WorldWideScience

Sample records for framework cyber-security requirements

  1. Control Systems Security Center Comparison Study of Industrial Control System Standards against the Control Systems Protection Framework Cyber-Security Requirements

    Energy Technology Data Exchange (ETDEWEB)

    Robert P. Evans

    2005-09-01

    Cyber security standards, guidelines, and best practices for control systems are critical requirements that have been delineated and formally recognized by industry and government entities. Cyber security standards provide a common language within the industrial control system community, both national and international, to facilitate understanding of security awareness issues but, ultimately, they are intended to strengthen cyber security for control systems. This study and the preliminary findings outlined in this report are an initial attempt by the Control Systems Security Center (CSSC) Standard Awareness Team to better understand how existing and emerging industry standards, guidelines, and best practices address cyber security for industrial control systems. The Standard Awareness Team comprised subject matter experts in control systems and cyber security technologies and standards from several Department of Energy (DOE) National Laboratories, including Argonne National Laboratory, Idaho National Laboratory, Pacific Northwest National Laboratory, and Sandia National Laboratories. This study was conducted in two parts: a standard identification effort and a comparison analysis effort. During the standard identification effort, the Standard Awareness Team conducted a comprehensive open-source survey of existing control systems security standards, regulations, and guidelines in several of the critical infrastructure (CI) sectors, including the telecommunication, water, chemical, energy (electric power, petroleum and oil, natural gas), and transportation--rail sectors and sub-sectors. During the comparison analysis effort, the team compared the requirements contained in selected, identified, industry standards with the cyber security requirements in ''Cyber Security Protection Framework'', Version 0.9 (hereafter referred to as the ''Framework''). For each of the seven sector/sub-sectors listed above, one standard was

  2. Control Systems Security Center Comparison Study of Industrial Control System Standards against the Control Systems Protection Framework Cyber-Security Requirements

    Energy Technology Data Exchange (ETDEWEB)

    Robert P. Evans

    2005-09-01

    Cyber security standards, guidelines, and best practices for control systems are critical requirements that have been delineated and formally recognized by industry and government entities. Cyber security standards provide a common language within the industrial control system community, both national and international, to facilitate understanding of security awareness issues but, ultimately, they are intended to strengthen cyber security for control systems. This study and the preliminary findings outlined in this report are an initial attempt by the Control Systems Security Center (CSSC) Standard Awareness Team to better understand how existing and emerging industry standards, guidelines, and best practices address cyber security for industrial control systems. The Standard Awareness Team comprised subject matter experts in control systems and cyber security technologies and standards from several Department of Energy (DOE) National Laboratories, including Argonne National Laboratory, Idaho National Laboratory, Pacific Northwest National Laboratory, and Sandia National Laboratories. This study was conducted in two parts: a standard identification effort and a comparison analysis effort. During the standard identification effort, the Standard Awareness Team conducted a comprehensive open-source survey of existing control systems security standards, regulations, and guidelines in several of the critical infrastructure (CI) sectors, including the telecommunication, water, chemical, energy (electric power, petroleum and oil, natural gas), and transportation--rail sectors and sub-sectors. During the comparison analysis effort, the team compared the requirements contained in selected, identified, industry standards with the cyber security requirements in ''Cyber Security Protection Framework'', Version 0.9 (hereafter referred to as the ''Framework''). For each of the seven sector/sub-sectors listed above, one standard was

  3. Cyber Security Research Frameworks For Coevolutionary Network Defense

    Energy Technology Data Exchange (ETDEWEB)

    Rush, George D. [Missouri Univ. of Science and Technology, Rolla, MO (United States); Tauritz, Daniel Remy [Los Alamos National Lab. (LANL), Los Alamos, NM (United States)

    2015-12-03

    Several architectures have been created for developing and testing systems used in network security, but most are meant to provide a platform for running cyber security experiments as opposed to automating experiment processes. In the first paper, we propose a framework termed Distributed Cyber Security Automation Framework for Experiments (DCAFE) that enables experiment automation and control in a distributed environment. Predictive analysis of adversaries is another thorny issue in cyber security. Game theory can be used to mathematically analyze adversary models, but its scalability limitations restrict its use. Computational game theory allows us to scale classical game theory to larger, more complex systems. In the second paper, we propose a framework termed Coevolutionary Agent-based Network Defense Lightweight Event System (CANDLES) that can coevolve attacker and defender agent strategies and capabilities and evaluate potential solutions with a custom network defense simulation. The third paper is a continuation of the CANDLES project in which we rewrote key parts of the framework. Attackers and defenders have been redesigned to evolve pure strategy, and a new network security simulation is devised which specifies network architecture and adds a temporal aspect. We also add a hill climber algorithm to evaluate the search space and justify the use of a coevolutionary algorithm.

  4. Framework for Grading of Cyber Security Check-List upon I and C Architecture

    Energy Technology Data Exchange (ETDEWEB)

    Shin, Jin Soo; Heo, Gyunyong [Kyunghee University, Yongin (Korea, Republic of); Son, Han Seong [Joongbu University, Geumsan (Korea, Republic of)

    2016-05-15

    Cyber-attack can threaten research reactors as well as NPPs since the goal of cyber-attack is not only to make a catastrophic accident such as radiation exposure against public health but also to make chaos or anxiety among the public. Moreover, there is more probability to occur in research reactors than NPPs since research reactors has more users than NPPs. The nuclear regulatory agencies such as U.S.NRC and KINAC (Korea Institute of Nuclear Nonproliferation and Control) have published regulatory guides for rules against cyber-attack to maintain cyber security of nuclear facilities. U.S.NRC has published a regulatory guide (U.S.NRC / RG-5.71) and KINAC has developed a regulatory standard (KINAC / RS-015) to establish a cyber security for nuclear facilities. However, these regulatory documents represent check-list for cyber security regardless of reactor type such as NPPs or research reactors. The proposed framework in this paper was grading of cyber security check-lists with BBN by I and C architecture such as NPPs and research reactors. First, the BBN model was developed to apply I and C system architecture of target nuclear facility. The architecture model calculates the cyber security risk with structural architecture, vulnerability, and mitigation measure. Second, cyber security check-lists are defined in cyber security documents. It is, then, used with the consideration of mitigation measures of BBN model in order to apply architectural characteristic. Third, after assuming cyber-attack occurs to I and C system, the model calculates the posterior information using Bayesian update. Finally, the cyber security check-lists for nuclear facilities are graded upon I and C architecture with the posterior information for mitigation measures.

  5. Framework for an African policy towards creating cyber security awareness

    CSIR Research Space (South Africa)

    Dlamini, IZ

    2011-05-01

    Full Text Available Cyber security is a GLOBAL issue. The rest of the world needs Africa to be aware and ready. Furthermore, Africa can only be aware and ready if it is internally organised and collaborates effectively with the rest of the world. The African continent...

  6. A conceptual framework for cyber security awareness and education in SA

    Directory of Open Access Journals (Sweden)

    Noluxolo Kortjan

    2014-06-01

    Full Text Available The Internet is becoming increasingly interwoven in the daily lives of many individuals, organisations and nations. It has, to a large extent, had a positive effect on the way people communicate. It has also introduced new avenues for business; and it has offered nations an opportunity to govern online. Nevertheless, although cyberspace offers an endless list of services and opportunities, it is also accompanied by many risks, of which many Internet users are not aware. As such, various countries have developed and implemented cyber-security awareness and education measures to counter the perceived ignorance of the Internet users. However, there is currently a definite lack in South Africa (SA in this regard; as there are currently, little government-led and sponsored cyber-security awareness and education initiatives. The primary research objective of this paper, therefore, is to propose a cyber-security awareness and education framework for SA that would assist in creating a cyber-secure culture in SA among all of the users of the Internet. This framework will be developed on the basis of key factors extrapolated from a comparative analysis of relevant developed countries.

  7. Towards a Relation Extraction Framework for Cyber-Security Concepts

    Energy Technology Data Exchange (ETDEWEB)

    Jones, Corinne L [ORNL; Bridges, Robert A [ORNL; Huffer, Kelly M [ORNL; Goodall, John R [ORNL

    2015-01-01

    In order to assist security analysts in obtaining information pertaining to their network, such as novel vulnerabilities, exploits, or patches, information retrieval methods tailored to the security domain are needed. As labeled text data is scarce and expensive, we follow developments in semi-supervised NLP and implement a bootstrapping algorithm for extracting security entities and their relationships from text. The algorithm requires little input data, specifically, a few relations or patterns (heuristics for identifying relations), and incorporates an active learning component which queries the user on the most important decisions to prevent drifting the desired relations. Preliminary testing on a small corpus shows promising results, obtaining precision of .82.

  8. A macro-economic framework for evaluation of cyber security risks related to protection of intellectual property.

    Science.gov (United States)

    Andrijcic, Eva; Horowitz, Barry

    2006-08-01

    The article is based on the premise that, from a macro-economic viewpoint, cyber attacks with long-lasting effects are the most economically significant, and as a result require more attention than attacks with short-lasting effects that have historically been more represented in literature. In particular, the article deals with evaluation of cyber security risks related to one type of attack with long-lasting effects, namely, theft of intellectual property (IP) by foreign perpetrators. An International Consequence Analysis Framework is presented to determine (1) the potential macro-economic consequences of cyber attacks that result in stolen IP from companies in the United States, and (2) the likely sources of such attacks. The framework presented focuses on IP theft that enables foreign companies to make economic gains that would have otherwise benefited the U.S. economy. Initial results are presented.

  9. Cyber security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Cyber Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to cyber security metrics and measure  and related technologies that meet security needs. Specific applications to web services, the banking and the finance sector, and industrial process control systems are discussed.

  10. NERSC Cyber Security Challenges That Require DOE Development andSupport

    Energy Technology Data Exchange (ETDEWEB)

    Draney, Brent; Campbell, Scott; Walter, Howard

    2007-01-16

    Traditional security approaches do not adequately addressall the requirements of open, scientific computing facilities. Many ofthe methods used for more restricted environments, including almost allcorporate/commercial systems, do not meet the needs of today's science.Use of only the available "state of the practice" commercial methods willhave adverse impact on the ability of DOE to accomplish its sciencegoals, and impacts the productivity of the DOE Science community. Inparticular, NERSC and other high performance computing (HPC) centers havespecial security challenges that are unlikely to be met unless DOE fundsdevelopment and support of reliable and effective tools designed to meetthe cyber security needs of High Performance Science. The securitychallenges facing NERSC can be collected into three basic problem sets:network performance and dynamics, application complexity and diversity,and a complex user community that can have transient affiliations withactual institutions. To address these problems, NERSC proposes thefollowing four general solutions: auditing user and system activityacross sites; firewall port configuration in real time;cross-site/virtual organization identity management and access control;and detecting security issues in application middleware. Solutions arealsoproposed for three general long term issues: data volume,application complexity, and information integration.

  11. Multi sensor national cyber security data fusion

    CSIR Research Space (South Africa)

    Swart, I

    2015-03-01

    Full Text Available information security posture and to improve on it. The potential attack surface of a nation is extremely large however and no single source of cyber security data provides all the required information to accurately describe the cyber security readiness of a...

  12. Considerations on Cyber Security Assessments of Korean Nuclear Power Plants

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Jung-Woon; Song, Jae-Gu; Han, Kyung-Soo; Lee, Cheol Kwon [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of); Kang, Mingyun [E-Gonggam Co. Ltd., Daejeon (Korea, Republic of)

    2015-10-15

    Korea Institute of Nuclear Nonproliferation and Control (KINAC) has prepared the regulatory standard RS-015 based on RG 5.71. RS-015 defines the elements of a cyber security program to be established in nuclear facilities and describes the security control items and relevant requirements. Cyber security assessments are important initial activities in a cyber security program for NPPs. Cyber security assessments can be performed in the following key steps: 1) Formation of a cyber security assessment team (CSAT); 2) Identification of critical systems and critical digital assets (CDAs); 3) Plant compliance checks with the security control requirements in RS-015. Through the assessments, the current status of security controls applied to NPPs can be found out. The assessments provide baseline data for remedial activities. Additional analyses with the results from the assessments should be performed before the implementation of remedial security controls. The cyber security team at the Korea Atomic Energy Research Institute (KAERI) has studied how to perform cyber security assessments for NPPs based on the regulatory requirements. Recently, KAERI's cyber security team has performed pilot cyber security assessments of a Korean NPP. Based on this assessment experience, considerations and checkpoints which would be helpful for full-scale cyber security assessments of Korean NPPs and the implementation of remedial security controls are discussed in this paper. Cyber security assessment is one of important and immediate activities for NPP cyber security. The quality of the first assessment will be a barometer for NPP cyber security. Hence cyber security assessments of Korean NPPs should be performed elaborately.

  13. Cyber Security : Home User's Perspective

    OpenAIRE

    Ikonen, Mikko

    2014-01-01

    Cyber security is important to understand for home users. New technology allows for new cyber threats to emerge and new solutions must be considered to counter them. Nearly every device is connected to the Internet and this opens new possibilities and threats to cyber security. This Bachelor's thesis explores the different aspects of cyber security and suggests solutions to different cyber security issues found. The different aspects of cyber security under research here include personal ...

  14. Study on Nuclear Facility Cyber Security Awareness and Training Programs

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Jung-Woon; Song, Jae-Gu; Lee, Cheol-Kwon [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2016-10-15

    Cyber security awareness and training, which is a part of operational security controls, is defined to be implemented later in the CSP implementation schedule. However, cyber security awareness and training is a prerequisite for the appropriate implementation of a cyber security program. When considering the current situation in which it is just started to define cyber security activities and to assign personnel who has responsibilities for performing those activities, a cyber security awareness program is necessary to enhance cyber security culture for the facility personnel to participate positively in cyber security activities. Also before the implementation of stepwise CSP, suitable education and training should be provided to both cyber security teams (CST) and facility personnel who should participate in the implementation. Since such importance and urgency of cyber security awareness and training is underestimated at present, the types, trainees, contents, and development strategies of cyber security awareness and training programs are studied to help Korean nuclear facilities to perform cyber security activities more effectively. Cyber security awareness and training programs should be developed ahead of the implementation of CSP. In this study, through the analysis of requirements in the regulatory standard RS-015, the types and trainees of overall cyber security training programs in nuclear facilities are identified. Contents suitable for a cyber security awareness program and a technical training program are derived. It is suggested to develop stepwise the program contents in accordance with the development of policies, guides, and procedures as parts of the facility cyber security program. Since any training programs are not available for the specialized cyber security training in nuclear facilities, a long-term development plan is necessary. As alternatives for the time being, several cyber security training courses for industrial control systems by

  15. Maritime Cyber Security University Research

    Science.gov (United States)

    2016-05-01

    i Classification | CG-926 RDC | author | audience | month year Maritime Cyber Security University Research Phase I - Final Report...Distribution Statement A: Approved for public release; distribution is unlimited. May 2016 Report No. CG-D-06-16 Maritime Cyber Security ...Director United States Coast Guard Research & Development Center 1 Chelsea Street New London, CT 06320 Maritime Cyber Security University

  16. Cyber Security and Resilient Systems

    Energy Technology Data Exchange (ETDEWEB)

    Robert S. Anderson

    2009-07-01

    The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation’s cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested – both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments to date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the

  17. IPACSO: Towards Developing an Innovation Framework for ICT Innovators in the Privacy and CyberSecurity Markets

    OpenAIRE

    Power, Jamie R; Dooly, Zeta

    2014-01-01

    A pressing challenge facing the cybersecurity and privacy research community is transitioning technical R&D into commercial and marketplace ready products and services. Responding to the need to develop a better understanding of how Privacy and CyberSecurity (PACS) market needs and overall technology innovation best-practice can be harmonized more effectively the contribution of this paper is centred upon the development of a set of innovation guiding principles to inform the overarching IPAC...

  18. 75 FR 18819 - Second DRAFT NIST Interagency Report (NISTIR) 7628, Smart Grid Cyber Security Strategy and...

    Science.gov (United States)

    2010-04-13

    ... Grid Cyber Security Strategy and Requirements; Request for Comments AGENCY: National Institute of..., Smart Grid Cyber Security Strategy and Requirements. This second draft has been updated to address the... logical interface diagrams, and the cyber security strategy sections have all been updated and...

  19. CYBER SECURITY FOR AIRPORTS

    Directory of Open Access Journals (Sweden)

    Kasthurirangan Gopalakrishnan

    2013-12-01

    Full Text Available In today’s information age, government organizations and business enterprises are heavily relying on interconnected computer systems to manage a variety of public services including energy, transportation, water, etc. While this increased connectivity has many operational advantages benefitting the public, they have also become vulnerable to cyber attacks such as Corporate Security Breaches, Spear Phishing, and Social Media Fraud. The aviation sector is one the critical infrastructure systems that is not only vulnerable to physical threats, but also cyber threats, especially with the increased use of Bring Your Own Device (BYOD at airports. It has been recognized that there is currently no cyber security standards established for airports in the United States as the existing standards have mainly focused on aircraft Control System (CS. This paper summarizes the need, background, ongoing developments and research efforts with respect to the establishment of cyber-security standards and best practices at U.S. airports with special emphasis on cyber security education and literacy.

  20. Metaphors for cyber security.

    Energy Technology Data Exchange (ETDEWEB)

    Moore, Judy Hennessey; Parrott, Lori K.; Karas, Thomas H.

    2008-08-01

    This report is based upon a workshop, called 'CyberFest', held at Sandia National Laboratories on May 27-30, 2008. Participants in the workshop came from organizations both outside and inside Sandia. The premise of the workshop was that thinking about cyber security from a metaphorical perspective could lead to a deeper understanding of current approaches to cyber defense and perhaps to some creative new approaches. A wide range of metaphors was considered, including those relating to: military and other types of conflict, biological, health care, markets, three-dimensional space, and physical asset protection. These in turn led to consideration of a variety of possible approaches for improving cyber security in the future. From the proposed approaches, three were formulated for further discussion. These approaches were labeled 'Heterogeneity' (drawing primarily on the metaphor of biological diversity), 'Motivating Secure Behavior' (taking a market perspective on the adoption of cyber security measures) and 'Cyber Wellness' (exploring analogies with efforts to improve individual and public health).

  1. Cyber Security--Are You Prepared?

    Science.gov (United States)

    Newman, Scott

    2007-01-01

    During the summer 2002 term, Oklahoma State University-Okmulgee's Information Technologies Division offered a one credit-hour network security course--which barely had adequate student interest to meet the institution's enrollment requirements. Today, OSU-Okmulgee boasts one of the nation's premier cyber security programs. Many prospective…

  2. Cyber Security--Are You Prepared?

    Science.gov (United States)

    Newman, Scott

    2007-01-01

    During the summer 2002 term, Oklahoma State University-Okmulgee's Information Technologies Division offered a one credit-hour network security course--which barely had adequate student interest to meet the institution's enrollment requirements. Today, OSU-Okmulgee boasts one of the nation's premier cyber security programs. Many prospective…

  3. Cyber Security Evaluation Tool

    Energy Technology Data Exchange (ETDEWEB)

    2009-08-03

    CSET is a desktop software tool that guides users through a step-by-step process to assess their control system network security practices against recognized industry standards. The output from CSET is a prioritized list of recommendations for improving the cyber security posture of your organization’s ICS or enterprise network. CSET derives the recommendations from a database of cybersecurity standards, guidelines, and practices. Each recommendation is linked to a set of actions that can be applied to enhance cybersecurity controls.

  4. Cyber Security Applications: Freeware & Shareware

    Science.gov (United States)

    Rogers, Gary; Ashford, Tina

    2015-01-01

    This paper will discuss some assignments using freeware/shareware instructors can find on the Web to use to provide students with hands-on experience in this arena. Also, the college, Palm Beach State College, via a grant with the U.S. Department of Labor, has recently purchased a unique cyber security device that simulates cyber security attacks…

  5. INFORMATION SYSTEM SECURITY (CYBER SECURITY

    Directory of Open Access Journals (Sweden)

    Muhammad Siddique Ansari

    2016-03-01

    system force and structure reliance – are discovered and tantamount with EU nations. Thusly I indicated reason viewpoints and figures of security of data structures it additionally relates to the reason of estimation of transient dangers of security of frameworks for that I begin my proposal with one of the fundamental class of data security which is Cyber security. Keyword : Cyber Security, IT

  6. CENTER FOR CYBER SECURITY STUDIES

    Data.gov (United States)

    Federal Laboratory Consortium — The mission of the Center for Cyber Security Studies is to enhance the education of midshipmen in all areas of cyber warfare, to facilitate the sharing of expertise...

  7. Process Control System Cyber Security Standards - An Overview

    Energy Technology Data Exchange (ETDEWEB)

    Robert P. Evans

    2006-05-01

    The use of cyber security standards can greatly assist in the protection of process control systems by providing guidelines and requirements for the implementation of computer-controlled systems. These standards are most effective when the engineers and operators, using the standards, understand what each standard addresses. This paper provides an overview of several standards that deal with the cyber security of process measurements and control systems.

  8. Cyber security best practices for the nuclear industry

    Energy Technology Data Exchange (ETDEWEB)

    Badr, I. [Rational IBM Software Group, IBM Corporation, Evanston, IL 60201 (United States)

    2012-07-01

    When deploying software based systems, such as, digital instrumentation and controls for the nuclear industry, it is vital to include cyber security assessment as part of architecture and development process. When integrating and delivering software-intensive systems for the nuclear industry, engineering teams should make use of a secure, requirements driven, software development life cycle, ensuring security compliance and optimum return on investment. Reliability protections, data loss prevention, and privacy enforcement provide a strong case for installing strict cyber security policies. (authors)

  9. Nuclear Cyber Security Issues and Policy Recommendations

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Cheol-Kwon; Lee, Dong-Young [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of); Lee, Na-Young; Hwang, Young-Soo [Korea Institute of Nuclear Nonproliferation and Control, Daejeon (Korea, Republic of)

    2015-10-15

    The cyber-attack against computer systems causes the loss of function which brings about the big economic loss, and it becomes a national-wide issue. In recent days the cyber threat has occurred in the national critical infrastructure around the world. In the nuclear industry, while discussing responses to various threats against nuclear facilities since 2006, cyber-terrorism was also discussed. But at that time, cyber-attacks against control networks in nuclear facilities were not seriously considered because those networks were isolated from the Internet thoroughly and it was evaluated that cyber penetration would not be possible. However Stuxnet worm virus which attacked Iran's nuclear facilities confirmed that the cyber security problem could occur even in other nuclear facilities. The facilities were isolated from the Internet. After the cyber incident, we began to discuss the topic of NPP cyber security. It is very difficult to predict whether or when or how the cyber-attack will be occurred, which is a characteristic of cyber-attack. They could be always detected only after when an incident had occurred. This paper summarizes the report, 'Nuclear Cyber Security Issues and Policy Recommendations' by issue committee in the Korea Nuclear Society, which reviewed the cyber security framework for nuclear facilities in the Republic of Korea being established to prevent nuclear facilities from cyber-attacks and to respond systematically. As a result this paper proposes several comments to improve the security and furthermore safety of nuclear facilities Digital technology will be used more widely at the national critical infrastructure including nuclear facilities in the future, and moreover wireless technologies and mobile devices will be soon introduced to nuclear industry. It is therefore anticipated that the rapid advance in digital technology will accelerate the opportunity of hacking these facilities.

  10. European Cyber Security Perspectives 2015

    NARCIS (Netherlands)

    Baloo, J.; Geveke, H.G.; Paulissen, W.; Vries, H. de

    2015-01-01

    Following the success of last year’s publication, we are proud to present the second edition of our European Cyber Security Perspectives report. Through this collection of articles, we aim to share our different perspectives and insights, the latest developments and achievements in the field of cybe

  11. European Cyber Security Perspectives 2015

    NARCIS (Netherlands)

    Baloo, J.; Geveke, H.G.; Paulissen, W.; Vries, H. de

    2015-01-01

    Following the success of last year’s publication, we are proud to present the second edition of our European Cyber Security Perspectives report. Through this collection of articles, we aim to share our different perspectives and insights, the latest developments and achievements in the field of

  12. Help for the Developers of Control System Cyber Security Standards

    Energy Technology Data Exchange (ETDEWEB)

    Robert P. Evans

    2008-05-01

    A Catalog of Control Systems Security: Recommendations for Standards Developers (Catalog), aimed at assisting organizations to facilitate the development and implementation of control system cyber security standards, has been developed. This catalog contains requirements that can help protect control systems from cyber attacks and can be applied to the Critical Infrastructures and Key Resources of the United States and other nations. The requirements contained in the catalog are a compilation of practices or various industry bodies used to increase the security of control systems from both physical and cyber attacks. They should be viewed as a collection of recommendations to be considered and judiciously employed, as appropriate, when reviewing and developing cyber security standards for control systems. The recommendations in the Catalog are intended to be broad enough to provide any industry using control systems the flexibility needed to develop sound cyber security standards specific to their individual security requirements.

  13. Cyber Security Risks and Requirements for Customer Interaction of Smart Grid%互动用电方式下的信息安全风险与安全需求分析

    Institute of Scientific and Technical Information of China (English)

    刘念; 张建华

    2011-01-01

    互动用电是智能电网的基本特征之一,针对因互动用电方式而引入的信息安全风险和安全需求展开研究.首先,从风险分析的角度,将互动用电方式下的信息安全与广域环境下的电力信息安全进行定性比较,重点论述了二者在威胁产生的客观条件、主观动机和事故后果等方面的差异.在此基础上,结合互动用电的业务流程和高级量测体系的特点,从保密性、完整性和可用性等信息安全需求出发,提炼出可用性评估、密钥管理和异常行为检测等3个方面的难点问题.%Customer interaction is one of the basic features of the smart grid. The study is focused on the risk and demand of cyber security stemming from customer interaction. First, in the perspective of risk analysis, the cyber security of customer interaction is qualitatively compared with that of wide area power cyber security with emphasis on the difference between the two in terms of the objective condition, subjective motivation, and consequence of threat. Furthermore, by referring to the business process of customer interaction and features of advanced metering infrastructure (AMI), the related difficulties including availability assessment, key management and abnormal action detection, are extracted from the cyber security requirements such as confidentiality, integrity and availability.

  14. A Taxonomy of Operational Cyber Security Risks Version 2

    Science.gov (United States)

    2014-05-01

    References 37 CMU/SEI-2014-TN-006 | ii CMU/SEI-2014-TN-006 | iii List of Figures Figure 1: Relationships Among Assets, Business Processes, and...draws upon the definition of operational risk adopted by the banking sector in the Basel II framework [BIS 2006]. Within the cyber security space

  15. Cyber Security for Smart Grid, Cryptography, and Privacy

    Directory of Open Access Journals (Sweden)

    Swapna Iyer

    2011-01-01

    Full Text Available The invention of “smart grid” promises to improve the efficiency and reliability of the power system. As smart grid is turning out to be one of the most promising technologies, its security concerns are becoming more crucial. The grid is susceptible to different types of attacks. This paper will focus on these threats and risks especially relating to cyber security. Cyber security is a vital topic, since the smart grid uses high level of computation like the IT. We will also see cryptography and key management techniques that are required to overcome these attacks. Privacy of consumers is another important security concern that this paper will deal with.

  16. Towards a cyber secure society

    CSIR Research Space (South Africa)

    Labuschagne, WA

    2012-10-01

    Full Text Available in Bahrain Syria ? CSIR 2012 Slide 12 What is possible ? CSIR 2012 Slide 13 Cyber Defence Areas ? CSIR 2012 Slide 14 Network Attack Prediction Security Awareness Social Engineering Network Attack Prediction ? CSIR 2012 Slide 15 Network Attack... Goal Class Some Phase Class Actor Class Aggressor Class Some Single Single Security Awareness ? CSIR 2012 Slide 19 Motivation for the project ? CSIR 2012 Slide 20 Self-defence course for internet users Cyber Security Awareness Training...

  17. Cyber security evaluation of II&C technologies

    Energy Technology Data Exchange (ETDEWEB)

    Thomas, Ken [Idaho National Laboratory (INL), Idaho Falls, ID (United States)

    2014-11-01

    The Light Water Reactor Sustainability (LWRS) Program is a research and development program sponsored by the Department of Energy, which is conducted in close collaboration with industry to provide the technical foundations for licensing and managing the long-term, safe and economical operation of current nuclear power plants The LWRS Program serves to help the US nuclear industry adopt new technologies and engineering solutions that facilitate the continued safe operation of the plants and extension of the current operating licenses. Within the LWRS Program, the Advanced Instrumentation, Information, and Control (II&C) Systems Technologies Pathway conducts targeted research and development (R&D) to address aging and reliability concerns with the legacy instrumentation and control and related information systems of the U.S. operating light water reactor (LWR) fleet. The II&C Pathway is conducted by Idaho National Laboratory (INL). Cyber security is a common concern among nuclear utilities and other nuclear industry stakeholders regarding the digital technologies that are being developed under this program. This concern extends to the point of calling into question whether these types of technologies could ever be deployed in nuclear plants given the possibility that the information in them can be compromised and the technologies themselves can potentially be exploited to serve as attack vectors for adversaries. To this end, a cyber security evaluation has been conducted of these technologies to determine whether they constitute a threat beyond what the nuclear plants already manage within their regulatory-required cyber security programs. Specifically, the evaluation is based on NEI 08-09, which is the industry’s template for cyber security programs and evaluations, accepted by the Nuclear Regulatory Commission (NRC) as responsive to the requirements of the nuclear power plant cyber security regulation found in 10 CFR 73.54. The evaluation was conducted by a

  18. Cyber Security Evaluation of II&C Technologies

    Energy Technology Data Exchange (ETDEWEB)

    Ken Thomas

    2014-11-01

    The Light Water Reactor Sustainability (LWRS) Program is a research and development program sponsored by the Department of Energy, which is conducted in close collaboration with industry to provide the technical foundations for licensing and managing the long-term, safe and economical operation of current nuclear power plants The LWRS Program serves to help the US nuclear industry adopt new technologies and engineering solutions that facilitate the continued safe operation of the plants and extension of the current operating licenses. Within the LWRS Program, the Advanced Instrumentation, Information, and Control (II&C) Systems Technologies Pathway conducts targeted research and development (R&D) to address aging and reliability concerns with the legacy instrumentation and control and related information systems of the U.S. operating light water reactor (LWR) fleet. The II&C Pathway is conducted by Idaho National Laboratory (INL). Cyber security is a common concern among nuclear utilities and other nuclear industry stakeholders regarding the digital technologies that are being developed under this program. This concern extends to the point of calling into question whether these types of technologies could ever be deployed in nuclear plants given the possibility that the information in them can be compromised and the technologies themselves can potentially be exploited to serve as attack vectors for adversaries. To this end, a cyber security evaluation has been conducted of these technologies to determine whether they constitute a threat beyond what the nuclear plants already manage within their regulatory-required cyber security programs. Specifically, the evaluation is based on NEI 08-09, which is the industry’s template for cyber security programs and evaluations, accepted by the Nuclear Regulatory Commission (NRC) as responsive to the requirements of the nuclear power plant cyber security regulation found in 10 CFR 73.54. The evaluation was conducted by a

  19. Kanttekeningen bij de Europese cyber security strategie

    NARCIS (Netherlands)

    Luiijf, H.A.M.; Smulders, A.C.M.; Kamphuis, P.

    2013-01-01

    In februari presenteerde de Europese Unie de Europese cyber security strategie en begeleidende concept richtlijn. The Hague Security Delta (HSD) is verheugd dat de Nederlandse Nationale Cyber Security Strategie nu ook op Europees niveau navolging krijgt. Toch plaatsen we een paar kantekeningen.

  20. Ten national cyber security strategies: A comparison

    NARCIS (Netherlands)

    Luiijf, H.A.M.; Besseling, K. van; Spoelstra, M.; Graaf, P. de

    2013-01-01

    A number of nations developed and published a national cyber security strategy (NCSS). Most of them were published in the period 2009 - 2011. Despite the fact that each of these NCSS intends to address the cyber security threat, large differences exist between the NCSS approaches. This paper analyse

  1. Kanttekeningen bij de Europese cyber security strategie

    NARCIS (Netherlands)

    Luiijf, H.A.M.; Smulders, A.C.M.; Kamphuis, P.

    2013-01-01

    In februari presenteerde de Europese Unie de Europese cyber security strategie en begeleidende concept richtlijn. The Hague Security Delta (HSD) is verheugd dat de Nederlandse Nationale Cyber Security Strategie nu ook op Europees niveau navolging krijgt. Toch plaatsen we een paar kantekeningen.

  2. Mathematical and Statistical Opportunities in Cyber Security

    Energy Technology Data Exchange (ETDEWEB)

    Meza, Juan; Campbell, Scott; Bailey, David

    2009-03-23

    The role of mathematics in a complex system such as the Internet has yet to be deeply explored. In this paper, we summarize some of the important and pressing problems in cyber security from the viewpoint of open science environments. We start by posing the question 'What fundamental problems exist within cyber security research that can be helped by advanced mathematics and statistics'? Our first and most important assumption is that access to real-world data is necessary to understand large and complex systems like the Internet. Our second assumption is that many proposed cyber security solutions could critically damage both the openness and the productivity of scientific research. After examining a range of cyber security problems, we come to the conclusion that the field of cyber security poses a rich set of new and exciting research opportunities for the mathematical and statistical sciences.

  3. Information fusion for cyber-security analytics

    CERN Document Server

    Karabatis, George; Aleroud, Ahmed

    2017-01-01

    This book highlights several gaps that have not been addressed in existing cyber security research. It first discusses the recent attack prediction techniques that utilize one or more aspects of information to create attack prediction models. The second part is dedicated to new trends on information fusion and their applicability to cyber security; in particular, graph data analytics for cyber security, unwanted traffic detection and control based on trust management software defined networks, security in wireless sensor networks & their applications, and emerging trends in security system design using the concept of social behavioral biometric. The book guides the design of new commercialized tools that can be introduced to improve the accuracy of existing attack prediction models. Furthermore, the book advances the use of Knowledge-based Intrusion Detection Systems (IDS) to complement existing IDS technologies. It is aimed towards cyber security researchers. .

  4. Realizing Scientific Methods for Cyber Security

    Energy Technology Data Exchange (ETDEWEB)

    Carroll, Thomas E.; Manz, David O.; Edgar, Thomas W.; Greitzer, Frank L.

    2012-07-18

    There is little doubt among cyber security researchers about the lack of scientic rigor that underlies much of the liter-ature. The issues are manifold and are well documented. Further complicating the problem is insufficient scientic methods to address these issues. Cyber security melds man and machine: we inherit the challenges of computer science, sociology, psychology, and many other elds and create new ones where these elds interface. In this paper we detail a partial list of challenges imposed by rigorous science and survey how other sciences have tackled them, in the hope of applying a similar approach to cyber security science. This paper is by no means comprehensive: its purpose is to foster discussion in the community on how we can improve rigor in cyber security science.

  5. Cyber Security: A Crisis of Prioritization

    Science.gov (United States)

    2005-02-01

    Infrastructure Protection ( CIIP ) become the focal point for coordinating Federal cyber security R&D efforts. This working group should be strengthened...the: • Interagency Working Group on Critical Information Infrastructure Protection (IWG/ CIIP ), which is part of the National Science and Technology...the agencies’ cyber security research programs and agendas – has largely been missing. The Committee notes that the IWG/ CIIP has recently begun a

  6. Mathematical and Statistical Opportunities in Cyber Security

    OpenAIRE

    Meza, Juan; Campbell, Scott; Bailey, David

    2009-01-01

    The role of mathematics in a complex system such as the Internet has yet to be deeply explored. In this paper, we summarize some of the important and pressing problems in cyber security from the viewpoint of open science environments. We start by posing the question "What fundamental problems exist within cyber security research that can be helped by advanced mathematics and statistics?" Our first and most important assumption is that access to real-world data is necessary to understand large...

  7. Strengthening DoD Cyber Security with the Vulnerability Market

    Science.gov (United States)

    2014-01-01

    Strengthening DoD Cyber Security with the Vulnerability Market 472Defense ARJ, January 2014, Vol. 21 No. 1: 466–484 music piracy . This event was sanctioned by...keep any vulnerabilities secret and subsequently refuse to patch the products. For 3 weeks in 2000, the Secure Digital Music Initiative (SDMI...the music recording industry and required all participants to sign a nondisclosure agreement prior to accessing SDMI data files (Craver, 2001). Bug

  8. Cyber security awareness toolkit for national security: an approach to South Africa's cyber security policy implementation

    CSIR Research Space (South Africa)

    Phahlamohlaka, LJ

    2011-05-01

    Full Text Available The aim of this paper is to propose an approach that South Africa could follow in implementing its proposed cyber security policy. The paper proposes a Cyber Security Awareness Toolkit that is underpinned by key National Security imperatives...

  9. Mission Assurance Modeling and Simulation: A Cyber Security Roadmap

    Science.gov (United States)

    Gendron, Gerald; Roberts, David; Poole, Donold; Aquino, Anna

    2012-01-01

    This paper proposes a cyber security modeling and simulation roadmap to enhance mission assurance governance and establish risk reduction processes within constrained budgets. The term mission assurance stems from risk management work by Carnegie Mellon's Software Engineering Institute in the late 19905. By 2010, the Defense Information Systems Agency revised its cyber strategy and established the Program Executive Officer-Mission Assurance. This highlights a shift from simply protecting data to balancing risk and begins a necessary dialogue to establish a cyber security roadmap. The Military Operations Research Society has recommended a cyber community of practice, recognizing there are too few professionals having both cyber and analytic experience. The authors characterize the limited body of knowledge in this symbiotic relationship. This paper identifies operational and research requirements for mission assurance M&S supporting defense and homeland security. M&S techniques are needed for enterprise oversight of cyber investments, test and evaluation, policy, training, and analysis.

  10. Microgrid cyber security reference architecture.

    Energy Technology Data Exchange (ETDEWEB)

    Veitch, Cynthia K.; Henry, Jordan M.; Richardson, Bryan T.; Hart, Derek H.

    2013-07-01

    This document describes a microgrid cyber security reference architecture. First, we present a high-level concept of operations for a microgrid, including operational modes, necessary power actors, and the communication protocols typically employed. We then describe our motivation for designing a secure microgrid; in particular, we provide general network and industrial control system (ICS)-speci c vulnerabilities, a threat model, information assurance compliance concerns, and design criteria for a microgrid control system network. Our design approach addresses these concerns by segmenting the microgrid control system network into enclaves, grouping enclaves into functional domains, and describing actor communication using data exchange attributes. We describe cyber actors that can help mitigate potential vulnerabilities, in addition to performance bene ts and vulnerability mitigation that may be realized using this reference architecture. To illustrate our design approach, we present a notional a microgrid control system network implementation, including types of communica- tion occurring on that network, example data exchange attributes for actors in the network, an example of how the network can be segmented to create enclaves and functional domains, and how cyber actors can be used to enforce network segmentation and provide the neces- sary level of security. Finally, we describe areas of focus for the further development of the reference architecture.

  11. Cyber security analytics, technology and automation

    CERN Document Server

    Neittaanmäki, Pekka

    2015-01-01

    Over the last two decades, the Internet and more broadly cyberspace has had a tremendous impact on all parts of society. Governments across the world have started to develop cyber security strategies and to consider cyberspace as an increasingly important international issue. The book, in addition to the cyber threats and technology, processes cyber security from many sides as a social phenomenon and how the implementation of the cyber security strategy is carried out. The book gives a profound idea of the most spoken phenomenon of this time. The book is suitable for a wide-ranging audience from graduate to professionals/practitioners and researchers. Relevant disciplines for the book are  Telecommunications / Network security, Applied mathematics / Data analysis, Mobile systems / Security, Engineering / Security of critical infrastructure and Military science / Security.

  12. Computational Intelligence, Cyber Security and Computational Models

    CERN Document Server

    Anitha, R; Lekshmi, R; Kumar, M; Bonato, Anthony; Graña, Manuel

    2014-01-01

    This book contains cutting-edge research material presented by researchers, engineers, developers, and practitioners from academia and industry at the International Conference on Computational Intelligence, Cyber Security and Computational Models (ICC3) organized by PSG College of Technology, Coimbatore, India during December 19–21, 2013. The materials in the book include theory and applications for design, analysis, and modeling of computational intelligence and security. The book will be useful material for students, researchers, professionals, and academicians. It will help in understanding current research trends and findings and future scope of research in computational intelligence, cyber security, and computational models.

  13. Research on Framework Design of Industrial Control System for Cyber-Security Defenses%工业控制系统网络安全防护体系研究

    Institute of Scientific and Technical Information of China (English)

    陈亚亮; 杨海军; 姚钦锋; 戴沁芸

    2013-01-01

    文章在阐述工业控制系统(ICS)网络概念与特点的基础上,深入分析其安全威胁及脆弱性,提出运用“深度防御”思想,以ICS资产功能及重要性为安全域划分依据,从技术与管理两个维度设计适用于ICS的网络安全防护体系。%Security threats and vulnerabilities are analyzed in depth in this paper, which is based on the network concept and the characteristic of the industrial control system (ICS). Subsequently, Framework design of industrial control system for cyber-security defenses is proposed by the use of“defense-in-depth”thought, combining with technology and management measures, separating the function and the importance of ICS asset into several security zones.

  14. Bio-Inspired Cyber Security for Smart Grid Deployments

    Energy Technology Data Exchange (ETDEWEB)

    McKinnon, Archibald D.; Thompson, Seth R.; Doroshchuk, Ruslan A.; Fink, Glenn A.; Fulp, Errin W.

    2013-05-01

    mart grid technologies are transforming the electric power grid into a grid with bi-directional flows of both power and information. Operating millions of new smart meters and smart appliances will significantly impact electric distribution systems resulting in greater efficiency. However, the scale of the grid and the new types of information transmitted will potentially introduce several security risks that cannot be addressed by traditional, centralized security techniques. We propose a new bio-inspired cyber security approach. Social insects, such as ants and bees, have developed complex-adaptive systems that emerge from the collective application of simple, light-weight behaviors. The Digital Ants framework is a bio-inspired framework that uses mobile light-weight agents. Sensors within the framework use digital pheromones to communicate with each other and to alert each other of possible cyber security issues. All communication and coordination is both localized and decentralized thereby allowing the framework to scale across the large numbers of devices that will exist in the smart grid. Furthermore, the sensors are light-weight and therefore suitable for implementation on devices with limited computational resources. This paper will provide a brief overview of the Digital Ants framework and then present results from test bed-based demonstrations that show that Digital Ants can identify a cyber attack scenario against smart meter deployments.

  15. Towards a cyber security aware rural community

    CSIR Research Space (South Africa)

    Grobler, M

    2011-08-01

    Full Text Available communities, but the current focus has been in the rural areas. The program takes on an informal work session approach with presentations and discussion sessions. The cyber security awareness program modules are divided into four main themes: physical security...

  16. Maritime Cyber Security University Research: Phase 1

    Science.gov (United States)

    2016-05-01

    the global economy . The vulnerabilities associated with reliance on digital systems in the maritime environment must be continuously examined. System...2016 TABLE OF CONTENTS   APPENDIX A.  INFORMATION SHARING FOR MARITIME CYBER RISK MANAGEMENT...al. Public | May 2016 APPENDIX A. INFORMATION SHARING FOR MARITIME CYBER RISK MANAGEMENT Maritime Cyber Security University Research

  17. 75 FR 26171 - Cyber Security Certification Program

    Science.gov (United States)

    2010-05-11

    ... rely on the durability and security of IP-based networks to move capital and to track goods and... networks with better security practices. The reduced incentive for heightened cyber security likely is... improve network security. Moreover, the Commission's review of the best practices indicates that,...

  18. Asset Analysis Method for the Cyber Security of Man Machine Interface System

    Energy Technology Data Exchange (ETDEWEB)

    Kang, Sung Kon; Kim, Hun Hee; Shin, Yeong Cheol [Korea Hydro and Nuclear Power, Daejeon (Korea, Republic of)

    2010-10-15

    As digital MMIS (Man Machine Interface System) is applied in Nuclear Power Plant (NPP), cyber security is becoming more and more important. Regulatory guide (KINS/GT-N27) requires that implementation plan for cyber security be prepared in NPP. Regulatory guide recommends the following 4 processes: 1) an asset analysis of MMIS, 2) a vulnerability analysis of MMIS, 3) establishment of countermeasures, and 4) establishment of operational guideline for cyber security. Conventional method for the asset analysis is mainly performed with a table form for each asset. Conventional method requires a lot of efforts due to the duplication of information. This paper presents an asset analysis method using object oriented approach for the NPP

  19. Using a Prediction Model to Manage Cyber Security Threats

    Directory of Open Access Journals (Sweden)

    Venkatesh Jaganathan

    2015-01-01

    Full Text Available Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization.

  20. Using a Prediction Model to Manage Cyber Security Threats.

    Science.gov (United States)

    Jaganathan, Venkatesh; Cherurveettil, Priyesh; Muthu Sivashanmugam, Premapriya

    2015-01-01

    Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization.

  1. THE INFORMATION CONFIDENTIALITY AND CYBER SECURITY IN MEDICAL INSTITUTIONS

    Directory of Open Access Journals (Sweden)

    SABAU-POPA CLAUDIA DIANA

    2015-07-01

    Full Text Available The information confidentiality and cyber security risk affects the right to confidentiality and privacy of the patient, as regulated in Romania by the Law 46/2002. The manifestation of the cyber security risk event affects the reputation of the healthcare institution and is becoming more and more complex and often due to the: development of network technology, the medical equipment connected to wifi and the electronic databases. The databases containing medical records were implemented due to automation. Thus, transforming data into medical knowledge contribute to a better understanding of the disease. Due to these factors, the measures taken by the hospital management for this type of risk are adapted to the cyber changes. The hospital objectives aim: the implementation of a robust information system, the early threats identifications and the incident reporting. Neglecting this type of risk can generate financial loss, inability to continue providing health care services for a certain period of time, providing an erroneous diagnosis, medical equipment errors etc. Thus, in a digital age the appropriate risk management for the information security and cyber risk represent a necessity. The main concern of hospitals worldwide is to align with international requirements and obtain credentials in terms of data security from the International Organisation for Standardization, which regulates the management of this type of risk. Romania is at the beginning in terms of concerns regarding the management, avoidance and mitigation of information security, the health system being most highly exposed to its manifestation. The present paper examines the concerns of the health system to the confidentiality of information and cyber security risk and its management arrangements. Thus, a set of key risk indicators is implemented and monitored for 2011-2013, using a user interface, a Dashboard, which acts as an early warning system of the manifestation of the

  2. Control Systems Cyber Security Standards Support Activities

    Energy Technology Data Exchange (ETDEWEB)

    Robert Evans

    2009-01-01

    The Department of Homeland Security’s Control Systems Security Program (CSSP) is working with industry to secure critical infrastructure sectors from cyber intrusions that could compromise control systems. This document describes CSSP’s current activities with industry organizations in developing cyber security standards for control systems. In addition, it summarizes the standards work being conducted by organizations within the sector and provides a brief listing of sector meetings and conferences that might be of interest for each sector. Control systems cyber security standards are part of a rapidly changing environment. The participation of CSSP in the development effort for these standards has provided consistency in the technical content of the standards while ensuring that information developed by CSSP is included.

  3. Cyber Security: A Road Map for Turkey

    Science.gov (United States)

    2012-03-19

    was hacked itself. It was also a denial of service incident that executers not known. Cyber Security: Challenges Janczewski Lech and Colaric... Transportation (MOT) should take the leading role, co working with key public and private players and military, and design an effective umbrella mechanism to...with the Ministry of Transportation in the lead with the ICTA as its Operational Test Team and a Cyber Defense Foundation under the MOT as the

  4. Cyber Security: Rule of Use Internet Safely?

    OpenAIRE

    -, Maskun

    2013-01-01

    International Journal Cyber security plays on important role to guarantee and protect people who use internet in their daily life. Some cases take place around the world that people get inconvenience condition when they access and use internet. Misuse of internet becomes a current issue which some cases take place including a university. Advantages of using internet in the university of course assist the student to get some information in internet. However, they have to be protected in ord...

  5. Cyber Security Audit and Attack Detection Toolkit

    Energy Technology Data Exchange (ETDEWEB)

    Peterson, Dale

    2012-05-31

    This goal of this project was to develop cyber security audit and attack detection tools for industrial control systems (ICS). Digital Bond developed and released a tool named Bandolier that audits ICS components commonly used in the energy sector against an optimal security configuration. The Portaledge Project developed a capability for the PI Historian, the most widely used Historian in the energy sector, to aggregate security events and detect cyber attacks.

