

  2. Terrorism and Security Issues Facing the Water Infrastructure Sector

    National Research Council Canada - National Science Library

    Copeland, Claudia; Cody, Betsy A

    2006-01-01

    Damage to or destruction of the nation's water supply and water quality infrastructure by a terrorist attack could disrupt the delivery of vital human services in this country, threaten public health...

  3. Use of Attack Graphs in Security Systems

    Directory of Open Access Journals (Sweden)

    Vivek Shandilya

    2014-01-01

    Full Text Available Attack graphs have been used to model the vulnerabilities of the systems and their potential exploits. The successful exploits leading to the partial/total failure of the systems are subject of keen security interest. Considerable effort has been expended in exhaustive modeling, analyses, detection, and mitigation of attacks. One prominent methodology involves constructing attack graphs of the pertinent system for analysis and response strategies. This not only gives the simplified representation of the system, but also allows prioritizing the security properties whose violations are of greater concern, for both detection and repair. We present a survey and critical study of state-of-the-art technologies in attack graph generation and use in security system. Based on our research, we identify the potential, challenges, and direction of the current research in using attack graphs.

  4. Exploiting Hardware Vulnerabilities to Attack Embedded System Devices: a Survey of Potent Microarchitectural Attacks

    Directory of Open Access Journals (Sweden)

    Apostolos P. Fournaris

    2017-07-01

    Full Text Available Cyber-Physical system devices nowadays constitute a mixture of Information Technology (IT and Operational Technology (OT systems that are meant to operate harmonically under a security critical framework. As security IT countermeasures are gradually been installed in many embedded system nodes, thus securing them from many well-know cyber attacks there is a lurking danger that is still overlooked. Apart from the software vulnerabilities that typical malicious programs use, there are some very interesting hardware vulnerabilities that can be exploited in order to mount devastating software or hardware attacks (typically undetected by software countermeasures capable of fully compromising any embedded system device. Real-time microarchitecture attacks such as the cache side-channel attacks are such case but also the newly discovered Rowhammer fault injection attack that can be mounted even remotely to gain full access to a device DRAM (Dynamic Random Access Memory. Under the light of the above dangers that are focused on the device hardware structure, in this paper, an overview of this attack field is provided including attacks, threat directives and countermeasures. The goal of this paper is not to exhaustively overview attacks and countermeasures but rather to survey the various, possible, existing attack directions and highlight the security risks that they can pose to security critical embedded systems as well as indicate their strength on compromising the Quality of Service (QoS such systems are designed to provide.

  5. Testing Situation Awareness Network for the Electrical Power Infrastructure

    Directory of Open Access Journals (Sweden)

    Rafał Leszczyna

    2016-09-01

    Full Text Available The contemporary electrical power infrastructure is exposed to new types of threats. The cause of such threats is related to the large number of new vulnerabilities and architectural weaknesses introduced by the extensive use of Information and communication Technologies (ICT in such complex critical systems. The power grid interconnection with the Internet exposes the grid to new types of attacks, such as Advanced Persistent Threats (APT or Distributed-Denial-ofService (DDoS attacks. When addressing this situation the usual cyber security technologies are prerequisite, but not sufficient. To counter evolved and highly sophisticated threats such as the APT or DDoS, state-of-the-art technologies including Security Incident and Event Management (SIEM systems, extended Intrusion Detection/Prevention Systems (IDS/IPS and Trusted Platform Modules (TPM are required. Developing and deploying extensive ICT infrastructure that supports wide situational awareness and allows precise command and control is also necessary. In this paper the results of testing the Situational Awareness Network (SAN designed for the energy sector are presented. The purpose of the tests was to validate the selection of SAN components and check their operational capability in a complex test environment. During the tests’ execution appropriate interaction between the components was verified.

  6. Regulação de Riscos e Proteção de Infraestruturas Críticas: os novos ventos do fenômeno regulatório / Risk Regulation and Critical Infrastructure Protection: The New Winds of the Regulatory Phenomenon

    Directory of Open Access Journals (Sweden)

    Egon C. Guterres

    2016-05-01

    Full Text Available Purpose – This article analyzes the origins of the Risk Regulation Theory and Critical Infrastructure Protection Programs, and shows their contribution to the Brazilian regulatory experience. Methodology/approach/design – Through several examples, this study presents regulatory policies that emerged as responses to events that caused a significant impact on society. Findings – The unique way that the Critical Infrastructure Protection Programs evolved within the Brazilian regulatory experience is greatly attributable to demands of major international sporting events.

  7. Web server attack analyzer

    OpenAIRE

    Mižišin, Michal

    2013-01-01

    Web server attack analyzer - Abstract The goal of this work was to create prototype of analyzer of injection flaws attacks on web server. Proposed solution combines capabilities of web application firewall and web server log analyzer. Analysis is based on configurable signatures defined by regular expressions. This paper begins with summary of web attacks, followed by detection techniques analysis on web servers, description and justification of selected implementation. In the end are charact...

  8. Mining IP to Domain Name Interactions to Detect DNS Flood Attacks on Recursive DNS Servers.

    Science.gov (United States)

    Alonso, Roberto; Monroy, Raúl; Trejo, Luis A

    2016-08-17

    The Domain Name System (DNS) is a critical infrastructure of any network, and, not surprisingly a common target of cybercrime. There are numerous works that analyse higher level DNS traffic to detect anomalies in the DNS or any other network service. By contrast, few efforts have been made to study and protect the recursive DNS level. In this paper, we introduce a novel abstraction of the recursive DNS traffic to detect a flooding attack, a kind of Distributed Denial of Service (DDoS). The crux of our abstraction lies on a simple observation: Recursive DNS queries, from IP addresses to domain names, form social groups; hence, a DDoS attack should result in drastic changes on DNS social structure. We have built an anomaly-based detection mechanism, which, given a time window of DNS usage, makes use of features that attempt to capture the DNS social structure, including a heuristic that estimates group composition. Our detection mechanism has been successfully validated (in a simulated and controlled setting) and with it the suitability of our abstraction to detect flooding attacks. To the best of our knowledge, this is the first time that work is successful in using this abstraction to detect these kinds of attacks at the recursive level. Before concluding the paper, we motivate further research directions considering this new abstraction, so we have designed and tested two additional experiments which exhibit promising results to detect other types of anomalies in recursive DNS servers.

  9. Mining IP to Domain Name Interactions to Detect DNS Flood Attacks on Recursive DNS Servers

    Directory of Open Access Journals (Sweden)

    Roberto Alonso

    2016-08-01

    Full Text Available The Domain Name System (DNS is a critical infrastructure of any network, and, not surprisingly a common target of cybercrime. There are numerous works that analyse higher level DNS traffic to detect anomalies in the DNS or any other network service. By contrast, few efforts have been made to study and protect the recursive DNS level. In this paper, we introduce a novel abstraction of the recursive DNS traffic to detect a flooding attack, a kind of Distributed Denial of Service (DDoS. The crux of our abstraction lies on a simple observation: Recursive DNS queries, from IP addresses to domain names, form social groups; hence, a DDoS attack should result in drastic changes on DNS social structure. We have built an anomaly-based detection mechanism, which, given a time window of DNS usage, makes use of features that attempt to capture the DNS social structure, including a heuristic that estimates group composition. Our detection mechanism has been successfully validated (in a simulated and controlled setting and with it the suitability of our abstraction to detect flooding attacks. To the best of our knowledge, this is the first time that work is successful in using this abstraction to detect these kinds of attacks at the recursive level. Before concluding the paper, we motivate further research directions considering this new abstraction, so we have designed and tested two additional experiments which exhibit promising results to detect other types of anomalies in recursive DNS servers.

  10. Seven Deadliest Microsoft Attacks

    CERN Document Server

    Kraus, Rob; Borkin, Mike; Alpern, Naomi

    2010-01-01

    Do you need to keep up with the latest hacks, attacks, and exploits effecting Microsoft products? Then you need Seven Deadliest Microsoft Attacks. This book pinpoints the most dangerous hacks and exploits specific to Microsoft applications, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. Windows Operating System-Password AttacksActive Directory-Escalat

  11. Transient Ischemic Attack

    Medline Plus

    Full Text Available ... stroke symptoms. Popular Topics TIA Cardiac Catheter Cholesterol Heart Attack Stent © 2018, American Heart Association, Inc. All rights reserved. Unauthorized use prohibited. ...

  12. Seven deadliest USB attacks

    CERN Document Server

    Anderson, Brian

    2010-01-01

    Do you need to keep up with the latest hacks, attacks, and exploits effecting USB technology? Then you need Seven Deadliest USB Attacks. This book pinpoints the most dangerous hacks and exploits specific to USB, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. Attacks detailed in this book include: USB Hacksaw USB Switchblade USB Based Virus/Malicous Code Launch USB Device Overflow RAMdum

  13. Evaluative Infrastructures

    DEFF Research Database (Denmark)

    Kornberger, Martin; Pflueger, Dane; Mouritsen, Jan

    2017-01-01

    Platform organizations such as Uber, eBay and Airbnb represent a growing disruptive phenomenon in contemporary capitalism, transforming economic organization, the nature of work, and the distribution of wealth. This paper investigates the accounting practices that underpin this new form...... of organizing, and in doing so confronts a significant challenge within the accounting literature: the need to escape what Hopwood (1996) describes as its “hierarchical consciousness”. In order to do so, this paper develops the concept of evaluative infrastructure which describes accounting practices...

  14. Ritual Infrastructure

    DEFF Research Database (Denmark)

    Sjørslev, Inger

    2017-01-01

    within urban life. There is a certain parallel between these different locations and the difference in ritual roads to certainty in the two religions. The article draws out connections between different levels of infrastructure – material, spatial and ritual. The comparison between the two religions......This article compares the ways in which two different religions in Brazil generate roads to certainty through objectification, one through gods, the other through banknotes. The Afro-Brazilian religion Candomblé provides a road to certainty based on cosmological ideas about gods whose presence...

  15. Cyber Attacks: A New Threat to the Energy Industry

    International Nuclear Information System (INIS)

    Desarnaud, Gabrielle

    2016-01-01

    The Network and Information Security (NIS) Directive has been adopted on July 6, 2016 by the European Parliament, three years after the initial proposal by the European Commission. It paves the way for a much needed common cyber security strategy within the EU. This Edito explains the reasons why the energy industry is particularly vulnerable to cyber- attacks, and what tools this new directive brings about to protect European critical infrastructures. In about two decades, the energy industry has been deeply transformed by the digital revolution, which penetrated companies' commercial, administrative and financial branches, but also their industrial systems. From the optimization of electric grids to the precision of oil drilling, information and communication technologies (ICT) are now essential to every stage of energy production, transport and distribution processes. Data mining and analysis are increasingly considered as the energy sector's new 'black gold', and generate new activities just like the platform Predix, designed by General Electric to help energy companies (among others) collect and analyze industrial data. This silent revolution offers countless economic opportunities and paves the way for a better resource distribution and use. But it also puts physical energy infrastructures at risk

  16. Plants under dual attack

    NARCIS (Netherlands)

    Ponzio, C.A.M.

    2016-01-01

    Though immobile, plants are members of complex environments, and are under constant threat from a wide range of attackers, which includes organisms such as insect herbivores or plant pathogens. Plants have developed sophisticated defenses against these attackers, and include chemical responses

  17. Heart attack - discharge

    Science.gov (United States)

    ... and lifestyle Cholesterol - drug treatment Controlling your high blood pressure Deep vein thrombosis - discharge Dietary fats explained Fast food tips Heart attack - discharge Heart attack - what to ask your doctor Heart bypass ... pacemaker - discharge High blood pressure - what to ask your doctor How to read ...

  18. Security solution against denial of service attacks in BESIP system

    Science.gov (United States)

    Rezac, Filip; Voznak, Miroslav; Safarik, Jakub; Partila, Pavol; Tomala, Karel

    2013-05-01

    This article deals about embedded SIP communication server with an easy integration into the computer network based on open source solutions and its effective defense against the most frequent attack in the present - Denial of Service. The article contains brief introduction into the Bright Embedded Solution for IP Telephony - BESIP and describes the most common types of DoS attacks, which are applied on SIP elements of the VoIP infrastructure including the results of defensive mechanism that has been designed.

  19. Cyber security in nuclear power plants and its portability to other industrial infrastructures

    International Nuclear Information System (INIS)

    Champigny, Sebastien; Gupta, Deeksha; Watson, Venesa; Waedt, Karl

    2017-01-01

    Power generation increasingly relies on decentralised and interconnected computerised systems. Concepts like ''Industrial Internet of Things'' of the Industrial Internet Consortium (IIC), and ''Industry 4.0'' find their way in this strategic industry. Risk of targeted exploits of errors and vulnerabilities increases with complexity, interconnectivity and decentralization. Inherently stringent security requirements and features make nuclear computerised applications and systems a benchmark for industrial counterparts seeking to hedge against those risks. Consequently, this contribution presents usual cyber security regulations and practices for nuclear power plants. It shows how nuclear cyber security can be ported and used in an industrial context to protect critical infrastructures against cyber-attacks and industrial espionage.

