An assessment of the terrorist threat to use a nuclear or radiological device in an attack

Energy Technology Data Exchange (ETDEWEB)

Kingshott, B.F. [Grand Valley State University, 275C DeVos Center, 401 West Fulton Street, Grand Rapids, MI 49504 (United States)]. E-mail: kingshob@gvsu.edu

2006-07-01

This paper will discuss terrorism from the perspective of a terrorist organisation acquiring nuclear material to build weapons and how security of radiological material world wide will minimise the risk of such devices being used. It will discuss the need to improve security at nuclear waste processing and storage sites and the adequacy of current security. It will also discuss the phenomenon of suicide attacks by the bomb carriers and the role of the media in informing and educating the general public of the consequences should such a device containing nuclear material be detonated. (author)

Nuclear terrorism

International Nuclear Information System (INIS)

2002-01-01

Recent reports of alleged terrorist plans to build a 'dirty bomb' have heightened longstanding concerns about nuclear terrorism. This briefing outlines possible forms of attack, such as: detonation of a nuclear weapon; attacks involving radioactive materials; attacks on nuclear facilities. Legislation addressing these risks and the UK's strategy for coping with them are also considered

Construction of a Cyber Attack Model for Nuclear Power Plants

Energy Technology Data Exchange (ETDEWEB)

Varuttamaseni, Athi; Bari, Robert A.; Youngblood, Robert

2017-05-01

The consideration of how one compromised digital equipment can impact neighboring equipment is critical to understanding the progression of cyber attacks. The degree of influence that one component may have on another depends on a variety of factors, including the sharing of resources such as network bandwidth or processing power, the level of trust between components, and the inclusion of segmentation devices such as firewalls. The interactions among components via mechanisms that are unique to the digital world are not usually considered in traditional PRA. This means potential sequences of events that may occur during an attack may be missed if one were to only look at conventional accident sequences. This paper presents a method where, starting from the initial attack vector, the progression of a cyber attack can be modeled. The propagation of the attack is modeled by considering certain attributes of the digital components in the system. These attributes determine the potential vulnerability of a component to a class of attack and the capability gained by the attackers once they are in control of the equipment. The use of attributes allows similar components (components with the same set of attributes) to be modeled in the same way, thereby reducing the computing resources required for analysis of large systems.

Development of Cyber-attack Risk Assessment Model for Nuclear Power Plants

International Nuclear Information System (INIS)

Park, Jong Woo; Lee, Seung Jun

2017-01-01

In this work, a risk evaluation method to identify significant cyber-attack scenarios and important components which should be defensed was proposed based on the probabilistic safety assessment (PSA) method which is widely used for evaluating risk of NPPs. NPPs adopting digital systems have been facing the risk of cyber-attacks. To develop efficient and reasonable defense strategy, it is required to identify significant cyber-attack scenarios and important components because there are huge number of critical digital assets in an NPP. By evaluating the risk of cyber-attack, the risk-informed defense strategies against cyber-attack could be suggested. In this work, the method to identify important cyber-attack scenarios and to evaluate the quantitative risk caused by cyber-attacks was proposed. For a future study, more feasible scenarios will be analyzed and additional modifications will be made in the model if necessary.

Nuclear deterrence: Inherent escalation?

International Nuclear Information System (INIS)

Bergbauer, J.R. Jr.

1993-01-01

Despite 40 years of peace between the super powers, there is increasing clamor to the effect that nuclear war between the super powers is imminent; or could occur through escalation from a minor conflict; or could result from harsh rhetoric (but only on the part of the U.S.) in the super power dialogue. The factor that is ignored is that a massive nuclear attack would be rational ONLY if that attack could inflict such damage that the other super power could not launch a significant retaliatory nuclear attack. ONLY in this circumstance would there be any profit in launching an initial Strategic Nuclear Attack. This First Strike capability is not now possessed nor projected to be developed by either super power. As long as ANY possible Strategic Nuclear Attack against the national territory of one super power would be insufficient to prevent an equally destructive retaliatory attack, then a Strategic Nuclear Attack would inevitably result in the destruction of both and would be profitless, hence, pointless. This situation describes Mutually Assured Destruction (MAD), the governing conflict paradigm applicable to both super powers. The only convential attack that would even remotely rival the national-destruction potential of a Strategic Nuclear Attack and could cause the attacked power to consider launching a retaliatory Strategic Nuclear Attack would be a massive land-air invasion/occupation of one super power by the other. Since neither super power can successfully execute such a conventional invasion/occupation, this situation is moot. The geo-political environments of the two super powers are so asymmetrical and their military positions so symmetrical that the probability of ANY forseeable situation resulting in their resorting to a Strategic Nuclear Exchange is vanishingly small. It is possible escape the Chicken-Little syndrome and, instead, devote energy to ensuring the maintenance of this favorable, but fragile, world system

Limited attacks on the United States and the Soviet Union

International Nuclear Information System (INIS)

Levi, B.; Hippel, F. von.

1987-01-01

This report is focused on calculations carried out at Princeton University of the consequences of so-called ''limited'' nuclear attacks by the USA and the USSR on one another - primarily because such scenarios seem to be motivating the acquisition of new nuclear weapons. The conclusions were: The use of only a fraction of the destructive capacity in USA and Soviet nuclear arsenals could have catastrophic consequences to human kind. Although the primary justification of the tens of thousands of nuclear warheads in USA and Soviet arsenals is their potential use against military targets, the most commonly discussed potential large-scale military uses of these weapons - in attacks against the nuclear weapons of the other side - would result in tens of millions of civilian casualties. Certainly, if a first strike resulted in such a huge civilian toll, there could be little assurance of restraint in the response of the country that was attacked. The use of even 1% of the strategic arsenals of the USSR or the USA against the population, military industry or strategic-nuclear targets of the other nation could result in tens of millions of casualties. 17 refs, 6 figs, 5 tabs

Digital transformation. With the increasing digitalisation of reactors, the nuclear sector must take the risk of cyber attacks into account. Atom in front of cyber crime

International Nuclear Information System (INIS)

Dupin, Ludovic

2017-01-01

After having evoked a science-fictional scenario of a cyber attack of a nuclear reactor, but also recent and actual, and sometimes successful cyber attacks against reactor control systems or uranium enrichment centrifuges, this article notices that authorities and bodies in charge of nuclear activities have become aware of this threat only for a short time, and that the threat is increased because of the increasing role of digital compounds in recent reactors. Therefore, a definition of good practices is emerging. In a brief interview, a manager of Assystem outlines that data theft is the main risk

Civilian protection and Britain's commercial nuclear installations

International Nuclear Information System (INIS)

1981-01-01

The subject is treated as follows: initial conclusions (major nuclear attack on military installations; nuclear attack including civil nuclear targets; conventional attack on civil nuclear installations); nature of nuclear weapons explosions and power reactor releases (general; dose effects and biologically significant isotopes; nuclear weapon effects; effect of reactors and other fuel-cycle installations in a thermonuclear area; implications of reactor releases due to conventional attack, sabotage, civil disorder or major accident). (U.K.)

Probabilistic interpretation of command and control signals: Bayesian updating of the probability of nuclear attack

International Nuclear Information System (INIS)

Pate-Cornell, M.Elisabeth; Fischbeck, Paul S.

1995-01-01

A warning system such as the Command, Control, Communication, and Intelligence system (C 3 I) for the United States nuclear forces operates on the basis of various sources of information among which are signals from sensors. A fundamental problem in the use of such signals is that these sensors provide only imperfect information. Bayesian probability, defined as a degree of belief in the possibility of each event, is therefore a key concept in the logical treatment of the signals. However, the base of evidence for estimation of these probabilities may be small and, therefore, the results of the updating (posterior probabilities of attack) may also be uncertain. In this paper, we examine the case where uncertainties hinge upon the existence of several possible underlying hypotheses (or models), and where the decision-maker attributes a different probability of attack to each of these fundamental hypotheses. We present a two-stage Bayesian updating process, first of the probabilities of the fundamental hypotheses, then of the probabilities of attack conditional on each hypothesis, given a positive signal from the C 3 I. We illustrate the method in the discrete case where there are only two possible fundamental hypotheses, and in the case of a continuous set of hypotheses. We discuss briefly the implications of the results for decision-making. The method can be generalized to other warning systems with imperfect signals, when the prior probability of the event of interest is uncertain

Development of a dynamic model to evaluate economic recovery following a nuclear attack. Volume 2. Model equations (appendices C and D). Final report

International Nuclear Information System (INIS)

Peterson, D.W.; Silverman, W.S.; Weil, H.B.; Willard, S.

1980-11-01

A highly-robust, dynamic simulation model of the US economy has been constructed to evaluate the likely economic response after various nuclear attacks or other severe disruptions, under various policies and assumptions. The model consists of a large system of nonlinear, recursive, time-difference equations. The solution-interval of the model is adjustable, with a maximum value of three weeks. The model represents the economy in thirteen sectors. Each sector contains a detailed representation of production, distribution, supply constraints, finance, employment, pricing, and wages. Also included are a full input-output representation of the interconnections among the sectors, and the psychological responses of corporate planners, consumers, and the labor force. The model's equations are formulated to remain consistent and realistic for all values of the variables, including the most extreme conditions. Therefore, the model can realistically simulate any degree or time sequence of nuclear attacks, pre-attack surges, mobilization, or policy shifts. Simulation experiments with the model suggest that the economy is highly vulnerable to nuclear attack, and that recovery requires extensive preparation, including psychological readiness, technology maintenance, special financial policies, and (if possible) maintenance of foreign trade. Civil defense policies must be adaptive (contingent on the nature of the damage) and must strive for balance among sectors, rather than maximum survival. The simulation model itself consists of an interrelated set of mathematical equations, written in the computer language DYNAMO. Two appendices to the report are presented in this volume. Appendix C gives a brief introduction to the conventions and notations of the DYNAMO language. The equations, definitions, and variables of the model are listed in Appendix D. For the convenience of the reader, these two appendices are bound separately

The Need for Situational Awareness in a CBRNE Attack

Directory of Open Access Journals (Sweden)

Jordan Nelms

2011-02-01

Full Text Available Six years before the terrorist attacks on the World Trade Center and the Pentagon, and eight years before the United States went to war with Saddam Hussein for his alleged concealment of chemical and biological weapons caches, Japan's Tokyo subway was struck by one of the most vicious terror attacks in modern history.  The 1995 Sarin terrorist attack represents an important case study for post-9/11 emergency managers because it highlights the key issues first responders and public health officials face when confronted with a CBRNE ('C'hemical, 'B'iological, 'R'adiological, 'N'uclear, 'E'xplosive mass-casualty attack.

Project ATTACK and Project VISTA: Benchmark studies on the road to NATO's early TNF policy

International Nuclear Information System (INIS)

Garrity, P.J.

1994-01-01

This paper is concerned with those studies and analyses that affected early NATO nuclear policy and force structure. The discussion focuses specifically on two open-quotes benchmarkclose quotes activities. Project VISTA and Project ATTACK. These two studies were chosen less because one can document their direct impact on NATO nuclear policy and more because they capture the state of thinking about tactical nuclear weapons at a particular point of time. Project VISTA offers an especially important benchmark in this respect. Project ATTACK is a rather different kind of benchmark. It is not a pathbreaking study. It is much narrower and more technical than VISTA. It appears to have received no public attention. Project ATTACK is interesting because it seems to capture a open-quotes nuts-and-boltsclose quotes feel for how U.S. (and thereby NATO) theater nuclear policy was evolving prior to MC 48. The background and context for Project VISTA and Project ATTACK are presented and discussed

Maintaining nutritional adequacy during a prolonged food crisis. [Basic foods for post-nuclear attack use

Energy Technology Data Exchange (ETDEWEB)

Franz, K.B.; Kearny, C.H.

1979-08-01

This handbook is the first to assemble nutritional information and make recommendations on the efficient use of unprocessed grains, beans, and other elemental foods during the aftermath of a nuclear war. These basic foods would constitute the main resources to combat famine after a major nuclear attack. Such an attack would reduce and probably eliminate most commercial food processing for many months. To decision makers, this handbook should prove useful on basic aspects of nutrition in a long-term survival situation. These decision makers might range from the heads of families to government officials. Recommendations for nutrition given by organizations experienced in crisis feeding are reviewed and compared. Based on the best nutritional information available, emergency dietary recommendations are made for minimum and intermediate goals. The emergency dietary recommendations are applied to food for practical survival rations. Long-term survival rations for Americans are evaluated. These rations are (1) ten single-food rations; (2) four cereal-legume rations, ratio 4:1; (3) four cereal-legume rations, ratio 8:1; and (4) four cereal-legume-dry milk rations. The 22 different survival rations are detailed and summarized in 20 tables which list their nutritional adequacies and deficiences. Expedient procedures are given by which basic foods may be processed and cooked to provide a more healthful diet than most Americans believe possible. Special attention is given to the requirements of infants, children, and pregnant or lactating women. The eleven appendixes provide a wealth of specialized information. Among these appendixes is one that summarizes new and improved expedient methods for removing radioactive fallout and other contaminants from water. Another appendix is a comprehensive account of ways to sprout seeds to produce vitamins and improve palatability. (ERB)

Cyber security issues imposed on nuclear power plants

International Nuclear Information System (INIS)

Kim, Do-Yeon

2014-01-01

Highlights: • Provide history of cyber attacks targeting at nuclear facilities. • Provide cyber security issues imposed on nuclear power plants. • Provide possible countermeasures for protecting nuclear power plants. - Abstract: With the introduction of new technology based on the increasing digitalization of control systems, the potential of cyber attacks has escalated into a serious threat for nuclear facilities, resulting in the advent of the Stuxnet. In this regard, the nuclear industry needs to consider several cyber security issues imposed on nuclear power plants, including regulatory guidelines and standards for cyber security, the possibility of Stuxnet-inherited malware attacks in the future, and countermeasures for protecting nuclear power plants against possible cyber attacks

Development of field programmable gate array–based encryption module to mitigate man-in-the-middle attack for nuclear power plant data communication network

Directory of Open Access Journals (Sweden)

Mohamed Abdallah Elakrat

2018-06-01

Full Text Available This article presents a security module based on a field programmable gate array (FPGA to mitigate man-in-the-middle cyber attacks. Nowadays, the FPGA is considered to be the state of the art in nuclear power plants I&C systems due to its flexibility, reconfigurability, and maintainability of the FPGA technology; it also provides acceptable solutions for embedded computing applications that require cybersecurity. The proposed FPGA-based security module is developed to mitigate information-gathering attacks, which can be made by gaining physical access to the network, e.g., a man-in-the-middle attack, using a cryptographic process to ensure data confidentiality and integrity and prevent injecting malware or malicious data into the critical digital assets of a nuclear power plant data communication system. A model-based system engineering approach is applied. System requirements analysis and enhanced function flow block diagrams are created and simulated using CORE9 to compare the performance of the current and developed systems. Hardware description language code for encryption and serial communication is developed using Vivado Design Suite 2017.2 as a programming tool to run the system synthesis and implementation for performance simulation and design verification. Simple windows are developed using Java for physical testing and communication between a personal computer and the FPGA. Keywords: AES-128, Cyber Security, Encryption, Field Programmable Gate Array, I&C

Nuclear Cyber Security Issues and Policy Recommendations

Energy Technology Data Exchange (ETDEWEB)

Lee, Cheol-Kwon; Lee, Dong-Young [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of); Lee, Na-Young; Hwang, Young-Soo [Korea Institute of Nuclear Nonproliferation and Control, Daejeon (Korea, Republic of)

2015-10-15

The cyber-attack against computer systems causes the loss of function which brings about the big economic loss, and it becomes a national-wide issue. In recent days the cyber threat has occurred in the national critical infrastructure around the world. In the nuclear industry, while discussing responses to various threats against nuclear facilities since 2006, cyber-terrorism was also discussed. But at that time, cyber-attacks against control networks in nuclear facilities were not seriously considered because those networks were isolated from the Internet thoroughly and it was evaluated that cyber penetration would not be possible. However Stuxnet worm virus which attacked Iran's nuclear facilities confirmed that the cyber security problem could occur even in other nuclear facilities. The facilities were isolated from the Internet. After the cyber incident, we began to discuss the topic of NPP cyber security. It is very difficult to predict whether or when or how the cyber-attack will be occurred, which is a characteristic of cyber-attack. They could be always detected only after when an incident had occurred. This paper summarizes the report, 'Nuclear Cyber Security Issues and Policy Recommendations' by issue committee in the Korea Nuclear Society, which reviewed the cyber security framework for nuclear facilities in the Republic of Korea being established to prevent nuclear facilities from cyber-attacks and to respond systematically. As a result this paper proposes several comments to improve the security and furthermore safety of nuclear facilities Digital technology will be used more widely at the national critical infrastructure including nuclear facilities in the future, and moreover wireless technologies and mobile devices will be soon introduced to nuclear industry. It is therefore anticipated that the rapid advance in digital technology will accelerate the opportunity of hacking these facilities.

Nuclear Cyber Security Issues and Policy Recommendations

International Nuclear Information System (INIS)

Lee, Cheol-Kwon; Lee, Dong-Young; Lee, Na-Young; Hwang, Young-Soo

2015-01-01

The cyber-attack against computer systems causes the loss of function which brings about the big economic loss, and it becomes a national-wide issue. In recent days the cyber threat has occurred in the national critical infrastructure around the world. In the nuclear industry, while discussing responses to various threats against nuclear facilities since 2006, cyber-terrorism was also discussed. But at that time, cyber-attacks against control networks in nuclear facilities were not seriously considered because those networks were isolated from the Internet thoroughly and it was evaluated that cyber penetration would not be possible. However Stuxnet worm virus which attacked Iran's nuclear facilities confirmed that the cyber security problem could occur even in other nuclear facilities. The facilities were isolated from the Internet. After the cyber incident, we began to discuss the topic of NPP cyber security. It is very difficult to predict whether or when or how the cyber-attack will be occurred, which is a characteristic of cyber-attack. They could be always detected only after when an incident had occurred. This paper summarizes the report, 'Nuclear Cyber Security Issues and Policy Recommendations' by issue committee in the Korea Nuclear Society, which reviewed the cyber security framework for nuclear facilities in the Republic of Korea being established to prevent nuclear facilities from cyber-attacks and to respond systematically. As a result this paper proposes several comments to improve the security and furthermore safety of nuclear facilities Digital technology will be used more widely at the national critical infrastructure including nuclear facilities in the future, and moreover wireless technologies and mobile devices will be soon introduced to nuclear industry. It is therefore anticipated that the rapid advance in digital technology will accelerate the opportunity of hacking these facilities

Nuclear War Survival Skills

Energy Technology Data Exchange (ETDEWEB)

Kearny, C.H.

2002-06-24

The purpose of this book is to provide Americans with information and instructions that will significantly increase their chances of surviving a possible nuclear attack. It brings together field-tested instructions that, if followed by a large fraction of Americans during a crisis that preceded an attack, could save millions of lives. The author is convinced that the vulnerability of our country to nuclear threat or attack must be reduced and that the wide dissemination of the information contained in this book would help achieve that objective of our overall defense strategy.

Iran the aerial defense facing a preventive attack against the nuclear sites; Iran la defense aerienne face a une attaque preventive contre ses sites nucleaires

Energy Technology Data Exchange (ETDEWEB)

Gruselle, B.; Payre, G

2006-01-15

In the context of the nuclear uranium enrichment program development facing the international opinion, the author discusses the Iran policy of implementing a defense against an aerial attack. Even with the modernization of its anti-aerial defense, the Iran will cannot support an aerial american campaign, precise and long. (A.L.B.)

Combating nuclear terrorism in India: preventive nuclear forensic perspectives

International Nuclear Information System (INIS)

Raghav, N.K.; Lad, J.S.; Deshmukh, A.V.; Jagtap, S.S.

2014-01-01

Nuclear terrorism is constant threat to India by many terrorist organization and neighboring country. These organizations are directly or indirectly aided with nuclear material by terrorism supporting country. Such organization has a significant potential source for acquiring nuclear and other radioactive material. Possibility of leakage is widely feared because of the deteriorating law and order condition, great spur of nuclear proliferation after the cold war and disintegration of USSR. Terrorist could gain access to Nuclear and radioactive material and smuggle to India through porous borders. Preventive forensic approach in screening and searching nuclear and radioactive material will play cardinal role to prevent nuclear disaster happening in India. Future plans could be extracted from terrorists through their narco-tests, brain fingerprinting and a data base on this could be prepared, which could later be used to help prevent any attacks. In present paper authors strongly recommend setting up Preventive Forensic Units in India so that any internal or external nuclear attack could be aborted. (author)

Efficacy of nuclear forensics

International Nuclear Information System (INIS)

Kazi, Reshmi

2011-01-01

In a strange turn of history, the threat of global nuclear war has gone down, but the risk of a nuclear attack has gone up. The danger of nuclear terrorism and ways to thwart it, tackle it and manage it in the event of an attack is increasingly gaining the attention of nuclear analysts all over the world. There is rising awareness among nuclear experts to develop mechanisms to prevent, deter and deal with the threat of nuclear terrorism. Nuclear specialists are seeking to develop and improve the science of nuclear forensics so as to provide faster analysis during a crisis. Nuclear forensics can play an important role in detecting illicit nuclear materials to counter trafficking in nuclear and radiological materials. An effective nuclear forensic and attribution strategy can enable policy makers, decision makers and technical managers to respond to situations involving interception of special nuclear materials

Nuclear Cyber Security Case Study and Analysis

Energy Technology Data Exchange (ETDEWEB)

Park, Sunae [ChungNam National Univ., Daejeon (Korea, Republic of); Kim, Kyung doo [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

2016-10-15

Due to the new trend in cyber attacks, there is an increased security threat towards every country's infrastructure. So, security measures are required now than ever before. Previous cyber attacks normal process consists of paralyzing a server function, data extraction, or data control into the IT system for trespassing. However, nowadays control systems and infrastructures are also targeted and attacking methods have changed a lot. These days, the virus is becoming increasingly serious and hacker attacks are also becoming more frequent. This virus is a computer virus produced for the purpose of destroying the infrastructure, such as power plants, airports, railways June 2010, and it was first discovered in Belarus. Israel, the US, and other countries are believed culprits behind Stuxnet attacks on other nations such as Iran. Recent malware distribution, such as website hacking threat is growing. In surveys today one of the most long-term posing security threats is from North Korea. In particular, North Korea has been caught launching ongoing cyber-attacks after their latest nuclear test. South Korea has identified national trends regarding North Korean nuclear tests and analyzed them in order to catch disclosed confidential information. Especially, many nuclear power plants in the world are found to be vulnerable to cyber-attacks. Industrial facilities should be more wary of the risk of a serious cyber attack in the middle is going to increase the reliance on universal and commercial digital systems (off the shelf) software, civilian nuclear infrastructure. Senior executives’ current risk rate levels are increasing. Digitalization of the perception of risk is lacking in nuclear power plants and workers are creating prevention methods to make them fully aware of the risks of cyber-attacks. It is suggested that it may be inappropriate to assume we are prepared for potential attacks. Due to advances in technology, a warning that the growing sense of crisis

Nuclear Cyber Security Case Study and Analysis

International Nuclear Information System (INIS)

Park, Sunae; Kim, Kyung doo

2016-01-01

Due to the new trend in cyber attacks, there is an increased security threat towards every country's infrastructure. So, security measures are required now than ever before. Previous cyber attacks normal process consists of paralyzing a server function, data extraction, or data control into the IT system for trespassing. However, nowadays control systems and infrastructures are also targeted and attacking methods have changed a lot. These days, the virus is becoming increasingly serious and hacker attacks are also becoming more frequent. This virus is a computer virus produced for the purpose of destroying the infrastructure, such as power plants, airports, railways June 2010, and it was first discovered in Belarus. Israel, the US, and other countries are believed culprits behind Stuxnet attacks on other nations such as Iran. Recent malware distribution, such as website hacking threat is growing. In surveys today one of the most long-term posing security threats is from North Korea. In particular, North Korea has been caught launching ongoing cyber-attacks after their latest nuclear test. South Korea has identified national trends regarding North Korean nuclear tests and analyzed them in order to catch disclosed confidential information. Especially, many nuclear power plants in the world are found to be vulnerable to cyber-attacks. Industrial facilities should be more wary of the risk of a serious cyber attack in the middle is going to increase the reliance on universal and commercial digital systems (off the shelf) software, civilian nuclear infrastructure. Senior executives’ current risk rate levels are increasing. Digitalization of the perception of risk is lacking in nuclear power plants and workers are creating prevention methods to make them fully aware of the risks of cyber-attacks. It is suggested that it may be inappropriate to assume we are prepared for potential attacks. Due to advances in technology, a warning that the growing sense of crisis about

Synthesis of public authorities organisation in case of emergency and in a post-event situation (following a nuclear accident or a radiological attack) in France and abroad

International Nuclear Information System (INIS)

Kayser, O.

2010-01-01

After having briefly recalled how an emergency situation (notably in case of nuclear accident or radiological attack) is taken into account in the organisation of public authorities through specific plans (PPI or plans particuliers d'intervention, intervention specific plans), this report also describes how the situation is handled by these authorities after the end of the emergency situation (i.e. when the risk of new radioactive releases is over). This post-event stage is split into two phases: a transition phase which lasts several weeks or months, and a long term consequence management phase (over months or years). The author first describes the specificities of a nuclear or radiological event (accident or attack). He recalls the global public organisation and the involved actors. For the post-event period, he indicates the various actions, describes the interdepartmental coordination and the various aspects of the program designed to manage accident consequences on the long term. He also describes the roles of permanent bodies, agencies and institutes (ASN, ASND, MSNR, IRSN, INVS, ADEME, AFSSA, Meteo France, CEA, ANDRA, AREVA, EDF, ministries). The last part describes the action of public authorities in case of a nuclear accident occurring abroad. This includes relationship with European and international bodies

Investigation of impingement attack mechanism of copper alloy condenser tubes

Energy Technology Data Exchange (ETDEWEB)

Fukumura, Takuya; Nakajima, Nobuo; Arioka, Koji; Totsuka, Nobuo; Nakagawa, Tomokazu [Institute of Nuclear Safety System Inc., Mihama, Fukui (Japan)

2001-09-01

In order to investigate generation and growth mechanisms of impingement attacks of sea water against copper alloy condenser tubes used in condensers of nuclear power plants, we took out condenser tubes from actual condensers, cut them into several pieces and carried out several material tests mainly for impinged spots. In addition water flow inside of a pit was analyzed. From the results of the investigation, it was found that all of impingement attacks were found in the marks left by sessile organisms and none were found in downstream of the marks as frequently proposed so far. At the pits generated inside the marks, iron coating was striped and zinc content was deficient in some cases. Combining these data and the result of flow analysis, we considered the following mechanism of the impingement attacks: sessile organisms clinging to the surface of the condenser tube and growth, occlusion of the tube, extinction and decomposition of sessile organisms, pollution corrosion under the organisms and cavity formation, occlusion removal by the cleaning, generation of impingement attacks by flow collision inside the cavity, growth of the impingement attacks. (author)

Escalation of terrorism? On the risk of attacks with chemical, biological, radiological and nuclear weapons or materials; Eskalation des Terrors? Ueber das Anschlagsrisiko mit chemischen, biologischen, radiologischen und nuklearen Waffen oder Stoffen

Energy Technology Data Exchange (ETDEWEB)

Nass, Jens

2010-07-01

The report on the risk of attacks with chemical, biological, radiological and nuclear weapons or materials covers the following topics: the variety of terrorism: ethnic-nationalistic, politically motivated, social revolutionary, political extremism, religious fanaticism, governmental terrorism; CBRN (chemical, biological, radiological, nuclear) weapons and materials: their availability and effectiveness in case of use; potential actor groups; prevention and counter measures, emergency and mitigating measures.

Risk Due to Radiological Terror Attacks With Natural Radionuclides

International Nuclear Information System (INIS)

Friedrich, Steinhaeusler; Lyudmila, Zaitseva; Stan, Rydell

2008-01-01

The naturally occurring radionuclides radium (Ra-226) and polonium (Po-210) have the potential to be used for criminal acts. Analysis of international incident data contained in the Database on Nuclear Smuggling, Theft and Orphan Radiation Sources (CSTO), operated at the University of Salzburg, shows that several acts of murder and terrorism with natural radionuclides have already been carried out in Europe and Russia. Five different modes of attack (T) are possible: (1) Covert irradiation of an individual in order to deliver a high individual dose; (2) Covert irradiation of a group of persons delivering a large collective dose; (3) Contamination of food or drink; (4) Generation of radioactive aerosols or solutions; (5) Combination of Ra-226 with conventional explosives (Dirty Bomb).This paper assesses the risk (R) of such criminal acts in terms of: (a) Probability of terrorist motivation deploying a certain attack mode T; (b) Probability of success by the terrorists for the selected attack mode T; (c) Primary damage consequence (C) to the attacked target (activity, dose); (d) Secondary damage consequence (C') to the attacked target (psychological and socio-economic effects); (e) Probability that the consequences (C, C') cannot be brought under control, resulting in a failure to manage successfully the emergency situation due to logistical and/or technical deficits in implementing adequate countermeasures. Extensive computer modelling is used to determine the potential impact of such a criminal attack on directly affected victims and on the environment

Risk Due to Radiological Terror Attacks With Natural Radionuclides

Science.gov (United States)

Friedrich, Steinhäusler; Stan, Rydell; Lyudmila, Zaitseva

2008-08-01

The naturally occurring radionuclides radium (Ra-226) and polonium (Po-210) have the potential to be used for criminal acts. Analysis of international incident data contained in the Database on Nuclear Smuggling, Theft and Orphan Radiation Sources (CSTO), operated at the University of Salzburg, shows that several acts of murder and terrorism with natural radionuclides have already been carried out in Europe and Russia. Five different modes of attack (T) are possible: (1) Covert irradiation of an individual in order to deliver a high individual dose; (2) Covert irradiation of a group of persons delivering a large collective dose; (3) Contamination of food or drink; (4) Generation of radioactive aerosols or solutions; (5) Combination of Ra-226 with conventional explosives (Dirty Bomb). This paper assesses the risk (R) of such criminal acts in terms of: (a) Probability of terrorist motivation deploying a certain attack mode T; (b) Probability of success by the terrorists for the selected attack mode T; (c) Primary damage consequence (C) to the attacked target (activity, dose); (d) Secondary damage consequence (C') to the attacked target (psychological and socio-economic effects); (e) Probability that the consequences (C, C') cannot be brought under control, resulting in a failure to manage successfully the emergency situation due to logistical and/or technical deficits in implementing adequate countermeasures. Extensive computer modelling is used to determine the potential impact of such a criminal attack on directly affected victims and on the environment.

Truck bomb and insider threats to nuclear facilities

International Nuclear Information System (INIS)

Hirsch, D.

1987-01-01

In the nuclear field, two the these weak links in the security chain are the truck bomb threat and the insider threat. The risks associated with terrorist use of vehicular bombs against nuclear targets surfaced (actually, resurfaced) followed the terrorist attacks on the US Embassy annex and the Marine compound in Leb Concern was expressed that similar attacks against nuclear facilities could result in substantial damage and release of radioactivity. Since the current regulations of the NRC require licensees to protect only against attacks on foot (and even then, only against very small attacking forces), shortly after the Lebanon bombings, that agency commenced an urgent rulemaking to require its licensees to protect against truck bombs. Inexplicably, that rulemaking was called off after research results indicated that the truck bomb threat to nuclear facilities was even more serious than previously thought. Even were nuclear facilities adequately protected against external attack, be the aim theft or sabotage, the greatest security risk to these sites - the threat of action by insiders - would remain. The traditional methods of protecting against the insider threat - such as the two-person rule, strict compartmentalization of vital areas, and design features that make damage to two or more redundant systems by one individual difficult - are generally expensive and have encountered substantial resistance from the nuclear industry, which has restrained the NRC from requiring them

Calculating Adversarial Risk from Attack Trees: Control Strength and Probabilistic Attackers

NARCIS (Netherlands)

Pieters, Wolter; Davarynejad, Mohsen

2015-01-01

Attack trees are a well-known formalism for quantitative analysis of cyber attacks consisting of multiple steps and alternative paths. It is possible to derive properties of the overall attacks from properties of individual steps, such as cost for the attacker and probability of success. However, in

Assessment for the potential of Stuxnet attack on research reactor in Indonesia

International Nuclear Information System (INIS)

Eko H Riyadi

2013-01-01

Since discovered in June of 2010, the malware that named Stuxnet was directly electrify the world. The malware is interested the attentions of the media and security experts since infect instrumentation and control systems in industrial and caused significant damage. Stuxnet is a sophisticated kind of computer malware designed to sabotage industrial processes controlled by Siemens SIMATIC WinCC and PCS7. Even the malware developed to attack Iran's nuclear facilities have very specific goals and designed to infect Siemens SCADA systems are set up to control and monitor industrial processes. In Indonesia there are 3 research reactors i.e. Kartini in Jog jakarta, TRIGA in Bandung and RSG GA Siwabessy in Serpong. Last reactor has the largest capacity that was using the instrumentation and control system of the Siemens made. This study aims to determine the potential of the Stuxnet attack on research reactor with use methods and analysis the learning to the malware. With the configuration of the control system on research reactors, it is not impossible will be target of the Stuxnet attacks like as Iran's nuclear facility in Natanz. Although some security experts and anti virus have develop system patch and removal to fix this malware, but still needed the role of regulatory bodies to ensure that instrumentation and control system in research reactors are totally safe and secure from malware attacks. (author)

Computer security at ukrainian nuclear facilities: interface between nuclear safety and security

International Nuclear Information System (INIS)

Chumak, D.; Klevtsov, O.

2015-01-01

Active introduction of information technology, computer instrumentation and control systems (I and C systems) in the nuclear field leads to a greater efficiency and management of technological processes at nuclear facilities. However, this trend brings a number of challenges related to cyber-attacks on the above elements, which violates computer security as well as nuclear safety and security of a nuclear facility. This paper considers regulatory support to computer security at the nuclear facilities in Ukraine. The issue of computer and information security considered in the context of physical protection, because it is an integral component. The paper focuses on the computer security of I and C systems important to nuclear safety. These systems are potentially vulnerable to cyber threats and, in case of cyber-attacks, the potential negative impact on the normal operational processes can lead to a breach of the nuclear facility security. While ensuring nuclear security of I and C systems, it interacts with nuclear safety, therefore, the paper considers an example of an integrated approach to the requirements of nuclear safety and security

Nuclear terrorism - Threat or not?

Science.gov (United States)

Pomper, Miles A.; Tarini, Gabrielle

2017-11-01

A terrorist attack using nuclear or radiological materials is a low-probability event, but if executed, would lead to unprecedented socio-economic, material, and psychological disruption and damage. This chapter seeks to provide a sound assessment of the scope and nature of the threat by examining the different types of nuclear terrorism, each of which poses different risks, involves different barriers to success, and requires different terrorist capabilities. In addition, the chapter aims to provide an overview of the sources and nature of terrorists' motivations to employ a nuclear attack.

Bluetooth security attacks comparative analysis, attacks, and countermeasures

CERN Document Server

Haataja, Keijo; Pasanen, Sanna; Toivanen, Pekka

2013-01-01

This overview of Bluetooth security examines network vulnerabilities and offers a comparative analysis of recent security attacks. It also examines related countermeasures and proposes a novel attack that works against all existing Bluetooth versions.

Fear of Terrorism in New York After the September 11 Terrorist Attacks: Implications for Emergency Mental Health and Preparedness

Science.gov (United States)

Boscarino, Joseph A.; Figley, Charles R.; Adams, Richard E.

2009-01-01

To examine the public’s response to future terrorist attacks, we surveyed 1,001 New Yorkers in the community one year after the September 11 attacks. Overall, New Yorkers were very concerned about future terrorist attacks and also concerned about attacks involving biological or nuclear weapons. In addition, while most New Yorkers reported that if a biological or nuclear attack occurred they would evaluate available information before evacuating, a significant number reported they would immediately evacuate, regardless of police or public health communications to the contrary. The level of public concern was significantly higher on all measures among New York City and Long Island residents (downstate) compared to the rest of the state. A model predicting higher fear of terrorism indicated that downstate residents, women, those 45 to 64 years old, African Americans and Hispanics, those with less education/income, and those more likely to flee, were more fearful of future attacks. In addition, making disaster preparations and carefully evaluating emergency information also predicted a higher level of fear as well. A second model predicting who would flee suggested that those more likely to evaluate available information were less likely to immediately evacuate, while those with a higher fear of future attacks were more likely to flee the area. Given these findings and the possibility of future attacks, mental health professionals need to be more involved in preparedness efforts, especially related to the psychological impact of attacks involving weapons of mass destruction. PMID:14730761

Simple probabilistic method for relative risk evaluation of nuclear terrorism events

International Nuclear Information System (INIS)

Zhang Songbai; Wu Jun

2006-01-01

On the basis of the event-tree and probability analysis methods, a probabilistic method of nuclear terrorism risk was built, and the risk of terrorism events was analyzed. With the statistical data for and hypothetical data for relative events, the relative probabilities of the four kinds of nuclear terrorism events were obtained, as well as the relative risks of these four kinds of nuclear terrorism events were calculated by using this probabilistic method. The illustrated case show that the descending sequence of damages from the four kinds of nuclear terrorism events for single event is as following: nuclear explosive and improvised nuclear explosive, nuclear facility attacked, and 'dirty bomb'. Under the hypothetical condition, the descending sequence of possibilities for the four kinds of nuclear terrorism events is as following: 'dirty bomb', nuclear facility attacked, improvised nuclear explosive and nuclear explosive, but the descending sequence of risks is as following: 'dirty bomb', improvised nuclear explosive, nuclear facility attacked, and nuclear explosive . (authors)

Setting Component Priorities in Protecting NPPs against Cyber-Attacks Using Reliability Analysis Techniques

International Nuclear Information System (INIS)

Choi, Moon Kyoung; Seong, Poong Hyun; Son, Han Seong

2017-01-01

The digitalization of infrastructure makes systems vulnerable to cyber threats and hybrid attacks. According to ICS-CERT report, as time goes by, the number of vulnerabilities in ICS industries increases rapidly. Digital I and C systems have been developed and installed in nuclear power plants, and due to installation of the digital I and C systems, cyber security concerns are increasing in nuclear industry. However, there are too many critical digital assets to be inspected in digitalized NPPs. In order to reduce the inefficiency of regulation in nuclear facilities, the critical components that are directly related to an accident are elicited by using the reliability analysis techniques. Target initial events are selected, and their headings are analyzed through event tree analysis about whether the headings can be affected by cyber-attacks or not. Among the headings, the headings that can be proceeded directly to the core damage by the cyber-attack when they are fail are finally selected as the target of deriving the minimum cut-sets. We analyze the fault trees and derive the minimum set-cuts. In terms of original PSA, the value of probability for the cut-sets is important but the probability is not important in terms of cyber security of NPPs. The important factors is the number of basic events consisting of the minimal cut-sets that is proportional to vulnerability.

UK nuclear terrorism insurance arrangements: an overview

International Nuclear Information System (INIS)

Tetley, M. G.

2004-01-01

The risk of terrorism in the UK is not new, but since the New York World Trade Centre attacks in 2001, the potential scale of any terrorist attack has required a considerable reassessment. With UK foreign policy closely aligned to that of the USA, the UK security services now consider it is simply a matter of when and no longer if the UK is attacked. For insurers of any type this fact would cause concern; for insurers involved in high profile and potentially catastrophic loss targets such as nuclear power plants, any attack could have a severe impact on solvency and shareholder's funds. This paper's objective is to describe the terrorism insurance arrangements put in place in the U.K. both before and after the September 2001 attacks. These arrangements have been designed both to safeguard insurers' solvency and to ensure that the nuclear industry and general public can continue to be reassured by the availability of insurance should an attack ever occur.(author)

Distinguishing attack and second-preimage attack on encrypted message authentication codes (EMAC)

Science.gov (United States)

Ariwibowo, Sigit; Windarta, Susila

2016-02-01

In this paper we show that distinguisher on CBC-MAC can be applied to Encrypted Message Authentication Code (EMAC) scheme. EMAC scheme in general is vulnerable to distinguishing attack and second preimage attack. Distinguishing attack simulation on AES-EMAC using 225 message modifications, no collision have been found. According to second preimage attack simulation on AES-EMAC no collision found between EMAC value of S1 and S2, i.e. no second preimage found for messages that have been tested. Based on distinguishing attack simulation on truncated AES-EMAC we found collision in every message therefore we cannot distinguish truncated AES-EMAC with random function. Second-preimage attack is successfully performed on truncated AES-EMAC.

Tactical aspects of nuclear strategy

International Nuclear Information System (INIS)

Van Tonder, A.

1983-01-01

The advent of nuclear weapons at the end of the Second World War, caused a revolution in warfare. The article discusses the nature of nuclear warfare and the defense measures that can be employed in the event of a nuclear attack

Enersec conference series. Nuclear energy and security (NUSEC). Book of abstracts

Energy Technology Data Exchange (ETDEWEB)

Steinhaeusler, F; Heissl, C [Division of Physics and Biophysics, University of Salzburg, Hellbrunnerstrasse 34, Salzburg (Austria)

2005-07-01

Full text: After the terror attacks in the last years, the issue of security of nuclear power plants was raised, therefore members of national regulatory agencies, international organizations, and research institutions have engaged in the assessment of the security threats to nuclear facilities and the potential risks to man and the environment in the case of a successful terror attack. The risks range from the theft of nuclear material leading to illicit trafficking, to sabotage of nuclear power plants, and attacks on spent fuel transport resulting in an uncontrolled release of radioactivity. The NUSEC conference was focused on the security-related risks in the nuclear sector and its objective was to provide an overview of the currently available terrorism risk assessment methodology and international security approaches. Papers were presented in the following sessions: security of nuclear material, security of nuclear power plants, security of the transport of nuclear material, security of nuclear waste, national approaches to nuclear security and future outlook. (nevyjel)

Enersec conference series. Nuclear energy and security (NUSEC). Book of abstracts

International Nuclear Information System (INIS)

Steinhaeusler, F.; Heissl, C.

2005-01-01

Full text: After the terror attacks in the last years, the issue of security of nuclear power plants was raised, therefore members of national regulatory agencies, international organizations, and research institutions have engaged in the assessment of the security threats to nuclear facilities and the potential risks to man and the environment in the case of a successful terror attack. The risks range from the theft of nuclear material leading to illicit trafficking, to sabotage of nuclear power plants, and attacks on spent fuel transport resulting in an uncontrolled release of radioactivity. The NUSEC conference was focused on the security-related risks in the nuclear sector and its objective was to provide an overview of the currently available terrorism risk assessment methodology and international security approaches. Papers were presented in the following sessions: security of nuclear material, security of nuclear power plants, security of the transport of nuclear material, security of nuclear waste, national approaches to nuclear security and future outlook. (nevyjel)

Nuclear proliferation and terrorism

International Nuclear Information System (INIS)

Anon.

1977-01-01

This section of the book, Part III, has two chapters (9 and 10). Chapter 9, Nuclear Power and Proliferation of Nuclear Weapons, is disucssed under these subjects: nuclear nonproliferation: origins and status; requirements for nuclear weapons manufacture; current nuclear programs and proliferation capabilities; encouraging decisions to forego weapons; arms control; safeguards; attitudes and expectations. Chapter 10, Nuclear Terrorism, discusses these areas: theft of nuclear materials; attacks on nuclear reactors; responding to nuclear terrorism; security and civil liberties

Reflections on nuclear security. The USA's top nuclear regulator reviews the 9/11 response

International Nuclear Information System (INIS)

Meserve, R.A.

2002-01-01

There are three fundamental points related to nuclear security that should be emphasized. First, the physical protection at nuclear power plants was strong before September 11. Second, there have been no specific credible threats of a terrorist attack on nuclear power plants since September 11. Third, in light of the events of September 11, the NRC has recognized the need to reexamine past security strategies to ensure that we have the right protections in place for the long term. Following the attacks, the NRC issued over 30 safeguards and threat advisories to the major licensed facilities, placing them on the highest security level. Security across the nuclear industry was enhanced as a result of these actions, and many of the strengthened security measures are now requirements as a result of subsequently issued NRC Orders. One should note that nuclear facilities are the strongest and most well protected civilian facilities in our country. But the need to enhance those protections must be recognized. The NRC is dedicated to meeting the obligation to protect the public health and safety and the common defense and security from threats of all kinds. Much has been accomplished over the last year, but there is more to be done. Put in place within months of the September 2001 terrorist attacks, the IAEA's Action Plan on Nuclear Security is now being implemented on many fronts worldwide

Planner and nuclear crisis relocation

International Nuclear Information System (INIS)

Platt, R.H.

1984-01-01

Criticism of the Federal Emergency Management Agency (FEMA) plans to relocate two-thirds of the American people one week before a nuclear attack has been so intense that planners have renamed the crisis relocation plan to Integrated Emergency Management. A careful study of plans for the town of Greenfield, Massachusetts show that they are not only unworkable, but would seriously weaken the country even if no attack occurred. Recent warnings of a global climatic catastrophe and nuclear winter in the wake of a nuclear exchange underscore the need to denounce relocation policies as dangerous. Planners should take the lead in emphasizing the long-term consequences and informing the public that there is no civil defense against nuclear war. 7 references

Cooperating attackers in neural cryptography.