  6. Operating Nuclear Power Stations in a Regulated Cyber Security Environment

    Energy Technology Data Exchange (ETDEWEB)

    Dorman, E.

    2014-07-01

    The United States Nuclear Regulatory Commission (NRC) issued 10CFR73.54 to implement a regulated Cyber Security Program at each operating nuclear reactor facility. Milestones were implemented December 31, 2012 to mitigate the attack vectors for the most critical digital assets acknowledged by the industry and the NR C. The NRC inspections have begun. The nuclear Cyber Security Plan, implemented by the site Cyber Security Program (Program), is an element of the operating license at each facility. (Author)

  7. Designing Fuzzy Rule Based Expert System for Cyber Security

    OpenAIRE

    Goztepe, Kerim

    2016-01-01

    The state of cyber security has begun to attract more attention and interest outside the community of computer security experts. Cyber security is not a single problem, but rather a group of highly different problems involving different sets of threats. Fuzzy Rule based system for cyber security is a system consists of a rule depository and a mechanism for accessing and running the rules. The depository is usually constructed with a collection of related rule sets. The aim of this study is to...

  8. Game Based Cyber Security Training: are Serious Games suitable for cyber security training?

    Directory of Open Access Journals (Sweden)

    Maurice Hendrix

    2016-03-01

    Full Text Available Security research and training is attracting a lot of investment and interest from governments and the private sector. Most efforts have focused on physical security, while cyber security or digital security has been given less importance. With recent high-profile attacks it has become clear that training in cyber security is needed. Serious Games have the capability to be effective tools for public engagement and behavioural change and role play games, are already used by security professionals. Thus cyber security seems especially well-suited to Serious Games. This paper investigates whether games can be effective cyber security training tools. The study is conducted by means of a structured literature review supplemented with a general web search.While there are early positive indications there is not yet enough evidence to draw any definite conclusions. There is a clear gap in target audience with almost all products and studies targeting the general public and very little attention given to IT professionals and managers. The products and studies also mostly work over a short period, while it is known that short-term interventions are not particularly effective at affecting behavioural change.

  9. Drie nationale cyber security strategieën vergeleken

    NARCIS (Netherlands)

    Luiijf, H.A.M.

    2011-01-01

    Onafhankelijk van elkaar brachten Frankrijk, Duitsland en Nederland hun nationale cyber security strategieën vrijwel tegelijk uit. De strategieën hebben overeenkomsten, maar tonen ook grote verschillen. De drie landen onderkennen een urgente noodzaak om cyber security aan te pakken, maar hebben ande

  10. Drie nationale cyber security strategieën vergeleken

    NARCIS (Netherlands)

    Luiijf, H.A.M.

    2011-01-01

    Onafhankelijk van elkaar brachten Frankrijk, Duitsland en Nederland hun nationale cyber security strategieën vrijwel tegelijk uit. De strategieën hebben overeenkomsten, maar tonen ook grote verschillen. De drie landen onderkennen een urgente noodzaak om cyber security aan te pakken, maar hebben

  11. Measuring Library Vendor Cyber Security: Seven Easy Questions Every Librarian Can Ask

    Directory of Open Access Journals (Sweden)

    Alex Caro

    2016-04-01

    Full Text Available This article is based on an independent cyber security risk management audit for a public library system completed by the authors in early 2015 and based on a research paper by the same group at Clark University in 2014. We stress that while cyber security must include raising public knowledge in regard to cyber security issues and resources, and libraries are indeed the perfect place to disseminate this knowledge, librarians are also in a unique position as the gatekeepers of information services provided to the public and should conduct internal audits to ensure our content partners and IT vendors take cyber security as seriously as the library and its staff. One way to do this is through periodic reviews of existing vendor relationships. To this end, the authors created a simple grading rubric you can adopt or modify to help take this first step towards securing your library data. It is intended to be used by both technical and non-technical staff as a simple measurement of what vendor agreements currently exist and how they rank, while at the same time providing a roadmap for which security features or policy statements the library can or should require moving forward.

  12. An Analytical Framework for Cyber Security

    Science.gov (United States)

    2011-11-01

    problem. Business incentives matter… Bot Herder Cost Bot Herder Return Antivirus Cost Antivirus Return Short Long...kills branch Solution needed: high cost solution, kills tree “Storm” Botnet Strategy 1: XOR‡ branch Bot Herder strategy example: The

  13. Cyber Security: Critical Infrastructure Controls Assessment Framework

    Science.gov (United States)

    2011-05-01

    recoverability Storm and Lightning Fire Chemical Leakage Nuclear Leakage n ercep on & Spoofing, Hacking Sabotage or Vandalism 4 capability 5...Action  10. ICS – Infrastructure Control System 11. IEC  – International Electrochemical  Commission 12. IED – Intelligent Electronic Devices 13 IEEE

  14. 智能电网物联网技术架构及信息安全防护体系研究%Research on technical framework and cyber security protection system of IOT in smart grid

    Institute of Scientific and Technical Information of China (English)

    赵婷; 高昆仑; 郑晓崑; 徐兴坤

    2012-01-01

    物联网作为能够全面实现信息感知、可靠传输及高效信息处理的先进技术,在智能电网发电、输电、变电、配电、调度、用电等环节应用广泛且前景广阔.解决物联网的信息安全问题,实现物联网在智能电网中的安全应用既必要又迫切.探讨了智能电网中典型的物联网系统,分析了通用的技术架构及系统面临的信息安全风险,最后提出了智能电网中物联网系统信息安全防范的技术体系和关键的安全防护措施.%As an advanced technology for information sensing and transmission, Internet of things (IOT) has been applied extensively in power generation, transmission, transformation, distribution, utilization and other processes, and will develop with broad prospect in smart grid. Therefore, it is necessary to resolve security problems and decrease cyber security risks, which aims to guarantee steady IOT operating in smart grid. The typical IOT system structure applied in smart grid is identified and modeled. The existing cyber security risks are assessed. Furthermore, a cyber security protection system and key protection measures for IOT in smart grid are presented, which provided an available guidance for IOT applied in smart grid.

  15. Cyber Security Policy. A methodology for Determining a National Cyber-Security Alert Level

    Directory of Open Access Journals (Sweden)

    Dan Constantin TOFAN

    2012-01-01

    Full Text Available Nowadays, assuring the security of the national cyber-space has become a big issue that can only be tackled through collaborative approaches. Threats cannot be confined to a single computer system just as much as computer systems are rendered useless without being con-nected to a supporting network. The authors of this article propose an innovative architecture of a system designated to help governments collect and analyze data about cyber-security in-cidents, from different organizations, dispersed nationwide, and acting within various economic sectors. The collected data will make us able to determine a national cyber-security alert score that could help policy makers in establishing the best strategies for protecting the national cyber-space.

  16. Lecture 13: Control System Cyber Security

    CERN Document Server

    CERN. Geneva

    2013-01-01

    Today, the industralized world lives in symbiosis with control systems: it depends on power distribution, oil production, public transport, automatic production lines. While the convenience is at hand, still too many control systems are designed without any security in mind, lack basic security protections, and are not even robust enough to withstand basic attacks. The Stuxnet worm attacking Siemens PLCs in 2010 was another close call. Attackers currently enjoy hacking control systems, and aim to switch lights off. This presentation shall recap the current situation and outline why the presenter is still waiting for a change in paradigm. Stefan Lüders, PhD, graduated from the Swiss Federal Institute of Technology in Zurich and joined CERN in 2002. Being initially developer of a common safety system used in all four experiments at the Large Hadron Collider, he gathered expertise in cyber-security issues of control systems. Consequently in 2004, he took over responsibilities in securing CERN's accelerator and...

  17. Cyber-Security Challenges with SMEs in Developing Economies: Issues of Confidentiality, Integrity & Availability (CIA)

    DEFF Research Database (Denmark)

    Yeboah-Boateng, Ezer Osei

    The essence of this study is first to highlight the cyber-security challenges confronting SMEs in developing economies, and to model a framework for safeguarding their assets, to ensure continuous optimal business operations, and to participate and compete securely in the ubiquitous cyber......-market. As more SMEs today continue to use networks and the Internet as vital business tools, the need for a secured organization cannot be over-emphasized. SMEs are utilizing the opportunities offered by advances in ICTs to adopt innovative business operations, to offer user-friendly products and services......, to develop customer-centric strategies. While connectivity is indispensable for achieving business success, being connected also implies being exposed to a myriad of cyber-security challenges, such as vulnerabilities of confidentiality, integrity and availability (CIA). As vulnerabilities are exploited...

  18. Crowdsourcing cyber security: a property rights view of exclusion and theft on the information commons

    Directory of Open Access Journals (Sweden)

    Gary Shiffman

    2013-02-01

    Full Text Available Individuals increasingly rely upon the internet for basic economic interaction. Current cyber security mechanisms are unable to stop adversaries and hackers from gaining access to sensitive information stored on government, business, and public computers. Experts propose implementing attribution and audit frameworks in cyberspace to deter, prevent, and prosecute cyber criminals and attackers. However, this method faces significant policy and resource constraints. Social science research, specifically in law and economics, concerning common-pool resources suggests an organic approach to cyber security may yield an appropriate solution. This cyber commons method involves treating the internet as a commons and encouraging individuals and institutions to voluntarily implement innovative and adaptive monitoring mechanisms. Such mechanisms are already in use and in many cases have proven more effective than attribution mechanisms in resisting and tracing the source of cyber attacks.

  19. Empirical analysis of the effects of cyber security incidents.

    Science.gov (United States)

    Davis, Ginger; Garcia, Alfredo; Zhang, Weide

    2009-09-01

    We analyze the time series associated with web traffic for a representative set of online businesses that have suffered widely reported cyber security incidents. Our working hypothesis is that cyber security incidents may prompt (security conscious) online customers to opt out and conduct their business elsewhere or, at the very least, to refrain from accessing online services. For companies relying almost exclusively on online channels, this presents an important business risk. We test for structural changes in these time series that may have been caused by these cyber security incidents. Our results consistently indicate that cyber security incidents do not affect the structure of web traffic for the set of online businesses studied. We discuss various public policy considerations stemming from our analysis.

  20. Your employees: the front line in cyber security

    OpenAIRE

    Ashenden, D.

    2016-01-01

    First published in The Chemical Engineer and reproduced by Crest - Centre for Research and Evidence on Security Threats, 26/01/2016 (https://crestresearch.ac.uk/comment/employees-front-line-cyber-security/)

  1. Using a Prediction Model to Manage Cyber Security Threats

    National Research Council Canada - National Science Library

    Jaganathan, Venkatesh; Cherurveettil, Priyesh; Muthu Sivashanmugam, Premapriya

    2015-01-01

    .... The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security...

  2. Validating Cyber Security Requirements: A Case Study

    Energy Technology Data Exchange (ETDEWEB)

    Abercrombie, Robert K [ORNL; Sheldon, Frederick T [ORNL; Mili, Ali [New Jersey Insitute of Technology

    2011-01-01

    Vulnerabilities in a system may have widely varying impacts on system security. In practice, security should not be defined as the absence of vulnerabilities. In practice, security should not be quantified by the number of vulnerabilities. Security should be managed by pursuing a policy that leads us first to the highest impact vulnerabilities. In light of these observations, we argue in favor of shifting our focus from vulnerability avoidance/removal to measurable security attributes. To this effect, we recommend a logic be used for system security, which captures/represents security properties in quantifiable, verifiable, measurable terms so that it is possible to reason about security in terms of its observable/perceptible effects rather than its hypothesized causes. This approach is orthogonal to existing techniques for vulnerability avoidance, removal, detection, and recovery, in the sense that it provides a means to assess, quantify, and combine these techniques.

  3. S5: New Threats to Cyber-Security

    Science.gov (United States)

    2014-10-29

    2014 Carnegie Mellon University 29-Oct-2014 S5 : New Threats to Cyber-Security Software Engineering Institute Carnegie Mellon University...unclassified Standard Form 298 (Rev. 8-98) Prescribed by ANSI Std Z39-18 2 Mark Sherman S5 : New Threats to Cyber-Security © 2014 Carnegie...Institute at permission@sei.cmu.edu. Carnegie Mellon® and CERT® are registered marks of Carnegie Mellon University. DM-0001805 3 Mark Sherman S5

  4. The Soft Side of Cyber Security - Social Media

    DEFF Research Database (Denmark)

    Nissen, Thomas Elkjer

    2016-01-01

    The importance of cyber-security is growing. With the continued digitization of our everyday life we become increasingly vulnerable to cyber-attacks – also personally. Therefore, it is an issue to be taken extremely seriously.......The importance of cyber-security is growing. With the continued digitization of our everyday life we become increasingly vulnerable to cyber-attacks – also personally. Therefore, it is an issue to be taken extremely seriously....

  5. The Soft Side of Cyber Security - Social Media

    DEFF Research Database (Denmark)

    Nissen, Thomas Elkjer

    2016-01-01

    The importance of cyber-security is growing. With the continued digitization of our everyday life we become increasingly vulnerable to cyber-attacks – also personally. Therefore, it is an issue to be taken extremely seriously.......The importance of cyber-security is growing. With the continued digitization of our everyday life we become increasingly vulnerable to cyber-attacks – also personally. Therefore, it is an issue to be taken extremely seriously....

  6. Proceedings Second Annual Cyber Security and Information Infrastructure Research Workshop

    Energy Technology Data Exchange (ETDEWEB)

    Sheldon, Frederick T [ORNL; Krings, Axel [ORNL; Yoo, Seong-Moo [ORNL; Mili, Ali [ORNL; Trien, Joseph P [ORNL

    2006-01-01

    The workshop theme is Cyber Security: Beyond the Maginot Line Recently the FBI reported that computer crime has skyrocketed costing over $67 billion in 2005 alone and affecting 2.8M+ businesses and organizations. Attack sophistication is unprecedented along with availability of open source concomitant tools. Private, academic, and public sectors invest significant resources in cyber security. Industry primarily performs cyber security research as an investment in future products and services. While the public sector also funds cyber security R&D, the majority of this activity focuses on the specific mission(s) of the funding agency. Thus, broad areas of cyber security remain neglected or underdeveloped. Consequently, this workshop endeavors to explore issues involving cyber security and related technologies toward strengthening such areas and enabling the development of new tools and methods for securing our information infrastructure critical assets. We aim to assemble new ideas and proposals about robust models on which we can build the architecture of a secure cyberspace including but not limited to: * Knowledge discovery and management * Critical infrastructure protection * De-obfuscating tools for the validation and verification of tamper-proofed software * Computer network defense technologies * Scalable information assurance strategies * Assessment-driven design for trust * Security metrics and testing methodologies * Validation of security and survivability properties * Threat assessment and risk analysis * Early accurate detection of the insider threat * Security hardened sensor networks and ubiquitous computing environments * Mobile software authentication protocols * A new "model" of the threat to replace the "Maginot Line" model and more . . .

  7. 潜艇信息系统信息安全与纵深防护策略研究%Research of Cyber Security and Defense in Depth Strategy for Information System in Submarine

    Institute of Scientific and Technical Information of China (English)

    殷虎

    2016-01-01

    With the development of the network centric warfare, the importance of cyber security study for modern submarine system becomes increasingly prominent. Firstly, the background and study of cyber security issue are analyzed and summarized. Secondly, requirement and property definitions of security for submarine system are studied. Finally, the cyber security framework of submarine is explored, and a general cyber security and protection architecture for submarine system is proposed based on defense⁃in⁃depth concept, which is hoped to provide the basis to solve security defects, establish security and protection architecture, assist⁃system maintenance and ensure the security of the system.%随着网络中心战的发展,信息安全问题在现代潜艇系统中的重要性日益凸显。首先分析潜艇信息安全问题的背景、总结其研究现状,然后研究了潜艇信息安全需求及属性定义,探讨了潜艇信息系统信息安全防护整体框架,在此基础上提出了一种综合静态安全防护和动态运行安全防护的潜艇信息系统信息安全纵深防护体系结构。以期为解决潜艇系统设计中的安全缺陷、建立潜艇信息安全防护体系,辅助系统维护、保障系统安全提供基础。

  8. Anomaly-based online intrusion detection system as a sensor for cyber security situational awareness system

    OpenAIRE

    Kokkonen, Tero

    2016-01-01

    Almost all the organisations and even individuals rely on complex structures of data networks and networked computer systems. That complex data ensemble, the cyber domain, provides great opportunities, but at the same time it offers many possible attack vectors that can be abused for cyber vandalism, cyber crime, cyber espionage or cyber terrorism. Those threats produce requirements for cyber security situational awareness and intrusion detection capability. This dissertation conc...

  9. Data fusion in cyber security: first order entity extraction from common cyber data

    Science.gov (United States)

    Giacobe, Nicklaus A.

    2012-06-01

    The Joint Directors of Labs Data Fusion Process Model (JDL Model) provides a framework for how to handle sensor data to develop higher levels of inference in a complex environment. Beginning from a call to leverage data fusion techniques in intrusion detection, there have been a number of advances in the use of data fusion algorithms in this subdomain of cyber security. While it is tempting to jump directly to situation-level or threat-level refinement (levels 2 and 3) for more exciting inferences, a proper fusion process starts with lower levels of fusion in order to provide a basis for the higher fusion levels. The process begins with first order entity extraction, or the identification of important entities represented in the sensor data stream. Current cyber security operational tools and their associated data are explored for potential exploitation, identifying the first order entities that exist in the data and the properties of these entities that are described by the data. Cyber events that are represented in the data stream are added to the first order entities as their properties. This work explores typical cyber security data and the inferences that can be made at the lower fusion levels (0 and 1) with simple metrics. Depending on the types of events that are expected by the analyst, these relatively simple metrics can provide insight on their own, or could be used in fusion algorithms as a basis for higher levels of inference.

  10. Assessment And Testing of Industrial Devices Robustness Against Cyber Security Attacks

    CERN Document Server

    Tilaro, F

    2011-01-01

    CERN (European Organization for Nuclear Research),like any organization, needs to achieve the conflicting objectives of connecting its operational network to Internet while at the same time keeping its industrial control systems secure from external and internal cyber attacks. With this in mind, the ISA-99[0F1] international cyber security standard has been adopted at CERN as a reference model to define a set of guidelines and security robustness criteria applicable to any network device. Devices robustness represents a key link in the defense-in-depth concept as some attacks will inevitably penetrate security boundaries and thus require further protection measures. When assessing the cyber security robustness of devices we have singled out control system-relevant attack patterns derived from the well-known CAPEC[1F2] classification. Once a vulnerability is identified, it needs to be documented, prioritized and reproduced at will in a dedicated test environment for debugging purposes. CERN - in collaboration ...

  11. Cyber security in nuclear power plants and its portability to other industrial infrastructures

    Energy Technology Data Exchange (ETDEWEB)

    Champigny, Sebastien; Gupta, Deeksha; Watson, Venesa; Waedt, Karl [AREVA GmbH, Erlangen (Germany)

    2017-06-15

    Power generation increasingly relies on decentralised and interconnected computerised systems. Concepts like ''Industrial Internet of Things'' of the Industrial Internet Consortium (IIC), and ''Industry 4.0'' find their way in this strategic industry. Risk of targeted exploits of errors and vulnerabilities increases with complexity, interconnectivity and decentralization. Inherently stringent security requirements and features make nuclear computerised applications and systems a benchmark for industrial counterparts seeking to hedge against those risks. Consequently, this contribution presents usual cyber security regulations and practices for nuclear power plants. It shows how nuclear cyber security can be ported and used in an industrial context to protect critical infrastructures against cyber-attacks and industrial espionage.

  12. Europe’s fragmented approach towards cyber security

    Directory of Open Access Journals (Sweden)

    Karine e Silva

    2013-10-01

    Full Text Available The article proposes a deeper insight into the variety of concepts used to describe the term cyber security and the ways in which it has been used in recent years. It examines the role of three important actors involved in the internet governance arena, namely governments, private sector and civil society, and how they have influenced the debate. To this end, this paper analyses how different organisations, industry and societal actors see cyber security and how their interests influence the way the debate has evolved. The difficult balance between security and fundamental rights, although not new to governments and society, is of great importance for the internet. Citizens have engaged in favour of an open internet. However, little attention has been paid to the demands of citizens and how they may contribute to a concept of cyber security that brings society to its core. The paper states that for cyberspace to be open and supportive of innovation, the practice of cyber security needs to internalise the interests and perspectives of end users. A multistakeholder approach to cyber security asks a more participative environment where the rules of the game are decided with public participation and consultation, giving citizens the means and methods to influence the way cyber security is conceived and implemented. The paper concludes that although a citizen centric approach towards cyber security should be the way forward, this seems to be yet far from being included in the governmental agenda. The methodology applied in the paper was mainly focused on desk research.

  13. Cyber security with radio frequency interferences mitigation study for satellite systems

    Science.gov (United States)

    Wang, Gang; Wei, Sixiao; Chen, Genshe; Tian, Xin; Shen, Dan; Pham, Khanh; Nguyen, Tien M.; Blasch, Erik

    2016-05-01

    Satellite systems including the Global Navigation Satellite System (GNSS) and the satellite communications (SATCOM) system provide great convenience and utility to human life including emergency response, wide area efficient communications, and effective transportation. Elements of satellite systems incorporate technologies such as navigation with the global positioning system (GPS), satellite digital video broadcasting, and information transmission with a very small aperture terminal (VSAT), etc. The satellite systems importance is growing in prominence with end users' requirement for globally high data rate transmissions; the cost reduction of launching satellites; development of smaller sized satellites including cubesat, nanosat, picosat, and femtosat; and integrating internet services with satellite networks. However, with the promising benefits, challenges remain to fully develop secure and robust satellite systems with pervasive computing and communications. In this paper, we investigate both cyber security and radio frequency (RF) interferences mitigation for satellite systems, and demonstrate that they are not isolated. The action space for both cyber security and RF interferences are firstly summarized for satellite systems, based on which the mitigation schemes for both cyber security and RF interferences are given. A multi-layered satellite systems structure is provided with cross-layer design considering multi-path routing and channel coding, to provide great security and diversity gains for secure and robust satellite systems.

  14. APPROACH TO CYBER SECURITY ISSUES IN NIGERIA: CHALLENGES AND SOLUTION

    Directory of Open Access Journals (Sweden)

    Frank Ibikunle

    2013-06-01

    Full Text Available Cyber-space refers to the boundless space known as the internet. Cyber-security is the body of rules put in place for the protection of the cyber space. Cyber-crime refers to the series of organized crime attacking both cyber space and cyber security. The Internet is one of the fastest-growing areas of technical infrastructure development. Over the past decades, the growth of the internet and its use afforded everyone this opportunity. Google, Wikipedia and Bing to mention a few, give detailed answers to millions of questions every day. Cyberspace is a world that contains just about anything one is searching for. With the advent of these advancements in information accessibility and the advantages and applications of the internet comes an exponentially growing disadvantage- Cyber Crime. Cyber security has risen to become a national concern as threats concerning it now need to be taken more seriously. This paper attempts to provide an overview of Cybercrime and Cyber-security. It defines the concept of cybercrime, identify reasons for cyber-crime and its eradication. It look at those involved and the reasons for their involvement. Methods of stepping up cyber security and the recommendations that would help in checking the increasing rate of cyber-crimes were highlighted. The paper also attempts to name some challenges of cybercrime and present practical and logical solutions to these threats.

  15. 78 FR 6807 - Critical Infrastructure Protection and Cyber Security Trade Mission to Saudi Arabia and Kuwait...

    Science.gov (United States)

    2013-01-31

    ... International Trade Administration Critical Infrastructure Protection and Cyber Security Trade Mission to Saudi... Infrastructure Protection and Cyber Security mission to Riyadh, Saudi Arabia and Kuwait City, Kuwait, from September 28-October 1, 2013. The mission will focus on the cyber security, critical infrastructure...

  16. Process Control System Cyber Security Standards - An Overview

    Energy Technology Data Exchange (ETDEWEB)

    Robert P. Evans; V Stanley Scown; Rolf Carlson; Shabbir Shamsuddin; George Shaw; Jeff Dagle; Paul W Oman; Jeannine Schmidt

    2005-10-01

    The use of cyber security standards can greatly assist in the protection of critical infrastructure by providing guidelines and requisite imperatives in the implementation of computer-controlled systems. These standards are most effective when the engineers and operators using the standards understand what each of the standards addresses and does not address. This paper provides a review and comparison of ten documents dealing with control system cyber security. It is not meant to be a complete treatment of all applicable standards; rather, this is an exemplary analysis showing the benefits of comparing and contrasting differing documents.

  17. International Conference on Computational Intelligence, Cyber Security, and Computational Models

    CERN Document Server

    Ramasamy, Vijayalakshmi; Sheen, Shina; Veeramani, C; Bonato, Anthony; Batten, Lynn

    2016-01-01

    This book aims at promoting high-quality research by researchers and practitioners from academia and industry at the International Conference on Computational Intelligence, Cyber Security, and Computational Models ICC3 2015 organized by PSG College of Technology, Coimbatore, India during December 17 – 19, 2015. This book enriches with innovations in broad areas of research like computational modeling, computational intelligence and cyber security. These emerging inter disciplinary research areas have helped to solve multifaceted problems and gained lot of attention in recent years. This encompasses theory and applications, to provide design, analysis and modeling of the aforementioned key areas.

  18. Evaluation of a Cyber Security System for Hospital Network.

    Science.gov (United States)

    Faysel, Mohammad A

    2015-01-01

    Most of the cyber security systems use simulated data in evaluating their detection capabilities. The proposed cyber security system utilizes real hospital network connections. It uses a probabilistic data mining algorithm to detect anomalous events and takes appropriate response in real-time. On an evaluation using real-world hospital network data consisting of incoming network connections collected for a 24-hour period, the proposed system detected 15 unusual connections which were undetected by a commercial intrusion prevention system for the same network connections. Evaluation of the proposed system shows a potential to secure protected patient health information on a hospital network.

  19. Shopping For Danger: E-commerce techniques applied to collaboration in cyber security

    Energy Technology Data Exchange (ETDEWEB)

    Bruce, Joseph R.; Fink, Glenn A.

    2012-05-24

    Collaboration among cyber security analysts is essential to a successful protection strategy on the Internet today, but it is uncommonly practiced or encouraged in operating environments. Barriers to productive collaboration often include data sensitivity, time and effort to communicate, institutional policy, and protection of domain knowledge. We propose an ambient collaboration framework, Vulcan, designed to remove the barriers of time and effort and mitigate the others. Vulcan automated data collection, collaborative filtering, and asynchronous dissemination, eliminating the effort implied by explicit collaboration among peers. We instrumented two analytic applications and performed a mock analysis session to build a dataset and test the output of the system.

  20. Adversarial Reinforcement Learning in a Cyber Security Simulation}

    NARCIS (Netherlands)

    Elderman, Richard; Pater, Leon; Thie, Albert; Drugan, Madalina; Wiering, Marco

    2017-01-01

    This paper focuses on cyber-security simulations in networks modeled as a Markov game with incomplete information and stochastic elements. The resulting game is an adversarial sequential decision making problem played with two agents, the attacker and defender. The two agents pit one reinforcement l

  1. Reconciling malicious and accidental risk in cyber security

    NARCIS (Netherlands)

    Pieters, Wolter; Lukszo, Zofia; Hadžiosmanović, Dina; Berg, van den Jan

    2014-01-01

    Consider the question whether a cyber security investment is cost-effective. The result will depend on the expected frequency of attacks. Contrary to what is referred to as threat event frequencies or hazard rates in safety risk management, frequencies of targeted attacks are not independent from sy

  2. Verslag Nationale Cyber Security Strategie 2 : Van bewust naar bekwaam

    NARCIS (Netherlands)

    Luiijf, H.A.M.

    2014-01-01

    Op 28 oktober 2013 werd de tweede Nationale Cyber Security Strategie (NCSS 2) uitgebracht, twee en een half jaar na de eerste. De strategische focus verschuift van publiek-private samenwerking naar publiek-private participatie en strategische samenwerking. De nieuwe strategie beoogt dat, Nederland

  3. 76 FR 43696 - Nationwide Cyber Security Review (NCSR) Assessment

    Science.gov (United States)

    2011-07-21

    ... government to complete a cyber network security assessment so that a full measure of gaps and capabilities... SECURITY Nationwide Cyber Security Review (NCSR) Assessment AGENCY: National Protection and Programs...: The Department of Homeland Security (DHS), National Protection and Programs Directorate (NPPD),...

  4. 76 FR 22409 - Nationwide Cyber Security Review (NCSR) Assessment

    Science.gov (United States)

    2011-04-21

    ... a cyber network security assessment so that a full measure of gaps and capabilities can be completed... SECURITY Nationwide Cyber Security Review (NCSR) Assessment AGENCY: National Protection and Programs.... SUMMARY: The Department of Homeland Security (DHS), National Protection and Programs Directorate...

  5. A Comparison of Cross-Sector Cyber Security Standards

    Energy Technology Data Exchange (ETDEWEB)

    Robert P. Evans

    2005-09-01

    This report presents a review and comparison (commonality and differences) of three cross-sector cyber security standards and an internationally recognized information technology standard. The comparison identifies the security areas covered by each standard and reveals where the standards differ in emphasis. By identifying differences in the standards, the user can evaluate which standard best meets their needs. For this report, only cross-sector standards were reviewed.

  6. The cyber security threat stops in the boardroom.

    Science.gov (United States)

    Scully, Tim

    The attitude that 'it won't happen to me' still prevails in the boardrooms of industry when senior executives consider the threat of targeted cyber intrusions. Not much has changed in the commercial world of cyber security over the past few years; hackers are not being challenged to find new ways to steal companies' intellectual property and confidential information. The consequences of even major security breaches seem not to be felt by the leaders of victim companies. Why is this so? Surely IT security practitioners are seeking new ways to detect and prevent targeted intrusions into companies' networks? Are the consequences of targeted intrusions so insignificant that the captains of industry tolerate them? Or do only others feel the pain of their failure? This paper initially explores the failure of cyber security in industry and contends that, while industry leaders should not be alone in accepting responsibility for this failure, they must take the initiative to make life harder for cyber threat actors. They cannot wait for government leadership on policy, strategy or coordination. The paper then suggests some measures that a CEO can adopt to build a new corporate approach to cyber security.

  7. Nuclear Power Plant Cyber Security Discrete Dynamic Event Tree Analysis (LDRD 17-0958) FY17 Report.

    Energy Technology Data Exchange (ETDEWEB)

    Wheeler, Timothy A.; Denman, Matthew R; Williams, R. A.; Martin, Nevin; Jankovsky, Zachary Kyle

    2017-09-01

    Instrumentation and control of nuclear power is transforming from analog to modern digital assets. These control systems perform key safety and security functions. This transformation is occurring in new plant designs as well as in the existing fleet of plants as the operation of those plants is extended to 60 years. This transformation introduces new and unknown issues involving both digital asset induced safety issues and security issues. Traditional nuclear power risk assessment tools and cyber security assessment methods have not been modified or developed to address the unique nature of cyber failure modes and of cyber security threat vulnerabilities. iii This Lab-Directed Research and Development project has developed a dynamic cyber-risk in- formed tool to facilitate the analysis of unique cyber failure modes and the time sequencing of cyber faults, both malicious and non-malicious, and impose those cyber exploits and cyber faults onto a nuclear power plant accident sequence simulator code to assess how cyber ex- ploits and cyber faults could interact with a plants digital instrumentation and control (DI&C) system and defeat or circumvent a plants cyber security controls. This was achieved by cou- pling an existing Sandia National Laboratories nuclear accident dynamic simulator code with a cyber emulytics code to demonstrate real-time simulation of cyber exploits and their impact on automatic DI&C responses. Studying such potential time-sequenced cyber-attacks and their risks (i.e., the associated im- pact and the associated degree of difficulty to achieve the attack vector) on accident manage- ment establishes a technical risk informed framework for developing effective cyber security controls for nuclear power. iv

  8. Quantum-Enhanced Cyber Security: Experimental Computation on Quantum-Encrypted Data

    Science.gov (United States)

    2017-03-02

    AFRL-AFOSR-UK-TR-2017-0020 Quantum-Enhanced Cyber Security : Experimental Computation on Quantum-Encrypted Data Philip Walther UNIVERSITT WIEN Final...REPORT TYPE Final 3. DATES COVERED (From - To) 15 Oct 2015 to 31 Dec 2016 4. TITLE AND SUBTITLE Quantum-Enhanced Cyber Security : Experimental Computation...FORM SF 298 Final Report for FA9550-1-6-1-0004 Quantum-enhanced cyber security : Experimental quantum computation with quantum-encrypted data

  9. An Analysis Of Cyber Security And How It Is Affecting A Contract Writing System, Seaport

    Science.gov (United States)

    2016-06-01

    NAVAL POSTGRADUATE SCHOOL MONTEREY, CALIFORNIA JOINT APPLIED PROJECT AN ANALYSIS OF CYBER SECURITY AND HOW IT IS AFFECTING A...REPORT DATE June 2016 3. REPORT TYPE AND DATES COVERED Joint applied project 4. TITLE AND SUBTITLE AN ANALYSIS OF CYBER SECURITY AND HOW IT IS AFFECTING...13. ABSTRACT (maximum 200 words) The purpose of this paper is to research cyber security and whether it creates inefficiencies and ineffective

  10. Improving Cyber-Security of Smart Grid Systems via Anomaly Detection and Linguistic Domain Knowledge

    Energy Technology Data Exchange (ETDEWEB)

    Ondrej Linda; Todd Vollmer; Milos Manic

    2012-08-01

    The planned large scale deployment of smart grid network devices will generate a large amount of information exchanged over various types of communication networks. The implementation of these critical systems will require appropriate cyber-security measures. A network anomaly detection solution is considered in this work. In common network architectures multiple communications streams are simultaneously present, making it difficult to build an anomaly detection solution for the entire system. In addition, common anomaly detection algorithms require specification of a sensitivity threshold, which inevitably leads to a tradeoff between false positives and false negatives rates. In order to alleviate these issues, this paper proposes a novel anomaly detection architecture. The designed system applies the previously developed network security cyber-sensor method to individual selected communication streams allowing for learning accurate normal network behavior models. Furthermore, the developed system dynamically adjusts the sensitivity threshold of each anomaly detection algorithm based on domain knowledge about the specific network system. It is proposed to model this domain knowledge using Interval Type-2 Fuzzy Logic rules, which linguistically describe the relationship between various features of the network communication and the possibility of a cyber attack. The proposed method was tested on experimental smart grid system demonstrating enhanced cyber-security.

  11. Best Practices for Operating Government-Industry Partnerships in Cyber Security

    Directory of Open Access Journals (Sweden)

    Larry Clinton

    2015-12-01

    Full Text Available Since the publication of the first National Strategy to Secure Cyber Space in 2003 the US federal government has realized that due to the interconnected nature of the Internet, securing the system would require an industry-government partnership. However, defining exactly what that new partnership would look like and how it would operate has been unclear. The ramifications of this ambiguous strategy have been noted elsewhere including the 2011 JSS article “A Relationship on the Brink” which described the dysfunctional state of public private partnerships with respect to cyber security. Subsequently, a joint industry-government study of partnership programs has generated a consensus list of “best practices” for operating such programs successfully. Moreover, subsequent use of these principles seems to confirm their ability to enhance the partnership and hopefully helps ameliorate, to some degree, the growing cyber threat. This article provides a brief history of the evolution of public-private partnerships in cyber security, the joint study to assess them and the 12 best practices generated by that analysis.

  12. Probabilistic Characterization of Adversary Behavior in Cyber Security

    Energy Technology Data Exchange (ETDEWEB)

    Meyers, C A; Powers, S S; Faissol, D M

    2009-10-08

    The objective of this SMS effort is to provide a probabilistic characterization of adversary behavior in cyber security. This includes both quantitative (data analysis) and qualitative (literature review) components. A set of real LLNL email data was obtained for this study, consisting of several years worth of unfiltered traffic sent to a selection of addresses at ciac.org. The email data was subjected to three interrelated analyses: a textual study of the header data and subject matter, an examination of threats present in message attachments, and a characterization of the maliciousness of embedded URLs.

  13. Advances in cyber security technology, operations, and experiences

    CERN Document Server

    Hsu, D Frank

    2013-01-01

    As you read this, your computer is in jeopardy of being hacked and your identity being stolen. Read this book to protect yourselves from this threat. The world's foremost cyber security experts, from Ruby Lee, Ph.D., the Forrest G. Hamrick professor of engineering and Director of the Princeton Architecture Laboratory for Multimedia and Security (PALMS) at Princeton University; to Nick Mankovich, Chief Information Security Officer of Royal Philips Electronics; to FBI Director Robert S. Mueller III; to Special Assistant to the President Howard A. Schmidt, share critical practical knowledge on ho

  14. Cyber security deterrence and it protection for critical infrastructures

    CERN Document Server

    Martellini, Maurizio

    2013-01-01

    The experts of the International Working Group-Landau Network Centro Volta (IWG-LNCV) discuss aspects of cyber security and present possible methods of deterrence, defense and resilience against cyber attacks. This SpringerBrief covers state-of-the-art documentation on the deterrence power of cyber attacks and argues that nations are entering a new cyber arms race. The brief also provides a technical analysis of possible cyber attacks towards critical infrastructures in the chemical industry and chemical safety industry. The authors also propose modern analyses and a holistic approach to resil

  15. 78 FR 39712 - Critical Infrastructure Protection and Cyber Security Trade Mission to Saudi Arabia and Kuwait...

    Science.gov (United States)

    2013-07-02

    ... From the Federal Register Online via the Government Publishing Office DEPARTMENT OF COMMERCE International Trade Administration Critical Infrastructure Protection and Cyber Security Trade Mission to Saudi..., until the maximum of 20 participants is selected, all interested U.S. IT and cyber-security firms...

  16. 76 FR 6637 - Assumption Buster Workshop: Defense-in-Depth Is a Smart Investment for Cyber Security

    Science.gov (United States)

    2011-02-07

    ... Assumption Buster Workshop: Defense-in-Depth Is a Smart Investment for Cyber Security AGENCY: The National... interagency working group that coordinates cyber security research activities in support of national security...-Depth strategy for cyber security. The workshop will be held March 22, 2011 in the Washington DC area...

  17. 76 FR 2151 - Assumption Buster Workshop: Defense-in-Depth is a Smart Investment for Cyber Security

    Science.gov (United States)

    2011-01-12

    ... Assumption Buster Workshop: Defense-in-Depth is a Smart Investment for Cyber Security AGENCY: The National...) Committee, an interagency working group that coordinates cyber security research activities in support of... the defense-in-depth strategy for cyber security. The workshop will be held March 22, 2011 in the...

  18. Cyber security risk assessment for SCADA and DCS networks.

    Science.gov (United States)

    Ralston, P A S; Graham, J H; Hieb, J L

    2007-10-01

    The growing dependence of critical infrastructures and industrial automation on interconnected physical and cyber-based control systems has resulted in a growing and previously unforeseen cyber security threat to supervisory control and data acquisition (SCADA) and distributed control systems (DCSs). It is critical that engineers and managers understand these issues and know how to locate the information they need. This paper provides a broad overview of cyber security and risk assessment for SCADA and DCS, introduces the main industry organizations and government groups working in this area, and gives a comprehensive review of the literature to date. Major concepts related to the risk assessment methods are introduced with references cited for more detail. Included are risk assessment methods such as HHM, IIM, and RFRM which have been applied successfully to SCADA systems with many interdependencies and have highlighted the need for quantifiable metrics. Presented in broad terms is probability risk analysis (PRA) which includes methods such as FTA, ETA, and FEMA. The paper concludes with a general discussion of two recent methods (one based on compromise graphs and one on augmented vulnerability trees) that quantitatively determine the probability of an attack, the impact of the attack, and the reduction in risk associated with a particular countermeasure.

  19. Cyber Security Testing and Training Programs for Industrial Control Systems

    Energy Technology Data Exchange (ETDEWEB)

    Daniel Noyes

    2012-03-01

    Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall security posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These trainings vary from web-based cyber security trainings for control systems engineers to more advanced hands-on training that culminates with a Red Team/ Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors.

  20. Evaluation Report on "The Department's Unclassified Cyber Security Program"

    Energy Technology Data Exchange (ETDEWEB)

    None

    2009-10-01

    Industry experts report that security challenges and threats are continually evolving as malicious activity has become more web-based and attackers are able to rapidly adapt their attack methods. In addition, the number of data breaches continues to rise. In an effort to mitigate and address threats and protect valuable information, the Department of Energy anticipated spending about $275 million in Fiscal Year (FY) 2009 to implement cyber security measures necessary to protect its information technology resources. These systems and data are designed to support the Department's mission and business lines of energy security, nuclear security, scientific discovery and innovation, and environmental responsibility. The Federal Information Security Management Act of 2002 (FISMA) provides direction to agencies on the management and oversight of information security risks, including design and implementation of controls to protect Federal information and systems. As required by FISMA, the Office of Inspector General conducts an annual independent evaluation to determine whether the Department's unclassified cyber security program adequately protects its information systems and data. This memorandum and the attached report present the results of our evaluation for FY 2009. The Department continued to make incremental improvements in its unclassified cyber security program. Our evaluation disclosed that most sites had taken action to address weaknesses previously identified in our FY 2008 evaluation report. They improved certification and accreditation of systems; strengthened configuration management of networks and systems; performed independent assessments; and, developed and/or refined certain policies and procedures. In addition, the Department instituted a centralized incident response organization designed to eliminate duplicative efforts throughout the Department. As we have noted in previous reports, the Department continued to maintain strong network

  1. Nuclear Cyber Security Case Study and Analysis

    Energy Technology Data Exchange (ETDEWEB)

    Park, Sunae [ChungNam National Univ., Daejeon (Korea, Republic of); Kim, Kyung doo [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2016-10-15

    Due to the new trend in cyber attacks, there is an increased security threat towards every country's infrastructure. So, security measures are required now than ever before. Previous cyber attacks normal process consists of paralyzing a server function, data extraction, or data control into the IT system for trespassing. However, nowadays control systems and infrastructures are also targeted and attacking methods have changed a lot. These days, the virus is becoming increasingly serious and hacker attacks are also becoming more frequent. This virus is a computer virus produced for the purpose of destroying the infrastructure, such as power plants, airports, railways June 2010, and it was first discovered in Belarus. Israel, the US, and other countries are believed culprits behind Stuxnet attacks on other nations such as Iran. Recent malware distribution, such as website hacking threat is growing. In surveys today one of the most long-term posing security threats is from North Korea. In particular, North Korea has been caught launching ongoing cyber-attacks after their latest nuclear test. South Korea has identified national trends regarding North Korean nuclear tests and analyzed them in order to catch disclosed confidential information. Especially, many nuclear power plants in the world are found to be vulnerable to cyber-attacks. Industrial facilities should be more wary of the risk of a serious cyber attack in the middle is going to increase the reliance on universal and commercial digital systems (off the shelf) software, civilian nuclear infrastructure. Senior executives’ current risk rate levels are increasing. Digitalization of the perception of risk is lacking in nuclear power plants and workers are creating prevention methods to make them fully aware of the risks of cyber-attacks. It is suggested that it may be inappropriate to assume we are prepared for potential attacks. Due to advances in technology, a warning that the growing sense of crisis

  2. Study of Security Attributes of Smart Grid Systems- Current Cyber Security Issues

    Energy Technology Data Exchange (ETDEWEB)

    Wayne F. Boyer; Scott A. McBride

    2009-04-01

    This document provides information for a report to congress on Smart Grid security as required by Section 1309 of Title XIII of the Energy Independence and Security Act of 2007. The security of any future Smart Grid is dependent on successfully addressing the cyber security issues associated with the nation’s current power grid. Smart Grid will utilize numerous legacy systems and technologies that are currently installed. Therefore, known vulnerabilities in these legacy systems must be remediated and associated risks mitigated in order to increase the security and success of the Smart Grid. The implementation of Smart Grid will include the deployment of many new technologies and multiple communication infrastructures. This report describes the main technologies that support Smart Grid and summarizes the status of implementation into the existing U.S. electrical infrastructure.

  3. Analysis of Dynamic Complexity of the Cyber Security Ecosystem of Colombia

    Directory of Open Access Journals (Sweden)

    Angélica Flórez

    2016-07-01

    Full Text Available This paper presents two proposals for the analysis of the complexity of the Cyber security Ecosystem of Colombia (CEC. This analysis shows the available knowledge about entities engaged in cyber security in Colombia and the relationships between them, which allow an understanding of the synergy between the different existing components. The complexity of the CEC is detailed from the view of the Influence Diagram of System Dynamics and the Domain Diagram of Software Engineering. The resulting model makes cyber security evident as a strategic component of national security.

  4. Application of the JDL data fusion process model for cyber security

    Science.gov (United States)

    Giacobe, Nicklaus A.

    2010-04-01

    A number of cyber security technologies have proposed the use of data fusion to enhance the defensive capabilities of the network and aid in the development of situational awareness for the security analyst. While there have been advances in fusion technologies and the application of fusion in intrusion detection systems (IDSs), in particular, additional progress can be made by gaining a better understanding of a variety of data fusion processes and applying them to the cyber security application domain. This research explores the underlying processes identified in the Joint Directors of Laboratories (JDL) data fusion process model and further describes them in a cyber security context.

  5. Bio-inspiring cyber security and cloud services trends and innovations

    CERN Document Server

    Kim, Tai-Hoon; Kacprzyk, Janusz; Awad, Ali

    2014-01-01

    This volume presents recent research in cyber security, and reports how organizations can gain competitive advantages by applying the different security techniques in real-world scenarios. The volume provides reviews of cutting–edge technologies, algorithms, applications and insights for bio-inspiring cyber security-based systems. The book will be a valuable companion and comprehensive reference for both postgraduate and senior undergraduate students who are taking a course in cyber security. The volume is organized in self-contained chapters to provide greatest reading flexibility.  

  6. Quantitative Vulnerability Assessment of Cyber Security for Distribution Automation Systems

    Directory of Open Access Journals (Sweden)

    Xiaming Ye

    2015-06-01

    Full Text Available The distribution automation system (DAS is vulnerable to cyber-attacks due to the widespread use of terminal devices and standard communication protocols. On account of the cost of defense, it is impossible to ensure the security of every device in the DAS. Given this background, a novel quantitative vulnerability assessment model of cyber security for DAS is developed in this paper. In the assessment model, the potential physical consequences of cyber-attacks are analyzed from two levels: terminal device level and control center server level. Then, the attack process is modeled based on game theory and the relationships among different vulnerabilities are analyzed by introducing a vulnerability adjacency matrix. Finally, the application process of the proposed methodology is illustrated through a case study based on bus 2 of the Roy Billinton Test System (RBTS. The results demonstrate the reasonability and effectiveness of the proposed methodology.

  7. A genetic epidemiology approach to cyber-security.

    Science.gov (United States)

    Gil, Santiago; Kott, Alexander; Barabási, Albert-László

    2014-07-16

    While much attention has been paid to the vulnerability of computer networks to node and link failure, there is limited systematic understanding of the factors that determine the likelihood that a node (computer) is compromised. We therefore collect threat log data in a university network to study the patterns of threat activity for individual hosts. We relate this information to the properties of each host as observed through network-wide scans, establishing associations between the network services a host is running and the kinds of threats to which it is susceptible. We propose a methodology to associate services to threats inspired by the tools used in genetics to identify statistical associations between mutations and diseases. The proposed approach allows us to determine probabilities of infection directly from observation, offering an automated high-throughput strategy to develop comprehensive metrics for cyber-security.

  8. Model Based Cyber Security Analysis for Research Reactor Protection System

    Energy Technology Data Exchange (ETDEWEB)

    Sho, Jinsoo; Rahman, Khalil Ur; Heo, Gyunyoung [Kyung Hee Univ., Yongin (Korea, Republic of); Son, Hanseong [Joongbu Univ., Geumsan (Korea, Republic of)

    2013-07-01

    The study on the qualitative risk due to cyber-attacks into research reactors was performed using bayesian Network (BN). This was motivated to solve the issues of cyber security raised due to digitalization of instrumentation and control (I and C) system. As a demonstrative example, we chose the reactor protection system (RPS) of research reactors. Two scenarios of cyber-attacks on RPS were analyzed to develop mitigation measures against vulnerabilities. The one is the 'insertion of reactor trip' and the other is the 'scram halt'. The six mitigation measures are developed for five vulnerability for these scenarios by getting the risk information from BN.

  9. The influence of cyber security levels of South African citizens on national security

    CSIR Research Space (South Africa)

    Jansen van Vuuren, J

    2012-03-01

    Full Text Available In South Africa, cyber security has been identified as a critical component contributing towards National Security. More rural communities are becoming integrated into the global village due to increased hardware and software corporate donations...

