National Library of Energy BETA

Sample records for disaster management vulnerability

  1. Plutonium Vulnerability Management Plan

    SciTech Connect (OSTI)

    1995-03-01

    This Plutonium Vulnerability Management Plan describes the Department of Energy`s response to the vulnerabilities identified in the Plutonium Working Group Report which are a result of the cessation of nuclear weapons production. The responses contained in this document are only part of an overall, coordinated approach designed to enable the Department to accelerate conversion of all nuclear materials, including plutonium, to forms suitable for safe, interim storage. The overall actions being taken are discussed in detail in the Department`s Implementation Plan in response to the Defense Nuclear Facilities Safety Board (DNFSB) Recommendation 94-1. This is included as Attachment B.

  2. Disaster waste management: A review article

    SciTech Connect (OSTI)

    Brown, Charlotte; Milke, Mark; Seville, Erica

    2011-06-15

    Depending on their nature and severity, disasters can create large volumes of debris and waste. The waste can overwhelm existing solid waste management facilities and impact on other emergency response and recovery activities. If poorly managed, the waste can have significant environmental and public health impacts and can affect the overall recovery process. This paper presents a system overview of disaster waste management based on existing literature. The main literature available to date comprises disaster waste management plans or guidelines and isolated case studies. There is ample discussion on technical management options such as temporary storage sites, recycling, disposal, etc.; however, there is little or no guidance on how these various management options are selected post-disaster. The literature does not specifically address the impact or appropriateness of existing legislation, organisational structures and funding mechanisms on disaster waste management programmes, nor does it satisfactorily cover the social impact of disaster waste management programmes. It is envisaged that the discussion presented in this paper, and the literature gaps identified, will form a basis for future comprehensive and cohesive research on disaster waste management. In turn, research will lead to better preparedness and response to disaster waste management problems.

  3. T-731:Symantec IM Manager Code Injection Vulnerability | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    T-731:Symantec IM Manager Code Injection Vulnerability T-731:Symantec IM Manager Code Injection Vulnerability September 30, 2011 - 8:30am Addthis PROBLEM: Symantec IM Manager Code...

  4. V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy 0: IBM Application Manager For Smart Business Multiple Vulnerabilities V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities June 18, 2013 - 12:38am Addthis PROBLEM: IBM Application Manager For Smart Business Multiple Vulnerabilities PLATFORM: IBM Application Manager For Smart Business 1.x ABSTRACT: A security issue and multiple vulnerabilities have been reported in IBM Application Manager For Smart Business REFERENCE LINKS: Security Bulletin

  5. T-614: Cisco Unified Communications Manager Database Security Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy 14: Cisco Unified Communications Manager Database Security Vulnerability T-614: Cisco Unified Communications Manager Database Security Vulnerability May 3, 2011 - 7:37am Addthis PROBLEM: Cisco Unified Communications Manager contains a vulnerability that could allow an authenticated, remote attacker to inject arbitrary script code on a targeted system. PLATFORM: Cisco Unified Communications Manager versions prior to 8.5(1), 8.0(3), 7.1(5)su1, and 6.1(5)su2 are

  6. V-177: VMware vCenter Chargeback Manager File Upload Handling Vulnerability

    Broader source: Energy.gov [DOE]

    The vCenter Chargeback Manager contains a critical vulnerability that allows for remote code execution

  7. NNSA sites prepared for disasters using real-time response management...

    National Nuclear Security Administration (NNSA)

    disasters using real-time response management system | National Nuclear Security ... Apply for Our Jobs Our Jobs Working at NNSA Blog Home NNSA Blog NNSA sites ...

  8. V-122: IBM Tivoli Application Dependency Discovery Manager Java Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple security vulnerabilities exist in the Java Runtime Environments (JREs) that can affect the security of IBM Tivoli Application Dependency Discovery Manager

  9. T-560: Cisco Security Advisory: Management Center for Cisco Security Agent Remote Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    The Management Center for Cisco Security Agent is affected by a vulnerability that may allow an unauthenticated attacker to perform remote code execution on the affected device.

  10. V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits.

  11. U-116: IBM Tivoli Provisioning Manager Express for Software Distribution Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in IBM Tivoli Provisioning Manager Express for Software Distribution, which can be exploited by malicious people to conduct SQL injection attacks and compromise a user's system

  12. Managing the risks of extreme events and disasters to advance climate change adaptation. Special report of the Intergovernmental Panel on Climate Change (IPCC)

    SciTech Connect (OSTI)

    Field, C.B.; Barros, V.; Stocker, T.F.

    2012-07-01

    This Special Report on Managing the Risks of Extreme Events and Disasters to Advance Climate Change Adaptation (SREX) has been jointly coordinated by Working Groups I (WGI) and II (WGII) of the Intergovernmental Panel on Climate Change (IPCC). The report focuses on the relationship between climate change and extreme weather and climate events, the impacts of such events, and the strategies to manage the associated risks. This Special Report, in particular, contributes to frame the challenge of dealing with extreme weather and climate events as an issue in decision making under uncertainty, analyzing response in the context of risk management. The report consists of nine chapters, covering risk management; observed and projected changes in extreme weather and climate events; exposure and vulnerability to as well as losses resulting from such events; adaptation options from the local to the international scale; the role of sustainable development in modulating risks; and insights from specific case studies. (LN)

  13. T-694: IBM Tivoli Federated Identity Manager Products Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    This Security Alert addresses a serious security issue CVE-2010-4476 (Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number). This vulnerability might cause the Java Runtime Environment to hang, be in infinite loop, and/or crash resulting in a denial of service exposure. This same hang might occur if the number is written without scientific notation (324 decimal places). In addition to the Application Server being exposed to this attack, any Java program using the Double.parseDouble method is also at risk of this exposure including any customer written application or third party written application.

  14. V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    Symantec was notified of a pre-authentication buffer overflow found in the Symantec Endpoint Protection Manager (SEPM) and Symantec Endpoint Protection Center (SPC)

  15. Management response plan for the Chemical Safety Vulnerability Working Group report. Volume 2

    SciTech Connect (OSTI)

    Not Available

    1994-09-01

    The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 146 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. To address the facility-specific and site-specific vulnerabilities, responsible DOE and site-contractor line organizations have developed initial site response plans. These plans, presented as Volume 2 of this Management Response Plan, describe the actions needed to mitigate or eliminate the facility- and site-specific vulnerabilities identified by the CSV Working Group field verification teams. Initial site response plans are described for: Brookhaven National Lab., Hanford Site, Idaho National Engineering Lab., Lawrence Livermore National Lab., Los Alamos National Lab., Oak Ridge Reservation, Rocky Flats Plant, Sandia National Laboratories, and Savannah River Site.

  16. Disaster Resiliency and Recovery: Capabilities (Fact Sheet),...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    ... Long-Term Vulnerability Reduction To lessen the adverse consequences of future disaster ... signifcant savings from fewer power outages; lower electricity costs; and reduced ...

  17. Management response plan for the Chemical Safety Vulnerability Working Group report. Volume 1

    SciTech Connect (OSTI)

    Not Available

    1994-09-01

    The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 146 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 1 contains a discussion of the chemical safety improvements planned or already underway at DOE sites to correct facility or site-specific vulnerabilities. The main part of the report is a discussion of each of the programmatic deficiencies; a description of the tasks to be accomplished; the specific actions to be taken; and the organizational responsibilities for implementation.

  18. Data management for geospatial vulnerability assessment of interdependencies in US power generation

    SciTech Connect (OSTI)

    Shih, C.Y.; Scown, C.D.; Soibelman, L.; Matthews, H.S.; Garrett, J.H.; Dodrill, K.; McSurdy, S.

    2009-09-15

    Critical infrastructures maintain our society's stability, security, and quality of life. These systems are also interdependent, which means that the disruption of one infrastructure system can significantly impact the operation of other systems. Because of the heavy reliance on electricity production, it is important to assess possible vulnerabilities. Determining the source of these vulnerabilities can provide insight for risk management and emergency response efforts. This research uses data warehousing and visualization techniques to explore the interdependencies between coal mines, rail transportation, and electric power plants. By merging geospatial and nonspatial data, we are able to model the potential impacts of a disruption to one or more mines, rail lines, or power plants, and visually display the results using a geographical information system. A scenario involving a severe earthquake in the New Madrid Seismic Zone is used to demonstrate the capabilities of the model when given input in the form of a potentially impacted area. This type of interactive analysis can help decision makers to understand the vulnerabilities of the coal distribution network and the potential impact it can have on electricity production.

  19. U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS).

  20. Enhancing Disaster Management: Development of a Spatial Database of Day Care Centers in the USA

    SciTech Connect (OSTI)

    Singh, Nagendra; Tuttle, Mark A; Bhaduri, Budhendra L

    2015-01-01

    Children under the age of five constitute around 7% of the total U.S. population and represent a segment of the population, which is totally dependent on others for day-to-day activities. A significant proportion of this population spends time in some form of day care arrangement while their parents are away from home. Accounting for those children during emergencies is of high priority, which requires a broad understanding of the locations of such day care centers. As concentrations of at risk population, the spatial location of day care centers is critical for any type of emergency preparedness and response (EPR). However, until recently, the U.S. emergency preparedness and response community did not have access to a comprehensive spatial database of day care centers at the national scale. This paper describes an approach for the development of the first comprehensive spatial database of day care center locations throughout the USA utilizing a variety of data harvesting techniques to integrate information from widely disparate data sources followed by geolocating for spatial precision. In the context of disaster management, such spatially refined demographic databases hold tremendous potential for improving high resolution population distribution and dynamics models and databases.

  1. Enhancing Disaster Management: Development of a Spatial Database of Day Care Centers in the USA

    DOE Public Access Gateway for Energy & Science Beta (PAGES Beta)

    Singh, Nagendra; Tuttle, Mark A.; Bhaduri, Budhendra L.

    2015-07-30

    Children under the age of five constitute around 7% of the total U.S. population and represent a segment of the population, which is totally dependent on others for day-to-day activities. A significant proportion of this population spends time in some form of day care arrangement while their parents are away from home. Accounting for those children during emergencies is of high priority, which requires a broad understanding of the locations of such day care centers. As concentrations of at risk population, the spatial location of day care centers is critical for any type of emergency preparedness and response (EPR). However,more » until recently, the U.S. emergency preparedness and response community did not have access to a comprehensive spatial database of day care centers at the national scale. This paper describes an approach for the development of the first comprehensive spatial database of day care center locations throughout the USA utilizing a variety of data harvesting techniques to integrate information from widely disparate data sources followed by geolocating for spatial precision. In the context of disaster management, such spatially refined demographic databases hold tremendous potential for improving high resolution population distribution and dynamics models and databases.« less

  2. Enhancing Disaster Management: Development of a Spatial Database of Day Care Centers in the USA

    SciTech Connect (OSTI)

    Singh, Nagendra; Tuttle, Mark A.; Bhaduri, Budhendra L.

    2015-07-30

    Children under the age of five constitute around 7% of the total U.S. population and represent a segment of the population, which is totally dependent on others for day-to-day activities. A significant proportion of this population spends time in some form of day care arrangement while their parents are away from home. Accounting for those children during emergencies is of high priority, which requires a broad understanding of the locations of such day care centers. As concentrations of at risk population, the spatial location of day care centers is critical for any type of emergency preparedness and response (EPR). However, until recently, the U.S. emergency preparedness and response community did not have access to a comprehensive spatial database of day care centers at the national scale. This paper describes an approach for the development of the first comprehensive spatial database of day care center locations throughout the USA utilizing a variety of data harvesting techniques to integrate information from widely disparate data sources followed by geolocating for spatial precision. In the context of disaster management, such spatially refined demographic databases hold tremendous potential for improving high resolution population distribution and dynamics models and databases.

  3. Disaster risk management in prospect mining area Blitar district, East Java, using microtremor analysis and ANP (analytical network processing) approach

    SciTech Connect (OSTI)

    Parwatiningtyas, Diyan E-mail: erlinunindra@gmail.com; Ambarsari, Erlin Windia E-mail: erlinunindra@gmail.com; Marlina, Dwi E-mail: erlinunindra@gmail.com; Wiratomo, Yogi E-mail: erlinunindra@gmail.com

    2014-03-24

    Indonesia has a wealth of natural assets is so large to be managed and utilized, either from its own local government and local communities, especially in the mining sector. However, mining activities can change the state of the surface layer of the earth that have a high impact disaster risk. This could threaten the safety and disrupt human life, environmental damage, loss of property, and the psychological impact, sulking to the rule of law no 24 of 2007. That's why we strive to manage and minimize the risk of mine disasters in the region, how to use the method of calculation of Amplification Factor (AF) from the analysis based microtremor sulking Kanai and Nakamura, and decision systems were tested by analysis of ANP. Based on the amplification factor and Analytical Network Processing (ANP) obtained, some points showed instability in the surface layer of a mining area include the site of the TP-7, TP-8, TP-9, TP-10, (Birowo2). If in terms of structure, location indicated unstable due to have a sloping surface layer, resulting in the occurrence of landslides and earthquake risk is high. In the meantime, other areas of the mine site can be said to be a stable area.

  4. Review of disaster management implementation for the community safety in the vicinity of oil and gas field

    SciTech Connect (OSTI)

    Musa, R. Abdullah; Heni, Siti; Harjanto, Meddy

    2015-04-24

    Sukowati site which is operated by Production Sharing Contract (PSC) Joint Operating Body Pertamina Petrochina East Java (JOB P-PEJ) located at Bojonegoro regency East Java Province. This site is close to densely populated settlements with approximately 6,010 people within a radius less than 600 m. The fluid produced have a dangerous potential to the above mention community, due to accompanying of hydrogen sulphide gas (H2S) with a concentration about 0.6% 2% from the total gas produced. In 2006, there was incident of gas leak from drilling development well of Sukowati # 5. The incident made the surrounding community panic due to lack of preparedness and awareness. Learning from the incident, the company together with the government and local communities initiated to make improvements through the disaster management system approach. The efforts are carried out in accordance with the 4 (four) periods in a continuous cycle consist of (1) mitigation; (2) preparation; (3) response and (4) recovery. Emergency response drills conducted regularly at least once a year, its main purpose is to find out the results of the implementation of the existing disaster management. The results of the drills showed an increase in public awareness and responsiveness to emergency situations caused by the operational failures of oil and gas exploration and production activities near their settlement.

  5. Cognitive decision errors and organization vulnerabilities in nuclear power plant safety management: Modeling using the TOGA meta-theory framework

    SciTech Connect (OSTI)

    Cappelli, M.; Gadomski, A. M.; Sepiellis, M.; Wronikowska, M. W.

    2012-07-01

    In the field of nuclear power plant (NPP) safety modeling, the perception of the role of socio-cognitive engineering (SCE) is continuously increasing. Today, the focus is especially on the identification of human and organization decisional errors caused by operators and managers under high-risk conditions, as evident by analyzing reports on nuclear incidents occurred in the past. At present, the engineering and social safety requirements need to enlarge their domain of interest in such a way to include all possible losses generating events that could be the consequences of an abnormal state of a NPP. Socio-cognitive modeling of Integrated Nuclear Safety Management (INSM) using the TOGA meta-theory has been discussed during the ICCAP 2011 Conference. In this paper, more detailed aspects of the cognitive decision-making and its possible human errors and organizational vulnerability are presented. The formal TOGA-based network model for cognitive decision-making enables to indicate and analyze nodes and arcs in which plant operators and managers errors may appear. The TOGA's multi-level IPK (Information, Preferences, Knowledge) model of abstract intelligent agents (AIAs) is applied. In the NPP context, super-safety approach is also discussed, by taking under consideration unexpected events and managing them from a systemic perspective. As the nature of human errors depends on the specific properties of the decision-maker and the decisional context of operation, a classification of decision-making using IPK is suggested. Several types of initial situations of decision-making useful for the diagnosis of NPP operators and managers errors are considered. The developed models can be used as a basis for applications to NPP educational or engineering simulators to be used for training the NPP executive staff. (authors)

  6. Facility Environmental Vulnerability Assessment

    SciTech Connect (OSTI)

    Van Hoesen, S.D.

    2001-07-09

    From mid-April through the end of June 2001, a Facility Environmental Vulnerability Assessment (FEVA) was performed at Oak Ridge National Laboratory (ORNL). The primary goal of this FEVA was to establish an environmental vulnerability baseline at ORNL that could be used to support the Laboratory planning process and place environmental vulnerabilities in perspective. The information developed during the FEVA was intended to provide the basis for management to initiate immediate, near-term, and long-term actions to respond to the identified vulnerabilities. It was expected that further evaluation of the vulnerabilities identified during the FEVA could be carried out to support a more quantitative characterization of the sources, evaluation of contaminant pathways, and definition of risks. The FEVA was modeled after the Battelle-supported response to the problems identified at the High Flux Beam Reactor at Brookhaven National Laboratory. This FEVA report satisfies Corrective Action 3A1 contained in the Corrective Action Plan in Response to Independent Review of the High Flux Isotope Reactor Tritium Leak at the Oak Ridge National Laboratory, submitted to the Department of Energy (DOE) ORNL Site Office Manager on April 16, 2001. This assessment successfully achieved its primary goal as defined by Laboratory management. The assessment team was able to develop information about sources and pathway analyses although the following factors impacted the team's ability to provide additional quantitative information: the complexity and scope of the facilities, infrastructure, and programs; the significantly degraded physical condition of the facilities and infrastructure; the large number of known environmental vulnerabilities; the scope of legacy contamination issues [not currently addressed in the Environmental Management (EM) Program]; the lack of facility process and environmental pathway analysis performed by the accountable line management or facility owner; and poor facility and infrastructure drawings. The assessment team believes that the information, experience, and insight gained through FEVA will help in the planning and prioritization of ongoing efforts to resolve environmental vulnerabilities at UT-Battelle--managed ORNL facilities.

  7. SCADA Vulnerability Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Vulnerability Assessments - Sandia Energy Energy Search Icon Sandia Home Locations Contact Us Employee Locator Energy & Climate Secure & Sustainable Energy Future Stationary Power Energy Conversion Efficiency Solar Energy Wind Energy Water Power Supercritical CO2 Geothermal Natural Gas Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering Grid Modernization Battery Testing Nuclear Fuel Cycle Defense Waste Management Programs

  8. Hawaii Energy Strategy: Program guide. [Contains special sections on analytical energy forecasting, renewable energy resource assessment, demand-side energy management, energy vulnerability assessment, and energy strategy integration

    SciTech Connect (OSTI)

    Not Available

    1992-09-01

    The Hawaii Energy Strategy program, or HES, is a set of seven projects which will produce an integrated energy strategy for the State of Hawaii. It will include a comprehensive energy vulnerability assessment with recommended courses of action to decrease Hawaii's energy vulnerability and to better prepare for an effective response to any energy emergency or supply disruption. The seven projects are designed to increase understanding of Hawaii's energy situation and to produce recommendations to achieve the State energy objectives of: Dependable, efficient, and economical state-wide energy systems capable of supporting the needs of the people, and increased energy self-sufficiency. The seven projects under the Hawaii Energy Strategy program include: Project 1: Develop Analytical Energy Forecasting Model for the State of Hawaii. Project 2: Fossil Energy Review and Analysis. Project 3: Renewable Energy Resource Assessment and Development Program. Project 4: Demand-Side Management Program. Project 5: Transportation Energy Strategy. Project 6: Energy Vulnerability Assessment Report and Contingency Planning. Project 7: Energy Strategy Integration and Evaluation System.

  9. T-564: Vulnerabilities in Citrix Licensing administration components

    Broader source: Energy.gov [DOE]

    The vulnerabilities impact all current versions of the Citrix Licensing Administration Console, formerly known as the License Management Console.

  10. Social vulnerability indicators as a sustainable planning tool

    SciTech Connect (OSTI)

    Lee, Yung-Jaan

    2014-01-15

    In the face of global warming and environmental change, the conventional strategy of resource centralization will not be able to cope with a future of increasingly extreme climate events and related disasters. It may even contribute to inter-regional disparities as a result of these events. To promote sustainable development, this study offers a case study of developmental planning in Chiayi, Taiwan and a review of the relevant literature to propose a framework of social vulnerability indicators at the township level. The proposed framework can not only be used to measure the social vulnerability of individual townships in Chiayi, but also be used to capture the spatial developmental of Chiayi. Seventeen social vulnerability indicators provide information in five dimensions. Owing to limited access to relevant data, the values of only 13 indicators were calculated. By simply summarizing indicators without using weightings and by using zero-mean normalization to standardize the indicators, this study calculates social vulnerability scores for each township. To make social vulnerability indicators more useful, this study performs an overlay analysis of social vulnerability and patterns of risk associated with national disasters. The social vulnerability analysis draws on secondary data for 2012 from Taiwan's National Geographic Information System. The second layer of analysis consists of the flood potential ratings of the Taiwan Water Resources Agency as an index of biophysical vulnerability. The third layer consists of township-level administrative boundaries. Analytical results reveal that four out of the 18 townships in Chiayi not only are vulnerable to large-scale flooding during serious flood events, but also have the highest degree of social vulnerability. Administrative boundaries, on which social vulnerability is based, do not correspond precisely to cross-administrative boundaries, which are characteristics of the natural environment. This study adopts an exploratory approach that provides Chiayi and other government agencies with a foundation for sustainable strategic planning for environmental change. The final section offers four suggestions concerning the implications of social vulnerability for local development planning. -- Highlights: This study proposes a framework of social vulnerability indicators at the township level in Chiayi County, Taiwan. Seventeen social vulnerability indicators are categorized into four dimensions. This study performs a three-layer overlay analysis of social vulnerability and natural disaster risk patterns. 4 out of the 18 townships not only have potential for large-scale flooding, but also high degree of social vulnerability. This study provides a foundation for sustainable strategic planning to deal with environmental change. Four suggestions are proposed regarding the implications of social vulnerability for local development planning.

  11. Grid Cyber Vulnerability & Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Cyber Vulnerability & Assessments - Sandia Energy Energy Search Icon Sandia Home Locations Contact Us Employee Locator Energy & Climate Secure & Sustainable Energy Future Stationary Power Energy Conversion Efficiency Solar Energy Wind Energy Water Power Supercritical CO2 Geothermal Natural Gas Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering Grid Modernization Battery Testing Nuclear Fuel Cycle Defense Waste Management

  12. Cyber-Based Vulnerability Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Cyber-Based Vulnerability Assessments - Sandia Energy Energy Search Icon Sandia Home Locations Contact Us Employee Locator Energy & Climate Secure & Sustainable Energy Future Stationary Power Energy Conversion Efficiency Solar Energy Wind Energy Water Power Supercritical CO2 Geothermal Natural Gas Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering Grid Modernization Battery Testing Nuclear Fuel Cycle Defense Waste Management

  13. Learning from (Near) Disaster

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Learning National Security Science Latest Issue:April 2016 past issues All Issues » submit Learning from (Near) Disaster Weapons designers look to past nuclear accidents to develop safer modern-day explosives. March 22, 2016 Learning from (Near) Disaster In the Palomares incident, three nuclear bombs crashed into the ground and a fourth vanished into the sea. Sailors recovered the fourth weapon two months later in the most expensive U.S. Navy salvage operation in history. The casing is

  14. Lessons about vulnerability assessments.

    SciTech Connect (OSTI)

    Johnston, R. G.

    2004-01-01

    The Vulnerability Assessment Team (VAT) at Los Alamos National Laboratory believes that physical security can only be optimized through the use of effective vulnerability assessments. As a result of conducting vulnerability assessments on hundreds of different security devices and systems in the last few years, we have identified some of the attributes of effective assessments. These, along with our recommendations and observations about vulnerability assessments, are summarized in this paper. While our work has primarily involved physical security (in contrast to, for example, computer, network, or information security), our experiences may have applicability to other types of security as well.

  15. V-094: IBM Multiple Products Multiple Vulnerabilities | Department of

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Energy 94: IBM Multiple Products Multiple Vulnerabilities V-094: IBM Multiple Products Multiple Vulnerabilities February 19, 2013 - 1:41am Addthis PROBLEM: IBM Multiple Products Multiple Vulnerabilities PLATFORM: IBM Maximo Asset Management versions 7.5, 7.1, and 6.2 IBM Maximo Asset Management Essentials versions 7.5, 7.1, and 6.2 IBM SmartCloud Control Desk version 7.5 IBM Tivoli Asset Management for IT versions 7.2, 7.1, and 6.2 IBM Tivoli Change and Configuration Management Database

  16. Recovery and Resilience After a Nuclear Power Plant Disaster: A Medical Decision model for Managing an Effective, Timely, and Balanced Response

    SciTech Connect (OSTI)

    Coleman, C. Norman; Blumenthal, Daniel J.

    2013-05-01

    Based on experiences in Tokyo responding to the Fukushima Daiichi nuclear power plant crisis, a real-time, medical decision model is presented by which to make key health-related decisions given the central role of health and medical issues in such disasters. Focus is on response and recovery activities that are safe, timely, effective, and well-organized. This approach empowers on-site decision makers to make interim decisions without undue delay using readily available and high-level scientific, medical, communication, and policy expertise. Key features of this approach include ongoing assessment, consultation, information, and adaption to the changing conditions. This medical decision model presented is compatible with the existing US National Response Framework structure.

  17. TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED MITIGATIONS

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED MITIGATIONS TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED MITIGATIONS This document provides practices that can help mitigate the potential risks that can occur to some electricity sector organizations. Each organization decides for itself the risks it can accept and the practices it deems appropriate to manage those risks. PDF icon TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR

  18. Energy vulnerability relationships

    SciTech Connect (OSTI)

    Shaw, B.R.; Boesen, J.L.

    1998-02-01

    The US consumption of crude oil resources has been a steadily growing indicator of the vitality and strength of the US economy. At the same time import diversity has also been a rapidly developing dimension of the import picture. In the early 1970`s, embargoes of crude oil from Organization of Producing and Exporting Countries (OPEC) created economic and political havoc due to a significant lack of diversity and a unique set of economic, political and domestic regulatory circumstances. The continued rise of imports has again led to concerns over the security of our crude oil resource but threats to this system must be considered in light of the diversity and current setting of imported oil. This report develops several important issues concerning vulnerability to the disruption of oil imports: (1) The Middle East is not the major supplier of oil to the United States, (2) The US is not vulnerable to having its entire import stream disrupted, (3) Even in stable countries, there exist vulnerabilities to disruption of the export stream of oil, (4) Vulnerability reduction requires a focus on international solutions, and (5) DOE program and policy development must reflect the requirements of the diverse supply. Does this increasing proportion of imported oil create a {open_quotes}dependence{close_quotes}? Does this increasing proportion of imported oil present a vulnerability to {open_quotes}price shocks{close_quotes} and the tremendous dislocations experienced during the 1970`s? Finally, what is the vulnerability of supply disruptions from the current sources of imported oil? If oil is considered to be a finite, rapidly depleting resource, then the answers to these questions must be {open_quotes}yes.{close_quotes} However, if the supply of oil is expanding, and not limited, then dependence is relative to regional supply sources.

  19. Applications of Solar Technology for Catastrophe Response, Claims Management, and Loss Prevention

    SciTech Connect (OSTI)

    Deering, A.; Thornton, J.P.

    1999-02-17

    Today's insurance industry strongly emphasizes developing cost-effective hazard mitigation programs, increasing and retaining commercial and residential customers through better service, educating customers on their exposure and vulnerabilities to natural disasters, collaborating with government agencies and emergency management organizations, and exploring the use of new technologies to reduce the financial impact of disasters. In June of 1998, the National Renewable Energy Laboratory (NREL) and the National Association of Independent Insurers (NAII) sponsored a seminar titled, ''Solar Technology and the Insurance Industry.'' Presentations were made by insurance company representatives, insurance trade groups, government and state emergency management organizations, and technology specialists. The meeting was attended by insurers, brokers, emergency managers, and consultants from more than 25 US companies. Leading insurers from the personal line and commercial carriers were shown how solar technology can be used in underwriting, claims, catastrophe response, loss control, and risk management. Attendees requested a follow-up report on solar technology, cost, and applications in disasters, including suggestions on how to collaborate with the utility industry and how to develop educational programs for business and consumers. This report will address these issues, with an emphasis on pre-disaster planning and mitigation alternatives. It will also discuss how energy efficiency and renewable technologies can contribute to reducing insurance losses.

  20. HUD National Disaster Resilience Competition

    Broader source: Energy.gov [DOE]

    The U.S. Department of Housing and Urban Development (HUD) is making $1 billion in HUD Disaster Recovery funds available to eligible communities.

  1. V-125: Cisco Connected Grid Network Management System Multiple...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: Cisco Connected Grid Network Management System Multiple Vulnerabilities V-125: Cisco Connected Grid Network Management System Multiple Vulnerabilities April 3, 2013 - 1:44am...

  2. V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerabil...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability June 20, 2013 - 6:00am Addthis...

  3. V-132: IBM Tivoli System Automation Application Manager Multiple...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    V-132: IBM Tivoli System Automation Application Manager Multiple Vulnerabilities April 12, ... T-694: IBM Tivoli Federated Identity Manager Products Multiple Vulnerabilities V-145: IBM ...

  4. V-122: IBM Tivoli Application Dependency Discovery Manager Java...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Automation Application Manager Multiple Vulnerabilities V-145: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities T-694: IBM Tivoli Federated Identity...

  5. NREL: Technology Deployment - Disaster Resiliency and Recovery

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Disaster Resiliency and Recovery To learn more about NREL's capabilities in the areas of disaster planning, response, and rebuilding, read the Becoming Resilient fact sheet. NREL has extensive experience providing renewable energy and energy efficiency technical assistance in a variety of disaster-struck locations and situations. NREL offers unbiased, reliable, and comprehensive solutions for incorporating energy in disaster planning and recovery. NREL supports disaster preparedness and planning

  6. Disasters: Photovoltaics for Special Needs

    Broader source: Energy.gov [DOE]

    This paper emphasizes on the needs to protect special needs people because of their health conditions and evaluates the approaches to prevent injury. Disaster resistant homes with a renewable energy source would reduce shelter efforts, emotional stress and recovery costs.

