Ackerman, G; Abhayaratne, P; Bale, J; Bhattacharjee, A; Blair, C; Hansell, L; Jayne, A; Kosal, M; Lucas, S; Moran, K; Seroki, L; Vadlamudi, S
Certain types of infrastructure--critical infrastructure (CI)--play vital roles in underpinning our economy, security and way of life. These complex and often interconnected systems have become so ubiquitous and essential to day-to-day life that they are easily taken for granted. Often it is only when the important services provided by such infrastructure are interrupted--when we lose easy access to electricity, health care, telecommunications, transportation or water, for example--that we are conscious of our great dependence on these networks and of the vulnerabilities that stem from such dependence. Unfortunately, it must be assumed that many terrorists are all too aware that CI facilities pose high-value targets that, if successfully attacked, have the potential to dramatically disrupt the normal rhythm of society, cause public fear and intimidation, and generate significant publicity. Indeed, revelations emerging at the time of this writing about Al Qaida's efforts to prepare for possible attacks on major financial facilities in New York, New Jersey, and the District of Columbia remind us just how real and immediate such threats to CI may be. Simply being aware that our nation's critical infrastructure presents terrorists with a plethora of targets, however, does little to mitigate the dangers of CI attacks. In order to prevent and preempt such terrorist acts, better understanding of the threats and vulnerabilities relating to critical infrastructure is required. The Center for Nonproliferation Studies (CNS) presents this document as both a contribution to the understanding of such threats and an initial effort at ''operationalizing'' its findings for use by analysts who work on issues of critical infrastructure protection. Specifically, this study focuses on a subsidiary aspect of CI threat assessment that has thus far remained largely unaddressed by contemporary terrorism research: the motivations and related factors that
Johnson, Thomas A
The World Economic Forum regards the threat of cyber attack as one of the top five global risks confronting nations of the world today. Cyber attacks are increasingly targeting the core functions of the economies in nations throughout the world. The threat to attack critical infrastructures, disrupt critical services, and induce a wide range of damage is becoming more difficult to defend against. Cybersecurity: Protecting Critical Infrastructures from Cyber Attack and Cyber Warfare examines the current cyber threat landscape and discusses the strategies being used by governments and corporatio
Holt, Thomas J.; Kilger, Max
The continuing adoption of technologies by the general public coupled with the expanding reliance of critical infrastructures connected through the Internet has created unique opportunities for attacks by civilians and nation-states alike. Although governments are increasingly focusing on policies to deter nation-state level attacks, it is unclear…
Ackerman, G; Bale, J; Moran, K
Certain types of infrastructure--critical infrastructure (CI)--play vital roles in underpinning our economy, security, and way of life. One particular type of CI--that relating to chemicals--constitutes both an important element of our nation's infrastructure and a particularly attractive set of potential targets. This is primarily because of the large quantities of toxic industrial chemicals (TICs) it employs in various operations and because of the essential economic functions it serves. This study attempts to minimize some of the ambiguities that presently impede chemical infrastructure threat assessments by providing new insight into the key motivational factors that affect terrorist organizations propensity to attack chemical facilities. Prepared as a companion piece to the Center for Nonproliferation Studies August 2004 study--''Assessing Terrorist Motivations for Attacking Critical Infrastructure''--it investigates three overarching research questions: (1) why do terrorists choose to attack chemical-related infrastructure over other targets; (2) what specific factors influence their target selection decisions concerning chemical facilities; and (3) which, if any, types of groups are most inclined to attack chemical infrastructure targets? The study involved a multi-pronged research design, which made use of four discrete investigative techniques to answer the above questions as comprehensively as possible. These include: (1) a review of terrorism and threat assessment literature to glean expert consensus regarding terrorist interest in targeting chemical facilities; (2) the preparation of case studies to help identify internal group factors and contextual influences that have played a significant role in leading some terrorist groups to attack chemical facilities; (3) an examination of data from the Critical Infrastructure Terrorist Incident Catalog (CrITIC) to further illuminate the nature of terrorist attacks against chemical
Ackerman, G; Blair, C; Bale, J; Hahn, G; DiLorenzo, E; Vadlamudi, S; Lunsford, C
There is no doubt that al-Qaida and its affiliates have displayed, and continue to display, an acute interest in attacking targets that are considered to be important components of the infrastructure of the United States. What has not thus far been carried out, however, is an in-depth examination of the basic nature, historical evolution, and present scope of the organization's objectives that might help government personnel develop sound policy recommendations and analytical indicators to assist in detecting and interdicting plots of this nature. This study was completed with the financial support of the Lawrence Livermore National Laboratory, through a project sponsored by the U.S. Department of Homeland Security, Science and Technology Directorate. It is specifically intended to increase counterterrorism analysts understanding of certain features of al-Qaida's strategy and operations in order to facilitate the anticipation and prevention of attacks directed against our most critical infrastructures. The procedure adopted herein has involved consulting a wide variety of source materials that bear on the topic, ranging from sacred religious texts and historical accounts to al-Qaida-linked materials and the firsthand testimony of captured members of the group. It has also intentionally combined multiple approaches, including exploring the more esoteric religion-historical referents that have served to influence al-Qaida's behavior, providing a strategic analysis of its objectives and targeting rationales, closely examining the statements and writings of al-Qaida leaders and spokesmen (in part on the basis of material translated from primary sources), offering a descriptive analysis of its past global attack patterns, and producing concise but nonetheless in-depth case studies of its previous ''infrastructural'' attacks on U.S. soil. The analyses contained herein tend to support the preliminary assessment made by some of the
critical infrastructure (CI), cyber security, distributed control systems (DCS), distributed denial of service ( DDoS ), executive order (EO...Comprehensive National Cybersecurity Initiative CRS Congressional Research Service DCS distributed control systems DDoS distributed Denial of...of Pentagon, NASA & DOE 2003 CI Malware Growth 2007 DDoS Attacks on Estonia 2008 Buckshot Yankee DOD Breach 2010 Stuxnet Attack
Sorin Dumitru Ducaru
Full Text Available The current NATO threat landscape is characterized by a combination or “hybrid blend” of unconventional emerging challenges (like cyber and terrorist attacks and re-emerging conventional ones (like Russia’s recent military resurgence and assertiveness, that led to the illegal annexation of Crimea and destabilization in Eastern Ukraine. While the resurgence of the Russian military activity pushed the Alliance in the direction of re-discovering its deterrence and collective defence role, the new, not-traditional, trans-national and essentially non-military treats that generate effects below the threshold of an armed attack require a new paradigm shift with a focus on resilience although the protection of critical energy infrastructure is first and foremost a national responsibility, NATO can contribute to meeting the infrastructure protection challenge on many levels. Given the fact that its core deterrence and defence mandate relies in a great measure on the security of Allies’ energy infrastructure NATO’s role and actions in reducing the vulnerabilities and strengthening the resilience of such infrastructure can only increase. A multi-faceted, multi-stakeholder and networked approach is needed to be able to strengthen defences and resilience of critical infrastructure such as energy. Understanding and defending against cyber or terrorist threat vectors, increased situational awareness, education, training, exercises, trusted partnerships as well as increasing strategic security dialogue and cooperation are key for such a comprehensive/network approach to the challenge.
Full Text Available The paper explores the notion of cyber attack as a concept for understanding modern conflicts. It starts by elaborating a conceptual theoretical framework, observing that when it comes to cyber attacks, cyber war and cyber defense there are no internationally accepted definitions on the subject, mostly because of the relative recency of the terms. The second part analyzes the cyber realities of recent years, emphasizing the most advertised cyber attacks in the international mass media: Estonia (2007 and Georgia (2008, with a focus on two main lessons learned: how complicated is to define a cyber war and how difficult to defend against it. Crucial implications for world’s countries and the role of NATO in assuring an effective collective cyber defense are analyzed in the third part. The need for the development of strategic cyber defense documents (e.g. NATO Cyber Defense Policy, NATO Strategic Concept is further examined. It is suggested that particular attention should be paid to the development of a procedure for clearly discriminating between events (cyber attacks, cyber war, cyber crime, or cyber terrorism, and to a procedure for the conduct of nation’s legitimate military/civil cyber response operations.
Bradley, F. [Canadian Electricity Association, Toronto, ON (Canada)
The need to protect critical electrical infrastructure from terrorist attacks, or other physical damage, including weather related events, or the potential impact of computer viruses and other attacks on IT resources are discussed. Activities of the North American Electric Reliability Council (NERC) are highlighted which seek to safeguard the North American bulk electric power system principally through the Information Sharing and Analysis Sector (ES-ISAC). ES-ISAC serves the electricity sector by facilitating communication between electric sector participants, federal government and other critical infrastructure industries by disseminating threat indications, analyses and warnings, together with interpretations, to assist the industry in taking infrastructure protection actions. Attention is drawn to the numerous cyber incidents in recent years, which although resulted in no loss of service to electricity customers so far, in at least one instance (the January 25th SOL-Slammer worm incident) resulted in degradation of service in a number of sectors, including financial, transportation and telecommunication services. The increasing frequency of cyber-based attacks, coupled with the industry's growing dependence on e-commerce and electronic controls, are good reasons to believe that critical infrastructure protection (CIP) poses a serious challenge to the industry's risk management practices. The Canadian Electricity Association (CEA) is an active participant in ES-ISAC and works cooperatively with a range of partners, such as the Edison Electric Institute and the American Public Power Association to ensure coordination and effective protection program delivery for the electric power sector. The Early Warning System (EWS) developed by the CIP Working Group is one of the results of this cooperation. EWS uses the Internet, e-mail, web-enabled cell phones and Blackberry hand-held devices to deliver real-time threat information to members on a 24/7 basis. EWS
Johnson, R. LeWayne
Much of the governing process in the United States (U.S.) today depends on a reliable and well protected public information technology (IT) infrastructure. The Department of Homeland Security (DHS) is tasked with the responsibility of protecting the country's IT infrastructure. Critics contend that the DHS has failed to address planning and…
Deitz, Kim M
Current government policies for protecting the nation's critical infrastructure are described in this article which focuses on hospital disaster planning and incident management and the significant role of Security in infrastructure protection
Moteff, John D
.... electricity, the power plants that generate it, and the electric grid upon which it is distributed). The national security community has been concerned for sometime about the vulnerability of critical infrastructure to both physical and cyber attack...
Full Text Available Every economy of an advanced nation relies on information systems and interconnected networks, thus in order to ensure the prosperity of a nation, making cyberspace a secure place becomes as crucial as securing society. Cyber security means ensuring the safety of this cyberspace from threats which can take different forms, such as stealing secret information from national companies and government institutions, attacking infrastructure vital for the functioning of the nation or attacking the privacy of the single citizen. The critical information infrastructure (CII represents the indispensable "nervous system", that allow modern societies to work and live. Besides, without it, there would be no distribution of energy, no services like banking or finance, no air traffic control and so on. But at the same time, in the development process of CII, security was never considered a top priority and for this reason they are subject to a high risk in relation to the organized crime.
Foster, Jr., John S; Gjelde, Earl; Graham, William R; Hermann, Robert J; Kluepfel, Henry M; Lawson, Richard L; Soper, Gordon K; Wood, Lowell L; Woodard, Joan B
.... Because of the dependence of U.S. society on the electrical power system, its vulnerability to an EMP attack, coupled with the EMP's particular damage mechanisms, creates the possibility of long-term, catastrophic consequences...
Dondossola, Giovanna; Deconinck, Geert; Di Giandomenico, Felicita; Donatelli, Susanna; M. Kaaniche; Verissimo, Paulo
The problem of security and dependability, or generically speaking, resilience  of Internet-oriented infrastructure systems, such as web server compounds, is reasonably well understood. Although it is not completely mastered (for example, denial of service is still a research subject), it is receiving adequate attention. However, such is not the case with the problem of resilience of critical utility infrastructures. This problem is not completely understood, mainly due to the hybrid compo...
Infrastructures are analysed subject to defence by a strategic defender and attack by multiple strategic attackers. A framework is developed where each agent determines how much to invest in defending versus attacking each of multiple targets. A target can have economic, human and symbolic values, which generally vary across agents. Investment expenditure functions for each agent can be linear in the investment effort, concave, convex, logistic, can increase incrementally, or can be subject to budget constraints. Contest success functions (e.g., ratio and difference forms) determine the probability of a successful attack on each target, dependent on the relative investments of the defender and attackers on each target, and on characteristics of the contest. Targets can be in parallel, in series, interlinked, interdependent or independent. The defender minimises the expected damage plus the defence expenditures. Each attacker maximises the expected damage minus the attack expenditures. The number of free choice variables equals the number of agents times the number of targets, or lower if there are budget constraints. Each agent is interested in how his investments vary across the targets, and the impact on his utilities. Alternative optimisation programmes are discussed, together with repeated games, dynamic games and incomplete information. An example is provided for illustration.
information to consumers and identity theft, and every state has enacted laws to address cyber stalking or cyberbullying .8 Although there are more than...partners to “ prevent , prepare for, protect against… nationally significant events, technological emergencies, or presidentially declared disasters...in preventing harm in the Chemical Sector and responding to secure this piece of critical infrastructure.60 The Role of the National Guard
Report #2006-P-00022, April 26, 2006. Assignment of formal authority and more accountability is required to ensure the initiatives in the Critical Infrastructure and Key Resources Protection Plan are accomplished in a timely manner.
Full Text Available U.S. critical infrastructure protection (CIP necessitates both the provision of security from internal and external threats and the repair of physically damaged critical infrastructure which may disrupt services. For years, the U.S. infrastructure has been deteriorating, triggering enough damage and loss of life to give cause for major concern. CIP is typically only addressed after a major disaster or catastrophe due to the extreme scrutiny that follows these events. In fact, CIP has been addressed repeatedly since Presidential Decision Directive Sixty-Three (PDD Sixty-Three signed by President Bill Clinton on May Twenty-Second, 1998. This directive highlighted critical infrastructure as “a growing potential vulnerability” and recognized that the United States has to view the U.S. national infrastructure from a security perspective due to its importance to national and economic security. CIP must be addressed in a preventive, rather than reactive, manner. As such, there are sixteen critical infrastructure sectors, each with its own protection plan and unique natural and man-made threats, deteriorations, and risks. A disaster or attack on any one of these critical infrastructures could cause serious damage to national security and possibly lead to the collapse of the entire infrastructure.  The White House, Presidential Decision Directive/NSC–63 (Washington D.C.: The White House, May 22, 1998: 1–18, available at: http://www.epa.gov/watersecurity/tools/trainingcd/Guidance/pdd-63.pdf.  Ibid, 1.
strategies, such as adding fences, installing electronic access control devices, mounting additional closed circuit television cameras, or conducting random...and 128 different universities have division football programs playing in stadiums with capacities over 35,000 individuals.70 It seems unlikely that...the football stadium at every large university is an infrastructure facility that is essential to the nation. These broad criteria for the NADB
Stanislava Mildeová; Antonín Dvořák; Pavel Zahradníček
.... The aim of the article is to holistically analyze the basic connection between the information framework and functionality of the critical infrastructure system involved in the activities of the public administration...
Luiijf, H.A.M.; Nieuwenhuijs, A.H.; Klaver, M.H.A.; Eeten, M.J.G. van; Cruz, E.
One type of threat consistently identified as a key challenge for critical infrastructure protection (CIP) is that of dependencies and interdependencies among different critical infrastructures (CI). This article draws on a hitherto untapped data source on infrastructure dependencies: a daily
interpreted their roles and priorities while still remaining true to the law of the land and national supremacy as demanded by the supremacy clause in...anonymous online survey to capture the perceptions and views of critical infrastructure professionals across the nation. The survey included an evaluation...resilience, tragedy of the commons, self -organized criticality, defense industrial base 15. NUMBER OF PAGES 233 16. PRICE CODE 17. SECURITY
Full Text Available The January 2013 attack on the In Amenas natural gas facility drew international attention. However this attack is part of a portrait of energy infrastructure targeting by non-state actors that spans the globe. Data drawn from the Energy Infrastructure Attack Database (EIAD shows that in the last decade there were, on average, nearly 400 annual attacks carried out by armed non-state actors on energy infrastructure worldwide, a figure that was well under 200 prior to 1999. This data reveals a global picture whereby violent non-state actors target energy infrastructures to air grievances, communicate to governments, impact state economic interests, or capture revenue in the form of hijacking, kidnapping ransoms, theft. And, for politically motivated groups, such as those engaged in insurgencies, attacking industry assets garners media coverage serving as a facilitator for international attention. This research note will introduce EIAD and position its utility within various research areas where the targeting of energy infrastructure, or more broadly energy infrastructure vulnerability, has been addressed, either directly or indirectly. We also provide a snapshot of the initial analysis of the data between 1980-2011, noting specific temporal and spatial trends, and then conclude with a brief discussion on the contribution of EIAD, highlighting future research trajectories.
Sholander, Peter E.; Darby, John L.; Phelan, James M.; Smith, Bryan; Wyss, Gregory Dane; Walter, Andrew; Varnado, G. Bruce; Depoy, Jennifer Mae
Assessing the risk of malevolent attacks against large-scale critical infrastructures requires modifications to existing methodologies that separately consider physical security and cyber security. This research has developed a risk assessment methodology that explicitly accounts for both physical and cyber security, while preserving the traditional security paradigm of detect, delay, and respond. This methodology also accounts for the condition that a facility may be able to recover from or mitigate the impact of a successful attack before serious consequences occur. The methodology uses evidence-based techniques (which are a generalization of probability theory) to evaluate the security posture of the cyber protection systems. Cyber threats are compared against cyber security posture using a category-based approach nested within a path-based analysis to determine the most vulnerable cyber attack path. The methodology summarizes the impact of a blended cyber/physical adversary attack in a conditional risk estimate where the consequence term is scaled by a ''willingness to pay'' avoidance approach.
Full Text Available The paper presents threat assessment of potential terrorist attacks to the transport infrastructure. The range of transportation infrastructure has spread and includes railway, inland waterways, road, maritime, air, intermodal transport infrastructure and intelligent transport systems (ITS. ITS service is the provision of an ITS application through a well-defined organisational and operational framework with the aim of contributing to the user safety, efficiency, comfort and/or to facilitate or support transport and travel operations. Terrorism means acts of violence committed by groups that view themselves as victimized by some notable historical wrong. Although these groups have no formal connection with governments, they usually have the financial and moral backing of sympathetic governments. Typically, they stage unexpected attacks on civilian targets, including transport infrastructure, with the aim of sowing fear and confusion. Based on the analyses, transportation infrastructure is potentially threatened with terrorism attacks, especially road and rail infrastructure (about 23 %, and to a smaller degree the maritime and air transport infrastructure (about 2 %. There were 90,3% of incidents involve land transport (74,5% – vehicles, 9,5% – buses, 6,3% - rail covered the 41-year period 1967-2007 in the USA. Legal steps to fight terrorism have been taken on the international level, furthermore, some institutions have been established for this purpose.
Cox, Roger Gary; Robinson, David Gerald
The objective of this research was the development of tools and techniques for the identification of critical nodes within critical infrastructures. These are nodes that, if disrupted through natural events or terrorist action, would cause the most widespread, immediate damage. This research focuses on one particular element of the national infrastructure: the bulk power system. Through the identification of critical elements and the quantification of the consequences of their failure, site-specific vulnerability analyses can be focused at those locations where additional security measures could be effectively implemented. In particular, with appropriate sizing and placement within the grid, distributed generation in the form of regional power parks may reduce or even prevent the impact of widespread network power outages. Even without additional security measures, increased awareness of sensitive power grid locations can provide a basis for more effective national, state and local emergency planning. A number of methods for identifying critical nodes were investigated: small-world (or network theory), polyhedral dynamics, and an artificial intelligence-based search method - particle swarm optimization. PSO was found to be the only viable approach and was applied to a variety of industry accepted test networks to validate the ability of the approach to identify sets of critical nodes. The approach was coded in a software package called Buzzard and integrated with a traditional power flow code. A number of industry accepted test networks were employed to validate the approach. The techniques (and software) are not unique to power grid network, but could be applied to a variety of complex, interacting infrastructures.
U.S. critical infrastructure protection (CIP) necessitates both the provision of security from internal and external threats and the repair of physically damaged critical infrastructure which may disrupt services. For years, the U.S...
Full Text Available Increasingly, our critical infrastructure is managed and controlled by computers and the information networks that connect them. Cyber-terrorists and other malicious actors understand the economic and social impact that a successful attack on these systems could have. While it is imperative that we defend against such attacks, it is equally imperative that we realize how best to react to them. This article presents the strongest-path method of analyzing all potential pathways of exposure to risk – no matter how indirect or circuitous they may be – in a network model of infrastructure and operations. The method makes direct use of expert knowledge about entities and dependency relationships without the need for any simulation or any other models. By using path analysis in a directed graph model of critical infrastructure, planners can model and assess the effects of a potential attack and develop resilient responses.
Keliiaa, Curtis M. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)
The Sandia National Laboratories (Sandia Labs) tribal cyber infrastructure assurance initiative was developed in response to growing national cybersecurity concerns in the the sixteen Department of Homeland Security (DHS) defined critical infrastructure sectors1. Technical assistance is provided for the secure modernization of critical infrastructure and key resources from a cyber-ecosystem perspective with an emphasis on enhanced security, resilience, and protection. Our purpose is to address national critical infrastructure challenges as a shared responsibility.
Casalicchio, E.; Gheorghe, A.V.; Caselli, M.; Coletta, A.; Nai Fovino, I.
Modern critical infrastructures (e.g., power plants, energy grids, oil pipelines, etc.), make nowadays extensive use of information and communication technologies (ICT). As a direct consequence their exposure to cyber-attacks is becoming a matter of public security. In this paper, we analyse a
Firms cannot function successfully without managing a host of internal and external organizational and process interdependencies. Part of this involves business continuity planning, which directly aects how resilient arm and its business sector are in the face of disruptions. This paper presents the results of eld studies related to information risk management practices in the health care and retail sectors. The studies explore information risk management coordinating signals within and across rms in these sectors as well as the potential eects of cyber disruptions on the rms as stand-alone entities and as part of a critical infrastructure. The health care case study investigates the impact of the Zotob worm on the ability to deliver medical care and treatment. The retail study examines the resilience of certain elements of the food supply chain to cyber disruptions.
The experts of the International Working Group-Landau Network Centro Volta (IWG-LNCV) discuss aspects of cyber security and present possible methods of deterrence, defense and resilience against cyber attacks. This SpringerBrief covers state-of-the-art documentation on the deterrence power of cyber attacks and argues that nations are entering a new cyber arms race. The brief also provides a technical analysis of possible cyber attacks towards critical infrastructures in the chemical industry and chemical safety industry. The authors also propose modern analyses and a holistic approach to resil
Das, Sajal K; Zhang, Nan
The worldwide reach of the Internet allows malicious cyber criminals to coordinate and launch attacks on both cyber and cyber-physical infrastructure from anywhere in the world. This purpose of this handbook is to introduce the theoretical foundations and practical solution techniques for securing critical cyber and physical infrastructures as well as their underlying computing and communication architectures and systems. Examples of such infrastructures include utility networks (e.g., electrical power grids), ground transportation systems (automotives, roads, bridges and tunnels), airports a
Anderson, Ross; Fuloria, Shailendra
There has been considerable effort and expenditure since 9/11 on the protection of ‘Critical National Infrastructure' against online attack. This is commonly interpreted to mean preventing online sabotage against utilities such as electricity,oil and gas, water, and sewage - including pipelines, refineries, generators, storage depots and transport facilities such as tankers and terminals. A consensus is emerging that the protection of such assets is more a matter of business models and regulation - in short, of security economics - than of technology. We describe the problems, and the state of play, in this paper. Industrial control systems operate in a different world from systems previously studied by security economists; we find the same issues (lock-in, externalities, asymmetric information and so on) but in different forms. Lock-in is physical, rather than based on network effects, while the most serious externalities result from correlated failure, whether from cascade failures, common-mode failures or simultaneous attacks. There is also an interesting natural experiment happening, in that the USA is regulating cyber security in the electric power industry, but not in oil and gas, while the UK is not regulating at all but rather encouraging industry's own efforts. Some European governments are intervening, while others are leaving cybersecurity entirely to plant owners to worry about. We already note some perverse effects of the U.S. regulation regime as companies game the system, to the detriment of overall dependability.
Zulfikar, Can; Pinar, Ali
In FP7 MARsite project WP9, the integration algorithm of existing strong motion networks with the critical infrastructures strong motion networks have been studied. In Istanbul, the existing Istanbul Earthquake Early Warning (IEEW) strong motion network consists of 15 stations including 10 on land and 5 ocean bottom stations. The system provides continuous online data and earthquake early warning alert depending on the exceedance of the threshold levels in ground motion acceleration in certain number of station within the certain time interval. The data transmission is provided through the fiber optic cable and satellite line alternatively. The early warning alert is transmitted to the critical infrastructures of Istanbul Natural Gas distribution line and Marmaray Tube Tunnel line in order to activate the local strong motion networks for the automatic shut-off mechanism. Istanbul Natural Gas distribution line has 1.800km steel and 15.200km polyethylene in total 18.000km gas pipeline in Istanbul. There are in total 750 district regulators in the city where the gas pressure is reduced from 20bar to 4bar and from there the gas is transmitted with polyethylene lines to service boxes. Currently, Istanbul Natural Gas Distribution Company (IGDAS) has its own strong motion network with 110 strong motion stations installed at the 110 of 750 district regulators. Once the IGDAS strong motion network is activated by the IEEW network, depending on the exceedance of the ground motion parameters threshold levels the gas flow is stopped at the district regulators. Other than the Earthquake Early Warning operation in IGDAS strong motion network, having the calculated ground motion parameters in the network provides damage maps for the buildings and natural gas pipeline network. The Marmaray Tube Tunnel connects the Europe and Asian sides of Istanbul City by a rail line. The tunnel is 1.4km length and consists of 13segments. There is strong motion monitoring network in the tunnel
This paper provides an overview of the EU approach to securing critical information infrastructure, as defined in the Action Plan contained in the Commission Communication of March 2009, entitled 'Protecting Europe from large-scale cyber-attacks and disruptions: enhancing preparedness, security and resilience' and further elaborated by the Communication of May 2011 on critical Information infrastructure protection 'Achievements and next steps: towards global cyber-security'. After explaining the need for pan-European cooperation in this area, the CIIP Action Plan is explained in detail. Finally, the current state of progress is summarised together with the proposed next steps.
Biringer, Betty; Warren, Drake
Security protections for critical infrastructure nodes are intended to minimize the risks resulting from an initiating event, whether it is an intentional malevolent act or a natural hazard. With an emphasis on protecting an infrastructure's ability to perform its mission or function, Critical Infrastructure System Security and Resiliency presents a practical methodology for developing an effective protection system that can either prevent undesired events or mitigate the consequences of such events.Developed at Sandia National Labs, the authors' analytical approach and
Thacker, Scott; Barr, Stuart; Pant, Raghav; Hall, Jim W; Alderson, David
Failure of critical national infrastructures can result in major disruptions to society and the economy. Understanding the criticality of individual assets and the geographic areas in which they are located is essential for targeting investments to reduce risks and enhance system resilience. Within this study we provide new insights into the criticality of real-life critical infrastructure networks by integrating high-resolution data on infrastructure location, connectivity, interdependence, and usage. We propose a metric of infrastructure criticality in terms of the number of users who may be directly or indirectly disrupted by the failure of physically interdependent infrastructures. Kernel density estimation is used to integrate spatially discrete criticality values associated with individual infrastructure assets, producing a continuous surface from which statistically significant infrastructure criticality hotspots are identified. We develop a comprehensive and unique national-scale demonstration for England and Wales that utilizes previously unavailable data from the energy, transport, water, waste, and digital communications sectors. The testing of 200,000 failure scenarios identifies that hotspots are typically located around the periphery of urban areas where there are large facilities upon which many users depend or where several critical infrastructures are concentrated in one location. © 2017 Society for Risk Analysis.
In the library context, they depend on sophisticated business applications specifically designed to support their work. This infrastructure consists of such components as integrated library systems, their associated online catalogs or discovery services, and self-check equipment, as well as a Web site and the various online tools and services…
Chavez, Adrian R. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Martin, Mitchell Tyler [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Hamlet, Jason [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Stout, William M.S. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Lee, Erik [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)
Critical Infrastructure control systems continue to foster predictable communication paths, static configurations, and unpatched systems that allow easy access to our nation's most critical assets. This makes them attractive targets for cyber intrusion. We seek to address these attack vectors by automatically randomizing network settings, randomizing applications on the end devices themselves, and dynamically defending these systems against active attacks. Applying these protective measures will convert control systems into moving targets that proactively defend themselves against attack. Sandia National Laboratories has led this effort by gathering operational and technical requirements from Tennessee Valley Authority (TVA) and performing research and development to create a proof-of-concept solution. Our proof-of-concept has been tested in a laboratory environment with over 300 nodes. The vision of this project is to enhance control system security by converting existing control systems into moving targets and building these security measures into future systems while meeting the unique constraints that control systems face.
AU/ACSC/2016 AIR COMMAND AND STAFF COLLEGE AIR UNIVERSITY Defending Critical Infrastructure as Cyber Key Terrain by Derek Molle, Civ, USAF...20 Converged Enterprise Network...23 Logically Isolated Enterprise
Caselli, M.; Kargl, Frank; Hämmerli, Bernhard M.; Lopez, Javier
Interest in security assessment and penetration testing techniques has steadily increased. Likewise, security of industrial control systems (ICS) has become more and more important. Very few methodologies directly target ICS and none of them generalizes the concept of "critical infrastructures
Bofman, Ryan K. [Los Alamos National Lab. (LANL), Los Alamos, NM (United States)
Los Alamos National Laboratory (LANL) has been a key facet of Critical National Infrastructure since the nuclear bombing of Hiroshima exposed the nature of the Laboratory’s work in 1945. Common knowledge of the nature of sensitive information contained here presents a necessity to protect this critical infrastructure as a matter of national security. This protection occurs in multiple forms beginning with physical security, followed by cybersecurity, safeguarding of classified information, and concluded by the missions of the National Nuclear Security Administration.
Cherepetskaya, Elena; Pospichal, Vaclav
This book presents the proceedings of the International Conference on Durability of Critical Infrastructure. Monitoring and Testing held in Satov, Czech Republic from 6 to 9 December 2016. It discusses the developments in the theoretical and practical aspects in the fields of Safety, Sustainability and Durability of the Critical Infrastructure. The contributions are dealing with monitoring and testing of structural and composite materials with a new methods for their using for protection and prevention of the selected objects.
Vasile N. POPA
Full Text Available The new dynamics and intensity of the risks and threats posed to societal functioning and citizens’ security have acquired new meanings. Consequently, an integrated approach to the concept of ”critical infrastructure” is necessary. The critical nature of some of the basic characteristics of the critical infrastructures has made them acquire new meanings within the national/transnational strategic planning. Moreover, the complexity and importance of critical infrastructure protection for social stability have generated the correlaton of the strategies developed by states and organizations.
... SECURITY Protected Critical Infrastructure Information (PCII) Stakeholder Survey AGENCY: National... soliciting comments concerning New Information Collection Request, Protected Critical Infrastructure... created by Congress under the Critical Infrastructure Information Act of 2002 (CII Act), Sections 211-215...
... SECURITY The Critical Infrastructure Partnership Advisory Council (CIPAC) AGENCY: National Protection and... Security (DHS) announced the establishment of the Critical Infrastructure Partnership Advisory Council... security program initiatives; conducting operational activities related to critical infrastructure...
... SECURITY Critical Infrastructure Partnership Advisory Council (CIPAC) AGENCY: National Protection and... Security (DHS) announced the establishment of the Critical Infrastructure Partnership Advisory Council... critical infrastructure sectors defined by Homeland Security Presidential Directive 7 (HSPD-7) and...
... SECURITY Critical Infrastructure Partnership Advisory Council AGENCY: National Protection and Programs Directorate, DHS. ACTION: Notice of the Critical Infrastructure Partnership Advisory Council (CIPAC) charter...; implementing security program initiatives; conducting operational activities related to critical infrastructure...
....113 Accessing critical energy infrastructure information. (a) Scope. This section governs access to critical energy infrastructure information (CEII). The rules governing submission of CEII are contained in...) Definitions. For purposes of this section: (1) Critical energy infrastructure information means specific...
... SECURITY The Critical Infrastructure Partnership Advisory Council AGENCY: National Protection and Programs Directorate, DHS. ACTION: Quarterly Critical Infrastructure Partnership Advisory Council membership update.... FOR FURTHER INFORMATION CONTACT: Larry May, Designated Federal Officer, Critical Infrastructure...
... SECURITY Critical Infrastructure Partnership Advisory Council (CIPAC) AGENCY: National Protection and... Meeting. SUMMARY: The Critical Infrastructure Partnership Advisory Council (CIPAC) Plenary Meeting will be... substantive commentary that must pertain only to matters involving critical infrastructure security and...
... SECURITY Critical Infrastructure Partnership Advisory Council AGENCY: Department of Homeland Security... for substantive commentary that must pertain only to matters involving critical infrastructure... activities to support and coordinate critical infrastructure protection and resilience. The CIPAC will meet...
... SECURITY Critical Infrastructure Partnership Advisory Council (CIPAC) AGENCY: National Protection and Programs Directorate, DHS. ACTION: Notice of CIPAC meeting. SUMMARY: The Critical Infrastructure... pertain only to matters involving critical infrastructure protection and resiliency. Off-topic questions...
... SECURITY The Critical Infrastructure Partnership Advisory Council (CIPAC) AGENCY: National Protection and... Security (DHS) announced the establishment of the Critical Infrastructure Partnership Advisory Council... the critical infrastructure sectors defined by Homeland Security Presidential Directive 7 (HSPD-7) and...
... SECURITY The Critical Infrastructure Partnership Advisory Council (CIPAC) AGENCY: National Protection and... Security (DHS) announced the establishment of the Critical Infrastructure Partnership Advisory Council... the critical infrastructure sectors defined by Homeland Security Presidential Directive 7 (HSPD-7) and...
... SECURITY Critical Infrastructure Partnership Advisory Council (CIPAC); Correction. AGENCY: National... document in the Federal Register of September 19, 2013, concerning the Critical Infrastructure Partnership... locations described below. FOR FURTHER INFORMATION CONTACT: Renee Murphy, Critical Infrastructure...
... SECURITY The Critical Infrastructure Partnership Advisory Council AGENCY: National Protection and Programs Directorate, DHS. ACTION: Quarterly Critical Infrastructure Partnership Advisory Council membership update.... FOR FURTHER INFORMATION CONTACT: Larry May, Designated Federal Officer, Critical Infrastructure...
... SECURITY Critical Infrastructure Partnership Advisory Council (CIPAC) AGENCY: National Protection and... Security (DHS) announced the establishment of the Critical Infrastructure Partnership Advisory Council... FURTHER INFORMATION CONTACT: Larry May, Designated Federal Officer, Critical Infrastructure Partnership...
... SECURITY Protected Critical Infrastructure Information (PCII) Program Survey AGENCY: National Protection... information provided. SUPPLEMENTARY INFORMATION: The Protected Critical Infrastructure Information (PCII) Program was created according to the Critical Infrastructure Information (CII) Act of 2002 for DHS to...
... SECURITY Critical Infrastructure Private Sector Clearance Program Request AGENCY: National Protection and... information provided. SUPPLEMENTARY INFORMATION: The Critical Infrastructure Private Sector Clearance Program (PSCP) sponsors clearances for private sector partners who are responsible for critical infrastructure...
... SECURITY Critical Infrastructure Partnership Advisory Council (CIPAC) AGENCY: National Protection and... Security (DHS) announced the establishment of the Critical Infrastructure Partnership Advisory Council... the critical infrastructure sectors defined by Homeland Security Presidential Directive 7 (HSPD-7) and...
Dröge, P; Messer, P.
Across the world, the number of cyber attacks on public and private critical infrastructure - assets that are essential to the functioning of our society - is growing. Little seems safe. Electricity grids, oil and gas plants, water supply systems, financial infrastructure, traffíc management - they
Full Text Available In each EU Member States there are a certain number of critical infrastructures, the disruption or destruction of which is essential for the maintenance of vital societal functions, health, safety, security, economic or social well-being of people, and the disruption or destruction of which would have a significant impact at community, regional or Member State level as a result of the failure to maintain those functions and at the same time with significant cross-border impacts. This may include transboundary cross-sector effects resulting from interdependencies between interconnected infrastructures. The European Program for Critical Infrastructure Protection (EPCIP launched on 12 December 2006 has defined a list of European critical infrastructures and promoted their protection taking in consideration all hazard approach concept. The Directive EC 2008/114 constitutes a first step in a step-by-step approach to identify and designate ECIs and assess the need to improve their protection, concentrate on energy and transport sectors, establishing the procedure for the identification and designation of European critical infrastructures ("ECIs". Romania, as EU Member State, shall take the necessary measures to comply with this Directive by 12 January 2011, date when shall inform the Commission with legislative harmonization aspects and communicate the text of those measures and their correlation with this Directive.
... 31 Money and Finance: Treasury 3 2010-07-01 2010-07-01 false Critical infrastructure. 800.208 Section 800.208 Money and Finance: Treasury Regulations Relating to Money and Finance (Continued) OFFICE OF INVESTMENT SECURITY, DEPARTMENT OF THE TREASURY REGULATIONS PERTAINING TO MERGERS, ACQUISITIONS...
Klaver, M.H.A.; Luiijf, H.A.M.; Nieuwenhuijs, A.H.; Cavenne, F.; Ulisse, A.; Bridegeman, G.
Most risk assessment methodologies aim at the risk at the level of an individual organization or company. The European Union commissioned a study to define the elements for a uniform and scalable risk assessment methodology which takes into account critical infrastructure dependencies across
unrelated matter, but one that intersects with the efforts of critical infrastructure protection, the financial services industry and the health care...Insurance Portability and Accountability Act (HIPPA). The guidelines issued for the financial services industry are general (assess risks, have written
The most comprehensive handbook on critical infrastructures (CI), addressing both logical and physical security from an engineering point of view. The book surveys state-of-the-art methodologies and tools for CI analysis as well as strategies and technologies for CI protection.
Harrop, Wayne; Matteson, Ashley
This paper presents cyber resilience as key strand of national security. It establishes the importance of critical national infrastructure protection and the growing vicarious nature of remote, well-planned, and well executed cyber attacks on critical infrastructures. Examples of well-known historical cyber attacks are presented, and the emergence of 'internet of things' as a cyber vulnerability issue yet to be tackled is explored. The paper identifies key steps being undertaken by those responsible for detecting, deterring, and disrupting cyber attacks on critical national infrastructure in the United Kingdom and the USA.
Rao, Nageswara S V; Poole, Stephen W; Ma, Chris Y T; He, Fei; Zhuang, Jun; Yau, David K Y
The operation of cyber infrastructures relies on both cyber and physical components, which are subject to incidental and intentional degradations of different kinds. Within the context of network and computing infrastructures, we study the strategic interactions between an attacker and a defender using game-theoretic models that take into account both cyber and physical components. The attacker and defender optimize their individual utilities, expressed as sums of cost and system terms. First, we consider a Boolean attack-defense model, wherein the cyber and physical subinfrastructures may be attacked and reinforced as individual units. Second, we consider a component attack-defense model wherein their components may be attacked and defended, and the infrastructure requires minimum numbers of both to function. We show that the Nash equilibrium under uniform costs in both cases is computable in polynomial time, and it provides high-level deterministic conditions for the infrastructure survival. When probabilities of successful attack and defense, and of incidental failures, are incorporated into the models, the results favor the attacker but otherwise remain qualitatively similar. This approach has been motivated and validated by our experiences with UltraScience Net infrastructure, which was built to support high-performance network experiments. The analytical results, however, are more general, and we apply them to simplified models of cloud and high-performance computing infrastructures. © 2015 Society for Risk Analysis.
Todd Vollmer; Ondrej Linda; Milos Manic
Resiliency and security in control systems such as SCADA and Nuclear plant’s in today’s world of hackers and malware are a relevant concern. Computer systems used within critical infrastructures to control physical functions are not immune to the threat of cyber attacks and may be potentially vulnerable. Tailoring an intrusion detection system to the specifics of critical infrastructures can significantly improve the security of such systems. The IDS-NNM – Intrusion Detection System using Neural Network based Modeling, is presented in this paper. The main contributions of this work are: 1) the use and analyses of real network data (data recorded from an existing critical infrastructure); 2) the development of a specific window based feature extraction technique; 3) the construction of training dataset using randomly generated intrusion vectors; 4) the use of a combination of two neural network learning algorithms – the Error-Back Propagation and Levenberg-Marquardt, for normal behavior modeling. The presented algorithm was evaluated on previously unseen network data. The IDS-NNM algorithm proved to be capable of capturing all intrusion attempts presented in the network communication while not generating any false alerts.
NERC-CIP NIST-Cyber Grid Chemical Cyber Physical System Security Standards PCI OASIS OWASP Nuclear Transportation ISA-99 CIP Security Controls ...evaluate and assess the security posture of organizations’ information system and cyber system environment. CIP Security Controls ...Cyber Security: Critical Infrastructure Controls Assessment Framework Systems and Software Technology Conference, Utah May 16-19, 2011 Bharat Shah
Heiser, Micha; Thaler, Thomas; Fuchs, Sven
Strategic infrastructure networks include the highly complex and interconnected systems that are so vital to a city or state that any sudden disruption can result in debilitating impacts on human life, the economy and the society as a whole. Recently, various studies have applied complex network-based models to study the performance and vulnerability of infrastructure systems under various types of attacks and hazards - a major part of them is, particularly after the 9/11 incident, related to terrorism attacks. Here, vulnerability is generally defined as the performance drop of an infrastructure system under a given disruptive event. The performance can be measured by different metrics, which correspond to various levels of resilience. In this paper, we will address vulnerability and exposure of critical infrastructure in the Eastern Alps. The Federal State Tyrol is an international transport route and an essential component of the north-south transport connectivity in Europe. Any interruption of the transport flow leads to incommensurable consequences in terms of indirect losses, since the system does not feature redundant elements at comparable economic efficiency. Natural hazard processes such as floods, debris flows, rock falls and avalanches, endanger this infrastructure line, such as large flood events in 2005 or 2012, rock falls 2014, which had strong impacts to the critical infrastructure, such as disruption of the railway lines (in 2005 and 2012), highways and motorways (in 2014). The aim of this paper is to present how critical infrastructures as well as communities and societies are vulnerable and can be resilient against natural hazard risks and the relative cascading effects to different compartments (industrial, infrastructural, societal, institutional, cultural, etc.), which is the dominant by the type of hazard (avalanches, torrential flooding, debris flow, rock falls). Specific themes will be addressed in various case studies to allow cross
Sanatinia, Amirali; Noubir, Guevara
Over the last decade botnets survived by adopting a sequence of increasingly sophisticated strategies to evade detection and take overs, and to monetize their infrastructure. At the same time, the success of privacy infrastructures such as Tor opened the door to illegal activities, including botnets, ransomware, and a marketplace for drugs and contraband. We contend that the next waves of botnets will extensively subvert privacy infrastructure and cryptographic mechanisms. In this work we pro...
