WorldWideScience

Sample records for secure control systems

  1. Control system security in nuclear power plant

    International Nuclear Information System (INIS)

    Li Jianghai; Huang Xiaojin

    2012-01-01

    The digitalization and networking of control systems in nuclear power plants has brought significant improvements in system control, operation and maintenance. However, the highly digitalized control system also introduces additional security vulnerabilities. Moreover, the replacement of conventional proprietary systems with common protocols, software and devices makes these vulnerabilities easy to be exploited. Through the interaction between control systems and the physical world, security issues in control systems impose high risks on health, safety and environment. These security issues may even cause damages of critical infrastructures and threaten national security. The importance of control system security by reviewing several control system security incidents that happened in nuclear power plants was showed in recent years. Several key difficulties in addressing these security issues were described. Finally, existing researches on control system security and propose several promising research directions were reviewed. (authors)

  2. Improving industrial process control systems security

    CERN Document Server

    Epting, U; CERN. Geneva. TS Department

    2004-01-01

    System providers are today creating process control systems based on remote connectivity using internet technology, effectively exposing these systems to the same threats as corporate computers. It is becoming increasingly difficult and costly to patch/maintain the technical infrastructure monitoring and control systems to remove these vulnerabilities. A strategy including risk assessment, security policy issues, service level agreements between the IT department and the controls engineering groups must be defined. In addition an increased awareness of IT security in the controls system engineering domain is needed. As consequence of these new factors the control system architectures have to take into account security requirements, that often have an impact on both operational aspects as well as on the project and maintenance cost. Manufacturers of industrial control system equipment do however also propose progressively security related solutions that can be used for our active projects. The paper discusses ...

  3. HITACHI security concept for industrial control systems

    International Nuclear Information System (INIS)

    Endoh, H.; Yamada, T.; Okubo, S.; Nakano, T.

    2012-01-01

    Security is a necessary factor for the safe and efficient operation of today's control systems. To ensure safe operation of control systems throughout their lifetime, security measures must be carefully planned in the development phase and then maintained continuously during the operation phase and other following phases. To ensure operation within the system's safe states, Hitachi proposes security concept processes (1) to derive security measures rationally and (2) to maintain the security model over the system life cycle. Hitachi also proposes security development programs which support the integration of standards-compliant systems and development of robust control equipment. (author)

  4. Security Controls for NPP I and C Systems

    International Nuclear Information System (INIS)

    Kim, Y. M.; Jeong, C. H.; Kim, T. H.

    2014-01-01

    In Korea, regulatory body have required cyber security plan for nuclear I and C system. Also, all I and C systems and equipment must be classified according to cyber security level and technical, operational and managerial security controls must be provided based on each level. It is necessary to determine the best set of security controls for NPP I and C system. In our research, selection, implementation and verification process of security controls which can be used for I and C systems has developed. For establishing the cyber security of the nuclear I and C system, special cyber security system which consider the difference between general IT system and nuclear I and C system is needed. This research, we developed security improvement methodology for NPP I and C system through establishing security control, applying and verifying activity. Also, the cyber security activities which are needed during development are defined. It is expected that the methodology which has been developed by this research can be used for establish, implement, evaluate the security controls for protecting nuclear I and C system from cyber-attacks

  5. Security Controls for NPP I and C Systems

    Energy Technology Data Exchange (ETDEWEB)

    Kim, Y. M.; Jeong, C. H. [Korea Institute of Nuclear Safety, Daejeon (Korea, Republic of); Kim, T. H. [Formal Works Inc., Seoul (Korea, Republic of)

    2014-05-15

    In Korea, regulatory body have required cyber security plan for nuclear I and C system. Also, all I and C systems and equipment must be classified according to cyber security level and technical, operational and managerial security controls must be provided based on each level. It is necessary to determine the best set of security controls for NPP I and C system. In our research, selection, implementation and verification process of security controls which can be used for I and C systems has developed. For establishing the cyber security of the nuclear I and C system, special cyber security system which consider the difference between general IT system and nuclear I and C system is needed. This research, we developed security improvement methodology for NPP I and C system through establishing security control, applying and verifying activity. Also, the cyber security activities which are needed during development are defined. It is expected that the methodology which has been developed by this research can be used for establish, implement, evaluate the security controls for protecting nuclear I and C system from cyber-attacks.

  6. Control Systems Security Center Comparison Study of Industrial Control System Standards against the Control Systems Protection Framework Cyber-Security Requirements

    Energy Technology Data Exchange (ETDEWEB)

    Robert P. Evans

    2005-09-01

    Cyber security standards, guidelines, and best practices for control systems are critical requirements that have been delineated and formally recognized by industry and government entities. Cyber security standards provide a common language within the industrial control system community, both national and international, to facilitate understanding of security awareness issues but, ultimately, they are intended to strengthen cyber security for control systems. This study and the preliminary findings outlined in this report are an initial attempt by the Control Systems Security Center (CSSC) Standard Awareness Team to better understand how existing and emerging industry standards, guidelines, and best practices address cyber security for industrial control systems. The Standard Awareness Team comprised subject matter experts in control systems and cyber security technologies and standards from several Department of Energy (DOE) National Laboratories, including Argonne National Laboratory, Idaho National Laboratory, Pacific Northwest National Laboratory, and Sandia National Laboratories. This study was conducted in two parts: a standard identification effort and a comparison analysis effort. During the standard identification effort, the Standard Awareness Team conducted a comprehensive open-source survey of existing control systems security standards, regulations, and guidelines in several of the critical infrastructure (CI) sectors, including the telecommunication, water, chemical, energy (electric power, petroleum and oil, natural gas), and transportation--rail sectors and sub-sectors. During the comparison analysis effort, the team compared the requirements contained in selected, identified, industry standards with the cyber security requirements in ''Cyber Security Protection Framework'', Version 0.9 (hereafter referred to as the ''Framework''). For each of the seven sector/sub-sectors listed above, one standard was

  7. Primer Control System Cyber Security Framework and Technical Metrics

    Energy Technology Data Exchange (ETDEWEB)

    Wayne F. Boyer; Miles A. McQueen

    2008-05-01

    The Department of Homeland Security National Cyber Security Division supported development of a control system cyber security framework and a set of technical metrics to aid owner-operators in tracking control systems security. The framework defines seven relevant cyber security dimensions and provides the foundation for thinking about control system security. Based on the developed security framework, a set of ten technical metrics are recommended that allow control systems owner-operators to track improvements or degradations in their individual control systems security posture.

  8. Process Control/SCADA system vendor security awareness and security posture.

    NARCIS (Netherlands)

    Luiijf, H.A.M.; Lüders, S.

    2009-01-01

    A starting point for the adequate security of process control/SCADA systems is the security awareness and security posture by the manufacturers, vendors, system integrators, and service organisations. The results of a short set of questions indicate that major security improvements are required in

  9. Lecture 13: Control System Cyber Security

    CERN Multimedia

    CERN. Geneva

    2013-01-01

    Today, the industralized world lives in symbiosis with control systems: it depends on power distribution, oil production, public transport, automatic production lines. While the convenience is at hand, still too many control systems are designed without any security in mind, lack basic security protections, and are not even robust enough to withstand basic attacks. The Stuxnet worm attacking Siemens PLCs in 2010 was another close call. Attackers currently enjoy hacking control systems, and aim to switch lights off. This presentation shall recap the current situation and outline why the presenter is still waiting for a change in paradigm. Stefan Lüders, PhD, graduated from the Swiss Federal Institute of Technology in Zurich and joined CERN in 2002. Being initially developer of a common safety system used in all four experiments at the Large Hadron Collider, he gathered expertise in cyber-security issues of control systems. Consequently in 2004, he took over responsibilities in securing CERN's accelerator and...

  10. Security of legacy process control systems : Moving towards secure process control systems

    NARCIS (Netherlands)

    Oosterink, M.

    2012-01-01

    This white paper describes solutions which organisations may use to improve the security of their legacy process control systems. When we refer to a legacy system, we generally refer to old methodologies, technologies, computer systems or applications which are still in use, despite the fact that

  11. Control Systems Cyber Security Standards Support Activities

    Energy Technology Data Exchange (ETDEWEB)

    Robert Evans

    2009-01-01

    The Department of Homeland Security’s Control Systems Security Program (CSSP) is working with industry to secure critical infrastructure sectors from cyber intrusions that could compromise control systems. This document describes CSSP’s current activities with industry organizations in developing cyber security standards for control systems. In addition, it summarizes the standards work being conducted by organizations within the sector and provides a brief listing of sector meetings and conferences that might be of interest for each sector. Control systems cyber security standards are part of a rapidly changing environment. The participation of CSSP in the development effort for these standards has provided consistency in the technical content of the standards while ensuring that information developed by CSSP is included.

  12. Cyber secure systems approach for NPP digital control systems

    Energy Technology Data Exchange (ETDEWEB)

    McCreary, T. J.; Hsu, A. [HF Controls Corporation, 16650 Westgrove Drive, Addison, TX 75001 (United States)

    2006-07-01

    Whether fossil or nuclear power, the chief operations goal is to generate electricity. The heart of most plant operations is the I and C system. With the march towards open architecture, the I and C system is more vulnerable than ever to system security attacks (denial of service, virus attacks and others), thus jeopardizing plant operations. Plant staff must spend large amounts of time and money setting up and monitoring a variety of security strategies to counter the threats and actual attacks to the system. This time and money is a drain on the financial performance of a plant and distracts valuable operations resources from their real goals: product. The pendulum towards complete open architecture may have swung too far. Not all aspects of proprietary hardware and software are necessarily 'bad'. As the aging U.S. fleet of nuclear power plants starts to engage in replacing legacy control systems, and given the on-going (and legitimate) concern about the security of present digital control systems, decisions about how best to approach cyber security are vital to the specification and selection of control system vendors for these upgrades. The authors maintain that utilizing certain resources available in today's digital technology, plant control systems can be configured from the onset to be inherently safe, so that plant staff can concentrate on the operational issues of the plant. The authors postulate the concept of the plant I and C being bounded in a 'Cyber Security Zone' and present a design approach that can alleviate the concern and cost at the plant level of dealing with system security strategies. Present approaches through various IT cyber strategies, commercial software, and even postulated standards from various industry/trade organizations are almost entirely reactive and simply add to cost and complexity. This Cyber Security Zone design demonstrates protection from the four classes of cyber security attacks: 1)Threat from

  13. Cyber secure systems approach for NPP digital control systems

    International Nuclear Information System (INIS)

    McCreary, T. J.; Hsu, A.

    2006-01-01

    Whether fossil or nuclear power, the chief operations goal is to generate electricity. The heart of most plant operations is the I and C system. With the march towards open architecture, the I and C system is more vulnerable than ever to system security attacks (denial of service, virus attacks and others), thus jeopardizing plant operations. Plant staff must spend large amounts of time and money setting up and monitoring a variety of security strategies to counter the threats and actual attacks to the system. This time and money is a drain on the financial performance of a plant and distracts valuable operations resources from their real goals: product. The pendulum towards complete open architecture may have swung too far. Not all aspects of proprietary hardware and software are necessarily 'bad'. As the aging U.S. fleet of nuclear power plants starts to engage in replacing legacy control systems, and given the on-going (and legitimate) concern about the security of present digital control systems, decisions about how best to approach cyber security are vital to the specification and selection of control system vendors for these upgrades. The authors maintain that utilizing certain resources available in today's digital technology, plant control systems can be configured from the onset to be inherently safe, so that plant staff can concentrate on the operational issues of the plant. The authors postulate the concept of the plant I and C being bounded in a 'Cyber Security Zone' and present a design approach that can alleviate the concern and cost at the plant level of dealing with system security strategies. Present approaches through various IT cyber strategies, commercial software, and even postulated standards from various industry/trade organizations are almost entirely reactive and simply add to cost and complexity. This Cyber Security Zone design demonstrates protection from the four classes of cyber security attacks: 1)Threat from an intruder attempting to

  14. Handbook of SCADA/control systems security

    CERN Document Server

    Radvanovsky, Robert

    2013-01-01

    The availability and security of many services we rely upon-including water treatment, electricity, healthcare, transportation, and financial transactions-are routinely put at risk by cyber threats. The Handbook of SCADA/Control Systems Security is a fundamental outline of security concepts, methodologies, and relevant information pertaining to the supervisory control and data acquisition (SCADA) systems and technology that quietly operate in the background of critical utility and industrial facilities worldwide. Divided into five sections, the book examines topics comprising functions within

  15. Selecting RMF Controls for National Security Systems

    Energy Technology Data Exchange (ETDEWEB)

    Witzke, Edward L. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

    2015-08-01

    In 2014, the United States Department of Defense started tra nsitioning the way it performs risk management and accreditation of informatio n systems to a process entitled Risk Management Framework for DoD Information Technology or RMF for DoD IT. There are many more security and privacy contro ls (and control enhancements) from which to select in RMF, than there w ere in the previous Information Assurance process. This report is an attempt t o clarify the way security controls and enhancements are selected. After a brief overview and comparison of RMF for DoD I T with the previously used process, this report looks at the determination of systems as National Security Systems (NSS). Once deemed to be an NSS, this report addr esses the categorization of the information system with respect to impact level s of the various security objectives and the selection of an initial baseline o f controls. Next, the report describes tailoring the controls through the use of overl ays and scoping considerations. Finally, the report discusses organizatio n-defined values for tuning the security controls to the needs of the information system.

  16. Secure and Efficient Routable Control Systems

    Energy Technology Data Exchange (ETDEWEB)

    Edgar, Thomas W.; Hadley, Mark D.; Manz, David O.; Winn, Jennifer D.

    2010-05-01

    This document provides the methods to secure routable control system communication in the electric sector. The approach of this document yields a long-term vision for a future of secure communication, while also providing near term steps and a roadmap. The requirements for the future secure control system environment were spelled out to provide a final target. Additionally a survey and evaluation of current protocols was used to determine if any existing technology could achieve this goal. In the end a four-step path was described that brought about increasing requirement completion and culminates in the realization of the long term vision.

  17. Almaraz ovation control system security

    International Nuclear Information System (INIS)

    Madronal Rodriguez, E.; Anderson, E.; Jimenez Diaz, J.; Carrasco Mateos, J. A.

    2013-01-01

    Improving the security of a plant's Distributed Control System (DCS) is an important consideration for plant safety and profitability, as well as the necessity to comply with the regulation. The U.S. Nuclear Regulatory Commission has produced Regulatory Guide (RG) 5.71, and the Nuclear Energy Institute (NEI) has produced NEI 08-09 to assist plants in meeting 10 CFR 73.54, Protection of digital computer and communication systems and networks. These requirements, which address the establishment, implementation and maintenance of a cyber security program, present challenges to ensure that safety, security and emergency preparedness functions of nuclear facilities are not negatively impacted by the vulnerability scanning and testing process.

  18. Mitigations for Security Vulnerabilities Found in Control System Networks

    Energy Technology Data Exchange (ETDEWEB)

    Trent D. Nelson

    2006-05-01

    Industry is aware of the need for Control System (CS) security, but in on-site assessments, Idaho National Laboratory (INL) has observed that security procedures and devices are not consistently and effectively implemented. The Department of Homeland Security (DHS), National Cyber Security Division (NCSD), established the Control Systems Security Center (CSSC) at INL to help industry and government improve the security of the CSs used in the nation's critical infrastructures. One of the main CSSC objectives is to identify control system vulnerabilities and develop effective mitigations for them. This paper discusses common problems and vulnerabilities seen in on-site CS assessments and suggests mitigation strategies to provide asset owners with the information they need to better protect their systems from common security flows.

  19. Research and realization of info-net security controlling system

    Science.gov (United States)

    Xu, Tao; Zhang, Wei; Li, Xuhong; Wang, Xia; Pan, Wenwen

    2017-03-01

    The thesis introduces some relative concepts about Network Cybernetics, and we design and realize a new info-net security controlling system based on Network Cybernetics. The system can control the endpoints, safely save files, encrypt communication, supervise actions of users and show security conditions, in order to realize full-scale security management. At last, we simulate the functions of the system. The results show, the system can ensure the controllability of users and devices, and supervise them real-time. The system can maximize the security of the network and users.

  20. Comparison of Routable Control System Security Approaches

    Energy Technology Data Exchange (ETDEWEB)

    Edgar, Thomas W.; Hadley, Mark D.; Carroll, Thomas E.; Manz, David O.; Winn, Jennifer D.

    2011-06-01

    This document is an supplement to the 'Secure and Efficient Routable Control Systems.' It addressed security in routable control system communication. The control system environment that monitors and manages the power grid historically has utilized serial communication mechanisms. Leased-line serial communication environments operating at 1200 to 9600 baud rates are common. However, recent trends show that communication media such as fiber, optical carrier 3 (OC-3) speeds, mesh-based high-speed wireless, and the Internet are becoming the media of choice. In addition, a dichotomy has developed between the electrical transmission and distribution environments, with more modern communication infrastructures deployed by transmission utilities. The preceding diagram represents a typical control system. The Communication Links cloud supports all of the communication mechanisms a utility might deploy between the control center and devices in the field. Current methodologies used for security implementations are primarily led by single vendors or standards bodies. However, these entities tend to focus on individual protocols. The result is an environment that contains a mixture of security solutions that may only address some communication protocols at an increasing operational burden for the utility. A single approach is needed that meets operational requirements, is simple to operate, and provides the necessary level of security for all control system communication. The solution should be application independent (e.g., Distributed Network Protocol/Internet Protocol [DNP/IP], International Electrotechnical Commission [IEC] C37.118, Object Linking and Embedding for Process Control [OPC], etc.) and focus on the transport layer. In an ideal setting, a well-designed suite of standards for control system communication will be used for vendor implementation and compliance testing. An expected outcome of this effort is an international standard.

  1. Almaraz ovation control system security

    Energy Technology Data Exchange (ETDEWEB)

    Madronal Rodriguez, E.; Anderson, E.; Jimenez Diaz, J.; Carrasco Mateos, J. A.

    2013-07-01

    Improving the security of a plant's Distributed Control System (DCS) is an important consideration for plant safety and profitability, as well as the necessity to comply with the regulation. The U.S. Nuclear Regulatory Commission has produced Regulatory Guide (RG) 5.71, and the Nuclear Energy Institute (NEI) has produced NEI 08-09 to assist plants in meeting 10 CFR 73.54, Protection of digital computer and communication systems and networks. These requirements, which address the establishment, implementation and maintenance of a cyber security program, present challenges to ensure that safety, security and emergency preparedness functions of nuclear facilities are not negatively impacted by the vulnerability scanning and testing process.

  2. Help for the Developers of Control System Cyber Security Standards

    Energy Technology Data Exchange (ETDEWEB)

    Robert P. Evans

    2008-05-01

    A Catalog of Control Systems Security: Recommendations for Standards Developers (Catalog), aimed at assisting organizations to facilitate the development and implementation of control system cyber security standards, has been developed. This catalog contains requirements that can help protect control systems from cyber attacks and can be applied to the Critical Infrastructures and Key Resources of the United States and other nations. The requirements contained in the catalog are a compilation of practices or various industry bodies used to increase the security of control systems from both physical and cyber attacks. They should be viewed as a collection of recommendations to be considered and judiciously employed, as appropriate, when reviewing and developing cyber security standards for control systems. The recommendations in the Catalog are intended to be broad enough to provide any industry using control systems the flexibility needed to develop sound cyber security standards specific to their individual security requirements.

  3. Process Control Systems in the Chemical Industry: Safety vs. Security

    Energy Technology Data Exchange (ETDEWEB)

    Jeffrey Hahn; Thomas Anderson

    2005-04-01

    Traditionally, the primary focus of the chemical industry has been safety and productivity. However, recent threats to our nation’s critical infrastructure have prompted a tightening of security measures across many different industry sectors. Reducing vulnerabilities of control systems against physical and cyber attack is necessary to ensure the safety, security and effective functioning of these systems. The U.S. Department of Homeland Security has developed a strategy to secure these vulnerabilities. Crucial to this strategy is the Control Systems Security and Test Center (CSSTC) established to test and analyze control systems equipment. In addition, the CSSTC promotes a proactive, collaborative approach to increase industry's awareness of standards, products and processes that can enhance the security of control systems. This paper outlines measures that can be taken to enhance the cybersecurity of process control systems in the chemical sector.

  4. Process Control System Cyber Security Standards - An Overview

    Energy Technology Data Exchange (ETDEWEB)

    Robert P. Evans

    2006-05-01

    The use of cyber security standards can greatly assist in the protection of process control systems by providing guidelines and requirements for the implementation of computer-controlled systems. These standards are most effective when the engineers and operators, using the standards, understand what each standard addresses. This paper provides an overview of several standards that deal with the cyber security of process measurements and control systems.

  5. Designing a machinery control system (MCS) security testbed

    OpenAIRE

    Desso, Nathan H.

    2014-01-01

    Approved for public release; distribution is unlimited Industrial control systems (ICS) face daily cyber security threats, can have a significant impact to the security of our nation, and present a difficult challenge to defend. Critical infrastructures, including military systems like the machinery control systems (MCS) found onboard modern U.S. warships, are affected because of their use of commercial automation solutions. The increase of automated control systems within the U.S. Navy sa...

  6. RFID Based Security Access Control System with GSM Technology

    OpenAIRE

    Peter Adole; Joseph M. Môm; Gabriel A. Igwue

    2016-01-01

    The security challenges being encountered in many places today require electronic means of controlling access to secured premises in addition to the available security personnel. Various technologies were used in different forms to solve these challenges. The Radio Frequency Identification (RFID) Based Access Control Security system with GSM technology presented in this work helps to prevent unauthorized access to controlled environments (secured premises). This is achieved mainly...

  7. Measurable Control System Security through Ideal Driven Technical Metrics

    Energy Technology Data Exchange (ETDEWEB)

    Miles McQueen; Wayne Boyer; Sean McBride; Marie Farrar; Zachary Tudor

    2008-01-01

    The Department of Homeland Security National Cyber Security Division supported development of a small set of security ideals as a framework to establish measurable control systems security. Based on these ideals, a draft set of proposed technical metrics was developed to allow control systems owner-operators to track improvements or degradations in their individual control systems security posture. The technical metrics development effort included review and evaluation of over thirty metrics-related documents. On the bases of complexity, ambiguity, or misleading and distorting effects the metrics identified during the reviews were determined to be weaker than necessary to aid defense against the myriad threats posed by cyber-terrorism to human safety, as well as to economic prosperity. Using the results of our metrics review and the set of security ideals as a starting point for metrics development, we identified thirteen potential technical metrics - with at least one metric supporting each ideal. Two case study applications of the ideals and thirteen metrics to control systems were then performed to establish potential difficulties in applying both the ideals and the metrics. The case studies resulted in no changes to the ideals, and only a few deletions and refinements to the thirteen potential metrics. This led to a final proposed set of ten core technical metrics. To further validate the security ideals, the modifications made to the original thirteen potential metrics, and the final proposed set of ten core metrics, seven separate control systems security assessments performed over the past three years were reviewed for findings and recommended mitigations. These findings and mitigations were then mapped to the security ideals and metrics to assess gaps in their coverage. The mappings indicated that there are no gaps in the security ideals and that the ten core technical metrics provide significant coverage of standard security issues with 87% coverage. Based

  8. Cyber Security Testing and Training Programs for Industrial Control Systems

    Energy Technology Data Exchange (ETDEWEB)

    Daniel Noyes

    2012-03-01

    Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall security posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These trainings vary from web-based cyber security trainings for control systems engineers to more advanced hands-on training that culminates with a Red Team/ Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors.

  9. Carboy Security Testing and Training Programs for Industrial Control Systems

    International Nuclear Information System (INIS)

    Noyes, Daniel

    2012-01-01

    Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall security posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These training vary from web-based cyber security training for control systems engineers to more advanced hands-on training that culminates with a Red Team/Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors

  10. Cyber Security Testing and Training Programs for Industrial Control Systems

    International Nuclear Information System (INIS)

    Noyes, Daniel

    2012-01-01

    Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall security posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These trainings vary from web-based cyber security trainings for control systems engineers to more advanced hands-on training that culminates with a Red Team/ Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors.

  11. Carboy Security Testing and Training Programs for Industrial Control Systems

    Energy Technology Data Exchange (ETDEWEB)

    Noyes, Daniel [Idaho National Laboratory, Idaho (United States)

    2012-03-15

    Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall security posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These training vary from web-based cyber security training for control systems engineers to more advanced hands-on training that culminates with a Red Team/Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors.

  12. Computer Security: Protect your plant: a "serious game" about control system cyber-security

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2015-01-01

    Control system cyber-security is attracting increasing attention: from cybercriminals, from the media and from security researchers.   After the legendary “Stuxnet” attacks of 2010 against an Iranian uranium enrichment plant, the infiltration of Saudi Aramco in 2012, and most recently the hacking of German blast furnaces, we should be prepared. Just imagine what would happen if hackers turned off the lights in Geneva and the Pays-de-Gex for a month? (“Hacking control systems, switching lights off!"). Or if attackers infiltrated CERN’s accelerator or experiment control systems and stopped us from pursuing our core business: delivering beams and recording particle collisions (“Hacking control systems, switching... accelerators off?"). Now you can test your ability to protect an industrial plant against cyber-threats! The Computer Security Team, in collaboration with Kaspersky Lab, is organising a so-...

  13. Ideal Based Cyber Security Technical Metrics for Control Systems

    Energy Technology Data Exchange (ETDEWEB)

    W. F. Boyer; M. A. McQueen

    2007-10-01

    Much of the world's critical infrastructure is at risk from attack through electronic networks connected to control systems. Security metrics are important because they provide the basis for management decisions that affect the protection of the infrastructure. A cyber security technical metric is the security relevant output from an explicit mathematical model that makes use of objective measurements of a technical object. A specific set of technical security metrics are proposed for use by the operators of control systems. Our proposed metrics are based on seven security ideals associated with seven corresponding abstract dimensions of security. We have defined at least one metric for each of the seven ideals. Each metric is a measure of how nearly the associated ideal has been achieved. These seven ideals provide a useful structure for further metrics development. A case study shows how the proposed metrics can be applied to an operational control system.

  14. Improving Control System Security through the Evaluation of Current Trends in Computer Security Research

    Energy Technology Data Exchange (ETDEWEB)

    Rolston

    2005-03-01

    At present, control system security efforts are primarily technical and reactive in nature. What has been overlooked is the need for proactive efforts, focused on the IT security research community from which new threats might emerge. Evaluating cutting edge IT security research and how it is evolving can provide defenders with valuable information regarding what new threats and tools they can anticipate in the future. Only known attack methodologies can be blocked, and there is a gap between what is known to the general security community and what is being done by cutting edge researchers --both those trying to protect systems and those trying to compromise them. The best security researchers communicate with others in their field; they know what cutting edge research is being done; what software can be penetrated via this research; and what new attack techniques and methodologies are being circulated in the black hat community. Standardization of control system applications, operating systems, and networking protocols is occurring at a rapid rate, following a path similar to the standardization of modern IT networks. Many attack methodologies used on IT systems can be ported over to the control system environment with little difficulty. It is extremely important to take advantage of the lag time between new research, its use on traditional IT networks, and the time it takes to port the research over for use on a control system network. Analyzing nascent trends in IT security and determining their applicability to control system networks provides significant information regarding defense mechanisms needed to secure critical infrastructure more effectively. This work provides the critical infrastructure community with a better understanding of how new attacks might be launched, what layers of defense will be needed to deter them, how the attacks could be detected, and how their impact could be limited.

  15. Securing a control system: experiences from ISO 27001 implementation

    International Nuclear Information System (INIS)

    Vuppala, V.; Vincent, J.; Kusler, J.; Davidson, K.

    2012-01-01

    Recent incidents of breaches, in control systems in specific and information systems in general, have emphasized the importance of security and operational continuity in achieving the quality objectives of an organization, and the safety of its personnel and infrastructure. However, security and disaster recovery are either completely ignored or given a low priority during the design and development of an accelerator control system, the underlying technologies, and the overlaid applications. This leads to an operational facility that is easy to breach, and difficult to recover. Retrofitting security into a control system becomes much more difficult during operations. In this paper we describe our experiences with implementing ISO/IEC 27001 Standard for information security at the Electronics Department of the National Superconducting Cyclotron Laboratory (NSCL) located on the campus of Michigan State University. We describe our risk assessment methodology, the identified risks, the selected controls, their implementation, and our documentation structure. We also report the current status of the project. We conclude with the challenges faced and the lessons learnt. (authors)

  16. Management of Control System Information SecurityI: Control System Patch Management

    Energy Technology Data Exchange (ETDEWEB)

    Quanyan Zhu; Miles McQueen; Craig Rieger; Tamer Basar

    2011-09-01

    The use of information technologies in control systems poses additional potential threats due to the frequent disclosure of software vulnerabilities. The management of information security involves a series of policy-making on the vulnerability discovery, disclosure, patch development and patching. In this paper, we use a system approach to devise a model to understand the interdependencies of these decision processes. In more details, we establish a theoretical framework for making patching decision for control systems, taking into account the requirement of functionability of control systems. We illustrate our results with numerical simulations and show that the optimal operation period of control systems given the currently estimated attack rate is roughly around a half a month.

  17. Computer security of NPP instrumentation and control systems: categorization

    International Nuclear Information System (INIS)

    Klevtsov, A.L.; Simonov, A.A.; Trubchaninov, S.A.

    2016-01-01

    The paper is devoted to studying categorization of NPP instrumentation and control (I&C) systems from the point of view of computer security and to consideration of the computer security levels and zones used by the International Atomic Energy Agency (IAEA). The paper also describes the computer security degrees and zones regulated by the International Electrotechnical Commission (IEC) standard. The computer security categorization of the systems used by the U.S. Nuclear Regulatory Commission (NRC) is presented. The experts analyzed the main differences in I&C systems computer security categorization accepted by the IAEA, IEC and U.S. NRC. The approaches to categorization that should be advisably used in Ukraine during the development of regulation on NPP I&C systems computer security are proposed in the paper

  18. Control System Applicable Use Assessment of the Secure Computing Corporation - Secure Firewall (Sidewinder)

    Energy Technology Data Exchange (ETDEWEB)

    Hadley, Mark D.; Clements, Samuel L.

    2009-01-01

    Battelle’s National Security & Defense objective is, “applying unmatched expertise and unique facilities to deliver homeland security solutions. From detection and protection against weapons of mass destruction to emergency preparedness/response and protection of critical infrastructure, we are working with industry and government to integrate policy, operational, technological, and logistical parameters that will secure a safe future”. In an ongoing effort to meet this mission, engagements with industry that are intended to improve operational and technical attributes of commercial solutions that are related to national security initiatives are necessary. This necessity will ensure that capabilities for protecting critical infrastructure assets are considered by commercial entities in their development, design, and deployment lifecycles thus addressing the alignment of identified deficiencies and improvements needed to support national cyber security initiatives. The Secure Firewall (Sidewinder) appliance by Secure Computing was assessed for applicable use in critical infrastructure control system environments, such as electric power, nuclear and other facilities containing critical systems that require augmented protection from cyber threat. The testing was performed in the Pacific Northwest National Laboratory’s (PNNL) Electric Infrastructure Operations Center (EIOC). The Secure Firewall was tested in a network configuration that emulates a typical control center network and then evaluated. A number of observations and recommendations are included in this report relating to features currently included in the Secure Firewall that support critical infrastructure security needs.

  19. The research on information security technology for the industrial control system of special equipment

    International Nuclear Information System (INIS)

    Chen Ligang; Liu Hongye; Zhang Wei; Sun Jianying; Lan Peng; Dai Sidan

    2014-01-01

    With the rapid development of information technology in enterprise application, industrial control network and management network is becoming more and more closely linked. Development and application of special equipment control system from the traditional industrial control system, not considered when designing communication security problem mainly, therefore, the industrial control system opened at the same time, isolation control system and the outside was weakened, the safety problems of industrial control system had become more and more serious. The practical application combined with the special equipment control system, analysis and elaboration in view of security problems for the control network, also, provide appropriate security solutions for professional characteristics of industrial control network, design on process control system specially, provide security partition protection scheme, in order to improve security ability of industrial control system information. (authors)

  20. Process Control System Cyber Security Standards - An Overview

    Energy Technology Data Exchange (ETDEWEB)

    Robert P. Evans; V Stanley Scown; Rolf Carlson; Shabbir Shamsuddin; George Shaw; Jeff Dagle; Paul W Oman; Jeannine Schmidt

    2005-10-01

    The use of cyber security standards can greatly assist in the protection of critical infrastructure by providing guidelines and requisite imperatives in the implementation of computer-controlled systems. These standards are most effective when the engineers and operators using the standards understand what each of the standards addresses and does not address. This paper provides a review and comparison of ten documents dealing with control system cyber security. It is not meant to be a complete treatment of all applicable standards; rather, this is an exemplary analysis showing the benefits of comparing and contrasting differing documents.

  1. Systematic elicitation of cyber-security controls for NPP I and C system

    Energy Technology Data Exchange (ETDEWEB)

    Lee, M. S.; Kim, T. H. [Formal Works Inc., Seoul (Korea, Republic of); Park, S. P. [AhnLab Inc., Seongnam (Korea, Republic of); Kim, Y. M. [Korea Institute of Nuclear Safety, Daejeon (Korea, Republic of)

    2015-05-15

    Cyber-security implementation starts with a development of a cyber security plan considering characteristics of I and C system. In this paper, we describe a method that develops a cyber security plan for NPP I and C system. Especially, we propose a method for systematic elicitation of technical security controls that should be applied to I and C system. We expect that this study can provide a basis to develop a cyber-security plan for I and C system. Also, the study can contribute enhancing security to NPP I and C system. The rest of the paper is organized as follows: Section 2 introduces activities to develop a cyber-security plan and presents the result of each activity of the security plan. Section 3 concludes the paper. We proposed a method for systematic elicitation of security controls and described the method through examples. Development companies that want to implement cyber-security in I and C system can develop a cyber-security plan and apply the cyber-security program to their system according to our method. We expect that this study can provide a basis to develop a cyber-security plan for I and C system. Also, the study can contribute enhancing security to NPP I and C system.

  2. Systematic elicitation of cyber-security controls for NPP I and C system

    International Nuclear Information System (INIS)

    Lee, M. S.; Kim, T. H.; Park, S. P.; Kim, Y. M.

    2015-01-01

    Cyber-security implementation starts with a development of a cyber security plan considering characteristics of I and C system. In this paper, we describe a method that develops a cyber security plan for NPP I and C system. Especially, we propose a method for systematic elicitation of technical security controls that should be applied to I and C system. We expect that this study can provide a basis to develop a cyber-security plan for I and C system. Also, the study can contribute enhancing security to NPP I and C system. The rest of the paper is organized as follows: Section 2 introduces activities to develop a cyber-security plan and presents the result of each activity of the security plan. Section 3 concludes the paper. We proposed a method for systematic elicitation of security controls and described the method through examples. Development companies that want to implement cyber-security in I and C system can develop a cyber-security plan and apply the cyber-security program to their system according to our method. We expect that this study can provide a basis to develop a cyber-security plan for I and C system. Also, the study can contribute enhancing security to NPP I and C system

  3. IT Security Support for the Spaceport Command Control System Development

    Science.gov (United States)

    Varise, Brian

    2014-01-01

    My job title is IT Security support for the Spaceport Command & Control System Development. As a cyber-security analyst it is my job to ensure NASA's information stays safe from cyber threats, such as, viruses, malware and denial-of-service attacks by establishing and enforcing system access controls. Security is very important in the world of technology and it is used everywhere from personal computers to giant networks ran by Government agencies worldwide. Without constant monitoring analysis, businesses, public organizations and government agencies are vulnerable to potential harmful infiltration of their computer information system. It is my responsibility to ensure authorized access by examining improper access, reporting violations, revoke access, monitor information request by new programming and recommend improvements. My department oversees the Launch Control System and networks. An audit will be conducted for the LCS based on compliance with the Federal Information Security Management Act (FISMA) and The National Institute of Standards and Technology (NIST). I recently finished analyzing the SANS top 20 critical controls to give cost effective recommendations on various software and hardware products for compliance. Upon my completion of this internship, I will have successfully completed my duties as well as gain knowledge that will be helpful to my career in the future as a Cyber Security Analyst.

  4. Security of the data transmission in the industrial control system

    Directory of Open Access Journals (Sweden)

    Marcin Bednarek

    2015-12-01

    Full Text Available The theme of this paper is to present the data transmission security system between the stations of the industrial control system. The possible options for secure communications between process stations, as well as between process and operator station are described. Transmission security mechanism is based on algorithms for symmetric and asymmetric encryption. The authentication process uses a software token algorithm and a one-way hash function. The algorithm for establishing a secured connection between the stations, including the authentication process and encryption of data transmission is given. The process of securing the transmission consists of 4 sub-processes: (I authentication; (II asymmetric, public keys transmission; (III symmetric key transmission; (IV data transmission. The presented process of securing the transmission was realized in the industrial controller and emulator. For this purpose, programming languages in accordance with EN 61131 were used. The functions were implemented as user function blocks. This allows us to include a mixed code in the structure of the block (both: ST and FBD. Available function categories: support of the asymmetric encryption; asymmetric encryption utility functions; support of the symmetric encryption; symmetric encryption utility functions; support of the hash value calculations; utility functions of conversion.[b]Keywords[/b]: transmission security, encryption, authentication, industrial control system

  5. Need an Information Security in Access Control System?

    Directory of Open Access Journals (Sweden)

    V. R. Petrov

    2011-12-01

    Full Text Available The purpose of this paper is the general problems of information security in access control system. The field of using is the in project of reconstruction Physical protection system.

  6. Human engineering considerations in designing a computerized controlled access security system

    International Nuclear Information System (INIS)

    Moore, J.W.; Banks, W.W.

    1988-01-01

    This paper describes a human engineering effort in the design of a major security system upgrade at Lawrence Livermore National Laboratory. This upgrade was to be accomplished by replacing obsolete and difficult-to-man (i.e., multiple operator task actions required) security equipment and systems with a new, automated, computer-based access control system. The initial task was to assist the electronic and mechanical engineering staff in designing a computerized security access system too functionally and ergonomically accommodate 100% of the Laboratory user population. The new computerized access system was intended to control entry into sensitive exclusion areas by requiring personnel to use an entry booth-based system and/or a remote access control panel system. The primary user interface with the system was through a control panel containing a magnetic card reader, function buttons, LCD display, and push-button keypad

  7. A survey of approaches combining safety and security for industrial control systems

    International Nuclear Information System (INIS)

    Kriaa, Siwar; Pietre-Cambacedes, Ludovic; Bouissou, Marc; Halgand, Yoran

    2015-01-01

    The migration towards digital control systems creates new security threats that can endanger the safety of industrial infrastructures. Addressing the convergence of safety and security concerns in this context, we provide a comprehensive survey of existing approaches to industrial facility design and risk assessment that consider both safety and security. We also provide a comparative analysis of the different approaches identified in the literature. - Highlights: • We raise awareness of safety and security convergence in numerical control systems. • We highlight safety and security interdependencies for modern industrial systems. • We give a survey of approaches combining safety and security engineering. • We discuss the potential of the approaches to model safety and security interactions

  8. Distributed Secure Coordinated Control for Multiagent Systems Under Strategic Attacks.

    Science.gov (United States)

    Feng, Zhi; Wen, Guanghui; Hu, Guoqiang

    2017-05-01

    This paper studies a distributed secure consensus tracking control problem for multiagent systems subject to strategic cyber attacks modeled by a random Markov process. A hybrid stochastic secure control framework is established for designing a distributed secure control law such that mean-square exponential consensus tracking is achieved. A connectivity restoration mechanism is considered and the properties on attack frequency and attack length rate are investigated, respectively. Based on the solutions of an algebraic Riccati equation and an algebraic Riccati inequality, a procedure to select the control gains is provided and stability analysis is studied by using Lyapunov's method.. The effect of strategic attacks on discrete-time systems is also investigated. Finally, numerical examples are provided to illustrate the effectiveness of theoretical analysis.

  9. IT Security Support for Spaceport Command and Control System

    Science.gov (United States)

    McLain, Jeffrey

    2013-01-01

    During the fall 2013 semester, I worked at the Kennedy Space Center as an IT Security Intern in support of the Spaceport Command and Control System under the guidance of the IT Security Lead Engineer. Some of my responsibilities included assisting with security plan documentation collection, system hardware and software inventory, and malicious code and malware scanning. Throughout the semester, I had the opportunity to work on a wide range of security related projects. However, there are three projects in particular that stand out. The first project I completed was updating a large interactive spreadsheet that details the SANS Institutes Top 20 Critical Security Controls. My task was to add in all of the new commercial of the shelf (COTS) software listed on the SANS website that can be used to meet their Top 20 controls. In total, there are 153 unique security tools listed by SANS that meet one or more of their 20 controls. My second project was the creation of a database that will allow my mentor to keep track of the work done by the contractors that report to him in a more efficient manner by recording events as they occur throughout the quarter. Lastly, I expanded upon a security assessment of the Linux machines being used on center that I began last semester. To do this, I used a vulnerability and configuration tool that scans hosts remotely through the network and presents the user with an abundance of information detailing each machines configuration. The experience I gained from working on each of these projects has been invaluable, and I look forward to returning in the spring semester to continue working with the IT Security team.

  10. The process matters: cyber security in industrial control systems

    NARCIS (Netherlands)

    Hadziosmanovic, D.

    2014-01-01

    An industrial control system (ICS) is a computer system that controls industrial processes such as power plants, water and gas distribution, food production, etc. Since cyber-attacks on an ICS may have devastating consequences on human lives and safety in general, the security of ICS is important.

  11. Multi-Agent System based Event-Triggered Hybrid Controls for High-Security Hybrid Energy Generation Systems

    DEFF Research Database (Denmark)

    Dou, Chun-Xia; Yue, Dong; Guerrero, Josep M.

    2017-01-01

    This paper proposes multi-agent system based event- triggered hybrid controls for guaranteeing energy supply of a hybrid energy generation system with high security. First, a mul-ti-agent system is constituted by an upper-level central coordi-nated control agent combined with several lower......-level unit agents. Each lower-level unit agent is responsible for dealing with internal switching control and distributed dynamic regula-tion for its unit system. The upper-level agent implements coor-dinated switching control to guarantee the power supply of over-all system with high security. The internal...

  12. SAFCM: A Security-Aware Feedback Control Mechanism for Distributed Real-Time Embedded Systems

    DEFF Research Database (Denmark)

    Ma, Yue; Jiang, Wei; Sang, Nan

    2012-01-01

    Distributed Real-time Embedded (DRE) systems are facing great challenges in networked, unpredictable and especially unsecured environments. In such systems, there is a strong need to enforce security on distributed computing nodes in order to guard against potential threats, while satisfying......-time systems, a multi-input multi-output feedback loop is designed and a model predictive controller is deployed based on an equation model that describes the dynamic behavior of the DRE systems. This control loop uses security level scaling to globally control the CPU utilization and security performance...... for the whole system. We propose a "security level" metric based on an evolution of cryptography algorithms used in embedded systems. Experimental results demonstrate that SAFCM not only has the excellent adaptivity compared to open-loop mechanism, but also has a better overall performance than PID control...

  13. Secure Data Transfer Guidance for Industrial Control and SCADA Systems

    Energy Technology Data Exchange (ETDEWEB)

    Mahan, Robert E.; Fluckiger, Jerry D.; Clements, Samuel L.; Tews, Cody W.; Burnette, John R.; Goranson, Craig A.; Kirkham, Harold

    2011-09-01

    This document was developed to provide guidance for the implementation of secure data transfer in a complex computational infrastructure representative of the electric power and oil and natural gas enterprises and the control systems they implement. For the past 20 years the cyber security community has focused on preventative measures intended to keep systems secure by providing a hard outer shell that is difficult to penetrate. Over time, the hard exterior, soft interior focus changed to focus on defense-in-depth adding multiple layers of protection, introducing intrusion detection systems, more effective incident response and cleanup, and many other security measures. Despite much larger expenditures and more layers of defense, successful attacks have only increased in number and severity. Consequently, it is time to re-focus the conventional approach to cyber security. While it is still important to implement measures to keep intruders out, a new protection paradigm is warranted that is aimed at discovering attempted or real compromises as early as possible. Put simply, organizations should take as fact that they have been, are now, or will be compromised. These compromises may be intended to steal information for financial gain as in the theft of intellectual property or credentials that lead to the theft of financial resources, or to lie silent until instructed to cause physical or electronic damage and/or denial of services. This change in outlook has been recently confirmed by the National Security Agency [19]. The discovery of attempted and actual compromises requires an increased focus on monitoring events by manual and/or automated log monitoring, detecting unauthorized changes to a system's hardware and/or software, detecting intrusions, and/or discovering the exfiltration of sensitive information and/or attempts to send inappropriate commands to ICS/SCADA (Industrial Control System/Supervisory Control And Data Acquisition) systems.

  14. Main control computer security model of closed network systems protection against cyber attacks

    Science.gov (United States)

    Seymen, Bilal

    2014-06-01

    The model that brings the data input/output under control in closed network systems, that maintains the system securely, and that controls the flow of information through the Main Control Computer which also brings the network traffic under control against cyber-attacks. The network, which can be controlled single-handedly thanks to the system designed to enable the network users to make data entry into the system or to extract data from the system securely, intends to minimize the security gaps. Moreover, data input/output record can be kept by means of the user account assigned for each user, and it is also possible to carry out retroactive tracking, if requested. Because the measures that need to be taken for each computer on the network regarding cyber security, do require high cost; it has been intended to provide a cost-effective working environment with this model, only if the Main Control Computer has the updated hardware.

  15. Division of Cyber Safety and Security Responsibilities Between Control System Owners and Suppliers

    OpenAIRE

    Skotnes , Ruth

    2016-01-01

    Part 2: CONTROL SYSTEMS SECURITY; International audience; The chapter discusses the important issue of responsibility for information and communications technology (ICT) – or cyber – safety and security for industrial control systems and the challenges involved in dividing the responsibility between industrial control system owners and suppliers in the Norwegian electric power supply industry. Industrial control system owners are increasingly adopting information and communications technologi...

  16. Tailoring NIST Security Controls for the Ground System: Selection and Implementation -- Recommendations for Information System Owners

    Science.gov (United States)

    Takamura, Eduardo; Mangum, Kevin

    2016-01-01

    The National Aeronautics and Space Administration (NASA) invests millions of dollars in spacecraft and ground system development, and in mission operations in the pursuit of scientific knowledge of the universe. In recent years, NASA sent a probe to Mars to study the Red Planet's upper atmosphere, obtained high resolution images of Pluto, and it is currently preparing to find new exoplanets, rendezvous with an asteroid, and bring a sample of the asteroid back to Earth for analysis. The success of these missions is enabled by mission assurance. In turn, mission assurance is backed by information assurance. The information systems supporting NASA missions must be reliable as well as secure. NASA - like every other U.S. Federal Government agency - is required to manage the security of its information systems according to federal mandates, the most prominent being the Federal Information Security Management Act (FISMA) of 2002 and the legislative updates that followed it. Like the management of enterprise information technology (IT), federal information security management takes a "one-size fits all" approach for protecting IT systems. While this approach works for most organizations, it does not effectively translate into security of highly specialized systems such as those supporting NASA missions. These systems include command and control (C&C) systems, spacecraft and instrument simulators, and other elements comprising the ground segment. They must be carefully configured, monitored and maintained, sometimes for several years past the missions' initially planned life expectancy, to ensure the ground system is protected and remains operational without any compromise of its confidentiality, integrity and availability. Enterprise policies, processes, procedures and products, if not effectively tailored to meet mission requirements, may not offer the needed security for protecting the information system, and they may even become disruptive to mission operations

  17. A Classification Method of Technical Security Controls for Digital I and C Systems in NPPs

    International Nuclear Information System (INIS)

    Song, J. G.; Lee, J. W.; Park, G. Y.; Kwon, K. C.; Lee, D. Y.; Lee, C. K.

    2012-01-01

    The instrumentation and control (I and C) systems in nuclear power plants (NPPs) are a key facility to monitor plant state, control plant devices, and prevent accidents. Recent I and C systems have been composed of digital systems in order to enhance the effectiveness of operation and maintenance of NPPs. An assessment method for the analysis of security controls is needed to respond to potential cyber attacks against digital I and C systems. RG 5.71 'Cyber Security Programs for Nuclear Facilities' published by U.S.NRC in 2010 presents a comprehensive set of security controls for NPPs. Although this document provides the requirements of security controls, a guidance describing which security controls should be applied to specific digital assets and how to implement them is still needed for the I and C system design and development. In this paper, a classification method of the technical security controls listed in RG 5.71 is proposed to provide a guide useful for the application of the controls during the design and implementation phases of I and C systems

  18. A Classification Method of Technical Security Controls for Digital I and C Systems in NPPs

    Energy Technology Data Exchange (ETDEWEB)

    Song, J. G.; Lee, J. W.; Park, G. Y.; Kwon, K. C.; Lee, D. Y.; Lee, C. K. [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2012-05-15

    The instrumentation and control (I and C) systems in nuclear power plants (NPPs) are a key facility to monitor plant state, control plant devices, and prevent accidents. Recent I and C systems have been composed of digital systems in order to enhance the effectiveness of operation and maintenance of NPPs. An assessment method for the analysis of security controls is needed to respond to potential cyber attacks against digital I and C systems. RG 5.71 'Cyber Security Programs for Nuclear Facilities' published by U.S.NRC in 2010 presents a comprehensive set of security controls for NPPs. Although this document provides the requirements of security controls, a guidance describing which security controls should be applied to specific digital assets and how to implement them is still needed for the I and C system design and development. In this paper, a classification method of the technical security controls listed in RG 5.71 is proposed to provide a guide useful for the application of the controls during the design and implementation phases of I and C systems

  19. The implementation of the situational control concept of information security in automated training systems

    Directory of Open Access Journals (Sweden)

    A. M. Chernih

    2016-01-01

    Full Text Available The main approaches to ensuring security of information in the automated training systems are considered, need of application of situational management of security of information for the automated training systems is proved, the mathematical model and a problem definition of situational control is offered, the technique of situational control of security of information is developed.The purpose of the study. The aim of the study is to base the application of situational control of information security by subsystem of the control and protection of information in automated learning systems and to develop implementation methods of the situational control concept.Materials and methods. It is assumed that the automated learning system is a fragment of a larger information system that contains several information paths, each of them treats different information in the protection degree from information, containing constituting state secrets, to open access information.It is considered that the technical methods, measures and means of information protection in automated learning systems implement less than half (30% functions of subsystems of control and protection information. The main part of the functions of this subsystem are organizational measures to protect information. It is obvious that the task of ensuring the security of information in automated learning systems associated with the adoption of decisions on rational selection and proper combination of technical methods and institutional arrangements. Conditions of practical application of automated learning systems change over time and transform the situation of such a decision, and this leads to the use of situational control methods.When situational control is implementing, task of the protection of information in automated learning system is solved by the subsystem control and protection of information by distributing the processes ensuring the security of information and resources of

  20. Load control services in the management of power system security costs

    International Nuclear Information System (INIS)

    Jayantilal, A.; Strbac, G.