  20. Securing the United States' power infrastructure

    Energy Technology Data Exchange (ETDEWEB)

    Happenny, Sean F. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States)

    2015-08-01

    The United States’ power infrastructure is aging, underfunded, and vulnerable to cyber attack. Emerging smart grid technologies may take some of the burden off of existing systems and make the grid as a whole more efficient, reliable, and secure. The Pacific Northwest National Laboratory (PNNL) is funding research into several aspects of smart grid technology and grid security, creating a software simulation tool that will allow researchers to test power distribution networks utilizing different smart grid technologies to determine how the grid and these technologies react under different circumstances. Demonstrating security in embedded systems is another research area PNNL is tackling. Many of the systems controlling the U.S. critical infrastructure, such as the power grid, lack integrated security and the networks protecting them are becoming easier to breach. Providing a virtual power substation network to each student team at the National Collegiate Cyber Defense Competition, thereby supporting the education of future cyber security professionals, is another way PNNL is helping to strengthen the security of the nation’s power infrastructure.

  1. Setting Component Priorities in Protecting NPPs against Cyber-Attacks Using Reliability Analysis Techniques

    International Nuclear Information System (INIS)

    Choi, Moon Kyoung; Seong, Poong Hyun; Son, Han Seong

    2017-01-01

    The digitalization of infrastructure makes systems vulnerable to cyber threats and hybrid attacks. According to ICS-CERT report, as time goes by, the number of vulnerabilities in ICS industries increases rapidly. Digital I and C systems have been developed and installed in nuclear power plants, and due to installation of the digital I and C systems, cyber security concerns are increasing in nuclear industry. However, there are too many critical digital assets to be inspected in digitalized NPPs. In order to reduce the inefficiency of regulation in nuclear facilities, the critical components that are directly related to an accident are elicited by using the reliability analysis techniques. Target initial events are selected, and their headings are analyzed through event tree analysis about whether the headings can be affected by cyber-attacks or not. Among the headings, the headings that can be proceeded directly to the core damage by the cyber-attack when they are fail are finally selected as the target of deriving the minimum cut-sets. We analyze the fault trees and derive the minimum set-cuts. In terms of original PSA, the value of probability for the cut-sets is important but the probability is not important in terms of cyber security of NPPs. The important factors is the number of basic events consisting of the minimal cut-sets that is proportional to vulnerability.

  2. Vulnerability assessment of critical infrastructure : activity 2 final report : information on SCADA systems and other security monitoring techniques used in oil and gas pipelines

    Energy Technology Data Exchange (ETDEWEB)

    Gu, G.P.; Revie, R.W. [Natural Resources Canada, Ottawa, ON (Canada). CANMET Materials Technology Laboratory

    2008-03-15

    This study evaluated various technologies for monitoring the security of remote pipeline infrastructure. The technologies included flow, pressure and mass variations; negative pressure waves; dynamic and statistical modelling; hydrocarbon-sensitive cables; fiber optic systems; infrared thermography; spectral imaging; and synthetic aperture radar and radio frequency identification methods. A brief outline of the technologies was provided, along with suggestions for integrating the technology with other commercially available tools designed to manage security and reduce risk. The study demonstrated that many monitoring technologies are suitable for detecting pipeline leaks and identifying third party intrusions. A combination of different methods may provide optimal security and accuracy in leak detection and location. Automatic range and plausibility checks can be used to enhance system security and to recognize invalid changes in measuring devices and poorly parameterized media. Detailed reviews of the technologies were included in 2 appendices. 28 refs., 2 appendices.

  3. Vulnerability assessment of critical infrastructure : activity 2 progress report : information of SCADA systems and other security monitoring systems used in oil and gas pipelines

    Energy Technology Data Exchange (ETDEWEB)

    Gu, G.P. [Natural Resources Canada, Ottawa, ON (Canada). CANMET Materials Technology Laboratory

    2007-12-15

    Many pipelines are located in remote regions and subjected to harsh environmental conditions. Damage to pipelines can have significant economic and environmental impacts. This paper discussed the use of supervisory control and data acquisition (SCADA) systems to monitor and control oil and gas pipeline infrastructure. SCADA systems are a real time, distributed computerized system with an intelligent capability for condition identification and fault diagnosis. SCADA systems can be used to capture thousands of miles of pipeline system process data and distribute it to pipeline operators, whose work stations are networked with the SCADA central host computer. SCADA architectures include monolithic, distributed, and networked systems that can be distributed across wide area networks (WANs). SCADA security strategies must be implemented to ensure corporate network security. Case studies of SCADA systems currently used by oil and gas operators in Alberta were also presented. 15 refs., 1 fig.

  4. Towards risk-based management of critical infrastructures : enabling insights and analysis methodologies from a focused study of the bulk power grid.

    Energy Technology Data Exchange (ETDEWEB)

    Richardson, Bryan T.; LaViolette, Randall A.; Cook, Benjamin Koger

    2008-02-01

    This report summarizes research on a holistic analysis framework to assess and manage risks in complex infrastructures, with a specific focus on the bulk electric power grid (grid). A comprehensive model of the grid is described that can approximate the coupled dynamics of its physical, control, and market components. New realism is achieved in a power simulator extended to include relevant control features such as relays. The simulator was applied to understand failure mechanisms in the grid. Results suggest that the implementation of simple controls might significantly alter the distribution of cascade failures in power systems. The absence of cascade failures in our results raises questions about the underlying failure mechanisms responsible for widespread outages, and specifically whether these outages are due to a system effect or large-scale component degradation. Finally, a new agent-based market model for bilateral trades in the short-term bulk power market is presented and compared against industry observations.

  5. Adaptive cyber-attack modeling system

    Science.gov (United States)

    Gonsalves, Paul G.; Dougherty, Edward T.

    2006-05-01

    The pervasiveness of software and networked information systems is evident across a broad spectrum of business and government sectors. Such reliance provides an ample opportunity not only for the nefarious exploits of lone wolf computer hackers, but for more systematic software attacks from organized entities. Much effort and focus has been placed on preventing and ameliorating network and OS attacks, a concomitant emphasis is required to address protection of mission critical software. Typical software protection technique and methodology evaluation and verification and validation (V&V) involves the use of a team of subject matter experts (SMEs) to mimic potential attackers or hackers. This manpower intensive, time-consuming, and potentially cost-prohibitive approach is not amenable to performing the necessary multiple non-subjective analyses required to support quantifying software protection levels. To facilitate the evaluation and V&V of software protection solutions, we have designed and developed a prototype adaptive cyber attack modeling system. Our approach integrates an off-line mechanism for rapid construction of Bayesian belief network (BN) attack models with an on-line model instantiation, adaptation and knowledge acquisition scheme. Off-line model construction is supported via a knowledge elicitation approach for identifying key domain requirements and a process for translating these requirements into a library of BN-based cyber-attack models. On-line attack modeling and knowledge acquisition is supported via BN evidence propagation and model parameter learning.

  6. Situational awareness of a coordinated cyber attack

    Science.gov (United States)

    Sudit, Moises; Stotz, Adam; Holender, Michael

    2005-03-01

    As technology continues to advance, services and capabilities become computerized, and an ever increasing amount of business is conducted electronically the threat of cyber attacks gets compounded by the complexity of such attacks and the criticality of the information which must be secured. A new age of virtual warfare has dawned in which seconds can differentiate between the protection of vital information and/or services and a malicious attacker attaining their goal. In this paper we present a novel approach in the real-time detection of multistage coordinated cyber attacks and the promising initial testing results we have obtained. We introduce INFERD (INformation Fusion Engine for Real-time Decision-making), an adaptable information fusion engine which performs fusion at levels zero, one, and two to provide real-time situational assessment and its application to the cyber domain in the ECCARS (Event Correlation for Cyber Attack Recognition System) system. The advantages to our approach are fourfold: (1) The complexity of the attacks which we consider, (2) the level of abstraction in which the analyst interacts with the attack scenarios, (3) the speed at which the information fusion is presented and performed, and (4) our disregard for ad-hoc rules or a priori parameters.

  7. Attacking the infrastructure: exploring potential uses of offensive information warfare

    OpenAIRE

    Elam, Donald Emmett.

    1996-01-01

    The world has entered the Third Wave; it has entered the Information Age. One of the fundamentals of this paradigm shift is the fact that information is power. The side that controls information more effectively will be victorious. Thus, countries and militaries must change their mentality in order to survive. A new form of conflict, Information Warfare, has been born. This new discipline is large, dynamic, and complex. The need exists for education among military officers and other concerned...

  8. Solving Defender-Attacker-Defender Models for Infrastructure Defense

    Science.gov (United States)

    2011-01-01

    persons]; bpp is the total supply of travelers originating at p; cdij length of arc (i, j)∈A under defense option d [kilometers]; qdij “equivalent travel...ensure that all bpp travelers originating at each p∈N arrive at appropriate destinations. The second set of constraints in Y (w) requires that all...1. Node data for DAD modeling of the Königsberg transportation network. Nodes p∈N Supply bpp (persons) Demand −bpi (persons) Aa, Ab, Ac, Ae, 200

  9. Heart Attack Payment - National

    Data.gov (United States)

    U.S. Department of Health & Human Services — Payment for heart attack patients measure – national data. This data set includes national-level data for payments associated with a 30-day episode of care for heart...

  10. Heart Attack Payment - Hospital

    Data.gov (United States)

    U.S. Department of Health & Human Services — Payment for heart attack patients measure – provider data. This data set includes provider data for payments associated with a 30-day episode of care for heart...

  11. Heart Attack Payment - State

    Data.gov (United States)

    U.S. Department of Health & Human Services — Payment for heart attack patients measure – state data. This data set includes state-level data for payments associated with a 30-day episode of care for heart...

  12. Cooperating attackers in neural cryptography.

    Science.gov (United States)

    Shacham, Lanir N; Klein, Einat; Mislovaty, Rachel; Kanter, Ido; Kinzel, Wolfgang

    2004-06-01

    A successful attack strategy in neural cryptography is presented. The neural cryptosystem, based on synchronization of neural networks by mutual learning, has been recently shown to be secure under different attack strategies. The success of the advanced attacker presented here, called the "majority-flipping attacker," does not decay with the parameters of the model. This attacker's outstanding success is due to its using a group of attackers which cooperate throughout the synchronization process, unlike any other attack strategy known. An analytical description of this attack is also presented, and fits the results of simulations.

  13. Papers of the Canadian Institute's 8. annual North American pipelines and storage conference : update on critical infrastructure developments and market dynamics shaping the North American grid

    International Nuclear Information System (INIS)

    2003-01-01

    Leaders and experts from the petroleum and natural gas industry outlined some of the recent changes that have taken place in the North America gas and electricity industry. The relationship between pipeline and storage capacity was discussed with reference to how the connection affects prices at North American storage hubs. The topics of discussion ranged from the challenges associated with declines in capacity and market dynamics, to how gas marketability will be affected by the slowdown in pipeline development in North America. The investment community offered advice on long-run value creation in natural gas. The current state of development of Arctic gas was highlighted along with a review of how growth in liquefied natural gas (LNG) is changing the role of gas infrastructure in North America. It was noted that although markets will work to balance supply and demand, there is a need for new sources of North American supply to meet growing long-term demand. The fall-off in U.S. domestic natural gas supplies combined with low storage levels has created a supply crisis. The conference featured 19 presentations, of which 4 have been indexed separately for inclusion in this database. refs., tabs., figs

  14. Security Analysis of Smart Grid Cyber Physical Infrastructures Using Modeling and Game Theoretic Simulation

    Energy Technology Data Exchange (ETDEWEB)

    Abercrombie, Robert K [ORNL; Sheldon, Frederick T. [University of Idaho

    2015-01-01

    Cyber physical computing infrastructures typically consist of a number of sites are interconnected. Its operation critically depends both on cyber components and physical components. Both types of components are subject to attacks of different kinds and frequencies, which must be accounted for the initial provisioning and subsequent operation of the infrastructure via information security analysis. Information security analysis can be performed using game theory implemented in dynamic Agent Based Game Theoretic (ABGT) simulations. Such simulations can be verified with the results from game theory analysis and further used to explore larger scale, real world scenarios involving multiple attackers, defenders, and information assets. We concentrated our analysis on the electric sector failure scenarios and impact analyses by the NESCOR Working Group Study, From the Section 5 electric sector representative failure scenarios; we extracted the four generic failure scenarios and grouped them into three specific threat categories (confidentiality, integrity, and availability) to the system. These specific failure scenarios serve as a demonstration of our simulation. The analysis using our ABGT simulation demonstrates how to model the electric sector functional domain using a set of rationalized game theoretic rules decomposed from the failure scenarios in terms of how those scenarios might impact the cyber physical infrastructure network with respect to CIA.