  10. Cyber security risk evaluation of a nuclear I and C using BN and ET

    Energy Technology Data Exchange (ETDEWEB)

    Shin, Jin Soo; Heo, Gyun Young [Dept. of Nuclear Engineering, Kyung Hee University, Yongin (Korea, Republic of); Son, Han Seong [Computer and Game Science, Joongbu University, Geumsan (Korea, Republic of)

    2017-04-15

    Cyber security is an important issue in the field of nuclear engineering because nuclear facilities use digital equipment and digital systems that can lead to serious hazards in the event of an accident. Regulatory agencies worldwide have announced guidelines for cyber security related to nuclear issues, including U.S. NRC Regulatory Guide 5.71. It is important to evaluate cyber security risk in accordance with these regulatory guides. In this study, we propose a cyber security risk evaluation model for nuclear instrumentation and control systems using a Bayesian network and event trees. As it is difficult to perform penetration tests on the systems, the evaluation model can inform research on cyber threats to cyber security systems for nuclear facilities through the use of prior and posterior information and backpropagation calculations. Furthermore, we suggest a methodology for the application of analytical results from the Bayesian network model to an event tree model, which is a probabilistic safety assessment method. The proposed method will provide insight into safety and cyber security risks.

  11. Cyber Security Risk Evaluation of a Nuclear I&C Using BN and ET

    Directory of Open Access Journals (Sweden)

    Jinsoo Shin

    2017-04-01

    Full Text Available Cyber security is an important issue in the field of nuclear engineering because nuclear facilities use digital equipment and digital systems that can lead to serious hazards in the event of an accident. Regulatory agencies worldwide have announced guidelines for cyber security related to nuclear issues, including U.S. NRC Regulatory Guide 5.71. It is important to evaluate cyber security risk in accordance with these regulatory guides. In this study, we propose a cyber security risk evaluation model for nuclear instrumentation and control systems using a Bayesian network and event trees. As it is difficult to perform penetration tests on the systems, the evaluation model can inform research on cyber threats to cyber security systems for nuclear facilities through the use of prior and posterior information and backpropagation calculations. Furthermore, we suggest a methodology for the application of analytical results from the Bayesian network model to an event tree model, which is a probabilistic safety assessment method. The proposed method will provide insight into safety and cyber security risks.

  12. Cyber Security Scenarios and Control for Small and Medium Enterprises

    Directory of Open Access Journals (Sweden)

    Nilaykumar Kiran SANGANI

    2012-01-01

    Full Text Available As the world advances towards the computing era, security threats keeps on increasing in the form of malware, viruses, internet attack, theft of IS assets / technology and a lot more. This is a major concern for any form of business. Loss in company’s status / liability / reputation is a huge downfall for a running business. We have witnessed the attacks getting carried out; large firm’s data getting breached / government bodies’ sites getting phished / attacked. These huge entities have technology expertise to safeguard their company’s interest against such attacks through investing huge amounts of capital in manpower and secure tools. But what about SMEs? SMEs enrich a huge part of the country’s economy. Big organizations have their own security measures policy which ideally is not applied when it comes to a SME. The aim of this paper is to come out with an Information Security Assurance Cyber Control for SMEs (ISACC against common cyber security threats implemented at a cost effective measure.

  13. 21st Century Cyber Security: Legal Authorities and Requirements

    Science.gov (United States)

    2012-03-22

    include the product of individual expression (such as music, art, poetry , architectural design, etc.) as well as the culmination of years of business...authorities. Incorporating nearly a dozen federal agencies it has reached a high level of success after nearly 23 years of experimental and iterative growth

  14. DOE/DHS INDUSTRIAL CONTROL SYSTEM CYBER SECURITY PROGRAMS: A MODEL FOR USE IN NUCLEAR FACILITY SAFEGUARDS AND SECURITY

    Energy Technology Data Exchange (ETDEWEB)

    Robert S. Anderson; Mark Schanfein; Trond Bjornard; Paul Moskowitz

    2011-07-01

    Many critical infrastructure sectors have been investigating cyber security issues for several years especially with the help of two primary government programs. The U.S. Department of Energy (DOE) National SCADA Test Bed and the U.S. Department of Homeland Security (DHS) Control Systems Security Program have both implemented activities aimed at securing the industrial control systems that operate the North American electric grid along with several other critical infrastructure sectors (ICS). These programs have spent the last seven years working with industry including asset owners, educational institutions, standards and regulating bodies, and control system vendors. The programs common mission is to provide outreach, identification of cyber vulnerabilities to ICS and mitigation strategies to enhance security postures. The success of these programs indicates that a similar approach can be successfully translated into other sectors including nuclear operations, safeguards, and security. The industry regulating bodies have included cyber security requirements and in some cases, have incorporated sets of standards with penalties for non-compliance such as the North American Electric Reliability Corporation Critical Infrastructure Protection standards. These DOE and DHS programs that address security improvements by both suppliers and end users provide an excellent model for nuclear facility personnel concerned with safeguards and security cyber vulnerabilities and countermeasures. It is not a stretch to imagine complete surreptitious collapse of protection against the removal of nuclear material or even initiation of a criticality event as witnessed at Three Mile Island or Chernobyl in a nuclear ICS inadequately protected against the cyber threat.

  15. DETERMINATION OF CYBER SECURITY AWARENESS OF PUBLIC EMPLOYEES AND CONSCIOUSNESS-RISING SUGGESTIONS

    Directory of Open Access Journals (Sweden)

    Huseyin Kuru

    2016-07-01

    Full Text Available The aim of this study is to measure Turkish government employees’ awareness of cyber security and cyber space elements. Participants were 71 Turkish public employees working for various ministries. Both qualitative and quantitative research methods were used to get the most detailed information from the participants. A survey was administered to cyber security officers in chosen state institutions. For qualitative research, open-ended questions were administered to the participants. Reliability and validity issues were established for both surveys. Results show that employees have enough information about cyber security and cyber warfare. Findings clearly suggests that cyber defense policy should be planned in coordination with other state institutions and experiences should be shared. In order to create feasible and realistic cyber security policy at institutional level, experts at cyber security must be trained, hired and help must be requested from specialized individuals and institutions. This study recommends that rapid reaction teams (RRT should be established to take care of cyber systems, to react against cyber breaches in time, to alert staff for cyber-attacks in order to establish effective recovery.

  16. Development on Guidance of Cyber Security Exercise for the Nuclear Facilities

    Energy Technology Data Exchange (ETDEWEB)

    Kim, Hyundoo [Korea Institute of Nuclear Nonproliferation and Control, Daejeon (Korea, Republic of)

    2016-10-15

    Cyber threats and attacks are increasing rapidly against infrastructure including energy and utilities industry over the world. Because of lack of human resource and incident response system to prevent or defend increased cyber threats, many governments and major national infrastructures perform cyber security exercises to improve capabilities of cyber security incident response. Accordingly there are exponential growth in the number of cyber security exercises over the past decade with the trend expecting to accelerate in the coming years. Even though there were many cyber security exercises in the Nuclear Facilities, this exercise was first which focused on mitigation and recovery of the system of the Nuclear Facility against cyber incident. So many insufficient items were deduced such as absence of a procedure for mitigation and recovery of cyber incident. These procedures should be developed and established through 3rd phase of Cyber Security Plan (CSP) and other technical complement actions under regulatory body’s guidance. Also developed and existed procedures should be regularly performed to make cyber incident response team and related people rapidly response against cyber incident through exercises or other training. The insufficient items come from the exercise should be reflected to developed and existed procedures by periods.

  17. Cyber Security Test Strategy for Non-safety Display System

    Energy Technology Data Exchange (ETDEWEB)

    Son, Han Seong [Joongbu University, Geumsan (Korea, Republic of); Kim, Hee Eun [KAIST, Daejeon (Korea, Republic of)

    2016-10-15

    Cyber security has been a big issue since the instrumentation and control (I and C) system of nuclear power plant (NPP) is digitalized. A cyber-attack on NPP should be dealt with seriously because it might cause not only economic loss but also the radioactive material release. Researches on the consequences of cyber-attack onto NPP from a safety point of view have been conducted. A previous study shows the risk effect brought by initiation of event and deterioration of mitigation function by cyber terror. Although this study made conservative assumptions and simplifications, it gives an insight on the effect of cyber-attack. Another study shows that the error on a non-safety display system could cause wrong actions of operators. According to this previous study, the failure of the operator action caused by a cyber-attack on a display system might threaten the safety of the NPP by limiting appropriate mitigation actions. This study suggests a test strategy focusing on the cyber-attack on the information and display system, which might cause the failure of operator. The test strategy can be suggested to evaluate and complement security measures. Identifying whether a cyber-attack on the information and display system can affect the mitigation actions of operator, the strategy to obtain test scenarios is suggested. The failure of mitigation scenario is identified first. Then, for the test target in the scenario, software failure modes are applied to identify realistic failure scenarios. Testing should be performed for those scenarios to confirm the integrity of data and to assure effectiveness of security measures.

  18. A developmental approach to learning causal models for cyber security

    Science.gov (United States)

    Mugan, Jonathan

    2013-05-01

    To keep pace with our adversaries, we must expand the scope of machine learning and reasoning to address the breadth of possible attacks. One approach is to employ an algorithm to learn a set of causal models that describes the entire cyber network and each host end node. Such a learning algorithm would run continuously on the system and monitor activity in real time. With a set of causal models, the algorithm could anticipate novel attacks, take actions to thwart them, and predict the second-order effects flood of information, and the algorithm would have to determine which streams of that flood were relevant in which situations. This paper will present the results of efforts toward the application of a developmental learning algorithm to the problem of cyber security. The algorithm is modeled on the principles of human developmental learning and is designed to allow an agent to learn about the computer system in which it resides through active exploration. Children are flexible learners who acquire knowledge by actively exploring their environment and making predictions about what they will find,1, 2 and our algorithm is inspired by the work of the developmental psychologist Jean Piaget.3 Piaget described how children construct knowledge in stages and learn new concepts on top of those they already know. Developmental learning allows our algorithm to focus on subsets of the environment that are most helpful for learning given its current knowledge. In experiments, the algorithm was able to learn the conditions for file exfiltration and use that knowledge to protect sensitive files.

  19. Measuring the Effectiveness of Visual Analytics and Data Fusion Techniques on Situation Awareness in Cyber-Security

    Science.gov (United States)

    Giacobe, Nicklaus A.

    2013-01-01

    Cyber-security involves the monitoring a complex network of inter-related computers to prevent, identify and remediate from undesired actions. This work is performed in organizations by human analysts. These analysts monitor cyber-security sensors to develop and maintain situation awareness (SA) of both normal and abnormal activities that occur on…

  20. Measuring the Effectiveness of Visual Analytics and Data Fusion Techniques on Situation Awareness in Cyber-Security

    Science.gov (United States)

    Giacobe, Nicklaus A.

    2013-01-01

    Cyber-security involves the monitoring a complex network of inter-related computers to prevent, identify and remediate from undesired actions. This work is performed in organizations by human analysts. These analysts monitor cyber-security sensors to develop and maintain situation awareness (SA) of both normal and abnormal activities that occur on…

  1. ASPECTS OF POLICIES AND STRATEGIES FOR CYBER SECURITY IN THE EUROPEAN UNION

    Directory of Open Access Journals (Sweden)

    Ilina ARMENCHEVA

    2015-10-01

    Full Text Available Freedom and prosperity of mankind greatly depend on an innovative, safe and reliable Internet that, of course, will keep evolving. Cyber space must be protected from incidents, misuse and abuse. Handling the increasing number of threats to cyber security is a challenge that national security and the trend in the international environment face. This makes taking fast and adequate measures at national, European and international level a must. Changing national security strategies and adopting new cyber security strategies are a part of these measures.

  2. Individual differences in cyber security behaviors: an examination of who is sharing passwords.

    Science.gov (United States)

    Whitty, Monica; Doodson, James; Creese, Sadie; Hodges, Duncan

    2015-01-01

    In spite of the number of public advice campaigns, researchers have found that individuals still engage in risky password practices. There is a dearth of research available on individual differences in cyber security behaviors. This study focused on the risky practice of sharing passwords. As predicted, we found that individuals who scored high on a lack of perseverance were more likely to share passwords. Contrary to our hypotheses, we found younger [corrected] people and individuals who score high on self-monitoring were more likely to share passwords. We speculate on the reasons behind these findings, and examine how they might be considered in future cyber security educational campaigns.

  3. Breaking the cyber-security dilemma: aligning security needs and removing vulnerabilities.

    Science.gov (United States)

    Dunn Cavelty, Myriam

    2014-09-01

    Current approaches to cyber-security are not working. Rather than producing more security, we seem to be facing less and less. The reason for this is a multi-dimensional and multi-faceted security dilemma that extends beyond the state and its interaction with other states. It will be shown how the focus on the state and "its" security crowds out consideration for the security of the individual citizen, with detrimental effects on the security of the whole system. The threat arising from cyberspace to (national) security is presented as possible disruption to a specific way of life, one building on information technologies and critical functions of infrastructures, with relatively little consideration for humans directly. This non-focus on people makes it easier for state actors to militarize cyber-security and (re-)assert their power in cyberspace, thereby overriding the different security needs of human beings in that space. Paradoxically, the use of cyberspace as a tool for national security, both in the dimension of war fighting and the dimension of mass-surveillance, has detrimental effects on the level of cyber-security globally. A solution out of this dilemma is a cyber-security policy that is decidedly anti-vulnerability and at the same time based on strong considerations for privacy and data protection. Such a security would have to be informed by an ethics of the infosphere that is based on the dignity of information related to human beings.

  4. Cyber security information exchange to gain insight into the effects of cyber threats and incidents

    NARCIS (Netherlands)

    Fransen, F.; Smulders, A.C.M.; Kerkdijk, H.

    2015-01-01

    The last couple of years we have seen an increase in interests and initiatives in establishing threat intelligence sharing communities, and on the development of standards and platforms for automated cyber security information sharing. These initiatives are focused on helping organisations to increa

  5. Canvassing the Cyber Security Landscape: Why Energy Companies Need to Pay Attention

    NARCIS (Netherlands)

    Averill, B.; Luiijf, H.A.M.

    2010-01-01

    Recent news of a “highly sophisticated and targeted” cyber attack on Google, Yahoo, and perhaps on as many as a dozen other companies has once again brought the issue of cyber security to the top of the news. Internet companies, however, are not the only ones vulnerable to such attacks. Over the pas

  6. Cyber security information exchange to gain insight into the effects of cyber threats and incidents

    NARCIS (Netherlands)

    Fransen, F.; Smulders, A.C.M.; Kerkdijk, H.

    2015-01-01

    The last couple of years we have seen an increase in interests and initiatives in establishing threat intelligence sharing communities, and on the development of standards and platforms for automated cyber security information sharing. These initiatives are focused on helping organisations to

  7. Implementation of a RPS Cyber Security Test-bed with Two PLCs

    Energy Technology Data Exchange (ETDEWEB)

    Shin, Jinsoo; Heo, Gyunyoung [Kyung Hee Univ., Yongin (Korea, Republic of); Son, Hanseong [Joongbu Univ., Geumsan (Korea, Republic of); An, Yongkyu; Rizwan, Uddin [University of Illinois at Urbana-Champaign, Urbana (United States)

    2015-10-15

    Our research team proposed the methodology to evaluate cyber security with Bayesian network (BN) as a cyber security evaluation model and help operator, licensee, licensor or regulator in granting evaluation priorities. The methodology allowed for overall evaluation of cyber security by considering architectural aspect of facility and management aspect of cyber security at the same time. In order to emphasize reality of this model by inserting true data, it is necessary to conduct a penetration test that pretends an actual cyber-attack. Through the collaboration with University of Illinois at Urbana-Champaign, which possesses the Tricon a safety programmable logic controller (PLC) used at nuclear power plants and develops a test-bed for nuclear power plant, a test-bed for reactor protection system (RPS) is being developed with the PLCs. Two PLCs are used to construct a simple test-bed for RPS, bi-stable processor (BP) and coincidence processor (CP). By using two PLCs, it is possible to examine cyber-attack against devices such as PLC, cyber-attack against communication between devices, and the effects of a PLC on the other PLC. Two PLCs were used to construct a test-bed for penetration test in this study. Advantages of using two or more PLCs instead of single PLC are as follows. 1) Results of cyber-attack reflecting characteristics among PLCs can be obtained. 2) Cyber-attack can be attempted using a method of attacking communication between PLCs. True data obtained can be applied to existing cyber security evaluation model to emphasize reality of the model.

  8. CS651 Computer Systems Security Foundations 3d Imagination Cyber Security Management Plan

    Energy Technology Data Exchange (ETDEWEB)

    Nielsen, Roy S. [Los Alamos National Lab. (LANL), Los Alamos, NM (United States)

    2015-03-02

    3d Imagination is a new company that bases its business on selling and improving 3d open source related hardware. The devices that they sell include 3d imagers, 3d printers, pick and place machines and laser etchers. They have a fast company intranet for ease in sharing, storing and printing large, complex 3d designs. They have an employee set that requires a variety of operating systems including Windows, Mac and a variety of Linux both for running business services as well as design and test machines. There are a wide variety of private networks for testing transfer rates to and from the 3d devices, without interference with other network tra c. They do video conferencing conferencing with customers and other designers. One of their machines is based on the project found at delta.firepick.org(Krassenstein, 2014; Biggs, 2014), which in future, will perform most of those functions. Their devices all include embedded systems, that may have full blown operating systems. Most of their systems are designed to have swappable parts, so when a new technology is born, it can be quickly adopted by people with 3d Imagination hardware. This company is producing a fair number of systems and components, however to get the funding they need to mass produce quality parts, so they are preparing for an IPO to raise the funds they need. They would like to have a cyber-security audit performed so they can give their investors con dence that they are protecting their data, customers information and printers in a proactive manner.

  9. A Method to Analyze Threats and Vulnerabilities by Using a Cyber Security Test-bed of an Operating NPP

    Energy Technology Data Exchange (ETDEWEB)

    Kim, Yong Sik; Son, Choul Woong; Lee, Soo Ill [KHNP CRI, Daejeon (Korea, Republic of)

    2016-10-15

    In order to implement cyber security controls for an Operating NPP, a security assessment should conduct in advance, and it is essential to analyze threats and vulnerabilities for a cyber security risk assessment phase. It might be impossible to perform a penetration test or scanning for a vulnerability analysis because the test may cause adverse effects on the inherent functions of ones. This is the reason why we develop and construct a cyber security test-bed instead of using real I and C systems in the operating NPP. In this paper, we propose a method to analyze threats and vulnerabilities of a specific target system by using a cyber security test-bed. The test-bed is being developed considering essential functions of the selected safety and non-safety system. This paper shows the method to analyze threats and vulnerabilities of a specific target system by using a cyber security test-bed. In order to develop the cyber security test-bed with both safety and non-safety functions, test-bed functions analysis and preliminary threats and vulnerabilities identification have been conducted. We will determine the attack scenarios and conduct the test-bed based vulnerability analysis.

  10. Building organisational cyber resilience: A strategic knowledge-based view of cyber security management.

    Science.gov (United States)

    Ferdinand, Jason

    The concept of cyber resilience has emerged in recent years in response to the recognition that cyber security is more than just risk management. Cyber resilience is the goal of organisations, institutions and governments across the world and yet the emerging literature is somewhat fragmented due to the lack of a common approach to the subject. This limits the possibility of effective collaboration across public, private and governmental actors in their efforts to build and maintain cyber resilience. In response to this limitation, and to calls for a more strategically focused approach, this paper offers a knowledge-based view of cyber security management that explains how an organisation can build, assess, and maintain cyber resilience.

  11. Towards the cyber security paradigm of ehealth: Resilience and design aspects

    Science.gov (United States)

    Rajamäki, Jyri; Pirinen, Rauno

    2017-06-01

    Digital technologies have significantly changed the role of healthcare clients in seeking and receiving medical help, as well as brought up more cooperative policy issues in healthcare cross-border services. Citizens continue to take a more co-creative role in decisions about their own healthcare, and new technologies can enable and facilitate this emergent trend. In this study, healthcare services have been intended as a critical societal sector and therefore healthcare systems are focused on as critical infrastructures that ought to be protected from all types of fears, including cyber security threats and attacks. Despite continual progress in the systemic risk management of cyber domain, it is clear that anticipation and prevention of all possible types of attack and malfunction are not achievable for current or future cyber infrastructures. This study focuses on the investigation of a cyber security paradigm, adaptive systems and sense of resilience in a healthcare critical information infrastructure.

  12. Federal Plan for Cyber Security and Information Assurance Research and Development

    Science.gov (United States)

    2006-04-01

    attribution 1.1 Authentication, Authorization, and Trust Management Definition Authentication is the process of verifying the identity or authority of a...November 2005, for elaboration). Functional Cyber Security 33 1.2 Access Control and Privilege Management Definition Access control and privilege...management and real-time queuing theory. 5.11 Integrated, Enterprise-Wide Security Monitoring and Management Definition An enterprise consists of one or

  13. Cyber security Considerations for Real Time Physiological Status Monitoring: Threats, Goals, and Use Cases

    Science.gov (United States)

    2016-11-01

    Cyber - security Considerations for Real-Time Physiological Status Monitoring: Threats, Goals, and Use Cases John Holliman, Michael Zhivich, Roger...Spins: Security protocols for sensor networks,” Secaucus, NJ, USA, pp. 521– 534, Sep. 2002. [8] DoD, Resilient Military Systems and the Advanced Cyber ...2012. [10] W. Trappe, R. Howard, and R. S. Moore, “Low-energy security : Limits and opportunities in the internet of things,” IEEE Security Privacy, vol

  14. Cyber terrorism and cyber-crime – threats for cyber security

    OpenAIRE

    Ackoski, Jugoslav; Dojcinovski, Metodija

    2012-01-01

    This paper has aim to give contribution in supporting efforts against cyber threats recognized as a cyber terrorism and cyber crime. Also, it has aim to show future challenges related to cyber security and their emerging threats – cyber war, cyber terrorism and cyber crime. Accelerate weapon development called ICT (Information Communication Technology) which is developed every day faster and faster, and development of human conscious on higher level about consequences of ICT enormous pene...

  15. Cyber Security Insider Threats :: Government’s Role in Protecting India’s Critical Infrastructure Sectors

    OpenAIRE

    Vohra, Pulkit

    2014-01-01

    This research identifies the problem of insider threats in the critical infrastructure sectors of India. It is structured to answer the research question: "Why insider threats should be the primary concern for Indian government to protect its critical infrastructure sectors.” It defines the critical infrastructure sectors and portrays the cyber security scenario of India. Also, through the research study, it identifies the lack of awareness and non-seriousness of employees in the critical sec...

  16. GridStat – Cyber Security and Regional Deployment Project Report

    Energy Technology Data Exchange (ETDEWEB)

    Clements, Samuel L.

    2009-02-18

    GridStat is a developing communication technology to provide real-time data delivery services to the electric power grid. It is being developed in a collaborative effort between the Electrical Power Engineering and Distributed Computing Science Departments at Washington State University. Improving the cyber security of GridStat was the principle focus of this project. A regional network was established to test GridStat’s cyber security mechanisms in a realistic environment. The network consists of nodes at Pacific Northwest National Laboratory, Idaho National Laboratory, and Washington State University. Idaho National Laboratory (INL) was tasked with performing the security assessment, the results of which detailed a number or easily resolvable and previously unknown issues, as well as a number of difficult and previously known issues. Going forward we recommend additional development prior to commercialization of GridStat. The development plan is structured into three domains: Core Development, Cyber Security and Pilot Projects. Each domain contains a number of phased subtasks that build upon each other to increase the robustness and maturity of GridStat.

  17. Cyber Crime & Cyber War – "Part of the Game": Cyber Security, Quo Vadis?

    Directory of Open Access Journals (Sweden)

    Karl H. Stingeder

    2015-09-01

    Full Text Available Welche Rolle spielt Cyber Crime gegenwärtig? Was unterscheidet Cyber Crime von Cyber War? Wie muss Cyber Security gestaltet sein, um effektiven Schutz nachhaltig zu gewährleisten? Cyber Crime-Aktivitäten kennzeichnen sich häufig durch eine einfache Zugänglichkeit von betrügerischem Know-How und technischen Hilfsmitteln. Bedingt durch eine schleppende und mangelhafte Umsetzung von koordinierten Gegenmaßnahmen, resultieren Cyber-Delikte in einem Low-Risk und High-Reward Szenario für Cyber-Kriminelle. Je organisierter und spezialisierter ein Cyber-Crime-Netzwerk gestaltet ist, desto größer wird das Schadenspotenzial. Cyber Crime ist der Überbegriff für betrügerische Aktivitäten über das Internet. Diese stützen sich auf das Vorbild von "traditionellen" Offline-Kriminalitätsverhaltensmustern, welche durch das technologische Spektrum des Internets einfach zugänglich sind. Nichtsdestoweniger ist es die technische Ausführung der Delikte, die ein wesentliches Unterscheidungsmerkmal zwischen Online- und Offline-Betrug bildet. Auch steht die für organisierte, kriminelle Verbindungen, so auch für Regierungen oder Terrororganisationen geringere Hemmschwelle für eine militärische Instrumentalisierung des Internets im Brennpunkt von Cyber Security. Erfolgen Cyber Crime Aktivitäten unter dem Anspruch der Verfolgung politischer Ziele, sprechen wir von Cyber War. Nachhaltige, gegen Cyber Crime und Cyber War gerichtete Cyber Security-Maßnahmen finden in einem hochdynamischen Umfeld statt. Cyber-Kriminelle sind im Regelfall logistisch und finanziell gut ausgestattet. Viele werden von Regierungen unterstützt. Cyber Crime-Player verfügen über weitreichende technische Fähigkeiten, sodass sie maßgeschneiderte Schadprogramme (Malware für ihre Ziele entwickeln können. Aktuell fehlt vielen Unternehmen und öffentlichen Institutionen das Bewusstsein für die Notwendigkeit von Abwehrsystemen. Ein Cyber Security-Fokus auf Pr

  18. 网络空间安全人才培养探讨%Discussions on the talent cultivation of cyber security

    Institute of Scientific and Technical Information of China (English)

    翁健; 马昌社; 古亮

    2016-01-01

    Cyber security has been formally approved to be the first level discipline in June 2015. How to train the cyber security talents that meet the needs of our country has become an urgent problem to be solved in the discipline construction. Synthetical analysis of the current situation of training related talents at domestic and foreign, as well as the actual demand for the cyber security talents was presented. According to the characteristics of the talent culti-vation in cyber security, some suggestions on training the cyber security talents were given.%自从2015年6月网络空间安全正式被批准为国家一级学科,如何培养符合国家需要的网络空间安全人才成为了学科建设中一个亟待解决的问题。综合分析了国内外培养相关方面人才的现状与网络空间安全的实际人才需求;结合我国网络空间安全人才培养的特点,给出了我国网络空间安全人才培养的部分建议。

  19. An assessment of the cyber security legislation and its impact on the United States electrical sector

    Science.gov (United States)

    Born, Joshua

    The purpose of this research was to examine the cyber-security posture for the United States' electrical grid, which comprises a major component of critical infrastructure for the country. The United States electrical sector is so vast, that the Department of Homeland Security (DHS) estimates, it contains more than 6,413 power plants (this includes 3,273 traditional electric utilities and 1,738 nonutility power producers) with approximately 1,075 gigawatts of energy produced on a daily basis. A targeted cyber-security attack against the electric grid would likely have catastrophic results and could even serve as a precursor to a physical attack against the United States. A recent report by the consulting firm Black and Veatch found that one of the top five greatest concerns for United States electric utilities is the risk that cybersecurity poses to their industry and yet, only one-third state they are currently prepared to meet the increasingly likely threat. The report goes on to state, "only 32% of electric utilities surveyed had integrated security systems with the proper segmentation, monitoring and redundancies needed for cyber threat protection. Another 48 % said they did not" Recent estimates indicate that a large-scale cyber-attack against this sector could cost the United States economy as much as a trillion dollars within a weeks' time. Legislative efforts in the past have primarily been focused on creating mandates that encourage public and private partnership, which have been not been adopted as quickly as desired. With 85 % of all electric utilities being privately owned, it is key that the public and private sector partner in order to mitigate risks and respond as a cohesive unit in the event of a major attack. Keywords: Cybersecurity, Professor Riddell, cyber security, energy, intelligence, outlook, electrical, compliance, legislation, partnerships, critical infrastructure.

  20. LESSONS LEARNED FROM CYBER SECURITY ASSESSMENTS OF SCADA AND ENERGY MANAGEMENT SYSTEMS

    Energy Technology Data Exchange (ETDEWEB)

    Ray Fink

    2006-10-01

    The results from ten cyber security vulnerability assessments of process control, SCADA and energy management systems, or components of those systems were reviewed to identify common problem areas. The common vulnerabilities ranged from conventional IT security issues to specific weaknesses in control system protocols. In each vulnerability category, relative measures were assigned to the severity of the vulnerability and ease with which an attacker could exploit the vulnerability. Suggested mitigations are identified in each category. Recommended mitigations having the highest impact on reducing vulnerability are listed for asset owners and system vendors.

  1. A Method to Derive Monitoring Variables for a Cyber Security Test-bed of I and C System

    Energy Technology Data Exchange (ETDEWEB)

    Han, Kyung Soo; Song, Jae Gu; Lee, Joung Woon; Lee, Cheol Kwon [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2013-10-15

    In the IT field, monitoring techniques have been developed to protect the systems connected by networks from cyber attacks and incidents. For the development of monitoring systems for I and C cyber security, it is necessary to review the monitoring systems in the IT field and derive cyber security-related monitoring variables among the proprietary operating information about the I and C systems. Tests for the development and application of these monitoring systems may cause adverse effects on the I and C systems. To analyze influences on the system and safely intended variables, the construction of an I and C system Test-bed should be preceded. This article proposes a method of deriving variables that should be monitored through a monitoring system for cyber security as a part of I and C Test-bed. The surveillance features and the monitored variables of NMS(Network Management System), a monitoring technique in the IT field, were reviewed in section 2. In Section 3, the monitoring variables for an I and C cyber security were derived by the of NMS and the investigation for information used for hacking techniques that can be practiced against I and C systems. The monitoring variables of NMS in the IT field and the information about the malicious behaviors used for hacking were derived as expected variables to be monitored for an I and C cyber security research. The derived monitoring variables were classified into the five functions of NMS for efficient management. For the cyber security of I and C systems, the vulnerabilities should be understood through a penetration test etc. and an assessment of influences on the actual system should be carried out. Thus, constructing a test-bed of I and C systems is necessary for the safety system in operation. In the future, it will be necessary to develop a logging and monitoring system for studies on the vulnerabilities of I and C systems with test-beds.

  2. Control Systems Cyber Security:Defense in Depth Strategies

    Energy Technology Data Exchange (ETDEWEB)

    David Kuipers; Mark Fabro

    2006-05-01

    Information infrastructures across many public and private domains share several common attributes regarding IT deployments and data communications. This is particularly true in the control systems domain. A majority of the systems use robust architectures to enhance business and reduce costs by increasing the integration of external, business, and control system networks. However, multi-network integration strategies often lead to vulnerabilities that greatly reduce the security of an organization, and can expose mission-critical control systems to cyber threats. This document provides guidance and direction for developing ‘defense-in-depth’ strategies for organizations that use control system networks while maintaining a multi-tier information architecture that requires: Maintenance of various field devices, telemetry collection, and/or industrial-level process systems Access to facilities via remote data link or modem Public facing services for customer or corporate operations A robust business environment that requires connections among the control system domain, the external Internet, and other peer organizations.

  3. Control Systems Cyber Security:Defense in Depth Strategies

    Energy Technology Data Exchange (ETDEWEB)

    David Kuipers; Mark Fabro

    2006-05-01

    Information infrastructures across many public and private domains share several common attributes regarding IT deployments and data communications. This is particularly true in the control systems domain. A majority of the systems use robust architectures to enhance business and reduce costs by increasing the integration of external, business, and control system networks. However, multi-network integration strategies often lead to vulnerabilities that greatly reduce the security of an organization, and can expose mission-critical control systems to cyber threats. This document provides guidance and direction for developing ‘defense-in-depth’ strategies for organizations that use control system networks while maintaining a multi-tier information architecture that requires: Maintenance of various field devices, telemetry collection, and/or industrial-level process systems Access to facilities via remote data link or modem Public facing services for customer or corporate operations A robust business environment that requires connections among the control system domain, the external Internet, and other peer organizations.

  4. Defining and Computing a Valued Based Cyber-Security Measure

    Energy Technology Data Exchange (ETDEWEB)

    Aissa, Anis Ben [University of Tunis, Belvedere, Tunisia; Abercrombie, Robert K [ORNL; Sheldon, Frederick T [ORNL; Mili, Ali [New Jersey Insitute of Technology

    2012-01-01

    In earlier work, we presented a value based measure of cybersecurity that quantifies the security of a system in concrete terms, specifically, in terms of how much each system stakeholder stands to lose (in dollars per hour of operation) as a result of security threats and system vulnerabilities; our metric varies according to the stakes that each stakeholder has in meeting each security requirement. In this paper, we discuss the specification and design of a system that collects, updates, and maintains all the information that pertains to estimating our cybersecurity measure, and offers stakeholders quantitative means to make security-related decisions.

  5. Defining and Computing a Value Based Cyber-Security Measure

    Energy Technology Data Exchange (ETDEWEB)

    Aissa, Anis Ben [University of Tunis, Belvedere, Tunisia; Abercrombie, Robert K [ORNL; Sheldon, Frederick T [ORNL; Mili, Ali [New Jersey Insitute of Technology

    2011-01-01

    In past work, we presented a value based measure of cybersecurity that quantifies the security of a system in concrete terms, specifically, in terms of how much each system stakeholder stands to lose (in dollars per hour of operation) as a result of security threats and system vulnerabilities\\; our metric varies according to the stakes that each stakeholder has in meeting each security requirement. In this paper we discuss the specification and design of a system that collects, updates and maintains all the information that pertains to estimating our cybersecurity measure, and offers stakeholders quantitative means to make security-related decisions.

  6. Control Systems Cyber Security: Defense-in-Depth Strategies

    Energy Technology Data Exchange (ETDEWEB)

    Mark Fabro

    2007-10-01

    Information infrastructures across many public and private domains share several common attributes regarding IT deployments and data communications. This is particularly true in the control systems domain. A majority of the systems use robust architectures to enhance business and reduce costs by increasing the integration of external, business, and control system networks. However, multi-network integration strategies often lead to vulnerabilities that greatly reduce the security of an organization, and can expose mission-critical control systems to cyber threats. This document provides guidance and direction for developing ‘defense-in-depth’ strategies for organizations that use control system networks while maintaining a multi-tier information architecture that requires: • Maintenance of various field devices, telemetry collection, and/or industrial-level process systems • Access to facilities via remote data link or modem • Public facing services for customer or corporate operations • A robust business environment that requires connections among the control system domain, the external Internet, and other peer organizations.

  7. Defining and Computing a Valued Based Cyber Security Measure

    Energy Technology Data Exchange (ETDEWEB)

    Aissa, Anis Ben [University of Tunis, Belvedere, Tunisia; Abercrombie, Robert K [ORNL; Sheldon, Frederick T [ORNL; Mili, Ali [New Jersey Insitute of Technology

    2011-01-01

    In earlier works (Ben-Aissa et al. 2010; Abercrombie et al. 2008; Sheldon et al. 2009), we presented a value based measure of cybersecurity that quantifies the security of a system in concrete terms, specifically, in terms of how much each system stakeholder stands to lose (in dollars per hour of operation) as a result of security threats and system vulnerabilities; our metric varies according to the stakes that each stakeholder has in meeting each security requirement. In this paper, we discuss the specification and design of a system that collects, updates, and maintains all the information that pertains to estimating our cybersecurity measure, and offers stakeholders quantitative means to make security-related decisions.

  8. Security Risks and Modern Cyber Security Technologies for Corporate Networks

    CERN Document Server

    Gharibi, Wajeb

    2011-01-01

    This article aims to highlight current trends on the market of corporate antivirus solutions. Brief overview of modern security threats that can destroy IT environment is provided as well as a typical structure and features of antivirus suits for corporate users presented on the market. The general requirements for corporate products are determined according to the last report from av-comparatives.org [1]. The detailed analysis of new features is provided based on an overview of products available on the market nowadays. At the end, an enumeration of modern trends in antivirus industry for corporate users completes this article. Finally, the main goal of this article is to stress an attention about new trends suggested by AV vendors in their solutions in order to protect customers against newest security threats.

  9. On detection and visualization techniques for cyber security situation awareness

    Science.gov (United States)

    Yu, Wei; Wei, Shixiao; Shen, Dan; Blowers, Misty; Blasch, Erik P.; Pham, Khanh D.; Chen, Genshe; Zhang, Hanlin; Lu, Chao

    2013-05-01

    Networking technologies are exponentially increasing to meet worldwide communication requirements. The rapid growth of network technologies and perversity of communications pose serious security issues. In this paper, we aim to developing an integrated network defense system with situation awareness capabilities to present the useful information for human analysts. In particular, we implement a prototypical system that includes both the distributed passive and active network sensors and traffic visualization features, such as 1D, 2D and 3D based network traffic displays. To effectively detect attacks, we also implement algorithms to transform real-world data of IP addresses into images and study the pattern of attacks and use both the discrete wavelet transform (DWT) based scheme and the statistical based scheme to detect attacks. Through an extensive simulation study, our data validate the effectiveness of our implemented defense system.

  10. Cyber-Security Issues in Healthcare Information Technology.

    Science.gov (United States)

    Langer, Steve G

    2017-02-01

    In 1999-2003, SIIM (then SCAR) sponsored the creation of several special topic Primers, one of which was concerned with computer security. About the same time, a multi-society collaboration authored an ACR Guideline with a similar plot; the latter has recently been updated. The motivation for these efforts was the launch of Health Information Portability and Accountability Act (HIPAA). That legislation directed care providers to enable the portability of patient medical records across authorized medical centers, while simultaneously protecting patient confidentiality among unauthorized agents. These policy requirements resulted in the creation of numerous technical solutions which the above documents described. While the mathematical concepts and algorithms in those papers are as valid today as they were then, recent increases in the complexity of computer criminal applications (and defensive countermeasures) and the pervasiveness of Internet connected devices have raised the bar. This work examines how a medical center can adapt to these evolving threats.

  11. Secure it now or secure it later: the benefits of addressing cyber-security from the outset

    Science.gov (United States)

    Olama, Mohammed M.; Nutaro, James

    2013-05-01

    The majority of funding for research and development (R&D) in cyber-security is focused on the end of the software lifecycle where systems have been deployed or are nearing deployment. Recruiting of cyber-security personnel is similarly focused on end-of-life expertise. By emphasizing cyber-security at these late stages, security problems are found and corrected when it is most expensive to do so, thus increasing the cost of owning and operating complex software systems. Worse, expenditures on expensive security measures often mean less money for innovative developments. These unwanted increases in cost and potential slowing of innovation are unavoidable consequences of an approach to security that finds and remediate faults after software has been implemented. We argue that software security can be improved and the total cost of a software system can be substantially reduced by an appropriate allocation of resources to the early stages of a software project. By adopting a similar allocation of R&D funds to the early stages of the software lifecycle, we propose that the costs of cyber-security can be better controlled and, consequently, the positive effects of this R&D on industry will be much more pronounced.

  12. Computer Security: Protect your plant: a "serious game" about control system cyber-security

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2015-01-01

    Control system cyber-security is attracting increasing attention: from cybercriminals, from the media and from security researchers.   After the legendary “Stuxnet” attacks of 2010 against an Iranian uranium enrichment plant, the infiltration of Saudi Aramco in 2012, and most recently the hacking of German blast furnaces, we should be prepared. Just imagine what would happen if hackers turned off the lights in Geneva and the Pays-de-Gex for a month? (“Hacking control systems, switching lights off!"). Or if attackers infiltrated CERN’s accelerator or experiment control systems and stopped us from pursuing our core business: delivering beams and recording particle collisions (“Hacking control systems, switching... accelerators off?"). Now you can test your ability to protect an industrial plant against cyber-threats! The Computer Security Team, in collaboration with Kaspersky Lab, is organising a so-...

  13. EVALUATION OF VULNERABILITY ASSESSMENT IN SYSTEM FROM HACKERS IN CYBER SECURITY

    Directory of Open Access Journals (Sweden)

    S.Suma Christal Mary

    2010-07-01

    Full Text Available Vulnerability is very essential in cyber security related mechanisms. The usage of this vulnerability is to identify the attacks over the cyber space system. This term become increased the challenges in cyberspace system in large areas. Interdependencies between computer communication system and the physical infrastructure also become more complex as information technologies are further integrated into devices and networks. Vulnerability causes due to ethical hacking, Trojan attacks, logical bombing. In the recent days firewalls are eliminate the various cyber attacks. The usage of filtering algorithm prevent from E-mail bombing. To secure the server system we can avoid hacking. The above countermeasures are identifying the attacks and improve the efficiency.

  14. Operations research, engineering, and cyber security trends in applied mathematics and technology

    CERN Document Server

    Rassias, Themistocles

    2017-01-01

    Mathematical methods and theories with interdisciplinary applications are presented in this book. The eighteen contributions presented in this Work have been written by eminent scientists; a few papers are based on talks which took place at the International Conference at the Hellenic Artillery School in May 2015. Each paper evaluates possible solutions to long-standing problems such as the solvability of the direct electromagnetic scattering problem, geometric approaches to cyber security, ellipsoid targeting with overlap, non-equilibrium solutions of dynamic networks, measuring ballistic dispersion, elliptic regularity theory for the numerical solution of variational problems, approximation theory for polynomials on the real line and the unit circle, complementarity and variational inequalities in electronics, new two-slope parameterized achievement scalarizing functions for nonlinear multiobjective optimization, and strong and weak convexity of closed sets in a Hilbert space. Graduate students, scientists,...

  15. Towards an integrated defense system for cyber security situation awareness experiment

    Science.gov (United States)

    Zhang, Hanlin; Wei, Sixiao; Ge, Linqiang; Shen, Dan; Yu, Wei; Blasch, Erik P.; Pham, Khanh D.; Chen, Genshe

    2015-05-01

    In this paper, an implemented defense system is demonstrated to carry out cyber security situation awareness. The developed system consists of distributed passive and active network sensors designed to effectively capture suspicious information associated with cyber threats, effective detection schemes to accurately distinguish attacks, and network actors to rapidly mitigate attacks. Based on the collected data from network sensors, image-based and signals-based detection schemes are implemented to detect attacks. To further mitigate attacks, deployed dynamic firewalls on hosts dynamically update detection information reported from the detection schemes and block attacks. The experimental results show the effectiveness of the proposed system. A future plan to design an effective defense system is also discussed based on system theory.

  16. Anticipatory Cyber Security Research: An Ultimate Technique for the First-Move Advantage

    Directory of Open Access Journals (Sweden)

    Bharat S.Rawal

    2016-02-01

    Full Text Available Across all industry segments, 96 percent of systems could be breached on average. In the game of cyber security, every moment a new player (attacker is entering the game with new skill sets. An attacker only needs to be effective once while defenders of cyberspace have to be successful all of the time. There will be a first-mover advantage in such a chasing game, which means that the first move often wins. In this paper, in order to face the security challenges brought in by attacker’s first move advantage, we analyzed the past ten years of cyber-attacks, studied the immediate attack’s pattern and offer the tools to predict the next move of the cyber attacker.

  17. Cyber Security for the Spaceport Command and Control System: Vulnerability Management and Compliance Analysis

    Science.gov (United States)

    Gunawan, Ryan A.

    2016-01-01

    With the rapid development of the Internet, the number of malicious threats to organizations is continually increasing. In June of 2015, the United States Office of Personnel Management (OPM) had a data breach resulting in the compromise of millions of government employee records. The National Aeronautics and Space Administration (NASA) is not exempt from these attacks. Cyber security is becoming a critical facet to the discussion of moving forward with projects. The Spaceport Command and Control System (SCCS) project at the Kennedy Space Center (KSC) aims to develop the launch control system for the next generation launch vehicle in the coming decades. There are many ways to increase the security of the network it uses, from vulnerability management to ensuring operating system images are compliant with securely configured baselines recommended by the United States Government.

  18. Combining Traditional Cyber Security Audit Data with Psychosocial Data: Towards Predictive Modeling for Insider Threat Mitigation

    Science.gov (United States)

    Greitzer, Frank L.; Frincke, Deborah A.

    The purpose of this chapter is to motivate the combination of traditional cyber security audit data with psychosocial data, to support a move from an insider threat detection stance to one that enables prediction of potential insider presence. Twodistinctiveaspects of the approach are the objectiveof predicting or anticipating potential risksandthe useoforganizational datain additiontocyber datato support the analysis. The chapter describes the challenges of this endeavor and reports on progressin definingausablesetof predictiveindicators,developingaframeworkfor integratingthe analysisoforganizationalandcyber securitydatatoyield predictions about possible insider exploits, and developing the knowledge base and reasoning capabilityof the system.We also outline the typesof errors that oneexpectsina predictive system versus a detection system and discuss how those errors can affect the usefulness of the results.

  19. INDUSTRIAL CONTROL SYSTEM CYBER SECURITY: QUESTIONS AND ANSWERS RELEVANT TO NUCLEAR FACILITIES, SAFEGUARDS AND SECURITY

    Energy Technology Data Exchange (ETDEWEB)

    Robert S. Anderson; Mark Schanfein; Trond Bjornard; Paul Moskowitz

    2011-07-01

    Typical questions surrounding industrial control system (ICS) cyber security always lead back to: What could a cyber attack do to my system(s) and; how much should I worry about it? These two leading questions represent only a fraction of questions asked when discussing cyber security as it applies to any program, company, business, or organization. The intent of this paper is to open a dialog of important pertinent questions and answers that managers of nuclear facilities engaged in nuclear facility security and safeguards should examine, i.e., what questions should be asked; and how do the answers affect an organization's ability to effectively safeguard and secure nuclear material. When a cyber intrusion is reported, what does that mean? Can an intrusion be detected or go un-noticed? Are nuclear security or safeguards systems potentially vulnerable? What about the digital systems employed in process monitoring, and international safeguards? Organizations expend considerable efforts to ensure that their facilities can maintain continuity of operations against physical threats. However, cyber threats particularly on ICSs may not be well known or understood, and often do not receive adequate attention. With the disclosure of the Stuxnet virus that has recently attacked nuclear infrastructure, many organizations have recognized the need for an urgent interest in cyber attacks and defenses against them. Several questions arise including discussions about the insider threat, adequate cyber protections, program readiness, encryption, and many more. These questions, among others, are discussed so as to raise the awareness and shed light on ways to protect nuclear facilities and materials against such attacks.

  20. Cyber security awareness toolkit for national security: An approach to South Africa’s cybersecurity policy implementation

    CSIR Research Space (South Africa)

    Phahlamohlaka, LJ

    2011-05-01

    Full Text Available Presidential policies and structures review on cyber security [17 ] was that the United States nation was at a crossroads. This was so because on the one hand, cyberspace underpins almost every facet of American society, providing critical support... critical disruptions to U.S. systems. There is an international drive by various governments to either develop, or review existing Cybersecurity policies. From the US point of view, the policies include strategies and standards regarding the security...

  1. Cyber Security Threats to Safety-Critical, Space-Based Infrastructures

    Science.gov (United States)

    Johnson, C. W.; Atencia Yepez, A.

    2012-01-01

    Space-based systems play an important role within national critical infrastructures. They are being integrated into advanced air-traffic management applications, rail signalling systems, energy distribution software etc. Unfortunately, the end users of communications, location sensing and timing applications often fail to understand that these infrastructures are vulnerable to a wide range of security threats. The following pages focus on concerns associated with potential cyber-attacks. These are important because future attacks may invalidate many of the safety assumptions that support the provision of critical space-based services. These safety assumptions are based on standard forms of hazard analysis that ignore cyber-security considerations This is a significant limitation when, for instance, security attacks can simultaneously exploit multiple vulnerabilities in a manner that would never occur without a deliberate enemy seeking to damage space based systems and ground infrastructures. We address this concern through the development of a combined safety and security risk assessment methodology. The aim is to identify attack scenarios that justify the allocation of additional design resources so that safety barriers can be strengthened to increase our resilience against security threats.