...; ] DEPARTMENT OF ENERGY Federal Energy Regulatory Commission 18 CFR Part 40 Version 5 Critical Infrastructure... 5 Critical Infrastructure Protection Reliability Standards, 143 FERC ] 61,055 (2013). This errata...
Zakaria, Siti Fairus; Zin, Rosli Mohamad; Mohamad, Ismail; Balubaid, Saeed; Mydin, Shaik Hussein; Mohd Rahim, E. M. Roodienyanto
Construction of infrastructure project is different from buildings. The main difference is term of project site where infrastructure project need to command a long stretch while building mostly confine to a limited area. As such factors that are critical to infrastructure project may not be that significant to building project and vice versa. Flood mitigation can be classified under infrastructure projects under which their developments are planned by the government with the specific objective to reduce or avoid the negative effects of flood to the environment and livelihood. One of the indicators in project success is delay. The impact of project delay in construction industry is significant that it decelerates the projects implementation, specifically the government projects. This study attempted to identify and compare the success factors between infrastructure and building projects, as such comparison rarely found in the current literature. A model of flood mitigation projects' success factors was developed by merging the experts' views and reports from the existing literature. The experts' views were obtained from the responses to open-ended questions on the required fundamentals to achieve successful completion of flood mitigation projects. An affinity analysis was applied to these responses to develop the model. The developed model was then compared to the established success factors found in building project, extracted from the previous studies to identify the similarities and differences between the two models. This study would assist the government and construction players to become more effective in constructing successful flood mitigation projects for the future practice in a flood-prone country like Malaysia.
Boyer, Blake R.
This paper examines the ranking of critical assets within an electrical grid under threat of cyber attack.1 Critical to this analysis is the assumption of zero hour exploits namely, the threat of an immediate attack as soon as a vulnerability is discovered. Modeling shows that over time load fluctuations as well as other system variations will change the importance of each asset in the delivery of bulk power. As opposed to classic stability studies where risk can be shown to be greatest during high load periods, the zero hour exploit-cyber-risk assumes that vulnerabilities will be attacked as soon as they are discovered. The probability of attacks is made uniform over time to include any and all possible attacks. Examining the impact of an attack and how the grid reacts immediately following an attack will identify and determine the criticality of each asset. This work endeavors to fulfill the NERC Critical Infrastructure Protection Requirements CIP-001-1 through CIP-009-2, cyber security requirements for the reliable supply of bulk power to customers throughout North America. 1Critical assets will here refer to facilities, systems, and equipment, which, if destroyed, degraded, or otherwise rendered unavailable, would affect the reliability or operability of the Bulk Electric System, NERC Glossary of Terms Used in Reliability Standards, 2009
... SECURITY Protected Critical Infrastructure Information (PCII) Stakeholder Survey AGENCY: National... the Critical Infrastructure Information Act of 2002, (Sections 211-215, Title II, Subtitle B of the... owners and operators of critical infrastructure and protected systems. The PCII Program is implemented by...
... SECURITY Critical Infrastructure Partnership Advisory Council (CIPAC) AGENCY: National Protection and... Government and critical infrastructure owners and operators and provides a forum in which they can engage in a broad spectrum of activities to support and coordinate critical infrastructure protection. The...
Full Text Available Vulnerability analysis of network models has been widely adopted to explore the potential impacts of random disturbances, deliberate attacks, and natural disasters. However, almost all these models are based on a fixed topological structure, in which the physical properties of infrastructure components and their interrelationships are not well captured. In this paper, a new research framework is put forward to quantitatively explore and assess the complexity and vulnerability of critical infrastructure systems. Then, a case study is presented to prove the feasibility and validity of the proposed framework. After constructing metro physical network (MPN, Pajek is employed to analyze its corresponding topological properties, including degree, betweenness, average path length, network diameter, and clustering coefficient. With a comprehensive understanding of the complexity of MPN, it would be beneficial for metro system to restrain original near-miss or accidents and support decision-making in emergency situations. Moreover, through the analysis of two simulation protocols for system component failure, it is found that the MPN turned to be vulnerable under the condition that the high-degree nodes or high-betweenness edges are attacked. These findings will be conductive to offer recommendations and proposals for robust design, risk-based decision-making, and prioritization of risk reduction investment.
This book presents recent research in the recognition of vulnerabilities of national systems and assets which gained special attention for the Critical Infrastructures in the last two decades. The book concentrates on R&D activities in the relation of Critical Infrastructures focusing on enhancing the performance of services as well as the level of security. The objectives of the book are based on a project entitled "Critical Infrastructure Protection Researches" (TÁMOP-4.2.1.B-11/2/KMR-2011-0001) which concentrated on innovative UAV solutions, robotics, cybersecurity, surface engineering, and mechatrinics and technologies providing safe operations of essential assets. This report is summarizing the methodologies and efforts taken to fulfill the goals defined. The project has been performed by the consortium of the Óbuda University and the National University of Public Service.
Storbakken, Steven H; Kendall, Shannon; Lackey, Connie
Organizations that stand the best chance at survival following a disaster do so because they can depend on the sharing of resources and mutual ideologies, the authors claim, pointing out that when it comes to strategizing for 96-hour critical infrastructure compliance, it is important to keep at the forefront not only the idea of collaborative planning from within the organization--involving security and safety, clinical, facilities and administrative staffs--but also includes collaborative planning with the local and regional businesses surrounding the organization.
Wilson, Thomas M.; Stewart, Carol; Sword-Daniels, Victoria; Leonard, Graham S.; Johnston, David M.; Cole, Jim W.; Wardman, Johnny; Wilson, Grant; Barnard, Scott T.
Volcanic eruptions can produce a wide range of hazards. Although phenomena such as pyroclastic flows and surges, sector collapses, lahars and ballistic blocks are the most destructive and dangerous, volcanic ash is by far the most widely distributed eruption product. Although ash falls rarely endanger human life directly, threats to public health and disruption to critical infrastructure services, aviation and primary production can lead to significant societal impacts. Even relatively small eruptions can cause widespread disruption, damage and economic loss. Volcanic eruptions are, in general, infrequent and somewhat exotic occurrences, and consequently in many parts of the world, the management of critical infrastructure during volcanic crises can be improved with greater knowledge of the likely impacts. This article presents an overview of volcanic ash impacts on critical infrastructure, other than aviation and fuel supply, illustrated by findings from impact assessment reconnaissance trips carried out to a wide range of locations worldwide by our international research group and local collaborators. ‘Critical infrastructure’ includes those assets, frequently taken for granted, which are essential for the functioning of a society and economy. Electricity networks are very vulnerable to disruption from volcanic ash falls. This is particularly the case when fine ash is erupted because it has a greater tendency to adhere to line and substation insulators, where it can cause flashover (unintended electrical discharge) which can in turn cause widespread and disruptive outages. Weather conditions are a major determinant of flashover risk. Dry ash is not conductive, and heavy rain will wash ash from insulators, but light rain/mist will mobilise readily-soluble salts on the surface of the ash grains and lower the ash layer’s resistivity. Wet ash is also heavier than dry ash, increasing the risk of line breakage or tower/pole collapse. Particular issues for water
Panguluri, Srinivas; Phillips, William; Cusimano, John
Multiple organizations over the years have collected and analyzed data on cyber attacks and they all agree on one conclusion: cyber attacks are real and can cause significant damages. This paper presents some recent statistics on cyber attacks and resulting damages. Water and wastewater utilities must adopt countermeasures to prevent or minimize the damage in case of such attacks. Many unique challenges are faced by the water and wastewater industry while selecting and implementing security countermeasures; the key challenges are: 1) the increasing interconnection of their business and control system networks, 2) large variation of proprietary industrial control equipment utilized, 3) multitude of cross-sector cyber-security standards, and 4) the differences in the equipment vendor's approaches to meet these security standards. The utilities can meet these challenges by voluntarily selecting and adopting security standards, conducting a gap analysis, performing vulnerability/risk analysis, and undertaking countermeasures that best meets their security and organizational requirements. Utilities should optimally utilize their limited resources to prepare and implement necessary programs that are designed to increase cyber-security over the years. Implementing cyber security does not necessarily have to be expensive, substantial improvements can be accomplished through policy, procedure, training and awareness. Utilities can also get creative and allocate more funding through annual budgets and reduce dependence upon capital improvement programs to achieve improvements in cyber-security.
Wang, Shuliang; Zhang, Jianhua; Zhao, Mingwei; Min, Xu
This paper takes central China power grid (CCPG) as an example, and analyzes the vulnerability of the power systems under terrorist attacks. To simulate the intelligence of terrorist attacks, a method of critical attack area identification according to community structures is introduced. Meanwhile, three types of vulnerability models and the corresponding vulnerability metrics are given for comparative analysis. On this basis, influence of terrorist attacks on different critical areas is studied. Identifying the vulnerability of different critical areas will be conducted. At the same time, vulnerabilities of critical areas under different tolerance parameters and different vulnerability models are acquired and compared. Results show that only a few number of vertex disruptions may cause some critical areas collapse completely, they can generate great performance losses the whole systems. Further more, the variation of vulnerability values under different scenarios is very large. Critical areas which can cause greater damage under terrorist attacks should be given priority of protection to reduce vulnerability. The proposed method can be applied to analyze the vulnerability of other infrastructure systems, they can help decision makers search mitigation action and optimum protection strategy.
Rummukainen, Lauri; Oksama, Lauri; Timonen, Jussi; Vankka, Jouko
This paper presents a solution for visualizing the common operating picture (COP) of the critical infrastructure (CI). The purpose is to improve the situational awareness (SA) of the strategic-level actor and the source system operator in order to support decision making. The information is obtained through the Situational Awareness of Critical Infrastructure and Networks (SACIN) framework. The system consists of an agent-based solution for gathering, storing, and analyzing the information, and a user interface (UI) is presented in this paper. The UI consists of multiple views visualizing information from the CI in different ways. Different CI actors are categorized in 11 separate sectors, and events are used to present meaningful incidents. Past and current states, together with geographical distribution and logical dependencies, are presented to the user. The current states are visualized as segmented circles to represent event categories. Geographical distribution of assets is displayed with a well-known map tool. Logical dependencies are presented in a simple directed graph, and users also have a timeline to review past events. The objective of the UI is to provide an easily understandable overview of the CI status. Therefore, testing methods, such as a walkthrough, an informal walkthrough, and the Situation Awareness Global Assessment Technique (SAGAT), were used in the evaluation of the UI. Results showed that users were able to obtain an understanding of the current state of CI, and the usability of the UI was rated as good. In particular, the designated display for the CI overview and the timeline were found to be efficient.
Full Text Available Logistical infrastructure builds the backbone of an economy. Without an effective logistical infrastructure in place, the supply for both enterprises and consumers might not be met. But even a high-quality logistical infrastructure can be threatened by risks. Thus, it is important to identify, analyse, and evaluate risks for logistical infrastructure that might threaten logistical processes. Only if those risks are known and their impact estimated, decision makers can implement counteractive measures to reduce risks. In this article, we develop a network-based approach that allows for the evaluation of risks and their consequences onto the logistical network. We will demonstrate the relevance of this approach by applying it to the logistics network of the central German state of Hesse. Even though transport data is extensively tracked and recorded nowadays, typical daily risks, like accidents on a motorway, and extraordinary risks, like a bridge at risk to collapse, terrorist attacks or climate-related catastrophes, are not systematically anticipated. Several studies unveiled recently that the overall impact for an economy of possible failures of single nodes and/or edges in a network are not calculated, and particularly critical edges are not identified in advance. We address this information gap by a method that helps to identify and quantify risks in a given network. To reach this objective, we define a mathematical optimization model that quantifies the current “risk-related costs” of the overall network and quantify the risk by investigating the change of the overall costs in the case a risk is realized.
Given a desired goal of testing the capabilities of mainstream antivirus software against evasive malicious payloads delivered via drive-by download, this work aims to extend the functionality of Metasploit--the penetration testing suite of choice--in a three-fold manner: (1) to allow it to dynamically generate evasive forms of Metasploit-packaged malicious binaries, (2) to provide an evasive means of delivering said executables through a drive-by download-derived attack vector, and (3) to co...
Luiijf, H.A.M.; Klaver, M.H.A.
Modern societies are increasingly dependent on a set of critical products and services which comprise the Critical Infrastructure (CI). This makes Critical infrastructures increasingly important as a planning factor in case of emergencies. For that reason, we studied a number of emergencies and a
Klaver, M.H.A.; Luiijf, H.A.M.
Modern societies are increasingly dependent on a set of critical products and services which comprise the Critical Infrastructure (CI). Relatively well-known threats as well as the new terrorist threat increase the need for Critical Infrastructure Protection (CIP). Using a methodological approach,
... PROCESS § 5.30 Critical energy infrastructure information. If any action required by this part requires a potential Applicant or Applicant to reveal Critical Energy Infrastructure Information, as defined by § 388... 18 Conservation of Power and Water Resources 1 2010-04-01 2010-04-01 false Critical energy...
Utne, Ingrid; Vatn, Jørn
Today’s society is completely dependent on critical networks such as water supply, sewage, electricity, ICT and transportation. Risk and vulnerability analyses are needed to grasp the impact of threats and hazards. However, these become quite complex as there are strong interdependencies both within and between infrastructure systems. Risk and Interdependencies in Critical Infrastructures: A guideline for analysis provides methods for analyzing risks and interdependencies of critical infrastructures. A number of analysis approaches are described and are adapted to each of these infrastructures. Various approaches are also revised, and all are supported by several examples and illustrations. Particular emphasis is given to the analysis of various interdependencies that often exist between the infrastructures. Risk and Interdependencies in Critical Infrastructures: A guideline for analysis provides a good tool to identify the hazards that are threatening your infrastructures, and will enhance the un...
... stability, public health, or safety. This month, we affirm the fundamental importance of our critical... our transportation networks, electricity grid, financial systems, and other assets and infrastructure...
Full Text Available The paper outlines a bioinspired approach named “network nervous system" and methods of simulation of infrastructure attacks and protection mechanisms based on this approach. The protection mechanisms based on this approach consist of distributed prosedures of information collection and processing, which coordinate the activities of the main devices of a computer network, identify attacks, and determine nessesary countermeasures. Attacks and protection mechanisms are specified as structural models using a set-theoretic approach. An environment for simulation of protection mechanisms based on the biological metaphor is considered; the experiments demonstrating the effectiveness of the protection mechanisms are described.
Jiang, Guoliang; Peters, Kara
In this paper, the concept, modeling and preliminary testing of an intelligent FRP retrofit with self-monitoring capabilities for critical civil infrastructures are presented. This intelligent system is based on an easy-to-apply configuration of FRP pre-preg tapes with multiple stacked unidirectional layers of piezoelectric or SMA actuators and integrated optical fiber sensors. This intelligent retrofit will be able to not only monitor conditions including bonding of the FRP to the structure and opening of concrete cracks, but also minimize the crack opening and retard the progression of further FRP debonding. Towards this end, a computationally efficient two-dimensional shear stress-transfer model based on a simplified shear lag analysis is developed, with consideration of the fact that the stress transfer between the FRP, actuator and sensor layers in the intelligent system is complex. The effectiveness of this model is demonstrated through one numerical benchmark problem and one typical FRP configuration, with comparison of each to full threedimensional finite element models. The agreement between the two formulations is shown to be further improved by adjustment of the assumed shape functions. A preliminary experiment is also presented in which pre-fabricated optical fiber ribbons are embedded into the FRP strengthening of a full-scale concrete beam. Results from static loading test of the FRP strengthened beam show the feasibility of this technique for the self-monitoring FRP retrofits.
Maltezos, Evangelos; Skitsas, Michael; Charalambous, Elisavet; Koutras, Nikolaos; Bliziotis, Dimitris; Themistocleous, Kyriacos
The constant technological evolution in Computer Vision enabled the development of new techniques which in conjunction with the use of Unmanned Aerial Vehicles (UAVs) may extract high quality photogrammetric products for several applications. Dense Image Matching (DIM) is a Computer Vision technique that can generate a dense 3D point cloud of an area or object. The use of UAV systems and DIM techniques is not only a flexible and attractive solution to produce accurate and high qualitative photogrammetric results but also is a major contribution to cost effectiveness. In this context, this study aims to highlight the benefits of the use of the UAVs in critical infrastructure monitoring applying DIM. A Multi-View Stereo (MVS) approach using multiple images (RGB digital aerial and oblique images), to fully cover the area of interest, is implemented. The application area is an Olympic venue in Attica, Greece, at an area of 400 acres. The results of our study indicate that the UAV+DIM approach respond very well to the increasingly greater demands for accurate and cost effective applications when provided with, a 3D point cloud and orthomosaic.
...: Once. Affected Public: Designated private sector employees of critical infrastructure entities or... SECURITY Critical Infrastructure Private Sector Clearance Program Request AGENCY: National Protection and... Collection Request (ICR) to the Office of Management and Budget (OMB) for review and clearance in accordance...
... From the Federal Register Online via the Government Publishing Office DEPARTMENT OF ENERGY Federal Energy Regulatory Commission 18 CFR Part 40 Version 5 Critical Infrastructure Protection Reliability... proceeding, Version 5 Critical Infrastructure Protection Reliability Standards, 145 FERC ] 61,160 (2013...
Outlines the U.S. Critical Infrastructure Protection Board's purpose, budget, principles, and priorities. Describes the board's role in coordinating all federal activities related to protection of information systems and networks supporting critical infrastructures. Also discusses its responsibility in creating a policy and road map for government…
damage from EMP effects. 19 Key Task: Security—Physically Protecting and Securing Critical Infrastructure The electric grid attacks and Katrina...Critical Infrastructure Protection and Federal Statutory Authority for the Departments of Homeland Security and Defense to Perform Two Key Tasks A...and Defense to Perform Two Key Tasks 5a. CONTRACT NUMBER 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 6. AUTHOR(S) Patricia Ladnier 5d
Today’s society relies upon an array of complex national and international infrastructure networks such as transportation, telecommunication, financial and energy. Understanding these interdependencies is necessary in order to protect our critical infrastructure. The Critical Infrastructure Modeling System, CIMS©, examines the interrelationships between infrastructure networks. CIMS© development is sponsored by the National Security Division at the Idaho National Laboratory (INL) in its ongoing mission for providing critical infrastructure protection and preparedness. A genetic algorithm (GA) is an optimization technique based on Darwin’s theory of evolution. A GA can be coupled with CIMS© to search for optimum ways to protect infrastructure assets. This includes identifying optimum assets to enforce or protect, testing the addition of or change to infrastructure before implementation, or finding the optimum response to an emergency for response planning. This paper describes the addition of a GA to infrastructure modeling for infrastructure planning. It first introduces the CIMS© infrastructure modeling software used as the modeling engine to support the GA. Next, the GA techniques and parameters are defined. Then a test scenario illustrates the integration with CIMS© and the preliminary results.
... Attorney General, in coordination with the Director of National Intelligence, shall establish a system for..., innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and... infrastructure means systems and assets, whether physical or virtual, so vital to the United States that the...
Luiijf, H.A.M.; Burger, H.H.; Klaver, M.H.A.
Some sectors and parts of the Dutch national infrastructure are that essential to the Netherlands that serious disruption or even loss of service could lead to a severe impact to the Dutch society, government and industry as well as to those of neighbouring countries. Early 2002, the Dutch
de Bruijn Karin M.
Full Text Available Recent flood events in Ireland and particularly in County Cork have caused significant disruption to health service provisions, interruption of water and power supplies, and damage to roads and other transportation infrastructure, affecting the lives of hundreds of thousands of people over a prolonged period of weeks. These events clearly reveal- the vulnerability of the critical infrastructure to flooding and the dependence of society on critical infrastructure. In order to reduce the flood vulnerability and increase the resilience of the critical infrastructure networks in the future, detailed evidence-based analysis and assessment is essential. To this end a case study has been carried out on Cork City which analyses this vulnerability as it was in 2009, and as it is currently, and identifies adaptation options to reduce the future vulnerability of critical infrastructure to flooding and to build a more resilient society. This paper describes the storyline approach and CIrcle tool and their application to Cork City which focused on the analysis of the flood vulnerability of critical infrastructure and the impacts of failure of the infrastructure for other critical functions and on society.
Kaminsky, Dan; Patterson, Meredith L.; Sassaman, Len
Research unveiled in December of 2008  showed how MD5's long-known flaws could be actively exploited to attack the real-worldCertification Authority infrastructure. In this paper, we demonstrate two new classes of collision, which will be somewhat trickier to address than previous attacks against X.509: the applicability of MD2 preimage attacks against the primary root certificate for Verisign, and the difficulty of validating X.509 Names contained within PKCS#10 Certificate Requests.We also draw particular attention to two possibly unrecognized vectors for implementation flaws that have been problematic in the past: the ASN.1 BER decoder required to parsePKCS#10, and the potential for SQL injection fromtext contained within its requests. Finally, we explore why the implications of these attacks are broader than some have realized - first, because Client Authentication is sometimes tied to X.509, and second, because Extended Validation certificates were only intended to stop phishing attacks from names similar to trusted brands. As per the work of Adam Barth and Collin Jackson , EV does not prevent an attacker who can synthesize or acquire a "low assurance" certificate for a given name from acquiring the "green bar" EV experience.
reflet des changements similaires qui se sont produits aux États-Unis. Des mesures antiterrorismes ont été adoptées en partie pour calmer les...considered climate change to be a bigger threat to Canada’s vital interests over the next ten years than terrorism.25 5.1 Terrorism...that investment in more robust infrastructure is needed to avoid the risk of a re-occurrence. Those who are convinced that climate change (perceived
... more resilient. Working together, we can raise awareness of the important role our critical infrastructure plays in sustaining the American way of life and develop actions to protect these vital resources...
Full Text Available The paper will focus on multi-hazard assessment following the failure of the Ezer dam on Jijia river. All induced risks are analyzed in terms of critical infrastructure protection, considering three possible failure scenarios.
LSU was one of the universities chosen to participate in the project of training new researchers to work on the Critical Infrastructure Protection and Information Assurance (CIPIA) areas. Three Ph.D...
M.Com. (Informatics) Critical Infrastructure is the term used to describe assets that are of utmost importance, or in other words, essential in the functioning of an environment. Societies depend on their critical infrastructure in order to maintain and continuously improve on their population’s standard of living. The creation of more self-sustainable methods of energy consumption and generation drives towards the creation of a better and more efficient evolution of the power grid critica...
gestion des urgences en appliquant une approche scientifique et en démontrant la valeur de celle-ci. Le projet porte principalement sur l’évaluation...infrastructures essentielles (IE), une initiative de Recherche et développement pour la défense Canada (RDDC) dans le cadre de son projet de ... des sciences pour la sécurité de RDDC; DRDC CSS TN 2012-013; R & D pour la défense Canada – CSS; octobre 2012. Contexte : Le
... SECURITY Protected Critical Infrastructure Information (PCII) Office Self- Assessment Questionnaire AGENCY... Information Collection Division (IICD), Protected Critical Infrastructure Information (PCII) Program will...: The PCII Program was created by Congress under the Critical Infrastructure Information Act of 2002...
... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2012-0046] Protected Critical Infrastructure...), Protected Critical Infrastructure Information (PCII) Program will submit the following Information... of critical infrastructure and protected systems. IICD administers the PCII Program. The PCII Program...
... SECURITY National Protection and Programs Directorate; Critical Infrastructure Partnership Advisory Council... of owners and/or operators for each of the critical infrastructure and key resources (CIKR) sectors...; conducting operational activities related to critical infrastructure protection security measures, incident...
... information provided. SUPPLEMENTARY INFORMATION: The Critical Infrastructure and Key Resources (CIKR) Asset..., Office of Infrastructure Protection, Infrastructure Information Collection Division. Title: Critical...] [FR Doc No: 2012-15014] DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2012-0002] Critical...
This book describes the challenges that critical infrastructure systems face, and presents state of the art solutions to address them. How can we design intelligent systems or intelligent agents that can make appropriate real-time decisions in the management of such large-scale, complex systems? What are the primary challenges for critical infrastructure systems? The book also provides readers with the relevant information to recognize how important infrastructures are, and their role in connection with a society’s economy, security and prosperity. It goes on to describe state-of-the-art solutions to address these points, including new methodologies and instrumentation tools (e.g. embedded software and intelligent algorithms) for transforming and optimizing target infrastructures. The book is the most comprehensive resource to date for professionals in both the private and public sectors, while also offering an essential guide for students and researchers in the areas of modeling and analysis of critical in...
The Nation’s health, wealth, and security rely on the production and distribution of certain goods and services. The array of physical assets, processes, and organizations across which these goods and services move are called "critical infrastructures".1 This statement is as true in the U.S. as in any country in the world. Recent world events such as the 9-11 terrorist attacks, London bombings, and gulf coast hurricanes have highlighted the importance of stable electric, gas and oil, water, transportation, banking and finance, and control and communication infrastructure systems. Be it through direct connectivity, policies and procedures, or geospatial proximity, most critical infrastructure systems interact. These interactions often create complex relationships, dependencies, and interdependencies that cross infrastructure boundaries. The modeling and analysis of interdependencies between critical infrastructure elements is a relatively new and very important field of study. The U.S. Technical Support Working Group (TSWG) has sponsored this survey to identify and describe this current area of research including the current activities in this field being conducted both in the U.S. and internationally. The main objective of this study is to develop a single source reference of critical infrastructure interdependency modeling tools (CIIMT) that could be applied to allow users to objectively assess the capabilities of CIIMT. This information will provide guidance for directing research and development to address the gaps in development. The results will inform researchers of the TSWG Infrastructure Protection Subgroup of research and development efforts and allow a more focused approach to addressing the needs of CIIMT end-user needs. This report first presents the field of infrastructure interdependency analysis, describes the survey methodology, and presents the leading research efforts in both a cumulative table and through individual datasheets. Data was
BARTON,DIANNE C.; STAMBER,KEVIN L.
US infrastructures provide essential services that support the economic prosperity and quality of life. Today, the latest threat to these infrastructures is the increasing complexity and interconnectedness of the system. On balance, added connectivity will improve economic efficiency; however, increased coupling could also result in situations where a disturbance in an isolated infrastructure unexpectedly cascades across diverse infrastructures. An understanding of the behavior of complex systems can be critical to understanding and predicting infrastructure responses to unexpected perturbation. Sandia National Laboratories has developed an agent-based model of critical US infrastructures using time-dependent Monte Carlo methods and a genetic algorithm learning classifier system to control decision making. The model is currently under development and contains agents that represent the several areas within the interconnected infrastructures, including electric power and fuel supply. Previous work shows that agent-based simulations models have the potential to improve the accuracy of complex system forecasting and to provide new insights into the factors that are the primary drivers of emergent behaviors in interdependent systems. Simulation results can be examined both computationally and analytically, offering new ways of theorizing about the impact of perturbations to an infrastructure network.
McConachie Way, sur l’île Sea, près de l’aéroport de Vancouver. Le potentiel de dommages aux bâtiments a été évalué dans les zones d’accélération du sol ...parvenir à formaliser la compréhension des interdépendances entre les zones d’infrastructure dans des situations extrêmes. Le travail actuel est...d’accélération du sol . Trois catégories de dommages aux bâtiments ont été constatées : risque élevé, risque faible et risque nul. L’analyse spatiale a permis
Petit, Frederic [Argonne National Lab. (ANL), Argonne, IL (United States); Verner, Duane [Argonne National Lab. (ANL), Argonne, IL (United States); Brannegan, David [Argonne National Lab. (ANL), Argonne, IL (United States); Buehring, William [Argonne National Lab. (ANL), Argonne, IL (United States); Dickinson, David [Argonne National Lab. (ANL), Argonne, IL (United States); Guziel, Karen [Argonne National Lab. (ANL), Argonne, IL (United States); Haffenden, Rebecca [Argonne National Lab. (ANL), Argonne, IL (United States); Phillips, Julia [Argonne National Lab. (ANL), Argonne, IL (United States); Peerenboom, James [Argonne National Lab. (ANL), Argonne, IL (United States)
The report begins by defining dependencies and interdependencies and exploring basic concepts of dependencies in order to facilitate a common understanding and consistent analytical approaches. Key concepts covered include; Characteristics of dependencies: upstream dependencies, internal dependencies, and downstream dependencies; Classes of dependencies: physical, cyber, geographic, and logical; and Dimensions of dependencies: operating environment, coupling and response behavior, type of failure, infrastructure characteristics, and state of operations From there, the report proposes a multi-phase roadmap to support dependency and interdependency assessment activities nationwide, identifying a range of data inputs, analysis activities, and potential products for each phase, as well as key steps needed to progress from one phase to the next. The report concludes by outlining a comprehensive, iterative, and scalable framework for analyzing dependencies and interdependencies that stakeholders can integrate into existing risk and resilience assessment efforts.
Ouyang, Min; Tian, Hui; Wang, Zhenghua; Hong, Liu; Mao, Zijun
This article studies a general type of initiating events in critical infrastructures, called spatially localized failures (SLFs), which are defined as the failure of a set of infrastructure components distributed in a spatially localized area due to damage sustained, while other components outside the area do not directly fail. These failures can be regarded as a special type of intentional attack, such as bomb or explosive assault, or a generalized modeling of the impact of localized natural hazards on large-scale systems. This article introduces three SLFs models: node centered SLFs, district-based SLFs, and circle-shaped SLFs, and proposes a SLFs-induced vulnerability analysis method from three aspects: identification of critical locations, comparisons of infrastructure vulnerability to random failures, topologically localized failures and SLFs, and quantification of infrastructure information value. The proposed SLFs-induced vulnerability analysis method is finally applied to the Chinese railway system and can be also easily adapted to analyze other critical infrastructures for valuable protection suggestions. © 2017 Society for Risk Analysis.
these facilities could be upgraded and used for producing extreme fires and tests of critical infrastructure elements, e.g. a reinforced concrete column... reinforcing fibre , could reduce damage to the infrastructure in such an event. Another example is to develop a fire protection material coated on the...and cast-in-place concrete , high strength concrete , ultra high performance concrete , and concrete with polypropylene (PP) fibres . Inspection
Shin, Young Don; Park, Cheol Young; Lee, Jae-Chon
Today's war field environment is getting versatile as the activities of unconventional wars such as terrorist attacks and cyber-attacks have noticeably increased lately. The damage caused by such unconventional wars has also turned out to be serious particularly if targets are critical infrastructures that are constructed in support of banking and finance, transportation, power, information and communication, government, and so on. The critical infrastructures are usually interconnected to each other and thus are very vulnerable to attack. As such, to ensure the security of critical infrastructures is very important and thus the concept of critical infrastructure protection (CIP) has come. The program to realize the CIP at national level becomes the form of statute in each country. On the other hand, it is also needed to protect each individual critical infrastructure. The objective of this paper is to study on an effort to do so, which can be called the CIP system (CIPS). There could be a variety of ways to design CIPS's. Instead of considering the design of each individual CIPS, a reference model-based approach is taken in this paper. The reference model represents the design of all the CIPS's that have many design elements in common. In addition, the development of the reference model is also carried out using a variety of model diagrams. The modeling language used therein is the systems modeling language (SysML), which was developed and is managed by Object Management Group (OMG) and a de facto standard. Using SysML, the structure and operational concept of the reference model are designed to fulfil the goal of CIPS's, resulting in the block definition and activity diagrams. As a case study, the operational scenario of the nuclear power plant while being attacked by terrorists is studied using the reference model. The effectiveness of the results is also analyzed using multiple analysis models. It is thus expected that the approach taken here has some merits
CHDS State/Local Social media is on the forefront of leading capabilities to share information faster, more broadly, and to extremely large, targeted audiences. To many in the business of disseminating information quickly to these broad audiences, social media is a critical enabler. Areas of homeland security, and in particular, critical infrastructure protection, rely significantly on sharing information with partners across the mission yet are consistently criticized for their inability ...
Baron, Jill; Specht, Alison; Garnier, Eric; Bishop, Pamela; Campbell, C. Andrew; Davis, Frank W.; Fady, Bruno; Field, Dawn; Gross, Louis J.; Guru, Siddeswara M.; Halpern, Benjamin S; Hampton, Stephanie E.; Leavitt, Peter R.; Meagher, Thomas R.; Ometto, Jean; Parker, John N.; Price, Richard; Rawson, Casey H.; Rodrigo, Allen; Sheble, Laura A.; Winter, Marten
investment to maximize benefits to science and society is justified. In particular, we argue that synthesis centers represent community infrastructure more akin to research vessels than to term-funded centers of science and technology (e.g., NSF Science and Technology Centers). Through our experience running synthesis centers and, in some cases, developing postfederal funding models, we offer our perspective on the purpose and value of synthesis centers. We present case studies of different outcomes of transition plans and argue for a fundamental shift in the conception of synthesis science and the strategic funding of these centers by government funding agencies.
... 6 Domestic Security 1 2010-01-01 2010-01-01 false Disclosure of Protected Critical Infrastructure... PROTECTED CRITICAL INFRASTRUCTURE INFORMATION § 29.8 Disclosure of Protected Critical Infrastructure..., that such information is shared for purposes of securing the critical infrastructure or protected...
... 6 Domestic Security 1 2010-01-01 2010-01-01 false Protected Critical Infrastructure Information... SECRETARY PROTECTED CRITICAL INFRASTRUCTURE INFORMATION § 29.4 Protected Critical Infrastructure Information...) Protected Critical Infrastructure Information Management System (PCIIMS). The PCII Program Manager shall...
Haupt, R.; Liberman, V.; Rothschild, M.
Each year, on average a major magnitude-8 earthquake strikes somewhere in the world. In addition, 10,000 earthquake related deaths occur annually, where collapsing buildings claim by far most lives. Moreover, in recent events, industry activity of oil extraction and wastewater reinjection are suspect to cause earthquake swarms that threaten high-value oil pipeline networks, U.S. oil storage reserves, and civilian homes. Earthquake engineering building structural designs and materials have evolved over many years to minimize the destructive effects of seismic surface waves. However, even under the best engineering practices, significant damage and numbers of fatalities can still occur. In this effort, we present a concept and approach to redirect and attenuate the ground motion amplitudes of earthquake surface waves by implementing an engineered subsurface seismic barrier. The barrier is comprised of a borehole array complex that impedes and diverts destructive surface waves (typically 2-10 km wavelengths). Computational 2D and 3D seismic wave propagation models developed at MIT Lincoln Laboratory suggest that the borehole array arrangement is critical to the redirection and self-interference reduction of broadband hazardous seismic waves in the vicinity of the structure to protect. For validity, the computational models are compared with data obtained from large bench-scale physical models that contain scaled borehole arrays and trenches. Small contact shakers generate elastic waves in solid media, while contact tri-axial accelerometer arrays measure the resultant wave fields. Field tests are presently being conducted to examine the seismic power reduction across a subsurface borehole array generated by controlled, far-field seismic sources. The sources include a weight drop and oriented seismic vibrational sources that generate low frequency surface and body waves. The pre-borehole condition at the site is measured first with a tri-axial geophone arrangement. The
Vugrin, Eric D.; Brown, Nathanael J. K.; Turnquist, Mark Alan (Cornell University, Ithaca, NY)
Critical infrastructure resilience has become a national priority for the U. S. Department of Homeland Security. System resilience has been studied for several decades in many different disciplines, but no standards or unifying methods exist for critical infrastructure resilience analysis. This report documents the results of a late-start Laboratory Directed Research and Development (LDRD) project that investigated the identification of optimal recovery strategies that maximize resilience. To this goal, we formulate a bi-level optimization problem for infrastructure network models. In the 'inner' problem, we solve for network flows, and we use the 'outer' problem to identify the optimal recovery modes and sequences. We draw from the literature of multi-mode project scheduling problems to create an effective solution strategy for the resilience optimization model. We demonstrate the application of this approach to a set of network models, including a national railroad model and a supply chain for Army munitions production.
Rome, E.; Langeslag, P.J.H.; Usov, A.
Modelling and simulation is an important tool for Critical Infrastructure (CI) dependency analysis, for testing methods for risk reduction, and as well for the evaluation of past failures. Moreover, interaction of such simulations with external threat models, e.g., a river flood model, or economic
... essential to our way of life, and during Critical Infrastructure Protection and Resilience Month, we... Resilience Month, 2012 By the President of the United States of America A Proclamation Every day, Americans... privacy and civil liberties of the American people. Physical threats also put our Nation's most important...
efforts of critical infrastructure protection, the financial services industry and the health care industry are being required to follow new...The guidelines issued for the financial services industry are general (assess risks, have written policies and procedures to control the risk
Number 3020.40 (2010) defines “Defense Critical Infrastructure (DCI) as the composite of DOD and non-DOD assets essential to project, support, and 7...based contract would require things to measure, means to measure, a predefined “ carrot and stick” and means to ensure quality. The outcomes of
This article illustrates the relevance of information warfare models to critical infrastructure protection. Analogies of information warfare models to those of information security and information systems were used to deconstruct the models into their fundamental components and this will be discussed. The models were applied ...
Luiijf, H.A.M.; Theocharidou, M.; Rome, E.
CIPedia© http://www.cipedia.eu is a Wiki-based body of common knowledge for the wide international community of critical infrastructure (CI) protection and resilience stakeholders such as policy makers, researchers, governmental agencies, emergency management organizations, CI operators, and even
Full Text Available The additional risks associated to the actual global and contagious crisis put a severe pressure on the investments in critical infrastructure and there is a real need for new valuations especially those regarding the synergic financing strategies in crit
DiGioia, Jonathan; Watkins, Kari Edison; Xu, Yanzhi; Rodgers, Michael; Guensler, Randall
This paper takes a critical look at the present state of bicycle infrastructure treatment safety research, highlighting data needs. Safety literature relating to 22 bicycle treatments is examined, including findings, study methodologies, and data sources used in the studies. Some preliminary conclusions related to research efficacy are drawn from the available data and findings in the research. While the current body of bicycle safety literature points toward some defensible conclusions regarding the safety and effectiveness of certain bicycle treatments, such as bike lanes and removal of on-street parking, the vast majority treatments are still in need of rigorous research. Fundamental questions arise regarding appropriate exposure measures, crash measures, and crash data sources. This research will aid transportation departments with regard to decisions about bicycle infrastructure and guide future research efforts toward understanding safety impacts of bicycle infrastructure. Copyright © 2017 Elsevier Ltd and National Safety Council. All rights reserved.
Full Text Available Critical Infrastructures (CIs are complex systems. For their operations, these infrastructures are increasingly using Supervisory Control And Data Acquisition (SCADA systems. Management practices are therefore highly dependent on the cyber tools, but also on the data needed to make these tools work. Therefore, CIs are greatly vulnerable to degradation of data. In this context, this paper aims at presenting the fundamentals of a method for analyzing the vulnerabilities of CIs towards the use of cyber data. By characterizing cyber vulnerability of CIs, it will be possible to improve the resilience of these networks and to foster a proactive approach to risk management not only by considering cybernetics from a cyber-attack point of view but also by considering the consequences of the use of corrupted data.
Görbil, Gökçe; Gelenbe, Erol
The simulation of critical infrastructures (CI) can involve the use of diverse domain specific simulators that run on geographically distant sites. These diverse simulators must then be coordinated to run concurrently in order to evaluate the performance of critical infrastructures which influence each other, especially in emergency or resource-critical situations. We therefore describe the design of an adaptive communication middleware that provides reliable and real-time one-to-one and group communications for federations of CI simulators over a wide-area network (WAN). The proposed middleware is composed of mobile agent-based peer-to-peer (P2P) overlays, called virtual networks (VNets), to enable resilient, adaptive and real-time communications over unreliable and dynamic physical networks (PNets). The autonomous software agents comprising the communication middleware monitor their performance and the underlying PNet, and dynamically adapt the P2P overlay and migrate over the PNet in order to optimize communications according to the requirements of the federation and the current conditions of the PNet. Reliable communications is provided via redundancy within the communication middleware and intelligent migration of agents over the PNet. The proposed middleware integrates security methods in order to protect the communication infrastructure against attacks and provide privacy and anonymity to the participants of the federation. Experiments with an initial version of the communication middleware over a real-life networking testbed show that promising improvements can be obtained for unicast and group communications via the agent migration capability of our middleware.
Machalek, Aurel; Dunlop, Dominic; Simon, Carlo; Hoben, Ralf
Modern society is increasingly dependent on critical infrastructure and on the services that it provides. The loss of one of these services may hit the public immediately in manners which are not always predictable. Furthermore, the amount of time that a given service is unavailable will affect other services through numerous direct and indirect dependencies, which are seldom considered. Natural or man-made disasters, and combinations of both, will have effects that are difficult or impossibl...
Donnelly, Timothy S.
Approved for public release; distribution is unlimited What constitutes an effective Critical Infrastructure and Key Resources (CIKR) protection program for Massachusetts This study evaluates existing literature regarding CIKR to extrapolate an infrastructure protection role for Massachusetts. By reviewing historical events and government strategies regarding infrastructure protection, Chapters I and II will provide scope and context for issues surrounding critical infrastructure. Chapter ...
An Overview of Pilot Projects in Support of Critical Infrastructure Resilience Lynne Genik, MSc Critical Infrastructure Resilience Portfolio...the local environment. Keywords — critical infrastructure , resilience, pilot project, tools, architecture frameworks, soft systems methodology...safety and security for the Vancouver 2010 Olympics , the Defence Research and Development Canada – Centre for Security Science (DRDC CSS) and
... Critical Energy Infrastructure Information Coordinator. 375.313 Section 375.313 Conservation of Power and... COMMISSION Delegations § 375.313 Delegations to the Critical Energy Infrastructure Information Coordinator... requests for critical energy infrastructure information as defined in § 388.113(c)(1). (b) Make...
Full Text Available Nowadays, the fact that Networked Critical Infrastructures (NCI, e.g., power plants, water plants, oil and gas distribution infrastructures, and electricity grids, are targeted by significant cyber threats is well known. Nevertheless, recent research has shown that specific characteristics of NCI can be exploited in the enabling of more efficient mitigation techniques, while novel techniques from the field of IP networks can bring significant advantages. In this paper we explore the interconnection of NCI communication infrastructures with Software Defined Networking (SDN-enabled network topologies. SDN provides the means to create virtual networking services and to implement global networking decisions. It relies on OpenFlow to enable communication with remote devices and has been recently categorized as the “Next Big Technology”, which will revolutionize the way decisions are implemented in switches and routers. Therefore, the paper documents the first steps towards enabling an SDN-NCI and presents the impact of a Denial of Service experiment over traffic resulting from an XBee sensor network which is routed across an emulated SDN network.
Johnson, Chris W
We identify four roles that social networking plays in the 'attribution problem', which obscures whether or not cyber-attacks were state-sponsored. First, social networks motivate individuals to participate in Distributed Denial of Service attacks by providing malware and identifying potential targets. Second, attackers use an individual's social network to focus attacks, through spear phishing. Recipients are more likely to open infected attachments when they come from a trusted source. Third, social networking infrastructures create disposable architectures to coordinate attacks through command and control servers. The ubiquitous nature of these architectures makes it difficult to determine who owns and operates the servers. Finally, governments recruit anti-social criminal networks to launch attacks on third-party infrastructures using botnets. The closing sections identify a roadmap to increase resilience against the 'dark side' of social networking.
