National Library of Energy BETA

Sample records for infrastructure protection cyber

  1. Guide to Critical Infrastructure Protection Cyber Vulnerability...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Wireless System Considerations When Implementing NERC Critical Infrastructure Protection Standards New No-Cost ANTFARM Tool Maps Control System Networks to Help Implement Cyber ...

  2. Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy Critical Infrastructure Protection Cyber Vulnerability Assessment Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment This document describes a customized process for cyber vulnerability assessment in compliance with the Critical Infrastructure Protection standards adopted by the North American Electric Reliability Corporation in 2006. This guide covers the planning, execution, and reporting process. PDF icon Guide to Critical Infrastructure

  3. Cyber Threats to Nuclear Infrastructures

    SciTech Connect (OSTI)

    Robert S. Anderson; Paul Moskowitz; Mark Schanfein; Trond Bjornard; Curtis St. Michel

    2010-07-01

    Nuclear facility personnel expend considerable efforts to ensure that their facilities can maintain continuity of operations against both natural and man-made threats. Historically, most attention has been placed on physical security. Recently however, the threat of cyber-related attacks has become a recognized and growing world-wide concern. Much attention has focused on the vulnerability of the electric grid and chemical industries to cyber attacks, in part, because of their use of Supervisory Control and Data Acquisition (SCADA) systems. Lessons learned from work in these sectors indicate that the cyber threat may extend to other critical infrastructures including sites where nuclear and radiological materials are now stored. In this context, this white paper presents a hypothetical scenario by which a determined adversary launches a cyber attack that compromises the physical protection system and results in a reduced security posture at such a site. The compromised security posture might then be malevolently exploited in a variety of ways. The authors conclude that the cyber threat should be carefully considered for all nuclear infrastructures.

  4. Cyber and physical infrastructure interdependencies.

    SciTech Connect (OSTI)

    Phillips, Laurence R.; Kelic, Andjelka; Warren, Drake E.

    2008-09-01

    The goal of the work discussed in this document is to understand the risk to the nation of cyber attacks on critical infrastructures. The large body of research results on cyber attacks against physical infrastructure vulnerabilities has not resulted in clear understanding of the cascading effects a cyber-caused disruption can have on critical national infrastructures and the ability of these affected infrastructures to deliver services. This document discusses current research and methodologies aimed at assessing the translation of a cyber-based effect into a physical disruption of infrastructure and thence into quantification of the economic consequences of the resultant disruption and damage. The document discusses the deficiencies of the existing methods in correlating cyber attacks with physical consequences. The document then outlines a research plan to correct those deficiencies. When completed, the research plan will result in a fully supported methodology to quantify the economic consequences of events that begin with cyber effects, cascade into other physical infrastructure impacts, and result in degradation of the critical infrastructure's ability to deliver services and products. This methodology enables quantification of the risks to national critical infrastructure of cyber threats. The work addresses the electric power sector as an example of how the methodology can be applied.

  5. Cyber Security for Electric Infrastructure

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Cyber Security for Electric Infrastructure - Sandia Energy Energy Search Icon Sandia Home Locations Contact Us Employee Locator Energy & Climate Secure & Sustainable Energy Future Stationary Power Energy Conversion Efficiency Solar Energy Wind Energy Water Power Supercritical CO2 Geothermal Natural Gas Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering Grid Modernization Battery Testing Nuclear Fuel Cycle Defense Waste Management

  6. Proceedings Second Annual Cyber Security and Information Infrastructure Research Workshop

    SciTech Connect (OSTI)

    Sheldon, Frederick T; Krings, Axel; Yoo, Seong-Moo; Mili, Ali; Trien, Joseph P

    2006-01-01

    The workshop theme is Cyber Security: Beyond the Maginot Line Recently the FBI reported that computer crime has skyrocketed costing over $67 billion in 2005 alone and affecting 2.8M+ businesses and organizations. Attack sophistication is unprecedented along with availability of open source concomitant tools. Private, academic, and public sectors invest significant resources in cyber security. Industry primarily performs cyber security research as an investment in future products and services. While the public sector also funds cyber security R&D, the majority of this activity focuses on the specific mission(s) of the funding agency. Thus, broad areas of cyber security remain neglected or underdeveloped. Consequently, this workshop endeavors to explore issues involving cyber security and related technologies toward strengthening such areas and enabling the development of new tools and methods for securing our information infrastructure critical assets. We aim to assemble new ideas and proposals about robust models on which we can build the architecture of a secure cyberspace including but not limited to: * Knowledge discovery and management * Critical infrastructure protection * De-obfuscating tools for the validation and verification of tamper-proofed software * Computer network defense technologies * Scalable information assurance strategies * Assessment-driven design for trust * Security metrics and testing methodologies * Validation of security and survivability properties * Threat assessment and risk analysis * Early accurate detection of the insider threat * Security hardened sensor networks and ubiquitous computing environments * Mobile software authentication protocols * A new "model" of the threat to replace the "Maginot Line" model and more . . .

  7. Reducing Cyber Risk to Critical Infrastructure: NIST Framework

    Broader source: Energy.gov [DOE]

    The National Institute of Standards and Technology (NIST) works with stakeholders to develop a voluntary Framework for reducing cyber risks to critical infrastructure. The Framework aims to be flexible and repeatable, while helping asset owner and operators manage cybersecurity risk.

  8. TCIP: Trustworthy CyberInfrastructure for the Power Grid | Department of

    Energy Savers [EERE]

    Energy TCIP: Trustworthy CyberInfrastructure for the Power Grid TCIP: Trustworthy CyberInfrastructure for the Power Grid The TCIP, or Trustworthy CyberInfrastructure for the Power Grid, project's vision is to provide the fundamental science and technology to create an intelligent, adaptive power grid which survives malicious adversaries, provides continuous delivery of power, and supports dynamically varying trust requirements. This goal may be reached by creating the cyber building blocks,

  9. Energy Department Invests Over $34 Million to Improve Protection of the Nation’s Energy Infrastructure

    Broader source: Energy.gov [DOE]

    Energy Department (DOE) today announced more than $34 million for two projects that will improve the protection of the U.S. electric grid and oil and natural gas infrastructure from cyber threats.

  10. Protecting Intelligent Distributed Power Grids Against Cyber Attacks - May

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2008 | Department of Energy Protecting Intelligent Distributed Power Grids Against Cyber Attacks - May 2008 Protecting Intelligent Distributed Power Grids Against Cyber Attacks - May 2008 Development of a novel distributed and hierarchical security layer specific to intelligent grid design will help protect intelligent distributed power grids from cyber attacks. Intelligent power grids are interdependent energy management systems-encompassing generation, distribution, IT networks, and

  11. Sandia Energy - Sandia Cyber Engineering Research Laboratory...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Cyber Engineering Research Laboratory (CERL) Formally Opens Home Infrastructure Security Cyber Infrastructure Assurance Facilities News News & Events Analysis Cyber Engineering...

  12. Cyber-Physical Correlations for Infrastructure Resilience: A Game-Theoretic Approach

    SciTech Connect (OSTI)

    Rao, Nageswara S; He, Fei; Ma, Chris Y. T.; Yao, David K. Y.; Zhuang, Jun

    2014-01-01

    In several critical infrastructures, the cyber and physical parts are correlated so that disruptions to one affect the other and hence the whole system. These correlations may be exploited to strategically launch components attacks, and hence must be accounted for ensuring the infrastructure resilience, specified by its survival probability. We characterize the cyber-physical interactions at two levels: (i) the failure correlation function specifies the conditional survival probability of cyber sub-infrastructure given the physical sub-infrastructure as a function of their marginal probabilities, and (ii) the individual survival probabilities of both sub-infrastructures are characterized by first-order differential conditions. We formulate a resilience problem for infrastructures composed of discrete components as a game between the provider and attacker, wherein their utility functions consist of an infrastructure survival probability term and a cost term expressed in terms of the number of components attacked and reinforced. We derive Nash Equilibrium conditions and sensitivity functions that highlight the dependence of infrastructure resilience on the cost term, correlation function and sub-infrastructure survival probabilities. These results generalize earlier ones based on linear failure correlation functions and independent component failures. We apply the results to models of cloud computing infrastructures and energy grids.

  13. Methodology for prioritizing cyber-vulnerable critical infrastructure equipment and mitigation strategies.

    SciTech Connect (OSTI)

    Dawson, Lon Andrew; Stinebaugh, Jennifer A.

    2010-04-01

    The Department of Homeland Security (DHS), National Cyber Security Division (NSCD), Control Systems Security Program (CSSP), contracted Sandia National Laboratories to develop a generic methodology for prioritizing cyber-vulnerable, critical infrastructure assets and the development of mitigation strategies for their loss or compromise. The initial project has been divided into three discrete deliverables: (1) A generic methodology report suitable to all Critical Infrastructure and Key Resource (CIKR) Sectors (this report); (2) a sector-specific report for Electrical Power Distribution; and (3) a sector-specific report for the water sector, including generation, water treatment, and wastewater systems. Specific reports for the water and electric sectors are available from Sandia National Laboratories.

  14. Towards Resilient Critical Infrastructures: Application of Type-2 Fuzzy Logic in Embedded Network Security Cyber Sensor

    SciTech Connect (OSTI)

    Ondrej Linda; Todd Vollmer; Jim Alves-Foss; Milos Manic

    2011-08-01

    Resiliency and cyber security of modern critical infrastructures is becoming increasingly important with the growing number of threats in the cyber-environment. This paper proposes an extension to a previously developed fuzzy logic based anomaly detection network security cyber sensor via incorporating Type-2 Fuzzy Logic (T2 FL). In general, fuzzy logic provides a framework for system modeling in linguistic form capable of coping with imprecise and vague meanings of words. T2 FL is an extension of Type-1 FL which proved to be successful in modeling and minimizing the effects of various kinds of dynamic uncertainties. In this paper, T2 FL provides a basis for robust anomaly detection and cyber security state awareness. In addition, the proposed algorithm was specifically developed to comply with the constrained computational requirements of low-cost embedded network security cyber sensors. The performance of the system was evaluated on a set of network data recorded from an experimental cyber-security test-bed.

  15. Real-Time SCADA Cyber Protection Using Compression Techniques

    SciTech Connect (OSTI)

    Lyle G. Roybal; Gordon H Rueff

    2013-11-01

    The Department of Energys Office of Electricity Delivery and Energy Reliability (DOE-OE) has a critical mission to secure the energy infrastructure from cyber attack. Through DOE-OEs Cybersecurity for Energy Delivery Systems (CEDS) program, the Idaho National Laboratory (INL) has developed a method to detect malicious traffic on Supervisory, Control, and Data Acquisition (SCADA) network using a data compression technique. SCADA network traffic is often repetitive with only minor differences between packets. Research performed at the INL showed that SCADA network traffic has traits desirable for using compression analysis to identify abnormal network traffic. An open source implementation of a Lempel-Ziv-Welch (LZW) lossless data compression algorithm was used to compress and analyze surrogate SCADA traffic. Infected SCADA traffic was found to have statistically significant differences in compression when compared against normal SCADA traffic at the packet level. The initial analyses and results are clearly able to identify malicious network traffic from normal traffic at the packet level with a very high confidence level across multiple ports and traffic streams. Statistical differentiation between infected and normal traffic level was possible using a modified data compression technique at the 99% probability level for all data analyzed. However, the conditions tested were rather limited in scope and need to be expanded into more realistic simulations of hacking events using techniques and approaches that are better representative of a real-world attack on a SCADA system. Nonetheless, the use of compression techniques to identify malicious traffic on SCADA networks in real time appears to have significant merit for infrastructure protection.

  16. National Infrastructure Protection Plan | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Infrastructure Protection Plan National Infrastructure Protection Plan Protecting the critical infrastructure and key resources (CI/KR) of the United States is essential to the Nation's security, public health and safety, economic vitality, and way of life. Attacks on CI/KR could significantly disrupt the functioning of government and business alike and produce cascading effects far beyond the targeted sector and physical location of the incident. Direct terrorist attacks and natural, manmade,

  17. CRITICAL INFRASTRUCTURE PROTECTION Multiple Efforts to Secure...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Multiple Efforts to Secure Control Systems Are Under Way, but Challenges Remain CRITICAL INFRASTRUCTURE PROTECTION Multiple Efforts to Secure Control Systems Are Under Way, but ...

  18. ShadowNet: An Active Defense Infrastructure for Insider Cyber Attack Prevention

    SciTech Connect (OSTI)

    Cui, Xiaohui; Beaver, Justin M; Treadwell, Jim N

    2012-01-01

    The ShadowNet infrastructure for insider cyber attack prevention is comprised of a tiered server system that is able to dynamically redirect dangerous/suspicious network traffic away from production servers that provide web, ftp, database and other vital services to cloned virtual machines in a quarantined environment. This is done transparently from the point of view of both the attacker and normal users. Existing connections, such as SSH sessions, are not interrupted. Any malicious activity performed by the attacker on a quarantined server is not reflected on the production server. The attacker is provided services from the quarantined server, which creates the impression that the attacks performed are successful. The activities of the attacker on the quarantined system are able to be recorded much like a honeypot system for forensic analysis.

  19. INL Cyber Security Research (2008) | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    INL Cyber Security Research (2008) INL Cyber Security Research (2008) Cybersecurity research at INL will help protect critical infrastructure control system computers against worms and other viruses. PDF icon INL Cyber Security Research (2008) More Documents & Publications Mitigations for Security Vulnerabilities Found in Control System Networks The NIAC Convergence of Physical and Cyber Technbologies and Related Security Management Challenges Working Group Final Report and Recommendations

  20. Alliance Project: Cyber-Physical Security Unified Access Solution

    Energy Savers [EERE]

    Alliance Project: Cyber-Physical Security Unified Access Solution Unified cyber-physical security to protect energy sector control systems and facilities Background The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards require utility operators to control, monitor, and record physical access to cybersecurity assets and establish physical security perimeters (PSPs). Many operators engage security contractors to provide access controls,

  1. Protecting Intelligent Distributed Power Grids against Cyber Attacks

    SciTech Connect (OSTI)

    Dong Wei; Yan Lu; Mohsen Jafari; Paul Skare; Kenneth Rohde

    2010-12-31

    Like other industrial sectors, the electrical power industry is facing challenges involved with the increasing demand for interconnected operations and control. The electrical industry has largely been restructured due to deregulation of the electrical market and the trend of the Smart Grid. This moves new automation systems from being proprietary and closed to the current state of Information Technology (IT) being highly interconnected and open. However, while gaining all of the scale and performance benefits of IT, existing IT security challenges are acquired as well. The power grid automation network has inherent security risks due to the fact that the systems and applications for the power grid were not originally designed for the general IT environment. In this paper, we propose a conceptual layered framework for protecting power grid automation systems against cyber attacks. The following factors are taken into account: (1) integration with existing, legacy systems in a non-intrusive fashion; (2) desirable performance in terms of modularity, scalability, extendibility, and manageability; (3) alignment to the 'Roadmap to Secure Control Systems in the Energy Sector' and the future smart grid. The on-site system test of the developed prototype security system is briefly presented as well.

  2. Protecting the Nation's Electric Grid from Cyber Threats

    Broader source: Energy.gov [DOE]

    The Electric Sector Cybersecurity Risk Maturity Model Pilot is a new White House initiative led by the Department of Energy to develop a model to help us identify how secure the electric grid is from cyber threats and to test that model with participating utilities.

  3. May 3 PSERC Webinar: Physical and Cyber Infrastructure Supporting the Future Grid

    Broader source: Energy.gov [DOE]

    The DOE-funded Power Systems Engineering Research Center (PSERC) is offering a free public webinar that will address the final report summarizing findings from the PSERC/NSF Executive Forum and Workshop on Physical and Cyber Infrasture to Support the Future Grid, which assesses emerging research issues and research directions for resolving them in the next 10 years.

  4. Constructing vulnerabilty and protective measures indices for the enhanced critical infrastructure protection program.

    SciTech Connect (OSTI)

    Fisher, R. E.; Buehring, W. A.; Whitfield, R. G.; Bassett, G. W.; Dickinson, D. C.; Haffenden, R. A.; Klett, M. S.; Lawlor, M. A.; Decision and Information Sciences; LANL

    2009-10-14

    The US Department of Homeland Security (DHS) has directed its Protective Security Advisors (PSAs) to form partnerships with the owners and operators of assets most essential to the Nation's well being - a subclass of critical infrastructure and key resources (CIKR) - and to conduct site visits for these and other high-risk assets as part of the Enhanced Critical Infrastructure Protection (ECIP) Program. During each such visit, the PSA documents information about the facility's current CIKR protection posture and overall security awareness. The primary goals for ECIP site visits (DHS 2009) are to: (1) inform facility owners and operators of the importance of their facilities as an identified high-priority CIKR and the need to be vigilant in light of the ever-present threat of terrorism; (2) identify protective measures currently in place at these facilities, provide comparisons of CIKR protection postures across like assets, and track the implementation of new protective measures; and (3) enhance existing relationships among facility owners and operators; DHS; and various Federal, State, local tribal, and territorial partners. PSAs conduct ECIP visits to assess overall site security; educate facility owners and operators about security; help owners and operators identify gaps and potential improvements; and promote communication and information sharing among facility owners and operators, DHS, State governments, and other security partners. Information collected during ECIP visits is used to develop metrics; conduct sector-by-sector and cross-sector vulnerability comparisons; identify security gaps and trends across CIKR sectors and subsectors; establish sector baseline security survey results; and track progress toward improving CIKR security through activities, programs, outreach, and training (Snyder 2009). The data being collected are used in a framework consistent with the National Infrastructure Protection Plan (NIPP) risk criteria (DHS 2009). The NIPP framework incorporates consequence, threat, and vulnerability components and addresses all hazards. The analysis of the vulnerability data needs to be reproducible, support risk analysis, and go beyond protection. It also needs to address important security/vulnerability topics, such as physical security, cyber security, systems analysis, and dependencies and interdependencies. This report provides an overview of the approach being developed to estimate vulnerability and provide vulnerability comparisons for sectors and subsectors. the information will be used to assist DHS in analyzing existing protective measures and vulnerability at facilities, to identify potential ways to reduce vulnerabilities, and to assist in preparing sector risk estimates. The owner/operator receives an analysis of the data collected for a specific asset, showing a comparison between the facility's protection posture/vulnerability index and those of DHS sector/subsector sites visited. This comparison gives the owner/operator an indication of the asset's security strengths and weaknesses that may be contributing factors to its vulnerability and protection posture. The information provided to the owner/operator shows how the asset compares to other similar assets within the asset's sector or subsector. A 'dashboard' display is used to illustrate the results in a convenient format. The dashboard allows the owner/operator to analyze the implementation of additional protective measures and to illustrate how such actions would impact the asset's Protective Measures Index (PMI) or Vulnerability Index (VI).

  5. CRITICAL INFRASTRUCTURE PROTECTION Multiple Efforts to Secure Control

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Systems Are Under Way, but Challenges Remain | Department of Energy CRITICAL INFRASTRUCTURE PROTECTION Multiple Efforts to Secure Control Systems Are Under Way, but Challenges Remain CRITICAL INFRASTRUCTURE PROTECTION Multiple Efforts to Secure Control Systems Are Under Way, but Challenges Remain GAO is making recommendations to the Department of Homeland Security (DHS) to develop a strategy for coordinating control systems security efforts and to enhance information sharing with relevant

  6. An inter-realm, cyber-security infrastructure for virtual supercomputing

    SciTech Connect (OSTI)

    Al-Muhtadi, J.; Feng, W. C.; Fisk, M. E.

    2001-01-01

    Virtual supercomputing, (ise ., high-performance grid computing), is poised to revolutionize the way we think about and use computing. However, the security of the links interconnecting the nodes within such an environment will be its Achilles heel, particularly when secure communication is required to tunnel through heterogeneous domains. In this paper we examine existing security mechanisms, show their inadequacy, and design a comprehensive cybersecurity infrastructure that meets the security requirements of virtual supercomputing. Keywords Security, virtual supercomputing, grid computing, high-performance computing, GSS-API, SSL, IPsec, component-based software, dynamic reconfiguration.

  7. Investigating the effectiveness of many-core network processors for high performance cyber protection systems. Part I, FY2011.

    SciTech Connect (OSTI)

    Wheeler, Kyle Bruce; Naegle, John Hunt; Wright, Brian J.; Benner, Robert E., Jr.; Shelburg, Jeffrey Scott; Pearson, David Benjamin; Johnson, Joshua Alan; Onunkwo, Uzoma A.; Zage, David John; Patel, Jay S.

    2011-09-01

    This report documents our first year efforts to address the use of many-core processors for high performance cyber protection. As the demands grow for higher bandwidth (beyond 1 Gbits/sec) on network connections, the need to provide faster and more efficient solution to cyber security grows. Fortunately, in recent years, the development of many-core network processors have seen increased interest. Prior working experiences with many-core processors have led us to investigate its effectiveness for cyber protection tools, with particular emphasis on high performance firewalls. Although advanced algorithms for smarter cyber protection of high-speed network traffic are being developed, these advanced analysis techniques require significantly more computational capabilities than static techniques. Moreover, many locations where cyber protections are deployed have limited power, space and cooling resources. This makes the use of traditionally large computing systems impractical for the front-end systems that process large network streams; hence, the drive for this study which could potentially yield a highly reconfigurable and rapidly scalable solution.

  8. Protecting Accelerator Control Systems in the Face of Sophisticated Cyber Attacks

    SciTech Connect (OSTI)

    Hartman, Steven M

    2012-01-01

    Cyber security for industrial control systems has received significant attention in the past two years. The news coverage of the Stuxnet attack, believed to be targeted at the control system for a uranium enrichment plant, brought the issue to the attention of news media and policy makers. This has led to increased scrutiny of control systems for critical infrastructure such as power generation and distribution, and industrial systems such as chemical plants and petroleum refineries. The past two years have also seen targeted network attacks aimed at corporate and government entities including US Department of Energy National Laboratories. Both of these developments have potential repercussions for the control systems of particle accelerators. The need to balance risks from potential attacks with the operational needs of an accelerator present a unique challenge for the system architecture and access model.

  9. Help for the Developers of Control System Cyber Security Standards

    SciTech Connect (OSTI)

    Robert P. Evans

    2008-05-01

    A Catalog of Control Systems Security: Recommendations for Standards Developers (Catalog), aimed at assisting organizations to facilitate the development and implementation of control system cyber security standards, has been developed. This catalog contains requirements that can help protect control systems from cyber attacks and can be applied to the Critical Infrastructures and Key Resources of the United States and other nations. The requirements contained in the catalog are a compilation of practices or various industry bodies used to increase the security of control systems from both physical and cyber attacks. They should be viewed as a collection of recommendations to be considered and judiciously employed, as appropriate, when reviewing and developing cyber security standards for control systems. The recommendations in the Catalog are intended to be broad enough to provide any industry using control systems the flexibility needed to develop sound cyber security standards specific to their individual security requirements.

  10. Department of Energy Launches Initiative with Industry to Better Protect the Nation’s Electric Grid from Cyber Threats

    Broader source: Energy.gov [DOE]

    As part of the Obama Administration’s efforts to enhance the security and reliability of the nation’s electrical grid, U.S. Energy Secretary Steven Chu today announced an initiative to further protect the electrical grid from cyber attacks.

  11. Chapter_14_Cyber_Security

    Office of Environmental Management (EM)

    4 Cyber Security The DOE Cyber Security Program aims to protect the Department's diverse missions in a cost- effective manner; identify threats, risks, and mitigations; and remain flexible in a changing environment. Key Departmental directives, policies, and procedures governing the implementation of the Cyber Security Program at DOE HQ are: * DOE Order 205.1B, Department of Energy Cyber Security Management * DOE Policy 205.1, Department of Energy Cyber Security Management Policy * Headquarters

  12. Cyber Security and Resilient Systems

    SciTech Connect (OSTI)

    Robert S. Anderson

    2009-07-01

    The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation’s cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested – both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments to date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the next generation fighter jets or nuclear material safeguards systems in complex nuclear fuel cycle facilities. It is the intent of this paper to describe the cyber security programs that are currently in place, the experiences and successes achieved in industry including outreach and training, and suggestions about how other sectors and organizations can leverage this national expertise to help their monitoring and control systems become more secure.

  13. Infrastructure

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Infrastructure The facility houses equipment such as glove box, fume hoods, oxygen-free nanopure water system and ultrasonic processors. Schlenk-type techniques are routinely used...

  14. INL@Work Cyber Security

    SciTech Connect (OSTI)

    Chaffin, May

    2010-01-01

    May Chaffin is one of many Idaho National Laboratory researchers who are helping secure the nation's critical infrastructure from cyber attacks. Lots more content like this is available at INL's facebook page http://www.facebook.com/idahonationallaboratory.

  15. INL@Work Cyber Security

    ScienceCinema (OSTI)

    Chaffin, May

    2013-05-28

    May Chaffin is one of many Idaho National Laboratory researchers who are helping secure the nation's critical infrastructure from cyber attacks. Lots more content like this is available at INL's facebook page http://www.facebook.com/idahonationallaboratory.

  16. Process Control System Cyber Security Standards - An Overview

    SciTech Connect (OSTI)

    Robert P. Evans; V Stanley Scown; Rolf Carlson; Shabbir Shamsuddin; George Shaw; Jeff Dagle; Paul W Oman; Jeannine Schmidt

    2005-10-01

    The use of cyber security standards can greatly assist in the protection of critical infrastructure by providing guidelines and requisite imperatives in the implementation of computer-controlled systems. These standards are most effective when the engineers and operators using the standards understand what each of the standards addresses and does not address. This paper provides a review and comparison of ten documents dealing with control system cyber security. It is not meant to be a complete treatment of all applicable standards; rather, this is an exemplary analysis showing the benefits of comparing and contrasting differing documents.

  17. Critical infrastructure systems of systems assessment methodology.

    SciTech Connect (OSTI)

    Sholander, Peter E.; Darby, John L.; Phelan, James M.; Smith, Bryan; Wyss, Gregory Dane; Walter, Andrew; Varnado, G. Bruce; Depoy, Jennifer Mae

    2006-10-01

    Assessing the risk of malevolent attacks against large-scale critical infrastructures requires modifications to existing methodologies that separately consider physical security and cyber security. This research has developed a risk assessment methodology that explicitly accounts for both physical and cyber security, while preserving the traditional security paradigm of detect, delay, and respond. This methodology also accounts for the condition that a facility may be able to recover from or mitigate the impact of a successful attack before serious consequences occur. The methodology uses evidence-based techniques (which are a generalization of probability theory) to evaluate the security posture of the cyber protection systems. Cyber threats are compared against cyber security posture using a category-based approach nested within a path-based analysis to determine the most vulnerable cyber attack path. The methodology summarizes the impact of a blended cyber/physical adversary attack in a conditional risk estimate where the consequence term is scaled by a ''willingness to pay'' avoidance approach.

  18. Securing energy assets and infrastructure 2007

    SciTech Connect (OSTI)

    2006-06-15

    This report describes in detail the energy industry's challenges and solutions for protecting critical assets including oil and gas infrastructure, transmission grids, power plants, storage, pipelines, and all aspects of strategic industry assets. It includes a special section on cyber-terrorism and protecting control systems. Contents: Section I - Introduction; U.S Energy Trends; Vulnerabilities; Protection Measures. Section II - Sector-wise Vulnerabilities Assessments and Security Measures: Coal, Oil and Petroleum, Natural Gas, Electric Power, Cybersecurity and Control Systems, Key Recommendations; Section III - Critical Infrastructure Protection Efforts: Government Initiatives, Agencies, and Checklists.

  19. Infrastructure

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Micro-grid for a Safe, Secure, E cient, and Cost-e ective Electric Power Infrastructure !"#$%"&%'&"&()*+%,-./-"(&*"0.-"+.-1&.,2-"+2$&01&!"#$%"&3.-,.-"+%.#4&"&5.67822$& 9"-+%#&3.(,"#14&:.-&+82&;#%+2$&!+"+2'&<2,"-+(2#+&.:&=#2-/1>'&?"+%.#"*&?)6*2"-&

  20. Control Systems Security Center Comparison Study of Industrial Control System Standards against the Control Systems Protection Framework Cyber-Security Requirements

    SciTech Connect (OSTI)

    Robert P. Evans

    2005-09-01

    Cyber security standards, guidelines, and best practices for control systems are critical requirements that have been delineated and formally recognized by industry and government entities. Cyber security standards provide a common language within the industrial control system community, both national and international, to facilitate understanding of security awareness issues but, ultimately, they are intended to strengthen cyber security for control systems. This study and the preliminary findings outlined in this report are an initial attempt by the Control Systems Security Center (CSSC) Standard Awareness Team to better understand how existing and emerging industry standards, guidelines, and best practices address cyber security for industrial control systems. The Standard Awareness Team comprised subject matter experts in control systems and cyber security technologies and standards from several Department of Energy (DOE) National Laboratories, including Argonne National Laboratory, Idaho National Laboratory, Pacific Northwest National Laboratory, and Sandia National Laboratories. This study was conducted in two parts: a standard identification effort and a comparison analysis effort. During the standard identification effort, the Standard Awareness Team conducted a comprehensive open-source survey of existing control systems security standards, regulations, and guidelines in several of the critical infrastructure (CI) sectors, including the telecommunication, water, chemical, energy (electric power, petroleum and oil, natural gas), and transportation--rail sectors and sub-sectors. During the comparison analysis effort, the team compared the requirements contained in selected, identified, industry standards with the cyber security requirements in ''Cyber Security Protection Framework'', Version 0.9 (hereafter referred to as the ''Framework''). For each of the seven sector/sub-sectors listed above, one standard was selected from the list of standards identified in the identification effort. The requirements in these seven standards were then compared against the requirements given in the Framework. This comparison identified gaps (requirements not covered) in both the individual industry standards and in the Framework. In addition to the sector-specific standards reviewed, the team compared the requirements in the cross-sector Instrumentation, Systems, and Automation Society (ISA) Technical Reports (TR) 99 -1 and -2 to the Framework requirements. The Framework defines a set of security classes separated into families as functional requirements for control system security. Each standard reviewed was compared to this template of requirements to determine if the standard requirements closely or partially matched these Framework requirements. An analysis of each class of requirements pertaining to each standard reviewed can be found in the comparison results section of this report. Refer to Appendix A, ''Synopsis of Comparison Results'', for a complete graphical representation of the study's findings at a glance. Some of the requirements listed in the Framework are covered by many of the standards, while other requirements are addressed by only a few of the standards. In some cases, the scope of the requirements listed in the standard for a particular industry greatly exceeds the requirements given in the Framework. These additional families of requirements, identified by the various standards bodies, could potentially be added to the Framework. These findings are, in part, due to the maturity both of the security standards themselves and of the different industries current focus on security. In addition, there are differences in how communication and control is used in different industries and the consequences of disruptions via security breaches to each particular industry that could affect how security requirements are prioritized. The differences in the requirements listed in the Framework and in the various industry standards are due, in part, to differences in the level and purpose of the standards. While the requirements in the Framework are fairly specific, many of the industry standard requirements are more general in nature. Additionally, the Framework requirements, derived from the ''Common Criteria for Information Technology Security Evaluation'', are component-based, while most of the industry standards are system-based. The findings of this study will allow the CSSC Framework Team and the standards organizations responsible for the reviewed standards to quickly grasp the relationship between their requirements and the Framework, as well as the relationship between their standard and other industry sectors. This will help identify areas for future work in developing improved security standards.

  1. Risk analysis tools for force protection and infrastructure/asset protection

    SciTech Connect (OSTI)

    Jaeger, C.D.; Duggan, R.A.; Paulus, W.K.

    1998-09-01

    The Security Systems and Technology Center at Sandia National Laboratories has for many years been involved in the development and use of vulnerability assessment and risk analysis tools. In particular, two of these tools, ASSESS and JTS, have been used extensively for Department of Energy facilities. Increasingly, Sandia has been called upon to evaluate critical assets and infrastructures, support DoD force protection activities and assist in the protection of facilities from terrorist attacks using weapons of mass destruction. Sandia is involved in many different activities related to security and force protection and is expanding its capabilities by developing new risk analysis tools to support a variety of users. One tool, in the very early stages of development, is EnSURE, Engineered Surety Using the Risk Equation. EnSURE addresses all of the risk equation and integrates the many components into a single, tool-supported process to help determine the most cost-effective ways to reduce risk. This paper will briefly discuss some of these risk analysis tools within the EnSURE framework.

  2. Defense on the Move: Ant-Based Cyber Defense

    SciTech Connect (OSTI)

    Fink, Glenn A.; Haack, Jereme N.; McKinnon, Archibald D.; Fulp, Errin W.

    2014-04-15

    Many common cyber defenses (like firewalls and IDS) are as static as trench warfare allowing the attacker freedom to probe them at will. The concept of Moving Target Defense (MTD) adds dynamism to the defender side, but puts the systems to be defended themselves in motion, potentially at great cost to the defender. An alternative approach is a mobile resilient defense that removes attackers ability to rely on prior experience without requiring motion in the protected infrastructure itself. The defensive technology absorbs most of the cost of motion, is resilient to attack, and is unpredictable to attackers. The Ant-Based Cyber Defense (ABCD) is a mobile resilient defense providing a set of roaming, bio-inspired, digital-ant agents working with stationary agents in a hierarchy headed by a human supervisor. The ABCD approach provides a resilient, extensible, and flexible defense that can scale to large, multi-enterprise infrastructures like the smart electric grid.

  3. New affordable options for infrastructure and asset protection

    SciTech Connect (OSTI)

    2009-09-15

    Securitas is one of the leaders evolving with technology and delivering new forms of affordable security for mining facilities. It was called in to protect a large mothballed coal mine in the central USA, the victim of repeated thefts. First, Mobile Surveillance Units (MSUs) were installed but thefts continued. Later, a new wireless video security system called Videofied which used MotionViewers which use infrared detectors to detect movement and send a 10 second clip of the intrusion to an operator. This led to the thieves being caught. 2 photos.

  4. DOE/DHS INDUSTRIAL CONTROL SYSTEM CYBER SECURITY PROGRAMS: A MODEL FOR USE IN NUCLEAR FACILITY SAFEGUARDS AND SECURITY

    SciTech Connect (OSTI)

    Robert S. Anderson; Mark Schanfein; Trond Bjornard; Paul Moskowitz

    2011-07-01

    Many critical infrastructure sectors have been investigating cyber security issues for several years especially with the help of two primary government programs. The U.S. Department of Energy (DOE) National SCADA Test Bed and the U.S. Department of Homeland Security (DHS) Control Systems Security Program have both implemented activities aimed at securing the industrial control systems that operate the North American electric grid along with several other critical infrastructure sectors (ICS). These programs have spent the last seven years working with industry including asset owners, educational institutions, standards and regulating bodies, and control system vendors. The programs common mission is to provide outreach, identification of cyber vulnerabilities to ICS and mitigation strategies to enhance security postures. The success of these programs indicates that a similar approach can be successfully translated into other sectors including nuclear operations, safeguards, and security. The industry regulating bodies have included cyber security requirements and in some cases, have incorporated sets of standards with penalties for non-compliance such as the North American Electric Reliability Corporation Critical Infrastructure Protection standards. These DOE and DHS programs that address security improvements by both suppliers and end users provide an excellent model for nuclear facility personnel concerned with safeguards and security cyber vulnerabilities and countermeasures. It is not a stretch to imagine complete surreptitious collapse of protection against the removal of nuclear material or even initiation of a criticality event as witnessed at Three Mile Island or Chernobyl in a nuclear ICS inadequately protected against the cyber threat.

  5. Metaphors for cyber security.

    SciTech Connect (OSTI)

    Moore, Judy Hennessey; Parrott, Lori K.; Karas, Thomas H.

    2008-08-01

    This report is based upon a workshop, called 'CyberFest', held at Sandia National Laboratories on May 27-30, 2008. Participants in the workshop came from organizations both outside and inside Sandia. The premise of the workshop was that thinking about cyber security from a metaphorical perspective could lead to a deeper understanding of current approaches to cyber defense and perhaps to some creative new approaches. A wide range of metaphors was considered, including those relating to: military and other types of conflict, biological, health care, markets, three-dimensional space, and physical asset protection. These in turn led to consideration of a variety of possible approaches for improving cyber security in the future. From the proposed approaches, three were formulated for further discussion. These approaches were labeled 'Heterogeneity' (drawing primarily on the metaphor of biological diversity), 'Motivating Secure Behavior' (taking a market perspective on the adoption of cyber security measures) and 'Cyber Wellness' (exploring analogies with efforts to improve individual and public health).