  2. Improving Student Engagement in the Study of Professional Ethics: Concepts and an Example in Cyber Security.

    Science.gov (United States)

    Bustard, John D

    2017-04-11

    In spite of the acknowledged importance of professional ethics, technical students often show little enthusiasm for studying the subject. This paper considers how such engagement might be improved. Four guiding principles for promoting engagement are identified: (1) aligning teaching content with student interests; (2) taking a pragmatic rather than a philosophical approach to issue resolution; (3) addressing the full complexity of real-world case studies; and (4) covering content in a way that students find entertaining. The use of these principles is then discussed with respect to the specific experience of developing and presenting a master's module in Ethical and Legal Issues in Cyber Security at Queens University Belfast. One significant aspect of the resulting design is that it encourages students to see ethical issues in systemic terms rather than from an individual perspective, with issues emerging from a conflict between different groups with different vested interests. Case studies are used to examine how personal and business priorities create conflicts that can lead to negative press, fines and punitive legal action. The module explores the reasons why organisations may be unaware of the risks associated with their actions and how an inappropriate response to an ethical issue can significantly aggravate a situation. The module has been delivered in three successive years since 2014 and been well received on each occasion. The paper describes the design of the module and the experience of delivering it, concluding with a discussion of the effectiveness of the approach.

  3. Design of cyber security awareness game utilizing a social media framework

    CSIR Research Space (South Africa)

    Labuschagne, WA

    2011-08-01

    Full Text Available real scenarios of information risks. This also raises the issue that information richness of different forms of multimedia can affect the effectiveness of online security awareness programs. Furthermore, they discuss three media that are pertinent... awareness creation. The richness of the media, together with the aimed level of awareness are important decisions in the design of a game to create security awareness. These decisions were considered in the design of the proposed security awareness game...

  4. Evaluating U.S. and Chinese Cyber Security Strategies Within a Cultural Framework

    Science.gov (United States)

    2016-04-01

    and strategic levels. Common themes, however, are that culture is shared, transmitted, malleable, and internalized by a common group of people or a...founded on both the short-term orientation of national culture , as well as the political ideology of the US; liberal, free- market , and educated...Five Personality Traits: Patterns and Profiles of Human Self- Description Across 56 Nations.” Journal of Cross - Cultural Psychology 38, no. 2 (March

  5. A conceptual framework for cyber security awareness and education in SA

    OpenAIRE

    Noluxolo Kortjan; Rossouw Von Solms

    2014-01-01

    The Internet is becoming increasingly interwoven in the daily lives of many individuals, organisations and nations. It has, to a large extent, had a positive effect on the way people communicate. It has also introduced new avenues for business; and it has offered nations an opportunity to govern online. Nevertheless, although cyberspace offers an endless list of services and opportunities, it is also accompanied by many risks, of which many Internet users are not aware. As such, various count...

  6. Book Review: Cyber Security and Global Information Assurance: Threat Analysis and Response Solutions

    Directory of Open Access Journals (Sweden)

    Gary Kessler

    2009-09-01

    Full Text Available Knapp, K.J. (Ed. (2009. Cyber Security and Global Information Assurance: Threat Analysis and Response Solutions. Hershey, NY: Information Science Reference. 434 + xxii pages, ISBN: 978-1-60566-326-5, US$195.Reviewed by Gary C. Kessler (gck@garykessler.netI freely admit that this book was sent to me by the publisher for the expressed purpose of my writing a review and that I know several of the chapter authors. With that disclosure out of the way, let me say that the book is well worth the review (and I get to keep my review copy.The preface to the book cites the 2003 publication of The National Strategy to Secure Cyberspace by the White House, and the acknowledgement by the U.S. government that our economy and national security were fully dependent upon computers, networks, and the telecommunications infrastructure. This mayhave come as news to the general population but it was a long overdue public statement to those of us in the industry. The FBI's InfraGard program and the formation of the National Infrastructure Protection Center (NIPC pre-dated this report by at least a half-dozen years, so the report was hardly earthshattering. And the fact that the bulk of the telecom infrastructure is owned by the private sector is a less advertized fact. Nonetheless, reminding the community of these facts is always a Good Thing and provides the raison d’être of this book.(see PDF for full review

  7. ATLAS Future Framework Requirements Group Report

    CERN Document Server

    The ATLAS collaboration

    2016-01-01

    The Future Frameworks Requirements Group was constituted in Summer 2013 to consider and summarise the framework requirements from trigger and offline for configuring, scheduling and monitoring the data processing software needed by the ATLAS experiment. The principal motivation for such a re-examination arises from the current and anticipated evolution of CPUs, where multiple cores, hyper-threading and wide vector registers require a shift to a concurrent programming model. Such a model requires extensive changes in the current Gaudi/Athena frameworks and offers the opportunity to consider how HLT and offline processing can be better accommodated within the ATLAS framework. This note contains the report of the Future Frameworks Requirements Group.

  8. A Framework for Modelling Software Requirements

    Directory of Open Access Journals (Sweden)

    Dhirendra Pandey

    2011-05-01

    Full Text Available Requirement engineering plays an important role in producing quality software products. In recent past years, some approaches of requirement framework have been designed to provide an end-to-end solution for system development life cycle. Textual requirements specifications are difficult to learn, design, understand, review, and maintain whereas pictorial modelling is widely recognized as an effective requirement analysis tool. In this paper, we will present a requirement modelling framework with the analysis of modern requirements modelling techniques. Also, we will discuss various domains of requirement engineering with the help of modelling elements such as semantic map of business concepts, lifecycles of business objects, business processes, business rules, system context diagram, use cases and their scenarios, constraints, and user interface prototypes. The proposed framework will be illustrated with the case study of inventory management system.

  9. Cyber Security Status and Technology Development%网络安全现状与技术发展

    Institute of Scientific and Technical Information of China (English)

    宁向延; 张顺颐

    2012-01-01

    The developments of open, free, international cyber technologies bring many revolutionary changes to all countries of the world, all government organizations, all enterprise organizations and all aspects of our lives. With the improved efficiency and the conveniences, many threats and challenges have appeared on open networks. Thus cyber security has become an indispensable part of information networks. Based on the developing security theories, application technologies , management standards, and so on, cyber security technology system has been gradually formed and mature. With the development of network technologies , new information security technologies ( such as IPv6 security, wireless security and embedded system security) will become the mainstream of network security. Many security technologies will be a-malgamated, at the same time the security technology will be syncretized with other technologies, and monitoring technology will become the mainstream of cyber security technologies.%开放、自由、国际化的信息网络技术的发展给世界各国、政府机构、企事业机构和个人生活带来了革命性的变革.伴随着提高效率和提供各种便利的同时,人们要面对开放网络带来的信息安全方面的威胁和挑战,网络的安全问题成为信息网络健康发展必不可少的重要一环.有关网络安全的研究,在安全理论、应用技术、规范管理等方面不断深入,安全技术体系逐步形成并成熟起来.随着网络技术的发展变化,新兴信息安全技术(如IPv6安全、无线安全和嵌入式系统安全等)将成为主流,网络安全技术也将逐渐发展和变化.许多安全技术将由独立走向融合,同时安全技术开始与其他技术进行融合,监控技术将成为信息网络安全技术的主流.

  10. 全球国家网络安全战略的变革%Changes in the national cyber-security strategies in a global perspective

    Institute of Scientific and Technical Information of China (English)

    吴关龙; 冯潇洒

    2015-01-01

    Recently,the emergence of the national cyber-security strategy reflects the mentality of"soft law governance".Though there is no internationally concerted definition on cyber-security,all the countries of the world regard it as the foundation of their national stability and economic develop-ment.Around 2010,the emergence of the new-generation cyber-security strategy predicted the new trend of the global cyber-security strategy,whose concepts,principles and strategies have become more flexible and whose achievements and experience can shed much light on China’s current imple-mentation of its own cyber-security strategy.%国家网络安全战略的兴起体现了网络安全“软法治理”的思路。尽管各国对于网络安全的概念尚未达成统一,但无一例外将网络安全作为国家稳定和经济发展的基础。在2010年前后,新一代网络安全战略预示了全球网络安全战略的变革态势,其理念、原则和策略变得更为丰富和弹性。我国目前正在积极部署自己的网络安全战略,全球国家网络安全战略变革中的成果和经验值得我国进行深入研判。

  11. 自主信息网络安全的概念与模型%The Concepts and Models of the Autonomic Cyber Security

    Institute of Scientific and Technical Information of China (English)

    沈苏彬; 毛燕琴; 黄维

    2012-01-01

    信息网络安全一直是信息技术领域的热门课题,自主联网是移动自组织网络和物联网研究领域的一个感兴趣的课题,自主信息网络安全则是未来网络不可回避的一项研究课题.在分析和定义了网络域、安全网络域和自主网络域等自主信息网络安全相关概念的基础上,运用统一建模语言(UML)构建了自主信息网络安全用例模型和自主信息网络安全数据模型;通过对模型的分析,论述了自主信息网络安全体系可以较为全面地解决无人工干预的网络应用领域的安全问题.%Cyber security is always a hot topic in the field of information technology. The autonomic networking is an interesting topic in the areas of mobile ad hoc network and the Internet of Things. The autonomic cyber security is an unavoidable research topic in the future network. Based on the analyzing and defining the concepts related with autonomic cyber security, such as network domain, security network domain and autonomic network domain, the use case model and data model of the autonomic cyber security are established by using the Unified Modeling Language (UML). Through the analysis the models,it is asserted that the autonomic cyber security system can resolve completely the security issues in the cyber applications with no human intervention.

  12. The Legal Framework of Cyber Operations

    NARCIS (Netherlands)

    P. Ducheine

    2013-01-01

    The presentation focusses on the legal, strategic and operational framework for (military) cyber operations. Themes addressed cover: the scope of cyber security and the role of government (in general) and the armed forces (in particular); legitimacy as a principle of the rule of law and its relevanc

  13. Analysis of the UK Cyber Security Strategy:Landscape and Review%《英国赛博安全战略:回顾与展望》评析

    Institute of Scientific and Technical Information of China (English)

    由鲜举; 田素梅; 宋文文

    2013-01-01

    This paper assesses the opportunities and threats to UK cyber space, analyses the funding which UK government allocated to cyber security, proclaims the evolution and plans of cyber security, identifes the challenges that the government faces in implementing its cyber security strategy, and describes the evolving approach to cyber security.%  文章评估了英国赛博空间面临的机遇和威胁,对英国政府在赛博安全领域的投资进行了分析,揭示英国政府在赛博安全领域的最新进展和未来计划,针对英国政府可能面临的挑战提出了应对措施。

  14. Research on Legal Governance of Cyber Security Based on the Concept of Process Control:"Prevention and Control of Risk" as the Core%基于过程控制理念的网络安全法律治理研究*--以“风险预防与控制”为核心

    Institute of Scientific and Technical Information of China (English)

    赵丽莉

    2015-01-01

    In Web2. 0 era of the Internet, cyber security is closely related to social stability and national security. Thus, the importance of cyber security control in the system engineering of comprehensive control of society has become more prominent. Law governing is an im-portant tool for network safety management, but the currently prevailing law governing ideas and mechanisms depended on "results con-trol" cannot adapt to the needs of risk management of dynamic cyber security. So, facing with the demands of perfecting control of cyber law, it is required that the idea of legal governance of cyber safety be innovated. Establishing the"prevention and control" as the core of normative model based on the process control mechanism will solve the problems form the legal need trend of law governing of cyber secur-ity and form a new paradigm for it.%在互联网全面进入Web2.0的时代之际,网络安全已与社会稳定和国家安全息息相关。网络安全治理在社会综合治理这一系统工程中的重要性也日益突出。法律治理是网络安全治理的重要手段,但现有依赖于“结果控制型”法律治理理念和机制无法适应动态的网络安全风险治理需求。因此,面对完善网络法治的诉求,需要创新网络安全法律治理理念,确立以“风险预防和控制”为核心的过程控制的法律治理模式,形成网络安全法律治理的新范式。

  15. Cyber Security:A Global Public Product?%网络安全:一种全球公共产品?

    Institute of Scientific and Technical Information of China (English)

    任琳

    2014-01-01

    The theoretical presumption of global governance for cyber security is that cyber security functions as a kind of global public product. However, this presumption is in face of several crises of political legitimacy in the current structure of cyberspace, affecting the ability of the worldwide governance in cyber security. Nevertheless, from a practical and long-term perspective, the low-cost, virtual, transnational and other features of cyberspace fundamentally ask for a global effort in cyber governance.%网络安全作为全球公共产品的基本属性,是国际社会对网络安全进行全球治理的核心理论预设。然而,在当前的网络空间格局里,这一预设却面临着多种合法性危机,这影响了在全球范围内对网络安全进行治理的能力。不过从现实和长远来看,网络的低成本性、虚拟性、跨国性等特点在根本上决定了网络治理需要全球性的努力。

  16. 电力系统信息安全研究综述%Survey of cyber security research in power system

    Institute of Scientific and Technical Information of China (English)

    李文武; 游文霞; 王先培

    2011-01-01

    Cyber security research in power system is reviewed to prevent attacking and guarantee power information systems' safe operation.The characteristics and security threats of production control systems, management information systems, market operation systems and open interconnected power information system are analyzed, and research status at home and abroad related to cyber security in power system is surveyed from technology and management views.Based on the characteristics and security demands of power information systems, it suggests that the study on the cyber security and security management in production consol system and interconnected power information system should be focused in the future, and the concrete research direction is pointed out.%为提高电力信息系统防范攻击能力,实现安全运行,对电力系统信息安全研究进行综述.分析了生产控制系统、行政管理系统和市场营销系统三类电力信息系统以及开放互联电力信息系统的特点及面临的安全威胁,总结并评述了国内外对电力信息系统安全技术和安全管理的研究现状.根据电力信息系统的特点及安全要求,指出未来应重点对生产控制系统信息安全、互联电力信息系统信息安全和安全管理开展研究,并指出了具体研究方向.

  17. 美俄网络安全基础概念界定的解读%Interpreting the Definition of Basic Concepts of Russia-US Cyber Security

    Institute of Scientific and Technical Information of China (English)

    2013-01-01

      当前,网络安全的重要性日益凸显。作为国际舞台上的关键角色,美国认为需要展开国际合作,特别是大国之间的合作,以建构网络安全的国际规范来确保网络的安全及效能。美国和俄罗斯的相关机构以“第二轨道外交”的方式对有关网络安全的20个基础性概念进行了界定及阐释,并将其视作两国间此类合作的有效开端。然而,由于美、俄在对网络安全的本质理解上存在分歧,因此在对基础概念的界定上也存在差异。对其中若干概念进行语义和内容的对比、分析与解读,有助于对网络安全国际规范的建构做出有益的推测。%Cyber security has become growingly important nowadays. Being the critical player in the international arena, the United States holds that it is necessary to have international cooperation, especially between big powers of the world, on formulating internationally accepted norms to ensure the security and efficiency of cyberspace. Through the "Track Two" diplomacy, the research institutes from both the U.S and Russia have defined as well as paraphrased a total of 20 critical terminologies relevant to cyber security. This endeavor has been regarded as a "good start" of such cooperation. Due to the differences in two sides' distinct interpretation about cyber security, however, the definitions in America and Russia have demonstrated their disagreement to a certain extent. Analyses of some of the definitions from the translation and comparative linguistic perspective will be helpful to make predictions about where the cultivation of international cyber security norms will head in the future.

  18. On modeling of electrical cyber-physical systems considering cyber security

    Institute of Scientific and Technical Information of China (English)

    Yi-nan WANG; Zhi-yun LIN; Xiao LIANG; Wen-yuan XU; Qiang YANG; Gang-feng YAN

    2016-01-01

    This paper establishes a new framework for modeling electrical cyber-physical systems (ECPSs), integrating both power grids and communication networks. To model the communication network associated with a power transmission grid, we use a mesh network that considers the features of power transmission grids such as high-voltage levels, long-transmission distances, and equal importance of each node. Moreover, bidirectional links including data uploading channels and command downloading channels are assumed to connect every node in the communication network and a corresponding physical node in the transmission grid. Based on this model, the fragility of an ECPS is analyzed under various cyber attacks including denial-of-service (DoS) attacks, replay attacks, and false data injection attacks. Control strategies such as load shedding and relay protection are also verified using this model against these attacks.

  19. Analyzing Cyber Security Threats on Cyber-Physical Systems Using Model-Based Systems Engineering

    Science.gov (United States)

    Kerzhner, Aleksandr; Pomerantz, Marc; Tan, Kymie; Campuzano, Brian; Dinkel, Kevin; Pecharich, Jeremy; Nguyen, Viet; Steele, Robert; Johnson, Bryan

    2015-01-01

    The spectre of cyber attacks on aerospace systems can no longer be ignored given that many of the components and vulnerabilities that have been successfully exploited by the adversary on other infrastructures are the same as those deployed and used within the aerospace environment. An important consideration with respect to the mission/safety critical infrastructure supporting space operations is that an appropriate defensive response to an attack invariably involves the need for high precision and accuracy, because an incorrect response can trigger unacceptable losses involving lives and/or significant financial damage. A highly precise defensive response, considering the typical complexity of aerospace environments, requires a detailed and well-founded understanding of the underlying system where the goal of the defensive response is to preserve critical mission objectives in the presence of adversarial activity. In this paper, a structured approach for modeling aerospace systems is described. The approach includes physical elements, network topology, software applications, system functions, and usage scenarios. We leverage Model-Based Systems Engineering methodology by utilizing the Object Management Group's Systems Modeling Language to represent the system being analyzed and also utilize model transformations to change relevant aspects of the model into specialized analyses. A novel visualization approach is utilized to visualize the entire model as a three-dimensional graph, allowing easier interaction with subject matter experts. The model provides a unifying structure for analyzing the impact of a particular attack or a particular type of attack. Two different example analysis types are demonstrated in this paper: a graph-based propagation analysis based on edge labels, and a graph-based propagation analysis based on node labels.

  20. Enhancing the cyber-security of smart grids with applications to synchrophasor data

    Science.gov (United States)

    Pal, Seemita

    packet-drops and finally detect attacks, if any. In the case of PMU data manipulation attacks, the attacker may modify the data in the PMU packets in order to bias the system states and influence the control center into taking wrong decisions. The proposed detection technique is based on evaluating the equivalent impedances of the transmission lines and classifying the observed anomalies to determine the presence of attack and its location. The scheme for detecting data integrity attacks on SCADA systems is based on utilizing synchrophasor measurements from available PMUs in the grid. The proposed method uses a difference measure, developed in this thesis, to determine the relative divergence and mis-correlation between the datasets. Based on the estimated difference measure, tampered and genuine data can be distinguished. The proposed detection mechanisms have demonstrated high accuracy in real-time detection of attacks of various magnitudes, simulated on real PMU data obtained from the NY grid. By performing alarm clustering, the occurrence of false alarms has been reduced to almost zero. The solutions are computationally inexpensive, low on cost, do not add any overhead, and do not require any feedback from the network.

  1. Cyber security policy guidebook

    CERN Document Server

    Bayuk, nifer L; Rohmeyer, l; Sachs, cus; Schmidt, frey; Weiss, eph

    2012-01-01

    This book is a taxonomy and thesaurus of current cybersecurity policy issues, including a thorough description of each issue and a corresponding list of pros and cons with respect to identified stances on each issue. It documents policy alternatives for the sake of clarity with respect to policy alone, and dives into organizational implementation issues. Without using technical jargon, the book emphasizes the importance of critical and analytical thinking when making policy decisions.  It also equips the reader with descriptions of the impact of specific policy ch

  2. Importance of Cyber Security

    National Research Council Canada - National Science Library

    Rajesh Kumar Goutam

    2015-01-01

    ... to secure sensitive business and personal information, as well as to protect national security. The paper details about the nature of cyberspace and shows how the internet is unsecure to transmit the confidential and financial information...

  3. An Analysis of U.S.Cyber Security Organization Structure%美国网络安全组织架构探析

    Institute of Scientific and Technical Information of China (English)

    张莉; 黄日涵

    2014-01-01

    美国高度重视网络安全组织架构建设,自克林顿政府开始便开始了相关探索。经过多年发展,目前美国网络安全组织架构已相对完善,主要由总统、政策执行机构和私营企业三个层面组成。在这个组织架构中,政策执行机构又包括协调部门、政府部门、情报部门、军事部门这四大机构体系。通过这种组织架构,美国既统筹了国内国土安全和国际军事安全,又协调了各相关部门在维护网络安全过程中的角色定位,较易集中资源、形成合力,对于推动本国网络安全力量建设大有裨益,值得我国借鉴。%The United States attaches great importance to the construction of cyber security organization structure. It began to explore it since the Clinton administration.After years of development,the current U.S.cyber security organization structure is composed of three levels which are the president,policy enforcement agencies and the private sector.Among them,policy enforcement agencies include coordination agencies,government departments,intelligence agencies,and the military system.Through this organization structure,the United States can not only co-ordinate domestic homeland security and international military security,but also definite the role of every relevant department,which makes it easier to focus resources on the construction of a highly active cyber security organization structure.

  4. International Cooperation of Cyber Security and Its Value to China%国际网络安全合作及对中国的启示

    Institute of Scientific and Technical Information of China (English)

    丛培影

    2012-01-01

    In the context of globalization and with the wide application and rapid development of cyber information tech- nology, cyber information security has become a new focus of attention for many countries. Non-traditional security issues, such as cyber warfare, cyber terrorism and cyber crime, demand global cooperation due to their transnational character, com- plexity, and destructiveness. Cooperation of international cyber security will inevitably prevail. It has become a realistic prob- lem all countries are facing to tackle the challenges and difficulties in the cooperation. For China, a great power in information industry, to better participate in the cooperation of international cyber security will contribute positively to the protection of state interests and the construction of international regime.%在全球化的背景下,随着网络信息技术的广泛应用与快速发展,各国将对安全的关注转向了网络信息领域。网络战、网络恐怖主义、网络犯罪等非传统安全问题,因其跨国性、复合性、破坏性等特点,需要各国开展合作共同应对。国际网络安全合作已经成为一种必然趋势,应对合作中的挑战与难题成为各国面临的现实问题。如何有效使用网络外交方式维护本国国家利益、努力参与国际网络安全合作以及国际机制建设,对于作为信息大国的中国来说,具有积极的意义。

  5. Cyber security risk management: public policy implications of correlated risk, imperfect ability to prove loss, and observability of self-protection.

    Science.gov (United States)

    Oğüt, Hulisi; Raghunathan, Srinivasan; Menon, Nirup

    2011-03-01

    The correlated nature of security breach risks, the imperfect ability to prove loss from a breach to an insurer, and the inability of insurers and external agents to observe firms' self-protection efforts have posed significant challenges to cyber security risk management. Our analysis finds that a firm invests less than the social optimal levels in self-protection and in insurance when risks are correlated and the ability to prove loss is imperfect. We find that the appropriate social intervention policy to induce a firm to invest at socially optimal levels depends on whether insurers can verify a firm's self-protection levels. If self-protection of a firm is observable to an insurer so that it can design a contract that is contingent on the self-protection level, then self-protection and insurance behave as complements. In this case, a social planner can induce a firm to choose the socially optimal self-protection and insurance levels by offering a subsidy on self-protection. We also find that providing a subsidy on insurance does not provide a similar inducement to a firm. If self-protection of a firm is not observable to an insurer, then self-protection and insurance behave as substitutes. In this case, a social planner should tax the insurance premium to achieve socially optimal results. The results of our analysis hold regardless of whether the insurance market is perfectly competitive or not, implying that solely reforming the currently imperfect insurance market is insufficient to achieve the efficient outcome in cyber security risk management.

  6. Requirements Engineering Methods: A Classification Framework and Research Challenges

    OpenAIRE

    Jureta, Ivan

    2012-01-01

    Requirements Engineering Methods (REMs) support Requirements Engineering (RE) tasks, from elicitation, through modeling and analysis, to validation and evolution of requirements. Despite the growing interest to design, validate and teach REMs, it remains unclear what components REMs should have. A classification framework for REMs is proposed. It distinguishes REMs based on the domain-independent properties of their components. The classification framework is intended to facilitate (i) analys...

  7. From Patchwork to Framework: A Review of Title 10 Authorities for Security Cooperation

    Science.gov (United States)

    2016-01-01

    there is growing recognition of the importance of this domain and that part- ners’ weakness in cyber security is also U.S. weakness given that U.S...train more compre- hensively with friendly foreign forces, requiring only that to the “ maxi - mum extent practicable” training aligns with the mission

  8. A closed-loop based framework for design requirement management

    DEFF Research Database (Denmark)

    Zhang, Zhinan; Li, Xuemeng; Liu, Zelin

    2014-01-01

    attention to the fuzzy front end of product design process. In fact, there exists more needs for requirement knowledge at each stage of a product lifecycle and requirement also has its own lifecycle. However, the research in the field of engineering design lack of a framework to support requirement...

  9. Requirements Engineering Methods: A Classification Framework and Research Challenges

    CERN Document Server

    Jureta, Ivan

    2012-01-01

    Requirements Engineering Methods (REMs) support Requirements Engineering (RE) tasks, from elicitation, through modeling and analysis, to validation and evolution of requirements. Despite the growing interest to design, validate and teach REMs, it remains unclear what components REMs should have. A classification framework for REMs is proposed. It distinguishes REMs based on the domain-independent properties of their components. The classification framework is intended to facilitate (i) analysis, teaching and extension of existing REMs, (ii) engineering and validation of new REMs, and (iii) identifying research challenges in REM design. The framework should help clarify further the relations between REM and other concepts of interest in and to RE, including Requirements Problem and Solution, Requirements Modeling Language, and Formal Method.

  10. A Framework to Support Requirements Analysis in Engineering Design

    OpenAIRE

    Brace, William; Cheutet, Vincent

    2012-01-01

    International audience; Complex system development activities such as requirements analysis to requirements specification, implementation and verification are well defined in the software engineering domain. Interests in using a model driven engineering have increased in this domain. System level requirements analysis and model driven engineering may result in a significant improvement in engineering design. This paper presents a Checklist Oriented Requirement Analysis (CORA) framework to dev...

  11. Data Warehouse Requirements Analysis Framework: Business-Object Based Approach

    Directory of Open Access Journals (Sweden)

    Anirban Sarkar

    2012-01-01

    Full Text Available Detailed requirements analysis plays a key role towards the design of successful Data Warehouse (DW system. The requirements analysis specifications are used as the prime input for the construction of conceptual level multidimensional data model. This paper has proposed a Business Object based requirements analysis framework for DW system which is supported with abstraction mechanism and reuse capability. It also facilitate the stepwise mapping of requirements descriptions into high level design components of graph semantic based conceptual level object oriented multidimensional data model. The proposed framework starts with the identification of the analytical requirements using business process driven approach and finally refine the requirements in further detail to map into the conceptual level DW design model using either Demand-driven of Mixed-driven approach for DW requirements analysi

  12. 76 FR 65542 - N.S. Savannah; Exemption From Certain Security Requirements

    Science.gov (United States)

    2011-10-21

    ... plan or procedures, physical security plan, guard training and qualification plan, and cyber security... COMMISSION N.S. Savannah; Exemption From Certain Security Requirements 1.0 Background The U.S. Department of Transportation, Maritime ] Administration (MARAD) is the licensee and holder of Facility Operating License No. NS...

  13. Improving agile requirements: the Quality User Story framework and tool

    NARCIS (Netherlands)

    Lucassen, Garm; Dalpiaz, Fabiano|info:eu-repo/dai/nl/369508394; van der Werf, Jan Martijn E. M.|info:eu-repo/dai/nl/36950674X; Brinkkemper, Sjaak|info:eu-repo/dai/nl/07500707X

    2016-01-01

    User stories are a widely adopted requirements notation in agile development. Yet, user stories are too often poorly written in practice and exhibit inherent quality defects. Triggered by this observation, we propose the Quality User Story (QUS) framework, a set of 13 quality criteria that user

  14. SERVICE ORIENTED QUALITY REQUIREMENT FRAMEWORK FOR CLOUD COMPUTING

    Directory of Open Access Journals (Sweden)

    Madhushi Rathnaayke

    2015-12-01

    Full Text Available This research paper introduces a framework to identify the quality requirements of cloud computing services. It considered two dominant sub-layers; functional layer and runtime layer against cloud characteristics. SERVQUAL model attributes and the opinions of the industry experts were used to derive the quality constructs in cloud computing environment. The framework gives proper identification of cloud computing service quality expectations of users. The validity of the framework was evaluated by using questionnaire based survey. Partial least squares-structural equation modelling (PLS-SEM technique was used to evaluate the outcome. The research findings shows that the significance of functional layer is higher than runtime layer and prioritized quality factors of two layers are Service time, Information and data security, Recoverability, Service Transparency, and Accessibility.

  15. Requirements for a Next Generation Framework: ATLAS Experience

    CERN Document Server

    Kama, Sami; The ATLAS collaboration

    2015-01-01

    The challenge faced by HEP experiments from the current and expected architectural evolution of CPUs and co-processors is how to successfully exploit concurrency and keep memory consumption within reasonable limits. This is a major change from frameworks which were designed for serial event processing on single core processors in the 2000s. ATLAS has recently considered this problem in some detail through its Future Frameworks Requirements group. Here we report on the major considerations of the group, which was charged with considering the best strategies to exploit current and anticipated CPU technologies. The group has re-examined the basic architecture of event processing and considered how the building blocks of a framework (algorithms, services, tools and incidents) should evolve. The group has also had to take special care to ensure that the use cases of the ATLAS high level trigger are encompassed, which differ in important ways from offline event processing (for example, 99% of events are rejected, w...

  16. RePizer:a framework for prioritization of software requirements

    Institute of Scientific and Technical Information of China (English)

    Saif Ur Rehman KHAN; Sai Peck LEE; Mohammad DABBAGH; Muhammad TAHIR; Muzafar KHAN; Muhammad ARIF

    2016-01-01

    The standard software development life cycle heavily depends on requirements elicited from stakeholders. Based on those requirements, software development is planned and managed from its inception phase to closure. Due to time and resource constraints, it is imperative to identify the high-priority requirements that need to be considered first during the software devel-opment process. Moreover, existing prioritization frameworks lack a store of historical data useful for selecting the most suitable prioritization technique of any similar project domain. In this paper, we propose a framework for prioritization of software re-quirements, called RePizer, to be used in conjunction with a selected prioritization technique to rank software requirements based on defined criteria such as implementation cost. RePizer assists requirements engineers in a decision-making process by retrieving historical data from a requirements repository. RePizer also provides a panoramic view of the entire project to ensure the judicious use of software development resources. We compared the performance of RePizer in terms of expected accuracy and ease of use while separately adopting two different prioritization techniques, planning game (PG) and analytical hierarchy process (AHP). The results showed that RePizer performed better when used in conjunction with the PG technique.

  17. 360º Degree Requirement Elicitation Framework for Cloud Service Providers

    Directory of Open Access Journals (Sweden)

    Versha Saxena

    2015-03-01

    Full Text Available Thisstudy addresses the factors responsible for cloud computing adoption in implementing cloud computing for any organization. Service Level Agreements play a major role for cloud consumer as well as for cloud provider. SLA depends on the requirements gathered by the cloud providers and they vary with the type of organizations for which process is being performed such as education, retail, IT industry etc. SLAs for cloud computing involves technical as well as business requirements which makes the gathering of requirements from stakeholders point of view the heterogeneous process. This research work proposes a 360 degree requirement gathering framework, which reduces the complexitiesduring the process of requirement gathering by cloud service providersas well as SLAs more reliant.

  18. A Review of Cyber Security Research in Social Science Field of Mainland China%国内社会科学领域的网络安全研究综述

    Institute of Scientific and Technical Information of China (English)

    安静

    2016-01-01

    [目的/意义]网络安全并不是一个新词汇,早在互联网产生之初就有相关的技术研究,但运用社会科学方法对其研究则是一个重要的学术转向,有必要回顾这一历程,并梳理、总结研究现状。[方法/过程]通过对中国期刊全文数据库CNKI的文献检索,统计、对比了历年来全文、篇名、摘要、关键词中含有“网络安全”“网络空间安全”的文献数量。[结果/结论]分析了国内网络安全研究成果快速增长的趋势及背后的推动原因。就社会科学领域的网络安全研究而言,目前网络政治、网络治理、网络战略是研究的中心,但网络安全是一个常论常新的问题,相关研究亦需要审时度势、及时跟进。通过对文献的梳理有利于把握学术研究方向,也为将来社会科学领域的网络安全学科建设提供参考。%Purpose/Significance] Cyber security is not a new concept. As early as the beginning of the Internet, computer science field has already witnessed related research. But research of cyber security from the social science perspective is a new turn, and it is necessary to take a review and make a summary. [ Method/Process] In order to reveal the development of this study, we check and analyze the rel-evant literatures from the CNKI database. [ Result/Conclusion] It's very clear to notice the significant growth trend of literature statistics since 2000. There are three main topics of cyber security in social science study: cyber politics, cyber governance and cyber strategies. With the increasingly close connections of cyber security and national security, and cyber security and international politics, related re-search will gradually increase. The review is good for grasping the direction of academic research, and is also significant for the future de-velopment of cyber security discipline in the field of social science.

  19. A Framework for Systematic Refinement of Trustworthiness Requirements

    Directory of Open Access Journals (Sweden)

    Nazila Gol Mohammadi

    2017-04-01

    Full Text Available The trustworthiness of systems that support complex collaborative business processes is an emergent property. In order to address users’ trust concerns, trustworthiness requirements of software systems must be elicited and satisfied. The aim of this paper is to address the gap that exists between end-users’ trust concerns and the lack of implementation of proper trustworthiness requirements. New technologies like cloud computing bring new capabilities for hosting and offering complex collaborative business operations. However, these advances might bring undesirable side effects, e.g., introducing new vulnerabilities and threats caused by collaboration and data exchange over the Internet. Hence, users become more concerned about trust. Trust is subjective; trustworthiness requirements for addressing trust concerns are difficult to elicit, especially if there are different parties involved in the business process. We propose a user-centered trustworthiness requirement analysis and modeling framework. We integrate the subjective trust concerns into goal models and embed them into business process models as objective trustworthiness requirements. Business process model and notation is extended to enable modeling trustworthiness requirements. This paper focuses on the challenges of elicitation, refinement and modeling trustworthiness requirements. An application example from the healthcare domain is used to demonstrate our approach.

  20. Requirements for Participatory Framework on Governmental Policy Level

    Directory of Open Access Journals (Sweden)

    Birutė PITRĖNAITĖ

    2012-06-01

    Full Text Available The article seeks to specify the requirements of the framework for public participation in policy making on the governmental level aiming to elaborate a substantial content of the participatory policy. The research methodology engages both qualitative and quantitative approaches based on document analysis and interviews. We analysed a range of documents, issued by the Ministry of Education and Science of the Republic of Lithuania, where participatory groups are nominated for the annual terms of 2007 and 2010. Results of the research testify that, notwithstanding the considerable number of participatory facts, public administrators hold more than a half of the places in the participatory groups. Stakeholders other than public administrators are considered to be rather consultants than partners in policy development. We suggest that for a substantial, effective and efficient participation framework, several requirements should be met including a correct arena for stakes’ expression; completeness of the stake representation; balanced stake representation; sensitivity to research based evidence; monitoring and evaluation of participation quality.

  1. COMPETENCE BUILDING FRAMEWORK REQUIREMENTS FOR INFORMATION TECHNOLOGY FOR EDUCATIONAL MANAGEMENT

    Directory of Open Access Journals (Sweden)

    Rakesh Mohan Bhatt

    2016-01-01

    Full Text Available Progressive efforts have been evolving continuously for the betterment of the services of the Information Technology for Educational Management(ITEM. These services require data intensive and communication intensive applications. Due to the massive growth of information, situation becomes difficult to manage these services. Here the role of the Information and Communication Technology (ICT infrastructure particularly data centre with communication components becomes important to facilitate these services. The present paper discusses the related issues such as competent staff, appropriate ICT infrastructure, ICT acceptance level etc. required for ITEM competence building framework considering the earlier approach for core competences for ITEM. It this connection, it is also necessary to consider the procurement of standard and appropriate ICT facilities. This will help in the integration of these facilities for the future expansion. This will also enable to create and foresee the impact of the pairing the management with information, technology, and education components individually and combined. These efforts will establish a strong coupling between the ITEM activities and resource management for effective implementation of the framework.

  2. Study on CDA Identification and Lesson Learned from the Result for the Cyber Security Regulation for Nuclear Facilities

    Energy Technology Data Exchange (ETDEWEB)

    Kim, Si Won [Korea Institute of Nuclear Nonproliferation and Control, Daejeon (Korea, Republic of)

    2016-10-15

    It is the United States that shows the most enthusiastic preparation for the protection of NPPs from cyber threats. The United States has been trying to improve cybersecurity of NPPs since the 911 terror in 2001. In this process, the Nuclear Regulatory Commission (NRC) of the U.S. demanded the protection of the digital systems in NPPs to the licensee through 10 CFR 73.54. Moreover, RG 5.71 defined the assets, which should be protected from cyber threats, as Critical Digital Asset (CDA). Nuclear Energy Institute (NEI) provided the CDA identification guide through NEI 10-04. Meanwhile, International Electrotechnical Commission (IEC) presented the security program requirements of I and C computer in NPP, as well as category about systems and functions through IEC 61226 which is under revision. In Korea, Korea Institute of Nuclear Nonproliferation and Control (KINAC) established KINAC/RS-019, which is based upon NEI 10-04 and adapted to Korean circumstances. As time goes by, the digital systems in NPPs increase and the possibilities of cyber threats becomes greater. To protect these systems from cyber attacks, it is important to identify CDA, which is the target to be protect. For that, the standards to identify CDA were established, and according to the standards, the licensees could perform identification works and draw many CDAs. During the inspection processes for this, KINAC could find several problems and has been tried to look for the solutions. It is desired that such solutions will be actively used when identifying CDAs in NPPs, and also they should be applied to the systems which are added or changed during the whole facility life cycle.

  3. DOT Cyber Security Assessment Management -

    Data.gov (United States)

    Department of Transportation — This data set contains information about the security and compliance status of FISMA systems within the Department. The information contains detailed descriptions of...

  4. Hardware Acceleration for Cyber Security

    Science.gov (United States)

    2010-11-01

    perform different approaches. It includes behavioral analysis , by means of NetFlow monitoring, as well as packet content analysis, so called Deep...analysis [30] are used to identify malicious traffic. Using network behavioral analysis in comparison with signature based approach allows us to

  5. Cyber Security as Social Experiment

    NARCIS (Netherlands)

    Pieters, Wolter; Hadziosmanovic, D.; Dechesne, Francien

    2014-01-01

    Lessons from previous experiences are often overlooked when deploying security-sensitive technology in the real world. At the same time, security assessments often suffer from a lack of real-world data. This appears similar to general problems in technology assessment, where knowledge about

  6. 8th International Symposium on Intelligent Distributed Computing & Workshop on Cyber Security and Resilience of Large-Scale Systems & 6th International Workshop on Multi-Agent Systems Technology and Semantics

    CERN Document Server

    Braubach, Lars; Venticinque, Salvatore; Badica, Costin

    2015-01-01

    This book represents the combined peer-reviewed proceedings of the Eight International Symposium on Intelligent Distributed Computing - IDC'2014, of the Workshop on Cyber Security and Resilience of Large-Scale Systems - WSRL-2014, and of the Sixth International Workshop on Multi-Agent Systems Technology and Semantics- MASTS-2014. All the events were held in Madrid, Spain, during September 3-5, 2014. The 47 contributions published in this book address several topics related to theory and applications of the intelligent distributed computing and multi-agent systems, including: agent-based data processing, ambient intelligence, collaborative systems, cryptography and security, distributed algorithms, grid and cloud computing, information extraction, knowledge management, big data and ontologies, social networks, swarm intelligence or videogames amongst others.

  7. 新型智能终端信息安全需求与监管建议%IoT cyber security requirements and governance suggestions

    Institute of Scientific and Technical Information of China (English)

    2016-01-01

    从新型智能终端的发展现状和安全问题入手,深度分析了新型智能终端在技术和行业应用方面的安全需求,提出管理和政策层面推动新型智能终端产业发展的建议.

  8. Stakeholders´ Requirements and Reference Scenarios. Deliverable D2.1

    OpenAIRE

    Diamantopoulou, Vasiliki; Mouratidis, Haralambos; Pavlidis, Michalis; Rekleitis, Evangelos

    2016-01-01

    The present document covers important elements on the development of WP2, including: a literature review of the state of the art relevant to security requirements engineering, risk management and supply chain security management standards. Following, the elicitation, analysis and documentation of requirements associated risk management and cyber-security management in ports and their supply chain sectors is presented. Emphasis is given in capturing the perspectives of all stakeholders; includ...

  9. On ASGS framework: general requirements and an example of implementation

    Institute of Scientific and Technical Information of China (English)

    KULESZA Kamil; KOTULSKI Zbigniew

    2007-01-01

    In the paper we propose a general, abstract framework for Automatic Secret Generation and Sharing (ASGS) that should be independent of underlying Secret Sharing Scheme (SSS). ASGS allows to prevent the Dealer from knowing the secret.The Basic Property Conjecture (BPC) forms the base of the framework. Due to the level of abstraction, results are portable into the realm of quantum computing.Two situations are discussed. First concerns simultaneous generation and sharing of the random, prior nonexistent secret.Such a secret remains unknown until it is reconstructed. Next, we propose the framework for automatic sharing of a known secret.In this case the Dealer does not know the secret and the secret Owner does not know the shares. We present opportunities for joining ASGS with other extended capabilities, with special emphasis on PVSS and pre-positioned secret sharing. Finally, we illustrate framework with practical implementation.

  10. A Generalized Cauchy Distribution Framework for Problems Requiring Robust Behavior

    Science.gov (United States)

    Carrillo, Rafael E.; Aysal, Tuncer C.; Barner, Kenneth E.

    2010-12-01

    Statistical modeling is at the heart of many engineering problems. The importance of statistical modeling emanates not only from the desire to accurately characterize stochastic events, but also from the fact that distributions are the central models utilized to derive sample processing theories and methods. The generalized Cauchy distribution (GCD) family has a closed-form pdf expression across the whole family as well as algebraic tails, which makes it suitable for modeling many real-life impulsive processes. This paper develops a GCD theory-based approach that allows challenging problems to be formulated in a robust fashion. Notably, the proposed framework subsumes generalized Gaussian distribution (GGD) family-based developments, thereby guaranteeing performance improvements over traditional GCD-based problem formulation techniques. This robust framework can be adapted to a variety of applications in signal processing. As examples, we formulate four practical applications under this framework: (1) filtering for power line communications, (2) estimation in sensor networks with noisy channels, (3) reconstruction methods for compressed sensing, and (4) fuzzy clustering.

  11. A Generalized Cauchy Distribution Framework for Problems Requiring Robust Behavior

    Directory of Open Access Journals (Sweden)

    Carrillo RafaelE

    2010-01-01

    Full Text Available Statistical modeling is at the heart of many engineering problems. The importance of statistical modeling emanates not only from the desire to accurately characterize stochastic events, but also from the fact that distributions are the central models utilized to derive sample processing theories and methods. The generalized Cauchy distribution (GCD family has a closed-form pdf expression across the whole family as well as algebraic tails, which makes it suitable for modeling many real-life impulsive processes. This paper develops a GCD theory-based approach that allows challenging problems to be formulated in a robust fashion. Notably, the proposed framework subsumes generalized Gaussian distribution (GGD family-based developments, thereby guaranteeing performance improvements over traditional GCD-based problem formulation techniques. This robust framework can be adapted to a variety of applications in signal processing. As examples, we formulate four practical applications under this framework: (1 filtering for power line communications, (2 estimation in sensor networks with noisy channels, (3 reconstruction methods for compressed sensing, and (4 fuzzy clustering.

  12. An analysis of Technical Security Control Requirements For Digital I and C Systems in Nuclear Power Plants

    Energy Technology Data Exchange (ETDEWEB)

    Song, Jaegu; Lee, Jungwoon; Park, Geeyong; Kwon, Keechoon; Lee, Dongyoung; Lee, Cheolkwon [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2013-10-15

    Instrumentation and control systems in nuclear power plants have been digitalized for the purpose of maintenance and precise operation. This digitalization, however, brings out issues related to cyber security. In the most recent past, international standard organizations, regulatory institutes, and research institutes have performed a number of studies addressing these systems cyber security. In order to provide information helpful to the system designers in their application of cyber security for the systems, this paper presents methods and considerations to define attack vectors in a target system, to review and select the requirements in the Regulatory Guide 5.71, and to integrate the results to identify applicable technical security control requirements. In this study, attack vectors are analyzed through the vulnerability analyses and penetration tests with a simplified safety system, and the elements of critical digital assets acting as attack vectors are identified. Among the security control requirements listed in Appendices B and C to Regulatory Guide 5.71, those that should be implemented into the systems are selected and classified in groups of technical security control requirements using the results of the attack vector analysis. For the attack vector elements of critical digital assets, all the technical security control requirements are evaluated to determine whether they are applicable and effective, and considerations in this evaluation are also discussed. The technical security control requirements in three important categories of access control, monitoring and logging, and encryption are derived and grouped according to the elements of attack vectors as results for the sample safety system.

  13. A Framework for RFID Survivability Requirement Analysis and Specification

    Science.gov (United States)

    Zuo, Yanjun; Pimple, Malvika; Lande, Suhas

    Many industries are becoming dependent on Radio Frequency Identification (RFID) technology for inventory management and asset tracking. The data collected about tagged objects though RFID is used in various high level business operations. The RFID system should hence be highly available, reliable, and dependable and secure. In addition, this system should be able to resist attacks and perform recovery in case of security incidents. Together these requirements give rise to the notion of a survivable RFID system. The main goal of this paper is to analyze and specify the requirements for an RFID system to become survivable. These requirements, if utilized, can assist the system in resisting against devastating attacks and recovering quickly from damages. This paper proposes the techniques and approaches for RFID survivability requirements analysis and specification. From the perspective of system acquisition and engineering, survivability requirement is the important first step in survivability specification, compliance formulation, and proof verification.

  14. Requirements Prioritization Based on Benefit and Cost Prediction: A Method Classification Framework

    OpenAIRE

    2008-01-01

    In early phases of the software development process, requirements prioritization necessarily relies on the specified requirements and on predictions of benefit and cost of individual requirements. This paper induces a conceptual model of requirements prioritization based on benefit and cost. For this purpose, it uses Grounded Theory. We provide a detailed account of the procedures and rationale of (i) how we obtained our results and (ii) how we used them to form the basis for a framework for ...

  15. An irerative requirements engineering framework based on formal concept analysis and C-K theory

    NARCIS (Netherlands)

    Poelmans, J.; Dedene, G.; Snoeck, M.; Viaene, S.

    2012-01-01

    In this paper, we propose an expert system for iterative requirements engineering using Formal Concept Analysis. The requirements engineering approach is grounded in the theoretical framework of C-K theory. An essential result of this approach is that we obtain normalized class models. Compared to t

  16. Personal Cyber Security Provision Scale development studyKişisel Siber Güvenliği Sağlama Ölçeği geliştirme çalışması

    Directory of Open Access Journals (Sweden)

    Osman Erol

    2015-07-01

    Full Text Available The aim of this study is to develop a scale to determine internet users behavior related to cyber security. In this context created an item pool in accordance with expert opinion. This item pool was administered to 810 people for exploratory factor analysis. In exploratory factor analysis; principal component analysis method which is commonly used and Varimax vertical rotation method to determine the factor structure was used. Scale was administered to 292 people and structural equation modeling approach was applied to confirmation study.As a result of factor analysis,“Personal Cyber Security Provision Scale" which consists of 5 factors and 25 items and has a good compatibility was occurred.   Özet Bu araştırmanın amacı internet kullanıcılarının siber güvenlik ile ilgili davranışlarını belirlemeye yönelik bir ölçek geliştirmektir. Bu bağlamda öncelikle uzman görüşü doğrultusunda 26 maddelik bir madde havuzu oluşturulmuştur. Bu madde havuzu yapı geçerliliğinin test edilmesi için Facebook sosyal paylaşımda bir uygulamayı kullanan 810 kişiye uygulanarak açımlayıcı faktör analizi yapılmıştır. Açımlayıcı faktör analizinde en sık kullanılan yöntem olan temel bileşenler analizi yöntemi kullanılmış, ölçekteki faktör yapısını belirlemek için ise Varimax - dikey döndürme yöntemi kullanılmıştır. Ölçeğin doğrulama çalışması için ise aynı sosyal ağ uygulamasını kullanan ve daha önce ölçeğin uygulandığı kişilerin elendiği292 kişinin verisi kullanılarak yapısal eşitlik modeli yaklaşımı uygulanmıştır. Açımlayıcı faktör analizi sonucunda 5 faktörlü ve 25 maddeden oluşan; doğrulayıcı faktör analizi sonucunda ise elde edilen uyum indekslerine göre iyi bir uyuma sahip "Kişisel Siber Güvenliği Sağlama Ölçeği" ortaya çıkmıştır.