  15. ICS logging solution for network-based attacks using Gumistix technology

    Science.gov (United States)

    Otis, Jeremy R.; Berman, Dustin; Butts, Jonathan; Lopez, Juan

    2013-05-01

    Industrial Control Systems (ICS) monitor and control operations associated with the national critical infrastructure (e.g., electric power grid, oil and gas pipelines and water treatment facilities). These systems rely on technologies and architectures that were designed for system reliability and availability. Security associated with ICS was never an inherent concern, primarily due to the protections afforded by network isolation. However, a trend in ICS operations is to migrate to commercial networks via TCP/IP in order to leverage commodity benefits and cost savings. As a result, system vulnerabilities are now exposed to the online community. Indeed, recent research has demonstrated that many exposed ICS devices are being discovered using readily available applications (e.g., ShodanHQ search engine and Google-esque queries). Due to the lack of security and logging capabilities for ICS, most knowledge about attacks are derived from real world incidents after an attack has already been carried out and the damage has been done. This research provides a method for introducing sensors into the ICS environment that collect information about network-based attacks. The sensors are developed using an inexpensive Gumstix platform that can be deployed and incorporated with production systems. Data obtained from the sensors provide insight into attack tactics (e.g., port scans, Nessus scans, Metasploit modules, and zero-day exploits) and characteristics (e.g., attack origin, frequency, and level of persistence). Findings enable security professionals to draw an accurate, real-time awareness of the threats against ICS devices and help shift the security posture from reactionary to preventative.

  16. Communications and information infrastructure security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Communication and Information Systems Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering strategies for protecting the telecommunications sector, wireless security, advanced web based technology for emergency situations. Science and technology for critical infrastructure consequence mitigation are also discussed.

  17. Tool-based Risk Assessment of Cloud Infrastructures as Socio-Technical Systems

    DEFF Research Database (Denmark)

    Nidd, Michael; Ivanova, Marieta Georgieva; Probst, Christian W.

    2015-01-01

    Assessing risk in cloud infrastructures is difficult. Typical cloud infrastructures contain potentially thousands of nodes that are highly interconnected and dynamic. Another important component is the set of human actors who get access to data and computing infrastructure. The cloud infrastructure...... exercise for cloud infrastructures using the socio-technical model developed in the TRESPASS project; after showing how to model typical components of a cloud infrastructure, we show how attacks are identified on this model and discuss their connection to risk assessment. The technical part of the model...... is extracted automatically from the configuration of the cloud infrastructure, which is especially important for systems so dynamic and complex....

  18. Central Region Green Infrastructure

    Data.gov (United States)

    Minnesota Department of Natural Resources — This Green Infrastructure data is comprised of 3 similar ecological corridor data layers ? Metro Conservation Corridors, green infrastructure analysis in counties...

  19. Armenia - Irrigation Infrastructure

    Data.gov (United States)

    Millennium Challenge Corporation — This study evaluates irrigation infrastructure rehabilitation in Armenia. The study separately examines the impacts of tertiary canals and other large infrastructure...

  20. Cyber Attacks, Information Attacks, and Postmodern Warfare

    Directory of Open Access Journals (Sweden)

    Valuch Jozef

    2017-06-01

    Full Text Available The aim of this paper is to evaluate and differentiate between the phenomena of cyberwarfare and information warfare, as manifestations of what we perceive as postmodern warfare. We describe and analyse the current examples of the use the postmodern warfare and the reactions of states and international bodies to these phenomena. The subject matter of this paper is the relationship between new types of postmodern conflicts and the law of armed conflicts (law of war. Based on ICJ case law, it is clear that under current legal rules of international law of war, cyber attacks as well as information attacks (often performed in the cyberspace as well can only be perceived as “war” if executed in addition to classical kinetic warfare, which is often not the case. In most cases perceived “only” as a non-linear warfare (postmodern conflict, this practice nevertheless must be condemned as conduct contrary to the principles of international law and (possibly a crime under national laws, unless this type of conduct will be recognized by the international community as a “war” proper, in its new, postmodern sense.

  1. Quality of Service Model on Data Link Layer for Mission Critical Traffic on IEEE 802.11g Networks in Infrastructure Mode

    Directory of Open Access Journals (Sweden)

    Gerald B. Fuenmayor-Rivadeneira

    2013-11-01

    Full Text Available This article presents a synthesized review as state of the art of the study of QoS for mission-critical traffic in wireless local area networks that use the IEEE 802.11g protocol. This is to highlight previous research for their contribution will constitute a reference to guide a proposed new approach to ensuring the quality of service for this type of traffic using the above protocol. The review is based on academic and business items made during the current five years. As a result of this review it is evident that there have been many efforts to address the issue but there are still gaps in the characterization of mission-critical traffic and ensuring quality of service for the same, due the new applications and the large host of WiFi networks in business and government, which has led to increased demand for access channels and, therefore, a challenge to the progress already known, such as IEEE 802.1q.

  2. Research About Attacks Over Cloud Environment

    Directory of Open Access Journals (Sweden)

    Li Jie

    2017-01-01

    Full Text Available Cloud computing is expected to continue expanding in the next few years and people will start to see some of the following benefits in their real lives. Security of cloud computing environments is the set of control-based technologies and policies absolute to adhere regulatory compliance rules and protect information data applications and infrastructure related with cloud use. In this paper we suggest a model to estimating the cloud computing security and test the services provided to users. The simulator NG-Cloud Next Generation Secure Cloud Storage is used and modified to administer the proposed model. This implementation achieved security functions potential attacks as defined in the proposed model. Finally we also solve some attacks over cloud computing to provide the security and safety of the cloud.

  3. Seven Deadliest Wireless Technologies Attacks

    CERN Document Server

    Haines, Brad

    2010-01-01

    How can an information security professional keep up with all of the hacks, attacks, and exploits? One way to find out what the worst of the worst are is to read the seven books in our Seven Deadliest Attacks Series. Not only do we let you in on the anatomy of these attacks but we also tell you how to get rid of them and how to defend against them in the future. Countermeasures are detailed so that you can fight against similar attacks as they evolve. Attacks featured in this book include:Bluetooth AttacksCredit Card, Access Card, and Passport AttacksBad Encryption

  4. Spatial planning, infrastructure and implementation: Implications for ...

    African Journals Online (AJOL)

    Infrastructure plays key roles in shaping the spatial form of the city at a macro- and a more local scale, and it influences the sustainability, efficiency and inclusiveness of cities and local areas. Linking infrastructure and spatial planning is therefore critical. Wide-ranging sets of knowledge and skills are required to enable ...

  5. Kenya's Integrated Nuclear Infrastructure Review Experience

    International Nuclear Information System (INIS)

    Ayacko, Ochilo G.M.

    2015-01-01

    Lessons learnt for INIR preparation: → A detailed Self Evaluation report is critical to proper evaluation of each infrastructure; → Involvement of all relevant organizations in preparation of self evaluation report and the main mission; → Meetings on individual infrastructure issues to consolidate the country position; → Openness during interviews and provision of adequate information

  6. Understanding the infrastructure of European Research Infrastructures

    DEFF Research Database (Denmark)

    Lindstrøm, Maria Duclos; Kropp, Kristoffer

    2017-01-01

    European Research Infrastructure Consortia (ERIC) are a new form of legal and financial framework for the establishment and operation of research infrastructures in Europe. Despite their scope, ambition, and novelty, the topic has received limited scholarly attention. This article analyses one ER....... It is also a promising theoretical framework for addressing the relationship between the ERIC construct and the large diversity of European Research Infrastructures.......European Research Infrastructure Consortia (ERIC) are a new form of legal and financial framework for the establishment and operation of research infrastructures in Europe. Despite their scope, ambition, and novelty, the topic has received limited scholarly attention. This article analyses one ERIC...... became an ERIC using the Bowker and Star’s sociology of infrastructures. We conclude that focusing on ERICs as a European standard for organising and funding research collaboration gives new insights into the problems of membership, durability, and standardisation faced by research infrastructures...

  7. A fatal elephant attack.

    Science.gov (United States)

    Hejna, Petr; Zátopková, Lenka; Safr, Miroslav

    2012-01-01

    A rare case of an elephant attack is presented. A 44-year-old man working as an elephant keeper was attacked by a cow elephant when he tripped over a foot chain while the animal was being medically treated. The man fell down and was consequently repeatedly attacked with elephant tusks. The man sustained multiple stab injuries to both groin regions, a penetrating injury to the abdominal wall with traumatic prolapse of the loops of the small bowel, multiple defects of the mesentery, and incomplete laceration of the abdominal aorta with massive bleeding into the abdominal cavity. In addition to the penetrating injuries, the man sustained multiple rib fractures with contusion of both lungs and laceration of the right lobe of the liver, and comminuted fractures of the pelvic arch and left femoral body. The man died shortly after he had been received at the hospital. The cause of death was attributed to traumatic shock. © 2011 American Academy of Forensic Sciences.

  8. Study of DSR and AODV under Sinkhole Attack and Its Proposed Prevention Technique

    OpenAIRE

    Winnie Main; Narendra M. Shekokar

    2014-01-01

    Mobile Ad-hoc Networks (MANET) are wireless mobile nodes that communicate without any predefined infrastructure. This allows MANETs to be easily setup in geographical and terrestrial constraints. To achieve this kind of communication MANET routing protocols play an important role. Two routing protocols, DSR and AODV are studied in detail. This basic trait of a MANET makes its routing protocols very vulnerable to security attacks. One such attack is the ‘Sinkhole’ attack which ...

  9. Attacks and infections in percolation processes

    International Nuclear Information System (INIS)

    Janssen, Hans-Karl; Stenull, Olaf

    2017-01-01

    We discuss attacks and infections at propagating fronts of percolation processes based on the extended general epidemic process. The scaling behavior of the number of the attacked and infected sites in the long time limit at the ordinary and tricritical percolation transitions is governed by specific composite operators of the field-theoretic representation of this process. We calculate corresponding critical exponents for tricritical percolation in mean-field theory and for ordinary percolation to 1-loop order. Our results agree well with the available numerical data. (paper)

  10. Critical analysis of mechanisms of incentive regulation operators of electricity and natural gas networks and infrastructures. Final report. Public version, 23 November 2015

    International Nuclear Information System (INIS)

    2015-01-01

    As the first mechanisms of incentive regulation of electricity and gas network operators have been introduced by the French Commission for Energy Regulation (CRE) since 2008 (the report recalls the main objectives of these mechanisms and their consequences), this report proposes a critical analysis of such mechanisms related to investments and to exploitation expenses of operators and which have been implemented in Germany, Spain, Ireland and in the United Kingdom. For each country, the report proposes a detailed description of these mechanisms for the electric power sector and the gas sector (general overview of the regulation framework, objectives, determination of the authorised income, shift processing, specific incentive mechanisms, modalities of management by the regulator), and a feedback of the different concerned actors (operators and regulators). The last part proposes a description of the status of the French regulation, and an analysis of transposition of the four foreign regulations, and states some propositions for evolutions (objectives, overview of recommended evolutions, focus on three types of regulation evolution: processing of arbitral charges, processing of other incited capital charges, processing of arbitral charges)

  11. Resilience of LTE networks against smart jamming attacks

    KAUST Repository

    Aziz, Farhan M.; Shamma, Jeff S.; Stuber, Gordon L.

    2014-01-01

    Commercial LTE networks are being studied for mission-critical applications, such as public safety and smart grid communications. In this paper, LTE networks are shown vulnerable to Denial-of-Service (DOS) and loss of service attacks from smart

  12. Attacker Model Lab

    OpenAIRE

    2006-01-01

    tut quiz present Tutorial Quiz Presentation Interactive Media Element This interactive tutorial the two sub-classes of computer attackers: amateurs and professionals. It provides valuable insight into the nature of necessary protection measure for information assets. CS3600 Information Assurance: Introduction to Computer Security Course

  13. Transient Ischemic Attack

    Medline Plus

    Full Text Available ... major stroke. It's important to call 9-1-1 immediately for any stroke symptoms. Popular Topics TIA Cardiac Catheter Cholesterol Heart Attack Stent © 2018, American Heart Association, Inc. All rights reserved. Unauthorized use prohibited. The content in this ...