    1999-01-01

    The new climate of deregulation in the electricity industry is creating a need for a more transparent cost structure and within this framework the cost of system security has been a subject of considerable interest. Traditionally power system security has been supplied by out-of-merit generation, in the short term, and transmission reinforcement, in the long term. This paper presents a method of analysing the role of load-demand in the management of power system security costs by utilising load control services (LCS). It also proposes a competitive market to enable bidding from various participants within the electricity industry to supply system security. (author)

  1. Conceptual Design Approach to Implementing Hardware-based Security Controls in Data Communication Systems

    International Nuclear Information System (INIS)

    Ibrahim, Ahmad Salah; Jung, Jaecheon

    2016-01-01

    In the Korean Advanced Power Reactor (APR1400), safety control systems network is electrically isolated and physically separated from non-safety systems data network. Unidirectional gateways, include data diode fiber-optic cabling and computer-based servers, transmit the plant safety critical parameters to the main control room (MCR) for control and monitoring processes. The data transmission is only one-way from safety to non-safety. Reverse communication is blocked so that safety systems network is protected from potential cyberattacks or intrusions from non-safety side. Most of commercials off-the-shelf (COTS) security devices are software-based solutions that require operating systems and processors to perform its functions. Field Programmable Gate Arrays (FPGAs) offer digital hardware solutions to implement security controls such as data packet filtering and deep data packet inspection. This paper presents a conceptual design to implement hardware-based network security controls for maintaining the availability of gateway servers. A conceptual design of hardware-based network security controls was discussed in this paper. The proposed design is aiming at utilizing the hardware-based capabilities of FPGAs together with filtering and DPI functions of COTS software-based firewalls and intrusion detection and prevention systems (IDPS). The proposed design implemented a network security perimeter between the DCN-I zone and gateway servers zone. Security control functions are to protect the gateway servers from potential DoS attacks that could affect the data availability and integrity

  2. Conceptual Design Approach to Implementing Hardware-based Security Controls in Data Communication Systems

    Energy Technology Data Exchange (ETDEWEB)

    Ibrahim, Ahmad Salah; Jung, Jaecheon [KEPCO International Nuclear Graduate School, Ulsan (Korea, Republic of)

    2016-10-15

    In the Korean Advanced Power Reactor (APR1400), safety control systems network is electrically isolated and physically separated from non-safety systems data network. Unidirectional gateways, include data diode fiber-optic cabling and computer-based servers, transmit the plant safety critical parameters to the main control room (MCR) for control and monitoring processes. The data transmission is only one-way from safety to non-safety. Reverse communication is blocked so that safety systems network is protected from potential cyberattacks or intrusions from non-safety side. Most of commercials off-the-shelf (COTS) security devices are software-based solutions that require operating systems and processors to perform its functions. Field Programmable Gate Arrays (FPGAs) offer digital hardware solutions to implement security controls such as data packet filtering and deep data packet inspection. This paper presents a conceptual design to implement hardware-based network security controls for maintaining the availability of gateway servers. A conceptual design of hardware-based network security controls was discussed in this paper. The proposed design is aiming at utilizing the hardware-based capabilities of FPGAs together with filtering and DPI functions of COTS software-based firewalls and intrusion detection and prevention systems (IDPS). The proposed design implemented a network security perimeter between the DCN-I zone and gateway servers zone. Security control functions are to protect the gateway servers from potential DoS attacks that could affect the data availability and integrity.

  3. Smart Security System For Home Appliances Control Based On Internet Of Things

    Directory of Open Access Journals (Sweden)

    Su Zin Zin Win

    2015-08-01

    Full Text Available Technology is always evolves. Home security is essential for occupants convenience and protection. Security systems are being preferred over manual system. With the rapid increase in the number of users of internet over the past decade has made Internet a part and parcel of life and IoTs is the latest and emerging internet technology. Home Appliances Control of Smart Security System using IoTs uses computers or mobile devices to control basic home functions and features through internet from anywhere around the world. This security system differs from other system by allowing the user to operate the system from anywhere around the world through internet connection. With the implementation of Arduino Mega microcontroller as an Embedded device security system design was constructed with many sensors and web server database. The Arduino Ethernet shield is used to eliminate the use of a personal computer PC. The motion sensing circuit temperature and humidity sensing circuit smoke or gas sensing circuit door lock sensing circuit light onoff circuit were designed to be connected with Arduino Mega microcontroller and Ethernet shield. This system can monitor the temperature and humidity values and the state of some sensors for intruder detection. It can also control the electric appliances like lights and door at home. Real time result was displayed on web server page via the internet.

  4. Future Direction of the Instrumentation and Control System for Security of Nuclear Facilities

    International Nuclear Information System (INIS)

    Kim, Woo Jin; Kim, Jae Kwang

    2014-01-01

    Instrumentation and control systems are pervasively used as a vital component in modern industries. Nuclear facilities, such as nuclear power plants (NPPs), originally use I and C systems for plant status monitoring, processes control, and many other purposes. After some events that raised security concerns, application areas of I and C systems have been expanded to physical protection of nuclear material and facilities. As nuclear policies over the world are strengthening security issues, the future direction of roles and technical requirements of security related I and C systems is described: An introduction of I and C systems, especially digitalized I and C systems, to security of nuclear facilities requires many careful considerations, such as system integration, verification and validation (V/V), etc. Institute of Nuclear Nonproliferation and Control (KINAC) established 'International Nuclear Nonproliferation and Security Academy, INSA' in 2014. One of the main achievements of INSA is test-bed implementation for technical criteria development of nuclear facilities' physical protection systems (PPSs) as well as for education and training of those systems. The test bed was modified and improved more suitably from the previous version to modern PPSs including state-of-the-art I and C technologies. KINAC is confident in the new test bed to become a fundamental technical basis of security related I and C systems in near future

  5. COORDINATION IN MULTILEVEL NETWORK-CENTRIC CONTROL SYSTEMS OF REGIONAL SECURITY: APPROACH AND FORMAL MODEL

    Directory of Open Access Journals (Sweden)

    A. V. Masloboev

    2015-01-01

    Full Text Available The paper deals with development of methods and tools for mathematical and computer modeling of the multilevel network-centric control systems of regional security. This research is carried out under development strategy implementation of the Arctic zone of the Russian Federation and national safeguarding for the period before 2020 in the Murmansk region territory. Creation of unified interdepartmental multilevel computer-aided system is proposed intended for decision-making information support and socio-economic security monitoring of the Arctic regions of Russia. The distinctive features of the investigated system class are openness, self-organization, decentralization of management functions and decision-making, weak hierarchy in the decision-making circuit and goal generation capability inside itself. Research techniques include functional-target approach, mathematical apparatus of multilevel hierarchical system theory and principles of network-centric control of distributed systems with pro-active components and variable structure. The work considers network-centric management local decisions coordination problem-solving within the multilevel distributed systems intended for information support of regional security. The coordination problem-solving approach and problem formalization in the multilevel network-centric control systems of regional security have been proposed based on developed multilevel recurrent hierarchical model of regional socio-economic system complex security. The model provides coordination of regional security indexes, optimized by the different elements of multilevel control systems, subject to decentralized decision-making. The model specificity consists in application of functional-target technology and mathematical apparatus of multilevel hierarchical system theory for coordination procedures implementation of the network-centric management local decisions. The work-out and research results can find further

  6. Control Systems Cyber Security:Defense in Depth Strategies

    Energy Technology Data Exchange (ETDEWEB)

    David Kuipers; Mark Fabro

    2006-05-01

    Information infrastructures across many public and private domains share several common attributes regarding IT deployments and data communications. This is particularly true in the control systems domain. A majority of the systems use robust architectures to enhance business and reduce costs by increasing the integration of external, business, and control system networks. However, multi-network integration strategies often lead to vulnerabilities that greatly reduce the security of an organization, and can expose mission-critical control systems to cyber threats. This document provides guidance and direction for developing ‘defense-in-depth’ strategies for organizations that use control system networks while maintaining a multi-tier information architecture that requires: Maintenance of various field devices, telemetry collection, and/or industrial-level process systems Access to facilities via remote data link or modem Public facing services for customer or corporate operations A robust business environment that requires connections among the control system domain, the external Internet, and other peer organizations.

  7. Control and Communication for a Secure and Reconfigurable Power Distribution System

    Science.gov (United States)

    Giacomoni, Anthony Michael

    A major transformation is taking place throughout the electric power industry to overlay existing electric infrastructure with advanced sensing, communications, and control system technologies. This transformation to a smart grid promises to enhance system efficiency, increase system reliability, support the electrification of transportation, and provide customers with greater control over their electricity consumption. Upgrading control and communication systems for the end-to-end electric power grid, however, will present many new security challenges that must be dealt with before extensive deployment and implementation of these technologies can begin. In this dissertation, a comprehensive systems approach is taken to minimize and prevent cyber-physical disturbances to electric power distribution systems using sensing, communications, and control system technologies. To accomplish this task, an intelligent distributed secure control (IDSC) architecture is presented and validated in silico for distribution systems to provide greater adaptive protection, with the ability to proactively reconfigure, and rapidly respond to disturbances. Detailed descriptions of functionalities at each layer of the architecture as well as the whole system are provided. To compare the performance of the IDSC architecture with that of other control architectures, an original simulation methodology is developed. The simulation model integrates aspects of cyber-physical security, dynamic price and demand response, sensing, communications, intermittent distributed energy resources (DERs), and dynamic optimization and reconfiguration. Applying this comprehensive systems approach, performance results for the IEEE 123 node test feeder are simulated and analyzed. The results show the trade-offs between system reliability, operational constraints, and costs for several control architectures and optimization algorithms. Additional simulation results are also provided. In particular, the

  8. Summary of the third control system cyber-security (CS)2/HEP workshop

    International Nuclear Information System (INIS)

    Lueders, S.

    2012-01-01

    Over the last decade modern accelerator and experiment control systems have increasingly been based on commercial-off-the-shelf products (VME crates, programmable logic controllers (PLCs), supervisory control and data acquisition (SCADA) systems, etc.), on Windows or Linux PCs, and on communication infrastructures using Ethernet and TCP/IP. Despite the benefits coming with this (r)evolution, new vulnerabilities are inherited, too: Worms and viruses spread within seconds via the Ethernet cable, and attackers are becoming interested in control systems. The Stuxnet worm of 2010 against a particular Siemens PLC is a unique example for a sophisticated attack against control systems. Unfortunately, control PCs cannot be patched as fast as office PCs. Even worse, vulnerability scans at CERN using standard IT tools have shown that commercial automation systems lack fundamental security precautions: Some systems crashed during the scan, others could easily be stopped or their process data being altered. The third (CS)2/HEP workshop was intended to raise awareness; exchange good practices, ideas, and implementations; discuss what works and what not as well as their pros and cons; report on security events, lessons learned and successes; and update on progresses made at HEP laboratories around the world in order to secure control systems. It appears that deploying a 'Defense-in-depth approach is mandatory and corresponds to good practice while the full compliance to ISO-27000 standard is definitely both an ultimate goal and a very difficult challenge. There was a broad consensus to state that developing a 'security culture' among the players whatever they are: system experts, administrators, vendors or operators is the first step to do

  9. 78 FR 43963 - Twenty-Third Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Science.gov (United States)

    2013-07-22

    ... Committee 224, Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security... meeting of the RTCA Special Committee 224, Airport Security Access Control Systems. DATES: The meeting...

  10. Advanced Approach to Information Security Management System Model for Industrial Control System

    Directory of Open Access Journals (Sweden)

    Sanghyun Park

    2014-01-01

    Full Text Available Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS. ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS.

  11. Advanced approach to information security management system model for industrial control system.

    Science.gov (United States)

    Park, Sanghyun; Lee, Kyungho

    2014-01-01

    Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS). ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs) because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS.

  12. Advanced Approach to Information Security Management System Model for Industrial Control System

    Science.gov (United States)

    2014-01-01

    Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS). ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs) because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS. PMID:25136659

  13. Cyber Security in Industrial Control Systems and SCADA Applications: Modbus TCP Protocol Example

    Directory of Open Access Journals (Sweden)

    Erdal IRMAK

    2017-12-01

    Full Text Available Electrical energy generation, transmission and distribution systems are evaluated in terms of national security dimension and defined as critical infrastructures. Monitoring and controlling of these systems is provided by Industrial Control Systems (ICS or Supervisory Control and Data Acquisition (SCADA systems. According to the latest advances in communication and internet technology, ICS/SCADA systems have started to become integrated with these systems. As a result of this situation, current or existing vulnerabilities in information and communication technology affect to SCADA systems directly. Therefore, this paper focuses on the cyber security of ICS/SCADA systems. It has been proved that the lack of authentication detected in Modbus TCP protocol, one of the most used in ICS/SCADA systems, can be exploited. In order to solve this security issue, a software is developed using the Python programming language for blocking or mitigating the cyber attacks. The proposed solution is subjected to several tests and results show that the attacks can be prevented successfully. Thus, it is considered that the proposed work will contribute to the security of ICS/SCADA systems and the industrial protocols using for communicating these systems.

  14. Automatic Learning of Fine Operating Rules for Online Power System Security Control.

    Science.gov (United States)

    Sun, Hongbin; Zhao, Feng; Wang, Hao; Wang, Kang; Jiang, Weiyong; Guo, Qinglai; Zhang, Boming; Wehenkel, Louis

    2016-08-01

    Fine operating rules for security control and an automatic system for their online discovery were developed to adapt to the development of smart grids. The automatic system uses the real-time system state to determine critical flowgates, and then a continuation power flow-based security analysis is used to compute the initial transfer capability of critical flowgates. Next, the system applies the Monte Carlo simulations to expected short-term operating condition changes, feature selection, and a linear least squares fitting of the fine operating rules. The proposed system was validated both on an academic test system and on a provincial power system in China. The results indicated that the derived rules provide accuracy and good interpretability and are suitable for real-time power system security control. The use of high-performance computing systems enables these fine operating rules to be refreshed online every 15 min.

  15. Summary of the Control System Cyber-Security (CS)2/HEP Workshop

    CERN Document Server

    Lüders, S

    2007-01-01

    Over the last few years modern accelerator and experiment control systems have increasingly been based on commercial-off-the-shelf products (VME crates, PLCs, SCADA systems, etc.), on Windows or Linux PCs, and on communication infrastructures using Ethernet and TCP/IP. Despite the benefits coming with this (r)evolution, new vulnerabilities are inherited, too: Worms and viruses spread within seconds via the Ethernet cable, and attackers are becoming interested in control systems. Unfortunately, control PCs cannot be patched as fast as office PCs. Even worse, vulnerability scans at CERN using standard IT tools have shown that commercial automation systems lack fundamental security precautions: Some systems crashed during the scan, others could easily be stopped or their process data be altered. The (CS)2/HEP workshop held the weekend before ICALEPCS2007 was intended to present, share, and discuss countermeasures deployed in HEP laboratories in order to secure control systems. This presentation will give a summa...

  16. IT Security Support for the Spaceport Command Control Systems Development Ground Support Development Operations

    Science.gov (United States)

    Branch, Drew A.

    2014-01-01

    Security is one of the most if not the most important areas today. After the several attacks on the United States, security everywhere has heightened from airports to the communication among the military branches legionnaires. With advanced persistent threats (APT's) on the rise following Stuxnet, government branches and agencies are required, more than ever, to follow several standards, policies and procedures to reduce the likelihood of a breach. Attack vectors today are very advanced and are going to continue to get more and more advanced as security controls advance. This creates a need for networks and systems to be in an updated and secured state in a launch control system environment. FISMA is a law that is mandated by the government to follow when government agencies secure networks and devices. My role on this project is to ensure network devices and systems are in compliance with NIST, as outlined in FISMA. I will achieve this by providing assistance with security plan documentation and collection, system hardware and software inventory, malicious code and malware scanning, and configuration of network devices i.e. routers and IDS's/IPS's. In addition, I will be completing security assessments on software and hardware, vulnerability assessments and reporting, and conducting patch management and risk assessments. A guideline that will help with compliance with NIST is the SANS Top 20 Critical Controls. SANS Top 20 Critical Controls as well as numerous security tools, security software and the conduction of research will be used to successfully complete the tasks given to me. This will ensure compliance with FISMA and NIST, secure systems and a secured network. By the end of this project, I hope to have carried out the tasks stated above as well as gain an immense knowledge about compliance, security tools, networks and network devices, as well as policies and procedures.

  17. Information security of industrial control systems: possible attack vectors and protection methods

    Directory of Open Access Journals (Sweden)

    Ignatiy A. Grachkov

    2018-03-01

    obtaining unauthorized access to industrial control systems using the Shodan search engine is described and recommendations how to ensure information security of the industrial control system are given.

  18. Safety Evaluation Approach with Security Controls for Safety I and C Systems on Nuclear Power Plants

    International Nuclear Information System (INIS)

    Kim, D. H.; Jeong, S. Y.; Kim, Y. M.; Park, H. S.; Lee, M. S.; Kim, T. H.

    2016-01-01

    This paper addresses concepts of safety and security and relations between them for assessing effects of security features in safety systems. Also, evaluation approach for avoiding confliction with safety requirements and cyber security features which may be adopted in safety-related digital I and C system will be described. In this paper, safety-security life cycle model based confliction avoidance method was proposed to evaluate the effects when the cyber security control features are implemented in the safety I and C system. Also, safety effect evaluation results using the proposed evaluation method were described. In case of technical security controls, many of them are expected to conflict with safety requirements, otherwise operational and managerial controls are not relatively. Safety measures and cyber security measures for nuclear power plants should be implemented not to conflict with one another. Where safety function and security features are both required within the systems, and also where security features are implemented within safety systems, they should be justified

  19. Safety Evaluation Approach with Security Controls for Safety I and C Systems on Nuclear Power Plants

    Energy Technology Data Exchange (ETDEWEB)

    Kim, D. H.; Jeong, S. Y.; Kim, Y. M.; Park, H. S. [KINS, Daejeon (Korea, Republic of); Lee, M. S.; Kim, T. H. [Formal Works Inc., Seoul (Korea, Republic of)

    2016-05-15

    This paper addresses concepts of safety and security and relations between them for assessing effects of security features in safety systems. Also, evaluation approach for avoiding confliction with safety requirements and cyber security features which may be adopted in safety-related digital I and C system will be described. In this paper, safety-security life cycle model based confliction avoidance method was proposed to evaluate the effects when the cyber security control features are implemented in the safety I and C system. Also, safety effect evaluation results using the proposed evaluation method were described. In case of technical security controls, many of them are expected to conflict with safety requirements, otherwise operational and managerial controls are not relatively. Safety measures and cyber security measures for nuclear power plants should be implemented not to conflict with one another. Where safety function and security features are both required within the systems, and also where security features are implemented within safety systems, they should be justified.

  20. Security Challenges in Smart-Grid Metering and Control Systems

    Directory of Open Access Journals (Sweden)

    Xinxin Fan

    2013-07-01

    Full Text Available The smart grid is a next-generation power system that is increasingly attracting the attention of government, industry, and academia. It is an upgraded electricity network that depends on two-way digital communications between supplier and consumer that in turn give support to intelligent metering and monitoring systems. Considering that energy utilities play an increasingly important role in our daily life, smart-grid technology introduces new security challenges that must be addressed. Deploying a smart grid without adequate security might result in serious consequences such as grid instability, utility fraud, and loss of user information and energy-consumption data. Due to the heterogeneous communication architecture of smart grids, it is quite a challenge to design sophisticated and robust security mechanisms that can be easily deployed to protect communications among different layers of the smart grid-infrastructure. In this article, we focus on the communication-security aspect of a smart-grid metering and control system from the perspective of cryptographic techniques, and we discuss different mechanisms to enhance cybersecurity of the emerging smart grid. We aim to provide a comprehensive vulnerability analysis as well as novel insights on the cybersecurity of a smart grid.

  1. AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS

    Directory of Open Access Journals (Sweden)

    JAE-GU SONG

    2013-10-01

    Full Text Available Instrumentation and control systems in nuclear power plants have been digitalized for the purpose of maintenance and precise operation. This digitalization, however, brings out issues related to cyber security. In the most recent past, international standard organizations, regulatory institutes, and research institutes have performed a number of studies addressing these systems cyber security. In order to provide information helpful to the system designers in their application of cyber security for the systems, this paper presents methods and considerations to define attack vectors in a target system, to review and select the requirements in the Regulatory Guide 5.71, and to integrate the results to identify applicable technical security control requirements. In this study, attack vectors are analyzed through the vulnerability analyses and penetration tests with a simplified safety system, and the elements of critical digital assets acting as attack vectors are identified. Among the security control requirements listed in Appendices B and C to Regulatory Guide 5.71, those that should be implemented into the systems are selected and classified in groups of technical security control requirements using the results of the attack vector analysis. For the attack vector elements of critical digital assets, all the technical security control requirements are evaluated to determine whether they are applicable and effective, and considerations in this evaluation are also discussed. The technical security control requirements in three important categories of access control, monitoring and logging, and encryption are derived and grouped according to the elements of attack vectors as results for the sample safety system.

  2. Safety and security analysis for distributed control system in nuclear power plants

    International Nuclear Information System (INIS)

    Lu Zhigang; Liu Baoxu

    2011-01-01

    The Digital Distributed Control System (DCS) is the core that manages all monitoring and operation tasks in a Nuclear Power Plant (NPP). So, Digital Distributed Control System in Nuclear Power Plant has strict requirements for control and automation device safety and security due to many factors. In this article, factors of safety are analyzed firstly, while placing top priority on reliability, quality of supply and stability have also been carefully considered. In particular, advanced digital and electronic technologies are adopted to maintain sufficient reliability and supervisory capabilities in nuclear power plants. Then, security of networking and information technology have been remarked, several design methodologies considering the security characteristics are suggested. Methods and technologies of this article are being used in testing and evaluation for a real implement of a nuclear power plant in China. (author)

  3. Attack tree based cyber security analysis of nuclear digital instrumentation and control systems

    International Nuclear Information System (INIS)

    Khand, P.A.

    2009-01-01

    To maintain the cyber security, nuclear digital Instrumentation and Control (I and C) systems must be analyzed for security risks because a single security breach due to a cyber attack can cause system failure, which can have catastrophic consequences on the environment and staff of a Nuclear Power Plant (NPP). Attack trees have been widely used to analyze the cyber security of digital systems due to their ability to capture system specific as well as attacker specific details. Therefore, a methodology based on attack trees has been proposed to analyze the cyber security of the systems. The methodology has been applied for the Cyber Security Analysis (CSA) of a Bistable Processor (BP) of a Reactor Protection System (RPS). Threats have been described according to their source. Attack scenarios have been generated using the attack tree and possible counter measures according to the Security Risk Level (SRL) of each scenario have been suggested. Moreover, cyber Security Requirements (SRs) have been elicited, and suitability of the requirements has been checked. (author)

  4. Selecting Optimal Subset of Security Controls

    OpenAIRE

    Yevseyeva, I.; Basto-Fernandes, V.; Michael, Emmerich, T. M.; Moorsel, van, A.

    2015-01-01

    Open Access journal Choosing an optimal investment in information security is an issue most companies face these days. Which security controls to buy to protect the IT system of a company in the best way? Selecting a subset of security controls among many available ones can be seen as a resource allocation problem that should take into account conflicting objectives and constraints of the problem. In particular, the security of the system should be improved without hindering productivity, ...

  5. An analysis of Technical Security Control Requirements For Digital I and C Systems in Nuclear Power Plants

    International Nuclear Information System (INIS)

    Song, Jaegu; Lee, Jungwoon; Park, Geeyong; Kwon, Keechoon; Lee, Dongyoung; Lee, Cheolkwon

    2013-01-01

    Instrumentation and control systems in nuclear power plants have been digitalized for the purpose of maintenance and precise operation. This digitalization, however, brings out issues related to cyber security. In the most recent past, international standard organizations, regulatory institutes, and research institutes have performed a number of studies addressing these systems cyber security. In order to provide information helpful to the system designers in their application of cyber security for the systems, this paper presents methods and considerations to define attack vectors in a target system, to review and select the requirements in the Regulatory Guide 5.71, and to integrate the results to identify applicable technical security control requirements. In this study, attack vectors are analyzed through the vulnerability analyses and penetration tests with a simplified safety system, and the elements of critical digital assets acting as attack vectors are identified. Among the security control requirements listed in Appendices B and C to Regulatory Guide 5.71, those that should be implemented into the systems are selected and classified in groups of technical security control requirements using the results of the attack vector analysis. For the attack vector elements of critical digital assets, all the technical security control requirements are evaluated to determine whether they are applicable and effective, and considerations in this evaluation are also discussed. The technical security control requirements in three important categories of access control, monitoring and logging, and encryption are derived and grouped according to the elements of attack vectors as results for the sample safety system

  6. An analysis of Technical Security Control Requirements For Digital I and C Systems in Nuclear Power Plants

    Energy Technology Data Exchange (ETDEWEB)

    Song, Jaegu; Lee, Jungwoon; Park, Geeyong; Kwon, Keechoon; Lee, Dongyoung; Lee, Cheolkwon [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2013-10-15

    Instrumentation and control systems in nuclear power plants have been digitalized for the purpose of maintenance and precise operation. This digitalization, however, brings out issues related to cyber security. In the most recent past, international standard organizations, regulatory institutes, and research institutes have performed a number of studies addressing these systems cyber security. In order to provide information helpful to the system designers in their application of cyber security for the systems, this paper presents methods and considerations to define attack vectors in a target system, to review and select the requirements in the Regulatory Guide 5.71, and to integrate the results to identify applicable technical security control requirements. In this study, attack vectors are analyzed through the vulnerability analyses and penetration tests with a simplified safety system, and the elements of critical digital assets acting as attack vectors are identified. Among the security control requirements listed in Appendices B and C to Regulatory Guide 5.71, those that should be implemented into the systems are selected and classified in groups of technical security control requirements using the results of the attack vector analysis. For the attack vector elements of critical digital assets, all the technical security control requirements are evaluated to determine whether they are applicable and effective, and considerations in this evaluation are also discussed. The technical security control requirements in three important categories of access control, monitoring and logging, and encryption are derived and grouped according to the elements of attack vectors as results for the sample safety system.

  7. Network Attack Detection and Defense: Securing Industrial Control Systems for Critical Infrastructures (Dagstuhl Seminar 14292)

    NARCIS (Netherlands)

    Dacer, Marc; Kargl, Frank; König, Hartmut; Valdes, Alfonso

    2014-01-01

    This report documents the program and the outcomes of Dagstuhl Seminar 14292 “Network Attack Detection and Defense: Securing Industrial Control Systems for Critical Infrastructures”. The main objective of the seminar was to discuss new approaches and ideas for securing industrial control systems. It

  8. Improving Control System Cyber-State Awareness using Known Secure Sensor Measurements

    Energy Technology Data Exchange (ETDEWEB)

    Ondrej Linda; Milos Manic; Miles McQueen

    2012-09-01

    Abstract—This paper presents design and simulation of a low cost and low false alarm rate method for improved cyber-state awareness of critical control systems - the Known Secure Sensor Measurements (KSSM) method. The KSSM concept relies on physical measurements to detect malicious falsification of the control systems state. The KSSM method can be incrementally integrated with already installed control systems for enhanced resilience. This paper reviews the previously developed theoretical KSSM concept and then describes a simulation of the KSSM system. A simulated control system network is integrated with the KSSM components. The effectiveness of detection of various intrusion scenarios is demonstrated on several control system network topologies.

  9. Cyber Security and Resilient Systems

    Energy Technology Data Exchange (ETDEWEB)

    Robert S. Anderson

    2009-07-01

    The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation’s cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested – both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments to date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the

  10. Cyber Security and Resilient Systems

    International Nuclear Information System (INIS)

    Anderson, Robert S.

    2009-01-01

    The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation's cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested - both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments to date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the

  11. Insights on the Security and Dependability of Industrial Control Systems

    NARCIS (Netherlands)

    Kargl, Frank; van der Heijden, R.; van der Heijden, Rens W.; König, Hartmut; Valdes, Alfonso; Dacier, Marc C.

    2014-01-01

    The authors discuss the findings of a recent research seminar on the security and dependability of industrial control systems and provide an overview of major challenges in the field and areas where current research should focus.

  12. INDUSTRIAL CONTROL SYSTEM CYBER SECURITY: QUESTIONS AND ANSWERS RELEVANT TO NUCLEAR FACILITIES, SAFEGUARDS AND SECURITY

    Energy Technology Data Exchange (ETDEWEB)

    Robert S. Anderson; Mark Schanfein; Trond Bjornard; Paul Moskowitz

    2011-07-01

    Typical questions surrounding industrial control system (ICS) cyber security always lead back to: What could a cyber attack do to my system(s) and; how much should I worry about it? These two leading questions represent only a fraction of questions asked when discussing cyber security as it applies to any program, company, business, or organization. The intent of this paper is to open a dialog of important pertinent questions and answers that managers of nuclear facilities engaged in nuclear facility security and safeguards should examine, i.e., what questions should be asked; and how do the answers affect an organization's ability to effectively safeguard and secure nuclear material. When a cyber intrusion is reported, what does that mean? Can an intrusion be detected or go un-noticed? Are nuclear security or safeguards systems potentially vulnerable? What about the digital systems employed in process monitoring, and international safeguards? Organizations expend considerable efforts to ensure that their facilities can maintain continuity of operations against physical threats. However, cyber threats particularly on ICSs may not be well known or understood, and often do not receive adequate attention. With the disclosure of the Stuxnet virus that has recently attacked nuclear infrastructure, many organizations have recognized the need for an urgent interest in cyber attacks and defenses against them. Several questions arise including discussions about the insider threat, adequate cyber protections, program readiness, encryption, and many more. These questions, among others, are discussed so as to raise the awareness and shed light on ways to protect nuclear facilities and materials against such attacks.

  13. Industrial Control System Cyber Security: Questions And Answers Relevant To Nuclear Facilities, Safeguards And Security

    International Nuclear Information System (INIS)

    Anderson, Robert S.; Schanfein, Mark; Bjornard, Trond; Moskowitz, Paul

    2011-01-01

    Typical questions surrounding industrial control system (ICS) cyber security always lead back to: What could a cyber attack do to my system(s) and; how much should I worry about it? These two leading questions represent only a fraction of questions asked when discussing cyber security as it applies to any program, company, business, or organization. The intent of this paper is to open a dialog of important pertinent questions and answers that managers of nuclear facilities engaged in nuclear facility security and safeguards should examine, i.e., what questions should be asked; and how do the answers affect an organization's ability to effectively safeguard and secure nuclear material. When a cyber intrusion is reported, what does that mean? Can an intrusion be detected or go un-noticed? Are nuclear security or safeguards systems potentially vulnerable? What about the digital systems employed in process monitoring, and international safeguards? Organizations expend considerable efforts to ensure that their facilities can maintain continuity of operations against physical threats. However, cyber threats particularly on ICSs may not be well known or understood, and often do not receive adequate attention. With the disclosure of the Stuxnet virus that has recently attacked nuclear infrastructure, many organizations have recognized the need for an urgent interest in cyber attacks and defenses against them. Several questions arise including discussions about the insider threat, adequate cyber protections, program readiness, encryption, and many more. These questions, among others, are discussed so as to raise the awareness and shed light on ways to protect nuclear facilities and materials against such attacks.

  14. Security System Software

    Science.gov (United States)

    1993-01-01

    C Language Integration Production System (CLIPS), a NASA-developed expert systems program, has enabled a security systems manufacturer to design a new generation of hardware. C.CURESystem 1 Plus, manufactured by Software House, is a software based system that is used with a variety of access control hardware at installations around the world. Users can manage large amounts of information, solve unique security problems and control entry and time scheduling. CLIPS acts as an information management tool when accessed by C.CURESystem 1 Plus. It asks questions about the hardware and when given the answer, recommends possible quick solutions by non-expert persons.

  15. Two-stage Security Controls Selection

    NARCIS (Netherlands)

    Yevseyeva, I.; Basto, Fernandes V.; Moorsel, van A.; Janicke, H.; Michael, Emmerich T. M.

    2016-01-01

    To protect a system from potential cyber security breaches and attacks, one needs to select efficient security controls, taking into account technical and institutional goals and constraints, such as available budget, enterprise activity, internal and external environment. Here we model the security

  16. Real time test bed development for power system operation, control and cyber security

    Science.gov (United States)

    Reddi, Ram Mohan

    The operation and control of the power system in an efficient way is important in order to keep the system secure, reliable and economical. With advancements in smart grid, several new algorithms have been developed for improved operation and control. These algorithms need to be extensively tested and validated in real time before applying to the real electric power grid. This work focuses on the development of a real time test bed for testing and validating power system control algorithms, hardware devices and cyber security vulnerability. The test bed developed utilizes several hardware components including relays, phasor measurement units, phasor data concentrator, programmable logic controllers and several software tools. Current work also integrates historian for power system monitoring and data archiving. Finally, two different power system test cases are simulated to demonstrate the applications of developed test bed. The developed test bed can also be used for power system education.

  17. Power system security enhancement through direct non-disruptive load control

    Science.gov (United States)

    Ramanathan, Badri Narayanan

    The transition to a competitive market structure raises significant concerns regarding reliability of the power grid. A need to build tools for security assessment that produce operating limit boundaries for both static and dynamic contingencies is recognized. Besides, an increase in overall uncertainty in operating conditions makes corrective actions at times ineffective leaving the system vulnerable to instability. The tools that are in place for stability enhancement are mostly corrective and suffer from lack of robustness to operating condition changes. They often pose serious coordination challenges. With deregulation, there have also been ownership and responsibility issues associated with stability controls. However, the changing utility business model and the developments in enabling technologies such as two-way communication, metering, and control open up several new possibilities for power system security enhancement. This research proposes preventive modulation of selected loads through direct control for power system security enhancement. Two main contributions of this research are the following: development of an analysis framework and two conceptually different analysis approaches for load modulation to enhance oscillatory stability, and the development and study of algorithms for real-time modulation of thermostatic loads. The underlying analysis framework is based on the Structured Singular Value (SSV or mu) theory. Based on the above framework, two fundamentally different approaches towards analysis of the amount of load modulation for desired stability performance have been developed. Both the approaches have been tested on two different test systems: CIGRE Nordic test system and an equivalent of the Western Electric Coordinating Council test system. This research also develops algorithms for real-time modulation of thermostatic loads that use the results of the analysis. In line with some recent load management programs executed by utilities, two

  18. CC-based Design of Secure Application Systems

    DEFF Research Database (Denmark)

    Sharp, Robin

    2009-01-01

    This paper describes some experiences with using the Common Criteria for Information Security Evaluation as the basis for a design methodology for secure application systems. The examples considered include a Point-of-Sale (POS) system, a wind turbine park monitoring and control system and a secu...... an effective and secure design, starting with the formulation of a Protection Profile and ending with a concrete design, within the project timeframe.......This paper describes some experiences with using the Common Criteria for Information Security Evaluation as the basis for a design methodology for secure application systems. The examples considered include a Point-of-Sale (POS) system, a wind turbine park monitoring and control system and a secure...

  19. Evaluating the Level of Internal Control System in the Management of Financial Security of Bank

    Directory of Open Access Journals (Sweden)

    Pidvysotska Lyudmyla J.

    2017-06-01

    Full Text Available The article is aimed at studying the organization and technology of evaluation process of the internal control system of bank in order to ensure financial security management of its activities. The work of the internal audit service on monitoring and evaluating the performance of the bank’s internal control system was analyzed. It has been found that improving the level of financial security of commercial banks is conditional upon improvements in the quality of audits and the provision of sound and objective conclusions. The interrelation of the tasks of internal audit service and the tasks of bank’s financial security management has been determined. Methodological recommendations on evaluation of the bank’s internal control system on the basis of results of audit have been proposed.

  20. Cyber Security for the Spaceport Command and Control System: Vulnerability Management and Compliance Analysis

    Science.gov (United States)

    Gunawan, Ryan A.

    2016-01-01

    With the rapid development of the Internet, the number of malicious threats to organizations is continually increasing. In June of 2015, the United States Office of Personnel Management (OPM) had a data breach resulting in the compromise of millions of government employee records. The National Aeronautics and Space Administration (NASA) is not exempt from these attacks. Cyber security is becoming a critical facet to the discussion of moving forward with projects. The Spaceport Command and Control System (SCCS) project at the Kennedy Space Center (KSC) aims to develop the launch control system for the next generation launch vehicle in the coming decades. There are many ways to increase the security of the network it uses, from vulnerability management to ensuring operating system images are compliant with securely configured baselines recommended by the United States Government.

  1. Systems analysis of a security alarm system

    International Nuclear Information System (INIS)

    Schiff, A.

    1975-01-01

    When the Lawrence Livermore Laboratory found that its security alarm system was causing more false alarms and maintenance costs than LLL felt was tolerable, a systems analysis was undertaken to determine what should be done about the situation. This report contains an analysis of security alarm systems in general and ends with a review of the existing Security Alarm Control Console (SACC) and recommendations for its improvement, growth and change. (U.S.)

  2. Security Research on Engineering Database System

    Institute of Scientific and Technical Information of China (English)

    2002-01-01

    Engine engineering database system is an oriented C AD applied database management system that has the capability managing distributed data. The paper discusses the security issue of the engine engineering database management system (EDBMS). Through studying and analyzing the database security, to draw a series of securi ty rules, which reach B1, level security standard. Which includes discretionary access control (DAC), mandatory access control (MAC) and audit. The EDBMS implem ents functions of DAC, ...

  3. System Security Management in SNMP

    OpenAIRE

    P. Deivendran; Dr. R. Dhanapal Ph.D

    2010-01-01

    We present a framework for managing system security, based on a SNMP Management Information Base (MIB), namely the System Security MIB (SSEC MIB), We have defined managed objects and completed the ASN.1 description of the MIB that embeds them. The related security management functions are mainly focused on monitoring external script execution for system security scanning and access control. The main goal of this work is to introduce the semantics and a standard interface that will allow the r...

  4. Effectiveness Of Security Controls On Electronic Health Records

    Directory of Open Access Journals (Sweden)

    Everleen Wanyonyi

    2017-12-01

    Full Text Available Electronic Health Record EHR systems enhance efficiency and effectiveness in handling patients information in healthcare. This study focused on the EHR security by initially establishing the nature of threats affecting the system and reviewing the implemented security safeguards. The study was done at a referral hospital level 6 government facility in Kenya. Purposive sampling was used to select a sample of 196 out of 385 staff and a questionnaire designed for qualitative data collection. Data was analyzed using SPSS software. Correlations and binary logistic regression were obtained. Binary Logistic Regression BLR was used to establish the effect of the safeguards predictors on EHR security. It was established that physical security contributes more to the security of an information system than administrative controls and technical controls in that order. BLR helped in predicting effective safeguards to control EHR security threats in limited resourced public health facilities.

  5. Power system security enhancement with unified power flow controller under multi-event contingency conditions

    Directory of Open Access Journals (Sweden)

    S. Ravindra

    2017-03-01

    Full Text Available Power system security analysis plays key role in enhancing the system security and to avoid the system collapse condition. In this paper, a novel severity function is formulated using transmission line loadings and bus voltage magnitude deviations. The proposed severity function and generation fuel cost objectives are analyzed under transmission line(s and/or generator(s contingency conditions. The system security under contingency conditions is analyzed using optimal power flow problem. An improved teaching learning based optimization (ITLBO algorithm has been presented. To enhance the system security under contingency conditions in the presence of unified power flow controller (UPFC, it is necessary to identify an optimal location to install this device. Voltage source based power injection model of UPFC, incorporation procedure and optimal location identification strategy based on line overload sensitivity indexes are proposed. The entire proposed methodology is tested on standard IEEE-30 bus test system with supporting numerical and graphical results.

  6. Security and arms control

    International Nuclear Information System (INIS)

    Kolodziej, E.A.; Morgan, P.M.

    1989-01-01

    This book attempts to clarify and define selected current issues and problems related to security and arms control from an international perspective. The chapters are organized under the following headings. Conflict and the international system, Nuclear deterrence, Conventional warfare, Subconventional conflict, Arms control and crisis management

  7. Preventive Security-Constrained Optimal Power Flow Considering UPFC Control Modes

    Directory of Open Access Journals (Sweden)

    Xi Wu

    2017-08-01

    Full Text Available The successful application of the unified power flow controller (UPFC provides a new control method for the secure and economic operation of power system. In order to make the full use of UPFC and improve the economic efficiency and static security of a power system, a preventive security-constrained power flow optimization method considering UPFC control modes is proposed in this paper. Firstly, an iterative method considering UPFC control modes is deduced for power flow calculation. Taking into account the influence of different UPFC control modes on the distribution of power flow after N-1 contingency, the optimization model is then constructed by setting a minimal system operation cost and a maximum static security margin as the objective. Based on this model, the particle swarm optimization (PSO algorithm is utilized to optimize power system operating parameters and UPFC control modes simultaneously. Finally, a standard IEEE 30-bus system is utilized to demonstrate that the proposed method fully exploits the potential of static control of UPFC and significantly increases the economic efficiency and static security of the power system.

  8. Study on Mandatory Access Control in a Secure Database Management System

    Institute of Scientific and Technical Information of China (English)

    2001-01-01

    This paper proposes a security policy model for mandatory access control in class B1 database management system whose level of labeling is tuple. The relation-hierarchical data model is extended to multilevel relation-hierarchical data model. Based on the multilevel relation-hierarchical data model, the concept of upper-lower layer relational integrity is presented after we analyze and eliminate the covert channels caused by the database integrity. Two SQL statements are extended to process polyinstantiation in the multilevel secure environment. The system is based on the multilevel relation-hierarchical data model and is capable of integratively storing and manipulating multilevel complicated objects (e. g., multilevel spatial data) and multilevel conventional data ( e. g., integer. real number and character string).

  9. SMS security system for smart home detectors

    OpenAIRE

    Cekova, Katerina; Gelev, Saso

    2016-01-01

    Security has always been an important problem everywhere. Home security has been a major issue where crime is increasing and everybody wants home security to protect the home. Safety from theft and flame are the most important requirements of a home security system for people. A remote home security system offers many benefits from keeping homeowners, and their property safe. This paper present controlling of the home security system remotely from Android Application. Owners can turn on or...

  10. Security controls in a Cullinet database environment

    International Nuclear Information System (INIS)

    Thompson, R.E.

    1988-01-01

    Security controls using Cullinet's Integrated Data Management System (IDMS) are examined. IDMS software integrity problems, with emphasis on security package interfaces, are disclosed. Solutions applied at Sandia Laboratories Engineering Information Management computing facilty are presented. An overall IDMS computer security philosophy is reviewed

  11. Improving the Security and Performance of the BaBar Detector Controls System

    International Nuclear Information System (INIS)

    Kotturi, Karen D.

    2003-01-01

    It starts out innocently enough--users want to monitor Online data and so run their own copies of the detector control GUIs in their offices and at home. But over time, the number of processes making requests for values to display on GUIs, webpages and stripcharts can grow, and affect the performance of an Input/Output Controller (IOC) such that it is unable to respond to requests from requests critical to data-taking. At worst, an IOC can hang, its CPU having been allocated 100% to responding to network requests. For the BaBar Online Detector Control System, we were able to eliminate this problem and make great gains in security by moving all of the IOCs to a non-routed, virtual LAN and by enlisting a workstation with two network interface cards to act as the interface between the virtual LAN and the public BaBar network. On the interface machine, we run the Experimental Physics Industrial Control System (EPICS) Channel Access (CA) gateway software (originating from Advanced Photon Source). This software accepts as inputs, all the channels which are loaded into the EPICS databases on all the IOCs. It polls them to update its copy of the values. It answers requests from applications by sending them the currently cached value. We adopted the requirement that data-taking would be independent of the gateway, so that, in the event of a gateway failure, data-taking would be uninterrupted. In this way, we avoided introducing any new risk elements to data-taking. Security rules already in use by the IOC were propagated to the gateway's own security rules and the security of the IOCs themselves was improved by removing them from the public BaBar network

  12. Applications for cyber security - System and application monitoring

    International Nuclear Information System (INIS)

    Marron, J. E.

    2006-01-01

    Standard network security measures are adequate for defense against external attacks. However, many experts agree that the greater threat is from internal sources. Insiders with malicious intentions can change controller instructions, change alarm thresholds, and issue commands to equipment which can damage equipment and compromise control system integrity. In addition to strict physical security the state of the system must be continually monitored. System and application monitoring goes beyond the capabilities of network security appliances. It will include active processes, operating system services, files, network adapters and IP addresses. The generation of alarms is a crucial feature of system and application monitoring. The alarms should be integrated to avoid the burden on operators of checking multiple locations for security violations. Tools for system and application monitoring include commercial software, free software, and ad-hoc tools that can be easily created. System and application monitoring is part of a 'defense-in-depth' approach to a control network security plan. Layered security measures prevent an individual security measure failure from being exploited into a successful security breach. Alarming of individual failures is essential for rapid isolation and correction of single failures. System and application monitoring is the innermost layer of this defense strategy. (authors)

  13. Design concept of CSRAS (Cyber Security Risk Analysis and Assessment System) for digital I and C systems

    International Nuclear Information System (INIS)

    Song, J. G.; Lee, J. W.; Lee, D. Y.; Lee, C. K.

    2012-01-01

    The instrumentation and control (I and C) systems in nuclear power plants (NPPs) have been digitalized recently. Hence, cyber security becomes an important feature to be incorporated into the I and C systems. The Regulatory Guide 5.71 published by U.C NRC in 2010 presents a comprehensive set of security controls for the cyber security of I and C systems in NPPs. However, the application of security controls specified in the RG 5.71 in a specific I and C system still requires many analysis efforts based on the understanding of the security controls, since the guideline does not provide the details to system designers or developers regarding what, where, and how to apply the security controls. To apply security controls to I and C systems, cyber security requirements should be identified based on the cyber security policy and program, then the design and implementation of security controls should be performed along with the I and C system development life cycle. It can be assumed that cyber security requirements are identified during the system design(SD) phase and the design and implementation of security controls is performed during the component design(CD) phase. When identifying security requirements and performing the design and implementation of security controls, cyber security risk assessments should be processed with the understanding of the characteristics of target systems. In this study, the Cyber Security Risk Analysis and Assessment System (CSRAS) has been developed as a tool for analyzing security requirements and technical security controls considering based on a general cyber security risk assessment procedure with the consideration of the characteristics of I and C systems and the development phases

  14. Design concept of CSRAS (Cyber Security Risk Analysis and Assessment System) for digital I and C systems

    Energy Technology Data Exchange (ETDEWEB)

    Song, J. G.; Lee, J. W.; Lee, D. Y.; Lee, C. K. [KAERI, Daejeon (Korea, Republic of)

    2012-10-15

    The instrumentation and control (I and C) systems in nuclear power plants (NPPs) have been digitalized recently. Hence, cyber security becomes an important feature to be incorporated into the I and C systems. The Regulatory Guide 5.71 published by U.C NRC in 2010 presents a comprehensive set of security controls for the cyber security of I and C systems in NPPs. However, the application of security controls specified in the RG 5.71 in a specific I and C system still requires many analysis efforts based on the understanding of the security controls, since the guideline does not provide the details to system designers or developers regarding what, where, and how to apply the security controls. To apply security controls to I and C systems, cyber security requirements should be identified based on the cyber security policy and program, then the design and implementation of security controls should be performed along with the I and C system development life cycle. It can be assumed that cyber security requirements are identified during the system design(SD) phase and the design and implementation of security controls is performed during the component design(CD) phase. When identifying security requirements and performing the design and implementation of security controls, cyber security risk assessments should be processed with the understanding of the characteristics of target systems. In this study, the Cyber Security Risk Analysis and Assessment System (CSRAS) has been developed as a tool for analyzing security requirements and technical security controls considering based on a general cyber security risk assessment procedure with the consideration of the characteristics of I and C systems and the development phases.

