National Library of Energy BETA

Sample records for multiple security vulnerabilities

  1. U-169: Sympa Multiple Security Bypass Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Sympa, which can be exploited by malicious people to bypass certain security restrictions.

  2. V-119: IBM Security AppScan Enterprise Multiple Vulnerabilities...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    9: IBM Security AppScan Enterprise Multiple Vulnerabilities V-119: IBM Security AppScan Enterprise Multiple Vulnerabilities March 26, 2013 - 12:56am Addthis PROBLEM: IBM Security...

  3. T-551: Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabilities

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy 51: Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabilities T-551: Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabilities February 7, 2011 - 7:56am Addthis PROBLEM: Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabilities. PLATFORM: Cisco WebEx recording players. Microsoft Windows, Apple Mac OS X, and Linux versions of the player are all affected. Affected versions of the players are those prior to client builds T27LC SP22 and

  4. T-681:IBM Lotus Symphony Multiple Unspecified Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critical security vulnerability issues."

  5. V-083: Oracle Java Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    A Critical Patch Update is a collection of patches for multiple security vulnerabilities. The Critical Patch Update for Java SE also includes non-security fixes. Critical Patch Updates are cumulative and each advisory describes only the security fixes added since the previous Critical Patch Update and Security Alert.

  6. U-104: Adobe Flash Player Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system.

  7. V-097: Google Chrome Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

  8. V-191: Apple Mac OS X Multiple Vulnerabilities | Department of...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: Apple Mac OS X Multiple Vulnerabilities V-191: Apple Mac OS X Multiple Vulnerabilities July 3, 2013 - 6:00am Addthis PROBLEM: Apple has issued a security update for Mac OS X...

  9. V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy 0: IBM Application Manager For Smart Business Multiple Vulnerabilities V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities June 18, 2013 - 12:38am Addthis PROBLEM: IBM Application Manager For Smart Business Multiple Vulnerabilities PLATFORM: IBM Application Manager For Smart Business 1.x ABSTRACT: A security issue and multiple vulnerabilities have been reported in IBM Application Manager For Smart Business REFERENCE LINKS: Security Bulletin

  10. U-198: IBM Lotus Expeditor Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    8: IBM Lotus Expeditor Multiple Vulnerabilities U-198: IBM Lotus Expeditor Multiple Vulnerabilities June 25, 2012 - 7:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in IBM Lotus Expeditor. PLATFORM: IBM Lotus Expeditor 6.x ABSTRACT: The vulnerabilities can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.. Reference Links: Vendor Advisory

  11. V-092: Pidgin Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Pidgin, which can be exploited by malicious people to manipulate certain data, cause a DoS (Denial of Service), and compromise a user's system.

  12. V-094: IBM Multiple Products Multiple Vulnerabilities | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Multiple Vulnerabilities V-132: IBM Tivoli System Automation Application Manager Multiple Vulnerabilities V-145: IBM Tivoli Federated Identity Manager Products Java Multiple ...

  13. U-162: Drupal Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: Drupal Multiple Vulnerabilities U-162: Drupal Multiple Vulnerabilities May 4, 2012 - 7:00am Addthis PROBLEM: Drupal Multiple Vulnerabilities PLATFORM: The vulnerabilities are reported in 7.x versions prior to 7.13. ABSTRACT: Several vulnerabilities were reported in Drupal: Denial of Service, Access bypass, and Unvalidated form redirect reference LINKS: Security Advisory: DRUPAL-SA-CORE-2012-002 Bugtraq ID: 53359 Secunia Advisory SA49012 CVE-2012-1588 CVE-2012-1589 CVE-2012-1590 CVE-2012-1591

  14. V-122: IBM Tivoli Application Dependency Discovery Manager Java Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple security vulnerabilities exist in the Java Runtime Environments (JREs) that can affect the security of IBM Tivoli Application Dependency Discovery Manager

  15. V-096: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    A weakness and multiple vulnerabilities have been reported in Mozilla Thunderbird and SeaMonkey, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, and compromise a user's system.

  16. T-540: Sybase EAServer Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Sybase EAServer is prone to a security-bypass vulnerability and a directory-traversal vulnerability. Attackers may exploit these issues to execute arbitrary code within the context of the application or to disclose sensitive information.

  17. Assessing the Security Vulnerabilities of Correctional Facilities

    SciTech Connect (OSTI)

    Morrison, G.S.; Spencer, D.S.

    1998-10-27

    The National Institute of Justice has tasked their Satellite Facility at Sandia National Laboratories and their Southeast Regional Technology Center in Charleston, South Carolina to devise new procedures and tools for helping correctional facilities to assess their security vulnerabilities. Thus, a team is visiting selected correctional facilities and performing vulnerability assessments. A vulnerability assessment helps to identi~ the easiest paths for inmate escape, for introduction of contraband such as drugs or weapons, for unexpected intrusion fi-om outside of the facility, and for the perpetration of violent acts on other inmates and correctional employees, In addition, the vulnerability assessment helps to quantify the security risks for the facility. From these initial assessments will come better procedures for performing vulnerability assessments in general at other correctional facilities, as well as the development of tools to assist with the performance of such vulnerability assessments.

  18. V-224: Google Chrome Multiple Vulnerabilities | Department of...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    4: Google Chrome Multiple Vulnerabilities V-224: Google Chrome Multiple Vulnerabilities August 22, 2013 - 1:05am Addthis PROBLEM: Multiple vulnerabilities have been reported in...

  19. V-121: Google Chrome Multiple Vulnerabilities | Department of...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: Google Chrome Multiple Vulnerabilities V-121: Google Chrome Multiple Vulnerabilities March 28, 2013 - 12:29am Addthis PROBLEM: Google Chrome Multiple Vulnerabilities PLATFORM:...

  20. V-207: Wireshark Multiple Denial of Service Vulnerabilities ...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7: Wireshark Multiple Denial of Service Vulnerabilities V-207: Wireshark Multiple Denial of Service Vulnerabilities July 31, 2013 - 1:59am Addthis PROBLEM: Multiple vulnerabilities...

  1. V-059: MoinMoin Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in MoinMoin, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system and by malicious people to manipulate certain data.

