WorldWideScience

Sample records for cyber defense center

  1. Optimizing Active Cyber Defense

    OpenAIRE

    Lu, Wenlian; Xu, Shouhuai; Yi, Xinlei

    2016-01-01

    Active cyber defense is one important defensive method for combating cyber attacks. Unlike traditional defensive methods such as firewall-based filtering and anti-malware tools, active cyber defense is based on spreading "white" or "benign" worms to combat against the attackers' malwares (i.e., malicious worms) that also spread over the network. In this paper, we initiate the study of {\\em optimal} active cyber defense in the setting of strategic attackers and/or strategic defenders. Specific...

  2. Cyber Defense: An International View

    Science.gov (United States)

    2015-09-01

    and Mathematics at the Royal Institute of Tech- nology, Stockholm, Sweden; and Otto von Guericke University, Magdeburg , Germany . viii ix SUMMARY...and analysis to influence policy debate and bridge the gap between military and academia. The Center for Strategic Leadership and Development...provide an overview of four different national approaches to cyber defense: those of Nor- way, Estonia, Germany , and Sweden. While provid- ing a

  3. Simulating cyber warfare and cyber defenses: information value considerations

    Science.gov (United States)

    Stytz, Martin R.; Banks, Sheila B.

    2011-06-01

    Simulating cyber warfare is critical to the preparation of decision-makers for the challenges posed by cyber attacks. Simulation is the only means we have to prepare decision-makers for the inevitable cyber attacks upon the information they will need for decision-making and to develop cyber warfare strategies and tactics. Currently, there is no theory regarding the strategies that should be used to achieve objectives in offensive or defensive cyber warfare, and cyber warfare occurs too rarely to use real-world experience to develop effective strategies. To simulate cyber warfare by affecting the information used for decision-making, we modify the information content of the rings that are compromised during in a decision-making context. The number of rings affected and value of the information that is altered (i.e., the closeness of the ring to the center) is determined by the expertise of the decision-maker and the learning outcome(s) for the simulation exercise. We determine which information rings are compromised using the probability that the simulated cyber defenses that protect each ring can be compromised. These probabilities are based upon prior cyber attack activity in the simulation exercise as well as similar real-world cyber attacks. To determine which information in a compromised "ring" to alter, the simulation environment maintains a record of the cyber attacks that have succeeded in the simulation environment as well as the decision-making context. These two pieces of information are used to compute an estimate of the likelihood that the cyber attack can alter, destroy, or falsify each piece of information in a compromised ring. The unpredictability of information alteration in our approach adds greater realism to the cyber event. This paper suggests a new technique that can be used for cyber warfare simulation, the ring approach for modeling context-dependent information value, and our means for considering information value when assigning cyber

  4. Cyber defense and situational awareness

    CERN Document Server

    Kott, Alexander; Erbacher, Robert F

    2015-01-01

    This book is the first publication to give a comprehensive, structured treatment to the important topic of situational awareness in cyber defense. It presents the subject in a logical, consistent, continuous discourse, covering key topics such as formation of cyber situational awareness, visualization and human factors, automated learning and inference, use of ontologies and metrics, predicting and assessing impact of cyber attacks, and achieving resilience of cyber and physical mission. Chapters include case studies, recent research results and practical insights described specifically for th

  5. Cyber Defense Management

    Science.gov (United States)

    2016-09-01

    of market capitalization after a cyber security incident Financial Geer, 2001 Gordon and Loeb, 2005 Willemson, 2006 Determine the return on security...thoughtheir vulnerability may be less. That is because the return on investment for protecting agiven information set is a function both of its vulnerability...can ensure that it is investing properly to provide cyber resilience to its systems. The study investigated ways to inform future investment

  6. Preparing South Africa for cyber crime and cyber defense

    CSIR Research Space (South Africa)

    Grobler, M

    2013-01-01

    Full Text Available revolution on cybercrime and cyber defense in a developing country and will evaluate the relevant South African legislation. It will also look at the influence of cyber defense on the international position of the South African Government. South Africa... legislation and a lack of cyber defense mechanisms. As a starting point, cyber warfare for the purpose of this article is defined as the use of exploits in cyber space as a way to intentionally cause harm to people, assets or economies (Owen 2008). It can...

  7. Norwegian Cyber Defense

    Science.gov (United States)

    2013-12-01

    reliance on proprietary networks and hardware, SCADA systems were considered safe from cyber attacks and were not designed for security. The situation...operational data that could result in public safety concerns.43 In 2013 Norwegian newspaper Dagbladet found over 2,500 SCADA systems in Norway used for ...a. Siberian Pipeline Explosion (1982) In 1982, intruders planted a Trojan horse in the SCADA system that controls the Siberian Pipeline . This is the

  8. CENTER FOR CYBER SECURITY STUDIES

    Data.gov (United States)

    Federal Laboratory Consortium — The mission of the Center for Cyber Security Studies is to enhance the education of midshipmen in all areas of cyber warfare, to facilitate the sharing of expertise...

  9. Cyber Defense Exercises and their Role in Cyber Warfare

    OpenAIRE

    Bogdan Alexandru Bratosin

    2014-01-01

    The threat of cyber-attacks is increasing with the access to PC’s and Internet of a larger number of people around the world. Although the Internet provides a large number of advantages, it can also be used as a cyber-weapon in order to serve the interests of counties, political and economic groups or individual. The cyber-attacks of today are capable to disable the manufacturing of nuclear bombs of a country. Thus, there is an increasing demand for IT security specialists. Cyber-defense exer...

  10. Preparing South Africa for Cyber Crime and Cyber Defense

    Directory of Open Access Journals (Sweden)

    Marthie Grobler

    2013-10-01

    Full Text Available The international scope of the Internet, the fast technological advances, the wide reach of technological usage and the increase in cyber-attacks require the South African administrative and legislative system to both intersect largely with the application and implementation of international legislation, take timeous precautionary measures and stay updated on trends and developments. One of the problems associated with the technological revolution is that the cyberspace is full of complex and dynamic technological innovations that are not well suited to any lagging administrative and legal system. A further complication is the lack of comprehensive and enforceable treaties facilitating international cooperation with regard to cyber defense. The result is that many developing countries in particular, are either not properly aware, not well prepared, or adequately protected by both knowledge and legislation, in the event of a cyber-attack on a national level. Even if these countries realize the threats, the time to react is of such a long nature due to consultation and legislative processes, that the legal systems provide little support to ensure timeous and necessary counter-measures. This article will address this problem by looking at the impact of technological revolution on cybercrime and cyber defense in a developing country and will evaluate the relevant South African legislation. It will also look at the influence of cyber defense on the international position of the South African Government. South Africa at present does not have a coordinated approach in dealing with Cybercrime and does not have a comprehensive Cyber defense strategy in place. The structures that have been established to deal with Cyber security issues are inadequate to holistically deal with these issues. The development of interventions to address cybercrime requires a partnership between business, government and civil society. This article will provide an approach to

  11. For the Common Defense of Cyberspace: Implications of a US Cyber Militia on Department of Defense Cyber Operations

    Science.gov (United States)

    2015-06-12

    the Common Defense of Cyberspace: Implications of a US Cyber Militia on Department of Defense Cyber Operations 5a. CONTRACT NUMBER 5b. GRANT ...20130423/ NEWS/304230016/Navy-wants-1-000-more-cyber-warriors. 33 Edward Cardon , “Army Cyber Capabilities” (Lecture, Advanced Operations Course...Finally, once a cyber security professional is trained, many argue, to include the head of Army’s Cyber Command, Lieutenant General Edward Cardon

  12. Collegiate Cyber Defense Competition Effort

    Science.gov (United States)

    2018-03-01

    grade by Applied Visions personnel. The CIAS also worked with Pacific Northwest National Labs to create a substation, control center, and plant ...center network, substation, and plant network were housed behind a Juniper firewall so that the plant network and substation were only accessible...will not provide copies of their actual network traffic to anyone. On the rare occasions traffic logs are shared, they are typically heavily modified

  13. Deception used for Cyber Defense of Control Systems

    Energy Technology Data Exchange (ETDEWEB)

    Wayne F. Boyer; Miles A. McQueen

    2009-05-01

    Control system cyber security defense mechanisms may employ deception to make it more difficult for attackers to plan and execute successful attacks. These deceptive defense mechanisms are organized and initially explored according to a specific deception taxonomy and the seven abstract dimensions of security previously proposed as a framework for the cyber security of control systems.

  14. DCT-based cyber defense techniques

    Science.gov (United States)

    Amsalem, Yaron; Puzanov, Anton; Bedinerman, Anton; Kutcher, Maxim; Hadar, Ofer

    2015-09-01

    With the increasing popularity of video streaming services and multimedia sharing via social networks, there is a need to protect the multimedia from malicious use. An attacker may use steganography and watermarking techniques to embed malicious content, in order to attack the end user. Most of the attack algorithms are robust to basic image processing techniques such as filtering, compression, noise addition, etc. Hence, in this article two novel, real-time, defense techniques are proposed: Smart threshold and anomaly correction. Both techniques operate at the DCT domain, and are applicable for JPEG images and H.264 I-Frames. The defense performance was evaluated against a highly robust attack, and the perceptual quality degradation was measured by the well-known PSNR and SSIM quality assessment metrics. A set of defense techniques is suggested for improving the defense efficiency. For the most aggressive attack configuration, the combination of all the defense techniques results in 80% protection against cyber-attacks with PSNR of 25.74 db.

  15. Cyber Threats/Attacks and a Defensive Model to Mitigate Cyber Activities

    Directory of Open Access Journals (Sweden)

    Jawad Hussain Awan

    2018-04-01

    Full Text Available Nowadays, every internet user is part of cyber world. In this way, millions of users, knowledge seekers, and service provider organizations are connected to each other, a vast number of common people shifted their everyday activities to cyber world as they can save their time, traffic problem and gets effective and costless services by using various services such as, online banking, social networking sites, government services and cloud services. The use of Cyber services, eBusiness, eCommerce and eGovernance increases the usage of online/cyber services also increased the issue of cyber security. Recently, various cases have been reported in the literature and media about the cyber-attacks and crimes which seriously disrupted governments, businesses and personal lives. From the literature. It is noticed that every cyber user is unaware about privacy and security practices and measures. Therefore, cyber user has provided knowledge and fully aware them from the online services and also about cyber privacy and security. This paper presents a review on the recent cybercrimes, threats and attacks reported in the literature and media. In addition, the impact of these cyber breaches and cyber law to deal with cyber security has been discussed. At last, a defensive model is also proposed to mitigate cyber-criminal activities.

  16. EDUCATIONAL NETWORKING: HUMAN VIEW TO CYBER DEFENSE

    Directory of Open Access Journals (Sweden)

    Oleksandr Yu. Burov

    2016-05-01

    Full Text Available Networks play more and more important role for human life and activity, both in critical occupations (aviation, power industry, military missions etc., and in everyday life (home computers, education, leisure. Interaction between human and other elements of human-machine system have changed, because they coincide in the information habitat. Human-system integration has reached new level of defense needs. The paper will introduce features of information society in respect of a human and corresponding changes in HF/E: (1 information becomes a tool, goal, mean and environment of a human activity, (2 it becomes a part of the human nature and this makes him/her unprotected, (3 human psycho-physiological status becomes not only a basis of effective performance, but an object of control and support, and means of a human security and safety should be a part of information habitat, (4 networking environment becomes an independent actor in a human activity. Accompanying cyber-security challenges and tasks are discussed, as well as types of networking threats and Human View regarding the cyber security challenges.

  17. Changing the face of cyber warfare with international cyber defense collaboration

    CSIR Research Space (South Africa)

    Grobler, M

    2011-03-01

    Full Text Available . The result is that many countries are not properly prepared, nor adequately protected by legislation, in the event of a cyber attack on a national level. This article will address the international cyber defense collaboration problem by looking at the impact...

  18. Game Theoretic Solutions to Cyber Attack and Network Defense Problems

    National Research Council Canada - National Science Library

    Shen, Dan; Chen, Genshe; Cruz, Jr., , Jose B; Blasch, Erik; Kruger, Martin

    2007-01-01

    .... The protection and defense against cyber attacks to computer network is becoming inadequate as the hacker knowledge sophisticates and as the network and each computer system become more complex...

  19. Addressing Human Factors Gaps in Cyber Defense

    Science.gov (United States)

    2016-09-23

    awareness (Endsley, 1995), and thus stands a good chance of benefiting from similar study. It should be noted that cyber situation awareness as a...models of the environment, divided across multiple types of cyber operations (Tyworth, Giacobe, Mancuso, McNeese, & Hall, 2013). Given the... Attention Switching in Cyber Security Dr. Christopher Wickens Colorado State University Cyber-security analysts at whatever level they serve

  20. REKONSTRUKSI PEMBENTUKAN NATIONAL CYBER DEFENSE SEBAGAI UPAYA MEMPERTAHANKAN KEDAULATAN NEGARA

    Directory of Open Access Journals (Sweden)

    Nur Khalimatus Sa'diyah

    2016-09-01

    Full Text Available Anxiety against cybercrime has become the world’s attention, but not all countries in the world is giving greater attention to the problem of cybercrime by having the rule and unless the developed countries and some developing countries. The purpose of this research is in order to find, examine and analyze the efforts of the Indonesia Government in the protection of State secrets information and data, also to research the forms of Indonesia Government resistance against cyber war. Find a reconstruction of national cyber defense formation or cyber army in an attempt to defend the sovereignty of the country. In Act No. 3 of 2002 on State Defense, it has been established that the threat in the country’s defense system consists of a military threat and non-military threat, which is including cyber threats. One of the negative effects of the cyber world development via the internet among other things is a crime in violation of the law cybercrime, where when the escalation widely spread, it could have threatened the country’s sovereignty, territorial integrity or the safety of the nation. In an effort to combat against the attacks in this virtual world, will require an agency that is in charge of being the world’s bulwark cyber or cyber defense.

  1. Developing the Cyber Defenders of Tomorrow with Regional Collegiate Cyber Defense Competitions (CCDC)

    Science.gov (United States)

    Carlin, Anna; Manson, Daniel P.; Zhu, Jake

    2010-01-01

    With the projected higher demand for Network Systems Analysts and increasing computer crime, network security specialists are an organization's first line of defense. The principle function of this paper is to provide the evolution of Collegiate Cyber Defense Competitions (CCDC), event planning required, soliciting sponsors, recruiting personnel…

  2. Recommendations for Model Driven Paradigms for Integrated Approaches to Cyber Defense

    Science.gov (United States)

    2017-03-06

    Human Cognitive Modeling in Cyber Security 13 4.1 Models of Human in the Cyber Detection Loop 14 4.2 Perception and Representation of the Cyber ...paradigm applied to cyber operations is likely to benefit traditional disciplines of cyber defense such as security , vulnerability analysis, intrusion...and simulation for full range of cyber specialties, not only for training and rehearsal. • Encourage participation of commercial companies , in NATO

  3. Design and Implementation of a Cyber-Defense Exercise

    OpenAIRE

    Adrian Furtuna

    2010-01-01

    Learning by practice is a very effective way of education in some activity domains, including information security. The article explores this idea by showing how a cyber-defense exercise can be designed and implemented in order to reach its educational goals.

  4. Defense of Cyber Infrastructures Against Cyber-Physical Attacks Using Game-Theoretic Models.

    Science.gov (United States)

    Rao, Nageswara S V; Poole, Stephen W; Ma, Chris Y T; He, Fei; Zhuang, Jun; Yau, David K Y

    2016-04-01

    The operation of cyber infrastructures relies on both cyber and physical components, which are subject to incidental and intentional degradations of different kinds. Within the context of network and computing infrastructures, we study the strategic interactions between an attacker and a defender using game-theoretic models that take into account both cyber and physical components. The attacker and defender optimize their individual utilities, expressed as sums of cost and system terms. First, we consider a Boolean attack-defense model, wherein the cyber and physical subinfrastructures may be attacked and reinforced as individual units. Second, we consider a component attack-defense model wherein their components may be attacked and defended, and the infrastructure requires minimum numbers of both to function. We show that the Nash equilibrium under uniform costs in both cases is computable in polynomial time, and it provides high-level deterministic conditions for the infrastructure survival. When probabilities of successful attack and defense, and of incidental failures, are incorporated into the models, the results favor the attacker but otherwise remain qualitatively similar. This approach has been motivated and validated by our experiences with UltraScience Net infrastructure, which was built to support high-performance network experiments. The analytical results, however, are more general, and we apply them to simplified models of cloud and high-performance computing infrastructures. © 2015 Society for Risk Analysis.

  5. Developing standard exercises and statistics to measure the impact of cyber defenses

    OpenAIRE

    Berninger, Matthew L.

    2014-01-01

    CHDS State/Local As companies seek protection from cyber attacks, justifying proper levels of investment in cyber security is essential. Like all investments, cyber defense costs must be weighed against their expected benefits. While some cyber investment models exist that can relate costs and benefits, these models are largely untested with experimental data. This research develops an experimental framework and statistics for testing and measuring the efficacy of cyber mitigation methods,...

  6. Defense Science Board Task Force Report on Cyber Defense Management

    Science.gov (United States)

    2016-09-01

    techniques coupled with the use of the Markov decision processand stochastic math models enhance the results by accounting for the inherent randomness...Purpose/Goal Macro-economic input/output Santos and Haimes, 2004 Evaluate sensitivity of the U.S. economy to cyber attacks in particular sectors Macro

  7. Cooperative Autonomous Resilient Defense Platform for Cyber-Physical Systems

    OpenAIRE

    Azab, Mohamed Mahmoud Mahmoud

    2013-01-01

    Cyber-Physical Systems (CPS) entail the tight integration of and coordination between computational and physical resources. These systems are increasingly becoming vital to modernizing the national critical infrastructure systems ranging from healthcare, to transportation and energy, to homeland security and national defense. Advances in CPS technology are needed to help improve their current capabilities as well as their adaptability, autonomicity, efficiency, reliability, safety and usabili...

  8. Cyber Security Research Frameworks For Coevolutionary Network Defense

    Energy Technology Data Exchange (ETDEWEB)

    Rush, George D. [Missouri Univ. of Science and Technology, Rolla, MO (United States); Tauritz, Daniel Remy [Los Alamos National Lab. (LANL), Los Alamos, NM (United States)

    2015-12-03

    Several architectures have been created for developing and testing systems used in network security, but most are meant to provide a platform for running cyber security experiments as opposed to automating experiment processes. In the first paper, we propose a framework termed Distributed Cyber Security Automation Framework for Experiments (DCAFE) that enables experiment automation and control in a distributed environment. Predictive analysis of adversaries is another thorny issue in cyber security. Game theory can be used to mathematically analyze adversary models, but its scalability limitations restrict its use. Computational game theory allows us to scale classical game theory to larger, more complex systems. In the second paper, we propose a framework termed Coevolutionary Agent-based Network Defense Lightweight Event System (CANDLES) that can coevolve attacker and defender agent strategies and capabilities and evaluate potential solutions with a custom network defense simulation. The third paper is a continuation of the CANDLES project in which we rewrote key parts of the framework. Attackers and defenders have been redesigned to evolve pure strategy, and a new network security simulation is devised which specifies network architecture and adds a temporal aspect. We also add a hill climber algorithm to evaluate the search space and justify the use of a coevolutionary algorithm.

  9. EDUCATIONAL NETWORKING: HUMAN VIEW TO CYBER DEFENSE

    OpenAIRE

    Oleksandr Yu. Burov

    2016-01-01

    Networks play more and more important role for human life and activity, both in critical occupations (aviation, power industry, military missions etc.), and in everyday life (home computers, education, leisure). Interaction between human and other elements of human-machine system have changed, because they coincide in the information habitat. Human-system integration has reached new level of defense needs. The paper will introduce features of information society in respect of a human and corr...

  10. Simulation of cyber attacks with applications in homeland defense training

    Science.gov (United States)

    Brown, Bill; Cutts, Andrew; McGrath, Dennis; Nicol, David M.; Smith, Timothy P.; Tofel, Brett

    2003-09-01

    We describe a tool to help exercise and train IT managers who make decisions about IP networks in the midst of cyber calamity. Our tool is interactive, centered around a network simulation. It includes various modes of communications one would use to make informed decisions. Our tool is capable of simulating networks with hundreds of components and dozens of players. Test indicate that it could support an exercise an order of magnitude larger and more complex.

  11. Hypergame theory applied to cyber attack and defense

    Science.gov (United States)

    House, James Thomas; Cybenko, George

    2010-04-01

    This work concerns cyber attack and defense in the context of game theory--specifically hypergame theory. Hypergame theory extends classical game theory with the ability to deal with differences in players' expertise, differences in their understanding of game rules, misperceptions, and so forth. Each of these different sub-scenarios, or subgames, is associated with a probability--representing the likelihood that the given subgame is truly "in play" at a given moment. In order to form an optimal attack or defense policy, these probabilities must be learned if they're not known a-priori. We present hidden Markov model and maximum entropy approaches for accurately learning these probabilities through multiple iterations of both normal and modified game play. We also give a widely-applicable approach for the analysis of cases where an opponent is aware that he is being studied, and intentionally plays to spoil the process of learning and thereby obfuscate his attributes. These are considered in the context of a generic, abstract cyber attack example. We demonstrate that machine learning efficacy can be heavily dependent on the goals and styles of participant behavior. To this end detailed simulation results under various combinations of attacker and defender behaviors are presented and analyzed.

  12. Cyber Warfare/Cyber Terrorism

    National Research Council Canada - National Science Library

    O'Hara, Timothy

    2004-01-01

    .... Section 1 concludes with a review of offensive and defensive cyber warfare concepts. Section 2 presents a general overview of cyber terrorism, including definitions of cyber terrorism and cyber terrorism support...

  13. Control Systems Cyber Security:Defense in Depth Strategies

    Energy Technology Data Exchange (ETDEWEB)

    David Kuipers; Mark Fabro

    2006-05-01

    Information infrastructures across many public and private domains share several common attributes regarding IT deployments and data communications. This is particularly true in the control systems domain. A majority of the systems use robust architectures to enhance business and reduce costs by increasing the integration of external, business, and control system networks. However, multi-network integration strategies often lead to vulnerabilities that greatly reduce the security of an organization, and can expose mission-critical control systems to cyber threats. This document provides guidance and direction for developing ‘defense-in-depth’ strategies for organizations that use control system networks while maintaining a multi-tier information architecture that requires: Maintenance of various field devices, telemetry collection, and/or industrial-level process systems Access to facilities via remote data link or modem Public facing services for customer or corporate operations A robust business environment that requires connections among the control system domain, the external Internet, and other peer organizations.

  14. A cognitive and economic decision theory for examining cyber defense strategies.

    Energy Technology Data Exchange (ETDEWEB)

    Bier, Asmeret Brooke

    2014-01-01

    Cyber attacks pose a major threat to modern organizations. Little is known about the social aspects of decision making among organizations that face cyber threats, nor do we have empirically-grounded models of the dynamics of cooperative behavior among vulnerable organizations. The effectiveness of cyber defense can likely be enhanced if information and resources are shared among organizations that face similar threats. Three models were created to begin to understand the cognitive and social aspects of cyber cooperation. The first simulated a cooperative cyber security program between two organizations. The second focused on a cyber security training program in which participants interact (and potentially cooperate) to solve problems. The third built upon the first two models and simulates cooperation between organizations in an information-sharing program.

  15. 7 Key Challenges for Visualization in Cyber Network Defense

    Energy Technology Data Exchange (ETDEWEB)

    Best, Daniel M.; Endert, Alexander; Kidwell, Dan

    2014-12-02

    In this paper we present seven challenges, informed by two user studies, to be considered when developing a visualization for cyber security purposes. Cyber security visualizations must go beyond isolated solutions and “pretty picture” visualizations in order to make impact to users. We provide an example prototype that addresses the challenges with a description of how they are met. Our aim is to assist in increasing utility and adoption rates for visualization capabilities in cyber security.

  16. Effects of Gain/Loss Framing in Cyber Defense Decision-Making

    Energy Technology Data Exchange (ETDEWEB)

    Bos, Nathan; Paul, Celeste; Gersh, John; Greenberg, Ariel; Piatko, Christine; Sperling, Scott; Spitaletta, Jason; Arendt, Dustin L.; Burtner, Edwin R.

    2016-10-24

    Cyber defense requires decision making under uncertainty. Yet this critical area has not been a strong focus of research in judgment and decision-making. Future defense systems, which will rely on software-defined networks and may employ ‘moving target’ defenses, will increasingly automate lower level detection and analysis, but will still require humans in the loop for higher level judgment. We studied the decision making process and outcomes of 17 experienced network defense professionals who worked through a set of realistic network defense scenarios. We manipulated gain versus loss framing in a cyber defense scenario, and found significant effects in one of two focal problems. Defenders that began with a network already in quarantine (gain framing) used a quarantine system more than those that did not (loss framing). We also found some difference in perceived workload and efficacy. Alternate explanations of these findings and implications for network defense are discussed.

  17. Problems and Mitigation Strategies for Developing and Validating Statistical Cyber Defenses

    Science.gov (United States)

    2014-04-01

    such as Firewalls , HTTP proxies, and application-level Attribute Based Ac- cess Control [1] to provide a layered defense in depth. The spe- cific...research and technology develop- ment in several areas including: cyber defense, synthetic biology, advanced design tools, AI learning, and quantum

  18. Cyber Threats/Attacks and a Defensive Model to Mitigate Cyber Activities

    OpenAIRE

    Jawad Hussain Awan; Shazad Memon; Sheeraz Memon; Kamran Taj Pathan; Niaz Hussain Arijo

    2018-01-01

    Nowadays, every internet user is part of cyber world. In this way, millions of users, knowledge seekers, and service provider organizations are connected to each other, a vast number of common people shifted their everyday activities to cyber world as they can save their time, traffic problem and gets effective and costless services by using various services such as, online banking, social networking sites, government services and cloud services. The use of Cyber services, eBusiness, eCommerc...

  19. What is the current state of the science of Cyber defense?

    Energy Technology Data Exchange (ETDEWEB)

    Hurd, Alan J. [Los Alamos National Lab. (LANL), Los Alamos, NM (United States)

    2015-10-09

    My overall sense of the cyber defense field is one of an adolescent discipline currently bogged down in a cloud of issues, the most iconic of which is the great diversity of approaches that are being aggregated to form a coherent field. Because my own expertise is complex systems and materials physics research, I have limited direct experience in cyber security sciences except as a user of secure networks and computing resources. However, in producing this report, I have found with certainty that there exists no calculus for cyber risk assessment, mitigation, and response, although some hopeful precepts toward this end are emerging.

  20. Cyber Town at the Woodrow Wilson Center

    Directory of Open Access Journals (Sweden)

    Lisa M. Dennis

    2007-06-01

    Full Text Available Cyber Town is a technology based after-school program that concentrates on reading and technology literacy. The program provides at-risk minority youth a safe environment where they learn skills that will make them competitive in the digital age. Qualitative and quantitative data are collected on all after-school program participants enabling program staff with the ability to individualize technology aided instruction. Youth are instructed at appropriate instructional levels these levels are determined through reading level assessment software programs, teacher recommendations, and reading scores. The program provides a model others can utilize in operating similar computer based programs. It illustrates that when working with youth, educators may discover deeper problems than originally anticipated and adaptations must be made to meet the needs of those young people.

  1. Defense Science Board (DSB) Task Force on Cyber Deterrence

    Science.gov (United States)

    2017-02-01

    Adversary-Specific Campaign Planning and Wargaming Findings: Because deterrence operates by affecting the calculations of specific decision -making...a strategic threat to U.S. critical infrastructure, or to be able to significantly affect the U.S. military’s ability to deploy and operate globally...bolster U.S. cyber deterrence and strengthen U.S. national security. The Task Force notes that the cyber threat to U.S. critical infrastructure is

  2. Game Theory and Uncertainty Quantification for Cyber Defense Applications

    Energy Technology Data Exchange (ETDEWEB)

    Chatterjee, Samrat; Halappanavar, Mahantesh; Tipireddy, Ramakrishna; Oster, Matthew R.

    2016-07-21

    Cyber-system defenders face the challenging task of protecting critical assets and information continually against multiple types of malicious attackers. Defenders typically operate within resource constraints while attackers operate at relatively low costs. As a result, design and development of resilient cyber-systems that can support mission goals under attack while accounting for the dynamics between attackers and defenders is an important research problem.

  3. Review of Cyber-Physical Attacks and Counter Defense Mechanisms for Advanced Metering Infrastructure in Smart Grid

    OpenAIRE

    Wei, Longfei; Rondon, Luis Puche; Moghadasi, Amir; Sarwat, Arif I.

    2018-01-01

    The Advanced Metering Infrastructure (AMI) is a vital element in the current development of the smart grid. AMI technologies provide electric utilities with an effective way of continuous monitoring and remote control of smart grid components. However, owing to its increasing scale and cyber-physical nature, the AMI has been faced with security threats in both cyber and physical domains. This paper provides a comprehensive review of the crucial cyber-physical attacks and counter defense mecha...

  4. No-hardware-signature cybersecurity-crypto-module: a resilient cyber defense agent

    Science.gov (United States)

    Zaghloul, A. R. M.; Zaghloul, Y. A.

    2014-06-01

    We present an optical cybersecurity-crypto-module as a resilient cyber defense agent. It has no hardware signature since it is bitstream reconfigurable, where single hardware architecture functions as any selected device of all possible ones of the same number of inputs. For a two-input digital device, a 4-digit bitstream of 0s and 1s determines which device, of a total of 16 devices, the hardware performs as. Accordingly, the hardware itself is not physically reconfigured, but its performance is. Such a defense agent allows the attack to take place, rendering it harmless. On the other hand, if the system is already infected with malware sending out information, the defense agent allows the information to go out, rendering it meaningless. The hardware architecture is immune to side attacks since such an attack would reveal information on the attack itself and not on the hardware. This cyber defense agent can be used to secure a point-to-point, point-to-multipoint, a whole network, and/or a single entity in the cyberspace. Therefore, ensuring trust between cyber resources. It can provide secure communication in an insecure network. We provide the hardware design and explain how it works. Scalability of the design is briefly discussed. (Protected by United States Patents No.: US 8,004,734; US 8,325,404; and other National Patents worldwide.)

  5. Cyber Security: Assessing Our Vulnerabilities and Developing an Effective Defense

    Science.gov (United States)

    Spafford, Eugene H.

    The number and sophistication of cyberattacks continues to increase, but no national policy is in place to confront them. Critical systems need to be built on secure foundations, rather than the cheapest general-purpose platform. A program that combines education in cyber security, increasing resources for law enforcement, development of reliable systems for critical applications, and expanding research support in multiple areas of security and reliability is essential to combat risks that are far beyond the nuisances of spam email and viruses, and involve widespread espionage, theft, and attacks on essential services.

  6. Towards an integrated defense system for cyber security situation awareness experiment

    Science.gov (United States)

    Zhang, Hanlin; Wei, Sixiao; Ge, Linqiang; Shen, Dan; Yu, Wei; Blasch, Erik P.; Pham, Khanh D.; Chen, Genshe

    2015-05-01

    In this paper, an implemented defense system is demonstrated to carry out cyber security situation awareness. The developed system consists of distributed passive and active network sensors designed to effectively capture suspicious information associated with cyber threats, effective detection schemes to accurately distinguish attacks, and network actors to rapidly mitigate attacks. Based on the collected data from network sensors, image-based and signals-based detection schemes are implemented to detect attacks. To further mitigate attacks, deployed dynamic firewalls on hosts dynamically update detection information reported from the detection schemes and block attacks. The experimental results show the effectiveness of the proposed system. A future plan to design an effective defense system is also discussed based on system theory.

  7. Offense-Defense Theory Analysis of Russian Cyber Capability

    Science.gov (United States)

    2015-03-01

    Internet and communications technologies IR international relations ISP Internet service provider RBN Russian Business Network Roskomnadzor Federal...Service for Supervision of Communications , Information Technology and Mass Media SCO Shanghai Cooperation Organization SORM System for Operative...complexity of contributing factors, it may be more meaningful to calculate dyadic , rather than systemic offense-defense balance, and it is valuable to

  8. Anticipatory Self-Defense in the Cyber Context

    NARCIS (Netherlands)

    Gill, T.D.; Ducheine, P.A.L.

    2013-01-01

    This article will examine the question of whether the right of self-defense under contemporary international law permits a State to react to an imminent or potential armed attack carried out by digital means in two circumstances. First, as an attack occurring in conjunction with, or as an adjunct

  9. Accounting for Unliquidated Obligations for the Defense Fuel Supply Center

    National Research Council Canada - National Science Library

    1996-01-01

    .... The Defense Finance and Accounting Service (DFAS) Columbus Center, Columbus, Ohio, and the Defense Fuel Supply Center share responsibility for accurate accounting information and financial reporting...

  10. The Cyber Defense (CyDef) Model for Assessing Countermeasure Capabilities.

    Energy Technology Data Exchange (ETDEWEB)

    Kimura, Margot [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); DeVries, Troy Robert [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Gordon, Susanna P. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

    2017-06-01

    Cybersecurity is essential to maintaining operations, and is now a de facto cost of business. Despite this, there is little consensus on how to systematically make decisions about cyber countermeasures investments. Identifying gaps and determining the expected return on investment (ROI) of adding a new cybersecurity countermeasure is frequently a hand-waving exercise at best. Worse, cybersecurity nomenclature is murky and frequently over-loaded, which further complicates issues by inhibiting clear communication. This paper presents a series of foundational models and nomenclature for discussing cybersecurity countermeasures, and then introduces the Cyber Defense (CyDef) model, which provides a systematic and intuitive way for decision-makers to effectively communicate with operations and device experts.

  11. National cyber defense high performance computing and analysis : concepts, planning and roadmap.

    Energy Technology Data Exchange (ETDEWEB)

    Hamlet, Jason R.; Keliiaa, Curtis M.

    2010-09-01

    There is a national cyber dilemma that threatens the very fabric of government, commercial and private use operations worldwide. Much is written about 'what' the problem is, and though the basis for this paper is an assessment of the problem space, we target the 'how' solution space of the wide-area national information infrastructure through the advancement of science, technology, evaluation and analysis with actionable results intended to produce a more secure national information infrastructure and a comprehensive national cyber defense capability. This cybersecurity High Performance Computing (HPC) analysis concepts, planning and roadmap activity was conducted as an assessment of cybersecurity analysis as a fertile area of research and investment for high value cybersecurity wide-area solutions. This report and a related SAND2010-4765 Assessment of Current Cybersecurity Practices in the Public Domain: Cyber Indications and Warnings Domain report are intended to provoke discussion throughout a broad audience about developing a cohesive HPC centric solution to wide-area cybersecurity problems.

  12. The Challenges of Defense Support of Civil Authorities and Homeland Defense in the Cyber Domain

    Science.gov (United States)

    2013-05-20

    of-service attack lasting one week or longer. Medical life-support systems would fail and a devastating impact to the economy would occur with the...Information Grid ( GIG ) against a cyber attack has taken the forefront in national level discussions. The U.S. homeland’s assumed sanctuary against...other U.S. government agencies and key operators within the private sector to detect, deter, prevent, and thwart exploitation of CIKR and the GIG

  13. A Relationship on the Rocks: Industry-Government Partnership for Cyber Defense

    Directory of Open Access Journals (Sweden)

    Larry Clinton

    2011-01-01

    Full Text Available Cyber security is a complex issue that requires a smart, balanced approach to public-private partnership. However, there is not a simple gold standard or mandatory minimum standard of cyber security, which can cause friction in the relationship between government and private industry. There are fundamental differences in these two unevenly yoked partners: government's fundamental role under the U.S. Constitution is to provide for the common defense; industry's role, backed by nearly a hundred years of case law, is to maximize shareholder value. Further differences are that government partners and industry players often assess risk differently, based on their differing missions and objectives. To be successful, both government and industry need to remain committed to the relationship and continue working on it by understanding the complexity of the situation, adapting where appropriate to their partner's perspective. For the public-private partnership to endure and grow, an appreciation of these differing perspectives—born from different legally mandated responsibilities—must be reached. Ultimately, the government should compensate private entities for making investments that align with the government's perspective, such as the social contract, rather than mandating that the shareholders subsidize the government function of providing for the common defense.

  14. 76 FR 2151 - Assumption Buster Workshop: Defense-in-Depth is a Smart Investment for Cyber Security

    Science.gov (United States)

    2011-01-12

    ... day-long workshop on the pros and cons of the defense-in-depth strategy for cyber security. The... Technology Research and Development (NITRD) Program. ACTION: Call for participation. FOR FURTHER INFORMATION... Information Technology Research and Development (NITRD) Program on behalf of the SCORE Committee. Background...

  15. 76 FR 6637 - Assumption Buster Workshop: Defense-in-Depth Is a Smart Investment for Cyber Security

    Science.gov (United States)

    2011-02-07

    ... the pros and cons of the Defense-in-Depth strategy for cyber security. The workshop will be held March... Technology Research and Development (NITRD) Program. ACTION: Call for participation. FOR FURTHER INFORMATION... notice is issued by the National Coordination Office for the Networking and Information Technology...

  16. Cyber security level assignment for research reactor digital instrumentation and control system architecture using concept of defense in depth

    International Nuclear Information System (INIS)

    Shin, Jin Soo; Heo, Gyun Young; Son, Han Seong; Kim, Young Ki; Park, Jaek Wan

    2012-01-01

    Due to recent aging of the analog instrumentation of many nuclear power plants (NPPs) and research reactors, the system reliability decreases while maintenance and testing costs increase. In addition, it is difficult to find the substitutable analog equipment s due to obsolescence. Therefore, the instrumentation and control (I and C) systems have changed from analog system to digital system due to these facts. With the introduction of digital systems, research reactors are forced to care for the problem of cyber attacks because I and C systems have been digitalized using networks or communication systems. Especially, it is more issued at research reactors due to the accessibility of human resources. In the real world, an IBM researcher has been successful in controlling the software by penetrating a NPPs network in U.S. on July 2008 and acquiring the control right of nuclear facilities after one week. Moreover, the malignant code called 'stuxnet' impaired the nearly 1,000 centrifugal separators in Iran according to an IAEA report. The problem of cyber attacks highlights the important of cyber security, which should be emphasized. Defense.in.depth (DID) is a significant concept for the cyber security to work properly. DID institutes and maintains a hardy program for critical digital asset (CDA) by implementing multiple security boundaries. In this work, we assign cyber security levels to a typical digital I and C system using DID concept. This work is very useful in applying the concept of DID to nuclear industry with respect to cyber security

  17. Cyber security level assignment for research reactor digital instrumentation and control system architecture using concept of defense in depth

    Energy Technology Data Exchange (ETDEWEB)

    Shin, Jin Soo; Heo, Gyun Young [Kyung Hee University, Seoul (Korea, Republic of); Son, Han Seong [Joongbu Univ., Chungnam (Korea, Republic of); Kim, Young Ki; Park, Jaek Wan [KAERI, Daejeon (Korea, Republic of)

    2012-10-15

    Due to recent aging of the analog instrumentation of many nuclear power plants (NPPs) and research reactors, the system reliability decreases while maintenance and testing costs increase. In addition, it is difficult to find the substitutable analog equipment s due to obsolescence. Therefore, the instrumentation and control (I and C) systems have changed from analog system to digital system due to these facts. With the introduction of digital systems, research reactors are forced to care for the problem of cyber attacks because I and C systems have been digitalized using networks or communication systems. Especially, it is more issued at research reactors due to the accessibility of human resources. In the real world, an IBM researcher has been successful in controlling the software by penetrating a NPPs network in U.S. on July 2008 and acquiring the control right of nuclear facilities after one week. Moreover, the malignant code called 'stuxnet' impaired the nearly 1,000 centrifugal separators in Iran according to an IAEA report. The problem of cyber attacks highlights the important of cyber security, which should be emphasized. Defense.in.depth (DID) is a significant concept for the cyber security to work properly. DID institutes and maintains a hardy program for critical digital asset (CDA) by implementing multiple security boundaries. In this work, we assign cyber security levels to a typical digital I and C system using DID concept. This work is very useful in applying the concept of DID to nuclear industry with respect to cyber security.

  18. Towards the Development of a Defensive Cyber Damage and Mission Impact Methodology

    National Research Council Canada - National Science Library

    Fortson, Jr, Larry W

    2007-01-01

    The purpose of this research is to establish a conceptual methodological framework that will facilitate effective cyber damage and mission impact assessment and reporting following a cyber-based information incidents...

  19. Defense Agency Travel Payments at Defense Finance and Accounting Service Indianapolis Center

    National Research Council Canada - National Science Library

    1997-01-01

    The audit objective was to assess the effectiveness of Defense Finance and Accounting Service Indianapolis Center management controls over payments to Defense agency personnel for temporary duty and local travel...

  20. CyberWar, CyberTerror, CyberCrime

    CERN Document Server

    Mehan, Julie E

    2008-01-01

    CyberWar, CyberTerror, CyberCrime provides a stark and timely analysis of the increasingly hostile online landscape that today’s corporate systems inhabit, and gives a practical introduction to the defensive strategies that can be employed in response.

  1. CHDS Speaker: Hackers Critical to Defeating Cyber Threats

    OpenAIRE

    Center for Homeland Defense and Security

    2014-01-01

    Center for Homeland Defense and Security News and Stories, PRESS RELEASES Hackers are potential resources that can aid in the fight against cyber-terror far better than government bureaucrats, says internationally known security researcher Robi Sen. Sure, sophisticated cyber-criminal hackers and organizations...

  2. Expanding the Department of Defense’s Role in Cyber Civil Support

    Science.gov (United States)

    2011-06-17

    vulnerability of this very crucial domain. They include the Y2K problem, the Estonia cyber-attacks in 2007, and the role of cyber in the Russian-Georgia...cyber security vulnerabilities associated with critical infrastructure. The Year 2000 Challenge The Year 2000 ( Y2K ) problem was the result of...and microprocessors failed to make the correct transition from 1999 to 2000.19 One of the most critical concerns with Y2K was the potential cascading

  3. NATO’s Options for Defensive Cyber Against Non-State Actors

    Science.gov (United States)

    2013-04-01

    services to cyber criminals and hacker patriots.”33 The FSB had maintained an unsavory relationship with hackers since the early 1990s; 9 Oleg...responsibility under international law to stop the DDOS being facilitated by botnet controllers located within its geographic borders, and prosecute the cyber ... criminals involved. “Rule 5” of the Tallinn Manual addresses the cyber responsibility of a nation-state: “A State shall not knowingly allow the

  4. Cyber dating abuse among teens using school-based health centers.

    Science.gov (United States)

    Dick, Rebecca N; McCauley, Heather L; Jones, Kelley A; Tancredi, Daniel J; Goldstein, Sandi; Blackburn, Samantha; Monasterio, Erica; James, Lisa; Silverman, Jay G; Miller, Elizabeth

    2014-12-01

    To estimate the prevalence of cyber dating abuse among youth aged 14 to 19 years seeking care at school-based health centers and associations with other forms of adolescent relationship abuse (ARA), sexual violence, and reproductive and sexual health indicators. A cross-sectional survey was conducted during the 2012-2013 school year (participant n = 1008). Associations between cyber dating abuse and study outcomes were assessed via logistic regression models for clustered survey data. Past 3-month cyber dating abuse was reported by 41.4% of this clinic-based sample. More female than male participants reported cyber dating abuse victimization (44.6% vs 31.0%). Compared with no exposure, low- ("a few times") and high-frequency ("once or twice a month" or more) cyber dating abuse were significantly associated with physical or sexual ARA (low: adjusted odds ratio [aOR] 2.8, 95% confidence interval [CI] 1.8-4.4; high: aOR 5.4, 95% CI 4.0-7.5) and nonpartner sexual assault (low: aOR 2.7, 95% CI 1.3-5.5; high: aOR 4.1, 95% CI 2.8-5.9). Analysis with female participants found an association between cyber dating abuse exposure and contraceptive nonuse (low: aOR 1.8, 95% CI 1.2-2.7; high: aOR 4.1, 95% CI 2.0-8.4) and reproductive coercion (low: aOR 3.0, 95% CI 1.4-6.2; high: aOR 5.7, 95% CI 2.8-11.6). Cyber dating abuse is common and associated with ARA and sexual assault in an adolescent clinic-based sample. The associations of cyber dating abuse with sexual behavior and pregnancy risk behaviors suggest a need to integrate ARA education and harm reduction counseling into sexual health assessments in clinical settings. Copyright © 2014 by the American Academy of Pediatrics.