  6. GAO-04-354, CRITICAL INFRASTRUCTURE PROTECTION: Challenges and Efforts to Secure Control Systems

    Energy Savers [EERE]

    Report to Congressional Requesters United States General Accounting Office GAO March 2004 CRITICAL INFRASTRUCTURE PROTECTION Challenges and Efforts to Secure Control Systems GAO-04-354 www.gao.gov/cgi-bin/getrpt?GAO-04-354. To view the full product, including the scope and methodology, click on the link above. For more information, contact Robert F. Dacey at (202) 512-3317 or daceyr@gao.gov. Highlights of GAO-04-354, a report to congressional requesters March 2004 CRITICAL INFRASTRUCTURE

  7. Collaborative Utility Task Force Partners with DOE to Develop Cyber

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Security Requirements for Advanced Metering Infrastructure | Department of Energy Collaborative Utility Task Force Partners with DOE to Develop Cyber Security Requirements for Advanced Metering Infrastructure Collaborative Utility Task Force Partners with DOE to Develop Cyber Security Requirements for Advanced Metering Infrastructure The Advanced Metering Infrastructure Security (AMI-SEC) Task Force announces the release of the AMI System Security Requirements, a first-of-its-kind for the

  8. Securing the United States' power infrastructure

    SciTech Connect (OSTI)

    Happenny, Sean F.

    2015-08-01

    The United States’ power infrastructure is aging, underfunded, and vulnerable to cyber attack. Emerging smart grid technologies may take some of the burden off of existing systems and make the grid as a whole more efficient, reliable, and secure. The Pacific Northwest National Laboratory (PNNL) is funding research into several aspects of smart grid technology and grid security, creating a software simulation tool that will allow researchers to test power distribution networks utilizing different smart grid technologies to determine how the grid and these technologies react under different circumstances. Demonstrating security in embedded systems is another research area PNNL is tackling. Many of the systems controlling the U.S. critical infrastructure, such as the power grid, lack integrated security and the networks protecting them are becoming easier to breach. Providing a virtual power substation network to each student team at the National Collegiate Cyber Defense Competition, thereby supporting the education of future cyber security professionals, is another way PNNL is helping to strengthen the security of the nation’s power infrastructure.

  9. Cyber Security Indications and Warning System (SV): CRADA 1573.94 Project Accomplishments Summary

    SciTech Connect (OSTI)

    Hu, Tan Chang; Robinson, David G.

    2011-09-08

    As the national focus on cyber security increases, there is an evolving need for a capability to provide for high-speed sensing of events, correlation of events, and decision-making based on the adverse events seen across multiple independent large-scale network environments. The purpose of this Shared Vision project, Cyber Security Indications and Warning System, was to combine both Sandia's and LMC's expertise to discover new solutions to the challenge of protecting our nation's infrastructure assets. The objectives and scope of the proposal was limited to algorithm and High Performance Computing (HPC) model assessment in the unclassified environment within funding and schedule constraints. The interest is the identification, scalability assessment, and applicability of current utilized cyber security algorithms as applied in an HPC environment.

  10. Cyber Train Videos | The Ames Laboratory

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Cyber Train Videos Cyber Train Overview Cyber Train Opt-Out Process Cyber Train Complete Training Submitting Course Completion Materials...

  11. GAO-07-1036, CRITICAL INFRASTRUCTURE PROTECTION: Multiple Efforts to Secure Control Systems Are Under Way, but Challenges Remain

    Energy Savers [EERE]

    Congressional Requesters CRITICAL INFRASTRUCTURE PROTECTION Multiple Efforts to Secure Control Systems Are Under Way, but Challenges Remain September 2007 GAO-07-1036 What GAO Found United States Government Accountability Office Why GAO Did This Study Highlights Accountability Integrity Reliability September 2007 CRITICAL INFRASTRUCTURE PROTECTION Multiple Efforts to Secure Control Systems Are Under Way, but Challenges Remain Highlights of GAO-07-1036, a report to congressional requesters

  12. INDUSTRIAL CONTROL SYSTEM CYBER SECURITY: QUESTIONS AND ANSWERS RELEVANT TO NUCLEAR FACILITIES, SAFEGUARDS AND SECURITY

    SciTech Connect (OSTI)

    Robert S. Anderson; Mark Schanfein; Trond Bjornard; Paul Moskowitz

    2011-07-01

    Typical questions surrounding industrial control system (ICS) cyber security always lead back to: What could a cyber attack do to my system(s) and; how much should I worry about it? These two leading questions represent only a fraction of questions asked when discussing cyber security as it applies to any program, company, business, or organization. The intent of this paper is to open a dialog of important pertinent questions and answers that managers of nuclear facilities engaged in nuclear facility security and safeguards should examine, i.e., what questions should be asked; and how do the answers affect an organization's ability to effectively safeguard and secure nuclear material. When a cyber intrusion is reported, what does that mean? Can an intrusion be detected or go un-noticed? Are nuclear security or safeguards systems potentially vulnerable? What about the digital systems employed in process monitoring, and international safeguards? Organizations expend considerable efforts to ensure that their facilities can maintain continuity of operations against physical threats. However, cyber threats particularly on ICSs may not be well known or understood, and often do not receive adequate attention. With the disclosure of the Stuxnet virus that has recently attacked nuclear infrastructure, many organizations have recognized the need for an urgent interest in cyber attacks and defenses against them. Several questions arise including discussions about the insider threat, adequate cyber protections, program readiness, encryption, and many more. These questions, among others, are discussed so as to raise the awareness and shed light on ways to protect nuclear facilities and materials against such attacks.

  13. Cyber Friendly Fire

    SciTech Connect (OSTI)

    Greitzer, Frank L.; Carroll, Thomas E.; Roberts, Adam D.

    2011-09-01

    Cyber friendly fire (FF) is a new concept that has been brought to the attention of Department of Defense (DoD) stakeholders through two workshops that were planned and conducted by the Air Force Research Laboratory (AFRL) and research conducted for AFRL by the Pacific Northwest National Laboratory. With this previous work in mind, we offer a definition of cyber FF as intentional offensive or defensive cyber/electronic actions intended to protect cyber systems against enemy forces or to attack enemy cyber systems, which unintentionally harms the mission effectiveness of friendly or neutral forces. Just as with combat friendly fire, a fundamental need in avoiding cyber FF is to maintain situation awareness (SA). We suggest that cyber SA concerns knowledge of a system's topology (connectedness and relationships of the nodes in a system), and critical knowledge elements such as the characteristics and vulnerabilities of the components that comprise the system (and that populate the nodes), the nature of the activities or work performed, and the available defensive (and offensive) countermeasures that may be applied to thwart network attacks. A training implication is to raise awareness and understanding of these critical knowledge units; an approach to decision aids and/or visualizations is to focus on supporting these critical knowledge units. To study cyber FF, we developed an unclassified security test range comprising a combination of virtual and physical devices that present a closed network for testing, simulation, and evaluation. This network offers services found on a production network without the associated costs of a real production network. Containing enough detail to appear realistic, this virtual and physical environment can be customized to represent different configurations. For our purposes, the test range was configured to appear as an Internet-connected Managed Service Provider (MSP) offering specialized web applications to the general public. The network is essentially divided into a production component that hosts the web and network services, and a user component that hosts thirty employee workstations and other end devices. The organization's network is separated from the Internet by a Cisco ASA network security device that both firewalls and detects intrusions. Business sensitive information is stored in various servers. This includes data comprising thousands of internal documents, such as finance and technical designs, email messages for the organization's employees including the CEO, CFO, and CIO, the organization's source code, and Personally Identifiable client data. Release of any of this information to unauthorized parties would have a significant, detrimental impact on the organization's reputation, which would harm earnings. The valuable information stored in these servers pose obvious points of interest for an adversary. We constructed several scenarios around this environment to support studies in cyber SA and cyber FF that may be run in the test range. We describe mitigation strategies to combat cyber FF including both training concepts and suggestions for decision aids and visualization approaches. Finally, we discuss possible future research directions.

  14. Constructing a resilience index for the Enhanced Critical Infrastructure Protection Program

    SciTech Connect (OSTI)

    Fisher, R. E.; Bassett, G. W.; Buehring, W. A.; Collins, M. J.; Dickinson, D. C.; Eaton, L. K.; Haffenden, R. A.; Hussar, N. E.; Klett, M. S.; Lawlor, M. A.; Millier, D. J.; Petit, F. D.; Peyton, S. M.; Wallace, K. E.; Whitfield, R. G.; Peerenboom, J P

    2010-10-14

    Following recommendations made in Homeland Security Presidential Directive 7, which established a national policy for the identification and increased protection of critical infrastructure and key resources (CIKR) by Federal departments and agencies, the U.S. Department of Homeland Security (DHS) in 2006 developed the Enhanced Critical Infrastructure Protection (ECIP) program. The ECIP program aimed to provide a closer partnership with state, regional, territorial, local, and tribal authorities in fulfilling the national objective to improve CIKR protection. The program was specifically designed to identify protective measures currently in place in CIKR and to inform facility owners/operators of the benefits of new protective measures. The ECIP program also sought to enhance existing relationships between DHS and owners/operators of CIKR and to build relationships where none existed (DHS 2008; DHS 2009). In 2009, DHS and its protective security advisors (PSAs) began assessing CIKR assets using the ECIP program and ultimately produced individual protective measure and vulnerability values through the protective measure and vulnerability indices (PMI/VI). The PMI/VI assess the protective measures posture of individual facilities at their 'weakest link,' allowing for a detailed analysis of the most vulnerable aspects of the facilities (Schneier 2003), while maintaining the ability to produce an overall protective measures picture. The PMI has six main components (physical security, security management, security force, information sharing, protective measures assessments, and dependencies) and focuses on actions taken by a facility to prevent or deter the occurrence of an incident (Argonne National Laboratory 2009). As CIKR continue to be assessed using the PMI/VI and owners/operators better understand how they can prevent or deter incidents, academic research, practitioner emphasis, and public policy formation have increasingly focused on resilience as a necessary component of the risk management framework and infrastructure protection. This shift in focus toward resilience complements the analysis of protective measures by taking into account the three other phases of risk management: mitigation, response, and recovery (Figure 1). Thus, the addition of a robust resilience index (RI) to the established PMI/VI provides vital information to owners/operators throughout the risk management process. Combining a pre-incident focus with a better understanding of resilience, as well as potential consequences from damaged CIKR, allows owners/operators to better understand different ways to decrease risk by (1) increasing physical security measures to prevent an incident, (2) supplementing redundancy to mitigate the effects of an incident, and (3) enhancing emergency action and business continuity planning to increase the effectiveness of recovery procedures. Information provided by the RI methodology is also used by facility owners/operators to better understand how their facilities compare to similar sector/subsector sites and to help them make risk-based decisions. This report provides an overview of the RI methodology developed to estimate resilience and provide resilience comparisons for sectors and subsectors. The information will be used to (1) assist DHS in analyzing existing response and recovery methods and programs at facilities and (2) identify potential ways to increase resilience. The RI methodology is based on principles of Appreciative Inquiry, which is 'the coevolutionary search for the best in people, their organizations, and the relevant world around them' (Cooperrider et al. 2005). Appreciative Inquiry identifies the best of 'what is' and helps to envision 'what might be.' The ECIP program and the RI represent a new model (using Appreciative Inquiry principles) for information sharing between government and industry (Fisher and Petit 2010). A 'dashboard' display, which provides an interactive tool - rather than a static report, presents the results of the RI in a convenient format. Additional resilience measures c

  15. Department of Energy Cyber Security Management Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2003-03-21

    The purpose of the Department of Energy (DOE) Cyber Security Management Program (hereafter called the Program) is to protect all DOE cyber information and information systems in order to implement the requirements of applicable laws required to maintain national security and ensure DOE business operations proceed without security events such as interruption or compromise. Cancels DOE N 205.1

  16. Department of Energy Cyber Security Management

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2006-12-04

    The purpose of the DOE Cyber Security Management Program is to protect all DOE cyber information and information systems in order to implement the requirements of applicable laws required to maintain national security and ensure DOE business operations proceed without security events such as interruption or compromise. Cancels DOE O 205.1. Canceled by DOE O 205.1B.

  17. Cyber Train Videos | The Ames Laboratory

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Cyber Train Videos Cyber Train Overview Cyber Train Opt-Out Process Cyber Train Complete Training Submitting Course Completion Materials Click here for information on accessing Cyber Train.

  18. Sandia Energy Cyber

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    sandia-cyber-engineering-research-laboratory-cerl-formally-opensfeed 0 Sandia Builds Android-Based Network to Study Cyber Disruptions http:energy.sandia.gov...

  19. Security Informatics Research Challenges for Mitigating Cyber Friendly Fire

    SciTech Connect (OSTI)

    Carroll, Thomas E.; Greitzer, Frank L.; Roberts, Adam D.

    2014-09-30

    This paper addresses cognitive implications and research needs surrounding the problem of cyber friendly re (FF). We dene cyber FF as intentional o*ensive or defensive cyber/electronic actions intended to protect cyber systems against enemy forces or to attack enemy cyber systems, which unintentionally harms the mission e*ectiveness of friendly or neutral forces. We describe examples of cyber FF and discuss how it ts within a general conceptual framework for cyber security failures. Because it involves human failure, cyber FF may be considered to belong to a sub-class of cyber security failures characterized as unintentional insider threats. Cyber FF is closely related to combat friendly re in that maintaining situation awareness (SA) is paramount to avoiding unintended consequences. Cyber SA concerns knowledge of a system's topology (connectedness and relationships of the nodes in a system), and critical knowledge elements such as the characteristics and vulnerabilities of the components that comprise the system and its nodes, the nature of the activities or work performed, and the available defensive and o*ensive countermeasures that may be applied to thwart network attacks. We describe a test bed designed to support empirical research on factors a*ecting cyber FF. Finally, we discuss mitigation strategies to combat cyber FF, including both training concepts and suggestions for decision aids and visualization approaches.

  20. Cyber Friendly Fire: Research Challenges for Security Informatics

    SciTech Connect (OSTI)

    Greitzer, Frank L.; Carroll, Thomas E.; Roberts, Adam D.

    2013-06-06

    This paper addresses cognitive implications and research needs surrounding the problem of cyber friendly fire (FF). We define cyber FF as intentional offensive or defensive cyber/electronic actions intended to protect cyber systems against enemy forces or to attack enemy cyber systems, which unintention-ally harms the mission effectiveness of friendly or neutral forces. Just as with combat friendly fire, maintaining situation awareness (SA) is paramount to avoiding cyber FF incidents. Cyber SA concerns knowledge of a systems topology (connectedness and relationships of the nodes in a system), and critical knowledge elements such as the characteristics and vulnerabilities of the components that comprise the system and its nodes, the nature of the activities or work performed, and the available defensive and offensive countermeasures that may be applied to thwart network attacks. Mitigation strategies to combat cyber FF including both training concepts and suggestions for decision aids and visualization approachesare discussed.

  1. Grid Cyber Vulnerability & Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Cyber Vulnerability & Assessments - Sandia Energy Energy Search Icon Sandia Home Locations Contact Us Employee Locator Energy & Climate Secure & Sustainable Energy Future Stationary Power Energy Conversion Efficiency Solar Energy Wind Energy Water Power Supercritical CO2 Geothermal Natural Gas Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering Grid Modernization Battery Testing Nuclear Fuel Cycle Defense Waste Management

  2. Cyber-Based Vulnerability Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Cyber-Based Vulnerability Assessments - Sandia Energy Energy Search Icon Sandia Home Locations Contact Us Employee Locator Energy & Climate Secure & Sustainable Energy Future Stationary Power Energy Conversion Efficiency Solar Energy Wind Energy Water Power Supercritical CO2 Geothermal Natural Gas Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering Grid Modernization Battery Testing Nuclear Fuel Cycle Defense Waste Management

  3. Management of Naval Reactors' Cyber Security Program, OIG-0884

    Broader source: Energy.gov (indexed) [DOE]

    It is imperative that the systems are protected against cyber security threats, regardless of classification, given the sensitive nature of the Naval Reactors mission and its ...

  4. Elaine Santantonio-Creating an efficient cyber workplace

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Elaine Santantonio Elaine Santantonio-Creating an efficient cyber workplace She improved communication and increased efficiency by helping put mobile devices into the hands of Lab employees. March 11, 2014 Elaine Santantonio A recipient of the Lab's 2014 Women Who Inspire awards, as the Network and Infrastructure Engineering (NIE) Division Leader, Santantonio helps provide technical communication and workplace infrastructure and services for the "desktop to teraflops" cyber workplace.

  5. Cyber Incidents Involving Control Systems

    SciTech Connect (OSTI)

    Robert J. Turk

    2005-10-01

    The Analysis Function of the US-CERT Control Systems Security Center (CSSC) at the Idaho National Laboratory (INL) has prepared this report to document cyber security incidents for use by the CSSC. The description and analysis of incidents reported herein support three CSSC tasks: establishing a business case; increasing security awareness and private and corporate participation related to enhanced cyber security of control systems; and providing informational material to support model development and prioritize activities for CSSC. The stated mission of CSSC is to reduce vulnerability of critical infrastructure to cyber attack on control systems. As stated in the Incident Management Tool Requirements (August 2005) ''Vulnerability reduction is promoted by risk analysis that tracks actual risk, emphasizes high risk, determines risk reduction as a function of countermeasures, tracks increase of risk due to external influence, and measures success of the vulnerability reduction program''. Process control and Supervisory Control and Data Acquisition (SCADA) systems, with their reliance on proprietary networks and hardware, have long been considered immune to the network attacks that have wreaked so much havoc on corporate information systems. New research indicates this confidence is misplaced--the move to open standards such as Ethernet, Transmission Control Protocol/Internet Protocol, and Web technologies is allowing hackers to take advantage of the control industry's unawareness. Much of the available information about cyber incidents represents a characterization as opposed to an analysis of events. The lack of good analyses reflects an overall weakness in reporting requirements as well as the fact that to date there have been very few serious cyber attacks on control systems. Most companies prefer not to share cyber attack incident data because of potential financial repercussions. Uniform reporting requirements will do much to make this information available to Department of Homeland Security (DHS) and others who require it. This report summarizes the rise in frequency of cyber attacks, describes the perpetrators, and identifies the means of attack. This type of analysis, when used in conjunction with vulnerability analyses, can be used to support a proactive approach to prevent cyber attacks. CSSC will use this document to evolve a standardized approach to incident reporting and analysis. This document will be updated as needed to record additional event analyses and insights regarding incident reporting. This report represents 120 cyber security incidents documented in a number of sources, including: the British Columbia Institute of Technology (BCIT) Industrial Security Incident Database, the 2003 CSI/FBI Computer Crime and Security Survey, the KEMA, Inc., Database, Lawrence Livermore National Laboratory, the Energy Incident Database, the INL Cyber Incident Database, and other open-source data. The National Memorial Institute for the Prevention of Terrorism (MIPT) database was also interrogated but, interestingly, failed to yield any cyber attack incidents. The results of this evaluation indicate that historical evidence provides insight into control system related incidents or failures; however, that the limited available information provides little support to future risk estimates. The documented case history shows that activity has increased significantly since 1988. The majority of incidents come from the Internet by way of opportunistic viruses, Trojans, and worms, but a surprisingly large number are directed acts of sabotage. A substantial number of confirmed, unconfirmed, and potential events that directly or potentially impact control systems worldwide are also identified. Twelve selected cyber incidents are presented at the end of this report as examples of the documented case studies (see Appendix B).

  6. Voluntary Protection Program Onsite Review, Infrastructure Support Contract Paducah Gaseous Diffusion Plant- May 2013

    Broader source: Energy.gov [DOE]

    Evaluation to determine whether Infrastructure Support Contract Paducah Gaseous Diffusion Plant is continuing to perform at a level deserving DOE-VPP Star recognition.

  7. Voluntary Protection Program Onsite Review, Infrastructure Support Contract Paducah Gaseous Diffusion Plant- March 2012

    Broader source: Energy.gov [DOE]

    Evaluation to determine whether the Infrastructure Support Contract Paducah Gaseous Diffusion Plant is continuing to perform at a level deserving DOE-VPP Star recognition.

  8. Developing measurement indices to enhance protection and resilience of U.S. critical infrastructure and key resources.

    SciTech Connect (OSTI)

    Fisher, R. E.; Norman, M.

    2010-07-01

    The US Department of Homeland Security (DHS) is developing indices to better assist in the risk management of critical infrastructures. The first of these indices is the Protective Measures Index - a quantitative index that measures overall protection across component categories: physical security, security management, security force, information sharing, protective measures and dependencies. The Protective Measures Index, which can also be recalculated as the Vulnerability Index, is a way to compare differing protective measures (eg fence versus security training). The second of these indices is the Resilience Index, which assesses a site's resilience and consists of three primary components: robustness, resourcefulness and recovery. The third index is the Criticality Index, which assesses the importance of a facility. The Criticality Index includes economic, human, governance and mass evacuation impacts. The Protective Measures Index, Resilience Index and Criticality Index are being developed as part of the Enhanced Critical Infrastructure Protection initiative that DHS protective security advisers implement across the nation at critical facilities. This paper describes two core themes: determination of the vulnerability, resilience and criticality of a facility and comparison of the indices at different facilities.

  9. Data Intensive Architecture for Scalable Cyber Analytics

    SciTech Connect (OSTI)

    Olsen, Bryan K.; Johnson, John R.; Critchlow, Terence J.

    2011-12-19

    Cyber analysts are tasked with the identification and mitigation of network exploits and threats. These compromises are difficult to identify due to the characteristics of cyber communication, the volume of traffic, and the duration of possible attack. In this paper, we describe a prototype implementation designed to provide cyber analysts an environment where they can interactively explore a months worth of cyber security data. This prototype utilized On-Line Analytical Processing (OLAP) techniques to present a data cube to the analysts. The cube provides a summary of the data, allowing trends to be easily identified as well as the ability to easily pull up the original records comprising an event of interest. The cube was built using SQL Server Analysis Services (SSAS), with the interface to the cube provided by Tableau. This software infrastructure was supported by a novel hardware architecture comprising a Netezza TwinFin for the underlying data warehouse and a cube server with a FusionIO drive hosting the data cube. We evaluated this environment on a months worth of artificial, but realistic, data using multiple queries provided by our cyber analysts. As our results indicate, OLAP technology has progressed to the point where it is in a unique position to provide novel insights to cyber analysts, as long as it is supported by an appropriate data intensive architecture.

  10. Sandia Cyber Omni Tracker

    Energy Science and Technology Software Center (OSTI)

    2014-07-02

    SCOT cyber security team enhancement tool that coordinates activities, captures knowledge, and serves as a platform to automate time-consuming tasks that a cyber security team needs to perform in its daily operations.

  11. DOE Issues Energy Sector Cyber Organization NOI

    Energy Savers [EERE]

    Issues National Energy Sector Cyber Organization Notice of Intent February 11, 2010 The Department of Energy's (DOE) National Energy Technology Laboratory (NETL) announced on Jan. 7 that it intends to issue a Funding Opportunity Announcement (FOA) for a National Energy Sector Cyber Organization, envisioned as a partnership between the federal government and energy sector stakeholders to protect the bulk power electric grid and aid the integration of smart grid technology to enhance the security

  12. Assessing Vulnerabilities, Risks, and Consequences of Damage to Critical Infrastructure

    SciTech Connect (OSTI)

    Suski, N; Wuest, C

    2011-02-04

    Since the publication of 'Critical Foundations: Protecting America's Infrastructure,' there has been a keen understanding of the complexity, interdependencies, and shared responsibility required to protect the nation's most critical assets that are essential to our way of life. The original 5 sectors defined in 1997 have grown to 18 Critical Infrastructures and Key Resources (CIKR), which are discussed in the 2009 National Infrastructure Protection Plan (NIPP) and its supporting sector-specific plans. The NIPP provides the structure for a national program dedicated to enhanced protection and resiliency of the nation's infrastructure. Lawrence Livermore National Laboratory (LLNL) provides in-depth, multi-disciplinary assessments of threat, vulnerability, and consequence across all 18 sectors at scales ranging from specific facilities to infrastructures spanning multi-state regions, such as the Oil and Natural Gas (ONG) sector. Like many of the CIKR sectors, the ONG sector is comprised of production, processing, distribution, and storage of highly valuable and potentially dangerous commodities. Furthermore, there are significant interdependencies with other sectors, including transportation, communication, finance, and government. Understanding the potentially devastating consequences and collateral damage resulting from a terrorist attack or natural event is an important element of LLNL's infrastructure security programs. Our work began in the energy sector in the late 1990s and quickly expanded other critical infrastructure sectors. We have performed over 600 physical assessments with a particular emphasis on those sectors that utilize, store, or ship potentially hazardous materials and for whom cyber security is important. The success of our approach is based on building awareness of vulnerabilities and risks and working directly with industry partners to collectively advance infrastructure protection. This approach consists of three phases: The Pre-Assessment Phase brings together infrastructure owners and operators to identify critical assets and help the team create a structured information request. During this phase, we gain information about the critical assets from those who are most familiar with operations and interdependencies, making the time we spend on the ground conducting the assessment much more productive and enabling the team to make actionable recommendations. The Assessment Phase analyzes 10 areas: Threat environment, cyber architecture, cyber penetration, physical security, physical penetration, operations security, policies and procedures, interdependencies, consequence analysis, and risk characterization. Each of these individual tasks uses direct and indirect data collection, site inspections, and structured and facilitated workshops to gather data. Because of the importance of understanding the cyber threat, LLNL has built both fixed and mobile cyber penetration, wireless penetration and supporting tools that can be tailored to fit customer needs. The Post-Assessment Phase brings vulnerability and risk assessments to the customer in a format that facilitates implementation of mitigation options. Often the assessment findings and recommendations are briefed and discussed with several levels of management and, if appropriate, across jurisdictional boundaries. The end result is enhanced awareness and informed protective measures. Over the last 15 years, we have continued to refine our methodology and capture lessons learned and best practices. The resulting risk and decision framework thus takes into consideration real-world constraints, including regulatory, operational, and economic realities. In addition to 'on the ground' assessments focused on mitigating vulnerabilities, we have integrated our computational and atmospheric dispersion capability with easy-to-use geo-referenced visualization tools to support emergency planning and response operations. LLNL is home to the National Atmospheric Release Advisory Center (NARAC) and the Interagency Modeling and Atmospheric Assessment Center (IMAAC). NA

  13. Cyber Security Requirements for Wireless Devices and Information Systems

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2004-02-11

    The Notice establishes DOE policy requirements and responsibilities for using wireless networks and devices within DOE and implements the requirements of DOE 0 205.1, Department of Energy Cyber Security Management Program, dated 3-21-03, including requirements for cyber resource protection, risk management, program evaluation, and cyber security plan development and maintenance. No cancellation. DOE N 205.15, dated 3/18/05, extends this directive until 3/18/06.

  14. A Mathematical Framework for the Analysis of Cyber-Resilient Control Systems

    SciTech Connect (OSTI)

    Melin, Alexander M; Ferragut, Erik M; Laska, Jason A; Fugate, David L; Kisner, Roger

    2013-01-01

    The increasingly recognized vulnerability of industrial control systems to cyber-attacks has inspired a considerable amount of research into techniques for cyber-resilient control systems. The majority of this effort involves the application of well known information security (IT) techniques to control system networks. While these efforts are important to protect the control systems that operate critical infrastructure, they are never perfectly effective. Little research has focused on the design of closed-loop dynamics that are resilient to cyber-attack. The majority of control system protection measures are concerned with how to prevent unauthorized access and protect data integrity. We believe that the ability to analyze how an attacker can effect the closed loop dynamics of a control system configuration once they have access is just as important to the overall security of a control system. To begin to analyze this problem, consistent mathematical definitions of concepts within resilient control need to be established so that a mathematical analysis of the vulnerabilities and resiliencies of a particular control system design methodology and configuration can be made. In this paper, we propose rigorous definitions for state awareness, operational normalcy, and resiliency as they relate to control systems. We will also discuss some mathematical consequences that arise from the proposed definitions. The goal is to begin to develop a mathematical framework and testable conditions for resiliency that can be used to build a sound theoretical foundation for resilient control research.

  15. Control Systems Cyber Security Standards Support Activities

    SciTech Connect (OSTI)

    Robert Evans

    2009-01-01

    The Department of Homeland Security’s Control Systems Security Program (CSSP) is working with industry to secure critical infrastructure sectors from cyber intrusions that could compromise control systems. This document describes CSSP’s current activities with industry organizations in developing cyber security standards for control systems. In addition, it summarizes the standards work being conducted by organizations within the sector and provides a brief listing of sector meetings and conferences that might be of interest for each sector. Control systems cyber security standards are part of a rapidly changing environment. The participation of CSSP in the development effort for these standards has provided consistency in the technical content of the standards while ensuring that information developed by CSSP is included.

  16. Report of the Cyber Security Research Needs for Open Science Workshop |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy the Cyber Security Research Needs for Open Science Workshop Report of the Cyber Security Research Needs for Open Science Workshop Protecting systems and users, while maintaining ease of access, represents the "perfect storm" of challenges in the area of cyber security. PDF icon Report of the Cyber Security Research Needs for Open Science Workshop More Documents & Publications Networking and Information Technology Research and Development Supplement to the

  17. Questions For Identification, Evaluation, and Ranking of Proposed Infrastructure Protection Activities

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    SAND2002-0877 Unlimited Release Printed April 2002 A Scalable Systems Approach for Critical Infrastructure Security Arnold B. Baker, Robert J. Eagan, Patricia K. Falcone, Joe M. Harris, Gilbert V. Herrera,W. Curtis Hines, Robert L. Hutchinson, Ajoy K. Moonka, Mark L. Swinson, Erik K. Webb, Tommy D. Woodall, and Gregory D. Wyss Prepared by Sandia National Laboratories Albuquerque, New Mexico 87185 and Livermore, California 94550 Sandia is a multiprogram laboratory operated by Sandia Corporation,

  18. Cyber Security Architecture Guidelines

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2001-03-08

    This Guide provides supplemental information on the implementation of cyber security architectures throughout the Department of Energy. Canceled by DOE N 205.18

  19. Toward an ontology framework supporting the integration of geographic information with modeling and simulation for critical infrastructure protection

    SciTech Connect (OSTI)

    Ambrosiano, John J; Bent, Russell W; Linger, Steve P

    2009-01-01

    Protecting the nation's infrastructure from natural disasters, inadvertent failures, or intentional attacks is a major national security concern. Gauging the fragility of infrastructure assets, and understanding how interdependencies across critical infrastructures affect their behavior, is essential to predicting and mitigating cascading failures, as well as to planning for response and recovery. Modeling and simulation (M&S) is an indispensable part of characterizing this complex system of systems and anticipating its response to disruptions. Bringing together the necessary components to perform such analyses produces a wide-ranging and coarse-grained computational workflow that must be integrated with other analysis workflow elements. There are many points in both types of work flows in which geographic information (GI) services are required. The GIS community recognizes the essential contribution of GI in this problem domain as evidenced by past OGC initiatives. Typically such initiatives focus on the broader aspects of GI analysis workflows, leaving concepts crucial to integrating simulations within analysis workflows to that community. Our experience with large-scale modeling of interdependent critical infrastructures, and our recent participation in a DRS initiative concerning interoperability for this M&S domain, has led to high-level ontological concepts that we have begun to assemble into an architecture that spans both computational and 'world' views of the problem, and further recognizes the special requirements of simulations that go beyond common workflow ontologies. In this paper we present these ideas, and offer a high-level ontological framework that includes key geospatial concepts as special cases of a broader view.

  20. CYBER/PHYSICAL SECURITY VULNERABILITY ASSESSMENT INTEGRATION

    SciTech Connect (OSTI)

    MacDonald, Douglas G.; Key, Brad; Clements, Samuel L.; Hutton, William J.; Craig, Philip A.; Patrick, Scott W.; Crawford, Cary E.

    2011-07-17

    This internally funded Laboratory-Directed R&D project by the Pacific Northwest National Laboratory, in conjunction with QinetiQ North America, is intended to identify and properly assess areas of overlap (and interaction) in the vulnerability assessment process between cyber security and physical protection. Existing vulnerability analysis (VA) processes and software tools exist, and these are heavily utilized in the determination of predicted vulnerability within the physical and cyber security domains. These determinations are normally performed independently of one another, and only interact on a superficial level. Both physical and cyber security subject matter experts have come to realize that though the various interactive elements exist, they are not currently quantified in most periodic security assessments. This endeavor aims to evaluate both physical and cyber VA techniques and provide a strategic approach to integrate the interdependent relationships of each into a single VA capability. This effort will also transform the existing suite of software currently utilized in the physical protection world to more accurately quantify the risk associated with a blended attack scenario. Performance databases will be created to support the characterization of the cyber security elements, and roll them into prototype software tools. This new methodology and software capability will enable analysts to better identify and assess the overall risk during a vulnerability analysis.

  1. Increasing the resilience and security of the United States' power infrastructure

    SciTech Connect (OSTI)

    Happenny, Sean F.

    2015-08-01

    The United States' power infrastructure is aging, underfunded, and vulnerable to cyber attack. Emerging smart grid technologies may take some of the burden off of existing systems and make the grid as a whole more efficient, reliable, and secure. The Pacific Northwest National Laboratory (PNNL) is funding research into several aspects of smart grid technology and grid security, creating a software simulation tool that will allow researchers to test power infrastructure control and distribution paradigms by utilizing different smart grid technologies to determine how the grid and these technologies react under different circumstances. Understanding how these systems behave in real-world conditions will lead to new ways to make our power infrastructure more resilient and secure. Demonstrating security in embedded systems is another research area PNNL is tackling. Many of the systems controlling the U.S. critical infrastructure, such as the power grid, lack integrated security and the aging networks protecting them are becoming easier to attack.

  2. Security and Cyber Guidance | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Security and Cyber Guidance Security and Cyber Guidance Appraisal Process Guides Security Evaluations Appraisal Process Guide - April 2008 Cyber Security Evaluations Appraisal ...

  3. Towards a Research Agenda for Cyber Friendly Fire

    SciTech Connect (OSTI)

    Greitzer, Frank L.; Clements, Samuel L.; Carroll, Thomas E.; Fluckiger, Jerry D.

    2009-11-18

    Historical assessments of combat fratricide reveal principal contributing factors in the effects of stress, degradation of skills due to continuous operations or sleep deprivation, poor situation awareness, and lack of training and discipline in offensive/defense response selection. While these problems are typically addressed in R&D focusing on traditional ground-based combat, there is also an emerging need for improving situation awareness and decision making on defensive/offensive response options in the cyber defense arena, where a mistaken response to an actual or perceived cyber attack could lead to destruction or compromise of friendly cyber assets. The purpose of this report is to examine cognitive factors that may affect cyber situation awareness and describe possible research needs to reduce the likelihood and effects of "friendly cyber fire" on cyber defenses, information infrastructures, and data. The approach is to examine concepts and methods that have been described in research applied to the more traditional problem of mitigating the occurrence of combat identification and fratricide. Application domains of interest include cyber security defense against external or internal (insider) threats.

  4. Designing and Operating Through Compromise: Architectural Analysis of CKMS for the Advanced Metering Infrastructure

    SciTech Connect (OSTI)

    Duren, Mike; Aldridge, Hal; Abercrombie, Robert K; Sheldon, Frederick T

    2013-01-01

    Compromises attributable to the Advanced Persistent Threat (APT) highlight the necessity for constant vigilance. The APT provides a new perspective on security metrics (e.g., statistics based cyber security) and quantitative risk assessments. We consider design principals and models/tools that provide high assurance for energy delivery systems (EDS) operations regardless of the state of compromise. Cryptographic keys must be securely exchanged, then held and protected on either end of a communications link. This is challenging for a utility with numerous substations that must secure the intelligent electronic devices (IEDs) that may comprise complex control system of systems. For example, distribution and management of keys among the millions of intelligent meters within the Advanced Metering Infrastructure (AMI) is being implemented as part of the National Smart Grid initiative. Without a means for a secure cryptographic key management system (CKMS) no cryptographic solution can be widely deployed to protect the EDS infrastructure from cyber-attack. We consider 1) how security modeling is applied to key management and cyber security concerns on a continuous basis from design through operation, 2) how trusted models and key management architectures greatly impact failure scenarios, and 3) how hardware-enabled trust is a critical element to detecting, surviving, and recovering from attack.

  5. Department of Energy Cyber Security Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2011-05-16

    The order sets forth requirements and responsibilities for a Departmental Cyber Security Program (CSP) that protects information and information systems for the Department of Energy (DOE). Chg 1 dated 12-7-2012; Chg 2 dated 3-11-2013; Chg 3, dated 4-29-2014, supersedes Chg 2.

  6. SECURITY AND CYBER REPORTS | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    SECURITY AND CYBER REPORTS SECURITY AND CYBER REPORTS Office of Security Assessments Office of Security Assessments - Report Titles

  7. Final report : impacts analysis for cyber attack on electric power systems (National SCADA Test Bed FY08).

    SciTech Connect (OSTI)

    Phillips, Laurence R.; Richardson, Bryan T.; Stamp, Jason Edwin; LaViolette, Randall A.