  2. CYBER/PHYSICAL SECURITY VULNERABILITY ASSESSMENT INTEGRATION

    SciTech Connect (OSTI)

    MacDonald, Douglas G.; Key, Brad; Clements, Samuel L.; Hutton, William J.; Craig, Philip A.; Patrick, Scott W.; Crawford, Cary E.

    2011-07-17

    This internally funded Laboratory-Directed R&D project by the Pacific Northwest National Laboratory, in conjunction with QinetiQ North America, is intended to identify and properly assess areas of overlap (and interaction) in the vulnerability assessment process between cyber security and physical protection. Existing vulnerability analysis (VA) processes and software tools exist, and these are heavily utilized in the determination of predicted vulnerability within the physical and cyber security domains. These determinations are normally performed independently of one another, and only interact on a superficial level. Both physical and cyber security subject matter experts have come to realize that though the various interactive elements exist, they are not currently quantified in most periodic security assessments. This endeavor aims to evaluate both physical and cyber VA techniques and provide a strategic approach to integrate the interdependent relationships of each into a single VA capability. This effort will also transform the existing suite of software currently utilized in the physical protection world to more accurately quantify the risk associated with a blended attack scenario. Performance databases will be created to support the characterization of the cyber security elements, and roll them into prototype software tools. This new methodology and software capability will enable analysts to better identify and assess the overall risk during a vulnerability analysis.

  3. V-158: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in BlackBerry Tablet OS, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

  4. V-187: Mozilla Firefox Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    These vulnerabilities can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.

  5. U-197: Cisco Adaptive Security Appliances Denial of Service Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 7: Cisco Adaptive Security Appliances Denial of Service Vulnerability U-197: Cisco Adaptive Security Appliances Denial of Service Vulnerability June 22, 2012 - 7:00am Addthis PROBLEM: A vulnerability has been reported in Cisco Adaptive Security Appliances (ASA), which can be exploited by malicious people to cause a DoS (Denial of Service). PLATFORM: Cisco Adaptive Security Appliance (ASA) 8.x Cisco ASA 5500 Series Adaptive Security Appliances ABSTRACT: The vulnerability

  6. Mitigations for Security Vulnerabilities Found in Control System...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Mitigations for Security Vulnerabilities Found in Control System Networks (425.98 KB) More Documents & Publications Cyber Assessment Methods for SCADA Security Introduction SCADA ...

  7. V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Apache Struts, which can be exploited by malicious people to bypass certain security restrictions.

  8. T-551: Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabil...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    51: Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabilities T-551: Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabilities February 7, 2011 - 7:56am ...

  9. U-146: Adobe Reader/Acrobat Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6: Adobe Reader/Acrobat Multiple Vulnerabilities U-146: Adobe Reader/Acrobat Multiple Vulnerabilities April 12, 2012 - 8:30am Addthis PROBLEM: Multiple vulnerabilities have been reported in Adobe Reader and Adobe Acrobat. PLATFORM: Adobe Acrobat 9.x Adobe Acrobat X 10.x Adobe Reader 9.x Adobe Reader X 10.x ABSTRACT: Vulnerabilities can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, gain knowledge of potentially sensitive

  10. V-126: Mozilla Firefox Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct spoofing and cross-site scripting attacks and compromise a user's system

  11. V-111: Multiple vulnerabilities have been reported in Puppet...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    vulnerable system. SOLUTION: Update to a fixed version. Addthis Related Articles V-090: Adobe Flash Player AIR Multiple Vulnerabilities V-083: Oracle Java Multiple...

  12. V-051: Oracle Solaris Java Multiple Vulnerabilities | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Related Articles U-191: Oracle Java Multiple Vulnerabilities U-105:Oracle Java SE Critical Patch Update Advisory T-576: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities...

  13. V-237: TYPO3 Security Bypass Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    7: TYPO3 Security Bypass Vulnerabilities V-237: TYPO3 Security Bypass Vulnerabilities September 9, 2013 - 6:00am Addthis PROBLEM: Some vulnerabilities have been reported in TYPO3 PLATFORM: TYPO3 6.x ABSTRACT: TYPO3 comes with the possibility to restrict editors to certain file actions (copy, delete, move etc.) and to restrict these actions to be performed in certain locations REFERENCE LINKS: Secunia Advisory SA54717 Security Focus ID 62257 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Some errors

  14. Common Cyber Security Vulnerabilities Observed in Control System...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Systems (September 2011) Vulnerability Analysis of Energy Delivery Control Systems - 2011 Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems

  15. V-106: Citrix Access Gateway Unspecified Security Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Citrix Access Gateway, which can be exploited by malicious people to bypass certain security restrictions.

  16. V-211: IBM iNotes Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: IBM iNotes Multiple Vulnerabilities V-211: IBM iNotes Multiple Vulnerabilities August 5, 2013 - 6:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in IBM Lotus iNotes PLATFORM: IBM iNotes 9.x ABSTRACT: IBM iNotes has two cross-site scripting vulnerabilities and an ActiveX Integer overflow vulnerability REFERENCE LINKS: Secunia Advisory SA54436 IBM Security Bulletin 1645503 CVE-2013-3027 CVE-2013-3032 CVE-2013-3990 IMPACT ASSESSMENT: High DISCUSSION: 1) Certain input related

  17. U-187: Adobe Flash Player Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Adobe released security updates for Adobe Flash Player 11.2.202.235 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.8 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.9 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

  18. V-005: ModSecurity Multipart Message Parsing Security Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    SEC Consult has reported a vulnerability in ModSecurity, which can be exploited by malicious people to bypass certain security restrictions.

  19. U-013: HP Data Protector Multiple Unspecified Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in HP Data Protector. A remote user can execute arbitrary code on the target system.

  20. V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits.

  1. Common Cyber Security Vulnerabilities Observed in Control System

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Assessments by the INL NSTB Program | Department of Energy Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program This document presents results from 16 control system assessments performed under the NSTB program from 2003 through 2007. Information found in individual stakeholder reports is protected from disclosure. Researchers recognized that

  2. T-560: Cisco Security Advisory: Management Center for Cisco Security Agent Remote Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    The Management Center for Cisco Security Agent is affected by a vulnerability that may allow an unauthenticated attacker to perform remote code execution on the affected device.

  3. U-171: DeltaV Products Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in DeltaV products, which can be exploited by malicious people to conduct cross-site scripting attacks, SQL injection attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.