  15. An electronically controlled automatic security access gate

    Directory of Open Access Journals (Sweden)

    Jonathan A. ENOKELA

    2014-11-01

    Full Text Available The security challenges being encountered in many places require electronic means of controlling access to communities, recreational centres, offices, and homes. The electronically controlled automated security access gate being proposed in this work helps to prevent an unwanted access to controlled environments. This is achieved mainly through the use of a Radio Frequency (RF transmitter-receiver pair. In the design a microcontroller is programmed to decode a given sequence of keys that is entered on a keypad and commands a transmitter module to send out this code as signal at a given radio frequency. Upon reception of this RF signal by the receiver module, another microcontroller activates a driver circuitry to operate the gate automatically. The codes for the microcontrollers were written in C language and were debugged and compiled using the KEIL Micro vision 4 integrated development environment. The resultant Hex files were programmed into the memories of the microcontrollers with the aid of a universal programmer. Software simulation was carried out using the Proteus Virtual System Modeling (VSM version 7.7. A scaled-down prototype of the system was built and tested. The electronically controlled automated security access gate can be useful in providing security for homes, organizations, and automobile terminals. The four-character password required to operate the gate gives the system an increased level of security. Due to its standalone nature of operation the system is cheaper to maintain in comparison with a manually operated type.

  16. Information technology - Security techniques - Information security management systems - Requirements

    CERN Document Server

    International Organization for Standardization. Geneva

    2005-01-01

    ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties. ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following: use within organizations to formulate security requirements and objectives; use within organizations as a way to ensure that security risks are cost effectively managed; use within organizations to ensure comp...

  17. Modelling the System of Ensuring the Investment Security

    Directory of Open Access Journals (Sweden)

    Moroz Maxim O.

    2017-11-01

    Full Text Available The article explores approaches to modelling the system of ensuring the investment security. Necessity of observance of investment security of Ukraine has been substantiated. The author’s own vision of the modelling essentials has been provided. The eligibility for consideration of the system of ensuring the investment security of Ukraine in the functional, structural, process, formative, and factor aspects has been proved. The target setting and tasks of a functional model of the system of ensuring the investment security have been defined. The functions, subjects, organizational-economic mechanisms of the system of ensuring the investment security of Ukraine have been characterized. A structural model of the system of ensuring the investment security has been presented. Special attention has been given to the definition of objects of direct and indirect influence, control and controlled subsystems, aggregate of indicators, safe levels, principles of formation of the investment security system. The process and formative models of the system of ensuring the investment security, as well as the algorithm of the complex assessment of the level of investment security, were analyzed in detail. Measures to ensure the investment security of Ukraine have been defined.

  18. Specific Methods of Information Security for Nuclear Materials Control and Accounting Automate Systems

    Directory of Open Access Journals (Sweden)

    Konstantin Vyacheslavovich Ivanov

    2013-02-01

    Full Text Available The paper is devoted to specific methods of information security for nuclear materials control and accounting automate systems which is not required of OS and DBMS certifications and allowed to programs modification for clients specific without defenses modification. System ACCORD-2005 demonstrates the realization of this method.

  19. Security Implications of OPC, OLE, DCOM, and RPC in Control Systems

    Energy Technology Data Exchange (ETDEWEB)

    2006-01-01

    OPC is a collection of software programming standards and interfaces used in the process control industry. It is intended to provide open connectivity and vendor equipment interoperability. The use of OPC technology simplifies the development of control systems that integrate components from multiple vendors and support multiple control protocols. OPC-compliant products are available from most control system vendors, and are widely used in the process control industry. OPC was originally known as OLE for Process Control; the first standards for OPC were based on underlying services in the Microsoft Windows computing environment. These underlying services (OLE [Object Linking and Embedding], DCOM [Distributed Component Object Model], and RPC [Remote Procedure Call]) have been the source of many severe security vulnerabilities. It is not feasible to automatically apply vendor patches and service packs to mitigate these vulnerabilities in a control systems environment. Control systems using the original OPC data access technology can thus inherit the vulnerabilities associated with these services. Current OPC standardization efforts are moving away from the original focus on Microsoft protocols, with a distinct trend toward web-based protocols that are independent of any particular operating system. However, the installed base of OPC equipment consists mainly of legacy implementations of the OLE for Process Control protocols.

  20. Security features of a nuclear material accounting system

    International Nuclear Information System (INIS)

    Erkkila, B.H.

    1988-01-01

    The Los Alamos Nuclear Material Accounting and Safeguards System (MASS) is a near-real-time accountability system for bulk materials, discrete items, and materials undergoing dynamic processing. MASS has evolved from a 80-column, card-based process control system to a very sophisticated computer system. Recently, the computer hardware was upgraded to a modern transaction oriented central computer system designed to accommodate extensive growth in the foreseeable future. The security of the MASS computer system is provided through various access controls. There are two kinds of access controls to be addressed. They are physical access control to the hardware which make up the system and access control to the software. There are many features which provide a measure of security to the hardware that are discussed. Access to the software is controlled by a security password. Access to various transaction activities in the system is controlled through the level of MASS under privilege. Details of MASS user privilege are discussed

  1. A Security Audit Framework to Manage Information System Security

    Science.gov (United States)

    Pereira, Teresa; Santos, Henrique

    The widespread adoption of information and communication technology have promoted an increase dependency of organizations in the performance of their Information Systems. As a result, adequate security procedures to properly manage information security must be established by the organizations, in order to protect their valued or critical resources from accidental or intentional attacks, and ensure their normal activity. A conceptual security framework to manage and audit Information System Security is proposed and discussed. The proposed framework intends to assist organizations firstly to understand what they precisely need to protect assets and what are their weaknesses (vulnerabilities), enabling to perform an adequate security management. Secondly, enabling a security audit framework to support the organization to assess the efficiency of the controls and policy adopted to prevent or mitigate attacks, threats and vulnerabilities, promoted by the advances of new technologies and new Internet-enabled services, that the organizations are subject of. The presented framework is based on a conceptual model approach, which contains the semantic description of the concepts defined in information security domain, based on the ISO/IEC_JCT1 standards.

  2. Summary of The 3rd Control System Cyber-Security (CS)2/HEP Workshop

    CERN Document Server

    Lüders, S

    2011-01-01

    Over the last decade modern accelerator and experiment control systems have increasingly been based on commercial-off-the-shelf products (VME crates, programmable logic controllers (PLCs), supervisory control and data acquisition (SCADA) systems, etc.), on Windows or Linux PCs, and on communication infrastructures using Ethernet and TCP/IP. Despite the benefits coming with this (r)evolution, new vulnerabilities are inherited, too: Worms and viruses spread within seconds via the Ethernet cable, and attackers are becoming interested in control systems. The Stuxnet worm of 2010 against a particular Siemens PLC is a unique example for a sophisticated attack against control systems [1]. Unfortunately, control PCs cannot be patched as fast as office PCs. Even worse, vulnerability scans at CERN using standard IT tools have shown that commercial automation systems lack fundamental security precautions: Some systems crashed during the scan, others could easily be stopped or their process data being ...

  3. An RFID-based luggage and passenger tracking system for airport security control applications

    Science.gov (United States)

    Vastianos, George E.; Kyriazanos, Dimitris M.; Kountouriotis, Vassilios I.; Thomopoulos, Stelios C. A.

    2014-06-01

    Market analysis studies of recent years have shown a steady and significant increase in the usage of RFID technology. Key factors for this growth were the decreased costs of passive RFIDs and their improved performance compared to the other identification technologies. Besides the benefits of RFID technologies into the supply chains, warehousing, traditional inventory and asset management applications, RFID has proven itself worth exploiting on experimental, as well as on commercial level in other sectors, such as healthcare, transport and security. In security sector, airport security is one of the biggest challenges. Airports are extremely busy public places and thus prime targets for terrorism, with aircraft, passengers, crew and airport infrastructure all subject to terrorist attacks. Inside this labyrinth of security challenges, the long range detection capability of the UHF passive RFID technology can be turned into a very important tracking tool that may outperform all the limitations of the barcode tracking inside the current airport security control chain. The Integrated Systems Lab of NCSR Demokritos has developed an RFID based Luggage and Passenger tracking system within the TASS (FP7-SEC-2010-241905) EU research project. This paper describes application scenarios of the system categorized according to the structured nature of the environment, the system architecture and presents evaluation results extracted from measurements with a group of different massive production GEN2 UHF RFID tags that are widely available in the world market.

  4. Health Information System Role-Based Access Control Current Security Trends and Challenges.

    Science.gov (United States)

    de Carvalho Junior, Marcelo Antonio; Bandiera-Paiva, Paulo

    2018-01-01

    This article objective is to highlight implementation characteristics, concerns, or limitations over role-based access control (RBAC) use on health information system (HIS) using industry-focused literature review of current publishing for that purpose. Based on the findings, assessment for indication of RBAC is obsolete considering HIS authorization control needs. We have selected articles related to our investigation theme "RBAC trends and limitations" in 4 different sources related to health informatics or to the engineering technical field. To do so, we have applied the following search query string: "Role-Based Access Control" OR "RBAC" AND "Health information System" OR "EHR" AND "Trends" OR "Challenges" OR "Security" OR "Authorization" OR "Attacks" OR "Permission Assignment" OR "Permission Relation" OR "Permission Mapping" OR "Constraint". We followed PRISMA applicable flow and general methodology used on software engineering for systematic review. 20 articles were selected after applying inclusion and exclusion criteria resulting contributions from 10 different countries. 17 articles advocate RBAC adaptations. The main security trends and limitations mapped were related to emergency access, grant delegation, and interdomain access control. Several publishing proposed RBAC adaptations and enhancements in order to cope current HIS use characteristics. Most of the existent RBAC studies are not related to health informatics industry though. There is no clear indication of RBAC obsolescence for HIS use.

  5. Third Dutch Process Security Control Event

    NARCIS (Netherlands)

    Luiijf, H.A.M.

    2009-01-01

    On June 4th, 2009, the third Dutch Process Control Security Event took place in Amsterdam. The event, organised by the Dutch National Infrastructure against Cybercrime (NICC), attracted both Dutch process control experts and members of the European SCADA and Control Systems Information Exchange

  6. A Hierarchical Security Architecture for Cyber-Physical Systems

    Energy Technology Data Exchange (ETDEWEB)

    Quanyan Zhu; Tamer Basar

    2011-08-01

    Security of control systems is becoming a pivotal concern in critical national infrastructures such as the power grid and nuclear plants. In this paper, we adopt a hierarchical viewpoint to these security issues, addressing security concerns at each level and emphasizing a holistic cross-layer philosophy for developing security solutions. We propose a bottom-up framework that establishes a model from the physical and control levels to the supervisory level, incorporating concerns from network and communication levels. We show that the game-theoretical approach can yield cross-layer security strategy solutions to the cyber-physical systems.

  7. THE CYBERSECURITY OF AUTOMATED CONTROL SYSTEMS AS A KEY COMPONENT OF NATIONAL SECURITY

    Directory of Open Access Journals (Sweden)

    Galin R. Ivanov

    2016-10-01

    Full Text Available This article focuses on the current problems raised by the necessity to provide and ensure national cybersecurity. Moreover, it suggests measures for adequate counteraction to present-day cyber threats to automated control systems employed in the sector of national security.

  8. Prototype of smart office system using based security system

    Science.gov (United States)

    Prasetyo, T. F.; Zaliluddin, D.; Iqbal, M.

    2018-05-01

    Creating a new technology in the modern era gives a positive impact on business and industry. Internet of Things (IoT) as a new communication technology is very useful in realizing smart systems such as: smart home, smart office, smart parking and smart city. This study presents a prototype of the smart office system which was designed as a security system based on IoT. Smart office system development method used waterfall model. IoT-based smart office system used platform (project builder) cayenne so that. The data can be accessed and controlled through internet network from long distance. Smart office system used arduino mega 2560 microcontroller as a controller component. In this study, Smart office system is able to detect threats of dangerous objects made from metals, earthquakes, fires, intruders or theft and perform security monitoring outside the building by using raspberry pi cameras on autonomous robots in real time to the security guard.

  9. Computer Security of NPP Instrumentation and Control Systems: Cyber Threats

    International Nuclear Information System (INIS)

    Klevtsov, A.L.; Trubchaninov, S.A.

    2015-01-01

    The paper is devoted to cyber threats, as one of the aspects in computer security of instrumentation and control systems for nuclear power plants (NPP). The basic concepts, terms and definitions are shortly addressed. The paper presents a detailed analysis of potential cyber threats during the design and operation of NPP instrumentation and control systems. Eleven major types of threats are considered, including: the malicious software and hardware Trojans (in particular, in commercial-off-the-shelf software and hardware), computer attacks through data networks and intrusion of malicious software from an external storage media and portable devices. Particular attention is paid to the potential use of lower safety class software as a way of harmful effects (including the intrusion of malicious fragments of code) on higher safety class software. The examples of actual incidents at various nuclear facilities caused by intentional cyber attacks or unintentional computer errors during the operation of software of systems important to NPP safety.

  10. Controls Over Operating System and Security Software Supporting the Defense Finance and Accounting Service

    National Research Council Canada - National Science Library

    McKinney, Terry

    1994-01-01

    This is the final in a series of three audits of management controls over the operating systems and security software used by the information processing centers that support the Defense Finance and Accounting Centers (DFAS...

  11. Supervision functions - Secure operation of sustainable power systems

    DEFF Research Database (Denmark)

    Morais, Hugo; Zhang, Xinxin; Lind, Morten

    2013-01-01

    of power systems operation control. The use of PMUs allows more penetration of DG mainly, with technologies based on renewable resources with intermittent and unpredictable operation such a wind power. This paper introduces the Secure Operation of Sustainable Power Systems (SOSPO) project. The SOSPO...... project tries to respond to the question "How to ensure a secure operation of the future power system where the operating point is heavily is fluctuating?" focusing in the Supervision module architecture and in the power system operation states. The main goal of Supervision module is to determine...... the power system operation state based on new stability and security parameters derived from PMUs measurement and coordinate the use of automatic and manual control actions. The coordination of the control action is based not only in the static indicators but also in the performance evaluation of control...

  12. From control system security indices to attack identifiability

    NARCIS (Netherlands)

    Herdeiro Teixeira, A.M.; Sandberg, H

    2016-01-01

    In this paper, we investigate detectability and identifiability of attacks on linear dynamical systems that are subjected to external disturbances. We generalize a concept for a security index, which was previously introduced for static systems. The index exactly quantifies the resources

  13. Secure estimation, control and optimization of uncertain cyber-physical systems with applications to power networks

    Science.gov (United States)

    Taha, Ahmad Fayez

    Transportation networks, wearable devices, energy systems, and the book you are reading now are all ubiquitous cyber-physical systems (CPS). These inherently uncertain systems combine physical phenomena with communication, data processing, control and optimization. Many CPSs are controlled and monitored by real-time control systems that use communication networks to transmit and receive data from systems modeled by physical processes. Existing studies have addressed a breadth of challenges related to the design of CPSs. However, there is a lack of studies on uncertain CPSs subject to dynamic unknown inputs and cyber-attacks---an artifact of the insertion of communication networks and the growing complexity of CPSs. The objective of this dissertation is to create secure, computational foundations for uncertain CPSs by establishing a framework to control, estimate and optimize the operation of these systems. With major emphasis on power networks, the dissertation deals with the design of secure computational methods for uncertain CPSs, focusing on three crucial issues---(1) cyber-security and risk-mitigation, (2) network-induced time-delays and perturbations and (3) the encompassed extreme time-scales. The dissertation consists of four parts. In the first part, we investigate dynamic state estimation (DSE) methods and rigorously examine the strengths and weaknesses of the proposed routines under dynamic attack-vectors and unknown inputs. In the second part, and utilizing high-frequency measurements in smart grids and the developed DSE methods in the first part, we present a risk mitigation strategy that minimizes the encountered threat levels, while ensuring the continual observability of the system through available, safe measurements. The developed methods in the first two parts rely on the assumption that the uncertain CPS is not experiencing time-delays, an assumption that might fail under certain conditions. To overcome this challenge, networked unknown input

  14. Security for safety critical space borne systems

    Science.gov (United States)

    Legrand, Sue

    1987-01-01

    The Space Station contains safety critical computer software components in systems that can affect life and vital property. These components require a multilevel secure system that provides dynamic access control of the data and processes involved. A study is under way to define requirements for a security model providing access control through level B3 of the Orange Book. The model will be prototyped at NASA-Johnson Space Center.

  15. Android based security and home automation system

    OpenAIRE

    Khan, Sadeque Reza; Dristy, Farzana Sultana

    2015-01-01

    The smart mobile terminal operator platform Android is getting popular all over the world with its wide variety of applications and enormous use in numerous spheres of our daily life. Considering the fact of increasing demand of home security and automation, an Android based control system is presented in this paper where the proposed system can maintain the security of home main entrance and also the car door lock. Another important feature of the designed system is that it can control the o...

  16. Operating System Security

    CERN Document Server

    Jaeger, Trent

    2008-01-01

    Operating systems provide the fundamental mechanisms for securing computer processing. Since the 1960s, operating systems designers have explored how to build "secure" operating systems - operating systems whose mechanisms protect the system against a motivated adversary. Recently, the importance of ensuring such security has become a mainstream issue for all operating systems. In this book, we examine past research that outlines the requirements for a secure operating system and research that implements example systems that aim for such requirements. For system designs that aimed to

  17. INFORMATION SECURITY IN MOBILE MODULAR MEASURING SYSTEMS

    Directory of Open Access Journals (Sweden)

    A. N. Tkhishev

    2017-01-01

    Full Text Available A special aspect of aircraft test is carrying out both flight evaluation and ground operation evaluation in a structure of flying aids and special tools equipment. The specific of flight and sea tests involve metering in offshore zone, which excludes the possibility of fixed geodetically related measuring tools. In this regard, the specific role is acquired by shipbased measurement systems, in particular the mobile modular measuring systems. Information processed in the mobile modular measurement systems is a critical resource having a high level of confidentiality. When carrying out their functions, it should be implemented a proper information control of the mobile modular measurement systems to ensure their protection from the risk of data leakage, modification or loss, i.e. to ensure a certain level of information security. Due to the specific of their application it is difficult to solve the problems of information security in such complexes. The intruder model, the threat model, the security requirements generated for fixed informatization objects are not applicable to mobile systems. It was concluded that the advanced mobile modular measuring systems designed for flight experiments monitoring and control should be created due to necessary information protection measures and means. The article contains a diagram of security requirements formation, starting with the data envelopment analysis and ending with the practical implementation. The information security probabilistic model applied to mobile modular measurement systems is developed. The list of current security threats based on the environment and specific of the mobile measurement system functioning is examined. The probabilistic model of the information security evaluation is given. The problems of vulnerabilities transformation of designed information system into the security targets with the subsequent formation of the functional and trust requirements list are examined.

  18. NOSArmor: Building a Secure Network Operating System

    Directory of Open Access Journals (Sweden)

    Hyeonseong Jo

    2018-01-01

    Full Text Available Software-Defined Networking (SDN, controlling underlying network devices (i.e., data plane in a logically centralized manner, is now actively adopted in many real world networking environments. It is clear that a network administrator can easily understand and manage his networking environments with the help of SDN. In SDN, a network operating system (NOS, also known as an SDN controller, is the most critical component because it should be involved in all transactions for controlling network devices, and thus the security of NOS cannot be highly exaggerated. However, in spite of its importance, no previous works have thoroughly investigated the security of NOS. In this work, to address this problem, we present the NOSArmor, which integrates several security mechanisms, named as security building block (SBB, into a consolidated SDN controller. NOSArmor consists of eight SBBs and each of them addresses different security principles of network assets. For example, while role-based authorization focuses on securing confidentiality of internal storage from malicious applications, OpenFlow protocol verifier protects availability of core service in the controller from malformed control messages received from switches. In addition, NOSArmor shows competitive performance compared to existing other controllers (i.e., ONOS, Floodlight with secureness of network assets.

  19. Audit Teknologiinformasiatas Physical Security Control Dan Logical Security Control Serta Penentuan Kondisi Security Risk Studi Kasus: PT Talc Indonesia

    OpenAIRE

    Inggrid; Arfianti, Rizka I; Utami, Viany

    2009-01-01

    Abstract The fast growth of technology has an impact to the accounting field. This relates to the term of information technology (17) auditing. One of the risI6 of using information technology in business which can be fatal enough i fignored is security risk Security risk can be reduced by security controls which include physical security control and logical security contra Information technology auditing is the process of collecting and evaluating evidence to determine whether or not a co...

  20. Strengthening the Security of ESA Ground Data Systems

    Science.gov (United States)

    Flentge, Felix; Eggleston, James; Garcia Mateos, Marc

    2013-08-01

    A common approach to address information security has been implemented in ESA's Mission Operations (MOI) Infrastructure during the last years. This paper reports on the specific challenges to the Data Systems domain within the MOI and how security can be properly managed with an Information Security Management System (ISMS) according to ISO 27001. Results of an initial security risk assessment are reported and the different types of security controls that are being implemented in order to reduce the risks are briefly described.

  1. Cyber security level assignment for research reactor digital instrumentation and control system architecture using concept of defense in depth

    International Nuclear Information System (INIS)

    Shin, Jin Soo; Heo, Gyun Young; Son, Han Seong; Kim, Young Ki; Park, Jaek Wan

    2012-01-01

    Due to recent aging of the analog instrumentation of many nuclear power plants (NPPs) and research reactors, the system reliability decreases while maintenance and testing costs increase. In addition, it is difficult to find the substitutable analog equipment s due to obsolescence. Therefore, the instrumentation and control (I and C) systems have changed from analog system to digital system due to these facts. With the introduction of digital systems, research reactors are forced to care for the problem of cyber attacks because I and C systems have been digitalized using networks or communication systems. Especially, it is more issued at research reactors due to the accessibility of human resources. In the real world, an IBM researcher has been successful in controlling the software by penetrating a NPPs network in U.S. on July 2008 and acquiring the control right of nuclear facilities after one week. Moreover, the malignant code called 'stuxnet' impaired the nearly 1,000 centrifugal separators in Iran according to an IAEA report. The problem of cyber attacks highlights the important of cyber security, which should be emphasized. Defense.in.depth (DID) is a significant concept for the cyber security to work properly. DID institutes and maintains a hardy program for critical digital asset (CDA) by implementing multiple security boundaries. In this work, we assign cyber security levels to a typical digital I and C system using DID concept. This work is very useful in applying the concept of DID to nuclear industry with respect to cyber security

  2. Cyber security level assignment for research reactor digital instrumentation and control system architecture using concept of defense in depth

    Energy Technology Data Exchange (ETDEWEB)

    Shin, Jin Soo; Heo, Gyun Young [Kyung Hee University, Seoul (Korea, Republic of); Son, Han Seong [Joongbu Univ., Chungnam (Korea, Republic of); Kim, Young Ki; Park, Jaek Wan [KAERI, Daejeon (Korea, Republic of)

    2012-10-15

    Due to recent aging of the analog instrumentation of many nuclear power plants (NPPs) and research reactors, the system reliability decreases while maintenance and testing costs increase. In addition, it is difficult to find the substitutable analog equipment s due to obsolescence. Therefore, the instrumentation and control (I and C) systems have changed from analog system to digital system due to these facts. With the introduction of digital systems, research reactors are forced to care for the problem of cyber attacks because I and C systems have been digitalized using networks or communication systems. Especially, it is more issued at research reactors due to the accessibility of human resources. In the real world, an IBM researcher has been successful in controlling the software by penetrating a NPPs network in U.S. on July 2008 and acquiring the control right of nuclear facilities after one week. Moreover, the malignant code called 'stuxnet' impaired the nearly 1,000 centrifugal separators in Iran according to an IAEA report. The problem of cyber attacks highlights the important of cyber security, which should be emphasized. Defense.in.depth (DID) is a significant concept for the cyber security to work properly. DID institutes and maintains a hardy program for critical digital asset (CDA) by implementing multiple security boundaries. In this work, we assign cyber security levels to a typical digital I and C system using DID concept. This work is very useful in applying the concept of DID to nuclear industry with respect to cyber security.

  3. Electronic security systems better ways to crime prevention

    CERN Document Server

    Walker, Philip

    2013-01-01

    Electronic Security Systems: Better Ways to Crime Prevention teaches the reader about the application of electronics for security purposes through the use of case histories, analogies, anecdotes, and other related materials. The book is divided into three parts. Part 1 covers the concepts behind security systems - its objectives, limitations, and components; the fundamentals of space detection; detection of intruder movement indoors and outdoors; surveillance; and alarm communication and control. Part 2 discusses equipments involved in security systems such as the different types of sensors,

  4. Analysis of Security Protocols in Embedded Systems

    DEFF Research Database (Denmark)

    Bruni, Alessandro

    Embedded real-time systems have been adopted in a wide range of safety-critical applications—including automotive, avionics, and train control systems—where the focus has long been on safety (i.e., protecting the external world from the potential damage caused by the system) rather than security (i.......e., protecting the system from the external world). With increased connectivity of these systems to external networks the attack surface has grown, and consequently there is a need for securing the system from external attacks. Introducing security protocols in safety critical systems requires careful...... in this direction is to extend saturation-based techniques so that enough state information can be modelled and analysed. Finally, we present a methodology for proving the same security properties in the computational model, by means of typing protocol implementations....

  5. Security analysis of cyber-physical system

    Science.gov (United States)

    Li, Bo; Zhang, Lichen

    2017-05-01

    In recent years, Cyber-Physical System (CPS) has become an important research direction of academic circles and scientific and technological circles at home and abroad, is considered to be following the third wave of world information technology after the computer, the Internet. PS is a multi-dimensional, heterogeneous, deep integration of open systems, Involving the computer, communication, control and other disciplines of knowledge. As the various disciplines in the research theory and methods are significantly different, so the application of CPS has brought great challenges. This paper introduces the definition and characteristics of CPS, analyzes the current situation of CPS, analyzes the security threats faced by CPS, and gives the security solution for security threats. It also discusses CPS-specific security technology, to promote the healthy development of CPS in information security.

  6. Privacy and Security Research Group workshop on network and distributed system security: Proceedings

    Energy Technology Data Exchange (ETDEWEB)

    1993-05-01

    This report contains papers on the following topics: NREN Security Issues: Policies and Technologies; Layer Wars: Protect the Internet with Network Layer Security; Electronic Commission Management; Workflow 2000 - Electronic Document Authorization in Practice; Security Issues of a UNIX PEM Implementation; Implementing Privacy Enhanced Mail on VMS; Distributed Public Key Certificate Management; Protecting the Integrity of Privacy-enhanced Electronic Mail; Practical Authorization in Large Heterogeneous Distributed Systems; Security Issues in the Truffles File System; Issues surrounding the use of Cryptographic Algorithms and Smart Card Applications; Smart Card Augmentation of Kerberos; and An Overview of the Advanced Smart Card Access Control System. Selected papers were processed separately for inclusion in the Energy Science and Technology Database.

  7. Security in Wireless Sensor Networks for Open Controller

    OpenAIRE

    Engvall, Christoffer

    2013-01-01

    In this thesis we develop, evaluate and implement a security solution for Open Controllers wireless sensor network platform. A scenario is used to describe an exemplar application showing how our system is supposed to function. The security of the platform is analyzed using a well-established threat modeling process and attack trees which result in the identification of a number of risks, which could be security weaknesses. These attack trees visualize the security weaknesses in an easy to ac...

  8. Information Systems Security Audit

    OpenAIRE

    Gheorghe Popescu; Veronica Adriana Popescu; Cristina Raluca Popescu

    2007-01-01

    The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.

  9. INFORMATION SYSTEM SECURITY (CYBER SECURITY

    Directory of Open Access Journals (Sweden)

    Muhammad Siddique Ansari

    2016-03-01

    Full Text Available Abstract - Business Organizations and Government unequivocally relies on upon data to deal with their business operations. The most unfavorable impact on association is disappointment of friendship, goodness, trustworthiness, legitimacy and probability of data and administrations. There is an approach to ensure data and to deal with the IT framework's Security inside association. Each time the new innovation is made, it presents some new difficulties for the insurance of information and data. To secure the information and data in association is imperative on the grounds that association nowadays inside and remotely joined with systems of IT frameworks. IT structures are inclined to dissatisfaction and security infringement because of slips and vulnerabilities. These slips and vulnerabilities can be brought on by different variables, for example, quickly creating headway, human slip, poor key particulars, poor movement schedules or censuring the threat. Likewise, framework changes, new deserts and new strikes are a huge piece of the time displayed, which helpers augmented vulnerabilities, disappointments and security infringement all through the IT structure life cycle. The business went to the confirmation that it is essentially difficult to ensure a slip free, risk free and secure IT structure in perspective of the disfigurement of the disavowing security parts, human pass or oversight, and part or supplies frustration. Totally secure IT frameworks don't exist; just those in which the holders may have changing degrees of certainty that security needs of a framework are fulfilled do. The key viewpoints identified with security of data outlining are examined in this paper. From the start, the paper recommends pertinent legitimate structure and their duties including open association obligation, and afterward it returns to present and future time, system limits, structure security in business division. At long last, two key inadequacy markers

  10. A Study of Cyber Security Activities for Development of Safety-related Controller

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Myeongkyun; Song, Seunghwan; Yoo, Kwanwoo; Yun, Donghwa [Korea Univ., Seoul (Korea, Republic of)

    2014-05-15

    Nuclear Power Plant Regulatory guide describes the regulatory requirements to implement cyber security activities to ensure that design and operate to respond to cyber threats that exploited to vulnerability of digital-based technologies associated with safety-related digital instrumentation and control systems at nuclear power plants. Cyber security activities coverage is instrumentation and control systems to perform safety functions and digital-based equipment to use development, test, analysis and asset for instrumentation and control systems. Regulatory guidance is required to the cyber security activities that should be performed in each development phase of safety-related controller. Development organization should establish and implement to cyber security plans for responding to cyber threats throughout each lifecycle phase and the result of the cyber security activities should be generated to the documents. In addition, the independent verification and validation organization should perform simulated penetration test for enhancing response capabilities to cyber security threats and development organization should establish and implement response hardening solutions for the cyber security vulnerabilities identified in the simulated penetration test.

  11. A Study of Cyber Security Activities for Development of Safety-related Controller

    International Nuclear Information System (INIS)

    Lee, Myeongkyun; Song, Seunghwan; Yoo, Kwanwoo; Yun, Donghwa

    2014-01-01

    Nuclear Power Plant Regulatory guide describes the regulatory requirements to implement cyber security activities to ensure that design and operate to respond to cyber threats that exploited to vulnerability of digital-based technologies associated with safety-related digital instrumentation and control systems at nuclear power plants. Cyber security activities coverage is instrumentation and control systems to perform safety functions and digital-based equipment to use development, test, analysis and asset for instrumentation and control systems. Regulatory guidance is required to the cyber security activities that should be performed in each development phase of safety-related controller. Development organization should establish and implement to cyber security plans for responding to cyber threats throughout each lifecycle phase and the result of the cyber security activities should be generated to the documents. In addition, the independent verification and validation organization should perform simulated penetration test for enhancing response capabilities to cyber security threats and development organization should establish and implement response hardening solutions for the cyber security vulnerabilities identified in the simulated penetration test

  12. Secure network for beamline control

    International Nuclear Information System (INIS)

    Ohata, T.; Fukui, T.; Ishii, M.; Furukawa, Y.; Nakatani, T.; Matsushita, T.; Takeuchi, M.; Tanaka, R.; Ishikawa, T.

    2001-01-01

    In SPring-8, beamline control system is constructed with a highly available distributed network system. The socket based communication protocol is used for the beamline control mainly. Beamline users can control the equipment by sending simple control commands to a server process, which is running on a beamline-managing computer (Ohata et al., SPring-8 beamline control system, ICALEPCS'99, Trieste, Italy, 1999). At the beginning the network was based on the shared topology at all beamlines. Consequently, it has a risk for misapplication of the user's program to access different machines on the network system cross over beamlines. It is serious problem for the SPring-8 beamline control system, because all beamlines controlled with unified software interfaces. We introduced the switching technology and the firewalls to support network access control. Also the virtual networking (VLAN: IEEE 802.1Q) and the gigabit Ethernet technology (IEEE 802.3ab) are introduced. Thus the network security and the reliability are guaranteed at the higher level in SPring-8 beamline

  13. How to implement security controls for an information security program at CBRN facilities

    International Nuclear Information System (INIS)

    Lenaeus, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.; Glantz, Clifford S.; Landine, Guy P.; Bryant, Janet L.; Lewis, John; Mathers, Gemma; Rodger, Robert; Johnson, Christopher

    2015-01-01

    This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in an easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.

  14. How to implement security controls for an information security program at CBRN facilities

    Energy Technology Data Exchange (ETDEWEB)

    Lenaeus, Joseph D. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); O' Neil, Lori Ross [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Leitch, Rosalyn M. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Glantz, Clifford S. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Landine, Guy P. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Bryant, Janet L. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Lewis, John [National Nuclear Lab., Workington (United Kingdom); Mathers, Gemma [National Nuclear Lab., Workington (United Kingdom); Rodger, Robert [National Nuclear Lab., Workington (United Kingdom); Johnson, Christopher [National Nuclear Lab., Workington (United Kingdom)

    2015-12-01

    This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in an easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.

  15. Secure videoconferencing equipment switching system and method

    Science.gov (United States)

    Hansen, Michael E [Livermore, CA

    2009-01-13

    A switching system and method are provided to facilitate use of videoconference facilities over a plurality of security levels. The system includes a switch coupled to a plurality of codecs and communication networks. Audio/Visual peripheral components are connected to the switch. The switch couples control and data signals between the Audio/Visual peripheral components and one but nor both of the plurality of codecs. The switch additionally couples communication networks of the appropriate security level to each of the codecs. In this manner, a videoconferencing facility is provided for use on both secure and non-secure networks.

  16. Nuclear Security Systems and Measures for the Detection of Nuclear and Other Radioactive Material out of Regulatory Control. Implementing Guide (Arabic Edition)

    International Nuclear Information System (INIS)

    2015-01-01

    This publication provides guidance to Member States for the development, or improvement of nuclear security systems and measures for the detection of criminal or unauthorized acts with nuclear security implications involving nuclear and other radioactive material out of regulatory control. It describes the elements of an effective nuclear security detection architecture which is composed of an integrated set of nuclear security systems and measures, and is based on an appropriate legal and regulatory framework for the implementation of the national detection strategy. The publication is an implementing guide within the IAEA Nuclear Security Series and is intended for use by national policy makers, legislative bodies, competent authorities, institutions, and individuals involved in the establishment, implementation, maintenance or sustainability of nuclear security systems and measures for the detection of nuclear and other radioactive material out of regulatory control

  17. The Model-Driven openETCS Paradigm for Secure, Safe and Certifiable Train Control Systems

    DEFF Research Database (Denmark)

    Peleska, Jan; Feuser, Johannes; Haxthausen, Anne Elisabeth

    2012-01-01

    -driven openETCS approach, a threat analysis is performed, identifying both safety and security hazards that may be common to all model-based development paradigms for safety-critical railway control systems, or specific to the openETCS approach. In the subsequent sections state-of-the-art methods suitable...

  18. Review on security issues in RFID systems

    Directory of Open Access Journals (Sweden)

    Mohamed El Beqqal

    2017-12-01

    Full Text Available Radio frequency Identification (RFID is currently considered as one of the most used technologies for an automatic identification of objects or people. Based on a combination of tags and readers, RFID technology has widely been applied in various areas including supply chain, production and traffic control systems. However, despite of its numerous advantages, the technology brings out many challenges and concerns still not being attracting more and more researchers especially the security and privacy issues. In this paper, we review some of the recent research works using RFID solutions and dealing with security and privacy issues, we define our specific parameters and requirements allowing us to classify for each work which part of the RFID system is being secured, the solutions and the techniques used besides the conformity to RFID standards. Finally, we present briefly a solution that consists of combining RFID with smartcard based biometric to enhance security especially in access control scenarios. Hence the result of our study aims to give a clear vision of available solutions and techniques used to prevent and secure the RFID system from specific threats and attacks.

  19. Internetting tactical security sensor systems

    Science.gov (United States)

    Gage, Douglas W.; Bryan, W. D.; Nguyen, Hoa G.

    1998-08-01

    The Multipurpose Surveillance and Security Mission Platform (MSSMP) is a distributed network of remote sensing packages and control stations, designed to provide a rapidly deployable, extended-range surveillance capability for a wide variety of military security operations and other tactical missions. The baseline MSSMP sensor suite consists of a pan/tilt unit with video and FLIR cameras and laser rangefinder. With an additional radio transceiver, MSSMP can also function as a gateway between existing security/surveillance sensor systems such as TASS, TRSS, and IREMBASS, and IP-based networks, to support the timely distribution of both threat detection and threat assessment information. The MSSMP system makes maximum use of Commercial Off The Shelf (COTS) components for sensing, processing, and communications, and of both established and emerging standard communications networking protocols and system integration techniques. Its use of IP-based protocols allows it to freely interoperate with the Internet -- providing geographic transparency, facilitating development, and allowing fully distributed demonstration capability -- and prepares it for integration with the IP-based tactical radio networks that will evolve in the next decade. Unfortunately, the Internet's standard Transport layer protocol, TCP, is poorly matched to the requirements of security sensors and other quasi- autonomous systems in being oriented to conveying a continuous data stream, rather than discrete messages. Also, its canonical 'socket' interface both conceals short losses of communications connectivity and simply gives up and forces the Application layer software to deal with longer losses. For MSSMP, a software applique is being developed that will run on top of User Datagram Protocol (UDP) to provide a reliable message-based Transport service. In addition, a Session layer protocol is being developed to support the effective transfer of control of multiple platforms among multiple control

  20. Design of security scheme of the radiotherapy planning administration system based on the hospital information system

    International Nuclear Information System (INIS)

    Zhuang Yongzhi; Zhao Jinzao

    2010-01-01

    Objective: To design a security scheme of radiotherapy planning administration system. Methods: Power Builder 9i language was used to program the system through the model of client-server machine. Oracle 9i was used as the database server. Results In this system, user registration management, user login management, application-level functions of control, database access control, and audit trail were designed to provide system security. Conclusions: As a prototype for the security analysis and protection of this scheme provides security of the system, application system, important data and message, which ensures the system work normally. (authors)

  1. Security infrastructures: towards the INDECT system security

    OpenAIRE

    Stoianov, Nikolai; Urueña, Manuel; Niemiec, Marcin; Machník, Petr; Maestro, Gema

    2012-01-01

    This paper provides an overview of the security infrastructures being deployed inside the INDECT project. These security infrastructures can be organized in five main areas: Public Key Infrastructure, Communication security, Cryptography security, Application security and Access control, based on certificates and smartcards. This paper presents the new ideas and deployed testbeds for these five areas. In particular, it explains the hierarchical architecture of the INDECT PKI...

  2. Communications and Information: Strategic Automated Command Control System-Data Transmission Subsystem (SACCS-DTS) Network Security Program. Volume 2

    National Research Council Canada - National Science Library

    1997-01-01

    ...) Systems, and 33-2, Information Protection. This instruction prescribes the requirements, responsibilities and procedures for the security program for the Strategic Automated Command Control System-Data Transmission Subsystem (SACCS-DTS...

  3. Secure Automated Microgrid Energy System

    Science.gov (United States)

    2016-12-01

    O&M Operations and Maintenance PSO Power System Optimization PV Photovoltaic RAID Redundant Array of Independent Disks RBAC Role...elements of the initial study and operational power system model (feeder size , protective devices, generation sources, controllable loads, transformers...EW-201340) Secure Automated Microgrid Energy System December 2016 This document has been cleared for public release; Distribution Statement A

  4. A Case Study on Cyber-security Program for the Programmable Logic Controller of Modern NPPs

    International Nuclear Information System (INIS)

    Song, S. H.; Lee, M. S.; Kim, T. H.; Park, C. H.; Park, S. P.; Kim, H. S.

    2014-01-01

    As instrumentation and control (I and C) systems for modern Nuclear Power Plants (NPPs) have been digitalized to cope with their growing complexity, the cyber-security has become an important issue. To protect the I and C systems adequately from cyber threats, such as Stuxnet that attacked Iran's nuclear facilities, regulations of many countries require a cyber-security program covering all the life cycle phases of the system development, from the concept to the retirement. This paper presents a case study of cyber-security program that has been performed during the development of the programmable logic controller (PLC) for modern NPPs of Korea. In the case study, a cyber-security plan, including technical, management, and operational controls, was established through a security risk assessment. Cyber-security activities, such as development of security functions and periodic inspections, were conducted according to the plan: the security functions were applied to the PLC as the technical controls, and periodic inspections and audits were held to check the security of the development environment, as the management and operational controls. A final penetration test was conducted to inspect all the security problems that had been issued during the development. The case study has shown that the systematic cyber-security program detected and removed the vulnerabilities of the target system, which could not be found otherwise, enhancing the cyber-security of the system

  5. A Case Study on Cyber-security Program for the Programmable Logic Controller of Modern NPPs

    Energy Technology Data Exchange (ETDEWEB)

    Song, S. H. [Korea University, Seoul (Korea, Republic of); Lee, M. S.; Kim, T. H. [Formal Work Inc., Seoul (Korea, Republic of); Park, C. H. [LINE Corp., Tokyo (Japan); Park, S. P. [Ahnlab Inc., Seoul (Korea, Republic of); Kim, H. S. [Sejong University, Seoul (Korea, Republic of)

    2014-08-15

    As instrumentation and control (I and C) systems for modern Nuclear Power Plants (NPPs) have been digitalized to cope with their growing complexity, the cyber-security has become an important issue. To protect the I and C systems adequately from cyber threats, such as Stuxnet that attacked Iran's nuclear facilities, regulations of many countries require a cyber-security program covering all the life cycle phases of the system development, from the concept to the retirement. This paper presents a case study of cyber-security program that has been performed during the development of the programmable logic controller (PLC) for modern NPPs of Korea. In the case study, a cyber-security plan, including technical, management, and operational controls, was established through a security risk assessment. Cyber-security activities, such as development of security functions and periodic inspections, were conducted according to the plan: the security functions were applied to the PLC as the technical controls, and periodic inspections and audits were held to check the security of the development environment, as the management and operational controls. A final penetration test was conducted to inspect all the security problems that had been issued during the development. The case study has shown that the systematic cyber-security program detected and removed the vulnerabilities of the target system, which could not be found otherwise, enhancing the cyber-security of the system.

  6. Development of an integrated campus security alerting system ...

    African Journals Online (AJOL)

    This work presents an integrated alerting system which uses both the Internet Protocol (IP) cameras and micro-switches for monitoring security situations thereby providing an immediate alerting signal to the security personnel. The system has the input unit, processing unit, control unit and the power supply unit as its ...

  7. Verification of Security Policy Enforcement in Enterprise Systems

    Science.gov (United States)

    Gupta, Puneet; Stoller, Scott D.

    Many security requirements for enterprise systems can be expressed in a natural way as high-level access control policies. A high-level policy may refer to abstract information resources, independent of where the information is stored; it controls both direct and indirect accesses to the information; it may refer to the context of a request, i.e., the request’s path through the system; and its enforcement point and enforcement mechanism may be unspecified. Enforcement of a high-level policy may depend on the system architecture and the configurations of a variety of security mechanisms, such as firewalls, host login permissions, file permissions, DBMS access control, and application-specific security mechanisms. This paper presents a framework in which all of these can be conveniently and formally expressed, a method to verify that a high-level policy is enforced, and an algorithm to determine a trusted computing base for each resource.

  8. Recommendations on Future Operational Environments Command Control and Cyber Security

    OpenAIRE

    Goztepe, Kerim

    2015-01-01

    It is a well-known fact that today a nation's telecommunication networks, critical infrastructure, and information systems are vulnerable to growing number of attacks in cyberspace. Cyber space contains very different problems involving various sets of threats, targets and costs. Cyber security is not only problem of banking, communication or transportation. It also threatens core systems of army as command control. Some significant recommendations on command control (C2) and cyber security h...

  9. Nuclear Security Systems and Measures for the Detection of Nuclear and Other Radioactive Material out of Regulatory Control. Implementing Guide

    International Nuclear Information System (INIS)

    2013-01-01

    Nuclear terrorism and the illicit trafficking of nuclear and other radioactive material threaten the security of all States. There are large quantities of diverse radioactive material in existence, which are used in areas such as health, the environment, agriculture and industry. The possibility that nuclear and other radioactive material may be used for terrorist acts cannot be ruled out in the current global situation. States have responded to this risk by engaging in a collective commitment to strengthen the protection and control of such material, and to establish capabilities for detection and response to nuclear and other radioactive material out of regulatory control. Through its nuclear security programme, the IAEA supports States to establish, maintain and sustain an effective nuclear security regime. The IAEA has adopted a comprehensive approach to nuclear security. This approach recognizes that an effective national nuclear security regime builds on: the implementation of relevant international legal instruments; information protection; physical protection; material accounting and control; detection of and response to trafficking in nuclear and other radioactive material; national response plans; and contingency measures. Within its nuclear security programme, the IAEA aims to assist States in implementing and sustaining such a regime in a coherent and integrated manner. Each State carries the full responsibility for nuclear security, specifically: to provide for the security of nuclear and other radioactive material and associated facilities and activities; to ensure the security of such material in use, storage or in transport; to combat illicit trafficking; and to detect and respond to nuclear security events. This is an Implementing Guide on nuclear security systems and measures for the detection of nuclear and other radioactive material out of regulatory control. The objective of the publication is to provide guidance to Member States for the

  10. 28 CFR 16.51 - Security of systems of records.

    Science.gov (United States)

    2010-07-01

    ... 28 Judicial Administration 1 2010-07-01 2010-07-01 false Security of systems of records. 16.51... Security of systems of records. (a) Each component shall establish administrative and physical controls to prevent unauthorized access to its systems of records, to prevent unauthorized disclosure of records, and...

  11. 13 CFR 102.33 - Security of systems of records.

    Science.gov (United States)

    2010-01-01

    ... 13 Business Credit and Assistance 1 2010-01-01 2010-01-01 false Security of systems of records....33 Security of systems of records. (a) Each Program/Support Office Head or designee shall establish administrative and physical controls to prevent unauthorized access to its systems of records, to prevent...

  12. Multiparty-controlled quantum secure direct communication

    International Nuclear Information System (INIS)

    Xiu, X.-M.; Dong, L.; Gao, Y.-J.; Chi, F.

    2007-01-01

    A theoretical scheme of a multiparty-controlled quantum secure direct communication is proposed. The supervisor prepares a communication network with Einstein-Podolsky-Rosen pairs and auxiliary particles. After passing a security test of the communication network, a supervisor tells the users the network is secure and they can communicate. If the controllers allow the communicators to communicate, the controllers should perform measurements and inform the communicators of the outcomes. The communicators then begin to communicate after they perform a security test of the quantum channel and verify that it is secure. The recipient can decrypt the secret message in a classical message from the sender depending on the protocol. Any two users in the network can communicate through the above processes under the control of the supervisor and the controllers

  13. Control and Non-Payload Communications (CNPC) Prototype Radio - Generation 2 Security Architecture Lab Test Report

    Science.gov (United States)

    Iannicca, Dennis C.; McKim, James H.; Stewart, David H.; Thadhani, Suresh K.; Young, Daniel P.

    2015-01-01

    NASA Glenn Research Center, in cooperation with Rockwell Collins, is working to develop a prototype Control and Non-Payload Communications (CNPC) radio platform as part of NASA Integrated Systems Research Program's (ISRP) Unmanned Aircraft Systems (UAS) Integration in the National Airspace System (NAS) project. A primary focus of the project is to work with the FAA and industry standards bodies to build and demonstrate a safe, secure, and efficient CNPC architecture that can be used by industry to evaluate the feasibility of deploying a system using these technologies in an operational capacity. GRC has been working in conjunction with these groups to assess threats, identify security requirements, and to develop a system of standards-based security controls that can be applied to the current GRC prototype CNPC architecture as a demonstration platform. The security controls were integrated into a lab test bed mock-up of the Mobile IPv6 architecture currently being used for NASA flight testing, and a series of network tests were conducted to evaluate the security overhead of the controls compared to the baseline CNPC link without any security. The aim of testing was to evaluate the performance impact of the additional security control overhead when added to the Mobile IPv6 architecture in various modes of operation. The statistics collected included packet captures at points along the path to gauge packet size as the sample data traversed the CNPC network, round trip latency, jitter, and throughput. The effort involved a series of tests of the baseline link, a link with Robust Header Compression (ROHC) and without security controls, a link with security controls and without ROHC, and finally a link with both ROHC and security controls enabled. The effort demonstrated that ROHC is both desirable and necessary to offset the additional expected overhead of applying security controls to the CNPC link.

  14. Air Traffic Control: Weak Computer Security Practices Jeopardize Flight Safety

    Science.gov (United States)

    1998-05-01

    Given the paramount importance of computer security of Air Traffic Control (ATC) systems, Congress asked the General Accounting Office to determine (1) whether the Fedcral Aviation Administration (FAA) is effectively managing physical security at ATC...

  15. Process Control Security in the Cybercrime Information Exchange NICC

    OpenAIRE

    Luiijf, H.A.M.

    2009-01-01

    Detecting, investigating and prosecuting cybercrime? Extremely important, but not really the solution for the problem. Prevention is better! The sectors that have joined the Cybercrime Information Exchange have accepted the challenge of ensuring the effectiveness of the (information) security of process control systems (PCS), including SCADA. This publication makes it clear why it is vital that organizations establish and maintain control over the security of the information and communication...

  16. Report: EPA Should Improve Management Practices and Security Controls for Its Network Directory Service System and Related Servers

    Science.gov (United States)

    Report #12-P-0836, September 20, 2012. EPA's OEI is not managing key system management documentation, system administration functions, the granting and monitoring of privileged accounts, and the application of security controls associated with its DSS.