  5. Cyber crimes.

    Science.gov (United States)

    Nuzback, Kara

    2014-07-01

    Since it began offering cyber liability coverage in December 2011, the Texas Medical Liability Trust has received more than 150 cyber liability claims, most of which involved breaches of electronic protected health information. TMLT's cyber liability insurance will protect practices financially should a breach occur. The insurance covers a breach notification to customers and business partners, expenses for legal counsel, information security and forensic data services, public relations support, call center and website support, credit monitoring, and identity theft restoration services.

  6. 77 FR 27615 - Department of Defense (DoD)-Defense Industrial Base (DIB) Voluntary Cyber Security and...

    Science.gov (United States)

    2012-05-11

    ...D information systems, including information and information systems operated and maintained by... cyber threat, which may already have a presence on the DIB participant's system; and thus the DIB... dedicated threat sharing and collaboration system, and validated on-line application procedures in order to...

  7. Towards a Cyber Defense Framework for SCADA Systems Based on Power Consumption Monitoring

    Energy Technology Data Exchange (ETDEWEB)

    Hernandez Jimenez, Jarilyn M [ORNL; Chen, Qian [Savannah State University; Nichols, Jeff A. {Cyber Sciences} [ORNL; Calhoun, Chelsea [Savannah State University; Sykes, Summer [Savannah State University

    2017-01-01

    Supervisory control and data acquisition (SCADA) is an industrial automation system that remotely monitor, and control critical infrastructures. SCADA systems are major targets for espionage and sabotage attackers. According to the 2015 Dell security annual threat report, the number of cyber-attacks against SCADA systems has doubled in the past year. Cyber-attacks (i.e., buffer overflow, rootkits and code injection) could cause serious financial losses and physical infrastructure damages. Moreover, some specific cyber-attacks against SCADA systems could become a threat to human life. Current commercial off-the-shelf security solutions are insufficient in protecting SCADA systems against sophisticated cyber-attacks. In 2014 a report by Mandiant stated that only 69% of organizations learned about their breaches from third entities, meaning that these companies lack of their own detection system. Furthermore, these breaches are not detected in real-time or fast enough to prevent further damages. The average time between compromise and detection (for those intrusions that were detected) was 205 days. To address this challenge, we propose an Intrusion Detection System (IDS) that detects SCADA-specific cyber-attacks by analyzing the power consumption of a SCADA device. Specifically, to validate the proposed approach, we chose to monitor in real-time the power usage of a a Programmable Logic Controller (PLC). To this end, we configured the hardware of the tetsbed by installing the required sensors to monitor and collect its power consumption. After that two SCADA-specific cyber-attacks were simulated and TracerDAQ Pro was used to collect the power consumption of the PLC under normal and anomalous scenarios. Results showed that is possible to distinguish between the regular power usage of the PLC and when the PLC was under specific cyber-attacks.

  8. Center for Homeland Defense and Security Homeland Security Affairs Journal

    OpenAIRE

    2015-01-01

    Homeland Security Affairs is the peer-reviewed online journal of the Center for Homeland Defense and Security (CHDS). The journal provides a forum to propose and debate strategies, policies and organizational arrangements to strengthen U.S. homeland security.

  9. Toward Intelligent Autonomous Agents for Cyber Defense: Report of the 2017 Workshop by the North Atlantic Treaty Organization (NATO) Research Group IST-152 RTG

    Science.gov (United States)

    2018-04-18

    simple example? 15. SUBJECT TERMS cybersecurity , cyber defense, autonomous agents, resilience, adversarial intelligence 16. SECURITY CLASSIFICATION...explained” based on other attack sequences (e.g., Kullback–Leibler [K-L] divergence). For example, the DARPA Explainable Artificial Intelligence ...a failure of humanity, not artificial intelligence . The notion of self-guidance approaches the field of robot ethics. How can autonomous agents be

  10. Toward Intelligent Autonomous Agents for Cyber Defense: Report of the 2017 Workshop by the North Atlantic Treaty Organization (NATO) Research Group IST-152-RTG

    Science.gov (United States)

    2018-04-01

    simple example? 15. SUBJECT TERMS cybersecurity , cyber defense, autonomous agents, resilience, adversarial intelligence 16. SECURITY CLASSIFICATION...explained” based on other attack sequences (e.g., Kullback–Leibler [K-L] divergence). For example, the DARPA Explainable Artificial Intelligence ...a failure of humanity, not artificial intelligence . The notion of self-guidance approaches the field of robot ethics. How can autonomous agents be

  11. Human-centered design of a cyber-physical system for advanced response to Ebola (CARE).

    Science.gov (United States)

    Dimitrov, Velin; Jagtap, Vinayak; Skorinko, Jeanine; Chernova, Sonia; Gennert, Michael; Padir, Taşkin

    2015-01-01

    We describe the process towards the design of a safe, reliable, and intuitive emergency treatment unit to facilitate a higher degree of safety and situational awareness for medical staff, leading to an increased level of patient care during an epidemic outbreak in an unprepared, underdeveloped, or disaster stricken area. We start with a human-centered design process to understand the design challenge of working with Ebola treatment units in Western Africa in the latest Ebola outbreak, and show preliminary work towards cyber-physical technologies applicable to potentially helping during the next outbreak.

  12. ViNEL: A Virtual Networking Lab for Cyber Defense Education

    Science.gov (United States)

    Reinicke, Bryan; Baker, Elizabeth; Toothman, Callie

    2018-01-01

    Professors teaching cyber security classes often face challenges when developing workshops for their students: How does one quickly and efficiently configure and deploy an operating system for a temporary learning/testing environment? Faculty teaching these classes spend countless hours installing, configuring and deploying multiple system…

  13. Cyber Graph Queries for Geographically Distributed Data Centers

    Energy Technology Data Exchange (ETDEWEB)

    Berry, Jonathan W. [Mail Stop, Albuquerque, NM (United States); Collins, Michael [Christopher Newport Univ., VA (United States); Kearns, Aaron [Univ. of New Mexico, Albuquerque, NM (United States); Phillips, Cynthia A. [Mail Stop, Albuquerque, NM (United States); Saia, Jared [Univ. of New Mexico, Albuquerque, NM (United States)

    2015-05-01

    We present new algorithms for a distributed model for graph computations motivated by limited information sharing we first discussed in [20]. Two or more independent entities have collected large social graphs. They wish to compute the result of running graph algorithms on the entire set of relationships. Because the information is sensitive or economically valuable, they do not wish to simply combine the information in a single location. We consider two models for computing the solution to graph algorithms in this setting: 1) limited-sharing: the two entities can share only a polylogarithmic size subgraph; 2) low-trust: the entities must not reveal any information beyond the query answer, assuming they are all honest but curious. We believe this model captures realistic constraints on cooperating autonomous data centers. We have algorithms in both setting for s - t connectivity in both models. We also give an algorithm in the low-communication model for finding a planted clique. This is an anomaly- detection problem, finding a subgraph that is larger and denser than expected. For both the low- communication algorithms, we exploit structural properties of social networks to prove perfor- mance bounds better than what is possible for general graphs. For s - t connectivity, we use known properties. For planted clique, we propose a new property: bounded number of triangles per node. This property is based upon evidence from the social science literature. We found that classic examples of social networks do not have the bounded-triangles property. This is because many social networks contain elements that are non-human, such as accounts for a business, or other automated accounts. We describe some initial attempts to distinguish human nodes from automated nodes in social networks based only on topological properties.

  14. Automating cyber offensive operations for cyber challenges

    CSIR Research Space (South Africa)

    Burke, I

    2016-03-01

    Full Text Available with regards to attack automation. 2. Background on cyber games CTF exercises are offensive and defensive cyber training exercises whereby teams compete against one another to obtain flags or tokens hidden on various servers. In some cases these flags... are located on an opponent’s servers, which results in teams being required to attack adversary servers while maintaining defences on their own services (The National Cyber League 2013). These challenges are often time based and victors are determined based...

  15. Developing Standard Exercises and Statistics to Measure the Impact of Cyber Defenses

    Science.gov (United States)

    2014-06-01

    partial fulfillment of the requirements for the degree of MASTER OF SCIENCE IN CYBER SYSTEMS AND OPERATIONS from the NAVAL POSTGRADUATE...attributed to insurers’ lack of experience with a new kind of risk, combined with insufficient actuarial data hindering competitive pricing.” Thus, it is...event. This “lack of actuarial data,” as will be seen later, is not just missing in insurance models—it is indeed the missing piece in the cost

  16. The Convergence of U.S. Military and Commercial Space Activities: Self-Defense and Cyber-Attack, 'Peace Use' and the Space Station, and the Need for Legal Reform

    National Research Council Canada - National Science Library

    Petras, Christopher

    2001-01-01

    .... Part I will examine the concept of self-defense in outer space, by considering the legality of the use of conventional military force to defend against "cyber-attack" on its commercial space assets...

  17. Defense Civil Support: DOD Needs to Identify National Guards Cyber Capabilities and Address Challenges in Its Exercises

    Science.gov (United States)

    2016-09-01

    participated in exercises to support civil authorities in a cyber incident or to test the responses to simulated attacks on cyber infrastructure owned by...authorities or to test the response to simulated attacks on cyber infrastructure owned by civil authorities. Of these 9 exercises, DOD conducted 7...and a response to simulated cyber attacks on electric grid networks. According to a North American Electric Reliability Corporation official, DOD

  18. ShadowNet: An Active Defense Infrastructure for Insider Cyber Attack Prevention

    Energy Technology Data Exchange (ETDEWEB)

    Cui, Xiaohui [ORNL; Beaver, Justin M [ORNL; Treadwell, Jim N [ORNL

    2012-01-01

    The ShadowNet infrastructure for insider cyber attack prevention is comprised of a tiered server system that is able to dynamically redirect dangerous/suspicious network traffic away from production servers that provide web, ftp, database and other vital services to cloned virtual machines in a quarantined environment. This is done transparently from the point of view of both the attacker and normal users. Existing connections, such as SSH sessions, are not interrupted. Any malicious activity performed by the attacker on a quarantined server is not reflected on the production server. The attacker is provided services from the quarantined server, which creates the impression that the attacks performed are successful. The activities of the attacker on the quarantined system are able to be recorded much like a honeypot system for forensic analysis.

  19. Mean-Field-Game Model for Botnet Defense in Cyber-Security

    Energy Technology Data Exchange (ETDEWEB)

    Kolokoltsov, V. N., E-mail: v.kolokoltsov@warwick.ac.uk [University of Warwick, Department of Statistics (United Kingdom); Bensoussan, A. [The University of Texas at Dallas, School of Management (United States)

    2016-12-15

    We initiate the analysis of the response of computer owners to various offers of defence systems against a cyber-hacker (for instance, a botnet attack), as a stochastic game of a large number of interacting agents. We introduce a simple mean-field game that models their behavior. It takes into account both the random process of the propagation of the infection (controlled by the botner herder) and the decision making process of customers. Its stationary version turns out to be exactly solvable (but not at all trivial) under an additional natural assumption that the execution time of the decisions of the customers (say, switch on or out the defence system) is much faster that the infection rates.

  20. Mean-Field-Game Model for Botnet Defense in Cyber-Security

    International Nuclear Information System (INIS)

    Kolokoltsov, V. N.; Bensoussan, A.

    2016-01-01

    We initiate the analysis of the response of computer owners to various offers of defence systems against a cyber-hacker (for instance, a botnet attack), as a stochastic game of a large number of interacting agents. We introduce a simple mean-field game that models their behavior. It takes into account both the random process of the propagation of the infection (controlled by the botner herder) and the decision making process of customers. Its stationary version turns out to be exactly solvable (but not at all trivial) under an additional natural assumption that the execution time of the decisions of the customers (say, switch on or out the defence system) is much faster that the infection rates.

  1. Department of Defense Information Network (DODIN): A Study of Current Cyber Threats and Best Practices for Network Security

    Science.gov (United States)

    2016-06-10

    DODIN) is being threatened by state actors, non-state actors, and continuous hacking and cyber-attacks. These threats against the network come in a...variety of forms; physical attacks from radio jamming, logical cyber threats from hacking , or a combination of both physical and logical attacks. Each...year the number of hacking attacks is increasing. Corporations like Symantec publish annual reports on cyber threats and provide tips for best

  2. Holistic Physical Risk and Crises Prioritization Approaches to Solve Cyber Defense Conundrums

    Directory of Open Access Journals (Sweden)

    Franco Oboni

    2015-08-01

    Full Text Available During the last decade the techniques and tools of cyber attacks have become more sophisticated, the distinctions between actors and threats have become blurred and attack prospects more worrying. The informational threat can hit any type of civilian or military controls, fixed or mobile infrastructures, putting them down or greatly reducing their service capabilities with direct and indirect physical / economic impacts from tactical or local scale to strategic / national and international level. It has been shown that broad spectrum protection investments and particularly poorly prioritized ones are not efficient as oftentimes they are limited in scope by other operational requirements. So it is simply not possible to protect each property from each threat. The cyberdefense must be rooted on intelligence based on prioritized Risk Management and not on standardized audits and practice of indolent regulations, written a priori, or the biased advice of fear monger solutions sellers. RM offers ultimately support for operational decisions and protection (mitigation, provided that we want to define the level of acceptable risk reduction /mitigation and that we formulate measurable performance targets to achieve .

  3. Integrated Cyber Defenses: Towards Cyber Defense Doctrine

    Science.gov (United States)

    2007-12-01

    and spam filters, mail relays, antivirus /antimalware software , router Access Control Lists (ACLs), cryptography and encryption, user access... Cisco ), network protocols (like TCP/IP [Transmission Control Protocol/Internet Protocol]), programs, programming languages (like C++, Java, ActiveX...rules were built into them. Since these are human-made rules, they can be changed by replacing or updating hardware and/or software . Unlike the

  4. The Story of the Defense Technical Information Center 1945 - 1995, 50 Years of Information for Defense

    Science.gov (United States)

    1995-07-01

    necessary. As John Naisbitt observed in his 1982 book Megatrends , ...with the coming of the infor- mation society, we have for the first time an economy...information in the hands of many. —John Naisbitt Megatrends As the Defense Technical Information Center moves forward into the last decade of the...Gulf War, for example, Iraq’s leader, Saddam Hussein, threatened to use biological or biochemical warfare. To defend against this threat, the U.S

  5. Are the rules for the right to self-defense outdated to address current conflicts like attacks from non-state actors and cyber-attacks?

    Directory of Open Access Journals (Sweden)

    Gonzalo J. Arias

    2017-06-01

    Full Text Available The latest US-led coalition’s attacks against ISIS in Syria raised the question whether states can use defensive force against non-state actors. Two critical incidents had previously triggered the discussion on the importance and consequences of cyber-attacks as a new form armed attacks. The first one occurred in Estonia in 2007, when the country experienced extensive computer hacking attacks that lasted several weeks. The second incident happened in 2008, during the Georgia–Russia conflict over South Ossetia, when Georgia experienced cyber-attacks similar to those suffered by Estonia in the previous year. Furthermore, on June 21, 2016, the central banks of Indonesia and South Korea were hit by cyber-attacks on their public websites since activist hacking group Anonymous pledged last month to target banks across the world. The previous incidents have created, once again, public questioning if the rules on the use of force and the right of self-defense established in the United Nations Charter are sufficient and efficient to address these new forms of attacks.

  6. Impact of Protection Motivation Theory and General Deterrence Theory on the Behavioral Intention to Implement and Misuse Active Cyber Defense

    Science.gov (United States)

    White, Jautau Kelton

    2017-01-01

    Current cybersecurity measures have become a major concern for commercial organizations in the United States. As the cyber-attack landscape expands and the skills and knowledge of the cyber-attacker become broader, the current measures that are taken and the laws structured around them are making it increasingly difficult for commercial…

  7. Game Theory for Proactive Dynamic Defense and Attack Mitigation in Cyber-Physical Systems

    Energy Technology Data Exchange (ETDEWEB)

    Letchford, Joshua [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

    2016-09-01

    While there has been a great deal of security research focused on preventing attacks, there has been less work on how one should balance security and resilience investments. In this work we developed and evaluated models that captured both explicit defenses and other mitigations that reduce the impact of attacks. We examined these issues both in more broadly applicable general Stackelberg models and in more specific network and power grid settings. Finally, we compared these solutions to existing work in terms of both solution quality and computational overhead.

  8. Predicting Cyber Events by Leveraging Hacker Sentiment

    OpenAIRE

    Deb, Ashok; Lerman, Kristina; Ferrara, Emilio

    2018-01-01

    Recent high-profile cyber attacks exemplify why organizations need better cyber defenses. Cyber threats are hard to accurately predict because attackers usually try to mask their traces. However, they often discuss exploits and techniques on hacking forums. The community behavior of the hackers may provide insights into groups' collective malicious activity. We propose a novel approach to predict cyber events using sentiment analysis. We test our approach using cyber attack data from 2 major ...

  9. 76 FR 39076 - Board of Visitors, Defense Language Institute Foreign Language Center

    Science.gov (United States)

    2011-07-05

    ... DEPARTMENT OF DEFENSE Department of the Army Board of Visitors, Defense Language Institute Foreign Language Center AGENCY: Department of the Army, DoD. ACTION: Notice of open meeting. SUMMARY: Under the... Visitors, Defense Language Institute Foreign Language Center. Date: August 3 and 4, 2011. Time of Meeting...

  10. 75 FR 43496 - Board of Visitors, Defense Language Institute Foreign Language Center

    Science.gov (United States)

    2010-07-26

    ... DEPARTMENT OF DEFENSE Department of the Army Board of Visitors, Defense Language Institute Foreign Language Center AGENCY: Department of the Army, DoD. ACTION: Notice of open meeting. SUMMARY: Under the... Visitors, Defense Language Institute Foreign Language Center. Date: August 10 and 11, 2010. Time of Meeting...

  11. 77 FR 62223 - Board of Visitors Defense Language Institute Foreign Language Center

    Science.gov (United States)

    2012-10-12

    ... DEPARTMENT OF DEFENSE Department of the Army Board of Visitors Defense Language Institute Foreign Language Center AGENCY: Department of the Army, DoD. ACTION: Notice of open meeting. SUMMARY: Under the... Visitors, Defense Language Institute Foreign Language Center. Date: October 31, 2012 and November 1, 2012...

  12. 76 FR 45543 - Board of Visitors, Defense Language Institute Foreign Language Center

    Science.gov (United States)

    2011-07-29

    ... DEPARTMENT OF DEFENSE Department of the Army Board of Visitors, Defense Language Institute Foreign Language Center AGENCY: Department of the Army, DOD. ACTION: Notice; cancellation. SUMMARY: The Board of Visitors, Defense Language Institute Foreign Language Center meeting scheduled for August 3 and 4, 2011...

  13. Outsourcing of Defense Supply Center, Columbus, Bus and Taxi Service Operations

    National Research Council Canada - National Science Library

    Granetto, Paul

    1999-01-01

    Introduction. We performed the audit in response to allegations to the Defense Hotline that the Defense Supply Center, Columbus, outsourcing study for bus and taxi service operations was based on incorrect methodology...

  14. Cyber Power: Attack and Defense Lessons from Land, Sea, and Air Power

    Science.gov (United States)

    2011-06-01

    Internet War," Cyberpsychology , Behavior , and Social Networking 13, no. 4 (2010): 450. Existing evidence suggests that some of the ethnic Russians who...34Storming the Servers: A Social Psychological Analysis of the First Internet War." Cyberpsychology , Behavior , and Social Networking 13, no. 4... Network Analysis Center, who I wholeheartedly appreciate for his time, trust, and insight as an interview subject. Trent, thank you for being so open and

  15. Cyber-physical securi

    Directory of Open Access Journals (Sweden)

    Aditya Ashok

    2014-07-01

    Full Text Available Smart grid initiatives will produce a grid that is increasingly dependent on its cyber infrastructure in order to support the numerous power applications necessary to provide improved grid monitoring and control capabilities. However, recent findings documented in government reports and other literature, indicate the growing threat of cyber-based attacks in numbers and sophistication targeting the nation’s electric grid and other critical infrastructures. Specifically, this paper discusses cyber-physical security of Wide-Area Monitoring, Protection and Control (WAMPAC from a coordinated cyber attack perspective and introduces a game-theoretic approach to address the issue. Finally, the paper briefly describes how cyber-physical testbeds can be used to evaluate the security research and perform realistic attack-defense studies for smart grid type environments.

  16. Maritime Cyber Security University Research

    Science.gov (United States)

    2016-05-01

    i Classification | CG-926 RDC | author | audience | month year Maritime Cyber Security University Research Phase I - Final Report...Distribution Statement A: Approved for public release; distribution is unlimited. May 2016 Report No. CG-D-06-16 Maritime Cyber Security...Director United States Coast Guard Research & Development Center 1 Chelsea Street New London, CT 06320 Maritime Cyber Security University

  17. Statement of Accountability Reconciliation Procedures for Defense Finance and Accounting Service Columbus Center, Disbursing Station 6551

    National Research Council Canada - National Science Library

    1998-01-01

    .... Beginning in FY 1996, the Defense Finance and Accounting Service (DFAS) Indianapolis Center became responsible for preparing the financial statements for the Department 97 general fund appropriations...

  18. Documentation of the Federal Financial System Process at the Defense Finance and Accounting Service Indianapolis Center

    National Research Council Canada - National Science Library

    Gimble, Thomas

    1997-01-01

    .... In September 1994, the Defense Finance and Accounting Service (DFAS) transferred the responsibility for preparing the departmental accounting reports for Department 971 appropriations to the DFAS Indianapolis Center...

  19. Paying Personal Property Transportation Contracts at the Defense Finance and Accounting Service-Indianapolis Center

    National Research Council Canada - National Science Library

    Bridges, W

    1997-01-01

    ...; procuring those services using Federal Acquisition Regulation (FAR) contracts. It also plans to centralize the payment process at the Defense Finance and Accounting Service-Indianapolis Center (DFAS...

  20. Cyber Crime & Cyber War – "Part of the Game": Cyber Security, Quo Vadis?

    Directory of Open Access Journals (Sweden)

    Karl H. Stingeder

    2015-09-01

    äventivmaßnahmen ist weder ausreichend noch nachhaltig. What roles does cyber crime play today? What differentiates cyber crime from cyber war? How must cyber security be organized in order to effectively ensure sustainable protection? Cyber crime activities are frequently characterized by the easy accessibility of fraudulent know-how and technical means. Due to the sluggish and inadequate implementation of coordinated countermeasures, cyber crimes are a low-risk and high-reward scenario for cyber criminals. The more organized and specialized a cyber crime network, the greater the potential for damage. In fact, cyber crime is the umbrella term for fraudulent activities via the World Wide Web. These rely on the model of "traditional" offline criminal behavior patterns, which are easy to access thanks to the technological spectrum of the Internet. Nonetheless, it is the technical execution of the crime that represents a crucial distinguishing characteristic between online and offline fraud. Furthermore, from the point of view of organized crime, governments and terror groups, a lower inhibition threshold for a military exploitation of the Internet is a focal point of cyber security. As soon as cyber crime activity is the means by which to achieve political goals, it is called cyber war. Sustainable measures directed against cyber crime and cyber war take place in a highly dynamic environment. Cyber criminals are usually well-equipped in terms of logistics and financial resources. Many are supported by governments. Cyber criminals have wide-ranging technical expertise, which enables them to develop customized malware to accomplish their goals. At present, many companies and public sector entities do not fully realize how imperative defense systems are. Cyber security focus on purely preventive measures is therefore neither sufficient nor sustainable.

  1. 75 FR 47797 - Board of Visitors, Defense Language Institute Foreign Language Center

    Science.gov (United States)

    2010-08-09

    ... DEPARTMENT OF DEFENSE Department of the Army Board of Visitors, Defense Language Institute Foreign Language Center AGENCY: Department of the Army, DOD. ACTION: Notice; cancellation. SUMMARY: The Board of... be held on September 13 & 14, 2010 from 8 a.m. to 5 p.m. at the Defense Language Institute Foreign...

  2. Unlocking User-Centered Design Methods for Building Cyber Security Visualizations

    Science.gov (United States)

    2015-10-03

    3, 10, 24, 25, 30]. Personas are doc- uments meant to foster communication within a design team as archetypes of users, their behaviors, and their...to evaluation, these two user archetypes became the key motivation to justify and balance all our decisions as a design team. Outcomes We present the...domain-specific task for each archetypal user and visually illustrated the user’s cyber knowl- edge and situational awareness (SA) focus. We also

  3. Cybersecurity: Utilizing Fusion Centers to Protect State, Local, Tribal, and Territorial Entities Against Cyber Threats

    Science.gov (United States)

    2016-09-01

    freedom of speech to name a few. Hacktivists use several cyber-attack methods: blocking access to websites, defacing of websites, identity theft...2009), 10, https://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf. 7 In May 2009, during his speech on Cybersecurity...accounts and stole PII data from the organization. The #GOP leaked PII data to the public to embarrass Sony Executives in response to a film “The

  4. 41 CFR 101-30.504 - Cataloging data from Defense Logistics Services Center (DLSC).

    Science.gov (United States)

    2010-07-01

    ... 41 Public Contracts and Property Management 2 2010-07-01 2010-07-01 true Cataloging data from Defense Logistics Services Center (DLSC). 101-30.504 Section 101-30.504 Public Contracts and Property... data from Defense Logistics Services Center (DLSC). Upon receipt of cataloging data from civil agencies...

  5. Civil Support: DOD Needs to Clarify Its Roles and Responsibilities for Defense Support of Civil Authorities during Cyber Incidents

    Science.gov (United States)

    2016-04-01

    Robert T. Stafford Disaster Relief and Emergency Assistance Act Contents This is a work of the U.S. government and is not subject to copyright...T. Stafford Disaster Relief and Emergency Assistance Act (Stafford Act), when state capabilities and resources are overwhelmed and the President...recognizes that the department plays a crucial role in supporting a national effort to confront cyber threats to critical infrastructure. House

  6. Approaches to Enhancing Cyber Resilience: Report of the North Atlantic Treaty Organization (NATO) Workshop IST-153

    Science.gov (United States)

    2018-04-01

    2017, at the University of Bundeswehr. Despite continual progress in managing risks in the cyber domain, anticipation and prevention of all possible...participants of the workshop saw as particularly important: 1) fundamental properties of cyber resilience, 2) approaches to measuring and modeling cyber...resilience. 15. SUBJECT TERMS cybersecurity, cyber resilience, risk management , cyber metrics, mission modeling, systems engineering, dynamic defense

  7. Addressing the Cyber-security and Cyber-terrorism Threats [video

    OpenAIRE

    Robi Sen; Center for Homeland Defense and Security Naval Postgraduate School

    2015-01-01

    While cyber terrorism is a relatively new threat in the world of national defense, the security issues we face are not necessarily new as a genre. In this segment, Chief Science Officer Robi Sen draws on the changing attitudes towards the cyber world. Topics include cooperation between law enforcement and hackers, the major motivations behind criminal hacking, and the realistic threats of cyber terrorism.

  8. Defense Centers of Excellence for Psychological Health and Traumatic Brain Injury, Annual Report 2009

    Science.gov (United States)

    2009-01-01

    applications for recovering from disaster and trauma Defense and Veterans Brain Injury Center Develops and delivers advanced TBI-specifi c treatment...specifically aimed at developing cognitive and motor therapy tools using videogame technology, game-based PH outreach tools and support tools for children of...Defense Centers of Excellence for Psychological Health and Traumatic Brain Injury Annual Report 2009 Report Documentation Page Form ApprovedOMB No

  9. Quantitative Vulnerability Assessment of Cyber Security for Distribution Automation Systems

    Directory of Open Access Journals (Sweden)

    Xiaming Ye

    2015-06-01

    Full Text Available The distribution automation system (DAS is vulnerable to cyber-attacks due to the widespread use of terminal devices and standard communication protocols. On account of the cost of defense, it is impossible to ensure the security of every device in the DAS. Given this background, a novel quantitative vulnerability assessment model of cyber security for DAS is developed in this paper. In the assessment model, the potential physical consequences of cyber-attacks are analyzed from two levels: terminal device level and control center server level. Then, the attack process is modeled based on game theory and the relationships among different vulnerabilities are analyzed by introducing a vulnerability adjacency matrix. Finally, the application process of the proposed methodology is illustrated through a case study based on bus 2 of the Roy Billinton Test System (RBTS. The results demonstrate the reasonability and effectiveness of the proposed methodology.

  10. Metaphors for cyber security.

    Energy Technology Data Exchange (ETDEWEB)

    Moore, Judy Hennessey; Parrott, Lori K.; Karas, Thomas H.

    2008-08-01

    This report is based upon a workshop, called 'CyberFest', held at Sandia National Laboratories on May 27-30, 2008. Participants in the workshop came from organizations both outside and inside Sandia. The premise of the workshop was that thinking about cyber security from a metaphorical perspective could lead to a deeper understanding of current approaches to cyber defense and perhaps to some creative new approaches. A wide range of metaphors was considered, including those relating to: military and other types of conflict, biological, health care, markets, three-dimensional space, and physical asset protection. These in turn led to consideration of a variety of possible approaches for improving cyber security in the future. From the proposed approaches, three were formulated for further discussion. These approaches were labeled 'Heterogeneity' (drawing primarily on the metaphor of biological diversity), 'Motivating Secure Behavior' (taking a market perspective on the adoption of cyber security measures) and 'Cyber Wellness' (exploring analogies with efforts to improve individual and public health).

  11. Cyber warfare building the scientific foundation

    CERN Document Server

    Jajodia, Sushil; Subrahmanian, VS; Swarup, Vipin; Wang, Cliff

    2015-01-01

    This book features a wide spectrum of the latest computer science research relating to cyber warfare, including military and policy dimensions. It is the first book to explore the scientific foundation of cyber warfare and features research from the areas of artificial intelligence, game theory, programming languages, graph theory and more. The high-level approach and emphasis on scientific rigor provides insights on ways to improve cyber warfare defense worldwide. Cyber Warfare: Building the Scientific Foundation targets researchers and practitioners working in cyber security, especially gove

  12. National Defense Center of Excellence for Research in Ocean Sciences

    Science.gov (United States)

    1999-09-01

    aureas , vancomycin-resistant Enterococcus and other bacteria in in vitro tests. ATI contacted Tripler Army Medical Hospital in Honolulu and Walter...an HP 712/60 workstation and is mostly written in C+ except for the radar cross- section model, which is written in FORTRAN. The output of the model...Congressional Record, contained a section entitled Research, Development, Test, and Evaluation, Defense Agencies and provided for ".. .an additional amount

  13. Literature Review on Modeling Cyber Networks and Evaluating Cyber Risks.

    Energy Technology Data Exchange (ETDEWEB)

    Kelic, Andjelka; Campbell, Philip L

    2018-04-01

    The National Infrastructure Simulations and Analysis Center (NISAC) conducted a literature review on modeling cyber networks and evaluating cyber risks. The literature review explores where modeling is used in the cyber regime and ways that consequence and risk are evaluated. The relevant literature clusters in three different spaces: network security, cyber-physical, and mission assurance. In all approaches, some form of modeling is utilized at varying levels of detail, while the ability to understand consequence varies, as do interpretations of risk. This document summarizes the different literature viewpoints and explores their applicability to securing enterprise networks.

  14. Predicting the Proficiency of Arabic and Persian Linguists Trained at the Defense Language Institute Foreign Language Center

    National Research Council Canada - National Science Library

    DeRamus, Nicole

    1999-01-01

    The mission of the Defense Language Institute Foreign Language Center (DLIFLC) is to train, sustain, and evaluate foreign language skills of linguists under the guidelines of the Defense Foreign Language Program (DFLP...

  15. 77 FR 13571 - Board of Visitors, Defense Language Institute Foreign Language Center

    Science.gov (United States)

    2012-03-07

    ... matters, ACCJC interactions, and a review of previous BoV recommendations. Agenda: Summary--March 21--The... Visitors, Defense Language Institute Foreign Language Center. Date: March 21, 2012. Time of Meeting... Institute Foreign Language Center in response to the agenda. All written statements shall be submitted to...

  16. Cyber Security Testing and Training Programs for Industrial Control Systems

    International Nuclear Information System (INIS)

    Noyes, Daniel

    2012-01-01

    Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall security posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These trainings vary from web-based cyber security trainings for control systems engineers to more advanced hands-on training that culminates with a Red Team/ Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors.

  17. Cyber Security Testing and Training Programs for Industrial Control Systems

    Energy Technology Data Exchange (ETDEWEB)

    Daniel Noyes

    2012-03-01

    Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall security posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These trainings vary from web-based cyber security trainings for control systems engineers to more advanced hands-on training that culminates with a Red Team/ Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors.

  18. Fuel Line: Defense Energy Support Center. Volume 2

    National Research Council Canada - National Science Library

    2000-01-01

    .... Fuel Line is prepared by desktop publishing applications and designed to provide timely, factual information on policies, plans, operations, and technical developments of the Center and interrelated subject matter...

  19. Information Analysis Centers in the Department of Defense. Revision

    Science.gov (United States)

    1987-07-01

    Combat Data Information Center (CDIC) and the Aircraft Survivability Model Repository ( ASMR ) into the Survivability/Vulnerability Information Analysis...Information Center (CDIC) and the Aircraft Survivability Model Respository ( ASMR ). The CDIC was a central repository for combat and test data related to...and ASMR were operated under the technical monitorship of the Flight Dynamics Laboratory at Wright-Patterson AFB, Ohio and were located in Flight

  20. Defending Critical Infrastructure as Cyber Key Terrain

    Science.gov (United States)

    2016-08-01

    to Secure Cyberspace (NSSC) is as it lists three strategic objectives:4 1) Prevent cyber attacks against America’s critical infrastructures; 2...House, “National Strategy to Secure Cyberspace,” (Washington, DC: The White House, 2003) Trey Herr, "PrEP: A framework for malware & cyber weapons...David Kuipers and Mark Fabro. “Control Systems Cyber Security : Defense in Depth Strategies,” [United States: Department of Energy, 2006]: 4

  1. Temporal Cyber Attack Detection.

    Energy Technology Data Exchange (ETDEWEB)

    Ingram, Joey Burton [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Draelos, Timothy J. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Galiardi, Meghan [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Doak, Justin E. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

    2017-11-01

    Rigorous characterization of the performance and generalization ability of cyber defense systems is extremely difficult, making it hard to gauge uncertainty, and thus, confidence. This difficulty largely stems from a lack of labeled attack data that fully explores the potential adversarial space. Currently, performance of cyber defense systems is typically evaluated in a qualitative manner by manually inspecting the results of the system on live data and adjusting as needed. Additionally, machine learning has shown promise in deriving models that automatically learn indicators of compromise that are more robust than analyst-derived detectors. However, to generate these models, most algorithms require large amounts of labeled data (i.e., examples of attacks). Algorithms that do not require annotated data to derive models are similarly at a disadvantage, because labeled data is still necessary when evaluating performance. In this work, we explore the use of temporal generative models to learn cyber attack graph representations and automatically generate data for experimentation and evaluation. Training and evaluating cyber systems and machine learning models requires significant, annotated data, which is typically collected and labeled by hand for one-off experiments. Automatically generating such data helps derive/evaluate detection models and ensures reproducibility of results. Experimentally, we demonstrate the efficacy of generative sequence analysis techniques on learning the structure of attack graphs, based on a realistic example. These derived models can then be used to generate more data. Additionally, we provide a roadmap for future research efforts in this area.

  2. Organizational structure and operation of defense/aerospace information centers in the United States of America

    Science.gov (United States)

    Sauter, H. E.; Lushina, L. N.

    1983-01-01

    U.S. Government aerospace and defense information centers are addressed. DTIC and NASA are described in terms of their history, operational authority, information services provided, user community, sources of information collected, efforts under way to improve services, and external agreements regarding the exchange of documents and/or data bases. Contents show how DTIC and NASA provide aerospace/defense information services in support of U.S. research and development efforts. In a general introduction, the importance of scientific and technical information and the need for information centers to acquire, handle, and disseminate it are stressed.

  3. Human-machine analytics for closed-loop sense-making in time-dominant cyber defense problems

    Science.gov (United States)

    Henry, Matthew H.

    2017-05-01

    Many defense problems are time-dominant: attacks progress at speeds that outpace human-centric systems designed for monitoring and response. Despite this shortcoming, these well-honed and ostensibly reliable systems pervade most domains, including cyberspace. The argument that often prevails when considering the automation of defense is that while technological systems are suitable for simple, well-defined tasks, only humans possess sufficiently nuanced understanding of problems to act appropriately under complicated circumstances. While this perspective is founded in verifiable truths, it does not account for a middle ground in which human-managed technological capabilities extend well into the territory of complex reasoning, thereby automating more nuanced sense-making and dramatically increasing the speed at which it can be applied. Snort1 and platforms like it enable humans to build, refine, and deploy sense-making tools for network defense. Shortcomings of these platforms include a reliance on rule-based logic, which confounds analyst knowledge of how bad actors behave with the means by which bad behaviors can be detected, and a lack of feedback-informed automation of sensor deployment. We propose an approach in which human-specified computational models hypothesize bad behaviors independent of indicators and then allocate sensors to estimate and forecast the state of an intrusion. State estimates and forecasts inform the proactive deployment of additional sensors and detection logic, thereby closing the sense-making loop. All the while, humans are on the loop, rather than in it, permitting nuanced management of fast-acting automated measurement, detection, and inference engines. This paper motivates and conceptualizes analytics to facilitate this human-machine partnership.

  4. Cyber threat intelligence exchange: A growing requirement

    CSIR Research Space (South Africa)

    Veerasamy, Namosha

    2017-06-01

    Full Text Available Managing the rise of cyber-attacks has become a growing challenge. Cyber space has become a battleground of threats ranging from malware to phishing, spam and password theft. Cybersecurity solutions mainly try to take a defensive stance and build a...

  5. Supply Inventory Management: Evaluation of the Defense Supply Center Columbus Qualified Products List and Qualified Manufacturers List Program

    National Research Council Canada - National Science Library

    2002-01-01

    ... was transitioned from the Military Departments. The Defense Supply Center Columbus currently has management responsibility for over 300 Qualified Products Lists and 4 Qualified Manufacturers Lists...

  6. Compilation of FY 1995 and FY 1996 DOD Financial Statements at the Defense Finance and Accounting Service, Indianapolis Center

    National Research Council Canada - National Science Library

    1996-01-01

    The audit objective was to determine whether the Defense Finance and Accounting Service, Indianapolis Center, consistently and accurately compiled financial data from field entities and other sources...

  7. Strategic Plan for Electronic Commerce, Defense Personnel Support Center

    Science.gov (United States)

    1993-07-01

    analysis. We will strive to achieve and maintain a partnership with our 2-2 customers as their supplier of choice. As their preferred partner, we will...shorter production lead times than the individual contracts of the past and will be administered to foster stronger partnerships between the center and...of currentivur projects 8 Idenfti shalegies for recordhn and elimrinaling DPSC-S, P July 1963 ; WWf regualaory, and COer roadbldok 9 De4vep a techwca

  8. Defensive pessimism, self-esteem and achievement goals: A person-centered approach.

    Science.gov (United States)

    Ferradás Canedo, María M; Freire Rodríguez, Carlos; Regueiro Fernández, Bibiana; Valle Arias, Antonio

    2018-02-01

    The relationship between defensive pessimism, self-esteem, and achievement goals is a controversial issue. The main contribution of this research is the adoption of a person-centered approach to explore the existence of differentiated profiles of university students, which combine self-esteem and defensive pessimism. In addition, we analyze whether these profiles differ in their achievement goals (learning, performance-approach, performance-avoidance, and work-avoidance). 1,028 university students took part in the study. Four student profiles were identified: (a) HSE/MDP (high self-esteem and moderate defensive pessimism); (b) LSE/LDP (low self-esteem and low defensive pessimism); (c) HSE/LDP (high self-esteem and low defensive pessimism); and (d) LSE/HDP (low self-esteem and high defensive pessimism). These four profiles differ significantly in their achievement goals. The use of defensive pessimism may involve students with either low or high self-esteem, although the two profiles follow differentiated motivational achievement trajectories.

  9. Cyber Friendly Fire

    Energy Technology Data Exchange (ETDEWEB)

    Greitzer, Frank L.; Carroll, Thomas E.; Roberts, Adam D.

    2011-09-01

    Cyber friendly fire (FF) is a new concept that has been brought to the attention of Department of Defense (DoD) stakeholders through two workshops that were planned and conducted by the Air Force Research Laboratory (AFRL) and research conducted for AFRL by the Pacific Northwest National Laboratory. With this previous work in mind, we offer a definition of cyber FF as intentional offensive or defensive cyber/electronic actions intended to protect cyber systems against enemy forces or to attack enemy cyber systems, which unintentionally harms the mission effectiveness of friendly or neutral forces. Just as with combat friendly fire, a fundamental need in avoiding cyber FF is to maintain situation awareness (SA). We suggest that cyber SA concerns knowledge of a system's topology (connectedness and relationships of the nodes in a system), and critical knowledge elements such as the characteristics and vulnerabilities of the components that comprise the system (and that populate the nodes), the nature of the activities or work performed, and the available defensive (and offensive) countermeasures that may be applied to thwart network attacks. A training implication is to raise awareness and understanding of these critical knowledge units; an approach to decision aids and/or visualizations is to focus on supporting these critical knowledge units. To study cyber FF, we developed an unclassified security test range comprising a combination of virtual and physical devices that present a closed network for testing, simulation, and evaluation. This network offers services found on a production network without the associated costs of a real production network. Containing enough detail to appear realistic, this virtual and physical environment can be customized to represent different configurations. For our purposes, the test range was configured to appear as an Internet-connected Managed Service Provider (MSP) offering specialized web applications to the general public

  10. Toward a Visualization-Supported Workflow for Cyber Alert Management using Threat Models and Human-Centered Design

    Energy Technology Data Exchange (ETDEWEB)

    Franklin, Lyndsey; Pirrung, Megan A.; Blaha, Leslie M.; Dowling, Michelle V.; Feng, Mi

    2017-10-09

    Cyber network analysts follow complex processes in their investigations of potential threats to their network. Much research is dedicated to providing automated tool support in the effort to make their tasks more efficient, accurate, and timely. This tool support comes in a variety of implementations from machine learning algorithms that monitor streams of data to visual analytic environments for exploring rich and noisy data sets. Cyber analysts, however, often speak of a need for tools which help them merge the data they already have and help them establish appropriate baselines against which to compare potential anomalies. Furthermore, existing threat models that cyber analysts regularly use to structure their investigation are not often leveraged in support tools. We report on our work with cyber analysts to understand they analytic process and how one such model, the MITRE ATT&CK Matrix [32], is used to structure their analytic thinking. We present our efforts to map specific data needed by analysts into the threat model to inform our eventual visualization designs. We examine data mapping for gaps where the threat model is under-supported by either data or tools. We discuss these gaps as potential design spaces for future research efforts. We also discuss the design of a prototype tool that combines machine-learning and visualization components to support cyber analysts working with this threat model.