  4. T-614: Cisco Unified Communications Manager Database Security Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy 14: Cisco Unified Communications Manager Database Security Vulnerability T-614: Cisco Unified Communications Manager Database Security Vulnerability May 3, 2011 - 7:37am Addthis PROBLEM: Cisco Unified Communications Manager contains a vulnerability that could allow an authenticated, remote attacker to inject arbitrary script code on a targeted system. PLATFORM: Cisco Unified Communications Manager versions prior to 8.5(1), 8.0(3), 7.1(5)su1, and 6.1(5)su2 are

  5. Regulatory Guide on Conducting a Security Vulnerability Assessment

    SciTech Connect (OSTI)

    Ek, David R.

    2016-01-01

    This document will provide guidelines on conducting a security vulnerability assessment at a facility regulated by the Radiation Protection Centre. The guidelines provide a performance approach assess security effectiveness. The guidelines provide guidance for a review following the objectives outlined in IAEA NSS#11 for Category 1, 2, & 3 sources.

  6. V-131: Adobe Shockwave Player Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    This update addresses vulnerabilities that could allow an attacker to run malicious code on the affected system

  7. V-208: Google Chrome Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Some vulnerabilities have been reported in Google Chrome which allows attackers to access and compromise a user's system.

  8. U-035: Adobe Flash Player Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    35: Adobe Flash Player Multiple Vulnerabilities U-035: Adobe Flash Player Multiple Vulnerabilities November 14, 2011 - 10:15am Addthis PROBLEM: Adobe Flash Player Multiple Vulnerabilities. PLATFORM: Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems Adobe Flash Player 11.0.1.153 and earlier versions for Android Adobe AIR 3.0 and earlier versions for Windows, Macintosh, and Android ABSTRACT: Adobe recommends users of Adobe Flash Player

  9. V-107: Wireshark Multiple Denial of Service Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service).

  10. CRITICAL INFRASTRUCTURE PROTECTION Multiple Efforts to Secure...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Multiple Efforts to Secure Control Systems Are Under Way, but Challenges Remain CRITICAL INFRASTRUCTURE PROTECTION Multiple Efforts to Secure Control Systems Are Under Way, but ...

  11. V-157: Adobe Reader / Acrobat Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system

  12. U-179: IBM Java 7 Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Vulnerabilities can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

  13. U-191: Oracle Java Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: Oracle Java Multiple Vulnerabilities U-191: Oracle Java Multiple Vulnerabilities June 14, 2012 - 7:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in Oracle Java, which can be exploited by malicious local users PLATFORM: Oracle Java JDK 1.7.x / 7.x Oracle Java JRE 1.7.x / 7.x Sun Java JDK 1.5.x Sun Java JDK 1.6.x / 6.x Sun Java JRE 1.4.x Sun Java JRE 1.5.x / 5.x Sun Java JRE 1.6.x / 6.x Sun Java SDK 1.4.x ABSTRACT: The Critical Patch Update for Java SE also includes

  14. U-173: Symantec Web Gateway Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Several vulnerabilities were reported in Symantec Web Gateway. A remote user can include and execute arbitrary code on the target system. A remote user can conduct cross-site scripting attacks. A remote user can view/delete/upload files on the target system.

  15. U-234: Oracle MySQL User Login Security Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    Oracle MySQL is prone to a security bypass vulnerability Attackers can exploit this issue to bypass certain security restrictions.

  16. T-542: SAP Crystal Reports Server Multiple Vulnerabilities

    Office of Energy Efficiency and Renewable Energy (EERE)

    Multiple vulnerabilities in SAP Crystal Reports Server 2008, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks, manipulate certain data, and compromise a user's system.

  17. T-694: IBM Tivoli Federated Identity Manager Products Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    This Security Alert addresses a serious security issue CVE-2010-4476 (Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number). This vulnerability might cause the Java Runtime Environment to hang, be in infinite loop, and/or crash resulting in a denial of service exposure. This same hang might occur if the number is written without scientific notation (324 decimal places). In addition to the Application Server being exposed to this attack, any Java program using the Double.parseDouble method is also at risk of this exposure including any customer written application or third party written application.

  18. U-042: Mac RealPlayer Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    42: Mac RealPlayer Multiple Vulnerabilities U-042: Mac RealPlayer Multiple Vulnerabilities November 21, 2011 - 9:15am Addthis PROBLEM: Mac RealPlayer Multiple Vulnerabilities. PLATFORM: Versions 12.0.0.1701 and prior. ABSTRACT: Multiple vulnerabilities have been reported in Mac RealPlayer, which can be exploited by malicious people to compromise a user's system. reference LINKS: Secunia Advisory: SA46963 Secunia Vulnerability Report: Mac RealPlayer 12.x Secunia Advisory: SA46954 IMPACT

  19. Ultra Wideband (UWB) communication vulnerability for security applications.

    SciTech Connect (OSTI)

    Cooley, H. Timothy

    2010-07-01

    RF toxicity and Information Warfare (IW) are becoming omnipresent posing threats to the protection of nuclear assets, and within theatres of hostility or combat where tactical operation of wireless communication without detection and interception is important and sometimes critical for survival. As a result, a requirement for deployment of many security systems is a highly secure wireless technology manifesting stealth or covert operation suitable for either permanent or tactical deployment where operation without detection or interruption is important The possible use of ultra wideband (UWB) spectrum technology as an alternative physical medium for wireless network communication offers many advantages over conventional narrowband and spread spectrum wireless communication. UWB also known as fast-frequency chirp is nonsinusoidal and sends information directly by transmitting sub-nanosecond pulses without the use of mixing baseband information upon a sinusoidal carrier. Thus UWB sends information using radar-like impulses by spreading its energy thinly over a vast spectrum and can operate at extremely low-power transmission within the noise floor where other forms of RF find it difficult or impossible to operate. As a result UWB offers low probability of detection (LPD), low probability of interception (LPI) as well as anti-jamming (AJ) properties in signal space. This paper analyzes and compares the vulnerability of UWB to narrowband and spread spectrum wireless network communication.

  20. T-544: Cisco Security Advisory: Cisco Content Services Gateway Vulnerabilities

    Broader source: Energy.gov [DOE]

    Cisco IOS Software Release 12.4(24)MD1 on the Cisco CSG2 contains two vulnerabilities that can be exploited by a remote, unauthenticated attacker to create a denial of service condition that prevents traffic from passing through the CSG2. These vulnerabilities require only a single content service to be active on the Cisco CSG2 and can be exploited via crafted TCP packets. A three-way handshake is not required to exploit either of these vulnerabilities.