Chandrashekar, S.V; Eldo Johny
Animosity to acid attacks is deliberated as foulest acts, a form of gender terrorism within the feminist read. It’s a form of vicious violence outlined as acid throwing or Vitriolage. In India, there are component varied incident were reported, as most precarious victimization of individuals by deforming their body. The condition of victims of acid attacks is unit in serious frustrating their entire life. Acid victimization has deliberated globally and even several countries area unit sensiti...
Itzwerth, Ralf L; Macintyre, C Raina; Shah, Smita; Plant, Aileen J
Hospitals will be particularly challenged when pandemic influenza spreads. Within the health sector in general, existing pandemic plans focus on health interventions to control outbreaks. The critical relationship between the health sector and other sectors is not well understood and addressed. Hospitals depend on critical infrastructure external to the organisation itself. Existing plans do not adequately consider the complexity and interdependency of systems upon which hospitals rely. The failure of one such system can trigger a failure of another, causing cascading breakdowns. Health is only one of the many systems that struggle at maximum capacity during "normal" times, as current business models operate with no or minimal "excess" staff and have become irreducible operations. This makes interconnected systems highly vulnerable to acute disruptions, such as a pandemic. Companies use continuity plans and highly regulated business continuity management to overcome process interruptions. This methodology can be applied to hospitals to minimise the impact of a pandemic.
Kandylakis, Z.; Karantzalos, K.; Doulamis, A.; Karagiannidis, L.
Monitoring critical infrastructures, especially those that are covering wide-zones, is of fundamental importance and priority for modern surveillance systems. The concurrent exploitation of multisensor systems, can offer additional capabilities, on day and night acquisitions and different environmental/illumination conditions. Towards this direction, we have designed a multi-sensor system based on thermal, shortwave infrared and hyperspectral video sensors. Based on advanced registration, dynamic background modelling and data association techniques, possible moving targets are detected on the thermal and shortwave infrared modalities. In order to avoid the computational intensive co-registration with the hyperspectral video streams, the detected targets are projected through a local coordinate system on the hypercube image plane. The final detected and verified targets are extracted through fusion and data association, based on temporal spectral signatures and target/background statistics. The developed multisensor system for the surveillance of critical infrastructure has been validated for monitoring wide-zones against different conditions showcasing abilities for detecting and tracking moving targets through fog and smoke.
Full Text Available Monitoring critical infrastructures, especially those that are covering wide-zones, is of fundamental importance and priority for modern surveillance systems. The concurrent exploitation of multisensor systems, can offer additional capabilities, on day and night acquisitions and different environmental/illumination conditions. Towards this direction, we have designed a multi-sensor system based on thermal, shortwave infrared and hyperspectral video sensors. Based on advanced registration, dynamic background modelling and data association techniques, possible moving targets are detected on the thermal and shortwave infrared modalities. In order to avoid the computational intensive co-registration with the hyperspectral video streams, the detected targets are projected through a local coordinate system on the hypercube image plane. The final detected and verified targets are extracted through fusion and data association, based on temporal spectral signatures and target/background statistics. The developed multisensor system for the surveillance of critical infrastructure has been validated for monitoring wide-zones against different conditions showcasing abilities for detecting and tracking moving targets through fog and smoke.
Based on the background of the review of a large scale probabilistic seismic hazard analysis (PSHA) performed in Switzerland for the sites of Swiss nuclear power plants- the PEGASOS project (2000-2004) - challenges to seismic hazard analysis of critical infrastructures from the perspective of a professional safety analyst are discussed. The PEGASOS study was performed to provide a meaningful input for the update of the plant specific PRAs (Probabilistic Risk Assessment) of Swiss nuclear power plants. Earlier experience had shown that the results of these studies to a large extend are driven by the results of the seismic hazard analysis. The PEGASOS-study was performed in full compliance with the procedures developed by the Senior Seismic Hazard Analysis Committee (SSHAC) of U.S.A (SSHAC, 1997) developed for the treatment of uncertainties by the use of a structured expert elicitation process. The preliminary results derived from the project did show an unexpected amount of uncertainty and were regarded as not suitable for direct application. A detailed review of the SSHAC-methodology revealed a number of critical issues with respect to the treatment of uncertainties and the mathematical models applied, which will be presented in the paper. The most important issued to be discussed are: * The ambiguous solution of PSHA-logic trees * The inadequate mathematical treatment of the results of expert elicitations based on the assumption of bias free expert estimates * The problems associated with the "think model" of the separation of epistemic and aleatory uncertainties * The consequences of the ergodic assumption used to justify the transfer of attenuation equations of other regions to the region of interest. Based on these observations methodological questions with respect to the development of a risk-consistent design basis for new nuclear power plants as required by the U.S. NRC RG 1.165 will be evaluated. As an principal alternative for the development of a
Buehring, W. A.; Samsa, M. E.; Decision and Information Sciences
The examination of which protective measures are the most appropriate to be implemented in order to prevent, protect against, respond to, and recover from attacks on critical infrastructures and key resources typically involves a comparison of the consequences that could occur when the protective measure is implemented to those that could occur when it is not. This report describes a framework for evaluation that provides some additional capabilities for comparing optional protective measures. It illustrates some potentially important time-dependent factors, such as the implementation rate, that affect the relative pros and cons associated with widespread implementation of protective measures. It presents example results from the use of protective measures, such as detectors and pretrained responders, for an illustrative biological incident. Results show that the choice of an alternative measure can depend on whether or not policy and financial support can be maintained for extended periods of time. Choice of a time horizon greatly influences the comparison of alternatives.
Wegener, Steve; Brass, James; Schoenung, Susan
The surveillance of critical facilities and national infrastructure such as waterways, roadways, pipelines and utilities requires advanced technological tools to provide timely, up to date information on structure status and integrity. Unmanned Aerial Vehicles (UAVs) are uniquely suited for these tasks, having large payload and long duration capabilities. UAVs also have the capability to fly dangerous and dull missions, orbiting for 24 hours over a particular area or facility providing around the clock surveillance with no personnel onboard. New UAV platforms and systems are becoming available for commercial use. High altitude platforms are being tested for use in communications, remote sensing, agriculture, forestry and disaster management. New payloads are being built and demonstrated onboard the UAVs in support of these applications. Smaller, lighter, lower power consumption imaging systems are currently being tested over coffee fields to determine yield and over fires to detect fire fronts and hotspots. Communication systems that relay video, meteorological and chemical data via satellite to users on the ground in real-time have also been demonstrated. Interest in this technology for infrastructure characterization and mapping has increased dramatically in the past year. Many of the UAV technological developments required for resource and disaster monitoring are being used for the infrastructure and facility mapping activity. This paper documents the unique contributions from NASA;s Environmental Research Aircraft and Sensor Technology (ERAST) program to these applications. ERAST is a UAV technology development effort by a consortium of private aeronautical companies and NASA. Details of demonstrations of UAV capabilities currently underway are also presented.
Winterstein, Almut G; Hartzema, Abraham G; Johns, Thomas E; De Leon, Jessica M; McDonald, Kathie; Henshaw, Zak; Pannell, Robert
The medication safety infrastructure of critical-access hospitals (CAHs) in Florida was evaluated. Qualitative assessments, including a self-administered survey and site visits, were conducted in seven of nine CAHs between January and June 2003. The survey consisted of the Institute for Safe Medication Practices Medication Safety Self-assessment, the 2003 Joint Commission on Accreditation of Healthcare Organizations patient safety goals, health information technology (HIT) questions, and medication-use-process flow charts. On-site visits included interviews of CAH personnel who had safety responsibility and inspections of pharmacy facilities. The findings were compiled into a matrix reflecting structural and procedural components of the CAH medication safety infrastructure. The nine characteristics that emerged as targets for quality improvement (QI) were medication accessibility and storage, sterile product compounding, access to drug information, access to and utilization of patient information in medication order review, advanced safety technology, drug formularies and standardized medication protocols, safety culture, and medication reconciliation. Based on weighted importance and feasibility, QI efforts in CAHs should focus on enhancing medication order review systems, standardizing procedures for handling high-risk medications, promoting an appropriate safety culture, involvement in seamless care, and investment in HIT.
Glass, Robert John, Jr.; Stamber, Kevin Louis; Beyeler, Walter Eugene
Critical Infrastructures are formed by a large number of components that interact within complex networks. As a rule, infrastructures contain strong feedbacks either explicitly through the action of hardware/software control, or implicitly through the action/reaction of people. Individual infrastructures influence others and grow, adapt, and thus evolve in response to their multifaceted physical, economic, cultural, and political environments. Simply put, critical infrastructures are complex adaptive systems. In the Advanced Modeling and Techniques Investigations (AMTI) subgroup of the National Infrastructure Simulation and Analysis Center (NISAC), we are studying infrastructures as complex adaptive systems. In one of AMTI's efforts, we are focusing on cascading failure as can occur with devastating results within and between infrastructures. Over the past year we have synthesized and extended the large variety of abstract cascade models developed in the field of complexity science and have started to apply them to specific infrastructures that might experience cascading failure. In this report we introduce our comprehensive model, Polynet, which simulates cascading failure over a wide range of network topologies, interaction rules, and adaptive responses as well as multiple interacting and growing networks. We first demonstrate Polynet for the classical Bac, Tang, and Wiesenfeld or BTW sand-pile in several network topologies. We then apply Polynet to two very different critical infrastructures: the high voltage electric power transmission system which relays electricity from generators to groups of distribution-level consumers, and Fedwire which is a Federal Reserve service for sending large-value payments between banks and other large financial institutions. For these two applications, we tailor interaction rules to represent appropriate unit behavior and consider the influence of random transactions within two stylized networks: a regular homogeneous array
Full Text Available In this work, a secure wireless sensor network (WSN for the surveillance, monitoring and protection of critical infrastructures was developed. To guarantee the security of the system, the main focus was the implementation of a unique security concept, which includes both security on the communication level, as well as mechanisms that ensure the functional safety during its operation. While there are many theoretical approaches in various subdomains of WSNs—like network structures, communication protocols and security concepts—the construction, implementation and real-life application of these devices is still rare. This work deals with these aforementioned aspects, including all phases from concept-generation to operation of a secure wireless sensor network. While the key focus of this paper lies on the security and safety features of the WSN, the detection, localization and classification capabilities resulting from the interaction of the nodes’ different sensor types are also described.
Between the end of March to June 2011, there has been no detector downtime during proton fills due to CMS Infrastructures failures. This exceptional performance is a clear sign of the high quality work done by the CMS Infrastructures unit and its supporting teams. Powering infrastructure At the end of March, the EN/EL group observed a problem with the CMS 48 V system. The problem was a lack of isolation between the negative (return) terminal and earth. Although at that moment we were not seeing any loss of functionality, in the long term it would have led to severe disruption to the CMS power system. The 48 V system is critical to the operation of CMS: in addition to feeding the anti-panic lights, essential for the safety of the underground areas, it powers all the PLCs (Twidos) that control AC power to the racks and front-end electronics of CMS. A failure of the 48 V system would bring down the whole detector and lead to evacuation of the cavern. EN/EL technicians have made an accurate search of the fault, ...
Singh, Jeffrey M; Ferguson, Niall D
The goals of this review article are to review the importance and value of standardized definitions in clinical research, as well as to propose the necessary tools and infrastructure needed to advance nosology and medial taxonomy to improve the quality of clinical trials in the field of critical care. We searched MEDLINE for relevant articles, reviewed those selected and their reference lists, and consulted personal files for relevant information. When the pathobiology of diseases is well understood, standard disease definitions can be extremely specific and precise; however, when the pathobiology of the disease is less well understood or more complex, biological markers may not be diagnostically useful or even available. In these cases, syndromic definitions effectively classify and group illnesses with similar symptoms and clinical signs. There is no clear gold standard for the diagnosis of many clinical entities in the intensive care unit, including notably both acute respiratory distress syndrome and sepsis. There are several types of consensus methods that can be used to explicate the judgmental approach that is often needed in these cases, including interactive or consensus groups, the nominal group technique, and the Delphi technique. Ideally, the definition development process will create clear and unambiguous language in which each definition accurately reflects the current understanding of the disease state. The development, implementation, evaluation, revision, and reevaluation of standardized definitions are keys for advancing the quality of clinical trials in the critical care arena.
... 6 Domestic Security 1 2010-01-01 2010-01-01 false Safeguarding of Protected Critical Infrastructure Information. 29.7 Section 29.7 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROTECTED CRITICAL INFRASTRUCTURE INFORMATION § 29.7 Safeguarding of Protected Critical...
Boyd, Gale A.; Flaim, Silvio J.; Folga, Stephen M.; Gotham, Douglas J.; McLamore, Michael R.; Novak, Mary H.; Roop, Joe M.; Rossmann, Charles G.; Shamsuddin, Shabbir A.; Zeichner, Lee M.; Stamber, Kevin L.
Economists, systems analysts, engineers, regulatory specialists, and other experts were assembled from academia, the national laboratories, and the energy industry to discuss present restoration practices (many have already been defined to the level of operational protocols) in the sectors of the energy infrastructure as well as other infrastructures, to identify whether economics, a discipline concerned with the allocation of scarce resources, is explicitly or implicitly a part of restoration strategies, and if there are novel economic techniques and solution methods that could be used help encourage the restoration of energy services more quickly than present practices or to restore service more efficiently from an economic perspective. AcknowledgementsDevelopment of this work into a coherent product with a useful message has occurred thanks to the thoughtful support of several individuals:Kenneth Friedman, Department of Energy, Office of Energy Assurance, provided the impetus for the work, as well as several suggestions and reminders of direction along the way. Funding from DOE/OEA was critical to the completion of this effort.Arnold Baker, Chief Economist, Sandia National Laboratories, and James Peerenboom, Director, Infrastructure Assurance Center, Argonne National Laboratory, provided valuable contacts that helped to populate the authoring team with the proper mix of economists, engineers, and systems and regulatory specialists to meet the objectives of the work.Several individuals provided valuable review of the document at various stages of completion, and provided suggestions that were valuable to the editing process. This list of reviewers includes Jeffrey Roark, Economist, Tennessee Valley Authority; James R. Dalrymple, Manager of Transmission System Services and Transmission/Power Supply, Tennessee Valley Authority; William Mampre, Vice President, EN Engineering; Kevin Degenstein, EN Engineering; and Patrick Wilgang, Department of Energy, Office of
Rehak, David; Markuci, Jiri; Hromada, Martin; Barcova, Karla
A critical infrastructure is a complicated system whose failure (in whole or in part) has a significant impact on national interests, including security, the economy and basic human needs. The system consists of relevant sectors, elements and their mutual linkages. In order to study critical infrastructures, it is necessary to apply a systems approach based on cross-sectoral evaluation and research into the linkages between the individual critical infrastructure sectors. Specifically, it is n...
Papa, Mauricio; Shenoi, Sujeet
The information infrastructure -- comprising computers, embedded devices, networks and software systems -- is vital to day-to-day operations in every sector: information and telecommunications, banking and finance, energy, chemicals and hazardous materials, agriculture, food, water, public health, emergency services, transportation, postal and shipping, government and defense. Global business and industry, governments, indeed society itself, cannot function effectively if major components of the critical information infrastructure are degraded, disabled or destroyed. Critical Infrastructure Protection II describes original research results and innovative applications in the interdisciplinary field of critical infrastructure protection. Also, it highlights the importance of weaving science, technology and policy in crafting sophisticated, yet practical, solutions that will help secure information, computer and network assets in the various critical infrastructure sectors. Areas of coverage include: - Themes and Issues - Infrastructure Security - Control Systems Security - Security Strategies - Infrastructure Interdependencies - Infrastructure Modeling and Simulation This book is the second volume in the annual series produced by the International Federation for Information Processing (IFIP) Working Group 11.10 on Critical Infrastructure Protection, an international community of scientists, engineers, practitioners and policy makers dedicated to advancing research, development and implementation efforts focused on infrastructure protection. The book contains a selection of twenty edited papers from the Second Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection held at George Mason University, Arlington, Virginia, USA in the spring of 2008.
Räikkönen, M.; Mäki, K.; Murtonen, M.; Forssén, K.; Tagg, A.; Petiet, P.J.; Nieuwenhuijs, A.H.; McCord, M.
Urban infrastructures are essential to the health, safety, security and economic well-being of citizens and organisations. Therefore, the managers of critical infrastructures (CI) and infrastructure systems in urban areas need to be constantly aware of and prepared for to any man-made and natural
Includes an image of the main page on this date and compressed file containing additional web pages. The Center for Infrastructure Defense (CID) focuses on the continued operation of critical military and civilian infrastructure in the presence of accident, failure, and attack. Operations Research (OR) Department in the Graduate School of Operational and Information Sciences at the Naval Postgraduate School.
Phillips, Julia A. [Argonne National Lab. (ANL), Argonne, IL (United States); Wallace, Kelly E. [Argonne National Lab. (ANL), Argonne, IL (United States); Kudo, Terence Y. [Argonne National Lab. (ANL), Argonne, IL (United States); Eto, Joseph H. [Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States)
The following analysis, conducted by Argonne National Laboratory’s (Argonne’s) Risk and Infrastructure Science Center (RISC), details an analysis of electric power backup of national critical infrastructure as captured through the Department of Homeland Security’s (DHS’s) Enhanced Critical Infrastructure Program (ECIP) Initiative. Between January 1, 2011, and September 2014, 3,174 ECIP facility surveys have been conducted. This study focused first on backup capabilities by infrastructure type and then expanded to infrastructure type by census region.
Full Text Available Critical infrastructure systems (CISs, such as power grids, transportation systems, communication networks and water systems are the backbone of a country’s national security and industrial prosperity. These CISs execute large numbers of workflows with very high resource requirements that can span through different systems and last for a long time. The proper functioning and synchronization of these workflows is essential since humanity’s well-being is connected to it. Because of this, the challenge of ensuring availability and reliability of these services in the face of a broad range of operating conditions is very complicated. This paper proposes an architecture which dynamically executes a scheduling algorithm using feedback about the current status of CIS nodes. Different artificial neural networks (ANNs were created in order to solve the scheduling problem. Their performances were compared and as the main result of this paper, an optimal ANN architecture for workflow scheduling in CISs is proposed. A case study is shown for a meter data management system with measurements from a power distribution management system in Serbia. Performance tests show that significant improvement of the overall execution time can be achieved by ANNs.
Virtual Observatories can provide access to vast stores of scientific data: observations and models as well as services to analyze, visualize and assimilate multiple data sources. As these electronic resource become widely used, there is potential to improve the efficiency, interoperability, collaborative potential, and impact of a wide range of interdisciplinary scientific research. In addition, we know that as the diversity of collaborative science and volume of accompanying data and data generators/consumers grows so do the challenges. In order for Virtual Observatories to realize their potential and become indispensible infrastructure, social, political and technical challenges need to be addressed concerning (at least) roles and responsibilities, data and services policies, representations and interoperability of services, data search, access, and usability. In this presentation, we discuss several concepts and instances of the Virtual Observatory and related projects that may, and may not, be meeting the abovementioned challanges. We also argue that science driven needs and architecture development are critical in the development of sustainable (and thus agile) cyberinfrastructure. Finally we some present or emerging candidate technologies and organizational constructs that will need to be pursued.
Galis, Vasilis; Tympas, Aristotle; Tzokas, Spyros
and Asia came to challenge the rhetoric of globalization. (2) Plans to introduce and operate urban transport infrastructures that produced new versions of disability and/or reconfigured versions of existing disability. We aim to show the gradual defeat and dis/abling of the ‘undesired urban subject...... of surveillance and policing infrastructures of so-called ‘internal border control’, that is control in urban settings (e.g. the Athens and the Stockholm metro). As our argument goes, transportation infrastructures (and the other technological infrastructures connected to them) have tended to constitute...
The CMS Infrastructures teams are constantly ensuring the smooth operation of the different services during this critical period when the detector is taking data at full speed. A single failure would spoil hours of high luminosity beam and everything is put in place to avoid such an eventuality. In the meantime however, the fast approaching LS1 requires that we take a look at the various activities to take place from the end of the year onwards. The list of infrastructures consolidation and upgrade tasks is already long and will touch all the services (cooling, gas, inertion, powering, etc.). The definitive list will be available just before the LS1 start. One activity performed by the CMS cooling team that is worth mentioning is the maintenance of the cooling circuits at the CMS Electronics Integration Centre (EIC) at building 904. The old chiller has been replaced by a three-units cooling plant that also serves the HVAC system for the new CSC and RPC factories. The commissioning of this new plant has tak...
Houston, Clemith J., Jr.
This study investigated the relationship between organizational processes that have been identified as promoting resiliency and their impact on service reliability within the scope of critical infrastructure providers. The importance of critical infrastructure to the nation is evident from the body of research and is supported by instances where…
M. R. Mukhtarov
Full Text Available The way of monitoring deviations in network traffic behavior inside “Cloud Infrastructure” using IPFIX protocol is suggested in the paper. The proposed algorithm is applied for registration of “Distributed Denial of Service” attacks against “Cloud Infrastructure”.
Shea, Dana A
.... Industrial control computer systems involved in this infrastructure are specific points of vulnerability, as cyber-security for these systems has not been previously perceived as a high priority...
Franco, David Oliver [Sandia National Lab. (SNL-CA), Livermore, CA (United States); Yang, Lynn I. [Sandia National Lab. (SNL-CA), Livermore, CA (United States); Hammer, Ann E. [Sandia National Lab. (SNL-CA), Livermore, CA (United States)
To restore regional lifeline services and economic activity as quickly as possible after a chemical, biological or radiological incident, emergency planners and managers will need to prioritize critical infrastructure across many sectors for restoration. In parallel, state and local governments will need to identify and implement measures to promote reoccupation and economy recovery in the region. This document provides guidance on predisaster planning for two of the National Disaster Recovery Framework Recovery Support Functions: Infrastructure Systems and Economic Recovery. It identifies key considerations for infrastructure restoration, outlines a process for prioritizing critical infrastructure for restoration, and identifies critical considerations for promoting regional economic recovery following a widearea disaster. Its goal is to equip members of the emergency preparedness community to systematically prioritize critical infrastructure for restoration, and to develop effective economic recovery plans in preparation for a widearea CBR disaster.
Soldovieri, Francesco; Masini, Nicola; Alvarez de Buergo, Monica; Dumoulin, Jean
This special issue is the fourth of its kind in Journal of Geophysics and Engineering , containing studies and applications of geophysical methodologies and sensing technologies for the knowledge, conservation and security of products of human activity ranging from civil infrastructures to built and cultural heritage. The first discussed the application of novel instrumentation, surface and airborne remote sensing techniques, as well as data processing oriented to both detection and characterization of archaeological buried remains and conservation of cultural heritage (Eppelbaum et al 2010). The second stressed the importance of an integrated and multiscale approach for the study and conservation of architectural, archaeological and artistic heritage, from SAR to GPR to imaging based diagnostic techniques (Masini and Soldovieri 2011). The third enlarged the field of analysis to civil engineering structures and infrastructures, providing an overview of the effectiveness and the limitations of single diagnostic techniques, which can be overcome through the integration of different methods and technologies and/or the use of robust and novel data processing techniques (Masini et al 2012). As a whole, the special issue put in evidence the factors that affect the choice of diagnostic strategy, such as the material, the spatial characteristics of the objects or sites, the value of the objects to be investigated (cultural or not), the aim of the investigation (knowledge, conservation, restoration) and the issues to be addressed (monitoring, decay assessment). In order to complete the overview of the application fields of sensing technologies this issue has been dedicated to monitoring of cultural heritage and critical infrastructures to address safety and security issues. Particular attention has been paid to the data processing methods of different sensing techniques, from infrared thermography through GPR to SAR. Cascini et al (2013) present the effectiveness of a
School of Information Systems and Technology, University of. KwaZulu-Natal. Abstract. This article illustrates ... environment in which both sides use information-technology means, equipment, or systems in a rivalry over the ...... occurred in the cyber attacks on Estonia and Georgia. 61 The penetration of. NASDAQ computer ...
information security and information systems were used to deconstruct the models into their fundamental components and this .... emptive strikes on communications and logistics may be conducted using computer- based information warfare or physical ..... and risk to infrastructure. Preventing an aggressor from acquiring ...
Jonkeren, Olaf; Rietveld, P.
It is essential that transport infrastructures are protected against events which cause their failure. At an optimal level of protection, the sum of protection costs and expected residual damages following from disruptions will be minimized. In most cases however, this optimal level is not achieved
Luiijf, H.A.M.; Burger, H.H.; Klaver, M.H.A.
Some sectors and parts of the Dutch national infrastructure are that essential to the Netherlands that serious disruption or even loss of service could lead to a severe impact to the Dutch society, government and industry as well as to neighbouring countries. Early 2002, the Dutch government started
Ahmad Budi Setiawan
Full Text Available Infrastruktur informasi kritis merupakan salah satu infrastruktur kritis yang menggabungkan antara infrastruktur telekomunikasi serta jaringan internet yang digunakan dalam pelayanan publik. Dengan demikian, infrastruktur informasi kritis harus beroperasi dengan aman dan memenuhi aspek keamanan informasi. Kajian ini adalah studi kasus pada infrastruktur informasi kritis sebagai salah satu infrastruktur kritis Nasional yang digunakan dalam pelayanan publik. Adapun infrastruktur informasi kritis yang dijadikan studi kasus adalah pada bidang energi ketenagalistrikan. Tujuan kajian ini adalah memberikan masukan pada kebijakan pengamanan infrastruktur kritis berdasarkan studi kasus yang dilakukan. Kajian ini dilakukan dengan metode gabungan kuantitatif dan kualitatif yang mengkombinasikan hasil penilaian risiko pada obyek riset dengan pendapat pengambil kebijakan, akademisi, pakar dan praktisi. Hasil kajian ini adalah masukan untuk kebijakan dan kerangka kerja pengamanan infrastruktur kritis khususnya sector TIK. *****Critical information infrastructure is one of the critical infrastructure that combines telecommunications infrastructure and Internet networks used in the public service. Thus, the critical information infrastructure must operate safely and meet the aspects of information security. This study is a case study on critical information infrastructure as one of the critical national infrastructure used in public service. The critical information infrastructure which is used as a case study is in the field of electricity energy. The purpose of this sudy is to provide input on critical infrastructure security policy based on case studies conducted. This study was conducted with the combined quantitative and qualitative method that combines the results of the risk assessment on the research object with the opinion of policy makers, academics, experts and practitioners. These results are input to the policy framework and securing critical
John Hale, Maurico Papa and David Greer 5d. PROJECT NUMBER TLSA 5e. TASK NUMBER 09 5f. WORK UNIT NUMBER 22 7. PERFORMING ORGANIZATION NAME(S...Combining SE and CIP Groups (in preparation) Hawrylak, P., Papa , M., and Hale, J., Compliance Method for a Cyber-Physical System, Institute for...Security Risk Metrics: An Attack Graph-Centric Approach, MS Thesis, The University of Tulsa, July 20, 2012. Hawrylak, P., Hale J. and Papa , M
Kiel, J.; Petiet, P.J.; Nieuwenhuis, A.; Peters, T.; Ruiten, K. van
Resilience of critical transport infrastructure to extreme weather events, such as heavy rainfall, drought or icing, is one of the most demanding challenges for both government and society. Extreme weather is a phenomenon that causes threats to the well-functioning of the infrastructure. The impacts
National Research Council
The United States has jurisdiction over 3.4 million square miles of ocean expanse greater than the land area of all fifty states combined. This vast marine area offers researchers opportunities to investigate the ocean's role in an integrated Earth system, but also presents challenges to society, including damaging tsunamis and hurricanes, industrial accidents, and outbreaks of waterborne diseases. The 2010 Gulf of Mexico Deepwater Horizon oil spill and 2011 Japanese earthquake and tsunami are vivid reminders that a broad range of infrastructure is needed to advance our still-incomplete understanding of the ocean. The National Research Council (NRC)'s Ocean Studies Board was asked by the National Science and Technology Council's Subcommittee on Ocean Science and Technology, comprised of 25 U.S. government agencies, to examine infrastructure needs for ocean research in the year 2030. This request reflects concern, among a myriad of marine issues, over the present state of aging and obsolete infrastructure, insufficient capacity, growing technological gaps, and declining national leadership in marine technological development; issues brought to the nation's attention in 2004 by the U.S. Commission on Ocean Policy. A 15-member committee of experts identified four themes that encompass 32 future ocean research questions enabling stewardship of the environment, protecting life and property, promoting economic vitality, and increasing fundamental scientific understanding. Many of the questions in the report (e.g., sea level rise, sustainable fisheries, the global water cycle) reflect challenging, multidisciplinary science questions that are clearly relevant today, and are likely to take decades of effort to solve. As such, U.S. ocean research will require a growing suite of ocean infrastructure for a range of activities, such as high quality, sustained time series observations or autonomous monitoring at a broad range of spatial and temporal scales
... identifying Critical Assets. The risks posed by cyber threats suggest a different approach than the possibly... given cyber asset is based upon its mission criticality and its innate technological risks. 2. Misuse of... networks, emphasizing the inherent risk exposure created by networking critical cyber control systems...
Wang, J.; Taal, A.; Martin, P.; Hu, Y.; Zhou, H.; Pang, J.; de Laat, C.; Zhao, Z.
Executing time critical applications within cloud environments while satisfying execution deadlines and response time requirements is challenging due to the difficulty of securing guaranteed performance from the underlying virtual infrastructure. Cost-effective solutions for hosting such
Eidsvig, Unni; Uzielli, Marco; Vidar Vangelsten, Bjørn
Critical infrastructures are essential components for the modern society to maintain its function, and malfunctioning of one of the critical infrastructure systems may have far-reaching consequences. Climate changes may lead to increase in frequency and intensity of weather-related hazards, creating challenges for the infrastructures. This paper outlines approaches to assess vulnerability posed by weather-related hazards to infrastructures. The approaches assess factors that affect the probability of a malfunctioning of the infrastructure should a weather-related threat occur, as well factors that affect the societal consequences of the infrastructure malfunctioning. Even if vulnerability factors are normally very infrastructure specific and hazard dependent, generic factors could be defined and analyzed. For the vulnerability and resilience of the infrastructure, such factors include e.g. robustness, buffer capacity, protection, quality, age, adaptability and transparency. For the vulnerability of the society in relation to the infrastructure, such factors include e.g. redundancy, substitutes and cascading effects. A semi-quantitative, indicator-based approach is proposed, providing schemes for ranking of the most important vulnerability indicators relevant for weather-related hazards on a relative scale. The application of the indicators in a semi-quantitative risk assessment is also demonstrated. In addition, a quantitative vulnerability model is proposed in terms of vulnerability (representing degree of loss) as a function of intensity, which is adaptable to different types of degree of loss (e.g. fraction of infrastructure users that lose their service, fraction of repair costs to full reconstruction costs). The vulnerability model can be calibrated with empirical data using deterministic calibration or a variety of probabilistic calibration approaches to account for the uncertainties within the model. The research leading to these results has received funding
With changing paradigms of disaster preparedness, the safety and security of critical infrastructure in the event of a geo-hazard has become increasingly important. In a developing and densely populated country like India, which is vulnerable to many different geo-hazards, a lack of clear policy directive regarding safety of such infrastructure could be especially damaging both in terms of life and property. The problem is most acute in India's mega cities, where inefficient infrastructure means that facilities like transportation, communication, and electricity generation are obsolete and vulnerable to sudden disruptions. The present study takes the case of the National Capital Territory of Delhi and attempts to examine the critical infrastructures of the city in the event of an earthquake. Delhi lies in a very active seismic zone with various faults in and around the city. The Government of India has classified Delhi in Zone 4 (High Risk Zone) based on past and expected seismic activities in the Indo-Gangetic Plains. With a population of over 20 Million in the Urban Agglomeration of Delhi, any major earthquake in an already overstretched infrastructure could have a devastating impact. This study will test the critical infrastructures of the city in terms of their disaster preparedness and suggest ways and measures to increase the same. Keywords: Geo-hazards, Critical Infrastructure, vulnerable, Earthquakes, Delhi
... Standards provide a cybersecurity framework for the identification and protection of ``Critical Cyber Assets... Reliability Standards. The CIP Reliability Standards provide a cybersecurity framework for the identification... rating of 1000 MVAR or greater'' shall be designated as a Critical Asset. Criterion 1.3 designates as...
Ambrosiano, John J [Los Alamos National Laboratory; Bent, Russell W [Los Alamos National Laboratory; Linger, Steve P [Los Alamos National Laboratory
Protecting the nation's infrastructure from natural disasters, inadvertent failures, or intentional attacks is a major national security concern. Gauging the fragility of infrastructure assets, and understanding how interdependencies across critical infrastructures affect their behavior, is essential to predicting and mitigating cascading failures, as well as to planning for response and recovery. Modeling and simulation (M&S) is an indispensable part of characterizing this complex system of systems and anticipating its response to disruptions. Bringing together the necessary components to perform such analyses produces a wide-ranging and coarse-grained computational workflow that must be integrated with other analysis workflow elements. There are many points in both types of work flows in which geographic information (GI) services are required. The GIS community recognizes the essential contribution of GI in this problem domain as evidenced by past OGC initiatives. Typically such initiatives focus on the broader aspects of GI analysis workflows, leaving concepts crucial to integrating simulations within analysis workflows to that community. Our experience with large-scale modeling of interdependent critical infrastructures, and our recent participation in a DRS initiative concerning interoperability for this M&S domain, has led to high-level ontological concepts that we have begun to assemble into an architecture that spans both computational and 'world' views of the problem, and further recognizes the special requirements of simulations that go beyond common workflow ontologies. In this paper we present these ideas, and offer a high-level ontological framework that includes key geospatial concepts as special cases of a broader view.
Full Text Available In North America today, we are about to embark on a significant effort to repair, or even upgrade, many aspects of our infrastructure. Many of these efforts are linked to economic recovery packages. Others are based on sheer need. The challenge for decision makers and planners involves ensuring that scarce economic resources are put to their best use. Understanding the concept of fragility plays a pivotal part in reaching that understanding.Fragility, like many other systems—particularly Information Technology (IT systems—works on the concept of subjects and objects. Subjects are those entities that seek to exploit the services (or capacity offered by the object. Objects, on the other hand, are those entities that deliver some good or service to the overall system. Of course, something may act as the object in one pairing and the subject in another pairing—they are not exclusive in nature.
Full Text Available Critical infrastructures (CI systems provide essential services “for the maintenance of critical societal functions, including the supply chain, health, safety, security and economic or social well-being of the people” (European Commission, 2008. These systems are exposed to a great number of hazards and threats, which may result in severe consequences for the population, the socio-economic system, and the environment. The issue is particularly relevant at urban level, where the disruption of one CI system can propagate to the other systems and paralyze the entire area. It is therefore necessary, not only to protect CIs through Critical Infrastructure Protection (CIP strategies, but also to enhance the resilience of these areas. This article aims thus at providing some insights related to the evolution of the critical infrastructures disaster mitigation strategies from the sole protection towards resilience: what kind of strategies based on resilience can be developed to address CIs disruption at local or regional level? To what extent do these strategies contribute to increase the resilience level of the entire urban or metropolitan area? The first section focuses on the urban critical infrastructures systems as well as on the way their disruption can impact urban areas. The second section provides with some examples of key measures to operationalize resilience in the field of critical infrastructure disaster mitigation strategies. The last section highlights how the key measures developed to enhance the resilience against CI disruptions can benefit also to broader urban resilience.
The area investigated by this project is cyber attack prediction. With a focus on correlation-based prediction, current attack prediction methodologies overlook the strategic nature of cyber attack-defense scenarios. As a result, current cyber attack prediction methodologies are very limited in predicting strategic behaviors of attackers in enforcing nontrivial cyber attacks such as DDoS attacks, and may result in low accuracy in correlation-based predictions. This project develops a game theoretic framework for cyber attack prediction, where an automatic game-theory-based attack prediction method is proposed. Being able to quantitatively predict the likelihood of (sequences of) attack actions, our attack prediction methodology can predict fine-grained strategic behaviors of attackers and may greatly improve the accuracy of correlation-based prediction. To our best knowledge, this project develops the first comprehensive framework for incentive-based modeling and inference of attack intent, objectives, and strategies; and this project develops the first method that can predict fine-grained strategic behaviors of attackers. The significance of this research and the benefit to the public can be demonstrated to certain extent by (a) the severe threat of cyber attacks to the critical infrastructures of the nation, including many infrastructures overseen by the Department of Energy, (b) the importance of cyber security to critical infrastructure protection, and (c) the importance of cyber attack prediction to achieving cyber security.
Chopra, Shauhrat S.; Khanna, Vikas
Natural disasters in 2011 yielded close to 55 billion in economic damages alone in the United States (US), which highlights the need to reduce impacts of such disasters or other deliberate attacks. The US Department of Homeland Security (DHS) identifies a list of 16 Critical Infrastructure Sectors (CIS) whose incapacity due to disruptions would have a debilitating impact on the nation's economy. The goal of this work is to understand the implications of interdependencies among CIS on the resilience of the US economic system as a whole. We develop a framework that combines the empirical economic input-output (EIO) model with graph theory based techniques for understanding interdependencies, interconnectedness and resilience in the US economic system. By representing the US economy as a network, we are able to analyze its topology by separately looking at its unweighted and weighted forms. Topological analysis of the US EIO network suggests that it exhibits small world properties for the unweighted case, and in the weighted case, the throughput of industry sectors follows a power-law with an exponential cutoff. Implications of these topological properties are discussed in the paper. We also simulate hypothetical disruptions on CIS in order to identify industrial sectors that experience the largest economic impacts, and to quantify systemic vulnerability in economic terms. In addition, insights from community detection and hypothetical disruption scenarios help assess vulnerability of individual industrial communities to disruptions on individual CIS. These methodologies also provide insights regarding the extent of coupling between each CIS in the US EIO network. Based on our analysis, we observe that excessive interconnectedness and interdependencies of CIS results in high systemic vulnerability. This information can guide policymakers to design policies that improve resilience of economic networks, and evaluate policies that might indirectly increase coupling
Eeten, M. van; Nieuwenhuijs, A.H.; Luiijf, H.A.M.; Klaver, M.H.A.; Cruz, E.
The threat of cascading failures across critical infrastructures has been identified as a key challenge for governments. Cascading failure is seen as potentially catastrophic, extremely difficult to predict and increasingly likely to happen. Infrastructures are largely privately operated and private
A. Gaddi and P. Tropea
The CMS Infrastructures teams are preparing for the LS1 activities. A long list of maintenance, consolidation and upgrade projects for CMS Infrastructures is on the table and is being discussed among Technical Coordination and sub-detector representatives. Apart from the activities concerning the cooling infrastructures (see below), two main projects have started: the refurbishment of the SX5 building, from storage area to RP storage and Muon stations laboratory; and the procurement of a new dry-gas (nitrogen and dry air) plant for inner detector flushing. We briefly present here the work done on the first item, leaving the second one for the next CMS Bulletin issue. The SX5 building is entering its third era, from main assembly building for CMS from 2000 to 2007, to storage building from 2008 to 2012, to RP storage and Muon laboratory during LS1 and beyond. A wall of concrete blocks has been erected to limit the RP zone, while the rest of the surface has been split between the ME1/1 and the CSC/DT laborat...
A. Gaddi and P. Tropea
Most of the work relating to Infrastructure has been concentrated in the new CSC and RPC manufactory at building 904, on the Prevessin site. Brand new gas distribution, powering and HVAC infrastructures are being deployed and the production of the first CSC chambers has started. Other activities at the CMS site concern the installation of a new small crane bridge in the Cooling technical room in USC55, in order to facilitate the intervention of the maintenance team in case of major failures of the chilled water pumping units. The laser barrack in USC55 has been also the object of a study, requested by the ECAL community, for the new laser system that shall be delivered in few months. In addition, ordinary maintenance works have been performed during the short machine stops on all the main infrastructures at Point 5 and in preparation to the Year-End Technical Stop (YETS), when most of the systems will be carefully inspected in order to ensure a smooth running through the crucial year 2012. After the incide...
David O. Baloye
Full Text Available The understanding and institutionalisation of the seamless link between urban critical infrastructure and disaster management has greatly helped the developed world to establish effective disaster management processes. However, this link is conspicuously missing in developing countries, where disaster management has been more reactive than proactive. The consequence of this is typified in poor response time and uncoordinated ways in which disasters and emergency situations are handled. As is the case with many Nigerian cities, the challenges of urban development in the city of Abeokuta have limited the effectiveness of disaster and emergency first responders and managers. Using geospatial techniques, the study attempted to design and deploy a spatial database running a web-based information system to track the characteristics and distribution of critical infrastructure for effective use during disaster and emergencies, with the purpose of proactively improving disaster and emergency management processes in Abeokuta.Keywords: Disaster Management; Emergency; Critical Infrastructure; Geospatial Database; Developing Countries; Nigeria
Dawson, Lon Andrew; Stinebaugh, Jennifer A.
The Department of Homeland Security (DHS), National Cyber Security Division (NSCD), Control Systems Security Program (CSSP), contracted Sandia National Laboratories to develop a generic methodology for prioritizing cyber-vulnerable, critical infrastructure assets and the development of mitigation strategies for their loss or compromise. The initial project has been divided into three discrete deliverables: (1) A generic methodology report suitable to all Critical Infrastructure and Key Resource (CIKR) Sectors (this report); (2) a sector-specific report for Electrical Power Distribution; and (3) a sector-specific report for the water sector, including generation, water treatment, and wastewater systems. Specific reports for the water and electric sectors are available from Sandia National Laboratories.
Phillips, Laurence R.; Kelic, Andjelka; Warren, Drake E.
The goal of the work discussed in this document is to understand the risk to the nation of cyber attacks on critical infrastructures. The large body of research results on cyber attacks against physical infrastructure vulnerabilities has not resulted in clear understanding of the cascading effects a cyber-caused disruption can have on critical national infrastructures and the ability of these affected infrastructures to deliver services. This document discusses current research and methodologies aimed at assessing the translation of a cyber-based effect into a physical disruption of infrastructure and thence into quantification of the economic consequences of the resultant disruption and damage. The document discusses the deficiencies of the existing methods in correlating cyber attacks with physical consequences. The document then outlines a research plan to correct those deficiencies. When completed, the research plan will result in a fully supported methodology to quantify the economic consequences of events that begin with cyber effects, cascade into other physical infrastructure impacts, and result in degradation of the critical infrastructure's ability to deliver services and products. This methodology enables quantification of the risks to national critical infrastructure of cyber threats. The work addresses the electric power sector as an example of how the methodology can be applied.