  11. Evolving Storage and Cyber Infrastructure at the NASA Center for Climate Simulation

    Science.gov (United States)

    Salmon, Ellen; Duffy, Daniel; Spear, Carrie; Sinno, Scott; Vaughan, Garrison; Bowen, Michael

    2018-01-01

    This talk will describe recent developments at the NASA Center for Climate Simulation, which is funded by NASAs Science Mission Directorate, and supports the specialized data storage and computational needs of weather, ocean, and climate researchers, as well as astrophysicists, heliophysicists, and planetary scientists. To meet requirements for higher-resolution, higher-fidelity simulations, the NCCS augments its High Performance Computing (HPC) and storage retrieval environment. As the petabytes of model and observational data grow, the NCCS is broadening data services offerings and deploying and expanding virtualization resources for high performance analytics.

  12. Cyber Guerilla

    NARCIS (Netherlands)

    van Haaster, J.; Gevers, R.; Sprengers, M.

    2016-01-01

    Much as Che Guevara’s book Guerilla Warfare helped define and delineate a new type of warfare in the wake of the Cuban revolution in 1961, Cyber Guerilla will help define the new types of threats and fighters now appearing in the digital landscape. Cyber Guerilla provides valuable insight for

  13. Cyber security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Cyber Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to cyber security metrics and measure  and related technologies that meet security needs. Specific applications to web services, the banking and the finance sector, and industrial process control systems are discussed.

  14. Cyber Attacks: Emerging Threats to the 21st Century Critical Information Infrastructures

    Directory of Open Access Journals (Sweden)

    Cezar Vasilescu

    2012-06-01

    Full Text Available The paper explores the notion of cyber attack as a concept for understanding modern conflicts. It starts by elaborating a conceptual theoretical framework, observing that when it comes to cyber attacks, cyber war and cyber defense there are no internationally accepted definitions on the subject, mostly because of the relative recency of the terms. The second part analyzes the cyber realities of recent years, emphasizing the most advertised cyber attacks in the international mass media: Estonia (2007 and Georgia (2008, with a focus on two main lessons learned: how complicated is to define a cyber war and how difficult to defend against it. Crucial implications for world’s countries and the role of NATO in assuring an effective collective cyber defense are analyzed in the third part. The need for the development of strategic cyber defense documents (e.g. NATO Cyber Defense Policy, NATO Strategic Concept is further examined. It is suggested that particular attention should be paid to the development of a procedure for clearly discriminating between events (cyber attacks, cyber war, cyber crime, or cyber terrorism, and to a procedure for the conduct of nation’s legitimate military/civil cyber response operations.

  15. Gamification for Measuring Cyber Security Situational Awareness

    Energy Technology Data Exchange (ETDEWEB)

    Fink, Glenn A.; Best, Daniel M.; Manz, David O.; Popovsky, V. M.; Endicott-Popovsky, Barbara E.

    2013-03-01

    Cyber defense competitions arising from U.S. service academy exercises, offer a platform for collecting data that can inform research that ranges from characterizing the ideal cyber warrior to describing behaviors during certain challenging cyber defense situations. This knowledge could lead to better preparation of cyber defenders in both military and civilian settings. This paper describes how one regional competition, the PRCCDC, a participant in the national CCDC program, conducted proof of concept experimentation to collect data during the annual competition for later analysis. The intent is to create an ongoing research agenda that expands on this current work and incorporates augmented cognition and gamification methods for measuring cybersecurity situational awareness under the stress of cyber attack.

  16. 78 FR 6807 - Critical Infrastructure Protection and Cyber Security Trade Mission to Saudi Arabia and Kuwait...

    Science.gov (United States)

    2013-01-31

    ... coordinating and sponsoring an executive-led Critical Infrastructure Protection and Cyber Security mission to... on the cyber security, critical infrastructure protection, and emergency management, ports of entry... security, including border protection, civil defense capabilities, and coast guard and maritime...

  17. Selection of the best security controls for rapid development of enterprise-level cyber security

    OpenAIRE

    Tytarenko, Oleksandr

    2017-01-01

    Approved for public release; distribution is unlimited State-supported cyber attacks, cyber espionage campaigns, and hacktivist movements have forced many states to accelerate their cyber defense development in order to achieve at least a minimum level of protection against expanding threats of cyber space. As with any other development effort, cyber capability development requires resources of time, money, and people, which in most cases are very restricted. To rapidly build up the first ...

  18. Mitigating Higher Ed Cyber Attacks

    Science.gov (United States)

    Rogers, Gary; Ashford, Tina

    2015-01-01

    In this presentation we will discuss the many and varied cyber attacks that have recently occurred in the higher ed community. We will discuss the perpetrators, the victims, the impact and how these institutions have evolved to meet this threat. Mitigation techniques and defense strategies will be covered as will a discussion of effective security…

  19. Cyber Forensics Ontology for Cyber Criminal Investigation

    Science.gov (United States)

    Park, Heum; Cho, Sunho; Kwon, Hyuk-Chul

    We developed Cyber Forensics Ontology for the criminal investigation in cyber space. Cyber crime is classified into cyber terror and general cyber crime, and those two classes are connected with each other. The investigation of cyber terror requires high technology, system environment and experts, and general cyber crime is connected with general crime by evidence from digital data and cyber space. Accordingly, it is difficult to determine relational crime types and collect evidence. Therefore, we considered the classifications of cyber crime, the collection of evidence in cyber space and the application of laws to cyber crime. In order to efficiently investigate cyber crime, it is necessary to integrate those concepts for each cyber crime-case. Thus, we constructed a cyber forensics domain ontology for criminal investigation in cyber space, according to the categories of cyber crime, laws, evidence and information of criminals. This ontology can be used in the process of investigating of cyber crime-cases, and for data mining of cyber crime; classification, clustering, association and detection of crime types, crime cases, evidences and criminals.

  20. Introducing cyber.

    Science.gov (United States)

    Hult, Fredrik; Sivanesan, Giri

    In January 2012, the World Economic Forum made cyber attacks its fourth top global risk. In the 2013 risk report, cyber attacks were noted to be an even higher risk in absolute terms. The reliance of critical infrastructure on cyber working has never been higher; the frequency, intensity, impact and sophistication of attacks is growing. This trend looks likely to continue. It can be argued that it is no longer a question whether an organisation will be successfully hacked, but how long it will take to detect. In the ever-changing cyber environment, traditional protection techniques and reliance on preventive controls are not enough. A more agile approach is required to give assurance of a sufficiently secure digital society. Are we faced with a paradigm shift or a storm in a digital teacup? This paper offers an introduction to why cyber is important, a wider taxonomy on the topic and some historical context on how the discipline of cyber security has evolved, and an interpretation on what this means in the new normal of today.

  1. Cyber security deterrence and it protection for critical infrastructures

    CERN Document Server

    Martellini, Maurizio

    2013-01-01

    The experts of the International Working Group-Landau Network Centro Volta (IWG-LNCV) discuss aspects of cyber security and present possible methods of deterrence, defense and resilience against cyber attacks. This SpringerBrief covers state-of-the-art documentation on the deterrence power of cyber attacks and argues that nations are entering a new cyber arms race. The brief also provides a technical analysis of possible cyber attacks towards critical infrastructures in the chemical industry and chemical safety industry. The authors also propose modern analyses and a holistic approach to resil

  2. Cyber Warfare/Cyber Terrorism

    National Research Council Canada - National Science Library

    O'Hara, Timothy

    2004-01-01

    Section 1 of this paper provides an overview of cyber warfare as an element of information warfare, starting with the general background of the current strategic environment the United States is operating...

  3. Policing cyber hate, cyber threat and cyber terrorism

    OpenAIRE

    Chambers-Jones, C.

    2013-01-01

    In late August 2012 the Government Forum of Incident Response and Cyber security Teams (GFIRST) gathered in Atlanta to discuss cyber threats and how new realities are emerging and how new forms of regulation are needed. At the same time Policing cyber hate, cyber threat and cyber terrorism was published. This comprehensive book brings together a divergent problem and tackles each with a candid exploration. The book has ten chapters and covers aspects such as extortion via the internet, the ps...

  4. Compilation of the FY 1997 Navy General Fund Financial Statements at the Defense Finance and Accounting Service Cleveland Center

    National Research Council Canada - National Science Library

    1998-01-01

    Audit Report on tile Compilation of the FY 1997 Navy General Fund Financial Statements at the Defense Finance and Accounting Service Cleveland Center Our objective was to determine whether the DFAS...

  5. Buying Program of the Standard Automated Materiel Management System. Automated Small Purchase System: Defense Supply Center Philadelphia

    National Research Council Canada - National Science Library

    2001-01-01

    The Standard Automated Materiel Management System Automated Small Purchase System is a fully automated micro-purchases system used by the General and Industrial Directorate at the Defense Supply Center Philadelphia...

  6. Defense.gov - Special Report - Cybersecurity

    Science.gov (United States)

    reduce vulnerability to cyber-attack attempts that occur regularly and are likely to continue for the together to protect cyberspace. U.S. Cyber Command Preparations Under Way WASHINGTON, March 16, 2010 - Preparations for the formal establishment of U.S. Cyber Command, which will operate and defend the Defense

  7. Development of cyber training system for nuclear fields

    International Nuclear Information System (INIS)

    Kim, Young Taek; Park, Jong Kyun; Lee, Eui Jin; Lee, Han Young; Choi, Nan Young

    2002-02-01

    This report describes on technical contents related cyber training system construct on KAERI Nuclear Training Center, and on using cases of cyber education in domestic and foreign countries. Also realtime training system through the internet and cyber training management system for atomic fields is developed. All users including trainee, course managers and lecturers can use new technical for create new paradigm

  8. US Cyber Challenge Research

    Science.gov (United States)

    2012-02-01

    Computers (General Term), Information Systems or Information Technology 0 6 5 1 1 13 Criminal Justice 0 0 0 1 0 1 Economics 0 0 1 0 0 1 Electrical...Assurance or Computer Security 8 6 15 10 7 46 Information Technology 4 1 9 1 4 19 Nanotechnology 0 1 0 0 0 1 Networking or Network Security 7 1 2 2 4...FORCE RESEARCH LABORATORY INFORMATION DIRECTORATE US CYBER CHALLENGE RESEARCH CENTER FOR INTERNET SECURITY, INC FEBRUARY

  9. Mission Assurance Modeling and Simulation: A Cyber Security Roadmap

    Science.gov (United States)

    Gendron, Gerald; Roberts, David; Poole, Donold; Aquino, Anna

    2012-01-01

    This paper proposes a cyber security modeling and simulation roadmap to enhance mission assurance governance and establish risk reduction processes within constrained budgets. The term mission assurance stems from risk management work by Carnegie Mellon's Software Engineering Institute in the late 19905. By 2010, the Defense Information Systems Agency revised its cyber strategy and established the Program Executive Officer-Mission Assurance. This highlights a shift from simply protecting data to balancing risk and begins a necessary dialogue to establish a cyber security roadmap. The Military Operations Research Society has recommended a cyber community of practice, recognizing there are too few professionals having both cyber and analytic experience. The authors characterize the limited body of knowledge in this symbiotic relationship. This paper identifies operational and research requirements for mission assurance M&S supporting defense and homeland security. M&S techniques are needed for enterprise oversight of cyber investments, test and evaluation, policy, training, and analysis.

  10. National Guard Forces in the Cyber Domain

    Science.gov (United States)

    2015-05-22

    TITLE AND SUBTITLE National Guard Forces in the Cyber Domain 5a. CONTRACT NUMBER 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 6. AUTHOR(S...Soldiers. Army Cyber Command (ARCYBER) commander, Lieutenant General Edward Cardon stated that Guard will begin to build combat power with...90 2014 Quadrennial Defense Review, 15. 91 Ibid. 92 Edward C. Cardon , "ARMY.MIL, The Official Homepage of the United

  11. Maritime Cyber Security University Research: Phase 1

    Science.gov (United States)

    2016-05-01

    i Classification | CG-926 RDC | author | audience | month year Maritime Cyber Security University Research Phase I - Final Report...Appendices Distribution Statement A: Approved for public release; distribution is unlimited. May 2016 Report No. CG-D-07-16 Maritime ...Macesker Executive Director United States Coast Guard Research & Development Center 1 Chelsea Street New London, CT 06320 Maritime Cyber Security

  12. Defense, basic, and industrial research at the Los Alamos Neutron Science Center: Proceedings

    Energy Technology Data Exchange (ETDEWEB)

    Longshore, A.; Salgado, K. [comps.

    1995-10-01

    The Workshop on Defense, Basic, and Industrial Research at the Los Alamos Neutron Science Center gathered scientists from Department of Energy national laboratories, other federal institutions, universities, and industry to discuss the use of neutrons in science-based stockpile stewardship, The workshop began with presentations by government officials, senior representatives from the three weapons laboratories, and scientific opinion leaders. Workshop participants then met in breakout sessions on the following topics: materials science and engineering; polymers, complex fluids, and biomaterials; fundamental neutron physics; applied nuclear physics; condensed matter physics and chemistry; and nuclear weapons research. They concluded that neutrons can play an essential role in science-based stockpile stewardship and that there is overlap and synergy between defense and other uses of neutrons in basic, applied, and industrial research from which defense and civilian research can benefit. This proceedings is a collection of talks and papers from the plenary, technical, and breakout session presentations. Selected papers are indexed separately for inclusion in the Energy Science and Technology Database.

  13. Cognitive Task Analysis Based Training for Cyber Situation Awareness

    OpenAIRE

    Huang , Zequn; Shen , Chien-Chung; Doshi , Sheetal; Thomas , Nimmi; Duong , Ha

    2015-01-01

    Part 1: Innovative Methods; International audience; Cyber attacks have been increasing significantly in both number and complexity, prompting the need for better training of cyber defense analysts. To conduct effective training for cyber situation awareness, it becomes essential to design realistic training scenarios. In this paper, we present a Cognitive Task Analysis based approach to address this training need. The technique of Cognitive Task Analysis is to capture and represent knowledge ...

  14. Control of Database Applications at the Defense Finance and Accounting Service Indianapolis Center

    National Research Council Canada - National Science Library

    1997-01-01

    The Defense Finance and Accounting Service Financial Systems Organization, under the control of the Deputy Director for Information Management, Defense Finance and Accounting Service, is responsible...

  15. Security Evaluation of the Cyber Networks under Advanced Persistent Threats

    NARCIS (Netherlands)

    Yang, L.; Li, Pengdeng; Yang, Xiaofan; Tang, Yuan Yan

    2017-01-01

    Advanced persistent threats (APTs) pose a grave threat to cyberspace, because they deactivate all the conventional cyber defense mechanisms. This paper addresses the issue of evaluating the security of the cyber networks under APTs. For this purpose, a dynamic model capturing the APT-based

  16. Development of Cyber-attack Risk Assessment Model for Nuclear Power Plants

    International Nuclear Information System (INIS)

    Park, Jong Woo; Lee, Seung Jun

    2017-01-01

    In this work, a risk evaluation method to identify significant cyber-attack scenarios and important components which should be defensed was proposed based on the probabilistic safety assessment (PSA) method which is widely used for evaluating risk of NPPs. NPPs adopting digital systems have been facing the risk of cyber-attacks. To develop efficient and reasonable defense strategy, it is required to identify significant cyber-attack scenarios and important components because there are huge number of critical digital assets in an NPP. By evaluating the risk of cyber-attack, the risk-informed defense strategies against cyber-attack could be suggested. In this work, the method to identify important cyber-attack scenarios and to evaluate the quantitative risk caused by cyber-attacks was proposed. For a future study, more feasible scenarios will be analyzed and additional modifications will be made in the model if necessary.

  17. Control Systems Security Center Comparison Study of Industrial Control System Standards against the Control Systems Protection Framework Cyber-Security Requirements

    Energy Technology Data Exchange (ETDEWEB)

    Robert P. Evans

    2005-09-01

    Cyber security standards, guidelines, and best practices for control systems are critical requirements that have been delineated and formally recognized by industry and government entities. Cyber security standards provide a common language within the industrial control system community, both national and international, to facilitate understanding of security awareness issues but, ultimately, they are intended to strengthen cyber security for control systems. This study and the preliminary findings outlined in this report are an initial attempt by the Control Systems Security Center (CSSC) Standard Awareness Team to better understand how existing and emerging industry standards, guidelines, and best practices address cyber security for industrial control systems. The Standard Awareness Team comprised subject matter experts in control systems and cyber security technologies and standards from several Department of Energy (DOE) National Laboratories, including Argonne National Laboratory, Idaho National Laboratory, Pacific Northwest National Laboratory, and Sandia National Laboratories. This study was conducted in two parts: a standard identification effort and a comparison analysis effort. During the standard identification effort, the Standard Awareness Team conducted a comprehensive open-source survey of existing control systems security standards, regulations, and guidelines in several of the critical infrastructure (CI) sectors, including the telecommunication, water, chemical, energy (electric power, petroleum and oil, natural gas), and transportation--rail sectors and sub-sectors. During the comparison analysis effort, the team compared the requirements contained in selected, identified, industry standards with the cyber security requirements in ''Cyber Security Protection Framework'', Version 0.9 (hereafter referred to as the ''Framework''). For each of the seven sector/sub-sectors listed above, one standard was

  18. A statistical analysis of individual success after successful completion of Defense Language Institute Foreign Language Center Training

    OpenAIRE

    Hinson, William B.

    2005-01-01

    "The Defense Language Institute Foreign Language Center (DLIFLC) trains students in various foreign languages and dialects for the Department of Defense (DOD). The majority of students are firstterm enlistees in the basic program. This study uses classification trees and logistic regression to understand the military, academic and personal characteristics that influence first-term success after successfully completing DLIFLC training. Success was defined as completing a firstterm enlistme...

  19. Towards a Research Agenda for Cyber Friendly Fire

    Energy Technology Data Exchange (ETDEWEB)

    Greitzer, Frank L.; Clements, Samuel L.; Carroll, Thomas E.; Fluckiger, Jerry D.

    2009-11-18

    Historical assessments of combat fratricide reveal principal contributing factors in the effects of stress, degradation of skills due to continuous operations or sleep deprivation, poor situation awareness, and lack of training and discipline in offensive/defense response selection. While these problems are typically addressed in R&D focusing on traditional ground-based combat, there is also an emerging need for improving situation awareness and decision making on defensive/offensive response options in the cyber defense arena, where a mistaken response to an actual or perceived cyber attack could lead to destruction or compromise of friendly cyber assets. The purpose of this report is to examine cognitive factors that may affect cyber situation awareness and describe possible research needs to reduce the likelihood and effects of "friendly cyber fire" on cyber defenses, information infrastructures, and data. The approach is to examine concepts and methods that have been described in research applied to the more traditional problem of mitigating the occurrence of combat identification and fratricide. Application domains of interest include cyber security defense against external or internal (insider) threats.

  20. Cyber Power

    Science.gov (United States)

    2010-05-01

    government. Another way of looking at power in the cyber domain is to consider the three faces or aspects of relational power. 1st Face: (A induces B do...power. For example, on the February 2010 anniversary of the Iranian Revolution, the government slowed the internet to prevent protesters sending films ...all but a few government controlled Web sites. The damage to business and tourism was significant, but the Chinese government was more concerned

  1. Proactive Self Defense in Cyberspace

    National Research Council Canada - National Science Library

    Caulkins, Bruce D

    2009-01-01

    ... and standards to properly secure and defend the Global Information Grid (GIG) from cyber attacks. This paper will discuss the strategic requirements for enacting a proactive self-defense mechanism in cyberspace...

  2. Automated cyber threat analysis and specified process using vector relational data modeling

    OpenAIRE

    Kelly, Ryan Forrest

    2014-01-01

    Approved for public release; distribution is unlimited Computer network defense systems should be sufficiently integrated to pull data from any information source, model an expert cyber analyst’s decision process, continuously adapt to an evolving cyber threat environment, and amalgamate with industry standard network hardware. Unfortunately, cyber defense systems are generally stovepipe solutions that do not natively integrate disparate network systems. Correlation engines are generally l...

  3. Cross-Layer Damage Assessment for Cyber Situational Awareness

    Science.gov (United States)

    Liu, Peng; Jia, Xiaoqi; Zhang, Shengzhi; Xiong, Xi; Jhi, Yoon-Chan; Bai, Kun; Li, Jason

    Damage assessment plays a very important role in securing enterprise networks and systems. Gaining good awareness about the effects and impact of cyber attack actions would enable security officers to make the right cyber defense decisions and take the right cyber defense actions. A good number of damage assessment techniques have been proposed in the literature, but they typically focus on a single abstraction level (of the software system in concern). As a result, existing damage assessment techniques and tools are still very limited in satisfying the needs of comprehensive damage assessment which should not result in any “blind spots”.

  4. Year 2000 Reporting for Defense Finance and Accounting Service Cleveland Center Systems

    National Research Council Canada - National Science Library

    Lane, F

    1998-01-01

    .... For this report, we evaluated whether DFAS: entered all required data elements into the Defense Integration Support Tools for each system, and verified that information in the Defense Integration Support Tools database was consistent...

  5. National Institute of Justice Center Requirements Definition, Technical Assistance, Agile Test and Evaluation and Cyber Science Analysis

    National Research Council Canada - National Science Library

    Frantz, Frederick

    2003-01-01

    This task provided for assembly, definition, and completion of technical enhancements in coordination with the National Law Enforcement and Corrections Technology Center -Northeast Region (NLECTC-NE...

  6. Cyber risk in banking

    OpenAIRE

    Linert, Jan

    2015-01-01

    The bachelor thesis deals with the cyber risk in banking industry. Its main goal is to stress the imporatance of cyber risk both verbally and numericaly and review the approach of banks to this risk. The first part of this thesis specifies what cyber risk is and how it fits among other operational risks, presents the common cyber-attacks and archetypes of cyber criminals, later it delves into the cyber risk in Czech Republic and at the end of this part it mentions the legislation that covers ...

  7. Payroll Expenses Reported by the Defense Finance and Accounting Service Cleveland Center

    National Research Council Canada - National Science Library

    1998-01-01

    .... To meet that requirement, a consolidation was done of the financial information received from offices providing accounting support to the Defense organizations and prepares the financial statement...

  8. The Rise of the Autonomous Cyber Criminal

    OpenAIRE

    Rogers, Marcus

    2015-01-01

    Are we on the threshold of a new evolution of cyber crime? There has been numerous discussions and SciFi themes that have centered around truly autonomous online criminal behavior. This talk will look at the myths and realities surrounding the potential for automated systems to turn to the "dark side" and become uber cyber criminals, and what if anything we can do to prevent or at least detect this type of criminal behavior.

  9. Information Assurance Cyber Ecology

    National Research Council Canada - National Science Library

    Jorgensen, Jane

    2003-01-01

    .... The goals of the Cyber Ecology project were to: (1) enable and demonstrate the discovery of noel IA technologies for the detection and mitigation of damage due to cyber attack through the application of ecological models, (2...

  10. National Cyber Security Policy

    Indian Academy of Sciences (India)

    National Cyber Security Policy. Salient Features: Caters to ... Creating a secure cyber ecosystem. Creating an assurance framework. Encouraging Open Standards. Strengthening the Regulatory framework. Creating mechanisms for security threat early warning, vulnerability management and response to security threats.

  11. Preventing and Coping Strategies for Cyber Bullying and Cyber Victimization

    OpenAIRE

    Erdinc Ozturk; Gizem Akcan

    2016-01-01

    Although there are several advantages of information and communication technologies, they cause some problems like cyber bullying and cyber victimization. Cyber bullying and cyber victimization have lots of negative effects on people. There are lots of different strategies to prevent cyber bullying and victimization. This study was conducted to provide information about the strategies that are used to prevent cyber bullying and cyber victimization. 120 (60 women, 60 men) university students w...

  12. A Game Theoretic Approach to Cyber Attack Prediction

    Energy Technology Data Exchange (ETDEWEB)

    Peng Liu

    2005-11-28

    The area investigated by this project is cyber attack prediction. With a focus on correlation-based prediction, current attack prediction methodologies overlook the strategic nature of cyber attack-defense scenarios. As a result, current cyber attack prediction methodologies are very limited in predicting strategic behaviors of attackers in enforcing nontrivial cyber attacks such as DDoS attacks, and may result in low accuracy in correlation-based predictions. This project develops a game theoretic framework for cyber attack prediction, where an automatic game-theory-based attack prediction method is proposed. Being able to quantitatively predict the likelihood of (sequences of) attack actions, our attack prediction methodology can predict fine-grained strategic behaviors of attackers and may greatly improve the accuracy of correlation-based prediction. To our best knowledge, this project develops the first comprehensive framework for incentive-based modeling and inference of attack intent, objectives, and strategies; and this project develops the first method that can predict fine-grained strategic behaviors of attackers. The significance of this research and the benefit to the public can be demonstrated to certain extent by (a) the severe threat of cyber attacks to the critical infrastructures of the nation, including many infrastructures overseen by the Department of Energy, (b) the importance of cyber security to critical infrastructure protection, and (c) the importance of cyber attack prediction to achieving cyber security.

  13. Training the Cyber Warrior

    OpenAIRE

    Fulp, J.D.

    2003-01-01

    This paper suggests the major educational components of a curriculum that is designed to educate individuals for job assignments as Information Assurance professionals - also known as: cyber warriors. It suggests a minimum common body of knowledge for all cyber warriors along with two major specialization categories: cyber tacticians and cyber strategists. The paper describes the distinction between tactician and strategist and offers a rough outline of the education each should receive.

  14. Plethora of Cyber Forensics

    OpenAIRE

    N.Sridhar; Dr.D.Lalitha Bhaskari; Dr.P.S.Avadhani

    2011-01-01

    As threats against digital assets have risen and there is necessitate exposing and eliminating hidden risks and threats. The ability of exposing is called “cyber forensics.” Cyber Penetrators have adopted more sophistical tools and tactics that endanger the operations of the global phenomena. These attackers are also using anti-forensic techniques to hide evidence of a cyber crime. Cyber forensics tools must increase its toughness and counteract these advanced persistent threats. This paper f...

  15. Cyber Incidents Involving Control Systems

    Energy Technology Data Exchange (ETDEWEB)

    Robert J. Turk

    2005-10-01

    The Analysis Function of the US-CERT Control Systems Security Center (CSSC) at the Idaho National Laboratory (INL) has prepared this report to document cyber security incidents for use by the CSSC. The description and analysis of incidents reported herein support three CSSC tasks: establishing a business case; increasing security awareness and private and corporate participation related to enhanced cyber security of control systems; and providing informational material to support model development and prioritize activities for CSSC. The stated mission of CSSC is to reduce vulnerability of critical infrastructure to cyber attack on control systems. As stated in the Incident Management Tool Requirements (August 2005) ''Vulnerability reduction is promoted by risk analysis that tracks actual risk, emphasizes high risk, determines risk reduction as a function of countermeasures, tracks increase of risk due to external influence, and measures success of the vulnerability reduction program''. Process control and Supervisory Control and Data Acquisition (SCADA) systems, with their reliance on proprietary networks and hardware, have long been considered immune to the network attacks that have wreaked so much havoc on corporate information systems. New research indicates this confidence is misplaced--the move to open standards such as Ethernet, Transmission Control Protocol/Internet Protocol, and Web technologies is allowing hackers to take advantage of the control industry's unawareness. Much of the available information about cyber incidents represents a characterization as opposed to an analysis of events. The lack of good analyses reflects an overall weakness in reporting requirements as well as the fact that to date there have been very few serious cyber attacks on control systems. Most companies prefer not to share cyber attack incident data because of potential financial repercussions. Uniform reporting requirements will do much to make this

  16. Cyber Security and Resilient Systems

    International Nuclear Information System (INIS)

    Anderson, Robert S.

    2009-01-01

    The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation's cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested - both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments to date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the

  17. Cyber Security and Resilient Systems

    Energy Technology Data Exchange (ETDEWEB)

    Robert S. Anderson

    2009-07-01

    The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation’s cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested – both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments to date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the

  18. Meningitis and Meningoencephalitis among Israel Defense Force Soldiers: 20 Years Experience at the Hadassah Medical Centers.

    Science.gov (United States)

    Pikkel, Yoav Y; Ben-Hur, Tamir; Eliahou, Ruth; Honig, Asaf

    2015-11-01

    Meningitis and meningoencephalitis pose major risks of morbidity and mortality. To describe 20 years of experience treating infections of the central nervous system in Israel Defense Force (IDF) soldiers, including the common presentations, pathogens and sequelae, and to identify risk groups among soldiers. All soldiers who were admitted to the Hadassah University Medical Center (both campuses: Ein Kerem and Mt. Scopus) due to meningitis and meningoencephalitis from January 1993 to January 2014 were included in this retrospective study. Clinical, laboratory and radiologic data were reviewed from their hospital and army medical corps files. Attention was given to patients' military job description, i.e., combat vs. non-combat soldier, soldiers in training, and medical personnel. We identified 97 cases of suspected meningitis or meningoencephalitis. Six were mistakenly filed and these patients were found to have other disorders. Four soldiers were diagnosed with epidural abscess and five with meningitis due to non-infectious in flammatory diseases. Eighty-two soldiers in active and reserve duty had infectious meningitis or meningoencephalitis. Of these, 46 (56.1%) were combat soldiers and 31 (37.8%) non-combat; 20 (29.2%) were soldiers in training, 10 (12.2%) were training staff and 8 (9.8%) were medical staff. The main pathogens were enteroviruses, Epstein-Barr virus an d Neisseria meningitidis. In our series, soldiers in training, combat soldiers and medical personnel had meningitis and meningoencephalitis more than other soldiers. Enteroviruses are highly infectious pathogens and can cause outbreaks. N. meningitidis among IDF soldiers is still a concern. Early and aggressive treatment with steroids should be considered especially in robust meningoencephalitis cases.

  19. Cyber terrorism and cyber-crime – threats for cyber security

    OpenAIRE

    Ackoski, Jugoslav; Dojcinovski, Metodija

    2012-01-01

    This paper has aim to give contribution in supporting efforts against cyber threats recognized as a cyber terrorism and cyber crime. Also, it has aim to show future challenges related to cyber security and their emerging threats – cyber war, cyber terrorism and cyber crime. Accelerate weapon development called ICT (Information Communication Technology) which is developed every day faster and faster, and development of human conscious on higher level about consequences of ICT enormous pene...

  20. Defense.gov Special Report: Travels with Panetta - September 2011

    Science.gov (United States)

    : Regional Defense, Cyber Highlight AUSMIN Talks SAN FRANCISCO, Sept. 14, 2011 - Asia-Pacific defense Ability to Attack Broadly. Clinton, Panetta to Attend Australia-U.S. Ministerial News Photos . Main Menu Sexual Assault Prevention Asia-Pacific Rebalance Cyber Strategy News Today in DOD Press Advisories News

  1. Interdependent Risk and Cyber Security: An Analysis of Security Investment and Cyber Insurance

    Science.gov (United States)

    Shim, Woohyun

    2010-01-01

    An increasing number of firms rely on highly interconnected information networks. In such environments, defense against cyber attacks is complicated by residual risks caused by the interdependence of information security decisions of firms. IT security is affected not only by a firm's own management strategies but also by those of others. This…

  2. National Cyber Expert Addresses ELP Class

    OpenAIRE

    Center for Homeland Defense and Security

    2012-01-01

    Center for Homeland Defense and Security, PRESS RELEASES Governments, businesses and educational institutions should be making cybersecurity a top priority, a leading expert told a class of the Center for Homeland Defense and Security’s Executive Leaders Program. Brian...

  3. Payroll Expenses Reported by the Defense Finance and Accounting Service Columbus Center

    National Research Council Canada - National Science Library

    1998-01-01

    .... Specifically, we reviewed accounting records for payroll and related expenditures to determine the validity of payroll expenses that the DFAS Columbus Center submitted to the DFAS Indianapolis Center...

  4. Cyber as a Team Sport: Operationalizing a Whole-Of-Government Approach to Cyberspace Operations

    Science.gov (United States)

    2011-06-07

    July 2010-7 June 2011 4. TITLE AND SUBTITLE • -~ ·- ~ I 5a. CONTRACT NUMBER CYBER AS A "TEAM SPORT ": OPERATIONALIZING A WHOLE-OF-GOVERNMENT APPROACH...JOINT FORCES STAFF COLLEGE JOINT ADVANCED WARFIGHTING SCHOOL CYBER AS A “TEAM SPORT ”: OPERATIONALIZING A WHOLE-OF- GOVERNMENT APPROACH...TO CYBERSPACE OPERATIONS by Elizabeth A. Myers Department of Defense CYBER AS A "TEAM SPORT ": OPERATIONALIZING A WHOLE-OF· GOVERNMENT

  5. WHEN NORMS FAIL: NORTH KOREA AND CYBER AS AN ELEMENT OF STATECRAFT

    Science.gov (United States)

    2017-04-06

    be confused with defense. Today, tech and cyber -related companies spend significant funds toward reducing system vulnerability. This expenditure is...example of the DPRK’s use of cyber as an element of statecraft. In this case, North Korea attempted to deter a private U.S. company from showing a...in conjunction with the National Security Council, should develop a U.S. policy on the use of offensive cyber capabilities. This policy should

  6. Defense.gov Special Report: Panetta Bids Farewell

    Science.gov (United States)

    Against Al Qaeda: Today and Tomorrow Defending the Nation from Cyber Attack Center for National Policy Sexual Assault Prevention Asia-Pacific Rebalance Cyber Strategy News Today in DOD Press Advisories News

  7. Cyber Security : Home User's Perspective

    OpenAIRE

    Ikonen, Mikko

    2014-01-01

    Cyber security is important to understand for home users. New technology allows for new cyber threats to emerge and new solutions must be considered to counter them. Nearly every device is connected to the Internet and this opens new possibilities and threats to cyber security. This Bachelor's thesis explores the different aspects of cyber security and suggests solutions to different cyber security issues found. The different aspects of cyber security under research here include personal ...

  8. Cyber Epidemic Models with Dependences

    OpenAIRE

    Xu, Maochao; Da, Gaofeng; Xu, Shouhuai

    2016-01-01

    Studying models of cyber epidemics over arbitrary complex networks can deepen our understanding of cyber security from a whole-system perspective. In this paper, we initiate the investigation of cyber epidemic models that accommodate the {\\em dependences} between the cyber attack events. Due to the notorious difficulty in dealing with such dependences, essentially all existing cyber epidemic models have assumed them away. Specifically, we introduce the idea of Copulas into cyber epidemic mode...

  9. Using the Oldest Military Force for the Newest National Defense

    Directory of Open Access Journals (Sweden)

    Brian Claus

    2015-12-01

    Full Text Available The National Guard is establishing Cyber Mission Teams (CMT that will fulfill a federal role to backfill active duty defending Department of Defense networks, but are also exploring how they could effectively fulfill state missions. The President, Council of Governors, and USCYBERCOM Commander have expressed concerns about U.S. critical infrastructure cyber network vulnerabilities and the increasing magnitude of threat our adversaries pose to those networks’ security. This article explores using this emerging National Guard capability in a state role for protection of critical infrastructure cyber networks. Most of the critical infrastructure is privately owned. Although current executive orders and policy mandate government sharing of cyber threat information, private providers’ reciprocation of sharing their vulnerabilities is voluntary. This article contends that effective cyber defense requires strong private-public partnerships. We developed a critical infrastructure cyber defense model based upon key characteristics from the literature on private-public partnerships and performed a case study of current cyber defense partnerships to validate the model. Our research shows this model to be a useful guide for emerging National Guard Cyber Mission Forces to consider when establishing partnerships for effective critical infrastructure cyber defense.

  10. Defining cyber warfare

    Directory of Open Access Journals (Sweden)

    Dragan D. Mladenović

    2012-04-01

    Full Text Available Cyber conflicts represent a new kind of warfare that is technologically developing very rapidly. Such development results in more frequent and more intensive cyber attacks undertaken by states against adversary targets, with a wide range of diverse operations, from information operations to physical destruction of targets. Nevertheless, cyber warfare is waged through the application of the same means, techniques and methods as those used in cyber criminal, terrorism and intelligence activities. Moreover, it has a very specific nature that enables states to covertly initiate attacks against their adversaries. The starting point in defining doctrines, procedures and standards in the area of cyber warfare is determining its true nature. In this paper, a contribution to this effort was made through the analysis of the existing state doctrines and international practice in the area of cyber warfare towards the determination of its nationally acceptable definition.

  11. Cyber space bullying

    Directory of Open Access Journals (Sweden)

    Popović-Ćitić Branislava

    2009-01-01

    Full Text Available Cyber space bullying is a relatively new phenomenon that has received increased attention by scientists, researchers and practitioners in recent years. It is usually defined as an intentionally and repeatedly expression of aggression towards other people through information and communication technologies. Cyber space bullying is characterized by all the primary characteristics of traditional bullying and some specifics ones that clearly differ it from other forms of bullying. In addition to the analysis of characteristics and specifics of cyber space bullying, the paper describes the basic forms of cyber space bullying (flaming, harassment, denigration, impersonation, outing, trickery, exclusion, stalking and happy slapping, as well as, the types of cyber space bullies (vengeful angel, power-hungry, revenge of the nerd, mean girls and inadvertent. The main goal of this paper is to provide initial theoretical guidelines for designing future empirical research on the complex phenomenon of cyber space bullying.

  12. A Cyber Pearl Harbor

    Science.gov (United States)

    2016-02-03

    door for an attack. These medium-potential cyber tools can present the pathway to espionage or attack when weaponized.18 It is important to...facilitate espionage or up to and including destruction of the system.27 Cyber attack falls on the right end of the spectrum. Before the definition for...warfare or war. Congruent with international laws on war, there is delineation between an act of espionage and act of war. Advancements in cyber

  13. Cyber-bombing ISIS

    DEFF Research Database (Denmark)

    Ringsmose, Jens; Teglskov Jacobsen, Jeppe

    2017-01-01

    It has become a conventional wisdom in strategic studies that the development and use of cyber weapons should be kept secret, as the effectiveness of these tools is dependent on opponents being unaware of a particular cyber weapon’s characteristics. Why, then, has the US military repeatedly publi...... the enemy’s trust in his own IT-infrastructure, and command and control systems, (3) signal “cyber strength” to third parties, and (4) establish norms regarding how to use cyber weapons in accordance with International Humanitarian Law....

  14. Cyber-Informed Engineering

    Energy Technology Data Exchange (ETDEWEB)

    Anderson, Robert S. [Idaho National Lab. (INL), Idaho Falls, ID (United States); Benjamin, Jacob [Idaho National Lab. (INL), Idaho Falls, ID (United States); Wright, Virginia L. [Idaho National Lab. (INL), Idaho Falls, ID (United States); Quinones, Luis [Idaho National Lab. (INL), Idaho Falls, ID (United States); Paz, Jonathan [Idaho National Lab. (INL), Idaho Falls, ID (United States)

    2017-03-01

    A continuing challenge for engineers who utilize digital systems is to understand the impact of cyber-attacks across the entire product and program lifecycle. This is a challenge due to the evolving nature of cyber threats that may impact the design, development, deployment, and operational phases of all systems. Cyber Informed Engineering is the process by which engineers are made aware of both how to use their engineering knowledge to positively impact the cyber security in the processes by which they architect and design components and the services and security of the components themselves.

  15. Cyber-Informed Engineering

    International Nuclear Information System (INIS)

    Anderson, Robert S.; Benjamin, Jacob; Wright, Virginia L.; Quinones, Luis; Paz, Jonathan

    2017-01-01

    A continuing challenge for engineers who utilize digital systems is to understand the impact of cyber-attacks across the entire product and program lifecycle. This is a challenge due to the evolving nature of cyber threats that may impact the design, development, deployment, and operational phases of all systems. Cyber Informed Engineering is the process by which engineers are made aware of both how to use their engineering knowledge to positively impact the cyber security in the processes by which they architect and design components and the services and security of the components themselves.

  16. DSB Task Force on Cyber Supply Chain

    Science.gov (United States)

    2017-04-01

    established to provide independent advice to the Secretary of Defense. Statements, opinions, conclusions, and recommendations in this report do not...that does not rely exclusively on trust; and continue research and development (R&D) investments of DoD agencies for a technology-enabled strategy...subcontracts. Such reporting requirements are inconsistent and no DoD system at present collects event information on cyber-physical attacks of electronic

  17. International Cyber Incident Repository System: Information Sharing on a Global Scale

    Energy Technology Data Exchange (ETDEWEB)

    Joyce, Amanda L.; Evans, PhD, Nathaniel; Tanzman, Edward A.; Israeli, Daniel

    2017-02-02

    According to the 2016 Internet Security Threat Report, the largest number of cyber attacks were recorded last year (2015), reaching a total of 430 million incidents throughout the world. As the number of cyber incidents increases, the need for information and intelligence sharing increases, as well. This fairly large increase in cyber incidents is driving the need for an international cyber incident data reporting system. The goal of the cyber incident reporting system is to make available shared and collected information about cyber events among participating international parties. In its 2014 report, Insurance Industry Working Session Readout Report-Insurance for CyberRelated Critical Infrastructure Loss: Key Issues, on the outcomes of a working session on cyber insurance, the U.S. Department of Homeland Security observed that “many participants cited the need for a secure method through which organizations could pool and share cyber incident information” and noted that one underwriter emphasized the importance of internationally harmonized data taxonomies. This cyber incident data reporting system could benefit all nations that take part in reporting incidents to provide a more common operating picture. In addition, this reporting system could allow for trending and anticipated attacks and could potentially benefit participating members by enabling them to get in front of potential attacks. The purpose of this paper is to identify options for consideration for such a system in fostering cooperative cyber defense.

  18. DETERMINATION OF CYBER SECURITY AWARENESS OF PUBLIC EMPLOYEES AND CONSCIOUSNESS-RISING SUGGESTIONS

    Directory of Open Access Journals (Sweden)

    Huseyin Kuru

    2016-07-01

    Full Text Available The aim of this study is to measure Turkish government employees’ awareness of cyber security and cyber space elements. Participants were 71 Turkish public employees working for various ministries. Both qualitative and quantitative research methods were used to get the most detailed information from the participants. A survey was administered to cyber security officers in chosen state institutions. For qualitative research, open-ended questions were administered to the participants. Reliability and validity issues were established for both surveys. Results show that employees have enough information about cyber security and cyber warfare. Findings clearly suggests that cyber defense policy should be planned in coordination with other state institutions and experiences should be shared. In order to create feasible and realistic cyber security policy at institutional level, experts at cyber security must be trained, hired and help must be requested from specialized individuals and institutions. This study recommends that rapid reaction teams (RRT should be established to take care of cyber systems, to react against cyber breaches in time, to alert staff for cyber-attacks in order to establish effective recovery.

  19. Evaluating the Impact of the Department of Defense Regional Centers for Security Studies

    Science.gov (United States)

    2014-01-01

    Kazakstan, Moldova, Montenegro $542,000 total 11% O&M; 89% other Media: weapon or tool 50 Garmisch, Germany $99,000 O&M nAtO Smart Defense (2...events) 70 total Bosnia, Montenegro $74,000 total Other nESA Yemen national Security Seminar 40 Yemen $450,000 Other pakistani Military Confidence...mandate. It included commentary on all aspects of APCSS’s operations, including physical plant , library usage, stu- dent selection, alumni outreach

  20. Raising awareness on cyber safety: adolescents' experience of a primary healthcare professional-led, school-based, multi-center intervention.