  1. V-152: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Various components of Cisco Unified CVP are affected. These vulnerabilities can be exploited independently; however, more than one vulnerability could be exploited on the same device.

  2. U-273: Multiple vulnerabilities have been reported in Wireshark

    Broader source: Energy.gov [DOE]

    Vulnerabilities can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

  3. V-216: Drupal Monster Menus Module Security Bypass and Script...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    V-186: Drupal Login Security Module Security Bypass and Denial of Service Vulnerability U-162: Drupal Multiple Vulnerabilities V-052: Drupal Core Access Bypass and Arbitrary PHP ...

  4. U-228: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Addthis PROBLEM: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities PLATFORM: Adobe Flash Player versions included with BlackBerry PlayBook tablet software versions...

  5. T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities

    Broader source: Energy.gov [DOE]

    Vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.

  6. V-178: IBM Data Studio Web Console Java Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    IBM Data Studio Web Console uses the IBM Java Runtime Environment (JRE) and might be affected by vulnerabilities in the IBM JRE

  7. V-118: IBM Lotus Domino Multiple Vulnerabilities | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    to version 9.0 or update to version 8.5.3 Fix Pack 4 when available Addthis Related Articles T-534: Vulnerability in the PDF distiller of the BlackBerry Attachment Service...

  8. U-186: IBM WebSphere Sensor Events Multiple Vulnerabilities | Department of

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Energy 86: IBM WebSphere Sensor Events Multiple Vulnerabilities U-186: IBM WebSphere Sensor Events Multiple Vulnerabilities June 8, 2012 - 7:00am Addthis PROBLEM: Multiple vulnerabilities have been reported in IBM WebSphere Sensor Events PLATFORM: IBM WebSphere Sensor Events 7.x ABSTRACT: Some vulnerabilites have unknown impacts and others can be exploited by malicious people to conduct cross-site scripting attacks. Reference Links: Secunia ID 49413 No CVE references. Vendor URL IMPACT

  9. T-543: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Wireshark is prone to multiple denial-of-service and buffer-overflow vulnerabilities. Exploiting these issues may allow attackers to crash the application and deny service to legitimate users. Attackers may also execute arbitrary code in the context of vulnerable users running the application.

  10. U-116: IBM Tivoli Provisioning Manager Express for Software Distribution Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in IBM Tivoli Provisioning Manager Express for Software Distribution, which can be exploited by malicious people to conduct SQL injection attacks and compromise a user's system

  11. T-528: Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities

    Broader source: Energy.gov [DOE]

    Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities. Mozilla Firefox, SeaMonkey, and Thunderbird are prone to multiple HTML-injection vulnerabilities. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

  12. T-597: WordPress Multiple Security Vulnerabilities

    Office of Energy Efficiency and Renewable Energy (EERE)

    Attackers can exploit these issues to perform unauthorized actions in the context of the logged-in user, crash the affected application and therefore deny service to legitimate users, or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials or launch other attacks.

  13. Application of artificial neural networks in power system security and vulnerability assessment

    SciTech Connect (OSTI)

    Qin Zhou; Davidson, J.; Fouad, A.A.

    1994-02-01

    In a companion paper the concept of system vulnerability is introduced as a new framework for power system dynamic security assessment. Using the TEF method of transient stability analysis, the energy margin [Delta]V is used as an indicator of the level of security, and its sensitivity to a changing system parameter p ([partial derivative][Delta]V/[partial derivative]p) as indicator of its trend with changing system conditions. These two indicators are combined to determine the degree of system vulnerability to contingent disturbances in a stability-limited power system. Thresholds for acceptable levels of the security indicator and its trend are related to the stability limits of a critical system parameter (plant generation limits). Operating practices and policies are used to determine these thresholds. In this paper the artificial neural networks (ANNs) technique is applied to the concept of system vulnerability within the recently developed framework, for fast pattern recognition and classification of system dynamic security status. A suitable topology for the neural network is developed, and the appropriate training method and input and output signals are selected. The procedure developed is successfully applied to the IEEE 50-generator test system. Data previously obtained by heuristic techniques are used for training the ANN.

  14. CRITICAL INFRASTRUCTURE PROTECTION Multiple Efforts to Secure Control

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Systems Are Under Way, but Challenges Remain | Department of Energy CRITICAL INFRASTRUCTURE PROTECTION Multiple Efforts to Secure Control Systems Are Under Way, but Challenges Remain CRITICAL INFRASTRUCTURE PROTECTION Multiple Efforts to Secure Control Systems Are Under Way, but Challenges Remain GAO is making recommendations to the Department of Homeland Security (DHS) to develop a strategy for coordinating control systems security efforts and to enhance information sharing with relevant

  15. T-592: Cisco Security Advisory: Cisco Secure Access Control System Unauthorized Password Change Vulnerability

    Broader source: Energy.gov [DOE]

    Cisco Secure ACS operates as a centralized RADIUS and TACACS+ server, combining user authentication, user and administrator device access control, and policy control into a centralized identity networking solution.

  16. T-527: OpenSC Smart Card Serial Number Multiple Buffer Overflow Vulnerabilities

    Broader source: Energy.gov [DOE]

    OpenSC is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

  17. Using Multiple Unmanned Systems for a Site Security Task

    SciTech Connect (OSTI)

    Matthew O. Anderson; Curtis W. Nielsen; Mark D. McKay; Derek C. Wadsworth; Ryan C. Hruska; John A. Koudelka

    2009-04-01

    Unmanned systems are often used to augment the ability of humans to perform challenging tasks. While the value of individual unmanned vehicles have been proven for a variety of tasks, it is less understood how multiple unmanned systems should be used together to accomplish larger missions such as site security. The purpose of this paper is to discuss efforts by researchers at the Idaho National Laboratory (INL) to explore the utility and practicality of operating multiple unmanned systems for a site security mission. This paper reviews the technology developed for a multi-agent mission and summarizes the lessons-learned from a technology demonstration.

  18. U-126: Cisco Adaptive Security Appliances Port Forwarder ActiveX Control Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Cisco ASA. A remote user can cause arbitrary code to be executed on the target user's system.