Science.gov (United States)

Shacham, Lanir N; Klein, Einat; Mislovaty, Rachel; Kanter, Ido; Kinzel, Wolfgang

2004-06-01

A successful attack strategy in neural cryptography is presented. The neural cryptosystem, based on synchronization of neural networks by mutual learning, has been recently shown to be secure under different attack strategies. The success of the advanced attacker presented here, called the "majority-flipping attacker," does not decay with the parameters of the model. This attacker's outstanding success is due to its using a group of attackers which cooperate throughout the synchronization process, unlike any other attack strategy known. An analytical description of this attack is also presented, and fits the results of simulations.

Crony Attack: Strategic Attack’s Silver Bullet

Science.gov (United States)

2006-11-01

physical assets or financial assets. The form of crony attack that most closely resembles classic strategic attack is to deny, degrade, or destroy a money...February 1951. Reprinted in Airpower Studies Coursebook , Air Command and Staff College, Maxwell AFB, AL, 2002, 152–58. Hirsch, Michael. “NATO’s Game of

Vulnerability of the nuclear power plant in war conditions

International Nuclear Information System (INIS)

Stritar, A.; Mavko, B.

1992-01-01

In the summer 1991 the Nuclear Power Plant Krsko in Slovenia found itself in the area of military operations. This way probably the first commercial nuclear power plant, to which it was threatened with the air jet attack. A number of never before asked questions had to be answered by the operating staff and supporting organizations. In this paper some aspects of the nuclear power plant safety in war condition are described: the selection of the best plant operating state before the attack and the determination of plant system vulnerability. It was concluded, that the best operating mode, into which the plant should be brought before the attack, is the cold shutdown mode. The problem of Nuclear Power Plant safety in war conditions should be addressed in more detail in the future. (author) [sl

Cutaneous reactions in nuclear, biological and chemical warfare

Directory of Open Access Journals (Sweden)

Arora Sandeep

2005-03-01

Full Text Available Nuclear, biological and chemical warfare have in recent times been responsible for an increasing number of otherwise rare dermatoses. Many nations are now maintaining overt and clandestine stockpiles of such arsenal. With increasing terrorist threats, these agents of mass destruction pose a risk to the civilian population. Nuclear and chemical attacks manifest immediately while biological attacks manifest later. Chemical and biological attacks pose a significant risk to the attending medical personnel. The large scale of anticipated casualties in the event of such an occurrence would need the expertise of all physicians, including dermatologists, both military and civilian. Dermatologists are uniquely qualified in this respect. This article aims at presenting a review of the cutaneous manifestations in nuclear, chemical and biological warfare and their management.

Composite Dos Attack Model

Directory of Open Access Journals (Sweden)

Simona Ramanauskaitė

2012-04-01

Full Text Available Preparation for potential threats is one of the most important phases ensuring system security. It allows evaluating possible losses, changes in the attack process, the effectiveness of used countermeasures, optimal system settings, etc. In cyber-attack cases, executing real experiments can be difficult for many reasons. However, mathematical or programming models can be used instead of conducting experiments in a real environment. This work proposes a composite denial of service attack model that combines bandwidth exhaustion, filtering and memory depletion models for a more real representation of similar cyber-attacks. On the basis of the introduced model, different experiments were done. They showed the main dependencies of the influence of attacker and victim’s properties on the success probability of denial of service attack. In the future, this model can be used for the denial of service attack or countermeasure optimization.

Cyber Security Analysis by Attack Trees for a Reactor Protection System

International Nuclear Information System (INIS)

Park, Gee-Yong; Lee, Cheol Kwon; Choi, Jong Gyun; Kim, Dong Hoon; Lee, Young Jun; Kwon, Kee-Choon

2008-01-01

As nuclear facilities are introducing digital systems, the cyber security becomes an emerging topic to be analyzed and resolved. The domestic and other nation's regulatory bodies notice this topic and are preparing an appropriate guidance. The nuclear industry where new construction or upgrade of I and C systems is planned is analyzing and establishing a cyber security. A risk-based analysis for the cyber security has been performed in the KNICS (Korea Nuclear I and C Systems) project where the cyber security analysis has been applied to a reactor protection system (RPS). In this paper, the cyber security analysis based on the attack trees is proposed for the KNICS RPS

IAEA puts cyber security in focus for nuclear facilities in 2015

International Nuclear Information System (INIS)

Shepherd, John

2015-01-01

Later in 2015 the International Atomic Energy Agency (IAEA) will convene a special conference to discuss computer security, in the wake of cyber attacks on global financial institutions and government agencies that were increasingly in the news. According to the IAEA, the prevalence of IT security incidents in recent years involving the Stuxnet malware 'demonstrated that nuclear facilities can be susceptible to cyber attack'. The IAEA said this and other events have significantly raised global concerns over potential vulnerabilities and the possibility of a cyber attack, or a joint cyber-physical attack, that could impact on nuclear security. The IAEA has correctly identified that the use of computers and other digital electronic equipment in physical protection systems at nuclear facilities, as well as in facility safety systems, instrumentation, information processing and communication, 'continues to grow and presents an ever more likely target for cyber attack'. The agency's Vienna conference, to be held in June, will review emerging trends in computer security and areas that may still need to be addressed. The meeting follows a declaration of ministers of IAEA member states in 2013 that called on the agency to help raise awareness of the growing threat of cyber attacks and their potential impact on nuclear security. The conference is being organised 'to foster international cooperation in computer security as an essential element of nuclear security', the IAEA said. Details of the IAEA's 'International Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange' are on the 'meetings' section of the agency's web site.

Terrorism and nuclear damage coverage

International Nuclear Information System (INIS)

Horbach, N. L. J. T.; Brown, O. F.; Vanden Borre, T.

2004-01-01

This paper deals with nuclear terrorism and the manner in which nuclear operators can insure themselves against it, based on the international nuclear liability conventions. It concludes that terrorism is currently not covered under the treaty exoneration provisions on 'war-like events' based on an analysis of the concept on 'terrorism' and travaux preparatoires. Consequently, operators remain liable for nuclear damage resulting from terrorist acts, for which mandatory insurance is applicable. Since nuclear insurance industry looks at excluding such insurance coverage from their policies in the near future, this article aims to suggest alternative means for insurance, in order to ensure adequate compensation for innocent victims. The September 11, 2001 attacks at the World Trade Center in New York City and the Pentagon in Washington, DC resulted in the largest loss in the history of insurance, inevitably leading to concerns about nuclear damage coverage, should future such assaults target a nuclear power plant or other nuclear installation. Since the attacks, some insurers have signalled their intentions to exclude coverage for terrorism from their nuclear liability and property insurance policies. Other insurers are maintaining coverage for terrorism, but are establishing aggregate limits or sublimits and are increasing premiums. Additional changes by insurers are likely to occur. Highlighted by the September 11th events, and most recently by those in Madrid on 11 March 2004, are questions about how to define acts of terrorism and the extent to which such are covered under the international nuclear liability conventions and various domestic nuclear liability laws. Of particular concern to insurers is the possibility of coordinated simultaneous attacks on multiple nuclear facilities. This paper provides a survey of the issues, and recommendations for future clarifications and coverage options.(author)

Heart Attack Recovery FAQs

Science.gov (United States)

... recommendations to make a full recovery. View an animation of a heart attack . Heart Attack Recovery Questions ... Support Network Popular Articles 1 Understanding Blood Pressure Readings 2 Sodium and Salt 3 Heart Attack Symptoms ...

Assessment And Testing of Industrial Devices Robustness Against Cyber Security Attacks

CERN Document Server

Tilaro, F

2011-01-01

CERN (European Organization for Nuclear Research),like any organization, needs to achieve the conflicting objectives of connecting its operational network to Internet while at the same time keeping its industrial control systems secure from external and internal cyber attacks. With this in mind, the ISA-99[0F1] international cyber security standard has been adopted at CERN as a reference model to define a set of guidelines and security robustness criteria applicable to any network device. Devices robustness represents a key link in the defense-in-depth concept as some attacks will inevitably penetrate security boundaries and thus require further protection measures. When assessing the cyber security robustness of devices we have singled out control system-relevant attack patterns derived from the well-known CAPEC[1F2] classification. Once a vulnerability is identified, it needs to be documented, prioritized and reproduced at will in a dedicated test environment for debugging purposes. CERN - in collaboration ...

Seven Deadliest Wireless Technologies Attacks

CERN Document Server

Haines, Brad

2010-01-01

How can an information security professional keep up with all of the hacks, attacks, and exploits? One way to find out what the worst of the worst are is to read the seven books in our Seven Deadliest Attacks Series. Not only do we let you in on the anatomy of these attacks but we also tell you how to get rid of them and how to defend against them in the future. Countermeasures are detailed so that you can fight against similar attacks as they evolve. Attacks featured in this book include:Bluetooth AttacksCredit Card, Access Card, and Passport AttacksBad Encryption

Practising of radiological emergency caused by a terrorist attack

International Nuclear Information System (INIS)

Racana, R.; Terrado, C.

2006-01-01

After the events of September 11, 2001 terrorist working has become an important factor in the forecasts to adopt in the face of the possibility of confronting different radiological emergencies. The not wanted events of exposure to ionizing radiations can take place by flaws of systems or accidents, or also by criminal voluntary actions. These malevolent actions can include attacks or sabotages in nuclear plants, detonation of manufactured nuclear devices or acquired under ground, robbery of radioactive sources to manufacture the calls dirty bombs or to cause damage, panic or threats. In the scenarios in that the radiological emergency is voluntarily provoked the moment and place of the attack are chosen by the aggressors, therefore the ionizing radiations will be in not prepared atmospheres neither equipped to the effect. This increases the confusion, the panic and the damage not only caused by the radiation effects but also by the uncertainty and consequent reactions. To diminish the effects of this type of threats it is necessary to make forecasts and to train the personnel that it can be direct or indirectly involved. During 2005, an exercise in which it was outlined the robbery by part of a group command of a source of Co 60 of 5000 Ci that it was transported to make a decanting in a medical center of The Pampa county, Argentina. It was about a cabinet exercise, planned and executed jointly among the Nuclear Regulatory Authority and the Secretary of Interior Safety, in which participated the professionals of the nuclear area that by law are the responsible ones of coordinating the actions in the event of an emergency of this type, and the safety forces that depend of the Secretary of Interior Safety, Federal and Provincial Policemen, Naval Prefecture and National Gendarmerie. The exercise last one day during which 9 main situations were approached that were unchained after having produced the attack and initial robbery. For each situation it was checked the

Blocking of Brute Force Attack

OpenAIRE

M.Venkata Krishna Reddy

2012-01-01

A common threat Web developers face is a password-guessing attack known as a brute-force attack. A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works. If your Web site requires user authentication, you are a good target for a brute-force attack. An attacker can always discover a password through a brute-force attack, but the downside is that it co...

Deterring and Dissuading Nuclear Terrorism

Directory of Open Access Journals (Sweden)

John J. Klein

2012-01-01

Full Text Available While nuclear deterrence theory may be well-suited to dealing with nuclear-armed states, its suitability for deterring nuclear terrorism has frequently been questioned since 9/11. While terrorist organizations do not necessarily act uniformly or according to the same underlying beliefs, many of the most aggressive organizations are motivated by an ideology that embraces martyrdom and an apocalyptic vision.1 This ideology may be based on religion or a desire to overthrow a government. Consequently, terrorists motivated by ideology who intend to use a stolen or improvised nuclear device against the United States or its interests may not care about the resulting military repercussions following a nuclear attack. In such a scenario, some strategists think a terrorist organization's leadership may prove "undeterrable" by traditional military means. Nevertheless, deterrence is still a critical element in U.S. national strategy to prevent a nuclear attack. Furthermore, deterrence combined with dissuasion works to reduce the likelihood of nuclear terrorism being used against the United States, while also mitigating the consequences should such an act actually occur.

IAEA puts cyber security in focus for nuclear facilities in 2015

Energy Technology Data Exchange (ETDEWEB)

Shepherd, John [nuclear 24, Brighton (United Kingdom)

2015-01-15

Later in 2015 the International Atomic Energy Agency (IAEA) will convene a special conference to discuss computer security, in the wake of cyber attacks on global financial institutions and government agencies that were increasingly in the news. According to the IAEA, the prevalence of IT security incidents in recent years involving the Stuxnet malware 'demonstrated that nuclear facilities can be susceptible to cyber attack'. The IAEA said this and other events have significantly raised global concerns over potential vulnerabilities and the possibility of a cyber attack, or a joint cyber-physical attack, that could impact on nuclear security. The IAEA has correctly identified that the use of computers and other digital electronic equipment in physical protection systems at nuclear facilities, as well as in facility safety systems, instrumentation, information processing and communication, 'continues to grow and presents an ever more likely target for cyber attack'. The agency's Vienna conference, to be held in June, will review emerging trends in computer security and areas that may still need to be addressed. The meeting follows a declaration of ministers of IAEA member states in 2013 that called on the agency to help raise awareness of the growing threat of cyber attacks and their potential impact on nuclear security. The conference is being organised 'to foster international cooperation in computer security as an essential element of nuclear security', the IAEA said. Details of the IAEA's 'International Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange' are on the 'meetings' section of the agency's web site.

Cyber Threats to Nuclear Infrastructures

Energy Technology Data Exchange (ETDEWEB)

Robert S. Anderson; Paul Moskowitz; Mark Schanfein; Trond Bjornard; Curtis St. Michel

2010-07-01

Nuclear facility personnel expend considerable efforts to ensure that their facilities can maintain continuity of operations against both natural and man-made threats. Historically, most attention has been placed on physical security. Recently however, the threat of cyber-related attacks has become a recognized and growing world-wide concern. Much attention has focused on the vulnerability of the electric grid and chemical industries to cyber attacks, in part, because of their use of Supervisory Control and Data Acquisition (SCADA) systems. Lessons learned from work in these sectors indicate that the cyber threat may extend to other critical infrastructures including sites where nuclear and radiological materials are now stored. In this context, this white paper presents a hypothetical scenario by which a determined adversary launches a cyber attack that compromises the physical protection system and results in a reduced security posture at such a site. The compromised security posture might then be malevolently exploited in a variety of ways. The authors conclude that the cyber threat should be carefully considered for all nuclear infrastructures.

Cyber Threats to Nuclear Infrastructures

International Nuclear Information System (INIS)

Anderson, Robert S.; Moskowitz, Paul; Schanfein, Mark; Bjornard, Trond; St. Michel, Curtis

2010-01-01

Nuclear facility personnel expend considerable efforts to ensure that their facilities can maintain continuity of operations against both natural and man-made threats. Historically, most attention has been placed on physical security. Recently however, the threat of cyber-related attacks has become a recognized and growing world-wide concern. Much attention has focused on the vulnerability of the electric grid and chemical industries to cyber attacks, in part, because of their use of Supervisory Control and Data Acquisition (SCADA) systems. Lessons learned from work in these sectors indicate that the cyber threat may extend to other critical infrastructures including sites where nuclear and radiological materials are now stored. In this context, this white paper presents a hypothetical scenario by which a determined adversary launches a cyber attack that compromises the physical protection system and results in a reduced security posture at such a site. The compromised security posture might then be malevolently exploited in a variety of ways. The authors conclude that the cyber threat should be carefully considered for all nuclear infrastructures.

Cyber Security Analysis by Attack Trees for a Reactor Protection System

Energy Technology Data Exchange (ETDEWEB)

Park, Gee-Yong; Lee, Cheol Kwon; Choi, Jong Gyun; Kim, Dong Hoon; Lee, Young Jun; Kwon, Kee-Choon [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

2008-10-15

As nuclear facilities are introducing digital systems, the cyber security becomes an emerging topic to be analyzed and resolved. The domestic and other nation's regulatory bodies notice this topic and are preparing an appropriate guidance. The nuclear industry where new construction or upgrade of I and C systems is planned is analyzing and establishing a cyber security. A risk-based analysis for the cyber security has been performed in the KNICS (Korea Nuclear I and C Systems) project where the cyber security analysis has been applied to a reactor protection system (RPS). In this paper, the cyber security analysis based on the attack trees is proposed for the KNICS RPS.

Solidarity under Attack

DEFF Research Database (Denmark)

Meret, Susi; Goffredo, Sergio

2017-01-01

https://www.opendemocracy.net/can-europe-make-it/susi-meret-sergio-goffredo/solidarity-under-attack......https://www.opendemocracy.net/can-europe-make-it/susi-meret-sergio-goffredo/solidarity-under-attack...

Attack surfaces

DEFF Research Database (Denmark)

Gruschka, Nils; Jensen, Meiko

2010-01-01

The new paradigm of cloud computing poses severe security risks to its adopters. In order to cope with these risks, appropriate taxonomies and classification criteria for attacks on cloud computing are required. In this work-in-progress paper we present one such taxonomy based on the notion...... of attack surfaces of the cloud computing scenario participants....

Defense against nuclear weapons: a decision analysis

International Nuclear Information System (INIS)

Orient, J.M.

1985-01-01

Response to the public health threat posed by nuclear weapons is a medical imperative. The United States, in contrast to other nations, has chosen a course that assures maximal casualties in the event of a nuclear attack, on the theory that prevention of the attack is incompatible with preventive measures against its consequences, such as blast injuries and radiation sickness. A decision analysis approach clarifies the risks and benefits of a change to a strategy of preparedness

Seven Deadliest Microsoft Attacks

CERN Document Server

Kraus, Rob; Borkin, Mike; Alpern, Naomi

2010-01-01

Do you need to keep up with the latest hacks, attacks, and exploits effecting Microsoft products? Then you need Seven Deadliest Microsoft Attacks. This book pinpoints the most dangerous hacks and exploits specific to Microsoft applications, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. Windows Operating System-Password AttacksActive Directory-Escalat

A nuclear insect appears

International Nuclear Information System (INIS)

Shin, Gi Hwal

1989-06-01

This book is dairy of a nuclear insect in A. F. era. It consists of 6 parts, which have fun pictures and titles. The contents are the letter that is sent the Homo sapiens by insect, exodus of nuclear insect F 100 years latter. The time that a nuclear insect is attacked in F 101, the time that a nuclear dinosaur is beat in AF 102, the time that a nuclear insect struggles in AF 104 and the time that a nuclear insect drifts in AF 104.

An Approach for Assessing Consequences of Potential Supply Chain and Insider Contributed Cyber Attacks on Nuclear Power Plants

Energy Technology Data Exchange (ETDEWEB)

Chu, Tsong-Lun [Brookhaven National Lab. (BNL), Upton, NY (United States); Varuttamaseni, Athi [Brookhaven National Lab. (BNL), Upton, NY (United States); Baek, Joo-Seok [Brookhaven National Lab. (BNL), Upton, NY (United States); Pepper, Susan [Brookhaven National Lab. (BNL), Upton, NY (United States)

2016-11-01

This paper provides an approach for developing potential attacks on I and C systems of NPPs and assessing their consequences. An important concept is that the NPPs were not designed to cope with Stuxnet-type of attacks (and any other cyber attacks). That is, the plants were only designed for design basis accidents. The safety margins and redundancies built in the design are all based on design basis accidents. They may be helpful in mitigating cyberattacks, but may not be adequate.

An Approach for Assessing Consequences of Potential Supply Chain and Insider Contributed Cyber Attacks on Nuclear Power Plants

International Nuclear Information System (INIS)

Chu, Tsong-Lun; Varuttamaseni, Athi; Baek, Joo-Seok; Pepper, Susan

2016-01-01

This paper provides an approach for developing potential attacks on I and C systems of NPPs and assessing their consequences. An important concept is that the NPPs were not designed to cope with Stuxnet-type of attacks (and any other cyber attacks). That is, the plants were only designed for design basis accidents. The safety margins and redundancies built in the design are all based on design basis accidents. They may be helpful in mitigating cyberattacks, but may not be adequate.

Major Cyber threat on Nuclear Facility and Key Entry Points of Malicious Codes

Energy Technology Data Exchange (ETDEWEB)

Shin, Ickhyun; Kwon, Kookheui [Korea Institute of Nuclear Nonproliferation and Control, Daejeon (Korea, Republic of)

2013-05-15

Cyber security incident explicitly shows that the domestic intra net system which is not connected to the Internet can be compromised by the USB based mal ware which was developed by the state-sponsored group. It also tells that the actor for cyber-attack has been changed from script kiddies to state's governments and the target has been changed to nation's main infrastructures such as electricity, transportation and etc. Since the cyber sabotage on nuclear facility has been proven to be possible and can be replicated again with same method, the cyber security on nuclear facility must be strengthened. In this paper, it is explained why the malicious code is the one of the biggest cyber threat in nuclear facility's digital I and C(Instrumentation and Controls) system by analyzing recent cyber attacks and well-known malicious codes. And a feasible cyber attack scenario on nuclear facility's digital I and C system is suggested along with some security measures for prevention of malicious code. As experienced from the cyber sabotage on Iranian nuclear facility in 2010, cyber attack on nuclear facility can be replicated by infecting the computer network with malicious codes. One of the cyber attack scenario on nuclear digital I and C computer network with using malicious code was suggested to help security manager establishing cyber security plan for prevention of malicious code. And some security measures on prevention of malicious code are also provided for reference.

Major Cyber threat on Nuclear Facility and Key Entry Points of Malicious Codes

International Nuclear Information System (INIS)

Shin, Ickhyun; Kwon, Kookheui

2013-01-01

Cyber security incident explicitly shows that the domestic intra net system which is not connected to the Internet can be compromised by the USB based mal ware which was developed by the state-sponsored group. It also tells that the actor for cyber-attack has been changed from script kiddies to state's governments and the target has been changed to nation's main infrastructures such as electricity, transportation and etc. Since the cyber sabotage on nuclear facility has been proven to be possible and can be replicated again with same method, the cyber security on nuclear facility must be strengthened. In this paper, it is explained why the malicious code is the one of the biggest cyber threat in nuclear facility's digital I and C(Instrumentation and Controls) system by analyzing recent cyber attacks and well-known malicious codes. And a feasible cyber attack scenario on nuclear facility's digital I and C system is suggested along with some security measures for prevention of malicious code. As experienced from the cyber sabotage on Iranian nuclear facility in 2010, cyber attack on nuclear facility can be replicated by infecting the computer network with malicious codes. One of the cyber attack scenario on nuclear digital I and C computer network with using malicious code was suggested to help security manager establishing cyber security plan for prevention of malicious code. And some security measures on prevention of malicious code are also provided for reference

Improving Insider Threat Training Awareness and Mitigation Programs at Nuclear Facilities.

Energy Technology Data Exchange (ETDEWEB)

Abbott, Shannon [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

2017-06-01

In recent years, insider threat programs have become an important aspect of nuclear security, and nuclear security training courses. However, many nuclear security insider threat programs fail to address the insider threat attack and monitoring potential that exists on information technology (IT) systems. This failure is critical because of the importance of information technology and networks in today’s world. IT systems offer an opportunity to perpetrate dangerous insider attacks, but they also present an opportunity to monitor for them and prevent them. This paper suggests a number of best practices for monitoring and preventing insider attacks on IT systems, and proposes the development of a new IT insider threat tabletop that can be used to help train nuclear security practitioners on how best to implement IT insider threat prevention best practices. The development of IT insider threat best practices and a practical tabletop exercise will allow nuclear security practitioners to improve nuclear security trainings as it integrates a critical part of insider threat prevention into the broader nuclear security system.

Whispering through DDoS attack

OpenAIRE

Miralem Mehic; Jiri Slachta; Miroslav Voznak

2016-01-01

Denial of service (DoS) attack is an attempt of the attacker to disable victim's machine by depleting network or computing resources. If this attack is performed with more than one machine, it is called distributed denial of service (DDoS) attack. Covert channels are those channels which are used for information transmission even though they are neither designed nor intended to transfer information at all. In this article, we investigated the possibility of using of DDoS attack for purposes o...

Cyberattack analysis through Malaysian Nuclear Agency experience as nuclear research center

International Nuclear Information System (INIS)

Mohd Dzul Aiman Aslan; Mohd Fauzi Haris; Saaidi Ismail; Nurbahyah Hamdan

2011-01-01

As a nuclear research center, Nuclear Malaysia is one of the Critical National Information Infrastructure (CNII) in the country. One of the easiest way to launch a malicious attack is through the online system, whether main web site or online services. Recently, we also under port scanning and hack attempts from various sources. This paper will discuss on analysis based on Nuclear Malaysia experience regarding these attempts which keep arising nowadays. (author)

Protecting Cryptographic Memory against Tampering Attack

DEFF Research Database (Denmark)

Mukherjee, Pratyay

In this dissertation we investigate the question of protecting cryptographic devices from tampering attacks. Traditional theoretical analysis of cryptographic devices is based on black-box models which do not take into account the attacks on the implementations, known as physical attacks. In prac......In this dissertation we investigate the question of protecting cryptographic devices from tampering attacks. Traditional theoretical analysis of cryptographic devices is based on black-box models which do not take into account the attacks on the implementations, known as physical attacks....... In practice such attacks can be executed easily, e.g. by heating the device, as substantiated by numerous works in the past decade. Tampering attacks are a class of such physical attacks where the attacker can change the memory/computation, gains additional (non-black-box) knowledge by interacting...... with the faulty device and then tries to break the security. Prior works show that generically approaching such problem is notoriously difficult. So, in this dissertation we attempt to solve an easier question, known as memory-tampering, where the attacker is allowed tamper only with the memory of the device...

Exploiting Hardware Vulnerabilities to Attack Embedded System Devices: a Survey of Potent Microarchitectural Attacks

Directory of Open Access Journals (Sweden)

Apostolos P. Fournaris

2017-07-01

Full Text Available Cyber-Physical system devices nowadays constitute a mixture of Information Technology (IT and Operational Technology (OT systems that are meant to operate harmonically under a security critical framework. As security IT countermeasures are gradually been installed in many embedded system nodes, thus securing them from many well-know cyber attacks there is a lurking danger that is still overlooked. Apart from the software vulnerabilities that typical malicious programs use, there are some very interesting hardware vulnerabilities that can be exploited in order to mount devastating software or hardware attacks (typically undetected by software countermeasures capable of fully compromising any embedded system device. Real-time microarchitecture attacks such as the cache side-channel attacks are such case but also the newly discovered Rowhammer fault injection attack that can be mounted even remotely to gain full access to a device DRAM (Dynamic Random Access Memory. Under the light of the above dangers that are focused on the device hardware structure, in this paper, an overview of this attack field is provided including attacks, threat directives and countermeasures. The goal of this paper is not to exhaustively overview attacks and countermeasures but rather to survey the various, possible, existing attack directions and highlight the security risks that they can pose to security critical embedded systems as well as indicate their strength on compromising the Quality of Service (QoS such systems are designed to provide.

Impacts of the Events on the 11. of September 2001 in the United States on Radiation Protection, the Nuclear Waste Management and the Nuclear Security in Germany

International Nuclear Information System (INIS)

Krumbach, H.; Steinmetz, H.J.; Odoj, R.

2009-01-01

This report describes the effects of the terrorist attacks of the 11 September 2001, when four airliners hijacked and crashed. These attacks take effects on radiation protection, nuclear disposal and nuclear safety in Germany. Some of the measures, which where taken after the September 11, 2001 in order to improve the safety of nuclear installations are presented in the following. The taken measures increasing security against terrorist attacks are also exemplarily described in this report. The examples include the introduction of new identity papers, which offer a higher security level as well as the prohibition of carrying liquids with more than 100 ml in the hand luggage. Also the human security measures taken by different companies since the attack happened are subject of the contribution. Due to the necessary confidentiality regarding the threat scenarios and the taken protective measures detailed descriptions of the measures in this report are limited. (authors)

Seven deadliest USB attacks

CERN Document Server

Anderson, Brian

2010-01-01

Do you need to keep up with the latest hacks, attacks, and exploits effecting USB technology? Then you need Seven Deadliest USB Attacks. This book pinpoints the most dangerous hacks and exploits specific to USB, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. Attacks detailed in this book include: USB Hacksaw USB Switchblade USB Based Virus/Malicous Code Launch USB Device Overflow RAMdum

Seven Deadliest Unified Communications Attacks

CERN Document Server

York, Dan

2010-01-01

Do you need to keep up with the latest hacks, attacks, and exploits effecting Unified Communications technology? Then you need Seven Deadliest Unified Communication Attacks. This book pinpoints the most dangerous hacks and exploits specific to Unified Communications, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. Attacks featured in this book include: UC Ecosystem Attacks Insecure Endpo

Invisible Trojan-horse attack.

Science.gov (United States)

Sajeed, Shihan; Minshull, Carter; Jain, Nitin; Makarov, Vadim

2017-08-21

We demonstrate the experimental feasibility of a Trojan-horse attack that remains nearly invisible to the single-photon detectors employed in practical quantum key distribution (QKD) systems, such as Clavis2 from ID Quantique. We perform a detailed numerical comparison of the attack performance against Scarani-Ac´ın-Ribordy-Gisin (SARG04) QKD protocol at 1924 nm versus that at 1536 nm. The attack strategy was proposed earlier but found to be unsuccessful at the latter wavelength, as reported in N. Jain et al., New J. Phys. 16, 123030 (2014). However at 1924 nm, we show experimentally that the noise response of the detectors to bright pulses is greatly reduced, and show by modeling that the same attack will succeed. The invisible nature of the attack poses a threat to the security of practical QKD if proper countermeasures are not adopted.

Conduct of Occupational Health During Major Disasters: A Comparison of Literature on Occupational Health Issues in the World Trade Center Terrorist Attack and the Fukushima Nuclear Power Plant Accident.

Science.gov (United States)

Toyoda, Hiroyuki; Mori, Koji

2017-01-01

Workers who respond to large-scale disasters can be exposed to health hazards that do not exist in routine work. It is assumed that learning from past cases is effective for preparing for and responding to such problems, but published information is still insufficient. Accordingly, we conducted a literature review about the health issues and occupational health activities at the World Trade Center (WTC) terrorist attack and at the Fukushima Nuclear Power Plant accident to investigate how occupational health activities during disasters should be conducted. Seven studies about the WTC attack were extracted and categorized into the following topics: "in relation to emergency systems including occupational health management"; "in relation to improvement and prevention of health effects and occupational hygiene"; and "in relation to care systems aimed at mitigating health effects." Studies about the Fukushima Nuclear Power Plant accident have been used in a previous review. We conclude that, to prevent health effects in workers who respond to large-scale disasters, it is necessary to incorporate occupational health regulations into the national response plan, and to develop practical support functions that enable support to continue for an extended period, training systems for workers with opportunities to report accidents, and care systems to mitigate the health effects.

Terrorist threats of nuclear facilities

International Nuclear Information System (INIS)

Jozsef Solymosi; Jozser Ronaky; Zoltan Levai; Arpad Vincze; Laszlo Foldi

2004-01-01

More than one year has passed since the terrible terrorist attacks against the United States. The tragic event fundamentally restructured our security policy approach and made requirements of countering terrorism a top priority of the 21st century. In one year a lot of studies were published and the majority of them analyses primarily the beginnings of terrorism then focus on the interrelations of causes and consequences of the attacks against the WTC. In most of the cases the authors can only put their questions most of which have remained unanswered to date. Meanwhile, in a short while after the attacks the secret assessments of threat levels of potential targets and areas were also prepared. One of the high priority fields is the issue of nuclear, biological, and chemical security, in short NBC-security. Here and now we focus on component N, that is the assessment techniques of nuclear security in short, without aiming at completeness. Our definite objective is to make non-expert readers understand - and present a concrete example as it is done in risk analysis - the real danger-level of nuclear facilities and especially the terrorist threat. Our objective is not to give tips to terrorists but to provide them with deterring arguments and at the same time calm worried people. In our communique we give an overview of international practice of nuclear antiterrorism and of preventive nuclear protection in Hungary. (author)

Social networking-based simulations for nuclear security: Strategy assessment following nuclear cyber terror on South Korean nuclear power plants (NPPs)

International Nuclear Information System (INIS)

Woo, Tae Ho; Kwak, Sang Man

2015-01-01

Highlights: • The cyber terror modeling is made by the social networking algorithm. • This is applicable by the social networking service (SNS). • Security of nuclear industry could be controlled by the network theory. • Newly developed complex algorithm can be introduced. • Simplified graphics show the operator easily. - Abstract: Nuclear energy has been studied for the secure power productions, which is based on the simulation study following the incident of nuclear cyber terror attack on South Korean nuclear power plants (NPPs). The social networking is used for the terror incident modeling and its prevention strategies. The nuclear industry could be investigated in the aspect of minimizing the dangerous situations caused by possible terror attacks which are considered by the society oriented connectivity among the related people or groups. The social networking circle by system dynamics diagram (SNCSD) is constructed, where the configuration of a model social networking example by system dynamics (SD) is applied. From A to H regions, the values are obtained by the random numbers incorporated with the designed algorithms. The results show the comparative values of terror possibilities which are based on the proposed social networking algorithm. It is possible to prepare for potential terrorism in the nuclear industry

Whispering through DDoS attack

Directory of Open Access Journals (Sweden)

Miralem Mehic

2016-03-01

Full Text Available Denial of service (DoS attack is an attempt of the attacker to disable victim's machine by depleting network or computing resources. If this attack is performed with more than one machine, it is called distributed denial of service (DDoS attack. Covert channels are those channels which are used for information transmission even though they are neither designed nor intended to transfer information at all. In this article, we investigated the possibility of using of DDoS attack for purposes of hiding data or concealing the existing covert channel. In addition, in this paper we analyzed the possibility of detection of such covert communication with the well-known statistical method. Also, we proposed the coordination mechanisms of the attack which may be used. A lot of research has been done in order to describe and prevent DDoS attacks, yet research on steganography on this field is still scarce.

Heart attack - discharge

Science.gov (United States)

... and lifestyle Cholesterol - drug treatment Controlling your high blood pressure Deep vein thrombosis - discharge Dietary fats explained Fast food tips Heart attack - discharge Heart attack - what to ask your doctor Heart bypass ... pacemaker - discharge High blood pressure - what to ask your doctor How to read ...

Attack Trees for Practical Security Assessment: Ranking of Attack Scenarios with ADTool 2.0

NARCIS (Netherlands)

Gadyatskaya, Olga; Jhawar, Ravi; Kordy, P.T.; Lounis, Karim; Mauw, Sjouke; Trujillo-Rasua, Rolando

2016-01-01

In this tool demonstration paper we present the ADTool2.0: an open-source software tool for design, manipulation and analysis of attack trees. The tool supports ranking of attack scenarios based on quantitative attributes entered by the user; it is scriptable; and it incorporates attack trees with

Some aspects of nuclear power plant safety under war conditions

International Nuclear Information System (INIS)

Stritar, A.; Mavko, B.; Susnik, J.; Sarler, B.

1993-01-01

In the summer of 1991, the Krsko nuclear power plant in Slovenia found itself in an area of military operations. This was probably the first commercial nuclear power plant to have been threatened by an attack by fighter jets. A number of never-before-asked questions had to be answered by the operating staff and supporting organizations. Some aspects of nuclear power plant safety under war conditions are described, such as the selection of the best plant operating state before the attack and the determination of plant system vulnerability and dose releases from the potentially damaged spent fuel in the spent-fuel pit. The best operating mode to which the plant should be brought before the attack is cold shutdown, and radiological consequences to the environment after the spent fuel is damaged and the water in the pit is lost are not very high. The problem of nuclear power plant safety under war conditions should be addressed in more detail in the future

Nuclear re-think [The case for nuclear energy

International Nuclear Information System (INIS)

Moore, P.

2006-01-01

In the early 1970s, Patrick Moore, a co-founder of Greenpeace, believed that nuclear energy was synonymous with nuclear holocaust. Thirty years on, his views have changed because nuclear energy is the only non-greenhouse-gas-emitting power source that can effectively replace fossil fuels while satisfying the world's increasing demand for energy. Today, 441 nuclear plants operating globally avoid the release of nearly 3 billion tonnes of CO 2 emissions annually-the equivalent of the exhaust from more than 428 million cars. Concerns associated with nuclear energy are discussed including costs of nuclear energy, safety of nuclear plants, radioactive waste management, vulnerability of nuclear plants to terrorist attacks and diversion of nuclear fuel for weaponization. It is concluded that nuclear energy is the best way to produce safe, clean, reliable baseload electricity, and will play a key role in achieving global energy security. With climate change at the top of the international agenda, we must all do our part to encourage a nuclear energy renaissance

The work-averse cyber attacker model : theory and evidence from two million attack signatures

NARCIS (Netherlands)

Allodi, L.; Massacci, F.; Williams, J.

The typical cyber attacker is assumed to be all powerful and to exploit all possible vulnerabilities. In this paper we present, and empirically validate, a novel and more realistic attacker model. The intuition of our model is that an attacker will optimally choose whether to act and weaponize a new

Physicians cannot prepare for nuclear disaster

International Nuclear Information System (INIS)

Geiger, H.J.

1985-01-01

In this paper, the author argues that medical preparations for nuclear war are futile. Not only would few physicians survive a nuclear attack, but these physicians would have the impossible task of caring for hundreds of thousands of injured and dying victims

Web server attack analyzer

OpenAIRE

Mižišin, Michal

2013-01-01

Web server attack analyzer - Abstract The goal of this work was to create prototype of analyzer of injection flaws attacks on web server. Proposed solution combines capabilities of web application firewall and web server log analyzer. Analysis is based on configurable signatures defined by regular expressions. This paper begins with summary of web attacks, followed by detection techniques analysis on web servers, description and justification of selected implementation. In the end are charact...

Network Protection Against DDoS Attacks

Directory of Open Access Journals (Sweden)

Petr Dzurenda

2015-03-01

Full Text Available The paper deals with possibilities of the network protection against Distributed Denial of Service attacks (DDoS. The basic types of DDoS attacks and their impact on the protected network are presented here. Furthermore, we present basic detection and defense techniques thanks to which it is possible to increase resistance of the protected network or device against DDoS attacks. Moreover, we tested the ability of current commercial Intrusion Prevention Systems (IPS, especially Radware DefensePro 6.10.00 product against the most common types of DDoS attacks. We create five scenarios that are varied in type and strength of the DDoS attacks. The attacks intensity was much greater than the normal intensity of the current DDoS attacks.

Attack Tree Generation by Policy Invalidation

DEFF Research Database (Denmark)

Ivanova, Marieta Georgieva; Probst, Christian W.; Hansen, Rene Rydhof

2015-01-01

through brainstorming of experts. In this work we formalize attack tree generation including human factors; based on recent advances in system models we develop a technique to identify possible attacks analytically, including technical and human factors. Our systematic attack generation is based......Attacks on systems and organisations increasingly exploit human actors, for example through social engineering, complicating their formal treatment and automatic identification. Formalisation of human behaviour is difficult at best, and attacks on socio-technical systems are still mostly identified...... on invalidating policies in the system model by identifying possible sequences of actions that lead to an attack. The generated attacks are precise enough to illustrate the threat, and they are general enough to hide the details of individual steps....

Terrorists and Suicide Attacks

National Research Council Canada - National Science Library

Cronin, Audrey K

2003-01-01

Suicide attacks by terrorist organizations have become more prevalent globally, and assessing the threat of suicide attacks against the United States and its interests at home and abroad has therefore...

Banning nuclear power at sea

International Nuclear Information System (INIS)

Handler, J.

1993-01-01

This article argues that now that the East-West conflict is over, nuclear-powered vessels should be retired. Nuclear-powered ships and submarines lack military missions, are expensive to build and operate, generate large amounts of long-lived deadly nuclear waste from their normal operations and when they are decommissioned, and are subject to accidents or deliberate attack which can result in the sinking of nuclear reactors and the release of radiation. With the costs of nuclear-powered vessels mounting, the time has come to ban nuclear power at sea. (author)

Stochastic Model of TCP SYN Attacks

Directory of Open Access Journals (Sweden)

Simona Ramanauskaitė

2011-08-01

Full Text Available A great proportion of essential services are moving into internet space making the threat of DoS attacks even more actual. To estimate the real risk of some kind of denial of service (DoS attack in real world is difficult, but mathematical and software models make this task easier. In this paper we overview the ways of implementing DoS attack models and offer a stochastic model of SYN flooding attack. It allows evaluating the potential threat of SYN flooding attacks, taking into account both the legitimate system flow as well as the possible attack power. At the same time we can assess the effect of such parameters as buffer capacity, open connection storage in the buffer or filte­ring efficiency on the success of different SYN flooding attacks. This model can be used for other type of memory depletion denial of service attacks.Article in Lithuanian

Attack Trees with Sequential Conjunction

NARCIS (Netherlands)

Jhawar, Ravi; Kordy, Barbara; Mauw, Sjouke; Radomirović, Sasa; Trujillo-Rasua, Rolando

2015-01-01

We provide the first formal foundation of SAND attack trees which are a popular extension of the well-known attack trees. The SAND at- tack tree formalism increases the expressivity of attack trees by intro- ducing the sequential conjunctive operator SAND. This operator enables the modeling of

Heart attack first aid

Science.gov (United States)

First aid - heart attack; First aid - cardiopulmonary arrest; First aid - cardiac arrest ... A heart attack occurs when the blood flow that carries oxygen to the heart is blocked. The heart muscle ...

Investigating the Possibility to Individualize Asthma Attack Therapy Based on Attack Severity and Patient Characteristics

Directory of Open Access Journals (Sweden)

Sárkány Zoltán

2016-03-01

Full Text Available Introduction: The objective of this study was to investigate with the help of a computerized simulation model whether the treatment of an acute asthma attack can be individualized based on the severity of the attack and the characteristics of the patient. Material and Method: A stochastic lung model was used to simulate the deposition of 1 nm - 10 μm particles during a mild and a moderate asthma attack. Breathing parameters were varied to maximize deposition, and simulation results were compared with those obtained in the case of a severe asthma attack. In order to investigate the effect of height on the deposition of inhaled particles, another series of simulations was carried out with identical breathing parameters, comparing patient heights of 155 cm, 175 cm and 195 cm. Results: The optimization process yielded an increase in the maximum deposition values of around 6-7% for each type of investigated asthma attack, and the difference between attacks of different degree of severity was around 5% for both the initial and the optimized values, a higher degree of obstruction increasing the amount of deposited particles. Conclusions: Our results suggest that the individualization of asthma attack treatment cannot be based on particles of different size, as the highest deposited fraction in all three types of attacks can be obtained using 0.01 μm particles. The use of a specific set of breathing parameters yields a difference between a mild and a moderate, as well as a moderate and a severe asthma attack of around 5%.

Analytical Characterization of Internet Security Attacks

Science.gov (United States)

Sellke, Sarah H.

2010-01-01

Internet security attacks have drawn significant attention due to their enormously adverse impact. These attacks includes Malware (Viruses, Worms, Trojan Horse), Denial of Service, Packet Sniffer, and Password Attacks. There is an increasing need to provide adequate defense mechanisms against these attacks. My thesis proposal deals with analytical…

Radiological preparedness in the case of a terrorist attack or an accident

International Nuclear Information System (INIS)

Cizmek, A.

2005-01-01

During the Cold War, every information about weapons of mass destruction was treated as top secret, regardless of whether the information concerned friend or foe. The most serious threat in our post Cold War era are terrorist radiological dispersal devices. Dirty nukes are what you may choose to build if you're unable to create a real nuclear bomb, i.e. one whose explosion is based on a nuclear reaction. A dirty bomb is a conventional explosive salted with radioactive isotopes in order to spew out that nuclear material and contaminate a wide area. The military usefulness of such devices have always been in dispute. In fact, the TNT in such a bomb may still be more dangerous than the nuclear material. Its destructive power would really depend on the size of the conventional bomb, and the volume and nature of nuclear material. This paper addresses the possibilities of decontamination and preparedness in the case of a terrorist attack or accident.(author)

Anger attacks in obsessive compulsive disorder

Directory of Open Access Journals (Sweden)

Nitesh Prakash Painuly

2011-01-01

Full Text Available Background: Research on anger attacks has been mostly limited to depression, and only a few studies have focused on anger attacks in obsessive compulsive disorder. Materials and Methods: In a cross-sectional study all new obsessive compulsive disorder patients aged 20-60 years attending an outpatient clinic were assessed using the anger attack questionnaire, irritability, depression and anxiety scale (for the direction of the aggressive behavior and quality of life (QOL. Results: The sample consisted of 42 consecutive subjects with obsessive compulsive disorder, out of which 21 (50% had anger attacks. The obsessive compulsive disorder subjects with and without anger attacks did not show significant differences in terms of sociodemographic variables, duration of illness, treatment, and family history. However, subjects with anger attacks had significantly higher prevalence of panic attacks and comorbid depression. Significantly more subjects with anger attacks exhibited aggressive acts toward spouse, parents, children, and other relatives in the form of yelling and threatening to hurt, trying to hurt, and threatening to leave. However, the two groups did not differ significantly in terms of QOL, except for the psychological domain being worse in the subjects with anger attacks. Conclusion: Anger attacks are present in half of the patients with obsessive compulsive disorder, and they correlate with the presence of comorbid depression.