  17. A Security Assessment Approach with Graded Importance Score of Security Controls and Asset Consequence for I and C Systems in Operating NPPs

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Sooill; Kim, Yong Sik; Moon, Insun; Lee, Euijong [KHNP CRI, Daejeon (Korea, Republic of)

    2016-10-15

    This paper introduces a security assessment approach with graded importance score of security controls and the asset consequence through an asset and risk analysis to manage the security levels in operating NPPs (Nuclear Power Plants). Whereas, those are being exposed to various types of new and existing cyber threats, vulnerabilities and risks which significantly increase the likelihood that those could be compromised. U.S. NRC(United States Nuclear Regulatory Commission) and KINAC(Korea Institute of Nuclear Nonproliferation And Control) request the cyber security plan by establishing the cyber security program through assessing and managing the potential for adverse effect on safety, security and emergency preparedness functions so as to provide high assurance that critical functions are properly protected from the cyber-attack. This paper shows the security assessment approach with graded importance score of security controls and the asset consequence. It could lead to manage the security levels consistent with the purpose of defense in- depth strategy based on regulatory rule as well as internal risk-based self-assessment. Also, this management of the security level may make effect of encouraging the installation of high ranked countermeasures in order to rapidly increase the security level. Proposed approach could be conducted for the pilot test on the model plants with each reactor type of operating NPPs.

  18. A Security Assessment Approach with Graded Importance Score of Security Controls and Asset Consequence for I and C Systems in Operating NPPs

    International Nuclear Information System (INIS)

    Lee, Sooill; Kim, Yong Sik; Moon, Insun; Lee, Euijong

    2016-01-01

    This paper introduces a security assessment approach with graded importance score of security controls and the asset consequence through an asset and risk analysis to manage the security levels in operating NPPs (Nuclear Power Plants). Whereas, those are being exposed to various types of new and existing cyber threats, vulnerabilities and risks which significantly increase the likelihood that those could be compromised. U.S. NRC(United States Nuclear Regulatory Commission) and KINAC(Korea Institute of Nuclear Nonproliferation And Control) request the cyber security plan by establishing the cyber security program through assessing and managing the potential for adverse effect on safety, security and emergency preparedness functions so as to provide high assurance that critical functions are properly protected from the cyber-attack. This paper shows the security assessment approach with graded importance score of security controls and the asset consequence. It could lead to manage the security levels consistent with the purpose of defense in- depth strategy based on regulatory rule as well as internal risk-based self-assessment. Also, this management of the security level may make effect of encouraging the installation of high ranked countermeasures in order to rapidly increase the security level. Proposed approach could be conducted for the pilot test on the model plants with each reactor type of operating NPPs

  19. Wide Area Measurement Based Security Assessment & Monitoring of Modern Power System: A Danish Power System Case Study

    DEFF Research Database (Denmark)

    Rather, Zakir Hussain; Chen, Zhe; Thøgersen, Paul

    2013-01-01

    Power System security has become a major concern across the global power system community. This paper presents wide area measurement system (WAMS) based security assessment and monitoring of modern power system. A new three dimensional security index (TDSI) has been proposed for online security...... monitoring of modern power system with large scale renewable energy penetration. Phasor measurement unit (PMU) based WAMS has been implemented in western Danish Power System to realize online security monitoring and assessment in power system control center. The proposed security monitoring system has been...

  20. Modeling and simulation for cyber-physical system security research, development and applications.

    Energy Technology Data Exchange (ETDEWEB)

    Pollock, Guylaine M.; Atkins, William Dee; Schwartz, Moses Daniel; Chavez, Adrian R.; Urrea, Jorge Mario; Pattengale, Nicholas; McDonald, Michael James; Cassidy, Regis H.; Halbgewachs, Ronald D.; Richardson, Bryan T.; Mulder, John C.

    2010-02-01

    This paper describes a new hybrid modeling and simulation architecture developed at Sandia for understanding and developing protections against and mitigations for cyber threats upon control systems. It first outlines the challenges to PCS security that can be addressed using these technologies. The paper then describes Virtual Control System Environments (VCSE) that use this approach and briefly discusses security research that Sandia has performed using VCSE. It closes with recommendations to the control systems security community for applying this valuable technology.

  1. Integrated security systems design a complete reference for building enterprise-wide digital security systems

    CERN Document Server

    Norman, Thomas L

    2014-01-01

    Integrated Security Systems Design, 2nd Edition, is recognized as the industry-leading book on the subject of security systems design. It explains how to design a fully integrated security system that ties together numerous subsystems into one complete, highly coordinated, and highly functional system. With a flexible and scalable enterprise-level system, security decision makers can make better informed decisions when incidents occur and improve their operational efficiencies in ways never before possible. The revised edition covers why designing an integrated security system is essential a

  2. SPCC- Software Elements for Security Partition Communication Controller

    Science.gov (United States)

    Herpel, H. J.; Willig, G.; Montano, G.; Tverdyshev, S.; Eckstein, K.; Schoen, M.

    2016-08-01

    Future satellite missions like Earth Observation, Telecommunication or any other kind are likely to be exposed to various threats aiming at exploiting vulnerabilities of the involved systems and communications. Moreover, the growing complexity of systems coupled with more ambitious types of operational scenarios imply increased security vulnerabilities in the future. In the paper we will describe an architecture and software elements to ensure high level of security on-board a spacecraft. First the threats to the Security Partition Communication Controller (SPCC) will be addressed including the identification of specific vulnerabilities to the SPCC. Furthermore, appropriate security objectives and security requirements are identified to be counter the identified threats. The security evaluation of the SPCC will be done in accordance to the Common Criteria (CC). The Software Elements for SPCC has been implemented on flight representative hardware which consists of two major elements: the I/O board and the SPCC board. The SPCC board provides the interfaces with ground while the I/O board interfaces with typical spacecraft equipment busses. Both boards are physically interconnected by a high speed spacewire (SpW) link.

  3. The Flask Security Architecture: System Support for Diverse Security Policies

    Science.gov (United States)

    2006-01-01

    Flask microkernel -based operating sys­ tem, that successfully overcomes these obstacles to pol- icy flexibility. The cleaner separation of mechanism and...other object managers in the system to en- force those access control decisions. Although the pro­ totype system is microkernel -based, the security...mecha­ nisms do not depend on a microkernel architecture and will easily generalize beyond it. The resulting system provides policy flexibility. It sup

  4. Access control, security, and trust a logical approach

    CERN Document Server

    Chin, Shiu-Kai

    2010-01-01

    Access Control, Security, Trust, and Logic Deconstructing Access Control Decisions A Logical Approach to Access Control PRELIMINARIES A Language for Access ControlSets and Relations Syntax SemanticsReasoning about Access Control Logical RulesFormal Proofs and Theorems Soundness of Logical RulesBasic Concepts Reference Monitors Access Control Mechanisms: Tickets and Lists Authentication Security PoliciesConfidentiality, Integrity, and Availability Discretionary Security Policies Mandatory Security Policies Military Security Policies Commercial PoliciesDISTRIBUTED ACCESS CONTROL Digital Authenti

  5. TOWARD HIGHLY SECURE AND AUTONOMIC COMPUTING SYSTEMS: A HIERARCHICAL APPROACH

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Hsien-Hsin S

    2010-05-11

    The overall objective of this research project is to develop novel architectural techniques as well as system software to achieve a highly secure and intrusion-tolerant computing system. Such system will be autonomous, self-adapting, introspective, with self-healing capability under the circumstances of improper operations, abnormal workloads, and malicious attacks. The scope of this research includes: (1) System-wide, unified introspection techniques for autonomic systems, (2) Secure information-flow microarchitecture, (3) Memory-centric security architecture, (4) Authentication control and its implication to security, (5) Digital right management, (5) Microarchitectural denial-of-service attacks on shared resources. During the period of the project, we developed several architectural techniques and system software for achieving a robust, secure, and reliable computing system toward our goal.

  6. Access control and personal identification systems

    CERN Document Server

    Bowers, Dan M

    1988-01-01

    Access Control and Personal Identification Systems provides an education in the field of access control and personal identification systems, which is essential in selecting the appropriate equipment, dealing intelligently with vendors in purchases of the equipment, and integrating the equipment into a total effective system. Access control devices and systems comprise an important part of almost every security system, but are seldom the sole source of security. In order for the goals of the total system to be met, the other portions of the security system must also be well planned and executed

  7. EFFICIENCY INDICATORS INFORMATION MANAGEMENT IN INTEGRATED SECURITY SYSTEMS

    Directory of Open Access Journals (Sweden)

    N. S. Rodionova

    2014-01-01

    Full Text Available Summary. Introduction of information technology to improve the efficiency of security activity leads to the need to consider a number of negative factors associated with in consequence of the use of these technologies as a key element of modern security systems. One of the most notable factor is the exposure to information processes in protection systems security threats. This largely relates to integrated security systems (ISS is the system of protection with the highest level of informatization security functions. Significant damage to protected objects that they could potentially incur as a result of abnormal operation ISS, puts a very actual problem of assessing factors that reduce the efficiency of the ISS to justify the ways and methods to improve it. Because of the nature of threats and blocking distortion of information in the ISS of interest are: the volume undistorted ISF working environment, as a characteristic of data integrity; time access to information as a feature of its availability. This in turn leads to the need to use these parameters as the performance characteristics of information processes in the ISS - the completeness and timeliness of information processing. The article proposes performance indicators of information processes in integrated security systems in terms of optimal control procedures to protect information from unauthorized access. Set the considered parameters allows to conduct comprehensive security analysis of integrated security systems, and to provide recommendations to improve the management of information security procedures in them.

  8. Available transfer capability evaluation and enhancement using various FACTS controllers: Special focus on system security

    Directory of Open Access Journals (Sweden)

    M. Venkateswara Rao

    2016-03-01

    Full Text Available Nowadays, because of the deregulation of the power industry the continuous increase of the load increases the necessity of calculation of available transfer capability (ATC of a system to analyze the system security. With this calculation, the scheduling of generator can be decided to decrease the system severity. Further, constructing new transmission lines, new substations are very cost effective to meet the increasing load and to increase the transfer capability. Hence, an alternative way to increase the transfer capability is use of flexible ac transmission system (FACTS controllers. In this paper, SSSC, STACOM and UPFC are considered to show the effect of these controllers in enhancing system ATC. For this, a novel current based modeling and optimal location strategy of these controllers are presented. The proposed methodology is tested on standard IEEE-30 bus and IEEE-57 bus test systems with supporting numerical and graphical results.

  9. Parliamentary control of security information agency in terms of security culture: State and problems

    Directory of Open Access Journals (Sweden)

    Radivojević Nenad

    2013-01-01

    Full Text Available Even though security services have the same function as before, today they have different tasks and significantly more work than before. Modern security problems of the late 20th and early 21st century require states to reorganize their security services, adapting them to the new changes. The reorganization involves, among other things, giving wider powers of the security services, in order to effectively counter the growing and sophisticated security threats, which may also lead to violations of human rights and freedoms. It is therefore necessary to define the right competence, organization, authority and control of these services. In democratic countries, there are several institutions with different levels of control of security services. Parliament is certainly one of the most important institutions in that control, both in the world and in our country. Powers, finance, the use of special measures and the nature and scope of work of the Security Information Agency are certainly object of the control of the National Assembly. What seems to be the problem is achieving a balance between the need for control of security services and security services to have effective methods for combating modern security problems. This paper presents the legal framework related to the National Assembly control of the Security Intelligence Agency, as well as the practical problems associated with this type of control. We analyzed the role of security culture as one of the factors of that control. In this regard, it provides guidance for the practical work of the members of parliament who control the Security Intelligence Agency, noting in particular the importance of and the need for continuous improvement of security culture representatives.

  10. Application of the Concept of Intrusion Tolerant System for Evaluating Cyber Security Enhancements

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Chanyoung; Seong, Poong Hyun [KAIST, Daejeon (Korea, Republic of)

    2016-10-15

    One of the major problems is that nuclear industry is in very early stage in dealing with cyber security issues. It is because that cyber security has received less attention compared to other safety problems. In addition, late adoption of digital I and C systems has resulted in lower level of cyber security advancements in nuclear industry than ones in other industries. For the cyber security of NPP I and C systems, many regulatory documents, guides and standards were already published. These documents include cyber security plans, methods for cyber security assessments and comprehensive set of security controls. However, methods which can help assess how much security is improved if a specific security control is applied are not included in these documents. Hence, NPP I and C system designers may encounter difficulties when trying to apply security controls with limited structure and cost. In order to provide useful information about cyber security issues including cyber security enhancements, this paper suggests a framework to evaluate how much cyber security is improved when a specific cyber security enhancement is applied in NPPs. In order to provide useful information about cyber security issues including cyber security enhancements, this paper suggests a framework to evaluate how much cyber security is improved when a specific cyber security enhancement is applied in NPPs. The extent of cyber security improvement caused by security enhancement was defined as reduction ratio of the failure probability to secure the system from cyber-attack as Eq.1. The concept of 'intrusion tolerant system' was applied to not only prevent cyber-attacks but also limit the extent of damage in this study. For applying the concept of intrusion tolerant system to NPP, the event tree was constructed with some assumptions. Cyber security improvement caused by cyber security enhancement can be estimated as Eq.3. By comparing current system to the enhanced system, it is

  11. Application of the Concept of Intrusion Tolerant System for Evaluating Cyber Security Enhancements

    International Nuclear Information System (INIS)

    Lee, Chanyoung; Seong, Poong Hyun

    2016-01-01

    One of the major problems is that nuclear industry is in very early stage in dealing with cyber security issues. It is because that cyber security has received less attention compared to other safety problems. In addition, late adoption of digital I and C systems has resulted in lower level of cyber security advancements in nuclear industry than ones in other industries. For the cyber security of NPP I and C systems, many regulatory documents, guides and standards were already published. These documents include cyber security plans, methods for cyber security assessments and comprehensive set of security controls. However, methods which can help assess how much security is improved if a specific security control is applied are not included in these documents. Hence, NPP I and C system designers may encounter difficulties when trying to apply security controls with limited structure and cost. In order to provide useful information about cyber security issues including cyber security enhancements, this paper suggests a framework to evaluate how much cyber security is improved when a specific cyber security enhancement is applied in NPPs. In order to provide useful information about cyber security issues including cyber security enhancements, this paper suggests a framework to evaluate how much cyber security is improved when a specific cyber security enhancement is applied in NPPs. The extent of cyber security improvement caused by security enhancement was defined as reduction ratio of the failure probability to secure the system from cyber-attack as Eq.1. The concept of 'intrusion tolerant system' was applied to not only prevent cyber-attacks but also limit the extent of damage in this study. For applying the concept of intrusion tolerant system to NPP, the event tree was constructed with some assumptions. Cyber security improvement caused by cyber security enhancement can be estimated as Eq.3. By comparing current system to the enhanced system, it is possible to

  12. Control and Non-Payload Communications (CNPC) Prototype Radio - Generation 2 Security Flight Test Report

    Science.gov (United States)

    Iannicca, Dennis C.; Ishac, Joseph A.; Shalkhauser, Kurt A.

    2015-01-01

    NASA Glenn Research Center (GRC), in cooperation with Rockwell Collins, is working to develop a prototype Control and Non-Payload Communications (CNPC) radio platform as part of NASA Integrated Systems Research Program's (ISRP) Unmanned Aircraft Systems (UAS) Integration in the National Airspace System (NAS) project. A primary focus of the project is to work with the Federal Aviation Administration (FAA) and industry standards bodies to build and demonstrate a safe, secure, and efficient CNPC architecture that can be used by industry to evaluate the feasibility of deploying a system using these technologies in an operational capacity. GRC has been working in conjunction with these groups to assess threats, identify security requirements, and to develop a system of standards-based security controls that can be applied to the GRC prototype CNPC architecture as a demonstration platform. The proposed security controls were integrated into the GRC flight test system aboard our S-3B Viking surrogate aircraft and several network tests were conducted during a flight on November 15th, 2014 to determine whether the controls were working properly within the flight environment. The flight test was also the first to integrate Robust Header Compression (ROHC) as a means of reducing the additional overhead introduced by the security controls and Mobile IPv6. The effort demonstrated the complete end-to-end secure CNPC link in a relevant flight environment.

  13. SOSPO-SP: Secure Operation of Sustainable Power Systems Simulation Platform for Real-Time System State Evaluation and Control

    DEFF Research Database (Denmark)

    Morais, Hugo; Vancraeyveld, Pieter; Pedersen, Allan Henning Birger

    2014-01-01

    Measurement Units (PMUs) provides more information and enables wide-area monitoring with accurate timing. One of the challenges in the near future is converting the high quantity and quality of information provided by PMUs into useful knowledge about operational state of a global system. The use of real-time...... simulation in closed-loop is essential to develop and validate new real-time applications of wide-area PMU data. This paper presents a simulation platform developed within the research project Secure Operation of Sustainable Power Systems (SOSPO). The SOSPO simulation platform (SOSPO-SP) functions...... in a closed-loop, integrating new real-time assessment methods to provide useful information to operators in power system control centers and to develop new control methodologies that handle emergency situations and avoid power system blackouts....

  14. An Early Warning System for Oil Security in China

    Directory of Open Access Journals (Sweden)

    Qingsong Wang

    2018-01-01

    Full Text Available The oil system security in a country or region will affect its sustainable development ability. China’s oil security has risen to the national strategic level. It is urgent to construct an early warning indicator system to reflect the oil security level accurately, as well as to diagnose and assess the oil system status effectively and put forward the corresponding proposals for ensuring oil security. An early warning indicator system of China’s oil system covering 23 sub-indicators from three aspects, i.e., resource security, market security and consumption security, was constructed using the SPSS (Statistical Product and Service Solutions factor analysis method. It shows that China’s oil system safety level has been seriously threatened and is generally declining. However, due to the strong introduction of energy policies and increasing energy utilization technology in recent years, the increasing proportion of new energy, renewable energy and oil substitutes eases the energy security threats. In response to complex oil security issues, the Chinese government needs to strengthen macroeconomic regulation and control at the policy level continuously, increase efforts to explore resource reserves, upgrade energy conservation and emission reduction technologies, develop new alternatives for oil products, and reduce the dependence on international oil imports.

  15. An Annotated and Cross-Referenced Bibliography on Computer Security and Access Control in Computer Systems.

    Science.gov (United States)

    Bergart, Jeffrey G.; And Others

    This paper represents a careful study of published works on computer security and access control in computer systems. The study includes a selective annotated bibliography of some eighty-five important published results in the field and, based on these papers, analyzes the state of the art. In annotating these works, the authors try to be…

  16. Computer Security: Security operations at CERN (4/4)

    CERN Document Server

    CERN. Geneva

    2012-01-01

    Stefan Lueders, PhD, graduated from the Swiss Federal Institute of Technology in Zurich and joined CERN in 2002. Being initially developer of a common safety system used in all four experiments at the Large Hadron Collider, he gathered expertise in cyber-security issues of control systems. Consequently in 2004, he took over responsibilities in securing CERN's accelerator and infrastructure control systems against cyber-threats. Subsequently, he joined the CERN Computer Security Incident Response Team and is today heading this team as CERN's Computer Security Officer with the mandate to coordinate all aspects of CERN's computer security --- office computing security, computer centre security, GRID computing security and control system security --- whilst taking into account CERN's operational needs. Dr. Lueders has presented on these topics at many different occasions to international bodies, governments, and companies, and published several articles. With the prevalence of modern information technologies and...

  17. A review of the security of insulin pump infusion systems.

    Science.gov (United States)

    Paul, Nathanael; Kohno, Tadayoshi; Klonoff, David C

    2011-11-01

    Insulin therapy has enabled patients with diabetes to maintain blood glucose control to lead healthier lives. Today, rather than injecting insulin manually using syringes, a patient can use a device such as an insulin pump to deliver insulin programmatically. This allows for more granular insulin delivery while attaining blood glucose control. Insulin pump system features have increasingly benefited patients, but the complexity of the resulting system has grown in parallel. As a result, security breaches that can negatively affect patient health are now possible. Rather than focus on the security of a single device, we concentrate on protecting the security of the entire system. In this article, we describe the security issues as they pertain to an insulin pump system that includes an embedded system of components, which include the insulin pump, continuous glucose management system, blood glucose monitor, and other associated devices (e.g., a mobile phone or personal computer). We detail not only the growing wireless communication threat in each system component, but also describe additional threats to the system (e.g., availability and integrity). Our goal is to help create a trustworthy infusion pump system that will ultimately strengthen pump safety, and we describe mitigating solutions to address identified security issues. © 2011 Diabetes Technology Society.

  18. Integrated security system definition

    International Nuclear Information System (INIS)

    Campbell, G.K.; Hall, J.R. II

    1985-01-01

    The objectives of an integrated security system are to detect intruders and unauthorized activities with a high degree of reliability and the to deter and delay them until effective response/engagement can be accomplished. Definition of an effective integrated security system requires proper application of a system engineering methodology. This paper summarizes a methodology and describes its application to the problem of integrated security system definition. This process includes requirements identification and analysis, allocation of identified system requirements to the subsystem level and provides a basis for identification of synergistic subsystem elements and for synthesis into an integrated system. The paper discusses how this is accomplished, emphasizing at each step how system integration and subsystem synergism is considered. The paper concludes with the product of the process: implementation of an integrated security system

  19. Globally reasoning about localised security policies in distributed systems

    DEFF Research Database (Denmark)

    Hernandez, Alejandro Mario

    In this report, we aim at establishing proper ways for model checking the global security of distributed systems, which are designed consisting of set of localised security policies that enforce specific issues about the security expected. The systems are formally specified following a syntax......, defined in detail in this report, and their behaviour is clearly established by the Semantics, also defined in detail in this report. The systems include the formal attachment of security policies into their locations, whose intended interactions are trapped by the policies, aiming at taking access...... control decisions of the system, and the Semantics also takes care of this. Using the Semantics, a Labelled Transition System (LTS) can be induced for every particular system, and over this LTS some model checking tasks could be done. We identify how this LTS is indeed obtained, and propose an alternative...

  20. Gene expression programming for power system static security ...

    African Journals Online (AJOL)

    user

    Keywords: static security, gene expression programming, probabilistic neural network ... Hence digital computers are usually installed in operations control centers to gather ...... power system protection, and applications of AI in power systems.

  1. A Development Framework for Software Security in Nuclear Safety Systems: Integrating Secure Development and System Security Activities

    Energy Technology Data Exchange (ETDEWEB)

    Park, Jaekwan; Suh, Yongsuk [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2014-02-15

    The protection of nuclear safety software is essential in that a failure can result in significant economic loss and physical damage to the public. However, software security has often been ignored in nuclear safety software development. To enforce security considerations, nuclear regulator commission recently issued and revised the security regulations for nuclear computer-based systems. It is a great challenge for nuclear developers to comply with the security requirements. However, there is still no clear software development process regarding security activities. This paper proposes an integrated development process suitable for the secure development requirements and system security requirements described by various regulatory bodies. It provides a three-stage framework with eight security activities as the software development process. Detailed descriptions are useful for software developers and licensees to understand the regulatory requirements and to establish a detailed activity plan for software design and engineering.

  2. Security of Dependable Systems

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    2011-01-01

    Security and dependability are crucial for designing trustworthy systems. The approach “security as an add-on” is not satisfactory, yet the integration of security in the development process is still an open problem. Especially, a common framework for specifying dependability and security is very...... much needed. There are many pressing challenges however; here, we address some of them. Firstly, security for dependable systems is a broad concept and traditional view of security, e.g., in terms of confidentiality, integrity and availability, does not suffice. Secondly, a clear definition of security...... in the dependability context is not agreed upon. Thirdly, security attacks cannot be modeled as a stochastic process, because the adversary’s strategy is often carefully planned. In this chapter, we explore these challenges and provide some directions toward their solutions....

  3. Cyber-Physical System Security With Deceptive Virtual Hosts for Industrial Control Networks

    International Nuclear Information System (INIS)

    Vollmer, Todd; Manic, Milos

    2014-01-01

    A challenge facing industrial control network administrators is protecting the typically large number of connected assets for which they are responsible. These cyber devices may be tightly coupled with the physical processes they control and human induced failures risk dire real-world consequences. Dynamic virtual honeypots are effective tools for observing and attracting network intruder activity. This paper presents a design and implementation for self-configuring honeypots that passively examine control system network traffic and actively adapt to the observed environment. In contrast to prior work in the field, six tools were analyzed for suitability of network entity information gathering. Ettercap, an established network security tool not commonly used in this capacity, outperformed the other tools and was chosen for implementation. Utilizing Ettercap XML output, a novel four-step algorithm was developed for autonomous creation and update of a Honeyd configuration. This algorithm was tested on an existing small campus grid and sensor network by execution of a collaborative usage scenario. Automatically created virtual hosts were deployed in concert with an anomaly behavior (AB) system in an attack scenario. Virtual hosts were automatically configured with unique emulated network stack behaviors for 92% of the targeted devices. The AB system alerted on 100% of the monitored emulated devices

  4. Energy systems security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Energy Systems Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to electricity transmission grids and their protection, risk assessment of energy systems, analysis of interdependent energy networks. Methods to manage electricity transmission disturbances so as to avoid blackouts are discussed, and self-healing energy system and a nano-enabled power source are presented.

  5. Establishing cyber security programs for I and C systems at nuclear facilities

    International Nuclear Information System (INIS)

    Waedt, Karl

    2012-01-01

    In recent years, across the international nuclear community, cyber security issues have quickly gained significant attention from safety authorities and plant designers alike. This increased attention was accelerated by news of the Stuxnet virus, which impaired control systems at Iranian nuclear facilities in 2010, but is also fueled by regular news about cyber security breaches of data systems at large business corporations. This paper discusses key aspects of establishing a cyber security program for Instrumentation and Control (I and C) systems at a nuclear facility, and identifies inherent aspects of nuclear power plant (NPP) design, that differentiate the needs of such a cyber security program from those of typical corporate data systems. (orig.)

  6. Establishing cyber security programs for I and C systems at nuclear facilities

    Energy Technology Data Exchange (ETDEWEB)

    Waedt, Karl [AREVA NP GmbH (Germany)

    2012-11-01

    In recent years, across the international nuclear community, cyber security issues have quickly gained significant attention from safety authorities and plant designers alike. This increased attention was accelerated by news of the Stuxnet virus, which impaired control systems at Iranian nuclear facilities in 2010, but is also fueled by regular news about cyber security breaches of data systems at large business corporations. This paper discusses key aspects of establishing a cyber security program for Instrumentation and Control (I and C) systems at a nuclear facility, and identifies inherent aspects of nuclear power plant (NPP) design, that differentiate the needs of such a cyber security program from those of typical corporate data systems. (orig.)

  7. Computer Security Systems Enable Access.

    Science.gov (United States)

    Riggen, Gary

    1989-01-01

    A good security system enables access and protects information from damage or tampering, but the most important aspects of a security system aren't technical. A security procedures manual addresses the human element of computer security. (MLW)

  8. 10 CFR 95.49 - Security of automatic data processing (ADP) systems.

    Science.gov (United States)

    2010-01-01

    ... 10 Energy 2 2010-01-01 2010-01-01 false Security of automatic data processing (ADP) systems. 95.49 Section 95.49 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.49 Security of...

  9. Why SCADA security is NOT like Computer Centre Security

    CERN Multimedia

    CERN. Geneva

    2014-01-01

    Today, the industralized world lives in symbiosis with control systems (aka SCADA systems): it depends on power distribution, oil production, public transport, automatic production lines. While the convenience is at hand, still too many control systems are designed without any security in mind, lack basic security protections, and are not even robust enough to withstand basic attacks. The Stuxnet worm attacking Siemens PLCs in 2010 was another close call. Attackers currently enjoy hacking control systems, and aim to switch lights off. This presentation shall recap the current situation and discuss the differences (or not) between computer center cyber-security and control system cyber-security.

  10. Method for secure electronic voting system: face recognition based approach

    Science.gov (United States)

    Alim, M. Affan; Baig, Misbah M.; Mehboob, Shahzain; Naseem, Imran

    2017-06-01

    In this paper, we propose a framework for low cost secure electronic voting system based on face recognition. Essentially Local Binary Pattern (LBP) is used for face feature characterization in texture format followed by chi-square distribution is used for image classification. Two parallel systems are developed based on smart phone and web applications for face learning and verification modules. The proposed system has two tire security levels by using person ID followed by face verification. Essentially class specific threshold is associated for controlling the security level of face verification. Our system is evaluated three standard databases and one real home based database and achieve the satisfactory recognition accuracies. Consequently our propose system provides secure, hassle free voting system and less intrusive compare with other biometrics.

  11. Security Information System Digital Simulation

    OpenAIRE

    Tao Kuang; Shanhong Zhu

    2015-01-01

    The study built a simulation model for the study of food security information system relay protection. MATLAB-based simulation technology can support the analysis and design of food security information systems. As an example, the food security information system fault simulation, zero-sequence current protection simulation and transformer differential protection simulation are presented in this study. The case studies show that the simulation of food security information system relay protect...

  12. Patient-Controlled Attribute-Based Encryption for Secure Electronic Health Records System.

    Science.gov (United States)

    Eom, Jieun; Lee, Dong Hoon; Lee, Kwangsu

    2016-12-01

    In recent years, many countries have been trying to integrate electronic health data managed by each hospital to offer more efficient healthcare services. Since health data contain sensitive information of patients, there have been much research that present privacy preserving mechanisms. However, existing studies either require a patient to perform various steps to secure the data or restrict the patient to exerting control over the data. In this paper, we propose patient-controlled attribute-based encryption, which enables a patient (a data owner) to control access to the health data and reduces the operational burden for the patient, simultaneously. With our method, the patient has powerful control capability of his/her own health data in that he/she has the final say on the access with time limitation. In addition, our scheme provides emergency medical services which allow the emergency staffs to access the health data without the patient's permission only in the case of emergencies. We prove that our scheme is secure under cryptographic assumptions and analyze its efficiency from the patient's perspective.

  13. Cyber Security Risk Assessment for the KNICS Safety Systems

    International Nuclear Information System (INIS)

    Lee, C. K.; Park, G. Y.; Lee, Y. J.; Choi, J. G.; Kim, D. H.; Lee, D. Y.; Kwon, K. C.

    2008-01-01

    In the Korea Nuclear I and C Systems Development (KNICS) project the platforms for plant protection systems are developed, which function as a reactor shutdown, actuation of engineered safety features and a control of the related equipment. Those are fully digitalized through the use of safety-grade programmable logic controllers (PLCs) and communication networks. In 2006 the Regulatory Guide 1.152 (Rev. 02) was published by the U.S. NRC and it describes the application of a cyber security to the safety systems in the Nuclear Power Plant (NPP). Therefore it is required that the new requirements are incorporated into the developed platforms to apply to NPP, and a cyber security risk assessment is performed. The results of the assessment were input for establishing the cyber security policies and planning the work breakdown to incorporate them

  14. Multimedia Security System for Security and Medical Applications

    Science.gov (United States)

    Zhou, Yicong

    2010-01-01

    This dissertation introduces a new multimedia security system for the performance of object recognition and multimedia encryption in security and medical applications. The system embeds an enhancement and multimedia encryption process into the traditional recognition system in order to improve the efficiency and accuracy of object detection and…

  15. Securing the Global Airspace System Via Identity-Based Security

    Science.gov (United States)

    Ivancic, William D.

    2015-01-01

    Current telecommunications systems have very good security architectures that include authentication and authorization as well as accounting. These three features enable an edge system to obtain access into a radio communication network, request specific Quality-of-Service (QoS) requirements and ensure proper billing for service. Furthermore, the links are secure. Widely used telecommunication technologies are Long Term Evolution (LTE) and Worldwide Interoperability for Microwave Access (WiMAX) This paper provides a system-level view of network-centric operations for the global airspace system and the problems and issues with deploying new technologies into the system. The paper then focuses on applying the basic security architectures of commercial telecommunication systems and deployment of federated Authentication, Authorization and Accounting systems to provide a scalable, evolvable reliable and maintainable solution to enable a globally deployable identity-based secure airspace system.

  16. Network systems security analysis

    Science.gov (United States)

    Yilmaz, Ä.°smail

    2015-05-01

    Network Systems Security Analysis has utmost importance in today's world. Many companies, like banks which give priority to data management, test their own data security systems with "Penetration Tests" by time to time. In this context, companies must also test their own network/server systems and take precautions, as the data security draws attention. Based on this idea, the study cyber-attacks are researched throughoutly and Penetration Test technics are examined. With these information on, classification is made for the cyber-attacks and later network systems' security is tested systematically. After the testing period, all data is reported and filed for future reference. Consequently, it is found out that human beings are the weakest circle of the chain and simple mistakes may unintentionally cause huge problems. Thus, it is clear that some precautions must be taken to avoid such threats like updating the security software.

  17. Obsessive-Compulsive Homeland Security: Insights from the Neurobiological Security Motivation System

    Science.gov (United States)

    2018-03-01

    HOMELAND SECURITY: INSIGHTS FROM THE NEUROBIOLOGICAL SECURITY MOTIVATION SYSTEM by Marissa D. Madrigal March 2018 Thesis Advisor...FROM THE NEUROBIOLOGICAL SECURITY MOTIVATION SYSTEM 5. FUNDING NUMBERS 6. AUTHOR(S) Marissa D. Madrigal 7. PERFORMING ORGANIZATION NAME(S) AND...how activation of the neurobiological security- motivation system can lead to securitization in response to a security speech act. It explores the model

  18. Home Automation and Security System Using Android ADK

    OpenAIRE

    Deepali Javale; Mohd. Mohsin; Shreerang Nandanwar; Mayur Shingate

    2013-01-01

    Today we are living in 21st century where automation is playing important role in human life. Home automation allows us to control household appliances like light, door, fan, AC etc. It also provides home security and emergency system to be activated. Home automation not only refers to reduce human efforts but also energy efficiency and time saving. The main objective of home automation and security is to help handicapped and old aged people which will enable them to control home appliances a...

  19. Introduction of regulatory guide on cyber security of L and C systems in nuclear facilities

    International Nuclear Information System (INIS)

    Kang, Y.; Jeong, C. H.; Kim, D. I.

    2008-01-01

    In the case of unauthorized individuals, systems and entities or process threatening the instrumentation and control systems of nuclear facilities using the intrinsic vulnerabilities of digital based technologies, those systems may lose their own required functions. The loss of required functions of the systems can seriously affect the safety of nuclear facilities. Consequently, digital instrumentation and control systems, which perform functions important to safety, should be designed and operated to respond to cyber threats capitalizing on the vulnerabilities of digital based technologies. To make it possible, the developers and licensees of nuclear facilities should perform appropriate cyber security activities throughout the whole life cycle of digital instrumentation and control systems. Under the goal of securing the safety of nuclear facilities, this paper presents the regulatory on cyber security activities to remove the cyber threats that exploit the vulnerabilities of digital instrumentation and control systems and to mitigate the effect of such threats. Presented regulatory guide includes establishing the cyber security policy and plan, analyzing and classifying the cyber threats and cyber security assessment of digital instrumentation and control systems. (authors)

  20. Optimizing man-machine performance of a personnel access restriction security system

    International Nuclear Information System (INIS)

    Banks, W.W.; Moore, J.W.

    1988-01-01

    This paper describes a human engineering design and analysis effort for a major security system upgrade at a DOE facility. This upgrade was accomplished by replacing an obsolete and poorly human engineered security screening both the with a new, user oriented, semiautomated, computer-based access control system. Human factors engineers assisted the designer staff in specifying a security access interface to physically and cognitively accommodate all employees which included handicapped individuals in wheel chairs, and several employees who were severely disabled, both visually and aurally. The new access system was intended to control entry into sensitive exclusion areas by requiring personnel to enter a security screening booth and interact with card reader devices and a-simple-to-operate access control panel system. Extensive man-machine testing with prototype mock-ups was conducted to assess human engineered design features and to illuminate potentially confusing or difficult-to-operated hardware placement, layout, and operation sequencing. These evaluations, along with the prototype mock-ups, provided input which resulted in a prototype which was easy to enter, operate, and understand by end users. This prototype later served as the design basis for the final systems design

  1. Home Automation and Security System

    OpenAIRE

    Surinder Kaur,; Rashmi Singh; Neha Khairwal; Pratyk Jain

    2016-01-01

    Easy Home or Home automation plays a very important role in modern era because of its flexibility in using it at different places with high precision which will save money and time by decreasing human hard work. Prime focus of this technology is to control the household equipment’s like light, fan, door, AC etc. automatically. This research paper has detailed information on Home Automation and Security System using Arduino, GSM and how we can control home appliances using Android application....

  2. A cyber security risk assessment for the design of I and C system in nuclear power plants

    International Nuclear Information System (INIS)

    Song, Jae Gu; Lee, Jung Woon; Lee, Cheal Kwon; Kwon, Kee Choon; Lee, Dong Young

    2012-01-01

    The applications of computers and communication system and network technologies in nuclear power plants have expanded recently. This application of digital technologies to the instrumentation and control systems of nuclear power plants brings with it the cyber security concerns similar to other critical infrastructures. Cyber security risk assessments for digital instrumentation and control systems have become more crucial in the development of new systems and in the operation of existing systems. Although the instrumentation and control systems of nuclear power plants are similar to industrial control systems, the former have specifications that differ from the latter in terms of architecture and function, in order to satisfy nuclear safety requirements, which need different methods for the application of cyber security risk assessment. In this paper, the characteristics of nuclear power plant instrumentation and control systems are described, and the considerations needed when conducting cyber security risk assessments in accordance with the life cycle process of instrumentation and control systems are discussed. For cyber security risk assessments of instrumentation and control systems, the activities and considerations necessary for assessments during the system design phase or component design and equipment supply phase are presented in the following 6 steps: 1) System Identification and Cyber Security Modeling, 2) Asset and Impact Analysis, 3) Threat Analysis, 4) Vulnerability Analysis, 5) Security Control Design, and 6) Penetration test. The results from an application of the method to a digital reactor protection system are described.

  3. A cyber security risk assessment for the design of I and C system in nuclear power plants

    Energy Technology Data Exchange (ETDEWEB)

    Song, Jae Gu; Lee, Jung Woon; Lee, Cheal Kwon; Kwon, Kee Choon; Lee, Dong Young [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2012-12-15

    The applications of computers and communication system and network technologies in nuclear power plants have expanded recently. This application of digital technologies to the instrumentation and control systems of nuclear power plants brings with it the cyber security concerns similar to other critical infrastructures. Cyber security risk assessments for digital instrumentation and control systems have become more crucial in the development of new systems and in the operation of existing systems. Although the instrumentation and control systems of nuclear power plants are similar to industrial control systems, the former have specifications that differ from the latter in terms of architecture and function, in order to satisfy nuclear safety requirements, which need different methods for the application of cyber security risk assessment. In this paper, the characteristics of nuclear power plant instrumentation and control systems are described, and the considerations needed when conducting cyber security risk assessments in accordance with the life cycle process of instrumentation and control systems are discussed. For cyber security risk assessments of instrumentation and control systems, the activities and considerations necessary for assessments during the system design phase or component design and equipment supply phase are presented in the following 6 steps: 1) System Identification and Cyber Security Modeling, 2) Asset and Impact Analysis, 3) Threat Analysis, 4) Vulnerability Analysis, 5) Security Control Design, and 6) Penetration test. The results from an application of the method to a digital reactor protection system are described.

  4. Accountancy, physical control and security: a question of balance

    International Nuclear Information System (INIS)

    Bishop, D.M.; Wilson, D.W.; Shaver, J.W.

    1976-01-01

    The historical development of current domestic safeguards regulations is summarized, from the perspective of an operating licensee nuclear fuel facility, in terms of timing, basis and need. Principal aspects of material accounting and physical security as independent approaches to safeguards control are described and analyzed in terms of overlap and effectiveness. Concerns with the licensee safeguards regulatory process are discussed, and development needs are identified. Recommendations are made which contribute to the evolution and improvement of safeguards based on a ''top-down'' systems approach to regulation using proven accounting, physical control and security principles to attain defined objectives

  5. Selection of the Best Security Controls for Rapid Development of Enterprise-Level Cyber Security

    Science.gov (United States)

    2017-03-01

    investment (ROI) assessment. This ROI assessment entailed consideration of both the likely/expected security benefits of each candidate security control...the top 10–20 cyber security controls, where ranking was based upon a return on investment (ROI) assessment. This ROI assessment entailed...11  II.  CYBER SECURITY: UNDERLYING PRINCIPLES, FUNDAMENTALS AND BEST PRACTICES .................................................13  A

  6. Spent fuel reprocessing system security engineering capability maturity model

    International Nuclear Information System (INIS)

    Liu Yachun; Zou Shuliang; Yang Xiaohua; Ouyang Zigen; Dai Jianyong

    2011-01-01

    In the field of nuclear safety, traditional work places extra emphasis on risk assessment related to technical skills, production operations, accident consequences through deterministic or probabilistic analysis, and on the basis of which risk management and control are implemented. However, high quality of product does not necessarily mean good safety quality, which implies a predictable degree of uniformity and dependability suited to the specific security needs. In this paper, we make use of the system security engineering - capability maturity model (SSE-CMM) in the field of spent fuel reprocessing, establish a spent fuel reprocessing systems security engineering capability maturity model (SFR-SSE-CMM). The base practices in the model are collected from the materials of the practice of the nuclear safety engineering, which represent the best security implementation activities, reflect the regular and basic work of the implementation of the security engineering in the spent fuel reprocessing plant, the general practices reveal the management, measurement and institutional characteristics of all process activities. The basic principles that should be followed in the course of implementation of safety engineering activities are indicated from 'what' and 'how' aspects. The model provides a standardized framework and evaluation system for the safety engineering of the spent fuel reprocessing system. As a supplement to traditional methods, this new assessment technique with property of repeatability and predictability with respect to cost, procedure and quality control, can make or improve the activities of security engineering to become a serial of mature, measurable and standard activities. (author)

  7. Information security in SCADA systems in nuclear power plants

    International Nuclear Information System (INIS)

    Satyamurty, S.A.V.

    2013-01-01

    Few decades back most of the I and C systems are Hardwired based. With the developments in digital electronics, micro processors and micro controllers, the I and C systems are becoming more and more Computer based. Though it brought convenience to the designer, comfort to the operator in the form of better GUI, it also brought many challenges in the form of information security. The talk covers the typical I and C design using SCADA systems, the challenges, typical problems faced and the need for information security. The talk illustrates various security measures to be implemented in the design, development and testing stages. These security measures have to be taken both in the development environment and deployment environment. Verification and validation of computer based system is very important. Configuration change management is very essential for smooth running of the plant. The talk illustrates the various measures need to be taken. (author)

  8. Development of a Quantitative Method for Evaluating the Efficacy of Cyber Security Controls in NPPs based on Intrusion Tolerant Concept

    International Nuclear Information System (INIS)

    Lee, Chanyoung; Seong, Poong Hyun

    2017-01-01

    Digital I and C systems have been developed and installed in nuclear power plants (NPPs). However, due to installation of digital I and C systems, cyber security concerns are increasing in the nuclear industry. In order to provide useful information about cyber security issues, many regulatory documents, guides and standards were already published in the nuclear industry. The documents include cyber security plans, methods for cyber security assessments and comprehensive set of security controls. In order for useful information about cyber security issues, many regulatory documents, guides and standards have been already published in the nuclear industry. However, there are still difficulties when it comes to deciding which security controls are needed and to defining appropriate security control requirements. It is because practical examples for the application of security controls have not been available to system designers and there is a lack of means for estimating the effectiveness of security controls. In this regard, this paper suggested a framework to quantitatively evaluate how much cyber security is improved when specific cyber security controls are applied in NPPs.

  9. Army Secure Operating System: Information Security for Real Time Systems

    National Research Council Canada - National Science Library

    Anderson, Eric

    1984-01-01

    The Army Secure Operating System (ASOS) project, under the management of the U.S. Army CECOM organization, will provide real time systems software necessary for fielding modern Battlefield Automation Systems...

  10. System control and communication

    International Nuclear Information System (INIS)

    Bindner, H.; Oestergaard, J.

    2005-01-01

    Rapid and ongoing development in the energy sector has consequences for system control at all levels. In relation to system control and communication the control system is challenged in five important ways: 1) Expectations for security of supply, robustness and vulnerability are becoming more stringent, and the control system plays a big part in meeting these expectations. 2) Services are becoming increasingly based on markets that involve the transmission system operators (TSOs), generators and distribution companies. Timely, accurate and secure communication is essential to the smooth running of the markets. 3) Adding large amounts of renewable energy (RE) to the mix is a challenge for control systems because of the intermittent availability of many RE sources. 4) Increasing the number of active components in the system, such as small CHP plants, micro-CHP and intelligent loads, means that the system control will be much more complex. 5) In the future it is likely that power, heat, gas, transport and communication systems will be tighter coupled and interact much more. (au)

  11. Automated entry control system for nuclear facilities

    International Nuclear Information System (INIS)

    Ream, W.K.; Espinoza, J.

    1985-01-01

    An entry control system to automatically control access to nuclear facilities is described. The design uses a centrally located console, integrated into the regular security system, to monitor the computer-controlled passage into and out of sensitive areas. Four types of entry control points are used: an unmanned enclosed portal with metal and SNM detectors for contraband detection with positive personnel identification, a bypass portal for contraband search after a contraband alarm in a regular portal also with positive personnel identification, a single door entry point with positive personnel identification, and a single door entry point with only a magnetic card-type identification. Security force action is required only as a response to an alarm. The integration of the entry control function into the security system computer is also described. The interface between the entry control system and the monitoring security personnel utilizing a color graphics display with touch screen input is emphasized. 2 refs., 7 figs

  12. Audit for Information Systems Security

    Directory of Open Access Journals (Sweden)

    Ana-Maria SUDUC

    2010-01-01

    Full Text Available The information and communication technologies advances made available enormous and vast amounts of information. This availability generates also significant risks to computer systems, information and to the critical operations and infrastructures they support. In spite of significant advances in the information security area many information systems are still vulnerable to inside or outside attacks. The existence of an internal audit for information system security increases the probability of adopting adequate security measures and preventing these attacks or lowering the negative consequences. The paper presents an exploratory study on informatics audit for information systems security.

  13. Ultra Safe And Secure Blasting System

    Energy Technology Data Exchange (ETDEWEB)

    Hart, M M

    2009-07-27

    The Ultra is a blasting system that is designed for special applications where the risk and consequences of unauthorized demolition or blasting are so great that the use of an extraordinarily safe and secure blasting system is justified. Such a blasting system would be connected and logically welded together through digital code-linking as part of the blasting system set-up and initialization process. The Ultra's security is so robust that it will defeat the people who designed and built the components in any attempt at unauthorized detonation. Anyone attempting to gain unauthorized control of the system by substituting components or tapping into communications lines will be thwarted in their inability to provide encrypted authentication. Authentication occurs through the use of codes that are generated by the system during initialization code-linking and the codes remain unknown to anyone, including the authorized operator. Once code-linked, a closed system has been created. The system requires all components connected as they were during initialization as well as a unique code entered by the operator for function and blasting.

  14. An autonomic security monitor for distributed operating systems

    OpenAIRE

    Arenas, A.; Aziz, Benjamin; Maj, S.; Matthews, B.

    2011-01-01

    This paper presents an autonomic system for the monitoring of security-relevant information in a Grid-based operating system. The system implements rule-based policies using Java Drools. Policies are capable of controlling the system environment based on changes in levels of CPU/memory usage, accesses to system resources, detection of abnormal behaviour such as DDos attacks.

  15. On Building Secure Communication Systems

    DEFF Research Database (Denmark)

    Carvalho Quaresma, Jose Nuno

    This thesis presents the Guided System Development (GSD) framework, which aims at supporting the development of secure communication systems. A communication system is specified in a language similar to the Alice and Bob notation, a simple and intuitive language used to describe the global...... the verification and implementation of the system. The translation is semi-automatic because the developer has the option of choosing which implementation to use in order to achieve the specified security requirements. The implementation options are given by plugins defined in the framework. The framework......’s flexibility allows for the addition of constructs that model new security properties as well as new plugins that implement the security properties. In order to provide higher security assurances, the system specification can be verified by formal methods tools such as the Beliefs and Knowledge (BAK) tool...

  16. Security challenges in designing I and C systems for nuclear power plant

    International Nuclear Information System (INIS)

    Behera, Rajendra Prasad; Jayanthi, T.; Madhusoodanan, K.; Satya Murty, S.A.V.

    2016-01-01

    Geographically distributed instrumentation and control (I and C) systems in any nuclear power plant (NPP) facilitate the operator with remote access to real-time data and issue supervisory command to remote control devices deployed in the field. The increased connectivity to plant communication network has exposed I and C systems to security vulnerabilities both in terms of physical and logical access. For example, denial-of service and fault induction attack can disrupt the operation of I and C systems by delaying or blocking the flow of data through plant communication network. The design process of I and C system is quite challenging since an engineer has to consider both safety and security features implemented in hardware and software components of the system. This paper analyzes attack taxonomy based on available data and presents Security Tree Analysis (STA) technique towards building safe and secures I and C systems for Nuclear Power Plant. (author)

  17. Intelligent Facial Recognition Systems: Technology advancements for security applications

    Energy Technology Data Exchange (ETDEWEB)

    Beer, C.L.

    1993-07-01

    Insider problems such as theft and sabotage can occur within the security and surveillance realm of operations when unauthorized people obtain access to sensitive areas. A possible solution to these problems is a means to identify individuals (not just credentials or badges) in a given sensitive area and provide full time personnel accountability. One approach desirable at Department of Energy facilities for access control and/or personnel identification is an Intelligent Facial Recognition System (IFRS) that is non-invasive to personnel. Automatic facial recognition does not require the active participation of the enrolled subjects, unlike most other biological measurement (biometric) systems (e.g., fingerprint, hand geometry, or eye retinal scan systems). It is this feature that makes an IFRS attractive for applications other than access control such as emergency evacuation verification, screening, and personnel tracking. This paper discusses current technology that shows promising results for DOE and other security applications. A survey of research and development in facial recognition identified several companies and universities that were interested and/or involved in the area. A few advanced prototype systems were also identified. Sandia National Laboratories is currently evaluating facial recognition systems that are in the advanced prototype stage. The initial application for the evaluation is access control in a controlled environment with a constant background and with cooperative subjects. Further evaluations will be conducted in a less controlled environment, which may include a cluttered background and subjects that are not looking towards the camera. The outcome of the evaluations will help identify areas of facial recognition systems that need further development and will help to determine the effectiveness of the current systems for security applications.