  14. Temporal Cyber Attack Detection.

    Energy Technology Data Exchange (ETDEWEB)

    Ingram, Joey Burton [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Draelos, Timothy J. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Galiardi, Meghan [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Doak, Justin E. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

    2017-11-01

    Rigorous characterization of the performance and generalization ability of cyber defense systems is extremely difficult, making it hard to gauge uncertainty, and thus, confidence. This difficulty largely stems from a lack of labeled attack data that fully explores the potential adversarial space. Currently, performance of cyber defense systems is typically evaluated in a qualitative manner by manually inspecting the results of the system on live data and adjusting as needed. Additionally, machine learning has shown promise in deriving models that automatically learn indicators of compromise that are more robust than analyst-derived detectors. However, to generate these models, most algorithms require large amounts of labeled data (i.e., examples of attacks). Algorithms that do not require annotated data to derive models are similarly at a disadvantage, because labeled data is still necessary when evaluating performance. In this work, we explore the use of temporal generative models to learn cyber attack graph representations and automatically generate data for experimentation and evaluation. Training and evaluating cyber systems and machine learning models requires significant, annotated data, which is typically collected and labeled by hand for one-off experiments. Automatically generating such data helps derive/evaluate detection models and ensures reproducibility of results. Experimentally, we demonstrate the efficacy of generative sequence analysis techniques on learning the structure of attack graphs, based on a realistic example. These derived models can then be used to generate more data. Additionally, we provide a roadmap for future research efforts in this area.

  15. Blocking of Brute Force Attack

    OpenAIRE

    M.Venkata Krishna Reddy

    2012-01-01

    A common threat Web developers face is a password-guessing attack known as a brute-force attack. A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works. If your Web site requires user authentication, you are a good target for a brute-force attack. An attacker can always discover a password through a brute-force attack, but the downside is that it co...

  16. Bluetooth security attacks comparative analysis, attacks, and countermeasures

    CERN Document Server

    Haataja, Keijo; Pasanen, Sanna; Toivanen, Pekka

    2013-01-01

    This overview of Bluetooth security examines network vulnerabilities and offers a comparative analysis of recent security attacks. It also examines related countermeasures and proposes a novel attack that works against all existing Bluetooth versions.

  17. Automated Discovery of Mimicry Attacks

    National Research Council Canada - National Science Library

    Giffin, Jonathon T; Jha, Somesh; Miller, Barton P

    2006-01-01

    .... These systems are useful only if they detect actual attacks. Previous research developed manually-constructed mimicry and evasion attacks that avoided detection by hiding a malicious series of system calls within a valid sequence allowed by the model...

  18. Heart Attack Symptoms in Women

    Science.gov (United States)

    ... fat, cholesterol and other substances (plaque). Watch an animation of a heart attack . Many women think the ... Support Network Popular Articles 1 Understanding Blood Pressure Readings 2 Sodium and Salt 3 Heart Attack Symptoms ...

  19. Modelling the impact of cyber attacks on the traffic control centre of an urban automobile transport system by means of enhanced cybersecurity

    Directory of Open Access Journals (Sweden)

    Ivanova Yoana

    2017-01-01

    Full Text Available This paper aims to show the major role means of protection play for strengthening the cybersecurity of critical transport infrastructure by using the advanced method of simulation modelling. The simulation model of a Traffic Control Centre (TTC of an urban Automobile Transport System (ATS is created by the author in the Riverbed Modeler Academic Edition 17.5 computer networks simulation system and is exposed to the impact of a Denial-of-Service attack. In addition, logical conclusions have been made on the basis of the experimental results obtained and evaluated by comparative analysis with results from analogous previous studies.

  20. Representing nature : Late twentieth century green infrastructures in Paris

    NARCIS (Netherlands)

    Van der Velde, J.R.T.; De Wit, S.I.

    2015-01-01

    The appreciation of green infrastructures as ‘nature’ by urban communities presents a critical challenge for the green infrastructure concept. While many green infrastructures focus on functional considerations, their refinement as places where concepts of nature are represented and where nature can

  1. Public private partnerships - risk management in engineering infrastructure projects

    OpenAIRE

    2012-01-01

    M.Phil. Economic growth and the provision of adequate infrastructure are highly interrelated. Infrastructure- plays a critical role in promoting economic growth through enhancing productivity, improving competitiveness, reducing poverty, linking people and organisations together through telecommunications and contributing to environmental sustainability. Population growth and rapid urbanisation have placed enormous pressure on existing infrastructure, thus presenting a daunting challenge t...

  2. Attack Trees with Sequential Conjunction

    NARCIS (Netherlands)

    Jhawar, Ravi; Kordy, Barbara; Mauw, Sjouke; Radomirović, Sasa; Trujillo-Rasua, Rolando

    2015-01-01

    We provide the first formal foundation of SAND attack trees which are a popular extension of the well-known attack trees. The SAND at- tack tree formalism increases the expressivity of attack trees by intro- ducing the sequential conjunctive operator SAND. This operator enables the modeling of

  3. Scalable Multi-group Key Management for Advanced Metering Infrastructure

    OpenAIRE

    Benmalek , Mourad; Challal , Yacine; Bouabdallah , Abdelmadjid

    2015-01-01

    International audience; Advanced Metering Infrastructure (AMI) is composed of systems and networks to incorporate changes for modernizing the electricity grid, reduce peak loads, and meet energy efficiency targets. AMI is a privileged target for security attacks with potentially great damage against infrastructures and privacy. For this reason, Key Management has been identified as one of the most challenging topics in AMI development. In this paper, we propose a new Scalable multi-group key ...

  4. Sustainable Water Infrastructure

    Science.gov (United States)

    Resources for state and local environmental and public health officials, and water, infrastructure and utility professionals to learn about sustainable water infrastructure, sustainable water and energy practices, and their role.

  5. Green(ing) infrastructure

    CSIR Research Space (South Africa)

    Van Wyk, Llewellyn V

    2014-03-01

    Full Text Available the generation of electricity from renewable sources such as wind, water and solar. Grey infrastructure – In the context of storm water management, grey infrastructure can be thought of as the hard, engineered systems to capture and convey runoff..., pumps, and treatment plants.  Green infrastructure reduces energy demand by reducing the need to collect and transport storm water to a suitable discharge location. In addition, green infrastructure such as green roofs, street trees and increased...

  6. The Critical Infrastructure Portfolio Selection Model

    Science.gov (United States)

    2008-06-13

    metering/ billing 7 Rehabilitation of WTP 20 Maintain potable water production capacity and improve quality (esp. turbidity and color) 8 Construction of...junction/ segment of rail (rehab) 5 Shrine (rehab) 6 Rehabilitation of water distribution network 7 Rehabilitation of WTP 8 Construction of...

  7. Cyber Security: Critical Infrastructure Controls Assessment Framework

    Science.gov (United States)

    2011-05-01

    the threats to and 3 • Patch and configuration management • Vulnerability and incident t 2 vulnerabilities • Recommendations to reduce 4 managemen 5... Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington VA 22202-4302. Respondents should be aware that notwithstanding any other...unclassified c. THIS PAGE unclassified Standard Form 298 (Rev. 8-98) Prescribed by ANSI Std Z39-18 Purpose P id i t hrov e an overv ew on assessmen

  8. Critical infrastructure cyber-security risk management

    OpenAIRE

    Spyridopoulos, T.; Maraslis, K.; Tryfonas, T.; Oikonomou, G.

    2017-01-01

    Traditional IT cyber-security risk management methods are based on the evaluation of risks calculated as the likelihood of cyber-security incidents occurring. However, these probabilities are usually estimations or guesses based on past experience and incomplete data. Incorrect estimations can lead to errors in the evaluation of risks that can ultimately affect the protection of the system. This issue is also transferred to methods used in Industrial Control Systems (ICSs), as they are mainly...

  9. Paradigm Change: Cybersecurity of Critical Infrastructure

    Science.gov (United States)

    2013-04-01

    IT budget management insights from industry leading Chief Information Officers (CIO). The former CIO of PNC Financial Services Group, Tim Shack...tweltfh largest Financial Services Instituition within the United States. ($300B) 50 Overby, “Tips From the Budget Masters.” 51 Ibid. 52 Ibid. 56...47 The Federal Information Security Management Act of 2002 .....................................48 The 2003 National

  10. Seven Deadliest Unified Communications Attacks

    CERN Document Server

    York, Dan

    2010-01-01

    Do you need to keep up with the latest hacks, attacks, and exploits effecting Unified Communications technology? Then you need Seven Deadliest Unified Communication Attacks. This book pinpoints the most dangerous hacks and exploits specific to Unified Communications, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. Attacks featured in this book include: UC Ecosystem Attacks Insecure Endpo

  11. Silencing criticism in Mexico

    Directory of Open Access Journals (Sweden)

    Ximena Suárez

    2017-10-01

    Full Text Available Journalists and human rights defenders in Mexico are being attacked in an attempt to silence their criticism. Many are forced to flee or risk being assassinated. The consequences are both personal and of wider social significance.

  12. Contagion in cybersecurity attacks

    OpenAIRE

    Baldwin, Adrian; Gheyas, Iffat; Ioannidis, Christos; Pym, David; Willams, Julian

    2017-01-01

    Systems security is essential for the efficient operation of all organizations. Indeed, most large firms employ a designated ‘Chief Information Security Officer’ to coordinate the operational aspects of the organization’s information security. Part of this role is in planning investment responses to information security threats against the firm’s corporate network infrastructure. To this end, we develop and estimate a vector equation system of threats to 10 important IP services, using indust...

  13. Improving the Resilience of Major Ports and Critical Supply Chains to Extreme Coastal Flooding: a Combined Artificial Neural Network and Hydrodynamic Simulation Approach to Predicting Tidal Surge Inundation of Port Infrastructure and Impact on Operations.

    Science.gov (United States)

    French, J.

    2015-12-01

    Ports are vital to the global economy, but assessments of global exposure to flood risk have generally focused on major concentrations of population or asset values. Few studies have examined the impact of extreme inundation events on port operation and critical supply chains. Extreme water levels and recurrence intervals have conventionally been estimated via analysis of historic water level maxima, and these vary widely depending on the statistical assumptions made. This information is supplemented by near-term forecasts from operational surge-tide models, which give continuous water levels but at considerable computational cost. As part of a NERC Infrastructure and Risk project, we have investigated the impact of North Sea tidal surges on the Port of Immingham, eastern, UK. This handles the largest volume of bulk cargo in the UK and flows of coal and biomass that are critically important for national energy security. The port was partly flooded during a major tidal surge in 2013. This event highlighted the need for improved local forecasts of surge timing in relation to high water, with a better indication of flood depth and duration. We address this problem using a combination of data-driven and numerical hydrodynamic models. An Artificial Neural Network (ANN) is first used to predict the surge component of water level from meteorological data. The input vector comprises time-series of local wind (easterly and northerly wind stress) and pressure, as well as regional pressure and pressure gradients from stations between the Shetland Islands and the Humber estuary. The ANN achieves rms errors of around 0.1 m and can generate short-range (~ 3 to 12 hour) forecasts given real-time input data feeds. It can also synthesize water level events for a wider range of tidal and meteorological forcing combinations than contained in the observational records. These are used to force Telemac2D numerical floodplain simulations using a LiDAR digital elevation model of the port

  14. ENEA infrastructures toward the LFR development

    International Nuclear Information System (INIS)

    Tarantino, M.; Agostini, P.; Del Nevo, A.; Di Piazza, I.; Rozzia, D.

    2013-01-01

    ENEA has one of the most relevant EU R&D infrastructures for HLM technological development, and it is strongly involved in the main research programs worldwide supporting the development of sub-critical (MYRRHA) and critical lead cooled reactors (ALFRED). In these frames a large experimental program ranging from HLM thermal-hydraulic to large scale experiment has been implemented

  15. The attack navigator

    DEFF Research Database (Denmark)

    Probst, Christian W.; Willemson, Jan; Pieters, Wolter

    2016-01-01

    The need to assess security and take protection decisions is at least as old as our civilisation. However, the complexity and development speed of our interconnected technical systems have surpassed our capacity to imagine and evaluate risk scenarios. This holds in particular for risks...... that are caused by the strategic behaviour of adversaries. Therefore, technology-supported methods are needed to help us identify and manage these risks. In this paper, we describe the attack navigator: a graph-based approach to security risk assessment inspired by navigation systems. Based on maps of a socio...