  7. Common Control System Vulnerability

    SciTech Connect (OSTI)

    Trent Nelson

    2005-12-01

    The Control Systems Security Program and other programs within the Idaho National Laboratory have discovered a vulnerability common to control systems in all sectors that allows an attacker to penetrate most control systems, spoof the operator, and gain full control of targeted system elements. This vulnerability has been identified on several systems that have been evaluated at INL, and in each case a 100% success rate of completing the attack paths that lead to full system compromise was observed. Since these systems are employed in multiple critical infrastructure sectors, this vulnerability is deemed common to control systems in all sectors. Modern control systems architectures can be considered analogous to today's information networks, and as such are usually approached by attackers using a common attack methodology to penetrate deeper and deeper into the network. This approach often is composed of several phases, including gaining access to the control network, reconnaissance, profiling of vulnerabilities, launching attacks, escalating privilege, maintaining access, and obscuring or removing information that indicates that an intruder was on the system. With irrefutable proof that an external attack can lead to a compromise of a computing resource on the organization's business local area network (LAN), access to the control network is usually considered the first phase in the attack plan. Once the attacker gains access to the control network through direct connections and/or the business LAN, the second phase of reconnaissance begins with traffic analysis within the control domain. Thus, the communications between the workstations and the field device controllers can be monitored and evaluated, allowing an attacker to capture, analyze, and evaluate the commands sent among the control equipment. Through manipulation of the communication protocols of control systems (a process generally referred to as ''reverse engineering''), an attacker can then map out the control system processes and functions. With the detailed knowledge of how the control data functions, as well as what computers and devices communicate using this data, the attacker can use a well known Man-in-the-Middle attack to perform malicious operations virtually undetected. The control systems assessment teams have used this method to gather enough information about the system to craft an attack that intercepts and changes the information flow between the end devices (controllers) and the human machine interface (HMI and/or workstation). Using this attack, the cyber assessment team has been able to demonstrate complete manipulation of devices in control systems while simultaneously modifying the data flowing back to the operator's console to give false information of the state of the system (known as ''spoofing''). This is a very effective technique for a control system attack because it allows the attacker to manipulate the system and the operator's situational awareness of the perceived system status. The three main elements of this attack technique are: (1) network reconnaissance and data gathering, (2) reverse engineering, and (3) the Man-in-the-Middle attack. The details of this attack technique and the mitigation techniques are discussed.

  8. Top 10 Vulnerabilities of Control Systems and Their Associated Migitations

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    (2006) | Department of Energy Top 10 Vulnerabilities of Control Systems and Their Associated Migitations (2006) Top 10 Vulnerabilities of Control Systems and Their Associated Migitations (2006) This document addresses potential risks that can apply to some electricity sector organizations and provides practices that can help mitigate the risks. Each organization decides for itself the risks it can accept and the practices it deems appropriate to manage those risks. PDF icon Top 10

  9. Chemical Safety Vulnerability Working Group report. Volume 1

    SciTech Connect (OSTI)

    Not Available

    1994-09-01

    The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 1 contains the Executive summary; Introduction; Summary of vulnerabilities; Management systems weaknesses; Commendable practices; Summary of management response plan; Conclusions; and a Glossary of chemical terms.

  10. Incorporating Energy Efficiency into Disaster Recovery Efforts...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Incorporating Energy Efficiency into Disaster Recovery Efforts Better Buildings Residential Network Program Sustainability Peer Exchange Call Series: Incorporating Energy ...

  11. Vendor System Vulnerability Testing Test Plan

    SciTech Connect (OSTI)

    James R. Davidson

    2005-01-01

    The Idaho National Laboratory (INL) prepared this generic test plan to provide clients (vendors, end users, program sponsors, etc.) with a sense of the scope and depth of vulnerability testing performed at the INLs Supervisory Control and Data Acquisition (SCADA) Test Bed and to serve as an example of such a plan. Although this test plan specifically addresses vulnerability testing of systems applied to the energy sector (electric/power transmission and distribution and oil and gas systems), it is generic enough to be applied to control systems used in other critical infrastructures such as the transportation sector, water/waste water sector, or hazardous chemical production facilities. The SCADA Test Bed is established at the INL as a testing environment to evaluate the security vulnerabilities of SCADA systems, energy management systems (EMS), and distributed control systems. It now supports multiple programs sponsored by the U.S. Department of Energy, the U.S. Department of Homeland Security, other government agencies, and private sector clients. This particular test plan applies to testing conducted on a SCADA/EMS provided by a vendor. Before performing detailed vulnerability testing of a SCADA/EMS, an as delivered baseline examination of the system is conducted, to establish a starting point for all-subsequent testing. The series of baseline tests document factory delivered defaults, system configuration, and potential configuration changes to aid in the development of a security plan for in depth vulnerability testing. The baseline test document is provided to the System Provider,a who evaluates the baseline report and provides recommendations to the system configuration to enhance the security profile of the baseline system. Vulnerability testing is then conducted at the SCADA Test Bed, which provides an in-depth security analysis of the Vendors system.b a. The term System Provider replaces the name of the company/organization providing the system being evaluated. This can be the system manufacturer, a system user, or a third party organization such as a government agency. b. The term Vendor (or Vendors) System replaces the name of the specific SCADA/EMS being tested.

  12. Regional Climate Vulnerabilities and Resilience Solutions | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Regional Climate Vulnerabilities and Resilience Solutions Regional Climate Vulnerabilities and Resilience Solutions This interactive map is not viewable in your browser. Please ...

  13. Assessing Climate Change Impacts, Vulnerability and Adaptation...

    Open Energy Info (EERE)

    Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed Jump to: navigation, search Name Assessing Climate Change Impacts, Vulnerability...

  14. V-092: Pidgin Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Pidgin, which can be exploited by malicious people to manipulate certain data, cause a DoS (Denial of Service), and compromise a user's system.

  15. U-137: HP Performance Manager Unspecified Bug Lets Remote Users...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    vulnerability has been identified with HP Performance Manager running on HP-UX, Linux, Solaris, and Windows. The vulnerability could be exploited remotely to execute...

  16. V-145: IBM Tivoli Federated Identity Manager Products Java Multiple...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    V-145: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities April ... Addthis Related Articles V-178: IBM Data Studio Web Console Java Multiple Vulnerabilities ...

  17. V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilit...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Articles U-179: IBM Java 7 Multiple Vulnerabilities V-145: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities V-094: IBM Multiple Products Multiple...

  18. Are Vulnerability Disclosure Deadlines Justified?

    SciTech Connect (OSTI)

    Miles McQueen; Jason L. Wright; Lawrence Wellman

    2011-09-01

    Vulnerability research organizations Rapid7, Google Security team, and Zero Day Initiative recently imposed grace periods for public disclosure of vulnerabilities. The grace periods ranged from 45 to 182 days, after which disclosure might occur with or without an effective mitigation from the affected software vendor. At this time there is indirect evidence that the shorter grace periods of 45 and 60 days may not be practical. However, there is strong evidence that the recently announced Zero Day Initiative grace period of 182 days yields benefit in speeding up the patch creation process, and may be practical for many software products. Unfortunately, there is also evidence that the 182 day grace period results in more vulnerability announcements without an available patch.

  19. Incorporating Energy Efficiency into Disaster Recovery Efforts

    Broader source: Energy.gov [DOE]

    Better Buildings Residential Network Program Sustainability Peer Exchange Call Series: Incorporating Energy Efficiency into Disaster Recovery Efforts, Call Slides and Discussion Summary, October 9, 2014.

  20. V-036: EMC Smarts Network Configuration Manager Database Authentication

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Bypass Vulnerability | Department of Energy 6: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability V-036: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability November 29, 2012 - 3:30am Addthis PROBLEM: EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability PLATFORM: EMC Smarts Network Configuration Manager (NCM) all versions prior 9.1 ABSTRACT: Two vulnerabilities were reported in EMC Smarts

  1. V-132: IBM Tivoli System Automation Application Manager Multiple

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Vulnerabilities | Department of Energy 2: IBM Tivoli System Automation Application Manager Multiple Vulnerabilities V-132: IBM Tivoli System Automation Application Manager Multiple Vulnerabilities April 12, 2013 - 6:00am Addthis PROBLEM: IBM has acknowledged multiple vulnerabilities in IBM Tivoli System Automation Application Manager PLATFORM: The vulnerabilities are reported in IBM Tivoli System Automation Application Manager versions 3.1, 3.2, 3.2.1, and 3.2.2 ABSTRACT: Multiple security

  2. V-209:Cisco WAAS (Wide Area Application Services) Arbitrary Code Execution Vulnerabilities

    Broader source: Energy.gov [DOE]

    Cisco Wide Area Application Services (WAAS) when configured as Central Manager (CM), contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the affected system.

  3. T-540: Sybase EAServer Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Sybase EAServer is prone to a security-bypass vulnerability and a directory-traversal vulnerability. Attackers may exploit these issues to execute arbitrary code within the context of the application or to disclose sensitive information.

  4. V-059: MoinMoin Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in MoinMoin, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system and by malicious people to manipulate certain data.

  5. U-169: Sympa Multiple Security Bypass Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Sympa, which can be exploited by malicious people to bypass certain security restrictions.

  6. V-087: Adobe Flash Player Two Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities are reported as 0-day which can be exploited by malicious people to compromise a user's system.

  7. V-208: Google Chrome Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Some vulnerabilities have been reported in Google Chrome which allows attackers to access and compromise a user's system.

  8. V-131: Adobe Shockwave Player Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    This update addresses vulnerabilities that could allow an attacker to run malicious code on the affected system

  9. V-224: Google Chrome Multiple Vulnerabilities | Department of...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    4: Google Chrome Multiple Vulnerabilities V-224: Google Chrome Multiple Vulnerabilities August 22, 2013 - 1:05am Addthis PROBLEM: Multiple vulnerabilities have been reported in...

  10. V-121: Google Chrome Multiple Vulnerabilities | Department of...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: Google Chrome Multiple Vulnerabilities V-121: Google Chrome Multiple Vulnerabilities March 28, 2013 - 12:29am Addthis PROBLEM: Google Chrome Multiple Vulnerabilities PLATFORM:...

  11. V-207: Wireshark Multiple Denial of Service Vulnerabilities ...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7: Wireshark Multiple Denial of Service Vulnerabilities V-207: Wireshark Multiple Denial of Service Vulnerabilities July 31, 2013 - 1:59am Addthis PROBLEM: Multiple vulnerabilities...

  12. Coordinating Energy Efficiency with Other Disaster Resiliency Services |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy with Other Disaster Resiliency Services Coordinating Energy Efficiency with Other Disaster Resiliency Services Better Buildings Residential Network Program Sustainability Peer Exchange Call Series: Coordinating Energy Efficiency with Disaster Resiliency and Response, Call Slides and Discussion Summary, January 9, 2014. PDF icon Call Slides and Discussion Summary More Documents & Publications Incorporating Energy Efficiency into Disaster Recovery Efforts Outreach to

  13. ORISE: Capabilities in National Security and Emergency Management

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Capabilities ORISE Emergency Management Capabilities In preparation for a natural or man-made disaster, the Oak Ridge Institute for Science and Education (ORISE) provides national...

  14. Vulnerability to closing of Hormuz

    SciTech Connect (OSTI)

    Not Available

    1984-03-07

    Tankers carrying roughly 8-million barrels per day (mmb/d) of crude oil, or some 16% of the non-communist world's oil supply, pass through the Strait of Hormuz. Experts agree that just 3-mmb/d of that could be exported through alternate routes. If the war between Iran and Iraq should result in their completely halting each other's production, this relatively limited supply curtailment would reduce world oil production by over 3.4-mmb/d. Since the two have not caused such mutual disaster during four years of war, many observers believe there has been a deliberate avoidance of the jugular squeeze. Nevertheless, the two combatants appear capable not only of cutting off their oil production, but escalating fighting to the point where Gulf traffic would be impeded. Potential results from a prolonged Iran-Iraq crisis are viewed in three scenarios. Also included in this issue are brief summaries of: (1) Mexico's new energy plan, internationalism, and OPEC; (2) update on Argentina's energy resource developments; (3) Venezuela: belt tightening; (4) Western Hemisphere oil production declines; (5) (6) days of oil supply for Canada, USA, Japan, France, Italy, and UK; and (6) US Department of Defense fuel consumption. The Energy Detente fuel price/tax series and principal industrial fuel prices are included for March for countries of the Eastern Hemisphere.

  15. US Energy Sector Vulnerabilities to Climate Change

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    ... However, regional variation does not imply regional ... Federal, state, and local governments and the ... climate-resilient, assessment of vulnerabilities in ...

  16. Mining Bug Databases for Unidentified Software Vulnerabilities

    SciTech Connect (OSTI)

    Dumidu Wijayasekara; Milos Manic; Jason Wright; Miles McQueen

    2012-06-01

    Identifying software vulnerabilities is becoming more important as critical and sensitive systems increasingly rely on complex software systems. It has been suggested in previous work that some bugs are only identified as vulnerabilities long after the bug has been made public. These vulnerabilities are known as hidden impact vulnerabilities. This paper discusses the feasibility and necessity to mine common publicly available bug databases for vulnerabilities that are yet to be identified. We present bug database analysis of two well known and frequently used software packages, namely Linux kernel and MySQL. It is shown that for both Linux and MySQL, a significant portion of vulnerabilities that were discovered for the time period from January 2006 to April 2011 were hidden impact vulnerabilities. It is also shown that the percentage of hidden impact vulnerabilities has increased in the last two years, for both software packages. We then propose an improved hidden impact vulnerability identification methodology based on text mining bug databases, and conclude by discussing a few potential problems faced by such a classifier.

  17. NSTB Summarizes Vulnerable Areas | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    control systems assessed between late 2004 and early 2006. These vulnerabilities ranged from conventional IT security issues to specific weaknesses in control system protocols. ...

  18. V-157: Adobe Reader / Acrobat Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system

  19. Vulnerability Analysis of Energy Delivery Control Systems

    Energy Savers [EERE]

    ... products alike, and the introduction of Web applications into SCADA systems has created ... vulnerabilities Most likely attack vector Web Human-Machine Interface (HMI) ...

  20. Vernacular design based on sustainable disasters mitigation communication and education strategy

    SciTech Connect (OSTI)

    Mansoor, Alvanov Zpalanzani E-mail: alvanov@fsrd.itb.ac.id

    2015-04-24

    Indonesia is located between three active tectonic plates, which are prone to natural disasters such as earthquake, volcanic eruption, and also giant tidal wave-tsunami. Adequate infrastructure plays an important role in disaster mitigation, yet without good public awareness, the mitigation process wont be succeeded. The absence of awareness can lead to infrastructure mistreatment. Several reports on lack of understanding or misinterpretation of disaster mitigation especially from rural and coastal communities need to be solved, especially from communication aspects. This is an interdisciplinary study on disaster mitigation communication design and education strategy from visual communication design studies paradigm. This paper depicts research results which applying vernacular design base to elaborate sustainable mitigation communication and education strategy on various visual media and social campaigns. This paper also describes several design approaches which may becomes way to elaborate sustainable awareness and understanding on disaster mitigation among rural and coastal communities in Indonesia.

  1. Proliferation Vulnerability Red Team report

    SciTech Connect (OSTI)

    Hinton, J.P.; Barnard, R.W.; Bennett, D.E.

    1996-10-01

    This report is the product of a four-month independent technical assessment of potential proliferation vulnerabilities associated with the plutonium disposition alternatives currently under review by DOE/MD. The scope of this MD-chartered/Sandia-led study was limited to technical considerations that could reduce proliferation resistance during various stages of the disposition processes below the Stored Weapon/Spent Fuel standards. Both overt and covert threats from host nation and unauthorized parties were considered. The results of this study will be integrated with complementary work by others into an overall Nonproliferation and Arms Control Assessment in support of a Secretarial Record of Decision later this year for disposition of surplus U.S. weapons plutonium.

  2. U-179: IBM Java 7 Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Vulnerabilities can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

  3. UNEP MOOC Disasters and Ecosystems: Resilience in a Changing Climate

    Broader source: Energy.gov [DOE]

    The United Nations Environment Programme (UNEP) is launching the first Massive Open Online Course (MOOC) on Disasters and Ecosystems, which features ecosystem-based solutions for disaster risk reduction and climate change adaptation, case studies, guest speakers, etc.

  4. Determining Vulnerability Importance in Environmental Impact Assessment

    SciTech Connect (OSTI)

    Toro, Javier; Duarte, Oscar; Requena, Ignacio; Zamorano, Montserrat

    2012-01-15

    The concept of vulnerability has been used to describe the susceptibility of physical, biotic, and social systems to harm or hazard. In this sense, it is a tool that reduces the uncertainties of Environmental Impact Assessment (EIA) since it does not depend exclusively on the value assessments of the evaluator, but rather is based on the environmental state indicators of the site where the projects or activities are being carried out. The concept of vulnerability thus reduces the possibility that evaluators will subjectively interpret results, and be influenced by outside interests and pressures during projects. However, up until now, EIA has been hindered by a lack of effective methods. This research study analyzes the concept of vulnerability, defines Vulnerability Importance and proposes its inclusion in qualitative EIA methodology. The method used to quantify Vulnerability Importance is based on a set of environmental factors and indicators that provide a comprehensive overview of the environmental state. The results obtained in Colombia highlight the usefulness and objectivity of this method since there is a direct relation between this value and the environmental state of the departments analyzed. - Research Highlights: Black-Right-Pointing-Pointer The concept of vulnerability could be considered defining Vulnerability Importance included in qualitative EIA methodology. Black-Right-Pointing-Pointer The use of the concept of environmental vulnerability could reduce the subjectivity of qualitative methods of EIA. Black-Right-Pointing-Pointer A method to quantify the Vulnerability Importance proposed provides a comprehensive overview of the environmental state. Black-Right-Pointing-Pointer Results in Colombia highlight the usefulness and objectivity of this method.

  5. U-021: Cisco Unified Communications Manager Directory Traversal...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Unified Communications Manager Directory Traversal Flaw Lets Remote Users Obtain Files. PLATFORM: Cisco Unified Communications Manager 6.x, 7.x and 8.x ABSTRACT: A vulnerability...

  6. T-703: Cisco Unified Communications Manager Open Query Interface...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    T-703: Cisco Unified Communications Manager Open Query Interface Lets Remote Users Obtain ... Authentication Bypass Vulnerability T-614: Cisco Unified Communications Manager ...

  7. Disaster Resiliency and Recovery: Capabilities (Fact Sheet)

    SciTech Connect (OSTI)

    Not Available

    2012-11-01

    The National Renewable Energy Laboratory (NREL) is the nation's leader in energy efficient and renewable energy technologies, practices, and strategies. For the last 15 years, NREL has provided expertise, tools, and innovations to private industry; federal, state, and local governments; non-profit organizations; and communities during the planning, recovery, and rebuilding stages after disaster strikes.

  8. Climate Change and Infrastructure, Urban Systems, and Vulnerabilities

    SciTech Connect (OSTI)

    Wilbanks, Thomas J; Fernandez, Steven J

    2014-01-01

    This Technical Report on Climate Change and Infrastructure, Urban Systems, and Vulnerabilities has been prepared for the U.S. Department of Energy by the Oak Ridge National Laboratory in support of the U.S. National Climate Assessment (NCA). It is a summary of the currently existing knowledge base on its topic, nested within a broader framing of issues and questions that need further attention in the longer run. The report arrives at a number of assessment findings, each associated with an evaluation of the level of consensus on that issue within the expert community, the volume of evidence available to support that judgment, and the section of the report that provides an explanation for the finding. Cross-sectoral issues related to infrastructures and urban systems have not received a great deal of attention to date in research literatures in general and climate change assessments in particular. As a result, this technical report is breaking new ground as a component of climate change vulnerability and impact assessments in the U.S., which means that some of its assessment findings are rather speculative, more in the nature of propositions for further study than specific conclusions that are offered with a high level of confidence and research support. But it is a start in addressing questions that are of interest to many policymakers and stakeholders. A central theme of the report is that vulnerabilities and impacts are issues beyond physical infrastructures themselves. The concern is with the value of services provided by infrastructures, where the true consequences of impacts and disruptions involve not only the costs associated with the clean-up, repair, and/or replacement of affected infrastructures but also economic, social, and environmental effects as supply chains are disrupted, economic activities are suspended, and/or social well-being is threatened. Current knowledge indicates that vulnerability concerns tend to be focused on extreme weather events associated with climate change that can disrupt infrastructure services, often cascading across infrastructures because of extensive interdependencies threatening health and local economies, especially in areas where human populations and economic activities are concentrated in urban areas. Vulnerabilities are especially large where infrastructures are subject to multiple stresses, beyond climate change alone; when they are located in areas vulnerable to extreme weather events; and if climate change is severe rather than moderate. But the report also notes that there are promising approaches for risk management, based on emerging lessons from a number of innovative initiatives in U.S. cities and other countries, involving both structural and non-structural (e.g., operational) options.

  9. Colombia-Cartagena Vulnerability Assessment | Open Energy Information

    Open Energy Info (EERE)

    Colombia-Cartagena Vulnerability Assessment Jump to: navigation, search Name Colombia-CDKN-Cartagena Vulnerability Assessment AgencyCompany Organization Climate and Development...

  10. Colombia-Cartagena Vulnerability Assessment | Open Energy Information

    Open Energy Info (EERE)

    Colombia-Cartagena Vulnerability Assessment (Redirected from CDKN-Colombia-Cartagena Vulnerability Assessment) Jump to: navigation, search Name Colombia-CDKN-Cartagena...

  11. Potential Vulnerability of US Petroleum Refineries to Increasing...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Potential Vulnerability of US Petroleum Refineries to Increasing Water Temperature andor Reduced Water Availability Potential Vulnerability of US Petroleum Refineries to ...

  12. V-111: Multiple vulnerabilities have been reported in Puppet...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    vulnerable system. SOLUTION: Update to a fixed version. Addthis Related Articles V-090: Adobe Flash Player AIR Multiple Vulnerabilities V-083: Oracle Java Multiple...

  13. V-051: Oracle Solaris Java Multiple Vulnerabilities | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Related Articles U-191: Oracle Java Multiple Vulnerabilities U-105:Oracle Java SE Critical Patch Update Advisory T-576: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities...

  14. OLADE-Central America Climate Change Vulnerability Program |...

    Open Energy Info (EERE)

    Central America Climate Change Vulnerability Program Jump to: navigation, search Name OLADE-Central America Climate Change Vulnerability Program AgencyCompany Organization Latin...

  15. India-Vulnerability Assessment and Enhancing Adaptive Capacities...

    Open Energy Info (EERE)

    Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change Jump to: navigation, search Name India-Vulnerability Assessment and Enhancing Adaptive Capacities to...

  16. Tribal Energy System Vulnerabilities to Climate Change and Extreme...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    System Vulnerabilities to Climate Change and Extreme Weather Tribal Energy System Vulnerabilities to Climate Change and Extreme Weather This U.S. Department of Energy Office of ...

  17. Nuclear Fuel Cycle & Vulnerabilities (Technical Report) | SciTech...

    Office of Scientific and Technical Information (OSTI)

    Nuclear Fuel Cycle & Vulnerabilities Citation Details In-Document Search Title: Nuclear Fuel Cycle & Vulnerabilities The objective of safeguards is the timely detection of ...

  18. V-152: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Various components of Cisco Unified CVP are affected. These vulnerabilities can be exploited independently; however, more than one vulnerability could be exploited on the same device.

  19. T-681:IBM Lotus Symphony Multiple Unspecified Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critical security vulnerability issues."

  20. Nuclear Fuel Cycle & Vulnerabilities (Technical Report) | SciTech...

    Office of Scientific and Technical Information (OSTI)

    Technical Report: Nuclear Fuel Cycle & Vulnerabilities Citation Details In-Document Search Title: Nuclear Fuel Cycle & Vulnerabilities You are accessing a document from the ...

  1. U-035: Adobe Flash Player Multiple Vulnerabilities | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. Impact: Multiple vulnerabilities have been reported in Adobe ...

  2. Vulnerability Analysis of Energy Delivery Control Systems (September...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Systems (September 2011) Vulnerability Analysis of Energy Delivery Control Systems (September 2011) The Vulnerability Analysis of Energy Delivery Control Systems report, prepared ...

  3. Top 10 Vulnerabilities of Control Systems and Their Associated...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Top 10 Vulnerabilities of Control Systems and Their Associated Migitations (2006) Top 10 Vulnerabilities of Control Systems and Their Associated Migitations (2006) This document ...

  4. Mitigations for Security Vulnerabilities Found in Control System...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Mitigations for Security Vulnerabilities Found in Control System Networks Mitigations for Security Vulnerabilities Found in Control System Networks Industry is aware of the need ...

  5. Common Cyber Security Vulnerabilities Observed in Control System...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program Common Cyber Security Vulnerabilities Observed in Control System Assessments by ...

  6. TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED MITIGATIONS TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED MITIGATIONS This document provides ...

  7. U-273: Multiple vulnerabilities have been reported in Wireshark

    Broader source: Energy.gov [DOE]

    Vulnerabilities can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

  8. V-126: Mozilla Firefox Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct spoofing and cross-site scripting attacks and compromise a user's system

  9. U-104: Adobe Flash Player Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system.

  10. V-187: Mozilla Firefox Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    These vulnerabilities can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.

  11. V-097: Google Chrome Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

  12. Vulnerability Assessments and Resilience Planning at Federal Facilities. Preliminary Synthesis of Project

    SciTech Connect (OSTI)

    Moss, R. H.; Delgado, A.; Malone, E L.

    2015-08-15

    U.S. government agencies are now directed to assess the vulnerability of their operations and facilities to climate change and to develop adaptation plans to increase their resilience. Specific guidance on methods is still evolving based on the many different available frameworks. Agencies have been experimenting with these frameworks and approaches. This technical paper synthesizes lessons and insights from a series of research case studies conducted by the investigators at facilities of the U.S. Department of Energy and the Department of Defense. The purpose of the paper is to solicit comments and feedback from interested program managers and analysts before final conclusions are published. The paper describes the characteristics of a systematic process for prioritizing needs for adaptation planning at individual facilities and examines requirements and methods needed. It then suggests a framework of steps for vulnerability assessments at Federal facilities and elaborates on three sets of methods required for assessments, regardless of the detailed framework used. In a concluding section, the paper suggests a roadmap to further develop methods to support agencies in preparing for climate change. The case studies point to several preliminary conclusions; (1) Vulnerability assessments are needed to translate potential changes in climate exposure to estimates of impacts and evaluation of their significance for operations and mission attainment, in other words into information that is related to and useful in ongoing planning, management, and decision-making processes; (2) To increase the relevance and utility of vulnerability assessments to site personnel, the assessment process needs to emphasize the characteristics of the site infrastructure, not just climate change; (3) A multi-tiered framework that includes screening, vulnerability assessments at the most vulnerable installations, and adaptation design will efficiently target high-risk sites and infrastructure; (4) Vulnerability assessments can be connected to efforts to improve facility resilience to motivate participation; and (5) Efficient, scalable methods for vulnerability assessment can be developed, but additional case studies and evaluation are required.

  13. Disaster: would your community bounce back?

    SciTech Connect (OSTI)

    Sims, Benjamin H

    2011-01-12

    What makes some communities or organizations able to quickly bounce back from a disaster, while others take a long time to recover? This question has become very important for emergency planners in federal, state, and local government - particularly since the 9/11 attacks and Hurricane Katrina, which nearly destroyed New Orleans five years ago. These events have made people aware that we can't always prevent disasters, but might be able to improve the ability of communities and regions to respond to and bounce back from major disruptions. Social scientists have found that most communities are, in fact, quite resilient to most disasters. People tend to work together, overcome divisions, identify problems, and develop improvised solutions. This often leads to a greater sense of community and a sense of personal accomplishment. Long-term recovery can be harder, but rebuilding can create jobs and stimulate economies. Communities may even end up better than they were before. But there are some disturbing exceptions to this trend, including Hurricane Katrina. The hurricane killed many people, the federal and local emergency response was not effective, people who could not evacuate were housed in the Superdome and Convention Center in terrible conditions, crime was prevalent, and local government did not appear to have control over the situation. A significant portion of the population was eventually evacuated to other cities. Even five years later, many people have not returned, and large parts of the city have not been rebuilt. Clearly, New Orleans lacked sufficient resilience to overcome a disaster of the magnitude of Katrina. There are four factors that social scientists are beginning to agree are important for community resilience: (1) A strong, diverse economy - Stable jobs, good incomes, diversity of industries, personal savings; (2) Robust social networks - Community members know each other, help each other, and have connections outside the community; (3) Competent organizations - Government, health care, community service, and religious organizations are competent and trustworthy, and have resources to handle community needs; and (4) High-quality infrastructure - Road, power, and water systems (etc.) are in good condition and are designed to provide service even if some connections are destroyed. To explore how these factors make communities resilient, I will tell two stories of disasters. The first is the Buffalo Creek flood, which wiped out a coal mining community in West Virginia in 1972. This is a classic example of community that was not resilient in the aftermath of a disaster. The second example is the Vietnamese immigrant community in the Versailles neighborhood of New Orleans. In spite of being relatively poor and culturally isolated, this community was one of the first to fully rebound following Hurricane Katrina.

  14. V-218: HP Service Manager Unspecified Flaw Lets Remote Users Gain Unauthorized Access

    Broader source: Energy.gov [DOE]

    This security update resolves a vulnerability in the HP Service Manager which allows people to have access to unauthorized information

  15. U-205: RSA Access Manager Session Replay Flaw Lets Remote Users Access the System

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in RSA Access Manager. A remote user can gain access to the target system.

  16. Chemical Safety Vulnerability Working Group report. Volume 2

    SciTech Connect (OSTI)

    Not Available

    1994-09-01

    The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 2 consists of seven appendices containing the following: Tasking memorandums; Project plan for the CSV Review; Field verification guide for the CSV Review; Field verification report, Lawrence Livermore National Lab.; Field verification report, Oak Ridge Reservation; Field verification report, Savannah River Site; and the Field verification report, Hanford Site.

  17. Chemical Safety Vulnerability Working Group report. Volume 3

    SciTech Connect (OSTI)

    Not Available

    1994-09-01

    The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 3 consists of eleven appendices containing the following: Field verification reports for Idaho National Engineering Lab., Rocky Flats Plant, Brookhaven National Lab., Los Alamos National Lab., and Sandia National Laboratories (NM); Mini-visits to small DOE sites; Working Group meeting, June 7--8, 1994; Commendable practices; Related chemical safety initiatives at DOE; Regulatory framework and industry initiatives related to chemical safety; and Chemical inventory data from field self-evaluation reports.