  18. System control and display

    International Nuclear Information System (INIS)

    Jacobs, J.

    1977-01-01

    The system described was designed, developed, and installed on short time scales and primarily utilized of-the-shelf military and commercial hardware. The system was designed to provide security-in-depth and multiple security options with several stages of redundancy. Under normal operating conditions, the system is computer controlled with manual backup during abnormal conditions. Sensor alarm data are processed in conjunction with weather data to reduce nuisance alarms. A structured approach is used to order alarmed sectors for assessment. Alarm and video information is presented to security personnel in an interactive mode. Historical operational data are recorded for system evaluation

  19. Problems of collaborative work of the automated process control system (APCS) and the its information security and solutions.

    Science.gov (United States)

    Arakelyan, E. K.; Andryushin, A. V.; Mezin, S. V.; Kosoy, A. A.; Kalinina, Ya V.; Khokhlov, I. S.

    2017-11-01

    The principle of interaction of the specified systems of technological protections by the Automated process control system (APCS) and information safety in case of incorrect execution of the algorithm of technological protection is offered. - checking the correctness of the operation of technological protection in each specific situation using the functional relationship between the monitored parameters. The methodology for assessing the economic feasibility of developing and implementing an information security system.

  20. Security model for picture archiving and communication systems.

    Science.gov (United States)

    Harding, D B; Gac, R J; Reynolds, C T; Romlein, J; Chacko, A K

    2000-05-01

    The modern information revolution has facilitated a metamorphosis of health care delivery wrought with the challenges of securing patient sensitive data. To accommodate this reality, Congress passed the Health Insurance Portability and Accountability Act (HIPAA). While final guidance has not fully been resolved at this time, it is up to the health care community to develop and implement comprehensive security strategies founded on procedural, hardware and software solutions in preparation for future controls. The Virtual Radiology Environment (VRE) Project, a landmark US Army picture archiving and communications system (PACS) implemented across 10 geographically dispersed medical facilities, has addressed that challenge by planning for the secure transmission of medical images and reports over their local (LAN) and wide area network (WAN) infrastructure. Their model, which is transferable to general PACS implementations, encompasses a strategy of application risk and dataflow identification, data auditing, security policy definition, and procedural controls. When combined with hardware and software solutions that are both non-performance limiting and scalable, the comprehensive approach will not only sufficiently address the current security requirements, but also accommodate the natural evolution of the enterprise security model.

  1. 76 FR 10529 - Special Conditions: Gulfstream Model GVI Airplane; Electronic Systems Security Protection From...

    Science.gov (United States)

    2011-02-25

    ... Security Protection From Unauthorized External Access AGENCY: Federal Aviation Administration (FAA), DOT... electronic system security protection for the aircraft control domain and airline information domain from... identified and assessed, and that effective electronic system security protection strategies are implemented...

  2. Information technology security system engineering methodology

    Science.gov (United States)

    Childs, D.

    2003-01-01

    A methodology is described for system engineering security into large information technology systems under development. The methodology is an integration of a risk management process and a generic system development life cycle process. The methodology is to be used by Security System Engineers to effectively engineer and integrate information technology security into a target system as it progresses through the development life cycle. The methodology can also be used to re-engineer security into a legacy system.

  3. Systems Security Engineering

    Science.gov (United States)

    2010-08-22

    environment that contains network- borne cybersecurity threats, an argument may be made that the firewall increases overall system functionality by reserving...the number of administered devices. This approach to security analysis is at once old and new. In the early days of eCommerce , security

  4. Coal Mines Security System

    OpenAIRE

    Ankita Guhe; Shruti Deshmukh; Bhagyashree Borekar; Apoorva Kailaswar; Milind E.Rane

    2012-01-01

    Geological circumstances of mine seem to be extremely complicated and there are many hidden troubles. Coal is wrongly lifted by the musclemen from coal stocks, coal washeries, coal transfer and loading points and also in the transport routes by malfunctioning the weighing of trucks. CIL —Coal India Ltd is under the control of mafia and a large number of irregularities can be contributed to coal mafia. An Intelligent Coal Mine Security System using data acquisition method utilizes sensor, auto...

  5. Service Oriented Architecture in Network Security - a novel Organisation in Security Systems

    OpenAIRE

    Hilker, Michael; Schommer, Christoph

    2008-01-01

    Current network security systems are a collection of various security components, which are directly installed in the operating system. These check the whole node for suspicious behaviour. Armouring intrusions e.g. have the ability to hide themselves from being checked. We present in this paper an alternative organisation of security systems. The node is completely virtualized with current virtualization systems so that the operating system with applications and the security system is disting...

  6. Security in the CernVM File System and the Frontier Distributed Database Caching System

    International Nuclear Information System (INIS)

    Dykstra, D; Blomer, J

    2014-01-01

    Both the CernVM File System (CVMFS) and the Frontier Distributed Database Caching System (Frontier) distribute centrally updated data worldwide for LHC experiments using http proxy caches. Neither system provides privacy or access control on reading the data, but both control access to updates of the data and can guarantee the authenticity and integrity of the data transferred to clients over the internet. CVMFS has since its early days required digital signatures and secure hashes on all distributed data, and recently Frontier has added X.509-based authenticity and integrity checking. In this paper we detail and compare the security models of CVMFS and Frontier.

  7. Security in the CernVM File System and the Frontier Distributed Database Caching System

    Science.gov (United States)

    Dykstra, D.; Blomer, J.

    2014-06-01

    Both the CernVM File System (CVMFS) and the Frontier Distributed Database Caching System (Frontier) distribute centrally updated data worldwide for LHC experiments using http proxy caches. Neither system provides privacy or access control on reading the data, but both control access to updates of the data and can guarantee the authenticity and integrity of the data transferred to clients over the internet. CVMFS has since its early days required digital signatures and secure hashes on all distributed data, and recently Frontier has added X.509-based authenticity and integrity checking. In this paper we detail and compare the security models of CVMFS and Frontier.

  8. Security of supply, energy spillage control and peaking options within a 100% renewable electricity system for New Zealand

    International Nuclear Information System (INIS)

    Mason, I.G.; Page, S.C.; Williamson, A.G.

    2013-01-01

    In this paper, issues of security of supply, energy spillage control, and peaking options, within a fully renewable electricity system, are addressed. We show that a generation mix comprising 49% hydro, 23% wind, 13% geothermal, 14% pumped hydro energy storage peaking plant, and 1% biomass-fuelled generation on an installed capacity basis, was capable of ensuring security of supply over an historic 6-year period, which included the driest hydrological year on record in New Zealand since 1931. Hydro spillage was minimised, or eliminated, by curtailing a proportion of geothermal generation. Wind spillage was substantially reduced by utilising surplus generation for peaking purposes, resulting in up to 99.8% utilisation of wind energy. Peaking requirements were satisfied using 1550 MW of pumped hydro energy storage generation, with a capacity factor of 0.76% and an upper reservoir storage equivalent to 8% of existing hydro storage capacity. It is proposed that alternative peaking options, including biomass-fuelled gas turbines and demand-side measures, should be considered. As a transitional policy, the use of fossil-gas–fuelled gas turbines for peaking would result in a 99.8% renewable system on an energy basis. Further research into whether a market-based system is capable of delivering such a renewable electricity system is suggested. - Highlights: • A 100% renewable electricity system was modelled over a 6-year period. • Security of supply was demonstrated, including for the driest year since 1931. • Stored energy spillage was controlled by using flexible base-load generation. • Wind energy utilisation of 99.8% was obtained. • Transitional use of fossil gas for peaking resulted in a 99.8% renewable system

  9. Trainer module for security control center operations

    International Nuclear Information System (INIS)

    Bernard, E.A.

    1982-01-01

    An operator trainer module has been developed to be used with the security control center equipment to be installed as part of a safeguards physical protection system. The module is designed to provide improved training and testing capabilities for control center operators through the use of simulations for perimeter equipment operations. Operators, through the trainer module, can be challenged with a variety of realistic situations which require responsive action identical to that needed in an actual system. This permits a consistent evaluation and confirmation of operator capabilities prior to assignment as an operator and allows for periodic retesting to verify that adequate performance levels are maintained

  10. Summary of Security Control Audits of DoD Finance and Accounting Systems

    National Research Council Canada - National Science Library

    2001-01-01

    .... The Act requires DoD to develop a cost-effective security control program that continually assesses risk, is tested and evaluated periodically, and is approved by the Director, Office of Management and Budget...

  11. Information Security and Integrity Systems

    Science.gov (United States)

    1990-01-01

    Viewgraphs from the Information Security and Integrity Systems seminar held at the University of Houston-Clear Lake on May 15-16, 1990 are presented. A tutorial on computer security is presented. The goals of this tutorial are the following: to review security requirements imposed by government and by common sense; to examine risk analysis methods to help keep sight of forest while in trees; to discuss the current hot topic of viruses (which will stay hot); to examine network security, now and in the next year to 30 years; to give a brief overview of encryption; to review protection methods in operating systems; to review database security problems; to review the Trusted Computer System Evaluation Criteria (Orange Book); to comment on formal verification methods; to consider new approaches (like intrusion detection and biometrics); to review the old, low tech, and still good solutions; and to give pointers to the literature and to where to get help. Other topics covered include security in software applications and development; risk management; trust: formal methods and associated techniques; secure distributed operating system and verification; trusted Ada; a conceptual model for supporting a B3+ dynamic multilevel security and integrity in the Ada runtime environment; and information intelligence sciences.

  12. International security and arms control

    International Nuclear Information System (INIS)

    Ekeus, R.

    2000-01-01

    The end of the cold war also ended the focus on the bilateral approach to arms control and disarmament. Key concepts of security needed to be revisited, along with their implications for the disarmament and arms control agenda. Though there is currently a unipolar global security environment, there remain important tasks on the multilateral arms control agenda. The major task is that of reducing and eliminating weapons of mass destruction, especially nuclear weapons. The author contends that maintaining reliance on the nuclear-weapons option makes little sense in a time when the major Powers are strengthening their partnerships in economics, trade, peacemaking and building. (author)

  13. Sliding mode control for synchronization of Roessler systems with time delays and its application to secure communication

    International Nuclear Information System (INIS)

    Chen, C-K; Yan, J-J; Liao, T-L

    2007-01-01

    This study is concerned with the chaos synchronization problem of Roessler systems subjected to multiple time delays. Based on the sliding mode control (SMC) technique, we first propose an adaptive switching surface which does not allow for a reduction of system order, as is the case in most SMC schemes. Then both a sliding mode controller and a new sufficient condition are derived to guarantee, respectively, the global hitting of the sliding mode and stability of the equivalent error dynamics in the sliding mode. Thus, the chaos synchronization for Roessler systems with multiple time delays can surely be achieved. Moreover, the proposed scheme is then applied to the secure communication system. Numerical simulations are included to demonstrate the feasibility of the proposed scheme

  14. Physical security workshop summary: entry control

    International Nuclear Information System (INIS)

    Eaton, M.J.

    1982-01-01

    Entry control hardware has been used extensively in the past to assist security forces in separating the authorized from the unauthorized at the plant perimeter. As more attention is being focused on the insider threat, these entry control elements are being used to extend the security inspectors' presence into the plant by compartmentalizing access and monitoring vital components. This paper summarizes the experiences expressed by the participants at the March 16 to 19, 1982 INMM Physical Protection Workshop in utilizing access control and contraband detection hardware for plant wide entry control applications

  15. Power system operational security analysis to obtain sustainable, strategic and economic dispatch

    International Nuclear Information System (INIS)

    Khan, R.A.J.; Alemadi, N.; Mulla, Y.A.; Choudhry, T.M.

    2006-01-01

    This paper addresses the most critical question that is static/online security system n power system operation and managements. Therefore, we do originated couple of models with their operational scenarios. How to identify the main security constraints and their most suitable reinforcements needed to maintain the system security as per determine boundary. It would also render instrumental approach to enhance the security operational constraints. Therefore, it will also provide the system operator to take preventive action or formulate the action plan prior to contingencies occurred In past the both demand side management system and load shedding have been used for to provide reliable power system under normal or emergency operation and control [4,5 J.) (author)

  16. Audit Characteristics for Information System Security

    OpenAIRE

    Marius POPA; Mihai DOINEA

    2007-01-01

    The paper presents the main aspects regarding the development of the information security and assurance of their security. The information systems, standards and audit processes definitions are offered. There are presented the most important security standards used in information system security assessment

  17. Security-based rescheduling of transactions in a deregulated power system

    International Nuclear Information System (INIS)

    David, A.K.; Fang, R.S.

    1999-01-01

    The paper studies security-driven rescheduling in the context of electricity supply industry restructuring. Given that price-based operation is encouraged in an open-market system and that bilateral and pool contracts may coexist within this system, a mathematical methodology to reschedule these transactions, when required for security-related reasons, is developed. The post-contingency corrective capability of each transaction is considered and an attempt is made to achieve optimal rescheduling both for preventive and for post-contingency control. The computational results are helpful for providing an insight into the security challenges faced by an independent system operator in the emerging market structures. (author)

  18. Secure integrated circuits and systems

    CERN Document Server

    Verbauwhede, Ingrid MR

    2010-01-01

    On any advanced integrated circuit or 'system-on-chip' there is a need for security. In many applications the actual implementation has become the weakest link in security rather than the algorithms or protocols. The purpose of the book is to give the integrated circuits and systems designer an insight into the basics of security and cryptography from the implementation point of view. As a designer of integrated circuits and systems it is important to know both the state-of-the-art attacks as well as the countermeasures. Optimizing for security is different from optimizations for speed, area,

  19. Applying Trusted Network Technology To Process Control Systems

    Science.gov (United States)

    Okhravi, Hamed; Nicol, David

    Interconnections between process control networks and enterprise networks expose instrumentation and control systems and the critical infrastructure components they operate to a variety of cyber attacks. Several architectural standards and security best practices have been proposed for industrial control systems. However, they are based on older architectures and do not leverage the latest hardware and software technologies. This paper describes new technologies that can be applied to the design of next generation security architectures for industrial control systems. The technologies are discussed along with their security benefits and design trade-offs.

  20. Security systems engineering overview

    Science.gov (United States)

    Steele, Basil J.

    1997-01-01

    Crime prevention is on the minds of most people today. The concern for public safety and the theft of valuable assets are being discussed at all levels of government and throughout the public sector. There is a growing demand for security systems that can adequately safeguard people and valuable assets against the sophistication of those criminals or adversaries who pose a threat. The crime in this country has been estimated at 70 billion dollars in direct costs and up to 300 billion dollars in indirect costs. Health insurance fraud alone is estimated to cost American businesses 100 billion dollars. Theft, warranty fraud, and counterfeiting of computer hardware totaled 3 billion dollars in 1994. A threat analysis is a prerequisite to any security system design to assess the vulnerabilities with respect to the anticipated threat. Having established a comprehensive definition of the threat, crime prevention, detection, and threat assessment technologies can be used to address these criminal activities. This talk will outline the process used to design a security system regardless of the level of security. This methodology has been applied to many applications including: government high security facilities; residential and commercial intrusion detection and assessment; anti-counterfeiting/fraud detection technologies; industrial espionage detection and prevention; security barrier technology.

  1. Developing Scalable Information Security Systems

    Directory of Open Access Journals (Sweden)

    Valery Konstantinovich Ablekov

    2013-06-01

    Full Text Available Existing physical security systems has wide range of lacks, including: high cost, a large number of vulnerabilities, problems of modification and support system. This paper covers an actual problem of developing systems without this list of drawbacks. The paper presents the architecture of the information security system, which operates through the network protocol TCP/IP, including the ability to connect different types of devices and integration with existing security systems. The main advantage is a significant increase in system reliability, scalability, both vertically and horizontally, with minimal cost of both financial and time resources.

  2. 33 CFR 127.705 - Security systems.

    Science.gov (United States)

    2010-07-01

    ... 33 Navigation and Navigable Waters 2 2010-07-01 2010-07-01 false Security systems. 127.705 Section 127.705 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED... Waterfront Facilities Handling Liquefied Natural Gas Security § 127.705 Security systems. The operator shall...

  3. LESSONS LEARNED FROM CYBER SECURITY ASSESSMENTS OF SCADA AND ENERGY MANAGEMENT SYSTEMS

    Energy Technology Data Exchange (ETDEWEB)

    Ray Fink

    2006-10-01

    The results from ten cyber security vulnerability assessments of process control, SCADA and energy management systems, or components of those systems were reviewed to identify common problem areas. The common vulnerabilities ranged from conventional IT security issues to specific weaknesses in control system protocols. In each vulnerability category, relative measures were assigned to the severity of the vulnerability and ease with which an attacker could exploit the vulnerability. Suggested mitigations are identified in each category. Recommended mitigations having the highest impact on reducing vulnerability are listed for asset owners and system vendors.

  4. CRITICAL INFORMATION INFRASTRUCTURE SECURITY - NETWORK INTRUSION DETECTION SYSTEMS

    Directory of Open Access Journals (Sweden)

    Cristea DUMITRU

    2011-12-01

    Full Text Available Critical Information Infrastructure security will always be difficult to ensure, just because of the features that make it irreplaceable tor other critical infrastructures normal operation. It is decentralized, interconnected interdependent, controlled by multiple actors (mainly private and incorporating diverse types of technologies. It is almost axiomatic that the disruption of the Critical Information Infrastructure affects systems located much farther away, and the cyber problems have direct consequences on the real world. Indeed the Internet can be used as a multiplier in order to amplify the effects of an attack on some critical infrastructures. Security challenges increase with the technological progress. One of the last lines of defense which comes to complete the overall security scheme of the Critical Information Infrastructure is represented by the Network Intrusion Detection Systems.

  5. Internet security information system implement method

    International Nuclear Information System (INIS)

    Liu Baoxu; Mei Jie; Xu Rongsheng; An Dehai; Yu Mingjian; Chen Xiangyang; Zheng Peng

    1999-01-01

    On the basis of analysis of the key elements that will affect the Internet Security Information System, the author takes UNIX Operating System as an example, and provides the important stages that must be considered when implementing the Internet Security Information System. An implemental model of the Internet Security Information System is given

  6. Integrating security in a group oriented distributed system

    Science.gov (United States)

    Reiter, Michael; Birman, Kenneth; Gong, LI

    1992-01-01

    A distributed security architecture is proposed for incorporation into group oriented distributed systems, and in particular, into the Isis distributed programming toolkit. The primary goal of the architecture is to make common group oriented abstractions robust in hostile settings, in order to facilitate the construction of high performance distributed applications that can tolerate both component failures and malicious attacks. These abstractions include process groups and causal group multicast. Moreover, a delegation and access control scheme is proposed for use in group oriented systems. The focus is the security architecture; particular cryptosystems and key exchange protocols are not emphasized.

  7. Wisdom Appliance Control System

    Science.gov (United States)

    Hendrick; Jheng, Jyun-Teng; Tsai, Chen-Chai; Liou, Jia-Wei; Wang, Zhi-Hao; Jong, Gwo-Jia

    2017-07-01

    Intelligent appliances wisdom involves security, home care, convenient and energy saving, but the home automation system is still one of the core unit, and also using micro-processing electronics technology to centralized and control the home electrical products and systems, such as: lighting, television, fan, air conditioning, stereo, it composed of front-controller systems and back-controller panels, user using front-controller to control command, and then through the back-controller to powered the device.

  8. Deception used for Cyber Defense of Control Systems

    Energy Technology Data Exchange (ETDEWEB)

    Wayne F. Boyer; Miles A. McQueen

    2009-05-01

    Control system cyber security defense mechanisms may employ deception to make it more difficult for attackers to plan and execute successful attacks. These deceptive defense mechanisms are organized and initially explored according to a specific deception taxonomy and the seven abstract dimensions of security previously proposed as a framework for the cyber security of control systems.

  9. 75 FR 49943 - New Agency Information Collection Activity Under OMB Review: Pipeline System Operator Security...

    Science.gov (United States)

    2010-08-16

    ... INFORMATION CONTACT: Joanna Johnson, Office of Information Technology, TSA-11, Transportation Security... Collection Activity Under OMB Review: Pipeline System Operator Security Information AGENCY: Transportation... System Operator Security Information. Type of Request: New collection. OMB Control Number: Not yet...

  10. Prototype system of secure VOD

    Science.gov (United States)

    Minemura, Harumi; Yamaguchi, Tomohisa

    1997-12-01

    Secure digital contents delivery systems are to realize copyright protection and charging mechanism, and aim at secure delivery service of digital contents. Encrypted contents delivery and history (log) management are means to accomplish this purpose. Our final target is to realize a video-on-demand (VOD) system that can prevent illegal usage of video data and manage user history data to achieve a secure video delivery system on the Internet or Intranet. By now, mainly targeting client-server systems connected with enterprise LAN, we have implemented and evaluated a prototype system based on the investigation into the delivery method of encrypted video contents.

  11. An automated entry control system for nuclear facilities

    International Nuclear Information System (INIS)

    Ream, W.K.; Espinoza, J.

    1985-01-01

    An entry control system to automatically control access to nuclear facilities is described. The design uses a centrally located console, integrated into the regular security system, to monitor the computer-controlled passage into and out of sensitive areas. Four types of entry control points are used: an unmanned enclosed portal with metal and SNM detectors for contraband detection with positive personnel identification, a bypass portal for contraband search after a contraband alarm in a regular portal also with positive personnel identification, a single door entry point with positive personnel identification, and a single door entry point with only a magnetic card-type identification. Security force action is required only as a response to an alarm. The integration of the entry control function into the security system computer is also described. The interface between the entry control system and the monitoring security personnel utilizing a color graphics display with touch screen input is emphasized

  12. Europe, arms control and American security

    International Nuclear Information System (INIS)

    Burns, W.F.

    1992-01-01

    What has come to be called the Revolution of 1989 has swept away longstanding political and economic arrangements in Eastern Europe. Perhaps more important, it has also called into question the fundamental underpinnings of European security created during the nonpeace that followed World War II. In June 1990, the Warsaw Treaty Organization abandoned the notion that NATO was the ideological enemy. At the same time, NATO ministers agreed at Tunberry, Scotland, to consider defining the Atlantic Alliance as more of a partner of the Soviet Union than as an enemy. The Washington summit of May 1990 between president Mikhail Gorbachev and president George Bush further highlighted the recent changes in the Soviet Union and its former satellites. Issues going to the heart of the viability of the Soviet Union and the communist system of political and economic organization competed with German reunification as central themes. Arms control issues, particularly as they pertain in European military stability, became contingent and dependent on the development of a broader political and economic framework for a new Europe. Whether this framework is viable remains an open question as Gorbachev's role is challenged more and more within the Soviet Union. This paper deals with European arms control issues from the point of view of the United States and its own security interests. The United States involved its security inextricably with that of Western Europe as a conscious decision in the turmoil following World War II

  13. Design and Implementation of GSM Based Automated Home Security System

    Directory of Open Access Journals (Sweden)

    Love Aggarwal

    2014-05-01

    Full Text Available The Automated Home Security System aims at building a security system for common households using GSM modem, sensors and microcontroller. Since many years, impeccable security system has been the prime need of every man who owns a house. The increasing crime rate has further pressed the need for it. Our system is an initiative in this direction. The system provides security function by monitoring the surroundings at home for intruders, fire, gas leakages etc. using sensors and issue alerts to the owners and local authorities by using GSM via SMS. It provides the automation function as it can control (On/Off the various home appliances while the owners are away via SMS. Thus the Automated Home Security System is self-sufficient and can be relied upon undoubtedly. Also, it is capable of establishing two way communication with its owner so that he/she can keep a watch on his/her home via sensor information or live video streaming. A camera can be installed for continuous monitoring of the system and its surroundings. The system consists of two main parts: hardware and software. Hardware consists of Microcontroller, Sensors, Buzzer and GSM modem while software is implemented by tools using Embedded ‘C’.

  14. Security technology discussion for emergency command system of nuclear power plant

    International Nuclear Information System (INIS)

    Liu Zhenjun

    2014-01-01

    Nuclear power plant emergency command system can provide valuable data for emergency personnel, such as the unit data, weather data, environmental radiation data. In the course of emergency response, the emergency command system provides decision support to quickly and effectively control and mitigate the consequences of the nuclear accident, to avoid and reduce the dose received by staff and the public, to protect the environment and the public. There are high performance requirements on the security of the system and the data transmission. Based on the previous project and new demand after the Fukushima incident, the security technology design of emergency system in nuclear power plant was discussed. The results show that the introduction of information security technology can effectively ensure the security of emergency systems, and enhance the capacity of nuclear power plant to deal with nuclear accidents. (author)

  15. Cyber security consideration on I and C system development process

    International Nuclear Information System (INIS)

    Park, Jaek Wan; Park, Jeyun; Kim, Young Ki

    2012-01-01

    Instrumentation and control (I and C) systems in nuclear power plants collect sensor signals installed in plant fields, monitor plant performance and status, and generate signals to control instruments for plant operation and protection. Recently, digital systems of I and C are required to be protected from cyber threats. It has been reported that several plants have been attacked and malfunctioned by outside intruders. To cope with cyber attacks, various studies have been proposed in IT and plant industries. From 2006, regulatory guides and industry standards for cyber security have been published. Therefore, these guides should be strongly considered in the development process of a digital system. Our framework refers to the system development life cycle described in RG 1.152. The main activities of RG 5.71 are included in the framework appropriately. This approach supports the consistent application of system features for cyber security by incorporating the security requirements required in the operation and maintenance phases into the initial phase of development process. It is expected that the application of the framework to a new plant system design may comply with both RG 1.152 and 5.71

  16. Cyber security consideration on I and C system development process

    Energy Technology Data Exchange (ETDEWEB)

    Park, Jaek Wan; Park, Jeyun; Kim, Young Ki [KAERI, Daejeon (Korea, Republic of)

    2012-10-15

    Instrumentation and control (I and C) systems in nuclear power plants collect sensor signals installed in plant fields, monitor plant performance and status, and generate signals to control instruments for plant operation and protection. Recently, digital systems of I and C are required to be protected from cyber threats. It has been reported that several plants have been attacked and malfunctioned by outside intruders. To cope with cyber attacks, various studies have been proposed in IT and plant industries. From 2006, regulatory guides and industry standards for cyber security have been published. Therefore, these guides should be strongly considered in the development process of a digital system. Our framework refers to the system development life cycle described in RG 1.152. The main activities of RG 5.71 are included in the framework appropriately. This approach supports the consistent application of system features for cyber security by incorporating the security requirements required in the operation and maintenance phases into the initial phase of development process. It is expected that the application of the framework to a new plant system design may comply with both RG 1.152 and 5.71.

  17. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2006-01-01

    Access Control Systems and Methodology. Telecommunications and Network Security. Security Management Practices. Application Program Security. Cryptography. Computer, System, and Security Architecture. Operations Security. Business Continuity Planning and Disaster Recovery Planning. Law, Investigation and Ethics. Physical Security.

  18. Command and Control during Security Incidents/Emergencies

    Energy Technology Data Exchange (ETDEWEB)

    Knipper, W. [NSTec

    2013-10-16

    This presentation builds on our response to events that pose, or have the potential to pose, a serious security or law enforcement risk and must be responded to and controlled in a clear a decisive fashion. We will examine some common concepts in the command and control of security-centric events.

  19. The Livermore Security Console system

    International Nuclear Information System (INIS)

    Smart, J.A.

    1987-01-01

    The Console system contains multiple, redundant workstations that enable operator to monitor alarms, assess incidents, and dispatch field personnel. Each workstation is heavily computerized and incorporates automatic video switching and recording, integrated radio and telephone communications, and an advanced high-resolution map and incident-display system. Operation of the workstation is closely integrated with the map display system, allowing an operators to readily pan and zoom. Objects of security interest are overlaid on the map using color. Access to alarm sensor information, entry-control device status, and the closed-circuit television system is obtained by zooming into an area and selecting the appropriate icons or symbols on the maps. Control menus are overlaid on the map. Several large databases have been closely integrated with the map display system, providing access to information such as telephone numbers and building or room occupants. An expert system is currently being integrated with the map display system. Object state changes are interpreted by a rule-based inference engine. Incidents are overlaid on the map

  20. Hacker tracking Security system for HMI

    Science.gov (United States)

    Chauhan, Rajeev Kumar

    2011-12-01

    Conventional Supervisory control and data Acquisition (SCADA) systems use PC, notebook, thin client, and PDA as a Client. Nowadays the Process Industries are following multi shift system that's why multi- client of different category have to work at a single human Machine Interface (HMI). They may hack the HMI Display and change setting of the other client. This paper introduces a Hacker tracking security (HTS) System for HMI. This is developed by using the conventional and Biometric authentication. HTS system is developed by using Numeric passwords, Smart card, biometric, blood flow and Finger temperature. This work is also able to identify the hackers.

  1. Diversity for security: case assessment for FPGA-based safety-critical systems

    Directory of Open Access Journals (Sweden)

    Kharchenko Vyacheslav

    2016-01-01

    Full Text Available Industrial safety critical instrumentation and control systems (I&Cs are facing more with information (in general and cyber, in particular security threats and attacks. The application of programmable logic, first of all, field programmable gate arrays (FPGA in critical systems causes specific safety deficits. Security assessment techniques for such systems are based on heuristic knowledges and the expert judgment. Main challenge is how to take into account features of FPGA technology for safety critical I&Cs including systems in which are applied diversity approach to minimize risks of common cause failure. Such systems are called multi-version (MV systems. The goal of the paper is in description of the technique and tool for case-based security assessment of MV FPGA-based I&Cs.

  2. IMPLEMENTATION OF SECURITY CONTROLS ACCORDING TO ISO/IEC 27002 IN A SMALL ORGANISATION

    Directory of Open Access Journals (Sweden)

    MATÚŠ HORVÁTH

    2009-12-01

    Full Text Available Information security should be today a key issue in any organization. With the implementation of information security management system (ISMS the organization can identify and reduce risks in this area. This the area of information security management covers a numbers of ISO / IEC 27000 standards, which are based on best practice solutions. However, smaller organizations are often discourages with the implementation of these systems, because of fear of high cost and complexity. Especially due to the fact that the standards does not strictly require implementation of all security controls it is possible to implement these systems in small-size organizations. In this article, we want to point on this fact through describing practical experience with ISMS implementation in small-size organization.

  3. Security Policies for Mitigating the Risk of Load Altering Attacks on Smart Grid Systems

    Energy Technology Data Exchange (ETDEWEB)

    Ryutov, Tatyana; AlMajali, Anas; Neuman, Clifford

    2015-04-01

    While demand response programs implement energy efficiency and power quality objectives, they bring potential security threats to the Smart Grid. The ability to influence load in a system enables attackers to cause system failures and impacts the quality and integrity of power delivered to customers. This paper presents a security mechanism to monitor and control load according to a set of security policies during normal system operation. The mechanism monitors, detects, and responds to load altering attacks. We examined the security requirements of Smart Grid stakeholders and constructed a set of load control policies enforced by the mechanism. We implemented a proof of concept prototype and tested it using the simulation environment. By enforcing the proposed policies in this prototype, the system is maintained in a safe state in the presence of load drop attacks.

  4. 49 CFR 659.23 - System security plan: contents.

    Science.gov (United States)

    2010-10-01

    ... 49 Transportation 7 2010-10-01 2010-10-01 false System security plan: contents. 659.23 Section 659... State Oversight Agency § 659.23 System security plan: contents. The system security plan must, at a... system security plan; and (e) Document the rail transit agency's process for making its system security...

  5. Security systems engineering overview

    International Nuclear Information System (INIS)

    Steele, B.J.

    1996-01-01

    Crime prevention is on the minds of most people today. The concern for public safety and the theft of valuable assets are being discussed at all levels of government and throughout the public sector. There is a growing demand for security systems that can adequately safeguard people and valuable assets against the sophistication of those criminals or adversaries who pose a threat. The crime in this country has been estimated at $70 billion in direct costs and up to $300 billion in indirect costs. Health insurance fraud alone is estimated to cost American businesses $100 billion. Theft, warranty fraud, and counterfeiting of computer hardware totaled $3 billion in 1994. A threat analysis is a prerequisite to any security system design to assess the vulnerabilities with respect to the anticipated threat. Having established a comprehensive definition of the threat, crime prevention, detection, and threat assessment technologies can be used to address these criminal activities. This talk will outline the process used to design a security system regardless of the level of security. This methodology has been applied to many applications including: government high security facilities; residential and commercial intrusion detection and assessment; anti-counterfeiting/fraud detection technologies (counterfeit currency, cellular phone billing, credit card fraud, health care fraud, passport, green cards, and questionable documents); industrial espionage detection and prevention (intellectual property, computer chips, etc.); and security barrier technology (creation of delay such as gates, vaults, etc.)

  6. Innovative protection and control systems for a reliable and secure operation of electrical transmission systems; Innovative Schutz- und Leitsysteme zur zuverlaessigen und sicheren elektrischen Energieuebertragung

    Energy Technology Data Exchange (ETDEWEB)

    Mueller, Sven C.; Kubis, Adreas; Rehtanz, Christian [Technische Univ. Dortmund (Germany). Inst. fuer Energiesysteme, Energieeffizienz und Energiewirtschaft (ie3); Brato, Sebastian; Goetze, Juergen [Technische Univ. Dortmund (Germany). Arbeitsgebiet Datentechnik

    2012-07-01

    The integration of European electricity markets as well as the increasing power feed-in by renewable energy sources pose new challenges to the operation of electrical transmission systems. Modern protection and control systems based on wide-area information can substantially contribute to a reliable and secure system operation even against the background of future demands. In this paper research advances regarding new applications for wide-area monitoring, protection and control as well as an integrated simulation for power and ICT systems are presented that have been developed in the course of DFG research unit FOR1511 at TU Dortmund. (orig.)

  7. Control systems under attack?

    CERN Document Server

    Lüders, Stefan

    2005-01-01

    The enormous growth of the Internet during the last decade offers new means to share and distribute both information and data. In Industry, this results in a rapprochement of the production facilities, i.e. their Process Control and Automation Systems, and the data warehouses. At CERN, the Internet opens the possibility to monitor and even control (parts of) the LHC and its four experiments remotely from anywhere in the world. However, the adoption of standard IT technologies to Distributed Process Control and Automation Systems exposes inherent vulnerabilities to the world. The Teststand On Control System Security at CERN (TOCSSiC) is dedicated to explore the vulnerabilities of arbitrary Commercial-Of-The-Shelf hardware devices connected to standard Ethernet. As such, TOCSSiC should discover their vulnerabilities, point out areas of lack of security, and address areas of improvement which can then be confidentially communicated to manufacturers. This paper points out risks of accessing the Control and Automa...

  8. Integrating Security in Real-Time Embedded Systems

    Science.gov (United States)

    2017-04-26

    Operations and Reports (0704-0188), 1215 Jefferson Davis Highway, Suite 1204, Arl ington, VA 22202-4302. Respondents should be aware that... operate without impacting the tinting and safety constraints of the control logic. Besides, the embedded nature of these systems limits the...only during slack times when no other real-time tasks are rwming. We propose to measure the security of the system by means of the achievable periodic

  9. Cyber Incidents Involving Control Systems

    Energy Technology Data Exchange (ETDEWEB)

    Robert J. Turk

    2005-10-01

    The Analysis Function of the US-CERT Control Systems Security Center (CSSC) at the Idaho National Laboratory (INL) has prepared this report to document cyber security incidents for use by the CSSC. The description and analysis of incidents reported herein support three CSSC tasks: establishing a business case; increasing security awareness and private and corporate participation related to enhanced cyber security of control systems; and providing informational material to support model development and prioritize activities for CSSC. The stated mission of CSSC is to reduce vulnerability of critical infrastructure to cyber attack on control systems. As stated in the Incident Management Tool Requirements (August 2005) ''Vulnerability reduction is promoted by risk analysis that tracks actual risk, emphasizes high risk, determines risk reduction as a function of countermeasures, tracks increase of risk due to external influence, and measures success of the vulnerability reduction program''. Process control and Supervisory Control and Data Acquisition (SCADA) systems, with their reliance on proprietary networks and hardware, have long been considered immune to the network attacks that have wreaked so much havoc on corporate information systems. New research indicates this confidence is misplaced--the move to open standards such as Ethernet, Transmission Control Protocol/Internet Protocol, and Web technologies is allowing hackers to take advantage of the control industry's unawareness. Much of the available information about cyber incidents represents a characterization as opposed to an analysis of events. The lack of good analyses reflects an overall weakness in reporting requirements as well as the fact that to date there have been very few serious cyber attacks on control systems. Most companies prefer not to share cyber attack incident data because of potential financial repercussions. Uniform reporting requirements will do much to make this

  10. Shared Electronic Health Record Systems: Key Legal and Security Challenges.

    Science.gov (United States)

    Christiansen, Ellen K; Skipenes, Eva; Hausken, Marie F; Skeie, Svein; Østbye, Truls; Iversen, Marjolein M

    2017-11-01

    Use of shared electronic health records opens a whole range of new possibilities for flexible and fruitful cooperation among health personnel in different health institutions, to the benefit of the patients. There are, however, unsolved legal and security challenges. The overall aim of this article is to highlight legal and security challenges that should be considered before using shared electronic cooperation platforms and health record systems to avoid legal and security "surprises" subsequent to the implementation. Practical lessons learned from the use of a web-based ulcer record system involving patients, community nurses, GPs, and hospital nurses and doctors in specialist health care are used to illustrate challenges we faced. Discussion of possible legal and security challenges is critical for successful implementation of shared electronic collaboration systems. Key challenges include (1) allocation of responsibility, (2) documentation routines, (3) and integrated or federated access control. We discuss and suggest how challenges of legal and security aspects can be handled. This discussion may be useful for both current and future users, as well as policy makers.

  11. Pitfalls and Security Measures for the Mobile EMR System in Medical Facilities.

    Science.gov (United States)

    Yeo, Kiho; Lee, Keehyuck; Kim, Jong-Min; Kim, Tae-Hun; Choi, Yong-Hoon; Jeong, Woo-Jin; Hwang, Hee; Baek, Rong Min; Yoo, Sooyoung

    2012-06-01

    The goal of this paper is to examine the security measures that should be reviewed by medical facilities that are trying to implement mobile Electronic Medical Record (EMR) systems designed for hospitals. The study of the security requirements for a mobile EMR system is divided into legal considerations and sectional security investigations. Legal considerations were examined with regard to remote medical services, patients' personal information and EMR, medical devices, the establishment of mobile systems, and mobile applications. For the 4 sectional security investigations, the mobile security level SL-3 from the Smartphone Security Standards of the National Intelligence Service (NIS) was used. From a compliance perspective, legal considerations for various laws and guidelines of mobile EMR were executed according to the model of the legal considerations. To correspond to the SL-3, separation of DMZ and wireless network is needed. Mobile access servers must be located in only the smartphone DMZ. Furthermore, security measures like 24-hour security control, WIPS, VPN, MDM, and ISMS for each section are needed to establish a secure mobile EMR system. This paper suggested a direction for applying regulatory measures to strengthen the security of a mobile EMR system in accordance with the standard security requirements presented by the Smartphone Security Guideline of the NIS. A future study on the materialization of these suggestions after their application at actual medical facilities can be used as an illustrative case to determine the degree to which theory and reality correspond with one another.

  12. EMCAS, an evaluation methodology for safeguards and security systems

    International Nuclear Information System (INIS)

    Eggers, R.F.; Giese, E.W.; Bichl, F.J.

    1987-01-01

    EMCAS is an evaluation methodology for safeguards and security systems. It provides a score card of projected or actual system performance for several areas of system operation. In one area, the performance of material control and accounting and security systems, which jointly defend against the insider threat to divert or steal special nuclear material (SNM) using stealth and deceit, is evaluated. Time-dependent and time-independent risk equations are used for both diversion and theft risk calculations. In the case of loss detection by material accounting, a detailed timeliness model is provided to determine the combined effects of loss detection sensitivity and timeliness on the overall effectiveness of the material accounting detection procedure. Calculated risks take into account the capabilities of process area containment/surveillance, material accounting mass balance tests, and physical protection barriers and procedures. In addition, EMCAS evaluates the Material Control and Accounting (MCandA) System in the following areas: (1) system capability to detect errors in the official book inventory of SNM, using mass balance accounting methods, (2) system capability to prevent errors from entering the nuclear material data base during periods of operation between mass balance tests, (3) time to conduct inventories and resolve alarms, and (4) time lost from production to carry out material control and accounting loss detection activities

  13. Function allocation in distributed safeguards and security systems

    International Nuclear Information System (INIS)

    Barlich, G.L.

    1991-01-01

    Computerized distributed systems are being used to collect and manage data for activities such as nuclear materials accounting, process control, laboratory coordination, and security. Poor choices made in allocating functions to individual processors can make a system unusable by burdening machines with excessive network retrievals and updates. During system design phases, data allocation algorithms based on operation frequencies, field sizes, security information, and reliability requirements can be applied in sensitivity studies to mathematically ensure processor efficiency. The Los Alamos Network Design System (NDS) implements such an allocation algorithm. The authors analyzed a large, existing distributed system to test the cost functions and to compare actual network problems with NDS results. Several common configurations were also designed and studied using the software. From these studies, some basic principles for allocating functions emerged. In this paper recommendations for function allocation in generic systems and related design options are discussed

  14. Fourth Dutch Process Security Control Event

    NARCIS (Netherlands)

    Luiijf, H.A.M.; Zielstra, A.

    2010-01-01

    On December 1st, 2009, the fourth Dutch Process Control Security Event took place in Baarn, The Netherlands. The security event with the title ‘Manage IT!’ was organised by the Dutch National Infrastructure against Cybercrime (NICC). Mid of November, a group of over thirty people participated in the

  15. SPring-8 beamline control system.

    Science.gov (United States)

    Ohata, T; Konishi, H; Kimura, H; Furukawa, Y; Tamasaku, K; Nakatani, T; Tanabe, T; Matsumoto, N; Ishii, M; Ishikawa, T

    1998-05-01

    The SPring-8 beamline control system is now taking part in the control of the insertion device (ID), front end, beam transportation channel and all interlock systems of the beamline: it will supply a highly standardized environment of apparatus control for collaborative researchers. In particular, ID operation is very important in a third-generation synchrotron light source facility. It is also very important to consider the security system because the ID is part of the storage ring and is therefore governed by the synchrotron ring control system. The progress of computer networking systems and the technology of security control require the development of a highly flexible control system. An interlock system that is independent of the control system has increased the reliability. For the beamline control system the so-called standard model concept has been adopted. VME-bus (VME) is used as the front-end control system and a UNIX workstation as the operator console. CPU boards of the VME-bus are RISC processor-based board computers operated by a LynxOS-based HP-RT real-time operating system. The workstation and the VME are linked to each other by a network, and form the distributed system. The HP 9000/700 series with HP-UX and the HP 9000/743rt series with HP-RT are used. All the controllable apparatus may be operated from any workstation.

  16. Secure system design and trustable computing

    CERN Document Server

    Potkonjak, Miodrag

    2016-01-01

    This book provides the foundations for understanding hardware security and trust, which have become major concerns for national security over the past decade.  Coverage includes issues related to security and trust in a variety of electronic devices and systems related to the security of hardware, firmware and software, spanning system applications, online transactions, and networking services.  This serves as an invaluable reference to the state-of-the-art research that is of critical significance to the security of, and trust in, modern society’s microelectronic-supported infrastructures.

  17. IT Security Aspects of Industrial Control Systems

    Directory of Open Access Journals (Sweden)

    Peter Holecko

    2006-01-01

    Full Text Available This paper discusses a set of general network system architectures for industrial process control systems as well as vulnerabilities related to these systems and the IT threats these systems are exposed to from the point of view of Common Criteria methodology and ITU-T recommendation X.805.

  18. Intelligent monitoring, control, and security of critical infrastructure systems

    CERN Document Server

    Polycarpou, Marios

    2015-01-01

    This book describes the challenges that critical infrastructure systems face, and presents state of the art solutions to address them. How can we design intelligent systems or intelligent agents that can make appropriate real-time decisions in the management of such large-scale, complex systems? What are the primary challenges for critical infrastructure systems? The book also provides readers with the relevant information to recognize how important infrastructures are, and their role in connection with a society’s economy, security and prosperity. It goes on to describe state-of-the-art solutions to address these points, including new methodologies and instrumentation tools (e.g. embedded software and intelligent algorithms) for transforming and optimizing target infrastructures. The book is the most comprehensive resource to date for professionals in both the private and public sectors, while also offering an essential guide for students and researchers in the areas of modeling and analysis of critical in...

  19. A secure and synthesis tele-ophthalmology system.

    Science.gov (United States)

    Wei, Zhuo; Wu, Yongdong; Deng, Robert H; Yu, Shengsheng; Yao, Haixia; Zhao, Zhigang; Ngoh, Lek Heng; Han, Lim Tock; Poh, Eugenie W T

    2008-10-01

    This paper describes a secure and synthesis ophthalmology telemedicine system, referred to as TeleOph. Under a Secure Socket Layer (SSL) channel, patient prerecorded data can be safely transferred via the Internet. With encrypted videoconference and white-board, the system not only supports hospital-to-clinic consultation, but also supplies hospital-tohospital joint discussion. Based on Directshow technology (Microsoft Corporation, Redmond, WA), video cameras connected to the computer by firewire can be captured and controlled to sample video data. By using TWAIN technology, the system automatically identifies networked still cameras (on fundus and slitlamp devices) and retrieves images. All the images are stored in a selected format (such as JPEG, DICOM, BMP). Besides offline-transferring prerecorded data, the system also supplies online sampling of patient data (real-time capturing from remote places). The system was deployed at Tan Tock Seng Hospital, Singapore and Ang Mo Kio, Singapore, where 100 patients were enrolled in the system for examination. TeleOph can be successfully used for patient consultation, and hospital joint discussion. Meanwhile, TeleOph can supply both offline and online sampling of patient data.

  20. A sensor monitoring system for telemedicine, safety and security applications

    Science.gov (United States)

    Vlissidis, Nikolaos; Leonidas, Filippos; Giovanis, Christos; Marinos, Dimitrios; Aidinis, Konstantinos; Vassilopoulos, Christos; Pagiatakis, Gerasimos; Schmitt, Nikolaus; Pistner, Thomas; Klaue, Jirka

    2017-02-01

    A sensor system capable of medical, safety and security monitoring in avionic and other environments (e.g. homes) is examined. For application inside an aircraft cabin, the system relies on an optical cellular network that connects each seat to a server and uses a set of database applications to process data related to passengers' health, safety and security status. Health monitoring typically encompasses electrocardiogram, pulse oximetry and blood pressure, body temperature and respiration rate while safety and security monitoring is related to the standard flight attendance duties, such as cabin preparation for take-off, landing, flight in regions of turbulence, etc. In contrast to previous related works, this article focuses on the system's modules (medical and safety sensors and associated hardware), the database applications used for the overall control of the monitoring function and the potential use of the system for security applications. Further tests involving medical, safety and security sensing performed in an real A340 mock-up set-up are also described and reference is made to the possible use of the sensing system in alternative environments and applications, such as health monitoring within other means of transport (e.g. trains or small passenger sea vessels) as well as for remotely located home users, over a wired Ethernet network or the Internet.

  1. Adversary characterization for security system evaluation

    International Nuclear Information System (INIS)

    Suber, L.A. Jr.

    1976-04-01

    Evaluation of security systems effectiveness requires a definition of adversary capabilities, but an objective basis for such a definition has been lacking. A system of adversary attributes is proposed in which any desired adversary may be synthesized by selection of the appropriate level of capability from each attribute or category. In use, the synthesized adversaries will be pitted against a security system in an evaluation model, thus allowing comparison of other adversary or security system configurations

  2. A systematic literature review on security and privacy of electronic health record systems: technical perspectives.

    Science.gov (United States)

    Rezaeibagha, Fatemeh; Win, Khin Than; Susilo, Willy

    Even though many safeguards and policies for electronic health record (EHR) security have been implemented, barriers to the privacy and security protection of EHR systems persist. This article presents the results of a systematic literature review regarding frequently adopted security and privacy technical features of EHR systems. Our inclusion criteria were full articles that dealt with the security and privacy of technical implementations of EHR systems published in English in peer-reviewed journals and conference proceedings between 1998 and 2013; 55 selected studies were reviewed in detail. We analysed the review results using two International Organization for Standardization (ISO) standards (29100 and 27002) in order to consolidate the study findings. Using this process, we identified 13 features that are essential to security and privacy in EHRs. These included system and application access control, compliance with security requirements, interoperability, integration and sharing, consent and choice mechanism, policies and regulation, applicability and scalability and cryptography techniques. This review highlights the importance of technical features, including mandated access control policies and consent mechanisms, to provide patients' consent, scalability through proper architecture and frameworks, and interoperability of health information systems, to EHR security and privacy requirements.

  3. Security guide for subcontractors

    Energy Technology Data Exchange (ETDEWEB)

    Adams, R.C.

    1991-01-01

    This security guide of the Department of Energy covers contractor and subcontractor access to DOE and Mound facilities. The topics of the security guide include responsibilities, physical barriers, personnel identification system, personnel and vehicular access controls, classified document control, protecting classified matter in use, storing classified matter repository combinations, violations, security education clearance terminations, security infractions, classified information nondisclosure agreement, personnel security clearances, visitor control, travel to communist-controlled or sensitive countries, shipment security, and surreptitious listening devices.