  19. V-197: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE)

    The vulnerability is caused due to an unspecified error and can be exploited to invoke public methods on ColdFusion Components (CFC) using WebSockets

  20. A Busy Year Securing Vulnerable Nuclear Material and Making the World Safer

    Broader source: Energy.gov [DOE]

    NNSA assisted in reclaiming highly enriched uranium from the Ukraine to a secure facility in Russia.

  1. V-132: IBM Tivoli System Automation Application Manager Multiple

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Vulnerabilities | Department of Energy 2: IBM Tivoli System Automation Application Manager Multiple Vulnerabilities V-132: IBM Tivoli System Automation Application Manager Multiple Vulnerabilities April 12, 2013 - 6:00am Addthis PROBLEM: IBM has acknowledged multiple vulnerabilities in IBM Tivoli System Automation Application Manager PLATFORM: The vulnerabilities are reported in IBM Tivoli System Automation Application Manager versions 3.1, 3.2, 3.2.1, and 3.2.2 ABSTRACT: Multiple security

  2. U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS).

  3. Lessons about vulnerability assessments.

    SciTech Connect (OSTI)

    Johnston, R. G.

    2004-01-01

    The Vulnerability Assessment Team (VAT) at Los Alamos National Laboratory believes that physical security can only be optimized through the use of effective vulnerability assessments. As a result of conducting vulnerability assessments on hundreds of different security devices and systems in the last few years, we have identified some of the attributes of effective assessments. These, along with our recommendations and observations about vulnerability assessments, are summarized in this paper. While our work has primarily involved physical security (in contrast to, for example, computer, network, or information security), our experiences may have applicability to other types of security as well.

  4. V-200: Apache Struts DefaultActionMapper Redirection and OGNL Security

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Bypass Vulnerabilities | Department of Energy 0: Apache Struts DefaultActionMapper Redirection and OGNL Security Bypass Vulnerabilities V-200: Apache Struts DefaultActionMapper Redirection and OGNL Security Bypass Vulnerabilities July 18, 2013 - 6:00am Addthis PROBLEM: Two weaknesses and multiple vulnerabilities have been reported in Apache Struts PLATFORM: Apache Struts 2.x ABSTRACT: The vulnerabilities can be exploited by malicious people to conduct spoofing attacks and bypass certain

  5. T-697: Google Chrome Prior to 13.0.782.107 Multiple Security Vulnerabilities

    Broader source: Energy.gov [DOE]

    Attackers can exploit these issues to execute arbitrary code in the context of the browser or cause denial-of-service conditions; other attacks may also be possible.

  6. Public views on multiple dimensions of security : nuclear waepons, terrorism, energy, and the environment : 2007.

    SciTech Connect (OSTI)

    Herron, Kerry Gale; Jenkins-Smith, Hank C.

    2008-01-01

    We analyze and compare findings from identical national surveys of the US general public on nuclear security and terrorism administered by telephone and Internet in mid-2007. Key areas of investigation include assessments of threats to US security; valuations of US nuclear weapons and nuclear deterrence; perspectives on nuclear proliferation, including the specific cases of North Korea and Iran; and support for investments in nuclear weapons capabilities. Our analysis of public views on terrorism include assessments of the current threat, progress in the struggle against terrorism, preferences for responding to terrorist attacks at different levels of assumed casualties, and support for domestic policies intended to reduce the threat of terrorism. Also we report findings from an Internet survey conducted in mid 2007 that investigates public views of US energy security, to include: energy supplies and reliability; energy vulnerabilities and threats, and relationships among security, costs, energy dependence, alternative sources, and research and investment priorities. We analyze public assessments of nuclear energy risks and benefits, nuclear materials management issues, and preferences for the future of nuclear energy in the US. Additionally, we investigate environmental issues as they relate to energy security, to include expected implications of global climate change, and relationships among environmental issues and potential policy options.

  7. T-592: Cisco Security Advisory: Cisco Secure Access Control System...

    Energy Savers [EERE]

    Control System Unauthorized Password Change Vulnerability T-592: Cisco Security Advisory: Cisco Secure Access Control System Unauthorized Password Change Vulnerability March 31, ...

  8. Security

    Office of Energy Efficiency and Renewable Energy (EERE)

    Security refers to the security of the stream of principal and interest repayments and what happens in the event that a secured loan defaults.

  9. V-234: EMC RSA Archer GRC Open Redirection Weakness and Security Bypass

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Security Issue | Department of Energy 4: EMC RSA Archer GRC Open Redirection Weakness and Security Bypass Security Issue V-234: EMC RSA Archer GRC Open Redirection Weakness and Security Bypass Security Issue September 4, 2013 - 6:00am Addthis PROBLEM: A weakness and a security issue have been reported in EMC RSA Archer GRC PLATFORM: EMC RSA Archer GRC 5.x ABSTRACT: This fixes multiple vulnerabilities, which can be exploited to bypass certain security restrictions and to conduct spoofing

  10. SCADA Vulnerability Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Vulnerability Assessments - Sandia Energy Energy Search Icon Sandia Home Locations Contact Us Employee Locator Energy & Climate Secure & Sustainable Energy Future Stationary Power Energy Conversion Efficiency Solar Energy Wind Energy Water Power Supercritical CO2 Geothermal Natural Gas Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering Grid Modernization Battery Testing Nuclear Energy Defense Waste Management Programs Advanced

  11. V-132: IBM Tivoli System Automation Application Manager Multiple...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Application Manager versions 3.1, 3.2, 3.2.1, and 3.2.2 ABSTRACT: Multiple security vulnerabilities exist in the IBM Java Runtime Environment component of IBM Tivoli System ...

  12. security

    National Nuclear Security Administration (NNSA)

    exan-Calvin-Nelson-secures-recognition-for-expertise.aspx">Pantex website.

    Apex Gold discussion fosters international cooperation in run-up to 2016 Nuclear Security Summit...