  18. Section 129 of the Consolidated Security, Disaster Assistance, and

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Continuing Appropriations Act | Department of Energy Section 129 of the Consolidated Security, Disaster Assistance, and Continuing Appropriations Act Section 129 of the Consolidated Security, Disaster Assistance, and Continuing Appropriations Act PDF icon Section 129 of the Consolidated Security, Disaster Assistance, and Continuing Appropriations Act More Documents & Publications ENERGY POLICY ACT OF 2005 NATIONAL DEFENSE AUTHORIZATION ACT FOR FISCAL YEAR 2000 Energy Policy Act of 20

  19. Social Media for Natural Disaster Response and Recovery | Department of

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Energy Social Media for Natural Disaster Response and Recovery Social Media for Natural Disaster Response and Recovery PDF icon Social Media for Natural Disaster Response and Recovery More Documents & Publications EERE Annual Website Reports Energy Saver Blog and Social Media Guidelines Social Media and the NRC: What We're Doing, Why We're Doing It, and What Else We Might Do

  20. management

    National Nuclear Security Administration (NNSA)

    5%2A en Management and Budget http:www.nnsa.energy.govaboutusouroperationsmanagementandbudget

  1. Flood Disaster Protection Act of 1973 | Open Energy Information

    Open Energy Info (EERE)

    Flood Disaster Protection Act of 1973Legal Abstract The National Flood Insurance Program (NFIP) is administered primarily under two statutes: the National Flood...

  2. NREL: Technology Deployment - Disaster Recovery Support at FEMA...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Disaster Recovery Support at FEMA Incorporates Sustainability in Rebuilding Efforts News ... has provided support in integrating sustainability into federal, state and local ...

  3. Chemical Safety Vulnerability Working Group Report

    SciTech Connect (OSTI)

    Not Available

    1994-09-01

    This report marks the culmination of a 4-month review conducted to identify chemical safety vulnerabilities existing at DOE facilities. This review is an integral part of DOE's efforts to raise its commitment to chemical safety to the same level as that for nuclear safety.

  4. CYBER/PHYSICAL SECURITY VULNERABILITY ASSESSMENT INTEGRATION

    SciTech Connect (OSTI)

    MacDonald, Douglas G.; Key, Brad; Clements, Samuel L.; Hutton, William J.; Craig, Philip A.; Patrick, Scott W.; Crawford, Cary E.

    2011-07-17

    This internally funded Laboratory-Directed R&D project by the Pacific Northwest National Laboratory, in conjunction with QinetiQ North America, is intended to identify and properly assess areas of overlap (and interaction) in the vulnerability assessment process between cyber security and physical protection. Existing vulnerability analysis (VA) processes and software tools exist, and these are heavily utilized in the determination of predicted vulnerability within the physical and cyber security domains. These determinations are normally performed independently of one another, and only interact on a superficial level. Both physical and cyber security subject matter experts have come to realize that though the various interactive elements exist, they are not currently quantified in most periodic security assessments. This endeavor aims to evaluate both physical and cyber VA techniques and provide a strategic approach to integrate the interdependent relationships of each into a single VA capability. This effort will also transform the existing suite of software currently utilized in the physical protection world to more accurately quantify the risk associated with a blended attack scenario. Performance databases will be created to support the characterization of the cyber security elements, and roll them into prototype software tools. This new methodology and software capability will enable analysts to better identify and assess the overall risk during a vulnerability analysis.

  5. V-083: Oracle Java Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    A Critical Patch Update is a collection of patches for multiple security vulnerabilities. The Critical Patch Update for Java SE also includes non-security fixes. Critical Patch Updates are cumulative and each advisory describes only the security fixes added since the previous Critical Patch Update and Security Alert.

  6. U-173: Symantec Web Gateway Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Several vulnerabilities were reported in Symantec Web Gateway. A remote user can include and execute arbitrary code on the target system. A remote user can conduct cross-site scripting attacks. A remote user can view/delete/upload files on the target system.

  7. Becoming Resilient: Disaster Planning and Recovery: NREL Experts Assist Before and After a Disaster (Fact Sheet)

    SciTech Connect (OSTI)

    Hotchkiss, E.

    2014-08-01

    This fact sheet provides information on how private industry; federal, state, and local governments; non-profit organizations; and communities can utilize NREL's expertise, tools, and innovations to incorporate energy efficiency and renewable energy into the planning, recovery, and rebuilding stages of disaster.

  8. management

    National Nuclear Security Administration (NNSA)

    5%2A en Management and Budget http:nnsa.energy.govaboutusouroperationsmanagementandbudget

    P...

  9. T-565: Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability

    Broader source: Energy.gov [DOE]

    Microsoft is releasing this security advisory to help ensure customers are aware that an update to the Microsoft Malware Protection Engine also addresses a security vulnerability reported to Microsoft.

  10. Rebuilding After Disaster: Going Green from the Ground Up

    SciTech Connect (OSTI)

    none,

    2009-10-01

    This how-to guide describes ways to turn a disaster into an opportunity to rebuild with greener energy technologies. Covers such topics as the importance of energy, options for communities, instructions for developing an energy plan, and other considerations. This guide is intended for the community leaders who have experienced a disaster.

  11. V-145: IBM Tivoli Federated Identity Manager Products Java Multiple

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Vulnerabilities | Department of Energy 45: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities V-145: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities April 30, 2013 - 12:09am Addthis PROBLEM: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities PLATFORM: IBM Tivoli Federated Identity Manager versions 6.1, 6.2.0, 6.2.1, and 6.2.2. IBM Tivoli Federated Identity Manager Business Gateway versions 6.1.1, 6.2.0, 6.2.1

  12. V-119: IBM Security AppScan Enterprise Multiple Vulnerabilities...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    9: IBM Security AppScan Enterprise Multiple Vulnerabilities V-119: IBM Security AppScan Enterprise Multiple Vulnerabilities March 26, 2013 - 12:56am Addthis PROBLEM: IBM Security...

  13. V-191: Apple Mac OS X Multiple Vulnerabilities | Department of...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: Apple Mac OS X Multiple Vulnerabilities V-191: Apple Mac OS X Multiple Vulnerabilities July 3, 2013 - 6:00am Addthis PROBLEM: Apple has issued a security update for Mac OS X...

  14. U-171: DeltaV Products Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in DeltaV products, which can be exploited by malicious people to conduct cross-site scripting attacks, SQL injection attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.

  15. In the past, disaster management used to only include support...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    ... and self worth by helping them live on their own and provide for themselves. ... The hours of operation of each device is different, as some are only used once a day and other ...

  16. Managing the risks of extreme events and disasters to advance...

    Office of Scientific and Technical Information (OSTI)

    Resource Type: Book Resource Relation: Other Information: 517 refs. Publisher: Cambridge University Press, New York, NY (United States) Research Org: Intergovernmental Panel...

  17. Seminar Explores Benefits of Using Solar Power for Disaster Management

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Semiannual Reports to Congress Semiannual Reports to Congress September 30, 2015 Semiannual Report to Congress: April 1, 2015 - September 30, 2015 2015 Inspector General Semiannual Report to Congress March 31, 2015 SEMIANNUAL REPORT TO CONGRESS: OCTOBER 1, 2014 - MARCH 31, 2015 2015 Inspector General Semiannual Report to Congress September 30, 2014 Semiannual Report to Congress: April 1, 2014 - September 30, 2014 2014 Inspector General Semiannual Report to Congress March 31, 2014 Semiannual

  18. U-013: HP Data Protector Multiple Unspecified Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in HP Data Protector. A remote user can execute arbitrary code on the target system.

  19. U-197: Cisco Adaptive Security Appliances Denial of Service Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 7: Cisco Adaptive Security Appliances Denial of Service Vulnerability U-197: Cisco Adaptive Security Appliances Denial of Service Vulnerability June 22, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in Cisco Adaptive Security Appliances (ASA), which can be exploited by malicious people to cause a DoS (Denial of Service). PLATFORM: Cisco Adaptive Security Appliance (ASA) 8.x Cisco ASA 5500 Series Adaptive Security Appliances ABSTRACT: The vulnerability

  20. U-198: IBM Lotus Expeditor Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    8: IBM Lotus Expeditor Multiple Vulnerabilities U-198: IBM Lotus Expeditor Multiple Vulnerabilities June 25, 2012 - 7:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in IBM Lotus Expeditor. PLATFORM: IBM Lotus Expeditor 6.x ABSTRACT: The vulnerabilities can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.. Reference Links: Vendor Advisory

  1. U-246: Tigase XMPP Dialback Protection Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Tigase, which can be exploited by malicious people to bypass certain security restrictions.

  2. U-122 Google Chrome Two Code Execution Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to compromise a user's system.

  3. V-116: Google Picasa BMP and TIFF Images Processing Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities have been discovered in Google Picasa, which can be exploited by malicious people to compromise a user's system

  4. V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Apache Struts, which can be exploited by malicious people to bypass certain security restrictions.

  5. Enhancing Energy Infrastructure Resiliency and Addressing Vulnerabilities

    Broader source: Energy.gov [DOE]

    Quadrennial Energy Review Task Force Secretariat and Energy Policy and Systems Analysis Staff, U. S. Department of Energy (DOE) Public Meeting on “Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities” On Friday, April 11, 2014, at 10 a.m. in room HVC-215 of the U.S. Capitol, the Department of Energy (DOE), acting as the Secretariat for the Quadrennial Energy Review Task Force, will hold a public meeting to discuss and receive comments on issues related to the Quadrennial Energy Review (QER). The meeting will focus on infrastructure vulnerabilities related to the electricity, natural gas and petroleum transmission, storage and distribution systems (TS&D). The meeting will consist of two facilitated panels of experts on identifying and addressing vulnerabilities within the nation’s energy TS&D infrastructure. Following the panels, an opportunity will be provided for public comment via an open microphone session. The meeting will be livestreamed at energy.gov/live

  6. T-594: IBM solidDB Password Hash Authentication Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    This vulnerability could allow remote attackers to execute arbitrary code on vulnerable installations of IBM solidDB. Authentication is not required to exploit this vulnerability.

  7. US Energy Sector Vulnerabilities to Climate Change

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    On the cover: Trans-Alaska oil pipeline; aerial view of New Jersey refinery; coal barges on Mississippi River in St. Paul, Minnesota; power plant in Prince George's County, Maryland; Grand Coulee Dam in Washington State; corn field near Somers, Iowa; wind turbines in Texas. Photo credits: iStockphoto U.S. ENERGY SECTOR VULNERABILITIES TO CLIMATE CHANGE AND EXTREME WEATHER Acknowledgements This report was drafted by the U.S. Department of Energy's Office of Policy and International Affairs

  8. U-187: Adobe Flash Player Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Adobe released security updates for Adobe Flash Player 11.2.202.235 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.8 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.9 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

  9. Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy Critical Infrastructure Protection Cyber Vulnerability Assessment Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment This document describes a customized process for cyber vulnerability assessment in compliance with the Critical Infrastructure Protection standards adopted by the North American Electric Reliability Corporation in 2006. This guide covers the planning, execution, and reporting process. PDF icon Guide to Critical Infrastructure

  10. U-162: Drupal Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: Drupal Multiple Vulnerabilities U-162: Drupal Multiple Vulnerabilities May 4, 2012 - 7:00am Addthis PROBLEM: Drupal Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in 7.x versions prior to 7.13. ABSTRACT: Several vulnerabilities were reported in Drupal: Denial of Service, Access bypass, and Unvalidated form redirect reference LINKS: Security Advisory: DRUPAL-SA-CORE-2012-002 Bugtraq ID: 53359 Secunia Advisory SA49012 CVE-2012-1588 CVE-2012-1589 CVE-2012-1590 CVE-2012-1591

  11. T-614: Cisco Unified Communications Manager Database Security...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    T-614: Cisco Unified Communications Manager Database Security Vulnerability May 3, 2011 - ... Configuration and Execute Arbitrary Code T-622: Adobe Acrobat and Reader Unspecified ...

  12. U-116: IBM Tivoli Provisioning Manager Express for Software Distributi...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    for the affected ActiveX control Addthis Related Articles V-145: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities V-094: IBM Multiple Products Multiple...

  13. U-229: HP Network Node Manager i Input Validation Flaw Permits Cross-Site Scripting Attacks

    Broader source: Energy.gov [DOE]

    Potential security vulnerabilities have been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in cross site scripting (XSS).

  14. U-204: HP Network Node Manager i Input Validation Hole Permits Cross-Site Scripting Attacks

    Broader source: Energy.gov [DOE]

    Potential security vulnerabilities have been identified with HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in cross site scripting (XSS).

  15. Vulnerability Analysis of Energy Delivery Control Systems

    Energy Savers [EERE]

    0-18381 Vulnerability Analysis of Energy Delivery Control Systems September 2011 Idaho National Laboratory Idaho Falls, Idaho 83415 http://www.inl.gov Prepared for the U.S. Department of Energy Office of Electricity Delivery and Energy Reliability Under DOE Idaho Operations Office Contract DE-AC07-05ID14517 The INL is a U.S. Department of Energy National Laboratory operated by Battelle Energy Alliance DISCLAIMER This information was prepared as an account of work sponsored by an agency of the

  16. T-550: Apache Denial of Service Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE)

    Apache 'APR-util' is prone to a vulnerability that may allow attackers to cause a denial-of-service condition. Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, may allow remote users to cause a Denial of Service (DoS - memory consumption).

  17. From Tragedy to Triumph - Resources for Rebuilding Green after Disaster,

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    EERE (Fact Sheet) | Department of Energy Triumph - Resources for Rebuilding Green after Disaster, EERE (Fact Sheet) From Tragedy to Triumph - Resources for Rebuilding Green after Disaster, EERE (Fact Sheet) Fact sheet offering resources for builders and architects to rebuild homes, businesses, and public buildings with energy efficiency and renewable energy such as wind, solar, and geothermal. PDF icon 45141.pdf More Documents & Publications From Tragedy to Triumph - Rebuilding Green

  18. Evaluating operating system vulnerability to memory errors.

    SciTech Connect (OSTI)

    Ferreira, Kurt Brian; Bridges, Patrick G.; Pedretti, Kevin Thomas Tauke; Mueller, Frank; Fiala, David; Brightwell, Ronald Brian

    2012-05-01

    Reliability is of great concern to the scalability of extreme-scale systems. Of particular concern are soft errors in main memory, which are a leading cause of failures on current systems and are predicted to be the leading cause on future systems. While great effort has gone into designing algorithms and applications that can continue to make progress in the presence of these errors without restarting, the most critical software running on a node, the operating system (OS), is currently left relatively unprotected. OS resiliency is of particular importance because, though this software typically represents a small footprint of a compute node's physical memory, recent studies show more memory errors in this region of memory than the remainder of the system. In this paper, we investigate the soft error vulnerability of two operating systems used in current and future high-performance computing systems: Kitten, the lightweight kernel developed at Sandia National Laboratories, and CLE, a high-performance Linux-based operating system developed by Cray. For each of these platforms, we outline major structures and subsystems that are vulnerable to soft errors and describe methods that could be used to reconstruct damaged state. Our results show the Kitten lightweight operating system may be an easier target to harden against memory errors due to its smaller memory footprint, largely deterministic state, and simpler system structure.

  19. Tribal Energy System Vulnerabilities to Climate Change and Extreme Weather

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy System Vulnerabilities to Climate Change and Extreme Weather Tribal Energy System Vulnerabilities to Climate Change and Extreme Weather This U.S. Department of Energy Office of Indian Energy report assesses climate change and extreme weather vulnerabilities specific to tribal energy infrastructure and systems in the contiguous United States and Alaska. It includes information about the impacts from climate change and extreme weather events on both onsite and offsite

  20. T-544: Cisco Security Advisory: Cisco Content Services Gateway Vulnerabilities

    Broader source: Energy.gov [DOE]

    Cisco IOS Software Release 12.4(24)MD1 on the Cisco CSG2 contains two vulnerabilities that can be exploited by a remote, unauthenticated attacker to create a denial of service condition that prevents traffic from passing through the CSG2. These vulnerabilities require only a single content service to be active on the Cisco CSG2 and can be exploited via crafted TCP packets. A three-way handshake is not required to exploit either of these vulnerabilities.

  1. V-237: TYPO3 Security Bypass Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7: TYPO3 Security Bypass Vulnerabilities V-237: TYPO3 Security Bypass Vulnerabilities September 9, 2013 - 6:00am Addthis PROBLEM: Some vulnerabilities have been reported in TYPO3 PLATFORM: TYPO3 6.x ABSTRACT: TYPO3 comes with the possibility to restrict editors to certain file actions (copy, delete, move etc.) and to restrict these actions to be performed in certain locations REFERENCE LINKS: Secunia Advisory SA54717 Security Focus ID 62257 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Some errors

  2. T-578: Vulnerability in MHTML Could Allow Information Disclosure |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 8: Vulnerability in MHTML Could Allow Information Disclosure T-578: Vulnerability in MHTML Could Allow Information Disclosure March 15, 2011 - 3:05pm Addthis PROBLEM: Microsoft Windows is prone to a vulnerability that may allow attackers to inject arbitrary script code into the current browser session. PLATFORM: Windows 2003 SP2, Vista SP2, 2008 SP2, XP SP3, 7; and prior service packs ABSTRACT: A vulnerability was reported in Microsoft MHTML. A remote user can conduct

  3. U-172: OpenOffice.org Two Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities have been reported in OpenOffice.org, which can be exploited by malicious people to compromise a user's system.

  4. V-106: Citrix Access Gateway Unspecified Security Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Citrix Access Gateway, which can be exploited by malicious people to bypass certain security restrictions.

  5. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    Germany) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Germany Coordinates...

  6. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    France) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country France Coordinates...

  7. V-213: PuTTY SSH Handshake Integer Overflow Vulnerabilities ...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    source code repository Addthis Related Articles V-222: SUSE update for Filezilla V-157: Adobe Reader Acrobat Multiple Vulnerabilities V-066: Adobe AcrobatReader Multiple Flaws...

  8. V-062: Asterisk Two Denial of Service Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities have been reported in Asterisk, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service).

  9. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    United Kingdom) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country United Kingdom...

  10. Tribal Energy System Vulnerabilities to Climate Change and Extreme...

    Broader source: Energy.gov (indexed) [DOE]

    Tribal Energy System Vulnerabilities to Climate Change and Extreme Weather ii NOTICE This ... States government or any agency thereof. energy.govindianenergy | indianenergy@hq.doe.go...

  11. T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities

    Broader source: Energy.gov [DOE]

    Vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.

  12. V-178: IBM Data Studio Web Console Java Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    IBM Data Studio Web Console uses the IBM Java Runtime Environment (JRE) and might be affected by vulnerabilities in the IBM JRE

  13. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    Ireland) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Ireland Coordinates...

  14. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    :"","inlineLabel":"","visitedicon":"" Display map Period 2011-2014 References EU Smart Grid Projects Map1 Overview AFTER addresses vulnerability evaluation and contingency...

  15. V-082: Novell GroupWise Client Two Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities have been reported in Novell GroupWise Client, which can be exploited by malicious people to compromise a user's system.

  16. U-086:Linux Kernel "/proc//mem" Privilege Escalation Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been discovered in the Linux Kernel, which can be exploited by malicious, local users to gain escalated privileges.

  17. V-107: Wireshark Multiple Denial of Service Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service).

  18. Vulnerability Analysis of Energy Delivery Control Systems - 2011...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Vulnerability Analysis of Energy Delivery Control Systems - 2011 Cybersecurity for energy ... (DOEOE) National Supervisory Control and Data Acquisition (SCADA) Test Bed ...

  19. Assessing Vulnerabilities, Risks, and Consequences of Damage to Critical Infrastructure

    SciTech Connect (OSTI)

    Suski, N; Wuest, C

    2011-02-04

    Since the publication of 'Critical Foundations: Protecting America's Infrastructure,' there has been a keen understanding of the complexity, interdependencies, and shared responsibility required to protect the nation's most critical assets that are essential to our way of life. The original 5 sectors defined in 1997 have grown to 18 Critical Infrastructures and Key Resources (CIKR), which are discussed in the 2009 National Infrastructure Protection Plan (NIPP) and its supporting sector-specific plans. The NIPP provides the structure for a national program dedicated to enhanced protection and resiliency of the nation's infrastructure. Lawrence Livermore National Laboratory (LLNL) provides in-depth, multi-disciplinary assessments of threat, vulnerability, and consequence across all 18 sectors at scales ranging from specific facilities to infrastructures spanning multi-state regions, such as the Oil and Natural Gas (ONG) sector. Like many of the CIKR sectors, the ONG sector is comprised of production, processing, distribution, and storage of highly valuable and potentially dangerous commodities. Furthermore, there are significant interdependencies with other sectors, including transportation, communication, finance, and government. Understanding the potentially devastating consequences and collateral damage resulting from a terrorist attack or natural event is an important element of LLNL's infrastructure security programs. Our work began in the energy sector in the late 1990s and quickly expanded other critical infrastructure sectors. We have performed over 600 physical assessments with a particular emphasis on those sectors that utilize, store, or ship potentially hazardous materials and for whom cyber security is important. The success of our approach is based on building awareness of vulnerabilities and risks and working directly with industry partners to collectively advance infrastructure protection. This approach consists of three phases: The Pre-Assessment Phase brings together infrastructure owners and operators to identify critical assets and help the team create a structured information request. During this phase, we gain information about the critical assets from those who are most familiar with operations and interdependencies, making the time we spend on the ground conducting the assessment much more productive and enabling the team to make actionable recommendations. The Assessment Phase analyzes 10 areas: Threat environment, cyber architecture, cyber penetration, physical security, physical penetration, operations security, policies and procedures, interdependencies, consequence analysis, and risk characterization. Each of these individual tasks uses direct and indirect data collection, site inspections, and structured and facilitated workshops to gather data. Because of the importance of understanding the cyber threat, LLNL has built both fixed and mobile cyber penetration, wireless penetration and supporting tools that can be tailored to fit customer needs. The Post-Assessment Phase brings vulnerability and risk assessments to the customer in a format that facilitates implementation of mitigation options. Often the assessment findings and recommendations are briefed and discussed with several levels of management and, if appropriate, across jurisdictional boundaries. The end result is enhanced awareness and informed protective measures. Over the last 15 years, we have continued to refine our methodology and capture lessons learned and best practices. The resulting risk and decision framework thus takes into consideration real-world constraints, including regulatory, operational, and economic realities. In addition to 'on the ground' assessments focused on mitigating vulnerabilities, we have integrated our computational and atmospheric dispersion capability with easy-to-use geo-referenced visualization tools to support emergency planning and response operations. LLNL is home to the National Atmospheric Release Advisory Center (NARAC) and the Interagency Modeling and Atmospheric Assessment Center (IMAAC). NA

  20. Method and tool for network vulnerability analysis

    DOE Patents [OSTI]

    Swiler, Laura Painton; Phillips, Cynthia A.

    2006-03-14

    A computer system analysis tool and method that will allow for qualitative and quantitative assessment of security attributes and vulnerabilities in systems including computer networks. The invention is based on generation of attack graphs wherein each node represents a possible attack state and each edge represents a change in state caused by a single action taken by an attacker or unwitting assistant. Edges are weighted using metrics such as attacker effort, likelihood of attack success, or time to succeed. Generation of an attack graph is accomplished by matching information about attack requirements (specified in "attack templates") to information about computer system configuration (contained in a configuration file that can be updated to reflect system changes occurring during the course of an attack) and assumed attacker capabilities (reflected in "attacker profiles"). High risk attack paths, which correspond to those considered suited to application of attack countermeasures given limited resources for applying countermeasures, are identified by finding "epsilon optimal paths."

  1. MODELING UNDERGROUND STRUCTURE VULNERABILITY IN JOINTED ROCK

    SciTech Connect (OSTI)

    R. SWIFT; D. STEEDMAN

    2001-02-01

    The vulnerability of underground structures and openings in deep jointed rock to ground shock attack is of chief concern to military planning and security. Damage and/or loss of stability to a structure in jointed rock, often manifested as brittle failure and accompanied with block movement, can depend significantly on jointed properties, such as spacing, orientation, strength, and block character. We apply a hybrid Discrete Element Method combined with the Smooth Particle Hydrodynamics approach to simulate the MIGHTY NORTH event, a definitive high-explosive test performed on an aluminum lined cylindrical opening in jointed Salem limestone. Representing limestone with discrete elements having elastic-equivalence and explicit brittle tensile behavior and the liner as an elastic-plastic continuum provides good agreement with the experiment and damage obtained with finite-element simulations. Extending the approach to parameter variations shows damage is substantially altered by differences in joint geometry and liner properties.

  2. emergency management systems | National Nuclear Security Administration

    National Nuclear Security Administration (NNSA)

    systems NNSA sites prepared for disasters using real-time response management system Pantex Emergency Services now uses the Emergency Management Information System, or EMInS. From left: Maribel Martinez, Brenda Graham and Greg Roddahl. One of NNSA's missions is emergency response, so it only makes sense that our sites and labs excel at emergency management on the local level. When... Building International Emergency Management Systems NNSA helps nations develop the core elements of an emergency

  3. emergency management team | National Nuclear Security Administration

    National Nuclear Security Administration (NNSA)

    team NNSA sites prepared for disasters using real-time response management system Pantex Emergency Services now uses the Emergency Management Information System, or EMInS. From left: Maribel Martinez, Brenda Graham and Greg Roddahl. One of NNSA's missions is emergency response, so it only makes sense that our sites and labs excel at emergency management on the local level. When... HQ Emergency Management Team (EMT) NNSA's Headquarters (HQ) EMT is the sole emergency focal point for HQ during an

  4. T-622: Adobe Acrobat and Reader Unspecified Memory Corruption Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is due to an unspecified error in the affected software when it processes .pdf files. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a malicious .pdf file. When viewed, the file could trigger a memory corruption error that could allow the attacker to execute arbitrary code on the system with the privileges of the user.

  5. T-616: PHP Stream Component Remote Denial of Service Vulnerability

    Broader source: Energy.gov [DOE]

    PHP is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain FTP requests. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Versions prior to PHP 5.3.6 are vulnerable.

  6. Vulnerability of Karangkates dams area by means of zero crossing analysis of data magnetic

    SciTech Connect (OSTI)

    Sunaryo, E-mail: sunaryo.geofis.ub@gmail.com; Susilo, Adi

    2015-04-24

    Study with entitled Vulnerability Karangkates Dam Area By Means of Zero Crossing Analysis of Data Magnetic has been done. The study was aimed to obtain information on the vulnerability of two parts area of Karangkates dams, i.e. Lahor dam which was inaugurated in 1977 and Sutami dam inaugurated in 1981. Three important things reasons for this study are: 1). The dam age was 36 years old for Lahor dam and 32 years old for Sutami dam, 2). Geologically, the location of the dams are closed together to the Pohgajih local shear fault, Selorejo local fault, and Selorejo limestone-andesite rocks contact plane, and 3). Karangkates dams is one of the important Hydro Power Plant PLTA with the generating power of about 400 million KWH per year from a total of about 29.373MW installed in Indonesia. Geographically, the magnetic data acquisition was conducted at coordinates (112.4149oE;-8.2028oS) to (112.4839oE;-8.0989oS) by using Proton Precession Magnetometer G-856. Magnetic Data acquisition was conducted in the radial direction from the dams with diameter of about 10 km and the distance between the measurements about 500m. The magnetic data acquisition obtained the distribution of total magnetic field value in the range of 45800 nT to 44450 nT. Residual anomalies obtained by doing some corrections, including diurnal correction, International Geomagnetic Reference Field (IGRF) correction, and reductions so carried out the distribution of the total magnetic field value in the range of -650 nT to 700 nT. Based on the residual anomalies, indicate the presence of 2 zones of closed closures dipole pairs at located in the west of the Sutami dam and the northwest of the Lahor dam from 5 total zones. Overlapping on the local geological map indicated the lineament of zero crossing patterns in the contour of residual anomaly contour with the Pohgajih shear fault where located at about 4 km to the west of the Sutami dam approximately and andesite-limestone rocks contact where located at about 6 km to the west of the Lahor dam approximately. These shown a possible of vulnerability on geohazards at the west zone of the Karangkates (Lahor-Sutami) dams area if there are triggers by the vibration (earthquake) on the Pohgajih shear fault, andesite-limestone contact plane, and instability rocks on two zones of closed closure dipole pairs area. Reality, on the location of the study shown some local landslide at the several locations and the main road that need considering for disaster mitigation.

  7. LESSONS LEARNED FROM CYBER SECURITY ASSESSMENTS OF SCADA AND ENERGY MANAGEMENT SYSTEMS

    SciTech Connect (OSTI)

    Ray Fink

    2006-10-01

    The results from ten cyber security vulnerability assessments of process control, SCADA and energy management systems, or components of those systems were reviewed to identify common problem areas. The common vulnerabilities ranged from conventional IT security issues to specific weaknesses in control system protocols. In each vulnerability category, relative measures were assigned to the severity of the vulnerability and ease with which an attacker could exploit the vulnerability. Suggested mitigations are identified in each category. Recommended mitigations having the highest impact on reducing vulnerability are listed for asset owners and system vendors.

  8. T-557: Microsoft Office Excel Office Art Object Parsing Remote Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

  9. T-562: Novell ZENworks Configuration Management novell-tftp.exe Buffer Overflow

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Novell ZENworks Configuration Management, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in novell-tftp.exe when parsing requests. This can be exploited to cause a heap-based buffer overflow via a specially crafted request sent to UDP port 69. The vulnerability is reported in versions 10.3.1, 10.3.2, and 11.0.

  10. Automated Vulnerability Detection for Compiled Smart Grid Software

    SciTech Connect (OSTI)

    Prowell, Stacy J; Pleszkoch, Mark G; Sayre, Kirk D; Linger, Richard C

    2012-01-01

    While testing performed with proper experimental controls can provide scientifically quantifiable evidence that software does not contain unintentional vulnerabilities (bugs), it is insufficient to show that intentional vulnerabilities exist, and impractical to certify devices for the expected long lifetimes of use. For both of these needs, rigorous analysis of the software itself is essential. Automated software behavior computation applies rigorous static software analysis methods based on function extraction (FX) to compiled software to detect vulnerabilities, intentional or unintentional, and to verify critical functionality. This analysis is based on the compiled firmware, takes into account machine precision, and does not rely on heuristics or approximations early in the analysis.