    Science.gov (United States)

    Tsimtsiou, Zoi; Drosos, Evangelos; Drontsos, Anastasios; Haidich, Anna-Bettina; Dantsi, Fotini; Sekeri, Zafiria; Dardavesis, Theodoros; Nanos, Panagiotis; Arvanitidou, Malamatenia

    2017-09-15

    Purpose Although safe Internet use is an emerging public health issue, there is a scarcity of published work describing relevant school-based interventions. The objective of this study was to explore the impact of a health professional-led, school-based intervention in raising awareness on cyber-safety in adolescents, Therefore, the aim of this study was to investigate adolescents' evaluation of this school-based intervention, 6 months after its implementation, as well as the impact of adolescents' school class and gender on their evaluation. Methods A student sample was selected using a multistage stratified random sampling technique, according to the location and school grade level (middle, high school). The students - aged from 12 to 18 years old experienced an interactive presentation in their classrooms on the amount of time spent online, the use of social networks and the available support services. An evaluation tool was completed anonymously and voluntarily 6 months after the intervention. Results Four hundred and sixty-two students (response rate 90.7%, 246 middle, 216 high school) completed the evaluation tool. Younger students, especially the ones in the first year of middle school, scored significantly higher in all six parameters used in the evaluation of this intervention compared with all the older participants: (a) they had kept the presented information on Safeline and Saferinternet websites and the helpline Ypostirizo (70.2% vs. 33.7%, p < 0.001) (b) they had already used it (32.5% vs. 12.3%, p < 0.001), (c) they had learned new information on cyber safety (66.4% vs. 34%, p < 0.001), (d) they rated the intervention as more interesting (median 8 vs. 7, p < 0.05), (e) they had reconsidered the way they use Internet (median 7 vs. 6, p < 0.05) and (f) they had changed their cyber behavior (median 7 vs. 5, p < 0.05). Conclusion The active involvement of students in a discussion on cyber-safety based on their experiences was highly evaluated. The impact

  1. CYBER DETERRENCE

    Science.gov (United States)

    2016-02-11

    credibility in building alliances, deterring enemies, and preventing costly wars. Dr. Press identified the relationship of a country’s credibility...separate networks with different security administrators and 9 firewalls . Bryan Clark, a senior fellow at the Center for Strategic and Budgetary...question when forming the basis for retaliation.42 Attribution when possible can be very costly and time consuming. This can be best explained in

  2. SASTRA CYBER DI INDONESIA

    Directory of Open Access Journals (Sweden)

    Laily Fitriani

    2011-10-01

    Full Text Available The digital era started when the internet technology spread to the developing countries including Indonesia. The flourish of cyber literature leads to the debate on the quality of the work of literature. Above all, the existence of literature sites (cyber literature becomes an important alternative for writers and literary activist in Indonesia.

  3. Definitions of Cyber Terrorism

    NARCIS (Netherlands)

    Luiijf, H.A.M.

    2014-01-01

    The phrase cyber terror appeared for the first time in the mid-eighties. According to several sources, Barry C. Collin, a senior person research fellow of the Institute for Security and Intelligence in California, defined cyber terror at that time as “the convergence of cybernetics and terrorism”—an

  4. Detection and Modeling of Cyber Attacks with Petri Nets

    Directory of Open Access Journals (Sweden)

    Bartosz Jasiul

    2014-12-01

    Full Text Available The aim of this article is to present an approach to develop and verify a method of formal modeling of cyber threats directed at computer systems. Moreover, the goal is to prove that the method enables one to create models resembling the behavior of malware that support the detection process of selected cyber attacks and facilitate the application of countermeasures. The most common cyber threats targeting end users and terminals are caused by malicious software, called malware. The malware detection process can be performed either by matching their digital signatures or analyzing their behavioral models. As the obfuscation techniques make the malware almost undetectable, the classic signature-based anti-virus tools must be supported with behavioral analysis. The proposed approach to modeling of malware behavior is based on colored Petri nets. This article is addressed to cyber defense researchers, security architects and developers solving up-to-date problems regarding the detection and prevention of advanced persistent threats.

  5. Cyber-physical augmentation : An exploration

    NARCIS (Netherlands)

    Vroom, R.W.; Horvath, I.

    2014-01-01

    Ubiquitous technologies provide many product innovation opportunities for industrial design engineers, such as creating user centered cyber-physical systems with adaptive capabilities to individual users and environments. The exploration discussed in this paper aims to uncover needs to know for

  6. Defense Base Closure and Realignment Budget Data for the Naval Surface Warfare Center

    National Research Council Canada - National Science Library

    1993-01-01

    ... and realignment military construction projects. This report provides the results of the audit related to the realignment of Naval Surface Warfare Centers elements in White Oak, Maryland, and Panama City, Florida, to Dahlgren, Virginia...

  7. Cyber Crime & Cyber War – "Part of the Game": Cyber Security, Quo Vadis?

    OpenAIRE

    Karl H. Stingeder

    2015-01-01

    Welche Rolle spielt Cyber Crime gegenwärtig? Was unterscheidet Cyber Crime von Cyber War? Wie muss Cyber Security gestaltet sein, um effektiven Schutz nachhaltig zu gewährleisten? Cyber Crime-Aktivitäten kennzeichnen sich häufig durch eine einfache Zugänglichkeit von betrügerischem Know-How und technischen Hilfsmitteln. Bedingt durch eine schleppende und mangelhafte Umsetzung von koordinierten Gegenmaßnahmen, resultieren Cyber-Delikte in einem Low-Risk und High-Reward Szenario für Cyber-Krimi...

  8. 2004 annual report. Defense, safety, energy, information, health. CEA in the center of big European challenges

    International Nuclear Information System (INIS)

    2005-01-01

    This document is the 2004 annual report of the French atomic energy commission (CEA). It presents the R and D activities of the CEA in three main domains: 1 - defense and safety, maintaining perenniality of nuclear dissuasion and nuclear safety: supplying nuclear weapons to armies, maintaining dissuasion capability with the simulation program, sharing R and D means with the scientific community and the industrial world, designing and maintaining naval nuclear propulsion reactors, cleansing Marcoule and Pierrelatte facilities, monitoring treaties and fighting against proliferation and terrorism; 2 - energy, developing more competitive and cleaner energy sources: nuclear waste management, optimization of industrial nuclear activities, future nuclear systems and new energy technologies, basic research on energy, radiobiology and toxicology; 3 - information and health, valorizing industry thanks to technological research and supplying new tools for health and medical research: micro- and nano-technologies, software technologies, basic research for industrial innovation, nuclear technologies for health and bio-technologies. (J.S.)

  9. Cyber crime and cyber warfare with international cyber collaboration for RSA – preparing communities

    CSIR Research Space (South Africa)

    Grobler, M

    2012-03-01

    Full Text Available aspects come into play that may have an influence on the manner in which the military reacts to cyber attacks (Wilson 2007): ? new national security policy issues; ? consideration of psychological operations used to affect friendly nations... relationship between modern cyber space, cyber warfare and traditional legislation. As a starting point, cyber warfare is defined for the purpose of this article as the use of exploits in cyber space as a way to intentionally cause harm to people, assets...

  10. Timing of cyber conflict.

    Science.gov (United States)

    Axelrod, Robert; Iliev, Rumen

    2014-01-28

    Nations are accumulating cyber resources in the form of stockpiles of zero-day exploits as well as other novel methods of engaging in future cyber conflict against selected targets. This paper analyzes the optimal timing for the use of such cyber resources. A simple mathematical model is offered to clarify how the timing of such a choice can depend on the stakes involved in the present situation, as well as the characteristics of the resource for exploitation. The model deals with the question of when the resource should be used given that its use today may well prevent it from being available for use later. The analysis provides concepts, theory, applications, and distinctions to promote the understanding strategy aspects of cyber conflict. Case studies include the Stuxnet attack on Iran's nuclear program, the Iranian cyber attack on the energy firm Saudi Aramco, the persistent cyber espionage carried out by the Chinese military, and an analogous case of economic coercion by China in a dispute with Japan. The effects of the rapidly expanding market for zero-day exploits are also analyzed. The goal of the paper is to promote the understanding of this domain of cyber conflict to mitigate the harm it can do, and harness the capabilities it can provide.

  11. Cyber Defense Research and Monitoring Laboratory

    Data.gov (United States)

    Federal Laboratory Consortium — This facility acts as a fusion point for bridging ARL's research in tactical and operational Information Assurance (IA) areas and the development and assessment of...

  12. Lab Note: Training the Cyber Defensive Line

    Science.gov (United States)

    2016-05-02

    available at http://www.nextgov.com/cybersecurity/2013/03/how-many-cyberattacks-hit-united-states-last- year/61775/. 2 “Verizon 2015 Data Breach Investigation...at http://www.prnewswire.com/news-releases/verizon-2015- data - breach -investigations-report-finds- cyberthreats-are-increasing-in-sophistication-yet...Verizon’s Data Breach Investigations Report (available on request from http://www.verizonenterprise.com/DBIR/). The blue team must ensure that their

  13. Multi-Community Cyber Defense (MCCD)

    National Research Council Canada - National Science Library

    Smith, Randall

    2002-01-01

    This program developed and demonstrated automated technologies enabling security devices to cooperatively respond to network intrusions across small-to-very-large-scale networks while spanning administrative domains...

  14. Chinese cyber espionage: a complementary method to aid PLA modernization

    OpenAIRE

    Ellis, Jamie M.

    2015-01-01

    Approved for public release; distribution is unlimited In 2013, Mandiant published a report linking one People’s Liberation Army (PLA) unit to the virtual exploitation of 11 modern U.S. military platforms. In the last two decades, Chinese cyber espionage has cultivated a significant reputation in cyberspace for its high-volume, illicit exploitation of defense technology. At the same time, the PLA has also rapidly modernized its naval, fighter jet, and air defense technologies. This thesis ...

  15. Breaking Bad: Reforming Cyber Acquisition via Innovative Strategies

    Science.gov (United States)

    2015-04-01

    relate to infrastructure programs. Acquisition strategies for defensive tools, such as firewalls and antivirus software , will differ from acquisition...working on nuclear concepts for the benefit of the national will. These laboratories, as pointed out by Capt Patrick Roberts, also perform software ... software development, these scientists and engineers now possess experience making cyber systems that could be focused into the development of offensive

  16. Cyber-Victimized Students

    Directory of Open Access Journals (Sweden)

    Kaitlyn N. Ryan

    2013-12-01

    Full Text Available Bullying is a common topic in the media and academic settings. Teachers are regularly expected to provide curriculum and intervene regarding all forms of bullying, including cyber-bullying. Altering the behaviors of those who bully is often the focus of interventions, with less attention being placed on victim impact. The purpose of this article was to provide educators with a review of evidence regarding the occurrence, impact, and interventions for victims of cyber-bullying. Evidence reveals that cyber-bullying can have emotional, social, and academic impacts but that there are very few documented, and even fewer evidence-based, programs for victims of cyber-bullying. We conclude by proposing that school-wide programs and support be developed and provided to victims.

  17. UVI Cyber-security Workshop Workshop Analysis.

    Energy Technology Data Exchange (ETDEWEB)

    Kuykendall, Tommie G. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Allsop, Jacob Lee [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Anderson, Benjamin Robert [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Boumedine, Marc [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Carter, Cedric [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Galvin, Seanmichael Yurko [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Gonzalez, Oscar [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Lee, Wellington K. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Lin, Han Wei [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Morris, Tyler Jake [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Nauer, Kevin S.; Potts, Beth A.; Ta, Kim Thanh; Trasti, Jennifer; White, David R.

    2015-07-08

    The cybersecurity consortium, which was established by DOE/NNSA’s Minority Serving Institutions Partnerships Program (MSIPP), allows students from any of the partner schools (13 HBCUs, two national laboratories, and a public school district) to have all consortia options available to them, to create career paths and to open doors to DOE sites and facilities to student members of the consortium. As a part of this year consortium activities, Sandia National Laboratories and the University of Virgin Islands conducted a week long cyber workshop that consisted of three courses; Digital Forensics and Malware Analysis, Python Programming, and ThunderBird Cup. These courses are designed to enhance cyber defense skills and promote learning within STEM related fields.

  18. Cyber space bullying

    OpenAIRE

    Popović-Ćitić Branislava

    2009-01-01

    Cyber space bullying is a relatively new phenomenon that has received increased attention by scientists, researchers and practitioners in recent years. It is usually defined as an intentionally and repeatedly expression of aggression towards other people through information and communication technologies. Cyber space bullying is characterized by all the primary characteristics of traditional bullying and some specifics ones that clearly differ it from other forms of bullying. In addition to t...

  19. Operationalizing Army Cyber

    Science.gov (United States)

    2013-03-01

    killed just under 3,000 people and cost the U.S. economy somewhere between three and five trillion dollars. The Japanese attacked with a state... economy , and military readiness. The challenge is to design an Army Cyber force that can support the United States Cyber Command (USCYBERCOM) national...still keeps the intelligence and signal functions separate in most units today from battalion to echelon above Corps ( EAC ). There are many past reasons

  20. Cyber Deterrence and Stability

    Energy Technology Data Exchange (ETDEWEB)

    Goychayev, Rustam [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Carr, Geoffrey A. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Weise, Rachel A. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Donnelly, David A. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Clements, Samuel L. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Benz, Jacob M. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Rodda, Kabrena E. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Bartholomew, Rachel A. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); McKinnon, Archibald D. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Andres, Richard B. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States)

    2017-09-30

    Throughout the 20th and early 21st centuries, deterrence and arms control have been cornerstones of strategic stability between the superpowers. However, the weaponization of the cyber realm by State actors and the multipolar nature of cyber conflict now undermines that stability. Strategic stability is the state in which nations believe that if they act aggressively to undermine U.S. national interests and the post-World War II liberal democratic order, the consequences will outweigh the benefits. The sense of lawlessness and lack of consequences in the cyber realm embolden States to be more aggressive in taking actions that undermine stability. Accordingly, this paper examines 1) the role of deterrence and arms control in securing cyber stability, and 2) the limitations and challenges associated with these traditional national security paradigms as applied to this emerging threat domain. This paper demonstrates that many 20th-century deterrence and arms control concepts are not particularly applicable in the cyber realm. However, they are not entirely irrelevant. The United States can distill lessons learned from this rich deterrence and arms control experience to develop and deploy a strategy to advance cyber stability.

  1. ON THE OFFENSE: USING CYBER WEAPONS TO INFLUENCE COGNITIVE BEHAVIOR

    Directory of Open Access Journals (Sweden)

    Mary Fendley

    2012-12-01

    Full Text Available There is an increasing recognition that cyber warfare is an important area of development for targeting and weaponeering, with far-reaching effects in national defense and economic security. The ability to conduct effective operations in cyberspace relies on a robust situational awareness of events occurring in both the physical and information domains, with an understanding of how they affect the cognitive domain of friendly, neutral, and adversary population sets. The dynamic nature of the battlefield complicates efforts to understand shifting adversary motivations and intentions. There are very few approaches, to date, that systematically evaluate the effects of the repertoire of cyber weapons on the cognitive, perceptual, and behavioral characteristics of the adversary. In this paper, we describe a software environment called Cognitive Cyber Weapon Selection Tool (CCWST that simulates a scenario involving cyber weaponry.This tool provides the capabilities to test weapons which may induce behavioral state changes in the adversaries. CCWST provides the required situational awareness to the Cyber Information Operations (IO planner to conduct intelligent weapon selection during weapon activation in order to induce the desired behavioral change in the perception of the adversary. Weapons designed to induce the cognitive state changes of deception, distraction, distrust and confusion were then tested empirically to evaluate the capabilities and expected cognitive state changes induced by these weapons. The results demonstrated that CCWST is a powerful environment within which to test and evaluate the impact of cyber weapons on influencing cognitive behavioral states during information processing.

  2. Developing the cyber victimisation experiences and cyber bullying behaviours scales

    OpenAIRE

    Betts, LR; Spenser, KA

    2017-01-01

    The reported prevalence rates of cyber victimisation experiences and cyber bullying behaviours vary. Part of this variation is likely due to the diverse definitions and operationalisations of the constructs adopted in previous research and the lack of psychometrically robust measures. Through two studies, the current research developed (Study 1) and evaluated (Study 2) the cyber victimisation experiences and cyber bullying behaviours scales. In Study 1 393 (122 male, 171 female), and in Study...

  3. Establishing a Cyber Warrior Force

    National Research Council Canada - National Science Library

    Tobin, Scott

    2004-01-01

    Cyber Warfare is widely touted to be the next generation of warfare. As America's reliance on automated systems and information technology increases, so too does the potential vulnerability to cyber attack...

  4. Cyber Attacks and Combat Behavior

    Directory of Open Access Journals (Sweden)

    Carataș Maria Alina

    2017-01-01

    Full Text Available Cyber terrorism is an intangible danger, a real over the corner threat in the life of individuals,organizations, and governments and is getting harder to deal with its damages. The motivations forthe cyber-attacks are different, depending on the terrorist group, from cybercrime to hacktivism,attacks over the authorities’ servers. Organizations constantly need to find new ways ofstrengthening protection against cyber-attacks, assess their cyber readiness, expand the resiliencecapacity and adopts international security regulations.

  5. Special Operations And Cyber Warfare

    Science.gov (United States)

    2016-12-01

    Cyber weapons have multiple functions and can be used for espionage or OPE. It is important to highlight the similarities between the intelligence...James Clapper, Director of National Intelligence, emphasized the importance of cyber operations as he identified cyber as the third major hazard facing...support the development of the capacity and capability of foreign security forces and their supporting institutions.”52 The DOD’s Cyber Strategy states

  6. Cybersecurity protecting critical infrastructures from cyber attack and cyber warfare

    CERN Document Server

    Johnson, Thomas A

    2015-01-01

    The World Economic Forum regards the threat of cyber attack as one of the top five global risks confronting nations of the world today. Cyber attacks are increasingly targeting the core functions of the economies in nations throughout the world. The threat to attack critical infrastructures, disrupt critical services, and induce a wide range of damage is becoming more difficult to defend against. Cybersecurity: Protecting Critical Infrastructures from Cyber Attack and Cyber Warfare examines the current cyber threat landscape and discusses the strategies being used by governments and corporatio

  7. A Survey of Cyber Ranges and Testbeds

    Science.gov (United States)

    2013-10-01

    2012. [8] S. W. Neville and K. F. Li , "The Rational for Developing Larger-scale 1000+ Machine Emulation-Based Research Test Beds," WAINA 2009, pp...2002, pp. 6-2671-2676, 6-2678-6- 2682 vol. 6. [20] P. Pederson, D. Lee, G. Shu, D. Chen, Z. Liu, N. Li , and L. Sang, "Virtual Cyber- Security Testing...attacks with applications in homeland defense training." AeroSense 2003. International Society for Optics and Photonics, 2003. [54] Zhou, Mian

  8. Assessment of ground-water contamination from a leaking underground storage tank at a defense supply center near Richmond, Virginia

    International Nuclear Information System (INIS)

    Powell, J.D.; Wright, W.G.

    1990-01-01

    During 1988-89, 24 wells were installed in the vicinity of the post-exchange gasoline station on the Defense General Supply Center, near Richmond, Virginia, to collect and analyze groundwater samples for the presence of gasoline contamination from a leaking underground storage tank. Concentrations of total petroleum hydrocarbons and benzene were as high as 8.2 mg/L and 9,000 microg/L, respectively, in water from wells in the immediate vicinity of the former leaking tank, and benzene concentrations were as high as 2,300 microg/L in a well 600 ft down gradient from the gasoline station. Groundwater flow rate are estimated to be about 60 to 80 ft/yr; on the basis of these flow rates, the contaminants may have been introduced into the groundwater as long as 7-10 yrs ago. Groundwater might infiltrate a subsurface storm sewer, where the sewer is below the water table, and discharge into a nearby stream. Preliminary risk assessment for the site identified no potential human receptors to the groundwater contamination because there were no groundwater users identified in the area. Remediation might be appropriate if exposure of future potential users is concern. Alternatives discussed for remediation of groundwater contamination in the upper aquifer at the PX Service Station include no-action, soil vapor extraction, and groundwater pumping and treatment alternatives

  9. Cyber threat metrics.

    Energy Technology Data Exchange (ETDEWEB)

    Frye, Jason Neal; Veitch, Cynthia K.; Mateski, Mark Elliot; Michalski, John T.; Harris, James Mark; Trevino, Cassandra M.; Maruoka, Scott

    2012-03-01

    Threats are generally much easier to list than to describe, and much easier to describe than to measure. As a result, many organizations list threats. Fewer describe them in useful terms, and still fewer measure them in meaningful ways. This is particularly true in the dynamic and nebulous domain of cyber threats - a domain that tends to resist easy measurement and, in some cases, appears to defy any measurement. We believe the problem is tractable. In this report we describe threat metrics and models for characterizing threats consistently and unambiguously. The purpose of this report is to support the Operational Threat Assessment (OTA) phase of risk and vulnerability assessment. To this end, we focus on the task of characterizing cyber threats using consistent threat metrics and models. In particular, we address threat metrics and models for describing malicious cyber threats to US FCEB agencies and systems.

  10. EFFECT OF LEARNING CULTURE, EMPOWERMENT, AND CYBER SKILL COMPETENCY ON SELF-ENGAGEMENT EMPLOYEES

    Directory of Open Access Journals (Sweden)

    S.R.M. Indah Permata Sari

    2017-12-01

    Full Text Available The purpose of this research is to comprehensively about the effect of learning culture, empowerment, and cyber skill competence on self engagement of the employee in Directorate General of Potential for Defense Ministry of Defense Republic of Indonesia. The research methodology was survey with path analysis applied in testing hypothesis. It was conducted to 150 employees from population 241 employee who was selected in simple random way.Analysis and interpretation of data indicate that (1 learning culture has a positive direct effect in self engagement, (2 empowerment has a positive direct effect in self engagement, (3 cyber skill competence has a positive direct effect in self engagement, (4 learning culture has a positive direct effect in cyber skill competence, (5 empowerment has a positive direct effect in cyber skill competence, and (6 learning culture has a positive direct effect in empowerment

  11. Cyber child sexual exploitation.

    Science.gov (United States)

    Burgess, Ann Wolbert; Mahoney, Meghan; Visk, Julie; Morgenbesser, Leonard

    2008-09-01

    A 2-year review of 285 child cyber crime cases reported in the newspaper revealed how the Internet offenders were apprehended, the content of child pornography, and crime classification. A subsample of 100 cases with data on offender occupation revealed 73% of cases involved people in positions of authority. The dynamics of child cyber crime cases direct the implications for nursing practice in terms of evidence-based suspicion for reporting, categorizing the content of Internet images, referral of children for counseling, and treatment of offenders.

  12. Is Cyber Deterrence an Illusory Course of Action?

    Directory of Open Access Journals (Sweden)

    Emilio Iasiello

    2014-04-01

    Full Text Available With the U.S. government acknowledgement of the seriousness of cyber threats, particularly against its critical infrastructures, as well as the Department of Defense officially labeling cyberspace as a war fighting domain, the Cold War strategy of deterrence is being applied to the cyber domain. However, unlike the nuclear realm, cyber deterrence must incorporate a wide spectrum of potential adversaries of various skill, determination, and capability, ranging from individual actors to state run enterprises. What’s more, the very principles that achieved success in deterring the launch of nuclear weapons during the Cold War, namely the threat of severe retaliation, cannot be achieved in cyberspace, thus neutralizing the potential effectiveness of leveraging a similar strategy. Attribution challenges, the ability to respond quickly and effectively, and the ability to sustain a model of repeatability prove to be insurmountable in a domain where actors operate in obfuscation.

  13. Engaging the Nation’s Critical Infrastructure Sector to Deter Cyber Threats

    Science.gov (United States)

    2013-03-01

    is the component of CyberOps that extends cyber power beyond the defensive boundaries of the GIG to detect, deter, deny, and defeat adversaries... economy .16 DDOS attacks are based on multiple, malware infected personal computers, organized into networks called botnets, and are directed by...not condemn the actions of those involved. Of the two attacks on Estonia and Georgia, it was Estonia that had the greatest damage to its economy

  14. Application of the JDL data fusion process model for cyber security

    Science.gov (United States)

    Giacobe, Nicklaus A.

    2010-04-01

    A number of cyber security technologies have proposed the use of data fusion to enhance the defensive capabilities of the network and aid in the development of situational awareness for the security analyst. While there have been advances in fusion technologies and the application of fusion in intrusion detection systems (IDSs), in particular, additional progress can be made by gaining a better understanding of a variety of data fusion processes and applying them to the cyber security application domain. This research explores the underlying processes identified in the Joint Directors of Laboratories (JDL) data fusion process model and further describes them in a cyber security context.

  15. Automated Cyber Red Teaming

    Science.gov (United States)

    2015-04-01

    affect one’s cyber system by searching for viable attack plans1, and examining its effect on the system. It is a labour - intensive exercise as it...Both Satisfaction and Optimization Problems,” AI Magazine, vol. 22, no. 3, pp. 85-87, 2001. [183] S. Milton, Machine Learning methods for

  16. ARMY CYBER STRUCTURE ALIGNMENT

    Science.gov (United States)

    2016-02-16

    content/?q=historic-cyber-unit-begins- daily-action . 14 John M. McHugh , Secretary of the Army, HQDA General Order 2014-02, Affirmation of Secretary of...support-plays-role-in-tactical-operations/75545442/. McHugh , John M., Secretary of the Army, HQDA General Order 2014-02, Affirmation of Secretary of

  17. Index of cyber integrity

    Science.gov (United States)

    Anderson, Gustave

    2014-05-01

    Unfortunately, there is no metric, nor set of metrics, that are both general enough to encompass all possible types of applications yet specific enough to capture the application and attack specific details. As a result we are left with ad-hoc methods for generating evaluations of the security of our systems. Current state of the art methods for evaluating the security of systems include penetration testing and cyber evaluation tests. For these evaluations, security professionals simulate an attack from malicious outsiders and malicious insiders. These evaluations are very productive and are able to discover potential vulnerabilities resulting from improper system configuration, hardware and software flaws, or operational weaknesses. We therefore propose the index of cyber integrity (ICI), which is modeled after the index of biological integrity (IBI) to provide a holistic measure of the health of a system under test in a cyber-environment. The ICI provides a broad base measure through a collection of application and system specific metrics. In this paper, following the example of the IBI, we demonstrate how a multi-metric index may be used as a holistic measure of the health of a system under test in a cyber-environment.

  18. Cyber Panel Experimentation Program

    National Research Council Canada - National Science Library

    Haines, Joshua

    2003-01-01

    .... A variety of multi-step cyber attacks were perpetrated against the target network each of which typifies a current-day real-world attack. The preliminary results presented here represent those available at conclusion of the experiment process by BBN.

  19. Cyber warfare: critical perspectives

    NARCIS (Netherlands)

    Ducheine, P.; Osinga, F.; Soeters, J.

    2012-01-01

    Next to sea, land, air and space, ‘cyber space’ appears to be the fifth operational domain for the military. This manmade and virtual sphere brings along opportunities and threats. In this book, academics of the Netherlands Defence Academy as well as specialists and military professionals from other

  20. Resilience of Cyber Systems with Over- and Underregulation.

    Science.gov (United States)

    Gisladottir, Viktoria; Ganin, Alexander A; Keisler, Jeffrey M; Kepner, Jeremy; Linkov, Igor

    2017-09-01

    Recent cyber attacks provide evidence of increased threats to our critical systems and infrastructure. A common reaction to a new threat is to harden the system by adding new rules and regulations. As federal and state governments request new procedures to follow, each of their organizations implements their own cyber defense strategies. This unintentionally increases time and effort that employees spend on training and policy implementation and decreases the time and latitude to perform critical job functions, thus raising overall levels of stress. People's performance under stress, coupled with an overabundance of information, results in even more vulnerabilities for adversaries to exploit. In this article, we embed a simple regulatory model that accounts for cybersecurity human factors and an organization's regulatory environment in a model of a corporate cyber network under attack. The resulting model demonstrates the effect of under- and overregulation on an organization's resilience with respect to insider threats. Currently, there is a tendency to use ad-hoc approaches to account for human factors rather than to incorporate them into cyber resilience modeling. It is clear that using a systematic approach utilizing behavioral science, which already exists in cyber resilience assessment, would provide a more holistic view for decisionmakers. © 2016 Society for Risk Analysis.

  1. CYBER FORENSICS COMPETENCY-BASED FRAMEWORK - AREVIEW

    OpenAIRE

    Elfadil Sabeil; Azizah Bt Abdul Manaf; Zuraini Ismail; Mohamed Abas

    2011-01-01

    Lack of Cyber Forensics experts is a huge challenge facing the world today. It comes due to the fancy of Cyber Forensics training or education. The multidisciplinary nature of Cyber Forensics proliferates to diverse training programmes, from a handful day‟s workshop to Postgraduate in Cyber Forensics. Consequently, this paper concentrates on analyzing the Cyber Forensics training programmes in terms of Competency-Based Framework. The study proves that Cyber Forensics training or education h...

  2. A Markov game theoretic data fusion approach for cyber situational awareness

    Science.gov (United States)

    Shen, Dan; Chen, Genshe; Cruz, Jose B., Jr.; Haynes, Leonard; Kruger, Martin; Blasch, Erik

    2007-04-01

    This paper proposes an innovative data-fusion/ data-mining game theoretic situation awareness and impact assessment approach for cyber network defense. Alerts generated by Intrusion Detection Sensors (IDSs) or Intrusion Prevention Sensors (IPSs) are fed into the data refinement (Level 0) and object assessment (L1) data fusion components. High-level situation/threat assessment (L2/L3) data fusion based on Markov game model and Hierarchical Entity Aggregation (HEA) are proposed to refine the primitive prediction generated by adaptive feature/pattern recognition and capture new unknown features. A Markov (Stochastic) game method is used to estimate the belief of each possible cyber attack pattern. Game theory captures the nature of cyber conflicts: determination of the attacking-force strategies is tightly coupled to determination of the defense-force strategies and vice versa. Also, Markov game theory deals with uncertainty and incompleteness of available information. A software tool is developed to demonstrate the performance of the high level information fusion for cyber network defense situation and a simulation example shows the enhanced understating of cyber-network defense.

  3. Cyber-Physical War Gaming

    OpenAIRE

    Colbert, E. J. M.; Sullivan, D. T.; Kott, A

    2017-01-01

    This paper presents general strategies for cyber war gaming of Cyber-Physical Systems (CPSs) that are used for cyber security research at the U.S. Army Research Laboratory (ARL). Since Supervisory Control and Data Acquisition (SCADA) and other CPSs are operational systems, it is difficult or impossible to perform security experiments on actual systems. The authors describe how table-top strategy sessions and realistic, live CPS war games are conducted at ARL. They also discuss how the recorde...

  4. Economic Analysis of Cyber Security

    National Research Council Canada - National Science Library

    Gallaher, Michael P; Rowe, Brent R; Rogozhin, Alex V; Link, Albert N

    2006-01-01

    .... However, few organizations attempt such analysis for their cyber security mechanisms. Key performance and evaluation metrics are not available, so organizations rely on qualitative assessments...

  5. Cyber Security Analysis of Turkey

    OpenAIRE

    Senturk, Hakan; Çil, Zaim; Sağıroğlu, Şeref

    2016-01-01

    Considering the criticality of the cyber security threat in the 21st century, it is presumed that the nations are busy with series of activities in order to protect their security in the cyber space domain. In this paper, in light of the recent developments in the cyber security field, Turkey’s cyber security analysis is performed using a macro analysis model. We researched for the measures taken in Turkey with respect to those in the other countries, reviewed the posture, the activities and ...

  6. U.S. Cyber Command Support to Geographic Combatant Commands

    Science.gov (United States)

    2011-03-02

    State Association of Colleges and Schools, 3624 Market Street, Philadelphia, PA 19104, (215) 662-5606. The Commission on Higher Education is an...the Middle States Association of Colleges and Schools, 3624 Market Street, Philadelphia, PA 19104, (215) 662-5606. The Commission on Higher...Defense Regarding Cybersecurity. 33 The NCCIC is augmented by the Cyber Unified Coordination Group ( UCG ) made up of public and private sector officials

  7. Modeling and Simulation of Cyber Battlefield

    Directory of Open Access Journals (Sweden)

    AliJabar Rashidi

    2017-12-01

    Full Text Available In order to protect cyberspace against cyber-attacks we need cyber situation awareness framework for the implementation of our cyber maneuvers. This article allows execution cyber maneuvers with dynamic cyber battlefield simulator. Cyber battlefield contains essential information for the detection of cyber events, therefore, it can be considered most important and complicated factor in the high-level fusion. Cyber battlefield by gather detail data of cyberspace elements, including knowledge repository of vulnerability, tangible and intangible elements of cyberspace and the relationships between them, can provide and execute cyber maneuvers, penetration testing, cyber-attacks injection, attack tracking, visualization, cyber-attacks impact assessment and risk assessment. The dynamic maker Engine in simulator is designed to update the knowledge base of vulnerabilities, change the topology elements, and change the access list, services, hosts and users. Evaluation of simulator do with qualitative method of research and with create a focus group.

  8. Conflict in Cyber Space

    DEFF Research Database (Denmark)

    Friis, Karsten; Ringsmose, Jens

    Over the past two decades, a new man-made domain of conflict has materialized. Alongside armed conflict in the domains of land, sea, air, and space, hostilities between different types of political actors are now taking place in cyberspace. This volume addresses the challenges posed by cyberspace...... the different scholarly and political positions associated with various key aspects of cyber conflict and seek to answer the following questions: do existing theories provide sufficient answers to the current challenges posed by conflict in cyberspace, and, if not, could alternative approaches be developed......?; how do states and non-state actors make use of cyber-weapons when pursuing strategic and political aims?; and, how does the advent of conflict in cyberspace challenge our established legal framework? By asking important strategic questions on the theoretical, strategic, ethical and legal implications...

  9. Cyber Network Mission Dependencies

    Science.gov (United States)

    2015-09-18

    leak paths”) and determine if firewalls and router access control lists are violating network policy. Visualization tools are provided to help analysts...with which a supply agent may not be familiar. In this environment, errors in requisition are easy to make, and they are costly : an incomplete cyber...establishing an email network and recommend a firewall and additional laptops. YMAL would also match mission details like the deployment location with

  10. Cyber Workforce Retention

    Science.gov (United States)

    2016-10-01

    analysts, who most closely coincide with members of the 1B4 occupation skill set . However, adjusting for the local labor markets where approximately 80–85...fewer than 10 years. 2. Cyber Airmen, in particular 1B4s, have the skill sets needed in the labor market : their skills are extremely portable and...professionals collides with a world labor market already experi- encing a dramatic deficit in individuals with these skills . At the same time, the United

  11. DNSSEC for cyber forensics

    OpenAIRE

    Shulman, Haya; Waidner, Michael

    2014-01-01

    Domain Name System (DNS) cache poisoning is a stepping stone towards advanced (cyber) attacks. DNS cache poisoning can be used to monitor users activities for censorship, to distribute malware and spam and to subvert correctness and availability of Internet clients and services. Currently, the DNS infrastructure relies on challenge-response defences against attacks by (the common) off-path adversaries. Such defences do not suffice against stronger, man-in-the-middle (MitM), adversaries. Howev...

  12. CYBER SECURITY FOR AIRPORTS

    OpenAIRE

    Kasthurirangan Gopalakrishnan; Manimaran Govindarasu; Doug W. Jacobson; Brent M. Phares

    2013-01-01

    In today’s information age, government organizations and business enterprises are heavily relying on interconnected computer systems to manage a variety of public services including energy, transportation, water, etc. While this increased connectivity has many operational advantages benefitting the public, they have also become vulnerable to cyber attacks such as Corporate Security Breaches, Spear Phishing, and Social Media Fraud. The aviation sector is one the critical infrastructure systems...

  13. Fighting cyber crime through cyber forensics first responder training

    CSIR Research Space (South Africa)

    Venter, JP

    2008-11-01

    Full Text Available behind traces that are of interest to cyber forensic scientists. Cyber forensics is the science of analysing traces in order to extract evidence for use in court or at formal hearings. This rapid rise in the use of ICT for criminal purposes necessitated...

  14. Human dimensions in cyber operations research and development priorities.

    Energy Technology Data Exchange (ETDEWEB)

    Forsythe, James Chris; Silva, Austin Ray; Stevens-Adams, Susan Marie; Bradshaw, Jeffrey [Institute for Human and Machine Cognition

    2012-11-01

    Within cyber security, the human element represents one of the greatest untapped opportunities for increasing the effectiveness of network defenses. However, there has been little research to understand the human dimension in cyber operations. To better understand the needs and priorities for research and development to address these issues, a workshop was conducted August 28-29, 2012 in Washington DC. A synthesis was developed that captured the key issues and associated research questions. Research and development needs were identified that fell into three parallel paths: (1) human factors analysis and scientific studies to establish foundational knowledge concerning factors underlying the performance of cyber defenders; (2) development of models that capture key processes that mediate interactions between defenders, users, adversaries and the public; and (3) development of a multi-purpose test environment for conducting controlled experiments that enables systems and human performance measurement. These research and development investments would transform cyber operations from an art to a science, enabling systems solutions to be engineered to address a range of situations. Organizations would be able to move beyond the current state where key decisions (e.g. personnel assignment) are made on a largely ad hoc basis to a state in which there exist institutionalized processes for assuring the right people are doing the right jobs in the right way. These developments lay the groundwork for emergence of a professional class of cyber defenders with defined roles and career progressions, with higher levels of personnel commitment and retention. Finally, the operational impact would be evident in improved performance, accompanied by a shift to a more proactive response in which defenders have the capacity to exert greater control over the cyber battlespace.

  15. Cyber Professionals in the Military and Industry-Partnering in Defense of the Nation: A Conversation between Maj Gen Suzanne Vautrinot, Commander, Twenty-Fourth Air Force, and Mr. Charles Beard, Chief Information Officer, Science Applications International Corporation

    Science.gov (United States)

    2013-01-01

    what truly had to be protected and where we would establish trust. The results of that exercise materially changed our defense-in-depth strategy...vice president for Global Transportation and Industrial Markets at KPMG Consulting (later BearingPoint), leading the company’s strat- egy and

  16. Understanding Cyber Threats and Vulnerabilities

    NARCIS (Netherlands)

    Luiijf, H.A.M.

    2012-01-01

    This chapter reviews current and anticipated cyber-related threats to the Critical Information Infrastructure (CII) and Critical Infrastructures (CI). The potential impact of cyber-terrorism to CII and CI has been coined many times since the term was first coined during the 1980s. Being the

  17. Cyber Bullying and Academic Performance

    Science.gov (United States)

    Faryadi, Qais

    2011-01-01

    This research investigates the emotional and physiological effects of cyber bullying on the university students. The primary objective of this investigation is to identify the victims of cyber bullying and critically analyze their emotional state and frame of mind in order to provide them with a workable and feasible intervention in fighting cyber…

  18. Resilia cyber resilience best practices

    CERN Document Server

    , AXELOS

    2015-01-01

    RESILIA™ Cyber Resilience Best Practices offers a practical approach to cyber resilience, reflecting the need to detect and recover from incidents, and not rely on prevention alone. It uses the ITIL® framework, which provides a proven approach to the provision of services that align to business outcomes.

  19. Cyber Security Applications: Freeware & Shareware

    Science.gov (United States)

    Rogers, Gary; Ashford, Tina

    2015-01-01

    This paper will discuss some assignments using freeware/shareware instructors can find on the Web to use to provide students with hands-on experience in this arena. Also, the college, Palm Beach State College, via a grant with the U.S. Department of Labor, has recently purchased a unique cyber security device that simulates cyber security attacks…

  20. Russia’s Approach to Cyber Warfare

    Science.gov (United States)

    2016-09-01

    State University .” “’Information Troops’ -- a Russian Cyber Command?” 2011 3rd International Conference on Cyber Conflict, C. Czosseck, E. Tyugu, T...www.nytimes.com/2008/08/13/technology/13cyber.html?_r=0. 36 Ibid. 37 Joseph Mann, “Expert: Cyber-attacks on Georgia websites tied to mob , Russian government

  1. Cyber-physical security of Wide-Area Monitoring, Protection and Control in a smart grid environment.

    Science.gov (United States)

    Ashok, Aditya; Hahn, Adam; Govindarasu, Manimaran

    2014-07-01

    Smart grid initiatives will produce a grid that is increasingly dependent on its cyber infrastructure in order to support the numerous power applications necessary to provide improved grid monitoring and control capabilities. However, recent findings documented in government reports and other literature, indicate the growing threat of cyber-based attacks in numbers and sophistication targeting the nation's electric grid and other critical infrastructures. Specifically, this paper discusses cyber-physical security of Wide-Area Monitoring, Protection and Control (WAMPAC) from a coordinated cyber attack perspective and introduces a game-theoretic approach to address the issue. Finally, the paper briefly describes how cyber-physical testbeds can be used to evaluate the security research and perform realistic attack-defense studies for smart grid type environments.

  2. Cyber-physical security of Wide-Area Monitoring, Protection and Control in a smart grid environment

    Science.gov (United States)

    Ashok, Aditya; Hahn, Adam; Govindarasu, Manimaran

    2013-01-01

    Smart grid initiatives will produce a grid that is increasingly dependent on its cyber infrastructure in order to support the numerous power applications necessary to provide improved grid monitoring and control capabilities. However, recent findings documented in government reports and other literature, indicate the growing threat of cyber-based attacks in numbers and sophistication targeting the nation’s electric grid and other critical infrastructures. Specifically, this paper discusses cyber-physical security of Wide-Area Monitoring, Protection and Control (WAMPAC) from a coordinated cyber attack perspective and introduces a game-theoretic approach to address the issue. Finally, the paper briefly describes how cyber-physical testbeds can be used to evaluate the security research and perform realistic attack-defense studies for smart grid type environments. PMID:25685516

  3. Stuxnet and the Future of Cyber War

    OpenAIRE

    Farwell, James P.; Rohozinski, Rafal

    2011-01-01

    The discovery in June 2010 that a cyber worm dubbed 'Stuxnet' had struck the Iranian nuclear facility at Natanz suggested that, for cyber war, the future is now. Yet more important is the political and strategic context in which new cyber threats are emerging, and the effects the worm has generated in this respect. Perhaps most striking is the confluence between cyber crime and state action. States are capitalising on technology whose development is driven by cyber crime, and perhaps outsourc...

  4. Technical Aspects of Cyber Kill Chain

    OpenAIRE

    Yadav, Tarun; Mallari, Rao Arvind

    2016-01-01

    Recent trends in targeted cyber-attacks has increased the interest of research in the field of cyber security. Such attacks have massive disruptive effects on rganizations, enterprises and governments. Cyber kill chain is a model to describe cyber-attacks so as to develop incident response and analysis capabilities. Cyber kill chain in simple terms is an attack chain, the path that an intruder takes to penetrate information systems over time to execute an attack on the target. This paper broa...

  5. Literature Review on Cyber Security Investment Decisions

    OpenAIRE

    ŞENTÜRK, Hakan; ÇİL, Celal Zaim; SAĞIROĞLU, Şeref

    2016-01-01

    Severe financial losses incurred by cyber security attacks with increasing complexity and frequency, as well as booming cyber security sector offering variety of products as investment options have led the focus of the research in the field to the economic dimension of cyber security. The need for determination of methods to be used when making cyber security investment decisions under budget constraints have become prominent. In five sections as the cyber security investment strategies, risk...

  6. Revisiting the Estonian Cyber Attacks: Digital Threats and Multinational Responses

    Directory of Open Access Journals (Sweden)

    Stephen Herzog

    2011-01-01

    Full Text Available In April 2007, the Estonian Government moved a memorial commemorating the Soviet liberation of the country from the Nazis to a less prominent and visible location in Tallinn. This decision triggered rioting among Russian-speaking minorities and cyber terrorism targeting Estonia's critical economic and political infrastructure. Drawing upon the Estonian cyber attacks, this article argues that globalization and the Internet have enabled transnational groups—such as the Russian diaspora—to avenge their grievances by threatening the sovereignty of nation-states in cyberspace. Sophisticated and virtually untraceable political "hacktivists" may now possess the ability to disrupt or destroy government operations, banking transactions, city power grids, and even military weapon systems. Fortunately, western countries banded together to effectively combat the Estonian cyber attacks and minimize their effects. However, this article concludes that in the age of globalization, interdependence, and digital interconnectedness, nation-states must engage in increased cooperative cyber-defense activities to counter and prevent devastating Internet attacks and their implications.