  4. Constructing Secure Mobile Agent Systems Using the Agent Operating System

    NARCIS (Netherlands)

    van t Noordende, G.J.; Overeinder, B.J.; Timmer, R.J.; Brazier, F.M.; Tanenbaum, A.S.

    2009-01-01

    Designing a secure and reliable mobile agent system is a difficult task. The agent operating system (AOS) is a building block that simplifies this task. AOS provides common primitives required by most mobile agent middleware systems, such as primitives for secure communication, secure and

  5. Enabling Dynamic Security Management of Networked Systems via Device-Embedded Security (Self-Securing Devices)

    National Research Council Canada - National Science Library

    Ganger, Gregory R

    2007-01-01

    This report summarizes the results of the work on the AFOSR's Critical Infrastructure Protection Program project, entitled Enabling Dynamic Security Management of Networked Systems via Device-Embedded Security...

  6. 76 FR 81359 - National Security Personnel System

    Science.gov (United States)

    2011-12-28

    ... Security Personnel System AGENCY: Department of Defense; Office of Personnel Management. ACTION: Final rule... concerning the National Security Personnel System (NSPS). Section 1113 of the National Defense Authorization... National Security Personnel System (NSPS) in regulations jointly prescribed by DOD and OPM (Office of...

  7. Security aspects of database systems implementation

    OpenAIRE

    Pokorný, Tomáš

    2009-01-01

    The aim of this thesis is to provide a comprehensive overview of database systems security. Reader is introduced into the basis of information security and its development. Following chapter defines a concept of database system security using ISO/IEC 27000 Standard. The findings from this chapter form a complex list of requirements on database security. One chapter also deals with legal aspects of this domain. Second part of this thesis offers a comparison of four object-relational database s...

  8. Pitfalls and Security Measures for the Mobile EMR System in Medical Facilities

    Science.gov (United States)

    Yeo, Kiho; Lee, Keehyuck; Kim, Jong-Min; Kim, Tae-Hun; Choi, Yong-Hoon; Jeong, Woo-Jin; Hwang, Hee; Baek, Rong Min

    2012-01-01

    Objectives The goal of this paper is to examine the security measures that should be reviewed by medical facilities that are trying to implement mobile Electronic Medical Record (EMR) systems designed for hospitals. Methods The study of the security requirements for a mobile EMR system is divided into legal considerations and sectional security investigations. Legal considerations were examined with regard to remote medical services, patients' personal information and EMR, medical devices, the establishment of mobile systems, and mobile applications. For the 4 sectional security investigations, the mobile security level SL-3 from the Smartphone Security Standards of the National Intelligence Service (NIS) was used. Results From a compliance perspective, legal considerations for various laws and guidelines of mobile EMR were executed according to the model of the legal considerations. To correspond to the SL-3, separation of DMZ and wireless network is needed. Mobile access servers must be located in only the smartphone DMZ. Furthermore, security measures like 24-hour security control, WIPS, VPN, MDM, and ISMS for each section are needed to establish a secure mobile EMR system. Conclusions This paper suggested a direction for applying regulatory measures to strengthen the security of a mobile EMR system in accordance with the standard security requirements presented by the Smartphone Security Guideline of the NIS. A future study on the materialization of these suggestions after their application at actual medical facilities can be used as an illustrative case to determine the degree to which theory and reality correspond with one another. PMID:22844648

  9. Security threat assessment of an Internet security system using attack tree and vague sets.

    Science.gov (United States)

    Chang, Kuei-Hu

    2014-01-01

    Security threat assessment of the Internet security system has become a greater concern in recent years because of the progress and diversification of information technology. Traditionally, the failure probabilities of bottom events of an Internet security system are treated as exact values when the failure probability of the entire system is estimated. However, security threat assessment when the malfunction data of the system's elementary event are incomplete--the traditional approach for calculating reliability--is no longer applicable. Moreover, it does not consider the failure probability of the bottom events suffered in the attack, which may bias conclusions. In order to effectively solve the problem above, this paper proposes a novel technique, integrating attack tree and vague sets for security threat assessment. For verification of the proposed approach, a numerical example of an Internet security system security threat assessment is adopted in this paper. The result of the proposed method is compared with the listing approaches of security threat assessment methods.

  10. Teaching RFID Information Systems Security

    Science.gov (United States)

    Thompson, Dale R.; Di, Jia; Daugherty, Michael K.

    2014-01-01

    The future cyber security workforce needs radio frequency identification (RFID) information systems security (INFOSEC) and threat modeling educational materials. A complete RFID security course with new learning materials and teaching strategies is presented here. A new RFID Reference Model is used in the course to organize discussion of RFID,…

  11. Three tenets for secure cyber-physical system design and assessment

    Science.gov (United States)

    Hughes, Jeff; Cybenko, George

    2014-06-01

    This paper presents a threat-driven quantitative mathematical framework for secure cyber-physical system design and assessment. Called The Three Tenets, this originally empirical approach has been used by the US Air Force Research Laboratory (AFRL) for secure system research and development. The Tenets were first documented in 2005 as a teachable methodology. The Tenets are motivated by a system threat model that itself consists of three elements which must exist for successful attacks to occur: - system susceptibility; - threat accessibility and; - threat capability. The Three Tenets arise naturally by countering each threat element individually. Specifically, the tenets are: Tenet 1: Focus on What's Critical - systems should include only essential functions (to reduce susceptibility); Tenet 2: Move Key Assets Out-of-Band - make mission essential elements and security controls difficult for attackers to reach logically and physically (to reduce accessibility); Tenet 3: Detect, React, Adapt - confound the attacker by implementing sensing system elements with dynamic response technologies (to counteract the attackers' capabilities). As a design methodology, the Tenets mitigate reverse engineering and subsequent attacks on complex systems. Quantified by a Bayesian analysis and further justified by analytic properties of attack graph models, the Tenets suggest concrete cyber security metrics for system assessment.

  12. Information Security Policy Modeling for Network Security Systems

    Directory of Open Access Journals (Sweden)

    Dmitry Sergeevich Chernyavskiy

    2014-12-01

    Full Text Available Policy management for network security systems (NSSs is one of the most topical issues of network security management. Incorrect configurations of NSSs lead to system outages and appearance of vulnerabilities. Moreover, policy management process is a time-consuming task, which includes significant amount of manual work. These factors reduce efficiency of NSSs’ utilization. The paper discusses peculiarities of policy management process and existing approaches to policy modeling, presents a model aimed to formalize policies for NSSs independently on NSSs’ platforms and select the most effective NSSs for implementation of the policies.

  13. Research of user access control for networked manufacturing system

    Institute of Scientific and Technical Information of China (English)

    ZHENG Xiao-lin; LEI Yu; CHEN De-ren

    2006-01-01

    An integrated user access control method was proposed to address the issues of security and management in networked manufacturing systems (NMS).Based on the analysis of the security issues in networked manufacturing system,an integrated user access control method composed of role-based access control (RBAC),task-based access control (TBAC),relationship-driven access control (RDAC)and coalition-based access control (CBAC) was proposed,including the hierarchical user relationship model,the reference model and the process model.The elements and their relationships were defined,and the expressions of constraints authorization were given.The extensible access control markup language (XACML) was used to implement this method.This method was used in the networked manufacturing system in the Shaoxing spinning region of China.The results show that the integrated user access control method can reduce the costs of system security maintenance and management.

  14. Designing a Secure Point-of-Sale System

    DEFF Research Database (Denmark)

    Sharp, Robin; Pedersen, Allan; Hedegaard, Anders

    2006-01-01

    This paper describes some experiences with using the ''Common Criteria for Information Security Evaluation'' as the basis for a design methodology when designing secure systems. As an example, the design process for a Point-of-Sale (POS) system is described.......This paper describes some experiences with using the ''Common Criteria for Information Security Evaluation'' as the basis for a design methodology when designing secure systems. As an example, the design process for a Point-of-Sale (POS) system is described....

  15. How to Generate Security Cameras: Towards Defence Generation for Socio-Technical Systems

    NARCIS (Netherlands)

    Gadyatskaya, Olga

    2016-01-01

    Recently security researchers have started to look into automated generation of attack trees from socio-technical system models. The obvious next step in this trend of automated risk analysis is automating the selection of security controls to treat the detected threats. However, the existing

  16. Computer access security code system

    Science.gov (United States)

    Collins, Earl R., Jr. (Inventor)

    1990-01-01

    A security code system for controlling access to computer and computer-controlled entry situations comprises a plurality of subsets of alpha-numeric characters disposed in random order in matrices of at least two dimensions forming theoretical rectangles, cubes, etc., such that when access is desired, at least one pair of previously unused character subsets not found in the same row or column of the matrix is chosen at random and transmitted by the computer. The proper response to gain access is transmittal of subsets which complete the rectangle, and/or a parallelepiped whose opposite corners were defined by first groups of code. Once used, subsets are not used again to absolutely defeat unauthorized access by eavesdropping, and the like.

  17. The enhancement of security in healthcare information systems.

    Science.gov (United States)

    Liu, Chia-Hui; Chung, Yu-Fang; Chen, Tzer-Shyong; Wang, Sheng-De

    2012-06-01

    With the progress and the development of information technology, the internal data in medical organizations have become computerized and are further established the medical information system. Moreover, the use of the Internet enhances the information communication as well as affects the development of the medical information system that a lot of medical information is transmitted with the Internet. Since there is a network within another network, when all networks are connected together, they will form the "Internet". For this reason, the Internet is considered as a high-risk and public environment which is easily destroyed and invaded so that a relevant protection is acquired. Besides, the data in the medical network system are confidential that it is necessary to protect the personal privacy, such as electronic patient records, medical confidential information, and authorization-controlled data in the hospital. As a consequence, a medical network system is considered as a network requiring high security that excellent protections and managerial strategies are inevitable to prevent illegal events and external attacks from happening. This study proposes secure medical managerial strategies being applied to the network environment of the medical organization information system so as to avoid the external or internal information security events, allow the medical system to work smoothly and safely that not only benefits the patients, but also allows the doctors to use it more conveniently, and further promote the overall medical quality. The objectives could be achieved by preventing from illegal invasion or medical information being stolen, protecting the completeness and security of medical information, avoiding the managerial mistakes of the internal information system in medical organizations, and providing the highly-reliable medical information system.

  18. SecMAS: Security Enhanced Monitoring and Analysis Systems for Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Ding Chao

    2016-01-01

    Full Text Available The monitoring, control, and security guarantee for the communication in the wireless sensor networks (WSNs are currently treated as three independent issues and addressed separately through specialized tools. However, most cases of WSNs applications requires the network administrator change the network configuration in a very short time to response to the change of observed phenomenon with security guarantee. To meet this requirement, we propose a security enhanced monitoring and control platform named SecMAS for WSNs, which provides the real-time visualization about network states and online reconfiguration of the network properties and behaviours in a resource-efficient way. Besides, basic cryptographic primitives and part of the anomaly detection functionalities are implemented in SecMAS to enabling the secure communication in WSNs. Furthermore, we conduct experiments to evaluate the performance of SecMAS in terms of the latency, throughput, communication overhead, and the security capacity. The experimental results demonstrate that the SecMAS system achieves stable, efficient and secure data collection with lightweight quick-response network control.

  19. Cyber Security of Industrial Control Systems

    NARCIS (Netherlands)

    Luiijf, H.A.M.; Paske, B.J. te

    2015-01-01

    Our society and its citizens depend on the undisturbed functioning of (critical) infrastructures and their services. Crucial processes in most critical infrastructures, and in many other organisations, rely on the correct and undisturbed functioning of Industrial Control Systems (ICS). A failure of

  20. Recommended Practice for Patch Management of Control Systems

    Energy Technology Data Exchange (ETDEWEB)

    Steven Tom; Dale Christiansen; Dan Berrett

    2008-12-01

    A key component in protecting a nation’s critical infrastructure and key resources is the security of control systems. The term industrial control system refers to supervisory control and data acquisition, process control, distributed control, and any other systems that control, monitor, and manage the nation’s critical infrastructure. Critical Infrastructure and Key Resources (CIKR) consists of electric power generators, transmission systems, transportation systems, dam and water systems, communication systems, chemical and petroleum systems, and other critical systems that cannot tolerate sudden interruptions in service. Simply stated, a control system gathers information and then performs a function based on its established parameters and the information it receives. The patch management of industrial control systems software used in CIKR is inconsistent at best and nonexistent at worst. Patches are important to resolve security vulnerabilities and functional issues. This report recommends patch management practices for consideration and deployment by industrial control systems owners.

  1. Perspective on Secure Development Activities and Features of Safety I and C Systems

    International Nuclear Information System (INIS)

    Kang, Youngdoo; Yu, Yeong Jin; Kim, Hyungtae; Kwon, Yong il; Park, Yeunsoo; Choo, Jaeyul; Son, Jun Young; Jeong, Choong Heui

    2015-01-01

    The Enforcement Decree of the Act on Physical Protection and Radiological Emergency (ED-APPRE) was revised December 2013 to include security requirements on computer systems at nuclear facilities to protect those systems against malicious cyber-attacks. It means Cyber-Security-related measures, controls and activities of safety I and C systems against cyber-attacks shall meet the requirements of ED-APPRE. Still regulation upon inadvertent access or non-malicious modifications to the safety I and C systems is covered under the Nuclear Safety Act. The objective of this paper is to propose KINS' regulatory perspective on secure development and features against non-malicious access or modification of safety I and C systems. Secure development activities and features aim to prevent inadvertent and non-malicious access, and to prevent unwanted action from personnel or connected systems for ensuring reliable operation of safety I and C systems. Secure development activities of safety I and C systems are life cycle activities to ensure unwanted, unneeded and undocumented code is not incorporated into the systems. Secure features shall be developed, verified and qualified throughout the development life cycle

  2. Perspective on Secure Development Activities and Features of Safety I and C Systems

    Energy Technology Data Exchange (ETDEWEB)

    Kang, Youngdoo; Yu, Yeong Jin; Kim, Hyungtae; Kwon, Yong il; Park, Yeunsoo; Choo, Jaeyul; Son, Jun Young; Jeong, Choong Heui [Korea Institute of Nuclear Safety, Daejeon (Korea, Republic of)

    2015-05-15

    The Enforcement Decree of the Act on Physical Protection and Radiological Emergency (ED-APPRE) was revised December 2013 to include security requirements on computer systems at nuclear facilities to protect those systems against malicious cyber-attacks. It means Cyber-Security-related measures, controls and activities of safety I and C systems against cyber-attacks shall meet the requirements of ED-APPRE. Still regulation upon inadvertent access or non-malicious modifications to the safety I and C systems is covered under the Nuclear Safety Act. The objective of this paper is to propose KINS' regulatory perspective on secure development and features against non-malicious access or modification of safety I and C systems. Secure development activities and features aim to prevent inadvertent and non-malicious access, and to prevent unwanted action from personnel or connected systems for ensuring reliable operation of safety I and C systems. Secure development activities of safety I and C systems are life cycle activities to ensure unwanted, unneeded and undocumented code is not incorporated into the systems. Secure features shall be developed, verified and qualified throughout the development life cycle.

  3. Cyber Security Penetration Test for Digital Safety I and C Systems

    International Nuclear Information System (INIS)

    Lee, C. K.; Kim, D. H.; Kwon, K. C.; Joo, H. K.; Song, J. S.

    2010-01-01

    In the Korea Nuclear I and C Systems Development project the platforms for plant protection systems are developed, which function as a reactor shutdown, actuation of engineered safety features and a control of the related equipment. Those are fully digitalized through the use of safety-grade programmable logic controllers (PLCs) and few types of communication network. However the Regulatory Guide 1.152 (Rev. 02) was published by the U.S. NRC in 2006 and it recommended the application of a cyber security to the safety systems in the Nuclear Power Plant (NPP). Therefore to incorporate the new licensing requirement, a cyber security risk assessment is performed for the platforms. Then the vulnerabilities identified by the risk assessment are validated by penetration test. This paper summarizes test scenario, test results and their incorporation into system design

  4. An Investigation of Secure Remote Instrument Control

    Energy Technology Data Exchange (ETDEWEB)

    Schissel, D.; Abla, G.; Penaflor, B. [General Atomics, San Diego (United States); Ciarlette, D. [Oak Ridge National Laboratory, Oak Ridge (United States)

    2009-07-01

    This paper examines the computer science issues associated with secure remote instrumentation control for magnetic fusion experiments. Computer science research into enhancing the ability to scientifically participate in a fusion experiment remotely has been growing in size in an attempt to better address the needs of fusion scientists worldwide. The natural progression of this research is to examine how to move from remote scientific participation to remote hardware control. The vision is to define a gatekeeper software system that will be the only channel of interaction for incoming requests to the experimental site. The role of the gatekeeper is to validate the identification and access privilege of the requester and to insure the validity of the proposed request. The vision for the gatekeeper is that it be a modular system that is simple in design and defined in a way that makes its implementation and operation transparent and obvious. The architecture of the module interface is flexible enough that it can easily allow the future addition of new modules. At the same time, it should be transparent to end-users and allow a high volume of activity so as to not provide a work bottleneck. Appropriate security requires the ability to verify identity (authentication), verify access control (authorization), and validate the appropriateness of requests. The validation process can include provenance and semantic methodologies. The results of the gatekeeper design and initial prototype testing will be presented as well as a discussion on the implication of this research on the operation of fusion experimental machines such as ITER. (authors)

  5. EMCAS: An evaluation methodology for safeguards and security systems

    International Nuclear Information System (INIS)

    Eggers, R.F.; Giese, E.W.; Bichl, F.J.

    1987-01-01

    EMCAS is an evaluation methodology for safeguards and security systems. It provides a score card of projected or actual system performance for several areas of system operation. In one area, the performance of material control and accounting and security systems, which jointly defend against the insider threat to divert or steal special nuclear material (SNM) using stealth and deceit, is evaluated. Time-dependent and time-independent risk equations are used for both diversion and theft risk calculations. In the case of loss detection by material accounting, a detailed timeliness model is provided to determine the combined effects of loss detection sensitivity and timeliness on the overall effectiveness of the material accounting detection procedure. Calculated risks take into account the capabilities of process area containment/surveillance, material accounting mass balance tests, and physical protection barriers and procedures. In addition, EMCAS evaluates the Material Control and Accounting (MC and A) System in the following areas: (1) system capability to detect errors in the official book inventory of SNM, using mass balance accounting methods, (2) system capability to prevent errors from entering the nuclear material data base during periods of operation between mass balance tests, (3) time to conduct inventories and resolve alarms, and (4) time lost from production to carry out material control and accounting loss detection activities. 3 figs., 5 tabs

  6. Distributed security in closed distributed systems

    DEFF Research Database (Denmark)

    Hernandez, Alejandro Mario

    properties. This is also restricted to distributed systems in which the set of locations is known a priori. All this follows techniques borrowed from both the model checking and the static analysis communities. In the end, we reach a step towards solving the problem of enforcing security in distributed...... systems. We achieve the goal of showing how this can be done, though we restrict ourselves to closed systems and with a limited set of enforceable security policies. In this setting, our approach proves to be efficient. Finally, we achieve all this by bringing together several fields of Computer Science......The goal of the present thesis is to discuss, argue and conclude about ways to provide security to the information travelling around computer systems consisting of several known locations. When developing software systems, security of the information managed by these plays an important role...

  7. Advanced I and C system of security level for nuclear power station

    International Nuclear Information System (INIS)

    Liu Yanyang

    2001-01-01

    Advanced I and C system of security level using for PWR developed by Framatome and Schneider collective, SPINLINE3, are introduced. The technology is used to outside reactor nuclear measurement system in Qinshan II period. It's succeed benefits by Framatome and Schneider's more years development experience in nuclear power station digitallization security level I and C system field, which improve security and reliability of PWR, and, easy operation and maintains. SPINLINE3 based on digitallization and modularization technical proposal, and covered entireness reactor protect system and correlative control system. The paper also introduce CLARISSE (computer aided design aid) and SCADE (embedded software aid) for developing SPINLINE3. SPINLINE3 fills correlative IS and rule, based on software and hardware unit which certificate and launch into operation. After brief review of Framatome and Schneider's experience, the paper are introducing design guideline, application technology and how to fill demand of security level I and C system

  8. Accounting and Control in Ensuring Economic Security of the Organizations of Perm Region

    Directory of Open Access Journals (Sweden)

    Vyacheslav Valetyevich Epishin

    2016-09-01

    Full Text Available The article deals with the urgent problem concerning the regional development as well as the specific organization, or to the development of an integrated system of economic security of the organization. The article discusses the importance of such an element of economic security (including the financial security as the accounting and control as well as their possible violations. The authors substantiate their position on the relationship of the violations of accounting and control and also the internal theft, other economic crimes and their negative consequences. The analysis of the existing national and foreign sources related to the subject of the study is carried out. The conclusion is made about the lack of modern research devoted to the study of the protective properties of accounting, control and their violations, which condition economic crimes. The methodological tools of the research include dialectic method, systemic analysis, complex sociological methods: the analysis of the legal sources, of statistical information and judicial practice. On the basis of the analysis of criminal cases, financial statements, publications media, the authors made the conclusion about the conditionality of the theft in the organizations as there are the violations of accounting and control, low efficiency of control and auditing, of preventive measures for neutralization of the violations of accounting and control from the services of economic security, accounting offices, auditing and law enforcement services. The recommendations for the optimization of this work are introduced. They can be used by accounting departments, auditing bodies, fiscal authorities at the municipal and regional level and by law enforcement officials. The economic security is necessary for any organizations regardless of their forms of ownership, ranging from government organizations to small kiosks. The difference will only consist in the means and methods.

  9. The electronic security partnership of safety/security and information systems departments.

    Science.gov (United States)

    Yow, J Art

    2012-01-01

    The ever-changing world of security electronics is reviewed in this article. The author focuses on its usage in a hospital setting and the need for safety/security and information systems departments to work together to protect and get full value from IP systems.

  10. Windows 2012 Server network security securing your Windows network systems and infrastructure

    CERN Document Server

    Rountree, Derrick

    2013-01-01

    Windows 2012 Server Network Security provides the most in-depth guide to deploying and maintaining a secure Windows network. The book drills down into all the new features of Windows 2012 and provides practical, hands-on methods for securing your Windows systems networks, including: Secure remote access Network vulnerabilities and mitigations DHCP installations configuration MAC filtering DNS server security WINS installation configuration Securing wired and wireless connections Windows personal firewall

  11. Synchronization of the chaotic secure communication system with output state delay

    International Nuclear Information System (INIS)

    Changchien, S.-K.; Huang, C.-K.; Nien, H.-H.; Shieh, H.-W.

    2009-01-01

    In this paper, we utilize a proper Lyapunov function and Lyapunov theorem, combined with LMIs method, in order to design a controller L, which ensures the synchronization between the transmission and the reception ends of the chaotic secure communication system with time-delay of output state. Meanwhile, for the purpose of increasing communication security, we encrypt and decrypt the original to-be-transmitted message with the techniques of n-shift cipher and public key. The result of simulation shows that the proposed method is able to synchronize the transmission and the reception ends of the system, and moreover, to recover the original message at the reception end. Therefore, the method proposed in this paper is effective and feasible to apply in the chaotic secure communication system.

  12. The method of a joint intraday security check system based on cloud computing

    Science.gov (United States)

    Dong, Wei; Feng, Changyou; Zhou, Caiqi; Cai, Zhi; Dan, Xu; Dai, Sai; Zhang, Chuancheng

    2017-01-01

    The intraday security check is the core application in the dispatching control system. The existing security check calculation only uses the dispatch center’s local model and data as the functional margin. This paper introduces the design of all-grid intraday joint security check system based on cloud computing and its implementation. To reduce the effect of subarea bad data on the all-grid security check, a new power flow algorithm basing on comparison and adjustment with inter-provincial tie-line plan is presented. And the numerical example illustrated the effectiveness and feasibility of the proposed method.

  13. Secure Web-based Ground System User Interfaces over the Open Internet

    Science.gov (United States)

    Langston, James H.; Murray, Henry L.; Hunt, Gary R.

    1998-01-01

    A prototype has been developed which makes use of commercially available products in conjunction with the Java programming language to provide a secure user interface for command and control over the open Internet. This paper reports successful demonstration of: (1) Security over the Internet, including encryption and certification; (2) Integration of Java applets with a COTS command and control product; (3) Remote spacecraft commanding using the Internet. The Java-based Spacecraft Web Interface to Telemetry and Command Handling (Jswitch) ground system prototype provides these capabilities. This activity demonstrates the use and integration of current technologies to enable a spacecraft engineer or flight operator to monitor and control a spacecraft from a user interface communicating over the open Internet using standard World Wide Web (WWW) protocols and commercial off-the-shelf (COTS) products. The core command and control functions are provided by the COTS Epoch 2000 product. The standard WWW tools and browsers are used in conjunction with the Java programming technology. Security is provided with the current encryption and certification technology. This system prototype is a step in the direction of giving scientist and flight operators Web-based access to instrument, payload, and spacecraft data.

  14. Application of smart cards in physical and information security systems

    International Nuclear Information System (INIS)

    Dreifus, H.N.

    1988-01-01

    Smart Cards, integrated circuits embedded into credit cards, have been proposed for many computer and physical security applications. The cards have shown promise in improving both the security and monitoring of systems ranging from computer network identification through physical protection and access control. With the increasing computational power embedded within these cards, advanced encryption techniques such as public key cryptography can now be realized, enabling more sophisticated uses

  15. Information Systems Security: Whose Responsibility? | Senzige ...

    African Journals Online (AJOL)

    ... compounded by the increasingly international nature of information systems, this responsibility still rests with managers only. This paper looks at security concerns related to information systems, identifies the threats and suggests how the security of information systems should be handled. African Journal of Finance and ...

  16. 8 CFR 103.34 - Security of records systems.

    Science.gov (United States)

    2010-01-01

    ... 8 Aliens and Nationality 1 2010-01-01 2010-01-01 false Security of records systems. 103.34 Section 103.34 Aliens and Nationality DEPARTMENT OF HOMELAND SECURITY IMMIGRATION REGULATIONS POWERS AND DUTIES; AVAILABILITY OF RECORDS § 103.34 Security of records systems. The security of records systems...

  17. Report: Improvements Needed in Key EPA Information System Security Practices

    Science.gov (United States)

    Report #10-P-0146, June 15, 2010. Williams Adley found that EPA program offices lacked evidence that they planned and executed tests of information system security controls as required by federal requirements.

  18. Polish Security Printing Works in the system of public and economic security

    OpenAIRE

    Remigiusz Lewandowski

    2013-01-01

    The article raises the issue of placing PWPW in the system of economic and public security. Two particular categories of security connected with PWPW business activity, i.e. identification and transactional security, have been defined and discussed in the article. The most essential factors affecting the above security categories as well as relations between identification/transactional security and economic/public security. The article indicates that PWPW plays an important role in the state...

  19. Controls Over Operating System and Security Software Supporting the Defense Finance and Accounting Service

    National Research Council Canada - National Science Library

    1993-01-01

    ... programs from one another. Security software provides access controls that restrict the use of computer resources to authorized individuals and limit those individuals to the computer resources required to perform their jobs...

  20. Cyber security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Cyber Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to cyber security metrics and measure  and related technologies that meet security needs. Specific applications to web services, the banking and the finance sector, and industrial process control systems are discussed.

  1. Fuzzy assessment of health information system users' security awareness.

    Science.gov (United States)

    Aydın, Özlem Müge; Chouseinoglou, Oumout

    2013-12-01

    Health information systems (HIS) are a specific area of information systems (IS), where critical patient data is stored and quality health service is only realized with the correct use and efficient dissemination of this data to health workers. Therefore, a balance needs to be established between the levels of security and flow of information on HIS. Instead of implementing higher levels and further mechanisms of control to increase the security of HIS, it is preferable to deal with the arguably weakest link on HIS chain with respect to security: HIS users. In order to provide solutions and approaches for transforming users to the first line of defense in HIS but also to employ capable and appropriate candidates from the pool of newly graduated students, it is important to assess and evaluate the security awareness levels and characteristics of these existing and future users. This study aims to provide a new perspective to understand the phenomenon of security awareness of HIS users with the use of fuzzy analysis, and to assess the present situation of current and future HIS users of a leading medical and educational institution of Turkey, with respect to their security characteristics based on four different security scales. The results of the fuzzy analysis, the guide on how to implement this fuzzy analysis to any health institution and how to read and interpret these results, together with the possible implications of these results to the organization are provided.

  2. Derived virtual devices: a secure distributed file system mechanism

    Science.gov (United States)

    VanMeter, Rodney; Hotz, Steve; Finn, Gregory

    1996-01-01

    This paper presents the design of derived virtual devices (DVDs). DVDs are the mechanism used by the Netstation Project to provide secure shared access to network-attached peripherals distributed in an untrusted network environment. DVDs improve Input/Output efficiency by allowing user processes to perform I/O operations directly from devices without intermediate transfer through the controlling operating system kernel. The security enforced at the device through the DVD mechanism includes resource boundary checking, user authentication, and restricted operations, e.g., read-only access. To illustrate the application of DVDs, we present the interactions between a network-attached disk and a file system designed to exploit the DVD abstraction. We further discuss third-party transfer as a mechanism intended to provide for efficient data transfer in a typical NAP environment. We show how DVDs facilitate third-party transfer, and provide the security required in a more open network environment.

  3. Control system devices : architectures and supply channels overview.

    Energy Technology Data Exchange (ETDEWEB)

    Trent, Jason; Atkins, William Dee; Schwartz, Moses Daniel; Mulder, John C.

    2010-08-01

    This report describes a research project to examine the hardware used in automated control systems like those that control the electric grid. This report provides an overview of the vendors, architectures, and supply channels for a number of control system devices. The research itself represents an attempt to probe more deeply into the area of programmable logic controllers (PLCs) - the specialized digital computers that control individual processes within supervisory control and data acquisition (SCADA) systems. The report (1) provides an overview of control system networks and PLC architecture, (2) furnishes profiles for the top eight vendors in the PLC industry, (3) discusses the communications protocols used in different industries, and (4) analyzes the hardware used in several PLC devices. As part of the project, several PLCs were disassembled to identify constituent components. That information will direct the next step of the research, which will greatly increase our understanding of PLC security in both the hardware and software areas. Such an understanding is vital for discerning the potential national security impact of security flaws in these devices, as well as for developing proactive countermeasures.

  4. Security Threat Assessment of an Internet Security System Using Attack Tree and Vague Sets

    OpenAIRE

    Kuei-Hu Chang

    2014-01-01

    Security threat assessment of the Internet security system has become a greater concern in recent years because of the progress and diversification of information technology. Traditionally, the failure probabilities of bottom events of an Internet security system are treated as exact values when the failure probability of the entire system is estimated. However, security threat assessment when the malfunction data of the system’s elementary event are incomplete—the traditional approach for ca...

  5. VA INFORMATION SYSTEMS: Computer Security Weaknesses Persist at the Veterans Health Administration

    National Research Council Canada - National Science Library

    2000-01-01

    .... To determine the status of computer security within VHA, we (1) evaluated information system general controls at the VA Maryland Health Cafe System, the New Mexico VA Health Care System, and the VA North Texas Health Care System and (2...

  6. THE SECURITY AUDIT WITHIN INFORMATION SYSTEMS

    OpenAIRE

    Dan Constantin TOFAN

    2011-01-01

    The information security audit is definitely a tool for determining, achieving, and maintaining a proper level of security in an organization. This article offers a comprehensive review of the world's most popular standards related to information systems security audit.

  7. 48 CFR 1552.235-78 - Data Security for Toxic Substances Control Act Confidential Business Information (DEC 1997).

    Science.gov (United States)

    2010-10-01

    ...: Data Security for Toxic Substances Control Act Confidential Business Information (DEC 1997) The... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Data Security for Toxic Substances Control Act Confidential Business Information (DEC 1997). 1552.235-78 Section 1552.235-78 Federal...

  8. Personal health record systems and their security protection.

    Science.gov (United States)

    Win, Khin Than; Susilo, Willy; Mu, Yi

    2006-08-01

    The objective of this study is to analyze the security protection of personal health record systems. To achieve this we have investigated different personal health record systems, their security functions, and security issues. We have noted that current security mechanisms are not adequate and we have proposed some security mechanisms to tackle these problems.

  9. An investigation of secure remote instrument control

    International Nuclear Information System (INIS)

    Schissel, D.P.; Abla, G.; Fredian, T.; Greenwald, M.; Penaflor, B.G.; Stillerman, J.; Walker, M.L.; Ciarlette, D.J.

    2010-01-01

    This paper examines the computer science issues associated with secure remote instrumentation control for magnetic fusion experiments. Computer science research into enhancing the ability to scientifically participate in a fusion experiment remotely has been growing in size in an attempt to better address the needs of fusion scientists worldwide. The natural progression of this research is to examine how to move from remote scientific participation to remote hardware control. The vision is to define a gatekeeper software system that will be the only channel of interaction for incoming requests to the secured area of the experimental site. The role of the gatekeeper is to validate the identification and access privilege of the requestor and to insure the general validity of the proposed request. The vision for the gatekeeper is that it be a modular system that is simple in design and defined in a way that makes its implementation and operation transparent and obvious. The architecture of the module interface is flexible enough that it can easily allow the future addition of new modules. At the same time, it should be transparent to end-users and allow a high volume of activity so as to not provide a work bottleneck. The results of the gatekeeper design and initial implementation are presented as well as a discussion on the implication of this research on the operation of fusion experimental machines such as ITER.

  10. An investigation of secure remote instrument control

    Energy Technology Data Exchange (ETDEWEB)

    Schissel, D.P., E-mail: schissel@fusion.gat.co [General Atomics, P.O. Box 85608, San Diego, CA 92186-5608 (United States); Abla, G. [General Atomics, P.O. Box 85608, San Diego, CA 92186-5608 (United States); Fredian, T.; Greenwald, M. [Massachusetts Institute of Technology, Cambridge, MA (United States); Penaflor, B.G. [General Atomics, P.O. Box 85608, San Diego, CA 92186-5608 (United States); Stillerman, J. [Massachusetts Institute of Technology, Cambridge, MA (United States); Walker, M.L. [General Atomics, P.O. Box 85608, San Diego, CA 92186-5608 (United States); Ciarlette, D.J. [US ITER Project Office, Oak Ridge National Laboratory, Oak Ridge, TN (United States)

    2010-07-15

    This paper examines the computer science issues associated with secure remote instrumentation control for magnetic fusion experiments. Computer science research into enhancing the ability to scientifically participate in a fusion experiment remotely has been growing in size in an attempt to better address the needs of fusion scientists worldwide. The natural progression of this research is to examine how to move from remote scientific participation to remote hardware control. The vision is to define a gatekeeper software system that will be the only channel of interaction for incoming requests to the secured area of the experimental site. The role of the gatekeeper is to validate the identification and access privilege of the requestor and to insure the general validity of the proposed request. The vision for the gatekeeper is that it be a modular system that is simple in design and defined in a way that makes its implementation and operation transparent and obvious. The architecture of the module interface is flexible enough that it can easily allow the future addition of new modules. At the same time, it should be transparent to end-users and allow a high volume of activity so as to not provide a work bottleneck. The results of the gatekeeper design and initial implementation are presented as well as a discussion on the implication of this research on the operation of fusion experimental machines such as ITER.

  11. Computer Security: your car, my control

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2015-01-01

    We have discussed the Internet of Things (IoT) and its security implications already in past issues of the CERN Bulletin, for example in “Today’s paranoia, tomorrow’s reality” (see here). Unfortunately, tomorrow has come. At this years's Black Hat conference researchers presented their findings on how easily your car can be hacked and controlled remotely. Sigh.   While these researchers have just shown that they can wirelessly hijack a Jeep Cherokee, others have performed similar studies with SmartCars, Fords, a Tesla, a Corvette, BMWs, Chryslers and Mercedes! With the increasing computerisation of cars, the engine management system, air conditioning, anti-lock braking system, electronic stability programme, etc. are linked to the infotainment, navigation and communication systems, opening the door for these vehicles to be hacked remotely. The now prevalent Bluetooth connection with smartphones is one entry vector to attack your car remotely...

  12. Conceptual design of Remote Control System for EAST tokamak

    International Nuclear Information System (INIS)

    Sun, X.Y.; Wang, F.; Wang, Y.; Li, S.

    2014-01-01

    Highlights: • A new design conception for remote control for EAST tokamak is proposed. • Rich Internet application (RIA) was selected to implement the user interface. • Some security mechanism was used to fulfill security requirement. - Abstract: The international collaboration becomes popular in tokamak research like in many other fields of science, because the experiment facilities become larger and more expensive. The traditional On-site collaboration Model that has to spend much money and time on international travel is not fit for the more frequent international collaboration. The Remote Control System (RCS), as an extension of the Central Control System for the EAST tokamak, is designed to provide an efficient and economical way to international collaboration. As a remote user interface, the RCS must integrate with the Central Control System for EAST tokamak to perform discharge control function. This paper presents a design concept delineating a few key technical issues and addressing all significant details in the system architecture design. With the aim of satisfying system requirements, the RCS will select rich Internet application (RIA) as a user interface, Java as a back-end service and Secure Socket Layer Virtual Private Network (SSL VPN) for securable Internet communication

  13. Conceptual design of Remote Control System for EAST tokamak

    Energy Technology Data Exchange (ETDEWEB)

    Sun, X.Y., E-mail: xysun@ipp.ac.cn; Wang, F.; Wang, Y.; Li, S.

    2014-05-15

    Highlights: • A new design conception for remote control for EAST tokamak is proposed. • Rich Internet application (RIA) was selected to implement the user interface. • Some security mechanism was used to fulfill security requirement. - Abstract: The international collaboration becomes popular in tokamak research like in many other fields of science, because the experiment facilities become larger and more expensive. The traditional On-site collaboration Model that has to spend much money and time on international travel is not fit for the more frequent international collaboration. The Remote Control System (RCS), as an extension of the Central Control System for the EAST tokamak, is designed to provide an efficient and economical way to international collaboration. As a remote user interface, the RCS must integrate with the Central Control System for EAST tokamak to perform discharge control function. This paper presents a design concept delineating a few key technical issues and addressing all significant details in the system architecture design. With the aim of satisfying system requirements, the RCS will select rich Internet application (RIA) as a user interface, Java as a back-end service and Secure Socket Layer Virtual Private Network (SSL VPN) for securable Internet communication.

  14. Review of Supervisory Control and Data Acquisition (SCADA) Systems

    Energy Technology Data Exchange (ETDEWEB)

    Reva Nickelson; Briam Johnson; Ken Barnes

    2004-01-01

    A review using open source information was performed to obtain data related to Supervisory Control and Data Acquisition (SCADA) systems used to supervise and control domestic electric power generation, transmission, and distribution. This report provides the technical details for the types of systems used, system disposal, cyber and physical security measures, network connections, and a gap analysis of SCADA security holes.

  15. Authenticated Secure Container System (ASCS)

    International Nuclear Information System (INIS)

    1991-01-01

    Sandia National Laboratories developed an Authenticated Secure Container System (ASCS) for the International Atomic Energy Agency (IAEA). Agency standard weights and safeguards samples can be stored in the ASCS to provide continuity of knowledge. The ASCS consists of an optically clear cover, a base containing the Authenticated Item Monitoring System (AIMS) transmitter, and the AIMS receiver unit for data collection. The ASCS will provide the Inspector with information concerning the status of the system, during a surveillance period, such as state of health, tampering attempts, and movement of the container system. The secure container is located inside a Glove Box with the receiver located remotely from the Glove Box. AIMS technology uses rf transmission from the secure container to the receiver to provide a record of state of health and tampering. The data is stored in the receiver for analysis by the Inspector during a future inspection visit. 2 refs

  16. A Protective Mechanism for the Access Control System in the Virtual Domain

    Institute of Scientific and Technical Information of China (English)

    Jinan Shen; Deqing Zou; Hai Jin; Kai Yang; Bin Yuan; Weiming Li

    2016-01-01

    In traditional framework,mandatory access control (MAC) system and malicious software are run in kernel mode.Malicious software can stop MAC systems to be started and make it do invalid.This problem cannot be solved under the traditional framework if the operating system (OS) is comprised since malwares are running in ring0 level.In this paper,we propose a novel way to use hypervisors to protect kernel integrity and the access control system in commodity operating systems.We separate the access control system into three parts:policy management (PM),security server (SS) and policy enforcement (PE).Policy management and the security server reside in the security domain to protect them against malware and the isolation feather of the hypervisor can protect them from attacks.We add an access vector cache (AVC) between SS and PE in the guest OS,in order to speed up communication between the guest OS and the security domain.The policy enforcement module is retained in the guest OS for performance.The security of AVC and PE can be ensured by using a memory protection mechanism.The goal of protecting the OS kemel is to ensure the security of the execution path.We implement the system by a modified Xen hypervisor.The result shows that we can secure the security of the access control system in the guest OS with no overhead compared with modules in the latter.Our system offers a centralized security policy for virtual domains in virtual machine environments.

  17. Biomedical devices and systems security.

    Science.gov (United States)

    Arney, David; Venkatasubramanian, Krishna K; Sokolsky, Oleg; Lee, Insup

    2011-01-01

    Medical devices have been changing in revolutionary ways in recent years. One is in their form-factor. Increasing miniaturization of medical devices has made them wearable, light-weight, and ubiquitous; they are available for continuous care and not restricted to clinical settings. Further, devices are increasingly becoming connected to external entities through both wired and wireless channels. These two developments have tremendous potential to make healthcare accessible to everyone and reduce costs. However, they also provide increased opportunity for technology savvy criminals to exploit them for fun and profit. Consequently, it is essential to consider medical device security issues. In this paper, we focused on the challenges involved in securing networked medical devices. We provide an overview of a generic networked medical device system model, a comprehensive attack and adversary model, and describe some of the challenges present in building security solutions to manage the attacks. Finally, we provide an overview of two areas of research that we believe will be crucial for making medical device system security solutions more viable in the long run: forensic data logging, and building security assurance cases.

  18. Image-based surveillance and security systems using personal computers for device aiming and digital image comparison

    International Nuclear Information System (INIS)

    Quiett, S.; Axtell, L.H.

    1987-01-01

    A detection-type security system using enhanced capability cameras or other imaging devices can aid in maintaining security from long distance and/or for large areas. To do so requires that the imaging device(s) be repeatedly and accurately positioned so that no areas are overlooked. Digital control using personal computers is the simplest method of achieving positional accuracy. The monitoring of large areas and/or a large number of areas also requires that a substantial quantity of visual information be catalogued and evaluated for potential security problems. While security personnel alone are typically used for such monitoring, as the quantity of visual information increases, the likelihood that potential security threats will be missed also increases. The ability of an image-based security system to detect potential security problems can be further increased with the use of selected image processing techniques. Utilizing personal computers for both imaging device position control as well as image processing, surveillance of large areas can be performed by a limited number of individuals with a high level of system confidence

  19. Systems security and functional readiness

    International Nuclear Information System (INIS)

    Bruckner, D.G.

    1988-01-01

    In Protective Programming Planning, it is important that every facility or installation be configured to support the basic functions and mission of the using organization. This paper addresses the process of identifying the key functional operations of our facilities in Europe and providing the security necessary to keep them operating in natural and man-made threat environments. Functional Readiness is important since many of our existing facilities in Europe were not constructed to meet the demands of today's requirements. There are increased requirements for real-time systems with classified terminals and stringent access control, tempest and other electronic protection devices. One must prioritize the operations of these systems so that essential functions are provided even when the facilities are affected by overt or covert hostile activities

  20. Developing an Undergraduate Information Systems Security Track

    Science.gov (United States)

    Sharma, Aditya; Murphy, Marianne C.; Rosso, Mark A.; Grant, Donna

    2013-01-01

    Information Systems Security as a specialized area of study has mostly been taught at the graduate level. This paper highlights the efforts of establishing an Information Systems (IS) Security track at the undergraduate level. As there were many unanswered questions and concerns regarding the Security curriculum, focus areas, the benefit of…

  1. Attack methodology Analysis: SQL Injection Attacks and Their Applicability to Control Systems

    Energy Technology Data Exchange (ETDEWEB)

    Bri Rolston

    2005-09-01

    Database applications have become a core component in control systems and their associated record keeping utilities. Traditional security models attempt to secure systems by isolating core software components and concentrating security efforts against threats specific to those computers or software components. Database security within control systems follows these models by using generally independent systems that rely on one another for proper functionality. The high level of reliance between the two systems creates an expanded threat surface. To understand the scope of a threat surface, all segments of the control system, with an emphasis on entry points, must be examined. The communication link between data and decision layers is the primary attack surface for SQL injection. This paper facilitates understanding what SQL injection is and why it is a significant threat to control system environments.

  2. InkTag: Secure Applications on an Untrusted Operating System.

    Science.gov (United States)

    Hofmann, Owen S; Kim, Sangman; Dunn, Alan M; Lee, Michael Z; Witchel, Emmett

    2013-01-01

    InkTag is a virtualization-based architecture that gives strong safety guarantees to high-assurance processes even in the presence of a malicious operating system. InkTag advances the state of the art in untrusted operating systems in both the design of its hypervisor and in the ability to run useful applications without trusting the operating system. We introduce paraverification , a technique that simplifies the InkTag hypervisor by forcing the untrusted operating system to participate in its own verification. Attribute-based access control allows trusted applications to create decentralized access control policies. InkTag is also the first system of its kind to ensure consistency between secure data and metadata, ensuring recoverability in the face of system crashes.

  3. Control of power plants and power systems. Proceedings

    International Nuclear Information System (INIS)

    Canales-Ruiz, R.

    1996-01-01

    The 88 papers in this volume constitute the proceedings of the International Federation of Automatic Control Symposium held in Mexico in 1995. The broad areas which they cover are: self tuning control; power plant operations; dynamic stability; fuzzy logic applications; power plants modelling; artificial intelligence applications; power plants simulation; voltage control; control of hydro electric units; state estimation; fault diagnosis and monitoring systems; system expansion and operation planning; security assessment; economic dispatch and optimal load flow; adaptive control; distribution; transient stability and preventive control; modelling and control of nuclear plant; knowledge data bases for automatic learning methods applied to power system dynamic security assessment; control of combined cycle units; power control centres. Separate abstracts have been prepared for the three papers relating to nuclear power plants. (UK)

  4. It Security and EO Systems

    Science.gov (United States)

    Burnett, M.

    2010-12-01

    One topic that is beginning to influence the systems that support these goals is that of Information Technology (IT) Security. Unsecure systems are vulnerable to increasing attacks and other negative consequences; sponsoring agencies are correspondingly responding with more refined policies and more stringent security requirements. These affect how EO systems can meet the goals of data and service interoperability and harmonization through open access, transformation and visualization services. Contemporary systems, including the vision of a system-of-systems (such as GEOSS, the Global Earth Observation System of Systems), utilize technologies that support a distributed, global, net-centric environment. These types of systems have a high reliance on the open systems, web services, shared infrastructure and data standards. The broader IT industry has developed and used these technologies in their business and mission critical systems for many years. Unfortunately, the IT industry, and their customers have learned the importance of protecting their assets and resources (computing and information) as they have been forced to respond to an ever increasing number and more complex illegitimate “attackers”. This presentation will offer an overview of work done by the CEOS WGISS organization in summarizing security threats, the challenges to responding to them and capturing the current state of the practice within the EO community.

  5. A Complex Systems Approach to More Resilient Multi-Layered Security Systems

    Energy Technology Data Exchange (ETDEWEB)

    Brown, Nathanael J. K. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Jones, Katherine A. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Bandlow, Alisa [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Nozick, Linda Karen [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Waddell, Lucas [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Levin, Drew [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Whetzel, Jonathan [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

    2016-09-01

    In July 2012, protestors cut through security fences and gained access to the Y-12 National Security Complex. This was believed to be a highly reliable, multi-layered security system. This report documents the results of a Laboratory Directed Research and Development (LDRD) project that created a consistent, robust mathematical framework using complex systems analysis algorithms and techniques to better understand the emergent behavior, vulnerabilities and resiliency of multi-layered security systems subject to budget constraints and competing security priorities. Because there are several dimensions to security system performance and a range of attacks that might occur, the framework is multi-objective for a performance frontier to be estimated. This research explicitly uses probability of intruder interruption given detection (PI) as the primary resilience metric. We demonstrate the utility of this framework with both notional as well as real-world examples of Physical Protection Systems (PPSs) and validate using a well-established force-on-force simulation tool, Umbra.

  6. 47 CFR 80.277 - Ship Security Alert System (SSAS).

    Science.gov (United States)

    2010-10-01

    ... 47 Telecommunication 5 2010-10-01 2010-10-01 false Ship Security Alert System (SSAS). 80.277... Security Alert System (SSAS). (a) Vessels equipped with a Ship Security Alert System pursuant to the Safety..., “RTCM Standard 11020.0—Ship Security Alert Systems (SSAS) using the Cospas-Sarsat System,” Version 1.0...

  7. Open source systems security certification

    CERN Document Server

    Damiani, Ernesto; El Ioini, Nabil

    2009-01-01

    Open Source Advances in Computer Applications book series provides timely technological and business information for: Enabling Open Source Systems (OSS) to become an integral part of systems and devices produced by technology companies; Inserting OSS in the critical path of complex network development and embedded products, including methodologies and tools for domain-specific OSS testing (lab code available), plus certification of security, dependability and safety properties for complex systems; Ensuring integrated systems, including OSS, meet performance and security requirements as well as achieving the necessary certifications, according to the overall strategy of OSS usage on the part of the adopter

  8. Graphs for information security control in software defined networks

    Science.gov (United States)

    Grusho, Alexander A.; Abaev, Pavel O.; Shorgin, Sergey Ya.; Timonina, Elena E.