  11. Vulnerability Assessment for Cascading Failures in Electric Power Systems

    SciTech Connect (OSTI)

    Baldick, R.; Chowdhury, Badrul; Dobson, Ian; Dong, Zhao Yang; Gou, Bei; Hawkins, David L.; Huang, Zhenyu; Joung, Manho; Kim, Janghoon; Kirschen, Daniel; Lee, Stephen; Li, Fangxing; Li, Juan; Li, Zuyi; Liu, Chen-Ching; Luo, Xiaochuan; Mili, Lamine; Miller, Stephen; Nakayama, Marvin; Papic, Milorad; Podmore, Robin; Rossmaier, John; Schneider, Kevin P.; Sun, Hongbin; Sun, Kai; Wang, David; Wu, Zhigang; Yao, Liangzhong; Zhang, Pei; Zhang, Wenjie; Zhang, Xiaoping

    2008-09-10

    Cascading failures present severe threats to power grid security, and thus vulnerability assessment of power grids is of significant importance. Focusing on analytic methods, this paper reviews the state of the art of vulnerability assessment methods in the context of cascading failures in three categories: steady-state modeling based analysis; dynamic modeling analysis; and non-traditional modeling approaches. The impact of emerging technologies including phasor technology, high-performance computing techniques, and visualization techniques on the vulnerability assessment of cascading failures is then addressed, and future research directions are presented.

  12. Vulnerability of critical infrastructures : identifying critical nodes.

    SciTech Connect (OSTI)

    Cox, Roger Gary; Robinson, David Gerald

    2004-06-01

    The objective of this research was the development of tools and techniques for the identification of critical nodes within critical infrastructures. These are nodes that, if disrupted through natural events or terrorist action, would cause the most widespread, immediate damage. This research focuses on one particular element of the national infrastructure: the bulk power system. Through the identification of critical elements and the quantification of the consequences of their failure, site-specific vulnerability analyses can be focused at those locations where additional security measures could be effectively implemented. In particular, with appropriate sizing and placement within the grid, distributed generation in the form of regional power parks may reduce or even prevent the impact of widespread network power outages. Even without additional security measures, increased awareness of sensitive power grid locations can provide a basis for more effective national, state and local emergency planning. A number of methods for identifying critical nodes were investigated: small-world (or network theory), polyhedral dynamics, and an artificial intelligence-based search method - particle swarm optimization. PSO was found to be the only viable approach and was applied to a variety of industry accepted test networks to validate the ability of the approach to identify sets of critical nodes. The approach was coded in a software package called Buzzard and integrated with a traditional power flow code. A number of industry accepted test networks were employed to validate the approach. The techniques (and software) are not unique to power grid network, but could be applied to a variety of complex, interacting infrastructures.

  13. U-168: EMC Documentum Information Rights Management Server Bugs Let Remote Authenticated Users Deny Service

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in EMC Documentum Information Rights Management Server. A remote authenticated user can cause denial of service conditions.

  14. Becoming Resilient: Disaster Planning and Recovery: NREL Experts Assist Before and After a Disaster (Fact Sheet), NREL (National Renewable Energy Laboratory)

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Becoming Resilient: Disaster Planning and Recovery NREL Experts Assist Before and After a Disaster The National Renewable Energy Laboratory (NREL) is the nation's leader in energy effciency and renewable energy technologies, practices, and strategies. For the last 15 years, NREL has provided expertise, tools, and innovations to private industry; federal, state, and local governments; nonproft organizations; and communities during the planning, recovery, and rebuilding stages after disaster

  15. Adaptive management: a paradigm for remediation of public facilities

    SciTech Connect (OSTI)

    Janecky, David R; Whicker, Jeffrey J; Doerr, Ted B

    2009-01-01

    Public facility restoration planning traditionally focused on response to natural disasters and hazardous materials accidental releases. These plans now need to integrate response to terrorist actions. Therefore, plans must address a wide range of potential vulnerabilities. Similar types of broad remediation planning are needed for restoration of waste and hazardous material handling areas and facilities. There are strong similarities in damage results and remediation activities between unintentional and terrorist actions; however, the uncertainties associated with terrorist actions result in a re-evaluation of approaches to planning. Restoration of public facilities following a release of a hazardous material is inherently far more complex than in confined industrial settings and has many unique technical, economic, social, and political challenges. Therefore, they arguably involve a superset of drivers, concerns and public agencies compared to other restoration efforts. This superset of conditions increases complexity of interactions, reduces our knowledge of the initial conditions, and even condenses the timeline for restoration response. Therefore, evaluations of alternative restoration management approaches developed for responding to terrorist actions provide useful knowledge for large, complex waste management projects. Whereas present planning documents have substantial linearity in their organization, the 'adaptive management' paradigm provides a constructive parallel operations paradigm for restoration of facilities that anticipates and plans for uncertainty, multiple/simUltaneous public agency actions, and stakeholder participation. Adaptive management grew out of the need to manage and restore natural resources in highly complex and changing environments with limited knowledge about causal relationships and responses to restoration actions. Similarities between natural resource management and restoration of a facility and surrounding area(s) after a disruptive event suggest numerous advantages over preset linearly-structured plans by incorporating the flexibility and overlap of processes inherent in effective facility restoration. We discuss three restoration case studies (e.g., the Hart Senate Office Building anthrax restoration, Rocky Flats actinide remediation, and hurricane destruction restoration), that implement aspects of adaptive management but not a formal approach. We propose that more formal adoption of adaptive management principles could be a basis for more flexible standards to improve site-specific remediation plans under conditions of high uncertainty.

  16. Minimizing the psychological effects of a wartime disaster on an individual

    SciTech Connect (OSTI)

    Kentsmith, D.K.

    1980-04-01

    In this paper, the psychological reductions of individuals and groups to a wartime disaster, such as nuclear explosions, are presented. The psychological literature on disasters is discussed. The presentation attempts to emphasize viewing the victims of a disaster as individuals responding in a normal way to an overwhelming experience, rather than labeling them as psychiatric patients. The various phases of a disaster are discussed with particular emphases on the preventive measures and leadership roles which may be taken by the physician. The paper concludes by making specific recommendations regarding the establishment of disaster plans and training programs at each miliary facility.

  17. Climate Change and the U.S. Energy Sector: Regional Vulnerabilities...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Climate Change and the U.S. Energy Sector: Regional Vulnerabilities and Resilience Solutions Climate Change and the U.S. Energy Sector: Regional Vulnerabilities and Resilience ...

  18. U-157: Ruby Mail Gem Directory Traversal and Shell Command Injection Vulnerabilities

    Broader source: Energy.gov [DOE]

    Some vulnerabilities have been reported in the Mail gem for Ruby, which can be exploited by malicious people to manipulate certain data and compromise a vulnerable system.

  19. T-643: HP OpenView Storage Data Protector Unspecified Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in HP OpenView Storage Data Protector, which can be exploited by malicious people to compromise a vulnerable system.

  20. V-118: IBM Lotus Domino Multiple Vulnerabilities | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    to version 9.0 or update to version 8.5.3 Fix Pack 4 when available Addthis Related Articles T-534: Vulnerability in the PDF distiller of the BlackBerry Attachment Service...

  1. V-096: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    A weakness and multiple vulnerabilities have been reported in Mozilla Thunderbird and SeaMonkey, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, and compromise a user's system.

  2. T-625: Opera Frameset Handling Memory Corruption Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to an error when handling certain frameset constructs during page unloading and can be exploited to corrupt memory via a specially crafted web page.

  3. V-173: Plesk 0-Day Vulnerability | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    versions 8.6, 9.0, 9.2, 9.3, and 9.5.4 ABSTRACT: The vulnerability is caused due to PHP misconfiguration in the affected application REFERENCE LINKS: Seclist.org TrendMicro...

  4. T-542: SAP Crystal Reports Server Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities in SAP Crystal Reports Server 2008, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks, manipulate certain data, and compromise a user's system.

  5. Mapping Climate Change Vulnerability and Impact Scenarios - A...

    Open Energy Info (EERE)

    guidebook assists planners working at the sub-national levels to identify and map the nature of current and future vulnerability to long-term climate change so that appropriate...

  6. Common Cyber Security Vulnerabilities Observed in Control System

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Assessments by the INL NSTB Program | Department of Energy Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program This document presents results from 16 control system assessments performed under the NSTB program from 2003 through 2007. Information found in individual stakeholder reports is protected from disclosure. Researchers recognized that

  7. T-596: 0-Day Windows Network Interception Configuration Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 96: 0-Day Windows Network Interception Configuration Vulnerability T-596: 0-Day Windows Network Interception Configuration Vulnerability April 6, 2011 - 5:48am Addthis PROBLEM: 0-Day exploit of IPv4 and IPv6 mechanics and how it applies to Microsoft Windows Operating systems. PLATFORM: Microsoft Operating Systems (OS) Windows Vista, Windows 7, and Windows 2008 Server ABSTRACT: The links below describe a parasitic IPv6 layered over a native IPv4 network. This attack can

  8. T-607: Update: Adobe Acrobat, Reader, and Flash Player SWF File Processing Arbitrary Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    Update: Adobe Acrobat, Reader, and Flash Player SWF File Processing Arbitrary Code Execution Vulnerability.

  9. Strategic stockpiling of power system supplies for disaster recovery

    SciTech Connect (OSTI)

    Bent, Russell W; Coffrein, Carleton; Van Hentenryck, Pascal

    2010-11-23

    This paper studies the Power System Stochastic Storage Problem (PSSSP), a novel application in power restoration which consists of deciding how to store power system components throughout a populated area to maximize the amount of power served after disaster restoration. The paper proposes an exact mixed-integer formulation for the linearized DC power flow model and a general column-generation approach. Both formulations were evaluated experimentally on benchmarks using the electrical power infrastructure of the United States and disaster scenarios generated by state-of-the-art hurricane simulation tools similar to those used by the National Hurricane Center. The results show that the column-generation algorithm produces near-optimal solutions quickly and produces orders of magnitude speedups over the exact formulation for large benchmarks. Moreover, both the exact and the column-generation formulations produce significant improvements over greedy approach and hence should yield significant benefits in practice.

  10. Climate variability and climate change vulnerability and adaptation. Workshop summary

    SciTech Connect (OSTI)

    Bhatti, N.; Cirillo, R.R.; Dixon, R.K.

    1995-12-31

    Representatives from fifteen countries met in Prague, Czech Republic, on September 11-15, 1995, to share results from the analysis of vulnerability and adaptation to global climate change. The workshop focused on the issues of global climate change and its impacts on various sectors of a national economy. The U.N. Framework Convention on Climate Change (FCCC), which has been signed by more than 150 governments worldwide, calls on signatory parties to develop and communicate measures they are implementing to respond to global climate change. An analysis of a country`s vulnerability to changes in the climate helps it identify suitable adaptation measures. These analyses are designed to determine the extent of the impacts of global climate change on sensitive sectors such as agricultural crops, forests, grasslands and livestock, water resources, and coastal areas. Once it is determined how vulnerable a country may be to climate change, it is possible to identify adaptation measures for ameliorating some or all of the effects.The objectives of the vulnerability and adaptation workshop were to: The objectives of the vulnerability and adaptation workshop were to: Provide an opportunity for countries to describe their study results; Encourage countries to learn from the experience of the more complete assessments and adjust their studies accordingly; Identify issues and analyses that require further investigation; and Summarize results and experiences for governmental and intergovernmental organizations.

  11. U-042: Mac RealPlayer Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    42: Mac RealPlayer Multiple Vulnerabilities U-042: Mac RealPlayer Multiple Vulnerabilities November 21, 2011 - 9:15am Addthis PROBLEM: Mac RealPlayer Multiple Vulnerabilities. PLATFORM: Versions 12.0.0.1701 and prior. ABSTRACT: Multiple vulnerabilities have been reported in Mac RealPlayer, which can be exploited by malicious people to compromise a user's system. reference LINKS: Secunia Advisory: SA46963 Secunia Vulnerability Report: Mac RealPlayer 12.x Secunia Advisory: SA46954 IMPACT

  12. Energy Department Issues Tribal Energy System Vulnerabilities to Climate

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Change and Extreme Weather Report, $6M for Native American Clean Energy Projects | Department of Energy Energy System Vulnerabilities to Climate Change and Extreme Weather Report, $6M for Native American Clean Energy Projects Energy Department Issues Tribal Energy System Vulnerabilities to Climate Change and Extreme Weather Report, $6M for Native American Clean Energy Projects September 2, 2015 - 3:30pm Addthis NEWS MEDIA CONTACT 202-586-4940 DOENews@hq.doe.gov The U.S. Department of Energy

  13. WPN 12-7: Revised Guidance on Weatherization Disaster Planning and Relief

    Broader source: Energy.gov [DOE]

    To provide revised guidance on allowable activities using U.S. Department of Energy (DOE) Weatherization Assistance Program (WAP) resources in the event of disasters.

  14. Vulnerability of the US to future sea level rise

    SciTech Connect (OSTI)

    Gornitz, V. . Goddard Inst. for Space Studies); White, T.W.; Cushman, R.M. )

    1991-01-01

    The differential vulnerability of the conterminous United States to future sea level rise from greenhouse climate warming is assessed, using a coastal hazards data base. This data contains information on seven variables relating to inundation and erosion risks. High risk shorelines are characterized by low relief, erodible substrate, subsidence, shoreline retreat, and high wave/tide energies. Very high risk shorelines on the Atlantic Coast (Coastal Vulnerability Index {ge}33.0) include the outer coast of the Delmarva Peninsula, northern Cape Hatteras, and segments of New Jersey, Georgia and South Carolina. Louisiana and sections of Texas are potentially the most vulnerable, due to anomalously high relative sea level rise and erosion, coupled with low elevation and mobile sediments. Although the Pacific Coast is generally the least vulnerable, because of its rugged relief and erosion-resistant substrate, the high geographic variability leads to several exceptions, such as the San Joaquin-Sacramento Delta area, the barrier beaches of Oregon and Washington, and parts of the Puget Sound Lowlands. 31 refs., 2 figs., 3 tabs.

  15. Vulnerability analysis for complex networks using aggressive abstraction.

    SciTech Connect (OSTI)

    Colbaugh, Richard; Glass, Kristin L.

    2010-06-01

    Large, complex networks are ubiquitous in nature and society, and there is great interest in developing rigorous, scalable methods for identifying and characterizing their vulnerabilities. This paper presents an approach for analyzing the dynamics of complex networks in which the network of interest is first abstracted to a much simpler, but mathematically equivalent, representation, the required analysis is performed on the abstraction, and analytic conclusions are then mapped back to the original network and interpreted there. We begin by identifying a broad and important class of complex networks which admit vulnerability-preserving, finite state abstractions, and develop efficient algorithms for computing these abstractions. We then propose a vulnerability analysis methodology which combines these finite state abstractions with formal analytics from theoretical computer science to yield a comprehensive vulnerability analysis process for networks of realworld scale and complexity. The potential of the proposed approach is illustrated with a case study involving a realistic electric power grid model and also with brief discussions of biological and social network examples.

  16. Regulatory Guide on Conducting a Security Vulnerability Assessment

    SciTech Connect (OSTI)

    Ek, David R.

    2016-01-01

    This document will provide guidelines on conducting a security vulnerability assessment at a facility regulated by the Radiation Protection Centre. The guidelines provide a performance approach assess security effectiveness. The guidelines provide guidance for a review following the objectives outlined in IAEA NSS#11 for Category 1, 2, & 3 sources.

  17. Rebuilding After Disaster: Going Green from the Ground Up (Revised) (Brochure)

    SciTech Connect (OSTI)

    Not Available

    2009-10-01

    20-page "how-to" guide describing ways to turn a disaster into an opportunity to rebuild with greener energy technologies. It covers such topics as the importance of energy, options for communities, instructions for developing an energy plan, and other considerations. This guide is intended for the community leaders who have experienced a disaster.

  18. T-532: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution

    Broader source: Energy.gov [DOE]

    Microsoft is investigating new public reports of a vulnerability in the Windows Graphics Rendering Engine. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the logged-on user.

  19. U-114: IBM Personal Communications WS File Processing Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability in WorkStation files (.ws) by IBM Personal Communications could allow a remote attacker to cause a denial of service (application crash) or potentially execute arbitrary code on vulnerable installations of IBM Personal Communications.

  20. T-551: Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple buffer overflow vulnerabilities exist in the WRF and ARF players. The vulnerabilities may lead to a crash of the player application or, in some cases, remote code execution could occur.

  1. U-146: Adobe Reader/Acrobat Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    46: Adobe Reader/Acrobat Multiple Vulnerabilities U-146: Adobe Reader/Acrobat Multiple Vulnerabilities April 12, 2012 - 8:30am Addthis PROBLEM: Multiple vulnerabilities have been reported in Adobe Reader and Adobe Acrobat. PLATFORM: Adobe Acrobat 9.x Adobe Acrobat X 10.x Adobe Reader 9.x Adobe Reader X 10.x ABSTRACT: Vulnerabilities can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, gain knowledge of potentially sensitive

  2. U-069: Telnet code execution vulnerability: FreeBSD and Kerberos

    Broader source: Energy.gov [DOE]

    Vulnerability was reported in FreeBSD Telnet. A remote user can execute arbitrary code on the target system.

  3. U-149: Apache OFBiz Cross-Site Scripting and Code Execution Vulnerabilities

    Energy Savers [EERE]

    Server Cross-Site Scripting Vulnerability | Department of Energy 11: Cisco Security Response: Cisco TelePresence Video Communication Server Cross-Site Scripting Vulnerability U-011: Cisco Security Response: Cisco TelePresence Video Communication Server Cross-Site Scripting Vulnerability October 14, 2011 - 12:30pm Addthis PROBLEM: Cisco Security Response: Cisco TelePresence Video Communication Server Cross-Site Scripting Vulnerability PLATFORM: Version(s): VCS prior to 7.0 ABSTRACT: A

  4. V-200: Apache Struts DefaultActionMapper Redirection and OGNL Security Bypass Vulnerabilities

    Broader source: Energy.gov [DOE]

    The vulnerabilities can be exploited by malicious people to conduct spoofing attacks and bypass certain security restrictions

  5. U-028: Microsoft Windows win32k.sys TrueType Font Parsing Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.

  6. Briefing Memo: Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities

    Broader source: Energy.gov [DOE]

    Quadrennial Energy Review Task Force Secretariat and Energy Policy and Systems Analysis Staff, U. S. Department of Energy Public Meeting on “Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities” On Friday, April 11, 2014, at 10 a.m. in room HVC-215 of the U.S. Capitol, the Department of Energy (DOE), acting as the Secretariat for the Quadrennial Energy Review Task Force, will hold a public meeting to discuss and receive comments on issues related to the Quadrennial Energy Review (QER). The meeting will focus on infrastructure vulnerabilities related to the electricity, natural gas and petroleum transmission, storage and distribution systems (TS&D). The meeting will consist of two facilitated panels of experts on identifying and addressing vulnerabilities within the nation’s energy TS&D infrastructure. Following the panels, an opportunity will be provided for public comment via an open microphone session.

  7. Vulnerability, Sensitivity, and Coping/Adaptive Capacity Worldwide

    SciTech Connect (OSTI)

    Malone, Elizabeth L.; Brenkert, Antoinette L.

    2009-10-01

    Research and analyses have repeatedly shown that impacts of climate change will be unevenly distributed and will affect various societies in various ways. The severity of impacts will depend in part on ability to cope in the short term and adapt in the longer term. However, it has been difficult to find a comparative basis on which to assess differential impacts of climate change. This chapter describes the Vulnerability-Resilience Indicator Model that uses 18 proxy indicators, grouped into 8 elements, to assess on a quantitative basis the comparative potential vulnerability and resilience of countries to climate change. The model integrates socioeconomic and environmental information such as land use, crop production, water availability, per capita GDP, inequality, and health status. Comparative results for 160 countries are presented and analyzed.

  8. Agenda: Enhancing Energy Infrastructure Resiliency and Addressing Vulnerabilities

    Broader source: Energy.gov [DOE]

    Quadrennial Energy Review Task Force Secretariat and Energy Policy and Systems Analysis Staff, U. S. Department of Energy (DOE) Public Meeting on “Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities” On Friday, April 11, 2014, at 10 a.m. in room HVC-215 of the U.S. Capitol, the Department of Energy (DOE), acting as the Secretariat for the Quadrennial Energy Review Task Force, will hold a public meeting to discuss and receive comments on issues related to the Quadrennial Energy Review (QER). The meeting will focus on infrastructure vulnerabilities related to the electricity, natural gas and petroleum transmission, storage and distribution systems (TS&D). The meeting will consist of two facilitated panels of experts on identifying and addressing vulnerabilities within the nation’s energy TS&D infrastructure. Following the panels, an opportunity will be provided for public comment via an open microphone session.

  9. Probabilistic Vulnerability Assessment Based on Power Flow and Voltage Distribution

    SciTech Connect (OSTI)

    Ma, Jian; Huang, Zhenyu; Wong, Pak C.; Ferryman, Thomas A.

    2010-04-30

    Risk assessment of large scale power systems has been an important problem in power system reliability study. Probabilistic technique provides a powerful tool to solve the task. In this paper, we present the results of a study on probabilistic vulnerability assessment on WECC system. Cumulant based expansion method is applied to obtain the probabilistic distribution function (PDF) and cumulative distribution function (CDF) of power flows on transmission lines and voltage. Overall risk index based on the system vulnerability analysis is calculated using the WECC system. The simulation results based on WECC system is used to demonstrate the effectiveness of the method. The methodology can be applied to the risk analysis on large scale power systems.

  10. Subsidence vulnerability in shallow room-and-pillar mines

    SciTech Connect (OSTI)

    Missavage, R.

    1985-07-01

    Concern over mining-related subsidence is inhibiting the development of surface land uses in previously mined areas and is constraining the recovery of coal resources in areas with established land uses that might be impacted by subsequent subsidence. The determination of subsidence vulnerability of mined-out areas (especially abandoned mine areas) can be a useful tool in the design and location of surface structures. A model has been developed for assessing subsidence vulnerability in shallow room-and-pillar mines based on the flexural rigidity and strength characteristics of the overlying strata. The model does not predict the subsidence profile or when the subsidence will occur. It only predicts those areas that are likely to subside. This paper briefly describes the model and its testing.

  11. T-682:Double free vulnerability in MapServer

    Broader source: Energy.gov [DOE]

    MapServer developers have discovered flaws in the OGC filter support in MapServer. Specific code is used in support of WFS, WMS-SLD and SOS specifications. All versions may be susceptible to SQL injection under certain circumstances. The extent of the vulnerability depends on the MapServer version, relational database and mapfile configuration being used. All users are strongly encouraged to upgrade to these latest releases.

  12. Temperature-based Instanton Analysis: Identifying Vulnerability in Transmission Networks

    SciTech Connect (OSTI)

    Kersulis, Jonas; Hiskens, Ian; Chertkov, Michael; Backhaus, Scott N.; Bienstock, Daniel

    2015-04-08

    A time-coupled instanton method for characterizing transmission network vulnerability to wind generation fluctuation is presented. To extend prior instanton work to multiple-time-step analysis, line constraints are specified in terms of temperature rather than current. An optimization formulation is developed to express the minimum wind forecast deviation such that at least one line is driven to its thermal limit. Results are shown for an IEEE RTS-96 system with several wind-farms.

  13. Microsoft Word - MitigationsForVulnerabilitiesInCSNetworks.doc

    Energy Savers [EERE]

    6 by ISA - The Instrumentation, Systems and Automation Society. Presented at 16th Annual Joint ISA POWID/EPRI Controls and Instrumentation Conference; http://www.isa.org Mitigations for Security Vulnerabilities Found in Control System Networks May Permann John Hammer Computer Security Researcher Computer Security Researcher Communications & Cyber Security Communications & Cyber Security Idaho National Laboratory Idaho National Laboratory Idaho Falls, ID 83415 Idaho Falls, ID 83415 Kathy

  14. T-613: Microsoft Excel Axis Properties Remote Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    Microsoft Excel is prone to a remote code-execution vulnerability because the applications fails to sufficiently validate user-supplied input. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

  15. GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material |

    National Nuclear Security Administration (NNSA)

    National Nuclear Security Administration GTRI: Removing Vulnerable Civilian Nuclear and Radiological Material May 29, 2014 GTRI's Remove Program works around the world to remove excess nuclear and radiological materials that could be used for a nuclear weapon or radiological dispersal device (RDD), or "dirty bomb". Mission In 2004 NNSA established the Global Threat Reduction Initiative (GTRI) in the Office of Defense Nuclear Nonproliferation to, as quickly as possible, identify,

  16. Climate Change Vulnerability Assessment for Idaho National Laboratory

    SciTech Connect (OSTI)

    Christopher P. Ischay; Ernest L. Fossum; Polly C. Buotte; Jeffrey A. Hicke; Alexander Peterson

    2014-10-01

    The University of Idaho (UI) was asked to participate in the development of a climate change vulnerability assessment for Idaho National Laboratory (INL). This report describes the outcome of that assessment. The climate change happening now, due in large part to human activities, is expected to continue in the future. UI and INL used a common framework for assessing vulnerability that considers exposure (future climate change), sensitivity (system or component responses to climate), impact (exposure combined with sensitivity), and adaptive capacity (capability of INL to modify operations to minimize climate change impacts) to assess vulnerability. Analyses of climate change (exposure) revealed that warming that is ongoing at INL will continue in the coming decades, with increased warming in later decades and under scenarios of greater greenhouse gas emissions. Projections of precipitation are more uncertain, with multi model means exhibiting somewhat wetter conditions and more wet days per year. Additional impacts relevant to INL include estimates of more burned area and increased evaporation and transpiration, leading to reduced soil moisture and plant growth.

  17. U-020: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 0: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability U-020: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability October 26, 2011 - 9:00am Addthis PROBLEM: McAfee Web Gateway Web Access Cross Site Scripting Vulnerability. PLATFORM: The vulnerability is reported in versions prior to 7.1.5.2. ABSTRACT: Cross-Site Scripting vulnerabilities allow a third party to manipulate the content or behavior of a web application in a user's browser, without

  18. V-114: RealPlayer MP4 Processing Buffer Overflow Vulnerability | Department

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    of Energy 14: RealPlayer MP4 Processing Buffer Overflow Vulnerability V-114: RealPlayer MP4 Processing Buffer Overflow Vulnerability March 19, 2013 - 12:01am Addthis PROBLEM: RealPlayer MP4 Processing Buffer Overflow Vulnerability PLATFORM: Versions prior to 16.0.1.18. ABSTRACT: A vulnerability has been reported in RealPlayer REFERENCE LINKS: RealNetworks, Inc Secunia Advisory SA52692 CVE-2013-1750 IMPACT ASSESSMENT: High DISCUSSION: The vulnerability is caused due to an error when

  19. V-211: IBM iNotes Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: IBM iNotes Multiple Vulnerabilities V-211: IBM iNotes Multiple Vulnerabilities August 5, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in IBM Lotus iNotes PLATFORM: IBM iNotes 9.x ABSTRACT: IBM iNotes has two cross-site scripting vulnerabilities and an ActiveX Integer overflow vulnerability REFERENCE LINKS: Secunia Advisory SA54436 IBM Security Bulletin 1645503 CVE-2013-3027 CVE-2013-3032 CVE-2013-3990 IMPACT ASSESSMENT: High DISCUSSION: 1) Certain input related

  20. Taxonomy for Common-Cause Failure Vulnerability and Mitigation

    SciTech Connect (OSTI)

    Wood, Richard Thomas; Korsah, Kofi; Mullens, James Allen; Pullum, Laura L.

    2015-09-01

    Applying current guidance and practices for common-cause failure (CCF) mitigation to digital instrumentation and control (I&C) systems has proven problematic, and the regulatory environment has been unpredictable. The potential for CCF vulnerability inhibits I&C modernization, thereby challenging the long-term sustainability of existing plants. For new plants and advanced reactor concepts, concern about CCF vulnerability in highly integrated digital I&C systems imposes a design burden that results in higher costs and increased complexity. The regulatory uncertainty in determining which mitigation strategies will be acceptable (e.g., what diversity is needed and how much is sufficient) drives designers to adopt complicated, costly solutions devised for existing plants. To address the conditions that constrain the transition to digital I&C technology by the US nuclear industry, crosscutting research is needed to resolve uncertainty, demonstrate necessary characteristics, and establish an objective basis for qualification of digital technology for nuclear power plant (NPP) I&C applications. To fulfill this research need, Oak Ridge National Laboratory is investigating mitigation of CCF vulnerability for nuclear-qualified applications. The outcome of this research is expected to contribute to a fundamentally sound, comprehensive basis to qualify digital technology for nuclear power applications. This report documents the development of a CCF taxonomy. The basis for the CCF taxonomy was generated by determining consistent terminology and establishing a classification approach. The terminology is based on definitions from standards, guides, and relevant nuclear power industry technical reports. The classification approach is derived from identified classification schemes focused on I&C systems and key characteristics, including failure modes. The CCF taxonomy provides the basis for a systematic organization of key systems aspects relevant to analyzing the potential for CCF vulnerability and the suitability of mitigation techniques. Development of an effective CCF taxonomy will help to provide a framework for establishing the objective analysis and assessment capabilities desired to facilitate rigorous identification of fault types and triggers that are the fundamental elements of CCF.