  13. Security Perimeter

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Security Perimeter Security Perimeter Protecting the Laboratory against threats and vulnerabilities. Contact Security Perimeter Coordinators Email The security perimeter helps to protect the Laboratory Vehicle Access Portal graphic The security perimeter is intended to protect the Laboratory against the possibility of terrorist attacks. At each point of the perimeter, access is controlled by vehicle access portals (VAPs) at the following locations: East Jemez Road VAPs (pdf) (shown above) West

  14. NSTB Summarizes Vulnerable Areas | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    NSTB Summarizes Vulnerable Areas Experts at the National SCADA Test Bed (NSTB) discovered ... Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems ...

  15. U-246: Tigase XMPP Dialback Protection Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Tigase, which can be exploited by malicious people to bypass certain security restrictions.

  16. T-574: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact while others can be exploited by malicious people bypass certain security restrictions, disclose system information, and compromise a user's system.

  17. Vendor System Vulnerability Testing Test Plan

    SciTech Connect (OSTI)

    James R. Davidson

    2005-01-01

    The Idaho National Laboratory (INL) prepared this generic test plan to provide clients (vendors, end users, program sponsors, etc.) with a sense of the scope and depth of vulnerability testing performed at the INL’s Supervisory Control and Data Acquisition (SCADA) Test Bed and to serve as an example of such a plan. Although this test plan specifically addresses vulnerability testing of systems applied to the energy sector (electric/power transmission and distribution and oil and gas systems), it is generic enough to be applied to control systems used in other critical infrastructures such as the transportation sector, water/waste water sector, or hazardous chemical production facilities. The SCADA Test Bed is established at the INL as a testing environment to evaluate the security vulnerabilities of SCADA systems, energy management systems (EMS), and distributed control systems. It now supports multiple programs sponsored by the U.S. Department of Energy, the U.S. Department of Homeland Security, other government agencies, and private sector clients. This particular test plan applies to testing conducted on a SCADA/EMS provided by a vendor. Before performing detailed vulnerability testing of a SCADA/EMS, an as delivered baseline examination of the system is conducted, to establish a starting point for all-subsequent testing. The series of baseline tests document factory delivered defaults, system configuration, and potential configuration changes to aid in the development of a security plan for in depth vulnerability testing. The baseline test document is provided to the System Provider,a who evaluates the baseline report and provides recommendations to the system configuration to enhance the security profile of the baseline system. Vulnerability testing is then conducted at the SCADA Test Bed, which provides an in-depth security analysis of the Vendor’s system.b a. The term System Provider replaces the name of the company/organization providing the system

  18. U-200: Red Hat Directory Server Information Disclosure Security...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    0: Red Hat Directory Server Information Disclosure Security Issue and Vulnerability U-200: Red Hat Directory Server Information Disclosure Security Issue and Vulnerability June 27,...

  19. V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerabil...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability May 23, 2013 - 6:00am Addthis...

  20. V-188: Apache XML Security XPointer Expressions Processing Buffer...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    8: Apache XML Security XPointer Expressions Processing Buffer Overflow Vulnerability V-188: Apache XML Security XPointer Expressions Processing Buffer Overflow Vulnerability June...

  1. T-614: Cisco Unified Communications Manager Database Security...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    14: Cisco Unified Communications Manager Database Security Vulnerability T-614: Cisco Unified Communications Manager Database Security Vulnerability May 3, 2011 - 7:37am Addthis ...

  2. Office of Radiological Security | Y-12 National Security Complex

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Office of Radiological ... Office of Radiological Security Read more about Y-12's contributions of the Global Threat Reduction Initiative to secure the world's most vulnerable...

  3. Common Control System Vulnerability

    SciTech Connect (OSTI)

    Trent Nelson

    2005-12-01

    The Control Systems Security Program and other programs within the Idaho National Laboratory have discovered a vulnerability common to control systems in all sectors that allows an attacker to penetrate most control systems, spoof the operator, and gain full control of targeted system elements. This vulnerability has been identified on several systems that have been evaluated at INL, and in each case a 100% success rate of completing the attack paths that lead to full system compromise was observed. Since these systems are employed in multiple critical infrastructure sectors, this vulnerability is deemed common to control systems in all sectors. Modern control systems architectures can be considered analogous to today's information networks, and as such are usually approached by attackers using a common attack methodology to penetrate deeper and deeper into the network. This approach often is composed of several phases, including gaining access to the control network, reconnaissance, profiling of vulnerabilities, launching attacks, escalating privilege, maintaining access, and obscuring or removing information that indicates that an intruder was on the system. With irrefutable proof that an external attack can lead to a compromise of a computing resource on the organization's business local area network (LAN), access to the control network is usually considered the first phase in the attack plan. Once the attacker gains access to the control network through direct connections and/or the business LAN, the second phase of reconnaissance begins with traffic analysis within the control domain. Thus, the communications between the workstations and the field device controllers can be monitored and evaluated, allowing an attacker to capture, analyze, and evaluate the commands sent among the control equipment. Through manipulation of the communication protocols of control systems (a process generally referred to as ''reverse engineering''), an attacker can then map out the

  4. T-565: Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability

    Broader source: Energy.gov [DOE]

    Microsoft is releasing this security advisory to help ensure customers are aware that an update to the Microsoft Malware Protection Engine also addresses a security vulnerability reported to Microsoft.

  5. Cyber Assessment Methods for SCADA Security

    Office of Energy Efficiency and Renewable Energy (EERE)

    This paper describes vulnerability assessment methodologies used in ongoing research and assessment activities designed to identify and resolve vulnerabilities so as to improve the security of the...

  6. V-186: Drupal Login Security Module Security Bypass and Denial...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Related Articles U-162: Drupal Multiple Vulnerabilities V-052: Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities V-216: Drupal Monster Menus Module ...

  7. V-186: Drupal Login Security Module Security Bypass and Denial of Service

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Vulnerability | Department of Energy 6: Drupal Login Security Module Security Bypass and Denial of Service Vulnerability V-186: Drupal Login Security Module Security Bypass and Denial of Service Vulnerability June 26, 2013 - 1:28am Addthis PROBLEM: Drupal Login Security Module Security Bypass and Denial of Service Vulnerability PLATFORM: Login Security 6.x-1.x versions prior to 6.x-1.2. Login Security 7.x-1.x versions prior to 7.x-1.2. ABSTRACT: A security issue and a vulnerability have been

  8. Infrastructure Security

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    all of our reactor designs employ a concurrent engineering approach that addresses the integration of safety, operations, security, and safeguards from the conceptual design level. Capabilities include core design, thermal hydraulics, waste characterization, simulator development, and severe service and accident testing. Design assessments include: safety, security, vulnerability, siting, emergency planning, and fuel cycle impact. organization 6221 serves as a window to sister organizations

  9. V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilit...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Articles U-179: IBM Java 7 Multiple Vulnerabilities V-145: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities V-094: IBM Multiple Products Multiple...