  7. Vulnerability of water supply systems to cyber-physical attacks

    Science.gov (United States)

    Galelli, Stefano; Taormina, Riccardo; Tippenhauer, Nils; Salomons, Elad; Ostfeld, Avi

    2016-04-01

    The adoption of smart meters, distributed sensor networks and industrial control systems has largely improved the level of service provided by modern water supply systems. Yet, the progressive computerization exposes these critical infrastructures to cyber-physical attacks, which are generally aimed at stealing critical information (cyber-espionage) or causing service disruption (denial-of-service). Recent statistics show that water and power utilities are undergoing frequent attacks - such as the December power outage in Ukraine - , attracting the interest of operators and security agencies. Taking the security of Water Distribution Networks (WDNs) as domain of study, our work seeks to characterize the vulnerability of WDNs to cyber-physical attacks, so as to conceive adequate defense mechanisms. We extend the functionality of EPANET, which models hydraulic and water quality processes in pressurized pipe networks, to include a cyber layer vulnerable to repeated attacks. Simulation results on a medium-scale network show that several hydraulic actuators (valves and pumps, for example) can be easily attacked, causing both service disruption - i.e., water spillage and loss of pressure - and structural damages - e.g., pipes burst. Our work highlights the need for adequate countermeasures, such as attacks detection and reactive control systems.

  8. China's Use of Cyber Warfare: Espionage Meets Strategic Deterrence

    Directory of Open Access Journals (Sweden)

    Magnus Hjortdal

    2011-01-01

    Full Text Available This article presents three reasons for states to use cyber warfare and shows that cyberspace is—and will continue to be—a decisive element in China's strategy to ascend in the international system. The three reasons are: deterrence through infiltration of critical infrastructure; military technological espionage to gain military knowledge; and industrial espionage to gain economic advantage. China has a greater interest in using cyberspace offensively than other actors, such as the United States, since it has more to gain from spying on and deterring the United States than the other way around. The article also documents China's progress in cyber warfare and shows how it works as an extension of its traditional strategic thinking and the current debate within the country. Several examples of cyber attacks traceable to China are also presented. This includes cyber intrusions on a nuclear arms laboratory, attacks on defense ministries (including the Joint Strike Fighter and an airbase and the U.S. electric grid, as well as the current Google affair, which has proved to be a small part of a broader attack that also targeted the U.S. Government. There are, however, certain constraints that qualify the image of China as an aggressive actor in cyberspace. Some believe that China itself is the victim of just as many attacks from other states. Furthermore, certain actors in the United States and the West have an interest in overestimating China's capabilities in cyberspace in order to maintain their budgets.

  9. Students' perspectives on cyber bullying.

    Science.gov (United States)

    Agatston, Patricia W; Kowalski, Robin; Limber, Susan

    2007-12-01

    The aim of this study was to gain a better understanding of the impact of cyber bullying on students and the possible need for prevention messages targeting students, educators, and parents. A total of 148 middle and high school students were interviewed during focus groups held at two middle and two high schools in a public school district. The focus groups were approximately 45 minutes in length. Students were divided by gender and asked a series of scripted questions by a same-gender student assistance counselor. We found that students' comments during the focus groups suggest that students-particularly females-view cyber bullying as a problem, but one rarely discussed at school, and that students do not see the school district personnel as helpful resources when dealing with cyber bullying. Students are currently experiencing the majority of cyber bullying instances outside of the school day; however there is some impact at school. Students were able to suggest some basic strategies for dealing with cyber bullying, but were less likely to be aware of strategies to request the removal of objectionable websites, as well as how to respond as a helpful bystander when witnessing cruel online behavior. We conclude that school districts should address cyber bullying through a combination of policies and information that are shared with students and parents. Schools should include cyber bullying as part of their bullying prevention strategies and include classroom lessons that address reporting and bystander behavior.

  10. Cyber and physical infrastructure interdependencies.

    Energy Technology Data Exchange (ETDEWEB)

    Phillips, Laurence R.; Kelic, Andjelka; Warren, Drake E.

    2008-09-01

    The goal of the work discussed in this document is to understand the risk to the nation of cyber attacks on critical infrastructures. The large body of research results on cyber attacks against physical infrastructure vulnerabilities has not resulted in clear understanding of the cascading effects a cyber-caused disruption can have on critical national infrastructures and the ability of these affected infrastructures to deliver services. This document discusses current research and methodologies aimed at assessing the translation of a cyber-based effect into a physical disruption of infrastructure and thence into quantification of the economic consequences of the resultant disruption and damage. The document discusses the deficiencies of the existing methods in correlating cyber attacks with physical consequences. The document then outlines a research plan to correct those deficiencies. When completed, the research plan will result in a fully supported methodology to quantify the economic consequences of events that begin with cyber effects, cascade into other physical infrastructure impacts, and result in degradation of the critical infrastructure's ability to deliver services and products. This methodology enables quantification of the risks to national critical infrastructure of cyber threats. The work addresses the electric power sector as an example of how the methodology can be applied.

  11. Cyber essentials a pocket guide

    CERN Document Server

    Calder, Alan

    2014-01-01

    Every year, thousands of computer systems in the UK are compromised. The majority fall victim to easily preventable cyber attacks, carried out with tools which are freely available on the Internet.   Cyber Essentials is the UK Government's reaction to the proliferation of these attacks. It requires that organisations put basic security measures in place, enabling them to reliably counter the most common tactics employed by cyber criminals. From 1 October 2014, all suppliers bidding for a range of government ICT contracts - in particu

  12. Cyber-campaigning in Denmark

    DEFF Research Database (Denmark)

    Hansen, Kasper Møller; Kosiara-Pedersen, Karina

    2014-01-01

    sites and Facebook sites are popular among candidates but other features such as blogs, feeds, newsletter, video uploads, SMS and twitter are used by less than half the candidates. Second, only age and possibly education seem to matter when explaining the uptake of cyber-campaigning. The prominent...... candidates are not significantly more likely to use cyber-campaigning tools and activities. Third, the analysis of the effect of cyber-campaigning shows that the online score has an effect on the inter-party competition for personal votes, but it does not have a significant effect when controlling for other...

  13. Cyber Security: US - Chinese Relations

    OpenAIRE

    Debnárová, Barbora

    2015-01-01

    This diploma thesis deals with cyber relation of the United States of America and the People's republic of China. The aim of this diploma thesis is to answer the following questions: What kind of cyber threat for the United States does China represent? How is China's cyber strategy characterised? How do USA react on this threat and what are the gaps in this reaction? The thesis is divided into four chapters. The first chapter deals with definition of cyberwarfare and its perception in Chinese...

  14. A novel proposed network security management approach for cyber attacks

    International Nuclear Information System (INIS)

    Ahmed, Z.; Nazir, B.; Zafar, M.F.; Anwar, M.M.; Azam, K.; Asar, A.U.

    2007-01-01

    Network security is a discipline that focuses on securing networks from unauthorized access. Given the Escalating threats of malicious cyber attacks, modern enterprises employ multiple lines of defense. A comprehensive defense strategy against such attacks should include (I) an attack detection component that deter- mines the fact that a program is compromised, (2) an attack identification and prevention component that identifies attack packets so that one can block such packets in the future and prevents the attack from further propagation. Over the last decade, a significant amount of research has been vested in the systems that can detect cyber attacks either statically at compile time or dynamically at run time, However, not much effort is spent on automated attack packet identification or attack prevention. In this paper we present a unified solution to the problems mentioned above. We implemented this solution after the forward engineering of Open Source Security Information Management (OSSIM) system called Preventive Information Security management (PrISM) system that correlates input from different sensors so that the resulting product can automatically detect any cyber attack against it and prevents by identifying the actual attack packet(s). The PrISM was always able to detect the attacks, identify the attack packets and most often prevent by blocking the attacker's IP address to continue normal execution. There is no additional run-time performance overhead for attack prevention. (author)

  15. Establishing Cyber Warfare Doctrine

    Directory of Open Access Journals (Sweden)

    Andrew M. Colarik

    2012-01-01

    Full Text Available Over the past several decades, advances in technology have transformed communications and the ability to acquire, disseminate, and utilize information in a range of environments. Modern societies and their respective militaries have taken advantage of a robust information space through network-centric systems. Because military and commercial operations have increasingly converged, communication and information infrastructures are now high-priority military objectives in times of war. This article examines the theoretical underpinning of current cyber warfare research, what we have learned so far about its application, and some of the emerging themes to be considered; it also postulates the development of a (national cyber warfare doctrine (CWD. An endeavor of this scale requires lots of considerations and preparation for its development if it is to be cooperatively embraced. This article considers why information technology systems and their supporting infrastructures should be considered legitimate military targets in conflicts, and offers several events that support this supposition. In addition, it identifies the various forms of doctrine that will become the basis for developing a CWD, discusses a CWD's possible components, and proposes a national collaborative and discussion framework for obtaining a nation's stakeholder buy-in for such an endeavor.

  16. Cyber security in nuclear industry – Analytic study from the terror incident in nuclear power plants (NPPs)

    International Nuclear Information System (INIS)

    Cho, Hyo Sung; Woo, Tae Ho

    2017-01-01

    Highlights: • The cyber terrorism in NPPs of South Korea shows the study motivations. • Analyses of the cyber terrorism in NPPs are investigated. • Designed solutions for the cyber terrorism in NPPs are discussed. • South Korean case is considered as the cyber terrorism in NPPs. - Abstract: The cyber terrorism for nuclear power plants (NPPs) is investigated for the analytic study following the South Korean case on December 2014. There are several possible cyber terror attacks in which the twelve cases are studied for the nuclear terror cases including the computer hacking and data stealing. The defense-in-depth concept is compared for cyber terrorism, which was imported from the physical terror analysis. The conventional three conditions of the physical protection system (PPS) are modified as prevention, detection, and response. The six cases are introduced for the solutions of the facility against the possible cyber terrorism in NPPs. The computer hacking methods and related solutions are analyzed for the applications in the nuclear industry. The nuclear security in the NPPs could be an extremely serious condition and the remedies are very important in the safe plant operations. In addition, the quantitative modeling study is performed.

  17. Cyber-Terrorism: Modem Mayhem

    National Research Council Canada - National Science Library

    White, Kenneth

    1998-01-01

    .... The arrival of the information age has created a new menace cyber terrorism. This threat recognizes no boundaries, requires minimal resources to mount an attack, and leaves no human footprint at ground zero...

  18. Cyber security in digitalized nuclear power plants

    Energy Technology Data Exchange (ETDEWEB)

    Sohn, Kwang Young; Yi, Woo June [KoRTS Co., Ltd., Daejeon (Korea, Republic of)

    2008-10-15

    This paper analyzer the cyber security issues pertaining to networks and general systems, and provides cyber security activity model. For this, the importance of security, and the domestic and international trends of cyber security are surveyed in order to introduce the strategies and countermeasures of cyber security which should be interfaced with Quality Assurance (QA) plan Based on the result of cyber security model introduced in this paper, activities for cyber security, work load, necessary resources and process for activities, and duration could be estimated hopefully.

  19. Cyber security in digitalized nuclear power plants

    International Nuclear Information System (INIS)

    Sohn, Kwang Young; Yi, Woo June

    2008-01-01

    This paper analyzer the cyber security issues pertaining to networks and general systems, and provides cyber security activity model. For this, the importance of security, and the domestic and international trends of cyber security are surveyed in order to introduce the strategies and countermeasures of cyber security which should be interfaced with Quality Assurance (QA) plan Based on the result of cyber security model introduced in this paper, activities for cyber security, work load, necessary resources and process for activities, and duration could be estimated hopefully

  20. VTAC: virtual terrain assisted impact assessment for cyber attacks

    Science.gov (United States)

    Argauer, Brian J.; Yang, Shanchieh J.

    2008-03-01

    Overwhelming intrusion alerts have made timely response to network security breaches a difficult task. Correlating alerts to produce a higher level view of intrusion state of a network, thus, becomes an essential element in network defense. This work proposes to analyze correlated or grouped alerts and determine their 'impact' to services and users of the network. A network is modeled as 'virtual terrain' where cyber attacks maneuver. Overlaying correlated attack tracks on virtual terrain exhibits the vulnerabilities exploited by each track and the relationships between them and different network entities. The proposed impact assessment algorithm utilizes the graph-based virtual terrain model and combines assessments of damages caused by the attacks. The combined impact scores allow to identify severely damaged network services and affected users. Several scenarios are examined to demonstrate the uses of the proposed Virtual Terrain Assisted Impact Assessment for Cyber Attacks (VTAC).

  1. Defense Business Transformation

    Science.gov (United States)

    2009-12-01

    Defense Business Transformation by Jacques S. Gansler and William Lucyshyn The Center for Technology and National...REPORT TYPE 3. DATES COVERED 00-00-2009 to 00-00-2009 4. TITLE AND SUBTITLE Defense Business Transformation 5a. CONTRACT NUMBER 5b. GRANT NUMBER...vii Part One: DoD Business Transformation

  2. Defense Base Realignment and Closure Budget Data for Naval Air Technical Training Center, Naval Air Station Pensacola, Florida

    National Research Council Canada - National Science Library

    Granetto, Paul

    1994-01-01

    .... This report provides the results of the audit of 19 projects, valued at $288.9 million, for the realignment of the Naval Air Technical Training Center from Naval Air Station Memphis, Tennessee, to Naval Air Station Pensacola, Florida...

  3. Compilation of the FY 1998 Army General Fund Financial Statements at the Defense Finance and Accounting Service Indianapolis Center

    National Research Council Canada - National Science Library

    1999-01-01

    Our objective was to determine whether the DFAS Indianapolis Center consistently and accurately compiled financial data from field activities and other sources for the FY 1998 Army General Fund financial statements...

  4. Compilation of the FY 1996 Army Financial Statements at the Defense Finance and Accounting Service Indianapolis Center

    National Research Council Canada - National Science Library

    Lane, F

    1998-01-01

    ... Consolidated Financial Statements of the Army General Fund. We evaluated the processes, including internal controls and methods that the DFAS Indianapolis Center used to compile the Army FY 1996 General Fund financial statements...

  5. Recommended Practice: Creating Cyber Forensics Plans for Control Systems

    Energy Technology Data Exchange (ETDEWEB)

    Eric Cornelius; Mark Fabro

    2008-08-01

    issues and to accommodate for the diversity in both system and architecture types, a framework based in recommended practices to address forensics in the control systems domain is required. This framework must be fully flexible to allow for deployment into any control systems environment regardless of technologies used. Moreover, the framework and practices must provide for direction on the integration of modern network security technologies with traditionally closed systems, the result being a true defense-in-depth strategy for control systems architectures. This document takes the traditional concepts of cyber forensics and forensics engineering and provides direction regarding augmentation for control systems operational environments. The goal is to provide guidance to the reader with specifics relating to the complexity of cyber forensics for control systems, guidance to allow organizations to create a self-sustaining cyber forensics program, and guidance to support the maintenance and evolution of such programs. As the current control systems cyber security community of interest is without any specific direction on how to proceed with forensics in control systems environments, this information product is intended to be a first step.

  6. Operational advantages of using Cyber Electronic Warfare (CEW) in the battlefield

    Science.gov (United States)

    Yasar, Nurgul; Yasar, Fatih M.; Topcu, Yucel

    2012-06-01

    While cyberspace is emerging as a new battlefield, conventional Electronic Warfare (EW) methods and applications are likely to change. Cyber Electronic Warfare (CEW) concept which merges cyberspace capabilities with traditional EW methods, is a new and enhanced form of the electronic attack. In this study, cyberspace domain of the battlefield is emphazised and the feasibility of integrating Cyber Warfare (CW) concept into EW measures is researched. The SWOT (Strengths, Weaknesses, Opportunities and Threats) analysis method is used to state the operational advantages of using CEW concept in the battlefield. The operational advantages of CEW are assessed by means of its effects on adversary air defense systems, communication networks and information systems. Outstanding technological and operational difficulties are pointed out as well. As a result, a comparison of CEW concept and conventional EW applications is presented. It is concluded that, utilization of CEW concept is feasible at the battlefield and it may yield important operational advantages. Even though the computers of developed military systems are less complex than normal computers, they are not subjected to cyber threats since they are closed systems. This concept intends to show that these closed systems are also open to the cyber threats. As a result of the SWOT analysis, CEW concept provides Air Forces to be used in cyber operations effectively. On the other hand, since its Collateral Damage Criteria (CDC) is low, the usage of cyber electronic attack systems seems to grow up.

  7. Cyber-Threat Assessment for the Air Traffic Management System: A Network Controls Approach

    Science.gov (United States)

    Roy, Sandip; Sridhar, Banavar

    2016-01-01

    Air transportation networks are being disrupted with increasing frequency by failures in their cyber- (computing, communication, control) systems. Whether these cyber- failures arise due to deliberate attacks or incidental errors, they can have far-reaching impact on the performance of the air traffic control and management systems. For instance, a computer failure in the Washington DC Air Route Traffic Control Center (ZDC) on August 15, 2015, caused nearly complete closure of the Centers airspace for several hours. This closure had a propagative impact across the United States National Airspace System, causing changed congestion patterns and requiring placement of a suite of traffic management initiatives to address the capacity reduction and congestion. A snapshot of traffic on that day clearly shows the closure of the ZDC airspace and the resulting congestion at its boundary, which required augmented traffic management at multiple locations. Cyber- events also have important ramifications for private stakeholders, particularly the airlines. During the last few months, computer-system issues have caused several airlines fleets to be grounded for significant periods of time: these include United Airlines (twice), LOT Polish Airlines, and American Airlines. Delays and regional stoppages due to cyber- events are even more common, and may have myriad causes (e.g., failure of the Department of Homeland Security systems needed for security check of passengers, see [3]). The growing frequency of cyber- disruptions in the air transportation system reflects a much broader trend in the modern society: cyber- failures and threats are becoming increasingly pervasive, varied, and impactful. In consequence, an intense effort is underway to develop secure and resilient cyber- systems that can protect against, detect, and remove threats, see e.g. and its many citations. The outcomes of this wide effort on cyber- security are applicable to the air transportation infrastructure

  8. Implementation of the Gamma Monitor Calibration Laboratory (LABCAL) of the Institute of Chemical, Biological, Radiological and Nuclear Defense (IDQBRN) of the Technology Center of the Brazilian Army (CTEx)

    Energy Technology Data Exchange (ETDEWEB)

    Balthar, Mario Cesar V.; Amorim, Aneuri de; Santos, Avelino dos and others, E-mail: mariobalthar@gmail.com [Centro Tecnológico do Exército (IDQBRN/CTEx), Rio de Janeiro, RJ (Brazil). Instituto de Defesa Química, Biológica, Radiológica e Nuclear

    2017-07-01

    The objective of this work is to describe the implementation and adaptation stages of the Gamma Monitor Calibration Laboratory (Laboratório de Calibração de Monitores Gama - LABCAL) of the Institute of Chemical, Biological, Radiological and Nuclear Defense (Instituto de Defesa Química, Biológica, Radiológica e Nuclear - IDQBRN) of the Technology Center of the Brazilian Army (Centro Tecnológico do Exército - CTEx). Calibration of the radiation monitors used by the Brazilian Army will be performed by quantitatively measuring the ambient dose equivalent, in compliance with national legislation. LABCAL still seeks licensing from CNEN and INMETRO. The laboratory in intended to supply the total demand for calibration of ionizing radiation devices from the Brazilian Army. (author)

  9. Implementation of the Gamma Monitor Calibration Laboratory (LABCAL) of the Institute of Chemical, Biological, Radiological and Nuclear Defense (IDQBRN) of the Technology Center of the Brazilian Army (CTEx)

    International Nuclear Information System (INIS)

    Balthar, Mario Cesar V.; Amorim, Aneuri de; Santos, Avelino dos and others

    2017-01-01

    The objective of this work is to describe the implementation and adaptation stages of the Gamma Monitor Calibration Laboratory (Laboratório de Calibração de Monitores Gama - LABCAL) of the Institute of Chemical, Biological, Radiological and Nuclear Defense (Instituto de Defesa Química, Biológica, Radiológica e Nuclear - IDQBRN) of the Technology Center of the Brazilian Army (Centro Tecnológico do Exército - CTEx). Calibration of the radiation monitors used by the Brazilian Army will be performed by quantitatively measuring the ambient dose equivalent, in compliance with national legislation. LABCAL still seeks licensing from CNEN and INMETRO. The laboratory in intended to supply the total demand for calibration of ionizing radiation devices from the Brazilian Army. (author)

  10. Operating nuclear power stations in a regulated cyber security environment: a roadmap for success

    Energy Technology Data Exchange (ETDEWEB)

    Dorman, E., E-mail: Erik.Dorman@areva.com [AREVA Inc., Cyber Security Solutions, Charlotte, NC (United States)

    2015-07-01

    The United States Nuclear Regulatory Commission (NRC) issued 10CFR73.54 to implement a regulated Cyber Security Program at each operating nuclear reactor facility. Milestones were implemented December 31, 2012 to mitigate the attack vectors for the most critical digital assets acknowledged by the industry and the NRC. The NRC inspections have begun. The nuclear Cyber Security Plan, implemented by the site Cyber Security Program (Program), is an element of the operating license at each facility. The Program is designed to protect critical digital assets (CDAs) by applying and maintaining defense-in depth protective strategies to ensure the capability to detect, respond to, and recover from cyber-attacks. The Program references NEI 08-09 R. 6, the Nuclear Energy Institute Template that provides guidance for applying Cyber Security controls derived from NIST 800-53/82 and slightly modified to fit the nuclear environment. Many mature processes are in place at nuclear facilities in response to numerous regulations implemented over the past 30 years. Many of these processes such as the Physical Security Program offer protections that are leveraged to protect the functions of critical digital assets from unauthorized physical access. Other processes and technology such as engineering design control, work management and pre-job briefs, control of portable media and mobile devices, and deterministically segregated networks protect critical digital assets. By leveraging the regulated nuclear environment, integrating NIST type Cyber Security controls, and prudently deploying technology the Cyber Security posture of operating nuclear facilities supports on-demand base load electricity 24/7 with capacity factors exceeding 85%. This paper is designed to provide a glimpse into Cyber Security Programs that support safe operation and reliability in the regulated nuclear environment while supporting the on-demand base load electricity production 24/7. (author)

  11. Operating nuclear power stations in a regulated cyber security environment: a roadmap for success

    International Nuclear Information System (INIS)

    Dorman, E.

    2015-01-01

    The United States Nuclear Regulatory Commission (NRC) issued 10CFR73.54 to implement a regulated Cyber Security Program at each operating nuclear reactor facility. Milestones were implemented December 31, 2012 to mitigate the attack vectors for the most critical digital assets acknowledged by the industry and the NRC. The NRC inspections have begun. The nuclear Cyber Security Plan, implemented by the site Cyber Security Program (Program), is an element of the operating license at each facility. The Program is designed to protect critical digital assets (CDAs) by applying and maintaining defense-in depth protective strategies to ensure the capability to detect, respond to, and recover from cyber-attacks. The Program references NEI 08-09 R. 6, the Nuclear Energy Institute Template that provides guidance for applying Cyber Security controls derived from NIST 800-53/82 and slightly modified to fit the nuclear environment. Many mature processes are in place at nuclear facilities in response to numerous regulations implemented over the past 30 years. Many of these processes such as the Physical Security Program offer protections that are leveraged to protect the functions of critical digital assets from unauthorized physical access. Other processes and technology such as engineering design control, work management and pre-job briefs, control of portable media and mobile devices, and deterministically segregated networks protect critical digital assets. By leveraging the regulated nuclear environment, integrating NIST type Cyber Security controls, and prudently deploying technology the Cyber Security posture of operating nuclear facilities supports on-demand base load electricity 24/7 with capacity factors exceeding 85%. This paper is designed to provide a glimpse into Cyber Security Programs that support safe operation and reliability in the regulated nuclear environment while supporting the on-demand base load electricity production 24/7. (author)

  12. Cyber bullying: Child and youth spirituality

    OpenAIRE

    Anastasia Apostolides

    2017-01-01

    Digital culture is part of children’s and adolescents’ everyday lives. Digital culture has both positive and negative consequences. One such negative consequence is cyber violence that has been termed cyber bullying. Cyber bullying can cause serious emotional, behavioural and academic problems for both the victim and the bully. Although there is ongoing research on the effects of cyber bullying on children and youth in South Africa, no research has been carried out on how children’s and youth...

  13. KYPO Cyber Range: Design and Use Cases

    OpenAIRE

    Vykopal Jan; Ošlejšek Radek; Čeleda Pavel; Vizváry Martin; Tovarňák Daniel

    2017-01-01

    The physical and cyber worlds are increasingly intertwined and exposed to cyber attacks. The KYPO cyber range provides complex cyber systems and networks in a virtualized, fully controlled and monitored environment. Time-efficient and cost-effective deployment is feasible using cloud resources instead of a dedicated hardware infrastructure. This paper describes the design decisions made during it’s development. We prepared a set of use cases to evaluate the proposed design decisions and to de...

  14. Insurability of Cyber Risk: An Empirical Analysis

    OpenAIRE

    Biener, Christian; Eling, Martin; Wirfs, Jan Hendrik

    2015-01-01

    This paper discusses the adequacy of insurance for managing cyber risk. To this end, we extract 994 cases of cyber losses from an operational risk database and analyse their statistical properties. Based on the empirical results and recent literature, we investigate the insurability of cyber risk by systematically reviewing the set of criteria introduced by Berliner (1982). Our findings emphasise the distinct characteristics of cyber risks compared with other operational risks and bring to li...

  15. Cyber operations as nuclear counterproliferation measures

    OpenAIRE

    Roscini, M.

    2014-01-01

    Focusing on recent malware that allegedly targeted Iran’s nuclear programme, this article discusses the legality of inter-state cyber operations as measures to prevent the proliferation of nuclear weapons approaching the problem from the perspective of the law of State responsibility, in particular the circumstances precluding wrongfulness. After examining the role that cyber attacks and cyber exploitation can play in preventing nuclear proliferation, the article explores whether cyber operat...

  16. Center for information management and intelligence of the School of Public Legal Defense of the State of Bahia

    Directory of Open Access Journals (Sweden)

    Barbara Coelho Neves

    2012-04-01

    Full Text Available This paper presents the experience report about the implementation of the Center for Information Management and Intelligence administered by the Library of the Public Defender of the State of Bahia. The Center aims to corroborate the information stock, based on capturing the tacit knowledge of public Defenders of DPE. Aspires to social inclusion and the preservation of memory used in human rights activities defensoriais developed. The biggest benefit of creating the Center for Information Management and Intelligence is to provide the availability of information gained by the defenders in a structured way, to all persons interested in the topics defensoriais seized through legal experiences, conferences, training courses, seminars, workshops , Among others. The Center for Information Management and Intelligence of the DPE Library is an important way to efficiently connect "those who know" with those who "need to know" and converting personal knowledge into the organization's memory. For this, the proposal develops the collection, storage, management and dissemination of knowledge with a methodology based on models of the authors Nonaka and Takeuchi, with the help of teenagers "apprentices" in fulfillment of socio-educational measure the Mother City Foundation.

  17. Comparing models of offensive cyber operations

    CSIR Research Space (South Africa)

    Grant, T

    2015-10-01

    Full Text Available would be needed by a Cyber Security Operations Centre in order to perform offensive cyber operations?". The analysis was performed, using as a springboard seven models of cyber-attack, and resulted in the development of what is described as a canonical...

  18. 75 FR 26171 - Cyber Security Certification Program

    Science.gov (United States)

    2010-05-11

    ... Internet users rely are becoming increasingly susceptible to operator error and malicious cyber attack. For... susceptibility to operator error and malicious cyber attack, Federal entities, frequently in cooperation with the... transfers from cyber threats, such as espionage, disruption, and denial of service attacks. Specifically...

  19. Cyberprints: Identifying Cyber Attackers by Feature Analysis

    Science.gov (United States)

    Blakely, Benjamin A.

    2012-01-01

    The problem of attributing cyber attacks is one of increasing importance. Without a solid method of demonstrating the origin of a cyber attack, any attempts to deter would-be cyber attackers are wasted. Existing methods of attribution make unfounded assumptions about the environment in which they will operate: omniscience (the ability to gather,…

  20. Report on Allegation of Unsatisfactory Conditions Regarding Actions by the Defense Contract Management Agency, Earned Value Management Center

    Science.gov (United States)

    2010-07-28

    object ivity of Defen se Contract Management Agency to carry ou t its ea rn ed va lue managemen t oversight responsibilities; and DCMA Response: Non...Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington VA 22202-4302...Earned Value Management Center Director advised us that the 2-week time frame was “standard operating procedure” for performing compliance reviews at

  1. Cyber Threats to Nuclear Infrastructures

    International Nuclear Information System (INIS)

    Anderson, Robert S.; Moskowitz, Paul; Schanfein, Mark; Bjornard, Trond; St. Michel, Curtis

    2010-01-01

    Nuclear facility personnel expend considerable efforts to ensure that their facilities can maintain continuity of operations against both natural and man-made threats. Historically, most attention has been placed on physical security. Recently however, the threat of cyber-related attacks has become a recognized and growing world-wide concern. Much attention has focused on the vulnerability of the electric grid and chemical industries to cyber attacks, in part, because of their use of Supervisory Control and Data Acquisition (SCADA) systems. Lessons learned from work in these sectors indicate that the cyber threat may extend to other critical infrastructures including sites where nuclear and radiological materials are now stored. In this context, this white paper presents a hypothetical scenario by which a determined adversary launches a cyber attack that compromises the physical protection system and results in a reduced security posture at such a site. The compromised security posture might then be malevolently exploited in a variety of ways. The authors conclude that the cyber threat should be carefully considered for all nuclear infrastructures.

  2. Cyber Threats to Nuclear Infrastructures

    Energy Technology Data Exchange (ETDEWEB)

    Robert S. Anderson; Paul Moskowitz; Mark Schanfein; Trond Bjornard; Curtis St. Michel

    2010-07-01

    Nuclear facility personnel expend considerable efforts to ensure that their facilities can maintain continuity of operations against both natural and man-made threats. Historically, most attention has been placed on physical security. Recently however, the threat of cyber-related attacks has become a recognized and growing world-wide concern. Much attention has focused on the vulnerability of the electric grid and chemical industries to cyber attacks, in part, because of their use of Supervisory Control and Data Acquisition (SCADA) systems. Lessons learned from work in these sectors indicate that the cyber threat may extend to other critical infrastructures including sites where nuclear and radiological materials are now stored. In this context, this white paper presents a hypothetical scenario by which a determined adversary launches a cyber attack that compromises the physical protection system and results in a reduced security posture at such a site. The compromised security posture might then be malevolently exploited in a variety of ways. The authors conclude that the cyber threat should be carefully considered for all nuclear infrastructures.

  3. Cyber bullying behaviors among middle and high school students.

    Science.gov (United States)

    Mishna, Faye; Cook, Charlene; Gadalla, Tahany; Daciuk, Joanne; Solomon, Steven

    2010-07-01

    Little research has been conducted that comprehensively examines cyber bullying with a large and diverse sample. The present study examines the prevalence, impact, and differential experience of cyber bullying among a large and diverse sample of middle and high school students (N = 2,186) from a large urban center. The survey examined technology use, cyber bullying behaviors, and the psychosocial impact of bullying and being bullied. About half (49.5%) of students indicated they had been bullied online and 33.7% indicated they had bullied others online. Most bullying was perpetrated by and to friends and participants generally did not tell anyone about the bullying. Participants reported feeling angry, sad, and depressed after being bullied online. Participants bullied others online because it made them feel as though they were funny, popular, and powerful, although many indicated feeling guilty afterward. Greater attention is required to understand and reduce cyber bullying within children's social worlds and with the support of educators and parents.

  4. Cyber Vulnerabilities Within Critical Infrastructure: The Flaws of Industrial Control Systems in the Oil and Gas Industry

    Science.gov (United States)

    Alpi, Danielle Marie

    The 16 sectors of critical infrastructure in the US are susceptible to cyber-attacks. Potential attacks come from internal and external threats. These attacks target the industrial control systems (ICS) of companies within critical infrastructure. Weakness in the energy sector's ICS, specifically the oil and gas industry, can result in economic and ecological disaster. The purpose of this study was to establish means for oil companies to identify and stop cyber-attacks specifically APT threats. This research reviewed current cyber vulnerabilities and ways in which a cyber-attack may be deterred. This research found that there are insecure devices within ICS that are not regularly updated. Therefore, security issues have amassed. Safety procedures and training thereof are often neglected. Jurisdiction is unclear in regard to critical infrastructure. The recommendations this research offers are further examination of information sharing methods, development of analytic platforms, and better methods for the implementation of defense-in-depth security measures.

  5. Legal Issues in Cyber Targeting

    DEFF Research Database (Denmark)

    Juhlin, Jonas Alastair

    Imagine this scenario: Two states are in armed conflict with each other. In order to gain an advantage, one side launches a cyber-attack against the opponent’s computer network. The malicious malware paralyze the military computer network, as intended, but the malware spreads into the civilian...... system with physical damage to follow. This can happen and the natural question arises: What must be considered lawful targeting according to the international humanitarian law in cyber warfare? What steps must an attacker take to minimize the damage done to unlawful targets when conducting an offensive...... operation? How can the attacker separate military targets from civilian targets in cyber space? This paper addresses these questions and argues that a network (civilian or military) consist of several software components and that it is the individual components that is the target. If the components are used...

  6. Protecting ICS Systems Within the Energy Sector from Cyber Attacks

    Science.gov (United States)

    Barnes, Shaquille

    Advance persistent threat (APT) groups are continuing to attack the energy sector through cyberspace, which poses a risk to our society, national security, and economy. Industrial control systems (ICSs) are not designed to handle cyber-attacks, which is why asset owners need to implement the correct proactive and reactive measures to mitigate the risk to their ICS environments. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) responded to 290 incidents for fiscal year 2016, where 59 of those incidents came from the Energy Sector. APT groups know how vulnerable energy sector ICS systems are and the destruction they can cause when they go offline such as loss of production, loss of life, and economic impact. Defending against APT groups requires more than just passive controls such as firewalls and antivirus solutions. Asset owners should implement a combination of best practices and active defense in their environment to defend against APT groups. Cyber-attacks against critical infrastructure will become more complex and harder to detect and respond to with traditional security controls. The purpose of this paper was to provide asset owners with the correct security controls and methodologies to help defend against APT groups.

  7. Cyber threats within civil aviation

    Science.gov (United States)

    Heitner, Kerri A.

    Existing security policies in civil aviation do not adequately protect against evolving cyber threats. Cybersecurity has been recognized as a top priority among some aviation industry leaders. Heightened concerns regarding cyber threats and vulnerabilities surround components utilized in compliance with the Federal Aviation Administration's (FAA) Next Generation Air Transportation (NextGen) implementation. Automated Dependent Surveillance-B (ADS-B) and Electronic Flight Bags (EFB) have both been exploited through the research of experienced computer security professionals. Civil aviation is essential to international infrastructure and if its critical assets were compromised, it could pose a great risk to public safety and financial infrastructure. The purpose of this research was to raise awareness of aircraft system vulnerabilities in order to provoke change among current national and international cybersecurity policies, procedures and standards. Although the education of cyber threats is increasing in the aviation industry, there is not enough urgency when creating cybersecurity policies. This project intended to answer the following questions: What are the cyber threats to ADS-B of an aircraft in-flight? What are the cyber threats to EFB? What is the aviation industry's response to the issue of cybersecurity and in-flight safety? ADS-B remains unencrypted while the FAA's mandate to implement this system is rapidly approaching. The cyber threat of both portable and non-portable EFB's have received increased publicity, however, airlines are not responding quick enough (if at all) to create policies for the use of these devices. Collectively, the aviation industry is not being proactive enough to protect its aircraft or airport network systems. That is not to say there are not leaders in cybersecurity advancement. These proactive organizations must set the standard for the future to better protect society and it's most reliable form of transportation.

  8. Some of Indonesian Cyber Law Problems

    Science.gov (United States)

    Machmuddin, D. D.; Pratama, B.

    2017-01-01

    Cyber regulation is very important to control human interaction within the Internet network in cyber space. On the surface, innovation development in science and technology facilitates human activity. But on the inside, innovation was controlled by new business model. In cyber business activities mingle with individual protection. By this condition, the law should keep the balance of the activities. Cyber law problems, were not particular country concern, but its global concern. This is a good opportunity for developing country to catch up with developed country. Beside this opportunity for talented people in law and technology is become necessity. This paper tries to describe cyber law in Indonesia. As a product of a developing country there are some of weakness that can be explained. Terminology and territory of cyber space is become interesting to discuss, because this two problems can give a broad view on cyber law in Indonesia.

  9. The Cyber-Physical Attacker

    DEFF Research Database (Denmark)

    Vigo, Roberto

    2012-01-01

    The world of Cyber-Physical Systems ranges from industrial to national interest applications. Even though these systems are pervading our everyday life, we are still far from fully understanding their security properties. Devising a suitable attacker model is a crucial element when studying...... the security properties of CPSs, as a system cannot be secured without defining the threats it is subject to. In this work an attacker scenario is presented which addresses the peculiarities of a cyber-physical adversary, and we discuss how this scenario relates to other attacker models popular in the security...

  10. Assessment And Testing of Industrial Devices Robustness Against Cyber Security Attacks

    CERN Document Server

    Tilaro, F

    2011-01-01

    CERN (European Organization for Nuclear Research),like any organization, needs to achieve the conflicting objectives of connecting its operational network to Internet while at the same time keeping its industrial control systems secure from external and internal cyber attacks. With this in mind, the ISA-99[0F1] international cyber security standard has been adopted at CERN as a reference model to define a set of guidelines and security robustness criteria applicable to any network device. Devices robustness represents a key link in the defense-in-depth concept as some attacks will inevitably penetrate security boundaries and thus require further protection measures. When assessing the cyber security robustness of devices we have singled out control system-relevant attack patterns derived from the well-known CAPEC[1F2] classification. Once a vulnerability is identified, it needs to be documented, prioritized and reproduced at will in a dedicated test environment for debugging purposes. CERN - in collaboration ...

  11. On effectiveness of network sensor-based defense framework

    Science.gov (United States)

    Zhang, Difan; Zhang, Hanlin; Ge, Linqiang; Yu, Wei; Lu, Chao; Chen, Genshe; Pham, Khanh

    2012-06-01

    Cyber attacks are increasing in frequency, impact, and complexity, which demonstrate extensive network vulnerabilities with the potential for serious damage. Defending against cyber attacks calls for the distributed collaborative monitoring, detection, and mitigation. To this end, we develop a network sensor-based defense framework, with the aim of handling network security awareness, mitigation, and prediction. We implement the prototypical system and show its effectiveness on detecting known attacks, such as port-scanning and distributed denial-of-service (DDoS). Based on this framework, we also implement the statistical-based detection and sequential testing-based detection techniques and compare their respective detection performance. The future implementation of defensive algorithms can be provisioned in our proposed framework for combating cyber attacks.

  12. INDUSTRIAL CONTROL SYSTEM CYBER SECURITY: QUESTIONS AND ANSWERS RELEVANT TO NUCLEAR FACILITIES, SAFEGUARDS AND SECURITY

    Energy Technology Data Exchange (ETDEWEB)

    Robert S. Anderson; Mark Schanfein; Trond Bjornard; Paul Moskowitz

    2011-07-01

    Typical questions surrounding industrial control system (ICS) cyber security always lead back to: What could a cyber attack do to my system(s) and; how much should I worry about it? These two leading questions represent only a fraction of questions asked when discussing cyber security as it applies to any program, company, business, or organization. The intent of this paper is to open a dialog of important pertinent questions and answers that managers of nuclear facilities engaged in nuclear facility security and safeguards should examine, i.e., what questions should be asked; and how do the answers affect an organization's ability to effectively safeguard and secure nuclear material. When a cyber intrusion is reported, what does that mean? Can an intrusion be detected or go un-noticed? Are nuclear security or safeguards systems potentially vulnerable? What about the digital systems employed in process monitoring, and international safeguards? Organizations expend considerable efforts to ensure that their facilities can maintain continuity of operations against physical threats. However, cyber threats particularly on ICSs may not be well known or understood, and often do not receive adequate attention. With the disclosure of the Stuxnet virus that has recently attacked nuclear infrastructure, many organizations have recognized the need for an urgent interest in cyber attacks and defenses against them. Several questions arise including discussions about the insider threat, adequate cyber protections, program readiness, encryption, and many more. These questions, among others, are discussed so as to raise the awareness and shed light on ways to protect nuclear facilities and materials against such attacks.

  13. Industrial Control System Cyber Security: Questions And Answers Relevant To Nuclear Facilities, Safeguards And Security

    International Nuclear Information System (INIS)

    Anderson, Robert S.; Schanfein, Mark; Bjornard, Trond; Moskowitz, Paul

    2011-01-01

    Typical questions surrounding industrial control system (ICS) cyber security always lead back to: What could a cyber attack do to my system(s) and; how much should I worry about it? These two leading questions represent only a fraction of questions asked when discussing cyber security as it applies to any program, company, business, or organization. The intent of this paper is to open a dialog of important pertinent questions and answers that managers of nuclear facilities engaged in nuclear facility security and safeguards should examine, i.e., what questions should be asked; and how do the answers affect an organization's ability to effectively safeguard and secure nuclear material. When a cyber intrusion is reported, what does that mean? Can an intrusion be detected or go un-noticed? Are nuclear security or safeguards systems potentially vulnerable? What about the digital systems employed in process monitoring, and international safeguards? Organizations expend considerable efforts to ensure that their facilities can maintain continuity of operations against physical threats. However, cyber threats particularly on ICSs may not be well known or understood, and often do not receive adequate attention. With the disclosure of the Stuxnet virus that has recently attacked nuclear infrastructure, many organizations have recognized the need for an urgent interest in cyber attacks and defenses against them. Several questions arise including discussions about the insider threat, adequate cyber protections, program readiness, encryption, and many more. These questions, among others, are discussed so as to raise the awareness and shed light on ways to protect nuclear facilities and materials against such attacks.

  14. Execution Plans for Cyber Foraging

    DEFF Research Database (Denmark)

    Kristensen, Mads Darø

    2008-01-01

    Cyber foraging helps small devices perform heavy tasks by opportunistically discovering and utilising available resources (such as computation, storage, bandwidth, etc.) held by larger, nearby peers. This offloading is done in an ad-hoc manner, as larger machines will not always be within reach...

  15. Factors Affecting Teenager Cyber Delinquency

    Science.gov (United States)

    Joo, Young Ju; Lim, Kyu Yon; Cho, Sun Yoo; Jung, Bo Kyung; Choi, Se Bin

    2013-01-01

    The study aims to investigate structural relationships among teenagers' peer attachment, self-control, academic stress, internet usage time, and cyber delinquency. The data source was the Korea Youth Panel Survey, and the responses from 920 teenagers in the 12th grade provided the study data. Structural equation modeling was used for the analysis.…

  16. Execution Plans for Cyber Foraging

    DEFF Research Database (Denmark)

    Kristensen, Mads Darø

    2008-01-01

    Cyber foraging helps small devices perform heavy tasks by opportunistically discovering and utilising available resources (such as computation, storage, bandwidth, etc.) held by larger, nearby peers. This offloading is done in an ad-hoc manner, as larger machines will not always be within reach. ...

  17. European Cyber Security Perspectives 2015

    NARCIS (Netherlands)

    Baloo, J.; Geveke, H.G.; Paulissen, W.; Vries, H. de

    2015-01-01

    Following the success of last year’s publication, we are proud to present the second edition of our European Cyber Security Perspectives report. Through this collection of articles, we aim to share our different perspectives and insights, the latest developments and achievements in the field of

  18. Assessment of current cybersecurity practices in the public domain : cyber indications and warnings domain.

    Energy Technology Data Exchange (ETDEWEB)

    Hamlet, Jason R.; Keliiaa, Curtis M.