    2009-02-01

    To analyze the risks due to cyber attack against control systems used in the United States electrical infrastructure, new algorithms are needed to determine the possible impacts. This research is studying the Reliability Impact of Cyber ttack (RICA) in a two-pronged approach. First, malevolent cyber actions are analyzed in terms of reduced grid reliability. Second, power system impacts are investigated using an abstraction of the grid's dynamic model. This second year of esearch extends the work done during the first year.

  8. January 2013 Cyber Incident

    Broader source: Energy.gov [DOE]

    The Department of Energy (DOE) has confirmed a recent cyber incident that occurred in mid-January 2013 which targeted the Headquarters' network and resulted in the unauthorized disclosure of...

  9. July 2013 Cyber Incident

    Broader source: Energy.gov [DOE]

    The Department of Energy (DOE) has confirmed a cyber incident that occurred at the end of July and resulted in the unauthorized disclosure of federal employee Personally Identifiable Information ...

  10. Cyber sleuths face off

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Hacking skills put to the test in week of hands-on cyber warfare training LOS ALAMOS, New ... "Tracer FIRE 2," as the event is titled, will be a collaborative information security ...

  11. Analyzing water/wastewater infrastructure interdependencies.

    SciTech Connect (OSTI)

    Gillette, J. L.; Fisher, R. E.; Peerenboom, J. P.; Whitfield, R. G.

    2002-03-26

    This paper describes four general categories of infrastructure interdependencies (physical, cyber, geographic, and logical) as they apply to the water/wastewater infrastructure, and provides an overview of one of the analytic approaches and tools used by Argonne National Laboratory to evaluate interdependencies. Also discussed are the dimensions of infrastructure interdependency that create spatial, temporal, and system representation complexities that make analyzing the water/wastewater infrastructure particularly challenging. An analytical model developed to incorporate the impacts of interdependencies on infrastructure repair times is briefly addressed.

  12. Headquarters Facilities Master Security Plan - Chapter 14, Cyber...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    4, Cyber Security Headquarters Facilities Master Security Plan - Chapter 14, Cyber Security 2016 Headquarters Facilities Master Security Plan - Chapter 14, Cyber Security HQ cyber ...

  13. Protecting your personal information

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    2015-Jan. 2016 all issues All Issues submit Protecting your personal information Quantum cryptography keeps data secure from cyber thieves October 1, 2014 Mass-producible...

  14. Obama’s Call for Public-Private Cyber Security Collaboration Reflected in DOE’s Priorities

    Broader source: Energy.gov [DOE]

    In releasing the results of his Administration’s 60-day cyber security review, President Barack Obama today emphasized that partnering with the private sector will be paramount for agencies working to secure the power grid and other critical infrastructures from cyber attack.

  15. Cyber Security Testing and Training Programs for Industrial Control Systems

    SciTech Connect (OSTI)

    Daniel Noyes

    2012-03-01

    Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall security posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These trainings vary from web-based cyber security trainings for control systems engineers to more advanced hands-on training that culminates with a Red Team/ Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors.

  16. Departmental Cyber Security Management Policy

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2001-05-08

    The Departmental Cyber Security Management (DCSM) Policy was developed to further clarify and support the elements of the Integrated Safeguards and Security Management (ISSM) Policy regarding cyber security. Certified 9-23-10. No cancellation.

  17. DOE Cyber Distinguished Speaker Series

    Broader source: Energy.gov [DOE]

    Join us at the Department of Energy’s Cyber Distinguished Speaker Series on Wednesday, 13 January 2016, for an opportunity to expand your knowledge and awareness of today’s most pressing cyber issues.

  18. Common Cyber Security Vulnerabilities Observed in Control System

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Assessments by the INL NSTB Program | Department of Energy Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program This document presents results from 16 control system assessments performed under the NSTB program from 2003 through 2007. Information found in individual stakeholder reports is protected from disclosure. Researchers recognized that

  19. Process Control System Cyber Security Standards - An Overview

    SciTech Connect (OSTI)

    Robert P. Evans

    2006-05-01

    The use of cyber security standards can greatly assist in the protection of process control systems by providing guidelines and requirements for the implementation of computer-controlled systems. These standards are most effective when the engineers and operators, using the standards, understand what each standard addresses. This paper provides an overview of several standards that deal with the cyber security of process measurements and control systems.

  20. Cyber security best practices for the nuclear industry

    SciTech Connect (OSTI)

    Badr, I.

    2012-07-01

    When deploying software based systems, such as, digital instrumentation and controls for the nuclear industry, it is vital to include cyber security assessment as part of architecture and development process. When integrating and delivering software-intensive systems for the nuclear industry, engineering teams should make use of a secure, requirements driven, software development life cycle, ensuring security compliance and optimum return on investment. Reliability protections, data loss prevention, and privacy enforcement provide a strong case for installing strict cyber security policies. (authors)

  1. Cyber Security Process Requirements Manual

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2008-08-12

    The Manual establishes the minimum implementation standards for cyber security management processes throughout the Department. No cancellation.

  2. Cyber security analysis testbed : combining real, emulation, and simulation.

    SciTech Connect (OSTI)

    Villamarin, Charles H.; Eldridge, John M.; Van Leeuwen, Brian P.; Urias, Vincent E.

    2010-07-01

    Cyber security analysis tools are necessary to evaluate the security, reliability, and resilience of networked information systems against cyber attack. It is common practice in modern cyber security analysis to separately utilize real systems of computers, routers, switches, firewalls, computer emulations (e.g., virtual machines) and simulation models to analyze the interplay between cyber threats and safeguards. In contrast, Sandia National Laboratories has developed novel methods to combine these evaluation platforms into a hybrid testbed that combines real, emulated, and simulated components. The combination of real, emulated, and simulated components enables the analysis of security features and components of a networked information system. When performing cyber security analysis on a system of interest, it is critical to realistically represent the subject security components in high fidelity. In some experiments, the security component may be the actual hardware and software with all the surrounding components represented in simulation or with surrogate devices. Sandia National Laboratories has developed a cyber testbed that combines modeling and simulation capabilities with virtual machines and real devices to represent, in varying fidelity, secure networked information system architectures and devices. Using this capability, secure networked information system architectures can be represented in our testbed on a single, unified computing platform. This provides an 'experiment-in-a-box' capability. The result is rapidly-produced, large-scale, relatively low-cost, multi-fidelity representations of networked information systems. These representations enable analysts to quickly investigate cyber threats and test protection approaches and configurations.

  3. DOE Issues Energy Sector Cyber Organization NOI, Feb 2010 | Department of

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Energy Issues Energy Sector Cyber Organization NOI, Feb 2010 DOE Issues Energy Sector Cyber Organization NOI, Feb 2010 The Department of Energy's (DOE) National Energy Technology Laboratory (NETL) announced on Jan. 7 that it intends to issue a Funding Opportunity Announcement (FOA) for a National Energy Sector Cyber Organization, envisioned as a partnership between the federal government and energy sector stakeholders to protect the bulk power electric grid and aid the integration of smart

  4. Summary report on transportation of nuclear fuel materials in Japan : transportation infrastructure, threats identified in open literature, and physical protection regulations.

    SciTech Connect (OSTI)

    Cochran, John Russell; Ouchi, Yuichiro; Furaus, James Phillip; Marincel, Michelle K.

    2008-03-01

    This report summarizes the results of three detailed studies of the physical protection systems for the protection of nuclear materials transport in Japan, with an emphasis on the transportation of mixed oxide fuel materials1. The Japanese infrastructure for transporting nuclear fuel materials is addressed in the first section. The second section of this report presents a summary of baseline data from the open literature on the threats of sabotage and theft during the transport of nuclear fuel materials in Japan. The third section summarizes a review of current International Atomic Energy Agency, Japanese and United States guidelines and regulations concerning the physical protection for the transportation of nuclear fuel materials.

  5. Cyber threat metrics.

    SciTech Connect (OSTI)

    Frye, Jason Neal; Veitch, Cynthia K.; Mateski, Mark Elliot; Michalski, John T.; Harris, James Mark; Trevino, Cassandra M.; Maruoka, Scott

    2012-03-01

    Threats are generally much easier to list than to describe, and much easier to describe than to measure. As a result, many organizations list threats. Fewer describe them in useful terms, and still fewer measure them in meaningful ways. This is particularly true in the dynamic and nebulous domain of cyber threats - a domain that tends to resist easy measurement and, in some cases, appears to defy any measurement. We believe the problem is tractable. In this report we describe threat metrics and models for characterizing threats consistently and unambiguously. The purpose of this report is to support the Operational Threat Assessment (OTA) phase of risk and vulnerability assessment. To this end, we focus on the task of characterizing cyber threats using consistent threat metrics and models. In particular, we address threat metrics and models for describing malicious cyber threats to US FCEB agencies and systems.

  6. Modeling Cyber Conflicts Using an Extended Petri Net Formalism

    SciTech Connect (OSTI)

    Zakrzewska, Anita N; Ferragut, Erik M

    2011-01-01

    When threatened by automated attacks, critical systems that require human-controlled responses have difficulty making optimal responses and adapting protections in real- time and may therefore be overwhelmed. Consequently, experts have called for the development of automatic real-time reaction capabilities. However, a technical gap exists in the modeling and analysis of cyber conflicts to automatically understand the repercussions of responses. There is a need for modeling cyber assets that accounts for concurrent behavior, incomplete information, and payoff functions. Furthermore, we address this need by extending the Petri net formalism to allow real-time cyber conflicts to be modeled in a way that is expressive and concise. This formalism includes transitions controlled by players as well as firing rates attached to transitions. This allows us to model both player actions and factors that are beyond the control of players in real-time. We show that our formalism is able to represent situational aware- ness, concurrent actions, incomplete information and objective functions. These factors make it well-suited to modeling cyber conflicts in a way that allows for useful analysis. MITRE has compiled the Common Attack Pattern Enumera- tion and Classification (CAPEC), an extensive list of cyber attacks at various levels of abstraction. CAPEC includes factors such as attack prerequisites, possible countermeasures, and attack goals. These elements are vital to understanding cyber attacks and to generating the corresponding real-time responses. We demonstrate that the formalism can be used to extract precise models of cyber attacks from CAPEC. Several case studies show that our Petri net formalism is more expressive than other models, such as attack graphs, for modeling cyber conflicts and that it is amenable to exploring cyber strategies.

  7. National Infrastructure Protection Plan

    Energy Savers [EERE]

    0 National Idling Reduction Network News - April 2010 Newsletter with information on idling reduction regulations, idling reduction grants, idling reduction general news, summary of state ani-idling regulations, and upcoming meetings and events. PDF icon apr10_network_news.pdf More Documents & Publications National Idling Reduction Network News - May 2010 National Idling Reduction Network News - July 2010 National Idling Reduction Network News - Early Spring 2009

    1 National Idling

  8. Energy: Critical Infrastructure and Key Resources Sector-Specific...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Energy: Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan (Redacted) Energy: Critical Infrastructure and Key ...

  9. Energy Critical Infrastructure and Key Resources Sector-Specific...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Energy Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan (Redacted) Energy Critical Infrastructure and Key ...

  10. DOE CYBER SECURITY EBK: CORE COMPETENCY TRAINING REQUIREMENTS: CA

    Broader source: Energy.gov [DOE]

    DOE CYBER SECURITY EBK: CORE COMPETENCY TRAINING REQUIREMENTS. Key Cyber Security Role: Certification Agent (CA)

  11. Cyber Security Requirements for Risk Management

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2004-02-19

    The Notice ensures that system owners consistently assess the threats to and vulnerabilities of systems in order to implement adequate security controls. The Notice will also ensure compliance with the requirements of DOE O 205.1, Department of Energy Cyber Security Management Program, dated 3-21-03, and protect DOE information and information systems from unauthorized access, use, disclosure, modification, or destruction. DOE N 205.15, dated 3/18/05, extends this directive until 3/18/06.

  12. Department of Energy Cyber Security Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2011-05-16

    The order sets forth requirements and responsibilities for a Departmental Cyber Security Program that protects information and information systems for DOE. Cancels DOE O 205.1A, DOE M 205.1-4, DOE M 205.1-5, DOE M 205.1-6, DOE M 205.1-7 and DOE M 205.1-8. Admin Chg 1, dated 12-7-2012; Chg 2, dated 3-11-13.

  13. Department of Energy Cyber Security Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2011-05-16

    The order sets forth requirements and responsibilities for a Departmental Cyber Security Program that protects information and information systems for DOE. Cancels DOE O 205.1A, DOE M 205.1-4, DOE M 205.1-5, DOE M 205.1-6, DOE M 205.1-7 and DOE M 205.1-8. Admin Chg 1, dated 12-7-2012.

  14. Nuclear Instrumentation and Control Cyber Testbed Considerations – Lessons Learned

    SciTech Connect (OSTI)

    Jonathan Gray; Robert Anderson; Julio G. Rodriguez; Cheol-Kwon Lee

    2014-08-01

    Abstract: Identifying and understanding digital instrumentation and control (I&C) cyber vulnerabilities within nuclear power plants and other nuclear facilities, is critical if nation states desire to operate nuclear facilities safely, reliably, and securely. In order to demonstrate objective evidence that cyber vulnerabilities have been adequately identified and mitigated, a testbed representing a facility’s critical nuclear equipment must be replicated. Idaho National Laboratory (INL) has built and operated similar testbeds for common critical infrastructure I&C for over ten years. This experience developing, operating, and maintaining an I&C testbed in support of research identifying cyber vulnerabilities has led the Korean Atomic Energy Research Institute of the Republic of Korea to solicit the experiences of INL to help mitigate problems early in the design, development, operation, and maintenance of a similar testbed. The following information will discuss I&C testbed lessons learned and the impact of these experiences to KAERI.

  15. PACIFIC NORTHWEST CYBER SUMMIT

    SciTech Connect (OSTI)

    Lesperance, Ann M.; Matlock, Gordon W.; Becker-Dippmann, Angela S.; Smith, Karen S.

    2013-08-07

    On March 26, 2013, the Snohomish County Public Utility District (PUD) and the U.S. Department of Energy’s (DOE’s) Pacific Northwest National Laboratory (PNNL) jointly hosted the Pacific Northwest Cyber Summit with the DOE’s Office of Electricity Delivery and Energy Reliability, the White House, Washington State congressional delegation, Washington State National Guard, and regional energy companies.

  16. Agent-based Cyber Control Strategy Design for Resilient Control Systems: Concepts, Architecture and Methodologies

    SciTech Connect (OSTI)

    Craig Rieger; Milos Manic; Miles McQueen

    2012-08-01

    The implementation of automated regulatory control has been around since the middle of the last century through analog means. It has allowed engineers to operate the plant more consistently by focusing on overall operations and settings instead of individual monitoring of local instruments (inside and outside of a control room). A similar approach is proposed for cyber security, where current border-protection designs have been inherited from information technology developments that lack consideration of the high-reliability, high consequence nature of industrial control systems. Instead of an independent development, however, an integrated approach is taken to develop a holistic understanding of performance. This performance takes shape inside a multiagent design, which provides a notional context to model highly decentralized and complex industrial process control systems, the nervous system of critical infrastructure. The resulting strategy will provide a framework for researching solutions to security and unrecognized interdependency concerns with industrial control systems.

  17. DOE Cyber Strategy | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Cyber Strategy DOE Cyber Strategy The Office of the Chief Information Officer is pleased to announce publication of the U.S. Department of Energy (DOE) Cyber Strategy. 151228-doe-cyber-strategy123.png To meet the challenges of today's rapidly evolving cyber landscape, the Department has crafted a comprehensive cyber strategy rooted in enterprise-wide collaboration, accountability, and transparency. The underlying principles and strategic goals that form the Strategy's foundation attest to DOE's

  18. Extension of DOE Directive on Cyber Security

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2003-06-04

    DOE N 205.4, Handling Cyber Security Alerts and Advisories and Reporting Cyber Security Incidents, is extended until 6/4/04.

  19. cyber | National Nuclear Security Administration

    National Nuclear Security Administration (NNSA)

    cyber | National Nuclear Security Administration Facebook Twitter Youtube Flickr RSS People Mission Managing the Stockpile Preventing Proliferation Powering the Nuclear Navy...

  20. Cyber Security Process Requirements Manual

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2008-08-12

    The Manual establishes the minimum implementation standards for cyber security management processes throughout the Department. No cancellation. Admin Chg 1 dated 9-1-09.

  1. Network Randomization and Dynamic Defense for Critical Infrastructure Systems

    SciTech Connect (OSTI)

    Chavez, Adrian R.; Martin, Mitchell Tyler; Hamlet, Jason; Stout, William M.S.; Lee, Erik

    2015-04-01

    Critical Infrastructure control systems continue to foster predictable communication paths, static configurations, and unpatched systems that allow easy access to our nation's most critical assets. This makes them attractive targets for cyber intrusion. We seek to address these attack vectors by automatically randomizing network settings, randomizing applications on the end devices themselves, and dynamically defending these systems against active attacks. Applying these protective measures will convert control systems into moving targets that proactively defend themselves against attack. Sandia National Laboratories has led this effort by gathering operational and technical requirements from Tennessee Valley Authority (TVA) and performing research and development to create a proof-of-concept solution. Our proof-of-concept has been tested in a laboratory environment with over 300 nodes. The vision of this project is to enhance control system security by converting existing control systems into moving targets and building these security measures into future systems while meeting the unique constraints that control systems face.

  2. The Cyber Security Crisis

    ScienceCinema (OSTI)

    Spafford, Eugene [Purdue University, West Lafayette, Indiana, United States

    2009-09-01

    Despite considerable activity and attention, the overall state of information security continues to get worse. Attacks are increasing, fraud and theft are rising, and losses may exceed $100 billion per year worldwide. Many factors contribute to this, including misplaced incentives for industry, a lack of attention by government, ineffective law enforcement, and an uninformed image of who the perpetrators really are. As a result, many of the intended attempts at solutions are of limited (if any) overall effectiveness. This presentation will illustrate some key aspects of the cyber security problem and its magnitude, as well as provide some insight into causes and enabling factors. The talk will conclude with some observations on how the computing community can help improve the situation, as well as some suggestions for 'cyber self-defense.'

  3. Cyber Assessment Methods for SCADA Security | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Assessment Methods for SCADA Security Cyber Assessment Methods for SCADA Security This paper describes vulnerability assessment methodologies used in ongoing research and assessment activities designed to identify and resolve vulnerabilities so as to improve the security of the nation's critical infrastructure. The terrorist attacks of September 11, 2001 brought to light threats and vulnerabilities that face the United States. In response, the U.S. Government is directing the effort to secure

  4. Microsoft Word - OE Cyber Release 10 18 07.doc

    Energy Savers [EERE]

    FOR IMMEDIATE RELEASE Megan Barnett, (202) 586-4940 Thursday, October 18, 2007 DOE to Provide Nearly $8 Million to Safeguard the Nation's Energy Infrastructure from Cyber Attacks WASHINGTON, DC - U.S. Department of Energy (DOE) Assistant Secretary for Electricity Delivery and Energy Reliability Kevin M. Kolevar today announced five projects that have been selected for negotiation of awards of up to $7.9 million in DOE funding to develop and integrate technologically- advanced controls and

  5. Cyber Security Incident Management Manual

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2009-01-08

    The manual establishes minimum requirements for a structured cyber security incident detection and management process for detecting, identifying, categorizing, containing, reporting, and mitigating cyber security incidents involving DOE information and information systems operated by DOE or by contractors on behalf of the Department. No cancellations. Admin Chg 1 dated 9-1-09.

  6. Cyber Security Incident Management Manual

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2009-01-08

    The manual establishes minimum requirements for a structured cyber security incident detection and management process for detecting, identifying, categorizing, containing, reporting, and mitigating cyber security incidents involving DOE information and information systems operated by DOE or by contractors on behalf of the Department. No cancellations.

  7. Voluntary Protection Program Onsite Review, Swift and Staley Team, Infrastructure Support Contract, Paducah Gaseous Diffusion Plant- December 2014

    Broader source: Energy.gov [DOE]

    Annual Merit Review of Swift and Staley Team (SST) for continued participation in the Department of Energy Voluntary Protection Program.

  8. DOE CYBER SECURITY EBK: MINIMUM CORE COMPETENCY TRAINING REQUIREMENTS...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    CYBER SECURITY EBK: MINIMUM CORE COMPETENCY TRAINING REQUIREMENTS DOE CYBER SECURITY EBK: MINIMUM CORE COMPETENCY TRAINING REQUIREMENTS puzzle-693870960720.jpg PDF icon DOE CYBER ...

  9. Strengthening Cyber Security

    Energy Savers [EERE]

    E n E rgyB i z November/December 2008 » TECHNOLOGY FRONTIER (Guest OpiniOn) remOte attaCks On systems that control power production and distribution are no longer hypothetical events. At least four utilities have been subjected to extortion demands by criminals who used the Internet to infect the utilities' computers and caused or threatened power outages. Cyber attacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption

  10. Cyber Security Evaluation Tool

    SciTech Connect (OSTI)

    2009-08-03

    CSET is a desktop software tool that guides users through a step-by-step process to assess their control system network security practices against recognized industry standards. The output from CSET is a prioritized list of recommendations for improving the cyber security posture of your organization?¢????s ICS or enterprise network. CSET derives the recommendations from a database of cybersecurity standards, guidelines, and practices. Each recommendation is linked to a set of actions that can be applied to enhance cybersecurity controls.

  11. Cyber Security Evaluation Tool

    Energy Science and Technology Software Center (OSTI)

    2009-08-03

    CSET is a desktop software tool that guides users through a step-by-step process to assess their control system network security practices against recognized industry standards. The output from CSET is a prioritized list of recommendations for improving the cyber security posture of your organization’s ICS or enterprise network. CSET derives the recommendations from a database of cybersecurity standards, guidelines, and practices. Each recommendation is linked to a set of actions that can be applied tomore » enhance cybersecurity controls.« less

  12. Fuzzy Logic Based Anomaly Detection for Embedded Network Security Cyber Sensor

    SciTech Connect (OSTI)

    Ondrej Linda; Todd Vollmer; Jason Wright; Milos Manic

    2011-04-01

    Resiliency and security in critical infrastructure control systems in the modern world of cyber terrorism constitute a relevant concern. Developing a network security system specifically tailored to the requirements of such critical assets is of a primary importance. This paper proposes a novel learning algorithm for anomaly based network security cyber sensor together with its hardware implementation. The presented learning algorithm constructs a fuzzy logic rule based model of normal network behavior. Individual fuzzy rules are extracted directly from the stream of incoming packets using an online clustering algorithm. This learning algorithm was specifically developed to comply with the constrained computational requirements of low-cost embedded network security cyber sensors. The performance of the system was evaluated on a set of network data recorded from an experimental test-bed mimicking the environment of a critical infrastructure control system.

  13. Headquarters Facilities Master Security Plan- Chapter 14, Cyber Security

    Broader source: Energy.gov [DOE]

    2016 Headquarters Facilities Master Security Plan - Chapter 14, Cyber Security Describes the DOE Headquarters Cyber Security Program.

  14. Cyber Security Standards.PDF

    Energy Savers [EERE]

    1 I N S P E C T I O N R E P O R T U.S. DEPARTMENT OF ENERGY OFFICE OF INSPECTOR GENERAL OFFICE OF INSPECTIONS INSPECTION OF CYBER SECURITY STANDARDS FOR SENSITIVE PERSONAL ...

  15. Chapter_14_Cyber_Security

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Points of Contact For cyber security-related matters, call (202) 586-6691. FormsSamplesGraphics Sample ISSO Appointment Memorandum (see Attachment 1400-1) Chapter 14-1 ATTACHMENT ...

  16. Cyber Security Process Requirements Manual

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2008-08-12

    The Manual establishes minimum implementation standards for cyber security management processes throughout the Department. Admin Chg 1 dated 9-1-09; Admin Chg 2 dated 12-22-09. Canceled by DOE O 205.1B. No cancellations.

  17. National Security and Cyber Security

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    National Security and Cyber Security National Security and Cyber Security National security depends on science and technology. The United States relies on Los Alamos National Laboratory for the best of both. No place on Earth pursues a broader array of world-class scientific endeavors. Contact thumbnail of Business Development Business Development Richard P. Feynman Center for Innovation (505) 665-9090 Email National security and weapons science at the laboratory spans essentially all the

  18. Visualizing Cyber Security: Usable Workspaces

    SciTech Connect (OSTI)

    Fink, Glenn A.; North, Christopher L.; Endert, Alexander; Rose, Stuart J.

    2009-10-11

    An environment that supports cyber analytics work should enable multiple, simultaneous investigations, information foraging, and provide a solution space for organizing data. We describe our study of cyber security professionals and visualizations in a large, high-resolution display work environment. We discuss the tasks and needs of analysts that such an environment can support and present several prototypes designed to support these needs. We conclude with a usability evaluation of the prototypes and additional lessons learned.

  19. Cyber Security Incident Management Manual

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2009-01-08

    The manual establishes minimum requirements for a structured cyber security incident detection and management process for detecting, identifying, categorizing, containing, reporting, and mitigating cyber security incidents involving DOE information and information systems operated by DOE or by contractors on behalf of the Department. Admin Chg 1 dated 9-1-09; Admin Chg 2 dated 12-22-09. Canceled by DOE O 205.1B.

  20. Hydrogen Infrastructure

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Solar Energy Wind Energy Water Power Supercritical CO2 Geothermal Natural Gas Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering ...

  1. Infrastructure Security

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Solar Energy Wind Energy Water Power Supercritical CO2 Geothermal Natural Gas Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering ...

  2. Vulnerability and Mitigation Studies for Infrastructure

    SciTech Connect (OSTI)

    Glascoe, L; Noble, C; Morris, J

    2007-08-02

    The summary of this presentation is that: (1) We do end-to-end systems analysis for infrastructure protection; (2) LLNL brings interdisciplinary subject matter expertise to infrastructure and explosive analysis; (3) LLNL brings high-fidelity modeling capabilities to infrastructure analysis for use on high performance platforms; and (4) LLNL analysis of infrastructure provides information that customers and stakeholders act on.

  3. Innovating to Meet the Evolving Cyber Challenge | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Protecting critical energy infrastructure -- which makes reliable electricity transmission and ... Cybersecurity is also a priority for our Smart Grid Investment Grant (SGIG) ...

  4. Extension of DOE Directive on Cyber Security

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2004-07-06

    This Notice extends DOE N 205.4, Handling Cyber Security Alerts and Advisories and Reporting Cyber Security Incidents, dated 3-18-02, until 7-6-05.

  5. Cyber Fed Model Application in support of DOE Cyber Security Initiatives -

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Ames Participation | The Ames Laboratory Cyber Fed Model Application in support of DOE Cyber Security Initiatives - Ames Participation FWP/Project Description: The Cyber Fed Model (CFM) is a communication and coordination framework focused on the reduction and mitigation of cyber security risk across a large distributed organization like the Department of Energy. The CFM framework can be used to help integrate various cyber security systems and capabilities spanning the DOE enterprise, the

  6. Strengthening Cyber Security | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Strengthening Cyber Security Strengthening Cyber Security Describes the goals and activities of the National SCADA Test Bed program to secure control systems in the energy sector from cyber attack PDF icon Strengthening Cyber Security More Documents & Publications Considering Cumulative Effects Under the National Environmental Policy Act (CEQ, 1997) Vision for 2025: A Framework for Change Demand Response and Smart Metering Policy Actions Since the Energy Policy Act of 2005: A Summary for

  7. SECURING OIL AND NATURAL GAS INFRASTRUCTURES IN THE NEW ECONOMY...

    Broader source: Energy.gov (indexed) [DOE]

    policy on critical infrastructure protection. PDF icon SECURING OIL AND NATURAL GAS INFRASTRUCTURES IN THE NEW ECONOMY More Documents & Publications Energy Sector-Specific ...

  8. Energy Critical Infrastructure and Key Resources Sector-Specific

    Energy Savers [EERE]

    Energy Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan (Redacted) May 2007 Department of Energy Energy Sector ...

  9. May 3 PSERC Webinar: Physical and Cyber Infrastructure Supporting...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    A&M Site Director of the NSF IURC PSERC, as well as the Principal of XpertPower(tm) Associates, an IEEE Fellow, a CIGRE Fellow, and a Registered Professional Engineer in Texas. ...

  10. Materials Informatics for the ICME CyberInfrastructure | Department of

    Broader source: Energy.gov (indexed) [DOE]

    Storage Center of Excellence | Department of Energy Technical report describing DOE's Chemical Hydrogen Storage Center of Excellence investigation into various hydrogen storage materials and progress towards meeting DOE's hydrogen storage targets. The report presents a review of the material status as related to DOE hydrogen storage targets and explains the basis for the down select decisions. PDF icon Materials Down Select Decisions Made Within DOE's Chemical Hydrogen Storage Center of

  11. Reducing Cyber Risk to Critical Infrastructure: NIST Framework...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    in the Federal Register on February 26, 2013 and a series of open public workshops. ... Framework through the electricity and oil and natural gas sector coordinating councils. ...

  12. A Hierarchical Security Architecture for Cyber-Physical Systems

    SciTech Connect (OSTI)

    Quanyan Zhu; Tamer Basar

    2011-08-01

    Security of control systems is becoming a pivotal concern in critical national infrastructures such as the power grid and nuclear plants. In this paper, we adopt a hierarchical viewpoint to these security issues, addressing security concerns at each level and emphasizing a holistic cross-layer philosophy for developing security solutions. We propose a bottom-up framework that establishes a model from the physical and control levels to the supervisory level, incorporating concerns from network and communication levels. We show that the game-theoretical approach can yield cross-layer security strategy solutions to the cyber-physical systems.

  13. Infrastructure Assurance

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Infrastructure Assurance - Sandia Energy Energy Search Icon Sandia Home Locations Contact Us Employee Locator Energy & Climate Secure & Sustainable Energy Future Stationary Power Energy Conversion Efficiency Solar Energy Wind Energy Water Power Supercritical CO2 Geothermal Natural Gas Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering Grid Modernization Battery Testing Nuclear Fuel Cycle Defense Waste Management Programs Advanced

  14. Recommended Practice: Creating Cyber Forensics Plans for Control Systems

    SciTech Connect (OSTI)

    Eric Cornelius; Mark Fabro

    2008-08-01

    Cyber forensics has been in the popular mainstream for some time, and has matured into an information-technology capability that is very common among modern information security programs. The goal of cyber forensics is to support the elements of troubleshooting, monitoring, recovery, and the protection of sensitive data. Moreover, in the event of a crime being committed, cyber forensics is also the approach to collecting, analyzing, and archiving data as evidence in a court of law. Although scalable to many information technology domains, especially modern corporate architectures, cyber forensics can be challenging when being applied to non-traditional environments, which are not comprised of current information technologies or are designed with technologies that do not provide adequate data storage or audit capabilities. In addition, further complexity is introduced if the environments are designed using proprietary solutions and protocols, thus limiting the ease of which modern forensic methods can be utilized. The legacy nature and somewhat diverse or disparate component aspects of control systems environments can often prohibit the smooth translation of modern forensics analysis into the control systems domain. Compounded by a wide variety of proprietary technologies and protocols, as well as critical system technologies with no capability to store significant amounts of event information, the task of creating a ubiquitous and unified strategy for technical cyber forensics on a control systems device or computing resource is far from trivial. To date, no direction regarding cyber forensics as it relates to control systems has been produced other than what might be privately available from commercial vendors. Current materials have been designed to support event recreation (event-based), and although important, these requirements do not always satisfy the needs associated with incident response or forensics that are driven by cyber incidents. To address these issues and to accommodate for the diversity in both system and architecture types, a framework based in recommended practices to address forensics in the control systems domain is required. This framework must be fully flexible to allow for deployment into any control systems environment regardless of technologies used. Moreover, the framework and practices must provide for direction on the integration of modern network security technologies with traditionally closed systems, the result being a true defense-in-depth strategy for control systems architectures. This document takes the traditional concepts of cyber forensics and forensics engineering and provides direction regarding augmentation for control systems operational environments. The goal is to provide guidance to the reader with specifics relating to the complexity of cyber forensics for control systems, guidance to allow organizations to create a self-sustaining cyber forensics program, and guidance to support the maintenance and evolution of such programs. As the current control systems cyber security community of interest is without any specific direction on how to proceed with forensics in control systems environments, this information product is intended to be a first step.

  15. Towards an Experimental Testbed Facility for Cyber-Physical Security Research

    SciTech Connect (OSTI)

    Edgar, Thomas W.; Manz, David O.; Carroll, Thomas E.

    2012-01-07

    Cyber-Physical Systems (CPSs) are under great scrutiny due to large Smart Grid investments and recent high profile security vulnerabilities and attacks. Research into improved security technologies, communication models, and emergent behavior is necessary to protect these systems from sophisticated adversaries and new risks posed by the convergence of CPSs with IT equipment. However, cyber-physical security research is limited by the lack of access to universal cyber-physical testbed facilities that permit flexible, high-fidelity experiments. This paper presents a remotely-configurable and community-accessible testbed design that integrates elements from the virtual, simulated, and physical environments. Fusing data between the three environments enables the creation of realistic and scalable environments where new functionality and ideas can be exercised. This novel design will enable the research community to analyze and evaluate the security of current environments and design future, secure, cyber-physical technologies.

  16. Emulytics for Cyber-Enabled Physical Attack Scenarios: Interim LDRD Report of Year One Results.

    SciTech Connect (OSTI)

    Clem, John; Urias, Vincent; Atkins, William Dee; Symonds, Christopher J.

    2015-12-08

    Sandia National Laboratories has funded the research and development of a new capability to interactively explore the effects of cyber exploits on the performance of physical protection systems. This informal, interim report of progress summarizes the project’s basis and year one (of two) accomplishments. It includes descriptions of confirmed cyber exploits against a representative testbed protection system and details the development of an emulytics capability to support live, virtual, and constructive experiments. This work will support stakeholders to better engineer, operate, and maintain reliable protection systems.

  17. NIST Finalizes Initial Set of Smart Grid Cyber Security Guidelines

    Broader source: Energy.gov [DOE]

    The National Institute of Standards and Technology (NIST) issued today its first Guidelines for Smart Grid Cyber Security, which includes high-level security requirements, a framework for assessing risks, an evaluation of privacy issues at personal residences, and additional information for businesses and organizations to use as they craft strategies to protect the modernizing power grid from attacks, malicious code, cascading errors, and other threats.

  18. Protecting Intelligent Distributed Power Grids Against Cyber...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    distribution, IT networks, and control systems-that use automated data analysis and demand response capabilities to increase system functionality, efficiency, and reliability. ...

  19. BROOKHAVEN NATIONAL LABORATORYS CAPABILITIES FOR ADVANCED ANALYSES OF CYBER THREATS

    SciTech Connect (OSTI)

    DePhillips M. P.

    2014-06-06

    BNL has several ongoing, mature, and successful programs and areas of core scientific expertise that readily could be modified to address problems facing national security and efforts by the IC related to securing our nation’s computer networks. In supporting these programs, BNL houses an expansive, scalable infrastructure built exclusively for transporting, storing, and analyzing large disparate data-sets. Our ongoing research projects on various infrastructural issues in computer science undoubtedly would be relevant to national security. Furthermore, BNL frequently partners with researchers in academia and industry worldwide to foster unique and innovative ideas for expanding research opportunities and extending our insights. Because the basic science conducted at BNL is unique, such projects have led to advanced techniques, unlike any others, to support our mission of discovery. Many of them are modular techniques, thus making them ideal for abstraction and retrofitting to other uses including those facing national security, specifically the safety of the nation’s cyber space.

  20. Assessment of current cybersecurity practices in the public domain : cyber indications and warnings domain.

    SciTech Connect (OSTI)

    Hamlet, Jason R.; Keliiaa, Curtis M.

    2010-09-01

    This report assesses current public domain cyber security practices with respect to cyber indications and warnings. It describes cybersecurity industry and government activities, including cybersecurity tools, methods, practices, and international and government-wide initiatives known to be impacting current practice. Of particular note are the U.S. Government's Trusted Internet Connection (TIC) and 'Einstein' programs, which are serving to consolidate the Government's internet access points and to provide some capability to monitor and mitigate cyber attacks. Next, this report catalogs activities undertaken by various industry and government entities. In addition, it assesses the benchmarks of HPC capability and other HPC attributes that may lend themselves to assist in the solution of this problem. This report draws few conclusions, as it is intended to assess current practice in preparation for future work, however, no explicit references to HPC usage for the purpose of analyzing cyber infrastructure in near-real-time were found in the current practice. This report and a related SAND2010-4766 National Cyber Defense High Performance Computing and Analysis: Concepts, Planning and Roadmap report are intended to provoke discussion throughout a broad audience about developing a cohesive HPC centric solution to wide-area cybersecurity problems.