  17. Application of Cyber Security in Industrial Control Systems Based on Security Protection Technology for Electrical Secondary System%电力二次安全防护技术在工业控制系统中的应用

    Institute of Scientific and Technical Information of China (English)

    邹春明; 郑志千; 刘智勇; 陈良汉; 陈敏超

    2013-01-01

    我国电力二次系统安全防护技术已广泛应用并取得了良好的安全防护效果,通用工业控制系统与电力二次系统既有相似性,又存在行业不同的需求差异。文章根据电力二次安全防护技术成果,通过加强工控网络边界的防护强度、对工控通信协议进行深度分析、挖掘工控协议攻击特征模型、建立统一安全管理平台等技术手段,构筑具备纵深防御能力的通用工控信息安全防护系统。通过模拟工控环境和网络攻击等方法对关键部件工控防火墙进行了研究测试,结果表明在保证工控系统授权通信正常运行的前提下,成功拦截了非授权控制命令,具备深度保护工控系统信息安全的能力。因此,该系统可增强工控系统抵御黑客病毒攻击的安全防护能力,并降低由信息安全攻击带来工业设备故障损坏的风险。%Cyber security scheme is used for the secondary electrical systems of power grids in China widely and successfully and favorable security protection effects have been achieved. There is not only the similarity between general industrial control system and the secondary electrical systems in power grids and but also the difference in demand due to the differences among industrial sectors. Based on the achievements in security protection technologies for the secondary electrical systems and by means of such technological means as enhancing the protection for the border of industrial control network, analyzing communication protocols for industrial control in depth, mining attack signature models of industrial control protocol and establishing a unified security management platform and so on, a general security protection system for industrial control information, which possesses the ability of defense in depth, is constructed. Through simulating both industrial control environment and network attack, the industrial control firewall for key components is

  18. Cyber security strategies based on HMAC in electric power remote monitoring and control system%基于HMAC算法的远程电力监控通信安全策略

    Institute of Scientific and Technical Information of China (English)

    黄梦婕; 胥布工

    2011-01-01

    In order to solve cyber security problems in electric power remote monitoring and control system, a scheme based on Hash message authentication code algorithm (HMAC) is introduced. Important functions such as message authentication, message integrity, message replay resistance, user authentication, role-based authorization limit and user-based audit log collecting are designed and realized in the scheme, which fully considers the limitation of embedded electric power terminal unit. Finally, experiments prove the feasibility and safety of the scheme. It can resist external threats like message modification, masquerade, message replay and internal threats like unauthorized access and exceeding authority.%针对我国远程电力监控通信系统的安全问题,提出了基于哈希认证码算法(HMAC)的安全方案.充分考虑了实时嵌入式电网终端设备的局限性,设计和实现了数据来源真实性和数据完整性验证、用户身份认证、基于角色的操作权限限制和基于用户ID的审计等重要的安全功能.通过实验验证了该方案的可行性和安全性,它可以抵御电网通信中存在的数据篡改、伪造攻击、重放攻击等外部威胁和非法用户操作、用户越权操作等内部威胁.

  19. Discrimination of Information Security, Network Security, Cyber Security and So On%信息安全管理系列之十一信息安全、网络安全及赛博安全相关词汇辨析

    Institute of Scientific and Technical Information of China (English)

    谢宗晓

    2015-01-01

    按照关注点的不同,本文对"通信安全" "计算机安全" "网络安全" "信息安全"和"知识安全"进行了辨析.同时,按照定义范畴的差异,对"信息系统安全""信息安全"和"赛博安全"词汇进行了辨析.此外,本文对由于翻译原因导致混淆的两种网络安全(network security和cyber security)进行了重点解析.

  20. Two Generic Frameworks of Multiple Viewpoints Oriented Requirements Method and Their Compariso

    Institute of Scientific and Technical Information of China (English)

    2001-01-01

    Traditional requirements method has some problems when it is usedfor large distributed systems. Multiple viewpoints oriented requirements method (MVO RM) is a new method for resolving these problems. This paper develops two generi c formal frameworks of MVORM, framework based on refinement relation (FBRR) and framework based on implementation relation (FBIR). They are generic, because no assumptions are made about the development process or the formal description lan guages to be used. Three kinds of specification relations and three kinds of spe cification transformations are discussed over FBIR and FBRR. This paper also com pares the equivalence between FBIR and FBRR. We point out that an equivalent FBI R can be found for any FBRR, but reverse transformation is not always possible. We think FBIR is better than FBRR on most cases.

  1. The milieu of managerial work: an integrative framework linking work context to role requirements.

    Science.gov (United States)

    Dierdorff, Erich C; Rubin, Robert S; Morgeson, Frederick P

    2009-07-01

    Theoretical and empirical efforts focusing on the interplay between work context and managerial role requirements have been conspicuously absent in the scholarly literature. This paucity exists despite over 60 years of research concerning the requirements of managerial work and with the rather universal recognition that work context meaningfully shapes organizational behavior. The authors developed a theoretical model linking different types of role requirements to different forms of work context. They empirically tested this framework with a nationally representative sample of 8,633 incumbent spanning 52 managerial occupations. Findings from hierarchical linear modeling analyses demonstrated that discrete forms of context (task, social, and physical) exert significant and predictable effects on managerial role requirements.

  2. On Design and Implementation of the Distributed Modular Audio Recognition Framework: Requirements and Specification Design Document

    OpenAIRE

    Mokhov, Serguei A.

    2009-01-01

    We present the requirements and design specification of the open-source Distributed Modular Audio Recognition Framework (DMARF), a distributed extension of MARF. The distributed version aggregates a number of distributed technologies (e.g. Java RMI, CORBA, Web Services) in a pluggable and modular model along with the provision of advanced distributed systems algorithms. We outline the associated challenges incurred during the design and implementation as well as overall specification of the p...

  3. Using SCOR as a Supply Chain Management Framework for Government Agency Contract Requirements

    Science.gov (United States)

    Paxton, Joseph; Tucker, Brian

    2010-01-01

    This paper will present a model that uses the Supply-Chain Operations Reference (SCOR) model as a foundation for a framework to illustrate the information needed throughout a product lifecycle to support a healthy supply chain management function and the subsequent contract requirements to enable it. It will also show where in the supply chain the information must be extracted. The ongoing case study used to exemplify the model is NASA's (National Aeronautics and Space Administration) Ares I program for human spaceflight. Effective supply chain management and contract requirements are ongoing opportunities for continuous improvement within government agencies, specifically development of systems for human spaceflight operations. Multiple reports from the Government Accountability Office (GAO) reinforce this importance. The SCOR model is a framework for describing a supply chain with process building blocks and business activities. It provides a set of metrics for measuring supply chain performance and best practices for continuously improving. This paper expands the application of the SCOR to also provide the framework for defining information needed from different levels of the supply chain and at different phases of the lifecycle. These needs can be incorporated into contracts to enable more effective supply chain management. Depending on the phase of the lifecycle, effective supply chain management will require involvement from different levels of the organization and different levels of the supply chain.

  4. Using SCOR as a Supply Chain Management Framework for Government Agency Contract Requirements

    Science.gov (United States)

    Paxton, Joseph; Tucker, Brian

    2010-01-01

    This paper will present a model that uses the Supply-Chain Operations Reference (SCOR) model as a foundation for a framework to illustrate the information needed throughout a product lifecycle to support a healthy supply chain management function and the subsequent contract requirements to enable it. It will also show where in the supply chain the information must be extracted. The ongoing case study used to exemplify the model is NASA's (National Aeronautics and Space Administration) Ares I program for human spaceflight. Effective supply chain management and contract requirements are ongoing opportunities for continuous improvement within government agencies, specifically development of systems for human spaceflight operations. Multiple reports from the Government Accountability Office (GAO) reinforce this importance. The SCOR model is a framework for describing a supply chain with process building blocks and business activities. It provides a set of metrics for measuring supply chain performance and best practices for continuously improving. This paper expands the application of the SCOR to also provide the framework for defining information needed from different levels of the supply chain and at different phases of the lifecycle. These needs can be incorporated into contracts to enable more effective supply chain management. Depending on the phase of the lifecycle, effective supply chain management will require involvement from different levels of the organization and different levels of the supply chain.

  5. Experimental development based on mapping rule between requirements analysis model and web framework specific design model.

    Science.gov (United States)

    Okuda, Hirotaka; Ogata, Shinpei; Matsuura, Saeko

    2013-12-01

    Model Driven Development is a promising approach to develop high quality software systems. We have proposed a method of model-driven requirements analysis using Unified Modeling Language (UML). The main feature of our method is to automatically generate a Web user interface prototype from UML requirements analysis model so that we can confirm validity of input/output data for each page and page transition on the system by directly operating the prototype. We proposes a mapping rule in which design information independent of each web application framework implementation is defined based on the requirements analysis model, so as to improve the traceability to the final product from the valid requirements analysis model. This paper discusses the result of applying our method to the development of a Group Work Support System that is currently running in our department.

  6. Cyber Security: A Crisis of Prioritization

    Data.gov (United States)

    Networking and Information Technology Research and Development, Executive Office of the President — ... The Director of the Office of Science and Technology Policy then provided a formal charge, asking PITAC members to concentrate their efforts on the focus,...

  7. Handreikingen Cyber Security voor GCCS2015

    NARCIS (Netherlands)

    Luiijf, H.A.M.

    2015-01-01

    Nederland heeft drie handreikingen overhandigd aan de deelnemende landen en private partijen die deelnamen aan de Global Conference on GlobalSpace 2015. Hieronder een korte beschrijving en verwijzingen naar de handreikingen

  8. UVI Cyber-security Workshop Workshop Analysis.

    Energy Technology Data Exchange (ETDEWEB)

    Kuykendall, Tommie G. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Allsop, Jacob Lee [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Anderson, Benjamin Robert [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Boumedine, Marc [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Carter, Cedric [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Galvin, Seanmichael Yurko [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Gonzalez, Oscar [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Lee, Wellington K. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Lin, Han Wei [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Morris, Tyler Jake [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Nauer, Kevin S.; Potts, Beth A.; Ta, Kim Thanh; Trasti, Jennifer; White, David R.

    2015-07-08

    The cybersecurity consortium, which was established by DOE/NNSA’s Minority Serving Institutions Partnerships Program (MSIPP), allows students from any of the partner schools (13 HBCUs, two national laboratories, and a public school district) to have all consortia options available to them, to create career paths and to open doors to DOE sites and facilities to student members of the consortium. As a part of this year consortium activities, Sandia National Laboratories and the University of Virgin Islands conducted a week long cyber workshop that consisted of three courses; Digital Forensics and Malware Analysis, Python Programming, and ThunderBird Cup. These courses are designed to enhance cyber defense skills and promote learning within STEM related fields.

  9. Cyber-Security Curricula for Basic Users

    Science.gov (United States)

    2013-09-01

    like cyberbullying , digital cheating, and safety and security concerns‖ [7]. The need to teach security principles to this age demographic is at an...addresses the following topics: Cyberbullying , Inappropriate content, 25 Predators, Revealing too much Information, Spyware, spam, and scams. Each...emerging technology, surfing the web, video gaming, the dark side – cyberbullying . Each topic is covered by providing facts for the teacher to present

  10. Cyber Security of Industrial Control Systems

    NARCIS (Netherlands)

    Luiijf, H.A.M.; Paske, B.J. te

    2015-01-01

    Our society and its citizens depend on the undisturbed functioning of (critical) infrastructures and their services. Crucial processes in most critical infrastructures, and in many other organisations, rely on the correct and undisturbed functioning of Industrial Control Systems (ICS). A failure of

  11. Gamification for Measuring Cyber Security Situational Awareness

    Energy Technology Data Exchange (ETDEWEB)

    Fink, Glenn A.; Best, Daniel M.; Manz, David O.; Popovsky, V. M.; Endicott-Popovsky, Barbara E.

    2013-03-01

    Cyber defense competitions arising from U.S. service academy exercises, offer a platform for collecting data that can inform research that ranges from characterizing the ideal cyber warrior to describing behaviors during certain challenging cyber defense situations. This knowledge could lead to better preparation of cyber defenders in both military and civilian settings. This paper describes how one regional competition, the PRCCDC, a participant in the national CCDC program, conducted proof of concept experimentation to collect data during the annual competition for later analysis. The intent is to create an ongoing research agenda that expands on this current work and incorporates augmented cognition and gamification methods for measuring cybersecurity situational awareness under the stress of cyber attack.

  12. Evaluating cyber security awareness in South Africa

    CSIR Research Space (South Africa)

    Grobler, M

    2011-07-01

    Full Text Available In many ways, the internet and cyber world is a dangerous place where innocent users can inadvertently fall prey to shrewd cyber criminals. These dangers, combined with a large portion of the South African population that has not had regular...

  13. ATIP Report: Cyber Security Research in China

    Science.gov (United States)

    2015-06-05

    networks such as telecommunications ( telecom ) carrier backbone networks has improved, but domain name systems remains the weak link concerning security...analysis, cloud security, mobile security, and security of wireless sensor networks in China, and an overview of these research achievements is...provided within. KEYWORDS: Government S&T Policy / Funding, Information Technology / IT, Mathematics, Telecommunications / Networking COUNTRY

  14. Cyber Security of Industrial Control Systems

    NARCIS (Netherlands)

    Luiijf, H.A.M.; Paske, B.J. te

    2015-01-01

    Our society and its citizens depend on the undisturbed functioning of (critical) infrastructures and their services. Crucial processes in most critical infrastructures, and in many other organisations, rely on the correct and undisturbed functioning of Industrial Control Systems (ICS). A failure of

  15. Wat maakt cyber security anders dan informatiebeveiliging?

    NARCIS (Netherlands)

    Van den Berg, J.

    2015-01-01

    De termen “informatiebeveiliging” en “cyber security” worden vaak door elkaar gebruikt soms met dezelfde, soms met een afwijkende betekenis. Velen spreken vandaag de dag ook over cyberspace, bijvoorbeeld als een nieuw (door de mens gecreëerd) vijfde domein naast de bestaande domeinen land, water,

  16. Using Arabic CAPTCHA for Cyber Security

    Science.gov (United States)

    Khan, Bilal; Alghathbar, Khaled S.; Khan, Muhammad Khurram; Alkelabi, Abdullah M.; Alajaji, Abdulaziz

    Bots are automated programs designed to make auto registrations in online services, resulting in wastage of resources and breach of web security. English based CAPTCHAs are used to prevent bots from abusing these online services. However, English based CAPTCHAs have some inherent flaws and have been broken by bots. In this paper, an Arabic text based CAPTCHA is proposed. The CAPTCHA text image is distorted with background noise. Background noise and dots in the Arabic text makes CAPTCHA hard to be broken by Arabic OCRs. The proposed scheme is useful in Arabic speaking countries and in protecting internet resources. The proposed CAPTCHA scheme is both secure and robust. Experimental results show that background noise is a good defense mechanism against OCR recognizing Arabic text.

  17. Requirements and Facilitators for Suicide Terrorism: an Explanatory Framework for Prediction and Prevention

    Directory of Open Access Journals (Sweden)

    Adam Lankford

    2011-12-01

    Full Text Available When it comes to explaining, predicting, and preventing suicide terrorism, there is a lot more important work to be done.  This paper draws on the most recent evidence about where suicide terrorism occurs and why to propose a basic explanatory framework.  Taking a bottom-up approach, it first identifies the minimum requirements for a suicide terrorism attack, and then outlines additional facilitators for the deadliest attacks and most prolonged suicide terrorism campaigns.  Next, it applies these variables to clarify popular misunderstandings about foreign occupation as the primary cause of suicide terrorism.  Finally, it shows how security officials can use this framework to develop a series of short term and long term countermeasures and begin to reduce the prevalence of suicide terrorism worldwide.

  18. Towards a Requirements Specification Multi-View Framework for Self-Adaptive Systems

    Directory of Open Access Journals (Sweden)

    Juan C. Muñoz-Fernández

    2015-08-01

    Full Text Available The analysis of self-adaptive systems (SAS requirements involves addressing uncertainty from several sources. Despite advances in requirements for SAS, uncertainty remains an extremely difficult challenge. In this paper, we propose REFAS, a framework to model the requirements of self-adaptive software systems. Our aim with REFAS is to address and reduce uncertainty and to provide a language with sufficient power of expression to specify the different aspects of self-adaptive systems, relative to functional and non-functional requirements. The REFAS modeling language includes concepts closely related to these kind of requirements and their fulfillment, such as context variables, claims, and soft dependencies. Specifically, the paper´s contribution is twofold. First, REFAS supports different viewpoints and concerns related to requirements modeling, with key associations between them. Moreover, the modeler can define additional models and views by exploiting the REFAS meta-modeling capability, in order to capture additional aspects contributing to reduce uncertainty. Second, REFAS promotes in-depth analysis of all of the modeled concerns with aggregation and association capabilities, especially with context variables. Furthermore, we also define a process that enforces modeling requirements, considering different aspects of uncertainty. We demonstrate the applicability of REFAS by using the VariaMos software tool, which implements the REFAS meta-model, views, and process.

  19. 从复杂网络视角评述智能电网信息安全研究现状及若干展望%Overviews and Prospects of the Cyber Security of Smart Grid from the View of Complex Network Theory

    Institute of Scientific and Technical Information of China (English)

    梅生伟; 王莹莹; 陈来军

    2011-01-01

    The future smart grid can be regarded as a dual compound network composed of the power network and cyber network, called CPPG. The study on the security of CPPG, especially the influence of the cyber security on the viability of the whole system, is of importance from both theory and engineering. This paper gives an overall o verview of studies on cyber security in power grid, and then proposes a new idea to study CPPG through developing the complex network theory. This study includes the modeling, topology characteristics extraction, cascading failure mechanism analysis and vulnerability assessment. The proposed research direction is hoped to establish the complex ity theory based on the CPPG, and the study results are expected to provide theoretic guidelines for the construction and operation of the future power grid, especially for the catastrophe prevention from the view of cyber security.%未来智能电网可视为信息/物理网相互依存的超大规模二元复合网络(cyber-physical power grid,CPPG).研究其安全理论特别是信息安全对全系统存活性的影响在理论和工程两方面均具有重要意义.全面论述了电网信息安全的国内外研究现状,提出将复杂网络理论加以发展并应用于CPPG的网络建模、拓扑结构特征提取、连锁故障机理分析和脆弱度评估的新思路.所提研究课题有望建立基于CPPG的二元网络复杂性理论,为未来智能电网的建设提供技术支撑,特别是对从信息安全角度防止系统灾变具有重要意义.

  20. AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS

    Directory of Open Access Journals (Sweden)

    JAE-GU SONG

    2013-10-01

    Full Text Available Instrumentation and control systems in nuclear power plants have been digitalized for the purpose of maintenance and precise operation. This digitalization, however, brings out issues related to cyber security. In the most recent past, international standard organizations, regulatory institutes, and research institutes have performed a number of studies addressing these systems cyber security. In order to provide information helpful to the system designers in their application of cyber security for the systems, this paper presents methods and considerations to define attack vectors in a target system, to review and select the requirements in the Regulatory Guide 5.71, and to integrate the results to identify applicable technical security control requirements. In this study, attack vectors are analyzed through the vulnerability analyses and penetration tests with a simplified safety system, and the elements of critical digital assets acting as attack vectors are identified. Among the security control requirements listed in Appendices B and C to Regulatory Guide 5.71, those that should be implemented into the systems are selected and classified in groups of technical security control requirements using the results of the attack vector analysis. For the attack vector elements of critical digital assets, all the technical security control requirements are evaluated to determine whether they are applicable and effective, and considerations in this evaluation are also discussed. The technical security control requirements in three important categories of access control, monitoring and logging, and encryption are derived and grouped according to the elements of attack vectors as results for the sample safety system.

  1. Framework for establishing records control in hospitals as an ISO 9001 requirement.

    Science.gov (United States)

    Al-Qatawneh, Lina

    2017-02-13

    Purpose The purpose of this paper is to present the process followed to control records in a Jordanian private community hospital as an ISO 9001:2008 standard requirement. Design/methodology/approach Under the hospital quality council's supervision, the quality management and development office staff were responsible for designing, planning and implementing the quality management system (QMS) using the ISO 9001:2008 standard. A policy for records control was established. An action plan for establishing the records control was developed and implemented. On completion, a coding system for records was specified to be used by hospital staff. Finally, an internal audit was performed to verify conformity to the ISO 9001:2008 standard requirements. Findings Successful certification by a neutral body ascertained that the hospital's QMS conformed to the ISO 9001:2008 requirements. A framework was developed that describes the records controlling process, which can be used by staff in any healthcare organization wanting to achieve ISO 9001:2008 accreditation. Originality/value Given the increased interest among healthcare organizations to achieve the ISO 9001 certification, the proposed framework for establishing records control is developed and is expected to be a valuable management tool to improve and sustain healthcare quality.

  2. Framework for crisis preparedness planning: Four required areas for developing a learning process.

    Science.gov (United States)

    Eriksson, Kerstin

    2015-01-01

    To outline a framework for preparedness planning at the organizational level. The study is based on a content analysis of research literature as well as an analysis of interviews with six preparedness planners working in Swedish local authorities. The study setting included Swedish local authorities of different sizes. The participants are preparedness planners responsible for coordinating crisis management work in Swedish local authorities. The study includes preparedness planners with different backgrounds, education, experiences, and gender. A presentation of 19 factors of preparedness planning identified in the literature and a discussion around how preparedness planners perceive those factors. The main outcome measures are knowledge about how both researcher and practitioner understand and argue around different factors of preparedness planning. The result of this study is a framework for preparedness planning. As preparedness planning ought to be a learning process, the presented framework builds on four areas connected to learning: prerequisites for preparedness planning, who should be involved, what is to be learned, and how should the work be shaped. The analysis of factors identified in the literature and also in the interviews with preparedness planners illustrates that the four areas connected to learning are required for developing a preparedness planning process.

  3. Laboratory evaluation of dynamic traffic assignment systems: Requirements, framework, and system design

    Energy Technology Data Exchange (ETDEWEB)

    Miaou, S.-P.; Pillai, R.S.; Summers, M.S.; Rathi, A.K. [Oak Ridge National Lab., TN (United States); Lieu, H.C. [Federal Highway Administration, McLean, VA (United States). Intelligent Systems Div.

    1997-01-01

    The success of Advanced Traveler Information 5ystems (ATIS) and Advanced Traffic Management Systems (ATMS) depends on the availability and dissemination of timely and accurate estimates of current and emerging traffic network conditions. Real-time Dynamic Traffic Assignment (DTA) systems are being developed to provide the required timely information. The DTA systems will provide faithful and coherent real-time, pre-trip, and en-route guidance/information which includes routing, mode, and departure time suggestions for use by travelers, ATIS, and ATMS. To ensure the credibility and deployment potential of such DTA systems, an evaluation system supporting all phases of DTA system development has been designed and presented in this paper. This evaluation system is called the DTA System Laboratory (DSL). A major component of the DSL is a ground- truth simulator, the DTA Evaluation System (DES). The DES is envisioned to be a virtual representation of a transportation system in which ATMS and ATIS technologies are deployed. It simulates the driving and decision-making behavior of travelers in response to ATIS and ATMS guidance, information, and control. This paper presents the major evaluation requirements for a DTA Systems, a modular modeling framework for the DES, and a distributed DES design. The modeling framework for the DES is modular, meets the requirements, can be assembled using both legacy and independently developed modules, and can be implemented as a either a single process or a distributed system. The distributed design is extendible, provides for the optimization of distributed performance, and object-oriented design within each distributed component. A status report on the development of the DES and other research applications is also provided.

  4. Laboratory evaluation of dynamic traffic assignment systems: Requirements, framework, and system design

    Energy Technology Data Exchange (ETDEWEB)

    Miaou, S.-P.; Pillai, R.S.; Summers, M.S.; Rathi, A.K. [Oak Ridge National Lab., TN (United States); Lieu, H.C. [Federal Highway Administration, McLean, VA (United States). Intelligent Systems Div.

    1997-01-01

    The success of Advanced Traveler Information 5ystems (ATIS) and Advanced Traffic Management Systems (ATMS) depends on the availability and dissemination of timely and accurate estimates of current and emerging traffic network conditions. Real-time Dynamic Traffic Assignment (DTA) systems are being developed to provide the required timely information. The DTA systems will provide faithful and coherent real-time, pre-trip, and en-route guidance/information which includes routing, mode, and departure time suggestions for use by travelers, ATIS, and ATMS. To ensure the credibility and deployment potential of such DTA systems, an evaluation system supporting all phases of DTA system development has been designed and presented in this paper. This evaluation system is called the DTA System Laboratory (DSL). A major component of the DSL is a ground- truth simulator, the DTA Evaluation System (DES). The DES is envisioned to be a virtual representation of a transportation system in which ATMS and ATIS technologies are deployed. It simulates the driving and decision-making behavior of travelers in response to ATIS and ATMS guidance, information, and control. This paper presents the major evaluation requirements for a DTA Systems, a modular modeling framework for the DES, and a distributed DES design. The modeling framework for the DES is modular, meets the requirements, can be assembled using both legacy and independently developed modules, and can be implemented as a either a single process or a distributed system. The distributed design is extendible, provides for the optimization of distributed performance, and object-oriented design within each distributed component. A status report on the development of the DES and other research applications is also provided.

  5. Do smartphone applications in healthcare require a governance and legal framework? It depends on the application!

    Science.gov (United States)

    Charani, Esmita; Castro-Sánchez, Enrique; Moore, Luke S P; Holmes, Alison

    2014-02-14

    The fast pace of technological improvement and the rapid development and adoption of healthcare applications present crucial challenges for clinicians, users and policy makers. Some of the most pressing dilemmas include the need to ensure the safety of applications and establish their cost-effectiveness while engaging patients and users to optimize their integration into health decision-making. Healthcare organizations need to consider the risk of fragmenting clinical practice within the organization as a result of too many apps being developed or used, as well as mechanisms for app integration into the wider electronic health records through development of governance framework for their use. The impact of app use on the interactions between clinicians and patients needs to be explored, together with the skills required for both groups to benefit from the use of apps. Although healthcare and academic institutions should support the improvements offered by technological advances, they must strive to do so within robust governance frameworks, after sound evaluation of clinical outcomes and examination of potential unintended consequences.

  6. A decision-making framework to model environmental flow requirements in oasis areas using Bayesian networks

    Science.gov (United States)

    Xue, Jie; Gui, Dongwei; Zhao, Ying; Lei, Jiaqiang; Zeng, Fanjiang; Feng, Xinlong; Mao, Donglei; Shareef, Muhammad

    2016-09-01

    The competition for water resources between agricultural and natural oasis ecosystems has become an increasingly serious problem in oasis areas worldwide. Recently, the intensive extension of oasis farmland has led to excessive exploitation of water discharge, and consequently has resulted in a lack of water supply in natural oasis. To coordinate the conflicts, this paper provides a decision-making framework for modeling environmental flows in oasis areas using Bayesian networks (BNs). Three components are included in the framework: (1) assessment of agricultural economic loss due to meeting environmental flow requirements; (2) decision-making analysis using BNs; and (3) environmental flow decision-making under different water management scenarios. The decision-making criterion is determined based on intersection point analysis between the probability of large-level total agro-economic loss and the ratio of total to maximum agro-economic output by satisfying environmental flows. An application in the Qira oasis area of the Tarim Basin, Northwest China indicates that BNs can model environmental flow decision-making associated with agricultural economic loss effectively, as a powerful tool to coordinate water-use conflicts. In the case study, the environmental flow requirement is determined as 50.24%, 49.71% and 48.73% of the natural river flow in wet, normal and dry years, respectively. Without further agricultural economic loss, 1.93%, 0.66% and 0.43% of more river discharge can be allocated to eco-environmental water demands under the combined strategy in wet, normal and dry years, respectively. This work provides a valuable reference for environmental flow decision-making in any oasis area worldwide.

  7. The methodological soundness of requirements engineering papers: a conceptual framework and two case studies

    NARCIS (Netherlands)

    Wieringa, Roelf J.; Heerkens, Johannes M.G.

    This paper was triggered by concerns about the methodological soundness of many RE papers. We present a conceptual framework that distinguishes design papers from research papers, and show that in this framework, what is called a research paper in RE is often a design paper. We then present and

  8. Cost-effectiveness of Security Measures: A model-based Framework

    DEFF Research Database (Denmark)

    Pieters, Wolter; Probst, Christian W.; Lukszo, Zofia

    2014-01-01

    Recently, cyber security has become an important topic on the agenda of many organisations. It is already widely acknowledged that attacks do happen, and decision makers face the problem of how to respond. As it is almost impossible to secure a complex system completely, it is important to have a...... the question of how to guarantee cost-effectiveness of security measures. They investigate the possibility of using existing frameworks and tools, the challenges in a security context as opposed to a safety context, and directions for future research....... an adequate estimate of the effectiveness of security measures when making investment decisions. Risk concepts are known in principle, but estimating the effectiveness of countermeasure proves to be difficult and cannot be achieved by qualitative approaches only. In this chapter, the authors consider...

  9. Cost-optimal levels for energy performance requirements:The Concerted Action's input to the Framework Methodology

    OpenAIRE

    Thomsen, Kirsten Engelund; Aggerholm, Søren; Kluttig-Erhorn, Heike; Erhorn, Hans; Poel, Bart; Hitchin, Roger

    2011-01-01

    The CA conducted a study on experiences and challenges for setting cost optimal levels for energy performance requirements. The results were used as input by the EU Commission in their work of establishing the Regulation on a comparative methodology framework for calculating cost optimal levels of minimum energy performance requirements. In addition to the summary report released in August 2011, the full detailed report on this study is now also made available, just as the EC is about to publ...

  10. Using a data fusion-based activity recognition framework to determine surveillance system requirements

    CSIR Research Space (South Africa)

    Le Roux, WH

    2007-07-01

    Full Text Available activity recognition framework for maritime applications (Adapted from [20]) III. APPLYING THE FRAMEWORK A. Use Cases Use cases [12] are valuable means of capturing transactions between users and systems. In the maritime surveillance environment, a.... D. Vessel Capabilities In terms of capabilities, the design, deployment and devel- opment sub-elements have to be estimated from information and data sources. To establish that a vessel is engaged in illegal fishing activities, basic criteria...

  11. 信息安全进入“控”时代,亟待培育国家网络空间安全与发展战略文化%Developing and Flourishing Cyber Security Strategic Culture in an Era of Controllability

    Institute of Scientific and Technical Information of China (English)

    吴世忠; 秦安

    2013-01-01

    进入“控”时代,信息成为国家的核心资产,信息的控制与反控制成为国家安全的核心内容,培育“信息强国、自主可控、网络国防”为核心的国家网络空间安全与发展战略文化,发挥“主导文化、引导产业、建设国防”的作用,催生中国信息产业“十八罗汉”,建设网络国防力量,成为实现“中国梦”的必然选择。%Entering an era charactering control ability pursuit and information’s importance as a national asset, control ing and anti-control ing of information has been seen as an integral part of national security. It is time to develop our own cyber security strategic culture, with core principle of building a big cyber power, achieving independence and control ability as wel as strengthening cyber defense, thus to help guiding dominant culture, industry development and strengthening national defense, expecting the emergence of the“eighteen arhats”of China IT industry. It is also a must to do on the path to realize the Chinese Dream.

  12. A Quality Framework for Agile Requirements: A Practitioner’s Perspective

    NARCIS (Netherlands)

    Heck, P.; Zaidman, A.

    2014-01-01

    Verification activities are necessary to ensure that the requirements are specified in a correct way. However, until now requirements verification research has focused on traditional up-front requirements. Agile or just-in-time requirements are by definition incomplete, not specific and might be

  13. Use of models to support the monitoring requirements in the water framework directive

    NARCIS (Netherlands)

    Højberg, A.L.; Refsgaard, J.C.; Geer, F. van; Jørgensen, L.F.; Zsuffa, I.

    2007-01-01

    Implementation of the EU Water Framework Directive (WFD) poses many new challenges to European water managers. Monitoring programmes play a key role to assess the status and identify possible trends in the environmental conditions of river basins; to gain new knowledge on water processes and to

  14. Use of models to support the monitoring requirements in the water framework directive

    NARCIS (Netherlands)

    Højberg, A.L.; Refsgaard, J.C.; Geer, F. van; Jørgensen, L.F.; Zsuffa, I.

    2007-01-01

    Implementation of the EU Water Framework Directive (WFD) poses many new challenges to European water managers. Monitoring programmes play a key role to assess the status and identify possible trends in the environmental conditions of river basins; to gain new knowledge on water processes and to asse

  15. 75 FR 62592 - Applications and Amendments to Facility Operating Licenses Involving Proposed No Significant...

    Science.gov (United States)

    2010-10-12

    ... amendments to the Renewed Facility Operating Licenses include: (1) The proposed Cyber Security Plan for CCNPP... implement and maintain in effect all provisions of the Nuclear Regulatory Commission-approved Cyber Security... cyber security program. This regulation specifically requires each licensee currently licensed...

  16. 75 FR 35508 - Draft Regulatory Guide: Issuance, Availability

    Science.gov (United States)

    2010-06-22

    ...,'' requires licensees to develop cyber-security plans and programs to protect critical digital assets, including digital safety systems, from malicious cyber attacks. Regulatory Guide 5.71, ``Cyber Security...: 1. Eliminates all reference to cyber security, malicious activity, or attacks, as...

  17. Transaction-based building controls framework, Volume 2: Platform descriptive model and requirements

    Energy Technology Data Exchange (ETDEWEB)

    Akyol, Bora A. [Pacific Northwest National Laboratory (PNNL), Richland, WA (United States); Haack, Jereme N. [Pacific Northwest National Laboratory (PNNL), Richland, WA (United States); Carpenter, Brandon J. [Pacific Northwest National Laboratory (PNNL), Richland, WA (United States); Katipamula, Srinivas [Pacific Northwest National Laboratory (PNNL), Richland, WA (United States); Lutes, Robert G. [Pacific Northwest National Laboratory (PNNL), Richland, WA (United States); Hernandez, George [Pacific Northwest National Laboratory (PNNL), Richland, WA (United States)

    2015-07-31

    Transaction-based Building Controls (TBC) offer a control systems platform that provides an agent execution environment that meets the growing requirements for security, resource utilization, and reliability. This report outlines the requirements for a platform to meet these needs and describes an illustrative/exemplary implementation.

  18. Ensuring HL7-based information model requirements within an ontology framework.

    Science.gov (United States)

    Ouagne, David; Nadah, Nadia; Schober, Daniel; Choquet, Rémy; Teodoro, Douglas; Colaert, Dirk; Schulz, Stefan; Jaulent, Marie-Christine; Daniel, Christel

    2010-01-01

    This paper describes the building of an HL7-based Information Model Ontology (IMO) that can be exploited by a domain ontology in order to distribute querying over different clinical data repositories. We employed the Open Medical Development Framework (OMDF) based on a model driven development methodology. OMDF provides model transformation features to build an HL7-based information model that covers the conceptual scope of a target project. The resulting IMO is used to mediate between ontologically queries and information retrieval from semantically less defined Hospital Information Systems (HIS). In the context of the DebugIT project - which scope corresponds to the control of infectious diseases and antimicrobial resistances - Information Model Ontology is integrated to the DebugIT domain ontology in order to express queries.

  19. Understanding the Paris agreement: analysing the reporting requirements under the enhanced transparency framework

    DEFF Research Database (Denmark)

    Desgain, Denis DR; Sharma, Sudhir

    . The Agreement will enter into force on the thirtieth day after the date on which at least 55 Parties to the Convention, accounting in total for at least an estimated 55 percent of total global greenhouse gas emissions, will have deposited their instruments of ratification/acceptance/approval/accession. As of 5......At the Paris climate conference (COP-21) in December 2015, the Conference of the Parties decided to adopt the Paris Agreement under the United Nations Framework Convention on Climate Change. This was the first time that 195 Parties had agreed on a universal, legally binding climate instrument......th October 2016, 74 Par¬ties had ratified the Agreement, accounting for 58.82% of global GHG emissions.1 The Paris Agreement will thus enter into force on 4th November 2016....

  20. An analytical framework for data stream mining techniques based on challenges and requirements

    CERN Document Server

    Kholghi, Mahnoosh

    2011-01-01

    A growing number of applications that generate massive streams of data need intelligent data processing and online analysis. Real-time surveillance systems, telecommunication systems, sensor networks and other dynamic environments are such examples. The imminent need for turning such data into useful information and knowledge augments the development of systems, algorithms and frameworks that address streaming challenges. The storage, querying and mining of such data sets are highly computationally challenging tasks. Mining data streams is concerned with extracting knowledge structures represented in models and patterns in non stopping streams of information. Generally, two main challenges are designing fast mining methods for data streams and need to promptly detect changing concepts and data distribution because of highly dynamic nature of data streams. The goal of this article is to analyze and classify the application of diverse data mining techniques in different challenges of data stream mining. In this...

  1. Suggestion of a Framework to Analyze Failure Modes and Effect of Cyber Attacks in NPP

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Chan Young; Seong, Poong Hyun [KAIST, Daejeon (Korea, Republic of)

    2016-05-15

    The cyber security issue on NPP is inevitable issue. Unlike general cyber security, cyber-physical system like NPP can induce serious consequences such as core damage by cyber-attack. So in this paper, to find how hacker can attack the NPP, (1) PSA results were utilized to find the relationship between physical system and cyber-attack and (2) vulnerabilities on digital control systems were investigated to find how hacker can implement the possible attack. It is expected that these steps are utilized when establishing penetration test plans or cyber security drill plans.

  2. Cost optimal building performance requirements. Calculation methodology for reporting on national energy performance requirements on the basis of cost optimality within the framework of the EPBD

    Energy Technology Data Exchange (ETDEWEB)

    Boermans, T.; Bettgenhaeuser, K.; Hermelink, A.; Schimschar, S. [Ecofys, Utrecht (Netherlands)

    2011-05-15

    On the European level, the principles for the requirements for the energy performance of buildings are set by the Energy Performance of Buildings Directive (EPBD). Dating from December 2002, the EPBD has set a common framework from which the individual Member States in the EU developed or adapted their individual national regulations. The EPBD in 2008 and 2009 underwent a recast procedure, with final political agreement having been reached in November 2009. The new Directive was then formally adopted on May 19, 2010. Among other clarifications and new provisions, the EPBD recast introduces a benchmarking mechanism for national energy performance requirements for the purpose of determining cost-optimal levels to be used by Member States for comparing and setting these requirements. The previous EPBD set out a general framework to assess the energy performance of buildings and required Member States to define maximum values for energy delivered to meet the energy demand associated with the standardised use of the building. However it did not contain requirements or guidance related to the ambition level of such requirements. As a consequence, building regulations in the various Member States have been developed by the use of different approaches (influenced by different building traditions, political processes and individual market conditions) and resulted in different ambition levels where in many cases cost optimality principles could justify higher ambitions. The EPBD recast now requests that Member States shall ensure that minimum energy performance requirements for buildings are set 'with a view to achieving cost-optimal levels'. The cost optimum level shall be calculated in accordance with a comparative methodology. The objective of this report is to contribute to the ongoing discussion in Europe around the details of such a methodology by describing possible details on how to calculate cost optimal levels and pointing towards important factors and

  3. A Framework for Assessing Continuing Professional Development Activities for Satisfying Pharmacy Revalidation Requirements

    Science.gov (United States)

    Donyai, Parastou; Alexander, Angela M.; Denicolo, Pam M.

    2013-01-01

    Introduction: The United Kingdom's pharmacy regulator contemplated using continuing professional development (CPD) in pharmacy revalidation in 2009, simultaneously asking pharmacy professionals to demonstrate the value of their CPD by showing its relevance and impact. The idea of linking new CPD requirements with revalidation was yet to be…

  4. A Framework for Assessing Continuing Professional Development Activities for Satisfying Pharmacy Revalidation Requirements

    Science.gov (United States)

    Donyai, Parastou; Alexander, Angela M.; Denicolo, Pam M.

    2013-01-01

    Introduction: The United Kingdom's pharmacy regulator contemplated using continuing professional development (CPD) in pharmacy revalidation in 2009, simultaneously asking pharmacy professionals to demonstrate the value of their CPD by showing its relevance and impact. The idea of linking new CPD requirements with revalidation was yet to be…

  5. A Framework for Assessing Continuing Professional Development Activities for Satisfying Pharmacy Revalidation Requirements

    Science.gov (United States)

    Donyai, Parastou; Alexander, Angela M.; Denicolo, Pam M.

    2013-01-01

    Introduction: The United Kingdom's pharmacy regulator contemplated using continuing professional development (CPD) in pharmacy revalidation in 2009, simultaneously asking pharmacy professionals to demonstrate the value of their CPD by showing its relevance and impact. The idea of linking new CPD requirements with revalidation was yet to be…

  6. A Framework for Evaluating Computer Architectures to Support Systems with Security Requirements, with Applications.

    Science.gov (United States)

    1987-11-05

    develops a set of criteria for evaluating computer architectures that are to support sy’stemns v% ith securit % requirements. Central to these criteria is the...M.. u Fu ’VMR Appendix B DEC VAX-11/780 OVERVIEW The VAX-I1/780 is a 32-bit computer with a virtual memory space of up to 4G -bytes IBI]. The

  7. Report on the Working Group set up to Study the Requirements for Operating the SPS within the INB Framework (INBOPS)

    CERN Document Server

    Ball, A; Charavay, R; Elsener, K; Faugier, A; Jacot, C; Jirdén, L; Menzel, Hans Gregor; Pajunen, J; Poole, John; Roy, G; Silari, Marco; Spinks, Alan; Tsesmelis, E; Wahl, H

    2001-01-01

    The convention signed with the French authorities for the LHC defines a new Installation Nucléaire de Base (INB). The LHC machine tunnel, the experiments, some buildings which cover access shafts to the machine and the SPS with its extraction lines up to the targets are all inside the new perimeter. The new convention came into effect in September 2000 and therefore the SPS fell within the new context from that time. As a consequence, SL has to operate the SPS within this new regulatory framework and a small working group was set up to look at the requirements and to estimate the resources required. The conclusions of the working group are reported in this paper.

  8. Groundwater Storage vs. Surface Water Storage - Why Sustainability Requires a Different Management Framework

    Science.gov (United States)

    Mehl, S.; Davids, J. C.

    2015-12-01

    Storing water in times of excess for use in times of shortage is an essential water-management tool, especially in climates typified by precipitation in one season and demand in another. The three primary water storage mechanisms in the Western US, and much of the world in fact, are: seasonal snow pack, surface water reservoirs, and groundwater aquifers. In California, nearly every major river has one or more large dam and reservoir and current focus has shifted toward off-stream storage. In addition to California's surface reservoirs, groundwater aquifers provide huge volumes of water storage that are heavily utilized during times of drought. With California's new Sustainable Groundwater Management Act (SGMA) substantial attention is presently focused on developing strategies for using groundwater storage more effectively in conjunction with surface-storage reservoirs. However, compared to surface water storage, we need to think differently and develop new frameworks if we want to manage groundwater storage sustainably. Despite its immense capacity, groundwater storage is harder to manage because there are physical constraints to how fast water can be put into and withdrawn from aquifers, its boundaries are not as well defined as those of a surface reservoir, and it is part of a dynamic, porous media flow system where the Theis concepts of capture govern. Therefore, groundwater does not behave as a level pool like surface water reservoirs, which has several implications for effective management: 1) extraction/injection locations can have substantial impacts on the system, 2) interactions with the surface water systems can be nonlinear and complex and 3) hydraulic effects can continue long after pumping/injection has stopped. These nonlinear spatial and temporal responses, coupled with long time scales, makes management of groundwater storage much different than surface water storage. Furthermore, failure to fully understand these issues can lead to mismanagement

  9. A Formal Framework of Multi-Agent Systems with Requirement/Service Cooperative Style

    Institute of Scientific and Technical Information of China (English)

    王怀民; 吴泉源

    2000-01-01

    Adopting three kinds of speech acts: request, promise, and inform, this paper analyses the interaction among agents in a kind of multi-agent systems with requirements/services cooperation style (MASr-s). The paper gives the objective model the theoretic satisfaction conditions of three kinds of speech acts in MASr-s. The formal definition of MASr-s has been presented. To evaluate concrete implementation architecture and mechanism of the variant MASr-s, including client/server computing architecture and mechanism, a spectrum of MASr-s has been proposed, which captures direct request/passive service mechanism, direct request/active service mechanism, indirect request/active service mechanism, and peerto-peer request/service mechanism. The spectrum shows a thread to improve traditional client/server computing.

  10. Sustainability requirements for foresight - A suggestion of a framework of principles

    DEFF Research Database (Denmark)

    Borup, M.

    2005-01-01

    in a world that on many points is fast changing. This paper attempts to give an answer to this dilemma. It describes a set of requirements for foresightfrom the sustainability challenge and discusses principles for foresight methods dealing with sustainability. The principles e.g. concern production......Sustainability is a challenge facing all actors and organisations in the present years. Among the many different methods for future-oriented analysis, discussion and planning, a considerable share has been criticized for not being capable of addressingaspects of environmental sustainability....... The critique e.g. argues that foresight is not sufficiently problem-oriented and not sufficiently integrated in the actual, complex realities and, thereby, too superficial for the challenges of sustainability.Still, foresight and future-oriented strategic management seem to be increasingly usual and needed...

  11. A Framework for Integrating Biosimilars Into the Didactic Core Requirements of a Doctor of Pharmacy Curriculum.

    Science.gov (United States)

    Li, Edward; Liu, Jennifer; Ramchandani, Monica

    2017-04-01

    Biologic drugs approved via the abbreviated United States biosimilar approval pathway are anticipated to improve access to medications by addressing increasing health care expenditures. Surveys of health care practitioners indicate that there is inadequate knowledge and understanding about biosimilars; this must be addressed to ensure safe and effective use of this new category of products. Concepts of biosimilar development, manufacturing, regulation, naming, formulary, and inventory considerations, as well as patient and provider education should be included within the doctor of pharmacy (PharmD) curriculum as preparation for clinical practice. Based on these considerations, we propose that PharmD graduates be required to have knowledge in the following domains regarding biologics and biosimilars: legal definition, development and regulation, state pharmacy practice laws, and pharmacy practice management. We link these general biosimilar concepts to the Accreditation Council for Pharmacy Education (ACPE) Standards 2016 and Center for the Advancement of Pharmacy Education (CAPE) Outcomes 2013, and provide example classroom learning objectives, in-class activities, and assessments to guide implementation.

  12. Cyber crisis management: a decision-support framework for disclosing security incident information

    NARCIS (Netherlands)

    Kulikova, Olga; Heil, Ronald; van den Berg, Jan; Pieters, Wolter

    2012-01-01

    The growing sophistication and frequency of cyber attacks force modern companies to be prepared beforehand for potential cyber security incidents and data leaks. A proper incident disclosure strategy can significantly improve timeliness and effectiveness of incident response activities, reduce legal

  13. Risk assessment of agricultural water requirement based on a multi-model ensemble framework, southwest of Iran

    Science.gov (United States)

    Zamani, Reza; Akhond-Ali, Ali-Mohammad; Roozbahani, Abbas; Fattahi, Rouhollah

    2017-08-01

    Water shortage and climate change are the most important issues of sustainable agricultural and water resources development. Given the importance of water availability in crop production, the present study focused on risk assessment of climate change impact on agricultural water requirement in southwest of Iran, under two emission scenarios (A2 and B1) for the future period (2025-2054). A multi-model ensemble framework based on mean observed temperature-precipitation (MOTP) method and a combined probabilistic approach Long Ashton Research Station-Weather Generator (LARS-WG) and change factor (CF) have been used for downscaling to manage the uncertainty of outputs of 14 general circulation models (GCMs). The results showed an increasing temperature in all months and irregular changes of precipitation (either increasing or decreasing) in the future period. In addition, the results of the calculated annual net water requirement for all crops affected by climate change indicated an increase between 4 and 10 %. Furthermore, an increasing process is also expected regarding to the required water demand volume. The most and the least expected increase in the water demand volume is about 13 and 5 % for A2 and B1 scenarios, respectively. Considering the results and the limited water resources in the study area, it is crucial to provide water resources planning in order to reduce the negative effects of climate change. Therefore, the adaptation scenarios with the climate change related to crop pattern and water consumption should be taken into account.