Cyber-security: industrials must stop denying the risk of cyber-attacks

International Nuclear Information System (INIS)

Hausermann, L.

2015-01-01

The risk of cyber-attacks of industrial sites is real. Recently the Anvers port and the Bakou-Tbilissi-Ceyhan pipeline have been attacked. In both cases hackers succeeded: they were able to track sea containers in which drug was concealed and recover it in the Anvers port and in the case of the pipeline the hackers took control of the control system and were able to trigger a huge explosion by shunning security systems and allowing damaging pressure surges. The massive use of digital systems and of automated systems in various industrial sectors has led to huge network of inter-connected smart devices whose purpose is not to process data but to monitor and control. All these devices and equipment are controlled by software whose weaknesses and fault lines multiply the risk of cyber-attacks even for 'closed' networks. While the total hacking of a nuclear power plant is highly unlikely, real threats exist and must be taken into account. Innovative solutions based on the mapping of the fluxes of the system and combined with an inventory of all its weaknesses may pave the way towards cyber-security. (A.C.)

Seven Deadliest Social Network Attacks

CERN Document Server

Timm, Carl

2010-01-01

Do you need to keep up with the latest hacks, attacks, and exploits effecting social networks? Then you need Seven Deadliest Social Network Attacks. This book pinpoints the most dangerous hacks and exploits specific to social networks like Facebook, Twitter, and MySpace, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. Attacks detailed in this book include: Social Networking Infrastruct

Pericarditis - after heart attack

Science.gov (United States)

... include: A previous heart attack Open heart surgery Chest trauma A heart attack that has affected the thickness of your heart muscle Symptoms Symptoms include: Anxiety Chest pain from the swollen pericardium rubbing on the ...

The art of survival after an atomic attack

International Nuclear Information System (INIS)

Haarland, C.M.; Chester, C.V.; Wigner, E.P.

1978-01-01

Carsten M. Haarland, Conrad V. Chester and Eugene P. Wigner have been appointed by the American civil protection service to look into the question of how one may protect the providently evacuated population and supply the latter with food, water and other essential goods after a nuclear attack on military and industrial targets, as well as on living areas. The report of the three US scientists is over 200 pages long. Extracts from the concluding chapter are given here whose translation first appeared in the information leaflet Nr. 268/77 of the International Organisation for Civil Defence, Geneva. (orig.) [de

The Vulnerability of Nuclear Facilities to Cyber Attack; Strategic Insights: Spring 2010

OpenAIRE

Kesler, Brent

2011-01-01

This article appeared in Strategic Insights, Spring 2011 In June 2010, U.S. Senators Susan Collins, Joseph Lieberman, and Tom Carper introduced the Protecting Cyberspace as a National Asset Act. One of its many aims is to protect critical infrastructures in the United States from cyber attack. In January 2011, Brandon Milhorn, staff director of the Senate Homeland Security and Governmental Affairs Committee, defended the bill, saying that it would prevent a hacker from opening ...

WILD PIG ATTACKS ON HUMANS

Energy Technology Data Exchange (ETDEWEB)

Mayer, J.

2013-04-12

Attacks on humans by wild pigs (Sus scrofa) have been documented since ancient times. However, studies characterizing these incidents are lacking. In an effort to better understand this phenomenon, information was collected from 412 wild pig attacks on humans. Similar to studies of large predator attacks on humans, data came from a variety of sources. The various attacks compiled occurred in seven zoogeographic realms. Most attacks occurred within the species native range, and specifically in rural areas. The occurrence was highest during the winter months and daylight hours. Most happened under non-hunting circumstances and appeared to be unprovoked. Wounded animals were the chief cause of these attacks in hunting situations. The animals involved were typically solitary, male and large in size. The fate of the wild pigs involved in these attacks varied depending upon the circumstances, however, most escaped uninjured. Most human victims were adult males traveling on foot and alone. The most frequent outcome for these victims was physical contact/mauling. The severity of resulting injuries ranged from minor to fatal. Most of the mauled victims had injuries to only one part of their bodies, with legs/feet being the most frequent body part injured. Injuries were primarily in the form of lacerations and punctures. Fatalities were typically due to blood loss. In some cases, serious infections or toxemia resulted from the injuries. Other species (i.e., pets and livestock) were also accompanying some of the humans during these attacks. The fates of these animals varied from escaping uninjured to being killed. Frequency data on both non-hunting and hunting incidents of wild pig attacks on humans at the Savannah River Site, South Carolina, showed quantitatively that such incidents are rare.

Cache timing attacks on recent microarchitectures

DEFF Research Database (Denmark)

Andreou, Alexandres; Bogdanov, Andrey; Tischhauser, Elmar Wolfgang

2017-01-01

Cache timing attacks have been known for a long time, however since the rise of cloud computing and shared hardware resources, such attacks found new potentially devastating applications. One prominent example is S$A (presented by Irazoqui et al at S&P 2015) which is a cache timing attack against...... AES or similar algorithms in virtualized environments. This paper applies variants of this cache timing attack to Intel's latest generation of microprocessors. It enables a spy-process to recover cryptographic keys, interacting with the victim processes only over TCP. The threat model is a logically...... separated but CPU co-located attacker with root privileges. We report successful and practically verified applications of this attack against a wide range of microarchitectures, from a two-core Nehalem processor (i5-650) to two-core Haswell (i7-4600M) and four-core Skylake processors (i7-6700). The attack...

Nonlinear analysis of NPP safety against the aircraft attack

International Nuclear Information System (INIS)

Králik, Juraj; Králik, Juraj

2016-01-01

The paper presents the nonlinear probabilistic analysis of the reinforced concrete buildings of nuclear power plant under the aircraft attack. The dynamic load is defined in time on base of the airplane impact simulations considering the real stiffness, masses, direction and velocity of the flight. The dynamic response is calculated in the system ANSYS using the transient nonlinear analysis solution method. The damage of the concrete wall is evaluated in accordance with the standard NDRC considering the spalling, scabbing and perforation effects. The simple and detailed calculations of the wall damage are compared.

Nonlinear analysis of NPP safety against the aircraft attack

Energy Technology Data Exchange (ETDEWEB)

Králik, Juraj, E-mail: juraj.kralik@stuba.sk [Faculty of Civil Engineering, STU in Bratislava, Radlinského 11, 813 68 Bratislava (Slovakia); Králik, Juraj, E-mail: kralik@fa.stuba.sk [Faculty of Architecture, STU in Bratislava, Námestie Slobody 19, 812 45 Bratislava (Slovakia)

2016-06-08

The paper presents the nonlinear probabilistic analysis of the reinforced concrete buildings of nuclear power plant under the aircraft attack. The dynamic load is defined in time on base of the airplane impact simulations considering the real stiffness, masses, direction and velocity of the flight. The dynamic response is calculated in the system ANSYS using the transient nonlinear analysis solution method. The damage of the concrete wall is evaluated in accordance with the standard NDRC considering the spalling, scabbing and perforation effects. The simple and detailed calculations of the wall damage are compared.

Families and the prospect of nuclear attack/holocaust

Energy Technology Data Exchange (ETDEWEB)

Marciano, T.; Sussman, M.B.

1986-01-01

This volume addresses the issues attending the continuing threat of a nuclear holocaust and the effect this threat has on the behavior of families. It examines topics such as denial, involvement in community program social movements and other political actions.

The Cyber-Physical Attacker

DEFF Research Database (Denmark)

Vigo, Roberto

2012-01-01

The world of Cyber-Physical Systems ranges from industrial to national interest applications. Even though these systems are pervading our everyday life, we are still far from fully understanding their security properties. Devising a suitable attacker model is a crucial element when studying...... the security properties of CPSs, as a system cannot be secured without defining the threats it is subject to. In this work an attacker scenario is presented which addresses the peculiarities of a cyber-physical adversary, and we discuss how this scenario relates to other attacker models popular in the security...

Forensics Investigation of Web Application Security Attacks

OpenAIRE

Amor Lazzez; Thabet Slimani

2015-01-01

Nowadays, web applications are popular targets for security attackers. Using specific security mechanisms, we can prevent or detect a security attack on a web application, but we cannot find out the criminal who has carried out the security attack. Being unable to trace back an attack, encourages hackers to launch new attacks on the same system. Web application forensics aims to trace back and attribute a web application security attack to its originator. This may significantly reduce the sec...

The threat of nuclear terrorism: from analysis to precautionary measures

International Nuclear Information System (INIS)

Schneider, M.

2003-01-01

Facing the nuclear terrorism risk, this document analyzes the nature of the threat of nuclear terrorism, the risk of attack on nuclear installations, the limited protection of nuclear installations against aircraft crashes, the case of nuclear reprocessing plants, the case of nuclear transport and proposes measures which should be taken without endangering the foundations of democracy. (A.L.B.)

The threat of nuclear terrorism: from analysis to precautionary measures

Energy Technology Data Exchange (ETDEWEB)

Schneider, M

2003-07-01

Facing the nuclear terrorism risk, this document analyzes the nature of the threat of nuclear terrorism, the risk of attack on nuclear installations, the limited protection of nuclear installations against aircraft crashes, the case of nuclear reprocessing plants, the case of nuclear transport and proposes measures which should be taken without endangering the foundations of democracy. (A.L.B.)

Adaptive cyber-attack modeling system

Science.gov (United States)

Gonsalves, Paul G.; Dougherty, Edward T.

2006-05-01

The pervasiveness of software and networked information systems is evident across a broad spectrum of business and government sectors. Such reliance provides an ample opportunity not only for the nefarious exploits of lone wolf computer hackers, but for more systematic software attacks from organized entities. Much effort and focus has been placed on preventing and ameliorating network and OS attacks, a concomitant emphasis is required to address protection of mission critical software. Typical software protection technique and methodology evaluation and verification and validation (V&V) involves the use of a team of subject matter experts (SMEs) to mimic potential attackers or hackers. This manpower intensive, time-consuming, and potentially cost-prohibitive approach is not amenable to performing the necessary multiple non-subjective analyses required to support quantifying software protection levels. To facilitate the evaluation and V&V of software protection solutions, we have designed and developed a prototype adaptive cyber attack modeling system. Our approach integrates an off-line mechanism for rapid construction of Bayesian belief network (BN) attack models with an on-line model instantiation, adaptation and knowledge acquisition scheme. Off-line model construction is supported via a knowledge elicitation approach for identifying key domain requirements and a process for translating these requirements into a library of BN-based cyber-attack models. On-line attack modeling and knowledge acquisition is supported via BN evidence propagation and model parameter learning.

Predicting Factors of Zone 4 Attack in Volleyball.

Science.gov (United States)

Costa, Gustavo C; Castro, Henrique O; Evangelista, Breno F; Malheiros, Laura M; Greco, Pablo J; Ugrinowitsch, Herbert

2017-06-01

This study examined 142 volleyball games of the Men's Super League 2014/2015 seasons in Brazil from which we analyzed 24-26 games of each participating team, identifying 5,267 Zone 4 attacks for further analysis. Within these Zone 4 attacks, we analyzed the association between the effect of the attack carried out and the separate effects of serve reception, tempo and type of attack. We found that the reception, tempo of attack, second tempo of attack, and power of diagonal attack were predictors of the attack effect in Zone 4. Moreover, placed attacks showed a tendency to not yield a score. In conclusion, winning points in high-level men's volleyball requires excellent receptions, a fast attack tempo and powerfully executed of attacks.

No-first-use pledge is a key step for progress in nuclear disarmament

International Nuclear Information System (INIS)

Wu Jun

1999-01-01

At present, nuclear weapons play a less important role globally. People know that nuclear war cannot happen, because no one could win since no one could make a nuclear attack without experiencing a retaliatory strike. But the US strategy has changed little since the Cold War era. The Nuclear Posture Review undertaken by the Clinton Administration concluded that all three legs of the strategic triad should continue to operate, but did not address the future and utility of the nuclear force in the long term. In 1996, the five nuclear weapon states separately pledged that they will not use nuclear weapons to attack the nonnuclear weapon countries. But this is only the first step of Non-first-use Pledge (NFUP)

Attack Potential Evaluation in Desktop and Smartphone Fingerprint Sensors: Can They Be Attacked by Anyone?

Directory of Open Access Journals (Sweden)

Ines Goicoechea-Telleria

2018-01-01

Full Text Available The use of biometrics keeps growing. Every day, we use biometric recognition to unlock our phones or to have access to places such as the gym or the office, so we rely on the security manufacturers offer when protecting our privileges and private life. It is well known that it is possible to hack into a fingerprint sensor using fake fingers made of Play-Doh and other easy-to-obtain materials but to what extent? Is this true for all users or only for specialists with a deep knowledge on biometrics? Are smartphone fingerprint sensors as reliable as desktop sensors? To answer these questions, we performed 3 separate evaluations. First, we evaluated 4 desktop fingerprint sensors of different technologies by attacking them with 7 different fake finger materials. All of them were successfully attacked by an experienced attacker. Secondly, we carried out a similar test on 5 smartphones with embedded sensors using the most successful materials, which also hacked the 5 sensors. Lastly, we gathered 15 simulated attackers with no background in biometrics to create fake fingers of several materials, and they had one week to attack the fingerprint sensors of the same 5 smartphones, with the starting point of a short video with the techniques to create them. All 5 smartphones were successfully attacked by an inexperienced attacker. This paper will provide the results achieved, as well as an analysis on the attack potential of every case. All results are given following the metrics of the standard ISO/IEC 30107-3.

Public health preparedness and response to a radiological terrorist attack

International Nuclear Information System (INIS)

Yamaguchi, Ichiro

2016-01-01

Given the potential for intentional malevolent acts, the security of radioactive sources should be ensured. In the event of a terrorist attack using a radioactive source, we should care not only about health concerns of victims, especially including first responders who suffer from radiation injury, but also public health activities with affected people during the long recovery phase. Regarding the radiological public health viewpoint, preventive efforts are also important. In fact, regulatory reform is progressing in Japan according to the code of conduct issued by IAEA. One of the difficulties of countermeasures for the security of radioactive sources in Japan is to establish a disposal facility for disused sealed radioactive sources, since radioactive waste has been additionally a point of contention in society since the nuclear disaster. This paper presents an overview of countermeasures for terrorist attacks using a radioactive source, from the viewpoint of public health in Japan including the results of survey targeted hospitals equipped with blood irradiation machines. (author)

Managing burn victims of suicide bombing attacks: outcomes, lessons learnt, and changes made from three attacks in Indonesia.

Science.gov (United States)

Chim, Harvey; Yew, Woon Si; Song, Colin

2007-01-01

Terror attacks in Southeast Asia were almost nonexistent until the 2002 Bali bomb blast, considered the deadliest attack in Indonesian history. Further attacks in 2003 (Jakarta), 2004 (Jakarta), and 2005 (Bali) have turned terrorist attacks into an ever-present reality. The authors reviewed medical charts of victims evacuated to the Singapore General Hospital (SGH) Burns Centre during three suicide attacks involving Bali (2002 and 2005) and the Jakarta Marriott hotel (2003). Problems faced, lessons learnt, and costs incurred are discussed. A burns disaster plan drawing on lessons learnt from these attacks is presented. Thirty-one patients were treated at the SGH Burns Centre in three attacks (2002 Bali attack [n = 15], 2003 Jakarta attack [n = 14], and 2005 Bali attack [n = 2]). For the 2002 Bali attack, median age was 29 years (range 20 to 50 years), median percentage of total burn surface area (TBSA) was 29% (range 5% to 55%), and median abbreviated burn severity index (ABSI) was 6 (range 3 to 10). Eight of 15 patients were admitted to the intensive care unit. For the 2003 Jakarta attack, median age was 35 years (range 24 to 56 years), median percentage of TBSA was 10% (range 2% to 46%), and median ABSI was 4 (range 3 to 9). A large number of patients had other injuries. Problems faced included manpower issues, lack of bed space, shortage of blood products, and lack of cadaver skin. The changing nature of terror attacks mandates continued vigilance and disaster preparedness. The multidimensional burns patient, complicated by other injuries, is likely to become increasingly common. A burns disaster plan with emphasis on effective command, control, and communication as well as organisation of health care personnel following a 'team concept' will do much to ensure that the sudden onset of a crisis situation at an unexpected time does not overwhelm hospital manpower and resources.

Overview of DOS attacks on wireless sensor networks and experimental results for simulation of interference attacks

Directory of Open Access Journals (Sweden)

Željko Gavrić

2018-01-01

Full Text Available Wireless sensor networks are now used in various fields. The information transmitted in the wireless sensor networks is very sensitive, so the security issue is very important. DOS (denial of service attacks are a fundamental threat to the functioning of wireless sensor networks. This paper describes some of the most common DOS attacks and potential methods of protection against them. The case study shows one of the most frequent attacks on wireless sensor networks – the interference attack. In the introduction of this paper authors assume that the attack interference can cause significant obstruction of wireless sensor networks. This assumption has been proved in the case study through simulation scenario and simulation results.

Securing internet by eliminating DDOS attacks

Science.gov (United States)

Niranchana, R.; Gayathri Devi, N.; Santhi, H.; Gayathri, P.

2017-11-01

The major threat caused to the authorised usage of Internet is Distributed Denial of Service attack. The mechanisms used to prevent the DDoS attacks are said to overcome the attack’s ability in spoofing the IP packets source addresses. By utilising Internet Protocol spoofing, the attackers cause a consequential load over the networks destination for policing attack packets. To overcome the IP Spoofing level on the Internet, We propose an Inter domain Packet Filter (IPF) architecture. The proposed scheme is not based on global routing information. The packets with reliable source addresses are not rejected, the IPF frame work works in such a manner. The spoofing capability of attackers is confined by IPF, and also the filter identifies the source of an attack packet by minimal number of candidate network.

Plants under dual attack

NARCIS (Netherlands)

Ponzio, C.A.M.

2016-01-01

Though immobile, plants are members of complex environments, and are under constant threat from a wide range of attackers, which includes organisms such as insect herbivores or plant pathogens. Plants have developed sophisticated defenses against these attackers, and include chemical responses

New attacks on Wi-Fi Protected Setup

OpenAIRE

Hamed Mohtadi; Alireza Rahimi

2015-01-01

Wi-Fi Protected Setup (WPS) is a network security standard that is used to secure networks in home and office, introduced in 2006 by the Wi-Fi Alliance. It provides easier configuration setup and is used in almost all recent Wi-Fi devices. In this paper we propose two attacks on this standard. The first attack is an offline brute force attack that uses imbalance on registration protocol. This attack needs user action, but it is more efficient than previous attacks. The second attack uses weak...

A Game Theoretic Approach to Cyber Attack Prediction

Energy Technology Data Exchange (ETDEWEB)

Peng Liu

2005-11-28

The area investigated by this project is cyber attack prediction. With a focus on correlation-based prediction, current attack prediction methodologies overlook the strategic nature of cyber attack-defense scenarios. As a result, current cyber attack prediction methodologies are very limited in predicting strategic behaviors of attackers in enforcing nontrivial cyber attacks such as DDoS attacks, and may result in low accuracy in correlation-based predictions. This project develops a game theoretic framework for cyber attack prediction, where an automatic game-theory-based attack prediction method is proposed. Being able to quantitatively predict the likelihood of (sequences of) attack actions, our attack prediction methodology can predict fine-grained strategic behaviors of attackers and may greatly improve the accuracy of correlation-based prediction. To our best knowledge, this project develops the first comprehensive framework for incentive-based modeling and inference of attack intent, objectives, and strategies; and this project develops the first method that can predict fine-grained strategic behaviors of attackers. The significance of this research and the benefit to the public can be demonstrated to certain extent by (a) the severe threat of cyber attacks to the critical infrastructures of the nation, including many infrastructures overseen by the Department of Energy, (b) the importance of cyber security to critical infrastructure protection, and (c) the importance of cyber attack prediction to achieving cyber security.

Invisible Trojan-horse attack

DEFF Research Database (Denmark)

Sajeed, Shihan; Minshull, Carter; Jain, Nitin

2017-01-01

We demonstrate the experimental feasibility of a Trojan-horse attack that remains nearly invisible to the single-photon detectors employed in practical quantum key distribution (QKD) systems, such as Clavis2 from ID Quantique. We perform a detailed numerical comparison of the attack performance...

Nuclear safety and (cyber)security at the heart of the digital revolution

International Nuclear Information System (INIS)

Kueny, L.; Levesque, J.

2017-01-01

The on-going digital revolution implies the sharing of data beyond the company walls, the development of connected objects and the setting of more and more complex digital networks. All of this increases the risk of being attacked by cyber-criminal and the probability is all the higher because new kinds of cyber-attacks appear every year. Originally nuclear industry has a culture of safety and has implemented numerous mechanisms of physical protection that slow down cyber-attacks. The humane factor is very often an important point for the success of a cyber-attack but the automation of repetitive tasks can reduce this risk. A cyber-attack can stay undetected if regularly overhauls of computer systems are not performed or if they are not adequately monitored. The reliability of digital tools for instance digital archives is a point that hinders the implementation of a total digital certification in the nuclear industry. (A.C.)

Script-viruses Attacks on UNIX OS

Directory of Open Access Journals (Sweden)

D. M. Mikhaylov

2010-06-01

Full Text Available In this article attacks on UNIX OS are considered. Currently antivirus developers are concentrated on protecting systems from viruses that are most common and attack popular operating systems. If the system or its components are not often attacked then the antivirus products are not protecting these components as it is not profitable. The same situation is with script-viruses for UNIX OS as most experts consider that it is impossible for such viruses to get enough rights to attack. Nevertheless the main conclusion of this article is the fact that such viruses can be very powerful and can attack systems and get enough rights.

Logistics of nuclear fuel production for nuclear submarines

International Nuclear Information System (INIS)

Guimaraes, Leonam dos Santos

2000-01-01

The future acquisition of nuclear attack submarines by Brazilian Navy along next century will imply new requirements on Naval Logistic Support System. These needs will impact all the six logistic functions. Among them, fuel supply could be considered as the one which requires the most important capacitating effort, including not only technological development of processes but also the development of a national industrial basis for effective production of nuclear fuel. This paper presents the technical aspects of the processes involved and an annual production dimensioning for an squadron composed by four units. (author)

Radiation Detection System for Prevention of Radiological and Nuclear Terrorism

International Nuclear Information System (INIS)

Kwak, Sung-Woo; Yoo, Ho-Sik; Jang, Sung-Sun; Kim, Jae-Kwang; Kim, Jung-Soo

2007-01-01

After the September 11 terrorist attack, the threat of a potential for a radiological or nuclear terrorist attack became more apparent. The threats relating to radiological or nuclear materials include a Radiological Dispersion Device (RDD), an Improved Nuclear Device (IND) or a State Nuclear Device (such as a Soviet manufactured suitcase nuclear weapon). For more effective countermeasures against the disaster, multilayer protection concept - prevention of smuggling of radioactive or nuclear material into our country through seaports or airports, detection and prevention of the threat materials in transit on a road, and prevention of their entry into a target building - is recommended. Due to different surrounding circumstances of where detection system is deployed, different types of radiation detection systems are required. There have been no studies on characteristics of detection equipment required under Korean specific conditions. This paper provides information on technical requirements of radiation detection system to achieve multi-layer countermeasures for the purpose of protecting the public and environment against radiological and nuclear terrorism

Current Status of the Cyber Threat Assessment for Nuclear Facilities

Energy Technology Data Exchange (ETDEWEB)

Kim, Hyun Doo [KINAC, Daejeon (Korea, Republic of)

2016-05-15

In December 2014, unknown hackers hacked internal documents sourced from Korea Hydro and Nuclear Power (KHNP) and those electronic documents were posted five times on a Social Network Service (SNS). The data included personal profiles, flow charts, manuals and blueprints for installing pipes in the nuclear power plant. Although the data were not critical to operation or sabotage of the plant, it threatened people and caused social unrest in Korea and neighboring countries. In December 2015, cyber attack on power grid caused a blackout for hundreds of thousands of people in Ukraine. The power outage was caused by a sophisticated attack using destructive malware called 'BlackEnergy'. Cyber attacks are reality in today's world and critical infrastructures are increasingly targeted. Critical infrastructures, such as the nuclear power plant, need to be proactive and protect the nuclear materials, assets and facilities from potential cyber attacks. The threat assessment document and its detailed procedure are confidential for the State. Nevertheless, it is easy to find cooperation on assessing and evaluating the threats of nuclear materials and facilities with other government departments or agencies including the national police. The NSSC and KINAC also cooperated with the National Intelligence Service (NIS) and National Security Research Institute (NSR). However, robust cyber threat assessment system and regular consultative group should be established with domestic and overseas organization including NIS, NSR, the National Police Agency and the military force to protect and ensure to safety of people, public and environment from rapidly changing and upgrading cyber threats.

Current Status of the Cyber Threat Assessment for Nuclear Facilities

International Nuclear Information System (INIS)

Kim, Hyun Doo

2016-01-01

In December 2014, unknown hackers hacked internal documents sourced from Korea Hydro and Nuclear Power (KHNP) and those electronic documents were posted five times on a Social Network Service (SNS). The data included personal profiles, flow charts, manuals and blueprints for installing pipes in the nuclear power plant. Although the data were not critical to operation or sabotage of the plant, it threatened people and caused social unrest in Korea and neighboring countries. In December 2015, cyber attack on power grid caused a blackout for hundreds of thousands of people in Ukraine. The power outage was caused by a sophisticated attack using destructive malware called 'BlackEnergy'. Cyber attacks are reality in today's world and critical infrastructures are increasingly targeted. Critical infrastructures, such as the nuclear power plant, need to be proactive and protect the nuclear materials, assets and facilities from potential cyber attacks. The threat assessment document and its detailed procedure are confidential for the State. Nevertheless, it is easy to find cooperation on assessing and evaluating the threats of nuclear materials and facilities with other government departments or agencies including the national police. The NSSC and KINAC also cooperated with the National Intelligence Service (NIS) and National Security Research Institute (NSR). However, robust cyber threat assessment system and regular consultative group should be established with domestic and overseas organization including NIS, NSR, the National Police Agency and the military force to protect and ensure to safety of people, public and environment from rapidly changing and upgrading cyber threats

Russia's nuclear doctrine: The end of the period of transition?

International Nuclear Information System (INIS)

Sokov, N.

2000-01-01

The Russian Federation issued a draft Military Doctrine in October 1999, widely circulating it for study and reactions. In January 2000, Russia published its 2000 National Security Concept and on 4 February, the Security Council approved its new military doctrine. Nuclear weapons are seen as the only reliable means to dissuade NATO from using force against Russia. There is a distinct focus in the new doctrine on the immediate military utility of nuclear weapons. Russia, like NATO, is continuing to reduce its nuclear weapons, though at a slower clip than foreseen by the START agreements. The doctrine reasserts the policy of first use of nuclear weapons in response to a conventional attack. Its policy provides for the use of nuclear weapons in response to an attack in which other weapons of mass destruction (chemical or biological) are used. (author)

Hybrid attacks on model-based social recommender systems

Science.gov (United States)

Yu, Junliang; Gao, Min; Rong, Wenge; Li, Wentao; Xiong, Qingyu; Wen, Junhao

2017-10-01

With the growing popularity of the online social platform, the social network based approaches to recommendation emerged. However, because of the open nature of rating systems and social networks, the social recommender systems are susceptible to malicious attacks. In this paper, we present a certain novel attack, which inherits characteristics of the rating attack and the relation attack, and term it hybrid attack. Furtherly, we explore the impact of the hybrid attack on model-based social recommender systems in multiple aspects. The experimental results show that, the hybrid attack is more destructive than the rating attack in most cases. In addition, users and items with fewer ratings will be influenced more when attacked. Last but not the least, the findings suggest that spammers do not depend on the feedback links from normal users to become more powerful, the unilateral links can make the hybrid attack effective enough. Since unilateral links are much cheaper, the hybrid attack will be a great threat to model-based social recommender systems.

Cyber operations as nuclear counterproliferation measures

OpenAIRE

Roscini, M.

2014-01-01

Focusing on recent malware that allegedly targeted Iran’s nuclear programme, this article discusses the legality of inter-state cyber operations as measures to prevent the proliferation of nuclear weapons approaching the problem from the perspective of the law of State responsibility, in particular the circumstances precluding wrongfulness. After examining the role that cyber attacks and cyber exploitation can play in preventing nuclear proliferation, the article explores whether cyber operat...

Nuclear security - New challenge to the safety of nuclear power plants

International Nuclear Information System (INIS)

Li Ganjie

2008-01-01

The safety of nuclear power plants involves two aspects: one is to prevent nuclear accidents resulted from systems and equipments failure or human errors; the other is to refrain nuclear accidents from external intended attack. From this point of view, nuclear security is an organic part of the nuclear safety of power plants since they have basically the same goals and concrete measures with each other. In order to prevent malicious attacks; the concept of physical protection of nuclear facilities has been put forward. In many years, a series of codes and regulations as well as technical standard systems on physical protection had been developed at international level. The United Nations passed No. 1540 resolution as well as 'Convention on the Suppression of Acts of Nuclear terrorism', and revised 'Convention on Physical Protection of Nuclear Materials', which has enhanced a higher level capacity of preparedness by international community to deal with security issues of nuclear facilities. In China, in order to improve the capability of nuclear power plants on preventing and suppressing the external attacks, the Chinese government consecutively developed the related codes and standards as well as technical documents based on the existing laws and regulations, including 'Guide for the Nuclear Security of Nuclear Power Plants' and 'Guide for the Physical Protection of Nuclear Materials', so as to upgrade the legislative requirements for nuclear security in power plants. The government also made greater efforts to support the scientific research and staff training on physical protection, and satisfying the physical protection standards for newly-built nuclear facilities such as large scale nuclear power plants to meet requirement at international level. At the same time old facilities were renovated and the Chinese government established a nuclear emergency preparedness coordination mechanism, developed corresponding emergency preparedness plans, intensified the

Managing nuclear supplier risks

International Nuclear Information System (INIS)

Ramberg, B.

1990-01-01

This paper reports that with the appearance of such third-tier suppliers as Argentina, Brazil, South Korea, Taiwan, China, and others capable of producing nuclear components and sensitive nuclear materials, assurance that importers are using nuclear energy benignly and safely may become more uncertain. It is therefore important to integrate emerging exporters and importers into a regime of norms designed to minimize nuclear risks. The experience of the London Nuclear Suppliers Group (NSG) to arrive at a code of conduct is encouraging. Placed in the context of the larger evolving nuclear energy regime that seeks to address nuclear safety, proliferation, terrorism, and military attacks on reactors, the international community has made substantial progress. Still, there is much that remains to be done

Current nuclear threats and possible responses

Science.gov (United States)

Lamb, Frederick K.

2005-04-01

Over the last 50 years, the United States has spent more than 100 billion developing and building a variety of systems intended to defend its territory against intercontinental-range ballistic missiles. Most of these systems never became operational and ultimately all were judged ineffective. The United States is currently spending about 10 billion per year developing technologies and systems intended to defend against missiles that might be acquired in the future by North Korea or Iran. This presentation will discuss these efforts ad whether they are likely to be more effective than those of the past. It will also discuss the proper role of anti-ballistic programs at a time when the threat of a nuclear attack on the U.S. by terrorists armed with nuclear weapons is thought to be much higher than the threat of an attack by nuclear-armed ballistic missles.

Assessment and testing of industrial devices robustness against cyber security attacks

International Nuclear Information System (INIS)

Tilaro, F.; Copy, B.

2012-01-01

CERN (European Organization for Nuclear Research),like any organization, needs to achieve the conflicting objectives of connecting its operational network to Internet while at the same time keeping its industrial control systems secure from external and internal cyber attacks. Devices robustness represents a key link in the defense-in-depth concept as some attacks will inevitably penetrate security boundaries and thus require further protection measures. CERN - in collaboration with Siemens - has designed and implemented a dedicated working environment, the Test-bench for Robustness of Industrial Equipment. Such tests attempt to detect possible anomalies by exploiting corrupt communication channels and manipulating the normal behavior of the communication protocols, in the same way as a cyber attacker would proceed. Our approach consists of analyzing protocol implementations by injecting malformed PDUs (Protocol Data Unit) to corrupt the normal behaviour of the system. As a PDU typically has many fields, the number of possible syntactically faulty PDUs grows exponentially with the number of fields. In this document, we proposed a strategy to explore this huge test domain using a hybrid approach of fuzzing and syntax techniques, specifically developed to evaluate industrial device communication robustness. So far, not all the tests can be integrated into automatic tools, human analysis and management is necessary to discover and investigate specific possible failures

The nuclear medicine department in the emergency management plan: a referent structure for the nuclear and radiological risks

International Nuclear Information System (INIS)

Barat, J.L.; Ducassou, D.; Lesgourgues, P.; Zamaron, S.; Boulard, G.

2006-01-01

Each french public or private hospital has to establish guidelines for an immediate response to mass casualties (Emergency Management Plan or 'White' Plan). For a nuclear accident or terrorist attack, the staff of the Nuclear Medicine Department may be adequately prepared and equipped. This paper presents the nuclear and radiological risks section of the final draft of the White Plan developed at Bordeaux University Hospital. (author)

Protecting nuclear power plants. Chapter 2. On the importance of the security and safety of the reactor pressure vessel to external threats

International Nuclear Information System (INIS)

Ballesteros, A.; Gonzalez, J.; Debarberis, L.

2006-01-01

Nuclear power plants have blong been recognized as potential targets of terrorist attacks, and critics have long questioned the adequacy of the existing measures to defend against such attacks. The 11-S 2001, 11-M 2004 and 7-J 2005 attacks in USA, Spain and UK illustrated the deadly intention and abilities of modern terrorist groups. These attacks also brought to surface long standing concerns about the vulnerability of nuclear installations to possible terrorist attacks. Commercial nuclear reactors contain large inventory of radioactive fission products which, if dispersed, could pose a direct radiation hazard on the population. The reactor pressure vessel (RPV), which contains the nuclear fuel, is the most critical component of the plant. This paper shows that small amount of explosive material can produce irreversible damage in the RPV and the release of radioactive material. Therefor, access of working personal to the vicinity of the RPV during the refuelling outage should be stricktly limited. It should be considered a high priority security issue

An Analysis of Attacks on Blockchain Consensus

OpenAIRE

Bissias, George; Levine, Brian Neil; Ozisik, A. Pinar; Andresen, Gavin

2016-01-01

We present and validate a novel mathematical model of the blockchain mining process and use it to conduct an economic evaluation of the double-spend attack, which is fundamental to all blockchain systems. Our analysis focuses on the value of transactions that can be secured under a conventional double-spend attack, both with and without a concurrent eclipse attack. Our model quantifies the importance of several factors that determine the attack's success, including confirmation depth, attacke...

Automated classification of computer network attacks

CSIR Research Space (South Africa)

Van Heerden, R

2013-11-01

Full Text Available according to the relevant types of attack scenarios depicted in the ontology. The two network attack instances are the Distributed Denial of Service attack on SpamHaus in 2013 and the theft of 42 million Rand ($6.7 million) from South African Postbank...

Reducing the risk of nuclear terrorism

International Nuclear Information System (INIS)

Hibbs, R.

2005-01-01

Full text: The March 2005 'International conference on nuclear security, global directions for the future' noted that nuclear terrorism is one of the greatest threats to society. Eminent members of a multi-national panel stated that there is no one principal activity to reduce the risk of nuclear terrorism and that a combination of activities is required. This paper seeks to identify those activities by analyzing the elements that comprise the risk of nuclear terrorism. For the purpose of the analysis, risk is the product of the probability of a terrorist attack (A p ), the success of a terrorist act (S p ) and the consequence (C) of the attack: R=A p * S p * C. The paper examines each of these three elements of risk with the objective of identifying what we are doing and what else we could be doing to reduce risk. It takes into consideration some historic catastrophes, examines how they might have been prevented or their consequences reduced, and if there are lessons that are applicable to reducing the risk of nuclear terrorism. The paper demonstrates that we have concentrated on only one of the three elements of risk and offer suggestions for diminishing the risk of nuclear terrorism by addressing all the elements. (author)

Nuclear forensics: Soil content

International Nuclear Information System (INIS)

Beebe, Merilyn Amy

2015-01-01

Nuclear Forensics is a growing field that is concerned with all stages of the process of creating and detonating a nuclear weapon. The main goal is to prevent nuclear attack by locating and securing nuclear material before it can be used in an aggressive manner. This stage of the process is mostly paperwork; laws, regulations, treaties, and declarations made by individual countries or by the UN Security Council. There is some preliminary leg work done in the form of field testing detection equipment and tracking down orphan materials; however, none of these have yielded any spectacular or useful results. In the event of a nuclear attack, the first step is to analyze the post detonation debris to aid in the identification of the responsible party. This aspect of the nuclear forensics process, while reactive in nature, is more scientific. A rock sample taken from the detonation site can be dissolved into liquid form and analyzed to determine its chemical composition. The chemical analysis of spent nuclear material can provide valuable information if properly processed and analyzed. In order to accurately evaluate the results, scientists require information on the natural occurring elements in the detonation zone. From this information, scientists can determine what percentage of the element originated in the bomb itself rather than the environment. To this end, element concentrations in soils from sixty-nine different cities are given, along with activity concentrations for uranium, thorium, potassium, and radium in various building materials. These data are used in the analysis program Python.

Nuclear forensics: Soil content

Energy Technology Data Exchange (ETDEWEB)

Beebe, Merilyn Amy [Los Alamos National Lab. (LANL), Los Alamos, NM (United States)

2015-08-31

Nuclear Forensics is a growing field that is concerned with all stages of the process of creating and detonating a nuclear weapon. The main goal is to prevent nuclear attack by locating and securing nuclear material before it can be used in an aggressive manner. This stage of the process is mostly paperwork; laws, regulations, treaties, and declarations made by individual countries or by the UN Security Council. There is some preliminary leg work done in the form of field testing detection equipment and tracking down orphan materials; however, none of these have yielded any spectacular or useful results. In the event of a nuclear attack, the first step is to analyze the post detonation debris to aid in the identification of the responsible party. This aspect of the nuclear forensics process, while reactive in nature, is more scientific. A rock sample taken from the detonation site can be dissolved into liquid form and analyzed to determine its chemical composition. The chemical analysis of spent nuclear material can provide valuable information if properly processed and analyzed. In order to accurately evaluate the results, scientists require information on the natural occurring elements in the detonation zone. From this information, scientists can determine what percentage of the element originated in the bomb itself rather than the environment. To this end, element concentrations in soils from sixty-nine different cities are given, along with activity concentrations for uranium, thorium, potassium, and radium in various building materials. These data are used in the analysis program Python.

Cyber Attacks and Combat Behavior

Directory of Open Access Journals (Sweden)

Carataș Maria Alina

2017-01-01

Full Text Available Cyber terrorism is an intangible danger, a real over the corner threat in the life of individuals,organizations, and governments and is getting harder to deal with its damages. The motivations forthe cyber-attacks are different, depending on the terrorist group, from cybercrime to hacktivism,attacks over the authorities’ servers. Organizations constantly need to find new ways ofstrengthening protection against cyber-attacks, assess their cyber readiness, expand the resiliencecapacity and adopts international security regulations.

Attacks on public telephone networks: technologies and challenges

Science.gov (United States)

Kosloff, T.; Moore, Tyler; Keller, J.; Manes, Gavin W.; Shenoi, Sujeet

2003-09-01

Signaling System 7 (SS7) is vital to signaling and control in America's public telephone networks. This paper describes a class of attacks on SS7 networks involving the insertion of malicious signaling messages via compromised SS7 network components. Three attacks are discussed in detail: IAM flood attacks, redirection attacks and point code spoofing attacks. Depending on their scale of execution, these attacks can produce effects ranging from network congestion to service disruption. Methods for detecting these denial-of-service attacks and mitigating their effects are also presented.

Treaties against nuclear terrorism. The global legal framework can make a difference

International Nuclear Information System (INIS)

Johnson, L.D.

2002-01-01

Two international treaties, one being drafted and the other already on the books, specifically address nuclear terrorism. The first Treaty known as the Convention on the Physical Protection of Nuclear Material was adopted in 1980 under auspices of the IAEA. The second Treaty for the Suppression of Acts of Nuclear Terrorism is being drafted as part of the UN global campaign against terrorism. Both could require that specific measures be taken worldwide to protect and secure nuclear facilities from terrorist attack and sabotage. But neither one does. Efforts to include such requirements, before the terrorist attacks of 11 September 2001, have not borne fruit. Now, in the wake of lessons learned, is the time to revive and support them

Defense and attack of complex and dependent systems

International Nuclear Information System (INIS)

Hausken, Kjell

2010-01-01

A framework is constructed for how to analyze the strategic defense of an infrastructure subject to attack by a strategic attacker. Merging operations research, reliability theory, and game theory for optimal analytical impact, the optimization program for the defender and attacker is specified. Targets can be in parallel, series, combined series-parallel, complex, k-out-of-n redundancy, independent, interdependent, and dependent. The defender and attacker determine how much to invest in defending versus attacking each of multiple targets. A target can have economic, human, and symbolic values, subjectively assessed by the defender and attacker. A contest success function determines the probability of a successful attack on each target, dependent on the investments by the defender and attacker into each target, and on characteristics of the contest. The defender minimizes the expected damage plus the defense costs. The attacker maximizes the expected damage minus the attack costs. Each agent is concerned about how his investments vary across the targets, and the impact on his utilities. Interdependent systems are analyzed where the defense and attack on one target impacts all targets. Dependent systems are analyzed applying Markov analysis and repeated games where a successful attack on one target in the first period impacts the unit costs of defense and attack, and the contest intensity, for the other target in the second period.

Defense and attack of complex and dependent systems

Energy Technology Data Exchange (ETDEWEB)

Hausken, Kjell, E-mail: kjell.hausken@uis.n [Faculty of Social Sciences, University of Stavanger, N-4036 Stavanger (Norway)

2010-01-15

A framework is constructed for how to analyze the strategic defense of an infrastructure subject to attack by a strategic attacker. Merging operations research, reliability theory, and game theory for optimal analytical impact, the optimization program for the defender and attacker is specified. Targets can be in parallel, series, combined series-parallel, complex, k-out-of-n redundancy, independent, interdependent, and dependent. The defender and attacker determine how much to invest in defending versus attacking each of multiple targets. A target can have economic, human, and symbolic values, subjectively assessed by the defender and attacker. A contest success function determines the probability of a successful attack on each target, dependent on the investments by the defender and attacker into each target, and on characteristics of the contest. The defender minimizes the expected damage plus the defense costs. The attacker maximizes the expected damage minus the attack costs. Each agent is concerned about how his investments vary across the targets, and the impact on his utilities. Interdependent systems are analyzed where the defense and attack on one target impacts all targets. Dependent systems are analyzed applying Markov analysis and repeated games where a successful attack on one target in the first period impacts the unit costs of defense and attack, and the contest intensity, for the other target in the second period.

Automated Generation of Attack Trees

DEFF Research Database (Denmark)

Vigo, Roberto; Nielson, Flemming; Nielson, Hanne Riis

2014-01-01

Attack trees are widely used to represent threat scenarios in a succinct and intuitive manner, suitable for conveying security information to non-experts. The manual construction of such objects relies on the creativity and experience of specialists, and therefore it is error-prone and impractica......Attack trees are widely used to represent threat scenarios in a succinct and intuitive manner, suitable for conveying security information to non-experts. The manual construction of such objects relies on the creativity and experience of specialists, and therefore it is error......-prone and impracticable for large systems. Nonetheless, the automated generation of attack trees has only been explored in connection to computer networks and levering rich models, whose analysis typically leads to an exponential blow-up of the state space. We propose a static analysis approach where attack trees...... are automatically inferred from a process algebraic specification in a syntax-directed fashion, encompassing a great many application domains and avoiding incurring systematically an exponential explosion. Moreover, we show how the standard propositional denotation of an attack tree can be used to phrase...

Pareto Efficient Solutions of Attack-Defence Trees

DEFF Research Database (Denmark)

Aslanyan, Zaruhi; Nielson, Flemming

2015-01-01

Attack-defence trees are a promising approach for representing threat scenarios and possible countermeasures in a concise and intuitive manner. An attack-defence tree describes the interaction between an attacker and a defender, and is evaluated by assigning parameters to the nodes, such as proba......Attack-defence trees are a promising approach for representing threat scenarios and possible countermeasures in a concise and intuitive manner. An attack-defence tree describes the interaction between an attacker and a defender, and is evaluated by assigning parameters to the nodes......, such as probability or cost of attacks and defences. In case of multiple parameters most analytical methods optimise one parameter at a time, e.g., minimise cost or maximise probability of an attack. Such methods may lead to sub-optimal solutions when optimising conflicting parameters, e.g., minimising cost while...... maximising probability. In order to tackle this challenge, we devise automated techniques that optimise all parameters at once. Moreover, in the case of conflicting parameters our techniques compute the set of all optimal solutions, defined in terms of Pareto efficiency. The developments are carried out...

Control of corrosion in an aqueous nuclear fuel storage basin

International Nuclear Information System (INIS)

Zimmerman, C.A.