  1. DOE Cyber Distinguished Speaker Series | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    DOE Cyber Distinguished Speaker Series DOE Cyber Distinguished Speaker Series aprilcdss6.png Cyber Distinguished Speaker Series Background and Information The DOE Cyber Distinguished Speaker Series brings internationally renowned cyber experts from government and private industry to the Department as featured speakers in this OCIO-sponsored series. Past speakers include Dr. Gregg Shannon, Assistant Director for Cyber Security Strategy at the White House Office of Science and Technology Policy;

  2. Obama's Call for Public-Private Cyber Security Collaboration...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Obama's Call for Public-Private Cyber Security Collaboration Reflected in DOE's Priorities Obama's Call for Public-Private Cyber Security Collaboration Reflected in DOE's Priorities ...

  3. Lessons Learned from Cyber Security Assessments of SCADA and...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems ...

  4. NNSA Seeking Comments on Consolidated IT and Cyber Security Support...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    NNSA Seeking Comments on Consolidated IT and Cyber Security Support Services Draft NNSA Seeking Comments on Consolidated IT and Cyber Security Support Services Draft July 17, 2013 ...

  5. Office of Cyber and Security Assessments | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Assessments Office of Cyber and Security Assessments MISSION The Office of Cyber and Security Assessments is responsible for the independent evaluation of the effectiveness of ...

  6. Cyber Security Audit and Attack Detection Toolkit: National SCADA...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Cyber Security Audit and Attack Detection Toolkit: National SCADA Test Bed May 2008 This project of the cyber security audit and attack detection toolkit is adding control system ...

  7. Lessons Learned from Cyber Security Assessments of SCADA and...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems...

  8. Sandia Energy - Cyber Research Facility Opens at Sandia's California...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Site Home Energy Assurance Cyber Energy Surety Facilities News News & Events Cybersecurity Technologies Research Laboratory Cyber Research Facility Opens at Sandia's...

  9. NNSA Seeking Comments on Consolidated IT and Cyber Security Support...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    NNSA Seeking Comments on Consolidated IT and Cyber Security Support Services Draft NNSA Seeking Comments on Consolidated IT and Cyber Security Support Services Draft July 17, 2013...

  10. Control Systems Cyber Security: Defense in Depth Strategies ...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Cyber Security: Defense in Depth Strategies Control Systems Cyber Security: Defense in ... strategies for organizations that use control system networks while maintaining a ...

  11. Using Operational Security (OPSEC) to Support a Cyber Security...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    a Cyber Security Culture in Control Systems Environments Using Operational Security (OPSEC) to Support a Cyber Security Culture in Control Systems Environments This document ...

  12. Common Cyber Security Vulnerabilities Observed in Control System...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program Common Cyber Security Vulnerabilities Observed in Control System Assessments by ...

  13. Mathematical and Statistical Opportunities in Cyber Security

    Office of Scientific and Technical Information (OSTI)

    Mathematical and Statistical Opportunities in Cyber Security ∗ Juan Meza † Scott Campbell ‡ David Bailey § Abstract The role of mathematics in a complex system such as the Internet has yet to be deeply explored. In this paper, we summarize some of the important and pressing problems in cyber security from the viewpoint of open science environments. We start by posing the question "What fundamental problems exist within cyber security research that can be helped by advanced

  14. Cyber and Security Assessments | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Cyber and Security Assessments Cyber and Security Assessments Cyber and Security Assessments within the Office of Independent Enterprise Assessments implements the independent security performance monitoring functions for DOE. The other half of the Independent Oversight Program is implemented by the Office of Safety and Emergency Management Evaluations for safety oversight. The independent oversight function performed by these two offices is delineated in DOE Order 227.1A, Independent Oversight

  15. Office of Cyber Assessments | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Cyber Assessments Office of Cyber Assessments MISSION The Office of Cyber Assessments is responsible for the independent evaluation of the effectiveness of classified and unclassified computer security policies and programs throughout the Department. The Office has established and maintains a continuous program for assessing the security of DOE classified and unclassified networks through expert program and technical analysis, including detailed network penetration testing to detect

  16. Office of Cyber Assessments | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    The Office analyzes cyber security trends and studies complex-wide issues in order to provide feedback on essential information assurance practices to DOE Headquarters and sites. ...

  17. Sandia Energy Cyber Engineering Research Laboratory (CERL...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    wins-funding-for-programming-in-situ-data-analysisvisualizationfeed 0 Sandia Cyber Engineering Research Laboratory (CERL) Formally Opens http:energy.sandia.gov...

  18. Information Security: Coordination of Federal Cyber Security...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Information Security: Coordination of Federal Cyber Security Research and Development GAO recommends that the Office of Science and Technology Policy establish timelines for ...

  19. Infrastructure Security

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    3 - Sandia Energy Energy Search Icon Sandia Home Locations Contact Us Employee Locator Energy & Climate Secure & Sustainable Energy Future Stationary Power Energy Conversion Efficiency Solar Energy Wind Energy Water Power Supercritical CO2 Geothermal Natural Gas Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering Grid Modernization Battery Testing Nuclear Fuel Cycle Defense Waste Management Programs Advanced Nuclear Energy Nuclear

  20. Infrastructure Security

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Sandia Energy Energy Search Icon Sandia Home Locations Contact Us Employee Locator Energy & Climate Secure & Sustainable Energy Future Stationary Power Energy Conversion Efficiency Solar Energy Wind Energy Water Power Supercritical CO2 Geothermal Natural Gas Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering Grid Modernization Battery Testing Nuclear Fuel Cycle Defense Waste Management Programs Advanced Nuclear Energy Nuclear

  1. Infrastructure Security

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    to enhance the nation's security and prosperity through sustainable, transformative approaches to our most challenging energy, climate, and infrastructure problems. vision Important applications of these capabilities include performing assessment of facility vulnerabilities and resultant consequences of a range of attack scenarios related to nuclear facilities after 9/11. these comprehensive analyses were able to realistically represent the actual attack, the response of the facility to the

  2. Infrastructure Security

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    to enhance the nation's security and prosperity through sustainable, transformative approaches to our most challenging energy, climate, and infrastructure problems. vision applications to Systems assessment over the last three decades, Snl has developed and applied a Systems Engineering (SE) approach that includes performance assessment (pa) expertise to inform key decisions concerning radioactive waste management both in the US and internationally. the result of these efforts is a pa-based SE

  3. National Infrastructure Simulation and Analysis Center Overview

    SciTech Connect (OSTI)

    Berscheid, Alan P.

    2012-07-30

    National Infrastructure Simulation and Analysis Center (NISAC) mission is to: (1) Improve the understanding, preparation, and mitigation of the consequences of infrastructure disruption; (2) Provide a common, comprehensive view of U.S. infrastructure and its response to disruptions - Scale & resolution appropriate to the issues and All threats; and (3) Built an operations-tested DHS capability to respond quickly to urgent infrastructure protection issues.

  4. Microgrid cyber security reference architecture.

    SciTech Connect (OSTI)

    Veitch, Cynthia K.; Henry, Jordan M.; Richardson, Bryan T.; Hart, Derek H.

    2013-07-01

    This document describes a microgrid cyber security reference architecture. First, we present a high-level concept of operations for a microgrid, including operational modes, necessary power actors, and the communication protocols typically employed. We then describe our motivation for designing a secure microgrid; in particular, we provide general network and industrial control system (ICS)-speci c vulnerabilities, a threat model, information assurance compliance concerns, and design criteria for a microgrid control system network. Our design approach addresses these concerns by segmenting the microgrid control system network into enclaves, grouping enclaves into functional domains, and describing actor communication using data exchange attributes. We describe cyber actors that can help mitigate potential vulnerabilities, in addition to performance bene ts and vulnerability mitigation that may be realized using this reference architecture. To illustrate our design approach, we present a notional a microgrid control system network implementation, including types of communica- tion occurring on that network, example data exchange attributes for actors in the network, an example of how the network can be segmented to create enclaves and functional domains, and how cyber actors can be used to enforce network segmentation and provide the neces- sary level of security. Finally, we describe areas of focus for the further development of the reference architecture.

  5. Energy: Critical Infrastructure and Key Resources Sector-Specific Plan as

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    input to the National Infrastructure Protection Plan (Redacted) | Department of Energy Energy: Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan (Redacted) Energy: Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan (Redacted) In June 2006, the U.S. Department of Homeland Security (DHS) announced completion of the National Infrastructure Protection Plan

  6. Energy Infrastructure Events and Expansions Infrastructure Security...

    Energy Savers [EERE]

    Year-in-Review: 2010 Energy Infrastructure Events and Expansions Infrastructure Security and Energy Restoration Office of Electricity Delivery and Energy Reliability U.S. ...

  7. Gamification for Measuring Cyber Security Situational Awareness

    SciTech Connect (OSTI)

    Fink, Glenn A.; Best, Daniel M.; Manz, David O.; Popovsky, V. M.; Endicott-Popovsky, Barbara E.

    2013-03-01

    Cyber defense competitions arising from U.S. service academy exercises, offer a platform for collecting data that can inform research that ranges from characterizing the ideal cyber warrior to describing behaviors during certain challenging cyber defense situations. This knowledge could lead to better preparation of cyber defenders in both military and civilian settings. This paper describes how one regional competition, the PRCCDC, a participant in the national CCDC program, conducted proof of concept experimentation to collect data during the annual competition for later analysis. The intent is to create an ongoing research agenda that expands on this current work and incorporates augmented cognition and gamification methods for measuring cybersecurity situational awareness under the stress of cyber attack.

  8. Cyber-Based Vulnerability Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Solar Energy Wind Energy Water Power Supercritical CO2 Geothermal Natural Gas Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering ...

  9. Cyber Dynamic Impact Modeling Engine

    Energy Science and Technology Software Center (OSTI)

    2014-07-01

    As the rate, sophistication, and potential damage of cyber attacks continue to grow, the latency of human-speed analysis and response is becoming increasingly costly. Intelligent response to detected attacks and other malicious activity requires both knowledge of the characteristics of the attack as well as how resources involved in the attack related to the mission of the organization. Cydime fills this need by estimating a key component of intrusion detection and response automation: the relationshipmore » type and strength between the target organization and the potential attacker.« less

  10. Handling Cyber Security Alerts and Advisories and Reporting Cyber Security Incidents

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2002-03-18

    To establish Department of Energy (DOE) requirements and responsibilities for reporting cyber security incidents involving classified and unclassified systems and responding to cyber security alerts and advisories; and to implement requirements of DOE N 205.1, Unclassified Cyber Security Program, and DOE M 471.2-2, Classified Information Systems Security Manual. DOE N 205.13, dated 7-6-04, extends this notice until 7-6-05. Cancels DOE M 471.2-2, Chapter III, section 8.

  11. Quantifying the Impact of Unavailability in Cyber-Physical Environments

    SciTech Connect (OSTI)

    Aissa, Anis Ben; Abercrombie, Robert K; Sheldon, Federick T.; Mili, Ali

    2014-01-01

    The Supervisory Control and Data Acquisition (SCADA) system discussed in this work manages a distributed control network for the Tunisian Electric & Gas Utility. The network is dispersed over a large geographic area that monitors and controls the flow of electricity/gas from both remote and centralized locations. The availability of the SCADA system in this context is critical to ensuring the uninterrupted delivery of energy, including safety, security, continuity of operations and revenue. Such SCADA systems are the backbone of national critical cyber-physical infrastructures. Herein, we propose adapting the Mean Failure Cost (MFC) metric for quantifying the cost of unavailability. This new metric combines the classic availability formulation with MFC. The resulting metric, so-called Econometric Availability (EA), offers a computational basis to evaluate a system in terms of the gain/loss ($/hour of operation) that affects each stakeholder due to unavailability.

  12. Secure control systems with application to cyber-physical systems

    SciTech Connect (OSTI)

    Dong, Jin; Djouadi, Seddik M; Nutaro, James J; Kuruganti, Phani Teja

    2014-01-01

    Control systems are computer-based systems with networked units consisting of sensors, actuators, control processing units, and communication devices. The role of control system is to interact, monitor, and control physical processes. Reactive power control is a fundamental issue in ensuring the security of the power network. It is claimed that Synchronous Condensers (SC) have been used at both distribution and transmission voltage levels to improve stability and to maintain voltages within desired limits under changing load conditions and contingency situations. Performance of PI controller corresponding to various tripping faults are analyzed for SC systems. Most of the eort in protecting these systems has been in protection against random failures or reliability. However, besides failures these systems are subject to various signal attacks for which new analysis are discussed here. When a breach does occur, it is necessary to react in a time commensurate with the physical dynamics of the system as it responds to the attack. Failure to act swiftly enough may result in undesirable, and possibly irreversible, physical eects. Therefore, it is meaningful to evaluate the security of a cyber-physical system, especially to protect it from cyber-attack. Illustrative numerical examples are provided together with an application to the SC systems.

  13. National cyber defense high performance computing and analysis : concepts, planning and roadmap.

    SciTech Connect (OSTI)

    Hamlet, Jason R.; Keliiaa, Curtis M.

    2010-09-01

    There is a national cyber dilemma that threatens the very fabric of government, commercial and private use operations worldwide. Much is written about 'what' the problem is, and though the basis for this paper is an assessment of the problem space, we target the 'how' solution space of the wide-area national information infrastructure through the advancement of science, technology, evaluation and analysis with actionable results intended to produce a more secure national information infrastructure and a comprehensive national cyber defense capability. This cybersecurity High Performance Computing (HPC) analysis concepts, planning and roadmap activity was conducted as an assessment of cybersecurity analysis as a fertile area of research and investment for high value cybersecurity wide-area solutions. This report and a related SAND2010-4765 Assessment of Current Cybersecurity Practices in the Public Domain: Cyber Indications and Warnings Domain report are intended to provoke discussion throughout a broad audience about developing a cohesive HPC centric solution to wide-area cybersecurity problems.

  14. Trust Management Considerations For the Cooperative Infrastructure Defense Framework: Trust Relationships, Evidence, and Decisions

    SciTech Connect (OSTI)

    Maiden, Wendy M.

    2009-12-01

    Cooperative Infrastructure Defense (CID) is a hierarchical, agent-based, adaptive, cyber-security framework designed to collaboratively protect multiple enclaves or organizations participating in a complex infrastructure. CID employs a swarm of lightweight, mobile agents called Sensors designed to roam hosts throughout a security enclave to find indications of anomalies and report them to host-based Sentinels. The Sensors’ findings become pieces of a larger puzzle, which the Sentinel puts together to determine the problem and respond per policy as given by the enclave-level Sergeant agent. Horizontally across multiple enclaves and vertically within each enclave, authentication and access control technologies are necessary but insufficient authorization mechanisms to ensure that CID agents continue to fulfill their roles in a trustworthy manner. Trust management fills the gap, providing mechanisms to detect malicious agents and offering more robust mechanisms for authorization. This paper identifies the trust relationships throughout the CID hierarchy, the types of trust evidence that could be gathered, and the actions that the CID system could take if an entity is determined to be untrustworthy.

  15. Camp Smith Microgrid Controls and Cyber Security

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    ADVANCING THE POWER OF ENERGY Camp Smith Microgrid Controls and Cyber Security Darrell D. Massie, PhD, PE Aura Lee Keating, CISSP SPIDERS Industry Day - Camp Smith, HI 27 August ...

  16. Realizing Scientific Methods for Cyber Security

    SciTech Connect (OSTI)

    Carroll, Thomas E.; Manz, David O.; Edgar, Thomas W.; Greitzer, Frank L.

    2012-07-18

    There is little doubt among cyber security researchers about the lack of scientic rigor that underlies much of the liter-ature. The issues are manifold and are well documented. Further complicating the problem is insufficient scientic methods to address these issues. Cyber security melds man and machine: we inherit the challenges of computer science, sociology, psychology, and many other elds and create new ones where these elds interface. In this paper we detail a partial list of challenges imposed by rigorous science and survey how other sciences have tackled them, in the hope of applying a similar approach to cyber security science. This paper is by no means comprehensive: its purpose is to foster discussion in the community on how we can improve rigor in cyber security science.

  17. Towards A Theory of Autonomous Reconstitution of Compromised Cyber-Systems

    SciTech Connect (OSTI)

    Ramuhalli, Pradeep; Halappanavar, Mahantesh; Coble, Jamie B.; Dixit, Mukul

    2013-11-12

    The ability to maintain mission-critical operations in cyber-systems in the face of disruptions is critical. Faults in cyber systems can come from accidental sources (e.g., natural failure of a component) or deliberate sources (e.g., an intelligent adversary). Natural and intentional manipulation of data, computing, or coordination are the most impactful ways that an attacker can prevent an infrastructure from realizing its mission goals. Under these conditions, the ability to reconstitute critical infrastructure becomes important. Specifically, the question is: Given an intelligent adversary, how can cyber systems respond to keep critical infrastructure operational? In cyber systems, the distributed nature of the system poses serious difficulties in maintaining operations, in part due to the fact that a centralized command and control apparatus is unlikely to provide a robust framework for resilience. Resilience in cyber-systems, in general, has several components, and requires the ability to anticipate and withstand attacks or faults, as well as recover from faults and evolve the system to improve future resilience. The recovery effort (and any subsequent evolution) may require significant reconfiguration of the system (at all levels hardware, software, services, permissions, etc.) if the system is to be made resilient to further attack or faults. This is especially important in the case of ongoing attacks, where reconfiguration decisions must be taken with care to avoid further compromising the system while maintaining continuity of operations. Collectively, we will label this recovery and evolution process as reconstitution. Currently, reconstitution is performed manually, generally after-the-fact, and usually consists of either standing up redundant systems, check-points (rolling back the configuration to a clean state), or re-creating the system using gold-standard copies. For enterprise systems, such reconstitution may be performed either directly on hardware, or using virtual machines. A significant challenge within this context is the ability to verify that the reconstitution is performed in a manner that renders the cyber-system resilient to ongoing and future attacks or faults. Fundamentally, the need is to determine optimal configuration of the cyber system when a fault is determined to be present. While existing theories for fault tolerance (for example, Byzantine fault tolerance) can guarantee resilience under certain conditions, in practice, these theories can break down in the face of an intelligent adversary. Further, it is difficult, in a dynamically evolving environment, to determine whether the necessary conditions for resilience have been met, resulting in difficulties in achieving resilient operation. In addition, existing theories do not sufficiently take into account the cost for attack and defense (the adversary is generally assumed to have infinite resources and time), hierarchy of importance (all network resources are assumed to be equally important), and the dynamic nature of some attacks (i.e., as the attack evolves, can resilience be maintained?). Alternative approaches to resilience based on a centralized command and control structure suffer from a single-point-failure. This paper presents preliminary research towards concepts for effective autonomous reconstitution of compromised cyber systems. We describe a mathematical framework as a first step towards a theoretical basis for autonomous reconstitution in dynamic cyber-system environments. We then propose formulating autonomous reconstitution as an optimization problem and describe some of the challenges associated with this formulation. This is followed by a brief discussion on potential solutions to these challenges.

  18. Tom Harper receives cyber security award

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Harper receives cyber security award Tom Harper receives cyber security award The Charlene Douglass Memorial Award recognizes an individual's expertise, dedication, and significant contributions to information security. June 8, 2009 Los Alamos National Laboratory sits on top of a once-remote mesa in northern New Mexico with the Jemez mountains as a backdrop to research and innovation covering multi-disciplines from bioscience, sustainable energy sources, to plasma physics and new materials. Los

  19. Cyber Security Audit and Attack Detection Toolkit

    SciTech Connect (OSTI)

    Peterson, Dale

    2012-05-31

    This goal of this project was to develop cyber security audit and attack detection tools for industrial control systems (ICS). Digital Bond developed and released a tool named Bandolier that audits ICS components commonly used in the energy sector against an optimal security configuration. The Portaledge Project developed a capability for the PI Historian, the most widely used Historian in the energy sector, to aggregate security events and detect cyber attacks.

  20. Transportation Infrastructure Requirement Resources | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Infrastructure Requirement Resources Transportation Infrastructure Requirement Resources ... Establish Alternative Fuel Infrastructure. Back to Transportation Policies and Programs.

  1. Cyber

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Sandia Home Locations Contact Us Employee Locator Energy & Climate Secure & Sustainable Energy Future Stationary Power Energy Conversion Efficiency Solar Energy Wind Energy Water ...

  2. cyber

    National Nuclear Security Administration (NNSA)

    and the review of information prior to public release or posting to publicly available web sites to assure it does not contain data that would assist an adversary.

  3. Sandia National Laboratories: The Center for Cyber Defenders...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    at Sandia National Laboratories for high school and college students interested in Computer Science and Cyber Security. A typical Cyber Boot Camp lasts from 9:00am until 3pm...

  4. Lab hosts multi-lab cyber security games

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Lab hosts multi-lab cyber security games Lab hosts multi-lab cyber security games Eventide brought together cyber and IT leaders from 20 sites to develop recommendations on resources they need from the Joint Cyber Coordination Center. April 12, 2012 Los Alamos National Laboratory sits on top of a once-remote mesa in northern New Mexico with the Jemez mountains as a backdrop to research and innovation covering multi-disciplines from bioscience, sustainable energy sources, to plasma physics and

  5. Office of Cyber Security Evaluations Appraisal Process Guide...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Office of Cyber Security Evaluations Appraisal Process Guide Table of Contents April 2008 ii Table of Contents Acronyms......

  6. Information Security: Coordination of Federal Cyber Security Research and

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Development | Department of Energy Security: Coordination of Federal Cyber Security Research and Development Information Security: Coordination of Federal Cyber Security Research and Development GAO recommends that the Office of Science and Technology Policy establish timelines for developing a federal agenda for cyber security research. GAO also recommends that the Office of Management and Budget (OMB) issue guidance to agencies for providing cyber security research data to repositories. In

  7. Lessons Learned from Cyber Security Assessments of SCADA and Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Management Systems | Department of Energy Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems Results from ten cyber security vulnerability assessments of process control, SCADA, and energy management systems were reviewed to identify common problem areas. In each vulnerability category, relative measures were assigned to the severity. PDF icon Lessons Learned from Cyber

  8. Cyber Security Evaluations Appraisal Process Guide - April 2008 |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy Cyber Security Evaluations Appraisal Process Guide - April 2008 Cyber Security Evaluations Appraisal Process Guide - April 2008 April 2008 Cyber Security Evaluations Appraisal Process Guide was developed for the purpose of documenting the appraisal approach and techniques specific to evaluations of classified and unclassified cyber security programs throughout DOE. This process guide provides information about the Department of Energy's (DOE) Independent Oversight

  9. Cyber Defense Competition Draws Students to Argonne | Argonne National

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Laboratory Members of the team from Lewis University work to defend their virtual grid system from attack at the first annual Argonne Collegiate Cyber Defense Competition. Members of the team from Lewis University work to defend their virtual grid system from attack at the first annual Argonne Collegiate Cyber Defense Competition. Cyber Defense Competition Draws Students to Argonne By Greg Cunningham * April 26, 2016 Tweet EmailPrint More than 75 aspiring cyber defenders from across Illinois

  10. Energy Critical Infrastructure and Key Resources Sector-Specific Plan as

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    input to the National Infrastructure Protection Plan (Redacted) | Department of Energy Energy Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan (Redacted) Energy Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan (Redacted) The Energy Sector has developed a vision statement and six sector security goals that will be used as the framework for developing and

  11. Embracing the Cloud for Better Cyber Security

    SciTech Connect (OSTI)

    Shue, Craig A; Lagesse, Brent J

    2011-01-01

    The future of cyber security is inextricably tied to the future of computing. Organizational needs and economic factors will drive computing outcomes. Cyber security researchers and practitioners must recognize the path of computing evolution and position themselves to influence the process to incorporate security as an inherent property. The best way to predict future computing trends is to look at recent developments and their motivations. Organizations are moving towards outsourcing their data storage, computation, and even user desktop environments. This trend toward cloud computing has a direct impact on cyber security: rather than securing user machines, preventing malware access, and managing removable media, a cloud-based security scheme must focus on enabling secure communication with remote systems. This change in approach will have profound implications for cyber security research efforts. In this work, we highlight existing and emerging technologies and the limitations of cloud computing systems. We then discuss the cyber security efforts that would support these applications. Finally, we discuss the implications of these computing architecture changes, in particular with respect to malware and social engineering.

  12. Managing Critical Infrastructures C.I.M. Suite

    ScienceCinema (OSTI)

    None

    2013-05-28

    protect infrastructure during natural disasters, terrorist attacks and electrical outages. For more information about INL research, visit http://www.facebook.com/idahonationallaboratory.

  13. Analysis of Critical Infrastructure Dependencies and Interdependencies

    SciTech Connect (OSTI)

    Petit, Frederic; Verner, Duane; Brannegan, David; Buehring, William; Dickinson, David; Guziel, Karen; Haffenden, Rebecca; Phillips, Julia; Peerenboom, James

    2015-06-01

    The report begins by defining dependencies and interdependencies and exploring basic concepts of dependencies in order to facilitate a common understanding and consistent analytical approaches. Key concepts covered include; Characteristics of dependencies: upstream dependencies, internal dependencies, and downstream dependencies; Classes of dependencies: physical, cyber, geographic, and logical; and Dimensions of dependencies: operating environment, coupling and response behavior, type of failure, infrastructure characteristics, and state of operations From there, the report proposes a multi-phase roadmap to support dependency and interdependency assessment activities nationwide, identifying a range of data inputs, analysis activities, and potential products for each phase, as well as key steps needed to progress from one phase to the next. The report concludes by outlining a comprehensive, iterative, and scalable framework for analyzing dependencies and interdependencies that stakeholders can integrate into existing risk and resilience assessment efforts.

  14. Introduction to Cyber Technologies exercise environment

    Energy Science and Technology Software Center (OSTI)

    2014-12-17

    Exercise environment for Introduction to Cyber Technologies class. This software is essentially a collection of short scripts, configuration files, and small executables that form the exercise component of the Sandia Cyber Technologies Academy’s Introduction to Cyber Technologies class. It builds upon other open-source technologies, such as Debian Linux and minimega, to provide comprehensive Linux and networking exercises that make learning these topics exciting and fun. Sample exercises: a pre-built set of home directories the studentmore » must navigate through to learn about privilege escalation, the creation of a virtual network playground designed to teach the student about the resiliency of the Internet, and a two-hour Capture the Flag challenge for the final lesson. There are approximately thirty (30) exercises included for the students to complete as part of the course.« less

  15. Introduction to Cyber Technologies exercise environment

    SciTech Connect (OSTI)

    2014-12-17

    Exercise environment for Introduction to Cyber Technologies class. This software is essentially a collection of short scripts, configuration files, and small executables that form the exercise component of the Sandia Cyber Technologies Academy?s Introduction to Cyber Technologies class. It builds upon other open-source technologies, such as Debian Linux and minimega, to provide comprehensive Linux and networking exercises that make learning these topics exciting and fun. Sample exercises: a pre-built set of home directories the student must navigate through to learn about privilege escalation, the creation of a virtual network playground designed to teach the student about the resiliency of the Internet, and a two-hour Capture the Flag challenge for the final lesson. There are approximately thirty (30) exercises included for the students to complete as part of the course.

  16. Energy Sector-Specific Plan: An Annex to the National Infrastructure...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Sector-Specific Plan: An Annex to the National Infrastructure Protection Plan Energy Sector-Specific Plan: An Annex to the National Infrastructure Protection Plan In its role as ...

  17. Cyber Engineering Research Laboratory (CERL)

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Engineering Research Laboratory (CERL) - Sandia Energy Energy Search Icon Sandia Home Locations Contact Us Employee Locator Energy & Climate Secure & Sustainable Energy Future Stationary Power Energy Conversion Efficiency Solar Energy Wind Energy Water Power Supercritical CO2 Geothermal Natural Gas Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering Grid Modernization Battery Testing Nuclear Fuel Cycle Defense Waste Management

  18. Modeling and simulation for cyber-physical system security research, development and applications.

    SciTech Connect (OSTI)

    Pollock, Guylaine M.; Atkins, William Dee; Schwartz, Moses Daniel; Chavez, Adrian R.; Urrea, Jorge Mario; Pattengale, Nicholas; McDonald, Michael James; Cassidy, Regis H.; Halbgewachs, Ronald D.; Richardson, Bryan T.; Mulder, John C.

    2010-02-01

    This paper describes a new hybrid modeling and simulation architecture developed at Sandia for understanding and developing protections against and mitigations for cyber threats upon control systems. It first outlines the challenges to PCS security that can be addressed using these technologies. The paper then describes Virtual Control System Environments (VCSE) that use this approach and briefly discusses security research that Sandia has performed using VCSE. It closes with recommendations to the control systems security community for applying this valuable technology.

  19. Resilient Infrastructure | Argonne National Laboratory

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Designing Resilient Infrastructure: The Argonne Approach Designing Resilient Infrastructure: The Argonne Approach Resilient Infrastructure The Resilient Infrastructure initiative increases understanding of cascading and escalating impacts among critical infrastructure based on comprehensive analysis of upstream, internal, and downstream dependencies. The Resilient Infrastructure initiative increases understanding of cascading and escalating impacts among critical infrastructure based on

  20. Hydrogen Infrastructure Strategies

    Broader source: Energy.gov [DOE]

    Presented at Refueling Infrastructure for Alternative Fuel Vehicles: Lessons Learned for Hydrogen Conference, April 2-3, 2008, Sacramento, California

  1. Interdependence of Electricity System Infrastructure and Natural...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Interdependence of Electricity System Infrastructure and Natural Gas Infrastructure - EAC 2011 Interdependence of Electricity System Infrastructure and Natural Gas Infrastructure - ...

  2. Department of Energy Cyber Security Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2012-12-06

    Modifications correct changes to the composition of Senior DOE Management organizations, name change from DOE Cyber Incident Response Capability to Joint Cybersecurity Coordination Center and transfer of responsibility for communications security and TEMPEST to the Office of Health, Safety and Security.

  3. Foreign National Access to DOE Cyber Systems

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1999-11-01

    DOE N 205.16, dated 9-15-05, extends this Notice until 9-30-06, unless sooner rescinded. To ensure foreign national access to DOE cyber systems continues to advance DOE program objectives while enforcing information access restrictions.

  4. Department of Energy Cyber Security Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2011-05-16

    The order sets forth requirements and responsibilities for a Departmental Cyber Security Program. Cancels DOE O 205.1A, DOE M 205.1-4, DOE M 205.1-5, DOE M 205.1-6, DOE M 205.1-7 and DOE M 205.1-8

  5. Study of Security Attributes of Smart Grid Systems- Current Cyber Security Issues

    SciTech Connect (OSTI)

    Wayne F. Boyer; Scott A. McBride

    2009-04-01

    This document provides information for a report to congress on Smart Grid security as required by Section 1309 of Title XIII of the Energy Independence and Security Act of 2007. The security of any future Smart Grid is dependent on successfully addressing the cyber security issues associated with the nation’s current power grid. Smart Grid will utilize numerous legacy systems and technologies that are currently installed. Therefore, known vulnerabilities in these legacy systems must be remediated and associated risks mitigated in order to increase the security and success of the Smart Grid. The implementation of Smart Grid will include the deployment of many new technologies and multiple communication infrastructures. This report describes the main technologies that support Smart Grid and summarizes the status of implementation into the existing U.S. electrical infrastructure.

  6. Quantifying Availability in SCADA Environments Using the Cyber Security Metric MFC

    SciTech Connect (OSTI)

    Aissa, Anis Ben; Rabai, Latifa Ben Arfa; Abercrombie, Robert K; Sheldon, Frederick T; Mili, Ali

    2014-01-01

    Supervisory Control and Data Acquisition (SCADA) systems are distributed networks dispersed over large geographic areas that aim to monitor and control industrial processes from remote areas and/or a centralized location. They are used in the management of critical infrastructures such as electric power generation, transmission and distribution, water and sewage, manufacturing/industrial manufacturing as well as oil and gas production. The availability of SCADA systems is tantamount to assuring safety, security and profitability. SCADA systems are the backbone of the national cyber-physical critical infrastructure. Herein, we explore the definition and quantification of an econometric measure of availability, as it applies to SCADA systems; our metric is a specialization of the generic measure of mean failure cost.

  7. Facilities and Infrastructure | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Facilities and Infrastructure Facilities and Infrastructure Program Offices and Headquarters elements share the responsibility for management and overall stewardship of the Department's real property assets. Proper management and stewardship ensures real property assets are maintained in a manner that promotes operational readiness, safety, environmental protection, property preservation, and life-cycle cost-effectiveness while meeting the Department's missions. DOE Order 430.1B "Real

  8. Mathematical and Statistical Opportunities in Cyber Security (Technical

    Office of Scientific and Technical Information (OSTI)

    Report) | SciTech Connect Mathematical and Statistical Opportunities in Cyber Security Citation Details In-Document Search Title: Mathematical and Statistical Opportunities in Cyber Security The role of mathematics in a complex system such as the Internet has yet to be deeply explored. In this paper, we summarize some of the important and pressing problems in cyber security from the viewpoint of open science environments. We start by posing the question 'What fundamental problems exist

  9. The Department's Cyber Security Incident Management Program, IG-0787 |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy The Department's Cyber Security Incident Management Program, IG-0787 The Department's Cyber Security Incident Management Program, IG-0787 The Department of Energy operates numerous interconnected computer networks and systems to help accon~plishit s strategic missions in the areas of energy, defense, science, and the environment. These systems are frequently subjected to sophisticated cyber attacks that could potentially affect the Department's ability to carry out its

  10. The NIAC Convergence of Physical and Cyber Technbologies and Related

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Security Management Challenges Working Group Final Report and Recommendations | Department of Energy The NIAC Convergence of Physical and Cyber Technbologies and Related Security Management Challenges Working Group Final Report and Recommendations The NIAC Convergence of Physical and Cyber Technbologies and Related Security Management Challenges Working Group Final Report and Recommendations The NIAC convened the Physical/Cyber Convergence Working Group (CWG), in October 2005, to investigate

  11. OCIO Technology Summit: Cyber Innovation | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Cyber Innovation OCIO Technology Summit: Cyber Innovation November 26, 2013 - 4:52pm Addthis OCIO Technology Summit: Cyber Innovation Robert G. Green Robert G. Green Principal Deputy CIO for Enterprise Information Resources Management | Deputy CIO for Architecture Engineering, Technology & Innovation (Acting) Many people are aware of Energy's mission and how our Laboratories contribute to the Nation's economic prosperity and security through scientific discovery. Our transformative advances

  12. Safeguards and Security and Cyber Security RM | Department of Energy

    Energy Savers [EERE]

    Safeguards and Security and Cyber Security RM Safeguards and Security and Cyber Security RM The SSCS RM is a tool that assists the DOE federal project review teams in evaluating the technical sufficiency of the project SSCS activities at CD-0 through CD-4. PDF icon Safeguards and Security and Cyber Security RM More Documents & Publications Safeguards and Security Program, acronyms and abbereviations - DOE M 470.4-7 Safeguards and Security Glossary - DOE M 470.4-7 References, Canceled -7

  13. 7 Key Challenges for Visualization in Cyber Network Defense

    SciTech Connect (OSTI)

    Best, Daniel M.; Endert, Alexander; Kidwell, Dan

    2014-12-02

    In this paper we present seven challenges, informed by two user studies, to be considered when developing a visualization for cyber security purposes. Cyber security visualizations must go beyond isolated solutions and pretty picture visualizations in order to make impact to users. We provide an example prototype that addresses the challenges with a description of how they are met. Our aim is to assist in increasing utility and adoption rates for visualization capabilities in cyber security.

  14. Toward Developing Genetic Algorithms to Aid in Critical Infrastructure Modeling

    SciTech Connect (OSTI)

    Not Available

    2007-05-01

    Todays society relies upon an array of complex national and international infrastructure networks such as transportation, telecommunication, financial and energy. Understanding these interdependencies is necessary in order to protect our critical infrastructure. The Critical Infrastructure Modeling System, CIMS, examines the interrelationships between infrastructure networks. CIMS development is sponsored by the National Security Division at the Idaho National Laboratory (INL) in its ongoing mission for providing critical infrastructure protection and preparedness. A genetic algorithm (GA) is an optimization technique based on Darwins theory of evolution. A GA can be coupled with CIMS to search for optimum ways to protect infrastructure assets. This includes identifying optimum assets to enforce or protect, testing the addition of or change to infrastructure before implementation, or finding the optimum response to an emergency for response planning. This paper describes the addition of a GA to infrastructure modeling for infrastructure planning. It first introduces the CIMS infrastructure modeling software used as the modeling engine to support the GA. Next, the GA techniques and parameters are defined. Then a test scenario illustrates the integration with CIMS and the preliminary results.