    2010-09-01

    This report assesses current public domain cyber security practices with respect to cyber indications and warnings. It describes cybersecurity industry and government activities, including cybersecurity tools, methods, practices, and international and government-wide initiatives known to be impacting current practice. Of particular note are the U.S. Government's Trusted Internet Connection (TIC) and 'Einstein' programs, which are serving to consolidate the Government's internet access points and to provide some capability to monitor and mitigate cyber attacks. Next, this report catalogs activities undertaken by various industry and government entities. In addition, it assesses the benchmarks of HPC capability and other HPC attributes that may lend themselves to assist in the solution of this problem. This report draws few conclusions, as it is intended to assess current practice in preparation for future work, however, no explicit references to HPC usage for the purpose of analyzing cyber infrastructure in near-real-time were found in the current practice. This report and a related SAND2010-4766 National Cyber Defense High Performance Computing and Analysis: Concepts, Planning and Roadmap report are intended to provoke discussion throughout a broad audience about developing a cohesive HPC centric solution to wide-area cybersecurity problems.

  19. The Role of Malware in Reported Cyber Espionage: A Review of the Impact and Mechanism

    Directory of Open Access Journals (Sweden)

    Gaute Wangen

    2015-05-01

    Full Text Available The recent emergence of the targeted use of malware in cyber espionage versus industry requires a systematic review for better understanding of its impact and mechanism. This paper proposes a basic taxonomy to document major cyber espionage incidents, describing and comparing their impacts (geographic or political targets, origins and motivations and their mechanisms (dropper, propagation, types of operating systems and infection rates. This taxonomy provides information on recent cyber espionage attacks that can aid in defense against cyber espionage by providing both scholars and experts a solid foundation of knowledge about the topic. The classification also provides a systematic way to document known and future attacks to facilitate research activities. Geopolitical and international relations researchers can focus on the impacts, and malware and security experts can focus on the mechanisms. We identify several dominant patterns (e.g., the prevalent use of remote access Trojan and social engineering. This article concludes that the research and professional community should collaborate to build an open data set to facilitate the geopolitical and/or technical analysis and synthesis of the role of malware in cyber espionage.

  20. Cyber bullying: Child and youth spirituality

    Directory of Open Access Journals (Sweden)

    Anastasia Apostolides

    2017-10-01

    Full Text Available Digital culture is part of children’s and adolescents’ everyday lives. Digital culture has both positive and negative consequences. One such negative consequence is cyber violence that has been termed cyber bullying. Cyber bullying can cause serious emotional, behavioural and academic problems for both the victim and the bully. Although there is ongoing research on the effects of cyber bullying on children and youth in South Africa, no research has been carried out on how children’s and youth’s spirituality may be affected when they are cyber bullied. This article discusses the accumulative results from different South African institutes that have researched the cyber bullying effects on children and adolescents. These results point to the spiritual effects that children and youth may experience as a result of cyber bullying. This article proposes that spirituality may prevent cyber bullying and even help children and youth heal from the trauma caused by cyber bullying. This article contributes in starting a conversation that may result in more specific research being done on how the spiritual lives of children and adolescents may be affected through the trauma caused by cyber bullying.

  1. Nuclear Cyber Security Issues and Policy Recommendations

    International Nuclear Information System (INIS)

    Lee, Cheol-Kwon; Lee, Dong-Young; Lee, Na-Young; Hwang, Young-Soo

    2015-01-01

    The cyber-attack against computer systems causes the loss of function which brings about the big economic loss, and it becomes a national-wide issue. In recent days the cyber threat has occurred in the national critical infrastructure around the world. In the nuclear industry, while discussing responses to various threats against nuclear facilities since 2006, cyber-terrorism was also discussed. But at that time, cyber-attacks against control networks in nuclear facilities were not seriously considered because those networks were isolated from the Internet thoroughly and it was evaluated that cyber penetration would not be possible. However Stuxnet worm virus which attacked Iran's nuclear facilities confirmed that the cyber security problem could occur even in other nuclear facilities. The facilities were isolated from the Internet. After the cyber incident, we began to discuss the topic of NPP cyber security. It is very difficult to predict whether or when or how the cyber-attack will be occurred, which is a characteristic of cyber-attack. They could be always detected only after when an incident had occurred. This paper summarizes the report, 'Nuclear Cyber Security Issues and Policy Recommendations' by issue committee in the Korea Nuclear Society, which reviewed the cyber security framework for nuclear facilities in the Republic of Korea being established to prevent nuclear facilities from cyber-attacks and to respond systematically. As a result this paper proposes several comments to improve the security and furthermore safety of nuclear facilities Digital technology will be used more widely at the national critical infrastructure including nuclear facilities in the future, and moreover wireless technologies and mobile devices will be soon introduced to nuclear industry. It is therefore anticipated that the rapid advance in digital technology will accelerate the opportunity of hacking these facilities

  2. Nuclear Cyber Security Issues and Policy Recommendations

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Cheol-Kwon; Lee, Dong-Young [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of); Lee, Na-Young; Hwang, Young-Soo [Korea Institute of Nuclear Nonproliferation and Control, Daejeon (Korea, Republic of)

    2015-10-15

    The cyber-attack against computer systems causes the loss of function which brings about the big economic loss, and it becomes a national-wide issue. In recent days the cyber threat has occurred in the national critical infrastructure around the world. In the nuclear industry, while discussing responses to various threats against nuclear facilities since 2006, cyber-terrorism was also discussed. But at that time, cyber-attacks against control networks in nuclear facilities were not seriously considered because those networks were isolated from the Internet thoroughly and it was evaluated that cyber penetration would not be possible. However Stuxnet worm virus which attacked Iran's nuclear facilities confirmed that the cyber security problem could occur even in other nuclear facilities. The facilities were isolated from the Internet. After the cyber incident, we began to discuss the topic of NPP cyber security. It is very difficult to predict whether or when or how the cyber-attack will be occurred, which is a characteristic of cyber-attack. They could be always detected only after when an incident had occurred. This paper summarizes the report, 'Nuclear Cyber Security Issues and Policy Recommendations' by issue committee in the Korea Nuclear Society, which reviewed the cyber security framework for nuclear facilities in the Republic of Korea being established to prevent nuclear facilities from cyber-attacks and to respond systematically. As a result this paper proposes several comments to improve the security and furthermore safety of nuclear facilities Digital technology will be used more widely at the national critical infrastructure including nuclear facilities in the future, and moreover wireless technologies and mobile devices will be soon introduced to nuclear industry. It is therefore anticipated that the rapid advance in digital technology will accelerate the opportunity of hacking these facilities.

  3. Malware and Disease: Lessons from Cyber Intelligence for Public Health Surveillance.

    Science.gov (United States)

    Smith, Frank L

    2016-01-01

    Malicious software and infectious diseases are similar is several respects, as are the functional requirements for surveillance and intelligence to defend against these threats. Given these similarities, this article compares and contrasts the actors, relationships, and norms at work in cyber intelligence and disease surveillance. Historical analysis reveals that civilian cyber defense is more decentralized, private, and voluntary than public health in the United States. Most of these differences are due to political choices rather than technical necessities. In particular, political resistance to government institutions has shaped cyber intelligence over the past 30 years, which is a troubling sign for attempts to improve disease surveillance through local, state, and federal health departments. Information sharing about malware is also limited, despite information technology being integral to cyberspace. Such limits suggest that automation through electronic health records will not automatically improve public health surveillance. Still, certain aspects of information sharing and analysis for cyber defense are worth emulating or, at the very least, learning from to help detect and manage health threats.

  4. The impact of security and intelligence policy in the era of cyber crimes

    Directory of Open Access Journals (Sweden)

    MSc. Bahri Gashi

    2016-07-01

    Full Text Available Creation of National Cyber Defense Strategy, is the only security and the best protection against cyber-crimes. This is the starting point, from where adequate policies and necessary legal measures begin, aiming the creation of a solid ground and responsible users by implementing comprehensive measures and legal restrictions. The methodology used to achieve the recognition of users with applicable legislation and regulations on the use of the Internet, as well as legal obligations; implementation of procedures to use communication systems; signing and approval by users of their responsibilities; knowledge and information on the risks and threats stemming from the use of communication networks; certification of trained and specialized staff; classification and processing of information in a particular system; identifying unauthorized users who use classified information networks in  public systems and private sector; creating barriers in distance entry networks and information systems, etc. Various Security and Intelligence institutions covering and operating in these areas are responsible for the creation and promotion of National Cyber Defense Strategy, analyzing the risk to implement protective measures for preventing attacks on Cybercrime (Cyber Crimes.

  5. Transforming Defense

    National Research Council Canada - National Science Library

    Lamb, Christopher J; Bunn, M. E; Lutes, Charles; Cavoli, Christopher

    2005-01-01

    .... Despite the resources and attention consumed by the war on terror, and recent decisions by the White House to curtail the growth of defense spending, the senior leadership of the Department of Defense (DoD...

  6. Cyber Conflicts as a New Global Threat

    Directory of Open Access Journals (Sweden)

    Alexander Kosenkov

    2016-09-01

    Full Text Available In this paper, an attempt is made to analyze the potential threats and consequences of cyber conflicts and, in particular, the risks of a global cyber conflict. The material is based on a comprehensive analysis of the nature of cyber conflict and its elements from both technical and societal points of view. The approach used in the paper considers the societal component as an essential part of cyber conflicts, allowing basics of cyber conflicts often disregarded by researchers and the public to be highlighted. Finally, the conclusion offers an opportunity to consider cyber conflict as the most advanced form of modern warfare, which imposes the most serious threat and whose effect could be comparable to weapons of mass destruction.

  7. Cyber security for nuclear power plants

    International Nuclear Information System (INIS)

    Verma, Ruchi; Razdan, Mayuri; Munshi, Prabhat

    2005-01-01

    Cyber Security, cyber terrorism and cyber crime are the buzzwords in security related aspects of information technology. These terms are related to computers and networks that are critical for normal functionality and operations of nuclear power plants. At one end, this inter connected era is giving us the ease to perform various critical operation with a click of command, but on the other end it is giving rise to the new world of terrorism. In today's internet connected world, terrorism has left all the boundaries back and taken the new form, term it cyber terrorism or cyber crime. This paper aims to spread the awareness about cyber terrorism and how it can affect the overall security of nuclear power plants and establishments. (author)

  8. Using agility to combat cyber attacks.

    Science.gov (United States)

    Anderson, Kerry

    2017-06-01

    Some incident response practitioners feel that they have been locked in a battle with cyber criminals since the popular adoption of the internet. Initially, organisations made great inroads in preventing and containing cyber attacks. In the last few years, however, cyber criminals have become adept at eluding defence security technologies and rapidly modifying their exploit strategies for financial or political gains. Similar to changes in military combat tactics, cyber criminals utilise distributed attack cells, real-time communications, and rapidly mutating exploits to minimise the potential for detection. Cyber criminals have changed their attack paradigm. This paper describes a new incident response paradigm aimed at combating the new model of cyber attacks with an emphasis on agility to increase the organisation's ability to respond rapidly to these new challenges.

  9. Cyber security issues in online games

    Science.gov (United States)

    Zhao, Chen

    2018-04-01

    With the rapid development of the Internet, online gaming has become a way of entertainment for many young people in the modern era. However, in recent years, cyber security issues in online games have emerged in an endless stream, which have also caused great attention of many game operators. Common cyber security problems in the game include information disclosure and cyber-attacks. These problems will directly or indirectly cause economic losses to gamers. Many gaming companies are enhancing the stability and security of their network or gaming systems in order to enhance the gaming user experience. This article has carried out the research of the cyber security issues in online games by introducing the background and some common cyber security threats, and by proposing the latent solution. Finally, it speculates the future research direction of the cyber security issues of online games in the hope of providing feasible solution and useful information for game operators.

  10. "Making Kind Cool": Parents' Suggestions for Preventing Cyber Bullying and Fostering Cyber Kindness

    Science.gov (United States)

    Cassidy, Wanda; Brown, Karen; Jackson, Margaret

    2012-01-01

    Cyber bullying among youth is rapidly becoming a global phenomenon, as educators, parents and policymakers grapple with trying to curtail this negative and sometimes devastating behavior. Since most cyber bullying emanates from the home computer, parents can play an important role in preventing cyber bullying and in fostering a kinder online…

  11. Optimizing CyberShake Seismic Hazard Workflows for Large HPC Resources

    Science.gov (United States)

    Callaghan, S.; Maechling, P. J.; Juve, G.; Vahi, K.; Deelman, E.; Jordan, T. H.

    2014-12-01

    The CyberShake computational platform is a well-integrated collection of scientific software and middleware that calculates 3D simulation-based probabilistic seismic hazard curves and hazard maps for the Los Angeles region. Currently each CyberShake model comprises about 235 million synthetic seismograms from about 415,000 rupture variations computed at 286 sites. CyberShake integrates large-scale parallel and high-throughput serial seismological research codes into a processing framework in which early stages produce files used as inputs by later stages. Scientific workflow tools are used to manage the jobs, data, and metadata. The Southern California Earthquake Center (SCEC) developed the CyberShake platform using USC High Performance Computing and Communications systems and open-science NSF resources.CyberShake calculations were migrated to the NSF Track 1 system NCSA Blue Waters when it became operational in 2013, via an interdisciplinary team approach including domain scientists, computer scientists, and middleware developers. Due to the excellent performance of Blue Waters and CyberShake software optimizations, we reduced the makespan (a measure of wallclock time-to-solution) of a CyberShake study from 1467 to 342 hours. We will describe the technical enhancements behind this improvement, including judicious introduction of new GPU software, improved scientific software components, increased workflow-based automation, and Blue Waters-specific workflow optimizations.Our CyberShake performance improvements highlight the benefits of scientific workflow tools. The CyberShake workflow software stack includes the Pegasus Workflow Management System (Pegasus-WMS, which includes Condor DAGMan), HTCondor, and Globus GRAM, with Pegasus-mpi-cluster managing the high-throughput tasks on the HPC resources. The workflow tools handle data management, automatically transferring about 13 TB back to SCEC storage.We will present performance metrics from the most recent Cyber

  12. The psychological effects of cyber terrorism

    OpenAIRE

    Gross, Michael L.; Canetti, Daphna; Vashdi, Dana R.

    2016-01-01

    When ordinary citizens think of cyber threats, most are probably worried about their passwords and banking details, not a terrorist attack. The thought of a shooting in a mall or a bombing at an airport is probably more frightening than a cyber breach. Yet terrorists aim for mental as well as physical destruction, and our research has found that, depending on who the attackers and the victims are, the psychological effects of cyber threats can rival those of traditional terrorism.

  13. The psychological effects of cyber terrorism

    Science.gov (United States)

    Gross, Michael L.; Canetti, Daphna; Vashdi, Dana R.

    2016-01-01

    When ordinary citizens think of cyber threats, most are probably worried about their passwords and banking details, not a terrorist attack. The thought of a shooting in a mall or a bombing at an airport is probably more frightening than a cyber breach. Yet terrorists aim for mental as well as physical destruction, and our research has found that, depending on who the attackers and the victims are, the psychological effects of cyber threats can rival those of traditional terrorism. PMID:28366962

  14. Internet Governance amp Cyber Crimes In UAE

    OpenAIRE

    Ayesha Al Neyadi; Alia Al Kaabi; Laila Al Kaabi; Mariam Al Ghufli; Maitha Al Shamsi; Dr. Muhammad Khan

    2015-01-01

    Abstract Most people in UAE dont feel safe while they are use the Internet because most internet users have been a victim for cyber crime. Cyber crime threat rate has increased which has targeted on citizen privacy property and governments also the reputation problems. There are many criminal activities such as indecent acts Copyright issues Terrorist Acts State security and Contempt of religion. Cyber crimes due to several reasons such as they have lack of social intelligence they are being ...

  15. Finding Malicious Cyber Discussions in Social Media

    Science.gov (United States)

    2016-02-02

    reverse engineering, security, malware , blackhat) were labeled as cyber and posts on non- cyber topics (e.g., astronomy, electronics, beer, biology, mu...firewall, hash, infect, inject, install, key, malicious, malware , network, obfuscate, overflow, packet, password, payload, request, risk, scan, script...cyber vulnerabilities (e.g., malware , overflow, attack). The keyword system lacked the keywords used in Heartbleed discussions, and thus suffered from

  16. A Survey of Cyber Crime in Greece

    Directory of Open Access Journals (Sweden)

    A. Papanikolaou

    2014-11-01

    Full Text Available During the past years, the Internet has evolved into the so-called “Web 2.0”. Nevertheless, the wide use of the offered Internet services has rendered individual users a potential target to cyber criminals. The paper presents a review and analysis of various cyber crimes, based on the cases that were reported to the Cyber Crime and Computer Crime Unit of the Greek Police Force and compares them to similar data of other EU countries.

  17. Cyber-Warfare: Jus Post Bellum

    Science.gov (United States)

    2015-03-01

    average data breach continues to increase, according to a report from Ponemon Institute (2014); there was a 201 dollars associated cost per...How much does cyber/ data breach insurance cost? Data Breach Insurance. Retrieved from http://databreachinsurancequote.com/cyber- insurance/cyber...insurance- data - breach -insurance-premiums/ Maxwell, D. (2013, Apr 11). What to make of North Korea. The Diplomat. Retrieved from http://thediplomat.com

  18. The psychological effects of cyber terrorism.

    Science.gov (United States)

    Gross, Michael L; Canetti, Daphna; Vashdi, Dana R

    2016-01-01

    When ordinary citizens think of cyber threats, most are probably worried about their passwords and banking details, not a terrorist attack. The thought of a shooting in a mall or a bombing at an airport is probably more frightening than a cyber breach. Yet terrorists aim for mental as well as physical destruction, and our research has found that, depending on who the attackers and the victims are, the psychological effects of cyber threats can rival those of traditional terrorism.

  19. Evaluation of cyber legislations: trading in the global cyber village

    OpenAIRE

    Jahankhani, Hamid

    2007-01-01

    The menace of organised crime and terrorist activity grows ever more sophisticated as the ability to enter, control and destroy our electronic and security systems grows at an equivalent rate. Cyber-crime (organised criminal acts using microchip and software manipulation) is the world's biggest growth industry and is now costing an estimated $220 billion loss to organisations and individuals, every year. There are serious threats to nations, governments, corporations and the most vulnerable g...

  20. Department of Defense PERSEREC (DOD PERSEREC)

    Data.gov (United States)

    Social Security Administration — The purpose of this agreement is for SSA to verify SSN information for Defense Manpower Data Center (DMDC) of the Department of Defense. DMDC will use the SSA data...

  1. Information Warfare in the Cyber Domain

    National Research Council Canada - National Science Library

    Takemoto, Glenn

    2001-01-01

    ...). This paper lays a foundation by defining the terminology associated with Information Warfare in the Cyber Domain, reviews the threat and illustrates the vulnerabilities of our information systems...

  2. Dampak Media Sosial dalam Cyber Bullying

    OpenAIRE

    Hidajat, Monica; Adam, Angry Ronald; Danaparamita, Muhammad; Suhendrik, Suhendrik

    2015-01-01

    The purpose of this research is to review two journals about social media effect for cyberbullying. First Journal is written by Eddie Fisher with the title From Cyber Bullying to Cyber Coping: The Misuse of Mobile Technology and Social Media and Their Effects on People’s Lives and the second journal is written by ReginaldH. Gonzales with the title Social Media as a Channel and its Implications on Cyber Bullying. First Journal focus on condition and cyber bullying state by interview respondent...

  3. A Strategic Analysis of Information Sharing Among Cyber Attackers

    Directory of Open Access Journals (Sweden)

    Kjell Hausken

    2015-10-01

    Full Text Available We build a game theory model where the market design is such that one firm invests in security to defend against cyber attacks by two hackers. The firm has an asset, which is allocated between the three market participants dependent on their contest success. Each hacker chooses an optimal attack, and they share information with each other about the firm’s vulnerabilities. Each hacker prefers to receive information, but delivering information gives competitive advantage to the other hacker. We find that each hacker’s attack and information sharing are strategic complements while one hacker’s attack and the other hacker’s information sharing are strategic substitutes. As the firm’s unit defense cost increases, the attack is inverse U-shaped and reaches zero, while the firm’s defense and profit decrease, and the hackers’ information sharing and profit increase. The firm’s profit increases in the hackers’ unit cost of attack, while the hackers’ information sharing and profit decrease. Our analysis also reveals the interesting result that the cumulative attack level of the hackers is not affected by the effectiveness of information sharing between them and moreover, is also unaffected by the intensity of joint information sharing. We also find that as the effectiveness of information sharing between hackers increases relative to the investment in attack, the firm’s investment in cyber security defense and profit are constant, the hackers’ investments in attacks decrease, and information sharing levels and hacker profits increase. In contrast, as the intensity of joint information sharing increases, while the firm’s investment in cyber security defense and profit remain constant, the hackers’ investments in attacks increase, and the hackers’ information sharing levels and profits decrease. Increasing the firm’s asset causes all the variables to increase linearly, except information sharing which is constant. We extend

  4. Making Strategic Sense of Cyber Power: Why the Sky is Not Falling

    Science.gov (United States)

    2013-04-01

    RMA of the 1920s and 1930s recorded reaction to the new science and technology of the time that is reminiscent of the cyber alarmism that has flour ...for choice regarding the extent of networking. Naturally, a price is paid in convenience for some closing off of possible cyberspace(s), but all...important defense decisions involve choice, so what is novel about that? There is nothing new about accept- ing some limitations on utility as a price

  5. Cyber-Defense Return on Investment for NAVFAC Energy Technologies

    Science.gov (United States)

    2017-12-01

    restaurants to eat lunch due to proximity, even though you are willing to drive further if there were a better option. In the future, you will tend to decide...lunch options between only those three restaurant menus. Keeney addresses this issue by having the stakeholder identify the values, or “what they...values led you to find four more restaurants in reasonable proximity that meet these preferred nutritional values. You would then have better, but

  6. A Recommender System in the Cyber Defense Domain

    Science.gov (United States)

    2014-03-27

    monitoring software is a java based program sending updates to the database on the sensor machine. The host monitoring program gathers information about...3.2.2 Database. A MySQL database located on the sensor machine acts as the storage for the sensors on the network. Snort, Nmap, vulnerability scores, and...machine with the IDS and the recommender is labeled “sensor”. The recommender system code is written in java and compiled using java version 1.6.024

  7. Protecting Networks Via Automated Defense of Cyber Systems

    Science.gov (United States)

    2016-09-01

    gray-hats/. 61 Hu, Youfan, Yan Zhang, Chen Xu, Long Lin, Robert L. Snyder, and Zhong Lin Wang. “Self-Powered System with Wireless Data Transmission ...wires will almost completely cease to exist, replaced by mobile nanodevices, which are tiny computers measured in nanometers with integrated wireless ... energy companies, was hypothesized to cost $10,000. Raiu went on to opine, “The cost of entry for [advanced persistent threats] is decreasing …. We’re

  8. Moving Target Techniques: Leveraging Uncertainty for Cyber Defense

    Science.gov (United States)

    2015-12-15

    program’s source code and is not possible with proprietary, third - party software for which source code is not made available. Furthermore, ensuring...implemented in most modern operating systems including Linux, Windows, Mac OSX, Android , and iOS. By randomizing the addresses, ASLR makes exploit...applications, and software versions that are running on the target machine to develop an attack against it. During the third phase, the attacker

  9. A Framework for Event Prioritization in Cyber Network Defense

    Science.gov (United States)

    2014-07-15

    to use it by replacing the commands with divisions (e.g., human resources, payroll , R&D) within its organization, and having a table that translates...Attribute Decision Making: An Introduction (Quantitative Applications in the Social Sciences), SAGE Publications, Inc, 1995. [21] G.-H. Tzeng and...and be considered more critical than others, such as a host machine in the human resources department that contains payroll information. We map the

  10. A Study of Gaps in Cyber Defense Automation

    Science.gov (United States)

    2016-10-13

    automated solution requires ongoing monitoring of the network’s systems and services against a continuously changing landscape of security patches and...a web server to get it to participate in search-engine poisoning or redirection campaigns that may promote questionable services (e.g., counterfeits...the use of sensors, e.g., domain name service (DNS) blacklists. A centralized server then relays a secure message to the mobile device. Software on

  11. The Cyber Defense Review. Volume 1, Number 1, Spring 2016

    Science.gov (United States)

    2016-04-20

    Declaration of the Independence of Cyberspace.” Humanist - Buffalo 56 (3):18-9. Barrett, Louise, S Peter Henzi, and David Lusseau. 2012. “Taking sociality...market for which Nortel was preparing its major and existential launch. In 2010, the CTO of the former Nortel was publicly listed as working for

  12. Graph anomalies in cyber communications

    Energy Technology Data Exchange (ETDEWEB)

    Vander Wiel, Scott A [Los Alamos National Laboratory; Storlie, Curtis B [Los Alamos National Laboratory; Sandine, Gary [Los Alamos National Laboratory; Hagberg, Aric A [Los Alamos National Laboratory; Fisk, Michael [Los Alamos National Laboratory

    2011-01-11

    Enterprises monitor cyber traffic for viruses, intruders and stolen information. Detection methods look for known signatures of malicious traffic or search for anomalies with respect to a nominal reference model. Traditional anomaly detection focuses on aggregate traffic at central nodes or on user-level monitoring. More recently, however, traffic is being viewed more holistically as a dynamic communication graph. Attention to the graph nature of the traffic has expanded the types of anomalies that are being sought. We give an overview of several cyber data streams collected at Los Alamos National Laboratory and discuss current work in modeling the graph dynamics of traffic over the network. We consider global properties and local properties within the communication graph. A method for monitoring relative entropy on multiple correlated properties is discussed in detail.

  13. Cyber-Enabled Scientific Discovery

    International Nuclear Information System (INIS)

    Chan, Tony; Jameson, Leland

    2007-01-01

    It is often said that numerical simulation is third in the group of three ways to explore modern science: theory, experiment and simulation. Carefully executed modern numerical simulations can, however, be considered at least as relevant as experiment and theory. In comparison to physical experimentation, with numerical simulation one has the numerically simulated values of every field variable at every grid point in space and time. In comparison to theory, with numerical simulation one can explore sets of very complex non-linear equations such as the Einstein equations that are very difficult to investigate theoretically. Cyber-enabled scientific discovery is not just about numerical simulation but about every possible issue related to scientific discovery by utilizing cyberinfrastructure such as the analysis and storage of large data sets, the creation of tools that can be used by broad classes of researchers and, above all, the education and training of a cyber-literate workforce

  14. Defense Technical Information Center Thesaurus

    Science.gov (United States)

    2000-10-01

    Functional analysis Drives UF Drive chains Drosophilidae Dressings UFC Constant speed drives UF Pomace flies RT First aid Electronic drives Vinegar flies...systems RT Endothermic reactions RT Electrons Manifolds(Engines) BT Chemical reactions+ BT Elementary particles+ NT Fermentation Exhaust nozzles...Barriers+ NT Electric fences Ferrocement Fertility Grilles BT Reinforced concrete+ BT Reproduction(Physiology)+ NT Birth+ Fermentation Ferrocenes Estrous

  15. Defense Technical Information Center thesaurus

    Energy Technology Data Exchange (ETDEWEB)

    Dickert, J.H. [ed.] [comp.

    1996-10-01

    This DTIC Thesaurus provides a basic multidisciplinary subject term vocabulary used by DTIC to index and retrieve scientific and technical information from its various data bases and to aid DTIC`s users in their information storage and retrieval operations. It includes an alphabetical posting term display, a hierarchy display, and a Keywork Out of Context (KWOC) display.

  16. Analyzing Cyber Security Threats on Cyber-Physical Systems Using Model-Based Systems Engineering

    Science.gov (United States)

    Kerzhner, Aleksandr; Pomerantz, Marc; Tan, Kymie; Campuzano, Brian; Dinkel, Kevin; Pecharich, Jeremy; Nguyen, Viet; Steele, Robert; Johnson, Bryan

    2015-01-01

    The spectre of cyber attacks on aerospace systems can no longer be ignored given that many of the components and vulnerabilities that have been successfully exploited by the adversary on other infrastructures are the same as those deployed and used within the aerospace environment. An important consideration with respect to the mission/safety critical infrastructure supporting space operations is that an appropriate defensive response to an attack invariably involves the need for high precision and accuracy, because an incorrect response can trigger unacceptable losses involving lives and/or significant financial damage. A highly precise defensive response, considering the typical complexity of aerospace environments, requires a detailed and well-founded understanding of the underlying system where the goal of the defensive response is to preserve critical mission objectives in the presence of adversarial activity. In this paper, a structured approach for modeling aerospace systems is described. The approach includes physical elements, network topology, software applications, system functions, and usage scenarios. We leverage Model-Based Systems Engineering methodology by utilizing the Object Management Group's Systems Modeling Language to represent the system being analyzed and also utilize model transformations to change relevant aspects of the model into specialized analyses. A novel visualization approach is utilized to visualize the entire model as a three-dimensional graph, allowing easier interaction with subject matter experts. The model provides a unifying structure for analyzing the impact of a particular attack or a particular type of attack. Two different example analysis types are demonstrated in this paper: a graph-based propagation analysis based on edge labels, and a graph-based propagation analysis based on node labels.

  17. Cyber Infrastructure Protection. Volume 2

    Science.gov (United States)

    2013-05-01

    danger of contamination across these systems has grown. Second, cyber attacks have become less eco- nomically or politically neutral than in previous... food for thought on how this norm has shaped our ongoing collective treatment of it going forward. Through the enactment of FOIA in 1966, the push to... Malaysia and other parts of Southeast Asia, where there are fewer legal risks for the buyers, sellers, and operators.35 THEORIZING THE STRUCTURAL

  18. Modeling Cyber Physical War Gaming

    Science.gov (United States)

    2017-08-07

    games share similar constructs. We also provide a game-theoretic approach to mathematically analyze attacker and defender strategies in cyber war...Military Practice of Course-of-Action Analysis 4 2. Game-Theoretic Method 7 2.1 Mathematical Model 7 2.2 Strategy Selection 10 2.2.1 Pure...officers, hundreds of combat and support vehicles, helicopters, sophisticated intelligence and communication equipment and specialists , artillery and

  19. Building An Adaptive Cyber Strategy

    Science.gov (United States)

    2016-06-01

    until other structures can be brought to bear .40 Policymakers have been deliberately unclear as to what threshold is necessary to authorize a military...partners AU/ACSC/SMITH, FI/AY16 to bring all available resources to bear against domestic cyber threats and their perpetrators.57 FBI led and...Apr 2016). 58 Mandiant, APT1. 59 Crowdstrike Global Intelligence Team, Crowdstrike Intelligence Report: Putter Panda . https://www.google.com/url?sa=t

  20. Cyber Vigilance: The Human Factor

    Science.gov (United States)

    2016-10-21

    2013): 502. 1~ Andy Field. Discovering Statistics Using SPSS (Sage Publications. 2009). l<· Thomas E. Nygren. ··Psychometric Properties of...based solely on computer network analysis." Though the algorithms and analytic techniques used in these systems vary considerably, most intrusion...IDS. cyber-defenders use a variety of tools, including hand-sorting, to discriminate attacks from false positives. T hi s effort involves search

  1. Geologic and hydrologic data for the municipal solid waste landfill facility, U.S. Army Air Defense Artillery Center and Fort Bliss, El Paso County, Texas

    Science.gov (United States)

    Abeyta, Cynthia G.; Frenzel, P.F.

    1999-01-01

    Geologic and hydrologic data for the Municipal Solid Waste Landfill Facility on the U.S. Army Air Defense Artillery Center and Fort Bliss in El Paso County, Texas, were collected by the U.S. Geological Survey in cooperation with the U.S. Department of the Army. The 106.03-acre landfill has been in operation since January 1974. The landfill contains household refuse, Post solid wastes, bulky items, grass and tree trimmings from family housing, refuse from litter cans, construction debris, classified waste (dry), dead animals, asbestos, and empty oil cans. The depth of the filled areas is about 30 feet and the cover, consisting of locally derived material, is 2 to 3 feet thick. Geologic and hydrologic data were collected at or adjacent to the landfill during (1) drilling of 10 30- to 31-foot boreholes that were completed with gas-monitoring probes, (2) drilling of a 59-foot borehole, (3) drilling of a 355-foot borehole that was completed as a ground-water monitoring well, and (4) in situ measurements made on the landfill cover. After completion, the gas- monitoring probes were monitored on a quarterly basis (1 year total) for gases generated by the landfill. Water samples were collected from the ground-water monitoring well for chemical analysis. Data collection is divided into two elements: geologic data and hydrologic data. Geologic data include lithologic descriptions of cores and cuttings, geophysical logs, soil- gas and ambient-air analyses, and chemical analyses of soil. Hydrologic data include physical properties, total organic carbon, and pH of soil and sediment samples; soil-water chloride and soil-moisture analyses; physical properties of the landfill cover; measurements of depth to ground water; and ground-water chemical analyses. Interpretation of data is not included in this report.

  2. Cyber-Gap

    Science.gov (United States)

    Salomon-Fernandez, Yves

    2014-01-01

    Within the information technology sector, cybersecurity is considered its own supersector. As information becomes increasingly digitized and a growing array of transactions can be completed in the cloud, people, governments and enterprises become increasingly more vulnerable. The Identity Theft Resources Center (ITRC) reports nearly 5,000 breaches…

  3. Microgrid cyber security reference architecture.

    Energy Technology Data Exchange (ETDEWEB)

    Veitch, Cynthia K.; Henry, Jordan M.; Richardson, Bryan T.; Hart, Derek H.

    2013-07-01

    This document describes a microgrid cyber security reference architecture. First, we present a high-level concept of operations for a microgrid, including operational modes, necessary power actors, and the communication protocols typically employed. We then describe our motivation for designing a secure microgrid; in particular, we provide general network and industrial control system (ICS)-speci c vulnerabilities, a threat model, information assurance compliance concerns, and design criteria for a microgrid control system network. Our design approach addresses these concerns by segmenting the microgrid control system network into enclaves, grouping enclaves into functional domains, and describing actor communication using data exchange attributes. We describe cyber actors that can help mitigate potential vulnerabilities, in addition to performance bene ts and vulnerability mitigation that may be realized using this reference architecture. To illustrate our design approach, we present a notional a microgrid control system network implementation, including types of communica- tion occurring on that network, example data exchange attributes for actors in the network, an example of how the network can be segmented to create enclaves and functional domains, and how cyber actors can be used to enforce network segmentation and provide the neces- sary level of security. Finally, we describe areas of focus for the further development of the reference architecture.

  4. The Need for Cyber-Informed Engineering Expertise for Nuclear Research Reactors

    Energy Technology Data Exchange (ETDEWEB)

    Anderson, Robert Stephen [Idaho National Laboratory

    2015-12-01

    Engineering disciplines may not currently understand or fully embrace cyber security aspects as they apply towards analysis, design, operation, and maintenance of nuclear research reactors. Research reactors include a wide range of diverse co-located facilities and designs necessary to meet specific operational research objectives. Because of the nature of research reactors (reduced thermal energy and fission product inventory), hazards and risks may not have received the same scrutiny as normally associated with power reactors. Similarly, security may not have been emphasized either. However, the lack of sound cybersecurity defenses may lead to both safety and security impacts. Risk management methodologies may not contain the foundational assumptions required to address the intelligent adversary’s capabilities in malevolent cyber attacks. Although most research reactors are old and may not have the same digital footprint as newer facilities, any digital instrument and control function must be considered as a potential attack platform that can lead to sabotage or theft of nuclear material, especially for some research reactors that store highly enriched uranium. This paper will provide a discussion about the need for cyber-informed engineering practices that include the entire engineering lifecycle. Cyber-informed engineering as referenced in this paper is the inclusion of cybersecurity aspects into the engineering process. A discussion will consider several attributes of this process evaluating the long-term goal of developing additional cyber safety basis analysis and trust principles. With a culture of free information sharing exchanges, and potentially a lack of security expertise, new risk analysis and design methodologies need to be developed to address this rapidly evolving (cyber) threatscape.

  5. Air Force Cyber Outreach

    Science.gov (United States)

    2017-09-17

    reimagine how technology might enrich and protect our nation, businesses, and lives. As a human-centric design center, we seek out unique ways to connect...underserved school has talked with her students and they are interested in starting a coding club but soon found out there are no available computers for 5...society events fun and interesting (and building upon the initial contacts through the Safe and Secure Online program), kids came to view “cyber” as

  6. Cyber-Bullying: The Situation in Ireland

    Science.gov (United States)

    O'Moore, Mona

    2012-01-01

    This paper reports on the first major survey of cyber-bullying undertaken in Ireland. While preliminary results have been published they were based on a smaller and incomplete sample of 12-16 year olds living in Ireland. The preliminary results addressed the incidence level of cyber-bullying and that of the different subcategories of…

  7. Learning Management Platform for CyberCIEGE

    Science.gov (United States)

    2011-12-01

    CLE is a platform that allows academic and research collaboration and it is built on open pedagogy and open standard [16]. In those situations...C. Irvine, “Active learning with the CyberCIEGE video game,” in Proceedings of the 4th Conference on Cyber Security Experimentation and Test, 2011

  8. Cyber-Cops: Angels on the Net.

    Science.gov (United States)

    Educom Review, 1996

    1996-01-01

    Curtis Sliwa, founder of the Guardian Angels citizens' safety patrol, discusses the development of the Cyber Angels, an online citizens' patrol group that monitors Internet communication. Cyber Angels voluntarily look for and report any illegal activity conducted over the Internet, such as pyramid scams, transmission of stolen credit card and…

  9. Self-Development for Cyber Warriors

    Science.gov (United States)

    2011-11-10

    Geospatial Intelligence (GEOINT), Human Intelligence (HUMINT), Open Source Intelligence ( OSINT ), Signals Intelligence (SIGINT) and Measurement and...from career fields with varying degrees of intersection with cyber warfare including: signals intelligence , all source intelligence , and...leverage them in support of cyber warfare operations. All Source Intelligence Ability to request, analyze, synthesize, and fuse intelligence from

  10. Strategies for Resolving the Cyber Attribution Challenge

    Science.gov (United States)

    2013-05-01

    involvement in cyber espionage and Internet censorship . The United States’ policies for responding to cyber events are still being developed...operational arm, although the United States does not currently support it.45 The IMPACT Global Response Centre, based in Cyberjaya, Malaysia , was set up

  11. Developing Cyber Foraging Applications for Portable Devices

    DEFF Research Database (Denmark)

    Kristensen, Mads Darø; Bouvin, Niels Olof

    2008-01-01

    This paper presents the Locusts cyber foraging framework. Cyber foraging is the opportunistic use of computing resources available in the nearby environment, and using such resources thus fall into the category of distributed computing. Furthermore, for the resources to be used efficiently, paral...

  12. Emotional Problems in Traditional and Cyber Victimization

    Science.gov (United States)

    Sjursø, Ida Risanger; Fandrem, Hildegunn; Roland, Erling

    2016-01-01

    Previous studies show an association between traditional and cyber victimization. However, there seem to be differences in how these forms of being bullied relates to emotional problems in the victims. Few studies focus on symptoms of general anxiety and depression as separate variables when comparing traditional and cyber victimization.…

  13. Ten national cyber security strategies: A comparison

    NARCIS (Netherlands)

    Luiijf, H.A.M.; Besseling, K. van; Spoelstra, M.; Graaf, P. de

    2013-01-01

    A number of nations developed and published a national cyber security strategy (NCSS). Most of them were published in the period 2009 - 2011. Despite the fact that each of these NCSS intends to address the cyber security threat, large differences exist between the NCSS approaches. This paper

  14. Kanttekeningen bij de Europese cyber security strategie

    NARCIS (Netherlands)

    Luiijf, H.A.M.; Smulders, A.C.M.; Kamphuis, P.

    2013-01-01

    In februari presenteerde de Europese Unie de Europese cyber security strategie en begeleidende concept richtlijn. The Hague Security Delta (HSD) is verheugd dat de Nederlandse Nationale Cyber Security Strategie nu ook op Europees niveau navolging krijgt. Toch plaatsen we een paar kantekeningen.

  15. Cyber Victimization and Depressive Symptoms in Sexual Minority College Students

    Science.gov (United States)

    Ramsey, Jaimi L.; DiLalla, Lisabeth F.; McCrary, Megan K.

    2016-01-01

    This study investigated the relations between sexual orientation, cyber victimization, and depressive symptoms in college students. Study aims were to determine whether sexual minority college students are at greater risk for cyber victimization and to examine whether recent cyber victimization (self-reported cyber victimization over the last…

  16. Countering the Cyber-Attack, a case-study [video

    OpenAIRE

    Keith Squires; Center for Homeland Defense and Security Naval Postgraduate School

    2015-01-01

    A cyber-criminal organization electronically diverts funds, a hacking group uses their prowess to try to influence politics, these are examples of the evolving world of cyber crime. Keith Squires, Commissioner of Public Safety and Homeland Security Advisor for the State of Utah talks about his experience in building a cyber security program to counter such cyber criminals.

  17. Cybercom Chief Details U.S. Cyber Threats

    Science.gov (United States)

    Security Robots Lasers RSS Feed Cybercom Chief Details U.S. Cyber Threats - December 2, 2014 Navy Adm . Rogers, the commander of U.S. Cyber Command, director of the National Security Agency and chief of the Framework for Cyber Sharing But before Cybercom can help commercial companies deal with cyber criminals and

  18. Dampak Media Sosial dalam Cyber Bullying

    Directory of Open Access Journals (Sweden)

    Monica Hidajat

    2015-03-01

    Full Text Available The purpose of this research is to review two journals about social media effect for cyberbullying. First Journal is written by Eddie Fisher with the title From Cyber Bullying to Cyber Coping: The Misuse of Mobile Technology and Social Media and Their Effects on People’s Lives and the second journal is written by ReginaldH. Gonzales with the title Social Media as a Channel and its Implications on Cyber Bullying. First Journal focus on condition and cyber bullying state by interview respondents in law terms. Second journal focus on handling cyber bullying case at social media. Social medial cause few cases of cyberbullying increasing because of its characteristic that possible to spread information easily and fast. Socialization proper use of social media needs to be done to improve public awareness about the dangers of misuse of social media.

  19. Mathematical and Statistical Opportunities in Cyber Security

    Energy Technology Data Exchange (ETDEWEB)

    Meza, Juan; Campbell, Scott; Bailey, David

    2009-03-23

    The role of mathematics in a complex system such as the Internet has yet to be deeply explored. In this paper, we summarize some of the important and pressing problems in cyber security from the viewpoint of open science environments. We start by posing the question 'What fundamental problems exist within cyber security research that can be helped by advanced mathematics and statistics'? Our first and most important assumption is that access to real-world data is necessary to understand large and complex systems like the Internet. Our second assumption is that many proposed cyber security solutions could critically damage both the openness and the productivity of scientific research. After examining a range of cyber security problems, we come to the conclusion that the field of cyber security poses a rich set of new and exciting research opportunities for the mathematical and statistical sciences.

  20. China's Cyber Initiatives Counter International Pressure

    Directory of Open Access Journals (Sweden)

    Emilio Iasiello

    2017-03-01

    Full Text Available Prior to its historic 2015 “no hack” pact for commercial advantage with the United States, Beijing has been engaged drafting and passing legislation, most with specific cyber components, to enhance its security posture while protecting its economic interests. This approach is in stark contrast to United States efforts that have demonstrated a focus on “acting globally, thinking locally” philosophy wherein most of its cyber efforts have been outwardly facing and are distinct from other security considerations. This paper suggests that by strengthening its domestic front with a legal framework, Beijing is preparing itself to counter any foreign initiative contrary to Beijing’s plans (e.g., cyber norms of behavior, cyber sanctions, etc. by being able to exert legal measures against foreign interests in country, thereby preserving its cyber sovereignty.

  1. Cyber-Physical Architecture Assisted by Programmable Networking

    OpenAIRE

    Rubio-Hernan, Jose; Sahay, Rishikesh; De Cicco, Luca; Garcia-Alfaro, Joaquin

    2018-01-01

    Cyber-physical technologies are prone to attacks, in addition to faults and failures. The issue of protecting cyber-physical systems should be tackled by jointly addressing security at both cyber and physical domains, in order to promptly detect and mitigate cyber-physical threats. Towards this end, this letter proposes a new architecture combining control-theoretic solutions together with programmable networking techniques to jointly handle crucial threats to cyber-physical systems. The arch...