  16. Vulnerability of complex networks under intentional attack with incomplete information

    International Nuclear Information System (INIS)

    Wu, J; Deng, H Z; Tan, Y J; Zhu, D Z

    2007-01-01

    We study the vulnerability of complex networks under intentional attack with incomplete information, which means that one can only preferentially attack the most important nodes among a local region of a network. The known random failure and the intentional attack are two extreme cases of our study. Using the generating function method, we derive the exact value of the critical removal fraction f c of nodes for the disintegration of networks and the size of the giant component. To validate our model and method, we perform simulations of intentional attack with incomplete information in scale-free networks. We show that the attack information has an important effect on the vulnerability of scale-free networks. We also demonstrate that hiding a fraction of the nodes information is a cost-efficient strategy for enhancing the robustness of complex networks

  17. Enhancing infrastructure resilience through business continuity planning.

    Science.gov (United States)

    Fisher, Ronald; Norman, Michael; Klett, Mary

    2017-01-01

    Critical infrastructure is crucial to the functionality and wellbeing of the world around us. It is a complex network that works together to create an efficient society. The core components of critical infrastructure are dependent on one another to function at their full potential. Organisations face unprecedented environmental risks such as increased reliance on information technology and telecommunications, increased infrastructure interdependencies and globalisation. Successful organisations should integrate the components of cyber-physical and infrastructure interdependencies into a holistic risk framework. Physical security plans, cyber security plans and business continuity plans can help mitigate environmental risks. Cyber security plans are becoming the most crucial to have, yet are the least commonly found in organisations. As the reliance on cyber continues to grow, it is imperative that organisations update their business continuity and emergency preparedness activities to include this.

  18. Infrastructure: A technology battlefield in the 21st century

    Energy Technology Data Exchange (ETDEWEB)

    Drucker, H.

    1997-12-31

    A major part of technological advancement has involved the development of complex infrastructure systems, including electric power generation, transmission, and distribution networks; oil and gas pipeline systems; highway and rail networks; and telecommunication networks. Dependence on these infrastructure systems renders them attractive targets for conflict in the twenty-first century. Hostile governments, domestic and international terrorists, criminals, and mentally distressed individuals will inevitably find some part of the infrastructure an easy target for theft, for making political statements, for disruption of strategic activities, or for making a nuisance. The current situation regarding the vulnerability of the infrastructure can be summarized in three major points: (1) our dependence on technology has made our infrastructure more important and vital to our everyday lives, this in turn, makes us much more vulnerable to disruption in any infrastructure system; (2) technologies available for attacking infrastructure systems have changed substantially and have become much easier to obtain and use, easy accessibility to information on how to disrupt or destroy various infrastructure components means that almost anyone can be involved in this destructive process; (3) technologies for defending infrastructure systems and preventing damage have not kept pace with the capability for destroying such systems. A brief review of these points will illustrate the significance of infrastructure and the growing dangers to its various elements.

  19. Recent "phishing" attacks

    CERN Multimedia

    IT Department

    2009-01-01

    Over the last few weeks there has been a marked increase in the number of attacks on CERN made by cybercriminals. Typical attacks arrive in the form of e-mail messages purporting to come from the CERN Help Desk, Mail Service, or some similarly official-sounding entity and suggest that there is a problem with your account, such as it being over-quota. They then ask you to click on a link or to reply and give your password. Please don’t! Be cautious of any unexpected messages containing web links even if they appear to come from known contacts. If you happen to click on such a link and if your permission is requested to run or install software, always decline it. NEVER provide your password or other details if these are requested. These messages try to trick you into clicking on Web links which will help them to install malicious software on your computer, and anti-virus software cannot be relied on to detect all cases. In case of questions on this topic, you may contact mailto:helpdesk@cern.ch. CERN Comput...

  20. Network overload due to massive attacks

    Science.gov (United States)

    Kornbluth, Yosef; Barach, Gilad; Tuchman, Yaakov; Kadish, Benjamin; Cwilich, Gabriel; Buldyrev, Sergey V.

    2018-05-01

    We study the cascading failure of networks due to overload, using the betweenness centrality of a node as the measure of its load following the Motter and Lai model. We study the fraction of survived nodes at the end of the cascade pf as a function of the strength of the initial attack, measured by the fraction of nodes p that survive the initial attack for different values of tolerance α in random regular and Erdös-Renyi graphs. We find the existence of a first-order phase-transition line pt(α ) on a p -α plane, such that if p pt , pf is large and the giant component of the network is still present. Exactly at pt, the function pf(p ) undergoes a first-order discontinuity. We find that the line pt(α ) ends at a critical point (pc,αc) , in which the cascading failures are replaced by a second-order percolation transition. We find analytically the average betweenness of nodes with different degrees before and after the initial attack, we investigate their roles in the cascading failures, and we find a lower bound for pt(α ) . We also study the difference between localized and random attacks.

  1. Monitoring the DNS Infrastructure for Proactive Botnet Detection

    NARCIS (Netherlands)

    Dietz, Christian; Sperotto, Anna; Dreo, G.; Pras, Aiko

    Botnets enable many cyber-criminal activities, such as DDoS attacks, banking fraud and cyberespionage. Botmasters use various techniques to create, maintain and hide their complex C&C infrastructures. First, they use P2P techniques and domain fast-flux to increase the resilience against take-down

  2. Securing ad hoc wireless sensor networks under Byzantine attacks by implementing non-cryptographic method

    Directory of Open Access Journals (Sweden)

    Shabir Ahmad Sofi

    2017-05-01

    Full Text Available Ad Hoc wireless sensor network (WSN is a collection of nodes that do not need to rely on predefined infrastructure to keep the network connected. The level of security and performance are always somehow related to each other, therefore due to limited resources in WSN, cryptographic methods for securing the network against attacks is not feasible. Byzantine attacks disrupt the communication between nodes in the network without regard to its own resource consumption. This paper discusses the performance of cluster based WSN comparing LEACH with Advanced node based clusters under byzantine attacks. This paper also proposes an algorithm for detection and isolation of the compromised nodes to mitigate the attacks by non-cryptographic means. The throughput increases after using the algorithm for isolation of the malicious nodes, 33% in case of Gray Hole attack and 62% in case of Black Hole attack.

  3. Patrol Detection for Replica Attacks on Wireless Sensor Networks

    OpenAIRE

    Wang, Liang-Min; Shi, Yang

    2011-01-01

    Replica attack is a critical concern in the security of wireless sensor networks. We employ mobile nodes as patrollers to detect replicas distributed in different zones in a network, in which a basic patrol detection protocol and two detection algorithms for stationary and mobile modes are presented. Then we perform security analysis to discuss the defense strategies against the possible attacks on the proposed detection protocol. Moreover, we show the advantages of the proposed protocol by d...

  4. Cyber Attacks and Combat Behavior

    Directory of Open Access Journals (Sweden)

    Carataș Maria Alina

    2017-01-01

    Full Text Available Cyber terrorism is an intangible danger, a real over the corner threat in the life of individuals,organizations, and governments and is getting harder to deal with its damages. The motivations forthe cyber-attacks are different, depending on the terrorist group, from cybercrime to hacktivism,attacks over the authorities’ servers. Organizations constantly need to find new ways ofstrengthening protection against cyber-attacks, assess their cyber readiness, expand the resiliencecapacity and adopts international security regulations.

  5. Grid attacks avian flu

    CERN Multimedia

    2006-01-01

    During April, a collaboration of Asian and European laboratories analysed 300,000 possible drug components against the avian flu virus H5N1 using the EGEE Grid infrastructure. Schematic presentation of the avian flu virus.The distribution of the EGEE sites in the world on which the avian flu scan was performed. The goal was to find potential compounds that can inhibit the activities of an enzyme on the surface of the influenza virus, the so-called neuraminidase, subtype N1. Using the Grid to identify the most promising leads for biological tests could speed up the development process for drugs against the influenza virus. Co-ordinated by CERN and funded by the European Commission, the EGEE project (Enabling Grids for E-sciencE) aims to set up a worldwide grid infrastructure for science. The challenge of the in silico drug discovery application is to identify those molecules which can dock on the active sites of the virus in order to inhibit its action. To study the impact of small scale mutations on drug r...

  6. Seven Deadliest Social Network Attacks

    CERN Document Server

    Timm, Carl

    2010-01-01

    Do you need to keep up with the latest hacks, attacks, and exploits effecting social networks? Then you need Seven Deadliest Social Network Attacks. This book pinpoints the most dangerous hacks and exploits specific to social networks like Facebook, Twitter, and MySpace, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. Attacks detailed in this book include: Social Networking Infrastruct

  7. VoIP attacks detection engine based on neural network

    Science.gov (United States)

    Safarik, Jakub; Slachta, Jiri

    2015-05-01

    The security is crucial for any system nowadays, especially communications. One of the most successful protocols in the field of communication over IP networks is Session Initiation Protocol. It is an open-source project used by different kinds of applications, both open-source and proprietary. High penetration and text-based principle made SIP number one target in IP telephony infrastructure, so security of SIP server is essential. To keep up with hackers and to detect potential malicious attacks, security administrator needs to monitor and evaluate SIP traffic in the network. But monitoring and following evaluation could easily overwhelm the security administrator in networks, typically in networks with a number of SIP servers, users and logically or geographically separated networks. The proposed solution lies in automatic attack detection systems. The article covers detection of VoIP attacks through a distributed network of nodes. Then the gathered data analyze aggregation server with artificial neural network. Artificial neural network means multilayer perceptron network trained with a set of collected attacks. Attack data could also be preprocessed and verified with a self-organizing map. The source data is detected by distributed network of detection nodes. Each node contains a honeypot application and traffic monitoring mechanism. Aggregation of data from each node creates an input for neural networks. The automatic classification on a centralized server with low false positive detection reduce the cost of attack detection resources. The detection system uses modular design for easy deployment in final infrastructure. The centralized server collects and process detected traffic. It also maintains all detection nodes.

  8. Crony Attack: Strategic Attack’s Silver Bullet

    Science.gov (United States)

    2006-11-01

    physical assets or financial assets. The form of crony attack that most closely resembles classic strategic attack is to deny, degrade, or destroy a money...February 1951. Reprinted in Airpower Studies Coursebook , Air Command and Staff College, Maxwell AFB, AL, 2002, 152–58. Hirsch, Michael. “NATO’s Game of

  9. Global information infrastructure.

    Science.gov (United States)

    Lindberg, D A

    1994-01-01

    The High Performance Computing and Communications Program (HPCC) is a multiagency federal initiative under the leadership of the White House Office of Science and Technology Policy, established by the High Performance Computing Act of 1991. It has been assigned a critical role in supporting the international collaboration essential to science and to health care. Goals of the HPCC are to extend USA leadership in high performance computing and networking technologies; to improve technology transfer for economic competitiveness, education, and national security; and to provide a key part of the foundation for the National Information Infrastructure. The first component of the National Institutes of Health to participate in the HPCC, the National Library of Medicine (NLM), recently issued a solicitation for proposals to address a range of issues, from privacy to 'testbed' networks, 'virtual reality,' and more. These efforts will build upon the NLM's extensive outreach program and other initiatives, including the Unified Medical Language System (UMLS), MEDLARS, and Grateful Med. New Internet search tools are emerging, such as Gopher and 'Knowbots'. Medicine will succeed in developing future intelligent agents to assist in utilizing computer networks. Our ability to serve patients is so often restricted by lack of information and knowledge at the time and place of medical decision-making. The new technologies, properly employed, will also greatly enhance our ability to serve the patient.

  10. Structures and infrastructures series

    National Research Council Canada - National Science Library

    2008-01-01

    "Research, developments, and applications...on the most advanced techonologies for analyzing, predicting, and optimizing the performance of structures and infrastructures such as buildings, bridges, dams...

  11. Development of a public health nursing data infrastructure.

    Science.gov (United States)

    Monsen, Karen A; Bekemeier, Betty; P Newhouse, Robin; Scutchfield, F Douglas

    2012-01-01

    An invited group of national public health nursing (PHN) scholars, practitioners, policymakers, and other stakeholders met in October 2010 identifying a critical need for a national PHN data infrastructure to support PHN research. This article summarizes the strengths, limitations, and gaps specific to PHN data and proposes a research agenda for development of a PHN data infrastructure. Future implications are suggested, such as issues related to the development of the proposed PHN data infrastructure and future research possibilities enabled by the infrastructure. Such a data infrastructure has potential to improve accountability and measurement, to demonstrate the value of PHN services, and to improve population health. © 2012 Wiley Periodicals, Inc.