  15. Picture of the Week: Cyber-imaging the cosmos

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    5 Cyber-imaging the cosmos A team of astrophysicists and computer scientists, including Los Alamos National Laboratory researchers, completed the first-ever complete...

  16. U.S. Department of Energy Cyber Strategy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    CYBER STRATEGY | 1 U.S. DEPARTMENT OF ENERGY CYBER STRATEGY DOE CYBER STRATEGY | 2 TABLE OF CONTENTS Message from the Deputy Secretary Message from the CIO Introduction Vision Principles Strategic Goals and Objectives The Way Forward Appendix: Applicable Mandates p. 3 p. 4 p. 5 p. 7 p. 8 p. 9 p. 15 p. 16 DOE CYBER STRATEGY | 3 Across the Department of Energy, our diverse missions are enabled by digital technolo- gies. We rely on these technologies to gather, share, store, and use information.

  17. Cyber-Physical Modeling and Simulation for Situational Awareness...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    technology based on "deep packet inspection" to assess ... Electrical and Computer Engineering * Cyber Technology and ... Company * Virgin Islands Water and Power Authority * ...

  18. The NIAC Convergence of Physical and Cyber Technbologies and...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    The NIAC Convergence of Physical and Cyber Technbologies and Related Security Management Challenges Working Group Final Report and Recommendations The NIAC Convergence of Physical ...

  19. The NIAC Convergence of Physical and Cyber Technbologies and...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    of physical and cyber technologies for Supervisory Control and Data Acquisition (SCADA) and process control systems and their consolidated network management. The Working...

  20. Fact Sheet: Cyber Security Audit and Attack Detection Toolkit

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    SEM, and transform this information into meta events that the enterprise SEM can detect. ... security events from data and develop meta events that will be detected as cyber ...

  1. Office of Electricity Delivery and Energy Reliability Cyber Security...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Office of Electricity Delivery and Energy Reliability Cyber Security Project Selections On September 23, 2010, speaking at the inaugural GridWise Global Forum, U.S. Energy ...

  2. Continuous Monitoring And Cyber Security For High Performance...

    Office of Scientific and Technical Information (OSTI)

    Continuous Monitoring And Cyber Security For High Performance Computing Malin, Alex B. Los Alamos National Laboratory; Van Heule, Graham K. Los Alamos National Laboratory...

  3. Cyber Security Procurement Language for Control Systems Version...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Procurement Language for Control Systems Version 1.8 Cyber Security Procurement Language for Control Systems Version 1.8 Supervisory Control and Data Acquisition (SCADA), Process ...

  4. Transmission Infrastructure Program

    Energy Savers [EERE]

    TRANSMISSION INFRASTRUCTURE PROGRAM DOE Tribal Energy Summit 2015 SECRETARYOF ENERGY'S FINANCING ROUNDTABLE Tracey A. LeBeau Senior Vice President & Transmission Infrastructure Program Manager 1 Program Description Western's Loan Authority * $3.25 billion permanent authority (revolving) * Goal: Attract investment in infrastructure & address market needs * Commercial underwriting standards TIP Portfolio Management Fundamentals * Reflective of Market Need(s) * Ensure Funds Revolve 2 Recent

  5. Resilient Electric Infrastructures

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Solar Energy Wind Energy Water Power Supercritical CO2 Geothermal Natural Gas Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering ...

  6. "smart water" infrastructure

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    smart water" infrastructure - Sandia Energy Energy Search Icon Sandia Home Locations ... Energy Conversion Efficiency Solar Energy Wind Energy Water Power Supercritical CO2 ...

  7. Infrastructure Impacts | NISAC

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    content top National Population, Economic, and Infrastructure Impacts of Pandemic Influenza with Strategic Recommendations Posted by Admin on Mar 2, 2012 in | Comments 0...

  8. Hydrogen Transition Infrastructure Analysis

    SciTech Connect (OSTI)

    Melendez, M.; Milbrandt, A.

    2005-05-01

    Presentation for the 2005 U.S. Department of Energy Hydrogen Program review analyzes the hydrogen infrastructure needed to accommodate a transitional hydrogen fuel cell vehicle demand.

  9. UVI Cyber-security Workshop Workshop Analysis.

    SciTech Connect (OSTI)

    Kuykendall, Tommie G.; Allsop, Jacob Lee; Anderson, Benjamin Robert; Boumedine, Marc; Carter, Cedric; Galvin, Seanmichael Yurko; Gonzalez, Oscar; Lee, Wellington K.; Lin, Han Wei; Morris, Tyler Jake; Nauer, Kevin S.; Potts, Beth A.; Ta, Kim Thanh; Trasti, Jennifer; White, David R.

    2015-07-08

    The cybersecurity consortium, which was established by DOE/NNSA’s Minority Serving Institutions Partnerships Program (MSIPP), allows students from any of the partner schools (13 HBCUs, two national laboratories, and a public school district) to have all consortia options available to them, to create career paths and to open doors to DOE sites and facilities to student members of the consortium. As a part of this year consortium activities, Sandia National Laboratories and the University of Virgin Islands conducted a week long cyber workshop that consisted of three courses; Digital Forensics and Malware Analysis, Python Programming, and ThunderBird Cup. These courses are designed to enhance cyber defense skills and promote learning within STEM related fields.

  10. Shopping For Danger: E-commerce techniques applied to collaboration in cyber security

    SciTech Connect (OSTI)

    Bruce, Joseph R.; Fink, Glenn A.

    2012-05-24

    Collaboration among cyber security analysts is essential to a successful protection strategy on the Internet today, but it is uncommonly practiced or encouraged in operating environments. Barriers to productive collaboration often include data sensitivity, time and effort to communicate, institutional policy, and protection of domain knowledge. We propose an ambient collaboration framework, Vulcan, designed to remove the barriers of time and effort and mitigate the others. Vulcan automated data collection, collaborative filtering, and asynchronous dissemination, eliminating the effort implied by explicit collaboration among peers. We instrumented two analytic applications and performed a mock analysis session to build a dataset and test the output of the system.

  11. Towards Efficient Collaboration in Cyber Security

    SciTech Connect (OSTI)

    Hui, Peter SY; Bruce, Joseph R.; Fink, Glenn A.; Gregory, Michelle L.; Best, Daniel M.; McGrath, Liam R.; Endert, Alexander

    2010-06-03

    Cyber security analysts in different geographical and organizational domains are often largely tasked with similar duties, albeit with domain-specific variations. These analysts necessarily perform much of the same work independently for instance, analyzing the same list of security bulletins released by largely the same set of software vendors. As such, communication and collaboration between such analysts would be mutually beneficial to the analysts involved, potentially reducing redundancy and offering the opportunity to preemptively alert each other to high-severity security alerts in a more timely fashion. However, several barriers to practical and efficient collaboration exist, and as such, no such framework exists to support such efforts. In this paper, we discuss the inherent difficulties which make efficient collaboration between cyber security analysts a difficult goal to achieve. We discuss preliminary ideas and concepts towards a collaborative cyber-security framework currently under development, whose goal is to facilitate analyst collaboration across these boundaries. While still in its early stages, we describe work-in-progress towards achieving this goal, including motivation, functionality, concepts, and a high-level description of the proposed system architecture.

  12. Infrastructure Institutional Change Principle

    Broader source: Energy.gov [DOE]

    Research shows that changes in infrastructure prompt changes in behavior (for better or worse). Federal agencies can modify their infrastructure to promote sustainability-oriented behavior change, ideally in ways that make new behaviors easier and more desirable to follow than existing patterns of behavior.

  13. Deception used for Cyber Defense of Control Systems

    SciTech Connect (OSTI)

    Wayne F. Boyer; Miles A. McQueen

    2009-05-01

    Control system cyber security defense mechanisms may employ deception to make it more difficult for attackers to plan and execute successful attacks. These deceptive defense mechanisms are organized and initially explored according to a specific deception taxonomy and the seven abstract dimensions of security previously proposed as a framework for the cyber security of control systems.

  14. Moving Forward in Protecting the Nation’s Electric Grid

    Broader source: Energy.gov [DOE]

    Over the past week, the Energy Department has unveiled several new measures, including funding, newly-commercialized technology, and practical guidance, that will further strengthen the cybersecurity of the nation’s energy infrastructure. Vice President Biden announced yesterday that the Energy Department will provide a $25 million grant over the next five years to bring together 13 historically black colleges and universities (HBCUs), two national labs, and the Charleston County School District in South Carolina to create a sustainable pipeline of students focused on cybersecurity. Today, our national laboratory in Oak Ridge, Tennessee announced licensing of its Hyperion software, which helps detect software that has been maliciously altered, to a company that plans to make it available to the energy sector later this month. Meanwhile, late last week, the Office of Electricity Delivery and Energy Reliability (OE) released guidance to help the energy sector meet the objectives of the cybersecurity framework released last year by the National Institutes of Standards and Technology in response to Executive Order 13636 “Improving Critical Infrastructure Cybersecurity.” These important steps are the latest signs of progress being made in protecting the nation’s power grid from cyber threats.

  15. Thermal Spray Coatings for Coastal Infrastructure

    SciTech Connect (OSTI)

    Holcomb, G.R.; Covino, BernardS. Jr.; Cramer, S.D.; Bullard, S.J.

    1997-11-01

    Several protection strategies for coastal infrastructure using thermal-spray technology are presented from research at the Albany Research Center. Thermal-sprayed zinc coatings for anodes in impressed current cathodic protection systems are used to extend the service lives of reinforced concrete bridges along the Oregon coast. Thermal-sprayed Ti is examined as an alternative to the consumable zinc anode. Sealed thermal-sprayed Al is examined as an alternative coating to zinc dust filled polyurethane paint for steel structures.

  16. PNNL Electricity Infrastructure Operations Center | Open Energy...

    Open Energy Info (EERE)

    Electricity Infrastructure Operations Center Jump to: navigation, search Logo: Electricity Infrastructure Operations Center Name Electricity Infrastructure Operations Center...

  17. PNNL Electricity Infrastructure Operations Center | Open Energy...

    Open Energy Info (EERE)

    PNNL Electricity Infrastructure Operations Center (Redirected from Electricity Infrastructure Operations Center) Jump to: navigation, search Logo: Electricity Infrastructure...

  18. IPHE Infrastructure Workshop Proceedings

    SciTech Connect (OSTI)

    2010-02-01

    This proceedings contains information from the IPHE Infrastructure Workshop, a two-day interactive workshop held on February 25-26, 2010, to explore the market implementation needs for hydrogen fueling station development.

  19. Modernizing Infrastructure Permitting

    Broader source: Energy.gov [DOE]

    On May 14, 2014, the Obama Administration released a comprehensive plan to accelerate and expand Federal infrastructure permitting reform government-wide. The Office of Electricity Delivery and Energy Reliability is actively engaged in this process for transmission development.

  20. Critical Infrastructure Modeling System

    Energy Science and Technology Software Center (OSTI)

    2004-10-01

    The Critical Infrastructure Modeling System (CIMS) is a 3D modeling and simulation environment designed to assist users in the analysis of dependencies within individual infrastructure and also interdependencies between multiple infrastructures. Through visual cuing and textual displays, a use can evaluate the effect of system perturbation and identify the emergent patterns that evolve. These patterns include possible outage areas from a loss of power, denial of service or access, and disruption of operations. Method ofmore » Solution: CIMS allows the user to model a system, create an overlay of information, and create 3D representative images to illustrate key infrastructure elements. A geo-referenced scene, satellite, aerial images or technical drawings can be incorporated into the scene. Scenarios of events can be scripted, and the user can also interact during run time to alter system characteristics. CIMS operates as a discrete event simulation engine feeding a 3D visualization.« less

  1. IPHE Infrastructure Workshop Proceedings

    Fuel Cell Technologies Publication and Product Library (EERE)

    This proceedings contains information from the IPHE Infrastructure Workshop, a two-day interactive workshop held on February 25-26, 2010, to explore the market implementation needs for hydrogen fuelin

  2. Infrastructure Security Executive Summary

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Executive Summary Energy, Climate, and Infrastructure Executive Summary / 3 Message from the VP Rick Stulen, Vice President Energy, Climate, & Infrastructure Security SMU Access to reliable, affordable, and sustainable sources of energy is essential for all modern economies. Since the late 1950s, we Americans have not been energy self-sufficient. Our addiction to foreign oil and fossil fuels puts our economy, our environment, and ultimately our national security at risk. Furthermore, there

  3. Infrastructure Development and Financial Analysis

    Broader source: Energy.gov [DOE]

    Infrastructure Development and Financial Analysis quantifies the total costs of scenarios for developing the hydrogen infrastructure, including production, delivery, and utilization. By combining...

  4. MFC Communications Infrastructure Study

    SciTech Connect (OSTI)

    Michael Cannon; Terry Barney; Gary Cook; George Danklefsen, Jr.; Paul Fairbourn; Susan Gihring; Lisa Stearns

    2012-01-01

    Unprecedented growth of required telecommunications services and telecommunications applications change the way the INL does business today. High speed connectivity compiled with a high demand for telephony and network services requires a robust communications infrastructure.   The current state of the MFC communication infrastructure limits growth opportunities of current and future communication infrastructure services. This limitation is largely due to equipment capacity issues, aging cabling infrastructure (external/internal fiber and copper cable) and inadequate space for telecommunication equipment. While some communication infrastructure improvements have been implemented over time projects, it has been completed without a clear overall plan and technology standard.   This document identifies critical deficiencies with the current state of the communication infrastructure in operation at the MFC facilities and provides an analysis to identify needs and deficiencies to be addressed in order to achieve target architectural standards as defined in STD-170. The intent of STD-170 is to provide a robust, flexible, long-term solution to make communications capabilities align with the INL mission and fit the various programmatic growth and expansion needs.

  5. Fact Sheet: Protecting Intelligent Distributed Power Grids Against Cyber Attacks

    Energy Savers [EERE]

    Energy Multilateral Solar and Wind Working Group Fact Sheet: Multilateral Solar and Wind Working Group A fact sheet detailling the development of a Multilateral Solar and Wind Working Group to promote accelerated deployment of solar and wind technologies by implementing recommendations from the MEF Technology Action Plan on Solar and Wind Technologies that was released by the Major Economies Forum Global Partnership in December 2009. The Multilateral Solar and Wind Working Group will focus

  6. CyberGIS software: a synthetic review and integration roadmap

    SciTech Connect (OSTI)

    Wang, Shaowen; Anselin, Luc; Bhaduri, Budhendra L; Cosby, Christopher; Goodchild, Michael; Liu, Yan; Nygers, Timothy L.

    2013-01-01

    CyberGIS defined as cyberinfrastructure-based geographic information systems (GIS) has emerged as a new generation of GIS representing an important research direction for both cyberinfrastructure and geographic information science. This study introduces a 5-year effort funded by the US National Science Foundation to advance the science and applications of CyberGIS, particularly for enabling the analysis of big spatial data, computationally intensive spatial analysis and modeling (SAM), and collaborative geospatial problem-solving and decision-making, simultaneously conducted by a large number of users. Several fundamental research questions are raised and addressed while a set of CyberGIS challenges and opportunities are identified from scientific perspectives. The study reviews several key CyberGIS software tools that are used to elucidate a vision and roadmap for CyberGIS software research. The roadmap focuses on software integration and synthesis of cyberinfrastructure, GIS, and SAM by defining several key integration dimensions and strategies. CyberGIS, based on this holistic integration roadmap, exhibits the following key characteristics: high-performance and scalable, open and distributed, collaborative, service-oriented, user-centric, and community-driven. As a major result of the roadmap, two key CyberGIS modalities gateway and toolkit combined with a community-driven and participatory approach have laid a solid foundation to achieve scientific breakthroughs across many geospatial communities that would be otherwise impossible.

  7. Primer Control System Cyber Security Framework and Technical Metrics

    SciTech Connect (OSTI)

    Wayne F. Boyer; Miles A. McQueen

    2008-05-01

    The Department of Homeland Security National Cyber Security Division supported development of a control system cyber security framework and a set of technical metrics to aid owner-operators in tracking control systems security. The framework defines seven relevant cyber security dimensions and provides the foundation for thinking about control system security. Based on the developed security framework, a set of ten technical metrics are recommended that allow control systems owner-operators to track improvements or degradations in their individual control systems security posture.

  8. LNG infrastructure and equipment

    SciTech Connect (OSTI)

    Forgash, D.J.

    1995-12-31

    Sound engineering principals have been used by every company involved in the development of the LNG infrastructure, but there is very little that is new. The same cryogenic technology that is used in the manufacture and sale of nitrogen, argon, and oxygen infrastructure is used in LNG infrastructure. The key component of the refueling infrastructure is the LNG tank which should have a capacity of at least 15,000 gallons. These stainless steel tanks are actually a tank within a tank separated by an annular space that is void of air creating a vacuum between the inner and outer tank where superinsulation is applied. Dispensing can be accomplished by pressure or pump. Either works well and has been demonstrated in the field. Until work is complete on NFPA 57 or The Texas Railroad Commission Rules for LNG are complete, the industry is setting the standards for the safe installation of refueling infrastructure. As a new industry, the safety record to date has been outstanding.

  9. Smart Power Infrastructure Demonstration for Energy Reliability...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Cyber Experimentation Overview Brief Mr. Ross Roley PACOM Energy Innovation Office Lead SPIDERS Operational Manager August 2015 UNCLASSIFIEDDistribution A SPIDERS Summary The ...

  10. PSERC Webinar Series: Issues in Designing the Future Grid - Cyber...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    PSERC Webinar Series: Issues in Designing the Future Grid - Cyber-Physical Systems Security for the Smart Grid - February 7, 2012 PSERC is offering a free, public webinar series ...

  11. Towards A Network-of-Networks Framework for Cyber Security

    SciTech Connect (OSTI)

    Halappanavar, Mahantesh; Choudhury, Sutanay; Hogan, Emilie A.; Hui, Peter SY; Johnson, John R.; Ray, Indrajit; Holder, Lawrence B.

    2013-06-07

    Networks-of-networks (NoN) is a graph-theoretic model of interdependent networks that have distinct dynamics at each network (layer). By adding special edges to represent relationships between nodes in different layers, NoN provides a unified mechanism to study interdependent systems intertwined in a complex relationship. While NoN based models have been proposed for cyber-physical systems, in this paper we build towards a three-layer NoN model for an enterprise cyber system. Each layer captures a different facet of a cyber system. We then discuss the potential benefits of graph-theoretic analysis enabled from such a model. Our goal is to provide a novel and powerful tool for modeling and analyzing problems in cyber security.

  12. Hybrid Multi-Layer Network Control for Emerging Cyber-Infrastructures

    SciTech Connect (OSTI)

    Summerhill, Richard

    2009-08-14

    There were four basic task areas identified for the Hybrid-MLN project. They are: o Multi-Layer, Multi-Domain, Control Plane Architecture and Implementation, o Heterogeneous DataPlane Testing, o Simulation, o Project Publications, Reports, and Presentations.

  13. The Department's Unclassified Cyber Security Program - 2012, IG-0877

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Evaluation Report The Department's Unclassified Cyber Security Program - 2012 DOE/IG-0877 November 2012 U.S. Department of Energy Office of Inspector General Office of Audits & Inspections Department of Energy Washington, DC 20585 November 8, 2012 MEMORANDUM FOR THE SECRETARY FROM: Gregory H. Friedman Inspector General SUBJECT: INFORMATION: Evaluation Report on "The Department's Unclassified Cyber Security Program - 2012" INTRODUCTION AND OBJECTIVE As the use of information

  14. Transmission and Distribution World March 2007: DOE Focuses on Cyber

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Security | Department of Energy Transmission and Distribution World March 2007: DOE Focuses on Cyber Security Transmission and Distribution World March 2007: DOE Focuses on Cyber Security Energy sector owners, operators and system vendors team up to boost control system security with national SCADA test bed. PDF icon Energy Secrtor Owners, operators and system vendors team up to boost control system security with national SCADA test bed More Documents & Publications ABB and Energy

  15. The Department's Unclassified Cyber Security Program 2002, IG-0567

    Energy Savers [EERE]

    DEPARTMENT'S UNCLASSIFIED CYBER SECURITY PROGRAM 2002 SEPTEMBER 2002 Department of Energy Washington, DC 20585 September 9, 2002 MEMORANDUM FOR FROM: Inspector General SUBJECT: INFORMATION: Evaluation Report on "The Department's Unclassified Cyber Security Program 2002" As agencies strive to meet the President's goal of significantly increasing electronic government, the potential for disruption or damage to critical systems by malicious users continues to increase. In response to

  16. Department of Energy's July 2013 Cyber Security Breach

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Special Report The Department of Energy's July 2013 Cyber Security Breach DOE/IG-0900 December 2013 U.S. Department of Energy Office of Inspector General Office of Audits and Inspections Department of Energy Washington, DC 20585 December 6, 2013 MEMORANDUM FOR THE SECRETARY FROM: Gregory H. Friedman Inspector General SUBJECT: INFORMATION: Special Review of the "Department of Energy's July 2013 Cyber Security Breach" BACKGROUND To facilitate its administrative and operational needs, the

  17. Evaluation Report on The Department's Unclassified Cyber Security Program

    Energy Savers [EERE]

    2002, DOE/IG-0567 | Department of Energy Report on The Department's Unclassified Cyber Security Program 2002, DOE/IG-0567 Evaluation Report on The Department's Unclassified Cyber Security Program 2002, DOE/IG-0567 As agencies strive to meet the President's goal of significantly increasing electronic government, the potential for disruption or damage to critical systems by malicious users continues to increase. In response to increasing threats to the Government's computer networks and

  18. Good Things in Small Packages: Micro Worlds and Cyber Security

    SciTech Connect (OSTI)

    David I Gertman

    2013-11-01

    Cyber events, as perpetrated by terrorists and nation states, have become commonplace as evidenced in national and international news media. Cyber attacks affect day-to-day activities of end users through exploitation of social networks, businesses such as banking and stock exchanges, and government entities including Departments of Defense. They are becoming more frequent and sophisticated. Currently, efforts are directed to understanding the methods employed by attackers and towards dissecting the planning and activities of the perpetrator, including review of psychosocial factors.

  19. Continuous Monitoring And Cyber Security For High Performance Computing

    Office of Scientific and Technical Information (OSTI)

    (Conference) | SciTech Connect Conference: Continuous Monitoring And Cyber Security For High Performance Computing Citation Details In-Document Search Title: Continuous Monitoring And Cyber Security For High Performance Computing Authors: Malin, Alex B. [1] ; Van Heule, Graham K. [1] + Show Author Affiliations Los Alamos National Laboratory Publication Date: 2013-08-02 OSTI Identifier: 1089452 Report Number(s): LA-UR-13-21921 DOE Contract Number: AC52-06NA25396 Resource Type: Conference

  20. Cyber Power Group Ltd aka Fine Silicon Co Ltd | Open Energy Informatio...

    Open Energy Info (EERE)

    Cyber Power Group Ltd aka Fine Silicon Co Ltd Jump to: navigation, search Name: Cyber Power Group Ltd (aka Fine Silicon Co Ltd) Place: Baoding, Hebei Province, China Product:...

  1. Safeguards and Security and Cyber Security RM

    Office of Environmental Management (EM)

    ... Protection strategies requirements are defined in the 470 series of DOE Directives. Physical Protection This review area focuses on the development and implementation of physical ...

  2. Green Infrastructure for Arid Communities

    Broader source: Energy.gov [DOE]

    On March 24, 2015, from 1:00pm – 2:30pm EDT, EPA's Green Infrastructure Program will launch our 2015 Webcast Series with the webinar Green Infrastructure for Arid Communities. This webinar aims to...

  3. E15 and Infrastructure

    Alternative Fuels and Advanced Vehicles Data Center [Office of Energy Efficiency and Renewable Energy (EERE)]

    E15 and Infrastructure K. Moriarty National Renewable Energy Laboratory J. Yanowitz Ecoengineering, Inc. Produced under direction of Renewable Fuels Association by the National Renewable Energy Laboratory (NREL) under Technical Services Agreement No. TSA 14-665 and Task No. WTJZ.1000. Strategic Partnership Project Report NREL/TP-5400-64156 May 2015 NREL is a national laboratory of the U.S. Department of Energy Office of Energy Efficiency & Renewable Energy Operated by the Alliance for

  4. Using Operational Security (OPSEC) to Support a Cyber Security Culture in

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Control Systems Environments | Department of Energy Using Operational Security (OPSEC) to Support a Cyber Security Culture in Control Systems Environments Using Operational Security (OPSEC) to Support a Cyber Security Culture in Control Systems Environments This document reviews several key operational cyber security elements that are important for control systems and industrial networks and how those elements can drive the creation of a cyber security-sensitive culture. PDF icon Using

  5. Cyber Security Challenges in Using Cloud Computing in the Electric Utility Industry

    SciTech Connect (OSTI)

    Akyol, Bora A.

    2012-09-01

    This document contains introductory material that discusses cyber security challenges in using cloud computing in the electric utility industry.

  6. Critical Infrastructure Modeling: An Approach to Characterizing Interdependencies of Complex Networks & Control Systems

    SciTech Connect (OSTI)

    Stuart Walsh; Shane Cherry; Lyle Roybal

    2009-05-01

    Critical infrastructure control systems face many challenges entering the 21st century, including natural disasters, cyber attacks, and terrorist attacks. Revolutionary change is required to solve many existing issues, including gaining greater situational awareness and resiliency through embedding modeling and advanced control algorithms in smart sensors and control devices instead of in a central controller. To support design, testing, and component analysis, a flexible simulation and modeling capability is needed. Researchers at Idaho National Laboratory are developing and evaluating such a capability through their CIPRsim modeling and simulation framework.

  7. Energy Department Announces New Investments of Over $30 Million to Better

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Protect the Nation's Critical Infrastructure from Cyber Attack | Department of Energy of Over $30 Million to Better Protect the Nation's Critical Infrastructure from Cyber Attack Energy Department Announces New Investments of Over $30 Million to Better Protect the Nation's Critical Infrastructure from Cyber Attack September 19, 2013 - 11:47am Addthis NEWS MEDIA CONTACT (202) 586-4940 WASHINGTON - Energy Secretary Ernest Moniz today announced awards totaling approximately $30 million for the

  8. Nuclear hybrid energy infrastructure

    SciTech Connect (OSTI)

    Agarwal, Vivek; Tawfik, Magdy S.

    2015-02-01

    The nuclear hybrid energy concept is becoming a reality for the US energy infrastructure where combinations of the various potential energy sources (nuclear, wind, solar, biomass, and so on) are integrated in a hybrid energy system. This paper focuses on challenges facing a hybrid system with a Small Modular Reactor at its core. The core of the paper will discuss efforts required to develop supervisory control center that collects data, supports decision-making, and serves as an information hub for supervisory control center. Such a center will also be a model for integrating future technologies and controls. In addition, advanced operations research, thermal cycle analysis, energy conversion analysis, control engineering, and human factors engineering will be part of the supervisory control center. Nuclear hybrid energy infrastructure would allow operators to optimize the cost of energy production by providing appropriate means of integrating different energy sources. The data needs to be stored, processed, analyzed, trended, and projected at right time to right operator to integrate different energy sources.

  9. Hydrogen Fueling Infrastructure Research and Station Technology...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Infrastructure Research and Station Technology Webinar Slides Hydrogen Fueling ... Office webinar "An Overview of the Hydrogen Fueling Infrastructure Research and ...

  10. Webinar: International Hydrogen Infrastructure Challenges Workshop...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    International Hydrogen Infrastructure Challenges Workshop Summary - NOW, NEDO, and DOE Webinar: International Hydrogen Infrastructure Challenges Workshop Summary - NOW, NEDO, and ...

  11. Presidential Proclamation: Critical Infrastructure Security and...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Presidential Proclamation: Critical Infrastructure Security and Resilience Month, 2013 Presidential Proclamation: Critical Infrastructure Security and Resilience Month, 2013 A ...

  12. Microsoft Word - Critical Infrastructure Security and Resilience...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Proclamation -- Critical Infrastructure Security and Resilience Month, 2013 CRITICAL INFRASTRUCTURE SECURITY AND RESILIENCE MONTH, 2013 - - - - - - - BY THE PRESIDENT OF THE ...

  13. International Hydrogen Infrastructure Challenges Workshop Summary...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    International Hydrogen Infrastructure Challenges Workshop Summary - NOW, NEDO, and DOE International Hydrogen Infrastructure Challenges Workshop Summary - NOW, NEDO, and DOE ...

  14. Kerala Industrial Infrastructure Development Corporation Kinfra...

    Open Energy Info (EERE)

    Kerala Industrial Infrastructure Development Corporation Kinfra Jump to: navigation, search Name: Kerala Industrial Infrastructure Development Corporation (Kinfra) Place:...

  15. Addressing Deferred Maintenance, Infrastructure Costs, and Excess...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Addressing Deferred Maintenance, Infrastructure Costs, and Excess Facilities at Portsmouth and Paducah Addressing Deferred Maintenance, Infrastructure Costs, and Excess Facilities ...

  16. Africa's Transport Infrastructure Mainstreaming Maintenance and...

    Open Energy Info (EERE)

    Transport Infrastructure Mainstreaming Maintenance and Management Jump to: navigation, search Tool Summary LAUNCH TOOL Name: Africa's Transport Infrastructure Mainstreaming...

  17. California Hydrogen Infrastructure Project | Open Energy Information

    Open Energy Info (EERE)

    Hydrogen Infrastructure Project Jump to: navigation, search Name: California Hydrogen Infrastructure Project Place: California Sector: Hydro, Hydrogen Product: String...

  18. Human dimensions in cyber operations research and development priorities.

    SciTech Connect (OSTI)

    Forsythe, James Chris; Silva, Austin Ray; Stevens-Adams, Susan Marie; Bradshaw, Jeffrey

    2012-11-01

    Within cyber security, the human element represents one of the greatest untapped opportunities for increasing the effectiveness of network defenses. However, there has been little research to understand the human dimension in cyber operations. To better understand the needs and priorities for research and development to address these issues, a workshop was conducted August 28-29, 2012 in Washington DC. A synthesis was developed that captured the key issues and associated research questions. Research and development needs were identified that fell into three parallel paths: (1) human factors analysis and scientific studies to establish foundational knowledge concerning factors underlying the performance of cyber defenders; (2) development of models that capture key processes that mediate interactions between defenders, users, adversaries and the public; and (3) development of a multi-purpose test environment for conducting controlled experiments that enables systems and human performance measurement. These research and development investments would transform cyber operations from an art to a science, enabling systems solutions to be engineered to address a range of situations. Organizations would be able to move beyond the current state where key decisions (e.g. personnel assignment) are made on a largely ad hoc basis to a state in which there exist institutionalized processes for assuring the right people are doing the right jobs in the right way. These developments lay the groundwork for emergence of a professional class of cyber defenders with defined roles and career progressions, with higher levels of personnel commitment and retention. Finally, the operational impact would be evident in improved performance, accompanied by a shift to a more proactive response in which defenders have the capacity to exert greater control over the cyber battlespace.

  19. California Hydrogen Infrastructure Project

    SciTech Connect (OSTI)

    Edward C. Heydorn

    2013-03-12

    Air Products and Chemicals, Inc. has completed a comprehensive, multiyear project to demonstrate a hydrogen infrastructure in California. The specific primary objective of the project was to demonstrate a model of a “real-world” retail hydrogen infrastructure and acquire sufficient data within the project to assess the feasibility of achieving the nation’s hydrogen infrastructure goals. The project helped to advance hydrogen station technology, including the vehicle-to-station fueling interface, through consumer experiences and feedback. By encompassing a variety of fuel cell vehicles, customer profiles and fueling experiences, this project was able to obtain a complete portrait of real market needs. The project also opened its stations to other qualified vehicle providers at the appropriate time to promote widespread use and gain even broader public understanding of a hydrogen infrastructure. The project engaged major energy companies to provide a fueling experience similar to traditional gasoline station sites to foster public acceptance of hydrogen. Work over the course of the project was focused in multiple areas. With respect to the equipment needed, technical design specifications (including both safety and operational considerations) were written, reviewed, and finalized. After finalizing individual equipment designs, complete station designs were started including process flow diagrams and systems safety reviews. Material quotes were obtained, and in some cases, depending on the project status and the lead time, equipment was placed on order and fabrication began. Consideration was given for expected vehicle usage and station capacity, standard features needed, and the ability to upgrade the station at a later date. In parallel with work on the equipment, discussions were started with various vehicle manufacturers to identify vehicle demand (short- and long-term needs). Discussions included identifying potential areas most suited for hydrogen fueling stations with a focus on safe, convenient, fast-fills. These potential areas were then compared to and overlaid with suitable sites from various energy companies and other potential station operators. Work continues to match vehicle needs with suitable fueling station locations. Once a specific site was identified, the necessary agreements could be completed with the station operator and expected station users. Detailed work could then begin on the site drawings, permits, safety procedures and training needs. Permanent stations were successfully installed in Irvine (delivered liquid hydrogen), Torrance (delivered pipeline hydrogen) and Fountain Valley (renewable hydrogen from anaerobic digester gas). Mobile fueling stations were also deployed to meet short-term fueling needs in Long Beach and Placerville. Once these stations were brought online, infrastructure data was collected and reported to DOE using Air Products’ Enterprise Remote Access Monitoring system. Feedback from station operators was incorporated to improve the station user’s fueling experience.

  20. Cyber Security Evaluation of II&C Technologies

    SciTech Connect (OSTI)

    Ken Thomas

    2014-11-01

    The Light Water Reactor Sustainability (LWRS) Program is a research and development program sponsored by the Department of Energy, which is conducted in close collaboration with industry to provide the technical foundations for licensing and managing the long-term, safe and economical operation of current nuclear power plants The LWRS Program serves to help the US nuclear industry adopt new technologies and engineering solutions that facilitate the continued safe operation of the plants and extension of the current operating licenses. Within the LWRS Program, the Advanced Instrumentation, Information, and Control (II&C) Systems Technologies Pathway conducts targeted research and development (R&D) to address aging and reliability concerns with the legacy instrumentation and control and related information systems of the U.S. operating light water reactor (LWR) fleet. The II&C Pathway is conducted by Idaho National Laboratory (INL). Cyber security is a common concern among nuclear utilities and other nuclear industry stakeholders regarding the digital technologies that are being developed under this program. This concern extends to the point of calling into question whether these types of technologies could ever be deployed in nuclear plants given the possibility that the information in them can be compromised and the technologies themselves can potentially be exploited to serve as attack vectors for adversaries. To this end, a cyber security evaluation has been conducted of these technologies to determine whether they constitute a threat beyond what the nuclear plants already manage within their regulatory-required cyber security programs. Specifically, the evaluation is based on NEI 08-09, which is the industry’s template for cyber security programs and evaluations, accepted by the Nuclear Regulatory Commission (NRC) as responsive to the requirements of the nuclear power plant cyber security regulation found in 10 CFR 73.54. The evaluation was conducted by a cyber security team with expertise in nuclear utility cyber security programs and experience in conducting these evaluations. The evaluation has determined that, for the most part, cyber security will not be a limiting factor in the application of these technologies to nuclear power plant applications.

  1. Rocky Mountain Electrical League (RMEL) Physical and Cyber Security

    Energy Savers [EERE]

    Conference - January 26-27, 2016 | Department of Energy Rocky Mountain Electrical League (RMEL) Physical and Cyber Security Conference - January 26-27, 2016 Rocky Mountain Electrical League (RMEL) Physical and Cyber Security Conference - January 26-27, 2016 January 4, 2016 - 11:22am Addthis Power SURGE is joint project between the DOE’s Office of Security Assistance and the Department’s Power Marketing Administrations, led by the Western Area Power Marketing Administration. Power

  2. Autonomic Intelligent Cyber Sensor (AICS) Version 1.0.1

    Energy Science and Technology Software Center (OSTI)

    2015-03-01

    The Autonomic Intelligent Cyber Sensor (AICS) provides cyber security and industrial network state awareness for Ethernet based control network implementations. The AICS utilizes collaborative mechanisms based on Autonomic Research and a Service Oriented Architecture (SOA) to: 1) identify anomalous network traffic; 2) discover network entity information; 3) deploy deceptive virtual hosts; and 4) implement self-configuring modules. AICS achieves these goals by dynamically reacting to the industrial human-digital ecosystem in which it resides. Information is transportedmore » internally and externally on a standards based, flexible two-level communication structure.« less

  3. Cyber Assessment Methods for SCADA Security

    SciTech Connect (OSTI)

    Not Available

    2005-06-01

    The terrorist attacks of September 11, 2001 brought to light threats and vulnerabilities that face the United States. In response, the U.S. Government is directing the effort to secure the nation's critical infrastructure by creating programs to implement the National Strategy to Secure Cyberspace (1). One part of this effort involves assessing Supervisory Control and Data Acquisition (SCADA) systems. These systems are essential to the control of critical elements of our national infrastructure, such as electric power, oil, and gas production and distribution. Since their incapacitation or destruction would have a debilitating impact on the defense or economic security of the United States, one of the main objectives of this program is to identify vulnerabilities and encourage the public and private sectors to work together to design secure control systems that resolve these weaknesses. This paper describes vulnerability assessment methodologies used in ongoing research and assessment activities designed to identify and resolve vulnerabilities so as to improve the security of the nation's critical infrastructure.