  2. Cyber risk: a big challenge in developed and emerging markets

    OpenAIRE

    Arcuri, Maria Cristina; Brogi, Marina; Gandolfi, Gino

    2016-01-01

    The dependence on cyberspace has considerably increased over time, as such, people look at risk associated with cyber technology. This chapter focuses on the cyber risk issue. The authors aim to describe the global state of the art and point out the potential negative consequences of this type of systemic risk. Cyber risk increasingly affects both public and private institutions. Some of the risks that entities face are the following: computer security breaches, cyber theft, cyber terrorism, ...

  3. Cyber Operations Between Russia and Ukraine During Ukrainian Conflict

    Directory of Open Access Journals (Sweden)

    Miroslava Pavlíková

    2016-06-01

    Full Text Available When the Ukraine crisis started in 2013, discussions about possible cyber warfare appeared. Debates about the usage of cyber tools in war conflicts have already been considered for the last few years and conflicts where actors possess these capacities emphasize the importance to analyze this phenomenon. This article examines cyber warfare between Russia and Ukraine during the Ukraine crisis and aims to analyze incidents in the cyber domain with considerations cyber war on a theoretical background.

  4. The Evolution of Preemptive Strikes in Israeli Operational Planning and Future Implications for the Cyber Domain

    Science.gov (United States)

    2013-05-23

    2012), 35. 36Irving Lachow, “Cyber Terrorism: Menace of Myth ?” in Franklin D. Kramer, Stuart H. Starr, and Larry Wentz, eds., Cyberpower and National...of the Begin-Sadat Center for Strategic Studies, describes this period of thinking in the IDF as “’long dark age’ is explained by the myth of Israeli...knowing why they were broken.175 The scary part of this cyber weapon is in the fact that if engineered only slightly differently, Stuxnet could have

  5. Development of Cyber Security Scheme for Nuclear Power Plant

    Energy Technology Data Exchange (ETDEWEB)

    Hong, S. B.; Choi, Y. S.; Cho, J. W. (and others)

    2009-12-15

    Nuclear I and C system is considered to be safe on the cyber threat because of the use of exclusive communication network and operating system. But the trend of open architecture and standardization on the equipment of I and C system, it is not safe on the cyber threat such as hacking and cyber terror. It is needed to protect nuclear I and C systems by the cyber attack, Countermeasures of the cyber security is required a lot of time and endeavors because there are many factors on the environment of cyber security and cyber attack. For the nuclear cyber security, we should make structural framework and eliminate cyber vulnerabilities by the analysis of cyber environment. The framework for the cyber security includes planning, embodiment of security technologies, security audit, security management and security maintenance. In this report, we examined IT security technology and the trend of standard in the industrial I and C system, and proposed a method to construct cyber security for the nuclear power plant. We analysed the threat of cyber security, vulnerability and cyber risk, then we present a method for the cyber security structure and the countermeasures.

  6. Development of Cyber Security Scheme for Nuclear Power Plant

    International Nuclear Information System (INIS)

    Hong, S. B.; Choi, Y. S.; Cho, J. W.

    2009-12-01

    Nuclear I and C system is considered to be safe on the cyber threat because of the use of exclusive communication network and operating system. But the trend of open architecture and standardization on the equipment of I and C system, it is not safe on the cyber threat such as hacking and cyber terror. It is needed to protect nuclear I and C systems by the cyber attack, Countermeasures of the cyber security is required a lot of time and endeavors because there are many factors on the environment of cyber security and cyber attack. For the nuclear cyber security, we should make structural framework and eliminate cyber vulnerabilities by the analysis of cyber environment. The framework for the cyber security includes planning, embodiment of security technologies, security audit, security management and security maintenance. In this report, we examined IT security technology and the trend of standard in the industrial I and C system, and proposed a method to construct cyber security for the nuclear power plant. We analysed the threat of cyber security, vulnerability and cyber risk, then we present a method for the cyber security structure and the countermeasures

  7. Development of Information Technology for Smart Defense

    International Nuclear Information System (INIS)

    Chung, Kyoil; Lee, So Yeon; Park, Sangjoon; Park, Jonghyun; Han, Sangcheol

    2014-01-01

    Recently, there has been demand for the convergence of IT (Information and communication Technologies, ICT) with defense, as has already been achieved in civilian fields such as healthcare and construction. It is expected that completely new and common requirements would emerge from the civilian and military domains and that the shape of war field would change rapidly. Many military scientists forecast that future wars would be network-centric and be based on C4I(Command, Control, Communication and Computer, Intelligence), ISR(Intelligence, Surveillance and Reconnaissance), and PGM(Precision Guided Munitions). For realizing the smart defense concept, IT should act as a baseline technology even for simulating a real combat field using virtual reality. In this paper, we propose the concept of IT-based smart defense with a focus on accurate detection in real and cyber wars, effective data communication, automated and unmanned operation, and modeling and simulation

  8. Development of Information Technology for Smart Defense

    Energy Technology Data Exchange (ETDEWEB)

    Chung, Kyoil; Lee, So Yeon; Park, Sangjoon; Park, Jonghyun [ETRI, Daejeon (Korea, Republic of); Han, Sangcheol [KEIT, Seoul (Korea, Republic of)

    2014-03-15

    Recently, there has been demand for the convergence of IT (Information and communication Technologies, ICT) with defense, as has already been achieved in civilian fields such as healthcare and construction. It is expected that completely new and common requirements would emerge from the civilian and military domains and that the shape of war field would change rapidly. Many military scientists forecast that future wars would be network-centric and be based on C4I(Command, Control, Communication and Computer, Intelligence), ISR(Intelligence, Surveillance and Reconnaissance), and PGM(Precision Guided Munitions). For realizing the smart defense concept, IT should act as a baseline technology even for simulating a real combat field using virtual reality. In this paper, we propose the concept of IT-based smart defense with a focus on accurate detection in real and cyber wars, effective data communication, automated and unmanned operation, and modeling and simulation.

  9. Building organisational cyber resilience: A strategic knowledge-based view of cyber security management.

    Science.gov (United States)

    Ferdinand, Jason

    The concept of cyber resilience has emerged in recent years in response to the recognition that cyber security is more than just risk management. Cyber resilience is the goal of organisations, institutions and governments across the world and yet the emerging literature is somewhat fragmented due to the lack of a common approach to the subject. This limits the possibility of effective collaboration across public, private and governmental actors in their efforts to build and maintain cyber resilience. In response to this limitation, and to calls for a more strategically focused approach, this paper offers a knowledge-based view of cyber security management that explains how an organisation can build, assess, and maintain cyber resilience.

  10. What kind of cyber security? Theorising cyber security and mapping approaches

    OpenAIRE

    Laura Fichtner

    2018-01-01

    Building on conceptual work on security and cyber security, the paper explores how different approaches to cyber security are constructed. It outlines structural components and presents four common approaches. Each of them suggests a different role for the actors involved and is motivated and justified by different values such as privacy, economic order and national security. When a cyber security policy or initiative is chosen by policymakers, the analysis of the underlying approach enhances...

  11. Anonymous As a Cyber Tribe: A New Model for Complex, Non-State Cyber Actors

    Science.gov (United States)

    2015-05-01

    personas. Only then can cyber strategists exercise the required amount of cultural relativism needed to influence complex, and sometimes disturbing...that runs counter to their professional ethic ? When cyber tribes employ atrocity to create cultural barriers, how will planners remain focused on...as a cyber actor’s motivation? Meeting these challenges requires new levels of cultural relativism —the understanding of a “culture or a cultural

  12. Using CyberShake Workflows to Manage Big Seismic Hazard Data on Large-Scale Open-Science HPC Resources

    Science.gov (United States)

    Callaghan, S.; Maechling, P. J.; Juve, G.; Vahi, K.; Deelman, E.; Jordan, T. H.

    2015-12-01

    The CyberShake computational platform, developed by the Southern California Earthquake Center (SCEC), is an integrated collection of scientific software and middleware that performs 3D physics-based probabilistic seismic hazard analysis (PSHA) for Southern California. CyberShake integrates large-scale and high-throughput research codes to produce probabilistic seismic hazard curves for individual locations of interest and hazard maps for an entire region. A recent CyberShake calculation produced about 500,000 two-component seismograms for each of 336 locations, resulting in over 300 million synthetic seismograms in a Los Angeles-area probabilistic seismic hazard model. CyberShake calculations require a series of scientific software programs. Early computational stages produce data used as inputs by later stages, so we describe CyberShake calculations using a workflow definition language. Scientific workflow tools automate and manage the input and output data and enable remote job execution on large-scale HPC systems. To satisfy the requests of broad impact users of CyberShake data, such as seismologists, utility companies, and building code engineers, we successfully completed CyberShake Study 15.4 in April and May 2015, calculating a 1 Hz urban seismic hazard map for Los Angeles. We distributed the calculation between the NSF Track 1 system NCSA Blue Waters, the DOE Leadership-class system OLCF Titan, and USC's Center for High Performance Computing. This study ran for over 5 weeks, burning about 1.1 million node-hours and producing over half a petabyte of data. The CyberShake Study 15.4 results doubled the maximum simulated seismic frequency from 0.5 Hz to 1.0 Hz as compared to previous studies, representing a factor of 16 increase in computational complexity. We will describe how our workflow tools supported splitting the calculation across multiple systems. We will explain how we modified CyberShake software components, including GPU implementations and

  13. Behavioural Profiling in Cyber-Social Systems

    DEFF Research Database (Denmark)

    Perno, Jason; Probst, Christian W.

    2017-01-01

    Computer systems have evolved from standalone systems, over networked systems, to cyber-physical systems. In all stages, human operators have been essential for the functioning of the system and for understanding system messages. Recent trends make human actors an even more central part of computer...... systems, resulting in what we call "cyber-social systems". In cyber-social systems, human actors and their interaction with a system are essential for the state of the system and its functioning. Both the system's operation and the human's operating it are based on an assumption of each other's behaviour...

  14. Perceptions of Popularity-Related Behaviors in the Cyber Context: Relations to Cyber Social Behaviors

    Directory of Open Access Journals (Sweden)

    Michelle F. Wright

    2015-01-01

    Full Text Available Despite acknowledging that adolescents are active users of electronic technology, little is known about their perceptions concerning how such technologies might be used to promote their social standing among their peer group and whether these perceptions relate to their cyber social behaviors (i.e., cyber aggression perpetration, cyber prosocial behavior. To address this gap in the literature, the present study included 857 seventh graders (M age: 12.19; 50.8% female from a large Midwestern city in the United States. They completed questionnaires on face-to-face social behaviors, cyber social behaviors, perceived popularity, social preference, and their perceptions of characteristics and activities related to the cyber context which might be used to promote popularity. Findings revealed four activities and characteristics used to improve adolescents’ social standing in the peer group, including antisocial behaviors, sociability, prosocial behaviors, and technology access. Using antisocial behaviors in the cyber context to promote popularity was related to cyber aggression perpetration, while controlling for gender, social preference, and perceived popularity. On the other hand, sociability and prosocial behaviors in the cyber context used to improve popularity as well as technology access were associated with cyber prosocial behavior. A call for additional research is made.

  15. Quick-Reaction Report on the Audit of Defense Base Realignment and Closure Budget Data for Naval Training Center Great Lakes, Illinois

    Science.gov (United States)

    1994-05-19

    the audit of project P-608T, Building Modifications, as they relate to project P-557S. Because...project P-608T was addressed in Report No. 94-108, Quick-Reaction Report on the Audit of Defense Base Realignment and Closure Budget Data for Naval Station Treasure Island, California, May 19,

  16. The implications of transnational cyber threats in international humanitarian law: analysing the distinction between cybercrime, cyber attack, and cyber warfare in the 21st century

    OpenAIRE

    Faga, Hemen Philip

    2017-01-01

    This paper is an attempt to draw distinctive lines between the concepts of cybercrime, cyber-attack, and cyber warfare in the current information age, in which it has become difficult to separate the activities of transnational criminals from acts of belligerents using cyberspace. The paper considers the implications of transnational cyber threats in international humanitarian law (IHL) with a particular focus on cyber-attacks by non-state actors, the principles of state responsibility, and t...

  17. Closing the Cyber Gap: Integrating Cross-Government Cyber Capabilities to Support the DHS Cyber Security Mission

    Science.gov (United States)

    2014-12-01

    identifies and eliminates the actors who seek to target our cyber 152 “2013 Data Breach Investigations Report,” Verizon Enterprise Solutions, accessed...future. 360 “2013 Data Breach Investigations Report,” Verizon Enterprise Solutions, accessed September 29, 2013, http://www.verizonenterprise.com/DBIR...critical system owners and worldwide cyber security teams.382 381 Data Breach on the Rise: Protecting Personal Information from Harm: Hearing

  18. Final Report for Bio-Inspired Approaches to Moving-Target Defense Strategies

    Energy Technology Data Exchange (ETDEWEB)

    Fink, Glenn A.; Oehmen, Christopher S.

    2012-09-01

    This report records the work and contributions of the NITRD-funded Bio-Inspired Approaches to Moving-Target Defense Strategies project performed by Pacific Northwest National Laboratory under the technical guidance of the National Security Agency’s R6 division. The project has incorporated a number of bio-inspired cyber defensive technologies within an elastic framework provided by the Digital Ants. This project has created the first scalable, real-world prototype of the Digital Ants Framework (DAF)[11] and integrated five technologies into this flexible, decentralized framework: (1) Ant-Based Cyber Defense (ABCD), (2) Behavioral Indicators, (3) Bioinformatic Clas- sification, (4) Moving-Target Reconfiguration, and (5) Ambient Collaboration. The DAF can be used operationally to decentralize many such data intensive applications that normally rely on collection of large amounts of data in a central repository. In this work, we have shown how these component applications may be decentralized and may perform analysis at the edge. Operationally, this will enable analytics to scale far beyond current limitations while not suffering from the bandwidth or computational limitations of centralized analysis. This effort has advanced the R6 Cyber Security research program to secure digital infrastructures by developing a dynamic means to adaptively defend complex cyber systems. We hope that this work will benefit both our client’s efforts in system behavior modeling and cyber security to the overall benefit of the nation.

  19. Development of a cyber security risk model using Bayesian networks

    International Nuclear Information System (INIS)

    Shin, Jinsoo; Son, Hanseong; Khalil ur, Rahman; Heo, Gyunyoung

    2015-01-01

    Cyber security is an emerging safety issue in the nuclear industry, especially in the instrumentation and control (I and C) field. To address the cyber security issue systematically, a model that can be used for cyber security evaluation is required. In this work, a cyber security risk model based on a Bayesian network is suggested for evaluating cyber security for nuclear facilities in an integrated manner. The suggested model enables the evaluation of both the procedural and technical aspects of cyber security, which are related to compliance with regulatory guides and system architectures, respectively. The activity-quality analysis model was developed to evaluate how well people and/or organizations comply with the regulatory guidance associated with cyber security. The architecture analysis model was created to evaluate vulnerabilities and mitigation measures with respect to their effect on cyber security. The two models are integrated into a single model, which is called the cyber security risk model, so that cyber security can be evaluated from procedural and technical viewpoints at the same time. The model was applied to evaluate the cyber security risk of the reactor protection system (RPS) of a research reactor and to demonstrate its usefulness and feasibility. - Highlights: • We developed the cyber security risk model can be find the weak point of cyber security integrated two cyber analysis models by using Bayesian Network. • One is the activity-quality model signifies how people and/or organization comply with the cyber security regulatory guide. • Other is the architecture model represents the probability of cyber-attack on RPS architecture. • The cyber security risk model can provide evidence that is able to determine the key element for cyber security for RPS of a research reactor

  20. Planetary Defense

    Science.gov (United States)

    2016-05-01

    4 Abstract Planetary defense against asteroids should be a major concern for every government in the world . Millions of asteroids and...helps make Planetary Defense viable because defending the Earth against asteroids benefits from all the above technologies. So if our planet security...information about their physical characteristics so we can employ the right strategies. It is a crucial difference if asteroids are made up of metal

  1. Information fusion for cyber-security analytics

    CERN Document Server

    Karabatis, George; Aleroud, Ahmed

    2017-01-01

    This book highlights several gaps that have not been addressed in existing cyber security research. It first discusses the recent attack prediction techniques that utilize one or more aspects of information to create attack prediction models. The second part is dedicated to new trends on information fusion and their applicability to cyber security; in particular, graph data analytics for cyber security, unwanted traffic detection and control based on trust management software defined networks, security in wireless sensor networks & their applications, and emerging trends in security system design using the concept of social behavioral biometric. The book guides the design of new commercialized tools that can be introduced to improve the accuracy of existing attack prediction models. Furthermore, the book advances the use of Knowledge-based Intrusion Detection Systems (IDS) to complement existing IDS technologies. It is aimed towards cyber security researchers. .

  2. HYBRID THREATS, CYBER WARFARE AND NATO'S ...

    African Journals Online (AJOL)

    Bachmans

    cyber'1 and kinetic responses to international terrorism have increasingly .... joint action and coordination is highlighted by the fact that the government in the scenario did ...... Qaeda), that man should live in the same technological conditions as.

  3. CYBER-DIGITAL PLAGIARISM: AN AWARENESS APPROACH*

    African Journals Online (AJOL)

    Lehobye

    Plagiarism, as opposed to cyber-ethics, is the practice of claiming or implying original authorship, in whole or in part, by incorporating ... the "Borrowing, purchasing, or otherwise obtaining work composed by someone else and submitting it ...

  4. Cyber Literature: A Reader – Writer Interactivity

    Directory of Open Access Journals (Sweden)

    Fathu Rahman

    2017-06-01

    Full Text Available Cyber Literature is a term known since the coming of the internet which brings a convenience, changing habit and world view. This study is a survey-based on respondents’ opinion about the existence of cyber literature on social media; of its benefit and impact to the reader. This study limits to the poems on Facebook group. The reason is simple; it favors the short form. For the study of a reader-writer interactivity in cyber literature is more likely on poetry. The approach is reader response literary theory with focus on the reader-writer interactivity on Facebook. This research aimed at uncovering the motivation of readers to response the uploaded text, the reasons why they love it and what its advantages. The results showed that cyber literature is successfully to introduce a new literary genre as well as to raise motivation and creativity of authors to make use the internet space.

  5. Realizing Scientific Methods for Cyber Security

    Energy Technology Data Exchange (ETDEWEB)

    Carroll, Thomas E.; Manz, David O.; Edgar, Thomas W.; Greitzer, Frank L.

    2012-07-18

    There is little doubt among cyber security researchers about the lack of scientic rigor that underlies much of the liter-ature. The issues are manifold and are well documented. Further complicating the problem is insufficient scientic methods to address these issues. Cyber security melds man and machine: we inherit the challenges of computer science, sociology, psychology, and many other elds and create new ones where these elds interface. In this paper we detail a partial list of challenges imposed by rigorous science and survey how other sciences have tackled them, in the hope of applying a similar approach to cyber security science. This paper is by no means comprehensive: its purpose is to foster discussion in the community on how we can improve rigor in cyber security science.

  6. On Cyber Warfare Command and Control Systems

    National Research Council Canada - National Science Library

    Howes, Norman R; Mezzino, Michael; Sarkesain, John

    2004-01-01

    .... Cyber warfare then becomes a one-sided battle where the attacker makes all the strikes and the target of the attack responds so slowly that the attacker usually gets away without being identified...

  7. Cyber security analytics, technology and automation

    CERN Document Server

    Neittaanmäki, Pekka

    2015-01-01

    Over the last two decades, the Internet and more broadly cyberspace has had a tremendous impact on all parts of society. Governments across the world have started to develop cyber security strategies and to consider cyberspace as an increasingly important international issue. The book, in addition to the cyber threats and technology, processes cyber security from many sides as a social phenomenon and how the implementation of the cyber security strategy is carried out. The book gives a profound idea of the most spoken phenomenon of this time. The book is suitable for a wide-ranging audience from graduate to professionals/practitioners and researchers. Relevant disciplines for the book are  Telecommunications / Network security, Applied mathematics / Data analysis, Mobile systems / Security, Engineering / Security of critical infrastructure and Military science / Security.

  8. Evaluating cyber security awareness in South Africa

    CSIR Research Space (South Africa)

    Grobler, M

    2011-07-01

    Full Text Available broadband capability and knowledge transfer within rural communities. To evaluate the current level of cyber security awareness, a series of exploratory surveys have been distributed to less technologically resourced entities in rural and deep rural...

  9. International co-operation in cyber resilience

    NARCIS (Netherlands)

    Zielstra, A.; Luiijf, H.A.M.; Duijnhoven, H.L.

    2015-01-01

    All stakeholders in cyber security and resilience have obligations; it is time to end the period of loose, non-binding collaborations, say Annemarie Zielstra, Eric Luiijf and Hanneke Duijnhoven, in this call for nations to work more closely together

  10. APPROACH TO CYBER SECURITY ISSUES IN NIGERIA: CHALLENGES AND SOLUTION

    OpenAIRE

    Frank Ibikunle; Odunayo Eweniyi

    2013-01-01

    Cyber-space refers to the boundless space known as the internet. Cyber-security is the body of rules put in place for the protection of the cyber space. Cyber-crime refers to the series of organized crime attacking both cyber space and cyber security. The Internet is one of the fastest-growing areas of technical infrastructure development. Over the past decades, the growth of the internet and its use afforded everyone this opportunity. Google, Wikipedia and Bing to mention a few, give detaile...

  11. TCIA Secure Cyber Critical Infrastructure Modernization.

    Energy Technology Data Exchange (ETDEWEB)

    Keliiaa, Curtis M. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

    2017-02-01

    The Sandia National Laboratories (Sandia Labs) tribal cyber infrastructure assurance initiative was developed in response to growing national cybersecurity concerns in the the sixteen Department of Homeland Security (DHS) defined critical infrastructure sectors1. Technical assistance is provided for the secure modernization of critical infrastructure and key resources from a cyber-ecosystem perspective with an emphasis on enhanced security, resilience, and protection. Our purpose is to address national critical infrastructure challenges as a shared responsibility.

  12. Automated Big Traffic Analytics for Cyber Security

    OpenAIRE

    Miao, Yuantian; Ruan, Zichan; Pan, Lei; Wang, Yu; Zhang, Jun; Xiang, Yang

    2018-01-01

    Network traffic analytics technology is a cornerstone for cyber security systems. We demonstrate its use through three popular and contemporary cyber security applications in intrusion detection, malware analysis and botnet detection. However, automated traffic analytics faces the challenges raised by big traffic data. In terms of big data's three characteristics --- volume, variety and velocity, we review three state of the art techniques to mitigate the key challenges including real-time tr...

  13. Critical infrastructure cyber-security risk management

    OpenAIRE

    Spyridopoulos, T.; Maraslis, K.; Tryfonas, T.; Oikonomou, G.

    2017-01-01

    Traditional IT cyber-security risk management methods are based on the evaluation of risks calculated as the likelihood of cyber-security incidents occurring. However, these probabilities are usually estimations or guesses based on past experience and incomplete data. Incorrect estimations can lead to errors in the evaluation of risks that can ultimately affect the protection of the system. This issue is also transferred to methods used in Industrial Control Systems (ICSs), as they are mainly...

  14. Cyber security in ports: Business as usual

    OpenAIRE

    Moerel, Lokke; Dezeure, Freddy

    2017-01-01

    Our paper summarizes the risks and provides concrete and pragmatic proposals to increase substantially the cyber maturity and resilience in the ports by organizing training and awareness raising, fostering cooperation and information exchange both between the stakeholders in the ports and across the ports and integrating the cyber risk into the physical security risk management processes and structures already in place within the ports. This also involves a higher degree of oversight by the P...

  15. Commercial and Industrial Cyber Espionage in Israel

    OpenAIRE

    Shahar Argaman; Gabi Siboni

    2014-01-01

    Cyberspace is especially suited to the theft of business information and to espionage. The accessibility of information, along with the ability to remain anonymous and cover one’s tracks, allows various entities to engage in the theft of valuable information, an act that can cause major damage. Israel, rich in advanced technology and a leader in innovation-based industries that rely on unique intellectual property, is a prime target for cyber theft and commercial cyber attacks. This article e...

  16. Human organ trafficking in the cyber space

    Directory of Open Access Journals (Sweden)

    Vuletić Dejan

    2009-01-01

    Full Text Available The accelerated growth of the information-communication technology use brought about cyber crime as a new form of crime connected with the misuse of computer network. Human trafficking and human organ trafficking are changing in line with the state-of-art technological achievements i.e. becoming more and more characteristic of cyber space. Passing appropriate regulations at both national and international levels presents an important step in solving the problem of human organ trafficking through Internet.

  17. Cyber Security Audit and Attack Detection Toolkit

    Energy Technology Data Exchange (ETDEWEB)

    Peterson, Dale

    2012-05-31

    This goal of this project was to develop cyber security audit and attack detection tools for industrial control systems (ICS). Digital Bond developed and released a tool named Bandolier that audits ICS components commonly used in the energy sector against an optimal security configuration. The Portaledge Project developed a capability for the PI Historian, the most widely used Historian in the energy sector, to aggregate security events and detect cyber attacks.

  18. 2004 annual report. Defense, safety, energy, information, health. CEA in the center of big European challenges; Rapport annuel 2004. Defense, securite, energie, information, sante. Le CEA au coeur des grands defis europeens

    Energy Technology Data Exchange (ETDEWEB)

    NONE

    2005-07-01

    This document is the 2004 annual report of the French atomic energy commission (CEA). It presents the R and D activities of the CEA in three main domains: 1 - defense and safety, maintaining perenniality of nuclear dissuasion and nuclear safety: supplying nuclear weapons to armies, maintaining dissuasion capability with the simulation program, sharing R and D means with the scientific community and the industrial world, designing and maintaining naval nuclear propulsion reactors, cleansing Marcoule and Pierrelatte facilities, monitoring treaties and fighting against proliferation and terrorism; 2 - energy, developing more competitive and cleaner energy sources: nuclear waste management, optimization of industrial nuclear activities, future nuclear systems and new energy technologies, basic research on energy, radiobiology and toxicology; 3 - information and health, valorizing industry thanks to technological research and supplying new tools for health and medical research: micro- and nano-technologies, software technologies, basic research for industrial innovation, nuclear technologies for health and bio-technologies. (J.S.)

  19. Multiple hypothesis tracking for the cyber domain

    Science.gov (United States)

    Schwoegler, Stefan; Blackman, Sam; Holsopple, Jared; Hirsch, Michael J.

    2011-09-01

    This paper discusses how methods used for conventional multiple hypothesis tracking (MHT) can be extended to domain-agnostic tracking of entities from non-kinematic constraints such as those imposed by cyber attacks in a potentially dense false alarm background. MHT is widely recognized as the premier method to avoid corrupting tracks with spurious data in the kinematic domain but it has not been extensively applied to other problem domains. The traditional approach is to tightly couple track maintenance (prediction, gating, filtering, probabilistic pruning, and target confirmation) with hypothesis management (clustering, incompatibility maintenance, hypothesis formation, and Nassociation pruning). However, by separating the domain specific track maintenance portion from the domain agnostic hypothesis management piece, we can begin to apply the wealth of knowledge gained from ground and air tracking solutions to the cyber (and other) domains. These realizations led to the creation of Raytheon's Multiple Hypothesis Extensible Tracking Architecture (MHETA). In this paper, we showcase MHETA for the cyber domain, plugging in a well established method, CUBRC's INFormation Engine for Real-time Decision making, (INFERD), for the association portion of the MHT. The result is a CyberMHT. We demonstrate the power of MHETA-INFERD using simulated data. Using metrics from both the tracking and cyber domains, we show that while no tracker is perfect, by applying MHETA-INFERD, advanced nonkinematic tracks can be captured in an automated way, perform better than non-MHT approaches, and decrease analyst response time to cyber threats.

  20. What good cyber resilience looks like.

    Science.gov (United States)

    Hult, Fredrik; Sivanesan, Giri

    In January 2012, the World Economic Forum made cyber attacks its fourth top global risk. In the 2013 risk report, cyber attacks were noted to be an even higher risk in absolute terms. The reliance of critical infrastructure on cyber working has never been higher; the frequency, intensity, impact and sophistication of attacks is growing. This trend looks likely to continue. It can be argued that it is no longer a question whether an organisation will be successfully hacked, but how long it will take to detect. In the ever-changing cyber environment, traditional protection techniques and reliance on preventive controls are not enough. A more agile approach is required to give assurance of a sufficiently secure digital society. Are we faced with a paradigm shift or a storm in a digital teacup? This paper offers an introduction to why cyber is important, a wider taxonomy on the topic and some historical context on how the discipline of cyber security has evolved, and an interpretation on what this means in the new normal of today.

  1. NATIONAL SECURITY IMPLICATIONS OF CYBER THREATS

    Directory of Open Access Journals (Sweden)

    ALEJANDRO AMIGO TOSSI

    2017-09-01

    Full Text Available Cyber threat is one of the main risks for security in developing countries, as well in States on the development path, such as ours. This phenomena is a challenge to national security, that needs the adoption of a paramount approach in its analysis, that have to consider all the aspects that had transformed the actors and malevolent actions in this environment in one of the most important challenges to the security of governmental as well as private organizations all over the world. States, hackers, cyber activists, and cyber criminals have been main actors in several situations that had shaped a new dimension for international and national security. The purpose of this article is to propose topics that could be included in the national assessment of cyber threats to the Chilean national security, based upon several conceptual definitions, cyber attacks already executed to state and military organization’s in Chile, and lastly, considerations over cyber threats included in the National Security Strategies of some western powers.

  2. Data Intensive Architecture for Scalable Cyber Analytics

    Energy Technology Data Exchange (ETDEWEB)

    Olsen, Bryan K.; Johnson, John R.; Critchlow, Terence J.

    2011-12-19

    Cyber analysts are tasked with the identification and mitigation of network exploits and threats. These compromises are difficult to identify due to the characteristics of cyber communication, the volume of traffic, and the duration of possible attack. In this paper, we describe a prototype implementation designed to provide cyber analysts an environment where they can interactively explore a month’s worth of cyber security data. This prototype utilized On-Line Analytical Processing (OLAP) techniques to present a data cube to the analysts. The cube provides a summary of the data, allowing trends to be easily identified as well as the ability to easily pull up the original records comprising an event of interest. The cube was built using SQL Server Analysis Services (SSAS), with the interface to the cube provided by Tableau. This software infrastructure was supported by a novel hardware architecture comprising a Netezza TwinFin® for the underlying data warehouse and a cube server with a FusionIO drive hosting the data cube. We evaluated this environment on a month’s worth of artificial, but realistic, data using multiple queries provided by our cyber analysts. As our results indicate, OLAP technology has progressed to the point where it is in a unique position to provide novel insights to cyber analysts, as long as it is supported by an appropriate data intensive architecture.

  3. Intelligent methods for cyber warfare

    CERN Document Server

    Reformat, Marek; Alajlan, Naif

    2015-01-01

    Cyberwarfare has become an important concern for governmental agencies as well businesses of various types.  This timely volume, with contributions from some of the internationally recognized, leaders in the field, gives readers a glimpse of the new and emerging ways that Computational Intelligence and Machine Learning methods can be applied to address problems related to cyberwarfare. The book includes a number of chapters that can be conceptually divided into three topics: chapters describing different data analysis methodologies with their applications to cyberwarfare, chapters presenting a number of intrusion detection approaches, and chapters dedicated to analysis of possible cyber attacks and their impact. The book provides the readers with a variety of methods and techniques, based on computational intelligence, which can be applied to the broad domain of cyberwarfare.

  4. Cyber security awareness toolkit for national security: an approach to South Africa's cyber security policy implementation

    CSIR Research Space (South Africa)

    Phahlamohlaka, LJ

    2011-05-01

    Full Text Available The aim of this paper is to propose an approach that South Africa could follow in implementing its proposed cyber security policy. The paper proposes a Cyber Security Awareness Toolkit that is underpinned by key National Security imperatives...

  5. A Social Cyber Contract Theory Model for Understanding National Cyber Strategies

    NARCIS (Netherlands)

    Bierens, R.H.; Klievink, A.J.; van den Berg, J.

    2017-01-01

    Today’s increasing connectivity creates cyber risks at personal, organizational up to societal level. Societal cyber risks require mitigation by all kinds of actors where government should take the lead due to its responsibility to protect its citizens. Since no formal global governance exists, the

  6. Cyber Victimization and Perceived Stress: Linkages to Late Adolescents' Cyber Aggression and Psychological Functioning

    Science.gov (United States)

    Wright, Michelle F.

    2015-01-01

    The present study examined multiple sources of strain, particular cyber victimization, and perceived stress from parents, peers, and academics, in relation to late adolescents' (ages 16-18; N = 423) cyber aggression, anxiety, and depression, each assessed 1 year later (Time 2). Three-way interactions revealed that the relationship between Time 1…

  7. Are pilots prepared for a cyber-attack? A human factors approach to the experimental evaluation of pilots' behavior

    OpenAIRE

    Gontar , Patrick; Homans , Hendrik; Rostalski , Michelle; Behrend , Julia; Dehais , Frédéric; Bengler , Klaus

    2018-01-01

    International audience; The increasing prevalence of technology in modern airliners brings not just advantages, but also the potential for cyber threats. Fortunately, there have been no significant attacks on civil aircraft to date, which allows the handling of these emerging threats to be approached proactively. Although an ample body of research into technical defense strategies exists, current research neglects to take the human operator into account. In this study, we present an explorato...

  8. Cyber attack analysis on cyber-physical systems: Detectability, severity, and attenuation strategy

    Science.gov (United States)

    Kwon, Cheolhyeon

    Security of Cyber-Physical Systems (CPS) against malicious cyber attacks is an important yet challenging problem. Since most cyber attacks happen in erratic ways, it is usually intractable to describe and diagnose them systematically. Motivated by such difficulties, this thesis presents a set of theories and algorithms for a cyber-secure architecture of the CPS within the control theoretic perspective. Here, instead of identifying a specific cyber attack model, we are focused on analyzing the system's response during cyber attacks. Firstly, we investigate the detectability of the cyber attacks from the system's behavior under cyber attacks. Specifically, we conduct a study on the vulnerabilities in the CPS's monitoring system against the stealthy cyber attack that is carefully designed to avoid being detected by its detection scheme. After classifying three kinds of cyber attacks according to the attacker's ability to compromise the system, we derive the necessary and sufficient conditions under which such stealthy cyber attacks can be designed to cause the unbounded estimation error while not being detected. Then, the analytical design method of the optimal stealthy cyber attack that maximizes the estimation error is developed. The proposed stealthy cyber attack analysis is demonstrated with illustrative examples on Air Traffic Control (ATC) system and Unmanned Aerial Vehicle (UAV) navigation system applications. Secondly, in an attempt to study the CPSs' vulnerabilities in more detail, we further discuss a methodology to identify potential cyber threats inherent in the given CPSs and quantify the attack severity accordingly. We then develop an analytical algorithm to test the behavior of the CPS under various cyber attack combinations. Compared to a numerical approach, the analytical algorithm enables the prediction of the most effective cyber attack combinations without computing the severity of all possible attack combinations, thereby greatly reducing the

  9. Deploying ICT with Entrepreneurship Culture can Fight Cyber-Crime ...

    African Journals Online (AJOL)

    Deploying ICT with Entrepreneurship Culture can Fight Cyber-Crime Menace ... Again he innovates, introducing new products & technologies by the ... Keywords: Cyber-crimes, entrepreneurs, compupreneur, firewalls, computer forensics, ICT, ...

  10. Defense Business Board

    Science.gov (United States)

    Skip to main content (Press Enter). Toggle navigation Defense Business Board Search Search Defense Business Board: Search Search Defense Business Board: Search Defense Business Board Business Excellence in Defense of the Nation Defense Business Board Home Charter Members Meetings Studies Contact Us The Defense

  11. The Soft Side of Cyber Security - Social Media

    DEFF Research Database (Denmark)

    Nissen, Thomas Elkjer

    2016-01-01

    The importance of cyber-security is growing. With the continued digitization of our everyday life we become increasingly vulnerable to cyber-attacks – also personally. Therefore, it is an issue to be taken extremely seriously.......The importance of cyber-security is growing. With the continued digitization of our everyday life we become increasingly vulnerable to cyber-attacks – also personally. Therefore, it is an issue to be taken extremely seriously....

  12. Towards cyber safety education in primary schools in Africa

    CSIR Research Space (South Africa)

    Von Solms, S

    2014-07-01

    Full Text Available , but also increases users' vulnerability to malware infection, cyber-bullying, identity theft and cyber terrorism (Dlamini, Taute, & Radebe, 2011). Africa mainly consists of developing countries which are characterised by limited knowledge, expertise....e. hacking, malware and spyware.  Content-related risks, i.e. exposure to illicit or inappropriate content.  Harassment-related threats, i.e. cyber-bullying, cyber-stalking and other forms of unwanted contact.  Risk of exposing information, i...

  13. KYPO – A Platform for Cyber Defence Exercises

    OpenAIRE

    Čeleda Pavel; Čegan Jakub; Vykopal Jan; Tovarňák Daniel

    2015-01-01

    Correct and timely responses to cyber attacks are crucial for the effective implementation of cyber defence strategies and policies. The number of threats and ingenuity of attackers is ever growing, as is the need for more advanced detection tools, techniques and skilled cyber security professionals. KYPO – Cyber Exercise & Research Platform is focused on modelling and simulating complex computer systems and networks in a virtualized and separated environment. The platform enables realist...

  14. Center for Computing Research Summer Research Proceedings 2015.

    Energy Technology Data Exchange (ETDEWEB)

    Bradley, Andrew Michael [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Parks, Michael L. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

    2015-12-18

    The Center for Computing Research (CCR) at Sandia National Laboratories organizes a summer student program each summer, in coordination with the Computer Science Research Institute (CSRI) and Cyber Engineering Research Institute (CERI).

  15. Geohydrologic site characterization of the municipal solid waste landfill facility, US Army Air Defense Artillery Center and Fort Bliss, El Paso County, Texas

    Science.gov (United States)

    Abeyta, Cynthia G.

    1996-01-01

    Geohydrologic conditions of the Municipal Solid Waste Landfill Facility (MSWLF) on the U.S. Army Air Defense Artillery Center and Fort Bliss, El Paso County, Texas, were evaluated by the U.S. Geological Survey in cooperation with the U.S. Army. The 106.03-acre MSWLF has been in operation since January 1974. The landfill contains household refuse, Post solid wastes, bulky items, grass and tree trimmings from family housing, refuse from litter cans, construction debris, classified waste (dry), dead animals, asbestos, and empty oil cans. The MSWLF, located about 1,200 feet east of the nearest occupied structure, is estimated to receive an average of approximately 56 tons of municipal solid waste per day and, at a fill rate of 1-4 acres per year, is expected to reach its capacity by the year 2004. The MSWLF is located in the Hueco Bolson, 4 miles east of the Franklin Mountains. Elevations at the MSWLF range from 3,907 to 3,937 feet above sea level. The climate at the MSWLF and vicinity is arid continental, characterized by an abundance of sunny days, high summer temperatures, relatively cool winters typical of arid areas, scanty rainfall, and very low humidity throughout the year. Average annual temperature near the MSWLF and vicinity is 63.3 degrees Fahrenheit and annual precipitation is 7.8 inches. Potential evaporation in the El Paso area was estimated to be 65 inches per year. Soils at and adjacent to the MSWLF are nearly level to gently sloping, have a fine sandy loam subsoil, and are moderately deep over caliche. The MSWLF is underlain by Hueco Bolson deposits of Tertiary age and typically are composed of unconsolidated to slightly consolidated interbedded sands, clay, silt, gravel, and caliche. Individual beds are not well defined and range in thickness from a fraction of an inch to about 100 feet. The primary source of ground water in the MSWLF area is in the deposits of the Hueco Bolson. A relatively thick vadose zone of approximately 300 feet overlies the

  16. APPROACH TO CYBER SECURITY ISSUES IN NIGERIA: CHALLENGES AND SOLUTION

    Directory of Open Access Journals (Sweden)

    Frank Ibikunle

    2013-06-01

    Full Text Available Cyber-space refers to the boundless space known as the internet. Cyber-security is the body of rules put in place for the protection of the cyber space. Cyber-crime refers to the series of organized crime attacking both cyber space and cyber security. The Internet is one of the fastest-growing areas of technical infrastructure development. Over the past decades, the growth of the internet and its use afforded everyone this opportunity. Google, Wikipedia and Bing to mention a few, give detailed answers to millions of questions every day. Cyberspace is a world that contains just about anything one is searching for. With the advent of these advancements in information accessibility and the advantages and applications of the internet comes an exponentially growing disadvantage- Cyber Crime. Cyber security has risen to become a national concern as threats concerning it now need to be taken more seriously. This paper attempts to provide an overview of Cybercrime and Cyber-security. It defines the concept of cybercrime, identify reasons for cyber-crime and its eradication. It look at those involved and the reasons for their involvement. Methods of stepping up cyber security and the recommendations that would help in checking the increasing rate of cyber-crimes were highlighted. The paper also attempts to name some challenges of cybercrime and present practical and logical solutions to these threats.

  17. Middle School Students' Perceptions of and Responses to Cyber Bullying

    Science.gov (United States)

    Holfeld, Brett; Grabe, Mark

    2012-01-01

    This study explored the nature and extent of middle school students' (n = 665) experiences with cyber bullying. Approximately one in five students reported being cyber bullied in the past year, with 55% of those students being repeatedly victimized within the past 30 days. Female students were more likely to be involved in cyber bullying (victim,…

  18. Psychological Impact of Cyber-Bullying: Implications for School Counsellors

    Science.gov (United States)

    Nordahl, Jennifer; Beran, Tanya; Dittrick, Crystal J.

    2013-01-01

    Cyber-bullying is a significant problem for children today. This study provides evidence of the psychological impact of cyber-bullying among victimized children ages 10 to 17 years (M = 12.48, SD = 1.79) from 23 urban schools in a western province of Canada (N = 239). Students who were cyber-bullied reported high levels of anxious,…

  19. Scheduling and development support in the Scavenger cyber foraging system

    DEFF Research Database (Denmark)

    Kristensen, Mads Darø; Bouvin, Niels Olof

    2010-01-01

    Cyber foraging is a pervasive computing technique where small mobile devices offload resource intensive tasks to stronger computing machinery in the vicinity. One of the main challenges within cyber foraging is that it is very difficult to develop cyber foraging enabled applications. An applicati...

  20. Work Package 2 Report - Cyber resilience for the shipping industry

    DEFF Research Database (Denmark)

    Sahay, Rishikesh; Sepúlveda Estay, Daniel Alberto

    2018-01-01

    This report describes the current state of the research performed as a part of the CyberShip project for its Work Package 2. This work package aims at defining a CyberShip model and KPIs for cyber resilience. This is a project funded by the Danish Maritime Fund (DMF) with the objective of proposing...

  1. Cyber armies: the unseen military in the grid

    CSIR Research Space (South Africa)

    Aschmann, M

    2015-03-01

    Full Text Available power and/or civilian force within the cyber domain that has the ability to launch cyber-attacks and collect information in order to gain strategic military advantage on a national level. Selected cyber armies are compared to portray the impact...