McMichael, L D; Noble, C R; Margraf, J D; Glascoe, L G
Structural failures, such as the MacArthur Maze I-880 overpass in Oakland, California and the I-35 bridge in Minneapolis, Minnesota, are recent examples of our national infrastructure's fragility and serve as an important reminder of such infrastructure in our everyday lives. These two failures, as well as the World Trade Center's collapse and the levee failures in New Orleans, highlight the national importance of protecting our infrastructure as much as possible against acts of terrorism and natural hazards. This paper describes a process for evaluating the vulnerability of critical infrastructure to large blast loads using a fully-coupled finite element approach. A description of the finite element software and modeling technique is discussed along with the experimental validation of the numerical tools. We discuss how such an approach can be used for specific problems such as modeling the progressive collapse of a building.
In addition to the intense campaign of replacement of the leaky bushing on the Endcap circuits, other important activities have also been completed, with the aim of enhancing the overall reliability of the cooling infrastructures at CMS. Remaining with the Endcap circuit, the regulating valve that supplies cold water to the primary side of the circuit heat-exchanger, is not well adapted in flow capability and a new part has been ordered, to be installed during a stop of LHC. The instrumentation monitoring of the refilling rate of the circuits has been enhanced and we can now detect leaks as small as 0.5 cc/sec, on circuits that have nominal flow rates of some 20 litres/sec. Another activity starting now that the technical stop is over is the collection of spare parts that are difficult to find on the market. These will be stored at P5 with the aim of reducing down-time in case of component failure. Concerning the ventilation infrastructures, it has been noticed that in winter time the relative humidity leve...
...) Research and Development (R&D) Plan Outline and Specific Questions Regarding the Content AGENCY: National... contribute highly relevant content for consideration in the development the National Critical Infrastructure Security and Resilience Research and Development (NCISR R&D) Plan. Content can include, but is not limited...
other agricultural chemicals such as paint, coating, and adhesives; cleaning preparations, including soap, cleaning compounds, and toilet ...pandemic responders ə 47 B. Critical infrastructure & other pandemic r 3 Key govt. health decision-makers; mortuary 4 186 300Healthy 2-64 yr old not in
Bologna, S.; Luiijf, H.A.M.; Setola, R.
In the last few years, there has been an increasing worry about Critical Information Infrastructures, their reliability, security and protection. Due to the huge complexity and novelty of the topic and the new challenge that it poses, world-wide large investment in R&D are planned for the future.
... have a debilitating effect on security, national economic security, public health or safety. From water... natural disasters. During Critical Infrastructure Protection Month, we pledge to work together to shelter... of Homeland Security is leading a coordinated national program to reduce risks and improve our...
... From the Federal Register Online via the Government Publishing Office DEPARTMENT OF COMMERCE International Trade Administration Critical Infrastructure Protection and Cyber Security Trade Mission to Saudi..., until the maximum of 20 participants is selected, all interested U.S. IT and cyber-security firms and...
Luiijf, H.A.M.; Stolk, D.J.
In 2007, a TableTop eXercise (TTX) on Critical Infrastructure Protection (CIP) was held in Sofia, Bulgaria. It was organised by the Civil Protection Committee (CPC) of the Euro-Atlantic Partnership Council (EAPC). The aim of the TTX was to identify gaps in existing policies and capabilities for the
Kaschner, Holger; Jordan, Tim
The German government is seeking to enhance the resilience of critical national infrastructures via its new IT Security Law. This paper analyses the content of the law, as well as the limitations and constraints arising from the conflicting interests of affected stakeholders. The paper also offers solutions to help the IT Security Law fulfil its potential despite the constraints.
A. Gaddi and P. Tropea
Most of the CMS infrastructures at P5 will go through a heavy consolidation-work period during LS1. All systems, from the cryogenic plant of the superconducting magnet to the rack powering in the USC55 counting rooms, from the cooling circuits to the gas distribution, will undergo consolidation work. As announced in the last issue of the CMS Bulletin, we present here one of the consolidation projects of LS1: the installation of a new dry-gas plant for inner detectors inertion. So far the oxygen and humidity suppression inside the CMS Tracker and Pixel volumes were assured by flushing dry nitrogen gas evaporated from a large liquid nitrogen tank. For technical reasons, the maximum flow is limited to less than 100 m3/h and the cost of refilling the tank every two weeks with liquid nitrogen is quite substantial. The new dry-gas plant will supply up to 400 m3/h of dry nitrogen (or the same flow of dry air, during shut-downs) with a comparatively minimal operation cost. It has been evaluated that the...
During the last six months, the main activity on the cooling circuit has essentially been preventive maintenance. At each short machine technical stop, a water sample is extracted out of every cooling circuit to measure the induced radioactivity. Soon after, a visual check of the whole detector cooling network is done, looking for water leaks in sensitive locations. Depending on sub-system availability, the main water filters are replaced; the old ones are inspected and sent to the CERN metallurgical lab in case of suspicious sediments. For the coming winter technical stop, a number of corrective maintenance activities and infrastructure consolidation work-packages are foreseen. A few faulty valves, found on the muon system cooling circuit, will be replaced; the cooling gauges for TOTEM and CASTOR, in the CMS Forward region, will be either changed or shielded against the magnetic stray field. The demineralizer cartridges will be replaced as well. New instrumentation will also be installed in the SCX5 PC farm ...
The long winter shut-down allows for modifications that will improve the reliability of the detector infrastructures at P5. The annual maintenance of detector services is taking place as well. This means a full stop of water-cooling circuits from November 24th with a gradual restart from mid January 09. The annual maintenance service includes the cleaning of the two SF5 cooling towers, service of the chiller plants on the surface, and the cryogenic plant serving the CMS Magnet. In addition, the overall site power is reduced from 8MW to 2MW, compatible with the switchover to the Swiss power network in winter. Full power will be available again from end of January. Among the modification works planned, the Low Voltage cabinets are being refurbished; doubling the cable sections and replacing the 40A circuit breakers with 60A types. This will reduce the overheating that has been experienced. Moreover, two new LV transformers will be bought and pre-cabled in order to assure a quick swap in case of failure of any...
During the last winter technical stop, a number of corrective maintenance activities and infrastructure consolidation work-packages were completed. On the surface, the site cooling facility has passed the annual maintenance process that includes the cleaning of the two evaporative cooling towers, the maintenance of the chiller units and the safety checks on the software controls. In parallel, CMS teams, reinforced by PH-DT group personnel, have worked to shield the cooling gauges for TOTEM and CASTOR against the magnetic stray field in the CMS Forward region, to add labels to almost all the valves underground and to clean all the filters in UXC55, USC55 and SCX5. Following the insertion of TOTEM T1 detector, the cooling circuit has been branched off and commissioned. The demineraliser cartridges have been replaced as well, as they were shown to be almost saturated. New instrumentation has been installed in the SCX5 PC farm cooling and ventilation network, in order to monitor the performance of the HVAC system...
The various water-cooling circuits ran smoothly over the summer. The overall performance of the cooling system is satisfactory, even if some improvements are possible, concerning the endcap water-cooling and the C6F14 circuits. In particular for the endcap cooling circuit, we aim to lower the water temperature, to provide more margin for RPC detectors. An expert-on-call piquet has been established during the summer global run, assuring the continuous supervision of the installations. An effort has been made to collect and harmonize the existing documentation on the cooling infrastructures at P5. The last six months have seen minor modifications to the electrical power network at P5. Among these, the racks in USC55 for the Tracker and Sniffer systems, which are backed up by the diesel generator in case of power outage, have been equipped with new control boxes to allow a remote restart. Other interventions have concerned the supply of assured power to those installations that are essential for CMS to run eff...
With all the technical services running, the attention has moved toward the next shutdown that will be spent to perform those modifications needed to enhance the reliability of CMS Infrastructures. Just to give an example for the cooling circuit, a set of re-circulating bypasses will be installed into the TS/CV area to limit the pressure surge when a circuit is partially shut-off. This problem has affected especially the Endcap Muon cooling circuit in the past. Also the ventilation of the UXC55 has to be revisited, allowing the automatic switching to full extraction in case of magnet quench. (Normally 90% of the cavern air is re-circulated by the ventilation system.) Minor modifications will concern the gas distribution, while the DSS action-matrix has to be refined according to the experience gained with operating the detector for a while. On the powering side, some LV power lines have been doubled and the final schematics of the UPS coverage for the counting rooms have been released. The most relevant inte...
Dr. Saman Zonouz, assistant professor at Rutgers University, NJ and the director of the 4N6 Cyber Security and Forensics Laboratory is visiting CERN for a collaboration meeting. His previous works and research interests include PLC program analysis, security of embedded systems, and malware analysis and reverse engineering. Before the collaboration meeting, Dr. Zonouz is giving a 30-minutes-long talk, titled 'Trustworthy Critical Infrastructures via Physics-Aware Just-Ahead-Of-Time Verification', followed by Q&A and discussions. You can find the abstract of the talk below. The presentation is open to anyone interested, but please register on Indico to know the size of the room needed. (Please note the new room: 31/3-004, IT Auditorium.) Abstract Critical cyber-physical infrastructures, such as the power grid, integrate networks of computational and physical processes to provide the people across the globe with essential functionalities and services. Protecting these critical infrastructu...
Anastasiadis, Anastasios; Argyroudis, Sotiris; BABIČ Anže; Basco, Anna; CASOTTO Chiara; Crowley, Helen; Dolšek, Matjaž; FOTOPOULOU Stavroula; GALBUSERA LUCA; Giannopoulos, Georgios; Giardini, Domenico; KAKDERI Kalliopi; KARAFAGKA Stella; Matos, José Pedro; PITILAKIS Kyriazis
Loss assessment of critical infrastructures (CIs) subject to natural hazards is fundamental to stress tests. The systemic approach that lifelines require for performance modelling is an open research topic, given their logical and physical complexity. The Work Package 4 (WP4) of STREST focused on the guidelines for the vulnerability assessment of critical infrastructures categorized as: A Individual, single-site infrastructures with high risk and potential for high local impact and regiona...
Luiijf, H.A.M.; Schie, T.C.C. van; Ruijven, T.W.J. van
The 2016 GPG [GM2016] outlined that Critical Information Infrastructure Protection (CIIP) is a complex but important topic1 for nations. By nature, CIIP is a national security topic in the sense that failure, disruption or destruction of critical information infrastructures (CII) may cause serious
In the critical infrastructure world, many critical infrastructure sectors use a Supervisory Control and Data Acquisition (SCADA) system. The sectors that use SCADA systems are the electric power, nuclear power and water. These systems are used to control, monitor and extract data from the systems that give us all the ability to light our homes…
Elachola, Habidah; Al-Tawfiq, Jaffar A; Turkestani, Abdulhafiz; Memish, Ziad A
Mass gatherings (MG) are characterized by the influx of large numbers of people with the need to have infrastructural changes to support these gatherings. Thus, Public Health Emergency Operations Center (PHEOC) is critical management infrastructure for both the delivery of public health functions and for mounting adequate response during emergencies. The recognition of the importance of PHEOC at the leadership and political level is foundational for the success of any public health intervention during MG. The ability of the PHEOC to effectively function depends on appropriate design and infrastructure, staffing and command structure, and plans and procedures developed prior to the event. Multi-ministerial or jurisdictional coordination will be required and PHEOC should be positioned with such authorities. This paper outlines the essential concepts, elements, design, and operational aspects of PHEOC during MG.
Fisher, Ronald E; Norman, Michael
The US Department of Homeland Security (DHS) is developing indices to better assist in the risk management of critical infrastructures. The first of these indices is the Protective Measures Index - a quantitative index that measures overall protection across component categories: physical security, security management, security force, information sharing, protective measures and dependencies. The Protective Measures Index, which can also be recalculated as the Vulnerability Index, is a way to compare differing protective measures (eg fence versus security training). The second of these indices is the Resilience Index, which assesses a site's resilience and consists of three primary components: robustness, resourcefulness and recovery. The third index is the Criticality Index, which assesses the importance of a facility. The Criticality Index includes economic, human, governance and mass evacuation impacts. The Protective Measures Index, Resilience Index and Criticality Index are being developed as part of the Enhanced Critical Infrastructure Protection initiative that DHS protective security advisers implement across the nation at critical facilities. This paper describes two core themes: determination of the vulnerability, resilience and criticality of a facility and comparison of the indices at different facilities.
Sylvester, L.; Allen, M. R.; Wilbanks, T. J.
Built infrastructure consists of a series of interconnected networks with many coupled interdependencies. Traditionally, risk and vulnerability assessments are conducted one infrastructure at a time, considering only direct impacts on built and planned assets. However, extreme events caused by climate change affect local communities in different respects and stress vital interconnected infrastructures in complex ways that cannot be captured with traditional risk assessment methodologies. We employ a combination of high-performance computing, geographical information science, and imaging methods to examine the impacts of climate change on infrastructure for cities in two different climate regions: Chicago, Illinois in the Midwest and Portland, Maine (and Casco Bay area) in the Northeast. In Illinois, we evaluate effects of changes in regional temperature and precipitation, informed by an extreme climate change projection, population growth and migration, water supply, and technological development, on electricity generation and consumption. In Maine, we determine the aggregate effects of sea level rise, changing precipitation patterns, and population shifts on the depth of the freshwater-saltwater interface in coastal aquifers and the implications of these changes for water supply in general. The purpose of these efforts is to develop a multi-model framework for investigating potential climate change impacts on interdependent critical infrastructure assessing both vulnerabilities and alternative adaptive measures.
Guidotti, Roberto; Chmielewski, Hana; Unnikrishnan, Vipin; Gardoni, Paolo; McAllister, Therese; van de Lindt, John
Water and wastewater network, electric power network, transportation network, communication network, and information technology network are among the critical infrastructure in our communities; their disruption during and after hazard events greatly affects communities' well-being, economic security, social welfare, and public health. In addition, a disruption in one network may cause disruption to other networks and lead to their reduced functionality. This paper presents a unified theoretical methodology for the modeling of dependent/interdependent infrastructure networks and incorporates it in a six-step probabilistic procedure to assess their resilience. Both the methodology and the procedure are general, can be applied to any infrastructure network and hazard, and can model different types of dependencies between networks. As an illustration, the paper models the direct effects of seismic events on the functionality of a potable water distribution network and the cascading effects of the damage of the electric power network (EPN) on the potable water distribution network (WN). The results quantify the loss of functionality and delay in the recovery process due to dependency of the WN on the EPN. The results show the importance of capturing the dependency between networks in modeling the resilience of critical infrastructure.
Cai, Baoping; Xie, Min; Liu, Yonghong; Liu, Yiliu; Ji, Renjie; Feng, Qiang
The word resilience originally originates from the Latin word "resiliere", which means to "bounce back". The concept has been used in various fields, such as ecology, economics, psychology, and society, with different definitions. In the field of critical infrastructure, although some resilience metrics are proposed, they are totally different from each other, which are determined by the performances of the objects of evaluation. Here we bridge the gap by developing a universal critical infrastructure resilience metric from the perspective of reliability engineering. A dynamic Bayesian networks-based assessment approach is proposed to calculate the resilience value. A series, parallel and voting system is used to demonstrate the application of the developed resilience metric and assessment approach.
Rosato, Vittorio; Kyriakides, Elias; Rome, Erich
This book is open access under a CC BY 4.0 license. This book summarizes work being pursued in the context of the CIPRNet (Critical Infrastructure Preparedness and Resilience Research Network) research project, co-funded by the European Union under the Seventh Framework Programme (FP7). The project is intended to provide concrete and on-going support to the Critical Infrastructure Protection (CIP) research communities, enhancing their preparedness for CI-related emergencies, while also providing expertise and technologies for other stakeholders to promote their understanding and mitigation of the consequences of CI disruptions, leading to enhanced resilience. The book collects the tutorial material developed by the authors for several courses on the modelling, simulation and analysis of CIs, representing extensive and integrated CIP expertise. It will help CI stakeholders, CI operators and civil protection authorities understand the complex system of CIs, and help them adapt to these changes and threats in or...
Beauregard, Stéphane; Therrien, Marie-Christine; Normandin, Julie-Maude
Organizational Strategies for Critical Transportation Infrastructure: Characteristics of Urban Resilience. The Case of Montreal. Stéphane Beauregard M.Sc. Candidate École nationale d'administration publique Julie-Maude Normandin Ph.D. Candidate École nationale d'administration publique Marie-Christine Therrien Professor École nationale d'administration publique The proposed paper presents preliminary results on the resilience of organizations managing critical infrastructure in the Metropolitan Montreal area (Canada). A resilient city is characterized by a network of infrastructures and individuals capable of maintaining their activities in spite of a disturbance (Godschalk, 2002). Critical infrastructures provide essential services for the functioning of society. In a crisis situation, the interruption or a decrease in performance of critical infrastructures could have important impacts on the population. They are also vulnerable to accidents and cascading effects because on their complexity and tight interdependence (Perrow, 1984). For these reasons, protection and security of the essential assets and networks are one of the objectives of organizations and governments. But prevention and recovery are two endpoints of a continuum which include also intermediate concerns: ensuring organizational robustness or failing with elegance rather than catastrophically. This continuum also includes organizational resilience (or system), or the ability to recover quickly after an interruption has occurred. Wildavsky (1988) proposes that anticipation strategies work better against known problems while resilience strategies focus on unknown problems. Anticipation policies can unnecessarily immobilize investments against risks, while resilience strategies include the potential for a certain sacrifice in the interests of a more long-term survival and adaptation to changing threats. In addition, a too large confidence in anticipation strategies can bring loss of capacity of an
Danijela D. Protić
Full Text Available The development of technology has changed the world economy and induced new political trends. The European Union (EU and many non-EU member states apply the strategies of information society development that raise the level of information security (IS. The Serbian Government (Government has adopted the Strategy for Information Society in Serbia by 2020 (Strategy, and pointed to the challenges for the development of a modern Serbian information society. This paper presents an overview of the open-ended questions about IS, critical infrastructures and protection of critical infrastructures. Based on publicly available data, some critical national infrastructures are listed. As a possible solution to the problem of IS, the Public Key Infrastructure (PKI-based Information security integrated information system (ISIIS is presented. The ISIIS provides modularity and interoperability of critical infrastructures both in Serbia and neighboring countries.
Ayog Janice Lynn
Full Text Available This study investigates the risk of flood on selected critical infrastructure in a flood-prone catchment in Sabah, Malaysia. Kota Marudu, located in the Bandau floodplain, one of the Sabah’s northern water catchments, was selected as the study site due to its frequent flood occurrence and large floodplain coverage. Two of its largest rivers, namely Sungai Bongon and Sungai Bandau, tends to flood during rainy season and cause temporary displacements of thousands of people living in the floodplain. A total of 362 respondents participated in the questionnaire survey in order to gather information on historical flood occurrence. Three flood depth groups were determined, which are 1 less than 0.3 meter, 2 0.3 – 0.6 meter and 3 more than 0.6 meter, while three categories of critical infrastructure were defined, namely transportation system, communication system and buildings. It is found that the transportation system encounters the most severe impact as flood inundation increases, where 92% of the respondents believe that the transportation access should be abandoned when flood depth is more than 0.6m. The findings of this study will be used for detailed risk assessment, specifically on the vulnerability of the critical infrastructures to flood in this floodplain.
Much of our critical infrastructure is controlled by large software systems whose participants are distributed across the Internet. As our dependence on these critical systems continues to grow, it becomes increasingly important that they meet strict availability and performance requirements, even in the face of malicious attacks, including those…
Roach, Dennis Patrick; Jauregui, David Villegas (New Mexico State University, Las Cruces, NM); Daumueller, Andrew Nicholas (New Mexico State University, Las Cruces, NM)
Recent structural failures such as the I-35W Mississippi River Bridge in Minnesota have underscored the urgent need for improved methods and procedures for evaluating our aging transportation infrastructure. This research seeks to develop a basis for a Structural Health Monitoring (SHM) system to provide quantitative information related to the structural integrity of metallic structures to make appropriate management decisions and ensuring public safety. This research employs advanced structural analysis and nondestructive testing (NDT) methods for an accurate fatigue analysis. Metal railroad bridges in New Mexico will be the focus since many of these structures are over 100 years old and classified as fracture-critical. The term fracture-critical indicates that failure of a single component may result in complete collapse of the structure such as the one experienced by the I-35W Bridge. Failure may originate from sources such as loss of section due to corrosion or cracking caused by fatigue loading. Because standard inspection practice is primarily visual, these types of defects can go undetected due to oversight, lack of access to critical areas, or, in riveted members, hidden defects that are beneath fasteners or connection angles. Another issue is that it is difficult to determine the fatigue damage that a structure has experienced and the rate at which damage is accumulating due to uncertain history and load distribution in supporting members. A SHM system has several advantages that can overcome these limitations. SHM allows critical areas of the structure to be monitored more quantitatively under actual loading. The research needed to apply SHM to metallic structures was performed and a case study was carried out to show the potential of SHM-driven fatigue evaluation to assess the condition of critical transportation infrastructure and to guide inspectors to potential problem areas. This project combines the expertise in transportation infrastructure at New
Lavinghouze, S Rene; Snyder, Kimberly
A program's infrastructure is often cited as critical to public health success. The Component Model of Infrastructure (CMI) identifies evaluation as essential under the core component of engaged data. An evaluation plan is a written document that describes how to monitor and evaluate a program, as well as how to use evaluation results for program improvement and decision making. The evaluation plan clarifies how to describe what the program did, how it worked, and why outcomes matter. We use the Centers for Disease Control and Prevention's (CDC) "Framework for Program Evaluation in Public Health" as a guide for developing an evaluation plan. Just as using a roadmap facilitates progress on a long journey, a well-written evaluation plan can clarify the direction your evaluation takes and facilitate achievement of the evaluation's objectives.
Proto, Monica; Massimo, Bavusi; Francesco, Soldovieri
The research project "Integrated System for Transport Infrastructure surveillance and Monitoring by Electromagnetic Sensing" (ISTIMES), was approved in the 7th Framework Programme, in the Joint Call ICT and Security and started on 1st July 2009. The purpose of ISTIMES project is to design, assess and promote an ICT-based system, exploiting distributed and local sensors, for non-destructive electromagnetic monitoring in order to achieve the critical transport infrastructures more reliable and safe. The transportation sector's components are susceptible to the consequences of natural disasters and can also be attractive as terrorist targets. The sector's size, its physically dispersed and decentralized nature, the many public and private entities involved in its operations, the critical importance of cost considerations, and the inherent requirement of convenient accessibility to its services by all users - make the transportation particularly vulnerable to security and safety threats. As well known, the surface transportation system consists of interconnected infrastructures including highways, transit systems, railroads, airports, waterways, pipelines and ports, and the vehicles, aircraft, and vessels that operate along these networks. Thus, interdependencies exist between transportation and nearly every other sector of the economy and the effective operation of this system is essential to the European economic productivity; therefore, transportation sector protection is of paramount importance since threats to it may impact other industries that rely on it. The system exploits an open network architecture that can accommodate a wide range of sensors, static and mobile, and can be easily scaled up to allow the integration of additional sensors and interfacing with other networks. It relies on heterogeneous state-of-the-art electromagnetic sensors, enabling a self-organizing, self-healing, ad-hoc networking of terrestrial sensors, supported by specific satellite
Nor Faiz Muhammad Noor
Full Text Available Critical National Information Infrastructure (CNII organisations in Malaysia consist of many crucial sectors that not solely effect on national e-sovereignty, but also on economy, social and politic matters. Due to the widely usage on social media especially on Twitter, harmful rumour can easily propagate without any restrictions on any CNII organisations. For instance, the harmful rumour can damage the function of affected CNII such as reputation, perception and even worse can lead to disability to function. Up to this moment, there is no proper control to stop rumour propagation on Twitter for CNII. Therefore, this paper proposes a framework on controlling rumour propagation on Twitter for Malaysian CNII.
Petersen, L. (Liselotte); Fallou, L.; Reilly, P.J.; Serafinelli, E.
Previous research into the role of social media in crisis communication has tended to focus on how sites such as\\ud Twitter are used by emergency managers rather than other key stakeholders, such as critical infrastructure (CI)\\ud operators. This paper adds to this emergent field by empirically investigating public expectations of information\\ud provided by CI operators during crisis situations. It does so by drawing on key themes that emerged from a\\ud review of the literature on public expe...
Wall, Thomas [Argonne National Lab. (ANL), Argonne, IL (United States); Trail, Jessica [Argonne National Lab. (ANL), Argonne, IL (United States); Gevondyan, Erna [Argonne National Lab. (ANL), Argonne, IL (United States); Phillips, Julia [Argonne National Lab. (ANL), Argonne, IL (United States); Ford, Janet [Argonne National Lab. (ANL), Argonne, IL (United States); Marks, James [Argonne National Lab. (ANL), Argonne, IL (United States)
During times of crisis, communities and regions rely heavily on critical infrastructure systems to support their emergency management response and recovery activities. Therefore, the resilience of critical infrastructure systems to crises is a pivotal factor to a community’s overall resilience. Critical infrastructure resilience can be influenced by many factors, including State policies – which are not always uniform in their structure or application across the United States – were identified by the U.S. Department of Homeland Security as an area of particular interest with respect to their the influence on the resilience of critical infrastructure systems. This study focuses on developing an analytical methodology to assess links between policy and resilience, and applies that methodology to critical infrastructure in the Transportation Systems Sector. Specifically, this study seeks to identify potentially influential linkages between State transportation capital funding policies and the resilience of bridges located on roadways that are under the management of public agencies. This study yielded notable methodological outcomes, including the general capability of the analytical methodology to yield – in the case of some States – significant results connecting State policies with critical infrastructure resilience, with the suggestion that further refinement of the methodology may be beneficial.
Sypek, Scott; Clugston, Gregory; Phillips, Christine
To explore the reported impact of regional resettlement of refugees on rural health services, and identify critical health infrastructure for refugee resettlement. Comparative case study, using interviews and situational analysis. Four rural communities in New South Wales, which had been the focus of regional resettlement of refugees since 1999. Refugees, general practitioners, practice managers and volunteer support workers in each town (n = 24). The capacity of health care workers to provide comprehensive care is threatened by low numbers of practitioners, and high levels of turnover of health care staff, which results in attrition of specialised knowledge among health care workers treating refugees. Critical health infrastructure includes general practices with interest and surge capacity, subsidised dental services, mental health support services; clinical support services for rural practitioners; care coordination in the early settlement period; and a supported volunteer network. The need for intensive medical support is greatest in the early resettlement period for 'catch-up' primary health care. The difficulties experienced by rural Australia in securing equitable access to health services are amplified for refugees. While there are economic arguments about resettlement of refugees in regional Australia, the fragility of health services in regional Australia should also be factored into considerations about which towns are best suited to regional resettlement.
Persistent computer security vulnerabilities may expose U.S. critical infrastructure and government computer systems to possible cyber attack by terrorists, possibly affecting the economy or other areas of national security...
Lavin, Roberta; Harrington, Michael B; Agbor-tabi, Elisabeth; Erger, Nurit
What is present in nearly every U.S. community, performs myriad services from the routine to the life saving on a daily basis, responds to every disaster, and functions 24 hours a day every day of the year? The answer, of course, is the nation's $1.8 trillion public health and healthcare system. Protection of this system's vast infrastructure has assumed increasing urgency since September 11, and there are at least two reasons for this. The first is that this sector must respond to every conceivable event involving risks to human life, including those traditionally within the purview of public health, so its ability to respond to these events must be preserved. The second is that elements of the sector itself face increasing threats to facilities, information systems, and workforces. These reasons alone warrant greater emphasis on protective programs than may have seemed necessary in the past, and the public health and healthcare sector should recognize that it must now understand critical infrastructure protection as well as it does healthcare management.
Dejan V. Vuletić
Full Text Available Computer systems are a critical component of the human society in the 21st century. Economic sector, defense, security, energy, telecommunications, industrial production, finance and other vital infrastructure depend on computer systems that operate at local, national or global scales. A particular problem is that, due to the rapid development of ICT and the unstoppable growth of its application in all spheres of the human society, their vulnerability and exposure to very serious potential dangers increase. This paper analyzes some typical attacks on computer systems.
Full Text Available Romanian coastal environment is affected, as clearly appears in the analysis of phenomena regions risk map of Romania, by two distinct categories of natural hazards namely climate risks (mainly storms and the risks arising from changes in sea level. Climate risks act on short and very short term, resulting in acceleration of all coastal and beach processes, causing profound morphological changes on ecosystems and property damage by inducing destruction of facilities, port construction, settlements, etc. Risks caused by changing sea levels have long-term effect, current growth rates causing damage in the coming 25 ... 50 years. Combined, these two categories of natural hazards adversely induce higher proportion of critical infrastructure in the Romanian coastal area.
Mario La Manna
Full Text Available The monitoring and control of urban critical infrastructures consists of the protection of assets such as houses, offices, government and private buildings, with low cost, high quality and high dependability. In order to satisfy all these requirements at the same time, the control of a number of assets has to be performed by means of automated systems based on networks of heterogeneous sensors. This new concept idea is based on the use of unmanned operations at each of the many remote assets (each asset is monitored through a network of sensors and a man-in-the-loop automated control in a central site (Operational Center, which performs alarm detection and system management.
Jaeger, Calvin Dell; Roehrig, Nathaniel S.; Torres, Teresa M.
This document presents the security automated Risk Assessment Methodology (RAM) prototype tool developed by Sandia National Laboratories (SNL). This work leverages SNL's capabilities and skills in security risk analysis and the development of vulnerability assessment/risk assessment methodologies to develop an automated prototype security RAM tool for critical infrastructures (RAM-CITM). The prototype automated RAM tool provides a user-friendly, systematic, and comprehensive risk-based tool to assist CI sector and security professionals in assessing and managing security risk from malevolent threats. The current tool is structured on the basic RAM framework developed by SNL. It is envisioned that this prototype tool will be adapted to meet the requirements of different CI sectors and thereby provide additional capabilities.
Trucco, P.; Petrenj, B.; Kozine, Igor
Improving the resilience capacities required to manage Critical Infrastructure (CI) disruptions includes also enhancement of current Emergency Management practices. Our approach aims to integrate CI-specific issues into the EM setup (prevention, mitigation, response, and recovery). This paper pro...... a systematic implementation of relevant capabilities and making gap analysis with regard to resilience deficits. The planning of training exercises to enhance CI resilience can also benefit from the approach....... proposes a comprehensive framework to identify, build and enhance specific capabilities, both intra- and inter-organisational, needed to manage (prepare, cope and recover from) CI disruptions. This allows emergency services to assess and explicitly address resilience improvement measures while planning...... to cope with CI disruptions. To operationalise this approach we have developed a hierarchical taxonomy that classifies system resilience capabilities at both technological and organisational level in each single organisation (CI operator or responder). Capabilities are defined as a combination of assets...
Full Text Available by putting in place new institutional structures and funding models for effective strategies leading to prompt water infrastructure provision. The research identified several funding models for financing water infrastructure development projects. The existing...
Kastek, Mariusz; Dulski, Rafał; Zyczkowski, Marek; Szustakowski, Mieczysław; Trzaskawka, Piotr; Ciurapinski, Wiesław; Grelowska, Grazyna; Gloza, Ignacy; Milewski, Stanislaw; Listewnik, Karol
There are many separated infrastructural objects within a harbor area that may be considered "critical", such as gas and oil terminals or anchored naval vessels. Those objects require special protection, including security systems capable of monitoring both surface and underwater areas, because an intrusion into the protected area may be attempted using small surface vehicles (boats, kayaks, rafts, floating devices with weapons and explosives) as well as underwater ones (manned or unmanned submarines, scuba divers). The paper will present the concept of multisensor security system for a harbor protection, capable of complex monitoring of selected critical objects within the protected area. The proposed system consists of a command centre and several different sensors deployed in key areas, providing effective protection from land and sea, with special attention focused on the monitoring of underwater zone. The initial project of such systems will be presented, its configuration and initial tests of the selected components. The protection of surface area is based on medium-range radar and LLTV and infrared cameras. Underwater zone will be monitored by a sonar and acoustic and magnetic barriers, connected into an integrated monitoring system. Theoretical analyses concerning the detection of fast, small surface objects (such as RIB boats) by a camera system and real test results in various weather conditions will also be presented.
Full Text Available Resilience of critical infrastructure (CI to extreme weather events, such as heavy rainfall, high temperatures and winter storms, is one of the most demanding challenges for governments and society. Recent experiences have highlighted the economic and societal reliance on a dependable and resilient infrastructure, and the far-reaching impacts that outages or malfunctions can have. Growing scientific evidence indicates that more severe and frequent extreme weather events are likely. The EU-funded INTACT project addresses these CI challenges and attempts to bring together cutting-edge knowledge and experience from across Europe to inform the development of best practice approaches in planning, crisis response and recovery capabilities. The project considers the options for mitigating the extreme weather impacts. A key component of the INTACT project is the development of a risk management structure to support decision-making in the case studies. This structure forms part of the overall INTACT Wiki: the main output of the project. It comprises a risk ‘framework’ that sets out how information and guidance can be accessed by CI owners and operators. Within this there is a step-wise risk assessment process based on best practice from the IEC. The risk framework and process presents: structures for models and data requirements for decision making; identifies tools and methods that support decision making; supports analysis of measures to protect CI through simulation; and indicates gaps in modelling and data availability. This paper outlines the components of the risk framework and process, and illustrates its use in a case study dealing with electricity supply and winter storms.
McKenna, S. M.; Diaz-Alvarez, H.; McComas, S.; Costley, D.; Whitlow, R. D.; Jordan, A. M.; Taylor, O.
In 2006, the Engineer Research and Development Center (ERDC) began a program designed to meet the capability gap associated with remote assessment of critical infrastructure. This program addresses issues arising from the use of geophysical techniques to solve engineering problems through persistent monitoring of critical infrastructure using infrasound. In the original 2006-2009 study of a railroad bridge in Ft. Leonard Wood, MO, the fundamental modes of motion of the structure were detected at up to 30 km away, with atmospheric excitation deemed to be the source driver. Follow-on research focused on the mechanically driven modes excited by traffic, with directional acoustic emanations. The success of the Ft. Wood ambient excitation study resulted in several subsequent programs to push the boundaries of this new technique for standoff assessment, discussed herein. Detection of scour and river system health monitoring are serious problems for monitoring civil infrastructure, from both civilian and military perspectives. Knowledge of overall system behavior over time is crucial for assessment of bridge foundations and barge navigation. This research focuses on the same steel-truss bridge from the Ft. Wood study, and analyzes 3D and 2D substructure models coupled with the superstructure reaction loads to assess the modal deformations within the infrasound bandwidth and the correlation to scour of embedment material. The Urban infrasound program is infrasound modeling, data analysis, and sensor research leading to the detection, classification and localization of threat activities in complex propagation environments. Three seismo-acoustic arrays were deployed on rooftops across the Southern Methodist University campus in Dallas, Texas, to characterize the urban infrasound environment. Structural sources within 15 km of the arrays have been identified through signal processing and confirmed through acoustical models. Infrasound is also being studied as a means of
Rosato, Vittorio; Hounjet, Micheline; Burzel, Andreas; Di Pietro, Antonio; Tofani, Alberto; Pollino, Maurizio; Giovinazzi, Sonia
Natural hazard events can induce severe impacts on the built environment; they can hit wide and densely populated areas, where there is a large number of (inter)dependent technological systems whose damages could cause the failure or malfunctioning of further different services, spreading the impacts on wider geographical areas. The EU project CIPRNet (Critical Infrastructures Preparedness and Resilience Research Network) is realizing an unprecedented Decision Support System (DSS) which enables to operationally perform risk prediction on Critical Infrastructures (CI) by predicting the occurrence of natural events (from long term weather to short nowcast predictions, correlating intrinsic vulnerabilities of CI elements with the different events' manifestation strengths, and analysing the resulting Damage Scenario. The Damage Scenario is then transformed into an Impact Scenario, where punctual CI element damages are transformed into micro (local area) or meso (regional) scale Services Outages. At the smaller scale, the DSS simulates detailed city models (where CI dependencies are explicitly accounted for) that are of important input for crisis management organizations whereas, at the regional scale by using approximate System-of-Systems model describing systemic interactions, the focus is on raising awareness. The DSS has allowed to develop a novel simulation framework for predicting earthquakes shake maps originating from a given seismic event, considering the shock wave propagation in inhomogeneous media and the subsequent produced damages by estimating building vulnerabilities on the basis of a phenomenological model [1, 2]. Moreover, in presence of areas containing river basins, when abundant precipitations are expected, the DSS solves the hydrodynamic 1D/2D models of the river basins for predicting the flux runoff and the corresponding flood dynamics. This calculation allows the estimation of the Damage Scenario and triggers the evaluation of the Impact Scenario
Fisher, R. E.; Buehring, W. A.; Whitfield, R. G.; Bassett, G. W.; Dickinson, D. C.; Haffenden, R. A.; Klett, M. S.; Lawlor, M. A.; Decision and Information Sciences; LANL
The US Department of Homeland Security (DHS) has directed its Protective Security Advisors (PSAs) to form partnerships with the owners and operators of assets most essential to the Nation's well being - a subclass of critical infrastructure and key resources (CIKR) - and to conduct site visits for these and other high-risk assets as part of the Enhanced Critical Infrastructure Protection (ECIP) Program. During each such visit, the PSA documents information about the facility's current CIKR protection posture and overall security awareness. The primary goals for ECIP site visits (DHS 2009) are to: (1) inform facility owners and operators of the importance of their facilities as an identified high-priority CIKR and the need to be vigilant in light of the ever-present threat of terrorism; (2) identify protective measures currently in place at these facilities, provide comparisons of CIKR protection postures across like assets, and track the implementation of new protective measures; and (3) enhance existing relationships among facility owners and operators; DHS; and various Federal, State, local tribal, and territorial partners. PSAs conduct ECIP visits to assess overall site security; educate facility owners and operators about security; help owners and operators identify gaps and potential improvements; and promote communication and information sharing among facility owners and operators, DHS, State governments, and other security partners. Information collected during ECIP visits is used to develop metrics; conduct sector-by-sector and cross-sector vulnerability comparisons; identify security gaps and trends across CIKR sectors and subsectors; establish sector baseline security survey results; and track progress toward improving CIKR security through activities, programs, outreach, and training (Snyder 2009). The data being collected are used in a framework consistent with the National Infrastructure Protection Plan (NIPP) risk criteria (DHS 2009). The
Fisher, R. E.; Bassett, G. W.; Buehring, W. A.; Collins, M. J.; Dickinson, D. C.; Eaton, L. K.; Haffenden, R. A.; Hussar, N. E.; Klett, M. S.; Lawlor, M. A.; Millier, D. J.; Petit, F. D.; Peyton, S. M.; Wallace, K. E.; Whitfield, R. G.; Peerenboom, J P
Following recommendations made in Homeland Security Presidential Directive 7, which established a national policy for the identification and increased protection of critical infrastructure and key resources (CIKR) by Federal departments and agencies, the U.S. Department of Homeland Security (DHS) in 2006 developed the Enhanced Critical Infrastructure Protection (ECIP) program. The ECIP program aimed to provide a closer partnership with state, regional, territorial, local, and tribal authorities in fulfilling the national objective to improve CIKR protection. The program was specifically designed to identify protective measures currently in place in CIKR and to inform facility owners/operators of the benefits of new protective measures. The ECIP program also sought to enhance existing relationships between DHS and owners/operators of CIKR and to build relationships where none existed (DHS 2008; DHS 2009). In 2009, DHS and its protective security advisors (PSAs) began assessing CIKR assets using the ECIP program and ultimately produced individual protective measure and vulnerability values through the protective measure and vulnerability indices (PMI/VI). The PMI/VI assess the protective measures posture of individual facilities at their 'weakest link,' allowing for a detailed analysis of the most vulnerable aspects of the facilities (Schneier 2003), while maintaining the ability to produce an overall protective measures picture. The PMI has six main components (physical security, security management, security force, information sharing, protective measures assessments, and dependencies) and focuses on actions taken by a facility to prevent or deter the occurrence of an incident (Argonne National Laboratory 2009). As CIKR continue to be assessed using the PMI/VI and owners/operators better understand how they can prevent or deter incidents, academic research, practitioner emphasis, and public policy formation have increasingly focused on resilience as a
Brandon, R.; Page, S.; Varndell, J.
This paper presents a novel application of Evidential Reasoning to Threat Assessment for critical infrastructure protection. A fusion algorithm based on the PCR5 Dezert-Smarandache fusion rule is proposed which fuses alerts generated by a vision-based behaviour analysis algorithm and a-priori watch-list intelligence data. The fusion algorithm produces a prioritised event list according to a user-defined set of event-type severity or priority weightings. Results generated from application of the algorithm to real data and Behaviour Analysis alerts captured at London's Heathrow Airport under the EU FP7 SAMURAI programme are presented. A web-based demonstrator system is also described which implements the fusion process in real-time. It is shown that this system significantly reduces the data deluge problem, and directs the user's attention to the most pertinent alerts, enhancing their Situational Awareness (SA). The end-user is also able to alter the perceived importance of different event types in real-time, allowing the system to adapt rapidly to changes in priorities as the situation evolves. One of the key challenges associated with fusing information deriving from intelligence data is the issue of Data Incest. Techniques for handling Data Incest within Evidential Reasoning frameworks are proposed, and comparisons are drawn with respect to Data Incest management techniques that are commonly employed within Bayesian fusion frameworks (e.g. Covariance Intersection). The challenges associated with simultaneously dealing with conflicting information and Data Incest in Evidential Reasoning frameworks are also discussed.
Full Text Available This paper presents an investigation of the relevant factors related to the construction of a resource model which is designed to be useful in the management processes of the operation of critical infrastructure (CI for state emergencies. The genesis of the research lay in the perceived need for effective protection of multidimensional CI methodologies, and it was influenced by the nature of the physical characteristics of the available resources. It was necessary to establish a clear structure and well defined objectives and to assess the functional and structural resources required, as well as the potential relational susceptibilities deriving from a number of possible threats and the possible seriousness of a specific range of incidents and their possible consequences. The interdependence of CI stocks is shown by the use of tables of resource classes. The dynamics of the interaction of CI resources are modeled by examining how using clusters of potential risks can at any given time create a class of compounds related to susceptibilities and threats to the resources. As a result, the model can be used to conduct multi-dimensional risk calculations for crisis management CI resource configurations.
Ondrej Linda; Todd Vollmer; Jim Alves-Foss; Milos Manic
Resiliency and cyber security of modern critical infrastructures is becoming increasingly important with the growing number of threats in the cyber-environment. This paper proposes an extension to a previously developed fuzzy logic based anomaly detection network security cyber sensor via incorporating Type-2 Fuzzy Logic (T2 FL). In general, fuzzy logic provides a framework for system modeling in linguistic form capable of coping with imprecise and vague meanings of words. T2 FL is an extension of Type-1 FL which proved to be successful in modeling and minimizing the effects of various kinds of dynamic uncertainties. In this paper, T2 FL provides a basis for robust anomaly detection and cyber security state awareness. In addition, the proposed algorithm was specifically developed to comply with the constrained computational requirements of low-cost embedded network security cyber sensors. The performance of the system was evaluated on a set of network data recorded from an experimental cyber-security test-bed.