  4. Cyber Assessment Methods For SCADA Security

    SciTech Connect (OSTI)

    May Robin Permann; Kenneth Rohde

    2005-06-01

    The terrorist attacks of September 11, 2001 brought to light threats and vulnerabilities that face the United States. In response, the U.S. Government is directing the effort to secure the nation's critical infrastructure by creating programs to implement the National Strategy to Secure Cyberspace (1). One part of this effort involves assessing Supervisory Control and Data Acquisition (SCADA) systems. These systems are essential to the control of critical elements of our national infrastructure, such as electric power, oil, and gas production and distribution. Since their incapacitation or destruction would have a debilitating impact on the defense or economic security of the United States, one of the main objectives of this program is to identify vulnerabilities and encourage the public and private sectors to work together to design secure control systems that resolve these weaknesses. This paper describes vulnerability assessment methodologies used in ongoing research and assessment activities designed to identify and resolve vulnerabilities so as to improve the security of the nation's critical infrastructure.

  5. Michigan E85 Infrastructure

    SciTech Connect (OSTI)

    Sandstrom, Matthew M.

    2012-03-30

    This is the final report for a grant-funded project to financially assist and otherwise provide support to projects that increase E85 infrastructure in Michigan at retail fueling locations. Over the two-year project timeframe, nine E85 and/or flex-fuel pumps were installed around the State of Michigan at locations currently lacking E85 infrastructure. A total of five stations installed the nine pumps, all providing cost share toward the project. By using cost sharing by station partners, the $200,000 provided by the Department of Energy facilitated a total project worth $746,332.85. This project was completed over a two-year timetable (eight quarters). The first quarter of the project focused on project outreach to station owners about the incentive on the installation and/or conversion of E85 compatible fueling equipment including fueling pumps, tanks, and all necessary electrical and plumbing connections. Utilizing Clean Energy Coalition (CEC) extensive knowledge of gasoline/ethanol infrastructure throughout Michigan, CEC strategically placed these pumps in locations to strengthen the broad availability of E85 in Michigan. During the first and second quarters, CEC staff approved projects for funding and secured contracts with station owners; the second through eighth quarters were spent working with fueling station owners to complete projects; the third through eighth quarters included time spent promoting projects; and beginning in the second quarter and running for the duration of the project was spent performing project reporting and evaluation to the US DOE. A total of 9 pumps were installed (four in Elkton, two in Sebewaing, one in East Lansing, one in Howell, and one in Whitmore Lake). At these combined station locations, a total of 192,445 gallons of E85, 10,786 gallons of E50, and 19,159 gallons of E30 were sold in all reporting quarters for 2011. Overall, the project has successfully displaced 162,611 gallons (2,663 barrels) of petroleum, and reduced regional GHG emissions by 375 tons in the first year of station deployment.

  6. Energy Transmission and Infrastructure

    SciTech Connect (OSTI)

    Mathison, Jane

    2012-12-31

    The objective of Energy Transmission and Infrastructure Northern Ohio (OH) was to lay the conceptual and analytical foundation for an energy economy in northern Ohio that will: • improve the efficiency with which energy is used in the residential, commercial, industrial, agricultural, and transportation sectors for Oberlin, Ohio as a district-wide model for Congressional District OH-09; • identify the potential to deploy wind and solar technologies and the most effective configuration for the regional energy system (i.e., the ratio of distributed or centralized power generation); • analyze the potential within the district to utilize farm wastes to produce biofuels; • enhance long-term energy security by identifying ways to deploy local resources and building Ohio-based enterprises; • identify the policy, regulatory, and financial barriers impeding development of a new energy system; and • improve energy infrastructure within Congressional District OH-09. This objective of laying the foundation for a renewable energy system in Ohio was achieved through four primary areas of activity: 1. district-wide energy infrastructure assessments and alternative-energy transmission studies; 2. energy infrastructure improvement projects undertaken by American Municipal Power (AMP) affiliates in the northern Ohio communities of Elmore, Oak Harbor, and Wellington; 3. Oberlin, OH-area energy assessment initiatives; and 4. a district-wide conference held in September 2011 to disseminate year-one findings. The grant supported 17 research studies by leading energy, policy, and financial specialists, including studies on: current energy use in the district and the Oberlin area; regional potential for energy generation from renewable sources such as solar power, wind, and farm-waste; energy and transportation strategies for transitioning the City of Oberlin entirely to renewable resources and considering pedestrians, bicyclists, and public transportation as well as drivers in developing transportation policies; energy audits and efficiency studies for Oberlin-area businesses and Oberlin College; identification of barriers to residential energy efficiency and development of programming to remove these barriers; mapping of the solar-photovoltaic and wind-energy supply chains in northwest Ohio; and opportunities for vehicle sharing and collaboration among the ten organizations in Lorain County from the private, government, non-profit, and educational sectors. With non-grant funds, organizations have begun or completed projects that drew on the findings of the studies, including: creation of a residential energy-efficiency program for the Oberlin community; installation of energy-efficient lighting in Oberlin College facilities; and development by the City of Oberlin and Oberlin College of a 2.27 megawatt solar photovoltaic facility that is expected to produce 3,000 megawatt-hours of renewable energy annually, 12% of the College’s yearly power needs. Implementation of these and other projects is evidence of the economic feasibility and technical effectiveness of grant-supported studies, and additional projects are expected to advance to implementation in the coming years. The public has benefited through improved energydelivery systems and reduced energy use for street lighting in Elmore, Oak Harbor, and Wellington; new opportunities for assistance and incentives for residential energy efficiency in the Oberlin community; new opportunities for financial and energy savings through vehicle collaboration within Lorain County; and decreased reliance on fossil fuels and expanded production of renewable energy in the region. The dissemination conference and the summary report developed for the conference also benefited the public, but making the findings and recommendations of the regional studies broadly available to elected officials, city managers, educators, representatives of the private sector, and the general public.

  7. Innovative Financing for Green Infrastructure

    Broader source: Energy.gov [DOE]

    Topic OverviewFinancing green infrastructure is critical to taking projects from planning to implementation and beyond, including sustaining operations and maintenance. This 90-minute webcast will...

  8. Distributed Data Integration Infrastructure

    SciTech Connect (OSTI)

    Critchlow, T; Ludaescher, B; Vouk, M; Pu, C

    2003-02-24

    The Internet is becoming the preferred method for disseminating scientific data from a variety of disciplines. This can result in information overload on the part of the scientists, who are unable to query all of the relevant sources, even if they knew where to find them, what they contained, how to interact with them, and how to interpret the results. A related issue is keeping up with current trends in information technology often taxes the end-user's expertise and time. Thus instead of benefiting from this information rich environment, scientists become experts on a small number of sources and technologies, use them almost exclusively, and develop a resistance to innovations that can enhance their productivity. Enabling information based scientific advances, in domains such as functional genomics, requires fully utilizing all available information and the latest technologies. In order to address this problem we are developing a end-user centric, domain-sensitive workflow-based infrastructure, shown in Figure 1, that will allow scientists to design complex scientific workflows that reflect the data manipulation required to perform their research without an undue burden. We are taking a three-tiered approach to designing this infrastructure utilizing (1) abstract workflow definition, construction, and automatic deployment, (2) complex agent-based workflow execution and (3) automatic wrapper generation. In order to construct a workflow, the scientist defines an abstract workflow (AWF) in terminology (semantics and context) that is familiar to him/her. This AWF includes all of the data transformations, selections, and analyses required by the scientist, but does not necessarily specify particular data sources. This abstract workflow is then compiled into an executable workflow (EWF, in our case XPDL) that is then evaluated and executed by the workflow engine. This EWF contains references to specific data source and interfaces capable of performing the desired actions. In order to provide access to the largest number of resources possible, our lowest level utilizes automatic wrapper generation techniques to create information and data wrappers capable of interacting with the complex interfaces typical in scientific analysis. The remainder of this document outlines our work in these three areas, the impact our work has made, and our plans for the future.

  9. Energy Sector-Specific Plan: An Annex to the National Infrastructure

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Protection Plan | Department of Energy Sector-Specific Plan: An Annex to the National Infrastructure Protection Plan Energy Sector-Specific Plan: An Annex to the National Infrastructure Protection Plan In its role as the lead Sector-Specific Agency for the Energy Sector, the Department of Energy has worked closely with dozens of government and industry partners to prepare this updated 2010 Energy Sector-Specific Plan (SSP). Much of that work was conducted through the two Energy Sector

  10. Taxonomies of Cyber Adversaries and Attacks: A Survey of Incidents and Approaches

    SciTech Connect (OSTI)

    Meyers, C A; Powers, S S; Faissol, D M

    2009-10-08

    In this paper we construct taxonomies of cyber adversaries and methods of attack, drawing from a survey of the literature in the area of cyber crime. We begin by addressing the scope of cyber crime, noting its prevalence and effects on the US economy. We then survey the literature on cyber adversaries, presenting a taxonomy of the different types of adversaries and their corresponding methods, motivations, maliciousness, and skill levels. Subsequently we survey the literature on cyber attacks, giving a taxonomy of the different classes of attacks, subtypes, and threat descriptions. The goal of this paper is to inform future studies of cyber security on the shape and characteristics of the risk space and its associated adversaries.

  11. A cognitive and economic decision theory for examining cyber defense strategies.

    SciTech Connect (OSTI)

    Bier, Asmeret Brooke

    2014-01-01

    Cyber attacks pose a major threat to modern organizations. Little is known about the social aspects of decision making among organizations that face cyber threats, nor do we have empirically-grounded models of the dynamics of cooperative behavior among vulnerable organizations. The effectiveness of cyber defense can likely be enhanced if information and resources are shared among organizations that face similar threats. Three models were created to begin to understand the cognitive and social aspects of cyber cooperation. The first simulated a cooperative cyber security program between two organizations. The second focused on a cyber security training program in which participants interact (and potentially cooperate) to solve problems. The third built upon the first two models and simulates cooperation between organizations in an information-sharing program.

  12. DOE Issues Energy Sector Cyber Organization NOI

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    the federal government and energy sector stakeholders to protect the bulk power electric grid and aid the integration of smart grid technology to enhance the security of the grid. ...

  13. Task Force on Biofuels Infrastructure

    Broader source: Energy.gov [DOE]

    Under the federal Renewable Fuels Standard (RFS) adopted in 2005 and amended in 2007, the United States is committed to a substantial (five-fold) increase in its use of biofuels by 2022. The National Commission on Energy Policy (NCEP) convened a Biofuels Infrastructure Task Force in 2008 to examine the infrastructure implications of this relatively swift and unprecedented shift in the composition of the nation’s transportation fuel supply. Specifically, the Task Force explored issues and developed recommendations for advancing the infrastructure investments needed to support timely and cost-effective implementation of the current biofuels mandate.

  14. NNSA Seeking Comments on Consolidated IT and Cyber Security Support Services Draft

    Broader source: Energy.gov [DOE]

    The National Nuclear Security Administration (NNSA) is currently seeking comments, now through July 29, on an opportunity for Consolidated IT and Cyber Security Support Services.

  15. Cyber Security Audit and Attack Detection Toolkit: Bandolier and Portaledge, March 2010

    Broader source: Energy.gov [DOE]

    This project of the cyber security audit and attack detection toolkit will employ Bandolier Audit Files for optimizing security configurations and the Portaledge event detection capability for...

  16. Breaking into a computer : attack techniques and tools used by cyber-criminals

    ScienceCinema (OSTI)

    None

    2011-10-06

    Oral presentation in English, slides in English. We will show you how and why cyber-criminals attack your computers: their motives, methods and tools.

  17. Situational Awareness as a Measure of Performance in Cyber Security Collaborative Work

    SciTech Connect (OSTI)

    Malviya, Ashish; Fink, Glenn A.; Sego, Landon H.; Endicott-Popovsky, Barbara E.

    2011-04-11

    Cyber defense competitions arising from U.S. service academy exercises, offer a platform for collecting data that can inform research that ranges from characterizing the ideal cyber warrior to describing behaviors during certain challenging cyber defense situations. This knowledge in turn could lead to better preparation of cyber defenders in both military and civilian settings. We conducted proof of concept experimentation to collect data during the Pacific-rim Regional Collegiate Cyber Defense Competition (PRCCDC) and analyzed it to study the behavior of cyber defenders. We propose that situational awareness predicts performance of cyber security professionals, and in this paper we focus on our collection and analysis of competition data to determine whether it supports our hypothesis. In addition to normal cyber data, we collected situational awareness and workload data and compared it against the performance of cyber defenders as indicated by their competition score. We conclude that there is a weak correlation between our measure of situational awareness and performance that we hope to exploit in further studies.

  18. Cyber-Intrusion Auto-Response Policy and Management System (CAPMS...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Cyber-Intrusion Auto-Response Policy and Management System (CAPMS) A managed security system ... as a full partner in grid operations workflow imulation dissemination of emerging ...

  19. Hydrogen Infrastructure Market Readiness Workshop

    Broader source: Energy.gov [DOE]

    The U.S. Department of Energy's (DOE's) National Renewable Energy Laboratory (NREL) hosted the Hydrogen Infrastructure Market Readiness Workshop February 16–17, 2011, in Washington, D.C....

  20. Hydrogen Delivery Infrastructure Options Analysis

    Fuel Cell Technologies Publication and Product Library (EERE)

    This report, by the Nexant team, documents an in-depth analysis of seven hydrogen delivery options to identify the most cost-effective hydrogen infrastructure for the transition and long term. The pro

  1. GIS-Based Infrastructure Modeling

    Broader source: Energy.gov [DOE]

    Presentation by NREL's Keith Parks at the 2010 - 2025 Scenario Analysis for Hydrogen Fuel Cell Vehicles and Infrastructure Meeting on August 9 - 10, 2006 in Washington, D.C.

  2. In This Issue Electricity Infrastructure

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Electricity Infrastructure Energy Efficiency and Renewable Energy Environmental Health and Remediation Clean Fossil Energy Nuclear News See how we were featured in the news and read our press releases. Staff Accomplishments 7 Staff at PNNL Received Superior Paper awards for work presented at the 2015 Waste Management STAY CONNECTED: October 2015 Electricity Infrastructure Systems Engineering Building Advances Grid and Controls Research Officials joined regional business leaders and PNNL staff on

  3. infrastructure | National Nuclear Security Administration

    National Nuclear Security Administration (NNSA)

    infrastructure NNSA Achieves Major Milestone in BUILDER Implementation WASHINGTON, D.C. - The Department of Energy's National Nuclear Security Administration (DOE/NNSA) achieved a major milestone in improving the management of the Nuclear Security Enterprise's infrastructure through the successful migration of all current information on building... Extended Life Program asks 'How do you make your buildings last?' The challenge is this: Preserve two key processing facilities at Y-12 National

  4. Energy and Infrastructure Future Overview

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Rush Robinett Energy &Infrastructure Future Group Sandia National Laboratories rdrobin@sandia.gov Energy & Infrastructure Future Overview 2 Sandia's Core Purpose "Helping our Nation Secure a Peaceful and Free World through Technology" * National Security Laboratory * Broad mission in developing science and technology applications to meet our rapidly changing, complex national security challenges * Safety, security and reliability of our nation's nuclear weapon stockpile 3

  5. Clean Cities Recovery Act: Vehicle & Infrastructure Deployment...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Recovery Act: Vehicle & Infrastructure Deployment Clean Cities Recovery Act: Vehicle & Infrastructure Deployment 2010 DOE Vehicle Technologies and Hydrogen Programs Annual Merit...

  6. Office of Infrastructure Planning & Analysis | National Nuclear...

    National Nuclear Security Administration (NNSA)

    Gallery Photo Gallery Jobs Apply for Our Jobs Our Jobs Working at NNSA Blog Home Office of Infrastructure Planning & Analysis Office of Infrastructure Planning & Analysis...

  7. Natural Gas and Hydrogen Infrastructure Opportunities Workshop...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Natural Gas and Hydrogen Infrastructure Opportunities Workshop Natural Gas and Hydrogen Infrastructure Opportunities Workshop Argonne National Laboratory held a Natural Gas and ...

  8. Upcoming Webinar December 16: International Hydrogen Infrastructure...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    December 16: International Hydrogen Infrastructure Challenges NOW, DOE, and NEDO Upcoming Webinar December 16: International Hydrogen Infrastructure Challenges NOW, DOE, and NEDO ...

  9. Final Report - Hydrogen Delivery Infrastructure Options Analysis...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Report - Hydrogen Delivery Infrastructure Options Analysis Final Report - Hydrogen Delivery Infrastructure Options Analysis This report, by the Nexant team, documents an in-depth...

  10. 2nd International Hydrogen Infrastructure Challenges Webinar...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    nd International Hydrogen Infrastructure Challenges Webinar Slides 2nd International Hydrogen Infrastructure Challenges Webinar Slides Presentation slides from the Fuel Cell ...

  11. Hydrogen Delivery Infrastructure Option Analysis | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Option Analysis Hydrogen Delivery Infrastructure Option Analysis Presentation on hydrogen delivery infrastructure option analysis prepared for DOE. PDF icon wkshpstoragechen.pdf...

  12. Report: Natural Gas Infrastructure Implications of Increased...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Report: Natural Gas Infrastructure Implications of Increased Demand from the Electric Power Sector Report: Natural Gas Infrastructure Implications of Increased Demand from the ...

  13. Natural Gas and Hydrogen Infrastructure Opportunities Workshop...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Opportunities Workshop Agenda Natural Gas and Hydrogen Infrastructure Opportunities Workshop Agenda Agenda for the Natural Gas and Hydrogen Infrastructure Opportunities Workshop ...

  14. IPHE Infrastructure Workshop - Workshop Proceedings, February...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    IPHE Infrastructure Workshop - Workshop Proceedings, February 25-26, 2010 Sacramento, CA IPHE Infrastructure Workshop - Workshop Proceedings, February 25-26, 2010 Sacramento, CA ...

  15. Sandia Energy - Widespread Hydrogen Fueling Infrastructure Is...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Widespread Hydrogen Fueling Infrastructure Is the Goal of H2FIRST Project Home Infrastructure Security Energy Transportation Energy Facilities Partnership Capabilities News News &...

  16. Infrastructure and Operations | National Nuclear Security Administrati...

    National Nuclear Security Administration (NNSA)

    term needs. The Associate Administrator for Infrastructure and Operations develops and executes NNSA's infrastructure investment, maintenance, and operations programs and policies....

  17. California Low Carbon Fuels Infrastructure Investment Initiative...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Low Carbon Fuels Infrastructure Investment Initiative California Low Carbon Fuels Infrastructure Investment Initiative 2012 DOE Hydrogen and Fuel Cells Program and Vehicle ...

  18. Automatic Labeling for Entity Extraction in Cyber Security

    SciTech Connect (OSTI)

    Bridges, Robert A; Jones, Corinne L; Iannacone, Michael D; Testa, Kelly M; Goodall, John R

    2014-01-01

    Timely analysis of cyber-security information necessitates automated information extraction from unstructured text. While state-of-the-art extraction methods produce extremely accurate results, they require ample training data, which is generally unavailable for specialized applications, such as detecting security related entities; moreover, manual annotation of corpora is very costly and often not a viable solution. In response, we develop a very precise method to automatically label text from several data sources by leveraging related, domain-specific, structured data and provide public access to a corpus annotated with cyber-security entities. Next, we implement a Maximum Entropy Model trained with the average perceptron on a portion of our corpus (~750,000 words) and achieve near perfect precision, recall, and accuracy, with training times under 17 seconds.

  19. Strategic plan for infrastructure optimization

    SciTech Connect (OSTI)

    Donley, C.D.

    1998-05-27

    This document represents Fluor Daniel Hanford`s and DynCorp`s Tri-Cities Strategic Plan for Fiscal Years 1998--2002, the road map that will guide them into the next century and their sixth year of providing safe and cost effective infrastructure services and support to the Department of Energy (DOE) and the Hanford Site. The Plan responds directly to the issues raised in the FDH/DOE Critical Self Assessment specifically: (1) a strategy in place to give DOE the management (systems) and physical infrastructure for the future; (2) dealing with the barriers that exist to making change; and (3) a plan to right-size the infrastructure and services, and reduce the cost of providing services. The Plan incorporates initiatives from several studies conducted in Fiscal Year 1997 to include: the Systems Functional Analysis, 200 Area Water Commercial Practices Plan, $ million Originated Cost Budget Achievement Plan, the 1OO Area Vacate Plan, the Railroad Shutdown Plan, as well as recommendations from the recently completed Review of Hanford Electrical Utility. These and other initiatives identified over the next five years will result in significant improvements in efficiency, allowing a greater portion of the infrastructure budget to be applied to Site cleanup. The Plan outlines a planning and management process that defines infrastructure services and structure by linking site technical base line data and customer requirements to work scope and resources. The Plan also provides a vision of where Site infrastructure is going and specific initiatives to get there.

  20. A Comparison of Cross-Sector Cyber Security Standards

    SciTech Connect (OSTI)

    Robert P. Evans

    2005-09-01

    This report presents a review and comparison (commonality and differences) of three cross-sector cyber security standards and an internationally recognized information technology standard. The comparison identifies the security areas covered by each standard and reveals where the standards differ in emphasis. By identifying differences in the standards, the user can evaluate which standard best meets their needs. For this report, only cross-sector standards were reviewed.

  1. GridStat Cyber Security and Regional Deployment Project Report

    SciTech Connect (OSTI)

    Clements, Samuel L.

    2009-02-18

    GridStat is a developing communication technology to provide real-time data delivery services to the electric power grid. It is being developed in a collaborative effort between the Electrical Power Engineering and Distributed Computing Science Departments at Washington State University. Improving the cyber security of GridStat was the principle focus of this project. A regional network was established to test GridStats cyber security mechanisms in a realistic environment. The network consists of nodes at Pacific Northwest National Laboratory, Idaho National Laboratory, and Washington State University. Idaho National Laboratory (INL) was tasked with performing the security assessment, the results of which detailed a number or easily resolvable and previously unknown issues, as well as a number of difficult and previously known issues. Going forward we recommend additional development prior to commercialization of GridStat. The development plan is structured into three domains: Core Development, Cyber Security and Pilot Projects. Each domain contains a number of phased subtasks that build upon each other to increase the robustness and maturity of GridStat.

  2. Bio-Inspired Cyber Security for Smart Grid Deployments

    SciTech Connect (OSTI)

    McKinnon, Archibald D.; Thompson, Seth R.; Doroshchuk, Ruslan A.; Fink, Glenn A.; Fulp, Errin W.

    2013-05-01

    mart grid technologies are transforming the electric power grid into a grid with bi-directional flows of both power and information. Operating millions of new smart meters and smart appliances will significantly impact electric distribution systems resulting in greater efficiency. However, the scale of the grid and the new types of information transmitted will potentially introduce several security risks that cannot be addressed by traditional, centralized security techniques. We propose a new bio-inspired cyber security approach. Social insects, such as ants and bees, have developed complex-adaptive systems that emerge from the collective application of simple, light-weight behaviors. The Digital Ants framework is a bio-inspired framework that uses mobile light-weight agents. Sensors within the framework use digital pheromones to communicate with each other and to alert each other of possible cyber security issues. All communication and coordination is both localized and decentralized thereby allowing the framework to scale across the large numbers of devices that will exist in the smart grid. Furthermore, the sensors are light-weight and therefore suitable for implementation on devices with limited computational resources. This paper will provide a brief overview of the Digital Ants framework and then present results from test bed-based demonstrations that show that Digital Ants can identify a cyber attack scenario against smart meter deployments.

  3. Cyber Security Research Frameworks For Coevolutionary Network Defense

    SciTech Connect (OSTI)

    Rush, George D.; Tauritz, Daniel Remy

    2015-12-03

    Several architectures have been created for developing and testing systems used in network security, but most are meant to provide a platform for running cyber security experiments as opposed to automating experiment processes. In the first paper, we propose a framework termed Distributed Cyber Security Automation Framework for Experiments (DCAFE) that enables experiment automation and control in a distributed environment. Predictive analysis of adversaries is another thorny issue in cyber security. Game theory can be used to mathematically analyze adversary models, but its scalability limitations restrict its use. Computational game theory allows us to scale classical game theory to larger, more complex systems. In the second paper, we propose a framework termed Coevolutionary Agent-based Network Defense Lightweight Event System (CANDLES) that can coevolve attacker and defender agent strategies and capabilities and evaluate potential solutions with a custom network defense simulation. The third paper is a continuation of the CANDLES project in which we rewrote key parts of the framework. Attackers and defenders have been redesigned to evolve pure strategy, and a new network security simulation is devised which specifies network architecture and adds a temporal aspect. We also add a hill climber algorithm to evaluate the search space and justify the use of a coevolutionary algorithm.

  4. Infrastructure Security EXCEPTIONAL SERVICE IN THE NATIONAL INTEREST

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    5759P Nuclear Cyber Vulnerability Sandia National Laboratories has conducted cyber-based vulnerability assessments on multiple commercial digital I&C platforms being deployed in the nuclear industry for the purpose of identifying vulnerabilities and improving the design and implementation of these systems. The assessment methodology has been developed at Sandia and is used to determine the risk associated with the design, configuration and operation of cyber-based products. Threat

  5. Sandia National Laboratories: National Security Missions: Defense Systems

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    and Assessments: Cybersecurity Programs Cybersecurity Delivering experience & expertise Training the next generation of cyber defenders Cybersecurity computing Defending national security Applying science and engineering to protect cyber systems from malicious attacks Cyber worker inspecting supercomputer Protecting cyberspace An expert team, passionate about defending the nation's critical infrastructure Computer Annex "The cyber threat to our nation is one of the most serious

  6. Hydrogen Regional Infrastructure Program in Pennsylvania

    Broader source: Energy.gov [DOE]

    Hydrogen Regional Infrastructure Program in Pennsylvania. Objectives: Capture data pertinent to H2 delivery in PA

  7. 2012 Annual Report Research Reactor Infrastructure Program

    SciTech Connect (OSTI)

    Douglas Morrell

    2012-11-01

    The content of this report is the 2012 Annual Report for the Research Reactor Infrastructure Program.

  8. Biomass Program 2007 Accomplishments - Infrastructure Technology Area

    SciTech Connect (OSTI)

    Glickman, Joan

    2007-09-01

    This document details the accomplishments of the Biomass Program Infrastructure Technoloy Area in 2007.

  9. Chapter V: Improving Shared Transport Infrastructures

    Energy Savers [EERE]

    38 QER Report: Energy Transmission, Storage, and Distribution Infrastructure | April 2015 Chapter V: Improving Shared Transport Infrastructures QER Report: Energy Transmission, Storage, and Distribution Infrastructure | April 2015 6-1 Chapter VI This chapter takes a broader look at the current energy trade and the continuing integration of energy markets and infrastructure in the North American region. Its discussion includes cross-border infrastructure with Canada and Mexico, impacts of climate

  10. Infrastructure and Operations | National Nuclear Security Administration

    National Nuclear Security Administration (NNSA)

    Infrastructure and Operations NNSA's missions require a secure production and laboratory infrastructure meeting immediate and long term needs. The Associate Administrator for Infrastructure and Operations develops and executes NNSA's infrastructure investment, maintenance, and operations programs and policies. Learn More Ten-Year Site Plans (TYSP) Related Topics infrastructure na-00 operations Related News NNSA Achieves Major Milestone in BUILDER Implementation Extended Life Program asks 'How do

  11. Tensions in collaborative cyber security and how they affect incident detection and response

    SciTech Connect (OSTI)

    Fink, Glenn A.; McKinnon, Archibald D.; Clements, Samuel L.; Frincke, Deborah A.

    2009-12-01

    Security often requires collaboration, but when multiple stakeholders are involved, it is typical for their priorities to differ or even conflict with one another. In todays increasingly networked world, cyber security collaborations may span organizations and countries. In this chapter, we address collaboration tensions, their effects on incident detection and response, and how these tensions may potentially be resolved. We present three case studies of collaborative cyber security within the U.S. government and discuss technical, social, and regulatory challenges to collaborative cyber security. We suggest possible solutions, and present lessons learned from conflicts. Finally, we compare collaborative solutions from other domains and apply them to cyber security collaboration. Although we concentrate our analysis on collaborations whose purpose is to achieve cyber security, we believe that this work applies readily to security tensions found in collaborations of a general nature as well.

  12. Cyber Science and Security - An R&D Partnership at LLNL

    SciTech Connect (OSTI)

    Brase, J; Henson, V

    2011-03-11

    Lawrence Livermore National Laboratory has established a mechanism for partnership that integrates the high-performance computing capabilities of the National Labs, the network and cyber technology expertise of leading information technology companies, and the long-term research vision of leading academic cyber programs. The Cyber Science and Security Center is designed to be a working partnership among Laboratory, Industrial, and Academic institutions, and provides all three with a shared R&D environment, technical information sharing, sophisticated high-performance computing facilities, and data resources for the partner institutions and sponsors. The CSSC model is an institution where partner organizations can work singly or in groups on the most pressing problems of cyber security, where shared vision and mutual leveraging of expertise and facilities can produce results and tools at the cutting edge of cyber science.

  13. Network Intrusion Detection and Visualization using Aggregations in a Cyber Security Data Warehouse

    SciTech Connect (OSTI)

    Czejdo, Bogdan; Ferragut, Erik M; Goodall, John R; Laska, Jason A

    2012-01-01

    The challenge of achieving situational understanding is a limiting factor in effective, timely, and adaptive cyber-security analysis. Anomaly detection fills a critical role in network assessment and trend analysis, both of which underlie the establishment of comprehensive situational understanding. To that end, we propose a cyber security data warehouse implemented as a hierarchical graph of aggregations that captures anomalies at multiple scales. Each node of our pro-posed graph is a summarization table of cyber event aggregations, and the edges are aggregation operators. The cyber security data warehouse enables domain experts to quickly traverse a multi-scale aggregation space systematically. We describe the architecture of a test bed system and a summary of results on the IEEE VAST 2012 Cyber Forensics data.

  14. A modeling framework for investment planning in interdependent infrastructures in multi-hazard environments.

    SciTech Connect (OSTI)

    Brown, Nathanael J. K.; Gearhart, Jared Lee; Jones, Dean A.; Nozick, Linda Karen; Prince, Michael

    2013-09-01

    Currently, much of protection planning is conducted separately for each infrastructure and hazard. Limited funding requires a balance of expenditures between terrorism and natural hazards based on potential impacts. This report documents the results of a Laboratory Directed Research&Development (LDRD) project that created a modeling framework for investment planning in interdependent infrastructures focused on multiple hazards, including terrorism. To develop this framework, three modeling elements were integrated: natural hazards, terrorism, and interdependent infrastructures. For natural hazards, a methodology was created for specifying events consistent with regional hazards. For terrorism, we modeled the terrorist's actions based on assumptions regarding their knowledge, goals, and target identification strategy. For infrastructures, we focused on predicting post-event performance due to specific terrorist attacks and natural hazard events, tempered by appropriate infrastructure investments. We demonstrate the utility of this framework with various examples, including protection of electric power, roadway, and hospital networks.

  15. ELECTRIC INFRASTRUCTURE TECHNOLOGY, TRAINING, AND ASSESSMENT PROGRAM

    SciTech Connect (OSTI)

    TREMEL, CHARLES L

    2007-06-28

    The objective of this Electric Infrastructure Technology, Training and Assessment Program was to enhance the reliability of electricity delivery through engineering integration of real-time technologies for wide-area applications enabling timely monitoring and management of grid operations. The technologies developed, integrated, tested and demonstrated will be incorporated into grid operations to assist in the implementation of performance-based protection/preventive measures into the existing electric utility infrastructure. This proactive approach will provide benefits of reduced cost and improved reliability over the typical schedule-based and as needed maintenance programs currently performed by utilities. Historically, utilities have relied on maintenance and inspection programs to diagnose equipment failures and have used the limited circuit isolation devices, such as distribution main circuit breakers to identify abnormal system performance. With respect to reliable problem identification, customer calls to utility service centers are often the sole means for utilities to identify problem occurrences and determine restoration methodologies. Furthermore, monitoring and control functions of equipment and circuits are lacking; thus preventing timely detection and response to customer outages. Finally, the two-way flow of real-time system information is deficient, depriving decision makers of key information required to effectively manage and control current electric grid demands to provide reliable customer service in abnormal situations. This Program focused on advancing technologies and the engineering integration required to incorporate them into the electric grid operations to enhance electrical system reliability and reduce utility operating costs.

  16. Microsoft Word - Cyber-Wireless-CIP_Draft_ 5 1_2-25-09_clean.doc

    Energy Savers [EERE]

    Wireless System Considerations When Implementing NERC Critical Infrastructure Protection Standards Teja Kuruganti 1 , Walter Dykas 1 , Wayne Manges 1 , Tom Flowers 2 , Mark Hadley 3 , Paul Ewing 1 , Thomas King 1 1 Oak Ridge National Laboratory, Oak Ridge, TN 37831 2 Flowers Control Center Solutions, Todd Mission, TX 77363 3 Pacific Northwest National Laboratory, Richland, WA 99352 February 25, 2009 Introduction Energy asset owners are facing a monumental challenge as they address compliance

  17. 2009 Infrastructure Platform Review Report

    SciTech Connect (OSTI)

    Ferrell, John

    2009-12-01

    This document summarizes the recommendations and evaluations provided by an independent external panel of experts at the U.S. Department of Energy Biomass program‘s Infrastructure platform review meeting, held on February 19, 2009, at the Marriott Residence Inn, National Harbor, Maryland.

  18. Probabilistic Characterization of Adversary Behavior in Cyber Security

    SciTech Connect (OSTI)

    Meyers, C A; Powers, S S; Faissol, D M

    2009-10-08

    The objective of this SMS effort is to provide a probabilistic characterization of adversary behavior in cyber security. This includes both quantitative (data analysis) and qualitative (literature review) components. A set of real LLNL email data was obtained for this study, consisting of several years worth of unfiltered traffic sent to a selection of addresses at ciac.org. The email data was subjected to three interrelated analyses: a textual study of the header data and subject matter, an examination of threats present in message attachments, and a characterization of the maliciousness of embedded URLs.

  19. Voluntary Protection Program Onsite Review, Swift and Staley...

    Office of Environmental Management (EM)

    Swift and Staley Team, Infrastructure Support Contract, Paducah Gaseous Diffusion Plant - December 2014 Voluntary Protection Program Onsite Review, Swift and Staley Team,...

  20. Comparison of two methods to quantify cyber and physical security effectiveness.

    SciTech Connect (OSTI)

    Wyss, Gregory Dane; Gordon, Kristl A.

    2005-11-01

    With the increasing reliance on cyber technology to operate and control physical security system components, there is a need for methods to assess and model the interactions between the cyber system and the physical security system to understand the effects of cyber technology on overall security system effectiveness. This paper evaluates two methodologies for their applicability to the combined cyber and physical security problem. The comparison metrics include probabilities of detection (P{sub D}), interruption (P{sub I}), and neutralization (P{sub N}), which contribute to calculating the probability of system effectiveness (P{sub E}), the probability that the system can thwart an adversary attack. P{sub E} is well understood in practical applications of physical security but when the cyber security component is added, system behavior becomes more complex and difficult to model. This paper examines two approaches (Bounding Analysis Approach (BAA) and Expected Value Approach (EVA)) to determine their applicability to the combined physical and cyber security issue. These methods were assessed for a variety of security system characteristics to determine whether reasonable security decisions could be made based on their results. The assessments provided insight on an adversary's behavior depending on what part of the physical security system is cyber-controlled. Analysis showed that the BAA is more suited to facility analyses than the EVA because it has the ability to identify and model an adversary's most desirable attack path.

  1. Cybersecurity for Energy Delivery Systems 2010 Peer Review Presentations- Trustworthy Cyber Infrastructure for the Power Grid (TCIPG)

    Broader source: Energy.gov [DOE]

    National lab researchers, industry partners, and academia from the Cybersecurity for Energy Delivery Systems Program in the DOE's Office of Electricity Delivery and Energy Reliability held a 2-day...