  2. INFORMATION SYSTEM SECURITY (CYBER SECURITY

    Directory of Open Access Journals (Sweden)

    Muhammad Siddique Ansari

    2016-03-01

    system force and structure reliance – are discovered and tantamount with EU nations. Thusly I indicated reason viewpoints and figures of security of data structures it additionally relates to the reason of estimation of transient dangers of security of frameworks for that I begin my proposal with one of the fundamental class of data security which is Cyber security. Keyword : Cyber Security, IT

  3. Cyber bullying prevention: intervention in Taiwan.

    Directory of Open Access Journals (Sweden)

    Ming-Shinn Lee

    Full Text Available BACKGROUND: This study aimed to explore the effectiveness of the cyber bullying prevention WebQuest course implementation. METHODOLOGY/FINDINGS: The study adopted the quasi-experimental design with two classes made up of a total of 61 junior high school students of seventh grade. The study subjects comprised of 30 students from the experimental group and 31 students from the control group. The experimental group received eight sessions (total 360 minutes of the teaching intervention for four consecutive weeks, while the control group did not engage in any related courses. The self-compiled questionnaire for the student's knowledge, attitudes, and intentions toward cyber bullying prevention was adopted. Data were analysed through generalized estimating equations to understand the immediate results on the student's knowledge, attitudes, and intentions after the intervention. The results show that the WebQuest course immediately and effectively enhanced the knowledge of cyber bullying, reduced the intentions, and retained the effects after the learning. But it produced no significant impact on the attitude toward cyber bullying. CONCLUSIONS/SIGNIFICANCE: The intervention through this pilot study was effective and positive for cyber bulling prevention. It was with small number of students. Therefore, studies with large number of students and long experimental times, in different areas and countries are warranted.

  4. Cyber bullying prevention: intervention in Taiwan.

    Science.gov (United States)

    Lee, Ming-Shinn; Zi-Pei, Wu; Svanström, Leif; Dalal, Koustuv

    2013-01-01

    This study aimed to explore the effectiveness of the cyber bullying prevention WebQuest course implementation. The study adopted the quasi-experimental design with two classes made up of a total of 61 junior high school students of seventh grade. The study subjects comprised of 30 students from the experimental group and 31 students from the control group. The experimental group received eight sessions (total 360 minutes) of the teaching intervention for four consecutive weeks, while the control group did not engage in any related courses. The self-compiled questionnaire for the student's knowledge, attitudes, and intentions toward cyber bullying prevention was adopted. Data were analysed through generalized estimating equations to understand the immediate results on the student's knowledge, attitudes, and intentions after the intervention. The results show that the WebQuest course immediately and effectively enhanced the knowledge of cyber bullying, reduced the intentions, and retained the effects after the learning. But it produced no significant impact on the attitude toward cyber bullying. The intervention through this pilot study was effective and positive for cyber bulling prevention. It was with small number of students. Therefore, studies with large number of students and long experimental times, in different areas and countries are warranted.

  5. Cyber security for greater service reliability

    Energy Technology Data Exchange (ETDEWEB)

    Vickery, P. [N-Dimension Solutions Inc., Richmond Hill, ON (Canada)

    2008-05-15

    Service reliability in the electricity transmission and distribution (T and D) industry is being challenged by increased equipment failures, harsher climatic conditions, and computer hackers who aim to disrupt services by gaining access to transmission and distribution resources. This article discussed methods of ensuring the cyber-security of T and D operators. Weak points in the T and D industry include remote terminal units; intelligent electronic devices; distributed control systems; programmable logic controllers; and various intelligent field devices. An increasing number of interconnection points exist between an operator's service control system and external systems. The North American Electric Reliability Council (NERC) standards specify that cyber security strategies should ensure that all cyber assets are protected, and that access points must be monitored to detect intrusion attempts. The introduction of new advanced metering initiatives must also be considered. Comprehensive monitoring systems should be available to support compliance with cyber security standards. It was concluded that senior management should commit to a periodic cyber security re-assessment program in order to keep up-to-date.

  6. Cyber/Physical Security Vulnerability Assessment Integration

    International Nuclear Information System (INIS)

    MacDonald, Douglas G.; Key, Brad; Clements, Samuel L.; Hutton, William J.; Craig, Philip A.; Patrick, Scott W.; Crawford, Cary E.

    2011-01-01

    This internally funded Laboratory-Directed R and D project by the Pacific Northwest National Laboratory, in conjunction with QinetiQ North America, is intended to identify and properly assess areas of overlap (and interaction) in the vulnerability assessment process between cyber security and physical protection. Existing vulnerability analysis (VA) processes and software tools exist, and these are heavily utilized in the determination of predicted vulnerability within the physical and cyber security domains. These determinations are normally performed independently of one another, and only interact on a superficial level. Both physical and cyber security subject matter experts have come to realize that though the various interactive elements exist, they are not currently quantified in most periodic security assessments. This endeavor aims to evaluate both physical and cyber VA techniques and provide a strategic approach to integrate the interdependent relationships of each into a single VA capability. This effort will also transform the existing suite of software currently utilized in the physical protection world to more accurately quantify the risk associated with a blended attack scenario. Performance databases will be created to support the characterization of the cyber security elements, and roll them into prototype software tools. This new methodology and software capability will enable analysts to better identify and assess the overall risk during a vulnerability analysis.

  7. Quick-Reaction Report on the Audit of Defense Base Realignment and Closure Budget Data for Naval Training Center Great Lakes, Illinois

    National Research Council Canada - National Science Library

    Granetto, Paul

    1994-01-01

    .... The Hull Technician School will share building 520 with the Advanced Hull Technician School, which is being realigned from the Naval Training Center San Diego, California, under project P-608T...

  8. Data Center Energy Efficiency Technologies and Methodologies: A Review of Commercial Technologies and Recommendations for Application to Department of Defense Systems

    Science.gov (United States)

    2015-11-01

    host multiple applications on a single server and split larger applications between multiple servers. If applications can be quickly and easily...improvements are often seen as leading to negative impacts on the organization that operates the DC. Another significant limiting factor for the DoD...34 Renewable and Sustainable Energy Reviews, vol. 31, pp. 622-638, 2014. [152] R. Miller, "Data Center Used to Heat Swimming Pool," Data Center Knowledge, 2

  9. A performance study of unmanned aerial vehicle-based sensor networks under cyber attack

    Science.gov (United States)

    Puchaty, Ethan M.

    In UAV-based sensor networks, an emerging area of interest is the performance of these networks under cyber attack. This study seeks to evaluate the performance trade-offs from a System-of-Systems (SoS) perspective between various UAV communications architecture options in the context two missions: tracking ballistic missiles and tracking insurgents. An agent-based discrete event simulation is used to model a sensor communication network consisting of UAVs, military communications satellites, ground relay stations, and a mission control center. Network susceptibility to cyber attack is modeled with probabilistic failures and induced data variability, with performance metrics focusing on information availability, latency, and trustworthiness. Results demonstrated that using UAVs as routers increased network availability with a minimal latency penalty and communications satellite networks were best for long distance operations. Redundancy in the number of links between communication nodes helped mitigate cyber-caused link failures and add robustness in cases of induced data variability by an adversary. However, when failures were not independent, redundancy and UAV routing were detrimental in some cases to network performance. Sensitivity studies indicated that long cyber-caused downtimes and increasing failure dependencies resulted in build-ups of failures and caused significant degradations in network performance.

  10. Cyber-bullying prevention in primary school: School leaders’ understanding of cyber-bullying prevention

    OpenAIRE

    Vestvik, Svitlana

    2011-01-01

    This master‟s thesis is about cyber-bullying prevention in primary school. My reason for choosing this issue was a desire to get a greater insight into cyber-bullying as a phenomenon. In addition, I found it interesting to find how the principals can work systematically for prevention and reduction of cyber-bullying incidents in schools, with the purpose of offering pupils a good psycho-social environment as enshrined in the Education Act, Section 9a-3. My attention was focused on understa...

  11. What kind of cyber security? Theorising cyber security and mapping approaches

    Directory of Open Access Journals (Sweden)

    Laura Fichtner

    2018-05-01

    Full Text Available Building on conceptual work on security and cyber security, the paper explores how different approaches to cyber security are constructed. It outlines structural components and presents four common approaches. Each of them suggests a different role for the actors involved and is motivated and justified by different values such as privacy, economic order and national security. When a cyber security policy or initiative is chosen by policymakers, the analysis of the underlying approach enhances our understanding of how this shapes relationships between actors and of the values prioritised, promoted and inscribed into the concerned technologies.

  12. Procurement of Contract Reconciliation Services by the Defense Logistics Agency

    National Research Council Canada - National Science Library

    1991-01-01

    The audit objective was to evaluate DLA's procedures for contracting with NSI to reconcile contracts before their transfer from the Defense Contract Administration Services Regions to the Defense Finance Center...

  13. Cyber Surveillance for Flood Disasters

    Directory of Open Access Journals (Sweden)

    Shi-Wei Lo

    2015-01-01

    Full Text Available Regional heavy rainfall is usually caused by the influence of extreme weather conditions. Instant heavy rainfall often results in the flooding of rivers and the neighboring low-lying areas, which is responsible for a large number of casualties and considerable property loss. The existing precipitation forecast systems mostly focus on the analysis and forecast of large-scale areas but do not provide precise instant automatic monitoring and alert feedback for individual river areas and sections. Therefore, in this paper, we propose an easy method to automatically monitor the flood object of a specific area, based on the currently widely used remote cyber surveillance systems and image processing methods, in order to obtain instant flooding and waterlogging event feedback. The intrusion detection mode of these surveillance systems is used in this study, wherein a flood is considered a possible invasion object. Through the detection and verification of flood objects, automatic flood risk-level monitoring of specific individual river segments, as well as the automatic urban inundation detection, has become possible. The proposed method can better meet the practical needs of disaster prevention than the method of large-area forecasting. It also has several other advantages, such as flexibility in location selection, no requirement of a standard water-level ruler, and a relatively large field of view, when compared with the traditional water-level measurements using video screens. The results can offer prompt reference for appropriate disaster warning actions in small areas, making them more accurate and effective.

  14. Detection of complex cyber attacks

    Science.gov (United States)

    Gregorio-de Souza, Ian; Berk, Vincent H.; Giani, Annarita; Bakos, George; Bates, Marion; Cybenko, George; Madory, Doug

    2006-05-01

    One significant drawback to currently available security products is their inabilty to correlate diverse sensor input. For instance, by only using network intrusion detection data, a root kit installed through a weak username-password combination may go unnoticed. Similarly, an administrator may never make the link between deteriorating response times from the database server and an attacker exfiltrating trusted data, if these facts aren't presented together. Current Security Information Management Systems (SIMS) can collect and represent diverse data but lack sufficient correlation algorithms. By using a Process Query System, we were able to quickly bring together data flowing from many sources, including NIDS, HIDS, server logs, CPU load and memory usage, etc. We constructed PQS models that describe dynamic behavior of complicated attacks and failures, allowing us to detect and differentiate simultaneous sophisticated attacks on a target network. In this paper, we discuss the benefits of implementing such a multistage cyber attack detection system using PQS. We focus on how data from multiple sources can be combined and used to detect and track comprehensive network security events that go unnoticed using conventional tools.

  15. Cyber Threats for Organizations of Financial Market Infrastructures

    Directory of Open Access Journals (Sweden)

    Natalia Georgievna Miloslavskaya

    2016-03-01

    Full Text Available Abstract: In the global informatization era the reliable and efficient financial market infrastructure of the Russian Federation (RF FMI plays an important role in the financial system and economy of the country. New cyber risks have acquired the status of the FR FMI systemic risk’s components, the importance of which is constantly growing due to the increase in the possible consequences of their implementation. The article introduces the basic concepts of cyber security, cyber space and cyber threats for the RF FMI and analyzes the specific features of cyber attacks against the RF FMI organizations.

  16. Review on Cyber Security Programs for NPP Application

    Energy Technology Data Exchange (ETDEWEB)

    Oh, Eung Se [KEPRI, Daejeon (Korea, Republic of)

    2010-10-15

    Increased history records of cyber security (CS) attacks and concerns for computers and networks technical mishaps pull out cyber security to open places. In spite of secrete nature of security, transparent and shared knowledge of many security features are more required at modern plant floors. Korea Institute of Nuclear Safety (KINS), US Government and Nuclear Regulatory Commission (NRC) requested to develop cyber security plans and enforce their implementing to the NPPs. [KINS; CFR; RG 5.71] This paper reviews various cyber security guidelines and suggests an applicable cyber security program development models during the life cycle of NPP's Instrumentation and Control (I and C) systems

  17. Review on Cyber Security Programs for NPP Application

    International Nuclear Information System (INIS)

    Oh, Eung Se

    2010-01-01

    Increased history records of cyber security (CS) attacks and concerns for computers and networks technical mishaps pull out cyber security to open places. In spite of secrete nature of security, transparent and shared knowledge of many security features are more required at modern plant floors. Korea Institute of Nuclear Safety (KINS), US Government and Nuclear Regulatory Commission (NRC) requested to develop cyber security plans and enforce their implementing to the NPPs. [KINS] [CFR] [RG 5.71] This paper reviews various cyber security guidelines and suggests an applicable cyber security program development models during the life cycle of NPP's Instrumentation and Control (I and C) systems

  18. Cyber physical systems role in manufacturing technologies

    Science.gov (United States)

    Al-Ali, A. R.; Gupta, Ragini; Nabulsi, Ahmad Al

    2018-04-01

    Empowered by the recent development in single System-on-Chip, Internet of Things, and cloud computing technologies, cyber physical systems are evolving as a major controller during and post the manufacturing products process. In additional to their real physical space, cyber products nowadays have a virtual space. A product virtual space is a digital twin that is attached to it to enable manufacturers and their clients to better manufacture, monitor, maintain and operate it throughout its life time cycles, i.e. from the product manufacturing date, through operation and to the end of its lifespan. Each product is equipped with a tiny microcontroller that has a unique identification number, access code and WiFi conductivity to access it anytime and anywhere during its life cycle. This paper presents the cyber physical systems architecture and its role in manufacturing. Also, it highlights the role of Internet of Things and cloud computing in industrial manufacturing and factory automation.

  19. An analytic approach to cyber adversarial dynamics

    Science.gov (United States)

    Sweeney, Patrick; Cybenko, George

    2012-06-01

    To date, cyber security investment by both the government and commercial sectors has been largely driven by the myopic best response of players to the actions of their adversaries and their perception of the adversarial environment. However, current work in applying traditional game theory to cyber operations typically assumes that games exist with prescribed moves, strategies, and payos. This paper presents an analytic approach to characterizing the more realistic cyber adversarial metagame that we believe is being played. Examples show that understanding the dynamic metagame provides opportunities to exploit an adversary's anticipated attack strategy. A dynamic version of a graph-based attack-defend game is introduced, and a simulation shows how an optimal strategy can be selected for success in the dynamic environment.

  20. Designing a Data Warehouse for Cyber Crimes

    Directory of Open Access Journals (Sweden)

    Il-Yeol Song

    2006-09-01

    Full Text Available One of the greatest challenges facing modern society is the rising tide of cyber crimes. These crimes, since they rarely fit the model of conventional crimes, are difficult to investigate, hard to analyze, and difficult to prosecute. Collecting data in a unified framework is a mandatory step that will assist the investigator in sorting through the mountains of data. In this paper, we explore designing a dimensional model for a data warehouse that can be used in analyzing cyber crime data. We also present some interesting queries and the types of cyber crime analyses that can be performed based on the data warehouse. We discuss several ways of utilizing the data warehouse using OLAP and data mining technologies. We finally discuss legal issues and data population issues for the data warehouse.

  1. Control Systems Cyber Security Standards Support Activities

    Energy Technology Data Exchange (ETDEWEB)

    Robert Evans

    2009-01-01

    The Department of Homeland Security’s Control Systems Security Program (CSSP) is working with industry to secure critical infrastructure sectors from cyber intrusions that could compromise control systems. This document describes CSSP’s current activities with industry organizations in developing cyber security standards for control systems. In addition, it summarizes the standards work being conducted by organizations within the sector and provides a brief listing of sector meetings and conferences that might be of interest for each sector. Control systems cyber security standards are part of a rapidly changing environment. The participation of CSSP in the development effort for these standards has provided consistency in the technical content of the standards while ensuring that information developed by CSSP is included.

  2. Law Enforcement of Cyber Terorism in Indonesia

    Directory of Open Access Journals (Sweden)

    Sri Ayu Astuti

    2015-12-01

    Full Text Available Cyber terrorism is one of the category of crimes that cross border organized and has been established as an extraordinary crime. This crime is becoming a serious threat to countries in the world. In this regard, the Government's attitude of firmness needed to enforce cyber laws against the freedom development in social media. The development of the immeasurable it in the country of Indonesia required the limitations by doing legal liability over the behavior of law which deviates towards the use of technology tools. Strict law enforcement efforts as a clear attitude to stop actively moving massive terrorism, by enacting the provisions of the law on information and electronic transactions as well as the law of terrorism effectively. How To Cite: Astuti, S. (2015. Law Enforcement of Cyber Terorism in Indonesia. Rechtsidee, 2(2, 157-178. doi:http://dx.doi.org/10.21070/jihr.v2i2.82

  3. The cyber threat, trophy information and the fortress mentality.

    Science.gov (United States)

    Scully, Tim

    2011-10-01

    'It won't happen to me' is a prevalent mindset among senior executives in the private and public sectors when considering targeted cyber intrusions. This is exacerbated by the long-term adoption of a 'fortress mentality' towards cyber security, and by the attitude of many of our cyber-security professionals, who speak a different language when it comes to communicating cyber-security events to senior executives. The prevailing approaches to cyber security have clearly failed. Almost every week another serious, targeted cyber intrusion is reported, but reported intrusions are only the tip of the iceberg. Why have we got it so wrong? It must be acknowledged that cyber security is no longer the domain of cyber-security experts alone. Many more of us at various levels of leadership must understand, and be more deeply engaged in, the cyber-security challenge if we are to deal with the threat holistically and effectively. Governments cannot combat the cyber threat alone, particularly the so-called advanced persistent threat; they must work closely with industry as trusted partners. Industry will be the 'boots on the ground' in cyber security, but there are challenges to building this relationship, which must be based on sound principles.

  4. Cyber Attacks and Terrorism: A Twenty-First Century Conundrum.

    Science.gov (United States)

    Albahar, Marwan

    2017-01-05

    In the recent years, an alarming rise in the incidence of cyber attacks has made cyber security a major concern for nations across the globe. Given the current volatile socio-political environment and the massive increase in the incidence of terrorism, it is imperative that government agencies rapidly realize the possibility of cyber space exploitation by terrorist organizations and state players to disrupt the normal way of life. The threat level of cyber terrorism has never been as high as it is today, and this has created a lot of insecurity and fear. This study has focused on different aspects of cyber attacks and explored the reasons behind their increasing popularity among the terrorist organizations and state players. This study proposes an empirical model that can be used to estimate the risk levels associated with different types of cyber attacks and thereby provide a road map to conceptualize and formulate highly effective counter measures and cyber security policies.

  5. MEANS AND METHODS OF CYBER WARFARE

    Directory of Open Access Journals (Sweden)

    Dan-Iulian VOITAȘEC

    2016-06-01

    Full Text Available According to the Declaration of Saint Petersburg of 1868 “the only legitimate object which States should endeavor to accomplish during war is to weaken the military forces of the enemy”. Thus, International Humanitarian Law prohibits or limits the use of certain means and methods of warfare. The rapid development of technology has led to the emergence of a new dimension of warfare. The cyber aspect of armed conflict has led to the development of new means and methods of warfare. The purpose of this paper is to study how the norms of international humanitarian law apply to the means and methods of cyber warfare.

  6. Computational Intelligence, Cyber Security and Computational Models

    CERN Document Server

    Anitha, R; Lekshmi, R; Kumar, M; Bonato, Anthony; Graña, Manuel

    2014-01-01

    This book contains cutting-edge research material presented by researchers, engineers, developers, and practitioners from academia and industry at the International Conference on Computational Intelligence, Cyber Security and Computational Models (ICC3) organized by PSG College of Technology, Coimbatore, India during December 19–21, 2013. The materials in the book include theory and applications for design, analysis, and modeling of computational intelligence and security. The book will be useful material for students, researchers, professionals, and academicians. It will help in understanding current research trends and findings and future scope of research in computational intelligence, cyber security, and computational models.

  7. Securitization of cyber space in lithuania

    OpenAIRE

    Juknevičiūtė, Ieva

    2016-01-01

    The key question of this thesis was to find out how did the cyber space securitization process in Lithuania was carried out. The aim of this thesis was to find out whether the cyber space in the Lithuanian public and official discourses was securitized during the period of 2013 - 2015. In order to achieve the goals of this thesis, the following tasks were raised 1) using the theory of securitization determine the process of threat construction and the way securitization occurs; 2) determine w...

  8. SEKSUALITAS CYBER: SEX SEBAGAI KESENANGAN DAN KOMODITAS

    Directory of Open Access Journals (Sweden)

    Puji Rianto

    2016-02-01

    Tulisan ini ingin mengeksplorasi lebih jauh bagaimana seksualitas hadir dalam dunia cyber. Meskipun konstruksi seksualitas manusia seumuran manusia itu sendiri, tapi konstruksi atau representasinya akan sangat ditentukan oleh konteks sosialnya. Karakter-karakter yang berbeda dari dunia cyber dimana otoritas politik dan gatekeeper tidak berperan secara signifikan akan mempengaruhi konstruksi atas seksualitas. Studi ini menemukan bahwa seks lebih dipahami sebagai sebuah kesenangan dan komoditas. Berbagai reportasi pelaku seksual menggambarkan bagaimana kesenangan akan hubungan seksual dipuja sedemikian rupa. Seiring pemujaan seksualitas sebagai kesenangan itu, adalah seks sebagai komoditas, yang diwujudkan dalam bentuk berbagai penawaran atau iklan untuk menjual layanan seks yang mereka sediakan.

  9. Cyber resilience: a review of critical national infrastructure and cyber security protection measures applied in the UK and USA.

    Science.gov (United States)

    Harrop, Wayne; Matteson, Ashley

    This paper presents cyber resilience as key strand of national security. It establishes the importance of critical national infrastructure protection and the growing vicarious nature of remote, well-planned, and well executed cyber attacks on critical infrastructures. Examples of well-known historical cyber attacks are presented, and the emergence of 'internet of things' as a cyber vulnerability issue yet to be tackled is explored. The paper identifies key steps being undertaken by those responsible for detecting, deterring, and disrupting cyber attacks on critical national infrastructure in the United Kingdom and the USA.

  10. The Implications of Transnational Cyber Threats in International Humanitarian Law: Analysing the Distinction Between Cybercrime, Cyber Attack, and Cyber Warfare in the 21st Century

    Directory of Open Access Journals (Sweden)

    Faga Hemen Philip

    2017-06-01

    Full Text Available This paper is an attempt to draw distinctive lines between the concepts of cybercrime, cyber-attack, and cyber warfare in the current information age, in which it has become difficult to separate the activities of transnational criminals from acts of belligerents using cyberspace. The paper considers the implications of transnational cyber threats in international humanitarian law (IHL with a particular focus on cyber-attacks by non-state actors, the principles of state responsibility, and the implications of targeting non-state perpetrators under IHL. It concludes that current international law constructs are inadequate to address the implications of transnational cyber threats; the author recommends consequential amendments to the laws of war in order to address the challenges posed by transnational cyber threats.

  11. Psychological Needs as a Predictor of Cyber Bullying: A Preliminary Report on College Students

    Science.gov (United States)

    Dilmac, Bulent

    2009-01-01

    Recent surveys show that cyber bullying is a pervasive problem in North America. Many news stories have reported cyber bullying incidents around the world. Reports on the prevalence of cyber bullying and victimization as a result of cyber bullying increase yearly. Although we know what cyber bullying is it is important that we learn more about the…

  12. The Panacea and the Square Peg: Strategic Fallacies of the Air, Undersea and Cyber Domains

    Science.gov (United States)

    2015-04-21

    Intelligence : Washington, DC, I 946, I. 10 Lautenschlager, "The Submarine in Naval Warfare 1901-2001," 115. 11 Kennedy. Engineers of Victory, 50. 25...equipment and fertilizers. The Japanese implemented food rationing like most other WWII participants, and although some malnutrition occurred there...action. The Obama Administration authorized $35 million in 2015 to create the Cyber Threat Intelligence Integration Center, an organization designed to

  13. Cyber Security Policy. A methodology for Determining a National Cyber-Security Alert Level

    Directory of Open Access Journals (Sweden)

    Dan Constantin TOFAN

    2012-01-01

    Full Text Available Nowadays, assuring the security of the national cyber-space has become a big issue that can only be tackled through collaborative approaches. Threats cannot be confined to a single computer system just as much as computer systems are rendered useless without being con-nected to a supporting network. The authors of this article propose an innovative architecture of a system designated to help governments collect and analyze data about cyber-security in-cidents, from different organizations, dispersed nationwide, and acting within various economic sectors. The collected data will make us able to determine a national cyber-security alert score that could help policy makers in establishing the best strategies for protecting the national cyber-space.

  14. Considerations on Cyber Security Assessments of Korean Nuclear Power Plants

    International Nuclear Information System (INIS)

    Lee, Jung-Woon; Song, Jae-Gu; Han, Kyung-Soo; Lee, Cheol Kwon; Kang, Mingyun

    2015-01-01

    Korea Institute of Nuclear Nonproliferation and Control (KINAC) has prepared the regulatory standard RS-015 based on RG 5.71. RS-015 defines the elements of a cyber security program to be established in nuclear facilities and describes the security control items and relevant requirements. Cyber security assessments are important initial activities in a cyber security program for NPPs. Cyber security assessments can be performed in the following key steps: 1) Formation of a cyber security assessment team (CSAT); 2) Identification of critical systems and critical digital assets (CDAs); 3) Plant compliance checks with the security control requirements in RS-015. Through the assessments, the current status of security controls applied to NPPs can be found out. The assessments provide baseline data for remedial activities. Additional analyses with the results from the assessments should be performed before the implementation of remedial security controls. The cyber security team at the Korea Atomic Energy Research Institute (KAERI) has studied how to perform cyber security assessments for NPPs based on the regulatory requirements. Recently, KAERI's cyber security team has performed pilot cyber security assessments of a Korean NPP. Based on this assessment experience, considerations and checkpoints which would be helpful for full-scale cyber security assessments of Korean NPPs and the implementation of remedial security controls are discussed in this paper. Cyber security assessment is one of important and immediate activities for NPP cyber security. The quality of the first assessment will be a barometer for NPP cyber security. Hence cyber security assessments of Korean NPPs should be performed elaborately

  15. Considerations on Cyber Security Assessments of Korean Nuclear Power Plants

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Jung-Woon; Song, Jae-Gu; Han, Kyung-Soo; Lee, Cheol Kwon [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of); Kang, Mingyun [E-Gonggam Co. Ltd., Daejeon (Korea, Republic of)

    2015-10-15

    Korea Institute of Nuclear Nonproliferation and Control (KINAC) has prepared the regulatory standard RS-015 based on RG 5.71. RS-015 defines the elements of a cyber security program to be established in nuclear facilities and describes the security control items and relevant requirements. Cyber security assessments are important initial activities in a cyber security program for NPPs. Cyber security assessments can be performed in the following key steps: 1) Formation of a cyber security assessment team (CSAT); 2) Identification of critical systems and critical digital assets (CDAs); 3) Plant compliance checks with the security control requirements in RS-015. Through the assessments, the current status of security controls applied to NPPs can be found out. The assessments provide baseline data for remedial activities. Additional analyses with the results from the assessments should be performed before the implementation of remedial security controls. The cyber security team at the Korea Atomic Energy Research Institute (KAERI) has studied how to perform cyber security assessments for NPPs based on the regulatory requirements. Recently, KAERI's cyber security team has performed pilot cyber security assessments of a Korean NPP. Based on this assessment experience, considerations and checkpoints which would be helpful for full-scale cyber security assessments of Korean NPPs and the implementation of remedial security controls are discussed in this paper. Cyber security assessment is one of important and immediate activities for NPP cyber security. The quality of the first assessment will be a barometer for NPP cyber security. Hence cyber security assessments of Korean NPPs should be performed elaborately.

  16. Examining relationship between being cyber bully/ cyber victim and social perceptual levels of adolescents

    OpenAIRE

    Şahin, Mustafa; Sarı, Sinan Volkan; Şafak, Zekeriya

    2010-01-01

    This study aims to investigate the relationship between being cyber- bully / cyber-victim and social perception levels in adolescents. In this study, descriptive method was employed. The sample of the study consited of 300 students whom attending different high schools in Trabzon in 2009-2010 school years. 159 students of the sample were boys (% 53) and 141 students were girls (% 47). Cyberbullying Scale and Social Comparision Scale were used to collect the data. Pearson correlation coefficie...

  17. Let Slip the Dogs of (CYBER) War: Progressing Towards a Warfighting U.S. Cyber Command

    Science.gov (United States)

    2013-04-01

    requirements, nor a headquarters building (it is currently housed within NSA facilities on Fort George G. Meade , MD).22 In addition, the DOD cyber...Information Conflict: National Security Law in Cyberspace (Falls Church, VA: Aegis Research Corporation, 2000); Herbert Lin, “Offensive Cyber Operations...this legislation was pocket-vetoed by then President George H.W. Bush due to a lack of consistency between the stated intent of the oversight

  18. Cyber Security Policy. A methodology for Determining a National Cyber-Security Alert Level

    OpenAIRE

    Dan Constantin TOFAN; Maria Lavinia ANDREI; Lavinia Mihaela DINCÄ‚

    2012-01-01

    Nowadays, assuring the security of the national cyber-space has become a big issue that can only be tackled through collaborative approaches. Threats cannot be confined to a single computer system just as much as computer systems are rendered useless without being con-nected to a supporting network. The authors of this article propose an innovative architecture of a system designated to help governments collect and analyze data about cyber-security in-cidents, from different organizations, di...

  19. Game based cyber security training: are serious games suitable for cyber security training?

    OpenAIRE

    Hendrix, Maurice; Al-Sherbaz, Ali; Victoria, Bloom

    2016-01-01

    Security research and training is attracting a lot of investment and interest from governments and the private sector. Most efforts have focused on physical security, while cyber security or digital security has been given less importance. With recent high-profile attacks it has become clear that training in cyber security is needed. Serious Games have the capability to be effective tools for public engagement and behavioural change and role play games, are already used by security profession...

  20. Proceedings of the 1985 Annual DTIC (Defense Technical Information Center) Users Conference Held in Alexandria, Virginia on 23-25 October 1985

    Science.gov (United States)

    1985-10-01

    Donovan Space Communications Company 1300 Quince Orchard Boulevard Gaithersburg, MD 20878 Joyce H. Deegan Rockwell International Corporation 1200 N...J. P. Norton Engineered Air Systems 1270 N. Price Road St. Louis, MO 63132 Craig L. Pelz Naval Weapons Center Information Services Branch Code

  1. Active Computer Network Defense: An Assessment

    Science.gov (United States)

    2001-04-01

    sufficient base of knowledge in information technology can be assumed to be working on some form of computer network warfare, even if only defensive in...the Defense Information Infrastructure (DII) to attack. Transmission Control Protocol/ Internet Protocol (TCP/IP) networks are inherently resistant to...aims to create this part of information superiority, and computer network defense is one of its fundamental components. Most of these efforts center

  2. Study on Nuclear Facility Cyber Security Awareness and Training Programs

    International Nuclear Information System (INIS)

    Lee, Jung-Woon; Song, Jae-Gu; Lee, Cheol-Kwon

    2016-01-01

    Cyber security awareness and training, which is a part of operational security controls, is defined to be implemented later in the CSP implementation schedule. However, cyber security awareness and training is a prerequisite for the appropriate implementation of a cyber security program. When considering the current situation in which it is just started to define cyber security activities and to assign personnel who has responsibilities for performing those activities, a cyber security awareness program is necessary to enhance cyber security culture for the facility personnel to participate positively in cyber security activities. Also before the implementation of stepwise CSP, suitable education and training should be provided to both cyber security teams (CST) and facility personnel who should participate in the implementation. Since such importance and urgency of cyber security awareness and training is underestimated at present, the types, trainees, contents, and development strategies of cyber security awareness and training programs are studied to help Korean nuclear facilities to perform cyber security activities more effectively. Cyber security awareness and training programs should be developed ahead of the implementation of CSP. In this study, through the analysis of requirements in the regulatory standard RS-015, the types and trainees of overall cyber security training programs in nuclear facilities are identified. Contents suitable for a cyber security awareness program and a technical training program are derived. It is suggested to develop stepwise the program contents in accordance with the development of policies, guides, and procedures as parts of the facility cyber security program. Since any training programs are not available for the specialized cyber security training in nuclear facilities, a long-term development plan is necessary. As alternatives for the time being, several cyber security training courses for industrial control systems by

  3. Study on Nuclear Facility Cyber Security Awareness and Training Programs

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Jung-Woon; Song, Jae-Gu; Lee, Cheol-Kwon [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2016-10-15

    Cyber security awareness and training, which is a part of operational security controls, is defined to be implemented later in the CSP implementation schedule. However, cyber security awareness and training is a prerequisite for the appropriate implementation of a cyber security program. When considering the current situation in which it is just started to define cyber security activities and to assign personnel who has responsibilities for performing those activities, a cyber security awareness program is necessary to enhance cyber security culture for the facility personnel to participate positively in cyber security activities. Also before the implementation of stepwise CSP, suitable education and training should be provided to both cyber security teams (CST) and facility personnel who should participate in the implementation. Since such importance and urgency of cyber security awareness and training is underestimated at present, the types, trainees, contents, and development strategies of cyber security awareness and training programs are studied to help Korean nuclear facilities to perform cyber security activities more effectively. Cyber security awareness and training programs should be developed ahead of the implementation of CSP. In this study, through the analysis of requirements in the regulatory standard RS-015, the types and trainees of overall cyber security training programs in nuclear facilities are identified. Contents suitable for a cyber security awareness program and a technical training program are derived. It is suggested to develop stepwise the program contents in accordance with the development of policies, guides, and procedures as parts of the facility cyber security program. Since any training programs are not available for the specialized cyber security training in nuclear facilities, a long-term development plan is necessary. As alternatives for the time being, several cyber security training courses for industrial control systems by

  4. Cyber safety education in developing countries

    CSIR Research Space (South Africa)

    Von Solms, R

    2015-01-01

    Full Text Available on the potential risks that are faced when using Internet communication tools, such as the social media, chat rooms, online gaming, email and instant messaging [1],[2] When users are educated about these risks, the users' vulnerability to malware attacks, cyber-bullying...

  5. Cyber safety education in developing countries

    CSIR Research Space (South Africa)

    Von Solms, R

    2015-07-01

    Full Text Available on the potential risks that are faced when using Internet communication tools, such as the social media, chat rooms, online gaming, email and instant messaging [1],[2] When users are educated about these risks, the users' vulnerability to malware attacks, cyber-bullying...

  6. Cyber terrorism prevention and counteraction workshop review

    NARCIS (Netherlands)

    Pastukhov, O.M.

    2011-01-01

    A NATO Advanced Training Course (ATC ) on Cyber Terrorism Prevention and Counteraction workshop, held in Kiev on September 27-29, 2010, allowed the participants to share their experiences with experts from Ukraine, a Partnership for Peace country. The participants exchanged their ideas on the ways

  7. Situational awareness of a coordinated cyber attack

    Science.gov (United States)

    Sudit, Moises; Stotz, Adam; Holender, Michael

    2005-03-01

    As technology continues to advance, services and capabilities become computerized, and an ever increasing amount of business is conducted electronically the threat of cyber attacks gets compounded by the complexity of such attacks and the criticality of the information which must be secured. A new age of virtual warfare has dawned in which seconds can differentiate between the protection of vital information and/or services and a malicious attacker attaining their goal. In this paper we present a novel approach in the real-time detection of multistage coordinated cyber attacks and the promising initial testing results we have obtained. We introduce INFERD (INformation Fusion Engine for Real-time Decision-making), an adaptable information fusion engine which performs fusion at levels zero, one, and two to provide real-time situational assessment and its application to the cyber domain in the ECCARS (Event Correlation for Cyber Attack Recognition System) system. The advantages to our approach are fourfold: (1) The complexity of the attacks which we consider, (2) the level of abstraction in which the analyst interacts with the attack scenarios, (3) the speed at which the information fusion is presented and performed, and (4) our disregard for ad-hoc rules or a priori parameters.

  8. Finding Malicious Cyber Discussions in Social Media

    Science.gov (United States)

    2015-12-11

    automatically filter cyber discussions from Stack Exchange, Reddit, and Twitter posts written in English. Criminal hackers often use social media...monitoring hackers on Facebook and in private chat rooms. As a result, system administrators were prepared to counter distributed denial-of-service

  9. Adult Basic Education and the Cyber Classroom

    Science.gov (United States)

    Johnson-Bailey, Juanita

    2016-01-01

    In this brief article, the author expresses her greatest concerns regarding learning in the cyber world: the appropriateness of online learning for courses with sensitive subject matter, the comfort level of nontraditional learners in this new setting, and the inability as an instructor to fully engage with the learner in real time. As an adult…

  10. Cyber security in ports : Business as usual

    NARCIS (Netherlands)

    Moerel, Lokke; Dezeure, Freddy

    2017-01-01

    Our paper summarizes the risks and provides concrete and pragmatic proposals to increase substantially the cyber maturity and resilience in the ports by organizing training and awareness raising, fostering cooperation and information exchange both between the stakeholders in the ports and across the

  11. A framework for cyber security test

    International Nuclear Information System (INIS)

    Han, Kyungsoo; Song, Jaegu; Jung, Sungmin; Lee, Jungwoon; Lee, Cheolkwon

    2014-01-01

    The person in charge of I and C cyber security must not only perform real-time security inspections but also have the capabilities for performing vulnerability scanning and penetration testing, in order for vulnerability assessment. Vulnerability scanning and penetration testing are intended to find vulnerabilities in a digital system in order to make it more secure, and to determine whether it is vulnerable to attacks. In the IT sector, automated vulnerability scanning and penetration testing tools are being developed and continually researched. However, for a NPP I and C systems in which the method of communication is mixed (TCP/IP and serial), it is difficult to use the existing tools. This paper describes the penetration test framework for the IT sector, which is one of the cyber security test methods available. It concludes by discussing the need to develop a new penetration method for performing cyber security testing for NPP I and C systems, as well as the need for the NPP I and C test-bed. Security vulnerabilities need to be identified and continuously managed through vulnerability scans and assessments. For known vulnerabilities, the vulnerabilities of the target system can be periodically managed via a vulnerability database. These activities such as fuzzing, penetration testing, etc. must not affect the availability or the integrity of the NPP I and C systems. It is desired that a NPP I and C cyber security test-bad environment that exactly models the actual system must be first constructed and then penetration testing done

  12. Multi sensor national cyber security data fusion

    CSIR Research Space (South Africa)

    Swart, I

    2015-03-01

    Full Text Available in a real world system. The data examined will then be applied to a case study that will show the results of applying available open source security information against the model to relate to the current South African cyber landscape....

  13. Internet Governance amp Cyber Crimes In UAE

    Directory of Open Access Journals (Sweden)

    Ayesha Al Neyadi

    2015-08-01

    Full Text Available Abstract Most people in UAE dont feel safe while they are use the Internet because most internet users have been a victim for cyber crime. Cyber crime threat rate has increased which has targeted on citizen privacy property and governments also the reputation problems. There are many criminal activities such as indecent acts Copyright issues Terrorist Acts State security and Contempt of religion. Cyber crimes due to several reasons such as they have lack of social intelligence they are being greedy and not being content also some of them have financial troubles these reasons usually exploited by criminals. Thus the decree will be a punishment or criminalizes formally on any person who using any kind of information technology and any others private life to blackmail or to threaten others online. In addition at the present time with the most detailed new cybercrime law that can be used to prove found guilty. As well the author discusses that the new cyber-crime law provides protection of personal information including banking information credit cards and electronic payment information.

  14. Wat maakt cyber security anders dan informatiebeveiliging?

    NARCIS (Netherlands)

    Van den Berg, J.

    2015-01-01

    De termen “informatiebeveiliging” en “cyber security” worden vaak door elkaar gebruikt soms met dezelfde, soms met een afwijkende betekenis. Velen spreken vandaag de dag ook over cyberspace, bijvoorbeeld als een nieuw (door de mens gecreëerd) vijfde domein naast de bestaande domeinen land, water,

  15. A framework for cyber security test

    Energy Technology Data Exchange (ETDEWEB)

    Han, Kyungsoo; Song, Jaegu; Jung, Sungmin; Lee, Jungwoon; Lee, Cheolkwon [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2014-05-15

    The person in charge of I and C cyber security must not only perform real-time security inspections but also have the capabilities for performing vulnerability scanning and penetration testing, in order for vulnerability assessment. Vulnerability scanning and penetration testing are intended to find vulnerabilities in a digital system in order to make it more secure, and to determine whether it is vulnerable to attacks. In the IT sector, automated vulnerability scanning and penetration testing tools are being developed and continually researched. However, for a NPP I and C systems in which the method of communication is mixed (TCP/IP and serial), it is difficult to use the existing tools. This paper describes the penetration test framework for the IT sector, which is one of the cyber security test methods available. It concludes by discussing the need to develop a new penetration method for performing cyber security testing for NPP I and C systems, as well as the need for the NPP I and C test-bed. Security vulnerabilities need to be identified and continuously managed through vulnerability scans and assessments. For known vulnerabilities, the vulnerabilities of the target system can be periodically managed via a vulnerability database. These activities such as fuzzing, penetration testing, etc. must not affect the availability or the integrity of the NPP I and C systems. It is desired that a NPP I and C cyber security test-bad environment that exactly models the actual system must be first constructed and then penetration testing done.

  16. Cyber Security--Are You Prepared?

    Science.gov (United States)

    Newman, Scott

    2007-01-01

    During the summer 2002 term, Oklahoma State University-Okmulgee's Information Technologies Division offered a one credit-hour network security course--which barely had adequate student interest to meet the institution's enrollment requirements. Today, OSU-Okmulgee boasts one of the nation's premier cyber security programs. Many prospective…

  17. Smart Cyber Infrastructure for Big Data processing

    NARCIS (Netherlands)

    Makkes, M.X.; Cushing, R.; Oprescu, A.M.; Koning, R.; Grosso, P.; Meijer, R.J.; Laat, C. de

    2014-01-01

    The landscape of research cyber infrastructure is rapidly changing. There is a move towards virtualized and programmable infrastructure. The cloud paradigm enables the use of computing resources in different places and allows for optimizing workflows in either bringing computing to the data or the

  18. Pennsylvania Cyber School Funding: Follow the Money

    Science.gov (United States)

    Carr-Chellman, Alison A.; Marsh, Rose M.

    2009-01-01

    Cyber charter schools are public charter schools which are entirely online and typically serve all grades from pre-kindergarten through 12th grade. Pennsylvania implemented widespread charter school legislation as early as 1997. This has offered a great number of Pennsylvanians options in their public schooling. One of these options has been…

  19. DRDC Support to Exercise Cyber Storm III

    Science.gov (United States)

    2011-10-01

    d’intervention fédéraux portant sur les incidents cybernétiques sont encore relativement peu élaborés et insuffisamment développés et un examen des plans examinés...9 2.7 CSIII Ethics Protocol...30 Annex C .. Exercise Cyber Storm III Ethics

  20. Laboratory for Calibration of Gamma Radiation Measurement Instruments (LabCal) of Institute of Chemical, Biological, Radiological and Nuclear Defense (IDQBRN) from Brazilian Army Technology Center (CTEx)

    International Nuclear Information System (INIS)

    Amorim, Aneuri de; Balthar, Mario Cesar V.; Santos, Avelino; Vilela, Paulo Ricardo T. de; Oliveira, Luciano Santa Rita; Penha, Paulo Eduardo C. de Oliveira; Gonzaga, Roberto Neves; Andrade, Edson Ramos de; Oliveira, Celio Jorge Vasques de; Fagundes, Luiz Cesar S.

    2016-01-01

    This paper describes the calibration laboratory deployment steps (LABCAL) gamma ionizing radiation measuring instruments in the Army Technology Center, CTEx. Initially the calibration of radiation monitors will be held in the dosimetric quantity air kerma and operational quantity ambient dose equivalent H*(d). The LABCAL / CTEx has not yet authorized by CASEC / CNEN. This laboratory aims to calibrate the ionizing radiation instruments used by the Brazilian Army. (author)