  10. U-190: Microsoft Security Bulletin MS12-037- Critical

    Broader source: Energy.gov [DOE]

    This security update resolves one publicly disclosed and twelve privately reported vulnerabilities in Internet Explorer.

  11. Energy vulnerability relationships

    SciTech Connect (OSTI)

    Shaw, B.R.; Boesen, J.L.

    1998-02-01

    The US consumption of crude oil resources has been a steadily growing indicator of the vitality and strength of the US economy. At the same time import diversity has also been a rapidly developing dimension of the import picture. In the early 1970`s, embargoes of crude oil from Organization of Producing and Exporting Countries (OPEC) created economic and political havoc due to a significant lack of diversity and a unique set of economic, political and domestic regulatory circumstances. The continued rise of imports has again led to concerns over the security of our crude oil resource but threats to this system must be considered in light of the diversity and current setting of imported oil. This report develops several important issues concerning vulnerability to the disruption of oil imports: (1) The Middle East is not the major supplier of oil to the United States, (2) The US is not vulnerable to having its entire import stream disrupted, (3) Even in stable countries, there exist vulnerabilities to disruption of the export stream of oil, (4) Vulnerability reduction requires a focus on international solutions, and (5) DOE program and policy development must reflect the requirements of the diverse supply. Does this increasing proportion of imported oil create a {open_quotes}dependence{close_quotes}? Does this increasing proportion of imported oil present a vulnerability to {open_quotes}price shocks{close_quotes} and the tremendous dislocations experienced during the 1970`s? Finally, what is the vulnerability of supply disruptions from the current sources of imported oil? If oil is considered to be a finite, rapidly depleting resource, then the answers to these questions must be {open_quotes}yes.{close_quotes} However, if the supply of oil is expanding, and not limited, then dependence is relative to regional supply sources.

  12. Grid Cyber Vulnerability & Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Cyber Vulnerability & Assessments - Sandia Energy Energy Search Icon Sandia Home Locations Contact Us Employee Locator Energy & Climate Secure & Sustainable Energy Future Stationary Power Energy Conversion Efficiency Solar Energy Wind Energy Water Power Supercritical CO2 Geothermal Natural Gas Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering Grid Modernization Battery Testing Nuclear Energy Defense Waste Management Programs

  13. Cyber-Based Vulnerability Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Cyber-Based Vulnerability Assessments - Sandia Energy Energy Search Icon Sandia Home Locations Contact Us Employee Locator Energy & Climate Secure & Sustainable Energy Future Stationary Power Energy Conversion Efficiency Solar Energy Wind Energy Water Power Supercritical CO2 Geothermal Natural Gas Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering Grid Modernization Battery Testing Nuclear Energy Defense Waste Management Programs

  14. TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Top 10 Vulnerabilities of Control Systems and Their Associated Migitations (2006) Introduction SCADA Security for Managers and Operators DOE National SCADA Test Bed Program ...

  15. V-213: PuTTY SSH Handshake Integer Overflow Vulnerabilities ...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    source code repository Addthis Related Articles V-222: SUSE update for Filezilla V-157: Adobe Reader Acrobat Multiple Vulnerabilities V-066: Adobe AcrobatReader Multiple Flaws...

  16. Infrastructure Security

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    for the U.S. Department of Energy's National Nuclear Security Administration under contract DE-AC04-94AL85000. SAND2013-7809W to enhance the nation's security and prosperity through sustainable, transformative approaches to our most challenging energy, climate, and infrastructure problems. vision Important applications of these capabilities include performing assessment of facility vulnerabilities and resultant consequences of a range of attack scenarios related to nuclear facilities after

  17. U-149: Apache OFBiz Cross-Site Scripting and Code Execution Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Apache OFBiz, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.

  18. Are Vulnerability Disclosure Deadlines Justified?

    SciTech Connect (OSTI)

    Miles McQueen; Jason L. Wright; Lawrence Wellman

    2011-09-01

    Vulnerability research organizations Rapid7, Google Security team, and Zero Day Initiative recently imposed grace periods for public disclosure of vulnerabilities. The grace periods ranged from 45 to 182 days, after which disclosure might occur with or without an effective mitigation from the affected software vendor. At this time there is indirect evidence that the shorter grace periods of 45 and 60 days may not be practical. However, there is strong evidence that the recently announced Zero Day Initiative grace period of 182 days yields benefit in speeding up the patch creation process, and may be practical for many software products. Unfortunately, there is also evidence that the 182 day grace period results in more vulnerability announcements without an available patch.

  19. V-135: Cisco ASA Multiple Bugs Let Remote Users Deny Service | Department

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    of Energy 5: Cisco ASA Multiple Bugs Let Remote Users Deny Service V-135: Cisco ASA Multiple Bugs Let Remote Users Deny Service April 16, 2013 - 12:21am Addthis PROBLEM: Cisco ASA Multiple Bugs Let Remote Users Deny Service PLATFORM: Cisco ASA Software for Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, and Cisco ASA 1000V Cloud Firewall are affected by multiple vulnerabilities. Affected

  20. V-074: IBM Informix Genero libpng Integer Overflow Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 74: IBM Informix Genero libpng Integer Overflow Vulnerability V-074: IBM Informix Genero libpng Integer Overflow Vulnerability January 22, 2013 - 12:11am Addthis PROBLEM: IBM Informix Genero libpng Integer Overflow Vulnerability PLATFORM: IBM Informix Genero releases prior to 2.41 - all platforms ABSTRACT: A vulnerability has been reported in libpng. REFERENCE LINKS: IBM Security Bulletin: 1620982 Secunia Advisory SA51905 Secunia Advisory SA48026 CVE-2011-3026 IMPACT

  1. Validating Cyber Security Requirements: A Case Study

    SciTech Connect (OSTI)

    Abercrombie, Robert K; Sheldon, Frederick T; Mili, Ali

    2011-01-01

    Vulnerabilities in a system may have widely varying impacts on system security. In practice, security should not be defined as the absence of vulnerabilities. In practice, security should not be quantified by the number of vulnerabilities. Security should be managed by pursuing a policy that leads us first to the highest impact vulnerabilities. In light of these observations, we argue in favor of shifting our focus from vulnerability avoidance/removal to measurable security attributes. To this effect, we recommend a logic be used for system security, which captures/represents security properties in quantifiable, verifiable, measurable terms so that it is possible to reason about security in terms of its observable/perceptible effects rather than its hypothesized causes. This approach is orthogonal to existing techniques for vulnerability avoidance, removal, detection, and recovery, in the sense that it provides a means to assess, quantify, and combine these techniques.