  2. Infrastructure Ecology for Sustainable and Resilient Urban Infrastructure Design

    SciTech Connect (OSTI)

    Jeong, Hyunju; Pandit, Arka; Crittenden, John; Xu, Ming; Perrings, Charles; Wang, Dali; Li, Ke; French, Steve

    2010-10-01

    The population growth coupled with increasing urbanization is predicted to exert a huge demand on the growth and retrofit of urban infrastructure, particularly in water and energy systems. The U.S. population is estimated to grow by 23% (UN, 2009) between 2005 and 2030. The corresponding increases in energy and water demand were predicted as 14% (EIA, 2009) and 20% (Elcock, 2008), respectively. The water-energy nexus needs to be better understood to satisfy the increased demand in a sustainable manner without conflicting with environmental and economic constraints. Overall, 4% of U.S. power generation is used for water distribution (80%) and treatment (20%). 3% of U.S. water consumption (100 billion gallons per day, or 100 BGD) and 40% of U.S. water withdrawal (340 BGD) are for thermoelectric power generation (Goldstein and Smith, 2002). The water demand for energy production is predicted to increase most significantly among the water consumption sectors by 2030. On the other hand, due to the dearth of conventional water sources, energy intensive technologies are increasingly in use to treat seawater and brackish groundwater for water supply. Thus comprehending the interrelation and interdependency between water and energy system is imperative to evaluate sustainable water and energy supply alternatives for cities. In addition to the water-energy nexus, decentralized or distributed concept is also beneficial for designing sustainable water and energy infrastructure as these alternatives require lesser distribution lines and space in a compact urban area. Especially, the distributed energy infrastructure is more suited to interconnect various large and small scale renewable energy producers which can be expected to mitigate greenhouse gas (GHG) emissions. In the case of decentralized water infrastructure, on-site wastewater treatment facility can provide multiple benefits. Firstly, it reduces the potable water demand by reusing the treated water for non-potable uses and secondly, it also reduces the wastewater load to central facility. In addition, lesser dependency on the distribution network contributes to increased reliability and resiliency of the infrastructure. The goal of this research is to develop a framework which seeks an optimal combination of decentralized water and energy alternatives and centralized infrastructures based on physical and socio-economic environments of a region. Centralized and decentralized options related to water, wastewater and stormwater and distributed energy alternatives including photovoltaic (PV) generators, fuel cells and microturbines are investigated. In the context of the water-energy nexus, water recovery from energy alternatives and energy recovery from water alternatives are reflected. Alternatives recapturing nutrients from wastewater are also considered to conserve depleting resources. The alternatives are evaluated in terms of their life-cycle environmental impact and economic performance using a hybrid life cycle assessment (LCA) tool and cost benefit analysis, respectively. Meeting the increasing demand of a test bed, an optimal combination of the alternatives is designed to minimize environmental and economic impacts including CO2 emissions, human health risk, natural resource use, and construction and operation cost. The framework determines the optimal combination depending on urban density, transmission or conveyance distance or network, geology, climate, etc. Therefore, it will be also able to evaluate infrastructure resiliency against physical and socio-economic challenges such as population growth, severe weather, energy and water shortage, economic crisis, and so on.

  3. Infrastructure

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    ... HPCOR 2014, June 18-19, Oakland, CA 5 4. What alternative storage technologies and file systems are being considered to support big data storage requirements? * All sites are ...

  4. infrastructure

    National Nuclear Security Administration (NNSA)

    insulated roofs and more energy efficient HVAC systems. The cool roof has high solar reflectance, so it emits absorbed solar radiation back into the atmosphere, which...

  5. What is the current state of the science of Cyber defense?

    SciTech Connect (OSTI)

    Hurd, Alan J.

    2015-10-09

    My overall sense of the cyber defense field is one of an adolescent discipline currently bogged down in a cloud of issues, the most iconic of which is the great diversity of approaches that are being aggregated to form a coherent field. Because my own expertise is complex systems and materials physics research, I have limited direct experience in cyber security sciences except as a user of secure networks and computing resources. However, in producing this report, I have found with certainty that there exists no calculus for cyber risk assessment, mitigation, and response, although some hopeful precepts toward this end are emerging.

  6. Infrastructure at the Savannah River Site:

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Energy Infrastructure Security and Energy Restoration (ISER) Infrastructure Security and Energy Restoration (ISER) Infrastructure Security and Energy Restoration (ISER) Helping to Ensure a Secure and Reliable Flow of Energy to the Nation Applying the Department of Energy's technical expertise to help ensure the security, resiliency and survivability of key energy assets and critical energy infrastructure. We work with the Department of Homeland Security, the Federal Energy Regulatory

  7. Before the House Transportation and Infrastructure Subcommittee...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Subcommittee on Economic Development, Public Buildings, and Emergency Management Before the House Transportation and Infrastructure Subcommittee on Economic Development, Public ...

  8. Transmission Infrastructure Investment Projects (2009) | Department...

    Broader source: Energy.gov (indexed) [DOE]

    Transmission Infrastructure Investment Projects (2009) More Documents & Publications Financial Institution Partnership Program - Commercial Technology Renewable Energy Generation...

  9. NREL Alt Fuel Lessons Learned: Hydrogen Infrastructure

    Broader source: Energy.gov [DOE]

    Presented at Refueling Infrastructure for Alternative Fuel Vehicles: Lessons Learned for Hydrogen Conference, April 2-3, 2008, Sacramento, California

  10. Controlled Hydrogen Fleet and Infrastructure Demonstration and...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    More Documents & Publications Controlled Hydrogen Fleet & Infrastructure Analysis National FCEV Learning Demonstration: All Composite Data Products National Hydrogen Learning ...

  11. Agent-based Infrastructure Interdependency Model

    Energy Science and Technology Software Center (OSTI)

    2003-10-01

    The software is used to analyze infrastructure interdependencies. Agent-based modeling is used for the analysis.

  12. Controlled Hydrogen Fleet and Infrastructure Demonstration and...

    Broader source: Energy.gov (indexed) [DOE]

    tv03veenstra.pdf More Documents & Publications Technology Validation Controlled Hydrogen Fleet & Infrastructure Analysis HYDROGEN TO THE HIGHWAYS...

  13. Energy Department, Arizona Utilities Announce Transmission Infrastructure

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Project Energization | Department of Energy Arizona Utilities Announce Transmission Infrastructure Project Energization Energy Department, Arizona Utilities Announce Transmission Infrastructure Project Energization February 12, 2015 - 2:30pm Addthis News Media Contact 202 586 4940 DOENews@hq.doe.gov Energy Department, Arizona Utilities Announce Transmission Infrastructure Project Energization Transmission Line Increases Reliability, Access to Affordable Energy in Southwest States WASHINGTON

  14. Sandia National Laboratories: National Security Missions: International

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Homeland and Nuclear Security Programs International, Homeland, & Nuclear Security Reducing cyber threats Tools and techniques to improve cyber defense and protect networks and data Reducing global chemical and biological dangers Technologies for rapid detection and characterization of chemical and biological threats Reducing global nuclear dangers Unique technical and policy solutions to reduce global nuclear and radiological dangers Cyber Security Image Cyber and Infrastructure

  15. Cyber-Physical System Security With Deceptive Virtual Hosts for Industrial Control Networks

    SciTech Connect (OSTI)

    Vollmer, Todd; Manic, Milos

    2014-05-01

    A challenge facing industrial control network administrators is protecting the typically large number of connected assets for which they are responsible. These cyber devices may be tightly coupled with the physical processes they control and human induced failures risk dire real-world consequences. Dynamic virtual honeypots are effective tools for observing and attracting network intruder activity. This paper presents a design and implementation for self-configuring honeypots that passively examine control system network traffic and actively adapt to the observed environment. In contrast to prior work in the field, six tools were analyzed for suitability of network entity information gathering. Ettercap, an established network security tool not commonly used in this capacity, outperformed the other tools and was chosen for implementation. Utilizing Ettercap XML output, a novel four-step algorithm was developed for autonomous creation and update of a Honeyd configuration. This algorithm was tested on an existing small campus grid and sensor network by execution of a collaborative usage scenario. Automatically created virtual hosts were deployed in concert with an anomaly behavior (AB) system in an attack scenario. Virtual hosts were automatically configured with unique emulated network stack behaviors for 92% of the targeted devices. The AB system alerted on 100% of the monitored emulated devices.

  16. Cyber-Physical System Security With Deceptive Virtual Hosts for Industrial Control Networks

    DOE Public Access Gateway for Energy & Science Beta (PAGES Beta)

    Vollmer, Todd; Manic, Milos

    2014-05-01

    A challenge facing industrial control network administrators is protecting the typically large number of connected assets for which they are responsible. These cyber devices may be tightly coupled with the physical processes they control and human induced failures risk dire real-world consequences. Dynamic virtual honeypots are effective tools for observing and attracting network intruder activity. This paper presents a design and implementation for self-configuring honeypots that passively examine control system network traffic and actively adapt to the observed environment. In contrast to prior work in the field, six tools were analyzed for suitability of network entity information gathering. Ettercap, anmore » established network security tool not commonly used in this capacity, outperformed the other tools and was chosen for implementation. Utilizing Ettercap XML output, a novel four-step algorithm was developed for autonomous creation and update of a Honeyd configuration. This algorithm was tested on an existing small campus grid and sensor network by execution of a collaborative usage scenario. Automatically created virtual hosts were deployed in concert with an anomaly behavior (AB) system in an attack scenario. Virtual hosts were automatically configured with unique emulated network stack behaviors for 92% of the targeted devices. The AB system alerted on 100% of the monitored emulated devices.« less

  17. Cyber Security Summer School: Lessons for the Modern Grid

    Broader source: Energy.gov [DOE]

    The Energy Department has partnered with a university-based project performing cutting-edge research to improve the way electric infrastructure is built, increasing the security and reliability of the grid.

  18. Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems

    Energy Savers [EERE]

    U.S. Department of Energy Office of Electricity Delivery and Energy Reliability Enhancing control systems security in the energy sector NSTB September 2006 LESSONS LEARNED FROM CYBER SECURITY ASSESSMENTS OF SCADA AND ENERGY MANAGEMENT SYSTEMS Raymond K. Fink David F. Spencer Rita A. Wells NSTB INL/CON-06-11665 iii ABSTRACT Results from ten cyber security vulnerability assessments of process control, SCADA, and energy management systems, or components of those systems, were reviewed to identify

  19. GAO-06-811 Information Security: Coordination of Federal Cyber Security Research and Development

    Energy Savers [EERE]

    the Chairman, Committee on Government Reform, House of Representatives INFORMATION SECURITY Coordination of Federal Cyber Security Research and Development September 2006 GAO-06-811 What GAO Found United States Government Accountability Office Why GAO Did This Study Highlights Accountability Integrity Reliability September 2006 INFORMATION SECURITY Coordination of Federal Cyber Security Research and Development Highlights of GAO-06-811, a report to Chairman, Committee on Government Reform, House

  20. The Federal Energy Regulatory Commission's Unclassified Cyber Security Program - 2011, OAS-M-12-01

    Energy Savers [EERE]

    Evaluation Report The Federal Energy Regulatory Commission's Unclassified Cyber Security Program - 2011 OAS-M-12-01 November 2011 Department of Energy Washington, DC 20585 November 15, 2011 MEMORANDUM FOR THE CHAIRMAN, FEDERAL ENERGY REGULATORY COMMISSION FROM: Rickey R. Hass Deputy Inspector General for Audits and Inspections Office of Inspector General SUBJECT: INFORMATION: Evaluation Report on "The Federal Energy Regulatory Commission's Unclassified Cyber Security Program - 2011"

  1. The Federal Energy Regulatory Commission's Unclassified Cyber Security Program … 2013

    Energy Savers [EERE]

    Evaluation Report The Federal Energy Regulatory Commission's Unclassified Cyber Security Program - 2013 OAS-M-14-01 October 2013 Department of Energy Washington, DC 20585 October 23, 2013 MEMORANDUM FOR THE EXECUTIVE DIRECTOR, FEDERAL ENERGY REGULATORY COMMISSION FROM: Rickey R. Hass Deputy Inspector General for Audits and Inspections Office of Inspector General SUBJECT: INFORMATION: Evaluation Report on "The Federal Energy Regulatory Commission's Unclassified Cyber Security Program -

  2. Cyber Security Audit and Attack Detection Toolkit: National SCADA Test Bed

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    May 2008 | Department of Energy Audit and Attack Detection Toolkit: National SCADA Test Bed May 2008 Cyber Security Audit and Attack Detection Toolkit: National SCADA Test Bed May 2008 This project of the cyber security audit and attack detection toolkit is adding control system intelligence to widely deployed enterprise vulnerability scanners and security event managers While many energy utilities employ vulnerability scanners and security event managers (SEM) on their enterprise systems,

  3. ABB and Energy Utilities Form Consortium to Fund SCADA/EMS Cyber Security

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Assessment at National SCADA Test Bed | Department of Energy and Energy Utilities Form Consortium to Fund SCADA/EMS Cyber Security Assessment at National SCADA Test Bed ABB and Energy Utilities Form Consortium to Fund SCADA/EMS Cyber Security Assessment at National SCADA Test Bed Twelve utilities have formed a consortium with ABB, a supervisory control and data acquisition (SCADA) system vendor, to privately fund advanced research and testing through the U.S. Department of Energy's (DOE)

  4. Follow-up Audit of the Department's Cyber Security Incident Management Program, IG-0878

    Energy Savers [EERE]

    Follow-up Audit of the Department's Cyber Security Incident Management Program DOE/IG-0878 December 2012 U.S. Department of Energy Office of Inspector General Office of Audits & Inspections Department of Energy Washington, DC 20585 December 11, 2012 MEMORANDUM FOR THE SECRETARY FROM: Gregory H. Friedman Inspector General SUBJECT: INFORMATION: Audit Report on "Follow-up Audit of the Department's Cyber Security Incident Management Program" INTRODUCTION AND OBJECTIVE The Department of

  5. Cyber in the Cloud -- Lessons Learned from INL's Cloud E-Mail Acquisition

    SciTech Connect (OSTI)

    Troy Hiltbrand; Daniel Jones

    2012-12-01

    As we look at the cyber security ecosystem, are we planning to fight the battle as we did yesterday, with firewalls and intrusion detection systems (IDS), or are we sensing a change in how security is evolving and planning accordingly? With the technology enablement and possible financial benefits of cloud computing, the traditional tools for establishing and maintaining our cyber security ecosystems are being dramatically altered.

  6. Cyber-Security Considerations for the Smart Grid

    SciTech Connect (OSTI)

    Clements, Samuel L.; Kirkham, Harold

    2010-07-26

    The electrical power grid is evolving into the “smart grid”. The goal of the smart grid is to improve efficiency and availability of power by adding more monitoring and control capabilities. These new technologies and mechanisms are certain to introduce vulnerabilities into the power grid. In this paper we provide an overview of the cyber security state of the electrical power grid. We highlight some of the vulnerabilities that already exist in the power grid including limited capacity systems, implicit trust and the lack of authentication. We also address challenges of complexity, scale, added capabilities and the move to multipurpose hardware and software as the power grid is upgraded. These changes create vulnerabilities that did not exist before and bring increased risks. We conclude the paper by showing that there are a number mitigation strategies that can help keep the risk at an acceptable level.

  7. Hanford Advisory Board Draft Advice Topic: Transportation Infrastructure Updates Safety Consideration

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Transportation Infrastructure Updates Safety Consideration Authors: Bloom, Korenko & Holland Originating Committee: Health, Safety & Environmental Protection Version #1 Color: __pink_X_yellow__green__salmon__purple__blue Background The Hanford Advisory Board (Board) understands that the U.S. Department of Energy (DOE) is currently focusing on updates to the Hanford Site infrastructure, including water, sewer, data, utilities, roads, and traffic safety. The Board is aware of the effort

  8. AVTA: EVSE Testing - NYSERDA Electric Vehicle Charging Infrastructure...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Testing - NYSERDA Electric Vehicle Charging Infrastructure Reports AVTA: EVSE Testing - NYSERDA Electric Vehicle Charging Infrastructure Reports The Vehicle Technologies Office's ...

  9. Before the House Subcommittee on Emerging Threats, Cyber Security and Science and Technology Committee on Homeland Security

    Broader source: Energy.gov [DOE]

    Before the House Subcommittee on Emerging Threats, Cyber Security and Science and Technology Committee on Homeland SecurityBy: Patricia Hoffman, Acting Assistant Secretary for Electricity Delivery...

  10. Alternative Fuels Data Center: Ethanol Fueling Infrastructure Development

    Alternative Fuels and Advanced Vehicles Data Center [Office of Energy Efficiency and Renewable Energy (EERE)]

    Infrastructure Development to someone by E-mail Share Alternative Fuels Data Center: Ethanol Fueling Infrastructure Development on Facebook Tweet about Alternative Fuels Data Center: Ethanol Fueling Infrastructure Development on Twitter Bookmark Alternative Fuels Data Center: Ethanol Fueling Infrastructure Development on Google Bookmark Alternative Fuels Data Center: Ethanol Fueling Infrastructure Development on Delicious Rank Alternative Fuels Data Center: Ethanol Fueling Infrastructure

  11. Alternative Fuels Data Center: Propane Fueling Infrastructure Development

    Alternative Fuels and Advanced Vehicles Data Center [Office of Energy Efficiency and Renewable Energy (EERE)]

    Infrastructure Development to someone by E-mail Share Alternative Fuels Data Center: Propane Fueling Infrastructure Development on Facebook Tweet about Alternative Fuels Data Center: Propane Fueling Infrastructure Development on Twitter Bookmark Alternative Fuels Data Center: Propane Fueling Infrastructure Development on Google Bookmark Alternative Fuels Data Center: Propane Fueling Infrastructure Development on Delicious Rank Alternative Fuels Data Center: Propane Fueling Infrastructure

  12. DOE Extends Portsmouth Infrastructure Support Services Contract |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy Portsmouth Infrastructure Support Services Contract DOE Extends Portsmouth Infrastructure Support Services Contract July 17, 2015 - 12:00pm Addthis Media Contact Brad Mitzelfelt, 859-219-4035 brad.mitzelfelt@lex.doe.gov LEXINGTON, Ky. - The U.S. Department of Energy (DOE) today announced that it is extending its contract for Infrastructure Support Services at the Portsmouth Gaseous Diffusion Plant site for a period of six months. The contract period for the current

  13. Infrastructure and Logistics | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Research & Development » Wind Manufacturing & Supply Chain » Infrastructure and Logistics Infrastructure and Logistics The United States wind industry is progressing from a period of experimentation and development to a period of wide scale demonstration and actualization, which is leading to advancements in infrastructure. As the wind industry continues to grow, logistical constraints must be identified and resolved in order to prevent bottlenecking in the supply chain and

  14. Resilient Infrastructure Publications | Argonne National Laboratory

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Publications Argonne National Laboratory researchers have published a wide range of resiliency-related reports, papers and articles, some of which are shown below. Analysis of Critical Infrastructure Dependencies and Interdependencies Petit, F., Verner, D., Brannegan, D., Buehring, W., Dickinson, D., Guziel, K., Haffenden, R., Phillips, J., Peerenboom, J., June 2015, Analysis of Critical Infrastructure Dependencies and Interdependencies. An Approach to Critical Infrastructure Resilience Petit,

  15. Lakeside Sustainable Infrastructure Model | Argonne National Laboratory

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Lakeside Sustainable Infrastructure Model Lakeside Sustainable Infrastructure Model Urban developers are increasingly faced with the need to design projects at massive scales, beyond the experience of designers and the capacity of existing tools, such as the 600-acre Chicago Lakeside Development project on Chicago's South Side. Argonne and its partners are developing the Lakeside Sustainable Infrastructure Model (LakeSIM) to integrate city design and planning tools with computational modeling

  16. Infrastructure and Facilities Management | National Nuclear Security

    National Nuclear Security Administration (NNSA)

    Administration Home / content Infrastructure and Facilities Management NNSA restores, rebuilds, and revitalizes the physical infrastructure of the nuclear weapons complex to ensure the vitality and readiness of the NNSA's nuclear security enterprise. Mission execution is built upon management of the Facilities and Infrastructure Recapitalization Program (FIRP) that includes reduction of the maintenance backlog of old facilities, reduction of excess facilities and utility construction. The

  17. Hydrogen, Fuel Cells and Infrastructure Technologies Program...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Program: 2002 Annual Progress Report Hydrogen, Fuel Cells and Infrastructure Technologies Program: 2002 Annual Progress Report The Department of Energy's Hydrogen, Fuel Cells and ...

  18. Hydrogen, Fuel Cells and Infrastructure Technologies Program...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Program FY2003 Merit Review and Peer Evaluation Report Hydrogen, Fuel Cells and Infrastructure Technologies Program FY2003 Merit Review and Peer Evaluation Report This document ...

  19. Policy Option for Hydrogen Vehicles and Infrastructure

    Broader source: Energy.gov [DOE]

    Presentation by Stefan Unnasch at the 2010-2025 Scenario Analysis for Hydrogen Fuel Cell Vehicles and Infrastructure meeting on January 31, 2007.

  20. Offshore Infrastructure Associates Inc | Open Energy Information

    Open Energy Info (EERE)

    search Name: Offshore Infrastructure Associates Inc Region: Puerto Rico Sector: Marine and Hydrokinetic Website: http: This company is listed in the Marine and Hydrokinetic...

  1. Acquasol Infrastructure Limited | Open Energy Information

    Open Energy Info (EERE)

    to: navigation, search Name: Acquasol Infrastructure Limited Place: Adelaide, South Australia, Australia Zip: 5000 Sector: Solar Product: Adelaide based solar thermal project and...

  2. Financing Tribal Energy Infrastructure & Energy Optimization...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Optimization Infrastructure (EOI) Matt Ferguson National Tribal Energy Summit: A Path to ... Credit * Credit Enhancement * Debt Matt Ferguson Washington D.C. Suite 900 607 14th ...

  3. International Symposium For Next Generation Infrastructure

    Broader source: Energy.gov [DOE]

    The International Symposium for Next Generation Infrastructure is designed to support the rapidly expanding international research community seeking to understand the interactions between...

  4. Sustainable Buildings and Infrastructure | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Sustainable Buildings and Infrastructure "A sustainable society is one which satisfies its ... Department of Energy facilities managers have a significant role to play in achieving the ...

  5. Geographically Based Hydrogen Demand and Infrastructure Rollout...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Rollout Scenario Analysis Geographically Based Hydrogen Demand and Infrastructure Rollout Scenario Analysis Presentation by Margo Melendez at the 2010-2025 Scenario Analysis for ...

  6. Center for Infrastructure Research and Innovation (CIRI)

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Solar Energy Wind Energy Water Power Supercritical CO2 Geothermal Natural Gas Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering ...

  7. Alternative Ways of Financing Infrastructure Investment: Potential...

    Open Energy Info (EERE)

    Ways of Financing Infrastructure Investment: Potential for 'Novel' Financing Models Jump to: navigation, search Tool Summary LAUNCH TOOL Name: Alternative Ways of Financing...

  8. EV Everywhere Consumer Acceptance and Charging Infrastructure...

    Broader source: Energy.gov (indexed) [DOE]

    Backsplash for the EV Everywhere Grand Challenge: Consumer Acceptance and Charging Infrastructure Workshop on July 30, 2012 held at the LAX Marriott, Los Angeles, CA...

  9. EV Everywhere ? Consumer Acceptance and Charging Infrastructure...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    - Consumer Acceptance and Charging Infrastructure Workshop David Sandalow Under Secretary of Energy (Acting) Assistant Secretary for Policy and International Affairs U.S....

  10. Consumer Acceptance and Public Policy Charging Infrastructure...

    Broader source: Energy.gov (indexed) [DOE]

    to enable widespread residentialMDU and workplace charging infrastructure * Include use case data collected to date and collect data not available * Work with DOT and planning...

  11. Hydrogen and Infrastructure Costs | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Overview of Hydrogen and Fuel Cells: National Academy of Sciences March 2011 Analysis of a Cluster Strategy for Near Term Hydrogen Infrastructure Rollout in Southern California ...

  12. EV Everywhere Consumer Acceptance and Charging Infrastructure...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Breakout session presentation for the EV Everywhere Grand Challenge: Consumer Acceptance and Charging Infrastructure Workshop on July 30, 2012 held at the LAX Marriott, Los Angeles...

  13. EV Everywhere Consumer Acceptance and Charging Infrastructure...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Presentation given at the EV Everywhere Grand Challenge: Consumer Acceptance and Charging Infrastructure Workshop on July 30, 2012 held at the LAX Marriott, Los Angeles, CA PDF ...

  14. Africa Infrastructure Country Diagnostic Documents: ARCGIS Shape...

    Open Energy Info (EERE)

    ARCGIS Shape File, all Countries Jump to: navigation, search Tool Summary LAUNCH TOOL Name: Africa Infrastructure Country Diagnostic Documents: ARCGIS Shape File, all Countries...

  15. EV Everywhere Consumer Acceptance and Charging Infrastructure...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    and Charging Infrastructure Workshop on July 30, 2012 held at the LAX Marriott, Los Angeles, CA PDF icon groupereportoutcaci.pdf More Documents & Publications EV Everywhere...

  16. EV Everywhere Consumer Acceptance and Charging Infrastructure...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    and Charging Infrastructure Workshop on July 30, 2012 held at the LAX Marriott, Los Angeles, CA PDF icon groupareportoutcaci.pdf More Documents & Publications EV Everywhere...

  17. EV Everywhere Consumer Acceptance and Charging Infrastructure...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    and Charging Infrastructure Workshop on July 30, 2012 held at the LAX Marriott, Los Angeles, CA PDF icon groupdreportoutcaci.pdf More Documents & Publications EV Everywhere...

  18. EV Everywhere Grand Challenge - Charging Infrastructure Enabling...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    EV Everywhere Grand Challenge - Charging Infrastructure Enabling Flexible EV Design Presentation given at the EV Everywhere Grand Challenge: Consumer Acceptance and Charging ...

  19. Wyoming Infrastructure Authority | Open Energy Information

    Open Energy Info (EERE)

    Name: Wyoming Infrastructure Authority Abbreviation: WIA Address: 200 E. 17th Street, Unit B Place: Cheyenne, WY Zip: 82001 Year Founded: 2004 Phone Number: (307) 635-3573...

  20. Natural Gas and Hydrogen Infrastructure Opportunities: Markets...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Opportunities: Markets and Barriers to Growth Natural Gas and Hydrogen Infrastructure Opportunities: Markets and Barriers to Growth Presentation by Matt Most, Encana Natural Gas, ...

  1. Tarini Infrastructure Ltd | Open Energy Information

    Open Energy Info (EERE)

    Place: New Delhi, Delhi (NCT), India Zip: 110024 Sector: Hydro Product: New Delhi-based small hydro project developer. References: Tarini Infrastructure Ltd.1 This article is a...

  2. Hydrogen Infrastructure Market Readiness: Opportunities and Potential...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Recent progress with fuel cell electric vehicles (FCEVs) has focused attention on hydrogen infrastructure as a critical commercialization barrier. With major automakers focused on ...

  3. Green Infrastructure Bonds | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    allowing the Department of Business, Economic Development, and Tourism to issue Green Infrastructure Bonds to secture low-cost financing for clean energy installations,...

  4. Refueling Infrastructure for Alternative Fuel Vehicles: Lessons...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    PDF icon fry.pdf More Documents & Publications HYDROGEN TO THE HIGHWAYS NREL Alt Fuel Lessons Learned: Hydrogen Infrastructure Safety Analysis of Type 4 Tanks in CNG Vehicles

  5. State Experience in Hydrogen Infrastructure in California

    Broader source: Energy.gov [DOE]

    Presentation by Gerhard Achtelik, California Air Resources Board, at the Hydrogen Infrastructure Market Readiness Workshop, February 17, 2011, in Washington, DC.

  6. Refueling Infrastructure for Alternative Fuel Vehicles: Lessons...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    from the DOE sponsored Refueling Infrastructure for Alternative Fuel Vehicles: Lessons Learned for Hydrogen workshop to understand how lessons from past experiences can...

  7. Hydrogen Delivery Infrastructure Analysis, Options and Trade...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Analysis, Options and Trade-offs, Transition and Long-term Hydrogen Delivery Infrastructure Analysis, Options and Trade-offs, Transition and Long-term Presentation on Hydrogen ...

  8. Final Report- Hydrogen Delivery Infrastructure Options Analysis

    Office of Energy Efficiency and Renewable Energy (EERE)

    This report provides in-depth analysis of various hydrogen delivery options to determine the most cost effective infrastructure and R&D efforts for the long term.

  9. Geographically Based Hydrogen Consumer Demand and Infrastructure...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Geographically Based Hydrogen Consumer Demand and Infrastructure Analysis Final Report M. Melendez and A. Milbrandt Technical Report NRELTP-540-40373 October 2006 NREL is operated...

  10. Energy Infrastructure Modeling and Analysis (EIMA) | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Related Links Transmission Reliability Energy Risk Resource Library Creating a Culture of Risk Assessment Analyzing Energy Infrastructure Exposure to Storm Surge and Sea-Level Rise ...

  11. CHP: Enabling Resilient Energy Infrastructure - Presentations...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Enabling Resilient Energy Infrastructure for Critical Facilities - Report, March 2013 CHP: Connecting the Gap between Markets and Utility Interconnection and Tariff Practices, 2006

  12. NREL: Energy Systems Integration Facility - Research Infrastructure

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Infrastructure The foundation of the Energy Systems Integration Facility is its research infrastructure. In addition to extensive fixed equipment, the facility incorporates electrical, thermal, fuels, and data acquisition bus work throughout. These research buses tie individual laboratories together and allow interconnection of equipment between laboratories as well as rapid reconfiguration of systems under test. The Energy Systems Integration Facility offers the following research

  13. Site Support Program Plan Infrastructure Program

    SciTech Connect (OSTI)

    1995-09-26

    The Fiscal Year 1996 Infrastructure Program Site Support Program Plan addresses the mission objectives, workscope, work breakdown structures (WBS), management approach, and resource requirements for the Infrastructure Program. Attached to the plan are appendices that provide more detailed information associated with scope definition. The Hanford Site`s infrastructure has served the Site for nearly 50 years during defense materials production. Now with the challenges of the new environmental cleanup mission, Hanford`s infrastructure must meet current and future mission needs in a constrained budget environment, while complying with more stringent environmental, safety, and health regulations. The infrastructure requires upgrading, streamlining, and enhancement in order to successfully support the site mission of cleaning up the Site, research and development, and economic transition.

  14. Fluxnet Synthesis Dataset Collaboration Infrastructure

    SciTech Connect (OSTI)

    Agarwal, Deborah A.; Humphrey, Marty; van Ingen, Catharine; Beekwilder, Norm; Goode, Monte; Jackson, Keith; Rodriguez, Matt; Weber, Robin

    2008-02-06

    The Fluxnet synthesis dataset originally compiled for the La Thuile workshop contained approximately 600 site years. Since the workshop, several additional site years have been added and the dataset now contains over 920 site years from over 240 sites. A data refresh update is expected to increase those numbers in the next few months. The ancillary data describing the sites continues to evolve as well. There are on the order of 120 site contacts and 60proposals have been approved to use thedata. These proposals involve around 120 researchers. The size and complexity of the dataset and collaboration has led to a new approach to providing access to the data and collaboration support and the support team attended the workshop and worked closely with the attendees and the Fluxnet project office to define the requirements for the support infrastructure. As a result of this effort, a new website (http://www.fluxdata.org) has been created to provide access to the Fluxnet synthesis dataset. This new web site is based on a scientific data server which enables browsing of the data on-line, data download, and version tracking. We leverage database and data analysis tools such as OLAP data cubes and web reports to enable browser and Excel pivot table access to the data.

  15. Assessing the Vulnerability of Large Critical Infrastructure Using Fully-Coupled Blast Effects Modeling

    SciTech Connect (OSTI)

    McMichael, L D; Noble, C R; Margraf, J D; Glascoe, L G

    2009-03-26

    Structural failures, such as the MacArthur Maze I-880 overpass in Oakland, California and the I-35 bridge in Minneapolis, Minnesota, are recent examples of our national infrastructure's fragility and serve as an important reminder of such infrastructure in our everyday lives. These two failures, as well as the World Trade Center's collapse and the levee failures in New Orleans, highlight the national importance of protecting our infrastructure as much as possible against acts of terrorism and natural hazards. This paper describes a process for evaluating the vulnerability of critical infrastructure to large blast loads using a fully-coupled finite element approach. A description of the finite element software and modeling technique is discussed along with the experimental validation of the numerical tools. We discuss how such an approach can be used for specific problems such as modeling the progressive collapse of a building.

  16. 2nd International Hydrogen Infrastructure Challenges Webinar Slides |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy nd International Hydrogen Infrastructure Challenges Webinar Slides 2nd International Hydrogen Infrastructure Challenges Webinar Slides Presentation slides from the Fuel Cell Technologies Office webinar "2nd International Hydrogen Infrastructure Challenges Webinar" held on March 10, 2015. PDF icon 2nd International Hydrogen Infrastructure Challenges Webinar Slides More Documents & Publications International Hydrogen Infrastructure Challenges Workshop Summary

  17. Alternative Fuels Data Center: Hydrogen Fueling Infrastructure Development

    Alternative Fuels and Advanced Vehicles Data Center [Office of Energy Efficiency and Renewable Energy (EERE)]

    Fueling Infrastructure Development to someone by E-mail Share Alternative Fuels Data Center: Hydrogen Fueling Infrastructure Development on Facebook Tweet about Alternative Fuels Data Center: Hydrogen Fueling Infrastructure Development on Twitter Bookmark Alternative Fuels Data Center: Hydrogen Fueling Infrastructure Development on Google Bookmark Alternative Fuels Data Center: Hydrogen Fueling Infrastructure Development on Delicious Rank Alternative Fuels Data Center: Hydrogen Fueling

  18. Cyber-Informed Engineering: The Need for a New Risk Informed and Design Methodology

    SciTech Connect (OSTI)

    Price, Joseph Daniel; Anderson, Robert Stephen

    2015-06-01

    Current engineering and risk management methodologies do not contain the foundational assumptions required to address the intelligent adversary’s capabilities in malevolent cyber attacks. Current methodologies focus on equipment failures or human error as initiating events for a hazard, while cyber attacks use the functionality of a trusted system to perform operations outside of the intended design and without the operator’s knowledge. These threats can by-pass or manipulate traditionally engineered safety barriers and present false information, invalidating the fundamental basis of a safety analysis. Cyber threats must be fundamentally analyzed from a completely new perspective where neither equipment nor human operation can be fully trusted. A new risk analysis and design methodology needs to be developed to address this rapidly evolving threatscape.

  19. Combining Traditional Cyber Security Audit Data with Psychosocial Data: Towards Predictive Modeling for Insider Threat Mitigation

    SciTech Connect (OSTI)

    Greitzer, Frank L.; Frincke, Deborah A.

    2010-09-01

    The purpose of this chapter is to motivate the combination of traditional cyber security audit data with psychosocial data, so as to move from an insider threat detection stance to one that enables prediction of potential insider presence. Two distinctive aspects of the approach are the objective of predicting or anticipating potential risks and the use of organizational data in addition to cyber data to support the analysis. The chapter describes the challenges of this endeavor and progress in defining a usable set of predictive indicators, developing a framework for integrating the analysis of organizational and cyber security data to yield predictions about possible insider exploits, and developing the knowledge base and reasoning capability of the system. We also outline the types of errors that one expects in a predictive system versus a detection system and discuss how those errors can affect the usefulness of the results.

  20. A Probabilistic Framework for Quantifying Mixed Uncertainties in Cyber Attacker Payoffs

    SciTech Connect (OSTI)

    Chatterjee, Samrat; Tipireddy, Ramakrishna; Oster, Matthew R.; Halappanavar, Mahantesh

    2015-12-28

    Quantification and propagation of uncertainties in cyber attacker payoffs is a key aspect within multiplayer, stochastic security games. These payoffs may represent penalties or rewards associated with player actions and are subject to various sources of uncertainty, including: (1) cyber-system state, (2) attacker type, (3) choice of player actions, and (4) cyber-system state transitions over time. Past research has primarily focused on representing defender beliefs about attacker payoffs as point utility estimates. More recently, within the physical security domain, attacker payoff uncertainties have been represented as Uniform and Gaussian probability distributions, and mathematical intervals. For cyber-systems, probability distributions may help address statistical (aleatory) uncertainties where the defender may assume inherent variability or randomness in the factors contributing to the attacker payoffs. However, systematic (epistemic) uncertainties may exist, where the defender may not have sufficient knowledge or there is insufficient information about the attackers payoff generation mechanism. Such epistemic uncertainties are more suitably represented as generalizations of probability boxes. This paper explores the mathematical treatment of such mixed payoff uncertainties. A conditional probabilistic reasoning approach is adopted to organize the dependencies between a cyber-systems state, attacker type, player actions, and state transitions. This also enables the application of probabilistic theories to propagate various uncertainties in the attacker payoffs. An example implementation of this probabilistic framework and resulting attacker payoff distributions are discussed. A goal of this paper is also to highlight this uncertainty quantification problem space to the cyber security research community and encourage further advancements in this area.