1981-01-01

Observations made during thirty years of experience in operating a nuclear fuel storage basin, used for storing a wide variety of spent nuclear fuels underwater have identified several forms of corrosion such as galvanic, pitting and crevice attack. Examples of some of the forms of corrosion observed and their causes are discussed, along with the measures taken to mitigate the corrosive attack. The paper also describes the procedure used to reduce corrosion by: surveillance of design, selection of materials for application in the basin, and inspection of items in the storage basin

Cross-site scripting attacks procedure and Prevention Strategies

Directory of Open Access Journals (Sweden)

Wang Xijun

2016-01-01

Full Text Available Cross-site scripting attacks and defense has been the site of attack and defense is an important issue, this paper, the definition of cross-site scripting attacks, according to the current understanding of the chaos on the cross-site scripting, analyzes the causes and harm cross-site scripting attacks formation of attacks XXS complete process XSS attacks made a comprehensive analysis, and then for the web program includes Mobility there are cross-site scripting filter laxity given from ordinary users browse the web and web application developers two the defense cross-site scripting attacks effective strategy.

Heart Attack Symptoms in Women

Science.gov (United States)

... fat, cholesterol and other substances (plaque). Watch an animation of a heart attack . Many women think the ... Support Network Popular Articles 1 Understanding Blood Pressure Readings 2 Sodium and Salt 3 Heart Attack Symptoms ...

Chemical immobilization of fission products reactive with nuclear reactor components

International Nuclear Information System (INIS)

Grossman, L.N.; Kaznoff, A.I.; Clukey, H.V.

1975-01-01

This invention teaches a method of immobilizing deleterious fission products produced in nuclear fuel materials during nuclear fission chain reactions through the use of additives. The additives are disposed with the nuclear fuel materials in controlled quantities to form new compositions preventing attack of reactor components, especially nuclear fuel cld, by the deleterious fission products. (Patent Office Record)

On the anatomy of social engineering attacks : A literature-based dissection of successful attacks

NARCIS (Netherlands)

Bullee, Jan-Willem; Montoya, L.; Pieters, Wolter; Junger, Marianne; Hartel, Pieter H.

The aim of this studywas to explore the extent towhich persuasion principles are used in successful social engineering attacks. Seventy-four scenarioswere extracted from 4 books on social engineering (written by social engineers) and analysed. Each scenariowas split into attack steps, containing

Nuclear radiation in warfare

International Nuclear Information System (INIS)

Rotblat, J.

1986-01-01

The subject is covered in chapters, entitled: introduction; digest of nuclear weaponry (characteristics of nuclear weapons; effects of nuclear weapons other than ionizing radiation (fire-ball, fall-out, thermal radiation, blast wave, electromagnetic pulse); the nuclear arms race; war scenarios; biological effects of radiations on man (radiation doses; natural sources of radiation; acute effects of radiation; long-term somatic effects; genetic effects; factors affecting the biological response to radiation; internal exposure; synergistic effects; protection against radiation effects); radiations from nuclear explosions (initial radiation; fall-out; effects of fall-out on animal and plant life; contamination of water and food supplies by fall-out); radiation casualties in a nuclear war; effectiveness of civil defence; other warlike uses of radiation (attacks on civilian nuclear power installations; radiological warfare; terrorist activities); conclusion. (orig./HP) [de

Nuclear radiation in warfare

International Nuclear Information System (INIS)

Rotblat, J.

1981-01-01

The subject is covered in chapters, entitled: introduction; digest of nuclear weaponry (characteristics of nuclear weapons; effects of nuclear weapons other than ionizing radiation (fire-ball, fall-out, thermal radiation, blast wave, electromagnetic pulse); the nuclear arms race; war scenarios); biological effects of radiations on man (radiation doses; natural sources of radiation; acute effects of radiation; long-term somatic effects; genetic effects; factors affecting the biological response to radiation; internal exposure; synergistic effects; protection against radiation effects); radiations from nuclear explosions (initial radiation; fall-out; effects of fall-out on animal and plant life; contamination of water and food supplies by fall-out); radiation casualties in a nuclear war; effectiveness of civil defence; other warlike uses of radiation (attacks on civilian nuclear power installations; radiological warfare; terrorist activities); conclusion. (U.K.)

DDOS ATTACK DETECTION SIMULATION AND HANDLING MECHANISM

Directory of Open Access Journals (Sweden)

Ahmad Sanmorino

2013-11-01

Full Text Available In this study we discuss how to handle DDoS attack that coming from the attacker by using detection method and handling mechanism. Detection perform by comparing number of packets and number of flow. Whereas handling mechanism perform by limiting or drop the packets that detected as a DDoS attack. The study begins with simulation on real network, which aims to get the real traffic data. Then, dump traffic data obtained from the simulation used for detection method on our prototype system called DASHM (DDoS Attack Simulation and Handling Mechanism. From the result of experiment that has been conducted, the proposed method successfully detect DDoS attack and handle the incoming packet sent by attacker.

Model checking exact cost for attack scenarios

DEFF Research Database (Denmark)

Aslanyan, Zaruhi; Nielson, Flemming

2017-01-01

Attack trees constitute a powerful tool for modelling security threats. Many security analyses of attack trees can be seamlessly expressed as model checking of Markov Decision Processes obtained from the attack trees, thus reaping the benefits of a coherent framework and a mature tool support....... However, current model checking does not encompass the exact cost analysis of an attack, which is standard for attack trees. Our first contribution is the logic erPCTL with cost-related operators. The extended logic allows to analyse the probability of an event satisfying given cost bounds and to compute...... the exact cost of an event. Our second contribution is the model checking algorithm for erPCTL. Finally, we apply our framework to the analysis of attack trees....

NETWORK SECURITY ATTACKS. ARP POISONING CASE STUDY

Directory of Open Access Journals (Sweden)

Luminiţa DEFTA

2010-12-01

Full Text Available Arp poisoning is one of the most common attacks in a switched network. A switch is a network device that limits the ability of attackers that use a packet sniffer to gain access to information from internal network traffic. However, using ARP poisoning the traffic between two computers can be intercepted even in a network that uses switches. This method is known as man in the middle attack. With this type of attack the affected stations from a network will have invalid entries in the ARP table. Thus, it will contain only the correspondence between the IP addresses of the stations from the same network and a single MAC address (the station that initiated the attack. In this paper we present step by step the initiation of such an attack in a network with three computers. We will intercept the traffic between two stations using the third one (the attacker.

An introduction to the axiology of nuclear energy

International Nuclear Information System (INIS)

Sawada, Tetsuo

2005-01-01

Nuclear energy was developed during World War II and grew immensely within the era of the Cold War. After the Cold War came to an end during the early 1990s, those who benefited from the development of nuclear energy were most likely confronted with a challenge by a new tide of civilization. Although the challenge had not been closely questioned since then, such a new movement abruptly manifested itself after the terrorist attacks on September 11, 2001. After these attacks, many began to realize that global circumstances, especially those concerned with global security, must have changed with the reordering of the world's basic structures that support political and economical developments. Here the world's basic structure is closely related with values, i.e., the system of values. This paper describes the thoughts that reveal the causes and the backgrounds of the events of September 11, the linkage to nuclear energy development, and nuclear civilization in pursuit of the future regime of nuclear energy's harmonization with the global society of the 21st century. (author)

Understanding How Components of Organisations Contribute to Attacks

DEFF Research Database (Denmark)

Gu, Min; Aslanyan, Zaruhi; Probst, Christian W.

2016-01-01

Attacks on organisations today explore many different layers, including buildings infrastructure, IT infrastructure, and human factor – the physical, virtual, and social layer. Identifying possible attacks, understanding their impact, and attributing their origin and contributing factors is diffi......Attacks on organisations today explore many different layers, including buildings infrastructure, IT infrastructure, and human factor – the physical, virtual, and social layer. Identifying possible attacks, understanding their impact, and attributing their origin and contributing factors...... is difficult. Recently, system models have been used for automatically identifying possible attacks on the modelled organisation. The generated attacks consider all three layers, making the contribution of building infrastructure, computer infrastructure, and humans (insiders and outsiders) explicit. However......, this contribution is only visible in the attack trees as part of the performed steps; it cannot be mapped back to the model directly since the actions usually involve several elements (attacker and targeted actor or asset). Especially for large attack trees, understanding the relations between several model...

Attack Graph Construction for Security Events Analysis

Directory of Open Access Journals (Sweden)

Andrey Alexeevich Chechulin

2014-09-01

Full Text Available The paper is devoted to investigation of the attack graphs construction and analysis task for a network security evaluation and real-time security event processing. Main object of this research is the attack modeling process. The paper contains the description of attack graphs building, modifying and analysis technique as well as overview of implemented prototype for network security analysis based on attack graph approach.

Automated Discovery of Mimicry Attacks

National Research Council Canada - National Science Library

Giffin, Jonathon T; Jha, Somesh; Miller, Barton P

2006-01-01

.... These systems are useful only if they detect actual attacks. Previous research developed manually-constructed mimicry and evasion attacks that avoided detection by hiding a malicious series of system calls within a valid sequence allowed by the model...

Nuclear forensics

International Nuclear Information System (INIS)

Venugopal, V.

2010-01-01

Increasing threat by terrorists for a possible nuclear attack is particularly alarming in recent years. The likelihood of such an event is highly uncertain but cannot be ruled out. The consequence of such an event would be highly disastrous and the implications could be far-reaching both socially and politically. It is feared that significant amount of nuclear weapons materials may be kept under poor security. Therefore, there is a greater demand with utmost priority to curb nuclear terrorism by adapting proper security measures. One of the most important measures is to stop illicit trafficking of nuclear materials which are the source of building nuclear explosive devices. According to the IAEA illicit trafficking database (ITDB) report, a total number of 252 incidents were reported in 2006, of which 150 occurred in 2006 and the remaining 102 had taken place prior to that year, mainly in 2005

The Japanese aerial attack on Hanford Engineer Works

Science.gov (United States)

Clark, Charles W.

The day before the Pearl Harbor attack, December 6, 1941, the University of Chicago Metallurgical Laboratory was given four goals: design a plutonium (Pu) bomb; produce Pu by irradiation of uranium (U); extract Pu from the irradiated U; complete this in time to be militarily significant. A year later the first controlled nuclear chain reaction was attained in Chicago Pile 1 (CP-1). In January 1943, Hanford, WA was chosen as the site of the Pu factory. Neutron irradiation of 238U was to be used to make 239Pu. This was done by a larger version of CP-1, Hanford Reactor B, which went critical in September 1944. By July 1945 it had made enough Pu for two bombs: one used at the Trinity test in July; the other at Nagasaki, Japan in August. I focus on an ironic sidelight to this story: disruption of hydroelectric power to Reactor B by a Japanese fire balloon attack on March 10, 1945. This activated the costly coal-fired emergency backup plant to keep the reactor coolant water flowing, thwarting disaster and vindicating the conservative design of Hanford Engineer Works. Management of the Hanford Engineer Works in World War II, H. Thayer (ASCE Press 1996).

Low yield nuclear weapons and nuclear terrorism

International Nuclear Information System (INIS)

Rodionov, S.

1999-01-01

It is unlikely that anybody would imagine the route to a nuclear-weapon-free world as a straight and unimpeded one. At the moment, there is a fading interest in the possibility of the concerted bilateral reduction of the US and Russian nuclear weapon stockpiles. The reason is evident: these powers demonstrate quite different approaches to two large political campaigns initiated in American political circles, namely NATO expansion to the East, and the attack on Anti-Ballistic-Missile (ABM) Treaty. Russia considers these initiatives as provocative in content and high-handed in the form. The West argues that Russian response is unjustified and insists on the peaceful nature of its plans?

Transforming Graphical System Models to Graphical Attack Models

DEFF Research Database (Denmark)

Ivanova, Marieta Georgieva; Probst, Christian W.; Hansen, Rene Rydhof

2016-01-01

Manually identifying possible attacks on an organisation is a complex undertaking; many different factors must be considered, and the resulting attack scenarios can be complex and hard to maintain as the organisation changes. System models provide a systematic representation of organisations...... approach to transforming graphical system models to graphical attack models in the form of attack trees. Based on an asset in the model, our transformations result in an attack tree that represents attacks by all possible actors in the model, after which the actor in question has obtained the asset....

When Sinuses Attack! (For Kids)

Science.gov (United States)

... First Aid & Safety Doctors & Hospitals Videos Recipes for Kids Kids site Sitio para niños How the Body Works ... Search English Español When Sinuses Attack! KidsHealth / For Kids / When Sinuses Attack! What's in this article? What ...

Heart Attack

Science.gov (United States)

... properly causes your body's blood sugar levels to rise, increasing your risk of heart attack. Metabolic syndrome. This occurs when you have obesity, high blood pressure and high blood sugar. Having metabolic ...

Software-based Microarchitectural Attacks

OpenAIRE

Gruss, Daniel

2017-01-01

Modern processors are highly optimized systems where every single cycle of computation time matters. Many optimizations depend on the data that is being processed. Software-based microarchitectural attacks exploit effects of these optimizations. Microarchitectural side-channel attacks leak secrets from cryptographic computations, from general purpose computations, or from the kernel. This leakage even persists across all common isolation boundaries, such as processes, containers, and virtual ...

Integrating cyber attacks within fault trees

International Nuclear Information System (INIS)

Nai Fovino, Igor; Masera, Marcelo; De Cian, Alessio

2009-01-01

In this paper, a new method for quantitative security risk assessment of complex systems is presented, combining fault-tree analysis, traditionally used in reliability analysis, with the recently introduced Attack-tree analysis, proposed for the study of malicious attack patterns. The combined use of fault trees and attack trees helps the analyst to effectively face the security challenges posed by the introduction of modern ICT technologies in the control systems of critical infrastructures. The proposed approach allows considering the interaction of malicious deliberate acts with random failures. Formal definitions of fault tree and attack tree are provided and a mathematical model for the calculation of system fault probabilities is presented.

Integrating cyber attacks within fault trees

Energy Technology Data Exchange (ETDEWEB)

Nai Fovino, Igor [Joint Research Centre - EC, Institute for the Protection and Security of the Citizen, Ispra, VA (Italy)], E-mail: igor.nai@jrc.it; Masera, Marcelo [Joint Research Centre - EC, Institute for the Protection and Security of the Citizen, Ispra, VA (Italy); De Cian, Alessio [Department of Electrical Engineering, University di Genova, Genoa (Italy)

2009-09-15

In this paper, a new method for quantitative security risk assessment of complex systems is presented, combining fault-tree analysis, traditionally used in reliability analysis, with the recently introduced Attack-tree analysis, proposed for the study of malicious attack patterns. The combined use of fault trees and attack trees helps the analyst to effectively face the security challenges posed by the introduction of modern ICT technologies in the control systems of critical infrastructures. The proposed approach allows considering the interaction of malicious deliberate acts with random failures. Formal definitions of fault tree and attack tree are provided and a mathematical model for the calculation of system fault probabilities is presented.

Attack and Vulnerability Penetration Testing: FreeBSD

Directory of Open Access Journals (Sweden)

Abdul Hanan Abdullah

2013-07-01

Full Text Available Computer system security has become a major concern over the past few years. Attacks, threasts or intrusions, against computer system and network have become commonplace events. However, there are some system devices and other tools that are available to overcome the threat of these attacks. Currently, cyber attack is a major research and inevitable. This paper presents some steps of penetration in FreeBSD operating system, some tools and new steps to attack used in this experiment, probes for reconnaissance, guessing password via brute force, gaining privilege access and flooding victim machine to decrease availability. All these attacks were executed and infiltrate within the environment of Intrusion Threat Detection Universiti Teknologi Malaysia (ITD UTM data set. This work is expected to be a reference for practitioners to prepare their systems from Internet attacks.

Nuclear security culture in comparison with nuclear safety culture. Resemblances and differences

International Nuclear Information System (INIS)

Kawata, Norio

2015-01-01

Since the terrorist attacks on the U.S. on September 11th, 2001, Nuclear Security has been focused on and treated as a global issue in the international community and it has also been discussed as a real and serious threat to nuclear power plants in the world since 'The Great East Japan Earthquake' in March, 2011. The International Atomic Energy Agency (IAEA) issued a document including Nuclear Security Recommendations (INFCIRC/225/Rev.5) (NSS 13) in the Nuclear Security Series and emphasized the necessity of fostering Nuclear Security Culture. Nuclear Security Culture has been frequently discussed at various kinds of seminars and events. Since the officials in charge of Nuclear Security are familiar with the area of Nuclear Safety, the relationships between Nuclear Safety Culture and Nuclear Security Culture have been the point in controversy. This paper clarifies relevance between Nuclear Safety and Security, considers resemblances and differences of their concepts and lessons learned for each culture from nuclear power plant accidents, and promotes deeper understanding of Nuclear Safety and Nuclear Security Culture. (author)

The climatic effects of nuclear war

Science.gov (United States)

Turco, R. P.; Toon, O. B.; Ackerman, T. P.; Pollack, J. B.; Sagan, C.

1984-01-01

The effects of various US-USSR nuclear-exchange scenarios on global climate are investigated by means of computer simulations, summarizing the results of Turco et al. (1983) and follow-up studies using 3D global-circulation models. A nuclear-scenario model is used to determine the amounts of dust, smoke, radioactivity, and pyrotoxins generated by a particular type of nuclear exchange (such as a general 5,000-Mt exchange, a 1,000-Mt limited exchange, a 5,000-Mt hard-target counterforce attack, and a 100-Mt attack on cities only): a particle-microphysics model predicts the evolution of the dust and smoke particles; and a radiative-convective climate model estimates the effects of the dust and smoke clouds on the global radiation budget. The findings are presented in graphs, diagrams, and a table. Thick clouds blocking most sunlight over the Northern Hemisphere midlatitudes for weeks or months and producing ground-temperature reductions of 20-40 C, disruption of global circulation patterns, and rapid spread of clouds to the Southern Hemisphere are among the 'nuclear-winter' effects predicted for the 5,000-Mt baseline case. The catastrophic consequences for plant, animal, and human populations are considered, and the revision of superpower nuclear strategies is urged.

Superposition Attacks on Cryptographic Protocols

DEFF Research Database (Denmark)

Damgård, Ivan Bjerre; Funder, Jakob Løvstad; Nielsen, Jesper Buus

2011-01-01

of information. In this paper, we introduce a fundamentally new model of quantum attacks on classical cryptographic protocols, where the adversary is allowed to ask several classical queries in quantum superposition. This is a strictly stronger attack than the standard one, and we consider the security......Attacks on classical cryptographic protocols are usually modeled by allowing an adversary to ask queries from an oracle. Security is then defined by requiring that as long as the queries satisfy some constraint, there is some problem the adversary cannot solve, such as compute a certain piece...... of several primitives in this model. We show that a secret-sharing scheme that is secure with threshold $t$ in the standard model is secure against superposition attacks if and only if the threshold is lowered to $t/2$. We use this result to give zero-knowledge proofs for all of NP in the common reference...

Recurrent spontaneous attacks of dizziness.

Science.gov (United States)

Lempert, Thomas

2012-10-01

This article describes the common causes of recurrent vertigo and dizziness that can be diagnosed largely on the basis of history. Ninety percent of spontaneous recurrent vertigo and dizziness can be explained by six disorders: (1) Ménière disease is characterized by vertigo attacks, lasting 20 minutes to several hours, with concomitant hearing loss, tinnitus, and aural fullness. Aural symptoms become permanent during the course of the disease. (2) Attacks of vestibular migraine may last anywhere from minutes to days. Most patients have a previous history of migraine headaches, and many experience migraine symptoms during the attack. (3) Vertebrobasilar TIAs affect older adults with vascular risk factors. Most attacks last less than 1 hour and are accompanied by other symptoms from the posterior circulation territory. (4) Vestibular paroxysmia is caused by vascular compression of the eighth cranial nerve. It manifests itself with brief attacks of vertigo that recur many times per day, sometimes with concomitant cochlear symptoms. (5) Orthostatic hypotension causes brief episodes of dizziness lasting seconds to a few minutes after standing up and is relieved by sitting or lying down. In older adults, it may be accompanied by supine hypertension. (6) Panic attacks usually last minutes, occur in specific situations, and are accompanied by choking, palpitations, tremor, heat, and anxiety. Less common causes of spontaneous recurrent vertigo and dizziness include perilymph fistula, superior canal dehiscence, autoimmune inner ear disease, otosclerosis, cardiac arrhythmia, and medication side effects. Neurologists need to venture into otolaryngology, internal medicine, and psychiatry to master the differential diagnosis of recurrent dizziness.

Shark Attack Project - Marine Attack at Towed Hydrophone Arrays

National Research Council Canada - National Science Library

Kalmijn, Adrianus J

2005-01-01

The original objective of the SIO Marine Attack project was to identify the electric and magnetic fields causing sharks to inflict serious damage upon the towed hydrophone arrays of US Navy submarines...

Novel Method For Low-Rate Ddos Attack Detection

Science.gov (United States)

Chistokhodova, A. A.; Sidorov, I. D.

2018-05-01

The relevance of the work is associated with an increasing number of advanced types of DDoS attacks, in particular, low-rate HTTP-flood. Last year, the power and complexity of such attacks increased significantly. The article is devoted to the analysis of DDoS attacks detecting methods and their modifications with the purpose of increasing the accuracy of DDoS attack detection. The article details low-rate attacks features in comparison with conventional DDoS attacks. During the analysis, significant shortcomings of the available method for detecting low-rate DDoS attacks were found. Thus, the result of the study is an informal description of a new method for detecting low-rate denial-of-service attacks. The architecture of the stand for approbation of the method is developed. At the current stage of the study, it is possible to improve the efficiency of an already existing method by using a classifier with memory, as well as additional information.

Public opinion about nuclear energy - 1998 poll

International Nuclear Information System (INIS)

Stritar, A.; Istenic, R.

1998-01-01

In the Nuclear Training center in Ljubljana we are polling our visitors on a yearly basis. The visitors are elementary and high school students. They are polled before they listen to the lecture and visit the permanent exhibition. This year we can observe some improved attitude towards nuclear energy. This could be influence of the absence of open attacks against the nuclear power plant Krsko in the media in last two years.(author)

Physical Protection of Nuclear Safeguards Technology

International Nuclear Information System (INIS)

Hoskins, Richard

2004-01-01

IAEA's Nuclear Security Plan is established to assist Member States in implementing effective measures against nuclear terrorism. Four potential threats were identified: theft of nuclear weapon, nuclear explosive device, radiological dispersal device and an attack on radiation facility. In order to achieve effective protection of nuclear materials and facilities, the IAEA sponsored the Convention of the Physical Protection of Nuclear Materials which focuses on the protection of nuclear materials 'in international transport. The IAEA also promoted INFCIRC/255 entitled the Physical Protection of Nuclear Materials and Nuclear Facilities and published TECDOC/967 for the protection of nuclear materials and facilities against theft and sabotage and during transport. Assistance is available for the Member States through the International Physical Protection Advisory Service (IPPAS) and the International Nuclear Security Advisory Service (INSServ). (author)

Heart Attack

Science.gov (United States)

... family history of heart attack race – African Americans, Mexican Americans, Native Americans, and native Hawaiians are at ... Your doctor will prescribe the medicines that are right for you. If you have had a heart ...

Automatic Classification of Attacks on IP Telephony

Directory of Open Access Journals (Sweden)

Jakub Safarik

2013-01-01

Full Text Available This article proposes an algorithm for automatic analysis of attack data in IP telephony network with a neural network. Data for the analysis is gathered from variable monitoring application running in the network. These monitoring systems are a typical part of nowadays network. Information from them is usually used after attack. It is possible to use an automatic classification of IP telephony attacks for nearly real-time classification and counter attack or mitigation of potential attacks. The classification use proposed neural network, and the article covers design of a neural network and its practical implementation. It contains also methods for neural network learning and data gathering functions from honeypot application.

Further attacks on Yeung-Mintzer fragile watermarking scheme

Science.gov (United States)

Fridrich, Jessica; Goljan, Miroslav; Memon, Nasir D.

2000-05-01

In this paper, we describe new and improved attacks on the authentication scheme previously proposed by Yeung and Mintzer. Previous attacks assumed that the binary watermark logo inserted in an image for the purposes of authentication was known. Here we remove that assumption and show how the scheme is still vulnerable, even if the binary logo is not known but the attacker has access to multiple images that have been watermarked with the same secret key and contain the same (but unknown) logo. We present two attacks. The first attack infers the secret watermark insertion function and the binary logo, given multiple images authenticated with the same key and containing the same logo. We show that a very good approximation to the logo and watermark insertion function can be constructed using as few as two images. With color images, one needs many more images, nevertheless the attack is still feasible. The second attack we present, which we call the 'collage-attack' is a variation of the Holliman-Memon counterfeiting attack. The proposed variation does not require knowledge of the watermark logo and produces counterfeits of superior quality by means of a suitable dithering process that we develop.

Pareto Efficient Solution of Attack-Defence Trees

NARCIS (Netherlands)

Aslanyan, Zaruhi; Nielson, Flemming

Attack-defence trees are a promising approach for representing threat scenarios and possible countermeasures in a concise and intuitive manner. An attack-defence tree describes the interaction between an attacker and a defender, and is evaluated by assigning parameters to the nodes, such as

Genetic attack on neural cryptography.

Science.gov (United States)

Ruttor, Andreas; Kinzel, Wolfgang; Naeh, Rivka; Kanter, Ido

2006-03-01

Different scaling properties for the complexity of bidirectional synchronization and unidirectional learning are essential for the security of neural cryptography. Incrementing the synaptic depth of the networks increases the synchronization time only polynomially, but the success of the geometric attack is reduced exponentially and it clearly fails in the limit of infinite synaptic depth. This method is improved by adding a genetic algorithm, which selects the fittest neural networks. The probability of a successful genetic attack is calculated for different model parameters using numerical simulations. The results show that scaling laws observed in the case of other attacks hold for the improved algorithm, too. The number of networks needed for an effective attack grows exponentially with increasing synaptic depth. In addition, finite-size effects caused by Hebbian and anti-Hebbian learning are analyzed. These learning rules converge to the random walk rule if the synaptic depth is small compared to the square root of the system size.

Genetic attack on neural cryptography

International Nuclear Information System (INIS)

Ruttor, Andreas; Kinzel, Wolfgang; Naeh, Rivka; Kanter, Ido

2006-01-01

Different scaling properties for the complexity of bidirectional synchronization and unidirectional learning are essential for the security of neural cryptography. Incrementing the synaptic depth of the networks increases the synchronization time only polynomially, but the success of the geometric attack is reduced exponentially and it clearly fails in the limit of infinite synaptic depth. This method is improved by adding a genetic algorithm, which selects the fittest neural networks. The probability of a successful genetic attack is calculated for different model parameters using numerical simulations. The results show that scaling laws observed in the case of other attacks hold for the improved algorithm, too. The number of networks needed for an effective attack grows exponentially with increasing synaptic depth. In addition, finite-size effects caused by Hebbian and anti-Hebbian learning are analyzed. These learning rules converge to the random walk rule if the synaptic depth is small compared to the square root of the system size

Genetic attack on neural cryptography

Science.gov (United States)

Ruttor, Andreas; Kinzel, Wolfgang; Naeh, Rivka; Kanter, Ido

2006-03-01

Different scaling properties for the complexity of bidirectional synchronization and unidirectional learning are essential for the security of neural cryptography. Incrementing the synaptic depth of the networks increases the synchronization time only polynomially, but the success of the geometric attack is reduced exponentially and it clearly fails in the limit of infinite synaptic depth. This method is improved by adding a genetic algorithm, which selects the fittest neural networks. The probability of a successful genetic attack is calculated for different model parameters using numerical simulations. The results show that scaling laws observed in the case of other attacks hold for the improved algorithm, too. The number of networks needed for an effective attack grows exponentially with increasing synaptic depth. In addition, finite-size effects caused by Hebbian and anti-Hebbian learning are analyzed. These learning rules converge to the random walk rule if the synaptic depth is small compared to the square root of the system size.

The technological demands of nuclear power

International Nuclear Information System (INIS)

Franklin, N.L.

1978-01-01

The economics and reliability of nuclear power are discussed. Public hazard considerations are related to the public acceptance of risks in other industries. A brief account is given of nuclear safety engineering, including safety against terrorist attacks and against diversion by persons within the plant. Short-term and long-term safety problems are distinguished, with particular reference to the disposal or storage of fission products. (U.K.)

Attacks on the AJPS Mersenne-based cryptosystem

NARCIS (Netherlands)

K. de Boer (Koen); L. Ducas (Léo); S. Jeffery (Stacey); R. M. de Wolf (Ronald)

2018-01-01

textabstractAggarwal, Joux, Prakash and Santha recently introduced a new potentially quantum-safe public-key cryptosystem, and suggested that a brute-force attack is essentially optimal against it. They consider but then dismiss both Meet-in-the-Middle attacks and LLL-based attacks. Very soon after

The political attack ad

Directory of Open Access Journals (Sweden)

Palma Peña-Jiménez, Ph.D.

2011-01-01

Full Text Available During election campaigns the political spot has a clear objective: to win votes. This message is communicated to the electorate through television and Internet, and usually presents a negative approach, which includes a direct critical message against the opponent, rather than an exposition of proposals. This article is focused on the analysis of the campaign attack video ad purposely created to encourage the disapproval of the political opponent among voters. These ads focus on discrediting the opponent, many times, through the transmission of ad hominem messages, instead of disseminating the potential of the political party and the virtues and manifesto of its candidate. The article reviews the development of the attack ad since its first appearance, which in Spain dates back to 1996, when the famous Doberman ad was broadcast, and examines the most memorable campaign attack ads.

The national drill for deterrence and fighting nuclear terrorism

International Nuclear Information System (INIS)

Cioflan, Constantin

2006-01-01

Full text: National Commission for Nuclear Activities Control (CNCAN) in cooperation with the Romanian Intelligence Service (SRI) organized the 'National Drill for Deterrence and Fighting the Nuclear Terrorism' which took place on May 10, 2006 in Cheile Rasnoavei, Brasov county, Romania. This event continues the activities undertaken by CNCAN, in its capacity of a national center ensuring the nuclear safeguards, physical protection of nuclear materials as well as for preventing and fighting against illicit traffic with radioactive nuclear materials and deterring the terrorist actions menacing the security and nuclear safety of the nation. The drill consisted in simulating a terrorist attack against a shipment of nuclear fuel (made available by the Nuclear Fuel Plant at Pitesti). It was a good opportunity for testing the reacting and organizing technical capacity of the national institutions committed with physical protection in emergency situations generated by terrorist actions. The objectives of the drill was the deployment of a counter-terrorist intervention in case of a terrorist attack intending to hijack a special expedition of dangerous materials. Hostages were seized and the demand was issued for clearing the traffic up to the national boundary. The anti-terrorist brigade (SRI) organized an ambush on the route of displacement in order to capture and annihilate the terrorist unit and re-establishing the legal order. CNCAN participated in this drill with its mobile intervention unit which is a team of experts correspondingly equipped with specific instruments for detecting the nuclear materials, special equipment for communication and locating as well as with two marked vehicles. The SRI employed a number higher than 80 officers and military technicians from anti-terrorist brigade, constituted in negotiators, storming squads, paratroopers, pyrotechnic experts, communication technicians. PUMA and Alouette helicopters for launching air attacks were employed

Robust Detection of Stepping-Stone Attacks

National Research Council Canada - National Science Library

He, Ting; Tong, Lang

2006-01-01

The detection of encrypted stepping-stone attack is considered. Besides encryption and padding, the attacker is capable of inserting chaff packets and perturbing packet timing and transmission order...

The medicine of nuclear warfare

International Nuclear Information System (INIS)

Eastwood, M.

1981-01-01

In this article the immediate physical effects on survivors of a nuclear attack and the problems that might face doctors in providing first aid are considered. Radiation effects including long term and genetic effects and public health hazards facing survivors are discussed. (author)

A Framework for Attack-Resilient Industrial Control Systems : Attack Detection and Controller Reconfiguration

OpenAIRE

Paridari, Kaveh; O'Mahony, Niamh; Mady, Alie El-Din; Chabukswar, Rohan; Boubekeur, Menouer; Sandberg, Henrik

2017-01-01

Most existing industrial control systems (ICSs), such as building energy management systems (EMSs), were installed when potential security threats were only physical. With advances in connectivity, ICSs are now, typically, connected to communications networks and, as a result, can be accessed remotely. This extends the attack surface to include the potential for sophisticated cyber attacks, which can adversely impact ICS operation, resulting in service interruption, equipment damage, safety c...

The Nuclear Question. After Iran: Toward Nuclear Proliferation in the Middle East?

International Nuclear Information System (INIS)

Courmont, Barthelemy

2008-01-01

Iran's potential acquirement of the atomic bomb could lead to nuclear proliferation in the Middle East. Many countries in the region would be tempted to follow the Iranian example, in order to maintain their regional power. This development could produce significant geopolitical consequences in a region where relationships are already tense. In this context, one can envisage different crisis scenarios: support for terrorist acts, attacks on American bases in the region, threats against the state of Israel. Accelerated nuclear proliferation in the Middle East would also jeopardize the efforts undertaken by regional actors during the past four decades to create a Nuclear Weapon Free Zone (NWFZ)

An Adaptive Approach for Defending against DDoS Attacks

Directory of Open Access Journals (Sweden)

Muhai Li

2010-01-01

Full Text Available In various network attacks, the Distributed Denial-of-Service (DDoS attack is a severe threat. In order to deal with this kind of attack in time, it is necessary to establish a special type of defense system to change strategy dynamically against attacks. In this paper, we introduce an adaptive approach, which is used for defending against DDoS attacks, based on normal traffic analysis. The approach can check DDoS attacks and adaptively adjust its configurations according to the network condition and attack severity. In order to insure the common users to visit the victim server that is being attacked, we provide a nonlinear traffic control formula for the system. Our simulation test indicates that the nonlinear control approach can prevent the malicious attack packets effectively while making legitimate traffic flows arrive at the victim.

Countermeasures for unintentional and intentional video watermarking attacks

Science.gov (United States)

Deguillaume, Frederic; Csurka, Gabriela; Pun, Thierry

2000-05-01

These last years, the rapidly growing digital multimedia market has revealed an urgent need for effective copyright protection mechanisms. Therefore, digital audio, image and video watermarking has recently become a very active area of research, as a solution to this problem. Many important issues have been pointed out, one of them being the robustness to non-intentional and intentional attacks. This paper studies some attacks and proposes countermeasures applied to videos. General attacks are lossy copying/transcoding such as MPEG compression and digital/analog (D/A) conversion, changes of frame-rate, changes of display format, and geometrical distortions. More specific attacks are sequence edition, and statistical attacks such as averaging or collusion. Averaging attack consists of averaging locally consecutive frames to cancel the watermark. This attack works well for schemes which embed random independent marks into frames. In the collusion attack the watermark is estimated from single frames (based on image denoising), and averaged over different scenes for better accuracy. The estimated watermark is then subtracted from each frame. Collusion requires that the same mark is embedded into all frames. The proposed countermeasures first ensures robustness to general attacks by spread spectrum encoding in the frequency domain and by the use of an additional template. Secondly, a Bayesian criterion, evaluating the probability of a correctly decoded watermark, is used for rejection of outliers, and to implement an algorithm against statistical attacks. The idea is to embed randomly chosen marks among a finite set of marks, into subsequences of videos which are long enough to resist averaging attacks, but short enough to avoid collusion attacks. The Bayesian criterion is needed to select the correct mark at the decoding step. Finally, the paper presents experimental results showing the robustness of the proposed method.

Link-layer Jamming Attacks on S-MAC

NARCIS (Netherlands)

Law, Y.W.; Hartel, Pieter H.; den Hartog, Jeremy; Havinga, Paul J.M.

2004-01-01

We argue that among denial-of-service (DoS) attacks, link-layer jamming is a more attractive option to attackers than radio jamming is. By exploiting the semantics of the link-layer protocol (aka MAC protocol), an attacker can achieve better efficiency than blindly jamming the radio signals alone.

Link-layer jamming attacks on S-MAC

NARCIS (Netherlands)

Law, Y.W.; Hartel, Pieter H.; den Hartog, Jeremy; Havinga, Paul J.M.

We argue that among denial-of-service (DoS) attacks, link-layer jamming is a more attractive option to attackers than radio jamming is. By exploiting the semantics of the link-layer protocol (aka MAC protocol), an attacker can achieve better efficiency than blindly jamming the radio signals alone.

A computer network attack taxonomy and ontology

CSIR Research Space (South Africa)

Van Heerden, RP

2012-01-01

Full Text Available of the attack that occur after the attack goal has been achieved, and occurs because the attacker loses control of some systems. For example, after the launch of a DDOS (Distributed Denial of Service) attack, zombie computers may still connect to the target...-scrap- value-of-a-hacked-pc-revisited/ . Lancor, L., & Workman, R. (2007). Using Google Hacking to Enhance Defense Strategies. ACM SIGCSE Bulletin, 39 (1), 491-495. Lau, F., Rubin, S. H., Smith, M. H., & Trajkovic, L. (2000). Distributed Denial of Service...

Beyond the cold war nuclear legacy: offense-defense and the role of nuclear deterrence

International Nuclear Information System (INIS)

Dunn, L.A.

2001-01-01

Since the September 11 terrorist attacks on the World Trade Center and the Pentagon, the defense community of the United States focused overwhelmingly on countering the threat of global terrorism. This focus rightly reflects the danger of additional terrorist attacks against the American homeland, including conceivably even with nuclear weapons or radiological devices. At the same time, the December, 2001 announcement of the U.S. decision to withdraw from the 1972 Anti-Ballistic Missile (ABM) Treaty after the six month waiting period serves as a reminder that there still is considerable other outstanding 'defense business' confronting the United States and its European allies. In particular, it is increasingly essential to re-craft the Cold War nuclear weapons legacy, not only in its own right but because doing so can also have important payoffs for the success of the U.S.-led global anti-terrorist campaign. The following paper first describes some of the main features of the Cold War nuclear legacy. It then sketches a number of different schools of thought or camps that exist within the U.S. defense community in answer to the question, 'what next with nuclear weaponry?' In light of those contending positions, it then sets out a possible way ahead - moving to re-craft U.S. strategic dealings with Russia toward a non-adversary relationship, to avoid a new Cold War with China, and to put in place the right mix of offensive and defensive, nuclear and non-nuclear capabilities to contain 21. century proliferation dangers. (author)

Beyond the cold war nuclear legacy: offense-defense and the role of nuclear deterrence

Energy Technology Data Exchange (ETDEWEB)

Dunn, L.A

2001-07-01

Since the September 11 terrorist attacks on the World Trade Center and the Pentagon, the defense community of the United States focused overwhelmingly on countering the threat of global terrorism. This focus rightly reflects the danger of additional terrorist attacks against the American homeland, including conceivably even with nuclear weapons or radiological devices. At the same time, the December, 2001 announcement of the U.S. decision to withdraw from the 1972 Anti-Ballistic Missile (ABM) Treaty after the six month waiting period serves as a reminder that there still is considerable other outstanding 'defense business' confronting the United States and its European allies. In particular, it is increasingly essential to re-craft the Cold War nuclear weapons legacy, not only in its own right but because doing so can also have important payoffs for the success of the U.S.-led global anti-terrorist campaign. The following paper first describes some of the main features of the Cold War nuclear legacy. It then sketches a number of different schools of thought or camps that exist within the U.S. defense community in answer to the question, 'what next with nuclear weaponry?' In light of those contending positions, it then sets out a possible way ahead - moving to re-craft U.S. strategic dealings with Russia toward a non-adversary relationship, to avoid a new Cold War with China, and to put in place the right mix of offensive and defensive, nuclear and non-nuclear capabilities to contain 21. century proliferation dangers. (author)

Beyond the cold war nuclear legacy: offense-defense and the role of nuclear deterrence

Energy Technology Data Exchange (ETDEWEB)

Dunn, L A

2001-07-01

Since the September 11 terrorist attacks on the World Trade Center and the Pentagon, the defense community of the United States focused overwhelmingly on countering the threat of global terrorism. This focus rightly reflects the danger of additional terrorist attacks against the American homeland, including conceivably even with nuclear weapons or radiological devices. At the same time, the December, 2001 announcement of the U.S. decision to withdraw from the 1972 Anti-Ballistic Missile (ABM) Treaty after the six month waiting period serves as a reminder that there still is considerable other outstanding 'defense business' confronting the United States and its European allies. In particular, it is increasingly essential to re-craft the Cold War nuclear weapons legacy, not only in its own right but because doing so can also have important payoffs for the success of the U.S.-led global anti-terrorist campaign. The following paper first describes some of the main features of the Cold War nuclear legacy. It then sketches a number of different schools of thought or camps that exist within the U.S. defense community in answer to the question, 'what next with nuclear weaponry?' In light of those contending positions, it then sets out a possible way ahead - moving to re-craft U.S. strategic dealings with Russia toward a non-adversary relationship, to avoid a new Cold War with China, and to put in place the right mix of offensive and defensive, nuclear and non-nuclear capabilities to contain 21. century proliferation dangers. (author)

Countering the Nuclear Terrorist Threat

International Nuclear Information System (INIS)

Vantine, H C

2002-01-01

The nuclear/radioactive threat to homeland security posed by terrorists can be broken into four categories. Of highest concern is the use of an improvised nuclear device (IND). An IND, as its name implies, is a nuclear explosive device. It produces nuclear yield, and this nuclear yield has catastrophic effects. An IND is the ultimate terrorist weapon, and terrorist groups are actively attempting to acquire nuclear weapons. Detonation of an IND could dwarf the devastation of the September 11 attack on the World Trade Center. Dealing with the aftermath of an IND would be horrific. Rescue efforts and cleanup would be hazardous and difficult. Workers would have to wear full protection suits and self-contained breathing apparatus. Because of the residual radioactivity, in certain locations they could only work short times before acquiring their ''lifetime'' dose. As with the Chernobyl event, some rescue workers might well expose themselves to lethal doses of radiation, adding to the casualty toll. Enormous volumes of contaminated debris would have to be removed and disposed. If a terrorist group decides not to pursue an actual nuclear device, it might well turn to Radiological Dispersal Devices (RDDs) or ''dirty bombs'' as they are often called. RDDs spread radioactivity but they do not generate nuclear yield. The fabrication of an RDD requires radioactive material and a dispersal mechanism. Radioactive materials are used all over the world for medical, industrial, and research applications. Standards for safe handling and accountability of radioactive material vary around the world. Stories in the press suggest inadequate controls on radiological materials in parts of the world. The effects of an RDD vary widely, and are measured in terms of contamination area, health effects to the exposed population, and economic consequences. Even a negligible, but measurable, exposure would exploit the general public's fear of things radioactive and would have significant

Unified communications forensics anatomy of common UC attacks

CERN Document Server

Grant, Nicholas Mr

2013-01-01

Unified Communications Forensics: Anatomy of Common UC Attacks is the first book to explain the issues and vulnerabilities and demonstrate the attacks, forensic artifacts, and countermeasures required to establish a secure (UC) environment. This book is written by leading UC experts Nicholas Grant and Joseph W. Shaw II and provides material never before found on the market, including: analysis of forensic artifacts in common UC attacks an in-depth look at established UC technologies and attack exploits hands-on understanding of UC attack vectors and associated countermeasures

A Proposal for a Methodology to Develop a Cyber-Attack Penetration Test Scenario Including NPPs Safety

Energy Technology Data Exchange (ETDEWEB)

Lee, In Hyo [KAIST, Daejeon (Korea, Republic of); Son, Han Seong [Joongbu Univ., Geumsan (Korea, Republic of); Kim, Si Won [Korea Institute of Nuclear Nonproliferation and Control, Daejeon (Korea, Republic of); Kang, Hyun Gook [Rensselaer Polytechnic Institute, Troy (United States)

2016-10-15

Penetration test is a method to evaluate the cyber security of NPPs; so, this approach was performed in some studies. Because they focused on vulnerability finding or test bed construction, scenario based approach was not performed. However, to test the cyber security of NPPs, a proper test scenario should be needed. Ahn et al. developed cyber-attack scenarios but those scenarios couldn't be applied in penetration test because they developed the scenarios based on past incidents of NPPs induced by cyber-attack. That is, those scenarios only covered scenarios which were happened before; so, they couldn't cover other various scenarios and couldn't reflect them into a penetration test. In this study, a method to develop a cyber-attack penetration test scenario of NPPs especially focused on safety point of view is suggested. To evaluate the cyber security of NPPs, penetration test can be a possible way. In this study, a method to develop a penetration test scenario was explained. Especially, the goal of hacker was focused on nuclear fuel integrity deterioration. So, in the methodology, Level 1 PSA results were utilized to reflect plant safety into the security. From the PSA results, basic event was post processed and possible cyber-attacks were reviewed with vulnerabilities of digital control system.