  1. Water vulnerabilities for existing coal-fired power plants.

    SciTech Connect (OSTI)

    Elcock, D.; Kuiper, J.; Environmental Science Division

    2010-08-19

    This report was funded by the U.S. Department of Energy's (DOE's) National Energy Technology Laboratory (NETL) Existing Plants Research Program, which has an energy-water research effort that focuses on water use at power plants. This study complements the Existing Plants Research Program's overall research effort by evaluating water issues that could impact power plants. Water consumption by all users in the United States over the 2005-2030 time period is projected to increase by about 7% (from about 108 billion gallons per day [bgd] to about 115 bgd) (Elcock 2010). By contrast, water consumption by coal-fired power plants over this period is projected to increase by about 21% (from about 2.4 to about 2.9 bgd) (NETL 2009b). The high projected demand for water by power plants, which is expected to increase even further as carbon-capture equipment is installed, combined with decreasing freshwater supplies in many areas, suggests that certain coal-fired plants may be particularly vulnerable to potential water demand-supply conflicts. If not addressed, these conflicts could limit power generation and lead to power disruptions or increased consumer costs. The identification of existing coal-fired plants that are vulnerable to water demand and supply concerns, along with an analysis of information about their cooling systems and related characteristics, provides information to help focus future research and development (R&D) efforts to help ensure that coal-fired generation demands are met in a cost-effective manner that supports sustainable water use. This study identified coal-fired power plants that are considered vulnerable to water demand and supply issues by using a geographical information system (GIS) that facilitated the analysis of plant-specific data for more than 500 plants in the NETL's Coal Power Plant Database (CPPDB) (NETL 2007a) simultaneously with 18 indicators of water demand and supply. Two types of demand indicators were evaluated. The first type consisted of geographical areas where specific conditions can generate demand vulnerabilities. These conditions include high projected future water consumption by thermoelectric power plants, high projected future water consumption by all users, high rates of water withdrawal per square mile (mi{sup 2}), high projected population increases, and areas projected to be in a water crisis or conflict by 2025. The second type of demand indicator was plant specific. These indicators were developed for each plant and include annual water consumption and withdrawal rates and intensities, net annual power generation, and carbon dioxide (CO{sub 2}) emissions. The supply indictors, which are also area based, include areas with low precipitation, high temperatures, low streamflow, and drought. The indicator data, which were in various formats (e.g., maps, tables, raw numbers) were converted to a GIS format and stored, along with the individual plant data from the CPPDB, in a single GIS database. The GIS database allowed the indicator data and plant data to be analyzed and visualized in any combination. To determine the extent to which a plant would be considered 'vulnerable' to a given demand or supply concern (i.e., that the plant's operations could be affected by water shortages represented by a potential demand or supply indicator), criteria were developed to categorize vulnerability according to one of three types: major, moderate, or not vulnerable. Plants with at least two major demand indicator values and/or at least four moderate demand indicator values were considered vulnerable to demand concerns. By using this approach, 144 plants were identified as being subject to demand concerns only. Plants with at least one major supply indicator value and/or at least two moderate supply indicator values were considered vulnerable to supply concerns. By using this approach, 64 plants were identified as being subject to supply concerns only. In addition, 139 plants were identified as subject to both demand and supply concerns. Therefore, a total of 347 plants were considered subject to demand concerns, supply concerns, or both demand and supply concerns.

  2. COLLOQUIUM: NOTE SPECIAL DATE - THURSDAY: Unique Vulnerability of the New

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    York/New Jersey Metro Region to Hurricane Destruction - A New Perspective Based on Recent Research on Irene 2011 and Sandy 2012 | Princeton Plasma Physics Lab February 28, 2013, 4:15pm to 5:30pm Colloquia MBG Auditorium COLLOQUIUM: NOTE SPECIAL DATE - THURSDAY: Unique Vulnerability of the New York/New Jersey Metro Region to Hurricane Destruction - A New Perspective Based on Recent Research on Irene 2011 and Sandy 2012 Professor Nicholas K. Coch Queens College CUNY In the last two years. the

  3. National Disaster Resilience Competition Webinar Series- Q&A Session: Review Completeness Requirements

    Broader source: Energy.gov [DOE]

    In light of the recent announcement of the National Disaster Resilience Competition (NDRC), HUD is offering a series of webinars to discuss NDRC NOFA requirements, answer NDRC NOFA questions and...

  4. National Disaster Resilience Competition Webinar Series- Q&A Session: Walk through FAQ's

    Broader source: Energy.gov [DOE]

    In light of the recent announcement of the National Disaster Resilience Competition (NDRC), HUD is offering a series of webinars to discuss NDRC NOFA requirements, answer NDRC NOFA questions and...

  5. Solar Decathlon Team Leading the Way Toward Sustainable Living, Even in the Wake of Disasters

    Broader source: Energy.gov [DOE]

    For this year’s Solar Decathlon, the University of Illinois at Urbana-Champaign is returning to the National Mall with the Re_home, which offers a more sustainable housing solution for communities following a natural disaster.

  6. National Disaster Resilience Competition Webinar Series: Long-Term Commitment Factor

    Broader source: Energy.gov [DOE]

    In light of the recent announcement of the National Disaster Resilience Competition (NDRC), HUD is offering a series of webinars to discuss NDRC NOFA requirements, answer NDRC NOFA questions and...

  7. Problems and Solutions: Training Disaster Organizations of the Use of PV |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy Information Resources » Problems and Solutions: Training Disaster Organizations of the Use of PV Problems and Solutions: Training Disaster Organizations of the Use of PV This program guide outlines the application and review procedures for obtaining the necessary permit(s) to install a solar energy system for a new or existing residential building. The guide also describes what system siting or design elements may trigger the need for additional plan review. Location

  8. Major Disaster and Emergency Declarations for Specific States from Hurricane Sandy

    Broader source: Energy.gov [DOE]

    The President signed Major Disaster Declarations for New Jersey (DR 4086), New York (DR-4085), Connecticut (DR-4087), and Rhode Island (DR-4089). Additionally, the President signed Emergency Declarations for New Hampshire (EM-3360), Virginia (EM-3359), West Virginia (EM-3358), Delaware (EM-3357), Rhode Island (EM-3355), Pennsylvania (EM-3356), District of Columbia (EM-3352), Massachusetts (EM-3350), and Maryland (EM-3349). For updates please go to: http://www.fema.gov/disasters.

  9. V-221: WordPress A Forms Plugin Cross-Site Request Forgery and Form Field Script Insertion Vulnerabilities

    Broader source: Energy.gov [DOE]

    This vulnerability can be exploited to conduct cross-site request forgery and script insertion attacks

  10. DOE Hanford Network Upgrades and Disaster Recovery Exercise Support the Cleanup Mission Now and into the Future

    SciTech Connect (OSTI)

    Eckman, Todd J.; Hertzel, Ali K.; Lane, James J.

    2013-11-07

    In 2013, the U.S. Department of Energy's (DOE) Hanford Site, located in Washington State, funded an update to the critical network infrastructure supporting the Hanford Federal Cloud (HFC). The project, called ET-50, was the final step in a plan that was initiated five years ago called "Hanford's IT Vision, 2015 and Beyond." The ET-50 project upgraded Hanford's core data center switches and routers along with a majority of the distribution layer switches. The upgrades allowed HFC the network intelligence to provide Hanford with a more reliable and resilient network architecture. The culmination of the five year plan improved network intelligence and high performance computing as well as helped to provide 10 Gbps capable links between core backbone devices (10 times the previous bandwidth). These improvements allow Hanford the ability to further support bandwidth intense applications, such as video teleconferencing. The ET-50 switch upgrade, along with other upgrades implemented from the five year plan, have prepared Hanford's network for the next evolution of technology in voice, video, and data. Hand-in-hand with ET-50's major data center outage, Mission Support Alliance's (MSA) Information Management (IM) organization executed a disaster recovery (DR) exercise to perform a true integration test and capability study. The DR scope was planned within the constraints of ET-50's 14 hour datacenter outage window. This DR exercise tested Hanford's Continuity of Operations (COOP) capability and failover plans for safety and business critical Hanford Federal Cloud applications. The planned suite of services to be tested was identified prior to the outage and plans were prepared to test the services ability to failover from the primary Hanford data center to the backup data center. The services tested were: Core Network (backbone, firewall, load balancers); Voicemail; Voice over IP (VoIP); Emergency Notification; Virtual desktops; and, Select set of production applications and data. The primary objective of the exercise was to test COOP around the emergency operations at Hanford to provide information on capabilities and dependencies of the current system to insure improved focus of emergency, safety and security capacity in a disaster situation. The integration of the DR test into the ET-50 project allowed the testing of COOP at Hanford and allowed the lessons learned to be defined. These lessons learned have helped improve the understanding of Hanford's COOP capabilities and will be critical for future planning. With the completion of the Hanford Federal Cloud network upgrades and the disaster recovery exercise, the MSA has a clearer path forward for future technology implementations as well as network improvements to help shape the usability and reliability of the Hanford network in support of the cleanup mission.

  11. Energy Sector Vulnerability to Climate Change: Adaptation Options to Increase Resilience (Presentation)

    SciTech Connect (OSTI)

    Newmark, R. L.; Bilello, D.; Macknick, J.; Hallet, K. C.; Anderson, R.; Tidwell, V.; Zamuda, C.

    2013-02-01

    The U.S. Department of Energy is conducting an assessment of vulnerabilities of the U.S. energy sector to climate change and extreme weather. Emphasizing peer reviewed research, it seeks to quantify vulnerabilities and identify specific knowledge or technology gaps. It draws upon a July 2012 workshop, ?Climate Change and Extreme Weather Vulnerability Assessment of the US Energy Sector?, hosted by the Atlantic Council and sponsored by DOE to solicit industry input.

  12. U-196: Cisco AnyConnect VPN Client Two Vulnerabilities | Department of

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Energy 96: Cisco AnyConnect VPN Client Two Vulnerabilities U-196: Cisco AnyConnect VPN Client Two Vulnerabilities June 21, 2012 - 7:00am Addthis PROBLEM: Two vulnerabilities have been reported in Cisco AnyConnect VPN Client, which can be exploited by malicious people to compromise a user's system. PLATFORM: Cisco AnyConnect VPN Client 2.x Cisco AnyConnect VPN Client 3.x ABSTRACT: The Cisco AnyConnect Secure Mobility Client is affected by the following vulnerabilities: Cisco AnyConnect Secure

  13. V-033: ownCloud Cross-Site Scripting and File Upload Vulnerabilities |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 3: ownCloud Cross-Site Scripting and File Upload Vulnerabilities V-033: ownCloud Cross-Site Scripting and File Upload Vulnerabilities November 26, 2012 - 2:00am Addthis PROBLEM: ownCloud Cross-Site Scripting and File Upload Vulnerabilities PLATFORM: ownCloud 4.5.2, 4.5.1, 4.0.9 ABSTRACT: Multiple vulnerabilities have been reported in ownCloud REFERENCE LINKS: ownCloud Server Advisories Secunia Advisory SA51357 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Input passed via the

  14. V-054: IBM WebSphere Application Server for z/OS Arbitrary Command Execution Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server (WAS) for z/OS

  15. T-572: VMware ESX/ESXi SLPD denial of service vulnerability

    Broader source: Energy.gov [DOE]

    VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.

  16. T-656: Microsoft Office Visio DXF File Handling Arbitrary Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    Microsoft Office Visio contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.

  17. U-276: VMware vCenter Operations Cross-Site Scripting Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 76: VMware vCenter Operations Cross-Site Scripting Vulnerability U-276: VMware vCenter Operations Cross-Site Scripting Vulnerability October 8, 2012 - 7:00am Addthis PROBLEM: VMware vCenter Operations Cross-Site Scripting Vulnerability PLATFORM: VMware vCenter Operations 1.x ABSTRACT: A vulnerability has been reported in VMware vCenter Operations, which can be exploited by malicious people to conduct cross-site scripting attacks. reference LINKS: Original Advisory

  18. V-041: Red Hat CloudForms Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: Red Hat CloudForms Multiple Vulnerabilities V-041: Red Hat CloudForms Multiple Vulnerabilities December 6, 2012 - 4:01am Addthis PROBLEM: Red Hat CloudForms Multiple Vulnerabilities PLATFORM: CloudForms ABSTRACT: Multiple vulnerabilities have been reported in Red Hat CloudForms REFERENCE LINKS: RHSA-2012-1542-1 RHSA-2012-1543-1 Secunia Advisory SA51472 CVE-2012-1986 CVE-2012-1987 CVE-2012-1988 CVE-2012-2139 CVE-2012-2140 CVE-2012-2660 CVE-2012-2661 CVE-2012-2694 CVE-2012-2695 CVE-2012-3424

  19. V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 57: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability December 28, 2012 - 6:00am Addthis December 28 2012 - 6:00am PROBLEM: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability PLATFORM: eXtplorer 2.x ABSTRACT: A vulnerability has been reported in eXtplorer, which can be exploited by malicious people to bypass certain security restrictions.

  20. U-016: Cisco IOS Software HTTP Service Loading Denial of Service Vulnerability

    Broader source: Energy.gov [DOE]

    An unauthenticated, remote attacker could exploit this vulnerability to cause a targeted device to stop responding, resulting in a DoS condition

  1. V-219: Kingsoft Writer 2012 WPS Font Names Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    Kaveh Ghaemmaghami has discovered a vulnerability in Kingsoft Writer 2012, which can be exploited by malicious people to compromise a user's system.

  2. V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy 6: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability September 6, 2013 - 4:36am Addthis PROBLEM: A vulnerability has been reported in the CentralAuth extension for MediaWiki, which can be exploited by malicious people to bypass certain security restrictions. PLATFORM: MediaWiki CentralAuth Extension ABSTRACT: A vulnerability has been reported in the CentralAuth extension for

  3. T-534: Vulnerability in the PDF distiller of the BlackBerry Attachment...

    Broader source: Energy.gov (indexed) [DOE]

    PROBLEM: Vulnerability in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server. PLATFORM: * BlackBerry Enterprise Server Express version...

  4. V-005: ModSecurity Multipart Message Parsing Security Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    SEC Consult has reported a vulnerability in ModSecurity, which can be exploited by malicious people to bypass certain security restrictions.

  5. U-225: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities in Citrix Access Gateway Plug-in for Windows can be exploited by malicious people to compromise a user's system.

  6. U-228: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Addthis PROBLEM: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities PLATFORM: Adobe Flash Player versions included with BlackBerry PlayBook tablet software versions...

  7. V-148: Novell iPrint Client Unspecified Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Novell iPrint Client, which can be exploited by malicious people to compromise a user's system

  8. U-126: Cisco Adaptive Security Appliances Port Forwarder ActiveX Control Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Cisco ASA. A remote user can cause arbitrary code to be executed on the target user's system.

  9. V-197: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE)

    The vulnerability is caused due to an unspecified error and can be exploited to invoke public methods on ColdFusion Components (CFC) using WebSockets

  10. U-108: Net4Switch ipswcom ActiveX Control Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to a boundary error within the "CxDbgPrint()" function (cxcmrt.dll) when creating a debug message string.

  11. V-056: FreeType BDF Glyph Processing Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    Several vulnerabilities were reported in FreeType. A remote user can cause arbitrary code to be executed on the target user's system.

  12. V-158: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in BlackBerry Tablet OS, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

  13. V-167: GnuTLS TLS Record Decoding Denial of Service Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in GnuTLS, which can be exploited by malicious people to cause a DoS (Denial of Service)

  14. V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in eXtplorer, which can be exploited by malicious people to bypass certain security restrictions.

  15. U-101: Mozilla Firefox / Thunderbird / SeaMonkey XBL Binding Use-After-Free Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in multiple Mozilla products, which can be exploited by malicious people to compromise a user's system.

  16. U-234: Oracle MySQL User Login Security Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    Oracle MySQL is prone to a security bypass vulnerability Attackers can exploit this issue to bypass certain security restrictions.

  17. T-655: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability

    Broader source: Energy.gov [DOE]

    Mozilla Firefox is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

  18. Performing Energy Security Assessments: A How-To Guide for Federal Facility Managers

    Broader source: Energy.gov [DOE]

    Guide describes the best practices and recommended process for federal facility managers to prepare for the following sections of a facility’s energy security plan: vulnerability assessments, energy preparedness and operations plans, and remedial action plans.

  19. T-703: Cisco Unified Communications Manager Open Query Interface Lets

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Remote Users Obtain Database Contents | Department of Energy 703: Cisco Unified Communications Manager Open Query Interface Lets Remote Users Obtain Database Contents T-703: Cisco Unified Communications Manager Open Query Interface Lets Remote Users Obtain Database Contents August 26, 2011 - 3:45pm Addthis PROBLEM: A vulnerability was reported in Cisco Unified Communications Manager. A remote user can obtain database contents PLATFORM: Cisco Unified Communications Manager 6.x, 7.x, 8.0, 8.5

  20. T-569: Adobe Flash SWF File Processing Memory Corruption Remote Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    Critical vulnerabilities have been identified in Adobe Flash Player 10.1.102.64 and earlier versions for Windows, Macintosh, Linux, and Solaris. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.

  1. T-526: Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. Microsoft Internet Explorer 8.0.7600.16385 is vulnerable; other versions may also be affected.

  2. T-543: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Wireshark is prone to multiple denial-of-service and buffer-overflow vulnerabilities. Exploiting these issues may allow attackers to crash the application and deny service to legitimate users. Attackers may also execute arbitrary code in the context of vulnerable users running the application.

  3. Vulnerabilities and Opportunities at the Nexus of Electricity, Water and Climate

    SciTech Connect (OSTI)

    Frumhoff, Peter C.; Burkett, Virginia; Jackson, Robert B.; Newmark, Robin; Overpeck, Jonathan; Webber, Michael

    2015-08-01

    The articles in this special issue examine the critical nexus of electricity, water, and climate, emphasizing connections among resources; the prospect of increasing vulnerabilities of water resources and electricity generation in a changing climate; and the opportunities for research to inform integrated energy and water policy and management measures aimed at increasing resilience. Here, we characterize several major themes emerging from this research and highlight some of the uptake of this work in both scientific and public spheres. Underpinning much of this research is the recognition that water resources are expected to undergo substantial changes based on the global warming that results primarily from fossil energy-based carbon emissions. At the same time, the production of electricity from fossil fuels, nuclear power, and some renewable technologies (biomass, geothermal and concentrating solar power) can be highly water-intensive. Energy choices now and in the near future will have a major impact not just on the global climate, but also on water supplies and the resilience of energy systems that currently depend heavily on them.

  4. Vulnerabilities and Opportunities at the Nexus of Electricity, Water and Climate

    DOE Public Access Gateway for Energy & Science Beta (PAGES Beta)

    Frumhoff, Peter C.; Burkett, Virginia; Jackson, Robert B.; Newmark, Robin; Overpeck, Jonathan; Webber, Michael

    2015-08-01

    The articles in this special issue examine the critical nexus of electricity, water, and climate, emphasizing connections among resources; the prospect of increasing vulnerabilities of water resources and electricity generation in a changing climate; and the opportunities for research to inform integrated energy and water policy and management measures aimed at increasing resilience. Here, we characterize several major themes emerging from this research and highlight some of the uptake of this work in both scientific and public spheres. Underpinning much of this research is the recognition that water resources are expected to undergo substantial changes based on the global warmingmore » that results primarily from fossil energy-based carbon emissions. At the same time, the production of electricity from fossil fuels, nuclear power, and some renewable technologies (biomass, geothermal and concentrating solar power) can be highly water-intensive. Energy choices now and in the near future will have a major impact not just on the global climate, but also on water supplies and the resilience of energy systems that currently depend heavily on them.« less

  5. Disaster incubation, cumulative impacts and the urban/ex-urban/rural dynamic

    SciTech Connect (OSTI)

    Mulvihill, Peter R. . E-mail: prm@yorku.ca; Ali, S. Harris . E-mail: hali@yorku.ca

    2007-05-15

    This article explores environmental impacts and risks that can accumulate in rural and ex-urban areas and regions and their relation to urban and global development forces. Two Southern Ontario cases are examined: an area level water disaster and cumulative change at the regional level. The role of disaster incubation analysis and advanced environmental assessment tools are discussed in terms of their potential to contribute to more enlightened and effective assessment and planning processes. It is concluded that conventional approaches to EA and planning are characteristically deficient in addressing the full range of impacts and risks, and particularly those originating from pathogens, dispersed and insidious sources. Rigorous application of disaster incubation analysis and more advanced forms of EA has considerable potential to influence a different pattern of planning and decision making.

  6. Climate change and health: Indoor heat exposure in vulnerable populations

    SciTech Connect (OSTI)

    White-Newsome, Jalonne L.; Sanchez, Brisa N.; Jolliet, Olivier; Zhang, Zhenzhen; Parker, Edith A.; Timothy Dvonch, J.; O'Neill, Marie S.

    2012-01-15

    Introduction: Climate change is increasing the frequency of heat waves and hot weather in many urban environments. Older people are more vulnerable to heat exposure but spend most of their time indoors. Few published studies have addressed indoor heat exposure in residences occupied by an elderly population. The purpose of this study is to explore the relationship between outdoor and indoor temperatures in homes occupied by the elderly and determine other predictors of indoor temperature. Materials and methods: We collected hourly indoor temperature measurements of 30 different homes; outdoor temperature, dewpoint temperature, and solar radiation data during summer 2009 in Detroit, MI. We used mixed linear regression to model indoor temperatures' responsiveness to weather, housing and environmental characteristics, and evaluated our ability to predict indoor heat exposures based on outdoor conditions. Results: Average maximum indoor temperature for all locations was 34.85 Degree-Sign C, 13.8 Degree-Sign C higher than average maximum outdoor temperature. Indoor temperatures of single family homes constructed of vinyl paneling or wood siding were more sensitive than brick homes to outdoor temperature changes and internal heat gains. Outdoor temperature, solar radiation, and dewpoint temperature predicted 38% of the variability of indoor temperatures. Conclusions: Indoor exposures to heat in Detroit exceed the comfort range among elderly occupants, and can be predicted using outdoor temperatures, characteristics of the housing stock and surroundings to improve heat exposure assessment for epidemiological investigations. Weatherizing homes and modifying home surroundings could mitigate indoor heat exposure among the elderly.

  7. Ultra Wideband (UWB) communication vulnerability for security applications.

    SciTech Connect (OSTI)

    Cooley, H. Timothy

    2010-07-01

    RF toxicity and Information Warfare (IW) are becoming omnipresent posing threats to the protection of nuclear assets, and within theatres of hostility or combat where tactical operation of wireless communication without detection and interception is important and sometimes critical for survival. As a result, a requirement for deployment of many security systems is a highly secure wireless technology manifesting stealth or covert operation suitable for either permanent or tactical deployment where operation without detection or interruption is important The possible use of ultra wideband (UWB) spectrum technology as an alternative physical medium for wireless network communication offers many advantages over conventional narrowband and spread spectrum wireless communication. UWB also known as fast-frequency chirp is nonsinusoidal and sends information directly by transmitting sub-nanosecond pulses without the use of mixing baseband information upon a sinusoidal carrier. Thus UWB sends information using radar-like impulses by spreading its energy thinly over a vast spectrum and can operate at extremely low-power transmission within the noise floor where other forms of RF find it difficult or impossible to operate. As a result UWB offers low probability of detection (LPD), low probability of interception (LPI) as well as anti-jamming (AJ) properties in signal space. This paper analyzes and compares the vulnerability of UWB to narrowband and spread spectrum wireless network communication.

  8. Safety Walkthrough Management

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Walkthrough Management

  9. U-186: IBM WebSphere Sensor Events Multiple Vulnerabilities | Department of

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Energy 86: IBM WebSphere Sensor Events Multiple Vulnerabilities U-186: IBM WebSphere Sensor Events Multiple Vulnerabilities June 8, 2012 - 7:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in IBM WebSphere Sensor Events PLATFORM: IBM WebSphere Sensor Events 7.x ABSTRACT: Some vulnerabilites have unknown impacts and others can be exploited by malicious people to conduct cross-site scripting attacks. Reference Links: Secunia ID 49413 No CVE references. Vendor URL IMPACT

  10. Spent Fuel Working Group report on inventory and storage of the Department`s spent nuclear fuel and other reactor irradiated nuclear materials and their environmental, safety and health vulnerabilities. Volume 2, Working Group Assessment Team reports; Vulnerability development forms; Working group documents

    SciTech Connect (OSTI)

    Not Available

    1993-11-01

    The Secretary of Energy`s memorandum of August 19, 1993, established an initiative for a Department-wide assessment of the vulnerabilities of stored spent nuclear fuel and other reactor irradiated nuclear materials. A Project Plan to accomplish this study was issued on September 20, 1993 by US Department of Energy, Office of Environment, Health and Safety (EH) which established responsibilities for personnel essential to the study. The DOE Spent Fuel Working Group, which was formed for this purpose and produced the Project Plan, will manage the assessment and produce a report for the Secretary by November 20, 1993. This report was prepared by the Working Group Assessment Team assigned to the Hanford Site facilities. Results contained in this report will be reviewed, along with similar reports from all other selected DOE storage sites, by a working group review panel which will assemble the final summary report to the Secretary on spent nuclear fuel storage inventory and vulnerability.

  11. V-226: HP StoreOnce D2D Backup Systems Denial of Service Vulnerability...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    to version 2.3.0 or 1.2.19. Addthis Related Articles U-226: Linux Kernel SFC Driver TCP MSS Option Handling Denial of Service Vulnerability V-062: Asterisk Two Denial of...

  12. T-561: IBM and Oracle Java Binary Floating-Point Number Conversion Denial of Service Vulnerability

    Broader source: Energy.gov [DOE]

    IBM and Oracle Java products contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

  13. V-086: IntegraXor ActiveX Control Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to an error in the PE3DO32A.ocx ActiveX control and can be exploited to cause a buffer overflow.

  14. T-539: Adobe Acrobat, Reader, and Flash Player Arbitrary Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary code with the privileges of the user. If the user holds elevated privileges, the attacker could execute arbitrary code that results in complete system compromise.

  15. U-115: Novell GroupWise Client Address Book Processing Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to an error when processing Novell Address Book (".nab") files and can be exploited to cause a heap-based buffer overflow via an overly long email address.

  16. V-007: McAfee Firewall Enterprise ISC BIND Record Handling Lockup Vulnerability

    Broader source: Energy.gov [DOE]

    McAfee has acknowledged a vulnerability in McAfee Firewall Enterprise, which can be exploited by malicious people to cause a DoS (Denial of Service).

  17. Climate Change and the U.S. Energy Sector: Regional Vulnerabilities and

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Resilience Solutions | Department of Energy Climate Change and the U.S. Energy Sector: Regional Vulnerabilities and Resilience Solutions Climate Change and the U.S. Energy Sector: Regional Vulnerabilities and Resilience Solutions This interactive map is not viewable in your browser. Please view it in a modern browser. This report examines the current and potential future impacts of climate change and extreme weather on the U.S. energy sector at the regional level. It provides illustrative

  18. Assessment of chemical vulnerabilities in the Hanford high-level waste tanks

    SciTech Connect (OSTI)

    Meacham, J.E.

    1996-02-15

    The purpose of this report is to summarize results of relevant data (tank farm and laboratory) and analysis related to potential chemical vulnerabilities of the Hanford Site waste tanks. Potential chemical safety vulnerabilities examined include spontaneous runaway reactions, condensed phase waste combustibility, and tank headspace flammability. The major conclusions of the report are the following: Spontaneous runaway reactions are not credible; condensed phase combustion is not likely; and periodic releases of flammable gas can be mitigated by interim stabilization.

  19. T-555: Adobe Acrobat and Reader Image Parsing Arbitrary Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    Critical vulnerabilities have been identified in Adobe Reader X (10.0) for Windows and Macintosh; Adobe Reader 9.4.1 and earlier versions for Windows, Macintosh and UNIX; and Adobe Acrobat X (10.0) and earlier versions for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system. Risk for Adobe Reader X users is significantly lower, as none of these issues bypass Protected Mode mitigations.

  20. T-528: Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities

    Broader source: Energy.gov [DOE]

    Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities. Mozilla Firefox, SeaMonkey, and Thunderbird are prone to multiple HTML-injection vulnerabilities. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

  1. T-626: Xen Multiple Buffer Overflow and Integer Overflow Vulnerabilities

    Broader source: Energy.gov [DOE]

    It was found that the xc_try_bzip2_decode() and xc_try_lzma_decode() decode routines did not correctly check for a possible buffer size overflow in the decoding loop. As well, several integer overflow flaws and missing error/range checking were found that could lead to an infinite loop. A privileged guest user could use these flaws to crash the guest or, possibly, execute arbitrary code in the privileged management domain (Dom0). (CVE-2011-1583)

  2. Insurance as a Risk Management Instrument for Energy Infrastructure Security and Resilience Report Now Available

    Broader source: Energy.gov [DOE]

    The Office of Electricity Delivery and Energy Reliability has released a report that examines the key risks confronting critical energy infrastructure and ways in which the insurance industry can help manage these risks. In most developed countries, insurance is one of the principal risk management instruments for aiding in recovery after a disaster and for encouraging future investments that are more resilient to potential hazards.

  3. An Incident Management Preparedness and Coordination Toolkit

    SciTech Connect (OSTI)

    Koch, Daniel B; Payne, Patricia W

    2012-01-01

    Although the use of Geographic Information Systems (GIS) by centrally-located operations staff is well established in the area of emergency response, utilization by first responders in the field is uneven. Cost, complexity, and connectivity are often the deciding factors preventing wider adoption. For the past several years, Oak Ridge National Laboratory (ORNL) has been developing a mobile GIS solution using free and open-source software targeting the needs of front-line personnel. Termed IMPACT, for Incident Management Preparedness and Coordination Toolkit, this ORNL application can complement existing GIS infrastructure and extend its power and capabilities to responders first on the scene of a natural or man-made disaster.

  4. Plutonium working group report on environmental, safety and health vulnerabilities associated with the department`s plutonium storage. Volume II, Appendix B, Part 9: Oak Ridge site site team report

    SciTech Connect (OSTI)

    1994-09-01

    This report provides the input to and results of the Department of Energy (DOE) - Oak Ridge Operations (ORO) DOE Plutonium Environment, Safety and Health (ES & H) Vulnerability Assessment (VA) self-assessment performed by the Site Assessment Team (SAT) for the Oak Ridge National Laboratory (ORNL or X-10) and the Oak Ridge Y-12 Plant (Y-12) sites that are managed by Martin Marietta Energy Systems, Inc. (MMES). As initiated (March 15, 1994) by the Secretary of Energy, the objective of the VA is to identify and rank-order DOE-ES&H vulnerabilities associated for the purpose of decision making on the interim safe management and ultimate disposition of fissile materials. This assessment is directed at plutonium and other co-located transuranics in various forms.

  5. Virginia coastal resources management program

    SciTech Connect (OSTI)

    Not Available

    1985-08-01

    Approval of a coastal management plan for coastal land and water use activities on the coast of Virginia is proposed. The coastal management area would embrace all of Tidewater Virginia, approximately 5000 miles long, and would extend to the three-mile outer limit of the United States territorial sea. The core regulatory program would include fisheries management, subaqueous lands management, wetland management, dunes management, nonpoint source pollution control, point source pollution control, shoreline sanitation, and air pollution control. Geographic areas of particular concern would be designated as worthy of special consideration in any planning or management process. These areas would include natural resource areas, such as wetlands, spawning areas, coastal sand dunes, barrier islands, and special wildlife management areas. Natural hazard areas would include areas vulnerable to erosion and areas subject to damage from wind, tides, and storm-related events. Geographic areas of special concern would include those with particular conservation, recreational, ecological, and aesthetic values. Waterfront development areas would include ports, commercial fishing piers, and community waterfronts. Shorefront access planning would provide access to the shoreline and water for recreational activities. Each year, two additional boat ramps would be planned for construction. Energy facility planning would focus on facilities involved in the production of electricity and petroleum, and in the export of coal. Shoreline erosion mitigation planning would identify, control, and mitigate erosion.