    2017-07-01

    Information security control in software defined networks (SDN) is connected with execution of the security policy rules regulating information accesses and protection against distribution of the malicious code and harmful influences. The paper offers a representation of a security policy in the form of hierarchical structure which in case of distribution of resources for the solution of tasks defines graphs of admissible interactions in a networks. These graphs define commutation tables of switches via the SDN controller.

  9. SOME QUESTIONS OF THE GRID AND NEURAL NETWORK MODELING OF AIRPORT AVIATION SECURITY CONTROL TASKS

    Directory of Open Access Journals (Sweden)

    N. Elisov Lev

    2017-01-01

    Full Text Available The authors’ original problem-solution-approach concerning aviation security management in civil aviation apply- ing parallel calculation processes method and the usage of neural computers is considered in this work. The statement of secure environment modeling problems for grid models and with the use of neural networks is presented. The research sub- ject area of this article is airport activity in the field of civil aviation, considered in the context of aviation security, defined as the state of aviation security against unlawful interference with the aviation field. The key issue in this subject area is aviation safety provision at an acceptable level. In this case, airport security level management becomes one of the main objectives of aviation security. Aviation security management is organizational-regulation in modern systems that can no longer correspond to changing requirements, increasingly getting complex and determined by external and internal envi- ronment factors, associated with a set of potential threats to airport activity. Optimal control requires the most accurate identification of management parameters and their quantitative assessment. The authors examine the possibility of applica- tion of mathematical methods for the modeling of security management processes and procedures in their latest works. Par- allel computing methods and network neurocomputing for modeling of airport security control processes are examined in this work. It is shown that the methods’ practical application of the methods is possible along with the decision support system, where the decision maker plays the leading role.

  10. Secure and Resilient Functional Modeling for Navy Cyber-Physical Systems

    Science.gov (United States)

    2017-05-24

    control systems, it was determined that this project will employ the model of a Ship Chilled Water Distribution System as a central use case. This model...Siemens Corporation Corporate Technology Unrestricted. Distribution Statement A. Approved for public...release; distribution is unlimited. Page 1 of 4 Secure & Resilient Functional Modeling for Navy Cyber-Physical Systems FY17 Quarter 1 Technical Progress

  11. BWS Open System Architecture Security Assessment

    OpenAIRE

    Cristian Ionita

    2011-01-01

    Business process management systems play a central role in supporting the business operations of medium and large organizations. Because of this the security characteristics of these systems are becoming very important. The present paper describes the BWS architecture used to implement the open process aware information system DocuMentor. Using the proposed platform, the article identifies the security characteristics of such systems, shows the correlation between these characteristics and th...

  12. Study of Security Attributes of Smart Grid Systems- Current Cyber Security Issues

    Energy Technology Data Exchange (ETDEWEB)

    Wayne F. Boyer; Scott A. McBride

    2009-04-01

    This document provides information for a report to congress on Smart Grid security as required by Section 1309 of Title XIII of the Energy Independence and Security Act of 2007. The security of any future Smart Grid is dependent on successfully addressing the cyber security issues associated with the nation’s current power grid. Smart Grid will utilize numerous legacy systems and technologies that are currently installed. Therefore, known vulnerabilities in these legacy systems must be remediated and associated risks mitigated in order to increase the security and success of the Smart Grid. The implementation of Smart Grid will include the deployment of many new technologies and multiple communication infrastructures. This report describes the main technologies that support Smart Grid and summarizes the status of implementation into the existing U.S. electrical infrastructure.

  13. Security Analysis and Improvement of 'a More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System'.

    Directory of Open Access Journals (Sweden)

    S K Hafizul Islam

    Full Text Available Over the past few years, secure and privacy-preserving user authentication scheme has become an integral part of the applications of the healthcare systems. Recently, Wen has designed an improved user authentication system over the Lee et al.'s scheme for integrated electronic patient record (EPR information system, which has been analyzed in this study. We have found that Wen's scheme still has the following inefficiencies: (1 the correctness of identity and password are not verified during the login and password change phases; (2 it is vulnerable to impersonation attack and privileged-insider attack; (3 it is designed without the revocation of lost/stolen smart card; (4 the explicit key confirmation and the no key control properties are absent, and (5 user cannot update his/her password without the help of server and secure channel. Then we aimed to propose an enhanced two-factor user authentication system based on the intractable assumption of the quadratic residue problem (QRP in the multiplicative group. Our scheme bears more securities and functionalities than other schemes found in the literature.

  14. Instrumentation, Control, and Intelligent Systems

    International Nuclear Information System (INIS)

    Not Available

    2005-01-01

    Abundant and affordable energy is required for U.S. economic stability and national security. Advanced nuclear power plants offer the best near-term potential to generate abundant, affordable, and sustainable electricity and hydrogen without appreciable generation of greenhouse gases. To that end, Idaho National Laboratory (INL) has been charged with leading the revitalization of nuclear power in the U.S. The INL vision is to become the preeminent nuclear energy laboratory with synergistic, world-class, multi-program capabilities and partnerships by 2015. The vision focuses on four essential destinations: (1) Be the preeminent internationally-recognized nuclear energy research, development, and demonstration laboratory; (2) Be a major center for national security technology development and demonstration; (3) Be a multi-program national laboratory with world-class capabilities; (4) Foster academic, industry, government, and international collaborations to produce the needed investment, programs, and expertise. Crucial to that effort is the inclusion of research in advanced instrumentation, control, and intelligent systems (ICIS) for use in current and advanced power and energy security systems to enable increased performance, reliability, security, and safety. For nuclear energy plants, ICIS will extend the lifetime of power plant systems, increase performance and power output, and ensure reliable operation within the system's safety margin; for national security applications, ICIS will enable increased protection of our nation's critical infrastructure. In general, ICIS will cost-effectively increase performance for all energy security systems

  15. A Review of Cyber-Physical Energy System Security Assessment

    DEFF Research Database (Denmark)

    Rasmussen, Theis Bo; Yang, Guangya; Nielsen, Arne Hejde

    2017-01-01

    Increasing penetration of renewable energy resources (RES) and electrification of services by implementing distributed energy resources (DER) has caused a paradigm shift in the operation of the power system. The controllability of the power system is predicted to be shifted from the generation side...... to the consumption side. This transition entails that the future power system evolves into a complex cyber-physical energy system (CPES) with strong interactions between the power, communication and neighboring energy systems. Current power system security assessment methods are based on centralized computation...

  16. Synchronized control of spiral CT scan for security inspection device

    International Nuclear Information System (INIS)

    Wang Jue; Jiang Zenghui; Wang Fuquan

    2008-01-01

    In security inspection system of spiral CT, the synchronization between removing and rotating, and the scan synchronization between rotating and sampling influence quality of image reconstruction, so it is difficulty and important that how to realize synchronized scan. According to the controlling demand of multi-slice Spiral CT, the method to realize synchronized scan is given. a synchronized control system is designed, in which we use a industrial PC as the control computer, use magnetic grids as position detectors, use alternating current servo motor and roller motor as drivers respectively drive moving axis and rotating axis. This method can solve the problem of synchronized scan, and has a feasibility and value of use. (authors)

  17. Secure computing on reconfigurable systems

    OpenAIRE

    Fernandes Chaves, R.J.

    2007-01-01

    This thesis proposes a Secure Computing Module (SCM) for reconfigurable computing systems. SC provides a protected and reliable computational environment, where data security and protection against malicious attacks to the system is assured. SC is strongly based on encryption algorithms and on the attestation of the executed functions. The use of SC on reconfigurable devices has the advantage of being highly adaptable to the application and the user requirements, while providing high performa...

  18. Critically Important Object Security System Element Model

    Directory of Open Access Journals (Sweden)

    I. V. Khomyackov

    2012-03-01

    Full Text Available A stochastic model of critically important object security system element has been developed. The model includes mathematical description of the security system element properties and external influences. The state evolution of the security system element is described by the semi-Markov process with finite states number, the semi-Markov matrix and the initial semi-Markov process states probabilities distribution. External influences are set with the intensity of the Poisson thread.

  19. Computer security engineering management

    International Nuclear Information System (INIS)

    McDonald, G.W.

    1988-01-01

    For best results, computer security should be engineered into a system during its development rather than being appended later on. This paper addresses the implementation of computer security in eight stages through the life cycle of the system; starting with the definition of security policies and ending with continuing support for the security aspects of the system throughout its operational life cycle. Security policy is addressed relative to successive decomposition of security objectives (through policy, standard, and control stages) into system security requirements. This is followed by a discussion of computer security organization and responsibilities. Next the paper directs itself to analysis and management of security-related risks, followed by discussion of design and development of the system itself. Discussion of security test and evaluation preparations, and approval to operate (certification and accreditation), is followed by discussion of computer security training for users is followed by coverage of life cycle support for the security of the system

  20. A Holistic and Immune System inspired Security Framework

    OpenAIRE

    Mwakalinga, G. Jeffy; Yngström, Louise; Kowalski, Stewart

    2009-01-01

    This paper presents a Framework for adaptive information security systems for securing information systems. Information systems today are vulnerable and not adaptive to the dynamic environments because initial development of these systems focused on computer technology and communications protocol only. Most research in information security does not consider culture of users, system environments and does not pay enough attention to the enemies of information systems. As a result, users serve t...

  1. Cold Vacuum Dryer (CVD) Facility Security System Design Description. System 54

    International Nuclear Information System (INIS)

    WHITEHURST, R.

    2000-01-01

    This system design description (SDD) addresses the Cold Vacuum Drying (CVD) Facility security system. The system's primary purpose is to provide reasonable assurance that breaches of security boundaries are detected and assessment information is provided to protective force personnel. In addition, the system is utilized by Operations to support reduced personnel radiation goals and to provide reasonable assurance that only authorized personnel are allowed to enter designated security areas

  2. Integrated homeland security system with passive thermal imaging and advanced video analytics

    Science.gov (United States)

    Francisco, Glen; Tillman, Jennifer; Hanna, Keith; Heubusch, Jeff; Ayers, Robert

    2007-04-01

    A complete detection, management, and control security system is absolutely essential to preempting criminal and terrorist assaults on key assets and critical infrastructure. According to Tom Ridge, former Secretary of the US Department of Homeland Security, "Voluntary efforts alone are not sufficient to provide the level of assurance Americans deserve and they must take steps to improve security." Further, it is expected that Congress will mandate private sector investment of over $20 billion in infrastructure protection between 2007 and 2015, which is incremental to funds currently being allocated to key sites by the department of Homeland Security. Nearly 500,000 individual sites have been identified by the US Department of Homeland Security as critical infrastructure sites that would suffer severe and extensive damage if a security breach should occur. In fact, one major breach in any of 7,000 critical infrastructure facilities threatens more than 10,000 people. And one major breach in any of 123 facilities-identified as "most critical" among the 500,000-threatens more than 1,000,000 people. Current visible, nightvision or near infrared imaging technology alone has limited foul-weather viewing capability, poor nighttime performance, and limited nighttime range. And many systems today yield excessive false alarms, are managed by fatigued operators, are unable to manage the voluminous data captured, or lack the ability to pinpoint where an intrusion occurred. In our 2006 paper, "Critical Infrastructure Security Confidence Through Automated Thermal Imaging", we showed how a highly effective security solution can be developed by integrating what are now available "next-generation technologies" which include: Thermal imaging for the highly effective detection of intruders in the dark of night and in challenging weather conditions at the sensor imaging level - we refer to this as the passive thermal sensor level detection building block Automated software detection

  3. Multiagent voltage and reactive power control system

    Directory of Open Access Journals (Sweden)

    I. Arkhipov

    2014-12-01

    Full Text Available This paper is devoted to the research of multiagent voltage and reactive power control system development. The prototype of the system has been developed by R&D Center at FGC UES (Russia. The control system architecture is based on the innovative multiagent system theory application that leads to the achievement of several significant advantages (in comparison to traditional control systems implementation such as control system efficiency enhancement, control system survivability and cyber security.

  4. Security for decentralized health information systems.

    Science.gov (United States)

    Bleumer, G

    1994-02-01

    Health care information systems must reflect at least two basic characteristics of the health care community: the increasing mobility of patients and the personal liability of everyone giving medical treatment. Open distributed information systems bear the potential to reflect these requirements. But the market for open information systems and operating systems hardly provides secure products today. This 'missing link' is approached by the prototype SECURE Talk that provides secure transmission and archiving of files on top of an existing operating system. Its services may be utilized by existing medical applications. SECURE Talk demonstrates secure communication utilizing only standard hardware. Its message is that cryptography (and in particular asymmetric cryptography) is practical for many medical applications even if implemented in software. All mechanisms are software implemented in order to be executable on standard-hardware. One can investigate more or less decentralized forms of public key management and the performance of many different cryptographic mechanisms. That of, e.g. hybrid encryption and decryption (RSA+DES-PCBC) is about 300 kbit/s. That of signing and verifying is approximately the same using RSA with a DES hash function. The internal speed, without disk accesses etc., is about 1.1 Mbit/s. (Apple Quadra 950 (MC 68040, 33 MHz, RAM: 20 MB, 80 ns. Length of RSA modulus is 512 bit).

  5. SECURING DIGITIZED LIBRARY CIRCULATORY SYSTEM

    African Journals Online (AJOL)

    user

    The widespread application of the developed system on smart library circulation .... database management system; [9] through securing .... system running on a Windows 8 Operating system .... mini library for their support, advice and unlimited.

  6. 33 CFR 106.255 - Security systems and equipment maintenance.

    Science.gov (United States)

    2010-07-01

    ... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Security systems and equipment... Shelf (OCS) Facility Security Requirements § 106.255 Security systems and equipment maintenance. (a) Security systems and equipment must be in good working order and inspected, tested, calibrated, and...

  7. Design Methodologies for Secure Embedded Systems

    CERN Document Server

    Biedermann, Alexander

    2011-01-01

    Embedded systems have been almost invisibly pervading our daily lives for several decades. They facilitate smooth operations in avionics, automotive electronics, or telecommunication. New problems arise by the increasing employment, interconnection, and communication of embedded systems in heterogeneous environments: How secure are these embedded systems against attacks or breakdowns? Therefore, how can embedded systems be designed to be more secure? And how can embedded systems autonomically react to threats? Facing these questions, Sorin A. Huss is significantly involved in the exploration o

  8. Complementarities Between Nuclear Security, Safeguards and State System of Accounting for and Control

    International Nuclear Information System (INIS)

    Jalouneix, J.

    2010-01-01

    Nuclear security deals with prevention against theft and diversion of nuclear materials and sabotage against nuclear materials or installations. It is based on provisions of physical protection of nuclear materials and facilities complemented by: - Provisions for accounting for and control to prevent and, where appropriate, detect loss, theft or diversion of nuclear materials; - The nuclear safety provisions to protect nuclear materials and facilities against sabotage. Safeguards are based on the statements and accounting controls in the facilities. The respective aim of EURATOM and IAEA controls is to verify afterwards the respect for the declared use of materials or political commitments undertaken by States under the non-proliferation purpose. However, EURATOM and IAEA controls are not exercised at all facilities (including those working for defence purposes) or in respect of all nuclear materials subject to the French national control. In addition, these international safeguards do not deal with physical protection of nuclear materials which is the sole responsibility of the State. The state control, implemented in France, is positioned upstream to the international controls. It aims to prevent, deter and detect the loss, theft or diversion of nuclear materials in installations or during transport. It places the responsibility of a possible diversion at the operator level. It is made of different components that complement each other and form a coherent whole. This includes: - physical protection; - accounting for and control; - inspections. The physical protection system has to protect nuclear materials against a malicious act. Malicious act means a theft or diversion of nuclear material or an act of sabotage affecting nuclear materials or facilities which could lead to radiological releases into the environment. The accounting for and control system of nuclear materials has to allow the continuous and accurate knowledge of the quantity, quality and location

  9. Secure ADS-B authentication system and method

    Science.gov (United States)

    Viggiano, Marc J (Inventor); Valovage, Edward M (Inventor); Samuelson, Kenneth B (Inventor); Hall, Dana L (Inventor)

    2010-01-01

    A secure system for authenticating the identity of ADS-B systems, including: an authenticator, including a unique id generator and a transmitter transmitting the unique id to one or more ADS-B transmitters; one or more ADS-B transmitters, including a receiver receiving the unique id, one or more secure processing stages merging the unique id with the ADS-B transmitter's identification, data and secret key and generating a secure code identification and a transmitter transmitting a response containing the secure code and ADSB transmitter's data to the authenticator; the authenticator including means for independently determining each ADS-B transmitter's secret key, a receiver receiving each ADS-B transmitter's response, one or more secure processing stages merging the unique id, ADS-B transmitter's identification and data and generating a secure code, and comparison processing comparing the authenticator-generated secure code and the ADS-B transmitter-generated secure code and providing an authentication signal based on the comparison result.

  10. Hardware implementation of Lorenz circuit systems for secure chaotic communication applications.

    Science.gov (United States)

    Chen, Hsin-Chieh; Liau, Ben-Yi; Hou, Yi-You

    2013-02-18

    This paper presents the synchronization between the master and slave Lorenz chaotic systems by slide mode controller (SMC)-based technique. A proportional-integral (PI) switching surface is proposed to simplify the task of assigning the performance of the closed-loop error system in sliding mode. Then, extending the concept of equivalent control and using some basic electronic components, a secure communication system is constructed. Experimental results show the feasibility of synchronizing two Lorenz circuits via the proposed SMC. 

  11. Supporting the material control and accountancy system with physical protection system features

    International Nuclear Information System (INIS)

    Miyoshi, D.S.; Olson, C.E.; Caskey, D.L.

    1984-01-01

    Most physical security functions can be accomplished by a range of alternative features. Careful design can provide comparable levels of security regardless of which option is chosen, albeit with possible differences in cost and efficiency. However, the effectiveness and especially the cost and efficiency of the material control and accounting system may be strongly influenced by the selection of a particular design approach to physical security. In this paper, a series of examples are cited to illustrate the effects that particular physical protection design choices may have. The examples have been chosen from several systems engineering projects at facilities within the DOE nuclear community. These examples are generalized, and a series of design principles are proposed for integrating physical security with material control and accounting by appropriate selection of alternative features. 2 references, 6 figures

  12. Secure electronic commerce communication system based on CA

    Science.gov (United States)

    Chen, Deyun; Zhang, Junfeng; Pei, Shujun

    2001-07-01

    In this paper, we introduce the situation of electronic commercial security, then we analyze the working process and security for SSL protocol. At last, we propose a secure electronic commerce communication system based on CA. The system provide secure services such as encryption, integer, peer authentication and non-repudiation for application layer communication software of browser clients' and web server. The system can implement automatic allocation and united management of key through setting up the CA in the network.

  13. InkTag: Secure Applications on an Untrusted Operating System

    Science.gov (United States)

    Hofmann, Owen S.; Kim, Sangman; Dunn, Alan M.; Lee, Michael Z.; Witchel, Emmett

    2014-01-01

    InkTag is a virtualization-based architecture that gives strong safety guarantees to high-assurance processes even in the presence of a malicious operating system. InkTag advances the state of the art in untrusted operating systems in both the design of its hypervisor and in the ability to run useful applications without trusting the operating system. We introduce paraverification, a technique that simplifies the InkTag hypervisor by forcing the untrusted operating system to participate in its own verification. Attribute-based access control allows trusted applications to create decentralized access control policies. InkTag is also the first system of its kind to ensure consistency between secure data and metadata, ensuring recoverability in the face of system crashes. PMID:24429939

  14. Intelligent Model for Video Survillance Security System

    Directory of Open Access Journals (Sweden)

    J. Vidhya

    2013-12-01

    Full Text Available Video surveillance system senses and trails out all the threatening issues in the real time environment. It prevents from security threats with the help of visual devices which gather the information related to videos like CCTV’S and IP (Internet Protocol cameras. Video surveillance system has become a key for addressing problems in the public security. They are mostly deployed on the IP based network. So, all the possible security threats exist in the IP based application might also be the threats available for the reliable application which is available for video surveillance. In result, it may increase cybercrime, illegal video access, mishandling videos and so on. Hence, in this paper an intelligent model is used to propose security for video surveillance system which ensures safety and it provides secured access on video.

  15. 28 CFR 700.24 - Security of systems of records.

    Science.gov (United States)

    2010-07-01

    ... 28 Judicial Administration 2 2010-07-01 2010-07-01 false Security of systems of records. 700.24... Records Under the Privacy Act of 1974 § 700.24 Security of systems of records. (a) The Office Administrator or Security Officer shall be responsible for issuing regulations governing the security of systems...

  16. Adaptive security systems -- Combining expert systems with adaptive technologies

    International Nuclear Information System (INIS)

    Argo, P.; Loveland, R.; Anderson, K.

    1997-01-01

    The Adaptive Multisensor Integrated Security System (AMISS) uses a variety of computational intelligence techniques to reason from raw sensor data through an array of processing layers to arrive at an assessment for alarm/alert conditions based on human behavior within a secure facility. In this paper, the authors give an overview of the system and briefly describe some of the major components of the system. This system is currently under development and testing in a realistic facility setting

  17. Security of practical quantum key distribution systems

    Energy Technology Data Exchange (ETDEWEB)

    Jain, Nitin

    2015-02-24

    This thesis deals with practical security aspects of quantum key distribution (QKD) systems. At the heart of the theoretical model of any QKD system lies a quantum-mechanical security proof that guarantees perfect secrecy of messages - based on certain assumptions. However, in practice, deviations between the theoretical model and the physical implementation could be exploited by an attacker to break the security of the system. These deviations may arise from technical limitations and operational imperfections in the physical implementation and/or unrealistic assumptions and insufficient constraints in the theoretical model. In this thesis, we experimentally investigate in depth several such deviations. We demonstrate the resultant vulnerabilities via proof-of-principle attacks on a commercial QKD system from ID Quantique. We also propose countermeasures against the investigated loopholes to secure both existing and future QKD implementations.

  18. 32 CFR 637.20 - Security surveillance systems.

    Science.gov (United States)

    2010-07-01

    ... 32 National Defense 4 2010-07-01 2010-07-01 true Security surveillance systems. 637.20 Section 637... ENFORCEMENT AND CRIMINAL INVESTIGATIONS MILITARY POLICE INVESTIGATION Investigations § 637.20 Security surveillance systems. Closed circuit video recording systems, to include those with an audio capability, may be...

  19. Analyzing the security of an existing computer system

    Science.gov (United States)

    Bishop, M.

    1986-01-01

    Most work concerning secure computer systems has dealt with the design, verification, and implementation of provably secure computer systems, or has explored ways of making existing computer systems more secure. The problem of locating security holes in existing systems has received considerably less attention; methods generally rely on thought experiments as a critical step in the procedure. The difficulty is that such experiments require that a large amount of information be available in a format that makes correlating the details of various programs straightforward. This paper describes a method of providing such a basis for the thought experiment by writing a special manual for parts of the operating system, system programs, and library subroutines.

  20. 6 CFR 5.31 - Security of systems of records.

    Science.gov (United States)

    2010-01-01

    ... 6 Domestic Security 1 2010-01-01 2010-01-01 false Security of systems of records. 5.31 Section 5.31 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY DISCLOSURE OF RECORDS AND INFORMATION Privacy Act § 5.31 Security of systems of records. (a) In general. Each component...

  1. Advanced topics in security computer system design

    International Nuclear Information System (INIS)

    Stachniak, D.E.; Lamb, W.R.

    1989-01-01

    The capability, performance, and speed of contemporary computer processors, plus the associated performance capability of the operating systems accommodating the processors, have enormously expanded the scope of possibilities for designers of nuclear power plant security computer systems. This paper addresses the choices that could be made by a designer of security computer systems working with contemporary computers and describes the improvement in functionality of contemporary security computer systems based on an optimally chosen design. Primary initial considerations concern the selection of (a) the computer hardware and (b) the operating system. Considerations for hardware selection concern processor and memory word length, memory capacity, and numerous processor features

  2. Control Mechanism and Security Region for Intentional Islanding Transition

    DEFF Research Database (Denmark)

    Chen, Yu; Xu, Zhao; Østergaard, Jacob

    2009-01-01

    in the grid. The concept of Islanding Security Region (ISR) has been proposed as an organic composition of the developed control mechanism. The purpose of this control mechanism is to maintain the frequency stability and eventually the security of power supply to the customers, by utilizing resources from...... generation and demand sides. The control mechanism can be extended to consider the distributed generations like wind power and other innovative technologies such as the Demand as Frequency controlled Reserve (DFR) technique in the future....

  3. Instrumentation, Control, and Intelligent Systems

    Energy Technology Data Exchange (ETDEWEB)

    2005-09-01

    Abundant and affordable energy is required for U.S. economic stability and national security. Advanced nuclear power plants offer the best near-term potential to generate abundant, affordable, and sustainable electricity and hydrogen without appreciable generation of greenhouse gases. To that end, Idaho National Laboratory (INL) has been charged with leading the revitalization of nuclear power in the U.S. The INL vision is to become the preeminent nuclear energy laboratory with synergistic, world-class, multi-program capabilities and partnerships by 2015. The vision focuses on four essential destinations: (1) Be the preeminent internationally-recognized nuclear energy research, development, and demonstration laboratory; (2) Be a major center for national security technology development and demonstration; (3) Be a multi-program national laboratory with world-class capabilities; (4) Foster academic, industry, government, and international collaborations to produce the needed investment, programs, and expertise. Crucial to that effort is the inclusion of research in advanced instrumentation, control, and intelligent systems (ICIS) for use in current and advanced power and energy security systems to enable increased performance, reliability, security, and safety. For nuclear energy plants, ICIS will extend the lifetime of power plant systems, increase performance and power output, and ensure reliable operation within the system's safety margin; for national security applications, ICIS will enable increased protection of our nation's critical infrastructure. In general, ICIS will cost-effectively increase performance for all energy security systems.

  4. Governing Insecurity: Democratic Control of Military and Security ...

    African Journals Online (AJOL)

    P H Stoker

    democratic control of military and security institutions is strategic to democratisation for two main reasons: firstly because these institutions have a peculiar intimate relationship to political power and secondly because their security functions, including the management of insecurities that may be generated by democratisation ...

  5. Are you in Control? : That was the key question discussed at the second Dutch Second Dutch Process Control Security Event at the Technical University of Delft, December 4, 2008

    NARCIS (Netherlands)

    Luiijf, H.A.M.

    2009-01-01

    The second Dutch Process Control Security Event attracted many process control people. The event was organised by the National Infrastructure against Cybercrime (NICC). Over hundred people responsible for the security of process control systems (PCS) and related networks in many of the Dutch

  6. Hardware Implementation of Lorenz Circuit Systems for Secure Chaotic Communication Applications

    Directory of Open Access Journals (Sweden)

    Yi-You Hou

    2013-02-01

    Full Text Available This paper presents the synchronization between the master and slave Lorenz chaotic systems by slide mode controller (SMC-based technique. A proportional-integral (PI switching surface is proposed to simplify the task of assigning the performance of the closed-loop error system in sliding mode. Then, extending the concept of equivalent control and using some basic electronic components, a secure communication system is constructed. Experimental results show the feasibility of synchronizing two Lorenz circuits via the proposed SMC.

  7. 31 CFR 306.23 - Securities eligible to be held in the TREASURY DIRECT Book-entry Securities System.

    Science.gov (United States)

    2010-07-01

    ... TREASURY DIRECT Book-entry Securities System. 306.23 Section 306.23 Money and Finance: Treasury Regulations... Securities eligible to be held in the TREASURY DIRECT Book-entry Securities System. (a) Eligible issues. The... conversion to the TREASURY DIRECT Book-entry Securities System. The notice shall specify the period during...

  8. MODEL-BASED SECURITY ENGINEERING OF SOA SYSTEM USING SECURITY INTENT DSL

    OpenAIRE

    Muhammad Qaiser Saleem; Jafreezal Jaafar; Mohd Fadzil Hassan

    2011-01-01

    Currently most of the enterprises are using SOA and web services technologies to build their web information system. They are using MDA principles for design and development of WIS and using UML as a modelling language for business process modelling. Along with the increased connectivity in SOA environment, security risks rise exponentially. Security is not defined during the early phases of development and left onto developer. Properly configuring security requirements in SOA applications is...

  9. SC-CNNs for chaotic signal applications in secure communication systems.

    Science.gov (United States)

    Caponetto, Riccardo; Fortuna, Luigi; Occhipinti, Luigi; Xibilia, Maria Gabriella

    2003-12-01

    In this paper a CNNs based circuit for the generation of hyperchaotic signals is proposed. The circuit has been developed for applications in secure communication systems. An Saito oscillator has been designed by using a suitable configuration of a four-cells State-Controlled CNNs. A cryptography system based on the Saito oscillator has been implemented by using inverse system synchronization. The proposed circuit implementation and experimental results are given.

  10. Security system

    Science.gov (United States)

    Baumann, Mark J.; Kuca, Michal; Aragon, Mona L.

    2016-02-02

    A security system includes a structure having a structural surface. The structure is sized to contain an asset therein and configured to provide a forceful breaching delay. The structure has an opening formed therein to permit predetermined access to the asset contained within the structure. The structure includes intrusion detection features within or associated with the structure that are activated in response to at least a partial breach of the structure.

  11. 33 CFR 105.250 - Security systems and equipment maintenance.

    Science.gov (United States)

    2010-07-01

    ... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Security systems and equipment... systems and equipment maintenance. (a) Security systems and equipment must be in good working order and... include procedures for identifying and responding to security system and equipment failures or...

  12. 33 CFR 104.260 - Security systems and equipment maintenance.

    Science.gov (United States)

    2010-07-01

    ... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Security systems and equipment... systems and equipment maintenance. (a) Security systems and equipment must be in good working order and... procedures for identifying and responding to security system and equipment failures or malfunctions. ...

  13. Nuclear power plant security systems - The need for upgrades

    International Nuclear Information System (INIS)

    Murskyj, M.P.; Furlow, C.H.

    1989-01-01

    Most perimeter security systems for nuclear power plants were designed and installed in the late 1970s or early 1980s. This paper explores the need to regularly evaluate and possibly upgrade a security system in the area of perimeter intrusion detection and surveillance. this paper discusses US Nuclear Regulatory Commission audits and regulatory effectiveness reviews (RERs), which have raised issues regarding the performance of perimeter security systems. The audits and RERs identified various degrees of vulnerability in certain aspects of existing perimeter security systems. In addition to reviewing the regulatory concerns, this paper discusses other reasons to evaluate and/or upgrade a perimeter security system

  14. Dynamic Security Assessment Of Computer Networks In Siem-Systems

    Directory of Open Access Journals (Sweden)

    Elena Vladimirovna Doynikova

    2015-10-01

    Full Text Available The paper suggests an approach to the security assessment of computer networks. The approach is based on attack graphs and intended for Security Information and Events Management systems (SIEM-systems. Key feature of the approach consists in the application of the multilevel security metrics taxonomy. The taxonomy allows definition of the system profile according to the input data used for the metrics calculation and techniques of security metrics calculation. This allows specification of the security assessment in near real time, identification of previous and future attacker steps, identification of attackers goals and characteristics. A security assessment system prototype is implemented for the suggested approach. Analysis of its operation is conducted for several attack scenarios.

  15. Master planning for successful safeguard/security systems engineering

    International Nuclear Information System (INIS)

    Bruckner, D.G.

    1987-01-01

    The development and phased implementation of an overall master plan for weapons systems and facilities engaged in the complexities of high technology provides a logical road map for system accomplishment. An essential factor in such a comprehensive plan is development of an integrated systems security engineering plan. Some DOD programs use new military regulations and policy directives to mandate consideration of the safeguard/security disciplines be considered for weapons systems and facilities during the entire life cycle of the program. The emphasis is to make certain the weapon system and applicable facilities have complementary security features. Together they must meet the needs of the operational mission and, at the same time, provide the security forces practical solutions to their requirements. This paper discusses the process of meshing the safe- guards/security requirements with an overall the master plan and the challenges attendant to this activity

  16. Business Information Exchange System with Security, Privacy, and Anonymity

    Directory of Open Access Journals (Sweden)

    Sead Muftic

    2016-01-01

    Full Text Available Business Information Exchange is an Internet Secure Portal for secure management, distribution, sharing, and use of business e-mails, documents, and messages. It has three applications supporting three major types of information exchange systems: secure e-mail, secure instant messaging, and secure sharing of business documents. In addition to standard security services for e-mail letters, which are also applied to instant messages and documents, the system provides innovative features of privacy and full anonymity of users and their locations, actions, transactions, and exchanged resources. In this paper we describe design, implementation, and use of the system.

  17. A Calculus for Control Flow Analysis of Security Protocols

    DEFF Research Database (Denmark)

    Buchholtz, Mikael; Nielson, Hanne Riis; Nielson, Flemming

    2004-01-01

    The design of a process calculus for anaysing security protocols is governed by three factors: how to express the security protocol in a precise and faithful manner, how to accommodate the variety of attack scenarios, and how to utilise the strengths (and limit the weaknesses) of the underlying...... analysis methodology. We pursue an analysis methodology based on control flow analysis in flow logic style and we have previously shown its ability to analyse a variety of security protocols. This paper develops a calculus, LysaNS that allows for much greater control and clarity in the description...

  18. Security of Electronic Payment Systems: A Comprehensive Survey

    OpenAIRE

    Solat , Siamak

    2017-01-01

    This comprehensive survey deliberated over the security of electronic payment systems. In our research, we focused on either dominant systems or new attempts and innovations to improve the level of security of the electronic payment systems. This survey consists of the Card-present (CP) transactions and a review of its dominant system i.e. EMV including several researches at Cambridge university to designate variant types of attacks against this standard which demonstrates lack of a secure "o...

  19. QuickCash: Secure Transfer Payment Systems

    Directory of Open Access Journals (Sweden)

    Abdulrahman Alhothaily

    2017-06-01

    Full Text Available Payment systems play a significant role in our daily lives. They are an important driver of economic activities and a vital part of the banking infrastructure of any country. Several current payment systems focus on security and reliability but pay less attention to users’ needs and behaviors. For example, people may share their bankcards with friends or relatives to withdraw money for various reasons. This behavior can lead to a variety of privacy and security issues since the cardholder has to share a bankcard and other sensitive information such as a personal identification number (PIN. In addition, it is commonplace that cardholders may lose their cards, and may not be able to access their accounts due to various reasons. Furthermore, transferring money to an individual who has lost their bankcard and identification information is not a straightforward task. A user-friendly person-to-person payment system is urgently needed to perform secure and reliable transactions that benefit from current technological advancements. In this paper, we propose two secure fund transfer methods termed QuickCash Online and QuickCash Offline to transfer money from peer to peer using the existing banking infrastructure. Our methods provide a convenient way to transfer money quickly, and they do not require using bank cards or any identification card. Unlike other person-to-person payment systems, the proposed methods do not require the receiving entity to have a bank account, or to perform any registration procedure. We implement our QuickCash payment systems and analyze their security strengths and properties.

  20. QuickCash: Secure Transfer Payment Systems

    Science.gov (United States)

    Alhothaily, Abdulrahman; Alrawais, Arwa; Song, Tianyi; Lin, Bin; Cheng, Xiuzhen

    2017-01-01

    Payment systems play a significant role in our daily lives. They are an important driver of economic activities and a vital part of the banking infrastructure of any country. Several current payment systems focus on security and reliability but pay less attention to users’ needs and behaviors. For example, people may share their bankcards with friends or relatives to withdraw money for various reasons. This behavior can lead to a variety of privacy and security issues since the cardholder has to share a bankcard and other sensitive information such as a personal identification number (PIN). In addition, it is commonplace that cardholders may lose their cards, and may not be able to access their accounts due to various reasons. Furthermore, transferring money to an individual who has lost their bankcard and identification information is not a straightforward task. A user-friendly person-to-person payment system is urgently needed to perform secure and reliable transactions that benefit from current technological advancements. In this paper, we propose two secure fund transfer methods termed QuickCash Online and QuickCash Offline to transfer money from peer to peer using the existing banking infrastructure. Our methods provide a convenient way to transfer money quickly, and they do not require using bank cards or any identification card. Unlike other person-to-person payment systems, the proposed methods do not require the receiving entity to have a bank account, or to perform any registration procedure. We implement our QuickCash payment systems and analyze their security strengths and properties. PMID:28608846

  1. QuickCash: Secure Transfer Payment Systems.

    Science.gov (United States)

    Alhothaily, Abdulrahman; Alrawais, Arwa; Song, Tianyi; Lin, Bin; Cheng, Xiuzhen

    2017-06-13

    Payment systems play a significant role in our daily lives. They are an important driver of economic activities and a vital part of the banking infrastructure of any country. Several current payment systems focus on security and reliability but pay less attention to users' needs and behaviors. For example, people may share their bankcards with friends or relatives to withdraw money for various reasons. This behavior can lead to a variety of privacy and security issues since the cardholder has to share a bankcard and other sensitive information such as a personal identification number (PIN). In addition, it is commonplace that cardholders may lose their cards, and may not be able to access their accounts due to various reasons. Furthermore, transferring money to an individual who has lost their bankcard and identification information is not a straightforward task. A user-friendly person-to-person payment system is urgently needed to perform secure and reliable transactions that benefit from current technological advancements. In this paper, we propose two secure fund transfer methods termed QuickCash Online and QuickCash Offline to transfer money from peer to peer using the existing banking infrastructure. Our methods provide a convenient way to transfer money quickly, and they do not require using bank cards or any identification card. Unlike other person-to-person payment systems, the proposed methods do not require the receiving entity to have a bank account, or to perform any registration procedure. We implement our QuickCash payment systems and analyze their security strengths and properties.

  2. A Systematic Approach for Dynamic Security Assessment and the Corresponding Preventive Control Scheme Based on Decision Trees

    DEFF Research Database (Denmark)

    Liu, Leo; Sun, Kai; Rather, Zakir Hussain

    2014-01-01

    This paper proposes a decision tree (DT)-based systematic approach for cooperative online power system dynamic security assessment (DSA) and preventive control. This approach adopts a new methodology that trains two contingency-oriented DTs on a daily basis by the databases generated from power...... system simulations. Fed with real-time wide-area measurements, one DT of measurable variables is employed for online DSA to identify potential security issues, and the other DT of controllable variables provides online decision support on preventive control strategies against those issues. A cost......-effective algorithm is adopted in this proposed approach to optimize the trajectory of preventive control. The paper also proposes an importance sampling algorithm on database preparation for efficient DT training for power systems with high penetration of wind power and distributed generation. The performance...

  3. Survey of current technologies of security management for distributed information systems; Bunsangata joho system no security iji kanri hoshiki no genjo

    Energy Technology Data Exchange (ETDEWEB)

    Matsui, S [Central Research Institute of Electric Power Industry, Tokyo (Japan)

    1997-05-01

    The latest situation of the security management for a distributed information system was examined and systematically summarized to indicate the management design in future. This paper describes the threat of the distributed information system to security, the risk for confidentiality, integrity, and availability due to the threat, and the measures to be taken. The basic technology of security management is classified into the `user certification to prevent an incorrect access` and the `encipherment to prevent data from being used incorrectly.` The technology for certification has been almost completed. It can be securely done using an expendable password or IC card system. In Internet, multiple enciphering technologies for constructing a virtual private network that can secure the almost the same security as for a private network can be used. In an electronic mail, the enciphering technology can also be used easily. The tool that manages the security of very many servers, clients, and networks is in the initial stage. 16 refs., 1 fig., 5 tabs.

  4. Distributed control system for the FMIT

    International Nuclear Information System (INIS)

    Johnson, J.A.; Machen, D.R.; Suyama, R.M.

    1979-01-01

    The control system for the Fusion Materials Irradiation Test (FMIT) Facility will provide the primary data acquisition, control, and interface components that integrate all of the individual FMIT systems into a functional facility. The control system consists of a distributed computer network, control consoles and instrumentation subsystems. The FMIT Facility will be started, operated and secured from a Central Control Room. All FMIT systems and experimental functions will be monitored from the Central Control Room. The data acquisition and control signals will be handled by a data communications network, which connects dual computers in the Central Control Room to the microcomputers in CAMAC crates near the various subsystems of the facility

  5. African Social Security Systems: An Ordinal Evaluation | Dixon ...

    African Journals Online (AJOL)

    The purpose of this paper is to rank the social security systems in 45 African countries using a comparative evaluation methodology that enables an assess ment to be ma(le of a country's statutory social security intention. The conclusion drawn is that the spread of African social security system design standards are ...

  6. DNS security management

    CERN Document Server

    Dooley, Michael

    2017-01-01

    An advanced Domain Name System (DNS) security resource that explores the operation of DNS, its vulnerabilities, basic security approaches, and mitigation strategies DNS Security Management offers an overall role-based security approach and discusses the various threats to the Domain Name Systems (DNS). This vital resource is filled with proven strategies for detecting and mitigating these all too frequent threats. The authors—noted experts on the topic—offer an introduction to the role of DNS and explore the operation of DNS. They cover a myriad of DNS vulnerabilities and include preventative strategies that can be implemented. Comprehensive in scope, the text shows how to secure DNS resolution with the Domain Name System Security Extensions (DNSSEC), DNS firewall, server controls, and much more. In addition, the text includes discussions on security applications facilitated by DNS, such as anti-spam, SFP, and DANE.

  7. Towards the Security Evaluation of Biometric Authentication Systems

    OpenAIRE

    El-Abed , Mohamad; Giot , Romain; Hemery , Baptiste; Rosenberger , Christophe; Schwartzmann , Jean-Jacques

    2011-01-01

    International audience; Despite the obvious advantages of biometric authentication systems over traditional security ones (based on tokens or passwords), they are vulnerable to attacks which may considerably decrease their security. In order to contribute in resolving such problematic, we propose a modality-independent evaluation methodology for the security evaluation of biometric systems. It is based on the use of a database of common threats and vulnerabilities of biometric systems, and th...

  8. Security guide for subcontractors

    Energy Technology Data Exchange (ETDEWEB)

    Adams, R.C.

    1993-06-01

    This guide is provided to aid in the achievement of security objectives in the Department of Energy (DOE) contractor/subcontractor program. The objectives of security are to protect information that, if released, would endanger the common defense and security of the nation and to safeguard plants and installations of the DOE and its contractors to prevent the interruption of research and production programs. The security objective and means of achieving the objective are described. Specific security measures discussed in this guide include physical barriers, personnel identification systems, personnel and vehicular access control, classified document control, protection of classified matter in use, storing classified matter, and repository combinations. Means of dealing with security violations and security infractions are described. Maintenance of a security education program is discussed. Also discussed are methods of handling clearance terminations, visitor control, travel to sensitive countries, and shipment security. The Technical Surveillance Countermeasures Program (TSCM), the Computer Security Program, and the Operations Security Plan (OPSEC) are examined.

  9. Design features of an automated entry control system

    International Nuclear Information System (INIS)

    Reynolds, D.A.

    1978-01-01

    Features of an entry control system designed to automatically control access to nuclear facilities is described. Control independent of variable human factors is stressed, but security force action is required for assessment and response as a result of an alarm. A design based on a distributed processing capability is utilized. Flexibility and generality are emphasized in an effort to maximize applicability to the entry-control problem faced by nuclear facilities upgrading security as a result of the Safeguards Program

  10. Intrusion Detection in Networked Control Systems: From System Knowledge to Network Security

    NARCIS (Netherlands)

    Caselli, M.

    2016-01-01

    “Networked control system‿ (NCS) is an umbrella term encompassing a broad variety of infrastructures such as industrial control systems (ICSs) and building automation systems (BASs). Nowadays, all these infrastructures play an important role in several aspects of our daily life, from managing

  11. A Security Approach in System Development Life Cycle

    OpenAIRE

    P.Mahizharuvi; Dr.Alagarsamy

    2011-01-01

    Many software organizations today are confronted with challenge of building secure software systems. Traditional software engineering principles place little emphasis on security. These principles tend to tread security as one of a long list of quality factors that are expected from all professionally developed software. As software systems of today have a wide reach, security has become a more important factor than ever in the history of software engineering can no longer be treated as Separ...

  12. Methodology for Management of Information Security in Industrial Control Systems: A Proof of Concept aligned with Enterprise Objectives.

    Directory of Open Access Journals (Sweden)

    Fabian Bustamante

    2017-04-01

    Full Text Available This article is an extended version of the study presented at the IEEE Ecuador Technical Chapters Meeting (ETCM-2016. At that time, a methodological proposal was designed, implemented, and applied in a group of industrial plants for the management of the information security of the Industrial control systems (ICS. The present study displays an adaptation and improvement of such methodology with the purpose of aligning the proposal for the effective management of information security with the strategic objectives. The development of this study has been divided into three distinctive phases. Firstly, we induced the articulation of PMI-PMBOK v5 and ITIL v3 both for the management of the project and for the verification of risks in the IT services. Second, we applied a set of risk mitigation strategies based on international standards as NIST 800-82 and 800-30. Thirdly, we assembled the two mentioned phases in a Guide for standards-based instructions and security policies, which previously have been encouraged on NIST 800-82, 800-53 and 800-12. Hereby, we observed the reduction of incidents of information security, the correct delimitation of the functions of the direct responsible of the ICS and the improvement of the communication between the operative and technical areas of the involved companies. The results demonstrate the functionality of these improvements, especially in the context of the availability and integrity of information, which generates an added value to the enterprise.

  13. Design tools for complex dynamic security systems.

    Energy Technology Data Exchange (ETDEWEB)

    Byrne, Raymond Harry; Rigdon, James Brian; Rohrer, Brandon Robinson; Laguna, Glenn A.; Robinett, Rush D. III (.; ); Groom, Kenneth Neal; Wilson, David Gerald; Bickerstaff, Robert J.; Harrington, John J.

    2007-01-01

    The development of tools for complex dynamic security systems is not a straight forward engineering task but, rather, a scientific task where discovery of new scientific principles and math is necessary. For years, scientists have observed complex behavior but have had difficulty understanding it. Prominent examples include: insect colony organization, the stock market, molecular interactions, fractals, and emergent behavior. Engineering such systems will be an even greater challenge. This report explores four tools for engineered complex dynamic security systems: Partially Observable Markov Decision Process, Percolation Theory, Graph Theory, and Exergy/Entropy Theory. Additionally, enabling hardware technology for next generation security systems are described: a 100 node wireless sensor network, unmanned ground vehicle and unmanned aerial vehicle.

  14. Cyberspace security system

    Science.gov (United States)

    Abercrombie, Robert K; Sheldon, Frederick T; Ferragut, Erik M

    2014-06-24

    A system evaluates reliability, performance and/or safety by automatically assessing the targeted system's requirements. A cost metric quantifies the impact of failures as a function of failure cost per unit of time. The metrics or measurements may render real-time (or near real-time) outcomes by initiating active response against one or more high ranked threats. The system may support or may be executed in many domains including physical domains, cyber security domains, cyber-physical domains, infrastructure domains, etc. or any other domains that are subject to a threat or a loss.

  15. LANSCE radiation security system (RSS)

    International Nuclear Information System (INIS)

    Gallegos, F.R.

    1996-01-01

    The Radiation Security System (RSS) is an engineered safety system which automatically terminates transmission of accelerated ion beams in response to pre-defined abnormal conditions. It is one of the four major mechanisms used to protect people from radiation hazards induced by accelerated pulsed ion beams at the Los Alamos Neutron Science Center (LANSCE). The others are shielding, administrative policies and procedures, and qualified, trained personnel. Prompt radiation hazards at the half-mile long LANSCE accelerator exist due to average beam intensities ranging from 1 milli-amp for H + beam to 100 micro-amps for the high intensity H - beam. Experimental programs are supplied with variable energy (maximum 800 MeV), pulse-width (maximum 1 msec), and pulse frequency (maximum 120 Hz) ion beams. The RSS includes personnel access control systems, beam spill monitoring systems, and beam current level limiting systems. It is a stand-alone system with redundant logic chains. A fault of the RSS will cause the insertion of fusible beam plugs in the accelerator low energy beam transport. The design philosophy, description, and operation of the RSS are described in this paper

  16. Security management

    International Nuclear Information System (INIS)

    Adams, H.W.

    1990-01-01

    Technical progress is moving more and more quickly and the systems thus produced are so complex and have become so unclear to the individual that he can no longer estimate the consequences: Faith in progress has given way to deep mistrust. Companies have adjusted to this change in consciousness. An interesting tendency can be identified: technical security is already available - now the organization of security has become an important objective for companies. The key message of the book is: If outworn technical systems are no longer adequate, the organization must be thoroughly overhauled. Five chapters deal with the following themes: organization as an aspect of society; risk control; aspects of security; is there security in ADP; the broader concept of security. (orig./HP) [de

  17. Evaluation on Electronic Securities Settlements Systems by AHP Methods

    Science.gov (United States)

    Fukaya, Kiyoyuki; Komoda, Norihisa

    Accompanying the spread of Internet and the change of business models, electronic commerce expands buisness areas. Electronic finance commerce becomes popular and especially online security tradings becoome very popular in this area. This online securitiy tradings have some good points such as less mistakes than telephone calls. In order to expand this online security tradings, the transfer of the security paper is one the largest problems to be solved. Because it takes a few days to transfer the security paper from a seller to a buyer. So the dematerialization of security papers is one of the solutions. The demterilization needs the information systems for setteling security. Some countries such as France, German, United Kingdom and U.S.A. have been strating the dematerialization projects. The legacy assesments on these projects focus from the viewpoint of the legal schemes only and there is no assessment from system architectures. This paper focuses on the information system scheme and valuates these dematerlization projects by AHP methods from the viewpoints of “dematerializaion of security papers", “speed of transfer", “usefulness on the system" and “accumulation of risks". This is the first case of valuations on security settlements systems by AHP methods, especially four counties’ systems.