A Proposal for a Methodology to Develop a Cyber-Attack Penetration Test Scenario Including NPPs Safety

International Nuclear Information System (INIS)

Lee, In Hyo; Son, Han Seong; Kim, Si Won; Kang, Hyun Gook

2016-01-01

Penetration test is a method to evaluate the cyber security of NPPs; so, this approach was performed in some studies. Because they focused on vulnerability finding or test bed construction, scenario based approach was not performed. However, to test the cyber security of NPPs, a proper test scenario should be needed. Ahn et al. developed cyber-attack scenarios but those scenarios couldn't be applied in penetration test because they developed the scenarios based on past incidents of NPPs induced by cyber-attack. That is, those scenarios only covered scenarios which were happened before; so, they couldn't cover other various scenarios and couldn't reflect them into a penetration test. In this study, a method to develop a cyber-attack penetration test scenario of NPPs especially focused on safety point of view is suggested. To evaluate the cyber security of NPPs, penetration test can be a possible way. In this study, a method to develop a penetration test scenario was explained. Especially, the goal of hacker was focused on nuclear fuel integrity deterioration. So, in the methodology, Level 1 PSA results were utilized to reflect plant safety into the security. From the PSA results, basic event was post processed and possible cyber-attacks were reviewed with vulnerabilities of digital control system

Protecting people against radiation exposure in the event of a radiological attack

International Nuclear Information System (INIS)

Valentin, J.

2005-01-01

This report responds to a widely perceived need for professional advice on radiological protection measures to be undertaken in the event of a radiological attack. The report, which is mainly concerned with possible attacks involving 'radioactive dispersion devices', re-affirms the applicability of existing ICRP recommendations to such situations, should they ever occur. Many aspects of the emergency scenarios expected to arise in the event of a radiological attack may be similar to those that experience has shown can arise from radiological accidents, but there may also be important differences. For instance, a radiological attack would probably be targeted at a public area, possibly in an urban environment, where the presence of radiation is not anticipated and the dispersion conditions commonly assumed for a nuclear or radiological emergency, such as at a nuclear installation, may not be applicable. First responders to a radiological attack and other rescuers need to be adequately trained and to have the proper equipment for identifying radiation and radioactive contamination, and specialists in radiological protection must be available to provide advice. It may be prudent to assume that radiological, chemical, and/or biological agents are involved in an attack until it is proven otherwise. This calls for an 'all-hazard' approach to the response. In the aftermath of an attack, the main aim of radiological protection must be to prevent the occurrence of acute health effects attributable to radiation exposure (termed 'deterministic' effects) and to restrict the likelihood of late health effects (termed 'stochastic' effects) such as cancers and some hereditable diseases. A supplementary aim is to minimise environmental contamination from radioactive residues and the subsequent general disruption of daily life. The report notes that action taken to avert exposures is a much more effective protective measure than protective measure the provision of medical treatment

Attacks and countermeasures on AES and ECC

DEFF Research Database (Denmark)

Tange, Henrik; Andersen, Birger

2013-01-01

AES (Advanced Encryption Standard) is widely used in LTE and Wi-Fi communication systems. AES has recently been exposed to new attacks which have questioned the overall security of AES. The newest attack is a so called biclique attack, which is using the fact that the content of the state array...

INDUSTRIAL CONTROL SYSTEM CYBER SECURITY: QUESTIONS AND ANSWERS RELEVANT TO NUCLEAR FACILITIES, SAFEGUARDS AND SECURITY

Energy Technology Data Exchange (ETDEWEB)

Robert S. Anderson; Mark Schanfein; Trond Bjornard; Paul Moskowitz

2011-07-01

Typical questions surrounding industrial control system (ICS) cyber security always lead back to: What could a cyber attack do to my system(s) and; how much should I worry about it? These two leading questions represent only a fraction of questions asked when discussing cyber security as it applies to any program, company, business, or organization. The intent of this paper is to open a dialog of important pertinent questions and answers that managers of nuclear facilities engaged in nuclear facility security and safeguards should examine, i.e., what questions should be asked; and how do the answers affect an organization's ability to effectively safeguard and secure nuclear material. When a cyber intrusion is reported, what does that mean? Can an intrusion be detected or go un-noticed? Are nuclear security or safeguards systems potentially vulnerable? What about the digital systems employed in process monitoring, and international safeguards? Organizations expend considerable efforts to ensure that their facilities can maintain continuity of operations against physical threats. However, cyber threats particularly on ICSs may not be well known or understood, and often do not receive adequate attention. With the disclosure of the Stuxnet virus that has recently attacked nuclear infrastructure, many organizations have recognized the need for an urgent interest in cyber attacks and defenses against them. Several questions arise including discussions about the insider threat, adequate cyber protections, program readiness, encryption, and many more. These questions, among others, are discussed so as to raise the awareness and shed light on ways to protect nuclear facilities and materials against such attacks.

Industrial Control System Cyber Security: Questions And Answers Relevant To Nuclear Facilities, Safeguards And Security

International Nuclear Information System (INIS)

Anderson, Robert S.; Schanfein, Mark; Bjornard, Trond; Moskowitz, Paul

2011-01-01

Typical questions surrounding industrial control system (ICS) cyber security always lead back to: What could a cyber attack do to my system(s) and; how much should I worry about it? These two leading questions represent only a fraction of questions asked when discussing cyber security as it applies to any program, company, business, or organization. The intent of this paper is to open a dialog of important pertinent questions and answers that managers of nuclear facilities engaged in nuclear facility security and safeguards should examine, i.e., what questions should be asked; and how do the answers affect an organization's ability to effectively safeguard and secure nuclear material. When a cyber intrusion is reported, what does that mean? Can an intrusion be detected or go un-noticed? Are nuclear security or safeguards systems potentially vulnerable? What about the digital systems employed in process monitoring, and international safeguards? Organizations expend considerable efforts to ensure that their facilities can maintain continuity of operations against physical threats. However, cyber threats particularly on ICSs may not be well known or understood, and often do not receive adequate attention. With the disclosure of the Stuxnet virus that has recently attacked nuclear infrastructure, many organizations have recognized the need for an urgent interest in cyber attacks and defenses against them. Several questions arise including discussions about the insider threat, adequate cyber protections, program readiness, encryption, and many more. These questions, among others, are discussed so as to raise the awareness and shed light on ways to protect nuclear facilities and materials against such attacks.

Classifying network attack scenarios using an ontology

CSIR Research Space (South Africa)

Van Heerden, RP

2012-03-01

Full Text Available ) or to the target?s reputation. The Residue sub-phase refers to damage or artefacts of the attack that occur after the attack goal has been achieved, and occurs because the attacker loses control of some systems. For example after the launch of a DDOS..., A. (1995). Hacking theft of $10 million from citibank revealed. Retrieved 10/10, 2011, from http://articles.latimes.com/1995-08-19/business/fi-36656_1_citibank-system Hurley, E. (2004). SCO site succumbs to DDoS attack. Retrieved 10/10, 2011, from...

Modelling Social-Technical Attacks with Timed Automata

DEFF Research Database (Denmark)

David, Nicolas; David, Alexandre; Hansen, Rene Rydhof

2015-01-01

. In this paper we develop an approach towards modelling socio-technical systems in general and socio-technical attacks in particular, using timed automata and illustrate its application by a complex case study. Thanks to automated model checking and automata theory, we can automatically generate possible attacks...... in our model and perform analysis and simulation of both model and attack, revealing details about the specific interaction between attacker and victim. Using timed automata also allows for intuitive modelling of systems, in which quantities like time and cost can be easily added and analysed....

Quantitative Verification and Synthesis of Attack-Defence Scenarios

DEFF Research Database (Denmark)

Aslanyan, Zaruhi; Nielson, Flemming; Parker, David

2016-01-01

analysis of quantitative properties of complex attack-defence scenarios, using an extension of attack-defence trees which models temporal ordering of actions and allows explicit dependencies in the strategies adopted by attackers and defenders. We adopt a game-theoretic approach, translating attack...... which guarantee or optimise some quantitative property, such as the probability of a successful attack, the expected cost incurred, or some multi-objective trade-off between the two. We implement our approach, building upon the PRISM-games model checker, and apply it to a case study of an RFID goods...

Situational awareness of a coordinated cyber attack

Science.gov (United States)

Sudit, Moises; Stotz, Adam; Holender, Michael

2005-03-01

As technology continues to advance, services and capabilities become computerized, and an ever increasing amount of business is conducted electronically the threat of cyber attacks gets compounded by the complexity of such attacks and the criticality of the information which must be secured. A new age of virtual warfare has dawned in which seconds can differentiate between the protection of vital information and/or services and a malicious attacker attaining their goal. In this paper we present a novel approach in the real-time detection of multistage coordinated cyber attacks and the promising initial testing results we have obtained. We introduce INFERD (INformation Fusion Engine for Real-time Decision-making), an adaptable information fusion engine which performs fusion at levels zero, one, and two to provide real-time situational assessment and its application to the cyber domain in the ECCARS (Event Correlation for Cyber Attack Recognition System) system. The advantages to our approach are fourfold: (1) The complexity of the attacks which we consider, (2) the level of abstraction in which the analyst interacts with the attack scenarios, (3) the speed at which the information fusion is presented and performed, and (4) our disregard for ad-hoc rules or a priori parameters.

Anti-discrimination Analysis Using Privacy Attack Strategies

KAUST Repository

Ruggieri, Salvatore

2014-09-15

Social discrimination discovery from data is an important task to identify illegal and unethical discriminatory patterns towards protected-by-law groups, e.g., ethnic minorities. We deploy privacy attack strategies as tools for discrimination discovery under hard assumptions which have rarely tackled in the literature: indirect discrimination discovery, privacy-aware discrimination discovery, and discrimination data recovery. The intuition comes from the intriguing parallel between the role of the anti-discrimination authority in the three scenarios above and the role of an attacker in private data publishing. We design strategies and algorithms inspired/based on Frèchet bounds attacks, attribute inference attacks, and minimality attacks to the purpose of unveiling hidden discriminatory practices. Experimental results show that they can be effective tools in the hands of anti-discrimination authorities.

You have no right to make me think about this--the de-legitimation of current nuclear policies among key American elites

Energy Technology Data Exchange (ETDEWEB)

Davies, R.G.

1982-11-16

Until fairly recently, most segments of the American public, particularly our various elites, supported American nuclear policy, namely the maintenance of large and expanding nuclear stockpiles, the official foreswearing of the use of these weapons in a strategic first-strike, and the policy of threatening retaliation for Soviet nuclear attacks in war, by nuclear attacks on enemy cities and military centers. There is increasing evidence that this support is rapidly eroding; especially among key American elites. This is shown through increasingly vocal dissatisfaction with the continued growth and modernization of the nuclear stockpile; and second, in the dawning awareness of a discrepancy between our official policy of no first-strike and contingency plans to employ first-strike tactical nuclear weapons in the event of a Warsaw Pact attack upon Western Europe. Concerns have surfaced here due both to distaste at the growing size of our nuclear arsenal and the perception that we have not been altogether honest in our official stance of a no first-strike with nuclear weapons. Increasing numbers of Americans are coming to see our nuclear policy as inconsistent, senseless, and, most significantly, immoral, and therefore support a nuclear freeze.

Cyberprints: Identifying Cyber Attackers by Feature Analysis

Science.gov (United States)

Blakely, Benjamin A.

2012-01-01

The problem of attributing cyber attacks is one of increasing importance. Without a solid method of demonstrating the origin of a cyber attack, any attempts to deter would-be cyber attackers are wasted. Existing methods of attribution make unfounded assumptions about the environment in which they will operate: omniscience (the ability to gather,…

Simulation of Attacks for Security in Wireless Sensor Network.

Science.gov (United States)

Diaz, Alvaro; Sanchez, Pablo

2016-11-18

The increasing complexity and low-power constraints of current Wireless Sensor Networks (WSN) require efficient methodologies for network simulation and embedded software performance analysis of nodes. In addition, security is also a very important feature that has to be addressed in most WSNs, since they may work with sensitive data and operate in hostile unattended environments. In this paper, a methodology for security analysis of Wireless Sensor Networks is presented. The methodology allows designing attack-aware embedded software/firmware or attack countermeasures to provide security in WSNs. The proposed methodology includes attacker modeling and attack simulation with performance analysis (node's software execution time and power consumption estimation). After an analysis of different WSN attack types, an attacker model is proposed. This model defines three different types of attackers that can emulate most WSN attacks. In addition, this paper presents a virtual platform that is able to model the node hardware, embedded software and basic wireless channel features. This virtual simulation analyzes the embedded software behavior and node power consumption while it takes into account the network deployment and topology. Additionally, this simulator integrates the previously mentioned attacker model. Thus, the impact of attacks on power consumption and software behavior/execution-time can be analyzed. This provides developers with essential information about the effects that one or multiple attacks could have on the network, helping them to develop more secure WSN systems. This WSN attack simulator is an essential element of the attack-aware embedded software development methodology that is also introduced in this work.

Simulation of Attacks for Security in Wireless Sensor Network

Science.gov (United States)

Diaz, Alvaro; Sanchez, Pablo

2016-01-01

The increasing complexity and low-power constraints of current Wireless Sensor Networks (WSN) require efficient methodologies for network simulation and embedded software performance analysis of nodes. In addition, security is also a very important feature that has to be addressed in most WSNs, since they may work with sensitive data and operate in hostile unattended environments. In this paper, a methodology for security analysis of Wireless Sensor Networks is presented. The methodology allows designing attack-aware embedded software/firmware or attack countermeasures to provide security in WSNs. The proposed methodology includes attacker modeling and attack simulation with performance analysis (node’s software execution time and power consumption estimation). After an analysis of different WSN attack types, an attacker model is proposed. This model defines three different types of attackers that can emulate most WSN attacks. In addition, this paper presents a virtual platform that is able to model the node hardware, embedded software and basic wireless channel features. This virtual simulation analyzes the embedded software behavior and node power consumption while it takes into account the network deployment and topology. Additionally, this simulator integrates the previously mentioned attacker model. Thus, the impact of attacks on power consumption and software behavior/execution-time can be analyzed. This provides developers with essential information about the effects that one or multiple attacks could have on the network, helping them to develop more secure WSN systems. This WSN attack simulator is an essential element of the attack-aware embedded software development methodology that is also introduced in this work. PMID:27869710

Using agility to combat cyber attacks.

Science.gov (United States)

Anderson, Kerry

2017-06-01

Some incident response practitioners feel that they have been locked in a battle with cyber criminals since the popular adoption of the internet. Initially, organisations made great inroads in preventing and containing cyber attacks. In the last few years, however, cyber criminals have become adept at eluding defence security technologies and rapidly modifying their exploit strategies for financial or political gains. Similar to changes in military combat tactics, cyber criminals utilise distributed attack cells, real-time communications, and rapidly mutating exploits to minimise the potential for detection. Cyber criminals have changed their attack paradigm. This paper describes a new incident response paradigm aimed at combating the new model of cyber attacks with an emphasis on agility to increase the organisation's ability to respond rapidly to these new challenges.

Nuclear Forensics: A Holistic Overview

International Nuclear Information System (INIS)

Luksic, Andrzej T.; Friese, Judah I.; Schwantes, Jon M.; Starner, Jason R.; Wacker, John F.

2010-01-01

Discussions of nuclear forensics are often restricted to work performed by radio-chemists measuring nuclear material attributes in the laboratory. However, this represents only one portion of the work required to answer critical questions. Laboratory analysis results in measurements that need to be evaluated. The results of those evaluations must be put into their proper context in order for them to be useful to others and often require merging those results with additional information. This may contribute to attribution, by virtue of inclusion or exclusion. Finally, the end product must be presented such that appropriate actions can be taken. This could include prosecution by law enforcement, policy initiatives on the part of legislative bodies, or military action in the case of nuclear attack (whether that attack is preempted or not). Using the discovery of a sample of plutonium during cleanup activities at Hanford in 2004, we will step through the process of discovery (representing an interdiction), initial field analysis, laboratory analysis, data evaluation and merging with additional data (similar to law enforcement and/or all source), thereby providing an example of an integrated approach.

Efforts of Uzbekistan to prevent nuclear terrorism and smuggling of radioactive and nuclear materials

International Nuclear Information System (INIS)

Petrenko, V.D.; Karimov, Yu.N.; Podkovirin, A.I.; Shipilov, N.N.; Yuldashev, B.S.; Fazylov, M.I.

2005-01-01

Uzbekistan is located on the cross-roads from the north-Russia, Western Europe-to the south-Afghanistan, Iran, Iraq and others. The appearance of terrorist organizations urged some Asian countries to make the nuclear weapons, the making the task of stopping the transportation of nuclear materials and technologies from the north (from countries possessing nuclear weapon) to the south (to countries desiring to have weapons and its components) a reality. To resolve this problem, on the main transportation routes, 'Yantar' stationary radiation monitors of Russian production were installed, and development and production of monitors of our own make was started. This paper covers these works as well as those on preventing possible terrorist attacks on nuclear objects of Uzbekistan

Analysis of fire protection in nuclear power plants

International Nuclear Information System (INIS)

Hosser, D.; Schneider, U.

1982-01-01

Regulations and test specifications for fire prevention in nuclear power plants are presented as well as the fire protection measures in a newly constructed nuclear power plant. Although the emphasis is placed differently, all rules are based on the following single measures: Fire prevention, fire detection, fire fighting, fire checking, attack, flight, and rescue, organisational measures. (orig./GL) [de

Women's Heart Disease: Heart Attack Symptoms

Science.gov (United States)

... of this page please turn JavaScript on. Feature: Women's Heart Disease Heart Attack Symptoms Past Issues / Winter ... most common heart attack symptom in men and women is chest pain or discomfort. However, women also ...

A novel proposed network security management approach for cyber attacks

International Nuclear Information System (INIS)

Ahmed, Z.; Nazir, B.; Zafar, M.F.; Anwar, M.M.; Azam, K.; Asar, A.U.

2007-01-01

Network security is a discipline that focuses on securing networks from unauthorized access. Given the Escalating threats of malicious cyber attacks, modern enterprises employ multiple lines of defense. A comprehensive defense strategy against such attacks should include (I) an attack detection component that deter- mines the fact that a program is compromised, (2) an attack identification and prevention component that identifies attack packets so that one can block such packets in the future and prevents the attack from further propagation. Over the last decade, a significant amount of research has been vested in the systems that can detect cyber attacks either statically at compile time or dynamically at run time, However, not much effort is spent on automated attack packet identification or attack prevention. In this paper we present a unified solution to the problems mentioned above. We implemented this solution after the forward engineering of Open Source Security Information Management (OSSIM) system called Preventive Information Security management (PrISM) system that correlates input from different sensors so that the resulting product can automatically detect any cyber attack against it and prevents by identifying the actual attack packet(s). The PrISM was always able to detect the attacks, identify the attack packets and most often prevent by blocking the attacker's IP address to continue normal execution. There is no additional run-time performance overhead for attack prevention. (author)

Socio-environmental impacts of Angra dos Reis nuclear power plant

International Nuclear Information System (INIS)

Rosa, L.P.; Hesles, J.B.S.

1984-01-01

Technological aspects and the social problematic inherent to implementation of nuclear power plants in Brazil are studied. it is showed the study in two levels: one of them, attacks aspects linked to nuclear energy and their risks in Brazil; the other one, treats of impacts of the Angra dos Reis nuclear power plants on the local comunity. (M.C.K.) [pt

Adaptive optimisation-offline cyber attack on remote state estimator

Science.gov (United States)

Huang, Xin; Dong, Jiuxiang

2017-10-01

Security issues of cyber-physical systems have received increasing attentions in recent years. In this paper, deception attacks on the remote state estimator equipped with the chi-squared failure detector are considered, and it is assumed that the attacker can monitor and modify all the sensor data. A novel adaptive optimisation-offline cyber attack strategy is proposed, where using the current and previous sensor data, the attack can yield the largest estimation error covariance while ensuring to be undetected by the chi-squared monitor. From the attacker's perspective, the attack is better than the existing linear deception attacks to degrade the system performance. Finally, some numerical examples are provided to demonstrate theoretical results.

Cyber-physical attacks a growing invisible threat

CERN Document Server

Loukas, George

2015-01-01

Cyber-Physical Attacks: A Growing Invisible Threat presents the growing list of harmful uses of computers and their ability to disable cameras, turn off a building's lights, make a car veer off the road,  or a drone land in enemy hands. In essence, it details the ways cyber-physical attacks are replacing physical attacks in crime, warfare, and terrorism. The book explores how attacks using computers affect the physical world in ways that were previously only possible through physical means. Perpetrators can now cause damage without the same risk, and without the political, social, or moral

Nuclear power: Siting and safety

International Nuclear Information System (INIS)

Openshaw, S.

1986-01-01

By 2030, half, or even two-thirds, of all electricity may be generated by nuclear power. Major reactor accidents are still expected to be rare occurrences, but nuclear safety is largely a matter of faith. Terrorist attacks, sabotage, and human error could cause a significant accident. Reactor siting can offer an additional, design-independent margin of safety. Remote geographical sites for new plants would minimize health risks, protect the industry from negative changes in public opinion concerning nuclear energy, and improve long-term public acceptance of nuclear power. U.K. siting practices usually do not consider the contribution to safety that could be obtained from remote sites. This book discusses the present trends of siting policies of nuclear power and their design-independent margin of safety

Use of Attack Graphs in Security Systems

Directory of Open Access Journals (Sweden)

Vivek Shandilya

2014-01-01

Full Text Available Attack graphs have been used to model the vulnerabilities of the systems and their potential exploits. The successful exploits leading to the partial/total failure of the systems are subject of keen security interest. Considerable effort has been expended in exhaustive modeling, analyses, detection, and mitigation of attacks. One prominent methodology involves constructing attack graphs of the pertinent system for analysis and response strategies. This not only gives the simplified representation of the system, but also allows prioritizing the security properties whose violations are of greater concern, for both detection and repair. We present a survey and critical study of state-of-the-art technologies in attack graph generation and use in security system. Based on our research, we identify the potential, challenges, and direction of the current research in using attack graphs.

I and C security program for nuclear facilities: implementation guide - TAFICS/IG/2

International Nuclear Information System (INIS)

2016-04-01

This is the second in a series of documents being developed by TAFICS for protecting computer-based I and C systems of Indian nuclear facilities from cyber attacks. The document provides guidance to nuclear facility management to establish, implement and maintain a robust I and C security program - consisting of security plan and a set of security controls. In order to provide a firm basis for the security program, the document also identifies the fundamental security principles and foundational security requirements related to computer-based I and C systems of nuclear facilities. It is recommended that all applicable Indian nuclear facilities should implement the security program - with required adaptation - so as to provide the necessary assurance that the I and C systems are adequately protected against cyber attacks. (author)

A fatal elephant attack.

Science.gov (United States)

Hejna, Petr; Zátopková, Lenka; Safr, Miroslav

2012-01-01

A rare case of an elephant attack is presented. A 44-year-old man working as an elephant keeper was attacked by a cow elephant when he tripped over a foot chain while the animal was being medically treated. The man fell down and was consequently repeatedly attacked with elephant tusks. The man sustained multiple stab injuries to both groin regions, a penetrating injury to the abdominal wall with traumatic prolapse of the loops of the small bowel, multiple defects of the mesentery, and incomplete laceration of the abdominal aorta with massive bleeding into the abdominal cavity. In addition to the penetrating injuries, the man sustained multiple rib fractures with contusion of both lungs and laceration of the right lobe of the liver, and comminuted fractures of the pelvic arch and left femoral body. The man died shortly after he had been received at the hospital. The cause of death was attributed to traumatic shock. © 2011 American Academy of Forensic Sciences.

Cyber Attacks, Information Attacks, and Postmodern Warfare

Directory of Open Access Journals (Sweden)

Valuch Jozef

2017-06-01

Full Text Available The aim of this paper is to evaluate and differentiate between the phenomena of cyberwarfare and information warfare, as manifestations of what we perceive as postmodern warfare. We describe and analyse the current examples of the use the postmodern warfare and the reactions of states and international bodies to these phenomena. The subject matter of this paper is the relationship between new types of postmodern conflicts and the law of armed conflicts (law of war. Based on ICJ case law, it is clear that under current legal rules of international law of war, cyber attacks as well as information attacks (often performed in the cyberspace as well can only be perceived as “war” if executed in addition to classical kinetic warfare, which is often not the case. In most cases perceived “only” as a non-linear warfare (postmodern conflict, this practice nevertheless must be condemned as conduct contrary to the principles of international law and (possibly a crime under national laws, unless this type of conduct will be recognized by the international community as a “war” proper, in its new, postmodern sense.

False Positive and False Negative Effects on Network Attacks

Science.gov (United States)

Shang, Yilun

2018-01-01

Robustness against attacks serves as evidence for complex network structures and failure mechanisms that lie behind them. Most often, due to detection capability limitation or good disguises, attacks on networks are subject to false positives and false negatives, meaning that functional nodes may be falsely regarded as compromised by the attacker and vice versa. In this work, we initiate a study of false positive/negative effects on network robustness against three fundamental types of attack strategies, namely, random attacks (RA), localized attacks (LA), and targeted attack (TA). By developing a general mathematical framework based upon the percolation model, we investigate analytically and by numerical simulations of attack robustness with false positive/negative rate (FPR/FNR) on three benchmark models including Erdős-Rényi (ER) networks, random regular (RR) networks, and scale-free (SF) networks. We show that ER networks are equivalently robust against RA and LA only when FPR equals zero or the initial network is intact. We find several interesting crossovers in RR and SF networks when FPR is taken into consideration. By defining the cost of attack, we observe diminishing marginal attack efficiency for RA, LA, and TA. Our finding highlights the potential risk of underestimating or ignoring FPR in understanding attack robustness. The results may provide insights into ways of enhancing robustness of network architecture and improve the level of protection of critical infrastructures.

Machine Learning Methods for Attack Detection in the Smart Grid.

Science.gov (United States)

Ozay, Mete; Esnaola, Inaki; Yarman Vural, Fatos Tunay; Kulkarni, Sanjeev R; Poor, H Vincent

2016-08-01

Attack detection problems in the smart grid are posed as statistical learning problems for different attack scenarios in which the measurements are observed in batch or online settings. In this approach, machine learning algorithms are used to classify measurements as being either secure or attacked. An attack detection framework is provided to exploit any available prior knowledge about the system and surmount constraints arising from the sparse structure of the problem in the proposed approach. Well-known batch and online learning algorithms (supervised and semisupervised) are employed with decision- and feature-level fusion to model the attack detection problem. The relationships between statistical and geometric properties of attack vectors employed in the attack scenarios and learning algorithms are analyzed to detect unobservable attacks using statistical learning methods. The proposed algorithms are examined on various IEEE test systems. Experimental analyses show that machine learning algorithms can detect attacks with performances higher than attack detection algorithms that employ state vector estimation methods in the proposed attack detection framework.

Transient Ischemic Attack

Medline Plus

Full Text Available ... stroke symptoms. Popular Topics TIA Cardiac Catheter Cholesterol Heart Attack Stent © 2018, American Heart Association, Inc. All rights reserved. Unauthorized use prohibited. ...

Application distribution model and related security attacks in VANET

Science.gov (United States)

Nikaein, Navid; Kanti Datta, Soumya; Marecar, Irshad; Bonnet, Christian

2013-03-01

In this paper, we present a model for application distribution and related security attacks in dense vehicular ad hoc networks (VANET) and sparse VANET which forms a delay tolerant network (DTN). We study the vulnerabilities of VANET to evaluate the attack scenarios and introduce a new attacker`s model as an extension to the work done in [6]. Then a VANET model has been proposed that supports the application distribution through proxy app stores on top of mobile platforms installed in vehicles. The steps of application distribution have been studied in detail. We have identified key attacks (e.g. malware, spamming and phishing, software attack and threat to location privacy) for dense VANET and two attack scenarios for sparse VANET. It has been shown that attacks can be launched by distributing malicious applications and injecting malicious codes to On Board Unit (OBU) by exploiting OBU software security holes. Consequences of such security attacks have been described. Finally, countermeasures including the concepts of sandbox have also been presented in depth.

Nonepileptic attack disorder among married women.

Science.gov (United States)

Dhanaraj, M; Rangaraj, R; Arulmozhi, T; Vengatesan, A

2005-06-01

To study the clinical features, precipitating stressful life events and prognosis of nonepileptic attack disorder (NEAD) among married women. Prospective cohort study with 1-year follow-up. A tertiary care teaching hospital. Of the 1020 patients with epilepsy referred to the epilepsy clinic during 2002-2003, 30 were married women with NEAD. The diagnostic criteria for NEAD included normal EEG during ictal and post-ictal phase of the generalized 'attack.' The data collected included clinical characteristics, semiology of the attacks, precipitating stressful events, and co-morbid psychiatric disorders. The control group included 30 age-matched married women with generalized tonic-clonic seizures. The long-term outcome and factors influencing the outcomes were analyzed. The mean duration of illness was 18 months, and the pattern of the attack was 'fall and lying still' in 53% and 'fall with generalized motor movements' in 47%. The frequency was one or more per week in 57% and occasionally in 43%. The important stressful events were matrimonial discord following illegal relationship of the husband with another woman (chi2 = 9.02, P = 0.003) and constant quarrel with other family members (chi2 = 5.19, P = 0.02). The prevalence of sexual abuse was low (7%). Co-morbid psychiatric disorder was observed in 70%. At the end of 1 year, 39% were free from the attack. Resolution of the stressful life events (chi2 = 4.52, P = 0.03) and lower frequency of attack at the time of reporting (chi2 = 3.88, P = 0.05) correlated with good outcomes. Among patients with NEAD in India, the major precipitating factors were matrimonial discord following illegal relationship of the husband with another woman and constant quarrel with other family members and not sexual abuse. Women with low frequency of attack at the time of reporting and the remission of the stressful events had better outcomes.

Nuclear theft and sabotage. Priorities for reducing new threats

International Nuclear Information System (INIS)

Bunn, Matthew; Bunn, George

2001-01-01

The appalling attacks of 11 September 2001 in the United States make clear that the threat of large, well-organized global terrorist groups bent on causing mass destruction is not hypothetical but real. The attackers achieved horrifying destruction with box-cutters. The results could have been even more horrific if the attackers would have had access to, and used, weapons of mass destruction. Ensuring that technologies and materials for weapons of mass destruction - especially weapons-usable nuclear materials, whose acquisition is the most difficult part of making a nuclear bomb - do not fall into the hands of terrorist groups or hostile States must be a central element of the coming global effort to prevent catastrophic terrorism. At the same time, nuclear facilities and materials - along with a wide range of other especially hazardous facilities and materials must be protected from mass-consequence sabotage. Securing these materials and facilities must be a top priority on the international agenda - pursued at every opportunity, at every level of authority, until the job is done. At the same time, the threats against which we must defend have to be fundamentally reconsidered. On 11 September, the threat revealed itself to be bigger, smarter, better organized, and more deadly than the threats most of the world's security systems were designed to defend against. We must ensure that our defensive response is every bit as intelligent and capable as the September attackers. And we may have to rethink some of the approaches to nuclear energy that the world has been pursuing or contemplating. Every reasonable effort must be made to ensure that nuclear materials and facilities are effectively secured. In the past, many scenarios with enormously high consequences were dismissed as too unlikely to contribute much to overall risk - but now many of these probability estimates will have to be revised. A far-reaching new effort is needed to strengthen security for nuclear

Subclinical endophthalmitis following a rooster attack.

Science.gov (United States)

Lekse Kovach, Jaclyn; Maguluri, Srilakshmi; Recchia, Franco M

2006-12-01

Ocular injury resulting from rooster attacks is rarely reported in the literature. Sadly, the target of these attacks is most often children younger than 3 years old, whose naiveté of the aggressive, territorial behavior of birds can place them at risk. Acute sequelae of these attacks can result in a lifetime of visual impairment. The possibility of a subacute or occult infection is an unusual occurrence that must always be considered. In an effort to prevent future attacks and ocular casualties, we present a case of a 12-month-old boy who suffered an open globe following a rooster attack. The open globe was emergently repaired. One week later, a white cataract was noticed on examination in the absence of systemic or ocular signs of inflammation. Traumatic endophthalmitis and lenticular abscess were suspected during examination under anesthesia. Vitrectomy, lensectomy, and injection of intravitreal antibiotics were performed. Culture of lenticular and vitreous aspirates grew alpha-streptococcus. Alpha-streptococcal endophthalmitis can result from ocular injuries caused by rooster pecking. The infection may present insidiously and without typical ocular or systemic symptoms or signs. Management is challenging and may require surgery.

Humanity can survive a nuclear war

International Nuclear Information System (INIS)

Greene, J.C.

1985-01-01

In this paper, the author expresses his belief that while a nuclear war would be a horrendous experience, the United States could still survive and ultimately recover. The author describes what the United States would be like two weeks after a full-scale attack against major military targets and population centers. He says about one half of the population will survive but their lifestyles will be drastically different. Although water distribution systems could be damaged and water service interrupted, analysis has shown that in most cases enough drinking water would be available. Food would also not be a serious complicating factor. With the right precautions, there is no intrinsic reason why life-support requirements for the survivors of a nuclear attack should not be met. The author also discusses how epidemics and diseases could be avoided. He also explains why the genetic effects of radiation are misunderstood and why a nuclear war would not cause sufficient mutations to threaten the survival of the society. The author concludes that the argument that a nuclear war could eliminate the human species or bring an end to civilization as we know it has not stood up to the light of objective and scientific examination

Robustness analysis of interdependent networks under multiple-attacking strategies

Science.gov (United States)

Gao, Yan-Li; Chen, Shi-Ming; Nie, Sen; Ma, Fei; Guan, Jun-Jie

2018-04-01

The robustness of complex networks under attacks largely depends on the structure of a network and the nature of the attacks. Previous research on interdependent networks has focused on two types of initial attack: random attack and degree-based targeted attack. In this paper, a deliberate attack function is proposed, where six kinds of deliberate attacking strategies can be derived by adjusting the tunable parameters. Moreover, the robustness of four types of interdependent networks (BA-BA, ER-ER, BA-ER and ER-BA) with different coupling modes (random, positive and negative correlation) is evaluated under different attacking strategies. Interesting conclusions could be obtained. It can be found that the positive coupling mode can make the vulnerability of the interdependent network to be absolutely dependent on the most vulnerable sub-network under deliberate attacks, whereas random and negative coupling modes make the vulnerability of interdependent network to be mainly dependent on the being attacked sub-network. The robustness of interdependent network will be enhanced with the degree-degree correlation coefficient varying from positive to negative. Therefore, The negative coupling mode is relatively more optimal than others, which can substantially improve the robustness of the ER-ER network and ER-BA network. In terms of the attacking strategies on interdependent networks, the degree information of node is more valuable than the betweenness. In addition, we found a more efficient attacking strategy for each coupled interdependent network and proposed the corresponding protection strategy for suppressing cascading failure. Our results can be very useful for safety design and protection of interdependent networks.

United States Seaport Security: Protection Against a Nuclear Device Attack Delivered in a Shipping Cargo Container

Science.gov (United States)

2014-06-13

off a radioactive dirty bomb, and on 29 June Moldavian undercover security agents posing as a North African buyer arrested six men trying to sell...military targets in various countries, including the 11 September 2001 attacks, 1998 U.S. Embassy bombings, USS Cole bombings, and 2002 Bali bombings

Optimizing power system investments and resilience against attacks

International Nuclear Information System (INIS)

Fang, Yiping; Sansavini, Giovanni

2017-01-01

This paper studies the combination of capacity expansion and switch installation in electric systems that ensures optimum performance under nominal operations and attacks. The planner–attacker–defender model is adopted to develop decisions that minimize investment and operating costs, and functionality loss after attacks. The model bridges long-term system planning for transmission expansion and short-term switching operations in reaction to attacks. The mixed-integer optimization is solved by decomposition via two-layer cutting plane algorithm. Numerical results on an IEEE system shows that small investments in transmission line switching enhance resilience by responding to disruptions via system reconfiguration. Sensitivity analyses show that transmission planning under the assumption of small-scale attacks provides the most robust strategy, i.e. the minimum-regret planning, if many constraints and limited investment budget affect the planning. On the other hand, the assumption of large-scale attacks provides the most robust strategy if the planning process involves large flexibility and budget. - Highlights: • Investment optimization in power systems under attacks is presented. • Capacity expansion and switch installation for system reconfiguration are combined. • The problem is solved by decomposition via two-layer cutting plane algorithm. • Small investments in switch installation enhance resilience by response to attacks. • Sensitivity analyses identify robust planning against different attack scenarios.

The Drivers of Indias Nuclear Weapons Program

Science.gov (United States)

2014-06-01

of-nerves. 158 Dean Nelson and Tom Hussain, “Militants Attack Pakistan Nuclear Air Base,” The Telegraph, August 16, 2012, http...hermetically sealed for storage and transport,” a process only possible now that India has largely moved to solid-fueled ballistic missiles.273...have become more hands-off with nuclear policy, since achievements in that field do not translate into electoral success. The Indian population

Attacker Modelling in Ubiquitous Computing Systems

DEFF Research Database (Denmark)

Papini, Davide

in with our everyday life. This future is visible to everyone nowadays: terms like smartphone, cloud, sensor, network etc. are widely known and used in our everyday life. But what about the security of such systems. Ubiquitous computing devices can be limited in terms of energy, computing power and memory...... attacker remain somehow undened and still under extensive investigation. This Thesis explores the nature of the ubiquitous attacker with a focus on how she interacts with the physical world and it denes a model that captures the abilities of the attacker. Furthermore a quantitative implementation...

Peacetime Use of Computer Network Attack

National Research Council Canada - National Science Library

Busby, Daniel

2000-01-01

.... PDD-63 alerts the nation to prepare for impending cyber attacks. This paper examines the nature, scale, and likelihood of cyber attacks posited in PDD-63 and finds that the country does not face an imminent "electronic Pearl Harbor...

Denial of Service Attack Techniques: Analysis, Implementation and Comparison

Directory of Open Access Journals (Sweden)

Khaled Elleithy

2005-02-01

Full Text Available A denial of service attack (DOS is any type of attack on a networking structure to disable a server from servicing its clients. Attacks range from sending millions of requests to a server in an attempt to slow it down, flooding a server with large packets of invalid data, to sending requests with an invalid or spoofed IP address. In this paper we show the implementation and analysis of three main types of attack: Ping of Death, TCP SYN Flood, and Distributed DOS. The Ping of Death attack will be simulated against a Microsoft Windows 95 computer. The TCP SYN Flood attack will be simulated against a Microsoft Windows 2000 IIS FTP Server. Distributed DOS will be demonstrated by simulating a distribution zombie program that will carry the Ping of Death attack. This paper will demonstrate the potential damage from DOS attacks and analyze the ramifications of the damage.

Attacks on IEEE 802.11 wireless networks

Directory of Open Access Journals (Sweden)

Dejan Milan Tepšić

2013-06-01

Full Text Available Security of wireless computer networks was initially secured with the WEP security protocol, which relies on the RC4 encryption algorithm and the CRC algorithm to check the integrity. The basic problems of the WEP are a short initialization vector, unsafe data integrity checking, using a common key, the lack of mechanisms for management and exchange of keys, the lack of protection from the endless insertion of the same package into the network, the lack of authentication of access points and the like. The consequences of these failures are easy attacks against the WEP network, namely their complete insecurity. Therefore, the work began on the IEEE 802.11i protocol, which should radically improve the security of wireless networks. Since the development of a protocol lasted, the WPA standard was released to offset the security gap caused by the WEP. The WPA also relies on RC4 and CRC algorithms, but brings temporary keys and the MIC algorithm for data integrity. The 802.1X authentication was introduced and common keys are no longer needed, since it is possible to use an authentication server. The length of the initialization vector was increased and the vector is obtained based on the packet serial number, in order to prevent the insertion of the same packet into the network. The weakness of the WPA security mechanism is the use of a common key. WPA2 (802.11i later appeared. Unlike the WPA mechanism that worked on old devices with the replacement of software, WPA2 requires new network devices that can perform AES encryption. AES replaces the RC4 algorithm and delivers much greater security. Data integrity is protected by encryption. Despite progress, there are still weaknesses in wireless networks. Attacks for denial of service are possible as well as spoofing package headers attacks. For now, it is not advisable to use wireless networks in environments where unreliability and unavailability are not tolerated. Introduction In the entire history of

Temporal Cyber Attack Detection.

Energy Technology Data Exchange (ETDEWEB)

Ingram, Joey Burton [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Draelos, Timothy J. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Galiardi, Meghan [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Doak, Justin E. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

2017-11-01

Rigorous characterization of the performance and generalization ability of cyber defense systems is extremely difficult, making it hard to gauge uncertainty, and thus, confidence. This difficulty largely stems from a lack of labeled attack data that fully explores the potential adversarial space. Currently, performance of cyber defense systems is typically evaluated in a qualitative manner by manually inspecting the results of the system on live data and adjusting as needed. Additionally, machine learning has shown promise in deriving models that automatically learn indicators of compromise that are more robust than analyst-derived detectors. However, to generate these models, most algorithms require large amounts of labeled data (i.e., examples of attacks). Algorithms that do not require annotated data to derive models are similarly at a disadvantage, because labeled data is still necessary when evaluating performance. In this work, we explore the use of temporal generative models to learn cyber attack graph representations and automatically generate data for experimentation and evaluation. Training and evaluating cyber systems and machine learning models requires significant, annotated data, which is typically collected and labeled by hand for one-off experiments. Automatically generating such data helps derive/evaluate detection models and ensures reproducibility of results. Experimentally, we demonstrate the efficacy of generative sequence analysis techniques on learning the structure of attack graphs, based on a realistic example. These derived models can then be used to generate more data. Additionally, we provide a roadmap for future research efforts in this area.

12 CFR 263.17 - Collateral attacks on adjudicatory proceeding.

Science.gov (United States)

2010-01-01

... 12 Banks and Banking 3 2010-01-01 2010-01-01 false Collateral attacks on adjudicatory proceeding... Collateral attacks on adjudicatory proceeding. If an interlocutory appeal or collateral attack is brought in... shall be excused based on the pendency before any court of any interlocutory appeal or collateral attack. ...

12 CFR 509.17 - Collateral attacks on adjudicatory proceeding.

Science.gov (United States)

2010-01-01

... 12 Banks and Banking 5 2010-01-01 2010-01-01 false Collateral attacks on adjudicatory proceeding....17 Collateral attacks on adjudicatory proceeding. If an interlocutory appeal or collateral attack is... shall be excused based on the pendency before any court of any interlocutory appeal or collateral attack. ...

Detection of complex cyber attacks

Science.gov (United States)

Gregorio-de Souza, Ian; Berk, Vincent H.; Giani, Annarita; Bakos, George; Bates, Marion; Cybenko, George; Madory, Doug

2006-05-01

One significant drawback to currently available security products is their inabilty to correlate diverse sensor input. For instance, by only using network intrusion detection data, a root kit installed through a weak username-password combination may go unnoticed. Similarly, an administrator may never make the link between deteriorating response times from the database server and an attacker exfiltrating trusted data, if these facts aren't presented together. Current Security Information Management Systems (SIMS) can collect and represent diverse data but lack sufficient correlation algorithms. By using a Process Query System, we were able to quickly bring together data flowing from many sources, including NIDS, HIDS, server logs, CPU load and memory usage, etc. We constructed PQS models that describe dynamic behavior of complicated attacks and failures, allowing us to detect and differentiate simultaneous sophisticated attacks on a target network. In this paper, we discuss the benefits of implementing such a multistage cyber attack detection system using PQS. We focus on how data from multiple sources can be combined and used to detect and track comprehensive network security events that go unnoticed using conventional tools.

Vulnerability Assessment by Learning Attack Specifications in Graphs

NARCIS (Netherlands)

Nunes Leal Franqueira, V.; Lopes, Raul H.C.

This paper presents an evolutionary approach for learning attack specifications that describe attack scenarios. The objective is to find vulnerabilities in computer networks which minimise the cost of an attack with maximum impact. Although we focus on Insider Threat, the proposed approach applies

Attack Tree Generation by Policy Invalidation

NARCIS (Netherlands)

Ivanova, Marieta Georgieva; Probst, Christian W.; Hansen, René Rydhof; Kammüller, Florian; Naeem Akram, R.; Jajodia, S.

2015-01-01

Attacks on systems and organisations increasingly exploit human actors, for example through social engineering, complicating their formal treatment and automatic identi﬿cation. Formalisation of human behaviour is difficult at best, and attacks on socio-technical systems are still mostly identi﬿ed

Neural network classifier of attacks in IP telephony

Science.gov (United States)

Safarik, Jakub; Voznak, Miroslav; Mehic, Miralem; Partila, Pavol; Mikulec, Martin

2014-05-01

Various types of monitoring mechanism allow us to detect and monitor behavior of attackers in VoIP networks. Analysis of detected malicious traffic is crucial for further investigation and hardening the network. This analysis is typically based on statistical methods and the article brings a solution based on neural network. The proposed algorithm is used as a classifier of attacks in a distributed monitoring network of independent honeypot probes. Information about attacks on these honeypots is collected on a centralized server and then classified. This classification is based on different mechanisms. One of them is based on the multilayer perceptron neural network. The article describes inner structure of used neural network and also information about implementation of this network. The learning set for this neural network is based on real attack data collected from IP telephony honeypot called Dionaea. We prepare the learning set from real attack data after collecting, cleaning and aggregation of this information. After proper learning is the neural network capable to classify 6 types of most commonly used VoIP attacks. Using neural network classifier brings more accurate attack classification in a distributed system of honeypots. With this approach is possible to detect malicious behavior in a different part of networks, which are logically or geographically divided and use the information from one network to harden security in other networks. Centralized server for distributed set of nodes serves not only as a collector and classifier of attack data, but also as a mechanism for generating a precaution steps against attacks.