  14. Risk assessment of agricultural water requirement based on a multi-model ensemble framework, southwest of Iran

    Science.gov (United States)

    Zamani, Reza; Akhond-Ali, Ali-Mohammad; Roozbahani, Abbas; Fattahi, Rouhollah

    2016-06-01

    Water shortage and climate change are the most important issues of sustainable agricultural and water resources development. Given the importance of water availability in crop production, the present study focused on risk assessment of climate change impact on agricultural water requirement in southwest of Iran, under two emission scenarios (A2 and B1) for the future period (2025-2054). A multi-model ensemble framework based on mean observed temperature-precipitation (MOTP) method and a combined probabilistic approach Long Ashton Research Station-Weather Generator (LARS-WG) and change factor (CF) have been used for downscaling to manage the uncertainty of outputs of 14 general circulation models (GCMs). The results showed an increasing temperature in all months and irregular changes of precipitation (either increasing or decreasing) in the future period. In addition, the results of the calculated annual net water requirement for all crops affected by climate change indicated an increase between 4 and 10 %. Furthermore, an increasing process is also expected regarding to the required water demand volume. The most and the least expected increase in the water demand volume is about 13 and 5 % for A2 and B1 scenarios, respectively. Considering the results and the limited water resources in the study area, it is crucial to provide water resources planning in order to reduce the negative effects of climate change. Therefore, the adaptation scenarios with the climate change related to crop pattern and water consumption should be taken into account.

  15. Deriving Requirements for Pervasive Well-Being Technology From Work Stress and Intervention Theory: Framework and Case Study.

    Science.gov (United States)

    Koldijk, Saskia; Kraaij, Wessel; Neerincx, Mark A

    2016-07-05

    Stress in office environments is a big concern, often leading to burn-out. New technologies are emerging, such as easily available sensors, contextual reasoning, and electronic coaching (e-coaching) apps. In the Smart Reasoning for Well-being at Home and at Work (SWELL) project, we explore the potential of using such new pervasive technologies to provide support for the self-management of well-being, with a focus on individuals' stress-coping. Ideally, these new pervasive systems should be grounded in existing work stress and intervention theory. However, there is a large diversity of theories and they hardly provide explicit directions for technology design. The aim of this paper is to present a comprehensive and concise framework that can be used to design pervasive technologies that support knowledge workers to decrease stress. Based on a literature study we identify concepts relevant to well-being at work and select different work stress models to find causes of work stress that can be addressed. From a technical perspective, we then describe how sensors can be used to infer stress and the context in which it appears, and use intervention theory to further specify interventions that can be provided by means of pervasive technology. The resulting general framework relates several relevant theories: we relate "engagement and burn-out" to "stress", and describe how relevant aspects can be quantified by means of sensors. We also outline underlying causes of work stress and how these can be addressed with interventions, in particular utilizing new technologies integrating behavioral change theory. Based upon this framework we were able to derive requirements for our case study, the pervasive SWELL system, and we implemented two prototypes. Small-scale user studies proved the value of the derived technology-supported interventions. The presented framework can be used to systematically develop theory-based technology-supported interventions to address work stress. In

  16. Deriving Requirements for Pervasive Well-Being Technology From Work Stress and Intervention Theory: Framework and Case Study

    Science.gov (United States)

    Koldijk, Saskia; Kraaij, Wessel

    2016-01-01

    Background Stress in office environments is a big concern, often leading to burn-out. New technologies are emerging, such as easily available sensors, contextual reasoning, and electronic coaching (e-coaching) apps. In the Smart Reasoning for Well-being at Home and at Work (SWELL) project, we explore the potential of using such new pervasive technologies to provide support for the self-management of well-being, with a focus on individuals' stress-coping. Ideally, these new pervasive systems should be grounded in existing work stress and intervention theory. However, there is a large diversity of theories and they hardly provide explicit directions for technology design. Objective The aim of this paper is to present a comprehensive and concise framework that can be used to design pervasive technologies that support knowledge workers to decrease stress. Methods Based on a literature study we identify concepts relevant to well-being at work and select different work stress models to find causes of work stress that can be addressed. From a technical perspective, we then describe how sensors can be used to infer stress and the context in which it appears, and use intervention theory to further specify interventions that can be provided by means of pervasive technology. Results The resulting general framework relates several relevant theories: we relate “engagement and burn-out” to “stress”, and describe how relevant aspects can be quantified by means of sensors. We also outline underlying causes of work stress and how these can be addressed with interventions, in particular utilizing new technologies integrating behavioral change theory. Based upon this framework we were able to derive requirements for our case study, the pervasive SWELL system, and we implemented two prototypes. Small-scale user studies proved the value of the derived technology-supported interventions. Conclusions The presented framework can be used to systematically develop theory

  17. Efficient packet forwarding using cyber-security aware policies

    Energy Technology Data Exchange (ETDEWEB)

    Ros-Giralt, Jordi

    2017-04-04

    For balancing load, a forwarder can selectively direct data from the forwarder to a processor according to a loading parameter. The selective direction includes forwarding the data to the processor for processing, transforming and/or forwarding the data to another node, and dropping the data. The forwarder can also adjust the loading parameter based on, at least in part, feedback received from the processor. One or more processing elements can store values associated with one or more flows into a structure without locking the structure. The stored values can be used to determine how to direct the flows, e.g., whether to process a flow or to drop it. The structure can be used within an information channel providing feedback to a processor.

  18. Cyber security challenges in Smart Cities: Safety, security and privacy.

    Science.gov (United States)

    Elmaghraby, Adel S; Losavio, Michael M

    2014-07-01

    The world is experiencing an evolution of Smart Cities. These emerge from innovations in information technology that, while they create new economic and social opportunities, pose challenges to our security and expectations of privacy. Humans are already interconnected via smart phones and gadgets. Smart energy meters, security devices and smart appliances are being used in many cities. Homes, cars, public venues and other social systems are now on their path to the full connectivity known as the "Internet of Things." Standards are evolving for all of these potentially connected systems. They will lead to unprecedented improvements in the quality of life. To benefit from them, city infrastructures and services are changing with new interconnected systems for monitoring, control and automation. Intelligent transportation, public and private, will access a web of interconnected data from GPS location to weather and traffic updates. Integrated systems will aid public safety, emergency responders and in disaster recovery. We examine two important and entangled challenges: security and privacy. Security includes illegal access to information and attacks causing physical disruptions in service availability. As digital citizens are more and more instrumented with data available about their location and activities, privacy seems to disappear. Privacy protecting systems that gather data and trigger emergency response when needed are technological challenges that go hand-in-hand with the continuous security challenges. Their implementation is essential for a Smart City in which we would wish to live. We also present a model representing the interactions between person, servers and things. Those are the major element in the Smart City and their interactions are what we need to protect.

  19. The process matters: cyber security in industrial control systems

    NARCIS (Netherlands)

    Hadžiosmanović, Dina

    2014-01-01

    An industrial control system (ICS) is a computer system that controls industrial processes such as power plants, water and gas distribution, food production, etc. Since cyber-attacks on an ICS may have devastating consequences on human lives and safety in general, the security of ICS is important. I

  20. Institutional Foundations for Cyber Security: Current Responses and New Challenges

    Science.gov (United States)

    2010-09-01

    N/A WSIS: World Summit on the Information Society Global summit on information security; publishes resolutions and monitors implementation...extension of OECD’s core mission and provides a common approach for all member states. WSIS. The World Summit on the Information Society (WSIS...organization’ but are likely to retain a long standing institutional presence on the international arena (such as the World Summit on the Information

  1. Advanced Course in Engineering (ACE) - Cyber Security Boot Camp

    Science.gov (United States)

    2008-04-01

    drives, classifying file systems, one-way hashes, digital signatures and steganography . 6. Steganography : data hiding in multimedia (images, audio , video...classifying steganography algorithms and tools, steganographic capacity, detection and recovery of hidden data, digital data watermarking, watermark...robustness, digital data forensics. 7. Covert Channels: Third Wave society, timing and storage channels, protocol steganography , TCP/IP covert

  2. A genetic epidemiology approach to cyber-security

    National Research Council Canada - National Science Library

    Gil, Santiago; Kott, Alexander; Barabási, Albert-László

    2014-01-01

    While much attention has been paid to the vulnerability of computer networks to node and link failure, there is limited systematic understanding of the factors that determine the likelihood that a node (computer) is compromised...

  3. Cyber-security in smart cities: The case of Dubai

    OpenAIRE

    Efthymiopoulos, Marios-Panagiotis

    2016-01-01

    The city of Dubai emerges as a leading partner in not only technology innovation but also designed infrastructure and strategic security. There is a strategy, which will globally add the city and leadership to the leading smart cities of the world. Considering current and future challenges, the strategic aim is to "smart" wire the city of Dubai by 2020. Dubai is a city of strategic technology, innovation and management. It is a global, vibrant and emerging economy among others, that can becom...

  4. Cyber Security: Big Data Think II Working Group Meeting

    Science.gov (United States)

    Hinke, Thomas; Shaw, Derek

    2015-01-01

    This presentation focuses on approaches that could be used by a data computation center to identify attacks and ensure malicious code and backdoors are identified if planted in system. The goal is to identify actionable security information from the mountain of data that flows into and out of an organization. The approaches are applicable to big data computational center and some must also use big data techniques to extract the actionable security information from the mountain of data that flows into and out of a data computational center. The briefing covers the detection of malicious delivery sites and techniques for reducing the mountain of data so that intrusion detection information can be useful, and not hidden in a plethora of false alerts. It also looks at the identification of possible unauthorized data exfiltration.

  5. Good Things in Small Packages: Micro Worlds and Cyber Security

    Energy Technology Data Exchange (ETDEWEB)

    David I Gertman

    2013-11-01

    Cyber events, as perpetrated by terrorists and nation states, have become commonplace as evidenced in national and international news media. Cyber attacks affect day-to-day activities of end users through exploitation of social networks, businesses such as banking and stock exchanges, and government entities including Departments of Defense. They are becoming more frequent and sophisticated. Currently, efforts are directed to understanding the methods employed by attackers and towards dissecting the planning and activities of the perpetrator, including review of psychosocial factors.

  6. Cyber security and data collection approaches for smartphone sensor systems

    Science.gov (United States)

    Turner, Hamilton; White, Jules

    2012-06-01

    In recent years the ubiquity and resources provided by smartphone devices have encouraged scientists to explore using these devices as remote sensing nodes. In addition, the United States Department of Defense has stated a mission of increasing persistent intelligence, surveillance, and reconnaissance capabilities or U.S. units. This paper presents a method of enabling large-scale, long-term smartphone-powered data collection. Key solutions discussed include the ability to directly allow domain experts to define and refine smartphone applications for data collection, technical advancements that allow rapid dissemination of a smartphone data collection application, and an algorithm for preserving the locational privacy of participating users.

  7. Mitigating Cyber Security Risk in Satellite Ground Systems

    Science.gov (United States)

    2015-04-01

    research data for various US space platforms. Additionally, from 2003- 2006 a massive Chinese network infiltration campaign dubbed “ TITAN RAIN” by law...access operations. 17 The most dangerous method for a space system’s exploitation comes through the use of an “air gap” tool , bridging the

  8. Cyber security challenges in Smart Cities: Safety, security and privacy

    Directory of Open Access Journals (Sweden)

    Adel S. Elmaghraby

    2014-07-01

    Full Text Available The world is experiencing an evolution of Smart Cities. These emerge from innovations in information technology that, while they create new economic and social opportunities, pose challenges to our security and expectations of privacy. Humans are already interconnected via smart phones and gadgets. Smart energy meters, security devices and smart appliances are being used in many cities. Homes, cars, public venues and other social systems are now on their path to the full connectivity known as the “Internet of Things.” Standards are evolving for all of these potentially connected systems. They will lead to unprecedented improvements in the quality of life. To benefit from them, city infrastructures and services are changing with new interconnected systems for monitoring, control and automation. Intelligent transportation, public and private, will access a web of interconnected data from GPS location to weather and traffic updates. Integrated systems will aid public safety, emergency responders and in disaster recovery. We examine two important and entangled challenges: security and privacy. Security includes illegal access to information and attacks causing physical disruptions in service availability. As digital citizens are more and more instrumented with data available about their location and activities, privacy seems to disappear. Privacy protecting systems that gather data and trigger emergency response when needed are technological challenges that go hand-in-hand with the continuous security challenges. Their implementation is essential for a Smart City in which we would wish to live. We also present a model representing the interactions between person, servers and things. Those are the major element in the Smart City and their interactions are what we need to protect.

  9. Cyber security awareness initiatives in South Africa: a synergy approach

    CSIR Research Space (South Africa)

    Dlamini, Z

    2012-03-01

    Full Text Available crime and attacks and threatens the national security. As a result, South Africa remains one of top three countries that are targeted by phishing attacks, the other two are the US and the UK (RSA, 2011). As a response, various entities engage in cyber...

  10. Getting ahead of the threat: Aviation and cyber security

    National Research Council Canada - National Science Library

    Emilio Iasiello

    2013-01-01

    ... to identify and mitigate the physical threat to aviation. Many significant accomplishments have resulted from this effort, including the creation of the Transportation Security Administration to oversee US public transportation...

  11. Performance Analysis of Cyber Security Awareness Delivery Methods

    Science.gov (United States)

    Abawajy, Jemal; Kim, Tai-Hoon

    In order to decrease information security threats caused by human-related vulnerabilities, an increased concentration on information security awareness and training is necessary. There are numerous information security awareness training delivery methods. The purpose of this study was to determine what delivery method is most successful in providing security awareness training. We conducted security awareness training using various delivery methods such as text based, game based and a short video presentation with the aim of determining user preference delivery methods. Our study suggests that a combined delvery methods are better than individual secrity awareness delivery method.

  12. The process matters: cyber security in industrial control systems

    NARCIS (Netherlands)

    Hadziosmanovic, D.

    2014-01-01

    An industrial control system (ICS) is a computer system that controls industrial processes such as power plants, water and gas distribution, food production, etc. Since cyber-attacks on an ICS may have devastating consequences on human lives and safety in general, the security of ICS is important. I

  13. Cyber Security and Reliability in a Digital Cloud

    Science.gov (United States)

    2013-01-01

    Runs the Mission  Mr. Bret Hartman  RSA  The Intelligent Security  Operations Center and  Advanced Persistent Threats  Mr. Chris C. Kemp  OpenStack  Cloud...Software  OpenStack  Cloud Software  Mr. Pravin Kothari  CipherCloud  Cloud Data Protection  Dr. John C. Mitchell  Stanford University  Innovation in

  14. USCYBERCOM and Cyber Security: Is a Comprehensive Strategy Possible?

    Science.gov (United States)

    2011-05-12

    command and control over its constituent units.26 Two recent articles by COL David Hollis in 2010 and one by Major M. Bodine Birdwell just recently...collection. Research also shows that there is an opposing viewpoint, which questions whether cyber is a true national strategic security risk. Jean ...12 April 2011). 25 Ibid., 2. 26 Keith B. Alexander, “United States Cyber Command,” in, Cyber Defense. 27 Bodine M. Birdwell and Robert

  15. IEC 61850 and IEC 62351 Cyber Security Acceleration Workshop

    Energy Technology Data Exchange (ETDEWEB)

    Clements, Samuel L.; Edgar, Thomas W.; Manz, David O.

    2012-04-01

    The purpose of this workshop was to identify and discuss concerns with the use and adoption of IEC 62351 security standard for IEC 61850 compliant control system products. The industry participants discussed performance, interoperability, adoption, challenges, business cases, and future issues.

  16. Study on Cyber Security and Threat Evaluation in SCADA Systems

    Science.gov (United States)

    2012-03-01

    affecting SCADA systems. This work is intended to enhance the resilience of Canada’s critical infrastructure by providing direction to research and...establish trusted relationships with private sector critical infrastructure SCADA operators; 2. To enable the production of research reports on the...praticiens de la sécurité électronique par la réalisation d’une étude scientifique qui vise à combler les lacunes dans les connaissances sur

  17. Using an ontology as a model for the implementation of the National Cybersecurity Policy Framework for South Africa

    CSIR Research Space (South Africa)

    Jansen van Vuuren, JC

    2014-03-01

    Full Text Available Many developing countries are particularly vulnerable to cyber security threats due to an enormous growth in Internet connectivity rates over the past decade. The South African government approved a draft version of its National Cybersecurity Policy...

  18. Research required for the effective implementation of the framework convention on tobacco control, articles 9 and 10.

    Science.gov (United States)

    Gray, Nigel; Borland, Ron

    2013-04-01

    This paper is part of a series of articles intended to set out the research questions that are relevant to the successful implementation of the various provisions of the Framework Convention on Tobacco Control (FCTC). This paper focuses on issues affecting Articles 9 and 10 of the FCTC. This paper focuses on the research that is most important for most countries, rather than on what is desirable in countries with high levels of research capacity. Articles 9 and 10 of the FCTC address the regulation of contents and emissions of tobacco products and regulation of tobacco product disclosure. Such regulation will be essential if the long-term objective of reducing the danger of tobacco products is to be achieved. There are many components of tobacco and tobacco smoke that are excessively toxic and dangerous to the user. Many of these components are carcinogenic and addictive and can be removed or reduced substantially with current known technology. The fact that these components remain in tobacco and tobacco smoke at levels that are unnecessarily dangerous is precisely the reason why the successful implementation of Articles 9 and 10 of the FCTC is important to tobacco control. This paper discusses the scientific challenges involved in successfully implementing Articles 9 and 10 of the FCTC, which focuses on regulating carcinogens and toxins in tobacco and tobacco smoke, the abuse liability of tobacco products, and the additives and engineering features in tobacco products that make tobacco products appealing to future consumers. The research issues we focus on are those required to support the early stages of regulation. As regulation proceeds, new and more sophisticated research questions will undoubtedly emerge.

  19. Trust Management Considerations For the Cooperative Infrastructure Defense Framework: Trust Relationships, Evidence, and Decisions

    Energy Technology Data Exchange (ETDEWEB)

    Maiden, Wendy M.

    2009-12-01

    Cooperative Infrastructure Defense (CID) is a hierarchical, agent-based, adaptive, cyber-security framework designed to collaboratively protect multiple enclaves or organizations participating in a complex infrastructure. CID employs a swarm of lightweight, mobile agents called Sensors designed to roam hosts throughout a security enclave to find indications of anomalies and report them to host-based Sentinels. The Sensors’ findings become pieces of a larger puzzle, which the Sentinel puts together to determine the problem and respond per policy as given by the enclave-level Sergeant agent. Horizontally across multiple enclaves and vertically within each enclave, authentication and access control technologies are necessary but insufficient authorization mechanisms to ensure that CID agents continue to fulfill their roles in a trustworthy manner. Trust management fills the gap, providing mechanisms to detect malicious agents and offering more robust mechanisms for authorization. This paper identifies the trust relationships throughout the CID hierarchy, the types of trust evidence that could be gathered, and the actions that the CID system could take if an entity is determined to be untrustworthy.

  20. Requirements for an Integrated UAS CNS Architecture

    Science.gov (United States)

    Templin, Fred; Jain, Raj; Sheffield, Greg; Taboso, Pedro; Ponchak, Denise

    2017-01-01

    The National Aeronautics and Space Administration (NASA) Glenn Research Center (GRC) is investigating revolutionary and advanced universal, reliable, always available, cyber secure and affordable Communication, Navigation, Surveillance (CNS) options for all altitudes of UAS operations. In Spring 2015, NASA issued a Call for Proposals under NASA Research Announcements (NRA) NNH15ZEA001N, Amendment 7 Subtopic 2.4. Boeing was selected to conduct a study with the objective to determine the most promising candidate technologies for Unmanned Air Systems (UAS) air-to-air and air-to-ground data exchange and analyze their suitability in a post-NextGen NAS environment. The overall objectives are to develop UAS CNS requirements and then develop architectures that satisfy the requirements for UAS in both controlled and uncontrolled air space. This contract is funded under NASAs Aeronautics Research Mission Directorates (ARMD) Aviation Operations and Safety Program (AOSP) Safe Autonomous Systems Operations (SASO) project and proposes technologies for the Unmanned Air Systems Traffic Management (UTM) service. Communications, Navigation and Surveillance (CNS) requirements must be developed in order to establish a CNS architecture supporting Unmanned Air Systems integration in the National Air Space (UAS in the NAS). These requirements must address cybersecurity, future communications, satellite-based navigation APNT, and scalable surveillance and situational awareness. CNS integration, consolidation and miniaturization requirements are also important to support the explosive growth in small UAS deployment. Air Traffic Management (ATM) must also be accommodated to support critical Command and Control (C2) for Air Traffic Controllers (ATC). This document therefore presents UAS CNS requirements that will guide the architecture.

  1. Information System Requirement Change Measurement Framework under the Direction of CMMI%CMMI指导下的信息系统需求变更度量框架

    Institute of Scientific and Technical Information of China (English)

    李萍; 许晓兵

    2011-01-01

    有效的需求变更管理有助于提高信息系统的开发质量。度量是管理的基础,将度量方法引入需求变更管理,并基于CMMI提出了信息系统的需求变更度量框架,从而指导信息系统开发中的需求变更管理和控制。%Effective requirement change management will help improve the quality of the information system development.Measurement is the foundation of management.This paper introduces measurement method into requirement change management and presents an information system requirement change measurement framework based on CMMI to guide the requirement change management and control in the process of information system development.

  2. A cognitive engineering framework for the specification of information requirements in medical imaging: application in image-guided neurosurgery.

    Science.gov (United States)

    Morineau, T; Morandi, X; Le Moëllic, N; Jannin, P

    2013-03-01

    This study proposes a framework coming from cognitive engineering, which makes it possible to define what information content has to be displayed or emphasised from medical imaging, for assisting clinicians according to their level of expertise in the domain. We designed a rating scale to assess visualisation systems in image-guided neurosurgery with respect to the depiction of the neurosurgical work domain. This rating scale was based on a neurosurgical work domain analysis. This scale has been used to evaluate visualisation modes among neurosurgeons, residents and engineers. We asked five neurosurgeons, ten medical residents and ten engineers to rate two visualisation modes from the same data (2D MR image vs. 3D computerised image). With this method, the amount of abstract and concrete work domain information displayed by each visualisation mode can be measured. A global difference in quantities of perceived information between both images was observed. Surgeons and medical residents perceived significantly more information than engineers for both images. Unlike surgeons, however, the amount of information perceived by residents and engineers significantly decreased as information abstraction increased. We demonstrated the possibility of measuring the amount of work domain information displayed by different visualisation modes of medical imaging according to different user profiles. Engineers in charge of the design of medical image-guided surgical systems did not perceive the same set of information as surgeons or even medical residents. This framework can constitute a user-oriented approach to evaluate the amount of perceived information from image-guided surgical systems and support their design from a cognitive engineering point of view.

  3. SPAWAR Strategic Plan Execution Year 2017

    Science.gov (United States)

    2017-01-11

    demand • Established initial framework for building cyber secure systems: 18 information assurance standards signed, the remainder are scheduled for...assess our progress and adjust as required to provide secure , affordable and unparalleled cyber capabilities in and through a dynamic cyber ...NCDOC and units are able to achieve secure site mode by OFRP integrated/advanced phase (sustain) • Cyber risk assessment reports are shown to be

  4. A Mobile Location-Based Situated Learning Framework for Supporting Critical Thinking--A Requirements Analysis Study

    Science.gov (United States)

    Alnuaim, Abeer; Caleb-Solly, Praminda; Perry, Christine

    2012-01-01

    This paper presents the requirements work carried out as part of developing an intervention to improve students' critical thinking skills using location-based mobile learning. The research emerged from seeking to identify ways of getting Interaction Design students into real world environments, similar to those in which they will eventually be…

  5. Requirements for future control room and visualization features in the Web-of-Cells framework defined in the ELECTRA project

    DEFF Research Database (Denmark)

    Tornelli, Carlo; Zuelli, Roberto; Marinelli, Mattia

    2017-01-01

    This paper outlines an overview of the general requirements for the control rooms of the future power systems (2030+). The roles and activities in the future control centres will evolve with respect to the switching, dispatching and restoration functions currently active. The control centre...... operators will supervise on the power system and intervene - when necessary - thanks to the maturation and wide scale deployment of flexible controls. For the identification of control room requirements, general trends in power system evolution are considered and mainly the outcomes of the ELECTRA IRP...... project, that proposes a new Web-of-Cell (WoC) power system control architecture. Dedicated visualization features are proposed, aimed to support the control room operators activities in a WoC oriented approach. Furthermore, the work takes into account the point of view of network operators about future...

  6. Assessing the relationship between urban form and travel requirements: a literature review and conceptual framework. Research report

    Energy Technology Data Exchange (ETDEWEB)

    Clark, J.W.

    1975-08-01

    An interest in the development of long-range policy for energy conservation motivates the investigation into the relationship between urban form and transportation energy consumption. Previous studies which have attempted, either directly or indirectly, to cast some light on this relationship are reviewed. A thesis of the paper is that study of the relationship has been hampered by a lack of an operational definition for the concept of urban form. Addressing itself to this need, it is proposed that urban spatial structure be measured in terms of size, shape, and activity distribution of the urbanized area. The review of literature classifies previous studies according to the aspect of urban form which was investigated. Travel requirements appear to increase as urban area population increases, but beyond this finding, no clear relationship between urban form and total urban travel requirements has yet been established in the literature.

  7. A mobile location-based situated learning framework for supporting critical thinking – A requirements analysis study

    OpenAIRE

    Alnuaim, A.; Caleb-Solly, P.; Perry, C

    2012-01-01

    This paper presents the requirements work carried out as part of developing an intervention to improve\\ud students’ critical thinking skills using location-based mobile learning. The research emerged from seeking to\\ud identify ways of getting Interaction Design students into real world environments, similar to those in which\\ud they will eventually be designing, maximising their ability to identify opportunities for innovation.\\ud The first stage in designing the system is to conduct a compr...

  8. Deception used for Cyber Defense of Control Systems

    Energy Technology Data Exchange (ETDEWEB)

    Wayne F. Boyer; Miles A. McQueen

    2009-05-01

    Control system cyber security defense mechanisms may employ deception to make it more difficult for attackers to plan and execute successful attacks. These deceptive defense mechanisms are organized and initially explored according to a specific deception taxonomy and the seven abstract dimensions of security previously proposed as a framework for the cyber security of control systems.

  9. 75 FR 23755 - Combined Notice of Filings #1

    Science.gov (United States)

    2010-05-04

    ... Reliability Standard CIP- 001--Cyber Security--Sabotage Reporting, Requirement R2. Filed Date: 04/21/2010... Standard ] CIP-005-2, Cyber Security, Electronic Security Perimeter(s), Section 4.2.2 and Requirement R1.3... that the Commission received the following electric securities filings: Docket Numbers:...

  10. A Formal Requirements Processes Description Framework Based on Social Computing%基于社会计算的需求过程形式描述框架

    Institute of Scientific and Technical Information of China (English)

    张国生

    2013-01-01

    The software system is regarded as an organization or society in the requirements engineering processes. It is described,analyzed and modeled by ideology and abstract concept of histology and sociology. The theories and methods of social science are adopted in the requirements processes. The software system is decomposed of actors,roles,environment and organization. The key factors of system,in-cluding actors,roles,interactions,rules,goals and environment are decomposed of hierarchical subsystems from up to down based on the hierarchical organizational structure. The key factors of subsystems are mapped into concrete requirements activities. The functions of sub-systems are completed by the concrete requirements activities and tasks. Meanwhile,all subsystems and the concrete requirements tasks are aggregated as a global system organizational structure,and construct the whole system functions. It presents a new natural modeling meth-od and formal description framework for requirements engineering processes.%在需求工程过程中,引入组织学和社会学的思想和抽象概念,将软件系统视为一个组织或者社会,对软件系统进行描述、分析、建模。在需求过程中引入社会科学的理论、方法,将系统分解为成员、角色、环境、组织,用层次化的组织结构对系统的关键要素:成员、角色、交互、规则、目标、环境自上而下分解为层次子系统,将子系统关键要素映射为需求过程中具体的需求活动,用具体的需求活动及需求任务实现子系统功能,同时,对子系统及具体的需求任务进行聚集,得到系统全局组织结构,实现软件系统整体功能,为需求工程过程提出一种新的、自然的建模方法和形式描述框架。

  11. A Modeling Framework to Support Resilient Evolution Planning of Smart Grids

    NARCIS (Netherlands)

    Zoppi, Tomasso; Bessler, Sanford; Ceccarelli, Andrea; Lambert, Edward; Tseng Lau, Eng; Vasenev, Alexandr

    2017-01-01

    Cyber security is becoming more and more relevant with the advent of large-scale systems made of independent and autonomous constituent systems that interoperate to achieve complex goals. To ensure security of cyber-physical systems, it is important to analyze identified threats and their possible

  12. Detecting Human Hydrologic Alteration from Diversion Hydropower Requires Universal Flow Prediction Tools: A Proposed Framework for Flow Prediction in Poorly-gauged, Regulated Rivers

    Science.gov (United States)

    Kibler, K. M.; Alipour, M.

    2016-12-01

    Achieving the universal energy access Sustainable Development Goal will require great investment in renewable energy infrastructure in the developing world. Much growth in the renewable sector will come from new hydropower projects, including small and diversion hydropower in remote and mountainous regions. Yet, human impacts to hydrological systems from diversion hydropower are poorly described. Diversion hydropower is often implemented in ungauged rivers, thus detection of impact requires flow analysis tools suited to prediction in poorly-gauged and human-altered catchments. We conduct a comprehensive analysis of hydrologic alteration in 32 rivers developed with diversion hydropower in southwestern China. As flow data are sparse, we devise an approach for estimating streamflow during pre- and post-development periods, drawing upon a decade of research into prediction in ungauged basins. We apply a rainfall-runoff model, parameterized and forced exclusively with global-scale data, in hydrologically-similar gauged and ungauged catchments. Uncertain "soft" data are incorporated through fuzzy numbers and confidence-based weighting, and a multi-criteria objective function is applied to evaluate model performance. Testing indicates that the proposed framework returns superior performance (NSE = 0.77) as compared to models parameterized by rote calibration (NSE = 0.62). Confident that the models are providing `the right answer for the right reasons', our analysis of hydrologic alteration based on simulated flows indicates statistically significant hydrologic effects of diversion hydropower across many rivers. Mean annual flows, 7-day minimum and 7-day maximum flows decreased. Frequency and duration of flow exceeding Q25 decreased while duration of flows sustained below the Q75 increased substantially. Hydrograph rise and fall rates and flow constancy increased. The proposed methodology may be applied to improve diversion hydropower design in data-limited regions.

  13. A Probabilistic Framework for Quantifying Mixed Uncertainties in Cyber Attacker Payoffs

    Energy Technology Data Exchange (ETDEWEB)

    Chatterjee, Samrat; Tipireddy, Ramakrishna; Oster, Matthew R.; Halappanavar, Mahantesh

    2015-12-28

    Quantification and propagation of uncertainties in cyber attacker payoffs is a key aspect within multiplayer, stochastic security games. These payoffs may represent penalties or rewards associated with player actions and are subject to various sources of uncertainty, including: (1) cyber-system state, (2) attacker type, (3) choice of player actions, and (4) cyber-system state transitions over time. Past research has primarily focused on representing defender beliefs about attacker payoffs as point utility estimates. More recently, within the physical security domain, attacker payoff uncertainties have been represented as Uniform and Gaussian probability distributions, and mathematical intervals. For cyber-systems, probability distributions may help address statistical (aleatory) uncertainties where the defender may assume inherent variability or randomness in the factors contributing to the attacker payoffs. However, systematic (epistemic) uncertainties may exist, where the defender may not have sufficient knowledge or there is insufficient information about the attacker’s payoff generation mechanism. Such epistemic uncertainties are more suitably represented as generalizations of probability boxes. This paper explores the mathematical treatment of such mixed payoff uncertainties. A conditional probabilistic reasoning approach is adopted to organize the dependencies between a cyber-system’s state, attacker type, player actions, and state transitions. This also enables the application of probabilistic theories to propagate various uncertainties in the attacker payoffs. An example implementation of this probabilistic framework and resulting attacker payoff distributions are discussed. A goal of this paper is also to highlight this uncertainty quantification problem space to the cyber security research community and encourage further advancements in this area.

  14. Towards Resilient Critical Infrastructures: Application of Type-2 Fuzzy Logic in Embedded Network Security Cyber Sensor

    Energy Technology Data Exchange (ETDEWEB)

    Ondrej Linda; Todd Vollmer; Jim Alves-Foss; Milos Manic

    2011-08-01

    Resiliency and cyber security of modern critical infrastructures is becoming increasingly important with the growing number of threats in the cyber-environment. This paper proposes an extension to a previously developed fuzzy logic based anomaly detection network security cyber sensor via incorporating Type-2 Fuzzy Logic (T2 FL). In general, fuzzy logic provides a framework for system modeling in linguistic form capable of coping with imprecise and vague meanings of words. T2 FL is an extension of Type-1 FL which proved to be successful in modeling and minimizing the effects of various kinds of dynamic uncertainties. In this paper, T2 FL provides a basis for robust anomaly detection and cyber security state awareness. In addition, the proposed algorithm was specifically developed to comply with the constrained computational requirements of low-cost embedded network security cyber sensors. The performance of the system was evaluated on a set of network data recorded from an experimental cyber-security test-bed.

  15. Cyber Risk Management for Critical Infrastructure: A Risk Analysis Model and Three Case Studies.

    Science.gov (United States)

    Paté-Cornell, M-Elisabeth; Kuypers, Marshall; Smith, Matthew; Keller, Philip

    2017-07-05

    Managing cyber security in an organization involves allocating the protection budget across a spectrum of possible options. This requires assessing the benefits and the costs of these options. The risk analyses presented here are statistical when relevant data are available, and system-based for high-consequence events that have not happened yet. This article presents, first, a general probabilistic risk analysis framework for cyber security in an organization to be specified. It then describes three examples of forward-looking analyses motivated by recent cyber attacks. The first one is the statistical analysis of an actual database, extended at the upper end of the loss distribution by a Bayesian analysis of possible, high-consequence attack scenarios that may happen in the future. The second is a systems analysis of cyber risks for a smart, connected electric grid, showing that there is an optimal level of connectivity. The third is an analysis of sequential decisions to upgrade the software of an existing cyber security system or to adopt a new one to stay ahead of adversaries trying to find their way in. The results are distributions of losses to cyber attacks, with and without some considered countermeasures in support of risk management decisions based both on past data and anticipated incidents. © 2017 Society for Risk Analysis.

  16. Ethical principles and legal requirements for pediatric research in the EU: an analysis of the European normative and legal framework surrounding pediatric clinical trials.

    Science.gov (United States)

    Pinxten, Wim; Dierickx, Kris; Nys, Herman

    2009-10-01

    The involvement of minors in clinical research is inevitable to catch up with the lack of drugs labeled for pediatric use. To encourage the responsible conduct of pediatric clinical trials in the EU, an extensive legal framework has been developed over the past decade in which the practical, ethical, legal, social, and commercial issues in pediatric research are addressed. In this article, the European legal framework surrounding pediatric clinical trials is analyzed from the perspective of the major ethical concerns in pediatric research. The four principles of biomedical ethics will be used as a conceptual framework (1) to map the ethical issues addressed in the European legal framework, (2) to study how these issues are commonly handled in competent adults, (3) to detect workability problems of these paradigmatic approaches in the specific setting of pediatric research, and (4) to illustrate the strong urge to differentiate, specify, or adjust these paradigmatic approaches to guarantee their successful operation in pediatric research. In addition, a concise comparative analysis of the European regulation will be made. To conclude our analysis, we integrate our findings in the existing ethical discussions on issues specific to pediatric clinical research.

  17. A Requirements-Based Exploration of Open-Source Software Development Projects--Towards a Natural Language Processing Software Analysis Framework

    Science.gov (United States)

    Vlas, Radu Eduard

    2012-01-01

    Open source projects do have requirements; they are, however, mostly informal, text descriptions found in requests, forums, and other correspondence. Understanding such requirements provides insight into the nature of open source projects. Unfortunately, manual analysis of natural language requirements is time-consuming, and for large projects,…

  18. A Requirements-Based Exploration of Open-Source Software Development Projects--Towards a Natural Language Processing Software Analysis Framework

    Science.gov (United States)

    Vlas, Radu Eduard

    2012-01-01

    Open source projects do have requirements; they are, however, mostly informal, text descriptions found in requests, forums, and other correspondence. Understanding such requirements provides insight into the nature of open source projects. Unfortunately, manual analysis of natural language requirements is time-consuming, and for large projects,…

  19. Strengthening health disaster risk management in Africa: multi-sectoral and people-centred approaches are required in the post-Hyogo Framework of Action era.

    Science.gov (United States)

    Olu, Olushayo; Usman, Abdulmumini; Manga, Lucien; Anyangwe, Stella; Kalambay, Kalula; Nsenga, Ngoy; Woldetsadik, Solomon; Hampton, Craig; Nguessan, Francois; Benson, Angela

    2016-08-02

    In November 2012, the 62nd session of the Regional Committee for Africa adopted a comprehensive 10-year regional strategy for health disaster risk management (DRM). This was intended to operationalize the World Health Organization's core commitments to health DRM and the Hyogo Framework for Action 2005-2015 in the health sectors of the 47 African member states. This study reported the formative evaluation of the strategy, including evaluation of the progress in achieving nine targets (expected to be achieved incrementally by 2014, 2017, and 2022). We proposed recommendations for accelerating the strategy's implementation within the Sendai Framework for Disaster Risk Reduction. This study used a mixed methods design. A cross-sectional quantitative survey was conducted along with a review of available reports and information on the implementation of the strategy. A review meeting to discuss and finalize the study findings was also conducted. In total, 58 % of the countries assessed had established DRM coordination units within their Ministry of Health (MOH). Most had dedicated MOH DRM staff (88 %) and national-level DRM committees (71 %). Only 14 (58 %) of the countries had health DRM subcommittees using a multi-sectoral disaster risk reduction platform. Less than 40 % had conducted surveys such as disaster risk analysis, hospital safety index, and mapping of health resources availability. Key challenges in implementing the strategy were inadequate political will and commitment resulting in poor funding for health DRM, weak health systems, and a dearth of scientific evidence on mainstreaming DRM and disaster risk reduction in longer-term health system development programs. Implementation of the strategy was behind anticipated targets despite some positive outcomes, such as an increase in the number of countries with health DRM incorporated in their national health legislation, MOH DRM units, and functional health sub-committees within national DRM committees

  20. The Body of Knowledge & Content Framework. Identifying the Important Knowledge Required for Productive Performance of a Plastics Machine Operator. Blow Molding, Extrusion, Injection Molding, Thermoforming.

    Science.gov (United States)

    Society of the Plastics Industry, Inc., Washington, DC.

    Designed to guide training and curriculum development to prepare machine operators for the national certification exam, this publication identifies the important knowledge required for productive performance by a plastics machine operator. Introductory material discusses the rationale for a national standard, uses of the Body of Knowledge,…

  1. Federal Plan for Cyber Security and Information Assurance Research and Development

    Data.gov (United States)

    Networking and Information Technology Research and Development, Executive Office of the President — Powerful personal computers, high-bandwidth and wireless networking technologies, and the widespread use of the Internet have transformed stand-alone computing...

  2. Mixed-Initiative Cyber Security: Putting humans in the right loop

    Energy Technology Data Exchange (ETDEWEB)

    Haack, Jereme N.; Fink, Glenn A.; Maiden, Wendy M.; McKinnon, Archibald D.; Fulp, Errin W.

    2009-05-11

    In recent years, organizations and their computer infrastructures have grown intertwined in complex relationships through mergers, acquisitions, reorganizations, and cooperative service delivery. Defensive actions and policy changes by one organization may have far-reaching negative consequences on its partner organizations. Human-only or machine-only approaches are insufficient. The former are slow but highly adaptable, while the latter are fast but highly specialized. In either case, humans retain the ultimate responsibility for the actions of their automated systems. Deploying automated defenses does not absolve humans of their inherent responsibility. We believe the solution lies in mixed-initiative defense unifying the complementary qualities of both human- and machine-based approaches. We describe the Cooperative Infrastructure Defense (CID), a new cyber-defense paradigm employing complex-adaptive swarm intelligence, logical rational agents, and human insight to enable collaborative cyber defense among cooperating organizations in an infrastructure setting. CID takes a mixed-initiative approach to infrastructure defense where teams of humans and software agents defend cooperating organizations in tandem, sharing insights and solutions without violating proprietary boundaries. CID will help create security policy via dialogue between humans and agents, foster a collaborative problem-solving environment, and increase human situational awareness and influence through visualization and shared control. CID will provide a foundation for building trust between humans and agents within and between organizations.

  3. Cyber Security and Habeas Data: The Latin American response to information security and data protection

    Directory of Open Access Journals (Sweden)

    Luisa Parraguez Kobek

    2016-11-01

    Full Text Available Habeas Data is not a commonly known concept, yet it is widely acknowledged in certain circles that deal with information security and data protection. Though it has been around for decades, it has recently gained momentum in Latin America. It is the legal notion that protects any and all information pertaining to the individual, from personal to financial, giving them the power to decide how and where such data can be used. At the same time, most Latin American countries have created laws that protect individuals if their  information is misused. This article examines the concept of Habeas Data from its inception to its current applications, and explains the different approaches and legislations passed in Latin American countries on data protection due to the rise of global cybercrime.

  4. Cyber Security and Habeas Data: The Latin American response to information security and data protection

    OpenAIRE

    Luisa Parraguez Kobek; Erick Caldera

    2016-01-01

    Habeas Data is not a commonly known concept, yet it is widely acknowledged in certain circles that deal with information security and data protection. Though it has been around for decades, it has recently gained momentum in Latin America. It is the legal notion that protects any and all information pertaining to the individual, from personal to financial, giving them the power to decide how and where such data can be used. At the same time, most Latin American countries have created laws tha...

  5. Programmable Logic Controllers for Research on the Cyber Security of Industrial Power Plants

    Science.gov (United States)

    2017-02-12

    any commercial carriers for shipment of the Goods. WESCO will use its reasonable efforts to comply with Buyer’s requests as to method and route of...transportation , but WESCO reserves the righ t to use an alternate method or route of transportatk>n. whether or not at a higher rate. C. Unless... flood , earthqltake, pestilence or similar catastrophe; war, act of terrorism, or strike: lack or failure of transportat ion faci lities , shortage

  6. Securing Cyberspace: Approaches to Developing an Effective Cyber-Security Strategy

    Science.gov (United States)

    2011-05-15

    attackers, cyber-criminals or even teenage hackers. Protecting cyberspace is a national security priority. President Obama’s National Security...and communications, and with robust security to protect the digital infrastructure that powers critical national functions. The NSS articulates the...such as interruptions to commerce, creation of opportunities for crime, public outcry and reduced investment. For example, cyber-attacks to the power

  7. Evaluation of Cyber Security and Modelling of Risk Propagation with Petri Nets

    Directory of Open Access Journals (Sweden)

    Marcin Szpyrka

    2017-02-01

    Full Text Available This article presents a new method of risk propagation among associated elements. On thebasis of coloured Petri nets, a new class called propagation nets is defined. This class providesa formal model of a risk propagation. The proposed method allows for model relations betweennodes forming the network structure. Additionally, it takes into account the bidirectional relationsbetween components as well as relations between isomorphic, symmetrical components in variousbranches of the network. This method is agnostic in terms of use in various systems and it canbe adapted to the propagation model of any systems’ characteristics; however, it is intentionallyproposed to assess the risk of critical infrastructures. In this paper, as a proof of concept example, weshow the formal model of risk propagation proposed within the project Cyberspace Security ThreatsEvaluation System of the Republic of Poland. In the article, the idea of the method is presented aswell as its use case for evaluation of risk for cyber threats. With the adaptation of Petri nets, it ispossible to evaluate the risk for the particular node and assess the impact of this risk for all relatednodes including hierarchic relations of components as well as isomorphism of elements.

  8. Mean-Field-Game Model for Botnet Defense in Cyber-Security

    Energy Technology Data Exchange (ETDEWEB)

    Kolokoltsov, V. N., E-mail: v.kolokoltsov@warwick.ac.uk [University of Warwick, Department of Statistics (United Kingdom); Bensoussan, A. [The University of Texas at Dallas, School of Management (United States)

    2016-12-15

    We initiate the analysis of the response of computer owners to various offers of defence systems against a cyber-hacker (for instance, a botnet attack), as a stochastic game of a large number of interacting agents. We introduce a simple mean-field game that models their behavior. It takes into account both the random process of the propagation of the infection (controlled by the botner herder) and the decision making process of customers. Its stationary version turns out to be exactly solvable (but not at all trivial) under an additional natural assumption that the execution time of the decisions of the customers (say, switch on or out the defence system) is much faster that the infection rates.

  9. Cyber-Security Concerns Mount as Student Hacking Hits Schools: Districts Straining to Safeguard Online Networks

    Science.gov (United States)

    Borja, Rhea R.

    2006-01-01

    While schools rightly fear break-ins to their computer systems by professional criminals, students are increasingly giving educators almost as much to worry about. Reports of students' gaining access to school networks to change grades, delete teachers' files, or steal data are becoming more common, experts say, and many districts remain highly…

  10. Interdependent Risk and Cyber Security: An Analysis of Security Investment and Cyber Insurance

    Science.gov (United States)

    Shim, Woohyun

    2010-01-01

    An increasing number of firms rely on highly interconnected information networks. In such environments, defense against cyber attacks is complicated by residual risks caused by the interdependence of information security decisions of firms. IT security is affected not only by a firm's own management strategies but also by those of others. This…

  11. Infotech. Cyber security. Health care learns to share scares and solutions.

    Science.gov (United States)

    Colias, Mike

    2004-05-01

    Health care information technology leaders and others are coming together to share scary experiences and develop best practices to guard against crippling computer viruses, scheming hackers and other cyber threats.

  12. Cyber Security of Tomorrow%从RSA2011看明日安全

    Institute of Scientific and Technical Information of China (English)

    赵粮

    2011-01-01

    @@ 前言 2010年不寻常.2010年是"十二五"的规划年.这一年,云计算风起云涌,成为政府、工业界、学术界共同追逐的技术,也成就了IT行业的"百花齐放".云计算成为最热门词汇的同时,云安全也随之而来,备受瞩目,成为信息安全领域的焦点.

  13. Cyber Security Vulnerabilities During Long Term Evolution Power-Saving Discontinuous Reception Protocol

    Science.gov (United States)

    2014-06-01

    packet-switched architecture used in third generation ( 3G ) cellular technologies instead of the circuit-switched architecture used in second generation...EVOLUTION NETWORK ARCHITECTURE .....................................................................5 1. Radio Protocol Architecture ...31 1. Security Architecture .........................................................................31 2. Access Stratum Security

  14. Strengthening US DoD Cyber Security with the Vulnerability Market

    Science.gov (United States)

    2013-06-01

    December of 2005, an individual, under the handle “fearwall”, opened an online English vulnerability auction to sell a Microsoft backdoor ...Solutions offered an incremental reward for researchers able to break RSA developed encryption keys [35]. Additionally, since 2007 the CanSecWest...e.g. source-code, system configuration, encryption algorithms) to a group of uncleared researchers, the government must pay for the IP rights. This

  15. The DETER Project: Advancing the Science of Cyber Security Experimentation and Test

    Science.gov (United States)

    2010-11-10

    OF: a. REPORT b. ABSTRACT c. THIS PAGE 17. LIMITATION OF ABSTRACT 18. NUMBER OF PAGES 19a. NAME OF RESPONSIBLE PERSON...such use. DETER is currently setting up a Moodle [5] server, slated to be made public in Fall 2010, that will host educational content and facilitate...worst-case evaluation may misleadingly trigger limitations of the testbed infrastructure, masking the behavior of the actual scenario under test. b

  16. National security governance exemplified by South Africa's cyber security policy implementation

    CSIR Research Space (South Africa)

    Burmeister, OK

    2014-06-01

    Full Text Available There exists a paucity of research on ethical considerations in cyberdefence policies that can provide nation states guidance in mitigating the risks of a cyber attack to their national interests and to preparing for a cyber offence in response...