  12. Mass casualty response in the 2008 Mumbai terrorist attacks.

    Science.gov (United States)

    Roy, Nobhojit; Kapil, Vikas; Subbarao, Italo; Ashkenazi, Isaac

    2011-12-01

    The November 26-29, 2008, terrorist attacks on Mumbai were unique in its international media attention, multiple strategies of attack, and the disproportionate national fear they triggered. Everyone was a target: random members of the general population, iconic targets, and foreigners alike were under attack by the terrorists. A retrospective, descriptive study of the distribution of terror victims to various city hospitals, critical radius, surge capacity, and the nature of specialized medical interventions was gathered through police, legal reports, and interviews with key informants. Among the 172 killed and 304 injured people, about four-fifths were men (average age, 33 years) and 12% were foreign nationals. The case-fatality ratio for this event was 2.75:1, and the mortality rate among those who were critically injured was 12%. A total of 38.5% of patients arriving at the hospitals required major surgical intervention. Emergency surgical operations were mainly orthopedic (external fixation for compound fractures) and general surgical interventions (abdominal explorations for penetrating bullet/shrapnel injuries). The use of heavy-duty automatic weapons, explosives, hostages, and arson in these terrorist attacks alerts us to new challenges to medical counterterrorism response. The need for building central medical control for a coordinated response and for strengthening public hospital capacity are lessons learned for future attacks. These particular terrorist attacks had global consequences, in terms of increased security checks and alerts for and fears of further similar "Mumbai-style" attacks. The resilience of the citizens of Mumbai is a critical measure of the long-term effects of terror attacks.

  13. Metrics for Assessment of Smart Grid Data Integrity Attacks

    Energy Technology Data Exchange (ETDEWEB)

    Annarita Giani; Miles McQueen; Russell Bent; Kameshwar Poolla; Mark Hinrichs

    2012-07-01

    There is an emerging consensus that the nation’s electricity grid is vulnerable to cyber attacks. This vulnerability arises from the increasing reliance on using remote measurements, transmitting them over legacy data networks to system operators who make critical decisions based on available data. Data integrity attacks are a class of cyber attacks that involve a compromise of information that is processed by the grid operator. This information can include meter readings of injected power at remote generators, power flows on transmission lines, and relay states. These data integrity attacks have consequences only when the system operator responds to compromised data by redispatching generation under normal or contingency protocols. These consequences include (a) financial losses from sub-optimal economic dispatch to service loads, (b) robustness/resiliency losses from placing the grid at operating points that are at greater risk from contingencies, and (c) systemic losses resulting from cascading failures induced by poor operational choices. This paper is focused on understanding the connections between grid operational procedures and cyber attacks. We first offer two examples to illustrate how data integrity attacks can cause economic and physical damage by misleading operators into taking inappropriate decisions. We then focus on unobservable data integrity attacks involving power meter data. These are coordinated attacks where the compromised data are consistent with the physics of power flow, and are therefore passed by any bad data detection algorithm. We develop metrics to assess the economic impact of these attacks under re-dispatch decisions using optimal power flow methods. These metrics can be use to prioritize the adoption of appropriate countermeasures including PMU placement, encryption, hardware upgrades, and advance attack detection algorithms.

  14. Invisible Trojan-horse attack

    DEFF Research Database (Denmark)

    Sajeed, Shihan; Minshull, Carter; Jain, Nitin

    2017-01-01

    We demonstrate the experimental feasibility of a Trojan-horse attack that remains nearly invisible to the single-photon detectors employed in practical quantum key distribution (QKD) systems, such as Clavis2 from ID Quantique. We perform a detailed numerical comparison of the attack performance...

  15. When Sinuses Attack! (For Kids)

    Science.gov (United States)

    ... First Aid & Safety Doctors & Hospitals Videos Recipes for Kids Kids site Sitio para niños How the Body Works ... Search English Español When Sinuses Attack! KidsHealth / For Kids / When Sinuses Attack! What's in this article? What ...

  16. Securing energy assets and infrastructure 2007

    Energy Technology Data Exchange (ETDEWEB)

    NONE

    2006-06-15

    This report describes in detail the energy industry's challenges and solutions for protecting critical assets including oil and gas infrastructure, transmission grids, power plants, storage, pipelines, and all aspects of strategic industry assets. It includes a special section on cyber-terrorism and protecting control systems. Contents: Section I - Introduction; U.S Energy Trends; Vulnerabilities; Protection Measures. Section II - Sector-wise Vulnerabilities Assessments and Security Measures: Coal, Oil and Petroleum, Natural Gas, Electric Power, Cybersecurity and Control Systems, Key Recommendations; Section III - Critical Infrastructure Protection Efforts: Government Initiatives, Agencies, and Checklists.

  17. Invisible Trojan-horse attack.

    Science.gov (United States)

    Sajeed, Shihan; Minshull, Carter; Jain, Nitin; Makarov, Vadim

    2017-08-21

    We demonstrate the experimental feasibility of a Trojan-horse attack that remains nearly invisible to the single-photon detectors employed in practical quantum key distribution (QKD) systems, such as Clavis2 from ID Quantique. We perform a detailed numerical comparison of the attack performance against Scarani-Ac´ın-Ribordy-Gisin (SARG04) QKD protocol at 1924 nm versus that at 1536 nm. The attack strategy was proposed earlier but found to be unsuccessful at the latter wavelength, as reported in N. Jain et al., New J. Phys. 16, 123030 (2014). However at 1924 nm, we show experimentally that the noise response of the detectors to bright pulses is greatly reduced, and show by modeling that the same attack will succeed. The invisible nature of the attack poses a threat to the security of practical QKD if proper countermeasures are not adopted.

  18. Cyber security in nuclear power plants and its portability to other industrial infrastructures

    Energy Technology Data Exchange (ETDEWEB)

    Champigny, Sebastien; Gupta, Deeksha; Watson, Venesa; Waedt, Karl [AREVA GmbH, Erlangen (Germany)

    2017-06-15

    Power generation increasingly relies on decentralised and interconnected computerised systems. Concepts like ''Industrial Internet of Things'' of the Industrial Internet Consortium (IIC), and ''Industry 4.0'' find their way in this strategic industry. Risk of targeted exploits of errors and vulnerabilities increases with complexity, interconnectivity and decentralization. Inherently stringent security requirements and features make nuclear computerised applications and systems a benchmark for industrial counterparts seeking to hedge against those risks. Consequently, this contribution presents usual cyber security regulations and practices for nuclear power plants. It shows how nuclear cyber security can be ported and used in an industrial context to protect critical infrastructures against cyber-attacks and industrial espionage.

  19. CDP - Adaptive Supervisory Control and Data Acquisition (SCADA) Technology for Infrastructure Protection

    Energy Technology Data Exchange (ETDEWEB)

    Marco Carvalho; Richard Ford

    2012-05-14

    Supervisory Control and Data Acquisition (SCADA) Systems are a type of Industrial Control System characterized by the centralized (or hierarchical) monitoring and control of geographically dispersed assets. SCADA systems combine acquisition and network components to provide data gathering, transmission, and visualization for centralized monitoring and control. However these integrated capabilities, especially when built over legacy systems and protocols, generally result in vulnerabilities that can be exploited by attackers, with potentially disastrous consequences. Our research project proposal was to investigate new approaches for secure and survivable SCADA systems. In particular, we were interested in the resilience and adaptability of large-scale mission-critical monitoring and control infrastructures. Our research proposal was divided in two main tasks. The first task was centered on the design and investigation of algorithms for survivable SCADA systems and a prototype framework demonstration. The second task was centered on the characterization and demonstration of the proposed approach in illustrative scenarios (simulated or emulated).

  20. Effectively protecting cyber infrastructure and assessing security needs

    Energy Technology Data Exchange (ETDEWEB)

    Robbins, J.; Starman, R. [EWA Canada Ltd., Edmonton, AB (Canada)

    2002-07-01

    This presentation addressed some of the requirements for effectively protecting cyber infrastructure and assessing security needs. The paper discussed the hype regarding cyber attacks, and presented the Canadian reality (as viewed by CanCERT). An assessment of security concerns was also presented. Recent cyber attacks on computer networks have raised fears of unsafe energy networks. Some experts claim the attacks are linked to terrorism, others blame industrial spying and mischief. Others dismiss the notion that somebody could bring down a power grid with a laptop as being far-fetched. It was noted that the cyber security threat is real, and that attacks are becoming more sophisticated as we live in a target rich environment. The issue of assessing vulnerabilities was discussed along with the selection of safeguards such as improving SCADA systems and the latest encryption methods to prevent hackers from bringing down computer networks. 3 tabs., 23 figs.

  1. Building an evaluation infrastructure

    DEFF Research Database (Denmark)

    Brandrup, Morten; Østergaard, Kija Lin

    Infrastructuring does not happen by itself; it must be supported. In this paper, we present a feedback mechanism implemented as a smartphone-based application, inspired by the concept of infrastructure probes, which supports the in situ elicitation of feedback. This is incorporated within an eval...

  2. Physical resources and infrastructure

    NARCIS (Netherlands)

    Foeken, D.W.J.; Hoorweg, J.; Foeken, D.W.J.; Obudho, R.A.

    2000-01-01

    This chapter describes the main physical characteristics as well as the main physical and social infrastructure features of Kenya's coastal region. Physical resources include relief, soils, rainfall, agro-ecological zones and natural resources. Aspects of the physical infrastructure discussed are

  3. Transport Infrastructure Slot Allocation

    NARCIS (Netherlands)

    Koolstra, K.

    2005-01-01

    In this thesis, transport infrastructure slot allocation has been studied, focusing on selection slot allocation, i.e. on longer-term slot allocation decisions determining the traffic patterns served by infrastructure bottlenecks, rather than timetable-related slot allocation problems. The

  4. Telecom infrastructure leasing

    International Nuclear Information System (INIS)

    Henley, R.

    1995-01-01

    Slides to accompany a discussion about leasing telecommunications infrastructure, including radio/microwave tower space, radio control buildings, paging systems and communications circuits, were presented. The structure of Alberta Power Limited was described within the ATCO group of companies. Corporate goals and management practices and priorities were summarized. Lessons and experiences in the infrastructure leasing business were reviewed

  5. Infrastructures for healthcare

    DEFF Research Database (Denmark)

    Langhoff, Tue Odd; Amstrup, Mikkel Hvid; Mørck, Peter

    2018-01-01

    The Danish General Practitioners Database has over more than a decade developed into a large-scale successful information infrastructure supporting medical research in Denmark. Danish general practitioners produce the data, by coding all patient consultations according to a certain set of classif...... synergy into account, if not to risk breaking down the fragile nature of otherwise successful information infrastructures supporting research on healthcare....

  6. National Infrastructure Protection Plan

    National Research Council Canada - National Science Library

    2006-01-01

    .... Attacks on CI/KR could significantly disrupt the functioning of government and business alike and produce cascading effects far beyond the targeted sector and physical location of the incident...

  7. Energy Theft in the Advanced Metering Infrastructure

    Science.gov (United States)

    McLaughlin, Stephen; Podkuiko, Dmitry; McDaniel, Patrick

    Global energy generation and delivery systems are transitioning to a new computerized "smart grid". One of the principle components of the smart grid is an advanced metering infrastructure (AMI). AMI replaces the analog meters with computerized systems that report usage over digital communication interfaces, e.g., phone lines. However, with this infrastructure comes new risk. In this paper, we consider adversary means of defrauding the electrical grid by manipulating AMI systems. We document the methods adversaries will use to attempt to manipulate energy usage data, and validate the viability of these attacks by performing penetration testing on commodity devices. Through these activities, we demonstrate that not only is theft still possible in AMI systems, but that current AMI devices introduce a myriad of new vectors for achieving it.

  8. REAL-TIME INTELLIGENT MULTILAYER ATTACK CLASSIFICATION SYSTEM

    Directory of Open Access Journals (Sweden)

    T. Subbhulakshmi

    2014-01-01

    Full Text Available Intrusion Detection Systems (IDS takes the lion’s share of the current security infrastructure. Detection of intrusions is vital for initiating the defensive procedures. Intrusion detection was done by statistical and distance based methods. A threshold value is used in these methods to indicate the level of normalcy. When the network traffic crosses the level of normalcy then above which it is flagged as anomalous. When there are occurrences of new intrusion events which are increasingly a key part of system security, the statistical techniques cannot detect them. To overcome this issue, learning techniques are used which helps in identifying new intrusion activities in a computer system. The objective of the proposed system designed in this paper is to classify the intrusions using an Intelligent Multi Layered Attack Classification System (IMLACS which helps in detecting and classifying the intrusions with improved classification accuracy. The intelligent multi layered approach contains three intelligent layers. The first layer involves Binary Support Vector Machine classification for detecting the normal and attack. The second layer involves neural network classification to classify the attacks into classes of attacks. The third layer involves fuzzy inference system to classify the attacks into various subclasses. The proposed IMLACS can be able to detect an intrusion behavior of the networks since the system contains a three intelligent layer classification and better set of rules. Feature selection is also used to improve the time of detection. The experimental results show that the IMLACS achieves the Classification Rate of 97.31%.