SCADA system vulnerabilities to cyber attack

Energy Technology Data Exchange (ETDEWEB)

Shaw, W. T. [Cyber Security Consulting (Canada)

2004-10-01

The susceptibility to terrorist attacks of computer-based supervisory control (SCADA) systems that are used to monitor and control water distribution systems, oil and gas pipelines and the electrical grid, is discussed. The discussion includes ways in which SCADA systems may be attacked and remedial actions that may be taken to reduce or eliminate the possibility of such attacks. Attacks may take the form of causing the system to generate false data to divert attention from impending system disasters, or commandeer the system to seriously disable it, or cause damage to the process or equipment being controlled by sending improper control commands. SCADA systems are also vulnerable to internal threats, either from an accidental action that results in damage, or an intentional action, as for example by a disgruntled employee, or ex-employee, usually by way of reprogramming an RTU or PLC by accessing the polling/communications circuit. Recent SCADA systems are much more susceptible to concerted cyber attacks because of the adoption of IT technologies and standards into the design of such systems. (Older systems are more likely to be unique designs, hence less susceptible to attack). As far as protection of SCADA systems is concerned, there are no technologies that would prevent a technologically sophisticated terrorist or disgruntled employee from doing major damage to the system, however, the IT world has developed a range of technologies for the protection of IT assets, and many of these same technologies can also be used to safeguard modern SCADA systems.

Combating Memory Corruption Attacks On Scada Devices

Science.gov (United States)

Bellettini, Carlo; Rrushi, Julian

Memory corruption attacks on SCADA devices can cause significant disruptions to control systems and the industrial processes they operate. However, despite the presence of numerous memory corruption vulnerabilities, few, if any, techniques have been proposed for addressing the vulnerabilities or for combating memory corruption attacks. This paper describes a technique for defending against memory corruption attacks by enforcing logical boundaries between potentially hostile data and safe data in protected processes. The technique encrypts all input data using random keys; the encrypted data is stored in main memory and is decrypted according to the principle of least privilege just before it is processed by the CPU. The defensive technique affects the precision with which attackers can corrupt control data and pure data, protecting against code injection and arc injection attacks, and alleviating problems posed by the incomparability of mitigation techniques. An experimental evaluation involving the popular Modbus protocol demonstrates the feasibility and efficiency of the defensive technique.

Guideline of Cyber Security Policy for Digital I and C Systems in Nuclear Power Plant

Energy Technology Data Exchange (ETDEWEB)

Kim, Zeen; Kim, Jang Seong; Kim, Kwang Jo [Information and Communications University, Daejeon (Korea, Republic of); Kang, Young Doo; Kim, Dai Il; Jeong, Choong Heui [Korea Institute of Nuclear Safety, Daejeon (Korea, Republic of)

2007-10-15

Recently computers and communication systems have been developed very fast and applied to various areas in many applications. This development has raised new vulnerabilities that may endanger the critical systems for nuclear safety and physical protection at the facilities. In order to protect the critical infrastructures from these new cyber attacks, we clearly need deep considerations on the risks and threats through the cyberspace. Based on these needs, many organizations which related to nuclear power plants suggested various cyber security protection methods based on regulation or technical safeguard. Even if security countermeasures against various cyber attacks are important, it is required to establish the best practices of cyber security policy by the vendor and licensee. Based on the policy they can evaluate their activities against various cyber attacks throughout the whole life cycle. In this paper, we discuss how to establish the cyber security policy for digital instrumentation and control (I and C) systems in nuclear power plants.

Guideline of Cyber Security Policy for Digital I and C Systems in Nuclear Power Plant

International Nuclear Information System (INIS)

Kim, Zeen; Kim, Jang Seong; Kim, Kwang Jo; Kang, Young Doo; Kim, Dai Il; Jeong, Choong Heui

2007-01-01

Recently computers and communication systems have been developed very fast and applied to various areas in many applications. This development has raised new vulnerabilities that may endanger the critical systems for nuclear safety and physical protection at the facilities. In order to protect the critical infrastructures from these new cyber attacks, we clearly need deep considerations on the risks and threats through the cyberspace. Based on these needs, many organizations which related to nuclear power plants suggested various cyber security protection methods based on regulation or technical safeguard. Even if security countermeasures against various cyber attacks are important, it is required to establish the best practices of cyber security policy by the vendor and licensee. Based on the policy they can evaluate their activities against various cyber attacks throughout the whole life cycle. In this paper, we discuss how to establish the cyber security policy for digital instrumentation and control (I and C) systems in nuclear power plants

Attack Methodology Analysis: Emerging Trends in Computer-Based Attack Methodologies and Their Applicability to Control System Networks

Energy Technology Data Exchange (ETDEWEB)

Bri Rolston

2005-06-01

Threat characterization is a key component in evaluating the threat faced by control systems. Without a thorough understanding of the threat faced by critical infrastructure networks, adequate resources cannot be allocated or directed effectively to the defense of these systems. Traditional methods of threat analysis focus on identifying the capabilities and motivations of a specific attacker, assessing the value the adversary would place on targeted systems, and deploying defenses according to the threat posed by the potential adversary. Too many effective exploits and tools exist and are easily accessible to anyone with access to an Internet connection, minimal technical skills, and a significantly reduced motivational threshold to be able to narrow the field of potential adversaries effectively. Understanding how hackers evaluate new IT security research and incorporate significant new ideas into their own tools provides a means of anticipating how IT systems are most likely to be attacked in the future. This research, Attack Methodology Analysis (AMA), could supply pertinent information on how to detect and stop new types of attacks. Since the exploit methodologies and attack vectors developed in the general Information Technology (IT) arena can be converted for use against control system environments, assessing areas in which cutting edge exploit development and remediation techniques are occurring can provide significance intelligence for control system network exploitation, defense, and a means of assessing threat without identifying specific capabilities of individual opponents. Attack Methodology Analysis begins with the study of what exploit technology and attack methodologies are being developed in the Information Technology (IT) security research community within the black and white hat community. Once a solid understanding of the cutting edge security research is established, emerging trends in attack methodology can be identified and the gap between

Trace Attack against Biometric Mobile Applications

Directory of Open Access Journals (Sweden)

Sanaa Ghouzali

2016-01-01

Full Text Available With the exponential increase in the dependence on mobile devices in everyday life, there is a growing concern related to privacy and security issues in the Gulf countries; therefore, it is imperative that security threats should be analyzed in detail. Mobile devices store enormous amounts of personal and financial information, unfortunately without any security. In order to secure mobile devices against different threats, biometrics has been applied and shown to be effective. However, biometric mobile applications are also vulnerable to several types of attacks that can decrease their security. Biometric information itself is considered sensitive data; for example, fingerprints can leave traces in touched objects and facial images can be captured everywhere or accessed by the attacker if the facial image is stored in the mobile device (lost or stolen. Hence, an attacker can easily forge the identity of a legitimate user and access data on a device. In this paper, the effects of a trace attack on the sensitivity of biometric mobile applications are investigated in terms of security and user privacy. Experimental results carried out on facial and fingerprint mobile authentication applications using different databases have shown that these mobile applications are vulnerable to the proposed attack, which poses a serious threat to the overall system security and user privacy.

Limit Asthma Attacks Caused by Colds or Flu

Science.gov (United States)

Asthma: Limit asthma attacks caused by colds or flu A cold or the flu can trigger an asthma attack. Here's why — and how to keep your sneeze ... plan. If you notice warning signs of an asthma attack — such as coughing, wheezing, chest tightness or shortness ...

Quantitative Attack Tree Analysis via Priced Timed Automata

NARCIS (Netherlands)

Kumar, Rajesh; Ruijters, Enno Jozef Johannes; Stoelinga, Mariëlle Ida Antoinette; Sankaranarayanan, Sriram; Vicario, Enrico

The success of a security attack crucially depends on the resources available to an attacker: time, budget, skill level, and risk appetite. Insight in these dependencies and the most vulnerable system parts is key to providing effective counter measures. This paper considers attack trees, one of the

Finite Energy and Bounded Actuator Attacks on Cyber-Physical Systems

Energy Technology Data Exchange (ETDEWEB)

Djouadi, Seddik M [ORNL; Melin, Alexander M [ORNL; Ferragut, Erik M [ORNL; Laska, Jason A [ORNL; Dong, Jin [ORNL; Drira, Anis [ORNL

2015-01-01

As control system networks are being connected to enterprise level networks for remote monitoring, operation, and system-wide performance optimization, these same connections are providing vulnerabilities that can be exploited by malicious actors for attack, financial gain, and theft of intellectual property. Much effort in cyber-physical system (CPS) protection has focused on protecting the borders of the system through traditional information security techniques. Less effort has been applied to the protection of cyber-physical systems from intelligent attacks launched after an attacker has defeated the information security protections to gain access to the control system. In this paper, attacks on actuator signals are analyzed from a system theoretic context. The threat surface is classified into finite energy and bounded attacks. These two broad classes encompass a large range of potential attacks. The effect of theses attacks on a linear quadratic (LQ) control are analyzed, and the optimal actuator attacks for both finite and infinite horizon LQ control are derived, therefore the worst case attack signals are obtained. The closed-loop system under the optimal attack signals is given and a numerical example illustrating the effect of an optimal bounded attack is provided.

Proposal of secure camera-based radiation warning system for nuclear detection

International Nuclear Information System (INIS)

Tsuchiya, Ken'ichi; Kurosawa, Kenji; Akiba, Norimitsu; Kakuda, Hidetoshi; Imoto, Daisuke; Hirabayashi, Manato; Kuroki, Kenro

2016-01-01

Counter-terrorisms against radiological and nuclear threat are significant issues toward Tokyo 2020 Olympic and Paralympic Games. In terms of cost benefit, it is not easy to build a warning system for nuclear detection to prevent a Dirty Bomb attack (dispersion of radioactive materials using a conventional explosive) or a Silent Source attack (hidden radioactive materials) from occurring. We propose a nuclear detection system using the installed secure cameras. We describe a method to estimate radiation dose from noise pattern in CCD images caused by radiation. Some dosimeters under neutron and gamma-ray irradiations (0.1mSv-100mSv) were taken in CCD video camera. We confirmed amount of noise in CCD images increased in radiation exposure. The radiation detection using CMOS in secure cameras or cell phones has been implemented. However, in this presentation, we propose a warning system including neutron detection to search shielded nuclear materials or radiation exposure devices using criticality. (author)

Modeling attacker-defender interactions in information networks.

Energy Technology Data Exchange (ETDEWEB)

Collins, Michael Joseph

2010-09-01

The simplest conceptual model of cybersecurity implicitly views attackers and defenders as acting in isolation from one another: an attacker seeks to penetrate or disrupt a system that has been protected to a given level, while a defender attempts to thwart particular attacks. Such a model also views all non-malicious parties as having the same goal of preventing all attacks. But in fact, attackers and defenders are interacting parts of the same system, and different defenders have their own individual interests: defenders may be willing to accept some risk of successful attack if the cost of defense is too high. We have used game theory to develop models of how non-cooperative but non-malicious players in a network interact when there is a substantial cost associated with effective defensive measures. Although game theory has been applied in this area before, we have introduced some novel aspects of player behavior in our work, including: (1) A model of how players attempt to avoid the costs of defense and force others to assume these costs; (2) A model of how players interact when the cost of defending one node can be shared by other nodes; and (3) A model of the incentives for a defender to choose less expensive, but less effective, defensive actions.

The impact of communication materials on public responses to a radiological dispersal device (RDD) attack.

Science.gov (United States)

Rogers, M Brooke; Amlôt, Richard; Rubin, G James

2013-03-01

It is a common assumption that, in the event of a chemical, biological, radiological, or nuclear (CBRN) attack, a well-prepared and informed public is more likely to follow official recommendations regarding the appropriate safety measures to take. We present findings from a UK study investigating the ability of crisis communication to influence perceptions of risk and behavioral intentions in the general public in response to CBRN terrorism. We conducted a focus group study involving a scenario presented in mock news broadcasts to explore levels of public knowledge, information needs, and intended behavioral reactions to an attack involving an overt radiological dispersal device (RDD), or dirty bomb. We used the findings from these focus groups to design messages for the public that could be presented in a short leaflet. We then tested the effects of the leaflet on reactions to the same scenario in 8 further focus groups. The impact of the new messages on levels of knowledge, information needs, and intended compliance with official recommendations was assessed. The provision of information increased the perceived credibility of official messages and increased reported levels of intended compliance with advice to return to normal/stop sheltering, attend a facility for assessment and treatment, and return to a previously contaminated area after decontamination of the environment has taken place. Should a real attack with an RDD occur, having pretested messages available to address common concerns and information needs should facilitate the public health response to the attack.

Nuclear pulse. II - Ensuring delivery of the doomsday signal

Science.gov (United States)

Broad, W. J.

1981-06-01

The ability of the communications systems on which U.S. strategic forces depend to survive the electromagnetic pulse (EMP) effects of a nuclear blast in the upper atmosphere is examined. It is shown that the Bell system telephone network, Autovon, on which much military communication presently depends, is especially vulnerable to EMP; while satellite and microwave communications networks are expected to be more resistant to attack. Satellites are, though, vulnerable to killer-satellite attack. Much promise is seen in the conversion of ground communications links to fiber-optic form, which is inherently highly resistant to EMP. A nuclear bomb detonated 200 miles above Nebraska would affect communications equipment throughout the contiguous U.S. with peak fields of 500,000 volts/meter.

Activity Modelling and Comparative Evaluation of WSN MAC Security Attacks

DEFF Research Database (Denmark)

Pawar, Pranav M.; Nielsen, Rasmus Hjorth; Prasad, Neeli R.

2012-01-01

and initiate security attacks that disturb the normal functioning of the network in a severe manner. Such attacks affect the performance of the network by increasing the energy consumption, by reducing throughput and by inducing long delays. Of all existing WSN attacks, MAC layer attacks are considered...... the most harmful as they directly affect the available resources and thus the nodes’ energy consumption. The first endeavour of this paper is to model the activities of MAC layer security attacks to understand the flow of activities taking place when mounting the attack and when actually executing it....... The second aim of the paper is to simulate these attacks on hybrid MAC mechanisms, which shows the performance degradation of aWSN under the considered attacks. The modelling and implementation of the security attacks give an actual view of the network which can be useful in further investigating secure...

Algebraic Side-Channel Attack on Twofish

Directory of Open Access Journals (Sweden)

Chujiao Ma

2017-05-01

Full Text Available While algebraic side-channel attack (ASCA has been successful in breaking simple cryptographic algorithms, it has never been done on larger or more complex algorithms such as Twofish. Compared to other algorithms that ASCA has been used on, Twofish is more difficult to attack due to the key-dependent S-boxes as well as the complex key scheduling. In this paper, we propose the first algebraic side-channel attack on Twofish, and examine the importance of side-channel information in getting past the key-dependent S-boxes and the complex key scheduling. The cryptographic algorithm and side-channel information are both expressed as boolean equations and a SAT solver is used to recover the key. While algebraic attack by itself is not sufficient to break the algorithm, with the help of side-channel information such as Hamming weights, we are able to correctly solve for 96 bits of the 128 bits key in under 2 hours with known plaintext/ciphertext.

On localization attacks against cloud infrastructure

Science.gov (United States)

Ge, Linqiang; Yu, Wei; Sistani, Mohammad Ali

2013-05-01

One of the key characteristics of cloud computing is the device and location independence that enables the user to access systems regardless of their location. Because cloud computing is heavily based on sharing resource, it is vulnerable to cyber attacks. In this paper, we investigate a localization attack that enables the adversary to leverage central processing unit (CPU) resources to localize the physical location of server used by victims. By increasing and reducing CPU usage through the malicious virtual machine (VM), the response time from the victim VM will increase and decrease correspondingly. In this way, by embedding the probing signal into the CPU usage and correlating the same pattern in the response time from the victim VM, the adversary can find the location of victim VM. To determine attack accuracy, we investigate features in both the time and frequency domains. We conduct both theoretical and experimental study to demonstrate the effectiveness of such an attack.

Network attacks and defenses a hands-on approach

CERN Document Server

Trabelsi, Zouheir; Al Braiki, Arwa; Mathew, Sujith Samuel

2012-01-01

The attacks on computers and business networks are growing daily, and the need for security professionals who understand how malfeasants perform attacks and compromise networks is a growing requirement to counter the threat. Network security education generally lacks appropriate textbooks with detailed, hands-on exercises that include both offensive and defensive techniques. Using step-by-step processes to build and generate attacks using offensive techniques, Network Attacks and Defenses: A Hands-on Approach enables students to implement appropriate network security solutions within a laborat

SDN-Based Double Hopping Communication against Sniffer Attack

Directory of Open Access Journals (Sweden)

Zheng Zhao

2016-01-01

Full Text Available Sniffer attack has been a severe threat to network communication security. Traditional network usually uses static network configuration, which provides convenience to sniffer attack. In this paper, an SDN-based double hopping communication (DHC approach is proposed to solve this problem. In DHC, ends in communication packets as well as the routing paths are changed dynamically. Therefore, the traffic will be distributed to multiple flows and transmitted along different paths. Moreover, the data from multiple users will be mixed, bringing difficulty for attackers in obtaining and recovering the communication data, so that sniffer attack will be prevented effectively. It is concluded that DHC is able to increase the overhead of sniffer attack, as well as the difficulty of communication data recovery.

Attacks on Bluetooth Security Architecture and Its Countermeasures

Science.gov (United States)

Iqbal, Mian Muhammad Waseem; Kausar, Firdous; Wahla, Muhammad Arif

WPANs compliment the traditional IEEE 802.11 wireless networks by facilitating the clients with flexibility in network topologies, higher mobility and relaxed configuration/hardware requirements. Bluetooth, a WPAN technology, is an open standard for short-range radio frequency (RF) communication. However, it is also susceptible to typical security threats found in wireless LANs. This paper discuses some of the attack scenarios against the bluetooth network such as hostile intrusion, active Man-in-the-Middle (MITM) attack using unit key and various forms of denial of service (DoS) attacks. These threats and attacks compromise the confidentiality and availability of bluetooth data and services. This paper proposes an improved security architecture for bluetooth device which provides protection against the above mentioned attacks.

Typhoid fever as a triggering factor in acute and intractable bronchial asthma attack.

Science.gov (United States)

Wardhana; Surachmanto, Eko E; Datau, E A

2013-10-01

Typhoid fever is an enteric infection caused by Salmonella typhi. In Indonesia, typhoid fever is endemic with high incidence of the disease. In daily practice we frequently have patients with bronchial asthma, and it is becoming worse when these patients get typhoid fever. After oral ingestion, Salmonella typhi invades the the intestine mucosa after conducted by microbial binding to epithelial cells, destroying the microfold cells (M cell) then passed through the lamina propria and detected by dendritic cells (DC) which express a variety of pathogen recognition receptors on the surfaces, including Toll-Like Receptor (TLR). expressed on macrophages and on intestinal epithelial cells inducing degradation of IB, and translocation of NF-B (Nuclear Factor-Kappa Beta). This process initiates the induction of pro-inflammatory gene expression profile adhesion molecules, chemokines, adhesion molecules, and other proteins that induce and perpetuate the inflammation in host cells then will induce acute ant intractable attack of bronchial asthma. The role of typhoid fever in bronchial asthma, especially in persons with acute attack of bronchial asthma, is not well understood. In this article, we will discuss the role of typhoid fever in the bronchial asthma patients which may cause bronchial asthma significantly become more severe even triggering the acute and intractable attack of bronchial asthma. This fact makes an important point, to treat completely the typhoid fever in patients with bronchial asthma.

Kazakhstan: there are no nuclear weapons

International Nuclear Information System (INIS)

Golev, A.

2000-01-01

In the article it is noted, that in 1992 Kazakhstan, Russian Federation and Ukraine signed Strategic Attack Weapon-1 Treaty, and actually refuse from nuclear bases on theirs territories. On the whole Kazakhstan had in technical capability two missile basis and one basis of strategic bombardment aviation. During 1996-1999 in period of nuclear objects liquidation in Kazakhstan 96 S S-18 missiles and 18,000 tones components of missile fuel were taken out to Russia

An SDN-Based Fingerprint Hopping Method to Prevent Fingerprinting Attacks

Directory of Open Access Journals (Sweden)

Zheng Zhao

2017-01-01

Full Text Available Fingerprinting attacks are one of the most severe threats to the security of networks. Fingerprinting attack aims to obtain the operating system information of target hosts to make preparations for future attacks. In this paper, a fingerprint hopping method (FPH is proposed based on software-defined networks to defend against fingerprinting attacks. FPH introduces the idea of moving target defense to show a hopping fingerprint toward the fingerprinting attackers. The interaction of the fingerprinting attack and its defense is modeled as a signal game, and the equilibriums of the game are analyzed to develop an optimal defense strategy. Experiments show that FPH can resist fingerprinting attacks effectively.

Strengthening nuclear security

International Nuclear Information System (INIS)

Kurihara, Hiroyoshi

2003-01-01

The international situation after the end of the Cold-War has been quite unstable, due to the occurrence of frequent regional conflicts and domestic wars based on ethnic, religious or racial reasons. Further, threats to the would peace and security by non-state actors, like international terrorist groups, have been recognized after 9.11 terrorist attacks to the World Trade Center buildings and to the Pentagon. Utilization of nuclear energy, which encompasses both peaceful uses and military ones, required an establishment of regulatory system, by which risks associated with the development of nuclear energy can be controlled. Accordingly, nuclear safety control system, and then non-proliferation control system has been developed, both in the international level and notional level. In recognition of the present unstable international situations, it is required to establish, maintain and strengthen a system which control nuclear security aspect, in addition to the present systems. (author)

The medical consequences of nuclear weapons

International Nuclear Information System (INIS)

Humphrey, J.; Hartog, M.; Middleton, H.

1982-01-01

A pamphlet has been produced by the Medical Campaign Against Nuclear Weapons (MCANW) and by the Medical Association for the Prevention of War (MAPW) to bring the catastrophic effects that the use of nuclear weapons would entail to the attention of the general public, politicians and members of the medical profession. It describes the medical consequences of the effects of blast, heat and ionizing radiation from nuclear weapons, including details from the Hiroshima and Nagasaki atomic bombings. The medical consequences of a nuclear attack including consideration of the casualties, care of the injured, psychological effects and the outcome are also discussed. It is concluded that if for none other than purely medical reasons, nuclear warfare must never be allowed to happen. (UK)

Data-plane Defenses against Routing Attacks on Tor

Directory of Open Access Journals (Sweden)

Tan Henry

2016-10-01

Full Text Available Tor is susceptible to traffic correlation attacks in which an adversary who observes flows entering and leaving the anonymity network can apply statistical techniques to correlate flows and de-anonymize their endpoints. While an adversary may not be naturally positioned to conduct such attacks, a recent study shows that the Internet’s control-plane can be manipulated to increase an adversary’s view of the network, and consequently, improve its ability to perform traffic correlation. This paper explores, in-depth, the effects of control-plane attacks on the security of the Tor network. Using accurate models of the live Tor network, we quantify Tor’s susceptibility to these attacks by measuring the fraction of the Tor network that is vulnerable and the advantage to the adversary of performing the attacks. We further propose defense mechanisms that protect Tor users from manipulations at the control-plane. Perhaps surprisingly, we show that by leveraging existing trust anchors in Tor, defenses deployed only in the data-plane are sufficient to detect most control-plane attacks. Our defenses do not assume the active participation of Internet Service Providers, and require only very small changes to Tor. We show that our defenses result in a more than tenfold decrease in the effectiveness of certain control-plane attacks.

3D Reconstruction in Nuclear Security

International Nuclear Information System (INIS)

Bostrom, G.; Fiocco, M.; Goncalves, J.M.C.; Puig, D.; Sequeira, V.; Chartier, B.; Mariotte, F.; Richard, M.; Zamora, P.; Kiesser, R.

2008-01-01

Accurate modelling is gaining increasing importance in security applications. Indeed, realistic and dimensionally accurate models of critical areas can be used for prevention and simulation exercises as well as for planning emergency responses once an attack is perpetrated. CEA-DAM and EC-JRC engaged in a joint exercise involving the simulation of a terrorist attack in an urban area with possible release of radiological substances. JRC was responsible for creating a dimensionally accurate (centimetre accuracy) 3D model from the urban area as-is before and after the attack. Further tests involved the automatic 3D detection of changes in both indoors and outdoors environments. The paper describes the principles and technologies behind the generation of photo-realistic and accurate 3D models of wide areas as-is, and will discuss the use of those technologies for nuclear security applications

Rotational Rebound Attacks on Reduced Skein

DEFF Research Database (Denmark)

Khovratovich, Dmitry; Nikolic, Ivica; Rechberger, Christian

2010-01-01

In this paper we combine a recent rotational cryptanalysis with the rebound attack, which results in the best cryptanalysis of Skein, a candidate for the SHA-3 competition. The rebound attack approach was so far only applied to AES-like constructions. For the first time, we show that this approach...

Developing new methodology for nuclear power plants vulnerability assessment

International Nuclear Information System (INIS)

Kostadinov, Venceslav

2011-01-01

Research highlights: → Paper presents new methodology for vulnerability assessment of nuclear power plants. → First universal quantitative risks assessment model for terrorist attack on a NPPs. → New model enhance security, reliability and safe operation of all energy infrastructure. → Significant research benefits: increased NPPs security, reliability and availability. → Useful new tool for PRA application to evaluation of terrorist threats on NPPs. - Abstract: The fundamental aim of an efficient regulatory emergency preparedness and response system is to provide sustained emergency readiness and to prevent emergency situations and accidents. But when an event occurs, the regulatory mission is to mitigate consequences and to protect people and the environment against nuclear and radiological damage. The regulatory emergency response system, which would be activated in the case of a nuclear and/or radiological emergency and release of radioactivity to the environment, is an important element of a comprehensive national regulatory system of nuclear and radiation safety. In the past, national emergency systems explicitly did not include vulnerability assessments of the critical nuclear infrastructure as an important part of a comprehensive preparedness framework. But after the huge terrorist attack on 11/09/2001, decision-makers became aware that critical nuclear infrastructure could also be an attractive target to terrorism, with the purpose of using the physical and radioactive properties of the nuclear material to cause mass casualties, property damage, and detrimental economic and/or environmental impacts. The necessity to evaluate critical nuclear infrastructure vulnerability to threats like human errors, terrorist attacks and natural disasters, as well as preparation of emergency response plans with estimation of optimized costs, are of vital importance for assurance of safe nuclear facilities operation and national security. In this paper presented

Step to improve neural cryptography against flipping attacks.

Science.gov (United States)

Zhou, Jiantao; Xu, Qinzhen; Pei, Wenjiang; He, Zhenya; Szu, Harold

2004-12-01

Synchronization of neural networks by mutual learning has been demonstrated to be possible for constructing key exchange protocol over public channel. However, the neural cryptography schemes presented so far are not the securest under regular flipping attack (RFA) and are completely insecure under majority flipping attack (MFA). We propose a scheme by splitting the mutual information and the training process to improve the security of neural cryptosystem against flipping attacks. Both analytical and simulation results show that the success probability of RFA on the proposed scheme can be decreased to the level of brute force attack (BFA) and the success probability of MFA still decays exponentially with the weights' level L. The synchronization time of the parties also remains polynomial with L. Moreover, we analyze the security under an advanced flipping attack.

Improved Impossible Differential Attacks on Large-Block Rijndael

DEFF Research Database (Denmark)

Wang, Qingju; Gu, Dawu; Rijmen, Vincent

2012-01-01

. The improvement can lead to 10-round attack on Rijndael-256 as well. With 2198.1 chosen plaintexts, an attack is demonstrated on 9-round Rijndael-224 with 2 195.2 encryptions and 2140.4 bytes memory. Increasing the data complexity to 2216 plaintexts, the time complexity can be reduced to 2130 encryptions...... and the memory requirements to 2 93.6 bytes. For 9-round Rijndael-256, we provide an attack requiring 2229.3 chosen plaintexts, 2194 encryptions, and 2 139.6 bytes memory. Alternatively, with 2245.3 plaintexts, an attack with a reduced time of 2127.1 encryptions and a memory complexity of 290.9 bytes can...... be mounted. With 2244.2 chosen plaintexts, we can attack 10-round Rijndael-256 with 2253.9 encryptions and 2186.8 bytes of memory....

RAPTOR: Ransomware Attack PredicTOR

OpenAIRE

Quinkert, Florian; Holz, Thorsten; Hossain, KSM Tozammel; Ferrara, Emilio; Lerman, Kristina

2018-01-01

Ransomware, a type of malicious software that encrypts a victim's files and only releases the cryptographic key once a ransom is paid, has emerged as a potentially devastating class of cybercrimes in the past few years. In this paper, we present RAPTOR, a promising line of defense against ransomware attacks. RAPTOR fingerprints attackers' operations to forecast ransomware activity. More specifically, our method learns features of malicious domains by looking at examples of domains involved in...

Shark attack-related injuries: Epidemiology and implications for plastic surgeons.

Science.gov (United States)

Ricci, Joseph A; Vargas, Christina R; Singhal, Dhruv; Lee, Bernard T

2016-01-01

The increased media attention to shark attacks has led to a heightened fear and public awareness. Although few sharks are considered dangerous, attacks on humans can result in large soft tissue defects necessitating the intervention of reconstructive surgeons. This study aims to evaluate and describe the characteristics of shark-related injuries in order to improve treatment. The Global Shark Accident File, maintained by the Shark Research Institute (Princeton, NJ, USA), is a compilation of all known worldwide shark attacks. Database records since the 1900s were reviewed to identify differences between fatal and nonfatal attacks, including: geography, injury pattern, shark species, and victim activity. Since the 1900s, there have been 5034 reported shark attacks, of which 1205 (22.7%) were fatal. Although the incidence of attacks per decade has increased, the percentage of fatalities has decreased. Characteristics of fatal attacks included swimming (p = 0.001), boating (p = 0.001), three or more bite sites (p = 0.03), limb loss (p = 0.001), or tiger shark attack (p = 0.002). The most common attacks were bites to the legs (41.8%) or arms (18.4%), with limb loss occurring in 7% of attacks. Geographically, the majority of attacks occurred in North America (36.7%) and Australia (26.5%). Most attacks in the USA occurred in Florida (49.1%) and California (13.6%). Although rare, shark attacks result in devastating injuries to patients. As these injuries often involve multiple sites and limb loss, this creates a significant challenge for reconstructive surgeons. Proper identification of the characteristics of the attack can aid in providing optimal care for those affected. Copyright © 2015 British Association of Plastic, Reconstructive and Aesthetic Surgeons. Published by Elsevier Ltd. All rights reserved.

Privacy Leaks through Data Hijacking Attack on Mobile Systems

Directory of Open Access Journals (Sweden)

Zhang Daojuan

2017-01-01

Full Text Available To persistently eavesdrop on the mobile devices, attackers may obtain the elevated privilege and inject malicious modules into the user devices. Unfortunately, the attackers may not be able to obtain the privilege for a long period of time since the exploitable vulnerabilities may be fixed or the malware may be removed. In this paper, we propose a new data hijacking attack for the mobile apps. By employing the proposed method, the attackers are only required to obtain the root privilege of the user devices once, and they can persistently eavesdrop without any change to the original device. Specifically, we design a new approach to construct a shadow system by hijacking user data files. In the shadow system, attackers possess the identical abilities to the victims. For instance, if a victim has logged into the email app, the attacker can also access the email server in the shadow system without authentication in a long period of time. Without reauthentication of the app, it is difficult for victims to notice the intrusion since the whole eavesdropping is performed on other devices (rather than the user devices. In our experiments, we evaluate the effectiveness of the proposed attack and the result demonstrates that even the Android apps released by the top developers cannot resist this attack. Finally, we discuss some approaches to defend the proposed attack.

What Can We Learn?--The Algonquin Bear Attack.

Science.gov (United States)

Strickland, Dan

1992-01-01

Describes a bear attack in Algonquin Park in Lake Opeongo (Canada) in which a man and woman were killed. Hypothesizes that the bear deliberately preyed on its victims and concludes that the bear was physically normal. Despite this isolated attack, the chance of being attacked by a black bear when camping is virtually nonexistent. (KS)

Combined Heuristic Attack Strategy on Complex Networks

Directory of Open Access Journals (Sweden)

Marek Šimon

2017-01-01

Full Text Available Usually, the existence of a complex network is considered an advantage feature and efforts are made to increase its robustness against an attack. However, there exist also harmful and/or malicious networks, from social ones like spreading hoax, corruption, phishing, extremist ideology, and terrorist support up to computer networks spreading computer viruses or DDoS attack software or even biological networks of carriers or transport centers spreading disease among the population. New attack strategy can be therefore used against malicious networks, as well as in a worst-case scenario test for robustness of a useful network. A common measure of robustness of networks is their disintegration level after removal of a fraction of nodes. This robustness can be calculated as a ratio of the number of nodes of the greatest remaining network component against the number of nodes in the original network. Our paper presents a combination of heuristics optimized for an attack on a complex network to achieve its greatest disintegration. Nodes are deleted sequentially based on a heuristic criterion. Efficiency of classical attack approaches is compared to the proposed approach on Barabási-Albert, scale-free with tunable power-law exponent, and Erdős-Rényi models of complex networks and on real-world networks. Our attack strategy results in a faster disintegration, which is counterbalanced by its slightly increased computational demands.

SETT facility of International Nuclear Security Academy

International Nuclear Information System (INIS)

Seo, Hyung Min

2012-01-01

After the Cold War was put to an end, the international community, especially the Western world, was concerned about Soviet nuclear materials falling into wrong hands, especially of terrorists. Later, the growing threat posed by terrorist networks such as the Taliban and al Qaeda led to a global campaign to deny such networks materials which may be used for the development of Weapons of Mass Destruction (WMD). The 9 11 attacks made a section of the international community highly apprehensive of WMD terrorism, especially its nuclear version. From this point of view, it is clear that nuclear facilities which contain nuclear materials are very attractive targets for those who have intention of nuclear terror

SETT facility of International Nuclear Security Academy

Energy Technology Data Exchange (ETDEWEB)

Seo, Hyung Min [Korea Institute of Nuclear Non-proliferation and Control, Daejeon (Korea, Republic of)

2012-05-15

After the Cold War was put to an end, the international community, especially the Western world, was concerned about Soviet nuclear materials falling into wrong hands, especially of terrorists. Later, the growing threat posed by terrorist networks such as the Taliban and al Qaeda led to a global campaign to deny such networks materials which may be used for the development of Weapons of Mass Destruction (WMD). The 9 11 attacks made a section of the international community highly apprehensive of WMD terrorism, especially its nuclear version. From this point of view, it is clear that nuclear facilities which contain nuclear materials are very attractive targets for those who have intention of nuclear terror

Recent and prospective developments in nuclear arsenals

International Nuclear Information System (INIS)

Brown, M.

1993-01-01

Arms controllers have long complained that the only weapons states give up in arms control negotiations are strategically insignificant weapons. This is why the United States and Soviet Union shied away from giving up much in SALT I and SALT II: each side felt that it could not significantly reduce its nuclear forces, or take any step that might give the other side an advantage. Do not be fooled: policy makers in Washington and Moscow still believe that it is important to hang on to strategically significant weapons. But, because the world has changed in fundamental ways, fewer weapons are strategically significant today. Now that extended deterrence requirements have virtually disappeared, the main reason for having nuclear weapons is to deter other nuclear powers from attacking with their nuclear weapons. There is, therefore, no compelling reason for having large nuclear forces. Given concerns about unauthorized attacks, accidental launches, and high levels of defense spending, there are good reasons for deploying smaller forces. This is why Washington and Moscow have been cutting their nuclear arsenals to levels that were unimaginable even in 1990. How far this process will go is impossible to say at this juncture. What is clear is that Washington and Moscow can - and should - make even deeper cuts in their nuclear forces. If the United States and Russia retain arsenals with thousands of nuclear weapons, Britain, France, and China - whose arsenals contain hundreds of nuclear weapons - will not join the arms reduction process. Countries that have promised to give up the nuclear weapons currently stationed on their territory - Kazakhstan, the Ukraine, and Belorussia - will be more inclined to retain them, on the grounds that nuclear weapons are seen to have strategic and political value. For the same reasons, countries on the nuclear threshold, such as India, will be more inclined to acquire nuclear weapons. If the United States and Russia retain massive nuclear

Studies on sulfate attack: Mechanisms, test methods, and modeling

Science.gov (United States)

Santhanam, Manu

The objective of this research study was to investigate various issues pertaining to the mechanism, testing methods, and modeling of sulfate attack in concrete. The study was divided into the following segments: (1) effect of gypsum formation on the expansion of mortars, (2) attack by the magnesium ion, (3) sulfate attack in the presence of chloride ions---differentiating seawater and groundwater attack, (4) use of admixtures to mitigate sulfate attack---entrained air, sodium citrate, silica fume, and metakaolin, (5) effects of temperature and concentration of the attack solution, (6) development of new test methods using concrete specimens, and (7) modeling of the sulfate attack phenomenon. Mortar specimens using portland cement (PC) and tricalcium silicate (C 3S), with or without mineral admixtures, were prepared and immersed in different sulfate solutions. In addition to this, portland cement concrete specimens were also prepared and subjected to complete and partial immersion in sulfate solutions. Physical measurements, chemical analyses and microstructural studies were performed periodically on the specimens. Gypsum formation was seen to cause expansion of the C3S mortar specimens. Statistical analyses of the data also indicated that the quantity of gypsum was the most significant factor controlling the expansion of mortar bars. The attack by magnesium ion was found to drive the reaction towards the formation of brucite. Decalcification of the C-S-H and its subsequent conversion to the non-cementitious M-S-H was identified as the mechanism of destruction in magnesium sulfate attack. Mineral admixtures were beneficial in combating sodium sulfate attack, while reducing the resistance to magnesium sulfate attack. Air entrainment did not change the measured physical properties, but reduced the visible distress of the mortars. Sodium citrate caused a substantial reduction in the rate of damage of the mortars due to its retarding effect. Temperature and

Impact of Cyber Attacks on High Voltage DC Transmission Damping Control

Directory of Open Access Journals (Sweden)

Rui Fan

2018-04-01

Full Text Available Hybrid AC/HVDC (AC-HVDC grids have evolved to become huge cyber-physical systems that are vulnerable to cyber attacks because of the wide attack surface and increasing dependence on intelligent electronic devices, computing resources and communication networks. This paper, for the first time, studies the impact of cyber attacks on HVDC transmission oscillation damping control.Three kinds of cyber attack models are considered: timing attack, replay attack and false data injection attack. Followed by a brief introduction of the HVDC model and conventional oscillation damping control method, the design of three attack models is described in the paper. These attacks are tested on a modified IEEE New England 39-Bus AC-HVDC system. Simulation results have shown that all three kinds of attacks are capable of driving the AC-HVDC system into large oscillations or even unstable conditions.

Naval nuclear propulsion and the international nonproliferation regime

International Nuclear Information System (INIS)

Guimaraes, Leonam dos Santos

2005-01-01

Nuclear powered attack submarine (SSN) acquisition by Non-Proliferation Treaty No- Nuclear Weapon State (NPT-NNWS) Navies does not imply nuclear weapon proliferation risks higher than those related to stationary research and power reactors. It must then be recognized that stringent restraints on supplies and political pressures on governments, both exercised very effectively by No-Proliferation Treaty - Nuclear Weapon State (NPT-NWS) against NPT-NNWS indigenous development of SSN and associated fuel cycle facilities, are fundamentally based on geopolitical and military strategic objectives. This practice is far from being related exclusively to the NPT spirit: in fact, it is a matter of freedom at seas and not of nuclear proliferation. (author)

Some major challenges: Nuclear non-proliferation, nuclear arms control and nuclear terrorism. Vienna, 29 October 2001. Statement to the symposium on international safeguards: Verification and nuclear material security

International Nuclear Information System (INIS)

ElBaradei, M.

2001-01-01

The main topics dealt with the ensuring of an effective, universal and adequately financed system for the verification of nuclear non-proliferation, namely as follows: Effectiveness of the system; Participation in the system ; Financing of the system; Making Progress in Nuclear Arms Control; Protection Against Nuclear Terrorism. In the Safeguards Implementation Report (SIR) for 2000, the Agency was able to conclude that for all 140 states with safeguards agreements in place the nuclear material and other items placed under safeguards remained in peaceful nuclear activities or were otherwise adequately accounted for. The Agency currently safeguards over 900 facilities in 70 countries on a regular safeguards budget of approximately US $80 million per year. Turning to the major recent challenge, protection against nuclear terrorism, the IAEA has long been active in encouraging States to make security an integral part of the management of their nuclear programmes. The recent attacks in the United States were, however, a wake-up call to all that more can and must be done. In the week immediately following the tragedy, the IAEA General Conference adopted a resolution which requested a thorough review of Agency activities and programmes relevant to preventing acts of nuclear terrorism

Risk classification for nuclear facilities in connection with the illegal use of nuclear materials

International Nuclear Information System (INIS)

Bahm, W.; Naegele, G.; Sellinschegg, D.

1976-01-01

It is shown, and illustrated by an example, that specific conditions at a nuclear facility to a large extent determine the probability of a successful illegal attack against that facility. Therefore, a categorization of nuclear materials according to the associated hazards alone, as practised currently, does not appear to be sufficient for the establishment of a balanced national physical protection system. In this paper a possible way of categorizing nuclear facilities according to the associated risks, determined as objectively as possible, is discussed. It is felt that initially the analysis should be restricted to the determination of the conditional risks, associated with illegal acquisition and use of radioactive materials by a postulated hostile or similar group. (author)

OPERATION COBRA. Deliberate Attack, Exploitation

Science.gov (United States)

1984-05-25

to attack Sens, then continue to Troyes , on the Seine River. CCA was in the north, crossing the Loing River at Souppes against light resistance and...advanced from Troyes and prepared positions close to Sens. Under strong artillery support, a task force from CCA (TF Oden) attacked the enemy frontally...movement towards the Seine River on 24 August with an advance toward Troyes . Facing the combat command were what remained of the 51st SS Brigade, light

Robustness of non-interdependent and interdependent networks against dependent and adaptive attacks

Science.gov (United States)

Tyra, Adam; Li, Jingtao; Shang, Yilun; Jiang, Shuo; Zhao, Yanjun; Xu, Shouhuai

2017-09-01

Robustness of complex networks has been extensively studied via the notion of site percolation, which typically models independent and non-adaptive attacks (or disruptions). However, real-life attacks are often dependent and/or adaptive. This motivates us to characterize the robustness of complex networks, including non-interdependent and interdependent ones, against dependent and adaptive attacks. For this purpose, dependent attacks are accommodated by L-hop percolation where the nodes within some L-hop (L ≥ 0) distance of a chosen node are all deleted during one attack (with L = 0 degenerating to site percolation). Whereas, adaptive attacks are launched by attackers who can make node-selection decisions based on the network state in the beginning of each attack. The resulting characterization enriches the body of knowledge with new insights, such as: (i) the Achilles' Heel phenomenon is only valid for independent attacks, but not for dependent attacks; (ii) powerful attack strategies (e.g., targeted attacks and dependent attacks, dependent attacks and adaptive attacks) are not compatible and cannot help the attacker when used collectively. Our results shed some light on the design of robust complex networks.

Nuclear energy: a reasonable choice?

International Nuclear Information System (INIS)

Nifenecker, H.

2011-01-01

While nuclear energy appears today as a powerful and carbon-free energy, it generates at the same time doubts and apprehension in the general public. Are these fears justified? Is France the most advanced country in the nuclear domain? Should we fear a Chernobyl-like accident in France? Is any irradiation dangerous? What would be the consequences of a terror attack against a reactor? Will nuclear energy be powerful enough to take up the energy reserves challenge? Will the waste management and the nuclear facilities dismantlement be extremely expensive in comparison with the electricity production costs? Do we know how to manage nuclear wastes on the long-term? This book tries to supply some relevant arguments in order to let the reader answering these questions himself and making his own opinion on this topic. (J.S.)

Command Disaggregation Attack and Mitigation in Industrial Internet of Things

Directory of Open Access Journals (Sweden)

Peng Xun

2017-10-01

Full Text Available A cyber-physical attack in the industrial Internet of Things can cause severe damage to physical system. In this paper, we focus on the command disaggregation attack, wherein attackers modify disaggregated commands by intruding command aggregators like programmable logic controllers, and then maliciously manipulate the physical process. It is necessary to investigate these attacks, analyze their impact on the physical process, and seek effective detection mechanisms. We depict two different types of command disaggregation attack modes: (1 the command sequence is disordered and (2 disaggregated sub-commands are allocated to wrong actuators. We describe three attack models to implement these modes with going undetected by existing detection methods. A novel and effective framework is provided to detect command disaggregation attacks. The framework utilizes the correlations among two-tier command sequences, including commands from the output of central controller and sub-commands from the input of actuators, to detect attacks before disruptions occur. We have designed components of the framework and explain how to mine and use these correlations to detect attacks. We present two case studies to validate different levels of impact from various attack models and the effectiveness of the detection framework. Finally, we discuss how to enhance the detection framework.