Fraile, Marlon; Ford, Margaret; Gadyatskaya, Olga; Kumar, Rajesh; Stoelinga, Mariëlle Ida Antoinette; Trujillo-Rasua, Rolando
Securing automated teller machines (ATMs), as critical and complex infrastructure, requires a precise understanding of the associated threats. This paper reports on the application of attack-defense trees to model and analyze the security of ATMs.We capture the most dangerous multi-stage attack
is the component of CyberOps that extends cyber power beyond the defensive boundaries of the GIG to detect, deter, deny, and defeat adversaries... economy .16 DDOS attacks are based on multiple, malware infected personal computers, organized into networks called botnets, and are directed by...not condemn the actions of those involved. Of the two attacks on Estonia and Georgia, it was Estonia that had the greatest damage to its economy
Volcanic hazards may have destructive effects on economy, transport, and natural environments at both local and regional scale. Hazardous phenomena include pyroclastic density currents, tephra fall, gas emissions, lava flows, debris flows and avalanches, and lahars. Volcanic hazards assessment is based on available information to characterize potential volcanic sources in the region of interest and to determine whether specific volcanic phenomena might reach a given site. Volcanic hazards assessment is focussed on estimating the distances that volcanic phenomena could travel from potential sources and their intensity at the considered site. Epistemic and aleatory uncertainties strongly affect the resulting hazards assessment. Within the context of critical infrastructures, volcanic eruptions are rare natural events that can create severe hazards. In addition to being rare events, evidence of many past volcanic eruptions is poorly preserved in the geologic record. The models used for describing the impact of volcanic phenomena generally represent a range of model complexities, from simplified physics based conceptual models to highly coupled thermo fluid dynamical approaches. Modelling approaches represent a hierarchy of complexity, which reflects increasing requirements for well characterized data in order to produce a broader range of output information. In selecting models for the hazard analysis related to a specific phenomenon, questions that need to be answered by the models must be carefully considered. Independently of the model, the final hazards assessment strongly depends on input derived from detailed volcanological investigations, such as mapping and stratigraphic correlations. For each phenomenon, an overview of currently available approaches for the evaluation of future hazards will be presented with the aim to provide a foundation for future work in developing an international consensus on volcanic hazards assessment methods.
Herasevich, Vitaly; Pickering, Brian W; Dong, Yue; Peters, Steve G; Gajic, Ognjen
To develop and validate an informatics infrastructure for syndrome surveillance, decision support, reporting, and modeling of critical illness. Using open-schema data feeds imported from electronic medical records (EMRs), we developed a near-real-time relational database (Multidisciplinary Epidemiology and Translational Research in Intensive Care Data Mart). Imported data domains included physiologic monitoring, medication orders, laboratory and radiologic investigations, and physician and nursing notes. Open database connectivity supported the use of Boolean combinations of data that allowed authorized users to develop syndrome surveillance, decision support, and reporting (data "sniffers") routines. Random samples of database entries in each category were validated against corresponding independent manual reviews. The Multidisciplinary Epidemiology and Translational Research in Intensive Care Data Mart accommodates, on average, 15,000 admissions to the intensive care unit (ICU) per year and 200,000 vital records per day. Agreement between database entries and manual EMR audits was high for sex, mortality, and use of mechanical ventilation (kappa, 1.0 for all) and for age and laboratory and monitored data (Bland-Altman mean difference +/- SD, 1(0) for all). Agreement was lower for interpreted or calculated variables, such as specific syndrome diagnoses (kappa, 0.5 for acute lung injury), duration of ICU stay (mean difference +/- SD, 0.43+/-0.2), or duration of mechanical ventilation (mean difference +/- SD, 0.2+/-0.9). Extraction of essential ICU data from a hospital EMR into an open, integrative database facilitates process control, reporting, syndrome surveillance, decision support, and outcome research in the ICU.
.... THIS DOCUMENT IDENTIFIES A CLEAR SET OF GOALS AND OBJECTIVES AND OUTLINES THE GUIDING PRINCIPLES THAT WILL UNDERPIN OUR EFFORTS TO SECURE THE INFRASTRUCTURES AND ASSETS VITAL TO OUR PUBLIC HEALTH...
Ekedebe, Nnanna; Yu, Wei; Song, Houbing; Lu, Chao
An intelligent transportation system (ITS) is one typical cyber-physical system (CPS) that aims to provide efficient, effective, reliable, and safe driving experiences with minimal congestion and effective traffic flow management. In order to achieve these goals, various ITS technologies need to work synergistically. Nonetheless, ITS's reliance on wireless connectivity makes it vulnerable to cyber threats. Thus, it is critical to understand the impact of cyber threats on ITS. In this paper, using real-world transportation dataset, we evaluated the consequences of cyber threats - attacks against service availability by jamming the communication channel of ITS. In this way, we can have a better understanding of the importance of ensuring adequate security respecting safety and life-critical ITS applications before full and expensive real-world deployments. Our experimental data shows that cyber threats against service availability could adversely affect traffic efficiency and safety performances evidenced by exacerbated travel time, fuel consumed, and other evaluated performance metrics as the communication network is compromised. Finally, we discuss a framework to make ITS secure and more resilient against cyber threats.
INFORMATIVE STATEMENTS CSSP -2012-CD-1020 A Roadmap for Recovery/Decontamination Plan for Critical Infrastructure after CBRN Event Involving...Drinking Water Utilities was supported by the Canadian Safety and Security Program ( CSSP ) which is led by Defence Research and Development Canada’s Centre...Section. CSSP is a federally-funded program to strengthen Canada’s ability to anticipate, prevent/mitigate, prepare for, respond to, and recover
Chipley, Michael; Lyon, Wesley; Smilowitz, Robert; Williams, Pax; Arnold, Christopher; Blewett, William; Hazen, Lee; Krimgold, Fred
This publication, part of the new Building and Infrastructure Protection Series (BIPS) published by the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) Infrastructure Protection and Disaster Management Division (IDD), serves to advance high performance and integrated design for buildings and infrastructure. This…
Zakowska, L.; Pulawska-Obiedowska, S.
The developed societies have as challenge, among others, to achieve a mobility development based on economic models of low carbon and energy efficient, making it accessible to the entire population. In this context, the sustainable mobility seems to meet the economic, social and environmental needs, minimizing their negative impact. There are three factors that are relevant: (1) infrastructures; (2) modes of transport more ecological and safe, and (3) operations and services for passengers and freights.The objective of this research is to provide guidance to investment in sustainable transport infrastructures that are truly useful and effective. In particular we have studied the case of the railway, using the following information: details of the infrastructure; cost of construction (per kilometre); maintenance cost, and life cycle. This information may be relevant to consider their possible business models.The methodology of this research was focused in the detailed analysis of the infrastructure use and maintenance criteria, the market opportunities for freight development and the available data to validate the obtained results from the software tool reached in this work. Our research includes the different following aspects:• Evaluation of the supported traffic by the rail line.• Relevant items to be considered in the rail infrastructure. Defining the track, we can group items in two sets: civil and rail installations.• Rolling stock available. Locomotives and wagons are modelled to introduce the data as convenience for the user.Besides our research includes the development of software, Decision System Tool (DST), for studying the construction and maintenance cost of railway infrastructure. It is developed in a common and open source program, providing the user the interaction with the critical variable of the line. It has been adjusted using the following references: MOM PlanCargorail; EcoTransIT, and Projects funded by Framework Program of EU (New
Thacker, Scott; Kelly, Scott; Pant, Raghav; Hall, Jim W
Infrastructure adaptation measures provide a practical way to reduce the risk from extreme hydrometeorological hazards, such as floods and windstorms. The benefit of adapting infrastructure assets is evaluated as the reduction in risk relative to the "do nothing" case. However, evaluating the full benefits of risk reduction is challenging because of the complexity of the systems, the scarcity of data, and the uncertainty of future climatic changes. We address this challenge by integrating methods from the study of climate adaptation, infrastructure systems, and complex networks. In doing so, we outline an infrastructure risk assessment that incorporates interdependence, user demands, and potential failure-related economic losses. Individual infrastructure assets are intersected with probabilistic hazard maps to calculate expected annual damages. Protection measure costs are integrated to calculate risk reduction and associated discounted benefits, which are used to explore the business case for investment in adaptation. A demonstration of the methodology is provided for flood protection of major electricity substations in England and Wales. We conclude that the ongoing adaptation program for major electricity assets is highly cost beneficial. © 2017 Society for Risk Analysis.
Full Text Available Road infrastructure has a very high economic impact on the rural/urban integration especially with the creation of Osun State in 1992. The correlation between road infrastructure and economic development has been well established in literature. This study examined road infrastructure development in Osun State, South-western Nigeria between1999 and 2008. Structured questionnaire administered on 74 construction professionals and 32 financial administrators with official cadre ranging between principal and director in the public service of the State provided quantitative data for the study. In addition, a field survey of (17 road projects budgeted for execution in the State during this period was carried out. Data obtained were analyzed using percentage and relative significance index. The result of the study indicated poor implementation incidence of road projects in the State which is attributed to funding and coordination issues. Findings from the study provide information for rethinking budgeting for road infrastructure development in developing economy where road infrastructure financing depends on public funding.
Hatfield, M. C.; Webley, P.; Saiet, E., II
Remote Sensing of Arctic Environmental Conditions and Critical Infrastructure using Infra-Red (IR) Cameras and Unmanned Air Vehicles (UAVs) Numerous scientific and logistical applications exist in Alaska and other arctic regions requiring analysis of expansive, remote areas in the near infrared (NIR) and thermal infrared (TIR) bands. These include characterization of wild land fire plumes and volcanic ejecta, detailed mapping of lava flows, and inspection of lengthy segments of critical infrastructure, such as the Alaska pipeline and railroad system. Obtaining timely, repeatable, calibrated measurements of these extensive features and infrastructure networks requires localized, taskable assets such as UAVs. The Alaska Center for Unmanned Aircraft Systems Integration (ACUASI) provides practical solutions to these problem sets by pairing various IR sensors with a combination of fixed-wing and multi-rotor air vehicles. Fixed-wing assets, such as the Insitu ScanEagle, offer long reach and extended duration capabilities to quickly access remote locations and provide enduring surveillance of the target of interest. Rotary-wing assets, such as the Aeryon Scout or the ACUASI-built Ptarmigan hexcopter, provide a precision capability for detailed horizontal mapping or vertical stratification of atmospheric phenomena. When included with other ground capabilities, we will show how they can assist in decision support and hazard assessment as well as giving those in emergency management a new ability to increase knowledge of the event at hand while reducing the risk to all involved. Here, in this presentation, we illustrate how UAV's can provide the ideal tool to map and analyze the hazardous events and critical infrastructure under extreme environmental conditions.
have a fuel problem per se, but they are prohibited by regulation from operating in an environment where multiple reliable power supply sources are...could inhibit local calls, as well as prohibit connections to the backbone network that provides for more geographically dispersed communications...scenarios of interest examined. 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 0.0001 0.001 0.01 0.1 1 10 Days After Hemp Event Pe rc en ta ge o f C al ls
technology IP Internet protocols ISACs Information Sharing and Analysis Centers ISO International Organization of Standardization IT information...government and private entities. The Information Sharing and Analysis Centers ( ISACs ), which are the primary vehicles to address infrastructure...threats as a warfare element in its nature. The 58Information Sharing and Analysis Centers ( ISAC ), “The Role of Information Sharing and Analysis Centers
... infrastructure protection and public security, including border protection, civil defense capabilities, and coast... transport projects such as the expansion of a number of the country's airports. Specifically, opportunities.... Moreover, in 2013, Kuwait is expected to award a tender to build its third runway. Kuwait is aiming to...
Holub, P; Greplova, K; Knoflickova, D; Nenutil, R; Valik, D
We introduce the national research biobanking infrastructure, BBMRI_CZ. The infrastructure has been founded by the Ministry of Education and became a partner of the European biobanking infrastructure BBMRI.eu. It is designed as a network of individual biobanks where each biobank stores samples obtained from associated healthcare providers. The biobanks comprise long term storage (various types of tissues classified by diagnosis, serum at surgery, genomic DNA and RNA) and short term storage (longitudinally sampled patient sera). We discuss the operation workflow of the infrastructure that needs to be the distributed system: transfer of the samples to the biobank needs to be accompanied by extraction of data from the hospital information systems and this data must be stored in a central index serving mainly for sample lookup. Since BBMRI_CZ is designed solely for research purposes, the data is anonymised prior to their integration into the central BBMRI_CZ index. The index is then available for registered researchers to seek for samples of interest and to request the samples from biobank managers. The paper provides an overview of the structure of data stored in the index. We also discuss monitoring system for the biobanks, incorporated to ensure quality of the stored samples.
holder. Table of Contents Executive Summary "i 1. Introduction 1 2. Key Factors in the Current State of Internet Security 3 3. Assessment of...Laws and Law Enforcement 23 6. Conclusion 25 References 27 CMU/SEI-97-SR-003 Executive Summary The current state of Internet security is cause for...of an attack. Although no single approach can ensure Internet security and survivability, a combination of approaches can reduce the risks associated
Paté-Cornell, M-Elisabeth; Kuypers, Marshall; Smith, Matthew; Keller, Philip
Managing cyber security in an organization involves allocating the protection budget across a spectrum of possible options. This requires assessing the benefits and the costs of these options. The risk analyses presented here are statistical when relevant data are available, and system-based for high-consequence events that have not happened yet. This article presents, first, a general probabilistic risk analysis framework for cyber security in an organization to be specified. It then describes three examples of forward-looking analyses motivated by recent cyber attacks. The first one is the statistical analysis of an actual database, extended at the upper end of the loss distribution by a Bayesian analysis of possible, high-consequence attack scenarios that may happen in the future. The second is a systems analysis of cyber risks for a smart, connected electric grid, showing that there is an optimal level of connectivity. The third is an analysis of sequential decisions to upgrade the software of an existing cyber security system or to adopt a new one to stay ahead of adversaries trying to find their way in. The results are distributions of losses to cyber attacks, with and without some considered countermeasures in support of risk management decisions based both on past data and anticipated incidents. © 2017 Society for Risk Analysis.
Robustness against attacks serves as evidence for complex network structures and failure mechanisms that lie behind them. Most often, due to detection capability limitation or good disguises, attacks on networks are subject to false positives and false negatives, meaning that functional nodes may be falsely regarded as compromised by the attacker and vice versa. In this work, we initiate a study of false positive/negative effects on network robustness against three fundamental types of attack strategies, namely, random attacks (RA), localized attacks (LA), and targeted attack (TA). By developing a general mathematical framework based upon the percolation model, we investigate analytically and by numerical simulations of attack robustness with false positive/negative rate (FPR/FNR) on three benchmark models including Erdős-Rényi (ER) networks, random regular (RR) networks, and scale-free (SF) networks. We show that ER networks are equivalently robust against RA and LA only when FPR equals zero or the initial network is intact. We find several interesting crossovers in RR and SF networks when FPR is taken into consideration. By defining the cost of attack, we observe diminishing marginal attack efficiency for RA, LA, and TA. Our finding highlights the potential risk of underestimating or ignoring FPR in understanding attack robustness. The results may provide insights into ways of enhancing robustness of network architecture and improve the level of protection of critical infrastructures.
Robustness against attacks serves as evidence for complex network structures and failure mechanisms that lie behind them. Most often, due to detection capability limitation or good disguises, attacks on networks are subject to false positives and false negatives, meaning that functional nodes may be falsely regarded as compromised by the attacker and vice versa. In this work, we initiate a study of false positive/negative effects on network robustness against three fundamental types of attack strategies, namely, random attacks (RA), localized attacks (LA), and targeted attack (TA). By developing a general mathematical framework based upon the percolation model, we investigate analytically and by numerical simulations of attack robustness with false positive/negative rate (FPR/FNR) on three benchmark models including Erdős-Rényi (ER) networks, random regular (RR) networks, and scale-free (SF) networks. We show that ER networks are equivalently robust against RA and LA only when FPR equals zero or the initial network is intact. We find several interesting crossovers in RR and SF networks when FPR is taken into consideration. By defining the cost of attack, we observe diminishing marginal attack efficiency for RA, LA, and TA. Our finding highlights the potential risk of underestimating or ignoring FPR in understanding attack robustness. The results may provide insights into ways of enhancing robustness of network architecture and improve the level of protection of critical infrastructures.
Taylor, Ga; Wallon, D; Turilli, M; Hargreaves, N; A; Martin; Raun, A; McMoran, A
Copyright @ 2012 IEEE Cloud Computing provides an optimal infrastructure to utilise and share both computational and data resources whilst allowing a pay-per-use model, useful to cost-effectively manage hardware investment or to maximise its utilisation. Cloud Computing also offers transitory access to scalable amounts of computational resources, something that is particularly important due to the time and financial constraints of many user communities. The growing number of communities th...
Cox, R.; Drennen, T.E.; Gilliom, L.; Harris, D.L.; Kunsman, D.M.; Skroch, M.J.
The telecommunications sector plays a pivotal role in the system of increasingly connected and interdependent networks that make up national infrastructure. An assessment of the probable structure and function of the bit-moving industry in the twenty-first century must include issues associated with the surety of telecommunications. The term surety, as used here, means confidence in the acceptable behavior of a system in both intended and unintended circumstances. This paper outlines various engineering approaches to surety in systems, generally, and in the telecommunications infrastructure, specifically. It uses the experience and expectations of the telecommunications system of the US as an example of the global challenges. The paper examines the principal factors underlying the change to more distributed systems in this sector, assesses surety issues associated with these changes, and suggests several possible strategies for mitigation. It also studies the ramifications of what could happen if this sector became a target for those seeking to compromise a nation`s security and economic well being. Experts in this area generally agree that the U. S. telecommunications sector will eventually respond in a way that meets market demands for surety. Questions remain open, however, about confidence in the telecommunications sector and the nation`s infrastructure during unintended circumstances--such as those posed by information warfare or by cascading software failures. Resolution of these questions is complicated by the lack of clear accountability of the private and the public sectors for the surety of telecommunications.
Glickson, Deborah; Barron, Eric; Fine, Rana
The United States has jurisdiction over 3.4 million square miles of ocean—an expanse greater than the land area of all 50 states combined. This vast marine area offers researchers opportunities to investigate the ocean's role in an integrated Earth system but also presents challenges to society, including damaging tsunamis and hurricanes, industrial accidents, and outbreaks of waterborne diseases. The 2010 Gulf of Mexico Deepwater Horizon oil spill and 2011 Japanese earthquake and tsunami are vivid reminders that a broad range of infrastructure is needed to advance scientists' still incomplete understanding of the ocean. The National Research Council's (NRC) Ocean Studies Board was asked by the National Science and Technology Council's Subcommittee on Ocean Science and Technology, comprising 25 U.S. government agencies, to examine infrastructure needs for ocean research in the year 2030. This request reflects concern, among a myriad of marine issues, over the present state of aging and obsolete infrastructure, insufficient capacity, growing technological gaps, and declining national leadership in marine technological development; these issues were brought to the nation's attention in 2004 by the U.S. Commission on Ocean Policy.
Juskewitch, Justin E; Enders, Felicity T; Abraham, Roshini S; Huskins, W Charles
Sepsis biomarker research requires an infrastructure to identify septic patients efficiently and to collect and store specimens properly. We developed a novel infrastructure to study biomarkers of sepsis in children. Patients in pediatric and neonatal intensive care units were enrolled prospectively; enrollment information was stored in a secure, remotely accessible database. Researchers were notified of electronic medical record (EMR) orders for blood cultures (a surrogate for a diagnostic evaluation of suspected sepsis) by a page triggered by the order. Staff confirmed patient enrollment and remotely submitted an EMR order for collection of study specimens simultaneous with the blood culture. Specimens were processed and stored by a mobile clinical research unit. Over 2 years, 2029 patients were admitted; 138 were enrolled. Staff received pages for 95% of blood cultures collected from enrolled patients. The median time between the blood culture order and collection was 34 minutes (range 9-241). Study specimens were collected simultaneously with 41 blood cultures. The median times between specimen collection and storage for flow cytometry and cytokine analysis were 33 minutes (range 0-82) and 52 minutes (range 28-98), respectively. This novel infrastructure facilitated prompt, proper collection and storage of specimens for sepsis biomarker analysis. © 2013 Wiley Periodicals, Inc.
risque émergent et de l’atténuation des menaces d’incendies extrêmes pour les infrastructures essentielles (IE) canadiennes. Cette étude a engendré des ...systèmes plus fiables et efficaces pour protéger les IE contre le risque émergeant de conditions d’incendie extrêmes. Le présent rapport fournit les...protocole d’essai de résistance en conditions d’incendie extrêmes a été élaboré à partir essentiellement des analyses documentaires et des études des
van Ruiten Kees
One of the case studies is located in the Netherlands and deals with the port of Rotterdam. The situation in Rotterdam is representative for many other main ports in Europe. These ports are all situated in a delta area, near the sea and rivers or canals. Also, these ports are close to urban areas and industrial complexes. Finally, these ports have a multimodal transport infrastructure to and from its hinterland, which is also vulnerable for extreme weather events. The case study is not only significant for the development of methods and tools, but also of direct interest for the region itself. The combination of the National Water safety policy and the best practices from the INTACT cases offer challenges to create better adaptation options and coping capacity to these relatively unforeseen and unexpected impacts based on climate change scenario’s and socio-economic megatrends.
Full Text Available This paper focuses on identification of persons entering objects of crucial infrastructure and subsequent detection of movement in parts of objects. It explains some of the technologies and approaches to processing specific image information within existing building apparatus. The article describes the proposed algorithm for detection of persons. It brings a fresh approach to detection of moving objects (groups of persons involved in enclosed areas focusing on securing freely accessible places in buildings. Based on the designed algorithm of identification with presupposed utilisation of 3D application, motion trajectory of persons in delimited space can be automatically identified. The application was created in opensource software tool using the OpenCV library.
Doormaal, J.C.A.M. van; Nöldgen, M.; Deursen, J.R. van; Weerheijm, J.
Terrorist attacks by bombing (E) or Chemical, Biological or Radiological (CBR)-agents are threats with a low probability but with disastrous consequences. There is strong need to protect people, the societal community and critical infrastructures and utilities against being damaged, destroyed or
Gwaltney, David A.; Briscoe, Jeri M.
Integrated System Health Management (ISHM) architectures for spacecraft will include hard real-time, critical subsystems and soft real-time monitoring subsystems. Interaction between these subsystems will be necessary and an architecture supporting multiple criticality levels will be required. Demonstration hardware for the Integrated Safety-Critical Advanced Avionics Communication & Control (ISAACC) system has been developed at NASA Marshall Space Flight Center. It is a modular system using a commercially available time-triggered protocol, ?Tp/C, that supports hard real-time distributed control systems independent of the data transmission medium. The protocol is implemented in hardware and provides guaranteed low-latency messaging with inherent fault-tolerance and fault-containment. Interoperability between modules and systems of modules using the TTP/C is guaranteed through definition of messages and the precise message schedule implemented by the master-less Time Division Multiple Access (TDMA) communications protocol. "Plug-and-play" capability for sensors and actuators provides automatically configurable modules supporting sensor recalibration and control algorithm re-tuning without software modification. Modular components of controlled physical system(s) critical to control algorithm tuning, such as pumps or valve components in an engine, can be replaced or upgraded as "plug and play" components without modification to the ISAACC module hardware or software. ISAACC modules can communicate with other vehicle subsystems through time-triggered protocols or other communications protocols implemented over Ethernet, MIL-STD- 1553 and RS-485/422. Other communication bus physical layers and protocols can be included as required. In this way, the ISAACC modules can be part of a system-of-systems in a vehicle with multi-tier subsystems of varying criticality. The goal of the ISAACC architecture development is control and monitoring of safety critical systems of a
Kozine, Igor; Andersen, Henning Boje
resilience capability building cycle completes the framework, enabling a systematic implementation of relevant capabilities and making gap analysis with regard to resilience deficits. The planning of training exercises to enhance CI resilience can also benefit from the approach....... specifically arranged to accomplish a critical task and assure a key objective. They are grouped into preventive, absorptive, adaptive and restorative sets. The capabilities are identified at both the technological and the organisational level in each organisation (CI operator or responder). An overall...
Green infrastructure (GI) has attracted city planners and watershed management professional as a new approach to control urban stormwater runoff. Several regulatory enforcements of GI implementation created an urgent need for quantitative information on GI practice effectiveness, namely for sediment and stream erosion. This study aims at investigating the capability and performance of GI in reducing stream bank erosion in the Blackland Prairie ecosystem. To achieve the goal of this study, we developed a methodology to represent two types of GI (bioretention and permeable pavement) into the Soil Water Assessment Tool, we also evaluated the shear stress and excess shear stress for stream flows in conjunction with different levels of adoption of GI, and estimated potential stream bank erosion for different median soil particle sizes using real and design storms. The results provided various configurations of GI schemes in reducing the negative impact of urban stormwater runoff on stream banks. Results showed that combining permeable pavement and bioretention resulted in the greatest reduction in runoff volumes, peak flows, and excess shear stress under both real and design storms. Bioretention as a stand-alone resulted in the second greatest reduction, while the installation of detention pond only had the least reduction percentages. Lastly, results showed that the soil particle with median diameter equals to 64 mm (small cobbles) had the least excess shear stress across all design storms, while 0.5 mm (medium sand) soil particle size had the largest magnitude of excess shear stress. The current study provides several insights into a watershed scale for GI planning and watershed management to effectively reduce the negative impact of urban stormwater runoff and control streambank erosion.
Vogel, Jason R; Moore, Trisha L; Coffman, Reid R; Rodie, Steven N; Hutchinson, Stacy L; McDonough, Kelsey R; McLemore, Alex J; McMaine, John T
Since its inception, Low Impact Development (LID) has become part of urban stormwater management across the United States, marking progress in the gradual transition from centralized to distributed runoff management infrastructure. The ultimate goal of LID is full, cost-effective implementation to maximize watershed-scale ecosystem services and enhance resilience. To reach that goal in the Great Plains, the multi-disciplinary author team presents this critical review based on thirteen technical questions within the context of regional climate and socioeconomics across increasing complexities in scale and function. Although some progress has been made, much remains to be done including continued basic and applied research, development of local LID design specifications, local demonstrations, and identifying funding mechanisms for these solutions. Within the Great Plains and beyond, by addressing these technical questions within a local context, the goal of widespread acceptance of LID can be achieved, resulting in more effective and resilient stormwater management.
Tong, Weida; Harris, Stephen C; Fang, Hong; Shi, Leming; Perkins, Roger; Goodsaid, Federico; Frueh, Felix W
Pharmacogenomics (PGx) is identified in the FDA Critical Path document as a major opportunity for advancing medical product development and personalized medicine. An integrated bioinformatics infrastructure for use in FDA data review is crucial to realize the benefits of PGx for public health. We have developed an integrated bioinformatics tool, called ArrayTrack, for managing, analyzing and interpreting genomic and other biomarker data (e.g. proteomic and metabolomic data). ArrayTrack is a highly flexible and robust software platform, which allows evolving with technological advances and changing user needs. ArrayTrack is used in the routine review of genomic data submitted to the FDA; here, three hypothetical examples of its use in the Voluntary eXploratory Data Submission (VXDS) program are illustrated.: © Published by Elsevier Ltd.
O'Sullivan, Tracey L; Kuziemsky, Craig E; Toal-Sullivan, Darene; Corneil, Wayne
Complexity is a useful frame of reference for disaster management and understanding population health. An important means to unraveling the complexities of disaster management is to recognize the interdependencies between health care and broader social systems and how they intersect to promote health and resilience before, during and after a crisis. While recent literature has expanded our understanding of the complexity of disasters at the macro level, few studies have examined empirically how dynamic elements of critical social infrastructure at the micro level influence community capacity. The purpose of this study was to explore empirically the complexity of disasters, to determine levers for action where interventions can be used to facilitate collaborative action and promote health among high risk populations. A second purpose was to build a framework for critical social infrastructure and develop a model to identify potential points of intervention to promote population health and resilience. A community-based participatory research design was used in nine focus group consultations (n = 143) held in five communities in Canada, between October 2010 and March 2011, using the Structured Interview Matrix facilitation technique. The findings underscore the importance of interconnectedness of hard and soft systems at the micro level, with culture providing the backdrop for the social fabric of each community. Open coding drawing upon the tenets of complexity theory was used to develop four core themes that provide structure for the framework that evolved; they relate to dynamic context, situational awareness and connectedness, flexible planning, and collaboration, which are needed to foster adaptive responses to disasters. Seven action recommendations are presented, to promote community resilience and population health. Copyright © 2012 Elsevier Ltd. All rights reserved.
Robert S. Anderson; Paul Moskowitz; Mark Schanfein; Trond Bjornard; Curtis St. Michel
Nuclear facility personnel expend considerable efforts to ensure that their facilities can maintain continuity of operations against both natural and man-made threats. Historically, most attention has been placed on physical security. Recently however, the threat of cyber-related attacks has become a recognized and growing world-wide concern. Much attention has focused on the vulnerability of the electric grid and chemical industries to cyber attacks, in part, because of their use of Supervisory Control and Data Acquisition (SCADA) systems. Lessons learned from work in these sectors indicate that the cyber threat may extend to other critical infrastructures including sites where nuclear and radiological materials are now stored. In this context, this white paper presents a hypothetical scenario by which a determined adversary launches a cyber attack that compromises the physical protection system and results in a reduced security posture at such a site. The compromised security posture might then be malevolently exploited in a variety of ways. The authors conclude that the cyber threat should be carefully considered for all nuclear infrastructures.
Full Text Available Examining the interrelationships among critical success factors (CSFs for public private partnership (PPP projects is of importance for improving PPP project performance and maintaining the sustainability of PPP project implementation. Previous studies mostly focused on the identification of the CSFs for PPP projects; limited studies investigated the interrelationships among CSFs. Hence, the research objectives are (a to determine the interrelationships among CSFs of PPP projects taking into account the public and (b to identify influence paths contributing to take advantage of CSFs in the process of PPP implementation. A literature review and expert interviews were adopted to construct the CSFs framework; nine hypotheses were constructed and tested by the structural equation modelling (SEM based on the data collected from a questionnaire survey. This research reveals that the relationship between public and private partners is the leader-follower relationship, not the partnership relationship, in PPP projects, indicating that the responsibilities, power or resources existing among partners are very unequal. It also highlights that public involvement has a negative effect on the process of service provisions, and costs and risks exist in the process of public involvement in PPP projects. The determined interrelationships among CSFs will contribute to the sustainability and success of a PPP project.
Ramachandran, Varun; Long, Suzanna K.; Shoberg, Thomas G.; Corns, Steven; Carlo, Hector J.
The majority of restoration strategies in the wake of large-scale disasters have focused on short-term emergency response solutions. Few consider medium- to long-term restoration strategies to reconnect urban areas to national supply chain interdependent critical infrastructure systems (SCICI). These SCICI promote the effective flow of goods, services, and information vital to the economic vitality of an urban environment. To re-establish the connectivity that has been broken during a disaster between the different SCICI, relationships between these systems must be identified, formulated, and added to a common framework to form a system-level restoration plan. To accomplish this goal, a considerable collection of SCICI data is necessary. The aim of this paper is to review what data are required for model construction, the accessibility of these data, and their integration with each other. While a review of publically available data reveals a dearth of real-time data to assist modeling long-term recovery following an extreme event, a significant amount of static data does exist and these data can be used to model the complex interdependencies needed. For the sake of illustration, a particular SCICI (transportation) is used to highlight the challenges of determining the interdependencies and creating models capable of describing the complexity of an urban environment with the data publically available. Integration of such data as is derived from public domain sources is readily achieved in a geospatial environment, after all geospatial infrastructure data are the most abundant data source and while significant quantities of data can be acquired through public sources, a significant effort is still required to gather, develop, and integrate these data from multiple sources to build a complete model. Therefore, while continued availability of high quality, public information is essential for modeling efforts in academic as well as government communities, a more
Full Text Available The majority of restoration strategies in the wake of large-scale disasters have focused on short-term emergency response solutions. Few consider medium- to long-term restoration strategies to reconnect urban areas to national 'supply chain interdependent critical infrastructure systems' (SCICI. These SCICI promote the effective flow of goods, services, and information vital to the economic vitality of an urban environment. To re-establish the connectivity that has been broken during a disaster between the different SCICI, relationships between these systems must be identified, formulated, and added to a common framework to form a system-level restoration plan. To accomplish this goal, a considerable collection of SCICI data is necessary. The aim of this paper is to review what data are required for model construction, the accessibility of these data, and their integration with each other. While a review of publically available data reveals a dearth of real-time data to assist modeling long-term recovery following an extreme event, a significant amount of static data does exist and these data can be used to model the complex interdependencies needed. For the sake of illustration, a particular SCICI (transportation is used to highlight the challenges of determining the interdependencies and creating models capable of describing the complexity of an urban environment with the data publically available. Integration of such data as is derived from public domain sources is readily achieved in a geospatial environment, after all geospatial infrastructure data are the most abundant data source and while significant quantities of data can be acquired through public sources, a significant effort is still required to gather, develop, and integrate these data from multiple sources to build a complete model. Therefore, while continued availability of high quality, public information is essential for modeling efforts in academic as well as government
Nolesini, Teresa; Frodella, William; Bardi, Federica; Intrieri, Emanuele; Carlà, Tommaso; Solari, Lorenzo; Dotta, Giulia; Ferrigno, Federica; Casagli, Nicola
Landslides represent one of the most frequent geo-hazard, not only causing a serious threat to human lives, but also determining socio-economic losses, countable in billions of Euros and expressed in terms of damage to property, infrastructures and environmental degradation. Recent events show a significant increase in the number of disasters with natural and/or technological causes, which could have potentially serious consequences for Critical Infrastructures (CI). Where these infrastructures tend to fail or to be destroyed, the resulting cascade effect (chain of accidents) could lead to catastrophic damage and affect people, the environment and the economy. In the field of landslide detection, mapping, monitoring and management, the availability of advanced remote sensing technologies, which allow systematic and easily updatable acquisitions of data, may enhance the implementation of near real time monitoring activity and the production of landslide maps, optimizing field work. This work aims at presenting an example of the advantages given by the combined use of advanced remote sensing techniques, such as Ground-Based Interferometric Synthetic Aperture Radar (GB-InSAR), Terrestrial Laser Scanning (TLS) and Infrared Thermography (IRT), in order to monitor and map the Calatabiano landslide, located in the Catania Province (Sicily Island, Southern Italy). The landslide occurred on October 24th 2015, after a period of heavy rainfall, causing the rupture of a water pipeline transect of the aqueduct supplying water to the city of Messina. As a consequence of this event a considerable lack in water resources occurred for a large number of the city inhabitants. A provisional by-pass, consisting of three 350 m long pipes passing through the landslide area, was implemented in order to restore the city water supplies during the emergency management phase. In this framework an integrated monitoring network was implemented, in order to assess the residual risk by analyzing
Gelenbe, Erol; Gellman, Michael; Loukas, George
Denial of service attacks, viruses and worms are common tools for malicious adversarial behavior in networks. Experience shows that over the last few years several of these techniques have probably been used by governments to impair the Internet communications of various entities, and we can expect that these and other information warfare tools will be used increasingly as part of hostile behavior either independently, or in conjunction with other forms of attack in conventional or asymmetric warfare, as well as in other forms of malicious behavior. In this paper we concentrate on Distributed Denial of Service Attacks (DDoS) where one or more attackers generate flooding traffic and direct it from multiple sources towards a set of selected nodes or IP addresses in the Internet. We first briefly survey the literature on the subject, and discuss some examples of DDoS incidents. We then present a technique that can be used for DDoS protection based on creating islands of protection around a critical information infrastructure. This technique, that we call the CPN-DoS-DT (Cognitive Packet Networks DoS Defence Technique), creates a self-monitoring sub-network surrounding each critical infrastructure node. CPN-DoS-DT is triggered by a DDoS detection scheme, and generates control traffic from the objects of the DDoS attack to the islands of protection where DDOS packet flows are destroyed before they reach the critical infrastructure. We use mathematical modelling, simulation and experiments on our test-bed to show the positive and negative outcomes that may result from both the attack, and the CPN-DoS-DT protection mechanism, due to imperfect detection and false alarms.
Samsa, M.; Van Kuiken, J.; Jusko, M.; Decision and Information Sciences
The Critical Infrastructure Protection Decision Support System Decision Model (CIPDSS-DM) is a useful tool for comparing the effectiveness of alternative risk-mitigation strategies on the basis of CIPDSS consequence scenarios. The model is designed to assist analysts and policy makers in evaluating and selecting the most effective risk-mitigation strategies, as affected by the importance assigned to various impact measures and the likelihood of an incident. A typical CIPDSS-DM decision map plots the relative preference of alternative risk-mitigation options versus the annual probability of an undesired incident occurring once during the protective life of the investment, assumed to be 20 years. The model also enables other types of comparisons, including a decision map that isolates a selected impact variable and displays the relative preference for the options of interest--parameterized on the basis of the contribution of the isolated variable to total impact, as well as the likelihood of the incident. Satisfaction/regret analysis further assists the analyst or policy maker in evaluating the confidence with which one option can be selected over another.
Dimou, M; Dulov, O; Grein, G
In the Wordwide LHC Computing Grid (WLCG) project the Tier centres are of paramount importance for storing and accessing experiment data and for running the batch jobs necessary for experiment production activities. Although Tier2 sites provide a significant fraction of the resources a non-availability of resources at the Tier0 or the Tier1s can seriously harm not only WLCG Operations but also the experiments' workflow and the storage of LHC data which are very expensive to reproduce. This is why availability requirements for these sites are high and committed in the WLCG Memorandum of Understanding (MoU). In this talk we describe the workflow of GGUS ALARMs, the only 24/7 mechanism available to LHC experiment experts for reporting to the Tier0 or the Tier1s problems with their Critical Services. Conclusions and experience gained from the detailed drills performed in each such ALARM for the last 4 years are explained and the shift with time of Type of Problems met. The physical infrastructure put in place to ...
Full Text Available Municipal infrastructure is a fundamental facility for the normal operation and development of an urban city and is of significance for the stable progress of sustainable urbanization around the world, especially in developing countries. Based on the municipal infrastructure data of the prefecture-level cities in China, municipal infrastructure development is assessed comprehensively using a FA (factor analysis model, and then the stochastic model STIRPAT (stochastic impacts by regression on population, affluence and technology is examined to investigate key factors that influence municipal infrastructure of cities in various stages of urbanization and economy. This study indicates that the municipal infrastructure development in urban China demonstrates typical characteristics of regional differentiation, in line with the economic development pattern. Municipal infrastructure development in cities is primarily influenced by income, industrialization and investment. For China and similar developing countries under transformation, national public investment remains the primary driving force of economy as well as the key influencing factor of municipal infrastructure. Contribution from urbanization and the relative consumption level, and the tertiary industry is still scanty, which is a crux issue for many developing countries under transformation. With economic growth and the transformation requirements, the influence of the conventional factors such as public investment and industrialization on municipal infrastructure development would be expected to decline, meanwhile, other factors like the consumption and tertiary industry driven model and the innovation society can become key contributors to municipal infrastructure sustainability.
Li, Yu; Zheng, Ji; Li, Fei; Jin, Xueting; Xu, Chen
Municipal infrastructure is a fundamental facility for the normal operation and development of an urban city and is of significance for the stable progress of sustainable urbanization around the world, especially in developing countries. Based on the municipal infrastructure data of the prefecture-level cities in China, municipal infrastructure development is assessed comprehensively using a FA (factor analysis) model, and then the stochastic model STIRPAT (stochastic impacts by regression on population, affluence and technology) is examined to investigate key factors that influence municipal infrastructure of cities in various stages of urbanization and economy. This study indicates that the municipal infrastructure development in urban China demonstrates typical characteristics of regional differentiation, in line with the economic development pattern. Municipal infrastructure development in cities is primarily influenced by income, industrialization and investment. For China and similar developing countries under transformation, national public investment remains the primary driving force of economy as well as the key influencing factor of municipal infrastructure. Contribution from urbanization and the relative consumption level, and the tertiary industry is still scanty, which is a crux issue for many developing countries under transformation. With economic growth and the transformation requirements, the influence of the conventional factors such as public investment and industrialization on municipal infrastructure development would be expected to decline, meanwhile, other factors like the consumption and tertiary industry driven model and the innovation society can become key contributors to municipal infrastructure sustainability.
Full Text Available The article presents several arguments on the need to study the critical infrastructure in Romania including various systems (networks and special military communications. It emphasizes the role and place of such systems and networks to provide national defense and security and the risks and vulnerabilities faced by these infrastructures, and some necessary measures to be taken for the physical and informational protection in the case of hostile military actions, natural disasters or other negative phenomena. Finally some conclusions and proposals are formulated.
Mathisen, Arve; Nerland, Monika
This paper employs a socio-technical perspective to explore the role of complex work support systems in organising knowledge and providing opportunities for learning in professional work. Drawing on concepts from infrastructure studies, such systems are seen as work infrastructures which connect information, knowledge, standards and work…
Conde, Daniel; Baptista, Maria Ana; Sousa Oliveira, Carlos; Ferreira, Rui M. L.
a flux-splitting technique with a reviewed Roe-Riemann solver and appropriate source-term formulations to ensure full conservativeness. Additionally, STAV-2D features Lagrangian-Eulerian coupling enabling solid transport simulation under both continuum and discrete approaches, and has been validated with both laboratory data and paleo-tsunami evidence (Conde, 2013a; Conde, 2013b). The interactions between the inundating flow and coal stockpiles or natural mobile bed reaches were simulated using a continuum debris-flow approach, featuring fractional solid transport, while the containers at the new terminal were advected with an explicit Lagrangian method. The meshwork employed at the port models the existing geometry and structures in great detail, enabling explicitly resolved interactions between the current infrastructure and the overland propagating tsunami. The obtained preliminary results suggest that several structures, some of them critical in a nationwide context, are exposed to tsunami actions. The coal deposition pattern and the final location of monitored containers were determined for two magnitude scenarios (8.5 Mw and 9.5 Mw) in the case of a tsunami generated at the Horseshoe fault and one magnitude scenario (9.5 Mw) for a tsunami generated at the Gorringe bank. The inland washing of the coal stockpiles may impose great loss of both economical and environmental value, while the impact of large mobile debris, such as the containers in the terminal area, significantly increases the severity of infrastructural damage. Acknowledgements This work was partially funded by FEDER, program COMPETE, and by national funds through the Portuguese Foundation for Science and Technology (FCT) with project RECI/ECM-HID/0371/2012. References Baptista M.A. & Miranda, J.M. (2009), Revision of the Portuguese catalog of tsunamis. Nat. Hazards Earth Syst. Sci., 9, 25-42. Canelas, R.; Murillo, J. & Ferreira, R.M.L. (2013), Two-dimensional depth-averaged modelling of dam
Each year almost 800,000 Americans have a heart attack. A heart attack happens when blood flow to the heart suddenly ... it's important to know the symptoms of a heart attack and call 9-1-1 if you or ...