  1. PSERC Webinar Series: Issues in Designing the Future Grid - Cyber-Physical

    Energy Savers [EERE]

    Systems Security for the Smart Grid - February 7, 2012 | Department of Energy Cyber-Physical Systems Security for the Smart Grid - February 7, 2012 PSERC Webinar Series: Issues in Designing the Future Grid - Cyber-Physical Systems Security for the Smart Grid - February 7, 2012 PSERC is offering a free, public webinar series from January to May 2012 entitled "Issues in Designing the Future Grid," focusing on the information hierarchy for the future grid and grid enablers of

  2. Transforming the U.S. Energy Infrastructure

    SciTech Connect (OSTI)

    Larry Demick

    2010-07-01

    The U.S. energy infrastructure is among the most reliable, accessible and economic in the world. On the other hand, the U.S. energy infrastructure is excessively reliant on foreign sources of energy, experiences high volatility in energy prices, does not practice good stewardship of finite indigenous energy resources and emits significant quantities of greenhouse gases (GHG). This report presents a Technology Based Strategy to achieve a full transformation of the U.S. energy infrastructure that corrects these negative factors while retaining the positives.

  3. Geographically-Based Infrastructure Analysis for California

    Broader source: Energy.gov [DOE]

    Presentation by Joan Ogden of the University of California at the 2010 - 2025 Scenario Analysis for Hydrogen Fuel Cell Vehicles and Infrastructure Meeting on August 9 - 10, 2006 in Washington, D.C.

  4. Infrastructure Institutional Change Principle | Department of...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    IBM used the infrastructure behavior change principle to adjust its operational and ... Top-of-the-line meters offered vital data on how and when facilities use energy. This ...

  5. Costs Associated With Propane Vehicle Fueling Infrastructure

    SciTech Connect (OSTI)

    Smith, M.; Gonzales, J.

    2014-08-05

    This document is designed to help fleets understand the cost factors associated with propane vehicle fueling infrastructure. It provides an overview of the equipment and processes necessary to develop a propane fueling station and offers estimated cost ranges.

  6. Hydrogen Infrastructure Market Readiness Workshop: Preliminary Results

    Broader source: Energy.gov [DOE]

    Preliminary results from the Hydrogen Infrastructure Market Readiness Workshop held February 16-17, 2011. This presentation was disseminated to workshop attendees to convey the aggregate and "raw" feedback collected during the workshop.

  7. Hydrogen Infrastructure Market Readiness Workshop Agenda

    Broader source: Energy.gov [DOE]

    Agenda from the Hydrogen Infrastructure Market Readiness Workshop, hosted by the U.S. Department of Energy's National Renewable Energy Laboratory, February 16-17, 2011, in Washington, DC.

  8. Costs Associated With Propane Vehicle Fueling Infrastructure

    SciTech Connect (OSTI)

    Smith, M.; Gonzales, J.

    2014-08-01

    This document is designed to help fleets understand the cost factors associated with propane vehicle fueling infrastructure. It provides an overview of the equipment and processes necessary to develop a propane fueling station and offers estimated cost ranges.

  9. Agenda: Energy Infrastructure Finance | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    Sullivan, CEODirector of Investments, Grand River Dam Authority * Humayun Tai, Director, McKinsey Company * Steven J. Zucchet, SVP, Borealis Infrastructure 12:00 p.m. - 1:00 p.m. ...

  10. Enforcement Letter, Parsons Infrastructure & Technology Group...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    to Parsons Infrastructure & Technology Group, Inc., related to a Form Wood Timber Fire at the Salt Waste Processing Facility at the Savannah River Site On July 13, 2009, the...

  11. Geographically Based Hydrogen Demand and Infrastructure Analysis

    Broader source: Energy.gov [DOE]

    Presentation by NREL's Margo Melendez at the 2010 - 2025 Scenario Analysis for Hydrogen Fuel Cell Vehicles and Infrastructure Meeting on August 9 - 10, 2006 in Washington, D.C.

  12. Fuzzy architecture assessment for critical infrastructure resilience

    SciTech Connect (OSTI)

    Muller, George

    2012-12-01

    This paper presents an approach for the selection of alternative architectures in a connected infrastructure system to increase resilience of the overall infrastructure system. The paper begins with a description of resilience and critical infrastructure, then summarizes existing approaches to resilience, and presents a fuzzy-rule based method of selecting among alternative infrastructure architectures. This methodology includes considerations which are most important when deciding on an approach to resilience. The paper concludes with a proposed approach which builds on existing resilience architecting methods by integrating key system aspects using fuzzy memberships and fuzzy rule sets. This novel approach aids the systems architect in considering resilience for the evaluation of architectures for adoption into the final system architecture.

  13. 2011 Biomass Program Platform Peer Review. Infrastructure

    SciTech Connect (OSTI)

    Lindauer, Alicia

    2012-02-01

    This document summarizes the recommendations and evaluations provided by an independent external panel of experts at the 2011 U.S. Department of Energy Biomass Programs Infrastructure Platform Review meeting.

  14. Safety, Security & Resilience of Energy Infrastructure

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Safety, Security & Resilience of Energy Infrastructure - Sandia Energy Energy Search Icon Sandia Home Locations Contact Us Employee Locator Energy & Climate Secure & Sustainable Energy Future Stationary Power Energy Conversion Efficiency Solar Energy Wind Energy Water Power Supercritical CO2 Geothermal Natural Gas Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering Grid Modernization Battery Testing Nuclear Fuel Cycle Defense

  15. Cascading of fluctuations in interdependent energy infrastructures:

    Office of Scientific and Technical Information (OSTI)

    Gas-grid coupling (Journal Article) | SciTech Connect Journal Article: Cascading of fluctuations in interdependent energy infrastructures: Gas-grid coupling Citation Details In-Document Search This content will become publicly available on November 1, 2017 Title: Cascading of fluctuations in interdependent energy infrastructures: Gas-grid coupling Authors: Chertkov, Michael ; Backhaus, Scott ; Lebedev, Vladimir Publication Date: 2015-12-01 OSTI Identifier: 1250052 Grant/Contract Number:

  16. IPHE Infrastructure Workshop | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    IPHE Infrastructure Workshop IPHE Infrastructure Workshop This interactive workshop, held February 25-26, 2010, in Sacramento, CA, focused on realistic, practical issues with the aim of producing information to help develop policies, technologies, and incentives that will contribute to the success of hydrogen fuel retailers. Organizers of the workshop include IPHE (International Partnership for Hydrogen and Fuel Cells in the Economy), the U.S. Department of Energy, California Fuel Cell

  17. A communication infrastructure for South Western Electricity

    SciTech Connect (OSTI)

    Newbury, J.

    1996-07-01

    In response to deregulation, many UK Regional Electricity Companies (RECs) are currently considering redesigning their communication infrastructure to meet this and other business requirements. This paper presents a proposed communication infrastructure for South Western Electricity plc. The Company services a wide variety of customers in the South West of England. The supporting technology, REC and customer benefits, together with valued added services (VAS) will be addressed.

  18. H2A Hydrogen Delivery Infrastructure Analysis Models and Conventional...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    A Hydrogen Delivery Infrastructure Analysis Models and Conventional Pathway Options Analysis Results - Interim Report H2A Hydrogen Delivery Infrastructure Analysis Models and ...

  19. DOE Hydrogen and Fuel Cell Overview: 2011 Hydrogen Infrastructure...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    and Fuel Cell Overview: 2011 Hydrogen Infrastructure Market Readiness Workshop DOE Hydrogen and Fuel Cell Overview: 2011 Hydrogen Infrastructure Market Readiness Workshop ...

  20. Growth of the NGV Market: Lessons Learned Roadmap for Infrastructure...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Growth of the NGV Market: Lessons Learned Roadmap for Infrastructure Development Growth of the NGV Market: Lessons Learned Roadmap for Infrastructure Development Presented at ...

  1. Evalutation of Natural Gas Pipeline Materials and Infrastructure...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Evalutation of Natural Gas Pipeline Materials and Infrastructure for HydrogenMixed Gas Service Evalutation of Natural Gas Pipeline Materials and Infrastructure for HydrogenMixed ...

  2. SLT Power Infrastructure Projects Pvt Ltd | Open Energy Information

    Open Energy Info (EERE)

    SLT Power Infrastructure Projects Pvt Ltd Jump to: navigation, search Name: SLT Power & Infrastructure Projects Pvt Ltd. Place: Hyderabad, Andhra Pradesh, India Zip: 500044 Sector:...

  3. "Insurance as a Risk Management Instrument for Energy Infrastructure...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Infrastructure Security and Resilience" Report (March 2013) "Insurance as a Risk Management Instrument for Energy Infrastructure Security and Resilience" Report (March 2013) The ...

  4. Year-in-Review: 2012 Energy Infrastructure Events and Expansions...

    Energy Savers [EERE]

    2 Energy Infrastructure Events and Expansions (July 2013) Year-in-Review: 2012 Energy Infrastructure Events and Expansions (July 2013) The Year-in-Review (YIR): 2012 Energy...

  5. FY 2003 Progress Report for Hydrogen, Fuel Cells and Infrastructure...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    FY 2003 Progress Report for Hydrogen, Fuel Cells and Infrastructure Technologies Program FY 2003 Progress Report for Hydrogen, Fuel Cells and Infrastructure Technologies Program ...

  6. 2011 Annual Planning Summary for NNSA, Infrastructure and Environment...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    NNSA, Infrastructure and Environment (NA-50) 2011 Annual Planning Summary for NNSA, Infrastructure and Environment (NA-50) The ongoing and projected Environmental Assessments and ...

  7. Analysis of a Cluster Strategy for Near Term Hydrogen Infrastructure...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    a Cluster Strategy for Near Term Hydrogen Infrastructure Rollout in Southern California Analysis of a Cluster Strategy for Near Term Hydrogen Infrastructure Rollout in Southern ...

  8. Lessons and Challenges for Early Hydrogen Refueling Infrastructure...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Infrastructure Presented at Refueling Infrastructure for Alternative Fuel Vehicles: Lessons Learned for Hydrogen Conference, April 2-3, 2008, Sacramento, California PDF icon...

  9. Impacts of IPv6 on Infrastructure Control Systems | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    IPv6 on Infrastructure Control Systems Impacts of IPv6 on Infrastructure Control Systems This document presents information on the impacts of adopting Internet Protocol version 6 ...

  10. Clean Energy Infrastructure Educational Initiative

    SciTech Connect (OSTI)

    Hallinan, Kevin; Menart, James; Gilbert, Robert

    2012-08-31

    The Clean Energy Infrastructure Educational Initiative represents a collaborative effort by the University of Dayton, Wright State University and Sinclair Community College. This effort above all aimed to establish energy related programs at each of the universities while also providing outreach to the local, state-wide, and national communities. At the University of Dayton, the grant has aimed at: solidfying a newly created Master’s program in Renewable and Clean Energy; helping to establish and staff a regional sustainability organization for SW Ohio. As well, as the prime grantee, the University of Dayton was responsible for insuring curricular sharing between WSU and the University of Dayton. Finally, the grant, through its support of graduate students, and through cooperation with the largest utilities in SW Ohio enabled a region-wide evaluation of over 10,000 commercial building buildings in order to identify the priority buildings in the region for energy reduction. In each, the grant has achieved success. The main focus of Wright State was to continue the development of graduate education in renewable and clean energy. Wright State has done this in a number of ways. First and foremost this was done by continuing the development of the new Renewable and Clean Energy Master’s Degree program at Wright State . Development tasks included: continuing development of courses for the Renewable and Clean Energy Master’s Degree, increasing the student enrollment, and increasing renewable and clean energy research work. The grant has enabled development and/or improvement of 7 courses. Collectively, the University of Dayton and WSU offer perhaps the most comprehensive list of courses in the renewable and clean energy area in the country. Because of this development, enrollment at WSU has increased from 4 students to 23. Secondly, the grant has helped to support student research aimed in the renewable and clean energy program. The grant helped to solidify new research in the renewable and clean energy area. The educational outreach provided as a result of the grant included activities to introduce renewable and clean energy design projects into the Mechanical and Materials Engineering senior design class, the development of a geothermal energy demonstration unit, and the development of renewable energy learning modules for high school students. Finally, this grant supported curriculum development by Sinclair Community College for seven new courses and acquisition of necessary related instrumentation and laboratory equipment. These new courses, EGV 1201 Weatherization Training, EGV 1251 Introduction to Energy Management Principles, EGV 2301 Commercial and Industrial Assessment, EGV 2351 LEED Green Associate Exam Preparation, EGV 2251 Energy Control Strategies, EGV Solar Photovoltaic Design and Installation, and EGV Solar Thermal Systems, enable Sinclair to offer complete Energy Technology Certificate and an Energy Management Degree programs. To date, 151 students have completed or are currently registered in one of the seven courses developed through this grant. With the increasing interest in the Energy Management Degree program, Sinclair has begun the procedure to have the program approved by the Ohio Board of Regents.

  11. EV Everywhere Consumer Acceptance and Charging Infrastructure Workshop: Charging Infrastructure Group E Breakout Report

    Broader source: Energy.gov [DOE]

    Breakout session presentation for the EV Everywhere Grand Challenge: Consumer Acceptance and Charging Infrastructure Workshop on July 30, 2012 held at the LAX Marriott, Los Angeles, CA

  12. Perspective: The Climate-Population-Infrastructure Modeling and Simulation Fertile Area for New Research

    SciTech Connect (OSTI)

    Allen, Melissa R; Fernandez, Steven J; Walker, Kimberly A; Fu, Joshua S

    2014-01-01

    Managing the risks posed by climate change and extreme weather to energy production and delivery is a challenge to communities worldwide. As climate conditions change, populations will shift, and demand will re-locate; and networked infrastructures will evolve to accommodate new load centers, and, hopefully, minimize vulnerability to natural disaster. Climate effects such as sea level rise, increased frequency and intensity of natural disasters, force populations to move locations. Displaced population creates new demand for built infrastructure that in turn generates new economic activity that attracts new workers and associated households to the new locations. Infrastructures and their interdependencies will change in reaction to climate drivers as the networks expand into new population areas and as portions of the networks are abandoned as people leave. Thus, infrastructures will evolve to accommodate new load centers while some parts of the network are underused, and these changes will create emerging vulnerabilities. Forecasting the location of these vulnerabilities by combining climate predictions and agent based population movement models shows promise for defining these future population distributions and changes in coastal infrastructure configurations. By combining climate and weather data, engineering algorithms and social theory it has been only recently possible to examine electricity demand response to increased climactic temperatures, population relocation in response to extreme cyclonic events, consequent net population changes and new regional patterns in electricity demand. These emerging results suggest a research agenda of coupling these disparate modelling approaches to understand the implications of climate change for protecting the nation s critical infrastructure.

  13. Rocky Mountain Electrical League (RMEL) Physical and Cyber Security...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Administrations, led by the Western Area Power Marketing Administration, to develop a fiscally responsible and effective protection strategy for physical attacks on the grid. ...

  14. Approaches for scalable modeling and emulation of cyber systems : LDRD final report.

    SciTech Connect (OSTI)

    Mayo, Jackson R.; Minnich, Ronald G.; Armstrong, Robert C.; Rudish, Don W.

    2009-09-01

    The goal of this research was to combine theoretical and computational approaches to better understand the potential emergent behaviors of large-scale cyber systems, such as networks of {approx} 10{sup 6} computers. The scale and sophistication of modern computer software, hardware, and deployed networked systems have significantly exceeded the computational research community's ability to understand, model, and predict current and future behaviors. This predictive understanding, however, is critical to the development of new approaches for proactively designing new systems or enhancing existing systems with robustness to current and future cyber threats, including distributed malware such as botnets. We have developed preliminary theoretical and modeling capabilities that can ultimately answer questions such as: How would we reboot the Internet if it were taken down? Can we change network protocols to make them more secure without disrupting existing Internet connectivity and traffic flow? We have begun to address these issues by developing new capabilities for understanding and modeling Internet systems at scale. Specifically, we have addressed the need for scalable network simulation by carrying out emulations of a network with {approx} 10{sup 6} virtualized operating system instances on a high-performance computing cluster - a 'virtual Internet'. We have also explored mappings between previously studied emergent behaviors of complex systems and their potential cyber counterparts. Our results provide foundational capabilities for further research toward understanding the effects of complexity in cyber systems, to allow anticipating and thwarting hackers.

  15. Addressing the Challenges of Anomaly Detection for Cyber Physical Energy Grid Systems

    SciTech Connect (OSTI)

    Ferragut, Erik M; Laska, Jason A; Melin, Alexander M; Czejdo, Bogdan

    2013-01-01

    The consolidation of cyber communications networks and physical control systems within the energy smart grid introduces a number of new risks. Unfortunately, these risks are largely unknown and poorly understood, yet include very high impact losses from attack and component failures. One important aspect of risk management is the detection of anomalies and changes. However, anomaly detection within cyber security remains a difficult, open problem, with special challenges in dealing with false alert rates and heterogeneous data. Furthermore, the integration of cyber and physical dynamics is often intractable. And, because of their broad scope, energy grid cyber-physical systems must be analyzed at multiple scales, from individual components, up to network level dynamics. We describe an improved approach to anomaly detection that combines three important aspects. First, system dynamics are modeled using a reduced order model for greater computational tractability. Second, a probabilistic and principled approach to anomaly detection is adopted that allows for regulation of false alerts and comparison of anomalies across heterogeneous data sources. Third, a hierarchy of aggregations are constructed to support interactive and automated analyses of anomalies at multiple scales.

  16. Improving Cyber-Security of Smart Grid Systems via Anomaly Detection and Linguistic Domain Knowledge

    SciTech Connect (OSTI)

    Ondrej Linda; Todd Vollmer; Milos Manic

    2012-08-01

    The planned large scale deployment of smart grid network devices will generate a large amount of information exchanged over various types of communication networks. The implementation of these critical systems will require appropriate cyber-security measures. A network anomaly detection solution is considered in this work. In common network architectures multiple communications streams are simultaneously present, making it difficult to build an anomaly detection solution for the entire system. In addition, common anomaly detection algorithms require specification of a sensitivity threshold, which inevitably leads to a tradeoff between false positives and false negatives rates. In order to alleviate these issues, this paper proposes a novel anomaly detection architecture. The designed system applies the previously developed network security cyber-sensor method to individual selected communication streams allowing for learning accurate normal network behavior models. Furthermore, the developed system dynamically adjusts the sensitivity threshold of each anomaly detection algorithm based on domain knowledge about the specific network system. It is proposed to model this domain knowledge using Interval Type-2 Fuzzy Logic rules, which linguistically describe the relationship between various features of the network communication and the possibility of a cyber attack. The proposed method was tested on experimental smart grid system demonstrating enhanced cyber-security.

  17. Critical Infrastructure for Ocean Research and Societal Needs in 2030

    SciTech Connect (OSTI)

    National Research Council

    2011-04-22

    The United States has jurisdiction over 3.4 million square miles of ocean—an expanse greater than the land area of all fifty states combined. This vast marine area offers researchers opportunities to investigate the ocean’s role in an integrated Earth system, but also presents challenges to society, including damaging tsunamis and hurricanes, industrial accidents, and outbreaks of waterborne diseases. The 2010 Gulf of Mexico Deepwater Horizon oil spill and 2011 Japanese earthquake and tsunami are vivid reminders that a broad range of infrastructure is needed to advance our still-incomplete understanding of the ocean. The National Research Council (NRC)’s Ocean Studies Board was asked by the National Science and Technology Council’s Subcommittee on Ocean Science and Technology, comprised of 25 U.S. government agencies, to examine infrastructure needs for ocean research in the year 2030. This request reflects concern, among a myriad of marine issues, over the present state of aging and obsolete infrastructure, insufficient capacity, growing technological gaps, and declining national leadership in marine technological development; issues brought to the nation’s attention in 2004 by the U.S. Commission on Ocean Policy. A 15-member committee of experts identified four themes that encompass 32 future ocean research questions–enabling stewardship of the environment, protecting life and property, promoting economic vitality, and increasing fundamental scientific understanding. Many of the questions in the report (e.g., sea level rise, sustainable fisheries, the global water cycle) reflect challenging, multidisciplinary science questions that are clearly relevant today, and are likely to take decades of effort to solve. As such, U.S. ocean research will require a growing suite of ocean infrastructure for a range of activities, such as high quality, sustained time series observations or autonomous monitoring at a broad range of spatial and temporal scales. Consequently, a coordinated national plan for making future strategic investments becomes an imperative to address societal needs. Such a plan should be based upon known priorities and should be reviewed every 5-10 years to optimize the federal investment. The committee examined the past 20 years of technological advances and ocean infrastructure investments (such as the rise in use of self-propelled, uncrewed, underwater autonomous vehicles), assessed infrastructure that would be required to address future ocean research questions, and characterized ocean infrastructure trends for 2030. One conclusion was that ships will continue to be essential, especially because they provide a platform for enabling other infrastructure – autonomous and remotely operated vehicles; samplers and sensors; moorings and cabled systems; and perhaps most importantly, the human assets of scientists, technical staff, and students. A comprehensive, long-term research fleet plan should be implemented in order to retain access to the sea. The current report also calls for continuing U.S. capability to access fully and partially ice-covered seas; supporting innovation, particularly the development of biogeochemical sensors; enhancing computing and modeling capacity and capability; establishing broadly accessible data management facilities; and increasing interdisciplinary education and promoting a technically-skilled workforce. The committee also provided a framework for prioritizing future investment in ocean infrastructure. They recommend that development, maintenance, or replacement of ocean research infrastructure assets should be prioritized in terms of societal benefit, with particular consideration given to usefulness for addressing important science questions; affordability, efficiency, and longevity; and ability to contribute to other missions or applications. These criteria are the foundation for prioritizing ocean research infrastructure investments by estimating the economic costs and benefits of each potential infrastructure investment, and funding those investments that collectively produce the largest expected net benefit over time. While this type of process is clearly subject to budget constraints, it could quantify the often informal evaluation of linkages between infrastructure, ocean research, the value of information produced, societal objectives, and economic benefits. Addressing the numerous complex science questions facing the entire ocean research enterprise in 2030–from government to academia, industry to nonprofits, local to global scale–represents a major challenge, requiring collaboration across the breadth of the ocean sciences community and nearly seamless coordination between ocean-related federal agencies.

  18. ReSS: Resource Selection Service for National and Campus Grid Infrastructure

    SciTech Connect (OSTI)

    Mhashilkar, Parag; Garzoglio, Gabriele; Levshina, Tanya; Timm, Steve; /Fermilab

    2009-05-01

    The Open Science Grid (OSG) offers access to around hundred Compute elements (CE) and storage elements (SE) via standard Grid interfaces. The Resource Selection Service (ReSS) is a push-based workload management system that is integrated with the OSG information systems and resources. ReSS integrates standard Grid tools such as Condor, as a brokering service and the gLite CEMon, for gathering and publishing resource information in GLUE Schema format. ReSS is used in OSG by Virtual Organizations (VO) such as Dark Energy Survey (DES), DZero and Engagement VO. ReSS is also used as a Resource Selection Service for Campus Grids, such as FermiGrid. VOs use ReSS to automate the resource selection in their workload management system to run jobs over the grid. In the past year, the system has been enhanced to enable publication and selection of storage resources and of any special software or software libraries (like MPI libraries) installed at computing resources. In this paper, we discuss the Resource Selection Service, its typical usage on the two scales of a National Cyber Infrastructure Grid, such as OSG, and of a campus Grid, such as FermiGrid.

  19. Final Report on National NGV Infrastructure

    SciTech Connect (OSTI)

    GM Sverdrup; JG DeSteese; ND Malcosky

    1999-01-07

    This report summarizes work fimded jointly by the U.S. Department of Energy (DOE) and by the Gas Research Institute (GRI) to (1) identi& barriers to establishing sustainable natural gas vehicle (NGV) infrastructure and (2) develop planning information that can help to promote a NGV infrastructure with self-sustaining critical maw. The need for this work is driven by the realization that demand for NGVS has not yet developed to a level that provides sufficient incentives for investment by the commercial sector in all necessary elements of a supportive infrastructure. The two major objectives of this project were: (1) to identifi and prioritize the technical barriers that may be impeding growth of a national NGV infrastructure and (2) to develop input that can assist industry in overcoming these barriers. The approach used in this project incorporated and built upon the accumulated insights of the NGV industry. The project was conducted in three basic phases: (1) review of the current situation, (2) prioritization of technical infrastructure btiiers, and (3) development of plans to overcome key barriers. An extensive and diverse list of barriers was obtained from direct meetings and telephone conferences with sixteen industry NGV leaders and seven Clean Cities/Clean Corridors coordinators. This information is filly documented in the appendix. A distillation of insights gained in the interview process suggests that persistent barriers to developing an NGV market and supporting infrastructure can be grouped into four major categories: 1. Fuel station economics 2. Value of NGVs from the owner/operator perspective 3. Cooperation necessary for critical mass 4. Commitment by investors. A principal conclusion is that an efficient and effective approach for overcoming technical barriers to developing an NGV infrastructure can be provided by building upon and consolidating the relevant efforts of the NGV industry and government. The major recommendation of this project is the establishment of an ad hoc NGV Infrastructure Working Group (NGV-I WG) to address the most critical technical barriers to NGV infrastructure development. This recommendation has been considered and approved by both the DOE and GRI and is the basis of continued collaboration in this area.

  20. Hydrogen Vehicle and Infrastructure Codes and Standards Citations

    Broader source: Energy.gov [DOE]

    This document lists codes and standards typically used for US hydrogen vehicle and infrastructure projects.

  1. NEUP Project Selections_September212011_IRP and Infrastructure Improvements

    Broader source: Energy.gov [DOE]

    Projects selections for NEUP 2011 under Integrated Research Projects and University Research Infrastructure Improvements.

  2. NA 50 - Associate Administrator for Safety, Infrastructure and Operations

    National Nuclear Security Administration (NNSA)

    | National Nuclear Security Administration 50 - Associate Administrator for Safety, Infrastructure and Operations FY15

  3. EV Everywhere Consumer Acceptance and Charging Infrastructure Workshop:

    Broader source: Energy.gov (indexed) [DOE]

    Charging Infrastructure Group D Breakout Report | Department of Energy d_report_out_caci.pdf More Documents & Publications EV Everywhere Consumer Acceptance and Charging Infrastructure Workshop: Charging Infrastructure Group E Breakout Report EV Everywhere Consumer Acceptance and Charging Infrastructure Workshop: Consumer Acceptance and Public Policy Group C Breakout Report EV Everywhere Consumer Acceptance Workshop: Breakout Group B Report Out

  4. Presidential Proclamation: Critical Infrastructure Security and Resilience Month, 2013

    Broader source: Energy.gov [DOE]

    A proclamation from President Barack Obama declaring November 2013 Critical Infrastructure Security and Resilience Month.

  5. Enhancing Energy Infrastructure Resiliency and Addressing Vulnerabilities

    Broader source: Energy.gov [DOE]

    Quadrennial Energy Review Task Force Secretariat and Energy Policy and Systems Analysis Staff, U. S. Department of Energy (DOE) Public Meeting on “Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities” On Friday, April 11, 2014, at 10 a.m. in room HVC-215 of the U.S. Capitol, the Department of Energy (DOE), acting as the Secretariat for the Quadrennial Energy Review Task Force, will hold a public meeting to discuss and receive comments on issues related to the Quadrennial Energy Review (QER). The meeting will focus on infrastructure vulnerabilities related to the electricity, natural gas and petroleum transmission, storage and distribution systems (TS&D). The meeting will consist of two facilitated panels of experts on identifying and addressing vulnerabilities within the nation’s energy TS&D infrastructure. Following the panels, an opportunity will be provided for public comment via an open microphone session. The meeting will be livestreamed at energy.gov/live

  6. Securing Infrastructure from High Explosive Threats

    SciTech Connect (OSTI)

    Glascoe, L; Noble, C; Reynolds, J; Kuhl, A; Morris, J

    2009-03-20

    Lawrence Livermore National Laboratory (LLNL) is working with the Department of Homeland Security's Science and Technology Directorate, the Transportation Security Administration, and several infrastructure partners to characterize and help mitigate principal structural vulnerabilities to explosive threats. Given the importance of infrastructure to the nation's security and economy, there is a clear need for applied research and analyses (1) to improve understanding of the vulnerabilities of these systems to explosive threats and (2) to provide decision makers with time-critical technical assistance concerning countermeasure and mitigation options. Fully-coupled high performance calculations of structural response to ideal and non-ideal explosives help bound and quantify specific critical vulnerabilities, and help identify possible corrective schemes. Experimental validation of modeling approaches and methodologies builds confidence in the prediction, while advanced stochastic techniques allow for optimal use of scarce computational resources to efficiently provide infrastructure owners and decision makers with timely analyses.

  7. United States Fuel Resiliency: US Fuels Supply Infrastructure | Department

    Energy Savers [EERE]

    of Energy United States Fuel Resiliency: US Fuels Supply Infrastructure United States Fuel Resiliency: US Fuels Supply Infrastructure Report: United States Fuel Resiliency - U.S. Fuels Supply Infrastructure Study: (1) Infrastructure Characterization; (II) Vulnerability to Natural and Physical Threats; and (III) Vulnerability and Resilience This report assesses the U.S. fuels supply transportation, storage, and distribution (TS&D) infrastructure, its vulnerabilities (natural and physical

  8. Alternative Fuels Data Center: California Ramps Up Biofuels Infrastructure

    Alternative Fuels and Advanced Vehicles Data Center [Office of Energy Efficiency and Renewable Energy (EERE)]

    California Ramps Up Biofuels Infrastructure to someone by E-mail Share Alternative Fuels Data Center: California Ramps Up Biofuels Infrastructure on Facebook Tweet about Alternative Fuels Data Center: California Ramps Up Biofuels Infrastructure on Twitter Bookmark Alternative Fuels Data Center: California Ramps Up Biofuels Infrastructure on Google Bookmark Alternative Fuels Data Center: California Ramps Up Biofuels Infrastructure on Delicious Rank Alternative Fuels Data Center: California Ramps

  9. Alternative Fuels Data Center: Natural Gas Fueling Infrastructure

    Alternative Fuels and Advanced Vehicles Data Center [Office of Energy Efficiency and Renewable Energy (EERE)]

    Development Infrastructure Development to someone by E-mail Share Alternative Fuels Data Center: Natural Gas Fueling Infrastructure Development on Facebook Tweet about Alternative Fuels Data Center: Natural Gas Fueling Infrastructure Development on Twitter Bookmark Alternative Fuels Data Center: Natural Gas Fueling Infrastructure Development on Google Bookmark Alternative Fuels Data Center: Natural Gas Fueling Infrastructure Development on Delicious Rank Alternative Fuels Data Center:

  10. Energy Department Authorizes Cameron LNG and Carib Energy to Export

    Broader source: Energy.gov (indexed) [DOE]

    Protect the Nation's Critical Infrastructure from Cyber Attack | Department of Energy WASHINGTON - Energy Secretary Ernest Moniz today announced awards totaling approximately $30 million for the development of new tools and technologies to strengthen protection of the nation's electric grid and oil and gas infrastructure from cyber attack. With support from the Energy Department, energy sector organizations in California, Georgia, New Jersey, North Carolina, Tennessee, Virginia, and

  11. Hydrogen Infrastructure Transition Analysis: Milestone Report

    Alternative Fuels and Advanced Vehicles Data Center [Office of Energy Efficiency and Renewable Energy (EERE)]

    Hydrogen Infrastructure Transition Analysis M. Melendez and A. Milbrandt Milestone Report NREL/TP-540-38351 January 2006 Hydrogen Infrastructure Transition Analysis M. Melendez and A. Milbrandt Prepared under Task No. HY55.2200 Milestone Report NREL/TP-540-38351 January 2006 National Renewable Energy Laboratory 1617 Cole Boulevard, Golden, Colorado 80401-3393 303-275-3000 * www.nrel.gov Operated for the U.S. Department of Energy Office of Energy Efficiency and Renewable Energy by Midwest

  12. Lessons Learned from Cyber Security Assessments of SCADA and...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    ... virus scanners or the process of performing a scan may have the effect of a denial of service on most control system networks. Some vendors supply tested virus protection ...

  13. Innovation that Improves Safety, Efficiency of Energy Plant Operations Nets

    Energy Savers [EERE]

    Innovating to Meet the Evolving Cyber Challenge Innovating to Meet the Evolving Cyber Challenge September 19, 2013 - 12:02pm Addthis Innovating to Meet the Evolving Cyber Challenge Patricia A. Hoffman Patricia A. Hoffman Assistant Secretary, Office of Electricity Delivery & Energy Reliability What are the key facts? Protecting critical energy infrastructure -- which makes reliable electricity transmission and robust national security possible -- is a top priority for the Energy Department.

  14. 2nd International Hydrogen Infrastructure Challenges Webinar

    Broader source: Energy.gov [DOE]

    On Tuesday, March 10, at 8 a.m. EDT, the Fuel Cell Technologies Office will present a webinar to summarize the 2nd international information exchange on the hydrogen refueling infrastructure challenges and potential solutions to support the successful global commercialization of hydrogen fuel cell electric vehicles.

  15. Controlled Hydrogen Fleet and Infrastructure Analysis (Presentation)

    SciTech Connect (OSTI)

    Wipke, K.; Sprik, S.; Kurtz, J.; Ramsden, T.; Ainscough, C.; Saur, G.

    2012-05-01

    This is a presentation about the Fuel Cell Electric Vehicle Learning Demo, a 7-year project and the largest single FCEV and infrastructure demonstration in the world to date. Information such as its approach, technical accomplishments and progress; collaborations and future work are discussed.

  16. QER- Comment of Wyoming Infrastructure Authority

    Broader source: Energy.gov [DOE]

    Office of Energy Policy and Systems Analysis: Please accept the attached letter of comments pursuant to the above referenced meeting. I have also mailed the letter. We appreciate the scheduling of the meeting in Cheyenne and the opportunity to provide comments on permitting and siting of infrastructure on public lands. Regards,

  17. Infrastructure Constraints in New England Background Memo

    Broader source: Energy.gov [DOE]

    On Monday, April 21, 2014 the U.S. Department of Energy (DOE), acting in its capacity as the Secretariat for the QER Task Force, will convene a two-part public meeting to examine energy infrastructure constraints in New England and regional approaches to addressing them.

  18. Argonne's Resilient Infrastructure Initiative | Argonne National Laboratory

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Resilient Infrastructure Initiative Share Topic Energy Energy efficiency Building design Security Facility security Browse By - Any - Energy -Energy efficiency --Vehicles ---Alternative fuels ---Automotive engineering ---Diesel ---Electric drive technology ---Hybrid & electric vehicles ---Hydrogen & fuel cells ---Internal combustion ---Powertrain research --Building design ---Construction --Manufacturing -Energy sources --Renewable energy ---Bioenergy ---Solar energy --Fossil fuels

  19. Machine Learning for Power System Disturbance and Cyber-attack Discrimination

    SciTech Connect (OSTI)

    Borges, Raymond Charles; Beaver, Justin M; Buckner, Mark A; Morris, Thomas; Adhikari, Uttam; Pan, Shengyi

    2014-01-01

    Power system disturbances are inherently complex and can be attributed to a wide range of sources, including both natural and man-made events. Currently, the power system operators are heavily relied on to make decisions regarding the causes of experienced disturbances and the appropriate course of action as a response. In the case of cyber-attacks against a power system, human judgment is less certain since there is an overt attempt to disguise the attack and deceive the operators as to the true state of the system. To enable the human decision maker, we explore the viability of machine learning as a means for discriminating types of power system disturbances, and focus specifically on detecting cyber-attacks where deception is a core tenet of the event. We evaluate various machine learning methods as disturbance discriminators and discuss the practical implications for deploying machine learning systems as an enhancement to existing power system architectures.

  20. The Federal Energy Regulatory Commission's Unclassified Cyber Security Program - 2012, OAS-L-13-01

    Energy Savers [EERE]

    2 OAS-L-13-01 November 2012 Department of Energy Washington, DC 20585 November 7, 2012 MEMORANDUM FOR THE EXECUTIVE DIRECTOR, FEDERAL ENERGY REGULATORY COMMISSION FROM: Daniel M. Weeber Assistant Inspector General for Audits and Administration Office of Inspector General SUBJECT: INFORMATION: Evaluation Report on "The Federal Energy Regulatory Commission's Unclassified Cyber Security Program - 2012" BACKGROUND The Federal Energy Regulatory Commission (Commission) is an independent