Command Disaggregation Attack and Mitigation in Industrial Internet of Things.

Science.gov (United States)

Xun, Peng; Zhu, Pei-Dong; Hu, Yi-Fan; Cui, Peng-Shuai; Zhang, Yan

2017-10-21

A cyber-physical attack in the industrial Internet of Things can cause severe damage to physical system. In this paper, we focus on the command disaggregation attack, wherein attackers modify disaggregated commands by intruding command aggregators like programmable logic controllers, and then maliciously manipulate the physical process. It is necessary to investigate these attacks, analyze their impact on the physical process, and seek effective detection mechanisms. We depict two different types of command disaggregation attack modes: (1) the command sequence is disordered and (2) disaggregated sub-commands are allocated to wrong actuators. We describe three attack models to implement these modes with going undetected by existing detection methods. A novel and effective framework is provided to detect command disaggregation attacks. The framework utilizes the correlations among two-tier command sequences, including commands from the output of central controller and sub-commands from the input of actuators, to detect attacks before disruptions occur. We have designed components of the framework and explain how to mine and use these correlations to detect attacks. We present two case studies to validate different levels of impact from various attack models and the effectiveness of the detection framework. Finally, we discuss how to enhance the detection framework.

Counteracting Power Analysis Attacks by Masking

Science.gov (United States)

Oswald, Elisabeth; Mangard, Stefan

The publication of power analysis attacks [12] has triggered a lot of research activities. On the one hand these activities have been dedicated toward the development of secure and efficient countermeasures. On the other hand also new and improved attacks have been developed. In fact, there has been a continuous arms race between designers of countermeasures and attackers. This chapter provides a brief overview of the state-of-the art in the arms race in the context of a countermeasure called masking. Masking is a popular countermeasure that has been extensively discussed in the scientific community. Numerous articles have been published that explain different types of masking and that analyze weaknesses of this countermeasure.

Metrics for Assessment of Smart Grid Data Integrity Attacks

Energy Technology Data Exchange (ETDEWEB)

Annarita Giani; Miles McQueen; Russell Bent; Kameshwar Poolla; Mark Hinrichs

2012-07-01

There is an emerging consensus that the nation’s electricity grid is vulnerable to cyber attacks. This vulnerability arises from the increasing reliance on using remote measurements, transmitting them over legacy data networks to system operators who make critical decisions based on available data. Data integrity attacks are a class of cyber attacks that involve a compromise of information that is processed by the grid operator. This information can include meter readings of injected power at remote generators, power flows on transmission lines, and relay states. These data integrity attacks have consequences only when the system operator responds to compromised data by redispatching generation under normal or contingency protocols. These consequences include (a) financial losses from sub-optimal economic dispatch to service loads, (b) robustness/resiliency losses from placing the grid at operating points that are at greater risk from contingencies, and (c) systemic losses resulting from cascading failures induced by poor operational choices. This paper is focused on understanding the connections between grid operational procedures and cyber attacks. We first offer two examples to illustrate how data integrity attacks can cause economic and physical damage by misleading operators into taking inappropriate decisions. We then focus on unobservable data integrity attacks involving power meter data. These are coordinated attacks where the compromised data are consistent with the physics of power flow, and are therefore passed by any bad data detection algorithm. We develop metrics to assess the economic impact of these attacks under re-dispatch decisions using optimal power flow methods. These metrics can be use to prioritize the adoption of appropriate countermeasures including PMU placement, encryption, hardware upgrades, and advance attack detection algorithms.

SA in nuclear power push

International Nuclear Information System (INIS)

Anon.

1982-01-01

Uranium research takes on a new lease of life as South Africa pushes ahead with a two-pronged attack on future energy needs. The recent allocation to the Department of Mineral and Energy Affairs of more than R106 million for atomic energy research indicates that South Africa's heavy commitment to nuclear spending involves not only the Koeberg power station, with its two pressurised water reactors, but also a uranium enrichment plant that is expected to be in commercial production by 1985. Other countries' expenditures on nuclear activities are also discussed

Nuclear safety in France in 2001

International Nuclear Information System (INIS)

Anon.

2002-01-01

This article presents the milestones of 2001 concerning nuclear safety in France: 1) the new organization of nuclear safety in France, IPSN (institute of protection and nuclear safety) and OPRI (office for protection against ionizing radiation) have merged into an independent organization: IRSN (institute of radiation protection and nuclear safety); 2) a draft bill has been proposed by the government to impose to nuclear operators new obligations concerning the transfer of information to the public; 3) nuclear safety authorities have drafted a new procedure in order to cope with the demand concerning modification of nuclear fuel management particularly the increase of the burn-up; 4) new evolutions concerning the management of a major nuclear crisis as a consequence of the terrorist attack on New-york and the accident at the AZF plant in Toulouse; 5) a point is made concerning the work of the WENRA association about the harmonization of the nuclear safety policies of its different members. (A.C.)

Comment on the first anniversary of the terrorist attacks in the United States of America. Vienna, 11 September 2002

International Nuclear Information System (INIS)

ElBaradei, M.

2002-01-01

The IAEA has long been active in encouraging States to make security an integral part of the management of their nuclear programmes. The attacks in September 2001 were, however, a wake-up call to the world nuclear community that more can and must be done. In the wake of the terrorist attacks, Member States of the IAEA meeting in the Agency's General Conference adopted a resolution requesting that the IAEA Director General initiate a thorough review of the Agency's activities and programmes relevant to preventing acts of terrorism involving nuclear and other radioactive materials. The Agency moved rapidly to respond. It devised and is presently implementing an integrated action plan which includes enhanced and new activities to upgrade nuclear security worldwide and to combat nuclear terrorism. The plan covers eight areas: (1) physical protection of nuclear material and nuclear facilities; (2) detection of malicious activities (such as illicit trafficking) involving nuclear and other radioactive materials; (3) strengthening of State systems for nuclear material accountancy and control; (4) security of radioactive sources; (5) the assessment of safety and security related vulnerabilities at nuclear facilities; (6) response to malicious acts or threats thereof; (7) the adherence to international agreements and guidelines; and (8) co-ordination and information management for nuclear security related matters. National measures for protecting nuclear material and facilities remain uneven in their substance and application. There is wide recognition that the international physical protection regime needs to be further strengthened. Through its International Physical Protection Advisory Service (IPPAS), the Agency provides Member States with assessment services, together with associated advice and follow up actions to improve security arrangements at nuclear facilities. It also provides training and workshops, notably in assessing threats, as well as other supporting

A taxonomy of distributed denial of service attacks

DEFF Research Database (Denmark)

De Donno, Michele; Giaretta, Alberto; Dragoni, Nicola

2017-01-01

Distributed Denial of Service (DDoS) attacks which are now even more powerful and easier to achieve than the past. Understanding how these attacks work, in all their different forms, represents a first crucial step to tackle this urgent issue. To this end, in this paper we propose a new up-to-date taxonomy...... and a comprehensive classification of current DDoS attacks....

Register of international standard NP on IT based wireless application in nuclear power plants

International Nuclear Information System (INIS)

Koo, I. S.; Hong, S. B.; Cho, I. W.; Choi, Y. S.; Lee, J. C.

2011-04-01

DC draft of standard technical report for wireless applications in NPP is developed, which is a Korean IT technologies. Wireless technologies are forwardwd to converging technologies nuclear and IT area. These technologies are supported to reduce vulnerability against cyber attacks and are forwarded to international standards which met with the nuclear environment requirements. DC draft of standard technical report is provided and circulated. Korean experts participate in Plenary meeting for IEC TC45/SC45A and intermediate meeting for IEC SC45A/WGA3 and 9. Korean expert takes the chair of wireless session at ANS winter conference. Visible light communication is experimented for feasibility study on reducing vulnerability against cyber attacks. VLC is capable of robust wireless communication against cyber attacks. This is suggested to describe a method for technical report. Issue DTR for wireless applications in NPP in 2012

An Explanation of Nakamoto's Analysis of Double-spend Attacks

OpenAIRE

Ozisik, A. Pinar; Levine, Brian Neil

2017-01-01

The fundamental attack against blockchain systems is the double-spend attack. In this tutorial, we provide a very detailed explanation of just one section of Satoshi Nakamoto's original paper where the attack's probability of success is stated. We show the derivation of the mathematics relied upon by Nakamoto to create a model of the attack. We also validate the model with a Monte Carlo simulation, and we determine which model component is not perfect.

Non Proliferation of Nuclear

International Nuclear Information System (INIS)

Bambang S Irawan

2004-01-01

Non-Proliferation Treaty of Nuclear Weapons is the international community's efforts to maintain the security of the world, in order to prevent the spread of nuclear technology and the use of nuclear weapons, promoting cooperation for the use of nuclear peaceful purposes, build mutual trust (Confidence Building Measures) as well as to achieve the ultimate goal of disarmament overall (General and Complete Disarmament). Addressing the post-WTC tragedy, 11 September 2001, the Indonesian government should set up a National Measures (National Action Plan), among others formed the National Security Council and NBC Counter Proliferation Unit, or the National Authority for Nuclear Treaty, preparing national legislation, to prevent the abuse nuclear materials for terrorist acts, prevent Illicit Trafficking of Nuclear materials, developed a National Preparedness and Emergency Response Management in the event of a nuclear accident or attack by the use of nuclear terrorism. Importance of a National Action Plan meant the existence of a national commitment in the context of compliance with treaties and conventions which have been ratified relating to safety, security, safeguards towards a general and complete disarmament, to safeguard national security and maintain peace (safeguards) international

Modeling and Analysis of Information Attack in Computer Networks

National Research Council Canada - National Science Library

Pepyne, David

2003-01-01

... (as opposed to physical and other forms of attack) . Information based attacks are attacks that can be carried out from anywhere in the world, while sipping cappuccino at an Internet cafe' or while enjoying the comfort of a living room armchair...

Using an ontology for network attack planning

CSIR Research Space (South Africa)

Van Heerden, R

2016-09-01

Full Text Available The modern complexity of network attacks and their counter-measures (cyber operations) requires detailed planning. This paper presents a Network Attack Planning ontology which is aimed at providing support for planning such network operations within...

Protecting infrastructure networks from cost-based attacks

International Nuclear Information System (INIS)

Wang Xingang; Guan Shuguang; Lai, Choy Heng

2009-01-01

It is well known that heterogeneous networks are vulnerable to the intentional removal of a small fraction of highly connected or loaded nodes, implying that to protect the network effectively, the important nodes should be allocated more defense resource than the others. However, if too much resource is allocated to the few important nodes, the numerous less-important nodes will be less protected, which if attacked together can still lead to devastating damage. A natural question is therefore how to efficiently distribute the limited defense resource among the network nodes such that the network damage is minimized against any attack strategy. In this paper, taking into account the factor of attack cost, the problem of network security is reconsidered in terms of efficient network defense against cost-based attacks. The results show that, for a general complex network, there exists an optimal distribution of the defense resource with which the network is best protected from cost-based attacks. Furthermore, it is found that the configuration of the optimal defense is dependent on the network parameters. Specifically, networks of larger size, sparser connection and more heterogeneous structure will more likely benefit from the defense optimization.

Constructing APT Attack Scenarios Based on Intrusion Kill Chain and Fuzzy Clustering

Directory of Open Access Journals (Sweden)

Ru Zhang

2017-01-01

Full Text Available The APT attack on the Internet is becoming more serious, and most of intrusion detection systems can only generate alarms to some steps of APT attack and cannot identify the pattern of the APT attack. To detect APT attack, many researchers established attack models and then correlated IDS logs with the attack models. However, the accuracy of detection deeply relied on the integrity of models. In this paper, we propose a new method to construct APT attack scenarios by mining IDS security logs. These APT attack scenarios can be further used for the APT detection. First, we classify all the attack events by purpose of phase of the intrusion kill chain. Then we add the attack event dimension to fuzzy clustering, correlate IDS alarm logs with fuzzy clustering, and generate the attack sequence set. Next, we delete the bug attack sequences to clean the set. Finally, we use the nonaftereffect property of probability transfer matrix to construct attack scenarios by mining the attack sequence set. Experiments show that the proposed method can construct the APT attack scenarios by mining IDS alarm logs, and the constructed scenarios match the actual situation so that they can be used for APT attack detection.

On node replication attack in wireless sensor networks

International Nuclear Information System (INIS)

Qabulio, M.; Malkani, Y.A.

2015-01-01

WSNs (Wireless Sensor Networks) comprise a large number of small, inexpensive, low power and memory constrained sensing devices (called sensor nodes) that are densely deployed to measure a given physical phenomenon. Since WSNs are commonly deployed in a hostile and unattended environment, it is easy for an adversary to physically capture one or more legitimate sensor nodes, re-program and redeploy them in the network. As a result, the adversary becomes able to deploy several identical copies of physically captured nodes in the network in order to perform illegitimate activities. This type of attack is referred to as Node Replication Attack or Clone Node Attack. By launching node replication attack, an adversary can easily get control on the network which consequently is the biggest threat to confidentiality, integrity and availability of data and services. Thus, detection and prevention of node replication attack in WSNs has become an active area of research and to date more than two dozen schemes have been proposed, which address this issue. In this paper, we present a comprehensive review, classification and comparative analysis of twenty five of these schemes which help to detect and/or prevent node replication attack in WSNs. (author)

On Node Replication Attack in Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Mumtaz Qabulio

2016-04-01

Full Text Available WSNs (Wireless Sensor Networks comprise a large number of small, inexpensive, low power and memory constrained sensing devices (called sensor nodes that are densely deployed to measure a given physical phenomenon. Since WSNs are commonly deployed in a hostile and unattended environment, it is easy for an adversary to physically capture one or more legitimate sensor nodes, re-program and redeploy them in the network. As a result, the adversary becomes able to deploy several identical copies of physically captured nodes in the network in order to perform illegitimate activities. This type of attack is referred to as Node Replication Attack or Clone Node Attack. By launching node replication attack, an adversary can easily get control on the network which consequently is the biggest threat to confidentiality, integrity and availability of data and services. Thus, detection and prevention of node replication attack in WSNs has become an active area of research and to date more than two dozen schemes have been proposed, which address this issue. In this paper, we present a comprehensive review, classification and comparative analysis of twenty five of these schemes which help to detect and/or prevent node replication attack in WSNs

Attacker-defender game from a network science perspective

Science.gov (United States)

Li, Ya-Peng; Tan, Suo-Yi; Deng, Ye; Wu, Jun

2018-05-01

Dealing with the protection of critical infrastructures, many game-theoretic methods have been developed to study the strategic interactions between defenders and attackers. However, most game models ignore the interrelationship between different components within a certain system. In this paper, we propose a simultaneous-move attacker-defender game model, which is a two-player zero-sum static game with complete information. The strategies and payoffs of this game are defined on the basis of the topology structure of the infrastructure system, which is represented by a complex network. Due to the complexity of strategies, the attack and defense strategies are confined by two typical strategies, namely, targeted strategy and random strategy. The simulation results indicate that in a scale-free network, the attacker virtually always attacks randomly in the Nash equilibrium. With a small cost-sensitive parameter, representing the degree to which costs increase with the importance of a target, the defender protects the hub targets with large degrees preferentially. When the cost-sensitive parameter exceeds a threshold, the defender switches to protecting nodes randomly. Our work provides a new theoretical framework to analyze the confrontations between the attacker and the defender on critical infrastructures and deserves further study.

Are the rules for the right to self-defense outdated to address current conflicts like attacks from non-state actors and cyber-attacks?

Directory of Open Access Journals (Sweden)

Gonzalo J. Arias

2017-06-01

Full Text Available The latest US-led coalition’s attacks against ISIS in Syria raised the question whether states can use defensive force against non-state actors. Two critical incidents had previously triggered the discussion on the importance and consequences of cyber-attacks as a new form armed attacks. The first one occurred in Estonia in 2007, when the country experienced extensive computer hacking attacks that lasted several weeks. The second incident happened in 2008, during the Georgia–Russia conflict over South Ossetia, when Georgia experienced cyber-attacks similar to those suffered by Estonia in the previous year. Furthermore, on June 21, 2016, the central banks of Indonesia and South Korea were hit by cyber-attacks on their public websites since activist hacking group Anonymous pledged last month to target banks across the world. The previous incidents have created, once again, public questioning if the rules on the use of force and the right of self-defense established in the United Nations Charter are sufficient and efficient to address these new forms of attacks.

Development of Cyber Security Scheme for Nuclear Power Plant

Energy Technology Data Exchange (ETDEWEB)

Hong, S. B.; Choi, Y. S.; Cho, J. W. (and others)

2009-12-15

Nuclear I and C system is considered to be safe on the cyber threat because of the use of exclusive communication network and operating system. But the trend of open architecture and standardization on the equipment of I and C system, it is not safe on the cyber threat such as hacking and cyber terror. It is needed to protect nuclear I and C systems by the cyber attack, Countermeasures of the cyber security is required a lot of time and endeavors because there are many factors on the environment of cyber security and cyber attack. For the nuclear cyber security, we should make structural framework and eliminate cyber vulnerabilities by the analysis of cyber environment. The framework for the cyber security includes planning, embodiment of security technologies, security audit, security management and security maintenance. In this report, we examined IT security technology and the trend of standard in the industrial I and C system, and proposed a method to construct cyber security for the nuclear power plant. We analysed the threat of cyber security, vulnerability and cyber risk, then we present a method for the cyber security structure and the countermeasures.

Development of Cyber Security Scheme for Nuclear Power Plant

International Nuclear Information System (INIS)

Hong, S. B.; Choi, Y. S.; Cho, J. W.

2009-12-01

Nuclear I and C system is considered to be safe on the cyber threat because of the use of exclusive communication network and operating system. But the trend of open architecture and standardization on the equipment of I and C system, it is not safe on the cyber threat such as hacking and cyber terror. It is needed to protect nuclear I and C systems by the cyber attack, Countermeasures of the cyber security is required a lot of time and endeavors because there are many factors on the environment of cyber security and cyber attack. For the nuclear cyber security, we should make structural framework and eliminate cyber vulnerabilities by the analysis of cyber environment. The framework for the cyber security includes planning, embodiment of security technologies, security audit, security management and security maintenance. In this report, we examined IT security technology and the trend of standard in the industrial I and C system, and proposed a method to construct cyber security for the nuclear power plant. We analysed the threat of cyber security, vulnerability and cyber risk, then we present a method for the cyber security structure and the countermeasures

Nuclear fuel element

International Nuclear Information System (INIS)

Penrose, R.T.; Thompson, J.R.

1976-01-01

A method of protecting the cladding of a nuclear fuel element from internal attack and a nuclear fuel element for use in the core of a nuclear reactor are disclosed. The nuclear fuel element has disposed therein an additive of a barium-containing material and the barium-containing material collects reactive gases through chemical reaction or adsorption at temperatures ranging from room temperature up to fuel element plenum temperatures. The additive is located in the plenum of the fuel element and preferably in the form of particles in a hollow container having a multiplicity of gas permeable openings in one portion of the container with the openings being of a size smaller than the size of the particles. The openings permit gases and liquids entering the plenum to contact the particles. The additive is comprised of elemental barium or a barium alloy containing one or more metals in addition to barium such as aluminum, zirconium, nickel, titanium and combinations thereof. 6 claims, 3 drawing figures

After-gate attack on a quantum cryptosystem

International Nuclear Information System (INIS)

Wiechers, C; Wittmann, C; Elser, D; Marquardt, Ch; Leuchs, G; Lydersen, L; Skaar, J; Makarov, V

2011-01-01

We present a method to control the detection events in quantum key distribution systems that use gated single-photon detectors. We employ bright pulses as faked states, timed to arrive at the avalanche photodiodes outside the activation time. The attack can remain unnoticed, since the faked states do not increase the error rate per se. This allows for an intercept-resend attack, where an eavesdropper transfers her detection events to the legitimate receiver without causing any errors. As a side effect, afterpulses, originating from accumulated charge carriers in the detectors, increase the error rate. We have experimentally tested detectors of the system id3110 (Clavis2) from ID Quantique. We identify the parameter regime in which the attack is feasible despite the side effect. Furthermore, we outline how simple modifications in the implementation can make the device immune to this attack.

Compiling symbolic attacks to protocol implementation tests

Directory of Open Access Journals (Sweden)

Michael Rusinowitch

2013-07-01

Full Text Available Recently efficient model-checking tools have been developed to find flaws in security protocols specifications. These flaws can be interpreted as potential attacks scenarios but the feasability of these scenarios need to be confirmed at the implementation level. However, bridging the gap between an abstract attack scenario derived from a specification and a penetration test on real implementations of a protocol is still an open issue. This work investigates an architecture for automatically generating abstract attacks and converting them to concrete tests on protocol implementations. In particular we aim to improve previously proposed blackbox testing methods in order to discover automatically new attacks and vulnerabilities. As a proof of concept we have experimented our proposed architecture to detect a renegotiation vulnerability on some implementations of SSL/TLS, a protocol widely used for securing electronic transactions.

An Analysis of Cyber-Attack on NPP Considering Physical Impact

Energy Technology Data Exchange (ETDEWEB)

Lee, In Hyo; Kang, Hyun Gook [KAIST, Daejeon (Korea, Republic of); Son, Han Seong [Joonbu University, Geumsan (Korea, Republic of)

2016-05-15

Some research teams performed related works on cyber-physical system which is a system that cyber-attack can lead to serious consequences including product loss, damage, injury and death when it is attacked. They investigated the physical impact on cyber-physical system due to the cyber-attack. But it is hard to find the research about NPP cyber security considering the physical impact or safety. In this paper, to investigate the relationship between physical impact and cyber-attack, level 1 PSA results are utilized in chapter 2 and cyber-attack analysis is performed in chapter 3. The cyber security issue on NPP is inevitable issue. Unlike general cyber security, cyber-physical system like NPP can induce serious consequences such as core damage by cyber-attack. So in this paper, to find how hacker can attack the NPP, (1) PSA results were utilized to find the relationship between physical system and cyber-attack and (2) vulnerabilities on digital control systems were investigated to find how hacker can implement the possible attack. It is expected that these steps are utilized when establishing penetration test plans or cyber security drill plans.

An Analysis of Cyber-Attack on NPP Considering Physical Impact

International Nuclear Information System (INIS)

Lee, In Hyo; Kang, Hyun Gook; Son, Han Seong

2016-01-01

Some research teams performed related works on cyber-physical system which is a system that cyber-attack can lead to serious consequences including product loss, damage, injury and death when it is attacked. They investigated the physical impact on cyber-physical system due to the cyber-attack. But it is hard to find the research about NPP cyber security considering the physical impact or safety. In this paper, to investigate the relationship between physical impact and cyber-attack, level 1 PSA results are utilized in chapter 2 and cyber-attack analysis is performed in chapter 3. The cyber security issue on NPP is inevitable issue. Unlike general cyber security, cyber-physical system like NPP can induce serious consequences such as core damage by cyber-attack. So in this paper, to find how hacker can attack the NPP, (1) PSA results were utilized to find the relationship between physical system and cyber-attack and (2) vulnerabilities on digital control systems were investigated to find how hacker can implement the possible attack. It is expected that these steps are utilized when establishing penetration test plans or cyber security drill plans

Nuclear security from cradle to grave

International Nuclear Information System (INIS)

Raja Adnan, Raja Abdul Aziz

2016-01-01

On 8 May 2016, the Amendment to the Convention on the Physical Protection of Nuclear Material (CPPNM) finally entered into force, almost eleven years after its adoption. The world will be a more secure place as a result of the commitments that States party to the Amendment have made. The Amendment establishes legally binding commitments for countries to protect nuclear facilities as well as nuclear material in domestic use, storage and transport. Under the Amendment, countries are required to establish appropriate physical protection regimes for nuclear material. They also take on new obligations to share information on sabotage, including on credible threats of sabotage. The entry into force of the Amendment demonstrates the international community’s resolve to act together to strengthen nuclear security globally. It also helps reduce the risk of an attack involving nuclear material, which could have catastrophic consequences.

Classification of cyber attacks in South Africa

CSIR Research Space (South Africa)

Van Heerden, R

2016-05-01

Full Text Available various ATM's throughout South Africa. Two criminals, Motsoane and Masoleng, were arrested in February 2012 and both sentenced to 15 years in jail [36, 37]. 3.10 2013: IOL DDoS Anonymous Africa claimed responsibility for launching a Distributed Denial... of Service (DDoS) attack on the Independent Newspaper web site iol.co.za. The attack was in response to claims that the IOL group supports Zimbabwean president Robert Mugabe. The following taunt was sent to boast about the attack: “IOL bad boys bad boys...

A Review Of Recent Cyber-Attacks In Fiji

Directory of Open Access Journals (Sweden)

Neeraj A. Sharma

2015-08-01

Full Text Available Computing technology has evolved in such dramatic ways that a child can use such technology and their features. Internet is one such technology which allows peripheral devices to be connected to each other creating a network to share information. In the same way information can be attacked. In this paper we will be discussing the different types of cyber-attack that recently took place in Fiji. Common attacks discussed in this review paper are phishing email scams website defacement and skimming. Apart from common preventative methods some novel recommendations have been made. We believe the Fiji experiences and recommendations will assist technology users prepare better against such attacks.

Research on high power intra-channel crosstalk attack in optical networks

Science.gov (United States)

Ren, Shuai; Zhang, Yinfa; Wang, Jingyu; Zhang, Jumei; Rao, Xuejun; Fang, Yuanyuan

2017-02-01

The mechanism of high power intra-channel crosstalk attack is analyzed theoretically and the conclusion that power of attack signal and crosstalk coefficient of optical switch are the main factors for which high power intra-channel have destructive effect on quality of legitimate signals is drawn. Effects of high power intra-channel crosstalk attack on quality of legitimate signals and its capability of attack propagation are investigated quantitatively by building the simulation system in VPI software. The results show that legitimate signals through the first and the second stage optical switch are affected by attack and legitimate signal through the third stage optical switch is almost unaffected by attack when power of original attack signal (OAS) is above 20dB more than that of legitimate signals and crosstalk coefficient of optical switch is -20dB at optical cross connect 1 (OXC1). High power intra-channel crosstalk attack has a certain capability of attack propagation. Attack capability of OAS can be propagated to OXC3 when power of OAS is 27dB more than that of legitimate signals and crosstalk coefficient of optical switch is -20dB. We also find that the secondary attack signal (SAS) does not have capability of attack propagation.

Nuclear security policy in the context of counter-terrorism in Cambodia

International Nuclear Information System (INIS)

Khun, Vuthy; Wongsawaeng, Doonyapong

2016-01-01

The risk of nuclear or dirty bomb attack by terrorists is one of the most urgent and threatening danger. The Cambodian national strategy to combat weapons of mass destruction (WMD) depicts a layered system of preventive measures ranging from securing materials at foreign sources to interdicting weapons or nuclear or other radioactive materials at ports, border crossings, and within the Cambodian institutions dealing with the nuclear security to manage the preventive programs. The aim of this study is to formulate guidance, to identify scenario of threat and risk, and to pinpoint necessary legal frameworks on nuclear security in the context of counterterrorism based on the International Atomic Energy Agency nuclear security series. The analysis of this study is guided by theoretical review, the review of international laws and politics, by identifying and interpreting applicable rules and norms establishing the nuclear security regime and how well enforcement of the regime is carried out and, what is the likelihood of the future reform might be. This study will examine the existing national legal frameworks of Cambodia in the context of counterterrorism to prevent acts of nuclear terrorism and the threat of a terrorist nuclear attack within the Cambodia territory. It will shed light on departmental lanes of national nuclear security responsibility, and provide a holistic perspective on the needs of additional resources and emphasis regarding nuclear security policy in the context of counterterrorism in Cambodia

Nuclear security policy in the context of counter-terrorism in Cambodia

Energy Technology Data Exchange (ETDEWEB)

Khun, Vuthy, E-mail: vuthy.khun@gmail.com; Wongsawaeng, Doonyapong [Department of Nuclear Engineering, Faculty of Engineering, Chulalongkorn University, 254 Phayathai Road, Pathumwan, Bangkok 10330 (Thailand)

2016-01-22

The risk of nuclear or dirty bomb attack by terrorists is one of the most urgent and threatening danger. The Cambodian national strategy to combat weapons of mass destruction (WMD) depicts a layered system of preventive measures ranging from securing materials at foreign sources to interdicting weapons or nuclear or other radioactive materials at ports, border crossings, and within the Cambodian institutions dealing with the nuclear security to manage the preventive programs. The aim of this study is to formulate guidance, to identify scenario of threat and risk, and to pinpoint necessary legal frameworks on nuclear security in the context of counterterrorism based on the International Atomic Energy Agency nuclear security series. The analysis of this study is guided by theoretical review, the review of international laws and politics, by identifying and interpreting applicable rules and norms establishing the nuclear security regime and how well enforcement of the regime is carried out and, what is the likelihood of the future reform might be. This study will examine the existing national legal frameworks of Cambodia in the context of counterterrorism to prevent acts of nuclear terrorism and the threat of a terrorist nuclear attack within the Cambodia territory. It will shed light on departmental lanes of national nuclear security responsibility, and provide a holistic perspective on the needs of additional resources and emphasis regarding nuclear security policy in the context of counterterrorism in Cambodia.

Nuclear security policy in the context of counter-terrorism in Cambodia

Science.gov (United States)

Khun, Vuthy; Wongsawaeng, Doonyapong

2016-01-01

The risk of nuclear or dirty bomb attack by terrorists is one of the most urgent and threatening danger. The Cambodian national strategy to combat weapons of mass destruction (WMD) depicts a layered system of preventive measures ranging from securing materials at foreign sources to interdicting weapons or nuclear or other radioactive materials at ports, border crossings, and within the Cambodian institutions dealing with the nuclear security to manage the preventive programs. The aim of this study is to formulate guidance, to identify scenario of threat and risk, and to pinpoint necessary legal frameworks on nuclear security in the context of counterterrorism based on the International Atomic Energy Agency nuclear security series. The analysis of this study is guided by theoretical review, the review of international laws and politics, by identifying and interpreting applicable rules and norms establishing the nuclear security regime and how well enforcement of the regime is carried out and, what is the likelihood of the future reform might be. This study will examine the existing national legal frameworks of Cambodia in the context of counterterrorism to prevent acts of nuclear terrorism and the threat of a terrorist nuclear attack within the Cambodia territory. It will shed light on departmental lanes of national nuclear security responsibility, and provide a holistic perspective on the needs of additional resources and emphasis regarding nuclear security policy in the context of counterterrorism in Cambodia.

Nuclear denotation: a topic for global public health concern

International Nuclear Information System (INIS)

Wiwanitkit, Viroj

2011-01-01

In mid of March 2011, a big Tsunami attacked Japan and caused serious destruction. In addition to the destroyed infrastructure, disruption of the nuclear plants occurred and this is the origin of the big problem of nuclear denotation which is of present concern. Nuclear denotation is an actually interesting new problem that affects a large group of world population. This situation is new and requires our attention in a global level. In this article, the author summarizes and discusses this important topic

Evaluation of Crosstalk Attacks in Access Networks

DEFF Research Database (Denmark)

Wagner, Christoph; Eiselt, Michael; Grobe, Klaus

2016-01-01

WDM-PON systems regained interest as low-cost solution for metro and access networks. We present a comparative analysis of resilience of wavelength-selective and wavelength-routed architectures against crosstalk attackers. We compare the vulnerability of these architectures against attacks...

Global nuclear cleanout initiative 2004

International Nuclear Information System (INIS)

Edlow, J.; Gruber, G.

2004-01-01

Full text: During more than 50 years of Atoms for Peace programmes nuclear materials were spread out worldwide. Stranded nuclear materials from nuclear research are left over without any safe back-end solution. 'Dirty Bombs' or so-called 'Radioactive Dispersal Devices (RDD)' are no longer science fiction since the world experienced the 9/11 attack. Governmental, NGO's and private industry organizations having discussed Global Nuclear Cleanout since then and start to take actions. The US Department of Energy (DOE) has announced to establish a dedicated organization in cooperation with IAEA and start the 'Global Threat Reduction Initiative (GTRI)'. The US government will allocate to that program USD 450 M over the next 10 years. Besides the historical development the paper will focus on the progress of the different initiatives and perspectives to threat reduction. (author)

Optimal counterterrorism and the recruitment effect of large terrorist attacks

DEFF Research Database (Denmark)

Jensen, Thomas

2011-01-01

We analyze a simple dynamic model of the interaction between terrorists and authorities. Our primary aim is to study optimal counterterrorism and its consequences when large terrorist attacks lead to a temporary increase in terrorist recruitment. First, we show that an increase in counterterrorism...... makes it more likely that terrorist cells plan small rather than large attacks and therefore may increase the probability of a successful attack. Analyzing optimal counterterrorism we see that the recruitment effect makes authorities increase the level of counterterrorism after large attacks. Therefore......, in periods following large attacks a new attack is more likely to be small compared to other periods. Finally, we analyze the long-run consequences of the recruitment effect. We show that it leads to more counterterrorism, more small attacks, and a higher sum of terrorism damage and counterterrorism costs...

Quantitative Verification and Synthesis of Attack-Defence Scenarios Conference

NARCIS (Netherlands)

Aslanyan, Zaruhi; Nielson, Flemming; Parker, David

Attack-defence trees are a powerful technique for formally evaluating attack-defence scenarios. They represent in an intuitive, graphical way the interaction between an attacker and a defender who compete in order to achieve conflicting objectives. We propose a novel framework for the formal

Adult Public Education for Nuclear Terrorism: An Analysis of Cold War and War on Terror Preparedness Discourses

Science.gov (United States)

Fisher, Debra A.

2014-01-01

The nuclear terrorist threat is far greater today than ever before, but the United States is unprepared to respond to the aftermath of a nuclear attack, whether perpetrated by rogue nuclear countries or the terrorist groups they support. Following the detonation of an improvised nuclear device (IND), citizens, not government personnel, become the…

'Cryptogenic Drop Attacks' revisited: evidence of overlap with functional neurological disorder.

Science.gov (United States)

Hoeritzauer, Ingrid; Carson, Alan J; Stone, Jon

2018-02-07

In their 1973 BMJ paper 'Cryptogenic Drop Attacks', Stevens and Matthews described 40, mostly middle-aged, female patients with drop attacks of unknown cause. Although clinically common, there has been little on this topic since. We aimed to determine clinical features, comorbidity and outcome of patients with drop attacks. We carried out a retrospective review of patients with cryptogenic drop attacks seen consecutively by one clinician (JS) between 2006 and 2016. Demographics, phenomenology, duration and frequency of attacks, attack description and comorbid diagnoses were recorded. Patients were followed up with a notes review. 83 patients with cryptogenic drop attacks were predominantly female (89%, n=79), mean age 44  years. The majority (93%, n=77) could not remember the fall itself and almost half (43%, n=36) experienced prodromal dissociative symptoms. Mechanical trips or syncope preceded drop attacks, historically, in 24% (n=20) of cases. Persistent fatigue (73%, n=61), chronic pain (40%, n=33), functional limb weakness (31%,n=26) and dissociative (non-epileptic) attacks 28% (n=23) were common, with the latter usually preceding or emerging from drop attacks. At follow-up (88%, mean 38 months), 28% (n=23) had resolution of their drop attacks. Predisposing (but non-causative) disease comorbidity was found at baseline (n=12) and follow-up (n=5). Cryptogenic drop attacks are associated with high frequency of comorbid functional somatic and functional neurological disorders. Patients commonly have prodromal dissociative symptoms and in some there was a clear relationship with prior or subsequent dissociative (non-epileptic) attacks. Some cryptogenic drop attacks may be best understood as phenomena on the spectrum of dissociative attacks. © Article author(s) (or their employer(s) unless otherwise stated in the text of the article) 2018. All rights reserved. No commercial use is permitted unless otherwise expressly granted.

Evolution of war and cyber attacks in the concept of conventional warfare

Directory of Open Access Journals (Sweden)

Huseyin Kuru

2018-01-01

Full Text Available Humanity have witnessed many confrontations of states whose interests challenge at some points and their struggle to neutralize problems in battlefield. While war was perceived as a way of eliminating deadlocks for some parties, some considered it as one of the international policy materials. The definition and content of conventional warfare have been subject to change for centuries, while the new weapons and technologies have been developed by human beings that it has brought constant change in the law of war and at the same time more lethal and devastating consequences. The struggle for superiority in international relations played an impulsive role in the development of weapons used in the battlefield. Countries have used their labor and financial resources to improve their military skills. Beginning with stones and sticks in the battlefield, this struggle has reached the point of using the next generation satellite controlled unmanned and armed aircrafts and having nuclear weapons has become more deterrent than using them. The struggle between strong countries and the limited countries in terms of technology and armed groups that do not have enough technology and skills completely changed the definition of conventional warfare. This fight has led Asymmetric warfare born which can turn commercial airline planes full of innocent people into a weapon like September-11 attacks. In this study, the historical development and the change in the content of the warfare were briefly explained and then cyber-attacks in the concept of the fourth generation warfare was analyzed taking into account of prominent attacks.

Optimal Patrol to Detect Attacks at Dispersed Heterogeneous Locations

Science.gov (United States)

2013-12-01

solution RALP Random-attacker linear program SALP Strategic-attacker linear program SMDP Semi-Markov decision process SP Shortest path SPR1 Shortest...average cost per attack among all vertices, which we refer to as the strategic-attacker linear program ( SALP ): min x zOPT (3.1a) subject to ∑ (k,l)∈A c...the SALP is indicated by zOPT. The lower bound that is obtained from using the LBLP is indicated by zLB. Solutions obtained from using a heuristic

In front of a new challenge: nuclear terrorism

International Nuclear Information System (INIS)

Puig, D.E.

2004-01-01

Radiation sources utilising either radioactive materials or radiation generators have been widely used throughout the world in medicine, research, industry and education for decades. There are both, legal and governmental responsibilities in respect of the safe use of ionising radiation sources, radiation protection, the safe management of radioactive waste and the safe transport of radioactive material. The attacks of 11 September 2001 brought a new dimension to the actions against terrorism. There are not enough legal instruments to control this phenomenon. Potential threat: acquisition of a nuclear weapon, acquisition of nuclear material to construct a nuclear weapon or to cause a radiological hazard, violent acts against nuclear facilities to cause a radiological hazard, acquisition of other radioactive materials to construct a dirty bomb to cause a radiological hazard. 'The Convention on the Physical Protection of Nuclear Material', IAEA, 1980 obliges Parties to apply established levels of physical protection to nuclear material used for peaceful purposes in international transport. It also requires Parties to criminalize under their respective laws various acts such as theft, illegal acquisition, possession and use, and to establish jurisdiction over those offences to enable the prosecution or extradition of alleged offenders. This is the only international legal instrument in the area of physical protection. Conclusion: At present the threat is not only of a nuclear accident but of a nuclear terrorism attack which could affect any country in the world and the lack of effective legal instruments to respond to that situation. It shows the need for the international community to work together in order to reinforce coordinated and integrated nuclear security and safeguards measures. States shall create appropriated regulatory infrastructures to ensure that the radioactive sources are appropriately regulated and adequately secured at all times. Stronger and

Detecting Distributed SQL Injection Attacks in a Eucalyptus Cloud Environment

Science.gov (United States)

Kebert, Alan; Barnejee, Bikramjit; Solano, Juan; Solano, Wanda

2013-01-01

The cloud computing environment offers malicious users the ability to spawn multiple instances of cloud nodes that are similar to virtual machines, except that they can have separate external IP addresses. In this paper we demonstrate how this ability can be exploited by an attacker to distribute his/her attack, in particular SQL injection attacks, in such a way that an intrusion detection system (IDS) could fail to identify this attack. To demonstrate this, we set up a small private cloud, established a vulnerable website in one instance, and placed an IDS within the cloud to monitor the network traffic. We found that an attacker could quite easily defeat the IDS by periodically altering its IP address. To detect such an attacker, we propose to use multi-agent plan recognition, where the multiple source IPs are considered as different agents who are mounting a collaborative attack. We show that such a formulation of this problem yields a more sophisticated approach to detecting SQL injection attacks within a cloud computing environment.

Can a Copycat Effect be Observed in Terrorist Suicide Attacks?

Directory of Open Access Journals (Sweden)

Nicholas Farnham

2017-03-01

Full Text Available The purpose of this paper is to explore how a copycat effect – established within the field of suicide studies – may manifest itself in terrorist suicide attacks, and takes an exploratory approach in evaluating the prospect of incorporating open-data resources in future counter-terrorism research. This paper explores a possible ‘copycat effect’ in cases of suicide terrorism, which entails a perpetrator being inspired by a preceding attack to carry out a similar attack not long after the original. In the wake of mounting risks of lone wolf terrorist attacks today and due to the general difficulties faced in preventing such attacks, in this paper we explore a potential area of future prevention in media reporting, security and anti-terrorism policies today. Using the START Global Terrorism Database (GTD, this paper investigates terrorist suicide-attack clusters and analyses the relationship between attacks found within the same cluster. Using a mixed-method approach, our analyses did not uncover clear evidence supporting a copycat effect among the studied attacks. These and other findings have numerous policy and future research implications.

Transient Ischemic Attack

Medline Plus

Full Text Available ... major stroke. It's important to call 9-1-1 immediately for any stroke symptoms. Popular Topics TIA Cardiac Catheter Cholesterol Heart Attack Stent © 2018, American Heart Association, Inc. All rights reserved. Unauthorized use prohibited. The content in this ...

THE REPRISAL ATTACKS BY AL-SHABAAB AGAINST KENYA

Directory of Open Access Journals (Sweden)

E.O.S.ODHIAMBO

2013-10-01

Full Text Available The incursion of Kenya Defence Forces (KDF into Somalia was met by a series of threats from the Al-Shabaab that it would increase the attacks against Kenya if the troops were not withdrawn. The capture of Kismayu by KDF has weakened the nerve of Al-Shabaab but has not eliminated the imminent danger of a substantive terror attack. Since the incursion by KDF, Kenya has succumbed to a sequence of grenade and Improvised Explosive Devices attacks, roadside bombs, landmines and raids by fighters using small arms and light weapons and Rocket Propelled Grenades against Kenyans mostly in North Eastern, Coastal and Nairobi counties, marking the resurgence of terrorism in the country. We argue that Kenya is more vulnerable to Al-Shabaab terrorists attack than before the KDF incursion by citing the frequencies of reprisal attacks from October 2011 to January 2013. Hence, our troops should be withdrawn and deployed within our boundary.

Thwarting Nonintrusive Occupancy Detection Attacks from Smart Meters

Directory of Open Access Journals (Sweden)

Dapeng Man

2017-01-01

Full Text Available Occupancy information is one of the most important privacy issues of a home. Unfortunately, an attacker is able to detect occupancy from smart meter data. The current battery-based load hiding (BLH methods cannot solve this problem. To thwart occupancy detection attacks, we propose a framework of battery-based schemes to prevent occupancy detection (BPOD. BPOD monitors the power consumption of a home and detects the occupancy in real time. According to the detection result, BPOD modifies those statistical metrics of power consumption, which highly correlate with the occupancy by charging or discharging a battery, creating a delusion that the home is always occupied. We evaluate BPOD in a simulation using several real-world smart meter datasets. Our experiment results show that BPOD effectively prevents the threshold-based and classifier-based occupancy detection attacks. Furthermore, BPOD is also able to prevent nonintrusive appliance load monitoring attacks (NILM as a side-effect of thwarting detection attacks.

Detecting peripheral-based attacks on the host memory

CERN Document Server

Stewin, Patrick

2015-01-01

This work addresses stealthy peripheral-based attacks on host computers and presents a new approach to detecting them. Peripherals can be regarded as separate systems that have a dedicated processor and dedicated runtime memory to handle their tasks. The book addresses the problem that peripherals generally communicate with the host via the host’s main memory, storing cryptographic keys, passwords, opened files and other sensitive data in the process – an aspect attackers are quick to exploit.  Here, stealthy malicious software based on isolated micro-controllers is implemented to conduct an attack analysis, the results of which provide the basis for developing a novel runtime detector. The detector reveals stealthy peripheral-based attacks on the host’s main memory by exploiting certain hardware properties, while a permanent and resource-efficient measurement strategy ensures that the detector is also capable of detecting transient attacks, which can otherwise succeed when the applied strategy only me...

Reflections on realism in the nuclear age

International Nuclear Information System (INIS)

Cohen, A.

1987-01-01

It is against the realism of living with nuclear weapons that the author addresses. Indeed, realism as a theory of international relations has been under attack on normative-philosophical grounds in recent years by a number of political theorists. The reasons for my criticism of nuclear realism, however, are quite different and separate from the general moral case against realism put forward by these theorists. The arguments developed in this paper are derived directly from the emergent features of the nuclear predicament itself, the ways in which the rise of nuclear weapons has turned out to negate the fundamental logic of realism. The nuclear predicament brings realism to a reductio ad absurdum and negates the very political framework that is supposed to justify it

Non-nuclear, non-provocative defense for Europe

International Nuclear Information System (INIS)

Barnaby, F.; Boeker, E.