  17. Interdependent Risk and Cyber Security: An Analysis of Security Investment and Cyber Insurance

    Science.gov (United States)

    Shim, Woohyun

    2010-01-01

    An increasing number of firms rely on highly interconnected information networks. In such environments, defense against cyber attacks is complicated by residual risks caused by the interdependence of information security decisions of firms. IT security is affected not only by a firm's own management strategies but also by those of others. This…

  18. Good governance and virtue in South Africa's cyber security policy implementation

    CSIR Research Space (South Africa)

    Burmeister, O

    2015-01-01

    Full Text Available Good governance from an ethical perspective in cyberdefence policy has been seen in terms of duty and consequentialism. Yet the negotiated view of virtue ethics can also address how nation states mitigate the risks of a cyber attack...

  19. Cyber-Security Concerns Mount as Student Hacking Hits Schools: Districts Straining to Safeguard Online Networks

    Science.gov (United States)

    Borja, Rhea R.

    2006-01-01

    While schools rightly fear break-ins to their computer systems by professional criminals, students are increasingly giving educators almost as much to worry about. Reports of students' gaining access to school networks to change grades, delete teachers' files, or steal data are becoming more common, experts say, and many districts remain highly…

  20. Addressing the Cyber-security and Cyber-terrorism Threats [video

    OpenAIRE

    Robi Sen; Center for Homeland Defense and Security Naval Postgraduate School

    2015-01-01

    While cyber terrorism is a relatively new threat in the world of national defense, the security issues we face are not necessarily new as a genre. In this segment, Chief Science Officer Robi Sen draws on the changing attitudes towards the cyber world. Topics include cooperation between law enforcement and hackers, the major motivations behind criminal hacking, and the realistic threats of cyber terrorism.

  1. Sharing Cyber Security Information : Good Practice Stemming from the Dutch Public-Private-Participation Approach

    NARCIS (Netherlands)

    Luiijf, H.A.M.; Kernkamp, A.C.

    2015-01-01

    The failure of a national critical infrastructure may seriously impact the health and well-being of citizens, the economy, the environment, and the functioning of the government. Moreover, critical infrastructures increasingly depend on information and communication technologies (ICT) or, in short,

  2. Sharing Cyber Security Information : Good Practice Stemming from the Dutch Public-Private-Participation Approach

    NARCIS (Netherlands)

    Luiijf, H.A.M.; Kernkamp, A.C.

    2015-01-01

    The failure of a national critical infrastructure may seriously impact the health and well-being of citizens, the economy, the environment, and the functioning of the government. Moreover, critical infrastructures increasingly depend on information and communication technologies (ICT) or, in short,

  3. Cyber-Security Holism: A System of Solutions for a Distributed Problem

    Science.gov (United States)

    2013-04-25

    Company, 1890), The Project Guttenberg eBook , 28. 13 Mahan, The Influence of Sea Power Upon History, 27. 14 Michael N. Schmitt, “’Attack’ as a Term...The Project Guttenberg eBook . Maurer, Tim. “Breaking Bad: How America’s Biggest Corporation Became Cyber Vigilantes.” Foreign Policy Magazine, 10

  4. Summary of The 3rd Control System Cyber-Security (CS)2/HEP Workshop

    CERN Document Server

    Lüders, S

    2011-01-01

    Over the last decade modern accelerator and experiment control systems have increasingly been based on commercial-off-the-shelf products (VME crates, programmable logic controllers (PLCs), supervisory control and data acquisition (SCADA) systems, etc.), on Windows or Linux PCs, and on communication infrastructures using Ethernet and TCP/IP. Despite the benefits coming with this (r)evolution, new vulnerabilities are inherited, too: Worms and viruses spread within seconds via the Ethernet cable, and attackers are becoming interested in control systems. The Stuxnet worm of 2010 against a particular Siemens PLC is a unique example for a sophisticated attack against control systems [1]. Unfortunately, control PCs cannot be patched as fast as office PCs. Even worse, vulnerability scans at CERN using standard IT tools have shown that commercial automation systems lack fundamental security precautions: Some systems crashed during the scan, others could easily be stopped or their process data being ...

  5. Summary of the Control System Cyber-Security (CS)2/HEP Workshop

    CERN Document Server

    Lüders, S

    2007-01-01

    Over the last few years modern accelerator and experiment control systems have increasingly been based on commercial-off-the-shelf products (VME crates, PLCs, SCADA systems, etc.), on Windows or Linux PCs, and on communication infrastructures using Ethernet and TCP/IP. Despite the benefits coming with this (r)evolution, new vulnerabilities are inherited, too: Worms and viruses spread within seconds via the Ethernet cable, and attackers are becoming interested in control systems. Unfortunately, control PCs cannot be patched as fast as office PCs. Even worse, vulnerability scans at CERN using standard IT tools have shown that commercial automation systems lack fundamental security precautions: Some systems crashed during the scan, others could easily be stopped or their process data be altered. The (CS)2/HEP workshop held the weekend before ICALEPCS2007 was intended to present, share, and discuss countermeasures deployed in HEP laboratories in order to secure control systems. This presentation will give a summa...

  6. Quantifying Availability in SCADA Environments Using the Cyber Security Metric MFC

    Energy Technology Data Exchange (ETDEWEB)

    Aissa, Anis Ben [Université de Tunis El Manar, Tunisia; Rabai, Latifa Ben Arfa [Université de Tunis, Tunisia; Abercrombie, Robert K [ORNL; Sheldon, Frederick T [ORNL; Mili, Ali [New Jersey Insitute of Technology

    2014-01-01

    Supervisory Control and Data Acquisition (SCADA) systems are distributed networks dispersed over large geographic areas that aim to monitor and control industrial processes from remote areas and/or a centralized location. They are used in the management of critical infrastructures such as electric power generation, transmission and distribution, water and sewage, manufacturing/industrial manufacturing as well as oil and gas production. The availability of SCADA systems is tantamount to assuring safety, security and profitability. SCADA systems are the backbone of the national cyber-physical critical infrastructure. Herein, we explore the definition and quantification of an econometric measure of availability, as it applies to SCADA systems; our metric is a specialization of the generic measure of mean failure cost.

  7. A Framework for Better Understanding and Enhancing Direct Contact Membrane Distillation (DCMD) in Terms of Module Design, Cost Analysis and Energy Required

    KAUST Repository

    AbuHannoud, Ali

    2011-07-01

    Water is becoming scarcer and several authors have highlighted the upcoming problem of higher water salinity and the difficulty of treating and discharging water. Moreover, current discoveries of problems with chemicals that have been used for pretreating or post-treating water alerted scientists to research better solutions to treat water. Membrane distillation (MD) is a promising technology that might replace current processes as it has lower pretreatment requirements combined with a tremendous ability to treat a wide range of feed sources while producing very high product quality. If it enters the market, it will have a big influence on all products, from food industry to spaceflight. However, there are several problems which make MD a hot topic for research. One of them is the question about the real cost of MD in terms of heating feed and cooling distillate over time with respect to product quantity and quality. In this work, extensive heating and cooling analyses are covered to answer this question in order to enhance the MD process. Results show energy cost to produce water and the main source of energy loss for direct contact membrane distillation (DCMD), and several suggestions are made in order to better understand and hence enhance the process.

  8. A kinetic framework for tRNA ligase and enforcement of a 2'-phosphate requirement for ligation highlights the design logic of an RNA repair machine.

    Science.gov (United States)

    Remus, Barbara S; Shuman, Stewart

    2013-05-01

    tRNA ligases are essential components of informational and stress-response pathways entailing repair of RNA breaks with 2',3'-cyclic phosphate and 5'-OH ends. Plant and fungal tRNA ligases comprise three catalytic domains. Phosphodiesterase and kinase modules heal the broken ends to generate the 3'-OH, 2'-PO₄, and 5'-PO₄ required for sealing by the ligase. We exploit RNA substrates with different termini to define rates of individual steps or subsets of steps along the repair pathway of plant ligase AtRNL. The results highlight rate-limiting transactions, how repair is affected by active-site mutations, and how mutations are bypassed by RNA alterations. We gain insights to 2'-PO₄ specificity by showing that AtRNL is deficient in transferring AMP to pRNAOH to form AppRNAOH but proficient at sealing pre-adenylylated AppRNAOH. This strategy for discriminating 2'-PO₄ versus 2'-OH ends provides a quality-control checkpoint to ensure that only purposeful RNA breaks are sealed and to avoid nonspecific "capping" of 5'-PO₄ ends.

  9. ZEND FRAMEWORK

    Directory of Open Access Journals (Sweden)

    Lupasc Adrian

    2013-12-01

    Full Text Available In this paper we present Zend Architecture, which is an open source technology for developing web applications and services, based on object-oriented components, and the Model-View-Controller architectural pattern, also known as MVC, which is the fundament of this architecture. The MVC presentation emphasises its main characteristics, such as facilitating the components reuse by dividing the application into distinct interconnected modules, tasks distribution in the process of developing an application, the MVC life cycle and also the essential features of the components in which it separates the application: model, view, controller. The controller coordinates the models and views and it’s responsible with manipulating the user events through the corresponding actions. The model contains application rules, respectively the scripts that implement the database manipulation. The third component, the view represents the controllers interface with the user or the way it displays the response to the event triggered by the user. Another aspect treated in this paper consists in highlighting the Zend architecture advantages and disadvantages. Among the framework advantages, we can enumerate good code organization, due to its delimitation into three sections, presentation, logic and data access, and dividing the code into components, which facilitates the code reuse and testing. Other advantages are the open-source license and the support for multiple database systems. The main disadvantages are represented by its size and complexity, that makes it hard to understand for a beginner programmer, the resources it needs etc. The last section of the paper presents a comparison between Zend and other PHP architectures, like Symphony, CakePHP and CodeIgniter, which includes their essential features and points out their similarities and differences, based on the unique functions that set them apart from others. The main thing that distinguishes ZF from the

  10. Robustness - theoretical framework

    DEFF Research Database (Denmark)

    Sørensen, John Dalsgaard; Rizzuto, Enrico; Faber, Michael H.

    2010-01-01

    More frequent use of advanced types of structures with limited redundancy and serious consequences in case of failure combined with increased requirements to efficiency in design and execution followed by increased risk of human errors has made the need of requirements to robustness of new struct...... of this fact sheet is to describe a theoretical and risk based framework to form the basis for quantification of robustness and for pre-normative guidelines....

  11. Robustness - theoretical framework

    DEFF Research Database (Denmark)

    Sørensen, John Dalsgaard; Rizzuto, Enrico; Faber, Michael H.

    2010-01-01

    More frequent use of advanced types of structures with limited redundancy and serious consequences in case of failure combined with increased requirements to efficiency in design and execution followed by increased risk of human errors has made the need of requirements to robustness of new struct...... of this fact sheet is to describe a theoretical and risk based framework to form the basis for quantification of robustness and for pre-normative guidelines....

  12. Method for the use of epiphytic diatoms in lakes following the requirements of the Water Framework Directive; Metodo de muestreo de diatomeas epifitas en lagunas para la aplicacion de la Directiva Marco del Agua

    Energy Technology Data Exchange (ETDEWEB)

    Blanco Lanza, S.; Becares Mantecon, E.

    2006-07-01

    We propose a sampling method for the use of epiphytic diatoms as water quality indicators in lakes. This methodology will help in the assessment of ecological status in these aquatic systems following the requirements of the Water Framework Directive. The method is based on the use of Kornijow's samplers for the collection of epiphyton growing on helophytes. Preliminary results show the efficacy of this method for the evaluation of water quality. The application of this simple methodology will allow the use of epiphytic diatoms as biological indicators in a wide range of lacustrine environments, creating reproducible results in the long time and based on a common protocol easily applicable. (Author) 47 refs.

  13. Deriving Framework Usages Based on Behavioral Models

    Science.gov (United States)

    Zenmyo, Teruyoshi; Kobayashi, Takashi; Saeki, Motoshi

    One of the critical issue in framework-based software development is a huge introduction cost caused by technical gap between developers and users of frameworks. This paper proposes a technique for deriving framework usages to implement a given requirements specification. By using the derived usages, the users can use the frameworks without understanding the framework in detail. Requirements specifications which describe definite behavioral requirements cannot be related to frameworks in as-is since the frameworks do not have definite control structure so that the users can customize them to suit given requirements specifications. To cope with this issue, a new technique based on satisfiability problems (SAT) is employed to derive the control structures of the framework model. In the proposed technique, requirements specifications and frameworks are modeled based on Labeled Transition Systems (LTSs) with branch conditions represented by predicates. Truth assignments of the branch conditions in the framework models are not given initially for representing the customizable control structure. The derivation of truth assignments of the branch conditions is regarded as the SAT by assuming relations between termination states of the requirements specification model and ones of the framework model. This derivation technique is incorporated into a technique we have proposed previously for relating actions of requirements specifications to ones of frameworks. Furthermore, this paper discuss a case study of typical use cases in e-commerce systems.

  14. Multinational Experiment 7. Outcome 3 - Cyber Domain. Objective 3.3: Concept Framework Version 3.0

    Science.gov (United States)

    2012-10-03

    planning constructs), and across the interdependent domains that comprise the global commons (Maritime, Air, Space, and Cyberspace) (see Figure 1). In...universally accepted definition of terrorism and cyber terrorism but only sectorial treaties on terrorism upon which member States of United Nations have...response collaboration across Europe. The next European exercise has been planned for 2012. In the meanwhile has been held the first EU-US cyber security

  15. A Model for Rearchitecting Frameworks

    Directory of Open Access Journals (Sweden)

    Galal H. Galal-Edeen

    2009-07-01

    Full Text Available Software rearchitecting is the process of obtaining a documented architecture for an existing system. There are many software rearchitecting frameworks which are based upon different concepts and context-related issues for a specific application or programming language, such as Rigi, Ciao, SPOOL, and Symphony, and Software Rearchitecting Action Framework (SRAF. Most of the frameworks focus on the reverse engineering process of source code. They neglect the role of stakeholders in enhancing and developing their systems. This paper presents a systematic analysis and comparative study for rearchitecting frameworks using generic architecture characteristics or elements. Based on the major requirements that should be available in the rearchitecting frameworks, the comparative study proceeds. An efficient model is proposed based on the trends that resulted from the comparative analysis. It considers the evaluation criteria of the compared frameworks. Conclusions and remarks are highlighted.

  16. A framework for autonomy

    Science.gov (United States)

    Hildebrant, Richard

    2006-10-01

    The development of autonomous planning and control system software often results in a custom design concept and software specific to a particular control application. This paper describes a software framework for orchestrating the planning and execution of autonomous activities of an unmanned vehicle, or a group of cooperating vehicles, that can apply to a wide range of autonomy applications. The framework supports an arbitrary span of autonomous capability, ranging from simple low level tasking, requiring much human intervention, to higher level mission-oriented tasking, requiring much less. The approach integrates the four basic functions of all intelligent devises or agents (plan development, plan monitoring, plan diagnosing, and plan execution), with the mathematical discipline of hierarchical planning and control. The result is a domain-independent software framework, to which domain-dependent modules for planning, monitoring, and diagnosing are easily added. This framework for autonomy, combined with the requisite logic for vehicle control, can then be deployed to realize the desired level of autonomous vehicle operation.

  17. V&V framework

    Energy Technology Data Exchange (ETDEWEB)

    Hills, Richard G. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Maniaci, David Charles [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Naughton, Jonathan W. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

    2015-09-01

    A Verification and Validation (V&V) framework is presented for the development and execution of coordinated modeling and experimental program s to assess the predictive capability of computational models of complex systems through focused, well structured, and formal processes.The elements of the framework are based on established V&V methodology developed by various organizations including the Department of Energy, National Aeronautics and Space Administration, the American Institute of Aeronautics and Astronautics, and the American Society of Mechanical Engineers. Four main topics are addressed: 1) Program planning based on expert elicitation of the modeling physics requirements, 2) experimental design for model assessment, 3) uncertainty quantification for experimental observations and computational model simulations, and 4) assessment of the model predictive capability. The audience for this document includes program planners, modelers, experimentalist, V &V specialist, and customers of the modeling results.

  18. Sci-Vis Framework

    Energy Technology Data Exchange (ETDEWEB)

    2015-03-11

    SVF is a full featured OpenGL 3d framework that allows for rapid creation of complex visualizations. The SVF framework handles much of the lifecycle and complex tasks required for a 3d visualization. Unlike a game framework SVF was designed to use fewer resources, work well in a windowed environment, and only render when necessary. The scene also takes advantage of multiple threads to free up the UI thread as much as possible. Shapes (actors) in the scene are created by adding or removing functionality (through support objects) during runtime. This allows a highly flexible and dynamic means of creating highly complex actors without the code complexity (it also helps overcome the lack of multiple inheritance in Java.) All classes are highly customizable and there are abstract classes which are intended to be subclassed to allow a developer to create more complex and highly performant actors. There are multiple demos included in the framework to help the developer get started and shows off nearly all of the functionality. Some simple shapes (actors) are already created for you such as text, bordered text, radial text, text area, complex paths, NURBS paths, cube, disk, grid, plane, geometric shapes, and volumetric area. It also comes with various camera types for viewing that can be dragged, zoomed, and rotated. Picking or selecting items in the scene can be accomplished in various ways depending on your needs (raycasting or color picking.) The framework currently has functionality for tooltips, animation, actor pools, color gradients, 2d physics, text, 1d/2d/3d textures, children, blending, clipping planes, view frustum culling, custom shaders, and custom actor states

  19. Theoretical Framework for Robustness Evaluation

    DEFF Research Database (Denmark)

    Sørensen, John Dalsgaard

    2011-01-01

    This paper presents a theoretical framework for evaluation of robustness of structural systems, incl. bridges and buildings. Typically modern structural design codes require that ‘the consequence of damages to structures should not be disproportional to the causes of the damages’. However, although...... the importance of robustness for structural design is widely recognized the code requirements are not specified in detail, which makes the practical use difficult. This paper describes a theoretical and risk based framework to form the basis for quantification of robustness and for pre-normative guidelines...

  20. Generalized Software Security Framework

    Directory of Open Access Journals (Sweden)

    Smriti Jain

    2011-01-01

    Full Text Available Security of information has become a major concern in today's digitized world. As a result, effective techniques to secure information are required. The most effective way is to incorporate security in the development process itself thereby resulting into secured product. In this paper, we propose a framework that enables security to be included in the software development process. The framework consists of three layers namely; control layer, aspect layer and development layer. The control layer illustrates the managerial control of the entire software development process with the help of governance whereas aspect layer recognizes the security mechanisms that can be incorporated during the software development to identify the various security features. The development layer helps to integrate the various security aspects as well as the controls identified in the above layers during the development process. The layers are further verified by a survey amongst the IT professionals. The professionals concluded that the developed framework is easy to use due to its layered architecture and, can be customized for various types of softwares.

  1. Computer-Aided Modeling Framework

    DEFF Research Database (Denmark)

    Fedorova, Marina; Sin, Gürkan; Gani, Rafiqul

    with them. As the required models may be complex and require multiple time and/or length scales, their development and application for product-process design is not trivial. Therefore, a systematic modeling framework can contribute by significantly reducing the time and resources needed for model...... development and application. The proposed work is a part of the project for development of methods and tools that will allow systematic generation, analysis and solution of models for various objectives. It will use the computer-aided modeling framework that is based on a modeling methodology, which combines....... In this contribution, the concept of template-based modeling is presented and application is highlighted for the specific case of catalytic membrane fixed bed models. The modeling template is integrated in a generic computer-aided modeling framework. Furthermore, modeling templates enable the idea of model reuse...

  2. The Framework of Quality Measurement

    Directory of Open Access Journals (Sweden)

    Grzegorz Grela

    2015-06-01

    Full Text Available The paper describes general determinants of quality measurement. There are discussed four assumptions that have been formulated to develop the framework of quality measurement. The assumptions are: (1 quality is the degree to which a set of inherent characteristics fulfils requirements, (2 requirements and inherent characteristics create finite sets, (3 requirements may have both different importance and different values depending on who formulates them, and (4 requirements do not have to be constant in time. The article contains the framework of quality measurement based on above four assumptions. There are proposed notation on the quality measurement on booth synthetic and the analytical level. It also contains examples of selected distance metrics in m-dimensional space as well as examples of selected aggregate functions that may be used in quality measurement on synthetic level.

  3. The IceProd Framework

    DEFF Research Database (Denmark)

    Aartsen, M.G.; Abbasi, R.; Ackermann, M.

    2015-01-01

    IceCube is a one-gigaton instrument located at the geographic South Pole, designed to detect cosmic neutrinos, iden- tify the particle nature of dark matter, and study high-energy neutrinos themselves. Simulation of the IceCube detector and processing of data require a significant amount of compu...... the details of job submission and job management from the framework....

  4. Theoretical Framework for Robustness Evaluation

    DEFF Research Database (Denmark)

    Sørensen, John Dalsgaard

    2011-01-01

    This paper presents a theoretical framework for evaluation of robustness of structural systems, incl. bridges and buildings. Typically modern structural design codes require that ‘the consequence of damages to structures should not be disproportional to the causes of the damages’. However, althou...

  5. An Analysis Method of Business Application Framework

    Institute of Scientific and Technical Information of China (English)

    2001-01-01

    We discuss the evolution of object-oriented software developmentpr o cess based on software pattern. For developing mature software fra mework and component, we advocate to elicit and incorporate software patterns fo r ensuing quality and reusability of software frameworks. On the analysis base o f requirement specification for business application domain, we present analysis method and basic role model of software framework. We also elicit analysis patt ern of framework architecture, and design basic role classes and their structure .

  6. Design of a cyber security awareness campaign for internet Cafés users in rural areas

    CSIR Research Space (South Africa)

    Labuschagne, WA

    2011-05-01

    Full Text Available Africa may have the lowest number of Internet users in the world, but it also has the highest growth rate and the number of users is steadily growing. A majority of the African population is still excluded from global cyber networks and thus have...

  7. Transforming CyberSecurity R&D within the Department of Energy: Getting Ahead of The Threat

    Energy Technology Data Exchange (ETDEWEB)

    Frincke, Deborah A.; Catlett, Charlie; Siebenlist, Frank; Strelitz, Richard; Talbot, Ed; Worley, Brian

    2008-01-01

    This report outlines a preliminary response from DOE researchers to the following three questions: a) what are the key priorities w.r.t. cybersecurity R&D over the next decade? b) what would we recommend, in terms of a program, to address those priorities c) how would a DOE Office of Science program in this area complement other cybersecurity R&D initiatives such as NSF's or other agency programs?

  8. Analysis of operations and cyber security policies for a system of cooperating Flexible Alternating Current Transmission System (FACTS) devices.

    Energy Technology Data Exchange (ETDEWEB)

    Phillips, Laurence R.; Tejani, Bankim; Margulies, Jonathan; Hills, Jason L.; Richardson, Bryan T.; Baca, Micheal J.; Weiland, Laura

    2005-12-01

    Flexible Alternating Current Transmission Systems (FACTS) devices are installed on electric power transmission lines to stabilize and regulate power flow. Power lines protected by FACTS devices can increase power flow and better respond to contingencies. The University of Missouri Rolla (UMR) is currently working on a multi-year project to examine the potential use of multiple FACTS devices distributed over a large power system region in a cooperative arrangement in which the FACTS devices work together to optimize and stabilize the regional power system. The report describes operational and security challenges that need to be addressed to employ FACTS devices in this way and recommends references, processes, technologies, and policies to address these challenges.

  9. Cyber Security at the District Level: Are You Ready to Prevent Unlawful, Unauthorized or Simply Misguided Use of Your Technology?

    Science.gov (United States)

    Lafee, Scott

    2005-01-01

    In an era of digital technologies, school districts find themselves on a cutting edge, one that slices both ways. Technological tools like the Internet, e-mail, networked computers and such have revolutionized the way children are taught and schools are run, but they also have created new management challenges and ethical issues that many school…

  10. The application of top-down abstraction learning using prediction as a supervisory signal to cyber security

    Science.gov (United States)

    Mugan, Jonathan; Khalili, Aram E.

    2014-05-01

    Current computer systems are dumb automatons, and their blind execution of instructions makes them open to attack. Their inability to reason means that they don't consider the larger, constantly changing context outside their immediate inputs. Their nearsightedness is particularly dangerous because, in our complex systems, it is difficult to prevent all exploitable situations. Additionally, the lack of autonomous oversight of our systems means they are unable to fight through attacks. Keeping adversaries completely out of systems may be an unreasonable expectation, and our systems need to adapt to attacks and other disruptions to achieve their objectives. What is needed is an autonomous controller within the computer system that can sense the state of the system and reason about that state. In this paper, we present Self-Awareness Through Predictive Abstraction Modeling (SATPAM). SATPAM uses prediction to learn abstractions that allow it to recognize the right events at the right level of detail. These abstractions allow SATPAM to break the world into small, relatively independent, pieces that allow employment of existing reasoning methods. SATPAM goes beyond classification-based machine learning and statistical anomaly detection to be able to reason about the system, and SATPAM's knowledge representation and reasoning is more like that of a human. For example, humans intuitively know that the color of a car is not relevant to any mechanical problem, and SATPAM provides a plausible method whereby a machine can acquire such reasoning patterns. In this paper, we present the initial experimental results using SATPAM.

  11. Cyber resilience: a review of critical national infrastructure and cyber security protection measures applied in the UK and USA.

    Science.gov (United States)

    Harrop, Wayne; Matteson, Ashley

    This paper presents cyber resilience as key strand of national security. It establishes the importance of critical national infrastructure protection and the growing vicarious nature of remote, well-planned, and well executed cyber attacks on critical infrastructures. Examples of well-known historical cyber attacks are presented, and the emergence of 'internet of things' as a cyber vulnerability issue yet to be tackled is explored. The paper identifies key steps being undertaken by those responsible for detecting, deterring, and disrupting cyber attacks on critical national infrastructure in the United Kingdom and the USA.

  12. "Cyber安全研发"听证会(上)%Cyber Security Research Exploiture Hearing of Witness Conference (The First Half)

    Institute of Scientific and Technical Information of China (English)

    赵战生; 左晓栋

    2003-01-01

    @@ 一、听证会简况 2003年5月14日,美国众议院科学委员会召开了"Cyber安全研究和开发"听证会,旨在考察2002年的实施情况以及联邦政府在Cyber安全研发中的工作进展.

  13. "Cyber安全研发"听证会(下)%Cyber Security Research Exploiture Hearing of Witness Conference (The Last Half)

    Institute of Scientific and Technical Information of China (English)

    赵战生; 左晓栋

    2003-01-01

    @@ 八、听证会发言要点一国土安全部(Charles McQueary) 很高兴领导国土安全部内的科技署,科技署的一项重要职责在于开发和部署领先的技术,以供国土安全人员有效使用.国土安全部要处理的威胁有很多,包括化学威胁、生物学威胁、核威胁、爆炸物威胁以及Cyber威胁.科技署必须服务于国土安全部的全部职能.

  14. Cyber security: a critical examination of information sharing versus data sensitivity issues for organisations at risk of cyber attack.

    Science.gov (United States)

    Mallinder, Jason; Drabwell, Peter

    Cyber threats are growing and evolving at an unprecedented rate.Consequently, it is becoming vitally important that organisations share information internally and externally before, during and after incidents they encounter so that lessons can be learned, good practice identified and new cyber resilience capabilities developed. Many organisations are reluctant to share such information for fear of divulging sensitive information or because it may be vague or incomplete. This provides organisations with a complex dilemma: how to share information as openly as possibly about cyber incidents, while protecting their confidentiality and focusing on service recovery from such incidents. This paper explores the dilemma of information sharing versus sensitivity and provides a practical overview of considerations every business continuity plan should address to plan effectively for information sharing in the event of a cyber incident.

  15. Closing the Cyber Gap: Integrating Cross-Government Cyber Capabilities to Support the DHS Cyber Security Mission

    Science.gov (United States)

    2014-12-01

    40 John Rollins and Anna Henning , Comprehensive National Cybersecurity Initiative: Legal Authorities and Policy Considerations (CRS Report No...enhance our security posture .107 Pal and Golubchik argue that, if the cost of defensive security measures...defensive technology provides a measure of security that is far from comprehensive. A purely defensive posture allows attackers unlimited time to

  16. 77 FR 27615 - Department of Defense (DoD)-Defense Industrial Base (DIB) Voluntary Cyber Security and...

    Science.gov (United States)

    2012-05-11

    ... threat information retains its operational value--for the benefit of all of the DIB participants... operations (including mission, functions, image, or reputation), organization assets, individuals,...

  17. 78 FR 62430 - Department of Defense (DoD)-Defense Industrial Base (DIB) Voluntary Cyber Security and...

    Science.gov (United States)

    2013-10-22

    ... text on ``Green Cards.'' Response: The recommendation to add ``U.S. citizen'' to the definitions..., numerical, graphic, cartographic, narrative, or audiovisual. (l) Information system means a discrete set of... competitive advantage or disadvantage in DoD source selections or competitions, or to provide any other...

  18. Cyber Security at the District Level: Are You Ready to Prevent Unlawful, Unauthorized or Simply Misguided Use of Your Technology?

    Science.gov (United States)

    Lafee, Scott

    2005-01-01

    In an era of digital technologies, school districts find themselves on a cutting edge, one that slices both ways. Technological tools like the Internet, e-mail, networked computers and such have revolutionized the way children are taught and schools are run, but they also have created new management challenges and ethical issues that many school…

  19. Security Engineering Project - System Aware Cyber Security for an Autonomous Surveillance System On Board an Unmanned Aerial Vehicle

    Science.gov (United States)

    2014-01-31

    verification, accessing the external DDR-3 and the on-chip BRAM as memory for the tests, creating a preliminary TMR design using the on-chip Report... BRAM . In addition, the development work has been extended to include the UART receiving data from the CPU and the Ethernet adapter sending data...testing the use of on-chip BRAMs as memory. We are currently evaluating the ability to send and receive data through the Ethernet adapter, establishing

  20. Interviews within experimental frameworks

    DEFF Research Database (Denmark)

    Reinhard, CarrieLynn D.

    2010-01-01

    -subjects experimental design served as the framework for the study, while in-depth qualitative interviews were employed alongside surveys and audio and video recording as the data collection methods.  Data collection occurred while participants were engaging with the media products, via talk aloud protocols......As virtual worlds become increasingly utilized for purposes of entertainment, information and retail, how people understand, think, feel, act and make decisions about them likewise become important research considerations.  This essay reports on the methodology and methods used to study these sense......-making processes in relatively inexperienced people as they engage with virtual worlds.  In order to understand the sense-making of virtual worlds, a method to record the interpretive process, as well as physical actions, was required.  In order to understand the sense-making processes involved in new experiences...

  1. Framework to Delay Corn Rootworm Resistance

    Science.gov (United States)

    This proposed framework is intended to delay the corn rootworm pest becoming resistant to corn genetically engineered to produce Bt proteins, which kill corn rootworms but do not affect people or wildlife. It includes requirements on Bt corn manufacturers.

  2. Framework for Patient Flow Improvement

    Directory of Open Access Journals (Sweden)

    S.V. Medina-León

    2014-07-01

    Full Text Available There has been much research where the flow of patients was improved, but most of this study is case-specific and only a few papers offer guidelines for patient flow analysis and improvement. In this study a general framework for the analysis and improvement of patient flow is presented, based on a literature review and on experience from a case study in a hospital in Mexico dealing with identifying improvement opportunities that reduced waiting times in the obstetrics/gynecology area of the emergency department. The framework involves an initial analysis using basic tools followed by the selection of a strategy based on system complexity; financial investment required and team participation. The alternative strategies considered were use of advanced analysis tools; use of kaizen events; or direct recommendations. The aim of the framework is to serve as guideline in patient flow improvement projects by helping select the most appropriate improvement path, resulting in project success.

  3. Programming Entity Framework

    CERN Document Server

    Lerman, Julia

    2010-01-01

    Get a thorough introduction to ADO.NET Entity Framework 4 -- Microsoft's core framework for modeling and interacting with data in .NET applications. The second edition of this acclaimed guide provides a hands-on tour of the framework latest version in Visual Studio 2010 and .NET Framework 4. Not only will you learn how to use EF4 in a variety of applications, you'll also gain a deep understanding of its architecture and APIs. Written by Julia Lerman, the leading independent authority on the framework, Programming Entity Framework covers it all -- from the Entity Data Model and Object Service

  4. Extended Global Convergence Framework for Unconstrained Optimization

    Institute of Scientific and Technical Information of China (English)

    (A)rpád B(U)RMEN; Franc BRATKOVI(C); Janez PUHAN; Iztok FAJFAR; Tadej TUMA

    2004-01-01

    An extension of the global convergence framework for unconstrained derivative-free optimization methods is presented. The extension makes it possible for the framework to include optimization methods with varying cardinality of the ordered direction set. Grid-based search methods are shown to be a special case of the more general extended global convergence framework. Furthermore,the required properties of the sequence of ordered direction sets listed in the definition of grid-based methods are re]axed and simplified by removing the requirement of structural equivalence.

  5. Deformations of crystal frameworks

    CERN Document Server

    Borcea, Ciprian S

    2011-01-01

    We apply our deformation theory of periodic bar-and-joint frameworks to tetrahedral crystal structures. The deformation space is investigated in detail for frameworks modelled on quartz, cristobalite and tridymite.

  6. A Framework-Based Environment for Object-Oriented Scientific Codes

    OpenAIRE

    Ballance, Robert A.; Giancola, Anthony J.; George F. Luger; Ross, Timothy J.

    1993-01-01

    Frameworks are reusable object-oriented designs for domain-specific programs. In our estimation, frameworks are the key to productivity and reuse. However, frameworks require increased support from the programming environment. A framework-based environment must include design aides and project browsers that can mediate between the user and the framework. A framework-based approach also places new requirements on conventional tools such as compilers. This article explores the impact of object-...

  7. Programming Entity Framework

    CERN Document Server

    Lerman, Julia

    2009-01-01

    Programming Entity Framework is a thorough introduction to Microsoft's new core framework for modeling and interacting with data in .NET applications. This highly-acclaimed book not only gives experienced developers a hands-on tour of the Entity Framework and explains its use in a variety of applications, it also provides a deep understanding of its architecture and APIs -- knowledge that will be extremely valuable as you shift to the Entity Framework version in .NET Framework 4.0 and Visual Studio 2010. From the Entity Data Model (EDM) and Object Services to EntityClient and the Metadata Work

  8. INDECT Advanced Security Requirements

    CERN Document Server

    Uruena, Manuel; Martinez, Maria; Niemiec, Marcin; Stoianov, Nikolai

    2010-01-01

    This paper reviews the requirements for the security mechanisms that are currently being developed in the framework of the European research project INDECT. An overview of features for integrated technologies such as Virtual Private Networks (VPNs), Cryptographic Algorithms, Quantum Cryptography, Federated ID Management and Secure Mobile Ad-hoc networking are described together with their expected use in INDECT.

  9. Intelligent FPGA Data Acquisition Framework

    Science.gov (United States)

    Bai, Yunpeng; Gaisbauer, Dominic; Huber, Stefan; Konorov, Igor; Levit, Dmytro; Steffen, Dominik; Paul, Stephan

    2017-06-01

    In this paper, we present the field programmable gate arrays (FPGA)-based framework intelligent FPGA data acquisition (IFDAQ), which is used for the development of DAQ systems for detectors in high-energy physics. The framework supports Xilinx FPGA and provides a collection of IP cores written in very high speed integrated circuit hardware description language, which use the common interconnect interface. The IP core library offers functionality required for the development of the full DAQ chain. The library consists of Serializer/Deserializer (SERDES)-based time-to-digital conversion channels, an interface to a multichannel 80-MS/s 10-b analog-digital conversion, data transmission, and synchronization protocol between FPGAs, event builder, and slow control. The functionality is distributed among FPGA modules built in the AMC form factor: front end and data concentrator. This modular design also helps to scale and adapt the DAQ system to the needs of the particular experiment. The first application of the IFDAQ framework is the upgrade of the read-out electronics for the drift chambers and the electromagnetic calorimeters (ECALs) of the COMPASS experiment at CERN. The framework will be presented and discussed in the context of this paper.

  10. Developing a Regional Recovery Framework

    Energy Technology Data Exchange (ETDEWEB)

    Lesperance, Ann M.; Olson, Jarrod; Stein, Steven L.; Clark, Rebecca; Kelly, Heather; Sheline, Jim; Tietje, Grant; Williamson, Mark; Woodcock, Jody

    2011-09-01

    Abstract A biological attack would present an unprecedented challenge for local, state, and federal agencies; the military; the private sector; and individuals on many fronts ranging from vaccination and treatment to prioritization of cleanup actions to waste disposal. To prepare the Seattle region to recover from a biological attack, the Seattle Urban Area Security Initiative (UASI) partners collaborated with military and federal agencies to develop a Regional Recovery Framework for a Biological Attack in the Seattle Urban Area. The goal was to reduce the time and resources required to recover and restore wide urban areas, military installations, and other critical infrastructure following a biological incident by providing a coordinated systems approach. Based on discussions in small workshops, tabletop exercises, and interviews with emergency response agency staff, the partners identified concepts of operation for various areas to address critical issues the region will face as recovery progresses. Key to this recovery is the recovery of the economy. Although the Framework is specific to a catastrophic, wide-area biological attack using anthrax, it was designed to be flexible and scalable so it could also serve as the recovery framework for an all-hazards approach. The Framework also served to coalesce policy questions that must be addressed for long-term recovery. These questions cover such areas as safety and health, security, financial management, waste management, legal issues, and economic development.

  11. Security Metrics in Industrial Control Systems

    CERN Document Server

    Collier, Zachary A; Ganin, Alexander A; Kott, Alex; Linkov, Igor

    2015-01-01

    Risk is the best known and perhaps the best studied example within a much broader class of cyber security metrics. However, risk is not the only possible cyber security metric. Other metrics such as resilience can exist and could be potentially very valuable to defenders of ICS systems. Often, metrics are defined as measurable properties of a system that quantify the degree to which objectives of the system are achieved. Metrics can provide cyber defenders of an ICS with critical insights regarding the system. Metrics are generally acquired by analyzing relevant attributes of that system. In terms of cyber security metrics, ICSs tend to have unique features: in many cases, these systems are older technologies that were designed for functionality rather than security. They are also extremely diverse systems that have different requirements and objectives. Therefore, metrics for ICSs must be tailored to a diverse group of systems with many features and perform many different functions. In this chapter, we first...

  12. 75 FR 20355 - Sunshine Act Meeting; Open Commission Meeting; April 21, 2010

    Science.gov (United States)

    2010-04-19

    ... emergencies. 6 PUBLIC SAFETY & TITLE: Cyber HOMELAND SECURITY. Security Certification Program SUMMARY: The Commission will consider a Notice of Inquiry on whether to establish a voluntary cyber security certification... pending the development of a successor framework. 5 PUBLIC SAFETY & TITLE: Effects on HOMELAND SECURITY...

  13. A Jamming-resilient Algorithm for Self-triggered Network Coordination

    NARCIS (Netherlands)

    Senejohnny, Danial; Tesi, Pietro; Persis, Claudio De

    2016-01-01

    The issue of cyber-security has become ever more prevalent in the analysis and design of cyber-physical systems. In this paper, we investigate self-triggered consensus networks in the presence of communication failures caused by Denialof- Service (DoS) attacks. A general framework is considered in w

  14. Bringing about Organisational Change--A Framework.

    Science.gov (United States)

    Stewart, J. D.

    1989-01-01

    Describes framework for organizational change based on propositions that change must be measurable and observable; organizational change requires individual change; and individual change requires learning and motivation to apply learning. Two models explained: a matrix indicating degrees of acceptance of problem and solution and continuum relating…

  15. Ontario's Quality Assurance Framework: A Critical Response

    Science.gov (United States)

    Heap, James

    2013-01-01

    Ontario's Quality Assurance Framework (QAF) is reviewed and found not to meet all five criteria proposed for a strong quality assurance system focused on student learning. The QAF requires a statement of student learning outcomes and a method and means of assessing those outcomes, but it does not require that data on achievement of intended…

  16. REQUIREMENTS FOR STORAGE AND TRANSPORT OF BIOTECHNOLOGICAL MEDICAL PRODUCTS IN ACCORDANCE WITH THE REGULATORY FRAMEWORK OF MINISTRY OF PUBLIC HEALTH OF UKRAINE AND DETECTION OF VIOLATIONS IN THE MEDICAL AND PHARMACEUTICAL INSTITUTIONS

    Directory of Open Access Journals (Sweden)

    Shukaeva O.

    2015-05-01

    Full Text Available Introduction. The rapid development of the pharmaceutical industry and the expansion of the range of biotech drugs require special conditions to ensure the quality, storage and transport through out the entire chain: manufacturer - distributor - pharmacy - hospital - the patient.We analyzed the current legislative frame work of Ministry of Public Health of Ukraine and conducted a study to identify and analyze of typical violations in the medical and pharmaceutical institutions. The aim of the investigation was to investigate and analyze inspection acts under storage and transport of biological medical products and identify major violations during the performance requirements for storage and transportation of drugs, level of awareness about medical products which are requiring special storage requirement. Methods: systemic, logistical, structural, marketing, regulatory. Results & discussion. According to the data presented in the report «Assessing biosimilar uptake and competition in European markets» of «IMS Health», sales of medical products with biological nature - biological medicinal products and biosymilyars is about 27% of total sales of drugs in the EU. This segment of the pharmaceutical market is characterized by faster growth compared to the pharmaceutical marketas a whole. Thus, in 2012-2013 years sales of biological medical products in the EU countries increased by 5.5% compared to 1.5% increase in total sales of drugs. It is important that in Europe, according to the 2013 preparations, the market share in value terms, with eight to prepare biological products, the term of patent protection that are either already expired or will expireby 2020, and therefore they can be competitors with biosymilars. In creasing the number of medications on the market requires a careful approach of storing and preserving the quality of distribution during throughout the life of the medical products in the chain: manufacturer - distributor

  17. Lemnos Interoperable Security Program

    Energy Technology Data Exchange (ETDEWEB)

    Stewart, John [Tennessee Valley Authority, Knoxville, TN (United States); Halbgewachs, Ron [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Chavez, Adrian [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Smith, Rhett [Schweitzer Engineering Laboratories, Chattanooga, TN (United States); Teumim, David [Teumim Technical, Allentown, PA (United States)

    2012-01-31

    The manner in which the control systems are being designed and operated in the energy sector is undergoing some of the most significant changes in history due to the evolution of technology and the increasing number of interconnections to other system. With these changes however come two significant challenges that the energy sector must face; 1) Cyber security is more important than ever before, and 2) Cyber security is more complicated than ever before. A key requirement in helping utilities and vendors alike in meeting these challenges is interoperability. While interoperability has been present in much of the discussions relating to technology utilized within the energy sector and especially the Smart Grid, it has been absent in the context of cyber security. The Lemnos project addresses these challenges by focusing on the interoperability of devices utilized within utility control systems which support critical cyber security functions. In theory, interoperability is possible with many of the cyber security solutions available to utilities today. The reality is that the effort required to achieve cyber security interoperability is often a barrier for utilities. For example, consider IPSec, a widely-used Internet Protocol to define Virtual Private Networks, or tunnels , to communicate securely through untrusted public and private networks. The IPSec protocol suite has a significant number of configuration options and encryption parameters to choose from, which must be agreed upon and adopted by both parties establishing the tunnel. The exercise in getting software or devices from different vendors to interoperate is labor intensive and requires a significant amount of security expertise by the end user. Scale this effort to a significant number of devices operating over a large geographical area and the challenge becomes so overwhelming that it often leads utilities to pursue solutions from a single vendor. These single vendor solutions may inadvertently lock

  18. The SERENITY Runtime Framework

    Science.gov (United States)

    Crespo, Beatriz Gallego-Nicasio; Piñuela, Ana; Soria-Rodriguez, Pedro; Serrano, Daniel; Maña, Antonio

    The SERENITY Runtime Framework (SRF) provides support for applications at runtime, by managing S&D Solutions and monitoring the systems’ context. The main functionality of the SRF, amongst others, is to provide S&D Solutions, by means of Executable Components, in response to applications security requirements. Runtime environment is defined in SRF through the S&D Library and Context Manager components. S&D Library is a local S&D Artefact repository, and stores S&D Classes, S&D Patterns and S&D Implementations. The Context Manager component is in charge of storing and management of the information used by the SRF to select the most appropriate S&D Pattern for a given scenario. The management of the execution of the Executable Component, as running realizations of the S&D Patterns, including instantiation, de-activation and control, as well as providing communication and monitoring mechanisms, besides the recovery and reconfiguration aspects, complete the list of tasks performed by the SRF.

  19. A PROOF Analysis Framework

    CERN Document Server

    Gonzalez Caballero, Isidro

    2012-01-01

    The analysis of the complex LHC data usually follows a standard path that aims at minimizing not only the amount of data but also the number of observables used. After a number of steps of slimming and skimming the data, the remaining few terabytes of ROOT files hold a selection of the events and a flat structure for the variables needed that can be more easily inspected and traversed in the final stages of the analysis. PROOF arises at this point as an efficient mechanism to distribute the analysis load by taking advantage of all the cores in modern CPUs through PROOF Lite, or by using PROOF Cluster or PROOF on Demand tools to build dynamic PROOF cluster on computing facilities with spare CPUs. However using PROOF at the level required for a serious analysis introduces some difficulties that may scare new adopters. We have developed the PROOF Analysis Framework (PAF) to facilitate the development of new analysis by uniformly exposing the PROOF related configurations across technologies and by taking care of ...

  20. Frameworks in CS1

    DEFF Research Database (Denmark)

    Christensen, Henrik Bærbak; Caspersen, Michael Edelgaard

    2002-01-01

    point for introducing graphical user interface frameworks such as Java Swing and AWT as the students are not overwhelmed by all the details of such frameworks right away but given a conceptual road-map and practical experience that allow them to cope with the complexity.......In this paper we argue that introducing object-oriented frameworks as subject already in the CS1 curriculum is important if we are to train the programmers of tomorrow to become just as much software reusers as software producers. We present a simple, graphical, framework that we have successfully...

  1. A Framework for Heterotic Computing

    Directory of Open Access Journals (Sweden)

    Susan Stepney

    2012-10-01

    Full Text Available Computational devices combining two or more different parts, one controlling the operation of the other, for example, derive their power from the interaction, in addition to the capabilities of the parts. Non-classical computation has tended to consider only single computational models: neural, analog, quantum, chemical, biological, neglecting to account for the contribution from the experimental controls. In this position paper, we propose a framework suitable for analysing combined computational models, from abstract theory to practical programming tools. Focusing on the simplest example of one system controlled by another through a sequence of operations in which only one system is active at a time, the output from one system becomes the input to the other for the next step, and vice versa. We outline the categorical machinery required for handling diverse computational systems in such combinations, with their interactions explicitly accounted for. Drawing on prior work in refinement and retrenchment, we suggest an appropriate framework for developing programming tools from the categorical framework. We place this work in the context of two contrasting concepts of "efficiency": theoretical comparisons to determine the relative computational power do not always reflect the practical comparison of real resources for a finite-sized computational task, especially when the inputs include (approximations of real numbers. Finally we outline the limitations of our simple model, and identify some of the extensions that will be required to treat more complex interacting computational systems.

  2. Requirements of climate protection with regard to the quality of ecosystems: use of synergies between the framework convention of climate change and the convention on biological diversity. Final report

    Energy Technology Data Exchange (ETDEWEB)

    Herold, A.; Eberle, U.; Ploetz, C.; Scholz, S.

    2001-07-01

    The report identifies synergies and conflicts in the implementation of the United Nations Framework Convention on Climate Change (UNFCCC) and the Convention on Biological Diversity (CBD), the Ramsar Convention on the protection of wetlands and the international forest process. Currently discussed options for climate change mitigation under the FCCC include land-use, land-use change and forestry activities, which can have both positive or negative impacts on biodiversity and ecosystems. On the other hand, activities undertaken under the CBD can have an impact on the ability of ecosystems to provide climate-relevant services like carbon sequestration, regulation of N2O and CH4 emissions, water cycling and the energy budget. Synergies between climate change mitigation and biodiversity conservation can be reached in the areas of conservation of old-growth forests and wetlands. Clear conflicts could arise e.g. from the introduction of exotic species for carbon sequestration, the construction of hydroelectric dams or from the implementation of so-called 'hard' adaptation technologies under the Kyoto Protocol. Most mitigation and adaptation activities discussed under the Kyoto Protocol, however, have ambivalent effects on biodiversity and climate-relevant processes that depend largely on the ecosystem type and the management practices chosen. The report discusses instruments such as guidelines, indicators, impact assessments, positive lists or participation of stakeholders that could promote the consistence between climate change mitigation and biodiversity conservation. The report also presents recommendations for improved cooperation between the conventions in the areas of monitoring, reporting, protected areas, financial resources, the financial mechanisms of the conventions and further research needs. (orig.)