  6. EIS-0220: Interim Management of Nuclear Materials at the Savannah River Site

    Broader source: Energy.gov [DOE]

    This environmental impact statement assesses the potential environmental impacts of actions necessary to manage nuclear materials at the Savannah River Site (SRS) in Aiken, South Carolina, until decisions on their ultimate disposition are made and implemented. The Department of Energy has decided to initiate actions which will stabilize certain of the SRS materials that represent environment, safety and health vulnerabilities in their current storage condition or which may represent a vulnerability within the next 10 years.

  7. Modeling Vulnerability and Resilience to Climate Change: A Case Study of India and Indian States

    SciTech Connect (OSTI)

    Brenkert, Antoinette L.; Malone, Elizabeth L.

    2005-09-01

    The vulnerability of India and Indian states to climate change was assessed using the Vulnerability-Resilience Indicator Prototype (VRIP). The model was adapted from the global/country version to account for Indian dietary practices and data availability with regard to freshwater resources. Results (scaled to world values) show nine Indian states to be moderately resilient to climate change, principally because of low sulfur emissions and a relatively large percentage of unmanaged land. Six states are more vulnerable than India as a whole, attributable largely to sensitivity to sea storm surges. Analyses of results at the state level (Orissa, and comparisons between Maharashtra and Kerala, and Andhra Pradesh and Himachal Pradesh) demonstrate the value of VRIP analyses used in conjunction with other socioeconomic information to address initial questions about the sources of vulnerability in particular places. The modeling framework allows analysts and stakeholders to systematically evaluate individual and sets of indicators and to indicate where the likely vulnerabilities are in the area being assessed.

  8. Cyber Security Requirements for Risk Management

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2004-02-19

    The Notice ensures that system owners consistently assess the threats to and vulnerabilities of systems in order to implement adequate security controls. The Notice will also ensure compliance with the requirements of DOE O 205.1, Department of Energy Cyber Security Management Program, dated 3-21-03, and protect DOE information and information systems from unauthorized access, use, disclosure, modification, or destruction. DOE N 205.15, dated 3/18/05, extends this directive until 3/18/06.

  9. Racial Geography, Economic Growth and Natural Disaster Resilience

    SciTech Connect (OSTI)

    Li, Huiping; Fernandez, Steven J.; Ganguly, Auroop

    2014-03-01

    Recent development of National Response Plans and National Incident Management Plans has emphasized the need for interoperability of plans, systems, technology, and command structures. However, much less emphasis has been placed on equally important elements such as the at-risk populations response to those plans, systems, and directions. The community-wide consequences of Hurricane Katrina demonstrated that the protection of communities should no longer be considered only a function of public organizations. Private organizations, nonprofit organizations and individual households have significant roles to play in these plans (Comfort 2006, Salamon 2002). This study is a first attempt to characterize the effect on the resilience (recovery) of metropolitan areas by the presence (or absence) of separate small communities within a larger jurisdiction. These communities can be based on many different social cleavages (ethnic, racial, economic, social, geographic, linguistic, etc.).

  10. U-138: Cisco IOS IPSec IKE Unspecified Denial of Service Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 38: Cisco IOS IPSec IKE Unspecified Denial of Service Vulnerability U-138: Cisco IOS IPSec IKE Unspecified Denial of Service Vulnerability April 2, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service). PLATFORM: Cisco IOS XE 2.1.x Cisco IOS XE 2.2.x Cisco IOS XE 2.3.x Cisco IOS XE 2.4.x Cisco IOS XE 2.5.x Cisco IOS XE 2.6.x Cisco IOS XE 3.1.x Cisco IOS XE 3.3.x

  11. U-148: ActiveScriptRuby GRScript18.dll ActiveX Control Ruby Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to an error in GRScript18.dll and can be exploited to execute arbitrary Ruby commands.

  12. T-527: OpenSC Smart Card Serial Number Multiple Buffer Overflow Vulnerabilities

    Broader source: Energy.gov [DOE]

    OpenSC is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

  13. Seismic Vulnerability Evaluations Within The Structural And Functional Survey Activities Of The COM Bases In Italy

    SciTech Connect (OSTI)

    Zuccaro, G.; Cacace, F.; Albanese, V.; Mercuri, C.; Papa, F.; Pizza, A. G.; Sergio, S.; Severino, M.

    2008-07-08

    The paper describes technical and functional surveys on COM buildings (Mixed Operative Centre). This activity started since 2005, with the contribution of both Italian Civil Protection Department and the Regions involved. The project aims to evaluate the efficiency of COM buildings, checking not only structural, architectonic and functional characteristics but also paying attention to surrounding real estate vulnerability, road network, railways, harbours, airports, area morphological and hydro-geological characteristics, hazardous activities, etc. The first survey was performed in eastern Sicily, before the European Civil Protection Exercise 'EUROSOT 2005'. Then, since 2006, a new survey campaign started in Abruzzo, Molise, Calabria and Puglia Regions. The more important issue of the activity was the vulnerability assessment. So this paper deals with a more refined vulnerability evaluation technique by means of the SAVE methodology, developed in the 1st task of SAVE project within the GNDT-DPC programme 2000-2002 (Zuccaro, 2005); the SAVE methodology has been already successfully employed in previous studies (i.e. school buildings intervention programme at national scale; list of strategic public buildings in Campania, Sicilia and Basilicata). In this paper, data elaborated by SAVE methodology are compared with expert evaluations derived from the direct inspections on COM buildings. This represents a useful exercise for the improvement either of the survey forms or of the methodology for the quick assessment of the vulnerability.

  14. U-199: Drupal Drag & Drop Gallery Module Arbitrary File Upload Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to the sites/all/modules/dragdrop_gallery/upload.php script improperly validating uploaded files, which can be exploited to execute arbitrary PHP code by uploading a PHP file with e.g. an appended ".gif" file extension.

  15. Energy Vulnerability Assessment for the US Pacific Islands. Technical Appendix 2

    SciTech Connect (OSTI)

    Fesharaki, F.; Rizer, J.P.; Greer, L.S.

    1994-05-01

    The study, Energy Vulnerability Assessment of the US Pacific Islands, was mandated by the Congress of the United States as stated in House Resolution 776-220 of 1992, Section 1406. The resolution states that the US Secretary of Energy shall conduct a study of the implications of the unique vulnerabilities of the insular areas to an oil supply disruption. Such study shall outline how the insular areas shall gain access to vital oil supplies during times of national emergency. The resolution defines insular areas as the US Virgin Islands, Puerto Rico, Guam, American Samoa, the Commonwealth of the Northern Mariana Islands, and Palau. The US Virgin Islands and Puerto Rico are not included in this report. The US Department of Energy (USDOE) has broadened the scope of the study contained in the House Resolution to include emergency preparedness and response strategies which would reduce vulnerability to an oil supply disruption as well as steps to ameliorate adverse economic consequences. This includes a review of alternative energy technologies with respect to their potential for reducing dependence on imported petroleum. USDOE has outlined the four tasks of the energy vulnerability assessment as the following: (1) for each island, determine crude oil and refined product demand/supply, and characterize energy and economic infrastructure; (2) forecast global and regional oil trade flow patterns, energy demand/supply, and economic activities; (3) formulate oil supply disruption scenarios and ascertain the general and unique vulnerabilities of these islands to oil supply disruptions; and (4) outline emergency preparedness and response options to secure oil supplies in the short run, and reduce dependence on imported oil in the longer term.

  16. Vulnerability of crops and native grasses to summer drying in the U.S. Southern Great Plains

    SciTech Connect (OSTI)

    Raz-Yaseef, Naama; Billesbach, Dave P.; Fischer, Marc L.; Biraud, Sebastien C.; Gunter, Stacey A.; Bradford, James A.; Torn, Margaret S.

    2015-08-31

    The Southern Great Plains are characterized by a fine-scale mixture of different land-cover types, predominantly winter-wheat and grazed pasture, with relatively small areas of other crops, native prairie, and switchgrass. Recent droughts and predictions of increased drought in the Southern Great Plains, especially during the summer months, raise concern for these ecosystems. We measured ecosystem carbon and water fluxes with eddy-covariance systems over cultivated cropland for 10 years, and over lightly grazed prairie and new switchgrass fields for 2 years each. Growing-season precipitation showed the strongest control over net carbon uptake for all ecosystems, but with a variable effect: grasses (prairie and switchgrass) needed at least 350 mm of precipitation during the growing season to become net carbon sinks, while crops needed only 100 mm. In summer, high temperatures enhanced evaporation and led to higher likelihood of dry soil conditions. Therefore, summer-growing native prairie species and switchgrass experienced more seasonal droughts than spring-growing crops. For wheat, the net reduction in carbon uptake resulted mostly from a decrease in gross primary production rather than an increase in respiration. Flux measurements suggested that management practices for crops were effective in suppressing evapotranspiration and decomposition (by harvesting and removing secondary growth), and in increasing carbon uptake (by fertilizing and conserving summer soil water). In light of future projections for wetter springs and drier and warmer summers in the Southern Great Plains, our study indicates an increased vulnerability in native ecosystems and summer crops over time.

  17. Rebuilding After Disaster: Going Green from the Ground Up (Revised) (Brochure), U.S. Department of Energy (DOE), Energy Efficiency & Renewable Energy (EERE)

    Office of Energy Efficiency and Renewable Energy (EERE)

    20-page “how-to” guide describing ways to turn a disaster into an opportunity to rebuild with greener energy technologies. It covers such topics as the importance of energy, options for communities, instructions for developing an energy plan, and other considerations. This guide is intended for the community leaders who have experienced a disaster.

  18. Chemical Management

    Energy Savers [EERE]

    DOE-HDBK-11391-2006 May 2006 DOE HANDBOOK CHEMICAL MANAGEMENT (Volume 1 of 3) U.S. ... and contractor managers in assessing chemical hazard management and is approved for ...

  19. Project Management

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Project Management Project Management MaRIE is the experimental facility needed to control the time-dependent properties of materials for national security science missions. It ...

  20. Deactivation Management

    Broader source: Energy.gov [DOE]

    The purpose here is to provide information for specific aspects of project management that apply to deactivation. Overall management of deactivation projects should use a traditional project...

  1. 2013 Federal Energy and Water Management Award Winners Ric Alesch, Jill

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Jones, Meghan Kish, Forrest McNabb, and Lisa Soghor | Department of Energy Ric Alesch, Jill Jones, Meghan Kish, Forrest McNabb, and Lisa Soghor 2013 Federal Energy and Water Management Award Winners Ric Alesch, Jill Jones, Meghan Kish, Forrest McNabb, and Lisa Soghor PDF icon fewm13_santamonicanra_ca_highres.pdf PDF icon fewm13_santamonicanra_ca.pdf More Documents & Publications ORSSAB - May 2015 Incorporating Energy Efficiency into Disaster Recovery Efforts 1

  2. Climate Change and the U.S. Energy Sector: Regional Vulnerabilities and Resilience Solutions

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Climate Change and the U.S. Energy Sector: Regional Vulnerabilities and Resilience Solutions October 2015 U.S. Department of Energy Office of Energy Policy and Systems Analysis Acknowledgements This report was produced by the U.S. Department of Energy's Office of Energy Policy and Systems Analysis (DOE-EPSA) under the direction of Craig Zamuda. Matt Antes, C.W. Gillespie, Anna Mosby, and Beth Zotter of Energetics Incorporated provided analysis, drafting support, and technical editing.

  3. Climate Change Vulnerability and Resilience: Current Status and Trends for Mexico

    SciTech Connect (OSTI)

    Ibarraran , Maria E.; Malone, Elizabeth L.; Brenkert, Antoinette L.

    2010-08-25

    Climate change alters different localities on the planet in different ways. The impact on each region depends mainly on the degree of vulnerability that natural ecosystems and human-made infrastructure have to changes in climate and extreme meteorological events, as well as on the coping and adaptation capacity towards new environmental conditions. This study assesses the current resilience of Mexico and Mexican states to such changes, as well as how this resilience will look in the future.

  4. Conference Management

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1999-11-03

    To establish requirements and responsibilities with respect to managing conferences sponsored by the Department of Energy (DOE) or by DOE management and operating contractors and other contractors who perform work at DOE-owned or -leased facilities, including management and integration contractors and environmental restoration management contractors (when using funds that will be reimbursed by DOE). Cancels DOE N 110.3.

  5. Application of artificial neural networks in power system security and vulnerability assessment

    SciTech Connect (OSTI)

    Qin Zhou; Davidson, J.; Fouad, A.A.

    1994-02-01

    In a companion paper the concept of system vulnerability is introduced as a new framework for power system dynamic security assessment. Using the TEF method of transient stability analysis, the energy margin [Delta]V is used as an indicator of the level of security, and its sensitivity to a changing system parameter p ([partial derivative][Delta]V/[partial derivative]p) as indicator of its trend with changing system conditions. These two indicators are combined to determine the degree of system vulnerability to contingent disturbances in a stability-limited power system. Thresholds for acceptable levels of the security indicator and its trend are related to the stability limits of a critical system parameter (plant generation limits). Operating practices and policies are used to determine these thresholds. In this paper the artificial neural networks (ANNs) technique is applied to the concept of system vulnerability within the recently developed framework, for fast pattern recognition and classification of system dynamic security status. A suitable topology for the neural network is developed, and the appropriate training method and input and output signals are selected. The procedure developed is successfully applied to the IEEE 50-generator test system. Data previously obtained by heuristic techniques are used for training the ANN.

  6. Vulnerability and adaptation to severe weather events in the American southwest

    SciTech Connect (OSTI)

    Boero, Riccardo; Bianchini, Laura; Pasqualini, Donatella

    2015-05-04

    Climate change can induce changes in the frequency of severe weather events representing a threat to socio-economic development. It is thus of uttermost importance to understand how the vulnerability to the weather of local communities is determined and how adaptation public policies can be effectively put in place. We focused our empirical analysis on the American Southwest. Results show that, consistently with the predictions of an investment model, economic characteristics signaling local economic growth in the near future decrease the level of vulnerability. We also show that federal governments transfers and grants neither work to support recovery from and adaptation to weather events nor to distribute their costs over a broader tax base. Finally, we show that communities relying on municipal bonds to finance adaptation and recovery policies can benefit from local acknowledgment of the need for such policies and that they do not have to pay lenders a premium for the risk induced by weather events. In conclusion, our findings suggest that determinants of economic growth support lower vulnerability to the weather and increase options for financing adaptation and recovery policies, but also that only some communities are likely to benefit from those processes.

  7. Vulnerability of larval and juvenile white sturgeon to barotrauma: can they handle the pressure?

    SciTech Connect (OSTI)

    Brown, Richard S.; Cook, Katrina V.; Pflugrath, Brett D.; Rozeboom, Latricia L.; Johnson, Rachelle C.; McLellan, Jason; Linley, Timothy J.; Gao, Yong; Baumgartner, Lee J.; Dowell, Frederick E.; Miller, Erin A.; White, Timothy A.

    2013-07-01

    Techniques were developed to determine which life stages of fish are vulnerable to barotrauma from expansion of internal gases during decompression. Eggs, larvae and juvenile hatchery-reared white sturgeon (Acipenser transmontanus; up to 91 days post hatch; dph), were decompressed to assess vulnerability to barotrauma and identify initial swim bladder inflation. Barotrauma related injury and mortality were first observed 9 dph, on the same day as initial exogenous feeding. However, barotrauma related injury did not occur again until swim bladder inflation 75 dph (visible from necropsy and x-ray radiographs). Swim bladder inflation was not consistent among individuals, with only 44% being inflated 91 dph. Additionally, swim bladder inflation did not appear to be size dependent among fish ranging in total length from 61-153 mm at 91 dph. The use of a combination of decompression tests and x-ray radiography was validated as a method to determine initial swim bladder inflation and vulnerability to barotrauma. Extending these techniques to other species and life history stages would help to determine fish susceptibility to hydroturbine passage and aid in fish conservation.

  8. Vulnerability and adaptation to severe weather events in the American southwest

    DOE Public Access Gateway for Energy & Science Beta (PAGES Beta)

    Boero, Riccardo; Bianchini, Laura; Pasqualini, Donatella

    2015-05-04

    Climate change can induce changes in the frequency of severe weather events representing a threat to socio-economic development. It is thus of uttermost importance to understand how the vulnerability to the weather of local communities is determined and how adaptation public policies can be effectively put in place. We focused our empirical analysis on the American Southwest. Results show that, consistently with the predictions of an investment model, economic characteristics signaling local economic growth in the near future decrease the level of vulnerability. We also show that federal governments transfers and grants neither work to support recovery from and adaptationmore » to weather events nor to distribute their costs over a broader tax base. Finally, we show that communities relying on municipal bonds to finance adaptation and recovery policies can benefit from local acknowledgment of the need for such policies and that they do not have to pay lenders a premium for the risk induced by weather events. In conclusion, our findings suggest that determinants of economic growth support lower vulnerability to the weather and increase options for financing adaptation and recovery policies, but also that only some communities are likely to benefit from those processes.« less

  9. U-152: OpenSSL "asn1_d2i_read_bio()" DER Format Data Processing Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to a type casting error in the "asn1_d2i_read_bio()" function when processing DER format data and can be exploited to cause a heap-based buffer overflow.

  10. Vulnerability of crops and native grasses to summer drying in the U.S. Southern Great Plains

    DOE Public Access Gateway for Energy & Science Beta (PAGES Beta)

    Raz-Yaseef, Naama; Billesbach, Dave P.; Fischer, Marc L.; Biraud, Sebastien C.; Gunter, Stacey A.; Bradford, James A.; Torn, Margaret S.

    2015-08-31

    The Southern Great Plains are characterized by a fine-scale mixture of different land-cover types, predominantly winter-wheat and grazed pasture, with relatively small areas of other crops, native prairie, and switchgrass. Recent droughts and predictions of increased drought in the Southern Great Plains, especially during the summer months, raise concern for these ecosystems. We measured ecosystem carbon and water fluxes with eddy-covariance systems over cultivated cropland for 10 years, and over lightly grazed prairie and new switchgrass fields for 2 years each. Growing-season precipitation showed the strongest control over net carbon uptake for all ecosystems, but with a variable effect: grassesmore » (prairie and switchgrass) needed at least 350 mm of precipitation during the growing season to become net carbon sinks, while crops needed only 100 mm. In summer, high temperatures enhanced evaporation and led to higher likelihood of dry soil conditions. Therefore, summer-growing native prairie species and switchgrass experienced more seasonal droughts than spring-growing crops. For wheat, the net reduction in carbon uptake resulted mostly from a decrease in gross primary production rather than an increase in respiration. Flux measurements suggested that management practices for crops were effective in suppressing evapotranspiration and decomposition (by harvesting and removing secondary growth), and in increasing carbon uptake (by fertilizing and conserving summer soil water). In light of future projections for wetter springs and drier and warmer summers in the Southern Great Plains, our study indicates an increased vulnerability in native ecosystems and summer crops over time.« less

  11. MANAGEMENT ALERT

    Broader source: Energy.gov (indexed) [DOE]

    COMMISSION FROM: Gregory H. Friedman Inspector General SUBJECT: INFORMATION: Management Alert: Review of Allegations of Improper Disclosure of Confidential, Nonpublic...

  12. DEACTIVATION MANAGEMENT

    Office of Environmental Management (EM)

    MANAGEMENT The purpose here is to provide information for specific aspects of project management that apply to deactivation. Overall management of deactivation projects should use a traditional project management approach, and as such is not addressed. The following specific topics are based on lessons learned during deactivation of DOE facilities.  The Deactivation Mission  The Stabilization/Deactivation "Customer"  Project Approach for a Complex Facility  Establishing the

  13. Patch and Update Management Program for Energy Delivery Systems

    Energy Savers [EERE]

    Patch and Update Management Program for Energy Delivery Systems A simplified process of patching and updating energy delivery system devices for end users and equipment vendors Background The energy sector places an emphasis on the availability and reliability of energy delivery operations. While best practice avoids the connection of energy delivery system devices to external networks, their increasing interconnectivity poses greater risk to cyber vulnerabilities. Proper and timely patches and

  14. T-548: Novell ZENworks Handheld Management (ZHM) ZfHIPCnd.exe buffer overflow

    Broader source: Energy.gov [DOE]

    Novell ZENworks Handheld Management (ZHM) is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the ZfHIPCnd.exe Access Point process. By sending a specially-crafted request to TCP port 2400, a remote attacker could overflow a buffer and execute arbitrary code on the system with SYSTEM privileges or cause the application to crash.

  15. U-238: HP Service Manager Input Validation Flaw Permits Cross-Site Scripting Attacks

    Broader source: Energy.gov [DOE]

    Cross-site scripting (XSS) vulnerability in HP Service Manager Web Tier 7.11, 9.21, and 9.30, and HP Service Center Web Tier 6.28, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  16. Methodology for prioritizing cyber-vulnerable critical infrastructure equipment and mitigation strategies.

    SciTech Connect (OSTI)

    Dawson, Lon Andrew; Stinebaugh, Jennifer A.

    2010-04-01

    The Department of Homeland Security (DHS), National Cyber Security Division (NSCD), Control Systems Security Program (CSSP), contracted Sandia National Laboratories to develop a generic methodology for prioritizing cyber-vulnerable, critical infrastructure assets and the development of mitigation strategies for their loss or compromise. The initial project has been divided into three discrete deliverables: (1) A generic methodology report suitable to all Critical Infrastructure and Key Resource (CIKR) Sectors (this report); (2) a sector-specific report for Electrical Power Distribution; and (3) a sector-specific report for the water sector, including generation, water treatment, and wastewater systems. Specific reports for the water and electric sectors are available from Sandia National Laboratories.

  17. EP&R Standards Project Report: Technical Review of National Incident Management Standards

    SciTech Connect (OSTI)

    Stenner, Robert D.

    2007-04-24

    The importance and necessity for a fully developed and implemented National Incident Management System (NIMS) has been demonstrated in recent years by the impact of national events such as Hurricane Katrina in 2005. Throughout the history of emergency response to major disasters, especially when multiple response organizations are involved, there have been systemic problems in the consistency and uniformity of response operations. Identifying national standards that support the development and implementation of NIMS is key to helping solve these systemic problems. The NIMS seeks to provide uniformity and consistency for incident management by using common terminology and protocols that will enable responders to coordinate their efforts to ensure an efficient response.

  18. Environmental Management Waste Management Facility (EMWMF) at...

    Office of Environmental Management (EM)

    Review of the Environmental Management Waste Management Facility (EMWMF) at Oak Ridge ... INTRODUCTION The Environmental Management Waste Management Facility (EMWMF) is a land ...

  19. Teaching Managers How to Manage

    SciTech Connect (OSTI)

    Hylko, J.M.

    2006-07-01

    Following graduation from a college or university with a technical degree, or through years of experience, an individual's training and career development activities typically focus on enhancing technical problem-solving skills. However, as these technical professionals, herein referred to as 'Techies', advance throughout their careers, they may be required to accept and adapt to the role of being a manager, and must undergo a transition to learn and rely on new problem-solving skills. However, unless a company has a specific manager-trainee class to address this subject and develop talent from within, an employee's management style is learned and developed 'on the job'. Both positive and negative styles are nurtured by those managers having similar qualities. Unfortunately, a negative style often contributes to the deterioration of employee morale and ultimate closing of a department or company. This paper provides the core elements of an effective management training program for 'Teaching Managers How to Manage' derived from the Department of Energy's Integrated Safety Management System and the Occupational Safety and Health Administration 's Voluntary Protection Program. Discussion topics and real-life examples concentrate on transitioning an employee from a 'Techie' to a manager; common characteristics of being a manager; the history and academic study of management; competition, change and the business of waste management; what to do after taking over a department by applying Hylko's Star of Success; command media; the formal and informal organizational charts; chain of command; hiring and developing high-degree, autonomous employees through effective communication and delegation; periodic status checks; and determining if the program is working successfully. These common characteristics of a strong management/leadership culture and practical career tips discussed herein provide a solid foundation for any company or department that is serious about developing an effective management training program for its employees. In turn, any employee in any work environment can begin using this information immediately if they want to become a better manager. (authors)

  20. Climate Change Vulnerability and Resilience: Current Status and Trends for Mexico

    SciTech Connect (OSTI)

    Ibarraran , Maria E.; Malone, Elizabeth L.; Brenkert, Antoinette L.

    2008-12-30

    Climate change alters different localities on the planet in different ways. The impact on each region depends mainly on the degree of vulnerability that natural ecosystems and human-made infrastructure have to changes in climate and extreme meteorological events, as well as on the coping and adaptation capacity towards new environmental conditions. This study assesses the current resilience of Mexico and Mexican states to such changes, as well as how this resilience will look in the future. In recent studies (Moss et al. 2000, Brenkert and Malone 2005, Malone and Brenket 2008, Ibarrarn et al. 2007), the Vulnerability-Resilience Indicators Model (VRIM) is used to integrate a set of proxy variables that determine the resilience of a region to climate change. Resilience, or the ability of a region to respond to climate variations and natural events that result from climate change, is given by its adaptation and coping capacity and its sensitivity. On the one hand, the sensitivity of a region to climate change is assessed, emphasizing its infrastructure, food security, water resources, and the health of the population and regional ecosystems. On the other hand, coping and adaptation capacity is based on the availability of human resources, economic capacity and environmental capacity.

  1. Optimization Strategies for the Vulnerability Analysis of the Electric Power Grid

    SciTech Connect (OSTI)

    Pinar, A.; Meza, J.; Donde, V.; Lesieutre, B.

    2007-11-13

    Identifying small groups of lines, whose removal would cause a severe blackout, is critical for the secure operation of the electric power grid. We show how power grid vulnerability analysis can be studied as a mixed integer nonlinear programming (MINLP) problem. Our analysis reveals a special structure in the formulation that can be exploited to avoid nonlinearity and approximate the original problem as a pure combinatorial problem. The key new observation behind our analysis is the correspondence between the Jacobian matrix (a representation of the feasibility boundary of the equations that describe the flow of power in the network) and the Laplacian matrix in spectral graph theory (a representation of the graph of the power grid). The reduced combinatorial problem is known as the network inhibition problem, for which we present a mixed integer linear programming formulation. Our experiments on benchmark power grids show that the reduced combinatorial model provides an accurate approximation, to enable vulnerability analyses of real-sized problems with more than 10,000 power lines.

  2. Optimization strategies for the vulnerability analysis of the electric power grid.

    SciTech Connect (OSTI)

    Meza, Juan C.; Pinar, Ali; Lesieutre, Bernard; Donde, Vaibhav

    2009-03-01

    Identifying small groups of lines, whose removal would cause a severe blackout, is critical for the secure operation of the electric power grid. We show how power grid vulnerability analysis can be studied as a mixed integer nonlinear programming (minlp) problem. Our analysis reveals a special structure in the formulation that can be exploited to avoid nonlinearity and approximate the original problem as a pure combinatorial problem. The key new observation behind our analysis is the correspondence between the Jacobian matrix (a representation of the feasibility boundary of the equations that describe the flow of power in the network) and the Laplacian matrix in spectral graph theory (a representation of the graph of the power grid). The reduced combinatorial problem is known as the network inhibition problem, for which we present a mixed integer linear programming formulation. Our experiments on benchmark power grids show that the reduced combinatorial model provides an accurate approximation, to enable vulnerability analyses of real-sized problems with more than 10,000 power lines.

  3. Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems

    Energy Savers [EERE]

    U.S. Department of Energy Office of Electricity Delivery and Energy Reliability Enhancing control systems security in the energy sector NSTB September 2006 LESSONS LEARNED FROM CYBER SECURITY ASSESSMENTS OF SCADA AND ENERGY MANAGEMENT SYSTEMS Raymond K. Fink David F. Spencer Rita A. Wells NSTB INL/CON-06-11665 iii ABSTRACT Results from ten cyber security vulnerability assessments of process control, SCADA, and energy management systems, or components of those systems, were reviewed to identify

  4. Bibliographic Management

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    and more from varied resources and databases to organize references, keep notes to stay ahead of the game. Questions? 505-667-5809 Email Bibliographic management tools allow...

  5. acquisition management

    National Nuclear Security Administration (NNSA)

    the science, technology, and engineering base; and,

  6. Continue NNSA management reforms.


    • Our Values:<...

    • Energy Management

      Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

      Energy Management Utilize energy efficiency to improve your industrial customer's business performance without the cost of major capital improvements. Energy efficiency is not...

    • project management

      National Nuclear Security Administration (NNSA)

      %2A en Project Management and Systems Support http:nnsa.energy.govaboutusouroperationsapmprojectmanagementandsystemssupport

    • Quality Management

      Broader source: Energy.gov [DOE]

      The Office of Quality Management, within the Office of Health, Safety and Security develops policies and procedures to ensure the classification and control of information is effective and...

    • Position Management

      Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

      1992-06-23

      The order prescribes the policies, responsibilities, and procedures for position management within (DOE). Canceled by DOE N 1321.140. Cancels DOE 3510.1

    • Management Overview

      Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

      Management & Administration Forms (0000-1999) Management & Administration Forms (0000-1999) DOE F 206.1 (pdf) Privacy Impact Assessment (PIA) DOE F 206.4 (fillable pdf) Information Sheet for Sponsorship of HSPD-12 Credential DOE F 241.2 (fillable pdf) Notice of Energy RD&D Project DOE F 241.4 (fillable pdf) Announcement of Computer Software DOE F 241.5 (pdf) Information Collection Clearance Manager Appointment DOE F 242.1 (fillable pdf) Forms Manager Designation DOE F 243.2 (fillable

    • project management

      National Nuclear Security Administration (NNSA)

      3%2A en Project Management and Systems Support http:www.nnsa.energy.govaboutusouroperationsapmprojectmanagementandsystemssupport

    • A Climate Change Vulnerability Assessment Report for the National Renewable Energy Laboratory: May 23, 2014 -- June 5, 2015

      SciTech Connect (OSTI)

      Vogel, J.; O'Grady, M.; Renfrow, S.

      2015-09-03

      The U.S. Department of Energy's (DOE's) National Renewable Energy Laboratory (NREL), in Golden, Colorado, focuses on renewable energy and energy efficiency research. Its portfolio includes advancing renewable energy technologies that can help meet the nation's energy and environmental goals. NREL seeks to better understand the potential effects of climate change on the laboratory--and therefore on its mission--to ensure its ongoing success. Planning today for a changing climate can reduce NREL's risks and improve its resiliency to climate-related vulnerabilities. This report presents a vulnerability assessment for NREL. The assessment was conducted in fall 2014 to identify NREL's climate change vulnerabilities and the aspects of NREL's mission or operations that may be affected by a changing climate.