  9. Infrastructure monitoring with spaceborne SAR sensors

    CERN Document Server

    ANGHEL, ANDREI; CACOVEANU, REMUS

    2017-01-01

    This book presents a novel non-intrusive infrastructure monitoring technique based on the detection and tracking of scattering centers in spaceborne SAR images. The methodology essentially consists of refocusing each available SAR image on an imposed 3D point cloud associated to the envisaged infrastructure element and identifying the reliable scatterers to be monitored by means of four dimensional (4D) tomography. The methodology described in this book provides a new perspective on infrastructure monitoring with spaceborne SAR images, is based on a standalone processing chain, and brings innovative technical aspects relative to conventional approaches. The book is intended primarily for professionals and researchers working in the area of critical infrastructure monitoring by radar remote sensing.

  10. Construction of a Cyber Attack Model for Nuclear Power Plants

    Energy Technology Data Exchange (ETDEWEB)

    Varuttamaseni, Athi; Bari, Robert A.; Youngblood, Robert

    2017-05-01

    The consideration of how one compromised digital equipment can impact neighboring equipment is critical to understanding the progression of cyber attacks. The degree of influence that one component may have on another depends on a variety of factors, including the sharing of resources such as network bandwidth or processing power, the level of trust between components, and the inclusion of segmentation devices such as firewalls. The interactions among components via mechanisms that are unique to the digital world are not usually considered in traditional PRA. This means potential sequences of events that may occur during an attack may be missed if one were to only look at conventional accident sequences. This paper presents a method where, starting from the initial attack vector, the progression of a cyber attack can be modeled. The propagation of the attack is modeled by considering certain attributes of the digital components in the system. These attributes determine the potential vulnerability of a component to a class of attack and the capability gained by the attackers once they are in control of the equipment. The use of attributes allows similar components (components with the same set of attributes) to be modeled in the same way, thereby reducing the computing resources required for analysis of large systems.

  11. Critical neuropsychobiological analysis of panic attack- and anticipatory anxiety-like behaviors in rodents confronted with snakes in polygonal arenas and complex labyrinths: a comparison to the elevated plus- and T-maze behavioral tests

    Directory of Open Access Journals (Sweden)

    Norberto C. Coimbra

    Full Text Available Objective: To compare prey and snake paradigms performed in complex environments to the elevated plus-maze (EPM and T-maze (ETM tests for the study of panic attack- and anticipatory anxiety-like behaviors in rodents. Methods: PubMed was reviewed in search of articles focusing on the plus maze test, EPM, and ETM, as well as on defensive behaviors displayed by threatened rodents. In addition, the authors’ research with polygonal arenas and complex labyrinth (designed by the first author for confrontation between snakes and small rodents was examined. Results: The EPM and ETM tests evoke anxiety/fear-related defensive responses that are pharmacologically validated, whereas the confrontation between rodents and snakes in polygonal arenas with or without shelters or in the complex labyrinth offers ethological conditions for studying more complex defensive behaviors and the effects of anxiolytic and panicolytic drugs. Prey vs. predator paradigms also allow discrimination between non-oriented and oriented escape behavior. Conclusions: Both EPM and ETM simple labyrinths are excellent apparatuses for the study of anxiety- and instinctive fear-related responses, respectively. The confrontation between rodents and snakes in polygonal arenas, however, offers a more ethological environment for addressing both unconditioned and conditioned fear-induced behaviors and the effects of anxiolytic and panicolytic drugs.

  12. Critical neuropsychobiological analysis of panic attack- and anticipatory anxiety-like behaviors in rodents confronted with snakes in polygonal arenas and complex labyrinths: a comparison to the elevated plus- and T-maze behavioral tests.

    Science.gov (United States)

    Coimbra, Norberto C; Paschoalin-Maurin, Tatiana; Bassi, Gabriel S; Kanashiro, Alexandre; Biagioni, Audrey F; Felippotti, Tatiana T; Elias-Filho, Daoud H; Mendes-Gomes, Joyce; Cysne-Coimbra, Jade P; Almada, Rafael C; Lobão-Soares, Bruno

    2017-01-01

    To compare prey and snake paradigms performed in complex environments to the elevated plus-maze (EPM) and T-maze (ETM) tests for the study of panic attack- and anticipatory anxiety-like behaviors in rodents. PubMed was reviewed in search of articles focusing on the plus maze test, EPM, and ETM, as well as on defensive behaviors displayed by threatened rodents. In addition, the authors' research with polygonal arenas and complex labyrinth (designed by the first author for confrontation between snakes and small rodents) was examined. The EPM and ETM tests evoke anxiety/fear-related defensive responses that are pharmacologically validated, whereas the confrontation between rodents and snakes in polygonal arenas with or without shelters or in the complex labyrinth offers ethological conditions for studying more complex defensive behaviors and the effects of anxiolytic and panicolytic drugs. Prey vs. predator paradigms also allow discrimination between non-oriented and oriented escape behavior. Both EPM and ETM simple labyrinths are excellent apparatuses for the study of anxiety- and instinctive fear-related responses, respectively. The confrontation between rodents and snakes in polygonal arenas, however, offers a more ethological environment for addressing both unconditioned and conditioned fear-induced behaviors and the effects of anxiolytic and panicolytic drugs.

  13. The Big Mac Attack.

    Science.gov (United States)

    Bushweller, Kevin

    1995-01-01

    Schools are increasingly turning to fast-food restaurants such as Taco Bell, McDonald's, and Pizza Hut to fill the stomachs of kids turned off by standard school lunches. Kids are delighted, but critics say fast-food infiltration of school cafeterias encourages poor nutrition. Schools might consider adopting lighter fast-food fare or starting…

  14. Security infrastructure for dynamically provisioned cloud infrastructure services

    NARCIS (Netherlands)

    Demchenko, Y.; Ngo, C.; de Laat, C.; Lopez, D.R.; Morales, A.; García-Espín, J.A.; Pearson, S.; Yee, G.

    2013-01-01

    This chapter discusses conceptual issues, basic requirements and practical suggestions for designing dynamically configured security infrastructure provisioned on demand as part of the cloud-based infrastructure. This chapter describes general use cases for provisioning cloud infrastructure services

  15. WILD PIG ATTACKS ON HUMANS

    Energy Technology Data Exchange (ETDEWEB)

    Mayer, J.

    2013-04-12

    Attacks on humans by wild pigs (Sus scrofa) have been documented since ancient times. However, studies characterizing these incidents are lacking. In an effort to better understand this phenomenon, information was collected from 412 wild pig attacks on humans. Similar to studies of large predator attacks on humans, data came from a variety of sources. The various attacks compiled occurred in seven zoogeographic realms. Most attacks occurred within the species native range, and specifically in rural areas. The occurrence was highest during the winter months and daylight hours. Most happened under non-hunting circumstances and appeared to be unprovoked. Wounded animals were the chief cause of these attacks in hunting situations. The animals involved were typically solitary, male and large in size. The fate of the wild pigs involved in these attacks varied depending upon the circumstances, however, most escaped uninjured. Most human victims were adult males traveling on foot and alone. The most frequent outcome for these victims was physical contact/mauling. The severity of resulting injuries ranged from minor to fatal. Most of the mauled victims had injuries to only one part of their bodies, with legs/feet being the most frequent body part injured. Injuries were primarily in the form of lacerations and punctures. Fatalities were typically due to blood loss. In some cases, serious infections or toxemia resulted from the injuries. Other species (i.e., pets and livestock) were also accompanying some of the humans during these attacks. The fates of these animals varied from escaping uninjured to being killed. Frequency data on both non-hunting and hunting incidents of wild pig attacks on humans at the Savannah River Site, South Carolina, showed quantitatively that such incidents are rare.

  16. Shark Attack Project - Marine Attack at Towed Hydrophone Arrays

    National Research Council Canada - National Science Library

    Kalmijn, Adrianus J

    2005-01-01

    The original objective of the SIO Marine Attack project was to identify the electric and magnetic fields causing sharks to inflict serious damage upon the towed hydrophone arrays of US Navy submarines...

  17. Nuclear safety infrastructure

    International Nuclear Information System (INIS)

    Moffitt, R.L.

    2010-01-01

    The introduction of nuclear power in any country requires the early establishment of a long term nuclear safety infrastructure. This is necessary to ensure that the siting, design, construction, commissioning, operation and dismantling of the nuclear power plant and any other related installations, as well as the long term management of radioactive waste and spent fuel, are conducted in a safe and secure manner. The decision to undertake a nuclear power program is a major commitment requiring strict attention to nuclear safety. This commitment is a responsibility to not only the citizens of the country developing such a program, but also a responsibility to the international community. Nobody can take on this responsibility or make the critical decisions except the host country. It is important to make sure that the decision making process and the development activities are done in as open a manner as possible allowing interested stakeholders the opportunity to review and comment on the actions and plans. It cannot be overemphasized that everyone involved in a program to develop nuclear power carries a responsibility for ensuring safety. While it is clear that the key decisions and activities are the responsibility of the host country, it is also very important to recognize that help is available. The IAEA, OECD-NEA, WANO and other international organizations along with countries with established nuclear power programs are available to provide information and assistance. In particular, the IAEA and OECD-NEA have published several documents regarding the development of a nuclear power program and they have been and continue to support many meetings and seminars regarding the development of nuclear power programs

  18. LANL: Weapons Infrastructure Briefing to Naval Reactors, July 18, 2017

    Energy Technology Data Exchange (ETDEWEB)

    Chadwick, Frances [Los Alamos National Lab. (LANL), Los Alamos, NM (United States)

    2018-07-18

    Presentation slides address: The Laboratory infrastructure supports hundreds of high hazard, complex operations daily; LANL’s unique science and engineering infrastructure is critical to delivering on our mission; LANL FY17 Budget & Workforce; Direct-Funded Infrastructure Accounts; LANL Org Chart; Weapons Infrastructure Program Office; The Laboratory’s infrastructure relies on both Direct and Indirect funding; NA-50’s Operating, Maintenance & Recapitalization funding is critical to the execution of the mission; Los Alamos is currently executing several concurrent Line Item projects; Maintenance @ LANL; NA-50 is helping us to address D&D needs; We are executing a CHAMP Pilot Project at LANL; G2 = Main Tool for Program Management; MDI: Future Investments are centered on facilities with a high Mission Dependency Index; Los Alamos hosted first “Deep Dive” in November 2016; Safety, Infrastructure & Operations is one of the most important programs at LANL, and is foundational for our mission success.

  19. The Cyber-Physical Attacker

    DEFF Research Database (Denmark)

    Vigo, Roberto

    2012-01-01

    The world of Cyber-Physical Systems ranges from industrial to national interest applications. Even though these systems are pervading our everyday life, we are still far from fully understanding their security properties. Devising a suitable attacker model is a crucial element when studying...... the security properties of CPSs, as a system cannot be secured without defining the threats it is subject to. In this work an attacker scenario is presented which addresses the peculiarities of a cyber-physical adversary, and we discuss how this scenario relates to other attacker models popular in the security...

  20. Information infrastructure(s) boundaries, ecologies, multiplicity

    CERN Document Server

    Mongili, Alessandro

    2014-01-01

    This book marks an important contribution to the fascinating debate on the role that information infrastructures and boundary objects play in contemporary life, bringing to the fore the concern of how cooperation across different groups is enabled, but also constrained, by the material and immaterial objects connecting them. As such, the book itself is situated at the crossroads of various paths and genealogies, all focusing on the problem of the intersection between different levels of scale...

  1. Chef infrastructure automation cookbook

    CERN Document Server

    Marschall, Matthias

    2013-01-01

    Chef Infrastructure Automation Cookbook contains practical recipes on everything you will need to automate your infrastructure using Chef. The book is packed with illustrated code examples to automate your server and cloud infrastructure.The book first shows you the simplest way to achieve a certain task. Then it explains every step in detail, so that you can build your knowledge about how things work. Eventually, the book shows you additional things to consider for each approach. That way, you can learn step-by-step and build profound knowledge on how to go about your configuration management

  2. Eco-logical : an ecosystem approach to developing transportation infrastructure projects in a changing environment

    Science.gov (United States)

    2009-09-13

    The development of infrastructure facilities can negatively impact critical habitat and essential ecosystems. There are a variety of techniques available to avoid, minimize, and mitigate negative impacts of existing infrastructure as well as future i...

  3. Forensics Investigation of Web Application Security Attacks

    OpenAIRE

    Amor Lazzez; Thabet Slimani

    2015-01-01

    Nowadays, web applications are popular targets for security attackers. Using specific security mechanisms, we can prevent or detect a security attack on a web application, but we cannot find out the criminal who has carried out the security attack. Being unable to trace back an attack, encourages hackers to launch new attacks on the same system. Web application forensics aims to trace back and attribute a web application security attack to its originator. This may significantly reduce the sec...