1988-01-01

This paper reports on the conventional wisdom which is that if Warsaw Pact forces attacked NATO they would probably win the war in a few weeks unless NATO used battlefield nuclear weapons to stop the advancing Warsaw Pact forces. This means, of course, also the risk of having to use nuclear weapons on West German territory; this use would inevitably result in the death of a large number of West German civilians and great damage to property. The cost to NATO in death and collateral damage of using battlefield nuclear weapons would be so high as to make this use incredible

The cost of French military nuclear programs

International Nuclear Information System (INIS)

Barrillot, B.

1999-02-01

The author tries to find out the real cost of French nuclear weaponry. According to this study the total cost of the French military nuclear programs for 1960-1998 period is about 1499 milliard francs (MdF). This cost can be distributed as follows: i) fabrication of the bomb: 690 MdF; ii) display of the bomb: 727 MdF; iii) control of the bomb: 50 Mdf; iv) protection against nuclear attacks: 9 MdF; and v) dismantling of the bomb: 23 MdF. It goes without saying that these figures exceed by far those given by French authorities. (A.C.)

Why cryptography should not rely on physical attack complexity

CERN Document Server

Krämer, Juliane

2015-01-01

This book presents two practical physical attacks. It shows how attackers can reveal the secret key of symmetric as well as asymmetric cryptographic algorithms based on these attacks, and presents countermeasures on the software and the hardware level that can help to prevent them in the future. Though their theory has been known for several years now, since neither attack has yet been successfully implemented in practice, they have generally not been considered a serious threat. In short, their physical attack complexity has been overestimated and the implied security threat has been underestimated. First, the book introduces the photonic side channel, which offers not only temporal resolution, but also the highest possible spatial resolution. Due to the high cost of its initial implementation, it has not been taken seriously. The work shows both simple and differential photonic side channel analyses. Then, it presents a fault attack against pairing-based cryptography. Due to the need for at least two indepe...

Multi-Layer Approach for the Detection of Selective Forwarding Attacks.

Science.gov (United States)

Alajmi, Naser; Elleithy, Khaled

2015-11-19

Security breaches are a major threat in wireless sensor networks (WSNs). WSNs are increasingly used due to their broad range of important applications in both military and civilian domains. WSNs are prone to several types of security attacks. Sensor nodes have limited capacities and are often deployed in dangerous locations; therefore, they are vulnerable to different types of attacks, including wormhole, sinkhole, and selective forwarding attacks. Security attacks are classified as data traffic and routing attacks. These security attacks could affect the most significant applications of WSNs, namely, military surveillance, traffic monitoring, and healthcare. Therefore, there are different approaches to detecting security attacks on the network layer in WSNs. Reliability, energy efficiency, and scalability are strong constraints on sensor nodes that affect the security of WSNs. Because sensor nodes have limited capabilities in most of these areas, selective forwarding attacks cannot be easily detected in networks. In this paper, we propose an approach to selective forwarding detection (SFD). The approach has three layers: MAC pool IDs, rule-based processing, and anomaly detection. It maintains the safety of data transmission between a source node and base station while detecting selective forwarding attacks. Furthermore, the approach is reliable, energy efficient, and scalable.

Multi-Layer Approach for the Detection of Selective Forwarding Attacks

Directory of Open Access Journals (Sweden)

Naser Alajmi

2015-11-01

Full Text Available Security breaches are a major threat in wireless sensor networks (WSNs. WSNs are increasingly used due to their broad range of important applications in both military and civilian domains. WSNs are prone to several types of security attacks. Sensor nodes have limited capacities and are often deployed in dangerous locations; therefore, they are vulnerable to different types of attacks, including wormhole, sinkhole, and selective forwarding attacks. Security attacks are classified as data traffic and routing attacks. These security attacks could affect the most significant applications of WSNs, namely, military surveillance, traffic monitoring, and healthcare. Therefore, there are different approaches to detecting security attacks on the network layer in WSNs. Reliability, energy efficiency, and scalability are strong constraints on sensor nodes that affect the security of WSNs. Because sensor nodes have limited capabilities in most of these areas, selective forwarding attacks cannot be easily detected in networks. In this paper, we propose an approach to selective forwarding detection (SFD. The approach has three layers: MAC pool IDs, rule-based processing, and anomaly detection. It maintains the safety of data transmission between a source node and base station while detecting selective forwarding attacks. Furthermore, the approach is reliable, energy efficient, and scalable.

Adversarial Feature Selection Against Evasion Attacks.

Science.gov (United States)

Zhang, Fei; Chan, Patrick P K; Biggio, Battista; Yeung, Daniel S; Roli, Fabio

2016-03-01

Pattern recognition and machine learning techniques have been increasingly adopted in adversarial settings such as spam, intrusion, and malware detection, although their security against well-crafted attacks that aim to evade detection by manipulating data at test time has not yet been thoroughly assessed. While previous work has been mainly focused on devising adversary-aware classification algorithms to counter evasion attempts, only few authors have considered the impact of using reduced feature sets on classifier security against the same attacks. An interesting, preliminary result is that classifier security to evasion may be even worsened by the application of feature selection. In this paper, we provide a more detailed investigation of this aspect, shedding some light on the security properties of feature selection against evasion attacks. Inspired by previous work on adversary-aware classifiers, we propose a novel adversary-aware feature selection model that can improve classifier security against evasion attacks, by incorporating specific assumptions on the adversary's data manipulation strategy. We focus on an efficient, wrapper-based implementation of our approach, and experimentally validate its soundness on different application examples, including spam and malware detection.

Operating Nuclear Power Stations in a Regulated Cyber Security Environment

Energy Technology Data Exchange (ETDEWEB)

Dorman, E.

2014-07-01

The United States Nuclear Regulatory Commission (NRC) issued 10CFR73.54 to implement a regulated Cyber Security Program at each operating nuclear reactor facility. Milestones were implemented December 31, 2012 to mitigate the attack vectors for the most critical digital assets acknowledged by the industry and the NR C. The NRC inspections have begun. The nuclear Cyber Security Plan, implemented by the site Cyber Security Program (Program), is an element of the operating license at each facility. (Author)

Operating Nuclear Power Stations in a Regulated Cyber Security Environment

International Nuclear Information System (INIS)

Dorman, E.

2014-01-01

The United States Nuclear Regulatory Commission (NRC) issued 10CFR73.54 to implement a regulated Cyber Security Program at each operating nuclear reactor facility. Milestones were implemented December 31, 2012 to mitigate the attack vectors for the most critical digital assets acknowledged by the industry and the NR C. The NRC inspections have begun. The nuclear Cyber Security Plan, implemented by the site Cyber Security Program (Program), is an element of the operating license at each facility. (Author)

Trojan-horse attacks on quantum-key-distribution systems

International Nuclear Information System (INIS)

Gisin, N.; Fasel, S.; Kraus, B.; Zbinden, H.; Ribordy, G.

2006-01-01

General Trojan-horse attacks on quantum-key-distribution systems, i.e., attacks on Alice or Bob's system via the quantum channel, are analyzed. We illustrate the power of such attacks with today's technology and conclude that all systems must implement active counter measures. In particular, all systems must include an auxiliary detector that monitors any incoming light. We show that such counter measures can be efficient, provided that enough additional privacy amplification is applied to the data. We present a practical way to reduce the maximal information gain that an adversary can gain using Trojan-horse attacks. This does reduce the security analysis of the two-way plug-and-play implementation to those of the standard one-way systems

12 CFR 308.17 - Collateral attacks on adjudicatory proceeding.

Science.gov (United States)

2010-01-01

... 12 Banks and Banking 4 2010-01-01 2010-01-01 false Collateral attacks on adjudicatory proceeding... PRACTICE RULES OF PRACTICE AND PROCEDURE Uniform Rules of Practice and Procedure § 308.17 Collateral attacks on adjudicatory proceeding. If an interlocutory appeal or collateral attack is brought in any...

12 CFR 19.17 - Collateral attacks on adjudicatory proceeding.

Science.gov (United States)

2010-01-01

... 12 Banks and Banking 1 2010-01-01 2010-01-01 false Collateral attacks on adjudicatory proceeding... OF PRACTICE AND PROCEDURE Uniform Rules of Practice and Procedure § 19.17 Collateral attacks on adjudicatory proceeding. If an interlocutory appeal or collateral attack is brought in any court concerning all...

Drammer : Deterministic Rowhammer attacks on mobile platforms

NARCIS (Netherlands)

Van Der Veen, Victor; Fratantonio, Yanick; Lindorfer, Martina; Gruss, Daniel; Maurice, Clémentine; Vigna, Giovanni; Bos, Herbert; Razavi, Kaveh; Giuffrida, Cristiano

2016-01-01

Recent work shows that the Rowhammer hardware bug can be used to craft powerful attacks and completely subvert a system. However, existing efforts either describe probabilistic (and thus unreliable) attacks or rely on special (and often unavailable) memory management features to place victim objects

A Comprehensive Taxonomy and Analysis of IEEE 802.15.4 Attacks

Directory of Open Access Journals (Sweden)

Yasmin M. Amin

2016-01-01

Full Text Available The IEEE 802.15.4 standard has been established as the dominant enabling technology for Wireless Sensor Networks (WSNs. With the proliferation of security-sensitive applications involving WSNs, WSN security has become a topic of great significance. In comparison with traditional wired and wireless networks, WSNs possess additional vulnerabilities which present opportunities for attackers to launch novel and more complicated attacks against such networks. For this reason, a thorough investigation of attacks against WSNs is required. This paper provides a single unified survey that dissects all IEEE 802.15.4 PHY and MAC layer attacks known to date. While the majority of existing references investigate the motive and behavior of each attack separately, this survey classifies the attacks according to clear metrics within the paper and addresses the interrelationships and differences between the attacks following their classification. The authors’ opinions and comments regarding the placement of the attacks within the defined classifications are also provided. A comparative analysis between the classified attacks is then performed with respect to a set of defined evaluation criteria. The first half of this paper addresses attacks on the IEEE 802.15.4 PHY layer, whereas the second half of the paper addresses IEEE 802.15.4 MAC layer attacks.

The accountability problem of flooding attacks in service-oriented architectures

DEFF Research Database (Denmark)

Jensen, Meiko; Schwenk, Jörg

2009-01-01

The threat of Denial of Service attacks poses a serious problem to the security of network-based services in general. For flooding attacks against service-oriented applications, this threat is dramatically amplified with potentially much higher impact and very little effort on the attacker's side....... Additionally, due to the high distribution of a SOA application's components, fending such attacks becomes a far more complex task. In this paper, we present the problem of accountability, referring to the issue of resolving the attacker in a highly distributed service-oriented application. Using a general...

Attack Helicopter Operations: Art or Science

Science.gov (United States)

1991-05-13

ATTACK HELICOPTER OPERATIONS: ART OR SCIENCE ? BY LIEUTENANT COLONEL JAN CALLEN United States Army DISTRIBUTION STATEMENT A: Approved for public release...TASK IWORK UNIT ELEMENT NO. NO. NO. ACCESSION NC 11. TITLE (Include Socurity Classification) Attack Helicopter Operations: Art or Science ? 12. PERSONAL...OPERATIONS: ART OR SCIENCE ? AN INDIVIDUAL STUDY PROJECT by Lieutenant Colonel Jan Callen United States Army Colonel Greg Snelgrove Project Adviser U.S

Attacker Model Lab

OpenAIRE

2006-01-01

tut quiz present Tutorial Quiz Presentation Interactive Media Element This interactive tutorial the two sub-classes of computer attackers: amateurs and professionals. It provides valuable insight into the nature of necessary protection measure for information assets. CS3600 Information Assurance: Introduction to Computer Security Course

Nuclear safety research - risk and other risks

International Nuclear Information System (INIS)

Rossin, A.D.

1982-01-01

The nuclear power industry deals in many kinds of risks, complicated by political stress and communication problems. Power plant design must prepare for the unexpected attack, physical as well as psychological, but a zero-defects technology is not possible. The public has not been made sufficiently aware of the risk the US takes if there is not enough energy because nuclear power has been curtailed. Energy shortages could drive industry and jobs abroad, force the public to turn to government for a solution, drive the country to energy allocation, and cause a nuclear war. Policies that prevent closing the nuclear fuel cycle are ineffective in preventing proliferation and counterproductive to national needs

A Secure Localization Approach against Wormhole Attacks Using Distance Consistency

Directory of Open Access Journals (Sweden)

Lou Wei

2010-01-01

Full Text Available Wormhole attacks can negatively affect the localization in wireless sensor networks. A typical wormhole attack can be launched by two colluding attackers, one of which sniffs packets at one point in the network and tunnels them through a wired or wireless link to another point, and the other relays them within its vicinity. In this paper, we investigate the impact of the wormhole attack on the localization and propose a novel distance-consistency-based secure localization scheme against wormhole attacks, which includes three phases of wormhole attack detection, valid locators identification and self-localization. The theoretical model is further formulated to analyze the proposed secure localization scheme. The simulation results validate the theoretical results and also demonstrate the effectiveness of our proposed scheme.

Extended Password Recovery Attacks against APOP, SIP, and Digest Authentication

Science.gov (United States)

Sasaki, Yu; Wang, Lei; Ohta, Kazuo; Kunihiro, Noboru

In this paper, we propose password recovery attacks against challenge-response authentication protocols. Our attacks use a message difference for a MD5 collision attack proposed in IEICE 2008. First, we show how to efficiently find a message pair that collides with the above message difference. Second, we show that a password used in authenticated post office protocol (APOP) can be recovered practically. We also show that the password recovery attack can be applied to a session initiation protocol (SIP) and digest authentication. Our attack can recover up to the first 31 password characters in a short time and up to the first 60 characters faster than the naive search method. We have implemented our attack and confirmed that 31 characters can be successfully recovered.

12 CFR 747.17 - Collateral attacks on adjudicatory proceeding.

Science.gov (United States)

2010-01-01

... 12 Banks and Banking 6 2010-01-01 2010-01-01 false Collateral attacks on adjudicatory proceeding... INVESTIGATIONS Uniform Rules of Practice and Procedure § 747.17 Collateral attacks on adjudicatory proceeding. If an interlocutory appeal or collateral attack is brought in any court concerning all or any part of an...

Phase-remapping attack in practical quantum-key-distribution systems

International Nuclear Information System (INIS)

Fung, Chi-Hang Fred; Qi, Bing; Lo, Hoi-Kwong; Tamaki, Kiyoshi

2007-01-01

Quantum key distribution (QKD) can be used to generate secret keys between two distant parties. Even though QKD has been proven unconditionally secure against eavesdroppers with unlimited computation power, practical implementations of QKD may contain loopholes that may lead to the generated secret keys being compromised. In this paper, we propose a phase-remapping attack targeting two practical bidirectional QKD systems (the 'plug-and-play' system and the Sagnac system). We showed that if the users of the systems are unaware of our attack, the final key shared between them can be compromised in some situations. Specifically, we showed that, in the case of the Bennett-Brassard 1984 (BB84) protocol with ideal single-photon sources, when the quantum bit error rate (QBER) is between 14.6% and 20%, our attack renders the final key insecure, whereas the same range of QBER values has been proved secure if the two users are unaware of our attack; also, we demonstrated three situations with realistic devices where positive key rates are obtained without the consideration of Trojan horse attacks but in fact no key can be distilled. We remark that our attack is feasible with only current technology. Therefore, it is very important to be aware of our attack in order to ensure absolute security. In finding our attack, we minimize the QBER over individual measurements described by a general POVM, which has some similarity with the standard quantum state discrimination problem

Effectiveness of the Call in Beach Volleyball Attacking Play

Directory of Open Access Journals (Sweden)

Künzell Stefan

2014-12-01

Full Text Available In beach volleyball the setter has the opportunity to give her or his hitter a “call”. The call intends that the setter suggests to her or his partner where to place the attack in the opponent’s court. The effectiveness of a call is still unknown. We investigated the women’s and men’s Swiss National Beach Volleyball Championships in 2011 and analyzed 2185 attacks. We found large differences between female and male players. While men called in only 38.4% of attacks, women used calls in 85.5% of attacks. If the male players followed a given call, 63% of the attacks were successful. The success rate of attacks without any call was 55.8% and 47.6% when the call was ignored. These differences were not significant (χ2(2 = 4.55, p = 0.103. In women’s beach volleyball, the rate of successful attacks was 61.5% when a call was followed, 35% for attacks without a call, and 42.6% when a call was ignored. The differences were highly significant (χ2(2 = 23.42, p < 0.0005. Taking into account the findings of the present study, we suggested that the call was effective in women’s beach volleyball, while its effect in men’s game was unclear. Considering the quality of calls we indicate that there is a significant potential to increase the effectiveness of a call.

Shilling Attacks Detection in Recommender Systems Based on Target Item Analysis.

Science.gov (United States)

Zhou, Wei; Wen, Junhao; Koh, Yun Sing; Xiong, Qingyu; Gao, Min; Dobbie, Gillian; Alam, Shafiq

2015-01-01

Recommender systems are highly vulnerable to shilling attacks, both by individuals and groups. Attackers who introduce biased ratings in order to affect recommendations, have been shown to negatively affect collaborative filtering (CF) algorithms. Previous research focuses only on the differences between genuine profiles and attack profiles, ignoring the group characteristics in attack profiles. In this paper, we study the use of statistical metrics to detect rating patterns of attackers and group characteristics in attack profiles. Another question is that most existing detecting methods are model specific. Two metrics, Rating Deviation from Mean Agreement (RDMA) and Degree of Similarity with Top Neighbors (DegSim), are used for analyzing rating patterns between malicious profiles and genuine profiles in attack models. Building upon this, we also propose and evaluate a detection structure called RD-TIA for detecting shilling attacks in recommender systems using a statistical approach. In order to detect more complicated attack models, we propose a novel metric called DegSim' based on DegSim. The experimental results show that our detection model based on target item analysis is an effective approach for detecting shilling attacks.

Shilling Attacks Detection in Recommender Systems Based on Target Item Analysis

Science.gov (United States)

Zhou, Wei; Wen, Junhao; Koh, Yun Sing; Xiong, Qingyu; Gao, Min; Dobbie, Gillian; Alam, Shafiq

2015-01-01

Recommender systems are highly vulnerable to shilling attacks, both by individuals and groups. Attackers who introduce biased ratings in order to affect recommendations, have been shown to negatively affect collaborative filtering (CF) algorithms. Previous research focuses only on the differences between genuine profiles and attack profiles, ignoring the group characteristics in attack profiles. In this paper, we study the use of statistical metrics to detect rating patterns of attackers and group characteristics in attack profiles. Another question is that most existing detecting methods are model specific. Two metrics, Rating Deviation from Mean Agreement (RDMA) and Degree of Similarity with Top Neighbors (DegSim), are used for analyzing rating patterns between malicious profiles and genuine profiles in attack models. Building upon this, we also propose and evaluate a detection structure called RD-TIA for detecting shilling attacks in recommender systems using a statistical approach. In order to detect more complicated attack models, we propose a novel metric called DegSim’ based on DegSim. The experimental results show that our detection model based on target item analysis is an effective approach for detecting shilling attacks. PMID:26222882

Collaborative Attack Mitigation and Response: A survey

NARCIS (Netherlands)

Steinberger, Jessica; Sperotto, Anna; Baier, Harald; Pras, Aiko

2015-01-01

Over recent years, network-based attacks have become to one of the top causes of network infrastructure and service outages. To counteract a network-based attack, an approach is to move mitigation from the target network to the networks of Internet Service Providers (ISP). However, it remains

A Unique Fatal Moose Attack Mimicking Homicide.

Science.gov (United States)

Gudmannsson, Petur; Berge, Johan; Druid, Henrik; Ericsson, Göran; Eriksson, Anders

2018-03-01

Fatalities caused by animal attacks are rare, but have the potential to mimic homicide. We present a case in which a moose attacked and killed a woman who was walking her dog in a forest. Autopsy showed widespread blunt trauma with a large laceration on one leg in which blades of grass were embedded. Flail chest was the cause of death. The case was initially conceived as homicide by means of a riding lawn mower. A review of the case by moose experts and analyses of biological trace material that proved to originate from moose, established the true source of injury. The dog probably provoked a moose, which, in response, stomped and gored the victim to death. The injuries resembled those previously reported from attacks by cattle and water buffalo. Fatal moose attacks constitute an extremely rare threat in boreal areas, but can be considered in traumatic deaths of unknown cause. © 2017 American Academy of Forensic Sciences.

The role of sleep in migraine attacks

Directory of Open Access Journals (Sweden)

Elaine Inamorato

1993-11-01

Full Text Available Migraine attacks may be precipitated by sleep deprivation or excessive sleep and sleep is also associated with relief of migraine attacks. In view of this variable relationship we studied the records of 159 consecutive outpatients of our Headache Unit. In 121 records there was reference to sleep involvement, in 55% by a single form and in 45% by more than one form. When only one form was related, relief was most common (70%. 30% of that group of patients had the migraine attack precipitated by sleep, 24% by deprivation and 6% by sleep excess. When the effects of sleep were multiple, these effects were as expected logically in 65%: «in accordance» group (e.g attack precipitated by sleep deprivation and relieved by sleep onset. In a second group, («conflicting» where the involvement was not logical, there were three different combinations of sleep involvement, possibly due to more than one pathophysiological mechanism.

Changes in vestibular evoked myogenic potentials after Meniere attacks.

Science.gov (United States)

Kuo, Shih-Wei; Yang, Ting-Hua; Young, Yi-Ho

2005-09-01

The aim of this study was to apply videonystagmography (VNG) and vestibular evoked myogenic potential (VEMP) tests to patients with Meniere attacks, to explore the mechanics of where saccular disorders may affect the semicircular canals. From January 2001 to December 2003, 12 consecutive patients with unilateral definite Meniere's disease with vertiginous attacks underwent VNG for recording spontaneous nystagmus, as well as VEMP tests. At the very beginning of the Meniere attack, the spontaneous nystagmus beat toward the lesion side in 5 patients (42%) and toward the healthy side in 7 patients (58%). Twenty-four hours later, only 6 patients (50%) showed spontaneous nystagmus beating toward the healthy side. Nevertheless, spontaneous nystagmus subsided in all patients within 48 hours. The VEMP test was performed within 24 hours of a Meniere attack; the VEMPs were normal in 4 patients and abnormal in 8 patients (67%). After 48 hours, 4 patients with initially abnormal VEMPs had resolution and return to normal VEMPs, and the other 4 patients still had absent VEMPs. Most patients (67%) with Meniere attacks revealed abnormal VEMPs, indicating that the saccule participates in a Meniere attack. This is an important idea that stimulates consideration of the mechanism of Meniere attacks.

Messaging Attacks on Android: Vulnerabilities and Intrusion Detection

Directory of Open Access Journals (Sweden)

Khodor Hamandi

2015-01-01

Full Text Available Currently, Android is the leading mobile operating system in number of users worldwide. On the security side, Android has had significant challenges despite the efforts of the Android designers to provide a secure environment for apps. In this paper, we present numerous attacks targeting the messaging framework of the Android system. Our focus is on SMS, USSD, and the evolution of their associated security in Android and accordingly the development of related attacks. Also, we shed light on the Android elements that are responsible for these attacks. Furthermore, we present the architecture of an intrusion detection system (IDS that promises to thwart SMS messaging attacks. Our IDS shows a detection rate of 87.50% with zero false positives.

Cyber meets nuclear - Stuxnet and the cyberattacks on Iranian centrifuges

Energy Technology Data Exchange (ETDEWEB)

Englert, Matthias [IANUS, TU Darmstadt (Germany)

2013-07-01

In 2010 the computer worm Stuxnet attacked the information hardware of the Iranian uranium enrichment program. Stuxnet spread by USB flash drives and attacked SCADA software installed on Windows systems via several zero-day exploits. SCADA configures programmable logic controllers which control in the case of the Iranian centrifuge cascades frequency converter drives to choose the frequency of centrifuge motors. Thus the attackers were able to either change the rotation frequency of the rotor and thereby the separative power of the centrifuge or even destroy the fast spinning centrifuges by stopping and restarting them. The designers of Stuxnet must have had intimate knowledge of the facility design as e.g. the cascade connection scheme was programmed into Stuxnet. Based on this information some calculations of the Iranian cascade regarding the potential to produce highly enriched uranium will be presented using cascade simulation tools. The use of such highly sophisticated computer attacks to sabotage a nuclear program shed a new light on the debate about cyber attacks and the use of information technology for kinetic attacks in general. The talk will address problems the weaponization of information technology poses for international security and will highlight some more recent developments.

Pre-fire planning for nuclear power plants

International Nuclear Information System (INIS)

Talbert, J.H.

1980-01-01

Regardless of the fire prevention measures which are taken, plant experience indicates that fires will occur in a nuclear power plant. When a fire occurs, the plant staff must handle the fire emergency. Pre-fire planning is a method of developing detailed fire attack plans and salvage operations to protect equipment from damage due to fire and fire fighting operations. This paper describes the purpose and use of a pre-fire plan to achieve these goals in nuclear power plants

Front against the Temelin nuclear power station

International Nuclear Information System (INIS)

Anon.

1990-01-01

Though the main concern of the author is the Czechoslovakian Temelin power station, the main target of his attacks are the Austrian proponents of nuclear energy i.e. the Reactor Safty Commission and the Austrian Chancellor. The newly opened possibility of anti-nuclear propaganda in the CSFR, by Greenpeace and the author's organisation is welcomed. The number of signatures collected against Temelin is given as 350.000. 815 signatures come from Japan: a facsimile of some Japanese signatures is presented

Methods for tornado frequency calculation of nuclear power plant

International Nuclear Information System (INIS)

Liu Haibin; Li Lin

2012-01-01

In order to take probabilistic safety assessment of nuclear power plant tornado attack event, a method to calculate tornado frequency of nuclear power plant is introduced based on HAD 101/10 and NUREG/CR-4839 references. This method can consider history tornado frequency of the plant area, construction dimension, intensity various along with tornado path and area distribution and so on and calculate the frequency of different scale tornado. (authors)

Defending networks against denial-of-service attacks

Science.gov (United States)

Gelenbe, Erol; Gellman, Michael; Loukas, George

2004-11-01

Denial of service attacks, viruses and worms are common tools for malicious adversarial behavior in networks. Experience shows that over the last few years several of these techniques have probably been used by governments to impair the Internet communications of various entities, and we can expect that these and other information warfare tools will be used increasingly as part of hostile behavior either independently, or in conjunction with other forms of attack in conventional or asymmetric warfare, as well as in other forms of malicious behavior. In this paper we concentrate on Distributed Denial of Service Attacks (DDoS) where one or more attackers generate flooding traffic and direct it from multiple sources towards a set of selected nodes or IP addresses in the Internet. We first briefly survey the literature on the subject, and discuss some examples of DDoS incidents. We then present a technique that can be used for DDoS protection based on creating islands of protection around a critical information infrastructure. This technique, that we call the CPN-DoS-DT (Cognitive Packet Networks DoS Defence Technique), creates a self-monitoring sub-network surrounding each critical infrastructure node. CPN-DoS-DT is triggered by a DDoS detection scheme, and generates control traffic from the objects of the DDoS attack to the islands of protection where DDOS packet flows are destroyed before they reach the critical infrastructure. We use mathematical modelling, simulation and experiments on our test-bed to show the positive and negative outcomes that may result from both the attack, and the CPN-DoS-DT protection mechanism, due to imperfect detection and false alarms.

Performance Improvement of Power Analysis Attacks on AES with Encryption-Related Signals

Science.gov (United States)

Lee, You-Seok; Lee, Young-Jun; Han, Dong-Guk; Kim, Ho-Won; Kim, Hyoung-Nam

A power analysis attack is a well-known side-channel attack but the efficiency of the attack is frequently degraded by the existence of power components, irrelative to the encryption included in signals used for the attack. To enhance the performance of the power analysis attack, we propose a preprocessing method based on extracting encryption-related parts from the measured power signals. Experimental results show that the attacks with the preprocessed signals detect correct keys with much fewer signals, compared to the conventional power analysis attacks.

Nuclear war: preliminary estimates of the climatic effects of a nuclear exchange

International Nuclear Information System (INIS)

MacCracken, M.C.

1983-10-01

The smoke rising from burning cities, industrial areas, and forests if such areas are attacked as part of a major nuclear exchange is projected to increase the hemispheric average atmospheric burden of highly absorbent carbonaceous material by 100 to 1000 times. As the smoke spreads from these fires, it would prevent sunlight from reaching the surface, leading to a sharp cooling of land areas over a several day period. Within a few weeks, the thick smoke would spread so as to largely cover the mid-latitudes of the Northern Hemisphere, cooling mid-continental smoke-covered areas by, perhaps, a few tens of degrees Celsius. Cooling of near coastal areas would be substantially less, since oceanic heat capacity would help to buffer temperature changes in such regions. The calculations on which these findings are based contain many assumptions, shortcomings and uncertainties that affect many aspects of the estimated response. It seems, nonetheless, quite possible that if a nuclear exchange involves attacks on a very large number of cities and industrial areas, thereby starting fires that generate as much smoke as is suggested by recent studies, substantial cooling could be expected that would last weeks to months over most continental regions of the Northern Hemisphere, but which may have relatively little direct effect on the Southern Hemisphere

Nuclear Issues in a Non-nuclear Country Media

International Nuclear Information System (INIS)

Latek, S.

2002-01-01

The absence of nuclear power program in a given country does not mean that the nuclear option is not discussed. Greenhouse effect is a global phenomenon, thus each and every factor enabling the reduction of CO 2 emissions has to be examined. Not a single NPP is in operation in Poland and this will be so for the nearest dozen years. But the discussion over political decisions to delay the possible NPP construction beyond 2020 continues. In the country whose electricity in 95% comes from coal, the clean (from the greenhouse effect viewpoint) nuclear power makes an attractive solution for many experts. This paper presents Polish debates on the electricity production environmental impacts, which are followed by the media. Unfortunately, a favorite subject of Polish media is still Chernobyl accident, but presented in an exaggerated and often untrue way. This one-sided fear campaign has been interrupted recently by a publication calling the reports on Chernobyl victims a biggest bluff of XX century. This paper presents some examples of nuclear campaigns in the media, e.g. the issues of depleted uranium ammunition, Temelin NPP commissioning and the transit of fresh nuclear fuel for this facility through Poland, radiation accident in one of Polish hospitals, possible terrorist attacks on nuclear facilities, UNSCEAR report on Chernobyl accident health impacts. It remains to be seen how the hundreds of publications appearing each week will shape public attitudes towards nuclear power in Poland. (author)

Mass casualty response in the 2008 Mumbai terrorist attacks.

Science.gov (United States)

Roy, Nobhojit; Kapil, Vikas; Subbarao, Italo; Ashkenazi, Isaac

2011-12-01

The November 26-29, 2008, terrorist attacks on Mumbai were unique in its international media attention, multiple strategies of attack, and the disproportionate national fear they triggered. Everyone was a target: random members of the general population, iconic targets, and foreigners alike were under attack by the terrorists. A retrospective, descriptive study of the distribution of terror victims to various city hospitals, critical radius, surge capacity, and the nature of specialized medical interventions was gathered through police, legal reports, and interviews with key informants. Among the 172 killed and 304 injured people, about four-fifths were men (average age, 33 years) and 12% were foreign nationals. The case-fatality ratio for this event was 2.75:1, and the mortality rate among those who were critically injured was 12%. A total of 38.5% of patients arriving at the hospitals required major surgical intervention. Emergency surgical operations were mainly orthopedic (external fixation for compound fractures) and general surgical interventions (abdominal explorations for penetrating bullet/shrapnel injuries). The use of heavy-duty automatic weapons, explosives, hostages, and arson in these terrorist attacks alerts us to new challenges to medical counterterrorism response. The need for building central medical control for a coordinated response and for strengthening public hospital capacity are lessons learned for future attacks. These particular terrorist attacks had global consequences, in terms of increased security checks and alerts for and fears of further similar "Mumbai-style" attacks. The resilience of the citizens of Mumbai is a critical measure of the long-term effects of terror attacks.

1994 Attack Team Workshop: Phase II - Full-Scale Offensive Fog Attack Tests

National Research Council Canada - National Science Library

Scheffey, Joseph

1997-01-01

.... This report demonstrates the benefits of using a medium angle fog stream to control the overhead fire threat when conducting a direct attack on a growing/steady state fire where the sea of the fire is obstructed...

Network overload due to massive attacks

Science.gov (United States)

Kornbluth, Yosef; Barach, Gilad; Tuchman, Yaakov; Kadish, Benjamin; Cwilich, Gabriel; Buldyrev, Sergey V.

2018-05-01

We study the cascading failure of networks due to overload, using the betweenness centrality of a node as the measure of its load following the Motter and Lai model. We study the fraction of survived nodes at the end of the cascade pf as a function of the strength of the initial attack, measured by the fraction of nodes p that survive the initial attack for different values of tolerance α in random regular and Erdös-Renyi graphs. We find the existence of a first-order phase-transition line pt(α ) on a p -α plane, such that if p pt , pf is large and the giant component of the network is still present. Exactly at pt, the function pf(p ) undergoes a first-order discontinuity. We find that the line pt(α ) ends at a critical point (pc,αc) , in which the cascading failures are replaced by a second-order percolation transition. We find analytically the average betweenness of nodes with different degrees before and after the initial attack, we investigate their roles in the cascading failures, and we find a lower bound for pt(α ) . We also study the difference between localized and random attacks.

Novel mechanism of network protection against the new generation of cyber attacks

Science.gov (United States)

Milovanov, Alexander; Bukshpun, Leonid; Pradhan, Ranjit

2012-06-01

A new intelligent mechanism is presented to protect networks against the new generation of cyber attacks. This mechanism integrates TCP/UDP/IP protocol stack protection and attacker/intruder deception to eliminate existing TCP/UDP/IP protocol stack vulnerabilities. It allows to detect currently undetectable, highly distributed, low-frequency attacks such as distributed denial-of-service (DDoS) attacks, coordinated attacks, botnet, and stealth network reconnaissance. The mechanism also allows insulating attacker/intruder from the network and redirecting the attack to a simulated network acting as a decoy. As a result, network security personnel gain sufficient time to defend the network and collect the attack information. The presented approach can be incorporated into wireless or wired networks that require protection against known and the new generation of cyber attacks.

Software test attacks to break mobile and embedded devices

CERN Document Server

Hagar, Jon Duncan

2013-01-01

Address Errors before Users Find Them Using a mix-and-match approach, Software Test Attacks to Break Mobile and Embedded Devices presents an attack basis for testing mobile and embedded systems. Designed for testers working in the ever-expanding world of ""smart"" devices driven by software, the book focuses on attack-based testing that can be used by individuals and teams. The numerous test attacks show you when a software product does not work (i.e., has bugs) and provide you with information about the software product under test. The book guides you step by step starting with the basics. It

Modeling attacking of high skills volleyball players

Directory of Open Access Journals (Sweden)

Vladimir Gamaliy

2014-12-01

Full Text Available Purpose: to determine the model indicators of technical and tactical actions in the attack highly skilled volleyball players. Material and Methods: the study used statistical data of major international competitions: Olympic Games – 2012 World Championships – 2010, World League – 2010–2014 European Championship – 2010–2014. A total of 130 analyzed games. Methods were used: analysis and generalization of scientific and methodological literature, analysis of competitive activity highly skilled volleyball players, teacher observation, modeling technical and tactical actions in attacking highly skilled volleyball players. Results: it was found that the largest volume application of technical and tactical actions in the attack belongs to the group tactics «supple movement», whose indicator is 21,3%. The smallest amount of application belongs to the group tactics «flight level» model whose indicators is 5,4%, the efficiency of 3,4%, respectively. It is found that the power service in the jump from model parameters used in 51,6% of cases, the planning targets – 21,7% and 4,4% planning to reduce. Attacks performed with the back line, on model parameters used in the amount of 20,8% efficiency –13,7%. Conclusions: we prove that the performance of technical and tactical actions in the attack can be used as model in the control system of training and competitive process highly skilled volleyball players

Sleep Deprivation Attack Detection in Wireless Sensor Network

OpenAIRE

Bhattasali, Tapalina; Chaki, Rituparna; Sanyal, Sugata

2012-01-01

Deployment of sensor network in hostile environment makes it mainly vulnerable to battery drainage attacks because it is impossible to recharge or replace the battery power of sensor nodes. Among different types of security threats, low power sensor nodes are immensely affected by the attacks which cause random drainage of the energy level of sensors, leading to death of the nodes. The most dangerous type of attack in this category is sleep deprivation, where target of the intruder is to maxi...

Survey of threat studies related to the nuclear power industry

International Nuclear Information System (INIS)

Wagner, N.R.

1977-08-01

A considerable effort has been directed toward the determination of threat characteristics, resulting in a voluminous collection of documents. This report summarizes several of the major studies in order to make the information more accessible. This summary includes only studies involving attacks on nuclear material, plus those incidents which because of their objectives, resources, or motivations may lend insight into potential threat against nuclear facilities or material

Calcium Supplements: A Risk Factor for Heart Attack?

Science.gov (United States)

... factor for heart attack? I've read that calcium supplements may increase the risk of heart attack. ... D. Some doctors think it's possible that taking calcium supplements may increase your risk of a heart ...

Using the Domain Name System to Thwart Automated Client-Based Attacks

Energy Technology Data Exchange (ETDEWEB)

Taylor, Curtis R [ORNL; Shue, Craig A [ORNL

2011-09-01

On the Internet, attackers can compromise systems owned by other people and then use these systems to launch attacks automatically. When attacks such as phishing or SQL injections are successful, they can have negative consequences including server downtime and the loss of sensitive information. Current methods to prevent such attacks are limited in that they are application-specific, or fail to block attackers. Phishing attempts can be stopped with email filters, but if the attacker manages to successfully bypass these filters, then the user must determine if the email is legitimate or not. Unfortunately, they often are unable to do so. Since attackers have a low success rate, they attempt to compensate for it in volume. In order to have this high throughput, attackers take shortcuts and break protocols. We use this knowledge to address these issues by implementing a system that can detect malicious activity and use it to block attacks. If the client fails to follow proper procedure, they can be classified as an attacker. Once an attacker has been discovered, they will be isolated and monitored. This can be accomplished using existing software in Ubuntu Linux applications, along with our custom wrapper application. After running the system and seeing its performance on three popular Web browsers Chromium, Firefox and Internet Explorer as well as two popular email clients, Thunderbird and Evolution, we found that not only is this system conceivable, it is effective and has low overhead.

Multilevel Modeling of Distributed Denial of Service Attacks in Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Katarzyna Mazur

2016-01-01

Full Text Available The growing popularity of wireless sensor networks increases the risk of security attacks. One of the most common and dangerous types of attack that takes place these days in any electronic society is a distributed denial of service attack. Due to the resource constraint nature of mobile sensors, DDoS attacks have become a major threat to its stability. In this paper, we established a model of a structural health monitoring network, being disturbed by one of the most common types of DDoS attacks, the flooding attack. Through a set of simulations, we explore the scope of flood-based DDoS attack problem, assessing the performance and the lifetime of the network under the attack condition. To conduct our research, we utilized the Quality of Protection Modeling Language. With the proposed approach, it was possible to examine numerous network configurations, parameters, attack options, and scenarios. The results of the carefully performed multilevel analysis allowed us to identify a new kind of DDoS attack, the delayed distributed denial of service, by the authors, referred to as DDDoS attack. Multilevel approach to DDoS attack analysis confirmed that, examining endangered environments, it is significant to take into account many characteristics at once, just to not overlook any important aspect.

Exploiting Small Leakages in Masks to Turn a Second-Order Attack into a First-Order Attack and Improved Rotating Substitution Box Masking with Linear Code Cosets

Science.gov (United States)

DeTrano, Alexander; Karimi, Naghmeh; Karri, Ramesh; Guo, Xiaofei; Carlet, Claude; Guilley, Sylvain

2015-01-01

Masking countermeasures, used to thwart side-channel attacks, have been shown to be vulnerable to mask-extraction attacks. State-of-the-art mask-extraction attacks on the Advanced Encryption Standard (AES) algorithm target S-Box recomputation schemes but have not been applied to scenarios where S-Boxes are precomputed offline. We propose an attack targeting precomputed S-Boxes stored in nonvolatile memory. Our attack targets AES implemented in software protected by a low entropy masking scheme and recovers the masks with 91% success rate. Recovering the secret key requires fewer power traces (in fact, by at least two orders of magnitude) compared to a classical second-order attack. Moreover, we show that this attack remains viable in a noisy environment or with a reduced number of leakage points. Eventually, we specify a method to enhance the countermeasure by selecting a suitable coset of the masks set. PMID:26491717

Quick Reference: Cyber Attacks Awareness and Prevention Method for Home Users

OpenAIRE

Haydar Teymourlouei

2015-01-01

It is important to take security measures to protect your computer information, reduce identify theft, and prevent from malicious cyber-attacks. With cyber-attacks on the continuous rise, people need to understand and learn ways to prevent from these attacks. Cyber-attack is an important factor to be considered if one is to be able to protect oneself from malicious attacks. Without proper security measures, most computer technology would hinder home users more than such t...

Securing a cyber physical system in nuclear power plants using least square approximation and computational geometric approach

International Nuclear Information System (INIS)

Gawand, Hemangi Laxman; Bhattacharjee, A. K.; Roy, Kallol

2017-01-01

In industrial plants such as nuclear power plants, system operations are performed by embedded controllers orchestrated by Supervisory Control and Data Acquisition (SCADA) software. A targeted attack (also termed a control aware attack) on the controller/SCADA software can lead a control system to operate in an unsafe mode or sometimes to complete shutdown of the plant. Such malware attacks can result in tremendous cost to the organization for recovery, cleanup, and maintenance activity. SCADA systems in operational mode generate huge log files. These files are useful in analysis of the plant behavior and diagnostics during an ongoing attack. However, they are bulky and difficult for manual inspection. Data mining techniques such as least squares approximation and computational methods can be used in the analysis of logs and to take proactive actions when required. This paper explores methodologies and algorithms so as to develop an effective monitoring scheme against control aware cyber attacks. It also explains soft computation techniques such as the computational geometric method and least squares approximation that can be effective in monitor design. This paper provides insights into diagnostic monitoring of its effectiveness by attack simulations on a four-tank model and using computation techniques to diagnose it. Cyber security of instrumentation and control systems used in nuclear power plants is of paramount importance and hence could be a possible target of such applications

Securing a cyber physical system in nuclear power plants using least square approximation and computational geometric approach

Energy Technology Data Exchange (ETDEWEB)

Gawand, Hemangi Laxman [Homi Bhabha National Institute, Computer Section, BARC, Mumbai (India); Bhattacharjee, A. K. [Reactor Control Division, BARC, Mumbai (India); Roy, Kallol [BHAVINI, Kalpakkam (India)

2017-04-15

In industrial plants such as nuclear power plants, system operations are performed by embedded controllers orchestrated by Supervisory Control and Data Acquisition (SCADA) software. A targeted attack (also termed a control aware attack) on the controller/SCADA software can lead a control system to operate in an unsafe mode or sometimes to complete shutdown of the plant. Such malware attacks can result in tremendous cost to the organization for recovery, cleanup, and maintenance activity. SCADA systems in operational mode generate huge log files. These files are useful in analysis of the plant behavior and diagnostics during an ongoing attack. However, they are bulky and difficult for manual inspection. Data mining techniques such as least squares approximation and computational methods can be used in the analysis of logs and to take proactive actions when required. This paper explores methodologies and algorithms so as to develop an effective monitoring scheme against control aware cyber attacks. It also explains soft computation techniques such as the computational geometric method and least squares approximation that can be effective in monitor design. This paper provides insights into diagnostic monitoring of its effectiveness by attack simulations on a four-tank model and using computation techniques to diagnose it. Cyber security of instrumentation and control systems used in nuclear power plants is of paramount importance and hence could be a possible target of such applications.

Securing a Cyber Physical System in Nuclear Power Plants Using Least Square Approximation and Computational Geometric Approach

Directory of Open Access Journals (Sweden)

Hemangi Laxman Gawand

2017-04-01

Full Text Available In industrial plants such as nuclear power plants, system operations are performed by embedded controllers orchestrated by Supervisory Control and Data Acquisition (SCADA software. A targeted attack (also termed a control aware attack on the controller/SCADA software can lead a control system to operate in an unsafe mode or sometimes to complete shutdown of the plant. Such malware attacks can result in tremendous cost to the organization for recovery, cleanup, and maintenance activity. SCADA systems in operational mode generate huge log files. These files are useful in analysis of the plant behavior and diagnostics during an ongoing attack. However, they are bulky and difficult for manual inspection. Data mining techniques such as least squares approximation and computational methods can be used in the analysis of logs and to take proactive actions when required. This paper explores methodologies and algorithms so as to develop an effective monitoring scheme against control aware cyber attacks. It also explains soft computation techniques such as the computational geometric method and least squares approximation that can be effective in monitor design. This paper provides insights into diagnostic monitoring of its effectiveness by attack simulations on a four-tank model and using computation techniques to diagnose it. Cyber security of instrumentation and control systems used in nuclear power plants is of paramount importance and hence could be a possible target of such applications.