Galelli, Stefano; Taormina, Riccardo; Tippenhauer, Nils; Salomons, Elad; Ostfeld, Avi
The adoption of smart meters, distributed sensor networks and industrial control systems has largely improved the level of service provided by modern water supply systems. Yet, the progressive computerization exposes these critical infrastructures to cyber-physical attacks, which are generally aimed at stealing critical information (cyber-espionage) or causing service disruption (denial-of-service). Recent statistics show that water and power utilities are undergoing frequent attacks - such as the December power outage in Ukraine - , attracting the interest of operators and security agencies. Taking the security of Water Distribution Networks (WDNs) as domain of study, our work seeks to characterize the vulnerability of WDNs to cyber-physical attacks, so as to conceive adequate defense mechanisms. We extend the functionality of EPANET, which models hydraulic and water quality processes in pressurized pipe networks, to include a cyber layer vulnerable to repeated attacks. Simulation results on a medium-scale network show that several hydraulic actuators (valves and pumps, for example) can be easily attacked, causing both service disruption - i.e., water spillage and loss of pressure - and structural damages - e.g., pipes burst. Our work highlights the need for adequate countermeasures, such as attacks detection and reactive control systems.
Fields, Damon E.
Critical Infrastructure Protection (CIP) is a construct that relates preparedness and responsiveness to natural or man-made disasters that involve vulnerable assets deemed essential for the functioning of our economy and society. Infrastructure systems (power grids, bridges, airports, etc.) are vulnerable to disastrous types of events--natural or man-made. Failures of these systems can have devastating effects on communities and entire regions. CIP relates our willingness, ability, and capability to defend, mitigate, and re-constitute those assets that succumb to disasters affecting one or more infrastructure sectors. This qualitative research utilized ethnography and employed interviews with subject matter experts (SMEs) from various fields of study regarding CIP with respect to oil and natural gas pipelines in the New Madrid Seismic Zone. The study focused on the research question: What can be done to mitigate vulnerabilities in the oil and natural gas infrastructures, along with the potential cascading effects to interdependent systems, associated with a New Madrid fault event? The researcher also analyzed National Level Exercises (NLE) and real world events, and associated After Action Reports (AAR) and Lessons Learned (LL) in order to place a holistic lens across all infrastructures and their dependencies and interdependencies. Three main themes related to the research question emerged: (a) preparedness, (b) mitigation, and (c) impacts. These themes comprised several dimensions: (a) redundancy, (b) node hardening, (c) education, (d) infrastructure damage, (e) cascading effects, (f) interdependencies, (g) exercises, and (h) earthquake readiness. As themes and dimensions are analyzed, they are considered against findings in AARs and LL from previous real world events and large scale exercise events for validation or rejection.
Laszlo B Kish
Full Text Available Recently, Bennett and Riedel (BR (http://arxiv.org/abs/1303.7435v1 argued that thermodynamics is not essential in the Kirchhoff-law-Johnson-noise (KLJN classical physical cryptographic exchange method in an effort to disprove the security of the KLJN scheme. They attempted to demonstrate this by introducing a dissipation-free deterministic key exchange method with two batteries and two switches. In the present paper, we first show that BR's scheme is unphysical and that some elements of its assumptions violate basic protocols of secure communication. All our analyses are based on a technically unlimited Eve with infinitely accurate and fast measurements limited only by the laws of physics and statistics. For non-ideal situations and at active (invasive attacks, the uncertainly principle between measurement duration and statistical errors makes it impossible for Eve to extract the key regardless of the accuracy or speed of her measurements. To show that thermodynamics and noise are essential for the security, we crack the BR system with 100% success via passive attacks, in ten different ways, and demonstrate that the same cracking methods do not function for the KLJN scheme that employs Johnson noise to provide security underpinned by the Second Law of Thermodynamics. We also present a critical analysis of some other claims by BR; for example, we prove that their equations for describing zero security do not apply to the KLJN scheme. Finally we give mathematical security proofs for each BR-attack against the KLJN scheme and conclude that the information theoretic (unconditional security of the KLJN method has not been successfully challenged.
Kish, Laszlo B; Abbott, Derek; Granqvist, Claes G
Recently, Bennett and Riedel (BR) (http://arxiv.org/abs/1303.7435v1) argued that thermodynamics is not essential in the Kirchhoff-law-Johnson-noise (KLJN) classical physical cryptographic exchange method in an effort to disprove the security of the KLJN scheme. They attempted to demonstrate this by introducing a dissipation-free deterministic key exchange method with two batteries and two switches. In the present paper, we first show that BR's scheme is unphysical and that some elements of its assumptions violate basic protocols of secure communication. All our analyses are based on a technically unlimited Eve with infinitely accurate and fast measurements limited only by the laws of physics and statistics. For non-ideal situations and at active (invasive) attacks, the uncertainly principle between measurement duration and statistical errors makes it impossible for Eve to extract the key regardless of the accuracy or speed of her measurements. To show that thermodynamics and noise are essential for the security, we crack the BR system with 100% success via passive attacks, in ten different ways, and demonstrate that the same cracking methods do not function for the KLJN scheme that employs Johnson noise to provide security underpinned by the Second Law of Thermodynamics. We also present a critical analysis of some other claims by BR; for example, we prove that their equations for describing zero security do not apply to the KLJN scheme. Finally we give mathematical security proofs for each BR-attack against the KLJN scheme and conclude that the information theoretic (unconditional) security of the KLJN method has not been successfully challenged.
Wald, David J.; Lin, Kuo-wan; Kircher, C.A.; Jaiswal, Kishor; Luco, Nicolas; Turner, L.; Slosky, Daniel
The ShakeCast system is an openly available, near real-time post-earthquake information management system. ShakeCast is widely used by public and private emergency planners and responders, lifeline utility operators and transportation engineers to automatically receive and process ShakeMap products for situational awareness, inspection priority, or damage assessment of their own infrastructure or building portfolios. The success of ShakeCast to date and its broad, critical-user base mandates improved software usability and functionality, including improved engineering-based damage and loss functions. In order to make the software more accessible to novice users—while still utilizing advanced users’ technical and engineering background—we have developed a “ShakeCast Workbook”, a well documented, Excel spreadsheet-based user interface that allows users to input notification and inventory data and export XML files requisite for operating the ShakeCast system. Users will be able to select structure based on a minimum set of user-specified facility (building location, size, height, use, construction age, etc.). “Expert” users will be able to import user-modified structural response properties into facility inventory associated with the HAZUS Advanced Engineering Building Modules (AEBM). The goal of the ShakeCast system is to provide simplified real-time potential impact and inspection metrics (i.e., green, yellow, orange and red priority ratings) to allow users to institute customized earthquake response protocols. Previously, fragilities were approximated using individual ShakeMap intensity measures (IMs, specifically PGA and 0.3 and 1s spectral accelerations) for each facility but we are now performing capacity-spectrum damage state calculations using a more robust characterization of spectral deamnd.We are also developing methods for the direct import of ShakeMap’s multi-period spectra in lieu of the assumed three-domain design spectrum (at 0.3s for
Garcia-Fernandez, Mariano; Assatourians, Karen; Jimenez, Maria-Jose
Extreme natural hazard events have the potential to cause significant disruption to critical infrastructure (CI) networks. Among them, earthquakes represent a major threat as sudden-onset events with limited, if any, capability of forecast, and high damage potential. In recent years, the increased exposure of interdependent systems has heightened concern, motivating the need for a framework for the management of these increased hazards. The seismic performance level and resilience of existing non-nuclear CIs can be analyzed by identifying the ground motion input values leading to failure of selected key elements. Main interest focuses on the ground motions exceeding the original design values, which should correspond to low probability occurrence. A seismic hazard methodology has been specifically developed to consider low-probability ground motions affecting elongated CI networks. The approach is based on Monte Carlo simulation, which allows for building long-duration synthetic earthquake catalogs to derive low-probability amplitudes. This approach does not affect the mean hazard values and allows obtaining a representation of maximum amplitudes that follow a general extreme-value distribution. This facilitates the analysis of the occurrence of extremes, i.e., very low probability of exceedance from unlikely combinations, for the development of, e.g., stress tests, among other applications. Following this methodology, extreme ground-motion scenarios have been developed for selected combinations of modeling inputs including seismic activity models (source model and magnitude-recurrence relationship), ground motion prediction equations (GMPE), hazard levels, and fractiles of extreme ground motion. The different results provide an overview of the effects of different hazard modeling inputs on the generated extreme motion hazard scenarios. This approach to seismic hazard is at the core of the risk analysis procedure developed and applied to European CI transport
Baraldi, Carlo; Pellesi, Lanfranco; Guerzoni, Simona; Cainazzo, Maria Michela; Pini, Luigi Alberto
Hemicrania continua (HC), paroxysmal hemicrania (PH) and short lasting neuralgiform headache attacks (SUNCT and SUNA) are rare syndromes with a difficult therapeutic approach. The aim of this review is to summarize all articles dealing with treatments for HC, PH, SUNCT and SUNA, comparing them in terms of effectiveness and safety. A survey was performed using the pubmed database for documents published from the 1st January 1989 onwards. All types of articles were considered, those ones dealing with symptomatic cases and non-English written ones were excluded. Indomethacin is the best treatment both for HC and PH. For the acute treatment of HC, piroxicam and celecoxib have shown good results, whilst for the prolonged treatment celecoxib, topiramate and gabapentin are good options besides indomethacin. For PH the best drug besides indomethacin is piroxicam, both for acute and prolonged treatment. For SUNCT and SUNA the most effective treatments are intravenous or subcutaneous lidocaine for the acute treatment of active phases and lamotrigine for the their prevention. Other effective therapeutic options are intravenous steroids for acute treatment and topiramate for prolonged treatment. Non-pharmacological techniques have shown good results in SUNCT and SUNA but, since they have been tried on a small number of patients, the reliability of their efficacy is poor and their safety profile mostly unknown. Besides a great number of treatments tried, HC, PH, SUNCT and SUNA management remains difficult, according with their unknown pathogenesis and their rarity, which strongly limits the studies upon these conditions. Further studies are needed to better define the treatment of choice for these conditions.
Murarka, N.; Ramesh, V.C.
The report analyzes the possibility of cyberwarfare on the electricity infrastructure. The ongoing deregulation of the electricity industry makes the power grid all the more vulnerable to cyber attacks. The report models the power system information system components, models potential threats and protective measures. It therefore offers a framework for infrastructure protection.
Woodell, Eric A.
Information Technology (IT) professionals use the Information Technology Infrastructure Library (ITIL) process to better manage their business operations, measure performance, improve reliability and lower costs. This study examined the operational results of those data centers using ITIL against those that do not, and whether the results change…
Gruschka, Nils; Jensen, Meiko
The new paradigm of cloud computing poses severe security risks to its adopters. In order to cope with these risks, appropriate taxonomies and classification criteria for attacks on cloud computing are required. In this work-in-progress paper we present one such taxonomy based on the notion...... of attack surfaces of the cloud computing scenario participants....
Happenny, Sean F. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States)
The United States' power infrastructure is aging, underfunded, and vulnerable to cyber attack. Emerging smart grid technologies may take some of the burden off of existing systems and make the grid as a whole more efficient, reliable, and secure. The Pacific Northwest National Laboratory (PNNL) is funding research into several aspects of smart grid technology and grid security, creating a software simulation tool that will allow researchers to test power infrastructure control and distribution paradigms by utilizing different smart grid technologies to determine how the grid and these technologies react under different circumstances. Understanding how these systems behave in real-world conditions will lead to new ways to make our power infrastructure more resilient and secure. Demonstrating security in embedded systems is another research area PNNL is tackling. Many of the systems controlling the U.S. critical infrastructure, such as the power grid, lack integrated security and the aging networks protecting them are becoming easier to attack.
Rao, Nageswara S. [ORNL; Ma, Chris Y. T. [Hang Seng Management College, Hon Kong; He, Fei [Texas A& M University, Kingsville, TX, USA
We consider cloud computing server infrastructures for big data applications, which consist of multiple server sites connected over a wide-area network. The sites house a number of servers, network elements and local-area connections, and the wide-area network plays a critical, asymmetric role of providing vital connectivity between them. We model this infrastructure as a system of systems, wherein the sites and wide-area network are represented by their cyber and physical components. These components can be disabled by cyber and physical attacks, and also can be protected against them using component reinforcements. The effects of attacks propagate within the systems, and also beyond them via the wide-area network.We characterize these effects using correlations at two levels using: (a) aggregate failure correlation function that specifies the infrastructure failure probability given the failure of an individual site or network, and (b) first-order differential conditions on system survival probabilities that characterize the component-level correlations within individual systems. We formulate a game between an attacker and a provider using utility functions composed of survival probability and cost terms. At Nash Equilibrium, we derive expressions for the expected capacity of the infrastructure given by the number of operational servers connected to the network for sum-form, product-form and composite utility functions.
Washko, Michelle M; Campbell, Margaret; Tilly, Jane
The nexus of aging and disability, characterized by the phenomenon of aging with a disability, will become more visible as the population ages and the number of people with disabilities surviving to midlife increases. This article addresses 3 interrelated issues critical to the fields of aging and disability: increasing demand for community-based long-term services and supports, a paucity of evidence-based programs demonstrating effectiveness in facilitating independence for those aging with a disability, and lack of a federal infrastructure to support coordinated investments in research-to-practice for this population. Suggestions for federal interagency collaborations are given, along with roles for key stakeholders.
... pain Fatigue Heart attack Symptoms & causes Diagnosis & treatment Advertisement Mayo Clinic does not endorse companies or products. ... a Job Site Map About This Site Twitter Facebook Google YouTube Pinterest Mayo Clinic is a not- ...
... heart attack. A stent is a small, metal mesh tube that opens up (expands) inside a coronary ... e228. PMID: 25260718 www.ncbi.nlm.nih.gov/pubmed/25260718 . Anderson JL. ST segment elevation acute myocardial ...
Densmore, Brenda K.; Burton, Bethany L.; Dietsch, Benjamin J.; Cannia, James C.; Huizinga, Richard J.
During the 2011 Mississippi River Basin flood, the U.S. Geological Survey evaluated aspects of critical river infrastructure at the request of and in support of local, State, and Federal Agencies. Geotechnical and hydrographic data collected by the U.S. Geological Survey at numerous locations were able to provide needed information about 2011 flood effects to those managing the critical infrastructure. These data were collected and processed in a short time frame to provide managers the ability to make a timely evaluation of the safety of the infrastructure and, when needed, to take action to secure and protect critical infrastructure. Critical infrastructure surveyed by the U.S. Geological Survey included levees, bridges, pipeline crossings, power plant intakes and outlets, and an electrical transmission tower. Capacitively coupled resistivity data collected along the flood-protection levees surrounding the Omaha Public Power District Nebraska City power plant (Missouri River Levee Unit R573), mapped the near-subsurface electrical properties of the levee and the materials immediately below it. The near-subsurface maps provided a better understanding of the levee construction and the nature of the lithology beneath the levee. Comparison of the capacitively coupled resistivity surveys and soil borings indicated that low-resistivity value material composing the levee generally is associated with lean clay and silt to about 2 to 4 meters below the surface, overlying a more resistive layer associated with sand deposits. In general, the resistivity structure becomes more resistive to the south and the southern survey sections correlate well with the borehole data that indicate thinner clay and silt at the surface and thicker sand sequences at depth in these sections. With the resistivity data Omaha Public Power District could focus monitoring efforts on areas with higher resistivity values (coarser-grained deposits or more loosely compacted section), which typically are
Rosenzweig, C.; Solecki, W. D.; Freed, A. M.
The New York City Climate Change Adaptation Task Force, launched in August 2008, aims to secure the city's critical infrastructure against rising seas, higher temperatures and fluctuating water supplies projected to result from climate change. The Climate Change Adaptation Task Force is part of PlaNYC, the city's long- term sustainability plan, and is composed of over 30 city and state agencies, public authorities and companies that operate the region's roads, bridges, tunnels, mass transit, and water, sewer, energy and telecommunications systems - all with critical infrastructure identified as vulnerable. It is one of the most comprehensive adaptation efforts yet launched by an urban region. To guide the effort, Mayor Michael Bloomberg has formed the New York City Panel on Climate Change (NPCC), modeled on the Intergovernmental Panel on Climate Change (IPCC). Experts on the panel include climatologists, sea-level rise specialists, adaptation experts, and engineers, as well as representatives from the insurance and legal sectors. The NPCC is developing planning tools for use by the Task Force members that provide information about climate risks, adaptation and risk assessment, prioritization frameworks, and climate protection levels. The advisory panel is supplying climate change projections, helping to identify at- risk infrastructure, and assisting the Task Force in developing adaptation strategies and guidelines for design of new structures. The NPCC will also publish an assessment report in 2009 that will serve as the foundation for climate change adaptation in the New York City region, similar to the IPCC reports. Issues that the Climate Change Adaptation Task Force and the NPCC are addressing include decision- making under climate change uncertainty, effective ways for expert knowledge to be incorporated into public actions, and strategies for maintaining consistent and effective attention to long-term climate change even as municipal governments cycle
... Artery Disease Venous Thromboembolism Aortic Aneurysm More About Heart Attacks Updated:Jan 27,2017 A heart attack is ... coronary artery damage leads to a heart attack . Heart Attack Questions and Answers What is a heart attack? ...
Anderson, Kate; Burman, Kari; Simpkins, Travis; Helson, Erica; Lisell, Lars, Case, Tria
Resilient PV, which is solar paired with storage ('solar-plus-storage'), provides value both during normal grid operation and power outages as opposed to traditional solar PV, which functions only when the electric grid is operating. During normal grid operations, resilient PV systems help host sites generate revenue and/or reduce electricity bill charges. During grid outages, resilient PV provides critical emergency power that can help people in need and ease demand on emergency fuel supplies. The combination of grid interruptions during recent storms, the proliferation of solar PV, and the growing deployment of battery storage technologies has generated significant interest in using these assets for both economic and resiliency benefits. This report analyzes the technical and economic viability for resilient PV on three critical infrastructure sites in New York City (NYC): a school that is part of a coastal storm shelter system, a fire station, and a NYCHA senior center that serves as a cooling center during heat emergencies. This analysis differs from previous solar-plus-storage studies by placing a monetary value on resiliency and thus, in essence, modeling a new revenue stream for the avoided cost of a power outage. Analysis results show that resilient PV is economically viable for NYC's critical infrastructure and that it may be similarly beneficial to other commercial buildings across the city. This report will help city building owners, managers, and policymakers better understand the economic and resiliency benefits of resilient PV. As NYC fortifies its building stock against future storms of increasing severity, resilient PV can play an important role in disaster response and recovery while also supporting city greenhouse gas emission reduction targets and relieving stress to the electric grid from growing power demands.
Power grid is one of the most critical infrastructures in a nation and could suffer a variety of cyber attacks. With the development of Smart Grid, false data injection attack has recently attracted wide research interest. This thesis proposes a false data attack model with incomplete network information and develops optimal attack strategies for attacking load measurements and the real-time topology of a power grid. The impacts of false data on the economic and reliable operations of power systems are quantitatively analyzed in this thesis. To mitigate the risk of cyber attacks, a distributed protection strategies are also developed. It has been shown that an attacker can design false data to avoid being detected by the control center if the network information of a power grid is known to the attacker. In practice, however, it is very hard or even impossible for an attacker to obtain all network information of a power grid. In this thesis, we propose a local load redistribution attacking model based on incomplete network information and show that an attacker only needs to obtain the network information of the local attacking region to inject false data into smart meters in the local region without being detected by the state estimator. A heuristic algorithm is developed to determine a feasible attacking region by obtaining reduced network information. This thesis investigates the impacts of false data on the operations of power systems. It has been shown that false data can be designed by an attacker to: 1) mask the real-time topology of a power grid; 2) overload a transmission line; 3) disturb the line outage detection based on PMU data. To mitigate the risk of cyber attacks, this thesis proposes a new protection strategy, which intends to mitigate the damage effects of false data injection attacks by protecting a small set of critical measurements. To further reduce the computation complexity, a mixed integer linear programming approach is also proposed to
This article appeared in Strategic Insights, Spring 2011 In June 2010, U.S. Senators Susan Collins, Joseph Lieberman, and Tom Carper introduced the Protecting Cyberspace as a National Asset Act. One of its many aims is to protect critical infrastructures in the United States from cyber attack. In January 2011, Brandon Milhorn, staff director of the Senate Homeland Security and Governmental Affairs Committee, defended the bill, saying that it would prevent a hacker from opening ...
Palma Peña-Jiménez, Ph.D.
Full Text Available During election campaigns the political spot has a clear objective: to win votes. This message is communicated to the electorate through television and Internet, and usually presents a negative approach, which includes a direct critical message against the opponent, rather than an exposition of proposals. This article is focused on the analysis of the campaign attack video ad purposely created to encourage the disapproval of the political opponent among voters. These ads focus on discrediting the opponent, many times, through the transmission of ad hominem messages, instead of disseminating the potential of the political party and the virtues and manifesto of its candidate. The article reviews the development of the attack ad since its first appearance, which in Spain dates back to 1996, when the famous Doberman ad was broadcast, and examines the most memorable campaign attack ads.
Lõhmus, Mare; Balbus, John
Increasing urban green and blue structure is often pointed out to be critical for sustainable development and climate change adaptation, which has led to the rapid expansion of greening activities in cities throughout the world. This process is likely to have a direct impact on the citizens' quality of life and public health. However, alongside numerous benefits, green and blue infrastructure also has the potential to create unexpected, undesirable, side-effects for health. This paper considers several potential harmful public health effects that might result from increased urban biodiversity, urban bodies of water, and urban tree cover projects. It does so with the intent of improving awareness and motivating preventive measures when designing and initiating such projects. Although biodiversity has been found to be associated with physiological benefits for humans in several studies, efforts to increase the biodiversity of urban environments may also promote the introduction and survival of vector or host organisms for infectious pathogens with resulting spread of a variety of diseases. In addition, more green connectivity in urban areas may potentiate the role of rats and ticks in the spread of infectious diseases. Bodies of water and wetlands play a crucial role in the urban climate adaptation and mitigation process. However, they also provide habitats for mosquitoes and toxic algal blooms. Finally, increasing urban green space may also adversely affect citizens allergic to pollen. Increased awareness of the potential hazards of urban green and blue infrastructure should not be a reason to stop or scale back projects. Instead, incorporating public health awareness and interventions into urban planning at the earliest stages can help insure that green and blue infrastructure achieves full potential for health promotion.
Full Text Available Increasing urban green and blue structure is often pointed out to be critical for sustainable development and climate change adaptation, which has led to the rapid expansion of greening activities in cities throughout the world. This process is likely to have a direct impact on the citizens’ quality of life and public health. However, alongside numerous benefits, green and blue infrastructure also has the potential to create unexpected, undesirable, side-effects for health. This paper considers several potential harmful public health effects that might result from increased urban biodiversity, urban bodies of water, and urban tree cover projects. It does so with the intent of improving awareness and motivating preventive measures when designing and initiating such projects. Although biodiversity has been found to be associated with physiological benefits for humans in several studies, efforts to increase the biodiversity of urban environments may also promote the introduction and survival of vector or host organisms for infectious pathogens with resulting spread of a variety of diseases. In addition, more green connectivity in urban areas may potentiate the role of rats and ticks in the spread of infectious diseases. Bodies of water and wetlands play a crucial role in the urban climate adaptation and mitigation process. However, they also provide habitats for mosquitoes and toxic algal blooms. Finally, increasing urban green space may also adversely affect citizens allergic to pollen. Increased awareness of the potential hazards of urban green and blue infrastructure should not be a reason to stop or scale back projects. Instead, incorporating public health awareness and interventions into urban planning at the earliest stages can help insure that green and blue infrastructure achieves full potential for health promotion.
Threat characterization is a key component in evaluating the threat faced by control systems. Without a thorough understanding of the threat faced by critical infrastructure networks, adequate resources cannot be allocated or directed effectively to the defense of these systems. Traditional methods of threat analysis focus on identifying the capabilities and motivations of a specific attacker, assessing the value the adversary would place on targeted systems, and deploying defenses according to the threat posed by the potential adversary. Too many effective exploits and tools exist and are easily accessible to anyone with access to an Internet connection, minimal technical skills, and a significantly reduced motivational threshold to be able to narrow the field of potential adversaries effectively. Understanding how hackers evaluate new IT security research and incorporate significant new ideas into their own tools provides a means of anticipating how IT systems are most likely to be attacked in the future. This research, Attack Methodology Analysis (AMA), could supply pertinent information on how to detect and stop new types of attacks. Since the exploit methodologies and attack vectors developed in the general Information Technology (IT) arena can be converted for use against control system environments, assessing areas in which cutting edge exploit development and remediation techniques are occurring can provide significance intelligence for control system network exploitation, defense, and a means of assessing threat without identifying specific capabilities of individual opponents. Attack Methodology Analysis begins with the study of what exploit technology and attack methodologies are being developed in the Information Technology (IT) security research community within the black and white hat community. Once a solid understanding of the cutting edge security research is established, emerging trends in attack methodology can be identified and the gap between
Bohr, Paula Christine
Literature on the impact of physical infrastructure on older adult safe driving performance was reviewed in 2005 as part of the American Occupational Therapy Association's Evidence-Based Literature Review Project. Existing guidelines for driving environments, related to changes in visual, cognitive, and psychomotor abilities associated with the aging process (as published in the Highway Design Handbook for Older Drivers and Pedestrians, Federal Highway Administration, 2001), are exhaustive, but the authors made no attempt to critically assess the strength of the study design or level of evidence. In laboratory studies since 1999, the interventions lacked applicability to real-life driving environments. Further investigation of the effectiveness of best practice interventions and how the driving environment can better accommodate the needs of older drivers is needed. Occupational therapy interventions that focus on the occupation of driving and compensation and education strategies that allow older adults to drive safely as long as possible are included.
Gu, Min; Aslanyan, Zaruhi; Probst, Christian W.
Attacks on organisations today explore many different layers, including buildings infrastructure, IT infrastructure, and human factor – the physical, virtual, and social layer. Identifying possible attacks, understanding their impact, and attributing their origin and contributing factors...... components quickly results in a large quantity of interrelations, which are hard to grasp. In this work we present several approaches for visualising attributes of attacks such as likelihood of success, impact, and required time or skill level. The resulting visualisations provide a link between attacks...... on an organisations and the contribution of parts of an organisation to the attack and its impact....
Geiling, James; Burkle, Frederick M; Amundson, Dennis; Dominguez-Cherit, Guillermo; Gomersall, Charles D; Lim, Matthew L; Luyckx, Valerie; Sarani, Babak; Uyeki, Timothy M; West, T Eoin; Christian, Michael D; Devereaux, Asha V; Dichter, Jeffrey R; Kissoon, Niranjan
Planning for mass critical care (MCC) in resource-poor or constrained settings has been largely ignored, despite their large populations that are prone to suffer disproportionately from natural disasters. Addressing MCC in these settings has the potential to help vast numbers of people and also to inform planning for better-resourced areas. The Resource-Poor Settings panel developed five key question domains; defining the term resource poor and using the traditional phases of disaster (mitigation/preparedness/response/recovery), literature searches were conducted to identify evidence on which to answer the key questions in these areas. Given a lack of data upon which to develop evidence-based recommendations, expert-opinion suggestions were developed, and consensus was achieved using a modified Delphi process. The five key questions were then separated as follows: definition, infrastructure and capacity building, resources, response, and reconstitution/recovery of host nation critical care capabilities and research. Addressing these questions led the panel to offer 33 suggestions. Because of the large number of suggestions, the results have been separated into two sections: part 1, Infrastructure/Capacity in this article, and part 2, Response/Recovery/Research in the accompanying article. Lack of, or presence of, rudimentary ICU resources and limited capacity to enhance services further challenge resource-poor and constrained settings. Hence, capacity building entails preventative strategies and strengthening of primary health services. Assistance from other countries and organizations is needed to mount a surge response. Moreover, planning should include when to disengage and how the host nation can provide capacity beyond the mass casualty care event.
Rianna, Guido; Roca Collell, Marta; Uzielli, Marco; Van Ruiten, Kees; Mercogliano, Paola; Ciervo, Fabio; Reder, Alfredo
In Campania Region (Southern Italy), expected increases in heavy rainfall events under the effect of climate changes and demographic pressure could entail a growth of occurrence of weather induced landslides and associated damages. Indeed, already in recent years, pyroclastic covers mantling the slopes of a large part of the Region have been affected by numerous events often causing victims and damages to infrastructures serving the urban centers. Due to the strategic relevance of the area, landslide events affecting volcanic layers in Campania Region are one of the five case studies investigated in the FP7 European Project INTACT about the impacts of extreme weather on critical infrastructure. The main aim of INTACT project is to increase the resilience of critical infrastructures (CI) facing extreme weather events improving the awareness of stakeholders and asset managers about such phenomena and their potential variations due to Climate Changes and providing tools to support risk management strategies. A WIKI has been designed as a remote support for all stages of the risk process through brief theoretical explanations (in Wiki style) about tools and methods proposed and reports on the findings and hints returned by case studies investigations. In order to have a product tailored to the needs and background of CI owners, managers and policy makers, an intense effort of knowledge co-production between researchers and stakeholders have been carried out in different case studies through questionnaires, meetings, workshops and/or 1-to-1 interviews. This work presents the different tools and approaches adopted to facilitate the exchange with stakeholders in the Campanian case study such as the "Storytelling approach", aiming to stress the need for a comprehensive and overall approach to the issue between the different disaster management phases (mitigation, preparedness, response and recovery) and actors; the CIRCLE approach developed by Deltares, partner in INTACT
To promote the benefits of green infrastructure, help communities overcome barriers to using GI, and encourage the use of GI to create sustainable and resilient water infrastructure that improves water quality and supports and revitalizes communities.
Job Summary. Under the general supervision of the Manager, Infrastructure, Security & Records - IMTD, the Junior Infrastructure Analyst plays a critical infrastructure support role (as part of the ISD team responsible for the day-to-day operation and maintenance of the Centre's various infrastructure systems in Headquarters ...
Moore, Michael Roy [ORNL; Bridges, Robert A [ORNL; Combs, Frank L [ORNL; Starr, Michael S [ORNL; Prowell, Stacy J [ORNL
Modern vehicles rely on hundreds of on-board electronic control units (ECUs) communicating over in-vehicle networks. As external interfaces to the car control networks (such as the on-board diagnostic (OBD) port, auxiliary media ports, etc.) become common, and vehicle-to-vehicle / vehicle-to-infrastructure technology is in the near future, the attack surface for vehicles grows, exposing control networks to potentially life-critical attacks. This paper addresses the need for securing the CAN bus by detecting anomalous traffic patterns via unusual refresh rates of certain commands. While previous works have identified signal frequency as an important feature for CAN bus intrusion detection, this paper provides the first such algorithm with experiments on five attack scenarios. Our data-driven anomaly detection algorithm requires only five seconds of training time (on normal data) and achieves true positive / false discovery rates of 0.9998/0.00298, respectively (micro-averaged across the five experimental tests).
Full Text Available Public-private cooperation on the level of project finance, and provision of large-scale infrastructure projects, is increasing on the global level. This paper uses a multi-actor analysis, in order to explore the critical success factors (CSFs for sound implementation of public-private partnerships (PPPs in the port context, and to determine the diverging opinions of stakeholders with regard to the importance of these CSFs. The results indicate that eight CSFs are of superior importance in port PPPs: the concreteness and preciseness of the concession agreement, the ability to appropriately allocate and share risk, the technical feasibility of the project, the commitment made by partners, the attractiveness of the financial package, a clear definition of responsibilities, the presence of a strong private consortium and a realistic cost/benefit assessment. The reason for their importance is their deal-breaking character, which can lead to a total failure of PPP projects during the early stages of project conception.
Apostolakis, George E; Lemon, Douglas M
The extreme importance of critical infrastructures to modern society is widely recognized. These infrastructures are complex and interdependent. Protecting the critical infrastructures from terrorism presents an enormous challenge. Recognizing that society cannot afford the costs associated with absolute protection, it is necessary to identify and prioritize the vulnerabilities in these infrastructures. This article presents a methodology for the identification and prioritization of vulnerabilities in infrastructures. We model the infrastructures as interconnected digraphs and employ graph theory to identify the candidate vulnerable scenarios. These scenarios are screened for the susceptibility of their elements to a terrorist attack, and a prioritized list of vulnerabilities is produced. The prioritization methodology is based on multiattribute utility theory. The impact of losing infrastructure services is evaluated using a value tree that reflects the perceptions and values of the decisionmaker and the relevant stakeholders. These results, which are conditional on a specified threat, are provided to the decisionmaker for use in risk management. The methodology is illustrated through the presentation of a portion of the analysis conducted on the campus of the Massachusetts Institute of Technology.
Kornberger, Martin; Pflueger, Dane; Mouritsen, Jan
To date, much of the accounting literature focuses on control and coordination within and from the perspective of organizations, reflecting what Hopwood described as accounting’s “hierarchical consciousness”. Inspired by the growing phenomenon of network organizational forms such as eBay, AirBnB ...... worlds); and new forms of control (evaluative infrastructures are not centers of calculation; rather, control is radically distributed, whilst power remains centralized).......BnB or Uber, this paper develops the concept of evaluative infrastructures for a heterarchical modus of accounting. Evaluative infrastructures are decentralized accounting practices that underpin distributed production processes. They are evaluative because they deploy a plethora of interacting devices......, including rankings, ratings, reviews, audits etc. to establish orders of worth. They are infrastructures because they provide the invisible yet essential mechanisms for distributed production processes to occur. Put metaphorically, if cost accounting provided the numerical infrastructure...
Silva, Victor; Harder, Henrik; Jensen, Ole B.
Bike Infrastructures aims to identify bicycle infrastructure typologies and design elements that can help promote cycling significantly. It is structured as a case study based research where three cycling infrastructures with distinct typologies were analyzed and compared. The three cases...... are Vestergade Vest and Mageløs in Odense (shareduse space in the core of the city); Hans Broges Gade in Aarhus (an extension of a bicycle route linking the suburb to Aarhus Central station) and Bryggebro in Copenhagen (a bridge for bicyclists and pedestrians crossing the harbor). Bridging research and policy......, the findings of this research project can also support bike friendly design and planning, and cyclist advocacy....
Van Wyk, Llewellyn V
Full Text Available ), transport (typically roads, rail and airports), and telecommunications. The focus of this chapter will be on greening bulk services and roads. Despite the importance of infrastructure to economic growth and social wellbeing, many countries struggle to meet...
Michael Cannon; Terry Barney; Gary Cook; George Danklefsen, Jr.; Paul Fairbourn; Susan Gihring; Lisa Stearns
Unprecedented growth of required telecommunications services and telecommunications applications change the way the INL does business today. High speed connectivity compiled with a high demand for telephony and network services requires a robust communications infrastructure. The current state of the MFC communication infrastructure limits growth opportunities of current and future communication infrastructure services. This limitation is largely due to equipment capacity issues, aging cabling infrastructure (external/internal fiber and copper cable) and inadequate space for telecommunication equipment. While some communication infrastructure improvements have been implemented over time projects, it has been completed without a clear overall plan and technology standard. This document identifies critical deficiencies with the current state of the communication infrastructure in operation at the MFC facilities and provides an analysis to identify needs and deficiencies to be addressed in order to achieve target architectural standards as defined in STD-170. The intent of STD-170 is to provide a robust, flexible, long-term solution to make communications capabilities align with the INL mission and fit the various programmatic growth and expansion needs.
Ashok, Aditya; Govindarasu, Manimaran; Wang, Jianhui
Cyber security and resiliency of Wide-Area Monitoring, Protection and Control (WAMPAC) applications is critically important to ensure secure, reliable, and economic operation of the bulk power system. WAMPAC relies heavily on the security of measurements and control commands transmitted over wide-area communication networks for real-time operational, protection, and control functions. Also, the current “N-1 security criteria” for grid operation is inadequate to address malicious cyber events and therefore it is important to fundamentally redesign WAMPAC and to enhance Energy Management System (EMS) applications to make them attack-resilient. In this paper, we propose an end-to-end defense-in-depth architecture for attack-resilient WAMPAC that addresses resilience at both the infrastructure layer and the application layers. Also, we propose an attack-resilient cyber-physical security framework that encompasses the entire security life cycle including risk assessment, attack prevention, attack detection, attack mitigation, and attack resilience. The overarching objective of this paper is to provide a broad scope that comprehensively describes most of the major research issues and potential solutions in the context of cyber-physical security of WAMPAC for the power grid.
Du, Haitao; Yang, Shanchieh Jay
This paper investigates collaborative cyber attacks based on social network analysis. An Attack Social Graph (ASG) is defined to represent cyber attacks on the Internet. Features are extracted from ASGs to analyze collaborative patterns. We use principle component analysis to reduce the feature space, and hierarchical clustering to group attack sources that exhibit similar behavior. Experiments with real world data illustrate that our framework can effectively reduce from large dataset to clusters of attack sources exhibiting critical collaborative patterns.
Full Text Available In April 2007, the Estonian Government moved a memorial commemorating the Soviet liberation of the country from the Nazis to a less prominent and visible location in Tallinn. This decision triggered rioting among Russian-speaking minorities and cyber terrorism targeting Estonia's critical economic and political infrastructure. Drawing upon the Estonian cyber attacks, this article argues that globalization and the Internet have enabled transnational groups—such as the Russian diaspora—to avenge their grievances by threatening the sovereignty of nation-states in cyberspace. Sophisticated and virtually untraceable political "hacktivists" may now possess the ability to disrupt or destroy government operations, banking transactions, city power grids, and even military weapon systems. Fortunately, western countries banded together to effectively combat the Estonian cyber attacks and minimize their effects. However, this article concludes that in the age of globalization, interdependence, and digital interconnectedness, nation-states must engage in increased cooperative cyber-defense activities to counter and prevent devastating Internet attacks and their implications.
Sforza, Antonio; Vittorini, Valeria; Pragliola, Concetta
This comprehensive monograph addresses crucial issues in the protection of railway systems, with the objective of enhancing the understanding of railway infrastructure security. Based on analyses by academics, technology providers, and railway operators, it explains how to assess terrorist and criminal threats, design countermeasures, and implement effective security strategies. In so doing, it draws upon a range of experiences from different countries in Europe and beyond. The book is the first to be devoted entirely to this subject. It will serve as a timely reminder of the attractiveness of the railway infrastructure system as a target for criminals and terrorists and, more importantly, as a valuable resource for stakeholders and professionals in the railway security field aiming to develop effective security based on a mix of methodological, technological, and organizational tools. Besides researchers and decision makers in the field, the book will appeal to students interested in critical infrastructur...
The President`s Commission on Critical Infrastructure Protection (PCCEP) was formed under Executive Order 13010 to recommend a national strategy for protecting and assuring critical infrastructures. Eight critical infrastructure elements have been identified. This paper provides an overview of tools necessary to conduct in depth analysis and characterization of threats, vulnerabilities, and interdependencies of critical infrastructure subsystems, and their interaction with each other. Particular emphasis is placed on research requirements necessary to develop the next generation of tools. In addition to tools, a number of system level research suggestions are made including developing a system architecture, data flow models, national level resources, and a national test bed.
Kornberger, Martin; Pflueger, Dane; Mouritsen, Jan
Platform organizations such as Uber, eBay and Airbnb represent a growing disruptive phenomenon in contemporary capitalism, transforming economic organization, the nature of work, and the distribution of wealth. This paper investigates the accounting practices that underpin this new form of organi...... other); generativity (evaluative infrastructures do not territorialize objects but disclose new worlds); and new forms of control (evaluative infrastructures are not centres of calculation; rather, control is radically distributed, whilst power remains centralized)....... of organizing, and in doing so confronts a significant challenge within the accounting literature: the need to escape what Hopwood (1996) describes as its “hierarchical consciousness”. In order to do so, this paper develops the concept of evaluative infrastructure which describes accounting practices...... that enable platform based organization. They are evaluative because they deploy a plethora of interacting devices, including rankings, ratings, reviews, and audits to establish orders of worth. They are infrastructures because they provide the invisible yet essential mechanisms for the flow of economic...
Bruun Jensen, Casper
. Instead, I outline a fractal approach to the study of space, society, and infrastructure. A fractal orientation requires a number of related conceptual reorientations. It has implications for thinking about scale and perspective, and (sociotechnical) relations, and for considering the role of the social...... and a fractal social theory....
within urban life. There is a certain parallel between these different locations and the difference in ritual roads to certainty in the two religions. The article draws out connections between different levels of infrastructure – material, spatial and ritual. The comparison between the two religions...
Chapter 2. Surge capacity and infrastructure considerations for mass critical care. Recommendations and standard operating procedures for intensive care unit and hospital preparations for an influenza epidemic or mass disaster.
Hick, John L; Christian, Michael D; Sprung, Charles L
To provide recommendations and standard operating procedures for intensive care unit (ICU) and hospital preparations for a mass disaster or influenza epidemic with a specific focus on surge capacity and infrastructure considerations. Based on a literature review and expert opinion, a Delphi process was used to define the essential topics including surge capacity and infrastructure considerations. Key recommendations include: (1) hospitals should increase their ICU beds to the maximal extent by expanding ICU capacity and expanding ICUs into other areas; (2) hospitals should have appropriate beds and monitors for these expansion areas; hospitals should develop contingency plans at the facility and government (local, state, provincial, national) levels to provide additional ventilators; (3) hospitals should develop a phased staffing plan (nursing and physician) for ICUs that provides sufficient patient care supervision during contingency and crisis situations; (4) hospitals should provide expert input to the emergency management personnel at the hospital both during planning for surge capacity as well as during response; (5) hospitals should assure that adequate infrastructure support is present to support critical care activities; (6) hospitals should prioritize locations for expansion by expanding existing ICUs, using postanesthesia care units and emergency departments to capacity, then step-down units, large procedure suites, telemetry units and finally hospital wards. Judicious planning and adoption of protocols for surge capacity and infrastructure considerations are necessary to optimize outcomes during a pandemic.
Nonsecure Internet Protocol Router Network OODA observe, orient, decide, and act PAF Project AIR FORCE PKI public key infrastructure SCADA Supervisory...network-connected Supervisory Control and Data Acquisition ( SCADA ) systems to govern critical utilities such as water, electrical power, and fuel...system in this report to refer to anything that might be attacked through cyberspace, including IT systems and SCADA systems. The definition conforms
EKMAN,MARK E.; ISBELL,DARYL
The executive branch of the United States government has acknowledged and identified threats to the water supply infrastructure of the United States. These threats include contamination of the water supply, aging infrastructure components, and malicious attack. Government recognition of the importance of providing safe, secure, and reliable water supplies has a historical precedence in the water works of the ancient Romans, who recognized the same basic threats to their water supply infrastructure the United States acknowledges today. System surety is the philosophy of ''designing for threats, planning for failure, and managing for success'' in system design and implementation. System surety is an alternative to traditional compliance-based approaches to safety, security, and reliability. Four types of surety are recognized: reactive surety; proactive surety, preventative surety; and fundamental, inherent surety. The five steps of the system surety approach can be used to establish the type of surety needed for the water infrastructure and the methods used to realize a sure water infrastructure. The benefit to the water industry of using the system surety approach to infrastructure design and assessment is a proactive approach to safety, security, and reliability for water transmission, treatment, distribution, and wastewater collection and treatment.