    • Groundwaters of Florence (Italy): Trace element distribution and vulnerability of the aquifers

      SciTech Connect (OSTI)

      Bencini, A.; Ercolanelli, R.; Sbaragli, A.

      1993-11-01

      Geochemical and hydrogeological research has been carried out in Florence, to evaluate conductivity and main chemistry of groundwaters, the pattern of some possible pollutant chemical species (Fe, Mn, Cr, Cu, Pb, Zn, NO{sub 2}, NO{sub 3}), and the vulnerability of the aquifers. The plain is made up of Plio-Quaternary alluvial and lacustrine sediments for a maximum thickness of 600 m. Silts and clays, sometimes with lenses of sandy gravels, are dominant, while considerable deposits of sands, pebbles, and gravels occur along the course of the Arno river and its tributary streams, and represent the most important aquifer of the plain. Most waters show conductivity values around 1000-1200 {mu}S, and almost all of them have an alkaline-earth-bicarbonate chemical character. In western areas higher salt content of the groundwaters is evident. Heavy metal and NO{sub 2}, NO{sub 3} analyses point out that no important pollution phenomena affect the groundwaters; all mean values are below the maximum admissible concentration (MAC) for drinkable waters. Some anomalies of NO{sub 2}, NO{sub 3}, Fe, Mn, and Zn are present. The most plausible causes can be recognized in losses of the sewage system; use of nitrate compounds in agriculture; oxidation of well pipes. All the observations of Cr, Cu, and Pb are below the MAC; the median values of <3, 3.9, and 1.1 {mu}g/l, respectively, could be considered reference concentrations for groundwaters in calcareous lithotypes, under undisturbed natural conditions. Finally, a map of vulnerability shows that the areas near the Arno river are highly vulnerable, for the minimum thickness (or lacking) of sediments covering the aquifer. On the other hand, in the case of pollution, several factors not considered could significantly increase the self-purification capacity of the aquifer, such asdilution of groundwaters, bacteria oxidation of nitrogenous species, and sorption capacity of clay minerals and organic matter. 31 refs., 6 figs., 5 tabs.

    • FEMA Emergency Management Performance Grant Program

      Broader source: Energy.gov [DOE]

      The Emergency Management Performance Grant (EMPG) Program provides federal funds to assist state, local, tribal and territorial governments in preparing for all hazards, as authorized by Section 662 of the Post Katrina Emergency Management Reform Act (6 U.S.C. sect. 762) and the Robert T. Stafford Disaster Relief and Emergency Assistance Act, as amended (42 U.S.C. sect. 5121 et seq.). Title VI of the Stafford Act authorizes FEMA to make grants for the purpose of providing a system of emergency preparedness for the protection of life and property in the United States from hazards and to vest responsibility for emergency preparedness jointly in the federal government and the states and their political subdivisions. The FY 2015 EMPG will provide federal funds to assist state, local, tribal and territorial emergency management agencies to obtain the resources required to support the National Preparedness Goal's (NPG's) associated mission areas and core capabilities. The federal government, through the EMPG Program, provides necessary direction, coordination, and guidance, and provides necessary assistance, as authorized in this title, to support a comprehensive all hazards emergency preparedness system.

    • Records Management

      Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

      Records Management (RM) refers to the systematic identification, creation, capture, organization, maintenance, retrieval, protection, storage and disposition of records, regardless of media, created or received in the transaction of Sandia's scientific investigations and long-term repository performance calculations within a regulatory context. Our disciplined approach to records management makes many things possible: assurance that regulatory requirements are met; reduced risk of expensive

    • Assessing the Vulnerability of Large Critical Infrastructure Using Fully-Coupled Blast Effects Modeling

      SciTech Connect (OSTI)

      McMichael, L D; Noble, C R; Margraf, J D; Glascoe, L G

      2009-03-26

      Structural failures, such as the MacArthur Maze I-880 overpass in Oakland, California and the I-35 bridge in Minneapolis, Minnesota, are recent examples of our national infrastructure's fragility and serve as an important reminder of such infrastructure in our everyday lives. These two failures, as well as the World Trade Center's collapse and the levee failures in New Orleans, highlight the national importance of protecting our infrastructure as much as possible against acts of terrorism and natural hazards. This paper describes a process for evaluating the vulnerability of critical infrastructure to large blast loads using a fully-coupled finite element approach. A description of the finite element software and modeling technique is discussed along with the experimental validation of the numerical tools. We discuss how such an approach can be used for specific problems such as modeling the progressive collapse of a building.

    • U-212: RSA Authentication Manager Flaws Permit Cross-Site and Cross-Frame Scripting and URL Redirection Attacks

      Broader source: Energy.gov [DOE]

      RSA Authentication Manager is prone to multiple security vulnerabilities because it fails to properly sanitize user-supplied input. Attackers can exploit these issues to execute arbitrary script or HTML code, steal cookie-based authentication credentials, and conduct phishing attacks. Other attacks may also be possible.

    • Conference Management

      Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

      2007-01-25

      The Order establishes requirements and responsibilities for managing conferences sponsored or co-sponsored by the Department of Energy, including the National Nuclear Security Administration. Cancels DOE O 110.3. Canceled by DOE N 251.97.

    • Management Reminders

      Broader source: Energy.gov [DOE]

      This document is normally shared by the HQ Program Manager a week prior to the scheduled mediation and is intented to serve as a reminder of the pertinent aspects of the mediation process.

    • PROJECT MANAGEMENT PLANS Project Management Plans

      Office of Environmental Management (EM)

      MANAGEMENT PLANS Project Management Plans Overview Project Management Plan Suggested Outline Subjects Crosswalk between the Suggested PMP Outline Subjects and a Listing ...

  1. Summary - Environmental Management Waste Management Facility...

    Office of Environmental Management (EM)

    Waste Management Facility (EMWMF) at Oak Ridge, TN Why DOE-EM Did This Review The Environmental Management Waste Management Facility (EMWMF) is a land disposal facility for ...

  2. Data Management

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Data Management Data Management PDSF and IHEP, in Beijing, China, are the two main computing facitilies for the Daya Bay experiment with PDSF being used primarily by North American collaborators and IHEP by Asian collaborators. All raw data from the experimental facility is first transferred to IHEP and then transferred to PDSF. Data transfer rates of 5 to 10 MB/s result in up to about 500GB transferred daily. The tool used to transfer the data is called SPADE and has also been used at PDSF by

  3. Data Management

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Data Management Data Management Data Transfer STAR makes use of grid-based file transfers between PDSF and Brookhaven for two main purposes. The first is to transfer input/output files for simulation jobs submitted from Brookhaven to/from PDSF. The jobs come in through pdsfgrid.nersc.gov making use of the OSG software installation and the files are transferred through pdsfdtn1.nersc.gov to and from /project/projectdirs/osg. The second purpose is for bulk replication of microDST's from

  4. V-039: Samsung and Dell printers Firmware Backdoor Unauthorized Access Vulnerability

    Broader source: Energy.gov [DOE]

    Samsung has issued a security advisory and an optional firmware update for all current Samsung networked laser printers and multifunction devices to enhance Simple Network Management Protocol (SNMP) security.

  5. Oracle Management Tool Suite

    Energy Science and Technology Software Center (OSTI)

    2007-06-01

    The Oracle Management Tool Suite is used to automatically manage Oracle based systems. This includes startup and shutdown of databases and application servers as well as backup, space management, workload management and log file management.

  6. Managing Critical Management Improvement Initiatives

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2003-10-01

    Provides requirements and responsibilities for planning, executing and assessing critical management improvement initiatives within DOE. DOE N 251.59, dated 9/27/2004, extends this Notice until 10/01/2005. Archived 11-8-10. Does not cancel other directives.

  7. Extended defense systems :I. adversary-defender modeling grammar for vulnerability analysis and threat assessment.

    SciTech Connect (OSTI)

    Merkle, Peter Benedict

    2006-03-01

    Vulnerability analysis and threat assessment require systematic treatments of adversary and defender characteristics. This work addresses the need for a formal grammar for the modeling and analysis of adversary and defender engagements of interest to the National Nuclear Security Administration (NNSA). Analytical methods treating both linguistic and numerical information should ensure that neither aspect has disproportionate influence on assessment outcomes. The adversary-defender modeling (ADM) grammar employs classical set theory and notation. It is designed to incorporate contributions from subject matter experts in all relevant disciplines, without bias. The Attack Scenario Space U{sub S} is the set universe of all scenarios possible under physical laws. An attack scenario is a postulated event consisting of the active engagement of at least one adversary with at least one defended target. Target Information Space I{sub S} is the universe of information about targets and defenders. Adversary and defender groups are described by their respective Character super-sets, (A){sub P} and (D){sub F}. Each super-set contains six elements: Objectives, Knowledge, Veracity, Plans, Resources, and Skills. The Objectives are the desired end-state outcomes. Knowledge is comprised of empirical and theoretical a priori knowledge and emergent knowledge (learned during an attack), while Veracity is the correspondence of Knowledge with fact or outcome. Plans are ordered activity-task sequences (tuples) with logical contingencies. Resources are the a priori and opportunistic physical assets and intangible attributes applied to the execution of associated Plans elements. Skills for both adversary and defender include the assumed general and task competencies for the associated plan set, the realized value of competence in execution or exercise, and the opponent's planning assumption of the task competence.

  8. Recommended Practice for Patch Management of Control Systems

    SciTech Connect (OSTI)

    Steven Tom; Dale Christiansen; Dan Berrett

    2008-12-01

    A key component in protecting a nations critical infrastructure and key resources is the security of control systems. The term industrial control system refers to supervisory control and data acquisition, process control, distributed control, and any other systems that control, monitor, and manage the nations critical infrastructure. Critical Infrastructure and Key Resources (CIKR) consists of electric power generators, transmission systems, transportation systems, dam and water systems, communication systems, chemical and petroleum systems, and other critical systems that cannot tolerate sudden interruptions in service. Simply stated, a control system gathers information and then performs a function based on its established parameters and the information it receives. The patch management of industrial control systems software used in CIKR is inconsistent at best and nonexistent at worst. Patches are important to resolve security vulnerabilities and functional issues. This report recommends patch management practices for consideration and deployment by industrial control systems owners.

  9. Environmental Management

    SciTech Connect (OSTI)

    2014-11-12

    Another key aspect of the NNSS mission is Environmental Management program, which addresses the environmental legacy from historic nuclear weapons related activities while also ensuring the health and safety of present day workers, the public, and the environment as current and future missions are completed. The Area 5 Radioactive Waste Management site receives low-level and mixed low-level waste from some 28 different generators from across the DOE complex in support of the legacy clean-up DOE Environmental Management project. Without this capability, the DOE would not be able to complete the clean up and proper disposition of these wastes. The program includes environmental protection, compliance, and monitoring of the air, water, plants, animals, and cultural resources at the NNSS. Investigation and implementation of appropriate corrective actions to address the contaminated ground water facilities and soils resulting from historic nuclear testing activities, the demolition of abandoned nuclear facilities, as well as installation of ground water wells to identify and monitor the extent of ground water contamination.

  10. Environmental Management

    ScienceCinema (OSTI)

    None

    2015-01-07

    Another key aspect of the NNSS mission is Environmental Management program, which addresses the environmental legacy from historic nuclear weapons related activities while also ensuring the health and safety of present day workers, the public, and the environment as current and future missions are completed. The Area 5 Radioactive Waste Management site receives low-level and mixed low-level waste from some 28 different generators from across the DOE complex in support of the legacy clean-up DOE Environmental Management project. Without this capability, the DOE would not be able to complete the clean up and proper disposition of these wastes. The program includes environmental protection, compliance, and monitoring of the air, water, plants, animals, and cultural resources at the NNSS. Investigation and implementation of appropriate corrective actions to address the contaminated ground water facilities and soils resulting from historic nuclear testing activities, the demolition of abandoned nuclear facilities, as well as installation of ground water wells to identify and monitor the extent of ground water contamination.

  11. Management & Administration | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Management & Administration Management & Administration Management & Administration The Office of Management and Administration directs the development, coordination, and execution ...

  12. Environmental Management System

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Management System Environmental Management System An Environmental Management System (EMS) is a set of processes and practices that enable an organization to reduce its...

  13. ORISE: Emergency Management

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Management Emergency Management Effective emergency management relies on thorough integration of preparedness plans at all levels of government. The Oak Ridge Institute for Science...

  14. M E Environmental Management Environmental Management

    Energy Savers [EERE]

    safety  performance  cleanup  closure M E Environmental Management Environmental Management safety  performance  cleanup  closure M E Environmental Management Environmental Management M E Environmental Management Environmental Management Office of Site Restoration, EM-10 Office of D&D and Facility Engineering, EM-13 Facility Deactivation & Decommissioning (D&D) D&D Program Map Addendum: Impact of American Recovery and Reinvestment Act (ARRA) on EM's D&D

  15. Best Management Practice #1: Water Management Planning

    Broader source: Energy.gov [DOE]

    A successful water management program starts with developing a comprehensive water management plan. This plan should be included within existing facility operating plans.

  16. Data Management

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Data Management Please remove ALL data from /house! Do you still have data in /house/homedirs? Do you know if you have data in /house/homedirs? Please check now and make a plan for moving that data to the archiver or one of the NERSC file systems (for more information on these filesystems go to File storage and I/O). Moving data from house to DnA The DnA file system is primarily for finished projects, data that is ready to be archived, or data that is shared between groups. It is mounted

  17. Next-generation Algorithms for Assessing Infrastructure Vulnerability and Optimizing System Resilience

    SciTech Connect (OSTI)

    Burchett, Deon L.; Chen, Richard Li-Yang; Phillips, Cynthia A.; Richard, Jean-Philippe

    2015-05-01

    This report summarizes the work performed under the project project Next-Generation Algo- rithms for Assessing Infrastructure Vulnerability and Optimizing System Resilience. The goal of the project was to improve mathematical programming-based optimization technology for in- frastructure protection. In general, the owner of a network wishes to design a network a network that can perform well when certain transportation channels are inhibited (e.g. destroyed) by an adversary. These are typically bi-level problems where the owner designs a system, an adversary optimally attacks it, and then the owner can recover by optimally using the remaining network. This project funded three years of Deon Burchett's graduate research. Deon's graduate advisor, Professor Jean-Philippe Richard, and his Sandia advisors, Richard Chen and Cynthia Phillips, supported Deon on other funds or volunteer time. This report is, therefore. essentially a replication of the Ph.D. dissertation it funded [12] in a format required for project documentation. The thesis had some general polyhedral research. This is the study of the structure of the feasi- ble region of mathematical programs, such as integer programs. For example, an integer program optimizes a linear objective function subject to linear constraints, and (nonlinear) integrality con- straints on the variables. The feasible region without the integrality constraints is a convex polygon. Careful study of additional valid constraints can significantly improve computational performance. Here is the abstract from the dissertation: We perform a polyhedral study of a multi-commodity generalization of variable upper bound flow models. In particular, we establish some relations between facets of single- and multi- commodity models. We then introduce a new family of inequalities, which generalizes traditional flow cover inequalities to the multi-commodity context. We present encouraging numerical results. We also consider the directed edge-failure resilient network design problem (DRNDP). This problem entails the design of a directed multi-commodity flow network that is capable of fulfilling a specified percentage of demands in the event that any G arcs are destroyed, where G is a constant parameter. We present a formulation of DRNDP and solve it in a branch-column-cut framework. We present computational results.

  18. 2016 DOE Project Management Workshop - "Enhancing Project Management...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Management Workshop - "Enhancing Project Management" 2016 DOE Project Management Workshop - "Enhancing Project Management" 20160407-doe-project-management-workshop-ADJUST-slide.png ...

  19. Risk Management Process Overview

    Broader source: Energy.gov [DOE]

    The cybersecurity risk management process explained in the Electricity Sector Cybersecurity Risk Management Process (RMP) Guideline has two primary components: the risk management model and the the risk management cycle.

  20. GRiP - A flexible approach for calculating risk as a function of consequence, vulnerability, and threat.

    SciTech Connect (OSTI)

    Whitfield, R. G.; Buehring, W. A.; Bassett, G. W.

    2011-04-08

    Get a GRiP (Gravitational Risk Procedure) on risk by using an approach inspired by the physics of gravitational forces between body masses! In April 2010, U.S. Department of Homeland Security Special Events staff (Protective Security Advisors [PSAs]) expressed concern about how to calculate risk given measures of consequence, vulnerability, and threat. The PSAs believed that it is not 'right' to assign zero risk, as a multiplicative formula would imply, to cases in which the threat is reported to be extremely small, and perhaps could even be assigned a value of zero, but for which consequences and vulnerability are potentially high. They needed a different way to aggregate the components into an overall measure of risk. To address these concerns, GRiP was proposed and developed. The inspiration for GRiP is Sir Isaac Newton's Universal Law of Gravitation: the attractive force between two bodies is directly proportional to the product of their masses and inversely proportional to the squares of the distance between them. The total force on one body is the sum of the forces from 'other bodies' that influence that body. In the case of risk, the 'other bodies' are the components of risk (R): consequence, vulnerability, and threat (which we denote as C, V, and T, respectively). GRiP treats risk as if it were a body within a cube. Each vertex (corner) of the cube represents one of the eight combinations of minimum and maximum 'values' for consequence, vulnerability, and threat. The risk at each of the vertices is a variable that can be set. Naturally, maximum risk occurs when consequence, vulnerability, and threat are at their maximum values; minimum risk occurs when they are at their minimum values. Analogous to gravitational forces among body masses, the GRiP formula for risk states that the risk at any interior point of the box depends on the squares of the distances from that point to each of the eight vertices. The risk value at an interior (movable) point will be dominated by the value of one vertex as that point moves closer and closer to that one vertex. GRiP is a visualization tool that helps analysts better understand risk and its relationship to consequence, vulnerability, and threat. Estimates of consequence, vulnerability, and threat are external to GRiP; however, the GRiP approach can be linked to models or data that provide estimates of consequence, vulnerability, and threat. For example, the Enhanced Critical Infrastructure Program/Infrastructure Survey Tool produces a vulnerability index (scaled from 0 to 100) that can be used for the vulnerability component of GRiP. We recognize that the values used for risk components can be point estimates and that, in fact, there is uncertainty regarding the exact values of C, V, and T. When we use T = t{sub o} (where t{sub o} is a value of threat in its range), we mean that threat is believed to be in an interval around t{sub o}. Hence, a value of t{sub o} = 0 indicates a 'best estimate' that the threat level is equal to zero, but still allows that it is not impossible for the threat to occur. When t{sub o} = 0 but is potentially small and not exactly zero, there will be little impact on the overall risk value as long as the C and V components are not large. However, when C and/or V have large values, there can be large differences in risk given t{sub o} = 0, and t{sub o} = epsilon (where epsilon is small but greater than a value of zero). We believe this scenario explains the PSA's intuition that risk is not equal to zero when t{sub o} = 0 and C and/or V have large values. (They may also be thinking that if C has an extremely large value, it is unlikely that T is equal to 0; in the terrorist context, T would likely be dependent on C when C is extremely large.) The PSAs are implicitly recognizing the potential that t{sub o} = epsilon. One way to take this possible scenario into account is to replace point estimates for risk with interval values that reflect the uncertainty in the risk components. In fact, one could argue that T never equals zero for a man-made hazard. This

  1. Your Records Management Responsibilities

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Your Records Management Responsibilities Table of Contents INTRODUCTION RECORDS MANAGEMENT IN THE FEDERAL GOVERNMENT RECORDS MANAGEMENT IN THE DEPARTMENT OF ENERGY IMPORTANCE OF RECORDS MANAGEMENT YOUR RECORDS MANAGEMENT RESPONSIBILITIES RECORDS MANAGEMENT LIFE CYCLE ELECTRONIC RECORDS & RECORDKEEPING LAW, REGULATION, AND POLICY ASSISTANCE RECORDS MANAGEMENT TERMS 2 INTRODUCTION If you are a government employee or contractor working for a federal agency, records management is part of your

  2. Energy Management and Financing

    Office of Energy Efficiency and Renewable Energy (EERE)

    This Tuesday Webcast for Industry covers how to become a Certified Energy Manager and Certified Practitioner in Energy Management Systems

  3. T-668: Vulnerability in a BlackBerry Enterprise Server component could allow information disclosure and partial denial of service

    Broader source: Energy.gov [DOE]

    This advisory describes a security issue in the BlackBerry Administration API component. Successful exploitation of the vulnerability could result in information disclosure and partial denial of service (DoS). The BlackBerry Administration API is a BlackBerry Enterprise Server component that is installed on the server that hosts the BlackBerry Administration Service. The BlackBerry Administration API contains multiple web services that receive API requests from client applications. The BlackBerry Administration API then translates requests into a format that the BlackBerry Administration Service can process.

  4. John Angelis named Manager, Information Resource Management

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Names John S. Angelis Manager of Information Resource Management CARLSBAD, N.M., March 22, 2000 - The Westinghouse Waste Isolation Division (WID) has named John S. Angelis of Carlsbad as Manager of Information Resource Management at the Waste Isolation Pilot Plant (WIPP). "John's extensive computer technology and telecommunications experience, combined with his progressive attitude, make him an ideal choice for this increasingly important position," said WID General Manager Joe

  5. Development of a novel technique to assess the vulnerability of micro-mechanical system components to environmentally assisted cracking.

    SciTech Connect (OSTI)

    Enos, David George; Goods, Steven Howard

    2006-11-01

    Microelectromechanical systems (MEMS) will play an important functional role in future DOE weapon and Homeland Security applications. If these emerging technologies are to be applied successfully, it is imperative that the long-term degradation of the materials of construction be understood. Unlike electrical devices, MEMS devices have a mechanical aspect to their function. Some components (e.g., springs) will be subjected to stresses beyond whatever residual stresses exist from fabrication. These stresses, combined with possible abnormal exposure environments (e.g., humidity, contamination), introduce a vulnerability to environmentally assisted cracking (EAC). EAC is manifested as the nucleation and propagation of a stable crack at mechanical loads/stresses far below what would be expected based solely upon the materials mechanical properties. If not addressed, EAC can lead to sudden, catastrophic failure. Considering the materials of construction and the very small feature size, EAC represents a high-risk environmentally induced degradation mode for MEMS devices. Currently, the lack of applicable characterization techniques is preventing the needed vulnerability assessment. The objective of this work is to address this deficiency by developing techniques to detect and quantify EAC in MEMS materials and structures. Such techniques will allow real-time detection of crack initiation and propagation. The information gained will establish the appropriate combinations of environment (defining packaging requirements), local stress levels, and metallurgical factors (composition, grain size and orientation) that must be achieved to prevent EAC.

  6. Use of the HPI Model 2080 pulsed neutron detector at the LANSCE complex - vulnerabilities and counting statistics

    SciTech Connect (OSTI)

    Jones, K.W.; Browman, A.

    1997-01-01

    The BPI Model 2080 Pulsed Neutron Detector has been used for over seven years as an area radiation monitor and dose limiter at the LANSCE accelerator complex. Operating experience and changing environments over this time have revealed several vulnerabilities (susceptibility to electrical noise, paralysis in high dose rate fields, etc.). Identified vulnerabilities have been connected; these modifications include component replacement and circuit design changes. The data and experiments leading to these modifications will be presented and discussed. Calibration of the instrument is performed in mixed static gamma and neutron source fields. The statistical characteristics of the Geiger-Muller tubes coupled with significantly different sensitivity to gamma and neutron doses require that careful attention be paid to acceptable fluctuations in dose rate over time during calibration. The performance of the instrument has been modeled using simple Poisson statistics and the operating characteristics of the Geiger-Muller tubes. The results are in excellent agreement with measurements. The analysis and comparison with experimental data will be presented.

  7. Managing Critical Infrastructures C.I.M. Suite

    ScienceCinema (OSTI)

    None

    2013-05-28

    protect infrastructure during natural disasters, terrorist attacks and electrical outages. For more information about INL research, visit http://www.facebook.com/idahonationallaboratory.

  8. DOE Jobs Online (Hiring Manager), Office of Human Capitol Management...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Jobs Online (Hiring Manager), Office of Human Capitol Management Innovation and Solutions DOE Jobs Online (Hiring Manager), Office of Human Capitol Management Innovation and ...

  9. Project Manager's Guide to Managing Impact and Process Evaluation...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Project Manager's Guide to Managing Impact and Process Evaluation Studies Project Manager's Guide to Managing Impact and Process Evaluation Studies This report provides a...

  10. AWWA Utility Management Conference

    Broader source: Energy.gov [DOE]

    Hosted by the American Water Works Association (AWWA), the Utility Management Conference is one of the leading management conferences to share experiences and learn from others in similar situations to the most pressing management issues of the day.

  11. Managing Your User Account

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Managing Your Account Managing Your User Account Use the NERSC Information Management (NIM) system to customize your user account and keep your personal information up-to-date. See...

  12. Integrated Vulnerability and Impacts Assessment for Natural and Engineered Water-Energy Systems in the Southwest and Southern Rocky Mountain Region

    SciTech Connect (OSTI)

    Tidwell, Vincent C.; Wolfsberg, Andrew; Macknick, Jordan; Middleton, Richard

    2015-01-01

    In the Southwest and Southern Rocky Mountains (SWSRM), energy production, energy resource extraction, and other high volume uses depend on water supply from systems that are highly vulnerable to extreme, coupled hydro-ecosystem-climate events including prolonged drought, flooding, degrading snow cover, forest die off, and wildfire. These vulnerabilities, which increase under climate change, present a challenge for energy and resource planners in the region with the highest population growth rate in the nation. Currently, analytical tools are designed to address individual aspects of these regional energy and water vulnerabilities. Further, these tools are not linked, severely limiting the effectiveness of each individual tool. Linking established tools, which have varying degrees of spatial and temporal resolution as well as modeling objectives, and developing next-generation capabilities where needed would provide a unique and replicable platform for regional analyses of climate-water-ecosystem-energy interactions, while leveraging prior investments and current expertise (both within DOE and across other Federal agencies).

  13. Management of Nuclear Materials

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2009-08-17

    To establish requirements for the lifecycle management of DOE owned and/or managed accountable nuclear materials. Cancels DOE O 5660.1B.

  14. Integrated Safety Management Policy

    Broader source: Energy.gov [DOE]

    This Integrated Safety Management (ISM) System Description (ISMSD) defines how the U.S. Department of Energy (DOE) Office of Environmental Management (EM) integrates environment, safety, and health...

  15. Land Management - Hanford Site

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Land Management About Us About Hanford Cleanup Hanford History Hanford Site Wide Programs Contact Us Land Management Email Email Page | Print Print Page |Text Increase Font Size...

  16. Contract/Project Management

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Third Quarter Overall Contract and Project Management Performance Metrics and Targets 1 ContractProject Management Primary Performance Metrics FY 2010 Target FY 2010 Forecast FY ...

  17. PRC Contract Management Plan

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    ... Integrated Performance Evaluation Management System in RIMS, which includes DOE Orders 226.1B and 414.1D. The Contractor Integrated Performance Evaluation Management System ...

  18. Data Management Policy The

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Management Policy The guidelines below describe Data Management procedures, processes and resources that need to be understood by both user projects and in-house research. 1....

  19. End Points Management

    Broader source: Energy.gov [DOE]

    The policy of the EM is that a formal project management approach be used for the planning, managing, and conducting of its projects.

  20. Supply Management Specialist

    Broader source: Energy.gov [DOE]

    This position is located in the Logistics Management organization (NSL), Supply Chain Services (NS), Chief Administrative Office (N). NSL manages the warehousing of materials; the investment...

  1. COMPREHENSIVE LEGACY MANAGEMENT

    Office of Legacy Management (LM)

    Fernald Preserve, Fernald, Ohio Comprehensive Legacy Management and Institutional Controls ... blank LMSFERS03496-8.0 Comprehensive Legacy Management and Institutional Controls ...

  2. Contract/Project Management

    Office of Environmental Management (EM)

    Third Quarter Overall Contract and Project Management Improvement Performance Metrics and Targets 1 ContractProject Management Performance Metric FY 2012 Target FY 2012 Forecast ...

  3. Contract/Project Management

    Office of Environmental Management (EM)

    Fourth Quarter Overall Contract and Project Management Improvement Performance Metrics and Targets 1 ContractProject Management Primary Performance Metrics FY 2011 Target FY 2011 ...

  4. Contract/Project Management

    Office of Environmental Management (EM)

    3 First Quarter Overall Contract and Project Management Improvement Performance Metrics and Targets 1 ContractProject Management Performance Metric FY 2013 Target FY 2013 Final FY ...

  5. Contract/Project Management

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Third Quarter Overall Contract and Project Management Improvement Performance Metrics and Targets 1 ContractProject Management Primary Performance Metrics FY 2011 Target FY 2011 ...

  6. Contract/Project Management

    Energy Savers [EERE]

    Fourth Quarter Overall Contract and Project Management Improvement Performance Metrics and Targets 1 ContractProject Management Performance Metric FY 2012 Target FY 2012 Final FY ...

  7. Contract/Project Management

    Energy Savers [EERE]

    First Quarter Overall Contract and Project Management Improvement Performance Metrics and Targets 1 ContractProject Management Performance Metric FY 2012 Target FY 2012 Forecast ...

  8. Ross Management | Open Energy Information

    Open Energy Info (EERE)

    Management Jump to: navigation, search Name: Ross Management Place: Goldendale, Washington State Product: Ross Management is the management parent for a group of family owned...

  9. Fleet Management | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Property Fleet Management Fleet Management Fleet management includes commercial and agency owned motor vehicles such as cars, vans, trucks, and buses. Fleet (vehicle) management ...

  10. Operational Management | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Operational Management Operational Management Operational Management Leadership Contact Information Office of Resource Management and Planning U.S. Department of Energy, MA-1.1 ...