  18. 49 CFR 659.21 - System security plan: general requirements.

    Science.gov (United States)

    2010-10-01

    ... 49 Transportation 7 2010-10-01 2010-10-01 false System security plan: general requirements. 659.21... State Oversight Agency § 659.21 System security plan: general requirements. (a) The oversight agency shall require the rail transit agency to implement a system security plan that, at a minimum, complies...

  19. Virtual-Reality training system for nuclear security

    International Nuclear Information System (INIS)

    Nonaka, Nobuyuki

    2012-01-01

    At the Integrated Support Center for Nuclear Nonproliferation and Nuclear Security (ISCN) of the Japan Atomic Energy Agency, the virtual reality (VR) training system is under development for providing a practical training environment to implement experience-oriented and interactive lessons on nuclear security for wide range of participants in human resource development assistance program mainly to Asian emerging nuclear-power countries. This system electrically recreates and visualizes nuclear facilities and training conditions in stereoscopic (3D) view on a large-scale display (CAVE system) as virtual reality training facility (VR facility) and it provides training participants with effective environments to learn installation and layout of security equipment in the facility testing and verifying visually the protection performances under various situations such as changes in day-night lighting and weather conditions, which may lead to practical exercise in the design and evaluation of the physical protection system. This paper introduces basic concept of the system and outline of training programs as well as featured aspects in using the VR technology for the nuclear security. (author)

  20. A Framework for Adaptive Information Security Systems : A Holistic Investigation

    OpenAIRE

    Mwakalinga, Jeffy

    2011-01-01

    This research proposes a framework for adaptive information security systems that considers both the technical and social aspects of information systems security. Initial development of information systems security focused on computer technology and communication protocols. Researchers and designers did not consider culture, traditions, ethics, and other social issues of the people using the systems when designing and developing information security systems. They also seemed to ignore environ...

  1. Information Security Management System toolkit

    OpenAIRE

    Καραμανλής, Μάνος; Karamanlis, Manos

    2016-01-01

    Secure management of information is becoming critical for any organization because information is one of the most valuable assets in organization’s business operations. An Information security management system (ISMS) consists of the policies, procedures, guidelines, and associated resources and activities, collectively managed by an organization, in the pursuit of protecting its information assets. An ISMS is a systematic approach for establishing, implementing, operating, mon...

  2. SCPR: Secure Crowdsourcing-Based Parking Reservation System

    Directory of Open Access Journals (Sweden)

    Changsheng Wan

    2017-01-01

    Full Text Available The crowdsourcing-based parking reservation system is a new computing paradigm, where private owners can rent their parking spots out. Security is the main concern for parking reservation systems. However, current schemes cannot provide user privacy protection for drivers and have no key agreement functions, resulting in a lot of security problems. Moreover, current schemes are typically based on the time-consuming bilinear pairing and not suitable for real-time applications. To solve these security and efficiency problems, we present a novel security protocol with user privacy called SCPR. Similar to protocols of this field, SCPR can authenticate drivers involved in the parking reservation system. However, different from other well-known approaches, SCPR uses pseudonyms instead of real identities for providing user privacy protection for drivers and designs a novel pseudonym-based key agreement protocol. Finally, to reduce the time cost, SCPR designs several novel cryptographic algorithms based on the algebraic signature technique. By doing so, SCPR can satisfy a number of security requirements and enjoy high efficiency. Experimental results show SCPR is feasible for real world applications.

  3. Evaluation of secure capability-based access control in the M2M local cloud platform

    DEFF Research Database (Denmark)

    Anggorojati, Bayu; Prasad, Neeli R.; Prasad, Ramjee

    2016-01-01

    delegation. Recently, the capability based access control has been considered as method to manage access in the Internet of Things (IoT) or M2M domain. In this paper, the implementation and evaluation of a proposed secure capability based access control in the M2M local cloud platform is presented......Managing access to and protecting resources is one of the important aspect in managing security, especially in a distributed computing system such as Machine-to-Machine (M2M). One such platform known as the M2M local cloud platform, referring to BETaaS architecture [1], which conceptually consists...... of multiple distributed M2M gateways, creating new challenges in the access control. Some existing access control systems lack in scalability and flexibility to manage access from users or entity that belong to different authorization domains, or fails to provide fine grained and flexible access right...

  4. Managing a major security system installation: Practical lessons learned

    International Nuclear Information System (INIS)

    Roehrig, S.C.

    1986-01-01

    Sandia National Laboratories has been heavily involved for over a decade in aiding a number of DOE facilities in defining and implementing upgraded security safeguards systems. Because security system definition, design, and installation is still a relatively new field to the commercial world, effective project management must pay special attention to first understanding and then interpreting the unique aspects of a security system for all concerned parties. Experiences from an actual security system installation are used to illustrate some project management approaches which have been found to be effective

  5. Controlled quantum secure direct communication using a non-symmetric quantum channel with quantum superdense coding

    International Nuclear Information System (INIS)

    Xia, Yan; Song, He-Shan

    2007-01-01

    We present a controlled quantum secure direct communication protocol that uses a 2-dimensional Greenberger-Horne-Zeilinger (GHZ) entangled state and a 3-dimensional Bell-basis state and employs the high-dimensional quantum superdense coding, local collective unitary operations and entanglement swapping. The proposed protocol is secure and of high source capacity. It can effectively protect the communication against a destroying-travel-qubit-type attack. With this protocol, the information transmission is greatly increased. This protocol can also be modified, so that it can be used in a multi-party control system

  6. Congestion management considering voltage security of power systems

    International Nuclear Information System (INIS)

    Esmaili, Masoud; Shayanfar, Heidar Ali; Amjady, Nima

    2009-01-01

    Congestion in a power network is turned up due to system operating limits. To relieve congestion in a deregulated power market, the system operator pays to market participants, GENCOs and DISCOs, to alter their active powers considering their bids. After performing congestion management, the network may be operated with a low security level because of hitting some flows their upper limit and some voltages their lower limit. In this paper, a novel congestion management method based on the voltage stability margin sensitivities is introduced. Using the proposed method, the system operator so alleviates the congestion that the network can more retain its security. The proposed method not only makes the system more secure after congestion management than other methods already presented for this purpose but also its cost of providing security is lower than the earlier methods. Test results of the proposed method along with the earlier ones on the New-England test system elaborate the efficiency of the proposed method from the viewpoint of providing a better voltage stability margin and voltage profile as well as a lower security cost. (author)

  7. Review of the Main Security Problems with Multi-Agent Systems used in E-commerce Applications

    Directory of Open Access Journals (Sweden)

    Alfonso GONZÁLEZ BRIONES

    2016-12-01

    Full Text Available The ability to connect to the Internet from a wide variety of devices such as smart phones, IoT devices and desktops at anytime and anywhere, produces a large number of e-commerce transactions, such as purchases of clothes, ticket entrances for performances, or banking operations. The increasing number of these transactions has also created an increase in the number of threats and attacks by third parties to access user data banks. It is important to control the access procedure to user data so that the number of threats does not continue to grow. To do so, it is necessary to prevent unauthorized access, theft and fraud in electronic commerce, which is required to ensure the safety of these transactions. Many e-commerce platforms are developed through multi-agent-systems because they include certain advantages to control the product, resource management, task distribution, etc. However, there are a number of threats that can jeopardize the safety of the agents that make up the system. These issues must be taken into account in the development of these multi-agent systems. However, existing methods of development do not cover in depth the issue of security. It is necessary to present and classify the potential security flaws of multi-agent systems. Therefore, the present research presents a review of the main vulnerabilities that occur in multi-agent systems responsible for managing e-commerce applications, as well as the proposed solutions to the major security problems on these platform systems. The main conclusions provided by this research is the need to optimize security measures and enhance the different security solutions applied in e-commerce applications in order to prevent identity theft, access to private data, access control, etc. It is therefore essential to continue to develop the security methods employed in applications such as e-commerce as different types of attacks and threats continue to evolve.

  8. Physical layer approaches for securing wireless communication systems

    CERN Document Server

    Wen, Hong

    2013-01-01

    This book surveys the outstanding work of physical-layer (PHY) security, including  the recent achievements of confidentiality and authentication for wireless communication systems by channel identification. A practical approach to building unconditional confidentiality for Wireless Communication security by feedback and error correcting code is introduced and a framework of PHY security based on space time block code (STBC) MIMO system is demonstrated.  Also discussed is a scheme which combines cryptographic techniques implemented in the higher layer with the physical layer security approach

  9. High Assurance Models for Secure Systems

    Science.gov (United States)

    Almohri, Hussain M. J.

    2013-01-01

    Despite the recent advances in systems and network security, attacks on large enterprise networks consistently impose serious challenges to maintaining data privacy and software service integrity. We identify two main problems that contribute to increasing the security risk in a networked environment: (i) vulnerable servers, workstations, and…

  10. 12 CFR 792.67 - Security of systems of records.

    Science.gov (United States)

    2010-01-01

    ... 12 Banks and Banking 6 2010-01-01 2010-01-01 false Security of systems of records. 792.67 Section... AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED INFORMATION The Privacy Act § 792.67 Security of systems of records. (a) Each system manager, with the approval of the head of that...

  11. Improving Security in the ATLAS PanDA System

    International Nuclear Information System (INIS)

    Caballero, J; Maeno, T; Potekhin, M; Wenaus, T; Nilsson, P; Stewart, G

    2011-01-01

    The security challenges faced by users of the grid are considerably different to those faced in previous environments. The adoption of pilot jobs systems by LHC experiments has mitigated many of the problems associated with the inhomogeneities found on the grid and has greatly improved job reliability; however, pilot jobs systems themselves must then address many security issues, including the execution of multiple users' code under a common 'grid' identity. In this paper we describe the improvements and evolution of the security model in the ATLAS PanDA (Production and Distributed Analysis) system. We describe the security in the PanDA server which is in place to ensure that only authorized members of the VO are allowed to submit work into the system and that jobs are properly audited and monitored. We discuss the security in place between the pilot code itself and the PanDA server, ensuring that only properly authenticated workload is delivered to the pilot for execution. When the code to be executed is from a 'normal' ATLAS user, as opposed to the production system or other privileged actor, then the pilot may use an EGEE developed identity switching tool called gLExec. This changes the grid proxy available to the job and also switches the UNIX user identity to protect the privileges of the pilot code proxy. We describe the problems in using this system and how they are overcome. Finally, we discuss security drills which have been run using PanDA and show how these improved our operational security procedures.

  12. Marketing and reputation aspects of neonatal safeguards and hospital-security systems.

    Science.gov (United States)

    Smith, Alan D

    2009-01-01

    Technological advancements have migrated from personal-use electronics into the healthcare setting for security enhancements. Within maternity wards and nurseries, technology was seen as one of best way to protect newborns from abduction. The present study is a focus on what systems and methods are used in neonatal security, the security arrangements, staff training, and impacts outside the control of the hospital, customer satisfaction and customer relations management. Through hypothesis-testing and exploratory analysis, gender biases and extremely high levels of security were found within a web-enabled and professional sample of 200 respondents. The factor-based constructs were found to be, in order of the greatest explained variance: security concerns, personal technology usage, work technology applications, and demographic maturity concerns, resulting in four factor-based scores with significant combined variance of 61.5%. It was found that through a better understanding on the importance and vital need for hospitals to continue to improve on their technology-based security policies significantly enhanced their reputation in the highly competitive local healthcare industry.

  13. Command and Control for Homeland Security

    National Research Council Canada - National Science Library

    Greene, Marjorie

    2007-01-01

    ... Security June 2006, NIMS Revision Version 2 March 2007, NWDC Domestic Disaster Relief Operations Planning, 15 May 2006, AFRL-Supported Studies on Large- Scale Coordination, A Sociotechnical Systems...

  14. Agent-based Cyber Control Strategy Design for Resilient Control Systems: Concepts, Architecture and Methodologies

    Energy Technology Data Exchange (ETDEWEB)

    Craig Rieger; Milos Manic; Miles McQueen

    2012-08-01

    The implementation of automated regulatory control has been around since the middle of the last century through analog means. It has allowed engineers to operate the plant more consistently by focusing on overall operations and settings instead of individual monitoring of local instruments (inside and outside of a control room). A similar approach is proposed for cyber security, where current border-protection designs have been inherited from information technology developments that lack consideration of the high-reliability, high consequence nature of industrial control systems. Instead of an independent development, however, an integrated approach is taken to develop a holistic understanding of performance. This performance takes shape inside a multiagent design, which provides a notional context to model highly decentralized and complex industrial process control systems, the nervous system of critical infrastructure. The resulting strategy will provide a framework for researching solutions to security and unrecognized interdependency concerns with industrial control systems.

  15. Computer security at ukrainian nuclear facilities: interface between nuclear safety and security

    International Nuclear Information System (INIS)

    Chumak, D.; Klevtsov, O.

    2015-01-01

    Active introduction of information technology, computer instrumentation and control systems (I and C systems) in the nuclear field leads to a greater efficiency and management of technological processes at nuclear facilities. However, this trend brings a number of challenges related to cyber-attacks on the above elements, which violates computer security as well as nuclear safety and security of a nuclear facility. This paper considers regulatory support to computer security at the nuclear facilities in Ukraine. The issue of computer and information security considered in the context of physical protection, because it is an integral component. The paper focuses on the computer security of I and C systems important to nuclear safety. These systems are potentially vulnerable to cyber threats and, in case of cyber-attacks, the potential negative impact on the normal operational processes can lead to a breach of the nuclear facility security. While ensuring nuclear security of I and C systems, it interacts with nuclear safety, therefore, the paper considers an example of an integrated approach to the requirements of nuclear safety and security

  16. An Attack Model Development Process for the Cyber Security of Safety Related Nuclear Digital I and C Systems

    Energy Technology Data Exchange (ETDEWEB)

    Khand, Parvaiz Ahmed; Seong, Poong Hyun [Korea Advanced Institute of Science and Technology, Daejeon (Korea, Republic of)

    2007-10-15

    Nuclear power plants (NPPs), the redundant safety related systems are designed to take automatic action to prevent and mitigate accident conditions if the operators and the non-safety systems fail to maintain the plant within normal operating conditions. Presently, there is trend of connecting computer networks of commercial NPPs to corporate local area networks (LANs) to give engineers access to plant data for economic benefits. An increase in plant efficiency of a couple percentage points can translate to millions upon millions of dollars per year. The nuclear industry is also moving in the direction of installing digital controls that would allow for remote operation of plant functions, perhaps within a few years. However, this connectivity may also cause new security problems such as: in 2003, a computer worm named as slammer penetrated a private computer network at Ohio's Davis-Besse nuclear plant and disabled a safety monitoring system called a safety parameter display system (SPDS). Moreover, the present systems were developed with consideration of reliability and safety rather than security. In present scenario, there is a need to model and understand the cyber attacks towards these systems in a systematic way, and to demonstrate that the plant specific procedures and the imposed security controls adequately protect the systems from analyzed cyber security attacks. Attack trees provide a systematic, disciplined and effective way to model and understand cyber attacks towards any type of systems, make it possible to understand risks from deliberate, malicious intrusions from attackers, and make security decisions. Using attack trees the security of large systems can be modeled by considering a security breach as a system failure, and describing it with a set of events that can lead to system failure in a combinatorial way. The attacks towards the system are represented in a tree structure, with an attack that can significantly damage the system operation

  17. An Attack Model Development Process for the Cyber Security of Safety Related Nuclear Digital I and C Systems

    International Nuclear Information System (INIS)

    Khand, Parvaiz Ahmed; Seong, Poong Hyun

    2007-01-01

    Nuclear power plants (NPPs), the redundant safety related systems are designed to take automatic action to prevent and mitigate accident conditions if the operators and the non-safety systems fail to maintain the plant within normal operating conditions. Presently, there is trend of connecting computer networks of commercial NPPs to corporate local area networks (LANs) to give engineers access to plant data for economic benefits. An increase in plant efficiency of a couple percentage points can translate to millions upon millions of dollars per year. The nuclear industry is also moving in the direction of installing digital controls that would allow for remote operation of plant functions, perhaps within a few years. However, this connectivity may also cause new security problems such as: in 2003, a computer worm named as slammer penetrated a private computer network at Ohio's Davis-Besse nuclear plant and disabled a safety monitoring system called a safety parameter display system (SPDS). Moreover, the present systems were developed with consideration of reliability and safety rather than security. In present scenario, there is a need to model and understand the cyber attacks towards these systems in a systematic way, and to demonstrate that the plant specific procedures and the imposed security controls adequately protect the systems from analyzed cyber security attacks. Attack trees provide a systematic, disciplined and effective way to model and understand cyber attacks towards any type of systems, make it possible to understand risks from deliberate, malicious intrusions from attackers, and make security decisions. Using attack trees the security of large systems can be modeled by considering a security breach as a system failure, and describing it with a set of events that can lead to system failure in a combinatorial way. The attacks towards the system are represented in a tree structure, with an attack that can significantly damage the system operation as a

  18. Design and implementation of modular home security system with short messaging system

    Directory of Open Access Journals (Sweden)

    Budijono Santoso

    2014-03-01

    Full Text Available Today we are living in 21st century where crime become increasing and everyone wants to secure they asset at their home. In that situation user must have system with advance technology so person do not worry when getting away from his home. It is therefore the purpose of this design to provide home security device, which send fast information to user GSM (Global System for Mobile mobile device using SMS (Short Messaging System and also activate - deactivate system by SMS. The Modular design of this Home Security System make expandable their capability by add more sensors on that system. Hardware of this system has been designed using microcontroller AT Mega 328, PIR (Passive Infra Red motion sensor as the primary sensor for motion detection, camera for capturing images, GSM module for sending and receiving SMS and buzzer for alarm. For software this system using Arduino IDE for Arduino and Putty for testing connection programming in GSM module. This Home Security System can monitor home area that surrounding by PIR sensor and sending SMS, save images capture by camera, and make people panic by turn on the buzzer when trespassing surrounding area that detected by PIR sensor. The Modular Home Security System has been tested and succeed detect human movement.

  19. Improvement of Networked Control Systems Performance Using a New Encryption Algorithm

    Directory of Open Access Journals (Sweden)

    Seyed Ali Mesbahifard

    2014-07-01

    Full Text Available Networked control systems are control systems which controllers and plants are connected via telecommunication network. One of the most important challenges in networked control systems is the problem of network time delay. Increasing of time delay may affect on control system performance extremely. Other important issue in networked control systems is the security problems. Since it is possible that unknown people access to network especially Internet, the probability of terrible attacks such as deception attacks is greater, therefore presentation of methods which could decrease time delay and increase system immunity are desired. In this paper a symmetric encryption with low data volume against deception attacks is proposed. This method has high security and low time delay rather than the other encryption algorithms and could improve the control system performance against deception attacks.

  20. 45 CFR 2508.9 - What officials are responsible for the security, management and control of Corporation record...

    Science.gov (United States)

    2010-10-01

    ..., management and control of Corporation record keeping systems? 2508.9 Section 2508.9 Public Welfare... IMPLEMENTATION OF THE PRIVACY ACT OF 1974 § 2508.9 What officials are responsible for the security, management and control of Corporation record keeping systems? (a) The Director of Administration and Management...

  1. Department of Energy security program needs effective information systems

    International Nuclear Information System (INIS)

    1991-10-01

    Although security is an important, nearly billion-dollar-a-year function in the Department of Energy (DOE), key information systems that hold important data about security weaknesses and incidents have limited analytical capabilities and contain unreliable information. The resultant difficulty in identifying patterns and trends reduces managers' ability to ensure the effectiveness of the security program. Resources are also wasted because DOE has deployed incompatible systems that are unable to electronically share or transfer data, often forcing employees to manually re-enter data that are already stored in computers elsewhere. Finally, continuing data problems with other important security information systems, such as those used to track security clearances and classified documents, indicate that information system deficiencies are extensive. A major reason for these problems is that DOE has not done a comprehensive, strategic assessment of its information and information technology needs of the security program. DOE's efforts are fragmented because it has not assigned to any organization the leadership responsibility to determine security information needs and to plan and manage security information resources Department-wide. This paper reports that a number of changes are needed to correct these problems and take advantage of information technology to help strengthen the security program

  2. System security in the space flight operations center

    Science.gov (United States)

    Wagner, David A.

    1988-01-01

    The Space Flight Operations Center is a networked system of workstation-class computers that will provide ground support for NASA's next generation of deep-space missions. The author recounts the development of the SFOC system security policy and discusses the various management and technology issues involved. Particular attention is given to risk assessment, security plan development, security implications of design requirements, automatic safeguards, and procedural safeguards.

  3. Secure it now or secure it later: the benefits of addressing cyber-security from the outset

    Science.gov (United States)

    Olama, Mohammed M.; Nutaro, James

    2013-05-01

    The majority of funding for research and development (R&D) in cyber-security is focused on the end of the software lifecycle where systems have been deployed or are nearing deployment. Recruiting of cyber-security personnel is similarly focused on end-of-life expertise. By emphasizing cyber-security at these late stages, security problems are found and corrected when it is most expensive to do so, thus increasing the cost of owning and operating complex software systems. Worse, expenditures on expensive security measures often mean less money for innovative developments. These unwanted increases in cost and potential slowing of innovation are unavoidable consequences of an approach to security that finds and remediate faults after software has been implemented. We argue that software security can be improved and the total cost of a software system can be substantially reduced by an appropriate allocation of resources to the early stages of a software project. By adopting a similar allocation of R&D funds to the early stages of the software lifecycle, we propose that the costs of cyber-security can be better controlled and, consequently, the positive effects of this R&D on industry will be much more pronounced.

  4. Use of Attack Graphs in Security Systems

    Directory of Open Access Journals (Sweden)

    Vivek Shandilya

    2014-01-01

    Full Text Available Attack graphs have been used to model the vulnerabilities of the systems and their potential exploits. The successful exploits leading to the partial/total failure of the systems are subject of keen security interest. Considerable effort has been expended in exhaustive modeling, analyses, detection, and mitigation of attacks. One prominent methodology involves constructing attack graphs of the pertinent system for analysis and response strategies. This not only gives the simplified representation of the system, but also allows prioritizing the security properties whose violations are of greater concern, for both detection and repair. We present a survey and critical study of state-of-the-art technologies in attack graph generation and use in security system. Based on our research, we identify the potential, challenges, and direction of the current research in using attack graphs.

  5. First Dutch Process Control Security Event

    NARCIS (Netherlands)

    Luiijf, H.A.M.

    2008-01-01

    On May 21st , 2008, the Dutch National Infrastructure against Cyber Crime (NICC) organised their first Process Control Security Event. Mrs. Annemarie Zielstra, the NICC programme manager, opened the event. She welcomed the over 100 representatives of key industry sectors. “Earlier studies in the

  6. Distributed Energy Systems: Security Implications of the Grid of the Future

    Energy Technology Data Exchange (ETDEWEB)

    Stamber, Kevin L. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Kelic, Andjelka [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Taylor, Robert A. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Henry, Jordan M [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Stamp, Jason E. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

    2017-01-01

    Distributed Energy Resources (DER) are being added to the nation's electric grid, and as penetration of these resources increases, they have the potential to displace or offset large-scale, capital-intensive, centralized generation. Integration of DER into operation of the traditional electric grid requires automated operational control and communication of DER elements, from system measurement to control hardware and software, in conjunction with a utility's existing automated and human-directed control of other portions of the system. Implementation of DER technologies suggests a number of gaps from both a security and a policy perspective. This page intentionally left blank.

  7. Information security requirements in patient-centred healthcare support systems.

    Science.gov (United States)

    Alsalamah, Shada; Gray, W Alex; Hilton, Jeremy; Alsalamah, Hessah

    2013-01-01

    Enabling Patient-Centred (PC) care in modern healthcare requires the flow of medical information with the patient between different healthcare providers as they follow the patient's treatment plan. However, PC care threatens the stability of the balance of information security in the support systems since legacy systems fall short of attaining a security balance when sharing their information due to compromises made between its availability, integrity, and confidentiality. Results show that the main reason for this is that information security implementation in discrete legacy systems focused mainly on information confidentiality and integrity leaving availability a challenge in collaboration. Through an empirical study using domain analysis, observations, and interviews, this paper identifies a need for six information security requirements in legacy systems to cope with this situation in order to attain the security balance in systems supporting PC care implementation in modern healthcare.

  8. Risk Informed Approach for Nuclear Security Measures for Nuclear and Other Radioactive Material out of Regulatory Control. Implementing Guide

    International Nuclear Information System (INIS)

    2015-01-01

    This publication provides guidance to States for developing a risk informed approach and for conducting threat and risk assessments as the basis for the design and implementation of sustainable nuclear security systems and measures for prevention of, detection of, and response to criminal and intentional unauthorised acts involving nuclear and other radioactive material out of regulatory control. It describes concepts and methodologies for a risk informed approach, including identification and assessment of threats, targets, and potential consequences; threat and risk assessment methodologies, and the use of risk informed approaches as the basis for informing the development and implementation of nuclear security systems and measures. The publication is an Implementing Guide within the IAEA Nuclear Security Series and is intended for use by national policy makers, law enforcement agencies and experts from competent authorities and other relevant organizations involved in the establishment, implementation, maintenance or sustainability of nuclear security systems and measures related to nuclear and other radioactive material out of regulatory control

  9. CryptosFS: Fast Cryptographic Secure NFS

    OpenAIRE

    O'Shanahan, Declan

    2000-01-01

    The issue of security in file-systems is as relevant today as when the first file system was developed. Current file system implementations rely heavily on centralised security mechanisms such as access control lists. The problem of security in file systems was made more complicated by the introduction of remote access to files. Storing information on a remote server has the potential to introduce additional security weaknesses into the file system model. The client, the commun...

  10. Data security in Intelligent Transport Systems

    Directory of Open Access Journals (Sweden)

    Tomas Zelinka

    2012-10-01

    Full Text Available Intelligent Transport Services expect availability of the secure seamless communications solutions typically covering widely spread areas. Different ITS solutions require different portfolio of telecommunications service quality. These parameters have to correspond with ITS service performance parameters required by specific service. Even though quite extensive range of public wireless data services with reasonable coverage are provided, most of them are provided with no guaranteed quality and security. ITS requirements can be in most parameters easier reached if multi-path communications systems are applied core solution is combined with both public as well as private ones where and when it is needed. Such solution requires implementation of relevant flexible system architecture supported by the efficient decision processes. This paper is concentrated the telecommunications security issues relevant to the ITS wide area networking. Expected level of security varies in dependence on relevant ITS service requirements. Data volumes transferred both in private data vehicle on board networks as well as between vehicles and infrastructure (C2I or other vehicles (C2C progressively grow. Such trend upsurges the fatal problems appearance probability in case security of the wide area networks is not relevantly treated. That is reason why relevant communications security treatment becomes crucial part of the ITS solution. Besides of available "off shelf" security tools we present solution based on non-public universal identifier with dynamical extension (time and position dependency as an autonomous variables and data selection according to actor role or category. Presented results were obtained within projects e-Ident1, DOTEK2 and SRATVU3.

  11. Enterprise Mac Security Mac OS X Snow Leopard Security

    CERN Document Server

    Edge, Stephen Charles; Hunter, Beau; Sullivan, Gene; LeBlanc, Dee-Ann

    2010-01-01

    A common misconception in the Mac community is that Mac's operating system is more secure than others. While this might be true in certain cases, security on the Mac is still a crucial issue. When sharing is enabled or remote control applications are installed, Mac OS X faces a variety of security threats. Enterprise Mac Security: Mac OS X Snow Leopard is a definitive, expert-driven update of the popular, slash-dotted first edition and was written in part as a companion to the SANS Institute course for Mac OS X. It contains detailed Mac OS X security information, and walkthroughs on securing s

  12. APSCOM - 97. Fourth international conference on advances in power system control, operation and management. Proceedings

    Energy Technology Data Exchange (ETDEWEB)

    NONE

    1997-12-31

    The sessions covered are: FALTS devices; intelligent computing advances; protection; voltage security; local forecasting; modelling techniques; security applications; distribution; alternative generation and control; power system analysis; transient stability; substation equipment; genetic algorithm application; a.c. drives; dynamic stability; power flow; new techniques; open access; power developments in China; system stability; protection techniques and devices; harmonics; monitoring and simulation; security assessment; computational techniques; generating costing and control; power control; operation experiences; machines and traction; electrical installations; Hong Kong power systems; power equipment and modelling; control algorithms and operations; and power systems in buildings.

  13. Algorithms, architectures and information systems security

    CERN Document Server

    Sur-Kolay, Susmita; Nandy, Subhas C; Bagchi, Aditya

    2008-01-01

    This volume contains articles written by leading researchers in the fields of algorithms, architectures, and information systems security. The first five chapters address several challenging geometric problems and related algorithms. These topics have major applications in pattern recognition, image analysis, digital geometry, surface reconstruction, computer vision and in robotics. The next five chapters focus on various optimization issues in VLSI design and test architectures, and in wireless networks. The last six chapters comprise scholarly articles on information systems security coverin

  14. Critical infrastructure system security and resiliency

    CERN Document Server

    Biringer, Betty; Warren, Drake

    2013-01-01

    Security protections for critical infrastructure nodes are intended to minimize the risks resulting from an initiating event, whether it is an intentional malevolent act or a natural hazard. With an emphasis on protecting an infrastructure's ability to perform its mission or function, Critical Infrastructure System Security and Resiliency presents a practical methodology for developing an effective protection system that can either prevent undesired events or mitigate the consequences of such events.Developed at Sandia National Labs, the authors' analytical approach and

  15. Security and SCADA protocols

    International Nuclear Information System (INIS)

    Igure, V. M.; Williams, R. D.

    2006-01-01

    Supervisory control and data acquisition (SCADA) networks have replaced discrete wiring for many industrial processes, and the efficiency of the network alternative suggests a trend toward more SCADA networks in the future. This paper broadly considers SCADA to include distributed control systems (DCS) and digital control systems. These networks offer many advantages, but they also introduce potential vulnerabilities that can be exploited by adversaries. Inter-connectivity exposes SCADA networks to many of the same threats that face the public internet and many of the established defenses therefore show promise if adapted to the SCADA differences. This paper provides an overview of security issues in SCADA networks and ongoing efforts to improve the security of these networks. Initially, a few samples from the range of threats to SCADA network security are offered. Next, attention is focused on security assessment of SCADA communication protocols. Three challenges must be addressed to strengthen SCADA networks. Access control mechanisms need to be introduced or strengthened, improvements are needed inside of the network to enhance security and network monitoring, and SCADA security management improvements and policies are needed. This paper discusses each of these challenges. This paper uses the Profibus protocol as an example to illustrate some of the vulnerabilities that arise within SCADA networks. The example Profibus security assessment establishes a network model and an attacker model before proceeding to a list of example attacks. (authors)

  16. Information security system quality assessment through the intelligent tools

    Science.gov (United States)

    Trapeznikov, E. V.

    2018-04-01

    The technology development has shown the automated system information security comprehensive analysis necessity. The subject area analysis indicates the study relevance. The research objective is to develop the information security system quality assessment methodology based on the intelligent tools. The basis of the methodology is the information security assessment model in the information system through the neural network. The paper presents the security assessment model, its algorithm. The methodology practical implementation results in the form of the software flow diagram are represented. The practical significance of the model being developed is noted in conclusions.

  17. Information Security and Wireless: Alternate Approaches for Controlling Access to Critical Information

    National Research Council Canada - National Science Library

    Nandram, Winsome

    2004-01-01

    .... Typically, network managers implement countermeasures to augment security. The goal of this thesis is to research approaches that compliment existing security measures with fine grain access control measures. The Extensible Markup Language (XML) is adopted to accommodate such granular access control as it provides the mechanisms for scaling security down to the document content level.

  18. A Novel Multifactor Authentication System Ensuring Usability and Security

    OpenAIRE

    Mathew, Gloriya; Thomas, Shiney

    2013-01-01

    User authentication is one of the most important part of information security. Computer security most commonly depends on passwords to authenticate human users. Password authentication systems will be either been usable but not secure, or secure but not usable. While there are different types of authentication systems available alphanumeric password is the most commonly used authentication mechanism. But this method has significant drawbacks. An alternative solution to the text based authenti...

  19. Secure Dynamic access control scheme of PHR in cloud computing.

    Science.gov (United States)

    Chen, Tzer-Shyong; Liu, Chia-Hui; Chen, Tzer-Long; Chen, Chin-Sheng; Bau, Jian-Guo; Lin, Tzu-Ching

    2012-12-01

    With the development of information technology and medical technology, medical information has been developed from traditional paper records into electronic medical records, which have now been widely applied. The new-style medical information exchange system "personal health records (PHR)" is gradually developed. PHR is a kind of health records maintained and recorded by individuals. An ideal personal health record could integrate personal medical information from different sources and provide complete and correct personal health and medical summary through the Internet or portable media under the requirements of security and privacy. A lot of personal health records are being utilized. The patient-centered PHR information exchange system allows the public autonomously maintain and manage personal health records. Such management is convenient for storing, accessing, and sharing personal medical records. With the emergence of Cloud computing, PHR service has been transferred to storing data into Cloud servers that the resources could be flexibly utilized and the operation cost can be reduced. Nevertheless, patients would face privacy problem when storing PHR data into Cloud. Besides, it requires a secure protection scheme to encrypt the medical records of each patient for storing PHR into Cloud server. In the encryption process, it would be a challenge to achieve accurately accessing to medical records and corresponding to flexibility and efficiency. A new PHR access control scheme under Cloud computing environments is proposed in this study. With Lagrange interpolation polynomial to establish a secure and effective PHR information access scheme, it allows to accurately access to PHR with security and is suitable for enormous multi-users. Moreover, this scheme also dynamically supports multi-users in Cloud computing environments with personal privacy and offers legal authorities to access to PHR. From security and effectiveness analyses, the proposed PHR access

  20. Utilizing Internet Technologies in Observatory Control Systems

    Science.gov (United States)

    Cording, Dean

    2002-12-01

    The 'Internet boom' of the past few years has spurred the development of a number of technologies to provide services such as secure communications, reliable messaging, information publishing and application distribution for commercial applications. Over the same period, a new generation of computer languages have also developed to provide object oriented design and development, improved reliability, and cross platform compatibility. Whilst the business models of the 'dot.com' era proved to be largely unviable, the technologies that they were based upon have survived and have matured to the point were they can now be utilized to build secure, robust and complete observatory control control systems. This paper will describe how Electro Optic Systems has utilized these technologies in the development of its third generation Robotic Observatory Control System (ROCS). ROCS provides an extremely flexible configuration capability within a control system structure to provide truly autonomous robotic observatory operation including observation scheduling. ROCS was built using Internet technologies such as Java, Java Messaging Service (JMS), Lightweight Directory Access Protocol (LDAP), Secure Sockets Layer (SSL), eXtendible Markup Language (XML), Hypertext Transport Protocol (HTTP) and Java WebStart. ROCS was designed to be capable of controlling all aspects of an observatory and be able to be reconfigured to handle changing equipment configurations or user requirements without the need for an expert computer programmer. ROCS consists of many small components, each designed to perform a specific task, with the configuration of the system specified using a simple meta language. The use of small components facilitates testing and makes it possible to prove that the system is correct.

  1. High Assurance Control of Cyber-Physical Systems with Application to Unmanned Aircraft Systems

    Science.gov (United States)

    Kwon, Cheolhyeon

    With recent progress in the networked embedded control technology, cyber attacks have become one of the major threats to Cyber-Physical Systems (CPSs) due to their close integration of physical processes, computational resources, and communication capabilities. While CPSs have various applications in both military and civilian uses, their on-board automation and communication afford significant advantages over a system without such abilities, but these benefits come at the cost of possible vulnerability to cyber attacks. Traditionally, most cyber security studies in CPSs are mainly based on the computer security perspective, focusing on issues such as the trustworthiness of data flow, without rigorously considering the system's physical processes such as real-time dynamic behaviors. While computer security components are key elements in the hardware/software layer, these methods alone are not sufficient for diagnosing the healthiness of the CPSs' physical behavior. In seeking to address this problem, this research work proposes a control theoretic perspective approach which can accurately represent the interactions between the physical behavior and the logical behavior (computing resources) of the CPS. Then a controls domain aspect is explored extending beyond just the logical process of the CPS to include the underlying physical behavior. This approach will allow the CPS whose physical operations are robust/resilient to the damage caused by cyber attacks, successfully complementing the existing CPS security architecture. It is important to note that traditional fault-tolerant/robust control methods could not be directly applicable to achieve resiliency against malicious cyber attacks which can be designed sophisticatedly to spoof the security/safety monitoring system (note this is different from common faults). Thus, security issues at this layer require different risk management to detect cyber attacks and mitigate their impact within the context of a unified

  2. Research on network information security model and system construction

    OpenAIRE

    Wang Haijun

    2016-01-01

    It briefly describes the impact of large data era on China’s network policy, but also brings more opportunities and challenges to the network information security. This paper reviews for the internationally accepted basic model and characteristics of network information security, and analyses the characteristics of network information security and their relationship. On the basis of the NIST security model, this paper describes three security control schemes in safety management model and the...

  3. Cost and performance analysis of physical security systems

    International Nuclear Information System (INIS)

    Hicks, M.J.; Yates, D.; Jago, W.H.; Phillips, A.W.

    1998-04-01

    Analysis of cost and performance of physical security systems can be a complex, multi-dimensional problem. There are a number of point tools that address various aspects of cost and performance analysis. Increased interest in cost tradeoffs of physical security alternatives has motivated development of an architecture called Cost and Performance Analysis (CPA), which takes a top-down approach to aligning cost and performance metrics. CPA incorporates results generated by existing physical security system performance analysis tools, and utilizes an existing cost analysis tool. The objective of this architecture is to offer comprehensive visualization of complex data to security analysts and decision-makers

  4. STFTP: Secure TFTP Protocol for Embedded Multi-Agent Systems Communication

    Directory of Open Access Journals (Sweden)

    ZAGAR, D.

    2013-05-01

    Full Text Available Today's embedded systems have evolved into multipurpose devices moving towards an embedded multi-agent system (MAS infrastructure. With the involvement of MAS in embedded systems, one remaining issues is establishing communication between agents in low computational power and low memory embedded systems without present Embedded Operating System (EOS. One solution is the extension of an outdated Trivial File Transfer Protocol (TFTP. The main advantage of using TFTP in embedded systems is the easy implementation. However, the problem at hand is the overall lack of security mechanisms in TFTP. This paper proposes an extension to the existing TFTP in a form of added security mechanisms: STFTP. The authentication is proposed using Digest Access Authentication process whereas the data encryption can be performed by various cryptographic algorithms. The proposal is experimentally tested using two embedded systems based on micro-controller architecture. Communication is analyzed for authentication, data rate and transfer time versus various data encryption ciphers and files sizes. STFTP results in an expected drop in performance, which is in the range of similar encryption algorithms. The system could be improved by using embedded systems of higher computational power or by the use of hardware encryption modules.

  5. 48 CFR 3045.511 - Audit of property control system.

    Science.gov (United States)

    2010-10-01

    ... 48 Federal Acquisition Regulations System 7 2010-10-01 2010-10-01 false Audit of property control system. 3045.511 Section 3045.511 Federal Acquisition Regulations System DEPARTMENT OF HOMELAND SECURITY... Government Property in the Possession of Contractors 3045.511 Audit of property control system. (a) The...

  6. Cyber Security Test Strategy for Non-safety Display System

    International Nuclear Information System (INIS)

    Son, Han Seong; Kim, Hee Eun

    2016-01-01

    Cyber security has been a big issue since the instrumentation and control (I and C) system of nuclear power plant (NPP) is digitalized. A cyber-attack on NPP should be dealt with seriously because it might cause not only economic loss but also the radioactive material release. Researches on the consequences of cyber-attack onto NPP from a safety point of view have been conducted. A previous study shows the risk effect brought by initiation of event and deterioration of mitigation function by cyber terror. Although this study made conservative assumptions and simplifications, it gives an insight on the effect of cyber-attack. Another study shows that the error on a non-safety display system could cause wrong actions of operators. According to this previous study, the failure of the operator action caused by a cyber-attack on a display system might threaten the safety of the NPP by limiting appropriate mitigation actions. This study suggests a test strategy focusing on the cyber-attack on the information and display system, which might cause the failure of operator. The test strategy can be suggested to evaluate and complement security measures. Identifying whether a cyber-attack on the information and display system can affect the mitigation actions of operator, the strategy to obtain test scenarios is suggested. The failure of mitigation scenario is identified first. Then, for the test target in the scenario, software failure modes are applied to identify realistic failure scenarios. Testing should be performed for those scenarios to confirm the integrity of data and to assure effectiveness of security measures

  7. Cyber Security Test Strategy for Non-safety Display System

    Energy Technology Data Exchange (ETDEWEB)

    Son, Han Seong [Joongbu University, Geumsan (Korea, Republic of); Kim, Hee Eun [KAIST, Daejeon (Korea, Republic of)

    2016-10-15

    Cyber security has been a big issue since the instrumentation and control (I and C) system of nuclear power plant (NPP) is digitalized. A cyber-attack on NPP should be dealt with seriously because it might cause not only economic loss but also the radioactive material release. Researches on the consequences of cyber-attack onto NPP from a safety point of view have been conducted. A previous study shows the risk effect brought by initiation of event and deterioration of mitigation function by cyber terror. Although this study made conservative assumptions and simplifications, it gives an insight on the effect of cyber-attack. Another study shows that the error on a non-safety display system could cause wrong actions of operators. According to this previous study, the failure of the operator action caused by a cyber-attack on a display system might threaten the safety of the NPP by limiting appropriate mitigation actions. This study suggests a test strategy focusing on the cyber-attack on the information and display system, which might cause the failure of operator. The test strategy can be suggested to evaluate and complement security measures. Identifying whether a cyber-attack on the information and display system can affect the mitigation actions of operator, the strategy to obtain test scenarios is suggested. The failure of mitigation scenario is identified first. Then, for the test target in the scenario, software failure modes are applied to identify realistic failure scenarios. Testing should be performed for those scenarios to confirm the integrity of data and to assure effectiveness of security measures.

  8. 5 CFR 930.301 - Information systems security awareness training program.

    Science.gov (United States)

    2010-01-01

    ... 5 Administrative Personnel 2 2010-01-01 2010-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information Systems § 930.301 Information systems security awareness training program. Each Executive Agency must develop a...

  9. Strengthening nuclear security

    International Nuclear Information System (INIS)

    Kurihara, Hiroyoshi

    2003-01-01

    The international situation after the end of the Cold-War has been quite unstable, due to the occurrence of frequent regional conflicts and domestic wars based on ethnic, religious or racial reasons. Further, threats to the would peace and security by non-state actors, like international terrorist groups, have been recognized after 9.11 terrorist attacks to the World Trade Center buildings and to the Pentagon. Utilization of nuclear energy, which encompasses both peaceful uses and military ones, required an establishment of regulatory system, by which risks associated with the development of nuclear energy can be controlled. Accordingly, nuclear safety control system, and then non-proliferation control system has been developed, both in the international level and notional level. In recognition of the present unstable international situations, it is required to establish, maintain and strengthen a system which control nuclear security aspect, in addition to the present systems. (author)

  10. Critical Infrastructure: Control Systems and the Terrorist Threat

    National Research Council Canada - National Science Library

    Shea, Dana A

    2003-01-01

    .... Industrial control computer systems involved in this infrastructure are specific points of vulnerability, as cyber-security for these systems has not been previously perceived as a high priority...

  11. Critical Infrastructure: Control Systems and the Terrorist Threat

    National Research Council Canada - National Science Library

    Shea, Dana A

    2004-01-01

    .... Industrial control computer systems involved in this infrastructure are specific points of vulnerability, as cyber-security for these systems has not been previously perceived as a high priority...

  12. INL Control System Situational Awareness Technology Annual Report 2012

    Energy Technology Data Exchange (ETDEWEB)

    Gordon Rueff; Bryce Wheeler; Todd Vollmer; Tim McJunkin; Robert Erbes

    2012-10-01

    The overall goal of this project is to develop an interoperable set of tools to provide a comprehensive, consistent implementation of cyber security and overall situational awareness of control and sensor network implementations. The operation and interoperability of these tools will fill voids in current technological offerings and address issues that remain an impediment to the security of control systems. This report provides an FY 2012 update on the Sophia, Mesh Mapper, Intelligent Cyber Sensor, and Data Fusion projects with respect to the year-two tasks and annual reporting requirements of the INL Control System Situational Awareness Technology report (July 2010).

  13. Controlled and secure direct communication using GHZ state and teleportation

    International Nuclear Information System (INIS)

    Gao, T.

    2004-01-01

    A theoretical scheme for controlled and secure direct communication is proposed. The communication is based on GHZ state and controlled quantum teleportation. After insuring the security of the quantum channel (a set of qubits in the GHZ state), alice encodes the secret message directly on a sequence of particle states in the GHZ state and transmits them to Bob, supervised by Charlie using controlled quantum teleportation. Bob can read out the encoded messages directly by the measurement on his qubits. In this scheme, the controlled quantum teleportation transmits alice's message without revealing any information to a potential eavesdropper. Because there is not a transmission of the qubit carrying the secret messages between Alice and Bob in the public channel, it is completely secure for controlled and direct secret communication if a perfect quantum channel is used. The feature of this scheme is that the communication between two sides depends on the agreement of a third side. (orig.)

  14. History-sensitive versus future-sensitive approaches to security in distributed systems

    DEFF Research Database (Denmark)

    Hernandez, Alejandro Mario; Nielson, Flemming

    2010-01-01

    We consider the use of aspect oriented techniques as a flexible way to deal with security policies in distributed systems. Recent work suggests to use aspects for analysing the future behaviour of programs and to make access control decisions based on this; this gives the flavour of dealing...

  15. Hybrid algorithm for rotor angle security assessment in power systems

    Directory of Open Access Journals (Sweden)

    D. Prasad Wadduwage

    2015-08-01

    Full Text Available Transient rotor angle stability assessment and oscillatory rotor angle stability assessment subsequent to a contingency are integral components of dynamic security assessment (DSA in power systems. This study proposes a hybrid algorithm to determine whether the post-fault power system is secure due to both transient rotor angle stability and oscillatory rotor angle stability subsequent to a set of known contingencies. The hybrid algorithm first uses a new security measure developed based on the concept of Lyapunov exponents (LEs to determine the transient security of the post-fault power system. Later, the transient secure power swing curves are analysed using an improved Prony algorithm which extracts the dominant oscillatory modes and estimates their damping ratios. The damping ratio is a security measure about the oscillatory security of the post-fault power system subsequent to the contingency. The suitability of the proposed hybrid algorithm for DSA in power systems is illustrated using different contingencies of a 16-generator 68-bus test system and a 50-generator 470-bus test system. The accuracy of the stability conclusions and the acceptable computational burden indicate that the proposed hybrid algorithm is suitable for real-time security assessment with respect to both transient rotor angle stability and oscillatory rotor angle stability under multiple contingencies of the power system.

  16. Supervisory Control and Data Acquisition (SCADA) Systems and Cyber-Security: Best Practices to Secure Critical Infrastructure

    Science.gov (United States)

    Morsey, Christopher

    2017-01-01

    In the critical infrastructure world, many critical infrastructure sectors use a Supervisory Control and Data Acquisition (SCADA) system. The sectors that use SCADA systems are the electric power, nuclear power and water. These systems are used to control, monitor and extract data from the systems that give us all the ability to light our homes…

  17. Social Security Funds Clamor for Reform

    Institute of Scientific and Technical Information of China (English)

    郑秉文

    2008-01-01

    This paper analyzed the institutional deficiencies inherent in China’s social security system based on a dissection of various social security fund violations. It holds that the unscientific design in social security system is the root cause for social security fund violations, which is reflected in low level of social security unification, irrational investment system and legislative loopholes etc. Currently, China’s social security funds are facing risks in management and in system; The key of risk control lies in the reforming of the overall framework of social security system through the following aspects: 1) readjust the unified account system structure to raise the level of unification; 2) reform funds investment system to boost ROI; 3) speeding up legislative to regulate the administrative costs and the behaviors of its entities.

  18. Nuclear Security Objectives of an NMAC System

    Energy Technology Data Exchange (ETDEWEB)

    West, Rebecca Lynn [Los Alamos National Lab. (LANL), Los Alamos, NM (United States)

    2018-01-05

    After completing this module, you should be able to: Describe the role of Nuclear Material Accounting and Control (NMAC) in comprehensive nuclear security at a facility; Describe purpose of NMAC; Identify differences between the use of NMAC for IAEA safeguards and for facility nuclear security; List NMAC elements and measures; and Describe process for resolution of irregularities

  19. Information Security Management - Part Of The Integrated Management System

    Science.gov (United States)

    Manea, Constantin Adrian

    2015-07-01

    The international management standards allow their integrated approach, thereby combining aspects of particular importance to the activity of any organization, from the quality management systems or the environmental management of the information security systems or the business continuity management systems. Although there is no national or international regulation, nor a defined standard for the Integrated Management System, the need to implement an integrated system occurs within the organization, which feels the opportunity to integrate the management components into a cohesive system, in agreement with the purpose and mission publicly stated. The issues relating to information security in the organization, from the perspective of the management system, raise serious questions to any organization in the current context of electronic information, reason for which we consider not only appropriate but necessary to promote and implement an Integrated Management System Quality - Environment - Health and Operational Security - Information Security

  20. 39 CFR 501.11 - Reporting Postage Evidencing System security weaknesses.

    Science.gov (United States)

    2010-07-01

    ... 39 Postal Service 1 2010-07-01 2010-07-01 false Reporting Postage Evidencing System security... security weaknesses. (a) For purposes of this section, provider refers to the Postage Evidencing System... Evidencing System model subject to each such method. Potential security weaknesses include but are not...