Nivedita, N.; S. Durbha
To ensure a resilient Healthcare Critical Infrastructure, understanding the vulnerabilities and analysing the interdependency on other critical infrastructures is important. To model this critical infrastructure and its dependencies, Hierarchal Coloured petri net modelling approach for simulating the vulnerability of Healthcare Critical infrastructure in a disaster situation is studied.. The model enables to analyse and understand various state changes, which occur when there is a di...
Ertner, Sara Marie
one such project, Project Lev Vel, a public-private and user driven innovation project. The central questions posed by the dissertation are: What is welfare technology? How is it imagined, designed, and developed, and by whom? Who are driving the design processes and how? Who are the elderly users...... sites and infrastructures for project communication plays a central role for design and, ultimately, for what welfare technology comes to be. The chapters explore different processes of what I call infrastructuring design; the ongoing crafting of social, material, and technical arrangements......The fact that the average citizen in Western societies is aging has significant implications for national welfare models. What some call ’the grey tsunami’ has resulted in suggestions for, and experiments in, re-designing healthcare systems and elderly care. In Denmark, one attempted solution...
Meret, Susi; Goffredo, Sergio
Full Text Available link. A social engineering attack targets this weakness by; using various manipulation techniques in order to elicit sensitive; information. The field of social engineering is still in its infancy; stages with regards to formal definitions and attack...
... include: A previous heart attack Open heart surgery Chest trauma A heart attack that has affected the thickness of your heart muscle Symptoms Symptoms include: Anxiety Chest pain from the swollen pericardium rubbing on the ...
First aid - heart attack; First aid - cardiopulmonary arrest; First aid - cardiac arrest ... A heart attack occurs when the blood flow that carries oxygen to the heart is blocked. The heart muscle ...
Full Text Available ... Ischemic Attack TIA , or transient ischemic attack, is a "mini stroke" that occurs when a blood clot blocks an artery for a short time. The only difference between a stroke ...
Full Text Available The contemporary electrical power infrastructure is exposed to new types of threats. The cause of such threats is related to the large number of new vulnerabilities and architectural weaknesses introduced by the extensive use of Information and communication Technologies (ICT in such complex critical systems. The power grid interconnection with the Internet exposes the grid to new types of attacks, such as Advanced Persistent Threats (APT or Distributed-Denial-ofService (DDoS attacks. When addressing this situation the usual cyber security technologies are prerequisite, but not sufficient. To counter evolved and highly sophisticated threats such as the APT or DDoS, state-of-the-art technologies including Security Incident and Event Management (SIEM systems, extended Intrusion Detection/Prevention Systems (IDS/IPS and Trusted Platform Modules (TPM are required. Developing and deploying extensive ICT infrastructure that supports wide situational awareness and allows precise command and control is also necessary. In this paper the results of testing the Situational Awareness Network (SAN designed for the energy sector are presented. The purpose of the tests was to validate the selection of SAN components and check their operational capability in a complex test environment. During the tests’ execution appropriate interaction between the components was verified.
Regulação de Riscos e Proteção de Infraestruturas Críticas: os novos ventos do fenômeno regulatório / Risk Regulation and Critical Infrastructure Protection: The New Winds of the Regulatory Phenomenon
Egon C. Guterres
Full Text Available Purpose – This article analyzes the origins of the Risk Regulation Theory and Critical Infrastructure Protection Programs, and shows their contribution to the Brazilian regulatory experience. Methodology/approach/design – Through several examples, this study presents regulatory policies that emerged as responses to events that caused a significant impact on society. Findings – The unique way that the Critical Infrastructure Protection Programs evolved within the Brazilian regulatory experience is greatly attributable to demands of major international sporting events.
It is the quest of every government to achieve universal Access and service of telecommunication services and ICTs. Unfortunately due to the high cost of deploying infrastructure in rural areas of developing countries due to non-significant or no economic activity, this dream of achieving Universal...... access and service of telecommunications/ICTs have been stalled. This paper throws light on a possible Public Private Partnership framework as a development path that will enable affordable network technologies to be deployed in rural areas at a cost that will translate to what the rural dweller...... in a developing country in Africa can afford. The paper is a conceptual paper...
Training and Exercise Center CSTIA Central Science and Technology Information Agency DDoS Distributed Denial of Service DNS Domain Name Server DOD...computers in 2004 and Distributed Denial of Service ( DDoS ) attacks in 2009, were attributed to North Korea. North Korea has attacked not only government...President Roh to Lee, North Korea intensified both their criticisms and attacks. In 2009, they conducted extensive DDoS attacks on South Korea and
Full Text Available Preparation for potential threats is one of the most important phases ensuring system security. It allows evaluating possible losses, changes in the attack process, the effectiveness of used countermeasures, optimal system settings, etc. In cyber-attack cases, executing real experiments can be difficult for many reasons. However, mathematical or programming models can be used instead of conducting experiments in a real environment. This work proposes a composite denial of service attack model that combines bandwidth exhaustion, filtering and memory depletion models for a more real representation of similar cyber-attacks. On the basis of the introduced model, different experiments were done. They showed the main dependencies of the influence of attacker and victim’s properties on the success probability of denial of service attack. In the future, this model can be used for the denial of service attack or countermeasure optimization.
Full Text Available Attack graphs have been used to model the vulnerabilities of the systems and their potential exploits. The successful exploits leading to the partial/total failure of the systems are subject of keen security interest. Considerable effort has been expended in exhaustive modeling, analyses, detection, and mitigation of attacks. One prominent methodology involves constructing attack graphs of the pertinent system for analysis and response strategies. This not only gives the simplified representation of the system, but also allows prioritizing the security properties whose violations are of greater concern, for both detection and repair. We present a survey and critical study of state-of-the-art technologies in attack graph generation and use in security system. Based on our research, we identify the potential, challenges, and direction of the current research in using attack graphs.
Jakobsson, Markus; Menczer, Filippo
We analyze a Web vulnerability that allows an attacker to perform an email-based attack on selected victims, using standard scripts and agents. What differentiates the attack we describe from other, already known forms of distributed denial of service (DDoS) attacks is that an attacker does not need to infiltrate the network in any manner - as is normally required to launch a DDoS attack. Thus, we see this type of attack as a poor man's DDoS. Not only is the attack easy to mount, but it is also almost impossible to trace back to the perpetrator. Along with descriptions of our attack, we demonstrate its destructive potential with (limited and contained) experimental results. We illustrate the potential impact of our attack by describing how an attacker can disable an email account by flooding its inbox; block competition during on-line auctions; harm competitors with an on-line presence; disrupt phone service to a given victim; disconnect mobile corporate leaders from their networks; and disrupt electronic elections. Finally, we propose a set of countermeasures that are light-weight, do not require modifications to the infrastructure, and can be deployed in a gradual manner.
Apostolos P. Fournaris
Full Text Available Cyber-Physical system devices nowadays constitute a mixture of Information Technology (IT and Operational Technology (OT systems that are meant to operate harmonically under a security critical framework. As security IT countermeasures are gradually been installed in many embedded system nodes, thus securing them from many well-know cyber attacks there is a lurking danger that is still overlooked. Apart from the software vulnerabilities that typical malicious programs use, there are some very interesting hardware vulnerabilities that can be exploited in order to mount devastating software or hardware attacks (typically undetected by software countermeasures capable of fully compromising any embedded system device. Real-time microarchitecture attacks such as the cache side-channel attacks are such case but also the newly discovered Rowhammer fault injection attack that can be mounted even remotely to gain full access to a device DRAM (Dynamic Random Access Memory. Under the light of the above dangers that are focused on the device hardware structure, in this paper, an overview of this attack field is provided including attacks, threat directives and countermeasures. The goal of this paper is not to exhaustively overview attacks and countermeasures but rather to survey the various, possible, existing attack directions and highlight the security risks that they can pose to security critical embedded systems as well as indicate their strength on compromising the Quality of Service (QoS such systems are designed to provide.
Happenny, Sean F. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States)
The United States’ power infrastructure is aging, underfunded, and vulnerable to cyber attack. Emerging smart grid technologies may take some of the burden off of existing systems and make the grid as a whole more efficient, reliable, and secure. The Pacific Northwest National Laboratory (PNNL) is funding research into several aspects of smart grid technology and grid security, creating a software simulation tool that will allow researchers to test power distribution networks utilizing different smart grid technologies to determine how the grid and these technologies react under different circumstances. Demonstrating security in embedded systems is another research area PNNL is tackling. Many of the systems controlling the U.S. critical infrastructure, such as the power grid, lack integrated security and the networks protecting them are becoming easier to breach. Providing a virtual power substation network to each student team at the National Collegiate Cyber Defense Competition, thereby supporting the education of future cyber security professionals, is another way PNNL is helping to strengthen the security of the nation’s power infrastructure.
Full Text Available The Domain Name System (DNS is a critical infrastructure of any network, and, not surprisingly a common target of cybercrime. There are numerous works that analyse higher level DNS traffic to detect anomalies in the DNS or any other network service. By contrast, few efforts have been made to study and protect the recursive DNS level. In this paper, we introduce a novel abstraction of the recursive DNS traffic to detect a flooding attack, a kind of Distributed Denial of Service (DDoS. The crux of our abstraction lies on a simple observation: Recursive DNS queries, from IP addresses to domain names, form social groups; hence, a DDoS attack should result in drastic changes on DNS social structure. We have built an anomaly-based detection mechanism, which, given a time window of DNS usage, makes use of features that attempt to capture the DNS social structure, including a heuristic that estimates group composition. Our detection mechanism has been successfully validated (in a simulated and controlled setting and with it the suitability of our abstraction to detect flooding attacks. To the best of our knowledge, this is the first time that work is successful in using this abstraction to detect these kinds of attacks at the recursive level. Before concluding the paper, we motivate further research directions considering this new abstraction, so we have designed and tested two additional experiments which exhibit promising results to detect other types of anomalies in recursive DNS servers.
Alonso, Roberto; Monroy, Raúl; Trejo, Luis A
The Domain Name System (DNS) is a critical infrastructure of any network, and, not surprisingly a common target of cybercrime. There are numerous works that analyse higher level DNS traffic to detect anomalies in the DNS or any other network service. By contrast, few efforts have been made to study and protect the recursive DNS level. In this paper, we introduce a novel abstraction of the recursive DNS traffic to detect a flooding attack, a kind of Distributed Denial of Service (DDoS). The crux of our abstraction lies on a simple observation: Recursive DNS queries, from IP addresses to domain names, form social groups; hence, a DDoS attack should result in drastic changes on DNS social structure. We have built an anomaly-based detection mechanism, which, given a time window of DNS usage, makes use of features that attempt to capture the DNS social structure, including a heuristic that estimates group composition. Our detection mechanism has been successfully validated (in a simulated and controlled setting) and with it the suitability of our abstraction to detect flooding attacks. To the best of our knowledge, this is the first time that work is successful in using this abstraction to detect these kinds of attacks at the recursive level. Before concluding the paper, we motivate further research directions considering this new abstraction, so we have designed and tested two additional experiments which exhibit promising results to detect other types of anomalies in recursive DNS servers.
Alonso, Roberto; Monroy, Raúl; Trejo, Luis A.
The Domain Name System (DNS) is a critical infrastructure of any network, and, not surprisingly a common target of cybercrime. There are numerous works that analyse higher level DNS traffic to detect anomalies in the DNS or any other network service. By contrast, few efforts have been made to study and protect the recursive DNS level. In this paper, we introduce a novel abstraction of the recursive DNS traffic to detect a flooding attack, a kind of Distributed Denial of Service (DDoS). The crux of our abstraction lies on a simple observation: Recursive DNS queries, from IP addresses to domain names, form social groups; hence, a DDoS attack should result in drastic changes on DNS social structure. We have built an anomaly-based detection mechanism, which, given a time window of DNS usage, makes use of features that attempt to capture the DNS social structure, including a heuristic that estimates group composition. Our detection mechanism has been successfully validated (in a simulated and controlled setting) and with it the suitability of our abstraction to detect flooding attacks. To the best of our knowledge, this is the first time that work is successful in using this abstraction to detect these kinds of attacks at the recursive level. Before concluding the paper, we motivate further research directions considering this new abstraction, so we have designed and tested two additional experiments which exhibit promising results to detect other types of anomalies in recursive DNS servers. PMID:27548169
Paladi, Nicolae; Gehrmann, Christian
Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the net- work infrastructure. We describe and implement TruSDN, a framework for bootstrapping trust in SDN infrastructure using Intel Software Guard Extensions (SGX),...
Lopes Fabiana L.; Nardi Antonio E.; Nascimento Isabella; Valença Alexandre M.; Zin Walter A
The panic-respiration connection has been presented with increasing evidences in the literature. We report three panic disorder patients with nocturnal panic attacks with prominent respiratory symptoms, the overlapping of the symptoms with the sleep apnea syndrome and a change of the diurnal panic attacks, from spontaneous to situational pattern. The implication of these findings and awareness to the distinct core of the nocturnal panic attacks symptoms may help to differentiate them from sle...
Kerri Jean Ormerod
Full Text Available Ensuring water availability for multiple needs represents a sustainable development challenge globally. Rigid planning for fixed water supply and reuse targets with estimated demand growth and static assumptions of water availability can prove inflexible in responding to changing conditions. Formal methods to adaptively respond to these challenges are needed, particularly in regions with limited natural resources and/or where multiple uncertain forces can influence water-resource availability and supply reliability. This paper assesses the application of Scenario Planning in one such region—Tucson, Arizona, USA—over the coming 40 years, and highlights broader lessons for addressing complex interrelationships of water management, infrastructure development, and population growth. Planners from multiple jurisdictions and researchers identified ten key forces and prioritized three with the greatest uncertainty and the greatest impact for water and development planning: (1 changing demands based on potential future density, layout, and per capita water use/reuse; (2 adequacy of current water supplies to meet future demands; and (3 evolving public perceptions of water reuse including potential options to supplement potable water supplies. Detailed scenario modeling using GIS and infrastructure cost optimization is under development and is now beginning to produce results, to be discussed in future publications. The process has clearly demonstrated the value of Scenario Planning as a tool for bringing stakeholders into agreement over highly complex and historically divisive problems, and for prioritizing amongst diverse uncertainties. The paper concludes by characterizing possible outcomes for this case and draws lessons for other water scarce regions experiencing rapid development.
Full Text Available ... stroke symptoms. Popular Topics TIA Cardiac Catheter Cholesterol Heart Attack Stent © 2018, American Heart Association, Inc. All rights reserved. Unauthorized use prohibited. ...
Prowell, Stacy; Borkin, Mike
Do you need to keep up with the latest hacks, attacks, and exploits effecting networks? Then you need Seven Deadliest Network Attacks. This book pinpoints the most dangerous hacks and exploits specific to networks, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. Attacks detailed in this book include: Denial of Service War Dialing Penetration "Testing" Protocol Tunneling Spanning Tree At
Do you need to keep up with the latest hacks, attacks, and exploits effecting USB technology? Then you need Seven Deadliest USB Attacks. This book pinpoints the most dangerous hacks and exploits specific to USB, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. Attacks detailed in this book include: USB Hacksaw USB Switchblade USB Based Virus/Malicous Code Launch USB Device Overflow RAMdum
Kraus, Rob; Borkin, Mike; Alpern, Naomi
Do you need to keep up with the latest hacks, attacks, and exploits effecting Microsoft products? Then you need Seven Deadliest Microsoft Attacks. This book pinpoints the most dangerous hacks and exploits specific to Microsoft applications, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. Windows Operating System-Password AttacksActive Directory-Escalat
... attack Heart bypass surgery Heart bypass surgery - minimally invasive Heart pacemaker High blood cholesterol levels High blood pressure Implantable cardioverter-defibrillator Smoking - tips on how to ...
Full Text Available ... stroke symptoms. Popular Topics TIA Cardiac Catheter Cholesterol Heart Attack Stent © 2017, American Heart Association, Inc. All rights reserved. Unauthorized use prohibited. ...
Fischer, Fabian; Mansmann, Florian; Keim, Daniel A.; Pietzko, Stephan; Waldvogel, Marcel
The importance of the Internet and our dependency on computer networks are steadily growing, which results in high costs and substantial consequences in case of successful intrusions, stolen data, and interrupted services. At the same time, a trend towards massive attacks against the network infrastructure is noticeable. Therefore, monitoring large networks has become an importatnt field in practice and research. Through monitoring systems, attacks can be detected and analyzed to gain knowled...
... the overall effort to enhance the protection of the Nation's critical infrastructure and key resources... of the Nation's critical infrastructure and key resources in most sectors are privately owned or... the general public understand the key concepts, are aware of their contribution to achieve a shared...
... critical infrastructure and key resources (CIKR). Specifically, HSPD-7 states DHS ``shall establish... vulnerabilities in national critical infrastructure and key resources with other Federal departments and agencies... the general public understand the key concepts, are aware of their contribution to achieve a shared...
Though immobile, plants are members of complex environments, and are under constant threat from a wide range of attackers, which includes organisms such as insect herbivores or plant pathogens. Plants have developed sophisticated defenses against these attackers, and include chemical responses such
Full Text Available Transient Ischemic Attack TIA , or transient ischemic attack, is a "mini stroke" that occurs when a blood clot blocks an artery for a short time. The only ... TIA is that with TIA the blockage is transient (temporary). TIA symptoms occur rapidly and last a ...
Scozzari, Andrea; Masetti, Giulio; Raco, Brunella; Battaglini, Raffaele
Landfills for Municipal Solid Wastes (MSW) produce about 20% of the total anthropogenic methane released to the atmosphere. As a consequence, these infrastructures require a systematic and efficient monitoring. Various techniques have been proposed until now for the estimation of biogas production and its release, by using more or less direct measurements, mostly characterised by a low or completely absent invasivity. During the last 13 years, observational data about a MSW disposal site located in Tuscany (Italy) have been collected on a regular basis, consisting in direct measurements of gas flux with the accumulation chamber method, combined with infrared radiometry performed in situ with portable radiometers. The availability of free Landsat imagery and the more recent availability of ASTER data (freely available since April 2016) open new monitoring possibilities, in addition to the in situ measurements described above. In particular, we present the preliminary results of a study about the usability of low resolution thermal infrared scenes to build timeseries describing the overall status of a waste disposal site. This work discusses the possibility to complement in situ measurements with satellite observations, taking benefit from the high revisit time with respect to the timings of in situ campaigns.
Van Wyk, Llewellyn V
Full Text Available Green infrastructure can be defined as the design and development of infrastructure that works with natural systems in the performance of its functions. Green infrastructure recognises the importance of the natural environment in land use planning...
Lighari, Sheeraz Niaz; Hussain, Dil Muhammad Akbar; Bak-Jensen, Birgitte
channels. AMI is also featuring to communicate control functions from utility to the smart meters. So, both the consumption data and control data needs to be securely transmitted to their ends. Any leak and tempering may produce the dire effects to both utility and consumers. Hence security of AMI...... is a very important concern to take real advantage of this technology. In this paper, first we analyze the security threats faced by AMI components and then propose the countermeasures to tackle them. The aim is to visualize the possible threats in the context of confidentiality, integrity and availability...
Voeller, John G
Communication and Information Systems Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering strategies for protecting the telecommunications sector, wireless security, advanced web based technology for emergency situations. Science and technology for critical infrastructure consequence mitigation are also discussed.
Imad K. Salah; Abdullah Darwish; Saleh Oqeili
In this paper some of the most common attacks against Rivest, Shamir, and Adleman (RSA) cryptosystem are presented. We describe the integer factoring attacks, attacks on the underlying mathematical function, as well as attacks that exploit details in implementations of the algorithm. Algorithms for each type of attacks are developed and analyzed by their complexity, memory requirements and area of usage.
Minnesota Department of Natural Resources — This Green Infrastructure data is comprised of 3 similar ecological corridor data layers ? Metro Conservation Corridors, green infrastructure analysis in counties...
Millennium Challenge Corporation — This study evaluates irrigation infrastructure rehabilitation in Armenia. The study separately examines the impacts of tertiary canals and other large infrastructure...
Nidd, Michael; Ivanova, Marieta Georgieva; Probst, Christian W.
Assessing risk in cloud infrastructures is difficult. Typical cloud infrastructures contain potentially thousands of nodes that are highly interconnected and dynamic. Another important component is the set of human actors who get access to data and computing infrastructure. The cloud infrastructure...... exercise for cloud infrastructures using the socio-technical model developed in the TRESPASS project; after showing how to model typical components of a cloud infrastructure, we show how attacks are identified on this model and discuss their connection to risk assessment. The technical part of the model...... is extracted automatically from the configuration of the cloud infrastructure, which is especially important for systems so dynamic and complex....
Nozick, Linda Karen (Cornell University, Ithaca, NY); Carlson, Rolf Erik; Turnquist, Mark Alan (Cornell University, Ithaca, NY)
A model of malicious attacks against an infrastructure system is developed that uses a network representation of the system structure together with a Hidden Markov Model of an attack at a node of that system and a Markov Decision Process model of attacker strategy across the system as a whole. We use information systems as an illustration, but the analytic structure developed can also apply to attacks against physical facilities or other systems that provide services to customers. This structure provides an explicit mechanism to evaluate expected losses from malicious attacks, and to evaluate changes in those losses that would result from system hardening. Thus, we provide a basis for evaluating the benefits of system hardening. The model also allows investigation of the potential for the purchase of an insurance contract to cover the potential losses when safeguards are breached and the system fails.
Lopes Fabiana L.
Full Text Available The panic-respiration connection has been presented with increasing evidences in the literature. We report three panic disorder patients with nocturnal panic attacks with prominent respiratory symptoms, the overlapping of the symptoms with the sleep apnea syndrome and a change of the diurnal panic attacks, from spontaneous to situational pattern. The implication of these findings and awareness to the distinct core of the nocturnal panic attacks symptoms may help to differentiate them from sleep disorders and the search for specific treatment.
U.S. Department of Health & Human Services — Payment for heart attack patients measure – state data. This data set includes state-level data for payments associated with a 30-day episode of care for heart...
U.S. Department of Health & Human Services — Payment for heart attack patients measure – provider data. This data set includes provider data for payments associated with a 30-day episode of care for heart...
Full Text Available ... TIA , or transient ischemic attack, is a "mini stroke" that occurs when a blood clot blocks an ... a short time. The only difference between a stroke and TIA is that with TIA the blockage ...
Full Text Available ... immediately for any stroke symptoms. Popular Topics TIA Cardiac Catheter Cholesterol Heart Attack Stent © 2018, American Heart Association, Inc. All rights reserved. Unauthorized use prohibited. ...
U.S. Department of Health & Human Services — Payment for heart attack patients measure – national data. This data set includes national-level data for payments associated with a 30-day episode of care for heart...
Shacham, Lanir N; Klein, Einat; Mislovaty, Rachel; Kanter, Ido; Kinzel, Wolfgang
A successful attack strategy in neural cryptography is presented. The neural cryptosystem, based on synchronization of neural networks by mutual learning, has been recently shown to be secure under different attack strategies. The success of the advanced attacker presented here, called the "majority-flipping attacker," does not decay with the parameters of the model. This attacker's outstanding success is due to its using a group of attackers which cooperate throughout the synchronization process, unlike any other attack strategy known. An analytical description of this attack is also presented, and fits the results of simulations.
Otis, Jeremy R.; Berman, Dustin; Butts, Jonathan; Lopez, Juan
Industrial Control Systems (ICS) monitor and control operations associated with the national critical infrastructure (e.g., electric power grid, oil and gas pipelines and water treatment facilities). These systems rely on technologies and architectures that were designed for system reliability and availability. Security associated with ICS was never an inherent concern, primarily due to the protections afforded by network isolation. However, a trend in ICS operations is to migrate to commercial networks via TCP/IP in order to leverage commodity benefits and cost savings. As a result, system vulnerabilities are now exposed to the online community. Indeed, recent research has demonstrated that many exposed ICS devices are being discovered using readily available applications (e.g., ShodanHQ search engine and Google-esque queries). Due to the lack of security and logging capabilities for ICS, most knowledge about attacks are derived from real world incidents after an attack has already been carried out and the damage has been done. This research provides a method for introducing sensors into the ICS environment that collect information about network-based attacks. The sensors are developed using an inexpensive Gumstix platform that can be deployed and incorporated with production systems. Data obtained from the sensors provide insight into attack tactics (e.g., port scans, Nessus scans, Metasploit modules, and zero-day exploits) and characteristics (e.g., attack origin, frequency, and level of persistence). Findings enable security professionals to draw an accurate, real-time awareness of the threats against ICS devices and help shift the security posture from reactionary to preventative.
Lin, Wei; Patil, Pavan Manohar
The exposed position of the face makes it vulnerable to dog bite injuries. This fact combined with the short stature of children makes them a high-risk group for such attacks. In contrast to wounds inflicted by assaults and accidents, dog bite wounds are deep puncture type wounds compounded by the presence of pathologic bacteria from the saliva of the attacking dog. This, combined with the presence of crushed, devitalized tissue makes these wounds highly susceptible to infection. Key to succe...
The strategy of launch under attack calls for launching nuclear weapons on warning that attacking weapons are on their way. The political pressures for adopting this strategy are symptomatic of an increasing instability in the nuclear balance. The author describes a Brookings Institute model, which indicates that the problems of decentralized control and precise timing could lead to failures in retargeting procedures. The major concern is that the strategy imposes powerful incentives for preemption as the most promising means of conducting nuclear war.
Probst, Christian W.; Willemson, Jan; Pieters, Wolter
The need to assess security and take protection decisions is at least as old as our civilisation. However, the complexity and development speed of our interconnected technical systems have surpassed our capacity to imagine and evaluate risk scenarios. This holds in particular for risks that are c......The need to assess security and take protection decisions is at least as old as our civilisation. However, the complexity and development speed of our interconnected technical systems have surpassed our capacity to imagine and evaluate risk scenarios. This holds in particular for risks...... that are caused by the strategic behaviour of adversaries. Therefore, technology-supported methods are needed to help us identify and manage these risks. In this paper, we describe the attack navigator: a graph-based approach to security risk assessment inspired by navigation systems. Based on maps of a socio......-technical system, the attack navigator identifies routes to an attacker goal. Specific attacker properties such as skill or resources can be included through attacker profiles. This enables defenders to explore attack scenarios and the effectiveness of defense alternatives under different threat conditions....
Full Text Available Cloud computing is expected to continue expanding in the next few years and people will start to see some of the following benefits in their real lives. Security of cloud computing environments is the set of control-based technologies and policies absolute to adhere regulatory compliance rules and protect information data applications and infrastructure related with cloud use. In this paper we suggest a model to estimating the cloud computing security and test the services provided to users. The simulator NG-Cloud Next Generation Secure Cloud Storage is used and modified to administer the proposed model. This implementation achieved security functions potential attacks as defined in the proposed model. Finally we also solve some attacks over cloud computing to provide the security and safety of the cloud.
Full Text Available The aim of this paper is to evaluate and differentiate between the phenomena of cyberwarfare and information warfare, as manifestations of what we perceive as postmodern warfare. We describe and analyse the current examples of the use the postmodern warfare and the reactions of states and international bodies to these phenomena. The subject matter of this paper is the relationship between new types of postmodern conflicts and the law of armed conflicts (law of war. Based on ICJ case law, it is clear that under current legal rules of international law of war, cyber attacks as well as information attacks (often performed in the cyberspace as well can only be perceived as “war” if executed in addition to classical kinetic warfare, which is often not the case. In most cases perceived “only” as a non-linear warfare (postmodern conflict, this practice nevertheless must be condemned as conduct contrary to the principles of international law and (possibly a crime under national laws, unless this type of conduct will be recognized by the international community as a “war” proper, in its new, postmodern sense.
Khakzad Rostami, N.
The terrorist attacks to two French chemical facilities in June and July 2015 raised the flag about the attractiveness of chemical plants to terrorist groups and the imminent risk of similar attacks in western countries. Although the 9/11 terrorist attacks in the US put the security of chemical infrastructures in a spotlight, the majority of previous attempts have since been made toward threat assessment and vulnerability assessment of chemical plants yet overlooking their attractiveness as a...
Shacham, Lanir N.; Klein, Einat; Mislovaty, Rachel; Kanter, Ido; Kinzel, Wolfgang
A successful attack strategy in neural cryptography is presented. The neural cryptosystem, based on synchronization of neural networks by mutual learning, has been recently shown to be secure under different attack strategies. The success of the advanced attacker presented here, called the “majority-flipping attacker,” does not decay with the parameters of the model. This attacker’s outstanding success is due to its using a group of attackers which cooperate throughout the synchronization process, unlike any other attack strategy known. An analytical description of this attack is also presented, and fits the results of simulations.
How can an information security professional keep up with all of the hacks, attacks, and exploits? One way to find out what the worst of the worst are is to read the seven books in our Seven Deadliest Attacks Series. Not only do we let you in on the anatomy of these attacks but we also tell you how to get rid of them and how to defend against them in the future. Countermeasures are detailed so that you can fight against similar attacks as they evolve. Attacks featured in this book include:Bluetooth AttacksCredit Card, Access Card, and Passport AttacksBad Encryption
2016 Major Automated Information System Annual Report Public Key Infrastructure Increment 2 (PKI Inc 2) Defense Acquisition Management...6615 DSN Phone: 244-4900 DSN Fax: Date Assigned: July 1, 2015 Program Information Program Name Public Key Infrastructure Increment 2 (PKI Inc 2... Public Key Infrastructure (PKI) is a critical enabling technology for Information Assurance (IA) services to support seamless secure information flows
Huibregtse, J.N.; Maas, N.; Snelder, M.; Tavasszy, L.A.; Wit, M.S. de; Bollinger, L.A.; Bogmans, C.W.J.; Chappin, E.J.L.; Dijkema, G.P.J.; Schenk, T.; Thienen. P. van; Wols, B.
Abstract Infrastructures are critical for human society, but vulnerable to climate change. The current body of research on infrastructure adaptation does not adequately account for the interconnectedness of infrastructures, both internally and with one another. We take a step toward addressing this
Van der Velde, J.R.T.; De Wit, S.I.
The appreciation of green infrastructures as ‘nature’ by urban communities presents a critical challenge for the green infrastructure concept. While many green infrastructures focus on functional considerations, their refinement as places where concepts of nature are represented and where nature can
Modeling tools support planning and design decisions on a range of scales from setting a green infrastructure target for an entire watershed to designing a green infrastructure practice for a particular site.
In this thesis, transport infrastructure slot allocation has been studied, focusing on selection slot allocation, i.e. on longer-term slot allocation decisions determining the traffic patterns served by infrastructure bottlenecks, rather than timetable-related slot allocation problems. The allocation of infrastructure capacity among carriers is a major issue in various transport infrastructure sectors, and therefore a theoretical framework on slot allocation would be desirable to support rati...
... smolder — that can be destructive. If you think counseling would help your family deal with your heart attack more ... your lifestyle habits through exercise training, education and counseling to ... or with the help of your doctor, nurse, dietitian or other healthcare ...
Chattopadhyay, Saurabh; Shee, Biplab; Sukul, Biswajit
Attacks on human beings by various animals leading to varied types of injuries and even death in some cases are not uncommon. Crocodile attacks on humans have been reported from a number of countries across the globe. Deaths in such attacks are mostly due to mechanical injuries or drowning. Bites by the crocodiles often cause the limbs to be separated from the body. The present case refers to an incident of a fatal attack by a crocodile on a 35 years old female where only the mutilated head of the female was recovered. Multiple lacerated wounds over the face and scalp along with fracture of the cranial bones was detected on autopsy. Two distinct bite marks in the form of punched in holes were noted over the parietal and frontal bones. Injuries on the head with its traumatic amputation from the body were sufficient to cause death. However, the presence of other fatal injuries on the unrecovered body parts could not be ruled out. Copyright © 2013 Elsevier Ltd and Faculty of Forensic and Legal Medicine. All rights reserved.
Ingram, Joey Burton [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Draelos, Timothy J. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Galiardi, Meghan [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Doak, Justin E. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)
Rigorous characterization of the performance and generalization ability of cyber defense systems is extremely difficult, making it hard to gauge uncertainty, and thus, confidence. This difficulty largely stems from a lack of labeled attack data that fully explores the potential adversarial space. Currently, performance of cyber defense systems is typically evaluated in a qualitative manner by manually inspecting the results of the system on live data and adjusting as needed. Additionally, machine learning has shown promise in deriving models that automatically learn indicators of compromise that are more robust than analyst-derived detectors. However, to generate these models, most algorithms require large amounts of labeled data (i.e., examples of attacks). Algorithms that do not require annotated data to derive models are similarly at a disadvantage, because labeled data is still necessary when evaluating performance. In this work, we explore the use of temporal generative models to learn cyber attack graph representations and automatically generate data for experimentation and evaluation. Training and evaluating cyber systems and machine learning models requires significant, annotated data, which is typically collected and labeled by hand for one-off experiments. Automatically generating such data helps derive/evaluate detection models and ensures reproducibility of results. Experimentally, we demonstrate the efficacy of generative sequence analysis techniques on learning the structure of attack graphs, based on a realistic example. These derived models can then be used to generate more data. Additionally, we provide a roadmap for future research efforts in this area.
Full Text Available Multistep attack prediction and security situation awareness are two big challenges for network administrators because future is generally unknown. In recent years, many investigations have been made. However, they are not sufficient. To improve the comprehensiveness of prediction, in this paper, we quantitatively convert attack threat into security situation. Actually, two algorithms are proposed, namely, attack prediction algorithm using dynamic Bayesian attack graph and security situation quantification algorithm based on attack prediction. The first algorithm aims to provide more abundant information of future attack behaviors by simulating incremental network penetration. Through timely evaluating the attack capacity of intruder and defense strategies of defender, the likely attack goal, path, and probability and time-cost are predicted dynamically along with the ongoing security events. Furthermore, in combination with the common vulnerability scoring system (CVSS metric and network assets information, the second algorithm quantifies the concealed attack threat into the surfaced security risk from two levels: host and network. Examples show that our method is feasible and flexible for the attack-defense adversarial network environment, which benefits the administrator to infer the security situation in advance and prerepair the critical compromised hosts to maintain normal network communication.
Taking Technological Infrastructure Seriously attempts to take stock of a sea-change in the way modern infrastructural resources are provided. Unlike traditional infrastructure, such as roads and electricity cables, where the State has largely been responsible for its provision, much of the key
Tabatabaei, Seyed Ali; Soleimani, Mohammad; Behrouz, Mahmoud Jabbarvand
To report 30 patients with bird attack-related eye injuries. This study was performed among patients coming to Farabi Eye Hospital, Tehran, Iran, from 2010 to 2015 with a history of bird attack causing eye injury. The inclusion criteria were a history of bird attack by pecking causing eye injury and having treatment and follow-up record for at least 6 months after treatment. The primary eye examinations included a full ophthalmic examination including evaluation of uncorrected visual acuity and best-corrected visual acuity (BCVA), anterior segment slit lamp biomicroscopy, and photography. For all patients with penetrating injury, primary repair was undertaken. Thirty patients (10 females and 20 males) with a mean age of 23.3 ± 18.5 years entered the study. The most common zone of injury was zone 1 (P < 0.001), and lensectomy was not needed in majority of patients (P < 0.001). The most common bird causing the injury was mynah (P < 0.001). Those patients with baseline BCVA of less than 20/200 or those with endophthalmitis had statistically worse final BCVA after treatment. Patients attacked by mynah bird had significantly better pretreatment uncorrected visual acuity and BCVA. The most common bird causing the eye injury among the sample of patients from Iran was mynah, which differs with previous studies indicating the rooster attack as the most common cause of eye injury. The authors also found that the most common zone of injury was zone 1, and the presence of endophthalmitis and lower baseline BCVA were significant risk factors for worse visual outcomes.
Full Text Available This paper aims to show the major role means of protection play for strengthening the cybersecurity of critical transport infrastructure by using the advanced method of simulation modelling. The simulation model of a Traffic Control Centre (TTC of an urban Automobile Transport System (ATS is created by the author in the Riverbed Modeler Academic Edition 17.5 computer networks simulation system and is exposed to the impact of a Denial-of-Service attack. In addition, logical conclusions have been made on the basis of the experimental results obtained and evaluated by comparative analysis with results from analogous previous studies.
McGill, William L; Ayyub, Bilal M; Kaminskiy, Mark
This article proposes a quantitative risk assessment and management framework that supports strategic asset-level resource allocation decision making for critical infrastructure and key resource protection. The proposed framework consists of five phases: scenario identification, consequence and criticality assessment, security vulnerability assessment, threat likelihood assessment, and benefit-cost analysis. Key innovations in this methodology include its initial focus on fundamental asset characteristics to generate an exhaustive set of plausible threat scenarios based on a target susceptibility matrix (which we refer to as asset-driven analysis) and an approach to threat likelihood assessment that captures adversary tendencies to shift their preferences in response to security investments based on the expected utilities of alternative attack profiles assessed from the adversary perspective. A notional example is provided to demonstrate an application of the proposed framework. Extensions of this model to support strategic portfolio-level analysis and tactical risk analysis are suggested.
Haataja, Keijo; Pasanen, Sanna; Toivanen, Pekka
This overview of Bluetooth security examines network vulnerabilities and offers a comparative analysis of recent security attacks. It also examines related countermeasures and proposes a novel attack that works against all existing Bluetooth versions.
passport under an alias and traveled to Afghanistan to receive terrorist training. Upon returning to Canada in 1999, Ressam devised plans to detonate a...referred to as generators, transmitters/ distributors , and end users.138 Persons responsible for stealing information or blank valid documents are...or documents are acquired, generators pass it to transmitters or distributors . Transmitters are associated with larger networks and move large
The recent damage caused by hurricanes, Katrina, Rita, and Wilma have demonstrated the potential for enormous property damage and loss of life as well as disruption of government and other institutions in Alabama. Similar damage could be the result o...
malware. Malware can take many forms to include rootkit, Trojan Horse , spyware, adware, virus , and worm. 72 Denial of Service (DoS) and Distributed...engineer malicious software, identify the virus ’ signature, and create an algorithmic hash for identified software vulnerabilities...anti- virus software is only effective against known malicious software code. Therefore, signature-based anti- virus software is only effective after
outline) followed by later reflection arrival interference from the delrin block side and bottom boundaries. The first break of the direct arrivals...show a wave speed of 1693m/s. Spherical spreading and delrin attenuation losses are not compensated in the measurement plots. At the observed
The development of renewable energy infrastructures in response to climatic change, calls of ‘peak oil’, environmental degradation, and geopolitical instabilities is a global challenge, and innumerable organisations and disciplines are working towards a transition to zero-carbon energy systems...... and relationships, proposing that landscape itself is infrastructural with the capacity to simultaneously host and connect ecological, economical, and environmental processes. Concurrently, cultural anthropology has critically revised understandings of infrastructure to encompass semantic and sociocultural...... dimensions, pointing towards not only the cultural impact of infrastructure, but also the influence of culture on infrastructure. With some notable exceptions these two bodies of research have, however, remained largely disconnected: architecture pushing towards the ‘systemic’, and anthropology pulling...
Lindstrøm, Maria Duclos; Kropp, Kristoffer
European Research Infrastructure Consortia (ERIC) are a new form of legal and financial framework for the establishment and operation of research infrastructures in Europe. Despite their scope, ambition, and novelty, the topic has received limited scholarly attention. This article analyses one ERIC...... within the social sciences—the European Social Survey (ESS). We observe that the ESS experienced a decline in the number of participating countries upon its acquisition of ERIC status. We explore the links between methodological, organizational, and financial elements in the process through which the ESS...... became an ERIC using the Bowker and Star’s sociology of infrastructures. We conclude that focusing on ERICs as a European standard for organising and funding research collaboration gives new insights into the problems of membership, durability, and standardisation faced by research infrastructures...
Lindstrøm, Maria Duclos; Kropp, Kristoffer
European Research Infrastructure Consortia (ERICs) are a new form of legal and financial framework for the establishment and operation of research infrastructures in Europe. Despite their scope, ambition and novelty, the topic has received limited scholarly attention. This paper analyses one ERIC...... within the social sciences – the European Social Survey (ESS). We observe that the ESS experienced a decline in the number of participating countries upon its acquisition of ERIC status. We explore the links between methodological, organisational and financial elements in the process through which...... the ESS became an ERIC using the Bowker and Star’s sociology of infrastructures. We conclude that focusing on ERICs as a European standard for organising and funding research collaboration gives new insights into the problems of membership, durability and standardisation faced by research infrastructures...
Liebrock, Lorie M. (New Mexico Tech, Socorro, NM); Duggan, David Patrick
This report documents the architecture and implementation of a Parallel Digital Forensics infrastructure. This infrastructure is necessary for supporting the design, implementation, and testing of new classes of parallel digital forensics tools. Digital Forensics has become extremely difficult with data sets of one terabyte and larger. The only way to overcome the processing time of these large sets is to identify and develop new parallel algorithms for performing the analysis. To support algorithm research, a flexible base infrastructure is required. A candidate architecture for this base infrastructure was designed, instantiated, and tested by this project, in collaboration with New Mexico Tech. Previous infrastructures were not designed and built specifically for the development and testing of parallel algorithms. With the size of forensics data sets only expected to increase significantly, this type of infrastructure support is necessary for continued research in parallel digital forensics. This report documents the implementation of the parallel digital forensics (PDF) infrastructure architecture and implementation.
Fisher, Ronald; Norman, Michael; Klett, Mary
Critical infrastructure is crucial to the functionality and wellbeing of the world around us. It is a complex network that works together to create an efficient society. The core components of critical infrastructure are dependent on one another to function at their full potential. Organisations face unprecedented environmental risks such as increased reliance on information technology and telecommunications, increased infrastructure interdependencies and globalisation. Successful organisations should integrate the components of cyber-physical and infrastructure interdependencies into a holistic risk framework. Physical security plans, cyber security plans and business continuity plans can help mitigate environmental risks. Cyber security plans are becoming the most crucial to have, yet are the least commonly found in organisations. As the reliance on cyber continues to grow, it is imperative that organisations update their business continuity and emergency preparedness activities to include this.
Improving the Resilience of Major Ports and Critical Supply Chains to Extreme Coastal Flooding: a Combined Artificial Neural Network and Hydrodynamic Simulation Approach to Predicting Tidal Surge Inundation of Port Infrastructure and Impact on Operations.