  11. Risk and Vulnerability Assessment Using Cybernomic Computational Models: Tailored for Industrial Control Systems

    SciTech Connect (OSTI)

    Abercrombie, Robert K; Sheldon, Federick T.; Schlicher, Bob G

    2015-01-01

    There are many influencing economic factors to weigh from the defender-practitioner stakeholder point-of-view that involve cost combined with development/deployment models. Some examples include the cost of countermeasures themselves, the cost of training and the cost of maintenance. Meanwhile, we must better anticipate the total cost from a compromise. The return on investment in countermeasures is essentially impact costs (i.e., the costs from violating availability, integrity and confidentiality / privacy requirements). The natural question arises about choosing the main risks that must be mitigated/controlled and monitored in deciding where to focus security investments. To answer this question, we have investigated the cost/benefits to the attacker/defender to better estimate risk exposure. In doing so, it s important to develop a sound basis for estimating the factors that derive risk exposure, such as likelihood that a threat will emerge and whether it will be thwarted. This impact assessment framework can provide key information for ranking cybersecurity threats and managing risk.

  12. Chemical Management Contacts

    Broader source: Energy.gov [DOE]

    Contacts for additional information on Chemical Management and brief description on Energy Facility Contractors Group

  13. Environmental Management System

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Management System Environmental Management System An Environmental Management System is a systematic method for assessing mission activities, determining the environmental impacts of those activities, prioritizing improvements, and measuring results. May 30, 2012 The continuous improvement cycle Our Environmental Management System encourages continuous improvement of our environmental performance. Contact Environmental Communication & Public Involvement P.O. Box 1663 MS M996 Los Alamos, NM

  14. Manager`s views of public involvement

    SciTech Connect (OSTI)

    Branch, K.M.; Heerwagen, J.; Bradbury, J.

    1995-12-01

    Four issues commonly form the framework for debates about the acceptability of proposed projects or technologies--the substantive decision or technological choice; the treatment of the community by the proponent organization; the way the decision-making process has been structured and managed; and the status of institutional safeguards and protection. One of the clear messages of cultural theory is that differences in perspectives are a normal and inevitable part of society, and that attempts to resolve differences by persuasion are not likely to work. These findings are useful when considering the goals and possibilities of public involvement as a decision-making tool, and when designing or evaluating public involvement training programs for managers. The research reported here examines the viewpoints and concerns of managers and decision-makers about the four issues identified above, with particular emphasis on their perspectives and concerns about opening decision-making processes to the public and about managers` roles and responsibilities for structuring and managing open decision-making processes. Implications of these findings for public involvement training for managers is also discussed. The data presented in this paper were obtained from face-to-face interviews with managers and decision-makers with experience managing a variety of hazardous waste management decision-making processes. We conducted these interviews in the course of four separate research projects: needs assessments to support the design and development of a public involvement training program for managers; a study of community residents` and managers` perspectives on the chemical stockpile disposal program; an evaluation of the effectiveness of public involvement training for managers in the Department of Energy; and a study to develop indicators of the benefits and costs of public involvement.

  15. 2014 DOE Project Management Workshop

    Broader source: Energy.gov [DOE]

    What:  2014 DOE Project Management Workshop (Meeting the Challenge—Integrated Acquisition & Project Management)

  16. T-534: Vulnerability in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server

    Broader source: Energy.gov [DOE]

    BlackBerry advisory describes a security issue that the BlackBerry Attachment Service component of the BlackBerry Enterprise Server is susceptible to. The issue relates to a known vulnerability in the PDF distiller component of the BlackBerry Attachment Service that affects how the BlackBerry Attachment Service processes PDF files.

  17. NETL Overview

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Overview Keith Dodrill Program Analysis Support Team June 7, 2010 2 Agenda * Case for Grid Modernization * Smart Grid Vision, Technologies, & Metrics * What's the Value Proposition? * Change Management - "Performance Feedback" * Smart Grid Activities * Questions 2 3 * Today's grid is aging and outmoded * Unreliability is costing consumers billions of dollars * Today's grid is vulnerable to attack and natural disaster * An extended loss of today's grid could be catastrophic to our

  18. Hanford Site Environmental Safety and Health Fiscal Year 2001 Budget-Risk management summary

    SciTech Connect (OSTI)

    REEP, I.E.

    1999-05-12

    The Hanford Site Environment, Safety and Health (ES&H) Budget-Risk Management Summary report is prepared to support the annual request to sites in the U.S. Department of Energy (DOE) Complex by DOE, Headquarters. The request requires sites to provide supplementary crosscutting information related to ES&H activities and the ES&H resources that support these activities. The report includes the following: (1) A summary status of fiscal year (FY) 1999 ES&H performance and ES&H execution commitments; (2)Status and plans of Hanford Site Office of Environmental Management (EM) cleanup activities; (3) Safety and health (S&H) risk management issues and compliance vulnerabilities of FY 2001 Target Case and Below Target Case funding of EM cleanup activities; (4) S&H resource planning and crosscutting information for FY 1999 to 2001; and (5) Description of indirect-funded S&H activities.

  19. Risk Management Guide

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2011-01-12

    The purpose of this guide is to describe effective risk management processes. The continuous and iterative process includes updating project risk documents and the risk management plan and emphasizes implementation communication of the risks and actions taken.

  20. Contract/Project Management

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Management Performance Metrics and Targets 1 ContractProject Management Primary Performance Metrics FY 2011 Target FY 2011 Actual & Forecast FY 2011 Pre- & Post-CAP Comment 1a. ...

  1. Risk Management Guide

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2011-01-18

    This Guide provides non-mandatory risk management approaches for implementing the requirements of DOE O 413.3B, Program and Project Management for the Acquisition of Capital Assets. Supersedes DOE G 413.3-7.

  2. Loan Specialist (Risk Management)

    Broader source: Energy.gov [DOE]

    This position is located in the U.S. Department of Energy (DOE), Loan Programs Office (LPO), Risk Management Division (RMD), and Enterprise Risk Management & Compliance Branch. The LPO mission...

  3. Management of Nuclear Materials

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2009-08-17

    To establish requirements for the lifecycle management of DOE owned and/or managed accountable nuclear materials. Admin Chg 1 dated 4-10-2014, supersedes DOE O 410.2.

  4. Management Associate I

    Broader source: Energy.gov [DOE]

    A successful candidate in this position will serve as an analyst and advisor to an organization's manager and other managers within the organization within BPA. The position serves as a point of...

  5. Information Technology Project Management

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2012-12-03

    The Order provides program and project management direction for the acquisition and management of IT projects, investments, and initiatives. Admin Chg 1, dated 1-16-2013, supersedes DOE O 415.1.

  6. Information Technology Project Management

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2012-12-03

    The Order provides program and project management direction for the acquisition and management of IT projects, investments, and initiatives. Cancels DOE G 200.1-1. Admin Chg 1 approved 1-16-2013.

  7. NERSC Data Management Policies

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Data Management Policies NERSC Data Management Policies Introduction NERSC provides its users with the means to store, manage, and share their research data products. In addition to systems specifically tailored for data-intensive computations, we provide a variety of storage resources optimized for different phases of the data lifecycle; tools to enable users to manage, protect, and control their data; high-speed networks for intra-site and inter-site (ESnet) data transfer; gateways and portals

  8. emergency management systems

    National Nuclear Security Administration (NNSA)

    9%2A en Building International Emergency Management Systems http:nnsa.energy.govaboutusourprogramsemergencyoperationscounterterrorisminternationalprograms-1

  9. Project Management Plan

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Management Career Development Program Project Management Career Development Program The Project Management Career Development Program (PMCDP) in Office of Project Management Oversight and Assessments was established in 2001 by a Congressional mandate to ensure the Department of Energy (DOE) has well qualified and experienced Federal Project Directors (FPDs) to oversee the agency's diverse portfolio of highly-technical construction, experimental equipment and environmental cleanup projects. The

  10. System Management Software

    Energy Science and Technology Software Center (OSTI)

    2013-02-22

    MacPatch is Mac OS X system management software solution. It's used for patching, software distribution and inventory.

  11. Project Management | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Project Management Project Management Some of the Project Management Division’s many functions involve developing risk management plans, managing project risks, and providing input on prime contractor performance. Some of the Project Management Division's many functions involve developing risk management plans, managing project risks, and providing input on prime contractor performance. Employees in our Project Management Division address projects' planning and execution, as specified in

  12. Energy, Data Management, Reporting

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Design the Strategy | Deliver Efficiency | Sustain Results Energy, Data Management, Reporting This presentation does not contain any proprietary, confidential, or otherwise restricted information. - - Agenda ● About Schneider Electric ● Enterprise wide Data Management ● Outputs ● Foundation and results ● Part of a complete energy management solution Schneider Electric Sustainability Services 2014 2 - - Schneider Electric Sustainability Services 2014 3 Schneider Electric - the global

  13. Energy Manager Webinar Series

    Broader source: Energy.gov [DOE]

    Energy Managers from leading manufacturing companies share lessons learned from implementing energy savings projects in these one-hour webinars. Topics include real-world challenges like creating a climate for successful project implementation, gaining management support, and obtaining financing. Each webinar highlights a different topic and features an energy manager from a different Better Plants Partner.

  14. Financial Management Oversight

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2006-08-31

    The Order defines requirements for effective financial management and adherence to DOE and applicable external financial management requirements and sets forth standards for ensuring the integrity and responsiveness of financial management and the accuracy and reliability of DOEs financial statements. Supersedes DOE O 2200.13.

  15. Records Management | Department of Energy

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Management Records Management Records and Files The Department of Energy (DOE) Records Management Program provides oversight, guidance, and direction to ensure proper documentation...

  16. LTS Information Management - Hanford Site

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Information Management About Us LTS Home Page LTS Project Management LTS Transition and Timeline LTS Execution LTS Background LTS Information Management LTS Fact Sheets Briefings ...

  17. LTS Project Management - Hanford Site

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Project Management About Us LTS Home Page LTS Project Management LTS Transition and Timeline LTS Execution LTS Background LTS Information Management LTS Fact Sheets Briefings LTS ...

  18. Managing a Process Safety Management inspection

    SciTech Connect (OSTI)

    Mulvey, N.P. [AcuTech Consulting, Inc., Princeton, NJ (United States)

    1995-12-31

    The Occupational Safety and Health Administration (OSHA) Process Safety Management (PSM) regulations (29 CFR {section} 1910.119) have been in effect for almost three years. State level risk management programs, in New Jersey, California, and Delaware have been in effect for over six years. More recently, Nevada and Louisiana have enacted process safety management programs. These regulations have had a significant impact on all phases of plant operations, including preliminary design, construction, startup, and operations. Through proper planning and the commitment of resources, many facilities are beginning to realize the benefits of well developed PSM programs. This paper will discuss in greater detail some of these benefits, and in particular, the subject of governmental inspections of facilities for process safety management programs.

  19. Multimedia environmental management

    SciTech Connect (OSTI)

    Soesilo, J.A.; Wiley, W.D.

    1999-09-01

    This book explores and supports the argument that effective environmental management must be based on a multimedia approach, which focuses simultaneously on air, water, and waste and enables managers to assess the resulting financial, operation, and management benefits. The multimedia approach, which can be used to design an effective compliance program, includes proper waste and material handling management, systematic monitoring, and record keeping requirements. This approach integrates a wide array of environmental requirements and decision processes, which the authors examine in sixteen chapters, organized into four parts: the role of environmental management; environmental aspects of business operation, environmental processes; and environmental management trends. Within these parts, the authors highlight the development of modern environmental management and provide an overview of federal laws pertinent to multimedia environmental management. They examine such issues as chemical storage and transportation, tank system operations and requirements, waste determination, spill response procedures, and employee training. Environmental processes addressed in the book include the management of solid and hazardous waste, wastewater treatment systems, stormwater management, air emission control, and site remediation. The authors also briefly discuss significant initiatives in US environmental management and look toward corporate sustainable development.

  20. DOE Jobs Online (Hiring Manager), Office of Human Capitol Management

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Innovation and Solutions | Department of Energy Jobs Online (Hiring Manager), Office of Human Capitol Management Innovation and Solutions DOE Jobs Online (Hiring Manager), Office of Human Capitol Management Innovation and Solutions DOE Jobs Online (Hiring Manager), Office of Human Capitol Management Innovation and Solutions PDF icon DOE Jobs Online (Hiring Manager), Office of Human Capitol Management Innovation and Solutions More Documents & Publications PIA - GovTrip (DOE data) PIA -

  1. ORO Names New Assistant Manager for Environmental Management

    Broader source: Energy.gov [DOE]

    The U.S. Department of Energy Oak Ridge Office names John Eschenberg as its Assistant Manager for Environmental Management.

  2. DOE - Office of Legacy Management -- Fernald Environmental Management...

    Office of Legacy Management (LM)

    Fernald Environmental Management Project - 027 FUSRAP Considered Sites Site: Fernald Environmental Management Project (027) Designated Name: Alternate Name: Location: Evaluation ...

  3. Cryptographic Key Management and Critical Risk Assessment

    SciTech Connect (OSTI)

    Abercrombie, Robert K

    2014-05-01

    The Department of Energy Office of Electricity Delivery and Energy Reliability (DOE-OE) CyberSecurity for Energy Delivery Systems (CSEDS) industry led program (DE-FOA-0000359) entitled "Innovation for Increasing CyberSecurity for Energy Delivery Systems (12CSEDS)," awarded a contract to Sypris Electronics LLC to develop a Cryptographic Key Management System for the smart grid (Scalable Key Management Solutions for Critical Infrastructure Protection). Oak Ridge National Laboratory (ORNL) and Sypris Electronics, LLC as a result of that award entered into a CRADA (NFE-11-03562) between ORNL and Sypris Electronics, LLC. ORNL provided its Cyber Security Econometrics System (CSES) as a tool to be modified and used as a metric to address risks and vulnerabilities in the management of cryptographic keys within the Advanced Metering Infrastructure (AMI) domain of the electric sector. ORNL concentrated our analysis on the AMI domain of which the National Electric Sector Cyber security Organization Resource (NESCOR) Working Group 1 (WG1) has documented 29 failure scenarios. The computational infrastructure of this metric involves system stakeholders, security requirements, system components and security threats. To compute this metric, we estimated the stakes that each stakeholder associates with each security requirement, as well as stochastic matrices that represent the probability of a threat to cause a component failure and the probability of a component failure to cause a security requirement violation. We applied this model to estimate the security of the AMI, by leveraging the recently established National Institute of Standards and Technology Interagency Report (NISTIR) 7628 guidelines for smart grid security and the International Electrotechnical Commission (IEC) 63351, Part 9 to identify the life cycle for cryptographic key management, resulting in a vector that assigned to each stakeholder an estimate of their average loss in terms of dollars per day of system operation. To further address probabilities of threats, information security analysis can be performed using game theory implemented in dynamic Agent Based Game Theoretic (ABGT) simulations. Such simulations can be verified with the results from game theory analysis and further used to explore larger scale, real world scenarios involving multiple attackers, defenders, and information assets. The strategy for the game was developed by analyzing five electric sector representative failure scenarios contained in the AMI functional domain from NESCOR WG1. From these five selected scenarios, we characterized them into three specific threat categories affecting confidentiality, integrity and availability (CIA). The analysis using our ABGT simulation demonstrated how to model the AMI functional domain using a set of rationalized game theoretic rules decomposed from the failure scenarios in terms of how those scenarios might impact the AMI network with respect to CIA.

  4. Strategies for Successful Energy Management

    Broader source: Energy.gov [DOE]

    This presentation, given through the DOE's Technical Assitance Program (TAP), provides information on energy management for the portfolio manager initiative

  5. SCADA Vulnerability Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    ... SCADA Images Since 1999, Sandia has conducted numerous assessments of SCADA and process control systems in hydroelectric dams; water treatment systems; electric power transmission, ...

  6. Grid Cyber Vulnerability & Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    ... consequences, and impacts in many areas of electric power, including PMUs, DERs, cloud computing, smart meters, programmable-logic controllers, and communications, among others. ...

  7. Learning from (Near) Disaster

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Just short of high noon on May 22, 1957, an Air Force B-36 bomber was powering down on its final approach to Kirtland Air Force Base in Albuquerque, New Mexico, completing what ...

  8. Office of Personnel Management

    Energy Savers [EERE]

    Personnel Management October 2014 Questions & Answers 1 Pathways Programs 5 CFR Parts 213, 302, 315, and 362 Questions and Answers Background Executive Order 13562 Recruiting and Hiring Students and Recent Graduates dated December 27, 2010, authorized two new excepted service hiring authorities and consolidated them with a revised Presidential Management Fellows Program to establish the Pathways Programs for students and recent graduates. The U.S. Office of Personnel Management (OPM)

  9. Configuration Management Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2003-10-27

    The purpose of this standard is to define the objectives of a configuration management process for DOE nuclear facilities (including activities and operations), and to provide detailed examples and supplementary guidance on methods of achieving those objectives. Configuration management is a disciplined process that involves both management and technical direction to establish and document the design requirements nd the physical configuration of the nuclear facility and to ensure that they remain consistent with each other and the documentation.

  10. Management Control Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2002-04-18

    To establish requirements and responsibilities for the Department of Energy Management Control Program. Cancels DOE O 413.1. Canceled by DOE O 413.1B.

  11. High Performance Energy Management

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Performance Energy Management Reduce energy use and meet your business objectives By applying continuous improvement practices similar to Lean and Six Sigma, the BPA Energy Smart...

  12. Asset Management Strategies

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Efficiency and Fish and Wildlife asset categories. The CAB, in consultation with affected business units and the Asset Management Executive Sponsors, determines whether and how...

  13. Management's Discussion & Analysis Profile

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    in conformity with generally accepted accounting principles (GAAP) requires management to make estimates and assumptions that affect the reported amounts of assets and...

  14. Management's Discussion & Analysis Profile

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Adjusted Net Revenue is net revenue after removing the effects of certain debt management actions, in particular the Debt Service Reassignment, from prior years. These debt...

  15. Asset Management Strategies

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Asset-Management-Strategies Sign In About | Careers | Contact | Investors | bpa.gov Search News & Us Expand News & Us Projects & Initiatives Expand Projects & Initiatives...

  16. BETO Active Project Management

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Contributes to setting goals * In-depth knowledge of project statusaccomplishmentsissues ... Project Project Program eere.energy.gov Management Lifecycle Budget & Procurement Planning ...

  17. Managing Increased Charging Demand

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Managing Increased Charging Demand Carrie Giles ICF International, Supporting the Workplace Charging Challenge Workplace Charging Challenge Do you already own an EV? Are you...

  18. Logistics Management Specialist

    Broader source: Energy.gov [DOE]

    The Deputy Assistant Secretary for the Office of Petroleum Reserves (OPR) manages the Strategic Petroleum Reserve (SPR) and is responsible for establishing policies, goals, and priorities for the...

  19. Acquisition Career Management Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2015-05-14

    The order sets forth requirements and responsibilities for the Department of Energy (DOE) Acquisition Career Management Program. Supersedes DOE O 361.1B.

  20. Comprehensive Emergency Management System

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2005-11-02

    The Order establishes policy and assigns roles and responsibilities for the Department of Energy (DOE) Emergency Management System. Supersedes DOE O 151.1B.

  1. Information Technology Management

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2013-11-21

    This revised Order is needed to clarify the roles and responsibilities, policies, and procedures for effectively managing IT investments to ensure mission success.

  2. Procurement and Materials Management

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Home Washington River Protection Solutions | Hanford.gov | Energy.gov Procurement and Materials Management Small Business Resources Small ... There are no upcoming events in the system. ...

  3. Contract/Project Management

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    ...Project Management Performance Metric FY 2012 Target FY 2012 Forecast FY 2012 Pre- & Post-CAP Forecast Comment Capital Asset Project Success: Complete 90% of capital asset ...

  4. Contract/Project Management

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    ...Project Management Performance Metric FY 2013 Target FY 2013 Forecast FY 2013 Pre- & Post-CAP* Forecast Comment Capital Asset Project Success: Complete 90% of capital asset ...

  5. Chemical Industry Corrosion Management

    SciTech Connect (OSTI)

    2003-02-01

    Improved Corrosion Management Could Provide Significant Cost and Energy Savings for the Chemical Industry. In the chemical industry, corrosion is often responsible for significant shutdown and maintenance costs.

  6. Group key management

    SciTech Connect (OSTI)

    Dunigan, T.; Cao, C.

    1997-08-01

    This report describes an architecture and implementation for doing group key management over a data communications network. The architecture describes a protocol for establishing a shared encryption key among an authenticated and authorized collection of network entities. Group access requires one or more authorization certificates. The implementation includes a simple public key and certificate infrastructure. Multicast is used for some of the key management messages. An application programming interface multiplexes key management and user application messages. An implementation using the new IP security protocols is postulated. The architecture is compared with other group key management proposals, and the performance and the limitations of the implementation are described.

  7. NIF & Photon Science Management

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Program Director, Laser S&T and Systems Engineering NIF Mark Herrmann Director, National Ignition Facility Doug Larson NIF Facility Manager and Chief Engineer, NIF & Photon Science ...

  8. ORISE: Peer Review Management

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Management Man participating in a peer review The Oak Ridge Institute for Science and Education (ORISE) ensures that scientific reviews are conducted in a professional manner and...

  9. Waste management progress report

    SciTech Connect (OSTI)

    1997-06-01

    During the Cold War era, when DOE and its predecessor agencies produced nuclear weapons and components, and conducted nuclear research, a variety of wastes were generated (both radioactive and hazardous). DOE now has the task of managing these wastes so that they are not a threat to human health and the environment. This document is the Waste Management Progress Report for the U.S. Department of Energy dated June 1997. This progress report contains a radioactive and hazardous waste inventory and waste management program mission, a section describing progress toward mission completion, mid-year 1997 accomplishments, and the future outlook for waste management.

  10. Parallel integrated thermal management

    DOE Patents [OSTI]

    Bennion, Kevin; Thornton, Matthew

    2014-08-19

    Embodiments discussed herein are directed to managing the heat content of two vehicle subsystems through a single coolant loop having parallel branches for each subsystem.

  11. Efficient Water Use & Management

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Water Use Goal 4: Efficient Water Use & Management Aware of the arid climate of northern New Mexico, water reduction and conservation remains a primary concern at LANL. Energy...

  12. Digital Data Management Plans

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    energy physics through experiments that strengthen our fundamental understanding of matter, energy, space, and time. Plans HAWC gamma-Ray Observatory Data Management Plan (pdf)...

  13. Environmental Management System

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    of those activities, prioritizing improvements, and measuring results. May 30, 2012 The continuous improvement cycle Our Environmental Management System encourages continuous...

  14. NREL Announces Management Changes

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    technologies such as solar energy, wind energy, fuels development and building research. ... He will manage service and support activities such environment, safety and health, finance ...

  15. Managing Increased Charging Demand

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Managing Increased Charging Demand Carrie Giles ICF International, Supporting the Workplace Charging Challenge Workplace Charging Challenge Do you already own an EV? Are you ...

  16. Grants Management Specialist

    Broader source: Energy.gov [DOE]

    The Office of Science manages fundamental research programs in basic energy sciences, biological and environmental sciences, and computational science. In addition, the Office of Science is the...

  17. Enterprise Risk Management Framework

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Framework The Enterprise Risk Management (ERM) framework includes four steps: identify the risks, determine the probability and impact of each one, identify controls that are...

  18. Advisory Committee Management Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2007-10-22

    The Manual provides detailed DOE requirements, responsibilities, processes, and procedures for the establishment, operation, and management of advisory committees. Supersedes DOE M 510.1-1.

  19. Contract/Project Management

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    in the Program Management Scorecard. The Department has maintained performance measures for key project (Federal Project ... of FY11, on a program portfolio basis, 90% of all ...

  20. International Commitments Management

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2008-11-18

    This Order establishes a process to manage the Department's International Commitments under the administrative direction of the Office of Policy and International Affairs. No cancellation.

  1. Information Exchange management site

    Energy Science and Technology Software Center (OSTI)

    2012-08-01

    Django site used to manage the approved information exchanges (content models) after creation and public comment at https://github.com/usgin-models.

  2. Project Management Practices

    Broader source: Energy.gov (indexed) [DOE]

    Version) See Figure 3-3. 19. Administrative Controls 1. Provisions relating to organization and management, procedures, recordkeeping, assessment, and reporting necessary to...

  3. Office of Legacy Management

    Office of Legacy Management (LM)

    Energy Office of Legacy Management JUL 1 0 2008 Alonso Ramirez, Scientific Director EI Verde Research Station Institute for Tropical Ecosystem Studies University of Puerto Rico...

  4. Dreissenid Mussel Prevention, Management...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Management, Research, Coordination, and Outreach for the Columbia River Basin A Roadmap to Make Strategic Investments in Federal Columbia River Power System and Technology...

  5. Dreissenid Mussel Prevention, Management, ...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Management, Research, Coordination, and Outreach for the Columbia River Basin A Roadmap to Make Strategic Investments in Federal Columbia River Power System and Technology...

  6. Turbine Thermal Management

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Key Contacts Turbine Thermal Management The gas turbine is the workhorse of power generation, and technology ... could result in a 4 - 6 percent gain in overall system efficiency. ...

  7. Radioactive Waste Management

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1984-02-06

    To establish policies and guidelines by which the Department of Energy (DOE) manages tis radioactive waste, waste byproducts, and radioactively contaminated surplus facilities.

  8. Records Management Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2006-02-03

    The Order sets forth requirements and responsibilities for implementing and maintaining a cost-effective records management program throughout the Department of Energy.

  9. Change Control Management Guide

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2011-07-29

    The Guide provides a suggested approach and uniform guidance for managing project and contract changes through applying the requirements of DOE O 413.3B. No cancellation.

  10. Records Management Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2011-07-26

    The Order sets forth requirements and responsibilities for establishing and maintaining a program for the efficient and economical management of records and information assets.

  11. DOE Office of Environmental Management Project and Contract Management

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Improvement Timeline | Department of Energy Acquisition » DOE Office of Environmental Management Project and Contract Management Improvement Timeline DOE Office of Environmental Management Project and Contract Management Improvement Timeline Improving DOE contract and project management is a top priority of the Department's senior management and entire organization. View some highlights of EM's improvement actions here. PDF icon DOE Office of Environmental Management Contract and Project

  12. Environmental Management Waste Management Facility (EMWMF) at Oak Ridge |

    Energy Savers [EERE]

    Department of Energy Waste Management Facility (EMWMF) at Oak Ridge Environmental Management Waste Management Facility (EMWMF) at Oak Ridge Full Document and Summary Versions are available for download PDF icon Environmental Management Waste Management Facility (EMWMF) at Oak Ridge PDF icon Summary - Environmental Management Waste Management Facility (EMWMF) at Oak Ridge, TN More Documents & Publications Proposed On-Site Waste Disposal Facility (OSWDF) at the Portsmouth Gaseous Diffusion

  13. Metadata management staging system

    Energy Science and Technology Software Center (OSTI)

    2013-08-01

    Django application providing a user-interface for building a file and metadata management system. An evolution of our Node.js and CouchDb metadata management system. This one focuses on server functionality and uses a well-documented, rational and REST-ful API for data access.

  14. Quality Procedure- Records Management

    Broader source: Energy.gov [DOE]

    This procedure establishes the responsibilities and process for identifying and managing records, including quality records, generated by EM Headquarters Office of Standards and Quality Assurance personnel as well as Office of Standards and Quality Assurance representatives located in DOE EM Field Offices in accordance with EM-QA-001, Environmental Management Quality Assurance Program.

  15. Risk Management Guide

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2008-09-16

    This Guide provides a framework for identifying and managing key technical, schedule, and cost risks through applying the requirements of DOE O 413.3A, Program and Project Management for the Acquisition of Capital Assets, dated 7-28-06. Canceled by DOE G 413.3-7A, dated 1-12-11. Does not cancel other directives.

  16. Energy Management Webinar Series

    Broader source: Energy.gov [DOE]

    Boost your knowledge on how to implement an energy management system through this four-part webinar series from the Superior Energy Performance program. Each webinar introduces various elements of the ISO 50001 energy management standard—based on the Plan-Do-Check-Act approach—and the associated steps of DOE's eGuide for ISO 50001 software tool.

  17. Information Collection Management Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2006-10-11

    This Order sets forth DOE requirements and responsibilities for implementing the information collection management provisions of the Paperwork Reduction Act of 1995 and the Office of Management and Budgets implementing regulation Controlling Paperwork Burdens on the Public, as contained in 5 CFR 1320. No cancellation.

  18. Tribal Financial Management Symposium

    Broader source: Energy.gov [DOE]

    The 3rd Annual Tribal Financial Management Symposium is a two-day event will focus on one of the most important aspects of a tribe's financial management. Attendees will learn about the state of the economy, building a financial constitution, both long- and short-term investments, alternative investment options, and much more.

  19. Comprehensive Emergency Management System

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2000-11-01

    To establish policy and to assign and describe roles and responsibilities for the Department of Energy (DOE) Emergency Management System. The Emergency Management System provides the framework for development, coordination, control, and direction of all emergency planning, preparedness, readiness assurance, response, and recovery actions. Canceled by DOE O 151.1B. Cancels DOE O 151.1.

  20. Environmental management during economic transition: Ukraine--A case study

    SciTech Connect (OSTI)

    Kempen van, T.H.; Demydenko, A.O.

    1995-12-01

    After dissolution of Soviet Union, each new States had to confront the legacy of an unsustainable, and ultimately failed, economic and political system. Enormous environmental problems resulted from centrally planned economics, which promoted rapid growth through exploitation of the former Soviet Union`s (FSU) vast natural resources. Unconstrained by scarcity-based pricing, extractive and heavy industry ministries created huge, inefficient, and heavily polluting enterprises. The region also experienced extensive forest-cutting, steady deterioration of soils, and contaminated runoff and infiltration from over-excessive application of agrichemicals. The fate of the environment will depend largely on successful transition to a market-based economy. Funds for environmental protection will remain scarce, and poor technology combined with a degraded and overworked infrastructure will slow cleanup of contaminated regions. With failed economies, policy-makers and legislators will be forced to overlook sustainable development as they exploit natural resources in an effort to produce food and obtain hard currency. Ukraine, the second-most populous republic of the FSU, experienced possibly the world`s greatest single environment disaster--the 1986 Chernobyl catastrophe. Today, heavy industry, with its resource-intensive and highly polluting technologies, contributes 61% of Ukraine`s GNP, in comparison with 34% in the European Union. Energy production is grossly inefficient. Environmental agencies in Ukraine are new, with limited legal or economic tools, financial resources, or technical skills. Yet the country has commenced environmental management initiatives that, when combined with economic reforms, will start to improve environmental conditions. This paper presents an overview of Ukraine`s environmental and economic conditions, steps already undertaken to manage the environment, and additional measures needed to improve the situation.