  3. Framework for Robustness Assessment of Timber Structures

    DEFF Research Database (Denmark)

    Sørensen, John Dalsgaard

    2011-01-01

    This paper presents a theoretical framework for the design and analysis of robustness of timber structures. This is actualized by a more4 frequent use of advanced types of timber structures with limited redundancy and serious consequences in the case of failure. Combined with increased requirements...... are not specified in detail, which makes the practical use difficult. This paper describes a theoretical and risk based framework to form the basis for quantification of robustness and for pre-normative guidelines....

  4. NEAMS-IPL MOOSE Midyear Framework Activities

    Energy Technology Data Exchange (ETDEWEB)

    Permann, Cody [Idaho National Lab. (INL), Idaho Falls, ID (United States); Alger, Brian [Idaho National Lab. (INL), Idaho Falls, ID (United States); Peterson, John [Idaho National Lab. (INL), Idaho Falls, ID (United States); Slaughter, Andrew [Idaho National Lab. (INL), Idaho Falls, ID (United States); Andrš, David [Idaho National Lab. (INL), Idaho Falls, ID (United States); Martineau, Richard [Idaho National Lab. (INL), Idaho Falls, ID (United States)

    2017-05-09

    The MOOSE Framework is a modular pluggable framework for building complex simulations. The ability to add new objects with custom syntax is a core capability that makes MOOSE a powerful platform for coupling multiple applications together within a single environment. The creation of a new, more standardized JSON syntax output improves the external interfaces for generating graphical components or for validating input file syntax. The design of this interface and the requirements it satisfies are covered in this short report.

  5. A Theoretical Framework for Ecological Interface Design

    DEFF Research Database (Denmark)

    Vicente, Kim J.; Rasmussen, Jens

    1988-01-01

    A theoretical framework for designing interfaces for complex systems is de-scribed. The framework, called ecological interface design (EID), suggests a set of principles for designing interfaces in a way that supports the funda-mental properties of human cognition. The basis of EID is the skills...... of the task require. The EID approach extends the concept of direct manipulation inter-faces by taking into account the added complications introduced by complex systems. In this paper, we describe the development of the framework, its theoretical foundations, and examples of its application to various work...

  6. Designing a Software Test Automation Framework

    Directory of Open Access Journals (Sweden)

    Sabina AMARICAI

    2014-01-01

    Full Text Available Testing is an art and science that should ultimately lead to lower cost businesses through increasing control and reducing risk. Testing specialists should thoroughly understand the system or application from both the technical and the business perspective, and then design, build and implement the minimum-cost, maximum-coverage validation framework. Test Automation is an important ingredient for testing large scale applications. In this paper we discuss several test automation frameworks, their advantages and disadvantages. We also propose a custom automation framework model that is suited for applications with very complex business requirements and numerous interfaces.

  7. Simulation framework for spatio-spectral anomalous change detection

    Energy Technology Data Exchange (ETDEWEB)

    Theiler, James P [Los Alamos National Laboratory; Harvey, Neal R [Los Alamos National Laboratory; Porter, Reid B [Los Alamos National Laboratory; Wohlberg, Brendt E [Los Alamos National Laboratory

    2009-01-01

    The authors describe the development of a simulation framework for anomalous change detection that considers both the spatial and spectral aspects of the imagery. A purely spectral framework has previously been introduced, but the extension to spatio-spectral requires attention to a variety of new issues, and requires more careful modeling of the anomalous changes. Using this extended framework, they evaluate the utility of spatial image processing operators to enhance change detection sensitivity in (simulated) remote sensing imagery.

  8. The SOPHY Framework

    DEFF Research Database (Denmark)

    Laursen, Karl Kaas; Pedersen, Martin Fejrskov; Bendtsen, Jan Dimon;

    The goal of the Sophy framework (Simulation, Observation and Planning in Hybrid Systems) is to implement a multi-level framework for description, simulation, observation, fault detection and recovery, diagnosis and autonomous planning in distributed embedded hybrid systems. A Java-based distributed...

  9. Overlooking the Conceptual Framework

    Science.gov (United States)

    Leshem, Shosh; Trafford, Vernon

    2007-01-01

    The conceptual framework is alluded to in most serious texts on research, described in some and fully explained in few. However, examiners of doctoral theses devote considerable attention to exploring its function within social science doctoral vivas. A literature survey explores how the conceptual framework is itself conceptualised and explained.…

  10. Frameworks in CS1

    DEFF Research Database (Denmark)

    Christensen, Henrik Bærbak; Caspersen, Michael Edelgaard

    2002-01-01

    In this paper we argue that introducing object-oriented frameworks as subject already in the CS1 curriculum is important if we are to train the programmers of tomorrow to become just as much software reusers as software producers. We present a simple, graphical, framework that we have successfully...

  11. Framework and new conceptualisations

    DEFF Research Database (Denmark)

    Søndergaard, Dorte Marie

    This paper introduces the research and new conceptual framework developed by eXbus: Exploring Bullying in Schools from 2007-2012.......This paper introduces the research and new conceptual framework developed by eXbus: Exploring Bullying in Schools from 2007-2012....

  12. Unicam Activity Framework (UAF)

    Science.gov (United States)

    Gagliardi, R.; Mauri, M.; Polzonetti, A.

    2016-01-01

    This presentation illustrates the framework of processing performance of the faculty of the University of Camerino. The evaluation criteria are explained and the technological structure that allows automatic performance assessment available online anywhere and anytime. The designed framework is usually applied to the performance evaluation of…

  13. The Guided System Development Framework

    DEFF Research Database (Denmark)

    Carvalho Quaresma, Jose Nuno; Probst, Christian W.; Nielson, Flemming

    2011-01-01

    The Service-Oriented Computing paradigm has had significant influence on the Internet. With the emergence of this paradigm, it is important to provide tools that help developers designing and verifying such systems. In this article, we present the Guided System Development (GSD) Framework that aids...... and guides the developer on the specification of the system being developed, on choosing the appropriate standard protocols suites that achieve the required security properties, on providing an implementation of the specified system, and also on allowing the verification of its security properties....

  14. Creativity, Requirements and Perspectives

    Directory of Open Access Journals (Sweden)

    Oliver Hoffmann

    2005-11-01

    Full Text Available Is there room for more creativity in information systems? This article grew out of an AWRE’04 panel discussion on creativity in requirements engineering, and the impact of requirements engineering on creativity in systems engineering and systems use. Both panel and article were motivated by the goal of identifying a framework for understanding creativity in a larger context and thus establishing a potential structure for future research. The authors’ research backgrounds differ widely and, at times, our views conflict – occasionally, quite sharply. We make underlying world views - our own and those of relevant disciplines – explicit; identify the paradox caused by the need to be functionally creative while leaving room for creativity in successive stages; and argue for a multi-paradigm framework for resolving this paradox.

  15. Employee flourishing strategic framework

    Directory of Open Access Journals (Sweden)

    Stelzner, Samuel Georg Eric

    2016-11-01

    Full Text Available This paper produces a preliminary version of a strategic framework for managing employee flourishing. ‘Flourishing’, a term from positive psychology, describes the experience of ‘the good life’. Providing this experience benefits employees. It also motivates them to sustain the enterprise that provides it. This positions employee flourishing as a strategy for long-term enterprise performance, a key concern of industrial engineering. The framework incorporates a systems approach and literature from a variety of bodies of knowledge, including organisational behaviour and human resource management. The framework includes a process, tools, and elements that assist enterprises to manage employee flourishing.

  16. Frameworking a collaborative approach to control systems development

    CERN Document Server

    González-Berges, M; Bernard, F

    2005-01-01

    The use of frameworks in software engineering is a common practice to ease the development and maintenance phases. In our terminology, a framework is a set of practices and software components from which a developer can select a subset for his application. Three frameworks are currently in use at CERN for the development of control systems: the JCOP (Joint COntrols Project) Framework, the UNICOS (UNified Industrial COntrol System) Framework and the LHC GCS (Gas Control System) Framework. The three projects originate from different domains, with different requirements and timescales. Still there are many commonalities and considerable effort has been invested in establishing and maintaining a collaboration between the three projects. The paper will talk first about the reasons for a framework based approach. The different Frameworks will then be described, with their domain of applicability, their scope and a short overview of the technical details. Afterwards, the underlying tools will be presented. The relat...

  17. The Joint COntrols Project Framework

    CERN Document Server

    González-Berges, M

    2003-01-01

    The Framework is one of the subprojects of the Joint COntrols Project (JCOP), which is collaboration between the four LHC experiments and CERN. By sharing development, this will reduce the overall effort required to build and maintain the experiment control systems. As such, the main aim of the Framework is to deliver a common set of software components, tools and guidelines that can be used by the four LHC experiments to build their control systems. Although commercial components are used wherever possible, further added value is obtained by customisation for HEP-specific applications. The supervisory layer of the Framework is based on the SCADA tool PVSS, which was selected after a detailed evaluation. This is integrated with the front-end layer via both OPC (OLE for Process Control), an industrial standard, and the CERN-developed DIM (Distributed Information Management System) protocol. Several components are already in production and being used by running fixed-target experiments at CERN as well as for th...

  18. The International Xenotransplantation Association consensus statement on conditions for undertaking clinical trials of porcine islet products in type 1 diabetes--chapter 1: Key ethical requirements and progress toward the definition of an international regulatory framework.

    Science.gov (United States)

    Cozzi, Emanuele; Tallacchini, Mariachiara; Flanagan, Enda B; Pierson, Richard N; Sykes, Megan; Vanderpool, Harold Y

    2009-01-01

    The outstanding results recently obtained in islet xenotransplantation suggest that porcine islet clinical trials may soon be scientifically appropriate. Before the initiation of such clinical studies, however, it is essential that a series of key ethical and regulatory conditions are satisfied. As far as ethics is concerned, the fundamental requirements have been previously reported in a position paper of the Ethics Committee of the International Xenotransplantation Association. These include aspects related to the selection of adequately informed, appropriate recipients; animal breeding and welfare; safety issues and the need for a favorable risk/benefit assessment based on strong efficacy data in relevant xenotransplantation studies in the primate. As most diabetic patients are not at risk of short-term mortality without islet transplantation, only a small subset of patients could currently be considered for any type of islet transplant. However, there are potential advantages to xenotransplantation that could result in a favorable benefit-over-harm determination for islet xenotransplantation in this subpopulation and ultimately in a broader population of diabetic patients. With regard to regulatory aspects, the key concepts underlying the development of the regulatory models in existence in the United States, Europe and New Zealand are discussed. Each of these models provides an example of a well-defined regulatory approach to ensure the initiation of well-regulated and ethically acceptable clinical islet xenotransplantation trials. At this stage, it becomes apparent that only a well-coordinated international effort such as that initiated by the World Health Organization, aimed at harmonizing xenotransplantation procedures according to the highest ethical and regulatory standards on a global scale, will enable the initiation of clinical xenotransplantation trials under the best auspices for its success and minimize any risk of failure.

  19. 76 FR 53156 - Agency Information Collection Activities: Submission for the Office of Management and Budget...

    Science.gov (United States)

    2011-08-25

    ... is required: On occasion, with the exception of the initial submittal of revised Cyber Security Plans, Security Plans, Safeguards Contingency Plans, and Security Training and Qualification Plans. Required... maintain a physical protection system and security organization with capabilities for protection of...

  20. Grid-based Visualization Framework

    Science.gov (United States)

    Thiebaux, M.; Tangmunarunkit, H.; Kesselman, C.

    2003-12-01

    Advances in science and engineering have put high demands on tools for high-performance large-scale visual data exploration and analysis. For example, earthquake scientists can now study earthquake phenomena from first principle physics-based simulations. These simulations can generate large amounts of data, possibly high spatial resolution, and long time series. Single-system visualization software running on commodity machines cannot scale up to the large amounts of data generated by these simulations. To address this problem, we propose a flexible and extensible Grid-based visualization framework for time-critical, interactively controlled visual browsing of spatially and temporally large datasets in a Grid environment. Our framework leverages Grid resources for scalable computation and data storage to maintain performance and interactivity with large visualization jobs. Our framework utilizes Globus Toolkit 2.4 components for security (i.e., GSI), resource allocation and management (i.e., DUROC, GRAM) and communication (i.e., Globus-IO) to couple commodity desktops with remote, scalable storage and computational resources in a Grid for interactive data exploration. There are two major components in this framework---Grid Data Transport (GDT) and the Grid Visualization Utility (GVU). GDT provides libraries for performing parallel data filtering and parallel data exchange among Grid resources. GDT allows arbitrary data filtering to be integrated into the system. It also facilitates multi-tiered pipeline topology construction of compute resources and displays. In addition to scientific visualization applications, GDT can be used to support other applications that require parallel processing and parallel transfer of partial ordered independent files, such as file-set transfer. On top of GDT, we have developed the Grid Visualization Utility (GVU), which is designed to assist visualization dataset management, including file formatting, data transport and automatic

  1. Status report on SHARP coupling framework.

    Energy Technology Data Exchange (ETDEWEB)

    Caceres, A.; Tautges, T. J.; Lottes, J.; Fischer, P.; Rabiti, C.; Smith, M. A.; Siegel, A.; Yang, W. S.; Palmiotti, G.

    2008-05-30

    This report presents the software engineering effort under way at ANL towards a comprehensive integrated computational framework (SHARP) for high fidelity simulations of sodium cooled fast reactors. The primary objective of this framework is to provide accurate and flexible analysis tools to nuclear reactor designers by simulating multiphysics phenomena happening in complex reactor geometries. Ideally, the coupling among different physics modules (such as neutronics, thermal-hydraulics, and structural mechanics) needs to be tight to preserve the accuracy achieved in each module. However, fast reactor cores in steady state mode represent a special case where weak coupling between neutronics and thermal-hydraulics is usually adequate. Our framework design allows for both options. Another requirement for SHARP framework has been to implement various coupling algorithms that are parallel and scalable to large scale since nuclear reactor core simulations are among the most memory and computationally intensive, requiring the use of leadership-class petascale platforms. This report details our progress toward achieving these goals. Specifically, we demonstrate coupling independently developed parallel codes in a manner that does not compromise performance or portability, while minimizing the impact on individual developers. This year, our focus has been on developing a lightweight and loosely coupled framework targeted at UNIC (our neutronics code) and Nek (our thermal hydraulics code). However, the framework design is not limited to just using these two codes.

  2. Conductive open frameworks

    Science.gov (United States)

    Yaghi, Omar M.; Wan, Shun; Doonan, Christian J.; Wang, Bo; Deng, Hexiang

    2016-02-23

    The disclosure relates generally to materials that comprise conductive covalent organic frameworks. The disclosure also relates to materials that are useful to store and separate gas molecules and sensors.

  3. DXC'09 Framework

    Data.gov (United States)

    National Aeronautics and Space Administration — The DXC Framework is a collection of programs and APIs for running and evaluating diagnostic algorithms (DAs). It is complementary to system XML catalogs and...

  4. Software framework for nano- and microscale measurement applications

    Science.gov (United States)

    Röning, Juha; Tuhkanen, Ville; Sipola, Risto; Vallius, Tero

    2011-01-01

    Development of new instruments and measurement methods has advanced research in the field of nanotechnology. Development of measurement systems used in research requires support from reconfigurable software. Application frameworks can be used to develop domain-specific application skeletons. New applications are specialized from the framework by filling its extension points. This paper presents an application framework for nano- and micro-scale applications. The framework consists of implementation of a robotic control architecture and components that implement features available in measurement applications. To ease the development of user interfaces for measurement systems, the framework also contains ready-to-use user interface components. The goal of the framework was to ease the development of new applications for measurement systems. Features of the implemented framework were examined through two test cases. Benefits gained by using the framework were analyzed by determining work needed to specialize new applications from the framework. Also the degree of reusability of specialized applications was examined. The work shows that the developed framework can be used to implement software for measurement systems and that the major part of the software can be implemented by using reusable components of the framework. When developing new software, a developer only needs to develop components related to the hardware used and performing the measurement task. Using the framework developing new software takes less time. The framework also unifies structure of developed software.

  5. Reverse logistics - a framework

    OpenAIRE

    Brito, Marisa; Dekker, Rommert

    2002-01-01

    textabstractIn this paper we define and compare Reverse Logistics definitions. We start by giving an understanding framework of Reverse Logistics: the why-what-how. By this means, we put in context the driving forces for Reverse Logistics, a typology of return reasons, a classification of products, processes and actors. In addition we provide a decision framework for Reverse Logistics and we present it according to long, medium and short term decisions, i.e. strategic-tactic-operational decis...

  6. Employee flourishing strategic framework

    OpenAIRE

    Stelzner, Samuel Georg Eric; Schutte, Corne S. L.

    2016-01-01

    This paper produces a preliminary version of a strategic framework for managing employee flourishing. ‘Flourishing’, a term from positive psychology, describes the experience of ‘the good life’. Providing this experience benefits employees. It also motivates them to sustain the enterprise that provides it. This positions employee flourishing as a strategy for long-term enterprise performance, a key concern of industrial engineering. The framework incorporates a systems approach and literature...

  7. COSO internal control integrated framework 2013

    CERN Document Server

    American Institute of Certified Public Accountants

    2013-01-01

    Issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), the 2013 Internal Control – Integrated Framework(Framework) is expected to help organizations design and implement internal control in light of many changes in business and operating environments since the issuance of the original Framework in 1992. The new Framework retains the core definition of internal control and the five components of internal control, and it continues to emphasize the importance of management judgment in designing, implementing, and conducting a system of internal control, and in assessing its effectiveness. It broadens the application of internal control in addressing operations and reporting objectives, and clarifies the requirements for determining what constitutes effective internal control.

  8. Robust diffusion imaging framework for clinical studies

    CERN Document Server

    Maximov, Ivan I; Neuner, Irene; Shah, N Jon

    2015-01-01

    Clinical diffusion imaging requires short acquisition times and good image quality to permit its use in various medical applications. In turn, these demands require the development of a robust and efficient post-processing framework in order to guarantee useful and reliable results. However, multiple artefacts abound in in vivo measurements; from either subject such as cardiac pulsation, bulk head motion, respiratory motion and involuntary tics and tremor, or imaging hardware related problems, such as table vibrations, etc. These artefacts can severely degrade the resulting images and render diffusion analysis difficult or impossible. In order to overcome these problems, we developed a robust and efficient framework enabling the use of initially corrupted images from a clinical study. At the heart of this framework is an improved least trimmed squares diffusion tensor estimation algorithm that works well with severely degraded datasets with low signal-to-noise ratio. This approach has been compared with other...

  9. Conceptual frameworks in astronomy

    Science.gov (United States)

    Pundak, David

    2016-06-01

    How to evaluate students' astronomy understanding is still an open question. Even though some methods and tools to help students have already been developed, the sources of students' difficulties and misunderstanding in astronomy is still unclear. This paper presents an investigation of the development of conceptual systems in astronomy by 50 engineering students, as a result of learning a general course on astronomy. A special tool called Conceptual Frameworks in Astronomy (CFA) that was initially used in 1989, was adapted to gather data for the present research. In its new version, the tool included 23 questions, and five to six optional answers were given for each question. Each of the answers was characterized by one of the four conceptual astronomical frameworks: pre-scientific, geocentric, heliocentric and sidereal or scientific. The paper describes the development of the tool and discusses its validity and reliability. Using the CFA we were able to identify the conceptual frameworks of the students at the beginning of the course and at its end. CFA enabled us to evaluate the paradigmatic change of students following the course and also the extent of the general improvement in astronomical knowledge. It was found that the measure of the students’ improvement (gain index) was g = 0.37. Approximately 45% of the students in the course improved their understanding of conceptual frameworks in astronomy and 26% deepened their understanding of the heliocentric or sidereal conceptual frameworks.

  10. Linux Incident Response Volatile Data Analysis Framework

    Science.gov (United States)

    McFadden, Matthew

    2013-01-01

    Cyber incident response is an emphasized subject area in cybersecurity in information technology with increased need for the protection of data. Due to ongoing threats, cybersecurity imposes many challenges and requires new investigative response techniques. In this study a Linux Incident Response Framework is designed for collecting volatile data…

  11. The OECD Fish Testing Framework Project

    Science.gov (United States)

    OECD Project 2.30 on a Fish Testing Framework was initiated in mid-2009, with the United States as the lead country. The objectives of the project are to review the regulatory needs and data requirements for fish testing and review the currency of existing OECD Test Guidelines. ...

  12. 50 CFR 648.294 - Framework specifications.

    Science.gov (United States)

    2010-10-01

    ... framework process: (i) Minimum fish size; (ii) Minimum hook size; (iii) Closed seasons; (iv) Closed areas... setting process; (xi) Tilefish FMP Monitoring Committee composition and process; (xii) Description and..., transferability rules, ownership concentration caps, permit and reporting requirements, and fee and...

  13. Linux Incident Response Volatile Data Analysis Framework

    Science.gov (United States)

    McFadden, Matthew

    2013-01-01

    Cyber incident response is an emphasized subject area in cybersecurity in information technology with increased need for the protection of data. Due to ongoing threats, cybersecurity imposes many challenges and requires new investigative response techniques. In this study a Linux Incident Response Framework is designed for collecting volatile data…

  14. A framework for distributed manufacturing applications

    OpenAIRE

    Leitão, Paulo; Restivo, Francisco

    2000-01-01

    The new organisational structures used in world wide manufacturing systems require the development of distributed applications, which present solutions to their requirements. The work research in the distributed manufacturing control leads to emergent paradigms, such as Holonic Manufacturing Systems (HMS) and Bionic Manufacturing Systems (BMS), which translates the concepts from social organisations and biological systems to the manufacturing world. This paper present a Framework for the deve...

  15. CREDIT Performance Indicator Framework

    DEFF Research Database (Denmark)

    Frandsen, Anne Kathrine; Bertelsen, Niels Haldor; Haugbølle, Kim

    2010-01-01

    During the past two years the Nordic Baltic research project CREDIT (Construction and Real Estate – Developing Indicators for Transparency) has worked with the aim to improve transparency of value creation in building and real estate. One of the central deliverables of the CREDIT project...... was a framework of indicators relevant in building and real estate and applicable in the Nordic and Baltic countries as well as a proposal for a set of key indicators. The study resulting in CREDIT Performance Indicator Framework has been based on 28 case studies of evaluation practises in the building and real...... regulations in the countries participating in CREDIT. The Performance Indicator Framework encompassed 187 indicators grouped in 7 main groups of indicators and 42 sub-groups. Based on the CREDIT case studies it was concluded that there neither is link between certain indicators and specific building types...

  16. Cybersecurity:The Road Ahead for Defense Acquisition

    Science.gov (United States)

    2016-06-01

    approach. The DoD acquisition enterprise has an obligation to build systems that in the future will minimize real-time cyber- security crises that cue ...acquisition community and the resources that propel our work is fairly bound by vetted requirements. Just as we have an obligation of trust to deliver

  17. 76 FR 5614 - Applications and Amendments to Facility Operating Licenses Involving Proposed No Significant...

    Science.gov (United States)

    2011-02-01

    ... Plan provides a significant enhancement to cyber security where no requirement existed before. The... and during abnormal operational transients, at least 99.9% of all fuel rods in the core do not... during normal operation and during abnormal operational transients, at least 99.9% of all fuel rods...

  18. The SOPHY framework

    DEFF Research Database (Denmark)

    Laursen, Karl Kaas; Pedersen, M. F.; Bendtsen, Jan Dimon

    2005-01-01

    , hybrid simulator is implemented to demonstrate the virtues of Sophy. The simulator is set up using subsystem models described in human readable XML combined with a composition structure allowing virtual interconnection of subsystems in a simulation scenario. The performance of the simulator has shown......The goal of the Sophy framework (Simulation, Observation and Planning in Hybrid Systems) is to implement a multi-level framework for description, simulation, observation, fault detection and recovery, diagnosis and autonomous planning in distributed embedded hybrid systems. A Java-based distributed...

  19. Requirements of a security framework for the semantic web

    CSIR Research Space (South Africa)

    Mbaya, IR

    2009-02-01

    Full Text Available stream_source_info Mbaya_2009.pdf.txt stream_content_type text/plain stream_size 8 Content-Encoding ISO-8859-1 stream_name Mbaya_2009.pdf.txt Content-Type text/plain; charset=ISO-8859-1 ...

  20. A requirements engineering framework for cross-organizational ERP systems

    NARCIS (Netherlands)

    Daneva, Maia; Wieringa, Roelf J.

    2006-01-01

    The development of cross-organizational enterprise resource planning (ERP) solutions is becoming increasingly critical to the business strategy of many networked companies. The major function of cross-organizational ERP solutions is to coordinate work in two or more organizations. However, how to

  1. A requirements engineering framework for cross-organizational ERP systems

    NARCIS (Netherlands)

    Daneva, M.; Wieringa, R.J.

    2006-01-01

    The development of cross-organizational enterprise resource planning (ERP) solutions is becoming increasingly critical to the business strategy of many networked companies. The major function of cross-organizational ERP solutions is to coordinate work in two or more organizations. However, how to al

  2. A Machine Learning Based Analytical Framework for Semantic Annotation Requirements

    CERN Document Server

    Hassanzadeh, Hamed; 10.5121/ijwest.2011.2203

    2011-01-01

    The Semantic Web is an extension of the current web in which information is given well-defined meaning. The perspective of Semantic Web is to promote the quality and intelligence of the current web by changing its contents into machine understandable form. Therefore, semantic level information is one of the cornerstones of the Semantic Web. The process of adding semantic metadata to web resources is called Semantic Annotation. There are many obstacles against the Semantic Annotation, such as multilinguality, scalability, and issues which are related to diversity and inconsistency in content of different web pages. Due to the wide range of domains and the dynamic environments that the Semantic Annotation systems must be performed on, the problem of automating annotation process is one of the significant challenges in this domain. To overcome this problem, different machine learning approaches such as supervised learning, unsupervised learning and more recent ones like, semi-supervised learning and active learn...

  3. Software framework for off-road autonomous robot navigation system

    Institute of Scientific and Technical Information of China (English)

    WU Er-yong; ZHOU Wen-hui; ZHANG Li; DAI Guo-jun

    2009-01-01

    This paper presents a software framework for off-road autonomous robot navigation system. With the requirements of accurate terrain perception and instantaneous obstacles detection, one navigation software framework was advanced based on the principles of "three layer architecture" of intelligence system. Utilized the technologies of distributed system, machine learning and multiple sensor fusion, individual functional module was discussed. This paper aims to provide a framework reference for autonomous robot navigation system design.

  4. 76 FR 67472 - Order of Succession for the Office of the Chief Information Officer

    Science.gov (United States)

    2011-11-01

    ... Cyber Security and Privacy, Office of the Chief Information Officer, Department of Housing and Urban... Operations; (3) Deputy Chief Information Officer, for Cyber Security and Privacy; (4) Deputy...

  5. A visualization framework for design and evaluation

    Science.gov (United States)

    Blundell, Benjamin J.; Ng, Gary; Pettifer, Steve

    2006-01-01

    The creation of compelling visualisation paradigms is a craft often dominated by intuition and issues of aesthetics, with relatively few models to support good design. The majority of problem cases are approached by simply applying a previously evaluated visualisation technique. A large body of work exists covering the individual aspects of visualisation design such as the human cognition aspects visualisation methods for specific problem areas, psychology studies and so forth, yet most frameworks regarding visualisation are applied after-the-fact as an evaluation measure. We present an extensible framework for visualisation aimed at structuring the design process, increasing decision traceability and delineating the notions of function, aesthetics and usability. The framework can be used to derive a set of requirements for good visualisation design and evaluating existing visualisations, presenting possible improvements. Our framework achieves this by being both broad and general, built on top of existing works, with hooks for extensions and customizations. This paper shows how existing theories of information visualisation fit into the scheme, presents our experience in the application of this framework on several designs, and offers our evaluation of the framework and the designs studied.

  6. Frameworks for evaluating health research capacity strengthening: a qualitative study.

    Science.gov (United States)

    Boyd, Alan; Cole, Donald C; Cho, Dan-Bi; Aslanyan, Garry; Bates, Imelda

    2013-12-14

    Health research capacity strengthening (RCS) projects are often complex and hard to evaluate. In order to inform health RCS evaluation efforts, we aimed to describe and compare key characteristics of existing health RCS evaluation frameworks: their process of development, purpose, target users, structure, content and coverage of important evaluation issues. A secondary objective was to explore what use had been made of the ESSENCE framework, which attempts to address one such issue: harmonising the evaluation requirements of different funders. We identified and analysed health RCS evaluation frameworks published by seven funding agencies between 2004 and 2012, using a mixed methods approach involving structured qualitative analyses of documents, a stakeholder survey and consultations with key contacts in health RCS funding agencies. The frameworks were intended for use predominantly by the organisations themselves, and most were oriented primarily towards funders' internal organisational performance requirements. The frameworks made limited reference to theories that specifically concern RCS. Generic devices, such as logical frameworks, were typically used to document activities, outputs and outcomes, but with little emphasis on exploring underlying assumptions or contextual constraints. Usage of the ESSENCE framework appeared limited. We believe that there is scope for improving frameworks through the incorporation of more accessible information about how to do evaluation in practice; greater involvement of stakeholders, following evaluation capacity building principles; greater emphasis on explaining underlying rationales of frameworks; and structuring frameworks so that they separate generic and project-specific aspects of health RCS evaluation. The third and fourth of these improvements might assist harmonisation.

  7. State Energy Resilience Framework

    Energy Technology Data Exchange (ETDEWEB)

    Phillips, J. [Argonne National Lab. (ANL), Argonne, IL (United States); Finster, M. [Argonne National Lab. (ANL), Argonne, IL (United States); Pillon, J. [Argonne National Lab. (ANL), Argonne, IL (United States); Petit, F. [Argonne National Lab. (ANL), Argonne, IL (United States); Trail, J. [Argonne National Lab. (ANL), Argonne, IL (United States)

    2016-12-01

    The energy sector infrastructure’s high degree of interconnectedness with other critical infrastructure systems can lead to cascading and escalating failures that can strongly affect both economic and social activities.The operational goal is to maintain energy availability for customers and consumers. For this body of work, a State Energy Resilience Framework in five steps is proposed.

  8. Exploring the Science Framework

    Science.gov (United States)

    Bell, Philip; Bricker, Leah; Tzou, Carrie; Lee, Tiffany; Van Horne, Katie

    2012-01-01

    The National Research Council's recent publication "A Framework for K-12 Science Education: Practices, Crosscutting Concepts, and Core Ideas" (NRC 2011), which is the foundation for the Next Generation Science Standards now being developed, places unprecedented focus on the practices involved in doing scientific and engineering work. In an effort…

  9. Danish Technology Framework

    DEFF Research Database (Denmark)

    Bonke, Sten; Jørgensen, Tom Rydahl

    This report investigates the occurrence of foundation failures within the context of the Danish construction technology framework. The report comprises a definition/typology section on the basis of which Danish regulatory and administrative procedures in relation to foundation failures are reviewed....

  10. ESBL Evaluation framework

    NARCIS (Netherlands)

    Bondt, N.; Asseldonk, van M.A.P.M.; Bergevoet, R.H.M.

    2016-01-01

    Extended-spectrum bèta-lactamases (ESBL)-producing bacteria have become increasingly common in animals and humans. The goal of the presented ESBL evaluation framework is to help policy makers to evaluate the effectiveness of possible interventions aimed to reduce ESBL levels in livestock. An objecti

  11. Framework for online teaching

    DEFF Research Database (Denmark)

    Strobel, Bjarne W.

    2014-01-01

    The following framework for online teaching is a guidance to inspire you on how to to use e-learning in your teaching. Maybe you want to make a whole online course (distance learning) or maybe you want to use e-learning as a part of a course (blended learning). If you want to go further or have...

  12. Frameworks for commercial success

    Science.gov (United States)

    2016-11-01

    Taking chemical technology from the bench to the consumer is a formidable challenge, but it is how research can ultimately benefit wider society. Companies are now beginning to incorporate metal-organic frameworks into commercial products, heralding a new era for the field.

  13. Reverse logistics - a framework

    NARCIS (Netherlands)

    M.P. de Brito (Marisa); R. Dekker (Rommert)

    2002-01-01

    textabstractIn this paper we define and compare Reverse Logistics definitions. We start by giving an understanding framework of Reverse Logistics: the why-what-how. By this means, we put in context the driving forces for Reverse Logistics, a typology of return reasons, a classification of product

  14. Mastering entity framework

    CERN Document Server

    Singh, Rahul Rajat

    2015-01-01

    This book is for .NET developers who are developing data-driven applications using ADO.NET or other data access technologies. This book is going to give you everything you need to effectively develop and manage data-driven applications using Entity Framework.

  15. Futurism: Framework for Composition.

    Science.gov (United States)

    Keroack, Elizabeth Carros; Marquis, Leah Keating

    Noting that the study of the future has been neglected within the language arts framework, this paper proposes a curriculum unit that uses such study as a vehicle to develop composition skills. The paper provides the following information: the general objectives of the unit; evaluation methods; general humanistic themes to be studied; materials;…

  16. Play framework cookbook

    CERN Document Server

    Reelsen, Alexander

    2015-01-01

    This book is aimed at advanced developers who are looking to harness the power of Play 2.x. This book will also be useful for professionals looking to dive deeper into web development. Play 2 .x is an excellent framework to accelerate your learning of advanced topics.

  17. Play framework essentials

    CERN Document Server

    Richard-Foy, Julien

    2014-01-01

    This book targets Java and Scala developers who already have some experience in web development and who want to master Play framework quickly and efficiently. This book assumes you have a good level of knowledge and understanding of efficient Java and Scala code.

  18. Framework for online teaching

    DEFF Research Database (Denmark)

    Strobel, Bjarne W.

    2014-01-01

    The following framework for online teaching is a guidance to inspire you on how to to use e-learning in your teaching. Maybe you want to make a whole online course (distance learning) or maybe you want to use e-learning as a part of a course (blended learning). If you want to go further or have...

  19. The Legal Framework for Establishing Private Universities in Swaziland

    Science.gov (United States)

    Mbanze, C. V.; Coetzee, S. A.

    2014-01-01

    This article draws on a doctoral study which investigated the legal and management frameworks required for establishing private universities in Swaziland. The focus is particularly on the legal framework for establishing the Southern Africa Nazarene University (SANU). Managers involved in establishing SANU encountered a lack of both specific…

  20. Situational Analysis: A Framework for Evidence-Based Practice

    Science.gov (United States)

    Annan, Jean

    2005-01-01

    Situational analysis is a framework for professional practice and research in educational psychology. The process is guided by a set of practice principles requiring that psychologists' work is evidence-based, ecological, collaborative and constructive. The framework is designed to provide direction for psychologists who wish to tailor their…

  1. An Animation Framework for Continuous Interaction with Reactive Virtual Humans

    NARCIS (Netherlands)

    Reidsma, Dennis; Zwiers, Jakob; Ruttkay, Z.M.; ter Maat, Mark; Nijholt, Antinus; Egges, A.; van Welbergen, H.; Hondorp, G.H.W.

    2009-01-01

    We present a complete framework for animation of Reactive Virtual Humans that offers a mixed animation paradigm: control of different body parts switches between keyframe animation, procedural animation and physical simulation, depending on the requirements of the moment. This framework implements

  2. Situational Analysis: A Framework for Evidence-Based Practice

    Science.gov (United States)

    Annan, Jean

    2005-01-01

    Situational analysis is a framework for professional practice and research in educational psychology. The process is guided by a set of practice principles requiring that psychologists' work is evidence-based, ecological, collaborative and constructive. The framework is designed to provide direction for psychologists who wish to tailor their…

  3. A Logical Framework for Reputation Systems

    DEFF Research Database (Denmark)

    Nielsen, Mogens; Krukow, Karl Kristian; Sassone, Vladimiro

    2008-01-01

    Reputation systems are meta systems that record, aggregate and distribute information about principals' behaviour in distributed applications. Similarly, history-based access control systems make decisions based on programs' past security-sensitive actions. While the applications are distinct......, the two types of systems are fundamentally making decisions based on information about the past behaviour of an entity. A logical policy-centric framework for such behaviour-based decision-making is presented. In the framework, principals specify policies which state precise requirements on the past...

  4. A Logical Framework for Reputation Systems

    DEFF Research Database (Denmark)

    Nielsen, Mogens; Krukow, Karl Kristian; Sassone, Vladimiro

    2008-01-01

    Reputation systems are meta systems that record, aggregate and distribute information about principals' behaviour in distributed applications. Similarly, history-based access control systems make decisions based on programs' past security-sensitive actions. While the applications are distinct......, the two types of systems are fundamentally making decisions based on information about the past behaviour of an entity. A logical policy-centric framework for such behaviour-based decision-making is presented. In the framework, principals specify policies which state precise requirements on the past......-based access control for safe execution of unknown and untrusted programs....

  5. Instant Zend Framework 2.0

    CERN Document Server

    Hasan, A N M Mahabubul

    2013-01-01

    Get to grips with a new technology, understand what it is and what it can do for you, and then get to work with the most important features and tasks. This book is fast-paced, practical guide that will provide step-by-step instructions for building a practical database-driven MVC application using Zend Framework 2.This book is for developers who possess entry level knowledge or who have no prior experience with Zend Framework. An understanding of object-oriented programming is important and experience with namespaces will be required.

  6. Software requirements

    CERN Document Server

    Wiegers, Karl E

    2003-01-01

    Without formal, verifiable software requirements-and an effective system for managing them-the programs that developers think they've agreed to build often will not be the same products their customers are expecting. In SOFTWARE REQUIREMENTS, Second Edition, requirements engineering authority Karl Wiegers amplifies the best practices presented in his original award-winning text?now a mainstay for anyone participating in the software development process. In this book, you'll discover effective techniques for managing the requirements engineering process all the way through the development cy

  7. REAL TIME DATA PROCESSING FRAMEWORKS

    Directory of Open Access Journals (Sweden)

    Yash Sakaria

    2015-09-01

    Full Text Available On a business level, everyone wants to get hold of the business value and other organizational advantages that big data has to offer. Analytics has arisen as the primitive path to business value from big data. Hadoop is not just a storage platform for big data; it’s also a computational and processing platform for business analytics. Hadoop is, however, unsuccessful in fulfilling business requirements when it comes to live data streaming. The initial architecture of Apache Hadoop did not solve the problem of live stream data mining. In summary, the traditional approach of big data being co-relational to Hadoop is false; focus needs to be given on business value as well. Data Warehousing, Hadoop and stream processing complement each other very well. In this paper, we have tried reviewing a few frameworks and products which use real time data streaming by providing modifications to Hadoop.

  8. Telehealth success: evaluation framework development.

    Science.gov (United States)

    Hebert, M

    2001-01-01

    Implementing telehealth applications represents a substantial investment of resources, which is one reason why success is of great interest. Many research and evaluation studies have investigated measures of successful telehealth systems. However, the term "telehealth" represents a wide range of variables including clinical application, characteristics of the information being transmitted, temporal relationships of data transfer and the organizational context. These sources of variability pose many challenges for evaluation as well as for building a cumulative history of research. A conceptual framework is required that assists in categorizing results and drawing conclusions based on an accumulation of findings. One measure of "success" in health care is quality patient care and this reflects a primary reason for ICT investments. For this reason, Donabedian's work in evaluating quality provides the basis for the proposed framework. DeLone and McLean's definitions of IS success assist in conceptualizing Donabedian's structure-outcome-process variables in a telehealth context. Multiple evaluation approaches have been used to address different types of questions. Prior to the technologies being introduced to clinical care, there are usually many studies to demonstrate their effectiveness. Health Technology Assessment examines a broader context than the technology alone, including costs and comparing alternatives that would exist in the absence of telehealth. It considers performance measures; outcomes; summary measures, operational considerations, and other issues. Program Evaluation examines use of the technology to provide a service or deliver a program. Evaluation questions often address whether the program goals have been met and if it is operating as expected. Perhaps of greater concern than the evaluation approach taken is generalizability of findings. Recent studies have given inadequate attention to defining what is done (i.e. comparison of telehealth to most

  9. Energy requirements

    NARCIS (Netherlands)

    Hulzebos, Christian V.; Sauer, Pieter J. J.

    2007-01-01

    The determination of the appropriate energy and nutritional requirements of a newborn infant requires a clear goal of the energy and other compounds to be administered, valid methods to measure energy balance and body composition, and knowledge of the neonatal metabolic capacities. Providing an appr

  10. Energy requirements

    NARCIS (Netherlands)

    Hulzebos, Christian V.; Sauer, Pieter J. J.

    The determination of the appropriate energy and nutritional requirements of a newborn infant requires a clear goal of the energy and other compounds to be administered, valid methods to measure energy balance and body composition, and knowledge of the neonatal metabolic capacities. Providing an

  11. A generalization of Dung's Abstract Framework for Argumentation

    DEFF Research Database (Denmark)

    Nielsen, Søren Holbech; Parsons, Simon

    2006-01-01

    One of the most widely studied systems of argumentation is the one described by Dung in a paper from 1995. Unfortunately, this framework does not allow for joint attacks on arguments, which we argue must be required of any truly abstract argumentation framework. A few frameworks can be said...... to allow for such interactions among arguments, but for various reasons we believe that these are inadequate for modelling argumentation systems with joint attacks. In this paper we propose a generalization of the framework of Dung, which allows for sets of arguments to attack other arguments. We extend...

  12. A conceptual framework for implementation fidelity

    Directory of Open Access Journals (Sweden)

    Booth Andrew

    2007-11-01

    Full Text Available Abstract Background Implementation fidelity refers to the degree to which an intervention or programme is delivered as intended. Only by understanding and measuring whether an intervention has been implemented with fidelity can researchers and practitioners gain a better understanding of how and why an intervention works, and the extent to which outcomes can be improved. Discussion The authors undertook a critical review of existing conceptualisations of implementation fidelity and developed a new conceptual framework for understanding and measuring the process. The resulting theoretical framework requires testing by empirical research. Summary Implementation fidelity is an important source of variation affecting the credibility and utility of research. The conceptual framework presented here offers a means for measuring this variable and understanding its place in the process of intervention implementation.

  13. Business process transformation the process tangram framework

    CERN Document Server

    Sharma, Chitra

    2015-01-01

    This book presents a framework through transformation and explains  how business goals can be translated into realistic plans that are tangible and yield real results in terms of the top line and the bottom line. Process Transformation is like a tangram puzzle, which has multiple solutions yet is essentially composed of seven 'tans' that hold it together. Based on practical experience and intensive research into existing material, 'Process Tangram' is a simple yet powerful framework that proposes Process Transformation as a program. The seven 'tans' are: the transformation program itself, triggers, goals, tools and techniques, culture, communication and success factors. With its segregation into tans and division into core elements, this framework makes it possible to use 'pick and choose' to quickly and easily map an organization's specific requirements. Change management and process modeling are covered in detail. In addition, the book approaches managed services as a model of service delivery, which it ex...

  14. Knowledge Encapsulation Framework for Collaborative Social Modeling

    Energy Technology Data Exchange (ETDEWEB)

    Cowell, Andrew J.; Gregory, Michelle L.; Marshall, Eric J.; McGrath, Liam R.

    2009-03-24

    This paper describes the Knowledge Encapsulation Framework (KEF), a suite of tools to enable knowledge inputs (relevant, domain-specific facts) to modeling and simulation projects, as well as other domains that require effective collaborative workspaces for knowledge-based task. This framework can be used to capture evidence (e.g., trusted material such as journal articles and government reports), discover new evidence (covering both trusted and social media), enable discussions surrounding domain-specific topics and provide automatically generated semantic annotations for improved corpus investigation. The current KEF implementation is presented within a wiki environment, providing a simple but powerful collaborative space for team members to review, annotate, discuss and align evidence with their modeling frameworks. The novelty in this approach lies in the combination of automatically tagged and user-vetted resources, which increases user trust in the environment, leading to ease of adoption for the collaborative environment.

  15. Framework for Maintenance Planning

    DEFF Research Database (Denmark)

    Soares, C. Guedes; Duarte, J. Caldeira; Garbatov, Y.;

    2010-01-01

    The present document presents a framework for maintenance planning. Maintenance plays a fundamental role in counteracting degradation effects, which are present in all infrastructure and industrial products. Therefore, maintenance planning is a very critical aspect to consider both during...... the design and during the whole life span of operational use, within an integrated framework founded on risk and reliability based techniques. The document addresses designers, decision makers and professionals responsible for or involved in establishing maintenance plans. The purpose of this document...... is to present maintenance as an integrated approach that needs to be planned, designed, engineered, and controlled by proper qualitative and quantitative techniques. This document outlines the basic premises for maintenance planning and provides the general philosophies that can be followed and points to a best...

  16. Adaptable component frameworks

    DEFF Research Database (Denmark)

    Katajainen, Jyrki; Simonsen, Bo

    2009-01-01

    The CPH STL is a special edition of the STL, the containers and algorithms part of the C++ standard library. The specification of the generic components of the STL is given in the C++ standard. Any implementation of the STL, e.g. the one that ships with your standard-compliant C++ compiler, should...... provide at least one realization for each container that has the specified characteristics with respect to performance and safety. In the CPH STL project, our goal is to provide several alternative realizations for each STL container. For example, for associative containers we can provide almost any kind...... of balanced search tree. Also, we do provide safe and compact versions of each container. To ease the maintenance of this large collection of implementations, we have developed component frameworks for the STL containers. In this paper, we describe the design and implementation of a component framework...

  17. MONARC Simulation Framework

    CERN Document Server

    Dobre, Ciprian

    2011-01-01

    This paper discusses the latest generation of the MONARC (MOdels of Networked Analysis at Regional Centers) simulation framework, as a design and modelling tool for large scale distributed systems applied to HEP experiments. A process-oriented approach for discrete event simulation is well-suited for describing concurrent running programs, as well as the stochastic arrival patterns that characterize how such systems are used. The simulation engine is based on Threaded Objects (or Active Objects), which offer great flexibility in simulating the complex behavior of distributed data processing programs. The engine provides an appropriate scheduling mechanism for the Active objects with support for interrupts. This approach offers a natural way of describing complex running programs that are data dependent and which concurrently compete for shared resources as well as large numbers of concurrent data transfers on shared resources. The framework provides a complete set of basic components (processing nodes, data s...

  18. Landscape Environmental Assessment Framework

    Energy Technology Data Exchange (ETDEWEB)

    2017-07-20

    LEAF Version 2.0 is a framework comprising of three models RUSLE2, WEPS, and AGNPS. The framework can predict row crop, crop residue, and energy crop yields at a sub-field resolutions for various combinations of soil, climate and crop management and residue harvesting practices. It estimates the loss of soil, carbon, and nutrients to the atmosphere, to the groundwater, and to runoff. It also models the overland flow of water and washed-off sediments, nutrients and other chemicals to provide estimates of sediment, nutrient, and chemical loadings to water bodies within a watershed. AGNPS model and wash-off calculations are the new additions to this version of LEAF. Development of LEAF software is supported by DOE's BETO program.

  19. Framework for Maintenance Planning

    DEFF Research Database (Denmark)

    Duarte, J. Caldeira; Garbatov, Y.; Zio, E.

    2010-01-01

    The present document presents a framework for maintenance planning. Maintenance plays a fundamental role in counteracting degradation effects, which are present in all infrastructure and industrial products. Therefore, maintenance planning is a very critical aspect to consider both during...... the design and during the whole life span of operational use, within an integrated framework founded on risk and reliability based techniques. The document addresses designers, decision makers and professionals responsible for or involved in establishing maintenance plans. The purpose of this document...... is to present maintenance as an integrated approach that needs to be planned, designed, engineered, and controlled by proper qualitative and quantitative techniques. This document outlines the basic premises for maintenance planning and provides the general philosophies that can be followed and points to a best...

  20. Framework for Grid Manufacturing

    Institute of Scientific and Technical Information of China (English)

    陈笠; 邓宏; 邓倩妮; 吴振宇

    2004-01-01

    With the development of networked manufacturing, it is more and more imminent to solve problems caused by inherent limitations of network technology, such as heterogeneity, collaboration collision, and decentralized control.This paper presents a framework for grid manufacturing, which neatly combines grid technology with the infrastructure of advanced manufacturing technology.The paper studies grid-oriented knowledge description and acquisition, and constructs a distributed knowledge grid model.The paper also deals with the protocol of node description in collaborative design, and describes a distributed collaborative design model.The protocol and node technology leads to a collaborative production model for grid manufacturing.The framework for grid manufacturing offers an effective and feasible solution for the problems of networked manufacturing.The grid manufacturing will become an advanced distributed manufacturing model and promote the development of advanced manufacturing technologies.