Ports are vital to the global economy, but assessments of global exposure to flood risk have generally focused on major concentrations of population or asset values. Few studies have examined the impact of extreme inundation events on port operation and critical supply chains. Extreme water levels and recurrence intervals have conventionally been estimated via analysis of historic water level maxima, and these vary widely depending on the statistical assumptions made. This information is supplemented by near-term forecasts from operational surge-tide models, which give continuous water levels but at considerable computational cost. As part of a NERC Infrastructure and Risk project, we have investigated the impact of North Sea tidal surges on the Port of Immingham, eastern, UK. This handles the largest volume of bulk cargo in the UK and flows of coal and biomass that are critically important for national energy security. The port was partly flooded during a major tidal surge in 2013. This event highlighted the need for improved local forecasts of surge timing in relation to high water, with a better indication of flood depth and duration. We address this problem using a combination of data-driven and numerical hydrodynamic models. An Artificial Neural Network (ANN) is first used to predict the surge component of water level from meteorological data. The input vector comprises time-series of local wind (easterly and northerly wind stress) and pressure, as well as regional pressure and pressure gradients from stations between the Shetland Islands and the Humber estuary. The ANN achieves rms errors of around 0.1 m and can generate short-range (~ 3 to 12 hour) forecasts given real-time input data feeds. It can also synthesize water level events for a wider range of tidal and meteorological forcing combinations than contained in the observational records. These are used to force Telemac2D numerical floodplain simulations using a LiDAR digital elevation model of the port
A major part of technological advancement has involved the development of complex infrastructure systems, including electric power generation, transmission, and distribution networks; oil and gas pipeline systems; highway and rail networks; and telecommunication networks. Dependence on these infrastructure systems renders them attractive targets for conflict in the twenty-first century. Hostile governments, domestic and international terrorists, criminals, and mentally distressed individuals will inevitably find some part of the infrastructure an easy target for theft, for making political statements, for disruption of strategic activities, or for making a nuisance. The current situation regarding the vulnerability of the infrastructure can be summarized in three major points: (1) our dependence on technology has made our infrastructure more important and vital to our everyday lives, this in turn, makes us much more vulnerable to disruption in any infrastructure system; (2) technologies available for attacking infrastructure systems have changed substantially and have become much easier to obtain and use, easy accessibility to information on how to disrupt or destroy various infrastructure components means that almost anyone can be involved in this destructive process; (3) technologies for defending infrastructure systems and preventing damage have not kept pace with the capability for destroying such systems. A brief review of these points will illustrate the significance of infrastructure and the growing dangers to its various elements.
... been stable for a few weeks. Anxiety and Depression After a Heart Attack After a heart attack, ... 2009, this project provided six awards at five academic institutions to identify genetic connections to heart, lung, ...
David Fernandes Cruz Moura
Full Text Available This paper presents case studies of attacks aimed at tactical software defined radios based on a classification with the most common sources of vulnerabilities, classes of attacks, and types of intrusions that military radio sets may suffer. Besides that, we also describe how attack mitigation strategies can impact the development of SDR infrastructures. By using such approach, we identify several possible sources of vulnerabilities, attacks, intrusions, and mitigation strategies, illustrating them onto typical tactical radio network deployment scenarios, as an initial and necessary step for the definition of realistic and relevant security requirements for military software defined radio applications.
McLaughlin, Bryan; Davis, Catasha; Coppini, David; Kim, Young Mie; Knisely, Sandra; McLeod, Douglas
The common assumption that female candidates on the campaign trail should not go on the attack, because such tactics contradict gender stereotypes, has not received consistent support. We argue that in some circumstances gender stereotypes will favor female politicians going negative. To test this proposition, this study examines how gender cues affect voter reactions to negative ads in the context of a political sex scandal, a context that should prime gender stereotypes that favor females. Using an online experiment involving a national sample of U.S. adults (N = 599), we manipulate the gender and partisan affiliation of a politician who attacks a male opponent caught in a sex scandal involving sexually suggestive texting to a female intern. Results show that in the context of a sex scandal, a female candidate going on the attack is evaluated more positively than a male. Moreover, while female participants viewed the female sponsor more favorably, sponsor gender had no effect on male participants. Partisanship also influenced candidate evaluations: the Democratic female candidate was evaluated more favorably than her Republican female counterpart.
Jhawar, Ravi; Kordy, Barbara; Mauw, Sjouke; Radomirović, Sasa; Trujillo-Rasua, Rolando
We provide the first formal foundation of SAND attack trees which are a popular extension of the well-known attack trees. The SAND at- tack tree formalism increases the expressivity of attack trees by intro- ducing the sequential conjunctive operator SAND. This operator enables the modeling of
Full Text Available Journalists and human rights defenders in Mexico are being attacked in an attempt to silence their criticism. Many are forced to flee or risk being assassinated. The consequences are both personal and of wider social significance.
Bashardoost, Morteza; Mohd Rahim, Mohd Shafry; Saba, Tanzila; Rehman, Amjad
The main objective of zero watermarking methods that are suggested for the authentication of textual properties is to increase the fragility of produced watermarks against tampering attacks. On the other hand, zero watermarking attacks intend to alter the contents of document without changing the watermark. In this paper, the Replacement attack is proposed, which focuses on maintaining the location of the words in the document. The proposed text watermarking attack is specifically effective on watermarking approaches that exploit words' transition in the document. The evaluation outcomes prove that tested word-based method are unable to detect the existence of replacement attack in the document. Moreover, the comparison results show that the size of Replacement attack is estimated less accurate than other common types of zero text watermarking attacks.
Full Text Available Vulnerabilities in Android kernel give opportunity for attacker to damage the system. Privilege escalation is one of the most dangerous attacks, as it helps attacker to gain root privilege by exploiting kernel vulnerabilities. Mitigation technologies, static detection methods and dynamic defense methods have been suggested to prevent privilege escalation attack, but they still have some disadvantages. In this paper, we propose an improved method named PtmxGuard to enhance Android kernel and defeat privilege escalation attack. We focus on a typical attack pattern that attacker hijacks the control flow of Android kernel to modify process credentials by corrupting critical global function pointers. PtmxGuard enforces Code Pointer Integrity to Android kernel, checks the accuracy and reliability of those pointers when they’re triggered by related system calls, and intercepts the system calls when attack activities are detected. Experiment result demonstrates that PtmxGuard can defense privilege escalation attack effectively.
Full Text Available Web applications suffer from cross-site scripting (XSS attacks that resulting from incomplete or incorrect input sanitization. Learning the structure of attack vectors could enrich the variety of manifestations in generated XSS attacks. In this study, we focus on generating more threatening XSS attacks for the state-of-the-art detection approaches that can find potential XSS vulnerabilities in Web applications, and propose a mechanism for structural learning of attack vectors with the aim of generating mutated XSS attacks in a fully automatic way. Mutated XSS attack generation depends on the analysis of attack vectors and the structural learning mechanism. For the kernel of the learning mechanism, we use a Hidden Markov model (HMM as the structure of the attack vector model to capture the implicit manner of the attack vector, and this manner is benefited from the syntax meanings that are labeled by the proposed tokenizing mechanism. Bayes theorem is used to determine the number of hidden states in the model for generalizing the structure model. The paper has the contributions as following: (1 automatically learn the structure of attack vectors from practical data analysis to modeling a structure model of attack vectors, (2 mimic the manners and the elements of attack vectors to extend the ability of testing tool for identifying XSS vulnerabilities, (3 be helpful to verify the flaws of blacklist sanitization procedures of Web applications. We evaluated the proposed mechanism by Burp Intruder with a dataset collected from public XSS archives. The results show that mutated XSS attack generation can identify potential vulnerabilities.
Dorai, Ramakanth; Kannan, Vinod
SQL injection came with a bang and caused revolution in database attacking. In recent years, with the explosion in web-based commerce and information systems, databases have been drawing ever closer to the network and it is critical part of network security. This paper is incorporated with our research and firsthand experience in hacking the database by SQL injection. Database is the Storage Brain of a website. A hacked database is the source for Passwords and juicy information like credit ca...
Do you need to keep up with the latest hacks, attacks, and exploits effecting Unified Communications technology? Then you need Seven Deadliest Unified Communication Attacks. This book pinpoints the most dangerous hacks and exploits specific to Unified Communications, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. Attacks featured in this book include: UC Ecosystem Attacks Insecure Endpo
... Peripheral Artery Disease Venous Thromboembolism Aortic Aneurysm More Can You Recognize a Heart Attack? Updated:Sep 16, ... a Heart Attack Heart Attack Symptoms in Women “Can you recognize a heart attack?” Quiz • Understand Your ...
Full Text Available . The chapter further investigates the state-of-the-art in data mining techniques for Distributed Denial of Service (DDoS) attacks targeting the various infrastructures. The chapter explores the characteristics and pervasiveness of DDoS attacks. It also explores...
Over the last few weeks there has been a marked increase in the number of attacks on CERN made by cybercriminals. Typical attacks arrive in the form of e-mail messages purporting to come from the CERN Help Desk, Mail Service, or some similarly official-sounding entity and suggest that there is a problem with your account, such as it being over-quota. They then ask you to click on a link or to reply and give your password. Please don’t! Be cautious of any unexpected messages containing web links even if they appear to come from known contacts. If you happen to click on such a link and if your permission is requested to run or install software, always decline it. NEVER provide your password or other details if these are requested. These messages try to trick you into clicking on Web links which will help them to install malicious software on your computer, and anti-virus software cannot be relied on to detect all cases. In case of questions on this topic, you may contact mailto:email@example.com. CERN Comput...
Foeken, D.W.J.; Hoorweg, J.; Foeken, D.W.J.; Obudho, R.A.
This chapter describes the main physical characteristics as well as the main physical and social infrastructure features of Kenya's coastal region. Physical resources include relief, soils, rainfall, agro-ecological zones and natural resources. Aspects of the physical infrastructure discussed are
In this thesis, transport infrastructure slot allocation has been studied, focusing on selection slot allocation, i.e. on longer-term slot allocation decisions determining the traffic patterns served by infrastructure bottlenecks, rather than timetable-related slot allocation problems. The
Simonsen, Jesper; Hertzum, Morten; Karasti, Helena
the notion of infrastructuring, we carry out an infrastructural analysis of eWBs and approach our joint efforts as unfolding and continuing the con-figuration of participatory design activities. We identify a need for local support and novel competences among the clinicians in order for them to engage...
Cox, Louis Anthony Tony
Several important risk analysis methods now used in setting priorities for protecting U.S. infrastructures against terrorist attacks are based on the formula: Risk = Threat x Vulnerability x Consequence. This article identifies potential limitations in such methods that can undermine their ability to guide resource allocations to effectively optimize risk reductions. After considering specific examples for the Risk Analysis and Management for Critical Asset Protection (RAMCAP) framework used by the Department of Homeland Security, we address more fundamental limitations of the product formula. These include its failure to adjust for correlations among its components, nonadditivity of risks estimated using the formula, inability to use risk-scoring results to optimally allocate defensive resources, and intrinsic subjectivity and ambiguity of Threat, Vulnerability, and Consequence numbers. Trying to directly assess probabilities for the actions of intelligent antagonists instead of modeling how they adaptively pursue their goals in light of available information and experience can produce ambiguous or mistaken risk estimates. Recent work demonstrates that two-level (or few-level) hierarchical optimization models can provide a useful alternative to Risk = Threat x Vulnerability x Consequence scoring rules, and also to probabilistic risk assessment (PRA) techniques that ignore rational planning and adaptation. In such two-level optimization models, defender predicts attacker's best response to defender's own actions, and then chooses his or her own actions taking into account these best responses. Such models appear valuable as practical approaches to antiterrorism risk analysis.
ANGHEL, ANDREI; CACOVEANU, REMUS
This book presents a novel non-intrusive infrastructure monitoring technique based on the detection and tracking of scattering centers in spaceborne SAR images. The methodology essentially consists of refocusing each available SAR image on an imposed 3D point cloud associated to the envisaged infrastructure element and identifying the reliable scatterers to be monitored by means of four dimensional (4D) tomography. The methodology described in this book provides a new perspective on infrastructure monitoring with spaceborne SAR images, is based on a standalone processing chain, and brings innovative technical aspects relative to conventional approaches. The book is intended primarily for professionals and researchers working in the area of critical infrastructure monitoring by radar remote sensing.
McLaughlin, Stephen; Podkuiko, Dmitry; McDaniel, Patrick
Global energy generation and delivery systems are transitioning to a new computerized "smart grid". One of the principle components of the smart grid is an advanced metering infrastructure (AMI). AMI replaces the analog meters with computerized systems that report usage over digital communication interfaces, e.g., phone lines. However, with this infrastructure comes new risk. In this paper, we consider adversary means of defrauding the electrical grid by manipulating AMI systems. We document the methods adversaries will use to attempt to manipulate energy usage data, and validate the viability of these attacks by performing penetration testing on commodity devices. Through these activities, we demonstrate that not only is theft still possible in AMI systems, but that current AMI devices introduce a myriad of new vectors for achieving it.
Marco Carvalho; Richard Ford
Supervisory Control and Data Acquisition (SCADA) Systems are a type of Industrial Control System characterized by the centralized (or hierarchical) monitoring and control of geographically dispersed assets. SCADA systems combine acquisition and network components to provide data gathering, transmission, and visualization for centralized monitoring and control. However these integrated capabilities, especially when built over legacy systems and protocols, generally result in vulnerabilities that can be exploited by attackers, with potentially disastrous consequences. Our research project proposal was to investigate new approaches for secure and survivable SCADA systems. In particular, we were interested in the resilience and adaptability of large-scale mission-critical monitoring and control infrastructures. Our research proposal was divided in two main tasks. The first task was centered on the design and investigation of algorithms for survivable SCADA systems and a prototype framework demonstration. The second task was centered on the characterization and demonstration of the proposed approach in illustrative scenarios (simulated or emulated).
Champigny, Sebastien; Gupta, Deeksha; Watson, Venesa; Waedt, Karl [AREVA GmbH, Erlangen (Germany)
Power generation increasingly relies on decentralised and interconnected computerised systems. Concepts like ''Industrial Internet of Things'' of the Industrial Internet Consortium (IIC), and ''Industry 4.0'' find their way in this strategic industry. Risk of targeted exploits of errors and vulnerabilities increases with complexity, interconnectivity and decentralization. Inherently stringent security requirements and features make nuclear computerised applications and systems a benchmark for industrial counterparts seeking to hedge against those risks. Consequently, this contribution presents usual cyber security regulations and practices for nuclear power plants. It shows how nuclear cyber security can be ported and used in an industrial context to protect critical infrastructures against cyber-attacks and industrial espionage.
Safarik, Jakub; Slachta, Jiri
The security is crucial for any system nowadays, especially communications. One of the most successful protocols in the field of communication over IP networks is Session Initiation Protocol. It is an open-source project used by different kinds of applications, both open-source and proprietary. High penetration and text-based principle made SIP number one target in IP telephony infrastructure, so security of SIP server is essential. To keep up with hackers and to detect potential malicious attacks, security administrator needs to monitor and evaluate SIP traffic in the network. But monitoring and following evaluation could easily overwhelm the security administrator in networks, typically in networks with a number of SIP servers, users and logically or geographically separated networks. The proposed solution lies in automatic attack detection systems. The article covers detection of VoIP attacks through a distributed network of nodes. Then the gathered data analyze aggregation server with artificial neural network. Artificial neural network means multilayer perceptron network trained with a set of collected attacks. Attack data could also be preprocessed and verified with a self-organizing map. The source data is detected by distributed network of detection nodes. Each node contains a honeypot application and traffic monitoring mechanism. Aggregation of data from each node creates an input for neural networks. The automatic classification on a centralized server with low false positive detection reduce the cost of attack detection resources. The detection system uses modular design for easy deployment in final infrastructure. The centralized server collects and process detected traffic. It also maintains all detection nodes.
During April, a collaboration of Asian and European laboratories analysed 300,000 possible drug components against the avian flu virus H5N1 using the EGEE Grid infrastructure. Schematic presentation of the avian flu virus.The distribution of the EGEE sites in the world on which the avian flu scan was performed. The goal was to find potential compounds that can inhibit the activities of an enzyme on the surface of the influenza virus, the so-called neuraminidase, subtype N1. Using the Grid to identify the most promising leads for biological tests could speed up the development process for drugs against the influenza virus. Co-ordinated by CERN and funded by the European Commission, the EGEE project (Enabling Grids for E-sciencE) aims to set up a worldwide grid infrastructure for science. The challenge of the in silico drug discovery application is to identify those molecules which can dock on the active sites of the virus in order to inhibit its action. To study the impact of small scale mutations on drug r...
Robbins, J.; Starman, R. [EWA Canada Ltd., Edmonton, AB (Canada)
This presentation addressed some of the requirements for effectively protecting cyber infrastructure and assessing security needs. The paper discussed the hype regarding cyber attacks, and presented the Canadian reality (as viewed by CanCERT). An assessment of security concerns was also presented. Recent cyber attacks on computer networks have raised fears of unsafe energy networks. Some experts claim the attacks are linked to terrorism, others blame industrial spying and mischief. Others dismiss the notion that somebody could bring down a power grid with a laptop as being far-fetched. It was noted that the cyber security threat is real, and that attacks are becoming more sophisticated as we live in a target rich environment. The issue of assessing vulnerabilities was discussed along with the selection of safeguards such as improving SCADA systems and the latest encryption methods to prevent hackers from bringing down computer networks. 3 tabs., 23 figs.
Demchenko, Y.; Ngo, C.; de Laat, C.; Lopez, D.R.; Morales, A.; García-Espín, J.A.; Pearson, S.; Yee, G.
This chapter discusses conceptual issues, basic requirements and practical suggestions for designing dynamically configured security infrastructure provisioned on demand as part of the cloud-based infrastructure. This chapter describes general use cases for provisioning cloud infrastructure services
Carataș Maria Alina
Full Text Available Cyber terrorism is an intangible danger, a real over the corner threat in the life of individuals,organizations, and governments and is getting harder to deal with its damages. The motivations forthe cyber-attacks are different, depending on the terrorist group, from cybercrime to hacktivism,attacks over the authorities’ servers. Organizations constantly need to find new ways ofstrengthening protection against cyber-attacks, assess their cyber readiness, expand the resiliencecapacity and adopts international security regulations.
S., Siti Rahayu; Y., Robiah; S., Shahrin; A., Faizal M.; M, Mohd Zaki; R, Irda
Blaster worm of 2003 is still persistent, the infection appears to have successfully transitioned to new hosts as the original systems are cleaned or shut off, suggesting that the Blaster worm, and other similar worms, will remain significant Internet threats for many years after their initial release. This paper is to propose technique on tracing the Blaster attack from various logs in different OSI layers based on fingerprint of Blaster attack on victim logs, attacker logs and IDS alert log...
D. M. Mikhaylov
Full Text Available This article is about attacks on RFID systems. Currently antivirus developers are not developing systems that protect from viruses that could exist on RFID tags. Such viruses are considered as not existing because the RFID tag memory is very small. Unfortunately such viruses exist. This article is concerned to such viruses and attacks that hackers could do using such viruses. Based on this article methods to prevent RFID-viruses attacks could be developed.
Chadwick, Frances [Los Alamos National Lab. (LANL), Los Alamos, NM (United States)
Presentation slides address: The Laboratory infrastructure supports hundreds of high hazard, complex operations daily; LANL’s unique science and engineering infrastructure is critical to delivering on our mission; LANL FY17 Budget & Workforce; Direct-Funded Infrastructure Accounts; LANL Org Chart; Weapons Infrastructure Program Office; The Laboratory’s infrastructure relies on both Direct and Indirect funding; NA-50’s Operating, Maintenance & Recapitalization funding is critical to the execution of the mission; Los Alamos is currently executing several concurrent Line Item projects; Maintenance @ LANL; NA-50 is helping us to address D&D needs; We are executing a CHAMP Pilot Project at LANL; G2 = Main Tool for Program Management; MDI: Future Investments are centered on facilities with a high Mission Dependency Index; Los Alamos hosted first “Deep Dive” in November 2016; Safety, Infrastructure & Operations is one of the most important programs at LANL, and is foundational for our mission success.
Do you need to keep up with the latest hacks, attacks, and exploits effecting social networks? Then you need Seven Deadliest Social Network Attacks. This book pinpoints the most dangerous hacks and exploits specific to social networks like Facebook, Twitter, and MySpace, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. Attacks detailed in this book include: Social Networking Infrastruct
Do you need to keep up with the latest hacks, attacks, and exploits effecting web applications? Then you need Seven Deadliest Web Application Attacks. This book pinpoints the most dangerous hacks and exploits specific to web applications, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. .. .. Attacks detailed in this book include: ..: ..; Cross-Site Scripting (XSS) ..; Cross-Site Request Fo
Glascoe, L; Noble, C; Reynolds, J; Kuhl, A; Morris, J
Lawrence Livermore National Laboratory (LLNL) is working with the Department of Homeland Security's Science and Technology Directorate, the Transportation Security Administration, and several infrastructure partners to characterize and help mitigate principal structural vulnerabilities to explosive threats. Given the importance of infrastructure to the nation's security and economy, there is a clear need for applied research and analyses (1) to improve understanding of the vulnerabilities of these systems to explosive threats and (2) to provide decision makers with time-critical technical assistance concerning countermeasure and mitigation options. Fully-coupled high performance calculations of structural response to ideal and non-ideal explosives help bound and quantify specific critical vulnerabilities, and help identify possible corrective schemes. Experimental validation of modeling approaches and methodologies builds confidence in the prediction, while advanced stochastic techniques allow for optimal use of scarce computational resources to efficiently provide infrastructure owners and decision makers with timely analyses.
Lenin, Aleksandr; Willemson, Jan; Sari, Dyan Permata
We present the results of research of limiting adversarial budget in attack games, and, in particular, in the failure-free attack tree models presented by Buldas-Stepanenko in 2012 and improved in 2013 by Buldas and Lenin. In the previously presented models attacker’s budget was assumed to be
This book marks an important contribution to the fascinating debate on the role that information infrastructures and boundary objects play in contemporary life, bringing to the fore the concern of how cooperation across different groups is enabled, but also constrained, by the material and immaterial objects connecting them. As such, the book itself is situated at the crossroads of various paths and genealogies, all focusing on the problem of the intersection between different levels of scale...
Chef Infrastructure Automation Cookbook contains practical recipes on everything you will need to automate your infrastructure using Chef. The book is packed with illustrated code examples to automate your server and cloud infrastructure.The book first shows you the simplest way to achieve a certain task. Then it explains every step in detail, so that you can build your knowledge about how things work. Eventually, the book shows you additional things to consider for each approach. That way, you can learn step-by-step and build profound knowledge on how to go about your configuration management
Full Text Available The paper deals with transportation infrastructure criticality because this quantity determines the State capability to overcome the critical conditions and to ensure the inhabitants survival. The criticality rates for individual types of transportation infrastructure and for the entire transportation infrastructure are determined by data from experts from the areas: transportation; transportation management in the territory; supply chains; public administration; and the Integrated Rescue System. The experts assessed 14 factors, which have been often used in the developed world countries, from the view of human security and development. The result values and their interpretations were determined by using the Multiatribute Utility Theory.
van Oers, M.H.M.; Strous, L.; Berndsen, R.J.; Butts, J.; Shenoi, S.
This paper presents a case study of critical infrastructure protection in the Dutch financial sector. The organizational structures are examined to discern the roles and functions that facilitate public-private cooperation. An assessment of the organizational structures is provided along with a
local scale, and it influences the sustainability, efficiency and inclusiveness of cities and local areas. Linking infrastructure and spatial planning is therefore critical. ..... sequences of buying cheap land for low-cost housing has resulted in them being built on the peripheries of urban areas. Furthermore, their low density has.
van Heeren, Henne; Paschalidou, Lia
numbers they want (several millions per year). The crossover point where building a dedicated facility becomes a realistic option, can differ very much depending on technology complexity, numbers and market value. Also history plays a role, companies with past experience in the production of a product and the necessary facilities and equipment will tend to achieve captive production. Companies not having a microtechnology history will tend to outsource, offering business opportunities for foundries. The number of foundries shows a steady growth over the years. The total availability of foundries, however, and their flexibility will, undoubtedly, rely on market potential and its size. Unlike design houses, foundries need to realise a substantial return on the "large" investments they make in terms of capital and infrastructure. These returns will be maximised through mass-produced products aimed at "killer" applications (accelerometers are only one example). The existence of professional suppliers of MOEMS packaging and assembly is an essential element in the supply chain and critical for the manufacturing and commercialisation of MOEMS products. In addition, the incorporation of packaging and assembly techniques at the front-end of the engineering cycle will pay back in terms of financial savings and shorter timescales to market. Packaging and assembly for MOEMS are, in general, more costly than their equivalents for standard integrated circuits. This is, primarily, due to the diversity of the interconnections (which are multi-functional and may incorporate: electrical, optical, fluidic etc). In addition, the high levels of accuracy and the potential sensitivity of the devices to mechanical and external influences play a major role in the cost aspects of the final MNT product. This article will give an overview of the package/assembly providers and foundry business models and analyse their contribution to the MOEMS supply chain illustrated with some typical examples. As
Roy, Nobhojit; Kapil, Vikas; Subbarao, Italo; Ashkenazi, Isaac
The November 26-29, 2008, terrorist attacks on Mumbai were unique in its international media attention, multiple strategies of attack, and the disproportionate national fear they triggered. Everyone was a target: random members of the general population, iconic targets, and foreigners alike were under attack by the terrorists. A retrospective, descriptive study of the distribution of terror victims to various city hospitals, critical radius, surge capacity, and the nature of specialized medical interventions was gathered through police, legal reports, and interviews with key informants. Among the 172 killed and 304 injured people, about four-fifths were men (average age, 33 years) and 12% were foreign nationals. The case-fatality ratio for this event was 2.75:1, and the mortality rate among those who were critically injured was 12%. A total of 38.5% of patients arriving at the hospitals required major surgical intervention. Emergency surgical operations were mainly orthopedic (external fixation for compound fractures) and general surgical interventions (abdominal explorations for penetrating bullet/shrapnel injuries). The use of heavy-duty automatic weapons, explosives, hostages, and arson in these terrorist attacks alerts us to new challenges to medical counterterrorism response. The need for building central medical control for a coordinated response and for strengthening public hospital capacity are lessons learned for future attacks. These particular terrorist attacks had global consequences, in terms of increased security checks and alerts for and fears of further similar "Mumbai-style" attacks. The resilience of the citizens of Mumbai is a critical measure of the long-term effects of terror attacks.
Karner, Donald [Electric Transportation Inc., Rogers, AR (United States); Garetson, Thomas [Electric Transportation Inc., Rogers, AR (United States); Francfort, Jim [Idaho National Lab. (INL), Idaho Falls, ID (United States)
As highlighted in the U.S. Department of Energy’s EV Everywhere Grand Challenge, vehicle technology is advancing toward an objective to “… produce plug-in electric vehicles that are as affordable and convenient for the average American family as today’s gasoline-powered vehicles …”  by developing more efficient drivetrains, greater battery energy storage per dollar, and lighter-weight vehicle components and construction. With this technology advancement and improved vehicle performance, the objective for charging infrastructure is to promote vehicle adoption and maximize the number of electric miles driven. The EV Everywhere Charging Infrastructure Roadmap (hereafter referred to as Roadmap) looks forward and assumes that the technical challenges and vehicle performance improvements set forth in the EV Everywhere Grand Challenge will be met. The Roadmap identifies and prioritizes deployment of charging infrastructure in support of this charging infrastructure objective for the EV Everywhere Grand Challenge
This proceedings contains information from the IPHE Infrastructure Workshop, a two-day interactive workshop held on February 25-26, 2010, to explore the market implementation needs for hydrogen fueling station development.
The infrastructure area simplification plan was presented at the 3rd EMI All Hands Meeting in Padova. This plan only affects the information and accounting systems as the other areas are new in EMI and hence do not require simplification.
Federal Laboratory Consortium — Volpe's Infrastructure Engineering and Deployment Division advances transportation innovation by being leaders in infrastructure technology, including vehicles and...
Annarita Giani; Miles McQueen; Russell Bent; Kameshwar Poolla; Mark Hinrichs
There is an emerging consensus that the nation’s electricity grid is vulnerable to cyber attacks. This vulnerability arises from the increasing reliance on using remote measurements, transmitting them over legacy data networks to system operators who make critical decisions based on available data. Data integrity attacks are a class of cyber attacks that involve a compromise of information that is processed by the grid operator. This information can include meter readings of injected power at remote generators, power flows on transmission lines, and relay states. These data integrity attacks have consequences only when the system operator responds to compromised data by redispatching generation under normal or contingency protocols. These consequences include (a) financial losses from sub-optimal economic dispatch to service loads, (b) robustness/resiliency losses from placing the grid at operating points that are at greater risk from contingencies, and (c) systemic losses resulting from cascading failures induced by poor operational choices. This paper is focused on understanding the connections between grid operational procedures and cyber attacks. We first offer two examples to illustrate how data integrity attacks can cause economic and physical damage by misleading operators into taking inappropriate decisions. We then focus on unobservable data integrity attacks involving power meter data. These are coordinated attacks where the compromised data are consistent with the physics of power flow, and are therefore passed by any bad data detection algorithm. We develop metrics to assess the economic impact of these attacks under re-dispatch decisions using optimal power flow methods. These metrics can be use to prioritize the adoption of appropriate countermeasures including PMU placement, encryption, hardware upgrades, and advance attack detection algorithms.
Sajeed, Shihan; Minshull, Carter; Jain, Nitin
We demonstrate the experimental feasibility of a Trojan-horse attack that remains nearly invisible to the single-photon detectors employed in practical quantum key distribution (QKD) systems, such as Clavis2 from ID Quantique. We perform a detailed numerical comparison of the attack performance...
Výtisková, T; Suchá, D; Fučíková, Z
To describe hear-attack on crystal meth addicted pregnant woman. Case report. Acute heart-attack during pregnancy means unexpected obstetric complication. The consequences could be fatal for the mother and the fetus. Although good delivery management and treatment could reduce morbidity and mortality to a minimum.
Full Text Available UNICORE (Uniform Interface to Computer Resources is a software infrastructure supporting seamless and secure access to distributed resources. UNICORE allows uniform access to different hardware and software platforms as well as different organizational environments. Based on the abstract job model it offers services for security, translation of abstract jobs into real batch jobs for different target systems, and a public key infrastructure. This paper describes the UNICORE architecture and the services provided.
The July 2010 edition of Prakarsa is devoted to Financing Infrastructure, and examines a variety of mechanisms that can be used to secure and manage funding for a broad range of infrastructure sectors. Feature articles include discussions of public service obligations/pioneer services (“Shifting the Mindset: Public Service Obligations and Pioneer Services in Indonesia's Transport Sector” by Peter Benson and Kawik Sugiana); how semi-autonomous local entities can deliver services (“A Promising ...
Sajeed, Shihan; Minshull, Carter; Jain, Nitin; Makarov, Vadim
We demonstrate the experimental feasibility of a Trojan-horse attack that remains nearly invisible to the single-photon detectors employed in practical quantum key distribution (QKD) systems, such as Clavis2 from ID Quantique. We perform a detailed numerical comparison of the attack performance against Scarani-Ac´ın-Ribordy-Gisin (SARG04) QKD protocol at 1924 nm versus that at 1536 nm. The attack strategy was proposed earlier but found to be unsuccessful at the latter wavelength, as reported in N. Jain et al., New J. Phys. 16, 123030 (2014). However at 1924 nm, we show experimentally that the noise response of the detectors to bright pulses is greatly reduced, and show by modeling that the same attack will succeed. The invisible nature of the attack poses a threat to the security of practical QKD if proper countermeasures are not adopted.
Damgård, Ivan Bjerre; Funder, Jakob Løvstad; Nielsen, Jesper Buus
string model. While our protocol is classical, it is sound against a cheating unbounded quantum prover and computational zero-knowledge even if the verifier is allowed a superposition attack. Finally, we consider multiparty computation and show that for the most general type of attack, simulation based......Attacks on classical cryptographic protocols are usually modeled by allowing an adversary to ask queries from an oracle. Security is then defined by requiring that as long as the queries satisfy some constraint, there is some problem the adversary cannot solve, such as compute a certain piece...... of information. In this paper, we introduce a fundamentally new model of quantum attacks on classical cryptographic protocols, where the adversary is allowed to ask several classical queries in quantum superposition. This is a strictly stronger attack than the standard one, and we consider the security...
In the light of the aforementioned, this study on the „socio economic implication of infrastructural decay in Nigeria‟ focused attention more on trying to critically appraise the effectiveness of infrastructural facilities in the nation, providing an insight into how weak the various organs of the federal and the state governments are ...
Full Text Available The paper substantiates the need for scientific studying the state of local infrastructure financing as well as efficient management of the existing infrastructure facilities. It is noted that under the influence of such factors as globalization, urbanization and information revolution the value of the city and role thereof in society are increasing. Based on analysis of the budget and demographic indices it has been proven that Kyiv, as the capital, occupies a unique place in the economic life of Ukraine, while being the country's financial and investment centre. It has been asserted that the critical level of the city's key infrastructure deterioration indicates lack of adequate municipal management in this field. The paper also asserts a high level of monopolization regarding housing and communal services, whereas also provides substantiation of the need for developing new competitive financing mechanisms to be applied. Existence of significant disparities between development of the city and construction of the essential transport infrastructure has been demonstrated with the said fact being due to incompliance of the borrowed finances with real investment needs. Given the international experience, the methods of upgrading the existing city infrastructure as well as sources of financial support for the new infrastructure projects have been suggested
Critical neuropsychobiological analysis of panic attack- and anticipatory anxiety-like behaviors in rodents confronted with snakes in polygonal arenas and complex labyrinths: a comparison to the elevated plus- and T-maze behavioral tests.
Coimbra, Norberto C; Paschoalin-Maurin, Tatiana; Bassi, Gabriel S; Kanashiro, Alexandre; Biagioni, Audrey F; Felippotti, Tatiana T; Elias-Filho, Daoud H; Mendes-Gomes, Joyce; Cysne-Coimbra, Jade P; Almada, Rafael C; Lobão-Soares, Bruno
To compare prey and snake paradigms performed in complex environments to the elevated plus-maze (EPM) and T-maze (ETM) tests for the study of panic attack- and anticipatory anxiety-like behaviors in rodents. PubMed was reviewed in search of articles focusing on the plus maze test, EPM, and ETM, as well as on defensive behaviors displayed by threatened rodents. In addition, the authors' research with polygonal arenas and complex labyrinth (designed by the first author for confrontation between snakes and small rodents) was examined. The EPM and ETM tests evoke anxiety/fear-related defensive responses that are pharmacologically validated, whereas the confrontation between rodents and snakes in polygonal arenas with or without shelters or in the complex labyrinth offers ethological conditions for studying more complex defensive behaviors and the effects of anxiolytic and panicolytic drugs. Prey vs. predator paradigms also allow discrimination between non-oriented and oriented escape behavior. Both EPM and ETM simple labyrinths are excellent apparatuses for the study of anxiety- and instinctive fear-related responses, respectively. The confrontation between rodents and snakes in polygonal arenas, however, offers a more ethological environment for addressing both unconditioned and conditioned fear-induced behaviors and the effects of anxiolytic and panicolytic drugs.
Varuttamaseni, Athi; Bari, Robert A.; Youngblood, Robert
The consideration of how one compromised digital equipment can impact neighboring equipment is critical to understanding the progression of cyber attacks. The degree of influence that one component may have on another depends on a variety of factors, including the sharing of resources such as network bandwidth or processing power, the level of trust between components, and the inclusion of segmentation devices such as firewalls. The interactions among components via mechanisms that are unique to the digital world are not usually considered in traditional PRA. This means potential sequences of events that may occur during an attack may be missed if one were to only look at conventional accident sequences. This paper presents a method where, starting from the initial attack vector, the progression of a cyber attack can be modeled. The propagation of the attack is modeled by considering certain attributes of the digital components in the system. These attributes determine the potential vulnerability of a component to a class of attack and the capability gained by the attackers once they are in control of the equipment. The use of attributes allows similar components (components with the same set of attributes) to be modeled in the same way, thereby reducing the computing resources required for analysis of large systems.
Full Text Available New infrastructures, new landscapes AbstractThe paper will discuss one recent Italian project that share a common background: the relevance of the existing maritime landscape as a non negotiable value. The studies will be discussed in details a feasibility study for the new port in Monfalcone. National infrastructural policies emphasize competitiveness and connection as a central issue incultural, economic and political development of communities . Based on networks and system development along passageways that make up the European infrastructural armor; the two are considered at the meantime as cause and effect of "territorialisation”. These two views are obviously mutually dependent. It's hard to think about a strong attractiveness out of the network, and to be part of the latter encourages competitiveness. Nonetheless this has proved to be conflictual when landscape values and the related attractiveness are considered.The presented case study project, is pursuing the ambition to promote a new approach in realizing large infrastructures; its double role is to improve connectivity and to generate lasting and positive impact on the local regions. It deal with issues of inter-modality and the construction of nodes and lines which connects Europe, and its markets.Reverting the usual approach which consider landscape project as as a way to mitigate or to compensate for the infrastructure, the goal is to succeed in realizing large infrastructural works by conceiving them as an occasion to reinterpret a region or, as extraordinary opportunities, to build new landscapes.The strategy proposed consists in achieving structural images based on the reinforcement of the environmental and historical-landscape systems. Starting from the reinterpretation of local maritime context and resources it is possible not just to preserve the attractiveness of a specific landscape but also to conceive infrastructure in a more efficient way.
Safety and integrity of the national transportation infrastructure are of paramount importance and highway bridges are critical components of the highway system network. This network provides an immense contribution to the industry productivity and e...
Today’s society relies greatly upon an array of complex national and international infrastructure networks such as transportation, electric power, telecommunication, and financial networks. This paper describes initial research combining agent-based infrastructure modeling software and genetic algorithms (GAs) to help optimize infrastructure protection and restoration decisions. This research proposes to apply GAs to the problem of infrastructure modeling and analysis in order to determine the optimum assets to restore or protect from attack or other disaster. This research is just commencing and therefore the focus of this paper is the integration of a GA optimization method with a simulation through the simulation’s agents.
Luiijf, H.A.M.; Klaver, M.H.A.
With respect to critical information and communication technologies (ICT), nations most often declare their national critical infrastructure to include telecommunication services and in some cases critical services offered by key Internet Service Providers (ISP). This paper debates whether nations,
Bektas, Hesna; Karabulut, Hayriye; Doganay, Beyza; Acar, Baran
Migraine is a common primary headache disorder. The mechanisms underlying the onset of a migraine attack are not completely understood. Environmental changes and a number of other factors could induce migraine attacks. The aim of this study was to investigate the relationship between the frequency of migraine attacks and allergens. Migraine patients without aura, and healthy individuals similar in age and gender without a history of headache and allergy were prospectively included in the study. The duration of migraine, the frequency of migraine attacks, the medication history, and the symptoms during attacks were questioned. Migraine disability assessment score (MIDAS) and visual analog scale (VAS) scores were obtained. Allergen extracts including dust, fungi, insect, animal epithelium, pollens, and food allergens were applied for allergy tests. 49 migraine patients and 49 healthy individuals were enrolled in the study. There was no significant difference in terms of age and gender. The median migraine disease duration, the number of attacks in a month, and the duration of attacks were, respectively, 5.5 years (1-44), 4 (1-10) day/month, and 24 (4-72) h. The mean MIDAS grade was 2.45 ± 0.14 (1-4), and mean VAS score was 7.89 ± 0.27 (4-10). The positivity of allergy tests was 55.1 % (27/49) in the migraine group and 32.7 % (16/49) in the control group (p < 0.05). The allergy tests were positive for house dust, red birch, hazel tree, olive tree, nettle, and wheat. The frequency of migraine attacks was higher in allergy-test-positive patients than in negative ones in the migraine group (p = 0.001). The migraine patients who had frequent attacks should be examined for allergies.
Attacks on humans by wild pigs (Sus scrofa) have been documented since ancient times. However, studies characterizing these incidents are lacking. In an effort to better understand this phenomenon, information was collected from 412 wild pig attacks on humans. Similar to studies of large predator attacks on humans, data came from a variety of sources. The various attacks compiled occurred in seven zoogeographic realms. Most attacks occurred within the species native range, and specifically in rural areas. The occurrence was highest during the winter months and daylight hours. Most happened under non-hunting circumstances and appeared to be unprovoked. Wounded animals were the chief cause of these attacks in hunting situations. The animals involved were typically solitary, male and large in size. The fate of the wild pigs involved in these attacks varied depending upon the circumstances, however, most escaped uninjured. Most human victims were adult males traveling on foot and alone. The most frequent outcome for these victims was physical contact/mauling. The severity of resulting injuries ranged from minor to fatal. Most of the mauled victims had injuries to only one part of their bodies, with legs/feet being the most frequent body part injured. Injuries were primarily in the form of lacerations and punctures. Fatalities were typically due to blood loss. In some cases, serious infections or toxemia resulted from the injuries. Other species (i.e., pets and livestock) were also accompanying some of the humans during these attacks. The fates of these animals varied from escaping uninjured to being killed. Frequency data on both non-hunting and hunting incidents of wild pig attacks on humans at the Savannah River Site, South Carolina, showed quantitatively that such incidents are rare.
Kalmijn, Adrianus J
The original objective of the SIO Marine Attack project was to identify the electric and magnetic fields causing sharks to inflict serious damage upon the towed hydrophone arrays of US Navy submarines...
The attack on Charlie Hebdo has by many been linked to multiculturalism. But it is unclear exactly how the connection between multiculturalism and the attack should be understood and whether there indeed is such a connection. The article discusses this by distinguishing between different senses...... of multiculturalism and different ways in which one might think that there is a link between multiculturalism and the attack. On this basis the resulting claims are discussed as to whether they are in fact plausible, which many of them turn out not to be....
Vigo, Roberto; Nielson, Flemming; Nielson, Hanne Riis
-prone and impracticable for large systems. Nonetheless, the automated generation of attack trees has only been explored in connection to computer networks and levering rich models, whose analysis typically leads to an exponential blow-up of the state space. We propose a static analysis approach where attack trees...... interesting quantitative problems, that can be solved through an encoding into Satisfiability Modulo Theories. The flexibility and effectiveness of the approach is demonstrated on the study of a national-scale authentication system, whose attack tree is computed thanks to a Java implementation...
The world of Cyber-Physical Systems ranges from industrial to national interest applications. Even though these systems are pervading our everyday life, we are still far from fully understanding their security properties. Devising a suitable attacker model is a crucial element when studying...... the security properties of CPSs, as a system cannot be secured without defining the threats it is subject to. In this work an attacker scenario is presented which addresses the peculiarities of a cyber-physical adversary, and we discuss how this scenario relates to other attacker models popular in the security...
van de Beek, G.S.
Contemporary society is greatly dependent upon a set of critical infrastructures (CIs) providing security and quality of life. Electronic systems control the safety-critical functioning of most CIs, and these electronic systems are susceptible to electromagnetic interference (EMI). A threat to the infrastructures is that adversaries, such as terrorists, could disrupt the functioning by using electromagnetic (EM) sources. This is defined as intentional electromagnetic interference (IEMI). The ...
Abstract Attacking from a distance is nothing new, but with the advent of certain new technologies, attacks can be undertaken in which the attacker remains very remote from the scene where force will be employed...
Full Text Available and is only able to cater for social engineering attacks that use bidirectional communication. Previous research discovered that social engineering attacks can be classified into three different categories, namely attacks that utilise bidirectional...