  4. Chapter 2. Surge capacity and infrastructure considerations for mass critical care. Recommendations and standard operating procedures for intensive care unit and hospital preparations for an influenza epidemic or mass disaster

    NARCIS (Netherlands)

    Hick, John L.; Christian, Michael D.; Sprung, Charles L.; Camargo, Ruben; Ceraso, Daniel; Azoulay, Elie; Duguet, Alexandre; Guery, Benoit; Reinhart, Konrad; Adini, Bruria; Barlavie, Yaron; Benin-Goren, Odeda; Cohen, Robert; Klein, Motti; Leoniv, Yuval; Margalit, Gila; Rubinovitch, Bina; Sonnenblick, Moshe; Steinberg, Avraham; Weissman, Charles; Wolff, Donna; Kesecioglu, Jozef; de Jong, Menno; Moreno, Rui; An, Youzhong; Du, Bin; Joynt, Gavin M.; Colvin, John; Loo, Shi; Richards, Guy; Artigas, Antonio; Pugin, Jerome; Amundson, Dennis; Devereaux, Asha; Beigel, John; Danis, Marion; Farmer, Chris; Maki, Dennis; Masur, Henry; Rubinson, Lewis; Sandrock, Christian; Talmor, Daniel; Truog, Robert; Zimmerman, Janice; Brett, Steve; Montgomery, Hugh; Rhodes, Andrew; Sanderson, Frances; Taylor, Bruce; Monrgomery, Hugh

    2010-01-01

    To provide recommendations and standard operating procedures for intensive care unit (ICU) and hospital preparations for a mass disaster or influenza epidemic with a specific focus on surge capacity and infrastructure considerations. Based on a literature review and expert opinion, a Delphi process

  5. Development of Cyber-attack Risk Assessment Model for Nuclear Power Plants

    International Nuclear Information System (INIS)

    Park, Jong Woo; Lee, Seung Jun

    2017-01-01

    In this work, a risk evaluation method to identify significant cyber-attack scenarios and important components which should be defensed was proposed based on the probabilistic safety assessment (PSA) method which is widely used for evaluating risk of NPPs. NPPs adopting digital systems have been facing the risk of cyber-attacks. To develop efficient and reasonable defense strategy, it is required to identify significant cyber-attack scenarios and important components because there are huge number of critical digital assets in an NPP. By evaluating the risk of cyber-attack, the risk-informed defense strategies against cyber-attack could be suggested. In this work, the method to identify important cyber-attack scenarios and to evaluate the quantitative risk caused by cyber-attacks was proposed. For a future study, more feasible scenarios will be analyzed and additional modifications will be made in the model if necessary.

  6. Infrastructure protection in the Dutch financial sector

    NARCIS (Netherlands)

    van Oers, M.H.M.; Strous, L.; Berndsen, R.J.; Butts, J.; Shenoi, S.

    2012-01-01

    This paper presents a case study of critical infrastructure protection in the Dutch financial sector. The organizational structures are examined to discern the roles and functions that facilitate public-private cooperation. An assessment of the organizational structures is provided along with a

  7. Superposition Attacks on Cryptographic Protocols

    DEFF Research Database (Denmark)

    Damgård, Ivan Bjerre; Funder, Jakob Løvstad; Nielsen, Jesper Buus

    2011-01-01

    of information. In this paper, we introduce a fundamentally new model of quantum attacks on classical cryptographic protocols, where the adversary is allowed to ask several classical queries in quantum superposition. This is a strictly stronger attack than the standard one, and we consider the security......Attacks on classical cryptographic protocols are usually modeled by allowing an adversary to ask queries from an oracle. Security is then defined by requiring that as long as the queries satisfy some constraint, there is some problem the adversary cannot solve, such as compute a certain piece...... of several primitives in this model. We show that a secret-sharing scheme that is secure with threshold $t$ in the standard model is secure against superposition attacks if and only if the threshold is lowered to $t/2$. We use this result to give zero-knowledge proofs for all of NP in the common reference...

  8. Genetic attack on neural cryptography.

    Science.gov (United States)

    Ruttor, Andreas; Kinzel, Wolfgang; Naeh, Rivka; Kanter, Ido

    2006-03-01

    Different scaling properties for the complexity of bidirectional synchronization and unidirectional learning are essential for the security of neural cryptography. Incrementing the synaptic depth of the networks increases the synchronization time only polynomially, but the success of the geometric attack is reduced exponentially and it clearly fails in the limit of infinite synaptic depth. This method is improved by adding a genetic algorithm, which selects the fittest neural networks. The probability of a successful genetic attack is calculated for different model parameters using numerical simulations. The results show that scaling laws observed in the case of other attacks hold for the improved algorithm, too. The number of networks needed for an effective attack grows exponentially with increasing synaptic depth. In addition, finite-size effects caused by Hebbian and anti-Hebbian learning are analyzed. These learning rules converge to the random walk rule if the synaptic depth is small compared to the square root of the system size.

  9. Panic Attacks and Panic Disorder

    Science.gov (United States)

    ... Major changes in your life, such as a divorce or the addition of a baby Smoking or ... quality of life. Complications that panic attacks may cause or be linked to include: Development of specific ...

  10. Genetic attack on neural cryptography

    International Nuclear Information System (INIS)

    Ruttor, Andreas; Kinzel, Wolfgang; Naeh, Rivka; Kanter, Ido

    2006-01-01

    Different scaling properties for the complexity of bidirectional synchronization and unidirectional learning are essential for the security of neural cryptography. Incrementing the synaptic depth of the networks increases the synchronization time only polynomially, but the success of the geometric attack is reduced exponentially and it clearly fails in the limit of infinite synaptic depth. This method is improved by adding a genetic algorithm, which selects the fittest neural networks. The probability of a successful genetic attack is calculated for different model parameters using numerical simulations. The results show that scaling laws observed in the case of other attacks hold for the improved algorithm, too. The number of networks needed for an effective attack grows exponentially with increasing synaptic depth. In addition, finite-size effects caused by Hebbian and anti-Hebbian learning are analyzed. These learning rules converge to the random walk rule if the synaptic depth is small compared to the square root of the system size

  11. Genetic attack on neural cryptography

    Science.gov (United States)

    Ruttor, Andreas; Kinzel, Wolfgang; Naeh, Rivka; Kanter, Ido

    2006-03-01

    Different scaling properties for the complexity of bidirectional synchronization and unidirectional learning are essential for the security of neural cryptography. Incrementing the synaptic depth of the networks increases the synchronization time only polynomially, but the success of the geometric attack is reduced exponentially and it clearly fails in the limit of infinite synaptic depth. This method is improved by adding a genetic algorithm, which selects the fittest neural networks. The probability of a successful genetic attack is calculated for different model parameters using numerical simulations. The results show that scaling laws observed in the case of other attacks hold for the improved algorithm, too. The number of networks needed for an effective attack grows exponentially with increasing synaptic depth. In addition, finite-size effects caused by Hebbian and anti-Hebbian learning are analyzed. These learning rules converge to the random walk rule if the synaptic depth is small compared to the square root of the system size.

  12. What Is a Heart Attack?

    Science.gov (United States)

    ... medical center. Support from family and friends also can help relieve stress and anxiety. Let your loved ones know how you feel and what they can do to help you. Risk of a Repeat Heart Attack Once ...

  13. MOEMS industrial infrastructure

    Science.gov (United States)

    van Heeren, Henne; Paschalidou, Lia

    2004-08-01

    numbers they want (several millions per year). The crossover point where building a dedicated facility becomes a realistic option, can differ very much depending on technology complexity, numbers and market value. Also history plays a role, companies with past experience in the production of a product and the necessary facilities and equipment will tend to achieve captive production. Companies not having a microtechnology history will tend to outsource, offering business opportunities for foundries. The number of foundries shows a steady growth over the years. The total availability of foundries, however, and their flexibility will, undoubtedly, rely on market potential and its size. Unlike design houses, foundries need to realise a substantial return on the "large" investments they make in terms of capital and infrastructure. These returns will be maximised through mass-produced products aimed at "killer" applications (accelerometers are only one example). The existence of professional suppliers of MOEMS packaging and assembly is an essential element in the supply chain and critical for the manufacturing and commercialisation of MOEMS products. In addition, the incorporation of packaging and assembly techniques at the front-end of the engineering cycle will pay back in terms of financial savings and shorter timescales to market. Packaging and assembly for MOEMS are, in general, more costly than their equivalents for standard integrated circuits. This is, primarily, due to the diversity of the interconnections (which are multi-functional and may incorporate: electrical, optical, fluidic etc). In addition, the high levels of accuracy and the potential sensitivity of the devices to mechanical and external influences play a major role in the cost aspects of the final MNT product. This article will give an overview of the package/assembly providers and foundry business models and analyse their contribution to the MOEMS supply chain illustrated with some typical examples. As

  14. Infrastructure Area Simplification Plan

    CERN Document Server

    Field, L.

    2011-01-01

    The infrastructure area simplification plan was presented at the 3rd EMI All Hands Meeting in Padova. This plan only affects the information and accounting systems as the other areas are new in EMI and hence do not require simplification.

  15. IPHE Infrastructure Workshop Proceedings

    Energy Technology Data Exchange (ETDEWEB)

    None

    2010-02-01

    This proceedings contains information from the IPHE Infrastructure Workshop, a two-day interactive workshop held on February 25-26, 2010, to explore the market implementation needs for hydrogen fueling station development.

  16. EV Charging Infrastructure Roadmap

    Energy Technology Data Exchange (ETDEWEB)

    Karner, Donald [Electric Transportation Inc., Rogers, AR (United States); Garetson, Thomas [Electric Transportation Inc., Rogers, AR (United States); Francfort, Jim [Idaho National Lab. (INL), Idaho Falls, ID (United States)

    2016-08-01

    As highlighted in the U.S. Department of Energy’s EV Everywhere Grand Challenge, vehicle technology is advancing toward an objective to “… produce plug-in electric vehicles that are as affordable and convenient for the average American family as today’s gasoline-powered vehicles …” [1] by developing more efficient drivetrains, greater battery energy storage per dollar, and lighter-weight vehicle components and construction. With this technology advancement and improved vehicle performance, the objective for charging infrastructure is to promote vehicle adoption and maximize the number of electric miles driven. The EV Everywhere Charging Infrastructure Roadmap (hereafter referred to as Roadmap) looks forward and assumes that the technical challenges and vehicle performance improvements set forth in the EV Everywhere Grand Challenge will be met. The Roadmap identifies and prioritizes deployment of charging infrastructure in support of this charging infrastructure objective for the EV Everywhere Grand Challenge

  17. Pennsylvania Reaches Infrastructure Milestone

    Science.gov (United States)

    With a series of “aye” votes, the Pennsylvania agency that turns EPA funding and state financing into water infrastructure projects crossed a key threshold recently – $8 billion in investment over nearly three decades

  18. EV Charging Infrastructure Roadmap

    International Nuclear Information System (INIS)

    Karner, Donald; Garetson, Thomas; Francfort, Jim

    2016-01-01

    As highlighted in the U.S. Department of Energy's EV Everywhere Grand Challenge, vehicle technology is advancing toward an objective to ''... produce plug-in electric vehicles that are as affordable and convenient for the average American family as today's gasoline-powered vehicles ...'' [1] by developing more efficient drivetrains, greater battery energy storage per dollar, and lighter-weight vehicle components and construction. With this technology advancement and improved vehicle performance, the objective for charging infrastructure is to promote vehicle adoption and maximize the number of electric miles driven. The EV Everywhere Charging Infrastructure Roadmap (hereafter referred to as Roadmap) looks forward and assumes that the technical challenges and vehicle performance improvements set forth in the EV Everywhere Grand Challenge will be met. The Roadmap identifies and prioritizes deployment of charging infrastructure in support of this charging infrastructure objective for the EV Everywhere Grand Challenge

  19. Green Infrastructure Modeling Toolkit

    Science.gov (United States)

    Green infrastructure, such as rain gardens, green roofs, porous pavement, cisterns, and constructed wetlands, is becoming an increasingly attractive way to recharge aquifers and reduce the amount of stormwater runoff that flows into wastewater treatment plants or into waterbodies...

  20. Software-based Microarchitectural Attacks

    OpenAIRE

    Gruss, Daniel

    2017-01-01

    Modern processors are highly optimized systems where every single cycle of computation time matters. Many optimizations depend on the data that is being processed. Software-based microarchitectural attacks exploit effects of these optimizations. Microarchitectural side-channel attacks leak secrets from cryptographic computations, from general purpose computations, or from the kernel. This leakage even persists across all common isolation boundaries, such as processes, containers, and virtual ...