  2. Study of Security Attributes of Smart Grid Systems- Current Cyber Security Issues

    SciTech Connect (OSTI)

    Wayne F. Boyer; Scott A. McBride

    2009-04-01

    This document provides information for a report to congress on Smart Grid security as required by Section 1309 of Title XIII of the Energy Independence and Security Act of 2007. The security of any future Smart Grid is dependent on successfully addressing the cyber security issues associated with the nation’s current power grid. Smart Grid will utilize numerous legacy systems and technologies that are currently installed. Therefore, known vulnerabilities in these legacy systems must be remediated and associated risks mitigated in order to increase the security and success of the Smart Grid. The implementation of Smart Grid will include the deployment of many new technologies and multiple communication infrastructures. This report describes the main technologies that support Smart Grid and summarizes the status of implementation into the existing U.S. electrical infrastructure.

  3. Apparatus and method supporting wireless access to multiple security layers in an industrial control and automation system or other system

    DOE Patents [OSTI]

    Chen, Yu-Gene T.

    2013-04-16

    A method includes receiving a message at a first wireless node. The first wireless node is associated with a first wired network, and the first wired network is associated with a first security layer. The method also includes transmitting the message over the first wired network when at least one destination of the message is located in the first security layer. The method further includes wirelessly transmitting the message for delivery to a second wireless node when at least one destination of the message is located in a second security layer. The second wireless node is associated with a second wired network, and the second wired network is associated with the second security layer. The first and second security layers may be associated with different security paradigms and/or different security domains. Also, the message could be associated with destinations in the first and second security layers.

  4. V-125: Cisco Connected Grid Network Management System Multiple...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: Cisco Connected Grid Network Management System Multiple Vulnerabilities V-125: Cisco Connected Grid Network Management System Multiple Vulnerabilities April 3, 2013 - 1:44am...

  5. V-152: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilit...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities V-152: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities May 9, 2013 - 6:00am Addthis...

  6. V-205: IBM Tivoli System Automation for Multiplatforms Java Multiple...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Automation Application Manager Multiple Vulnerabilities V-145: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities V-122: IBM Tivoli Application...

  7. Global Security | Y-12 National Security Complex

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Global Security Global Security We train nuclear industry professionals, emergency responders and security forces from around the world to safeguard vulnerable materials. Nuclear nonproliferation - stopping the spread of nuclear materials - is a critical part of creating a safer world. Y-12 has been working in nonproliferation since the early 1990s in more than 25 countries. As the nation reduces the size of its arsenal, Y-12 will play a central role in decommissioning weapons systems and

  8. Microsoft Word - MitigationsForVulnerabilitiesInCSNetworks.doc

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    6 by ISA - The Instrumentation, Systems and Automation Society. Presented at 16th Annual Joint ISA POWID/EPRI Controls and Instrumentation Conference; http://www.isa.org Mitigations for Security Vulnerabilities Found in Control System Networks May Permann John Hammer Computer Security Researcher Computer Security Researcher Communications & Cyber Security Communications & Cyber Security Idaho National Laboratory Idaho National Laboratory Idaho Falls, ID 83415 Idaho Falls, ID 83415 Kathy

  9. Indirection and computer security.

    SciTech Connect (OSTI)

    Berg, Michael J.

    2011-09-01

    The discipline of computer science is built on indirection. David Wheeler famously said, 'All problems in computer science can be solved by another layer of indirection. But that usually will create another problem'. We propose that every computer security vulnerability is yet another problem created by the indirections in system designs and that focusing on the indirections involved is a better way to design, evaluate, and compare security solutions. We are not proposing that indirection be avoided when solving problems, but that understanding the relationships between indirections and vulnerabilities is key to securing computer systems. Using this perspective, we analyze common vulnerabilities that plague our computer systems, consider the effectiveness of currently available security solutions, and propose several new security solutions.

  10. T-532: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution

    Broader source: Energy.gov [DOE]

    Microsoft is investigating new public reports of a vulnerability in the Windows Graphics Rendering Engine. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the logged-on user.

  11. CIOs Uncensored: Security Smarts.

    SciTech Connect (OSTI)

    Johnson, Gerald R.

    2008-02-25

    This commentary for the CIOs Uncensored section of InformationWeek will discuss PNNLs defense in depth approach to cyber security. It will cover external and internal safeguards, as well as the all-important role of employees in the cyber security equation. For employees are your greatest vulnerability and your last line of defense.

  12. NNSA: Securing Domestic Radioactive Material | National Nuclear...

    National Nuclear Security Administration (NNSA)

    2011 In April 2009, President Obama outlined an ambitious agenda to secure vulnerable nuclear material around the world within four years, calling the danger of a terrorist...

  13. Nuclear Nonproliferation | Y-12 National Security Complex

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    in more than 20 countries. From a new on-site center dedicated to testing and validating radiation detection technologies to subject matter experts who secure vulnerable materials...

  14. Framework for SCADA Security Policy (October 2005)

    Office of Energy Efficiency and Renewable Energy (EERE)

    Modern automation systems used in infrastruc-ture (including Supervisory Control and Data Acquisition, or SCADA) have myriad security vulnerabilities. Many of these relate directly to inadequate...

  15. T-636: Wireshark Multiple Flaws Let Remote Users Deny Service

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in Wireshark. A remote user can cause denial of service conditions.

  16. Chapter 3: Energy Security

    SciTech Connect (OSTI)

    Foust, Thomas D.; Arent, Doug; de Carvalho Macedo, Isaias; Goldemberg, Jose; Hoysala, Chanakya; Filho, Rubens Maciel; Nigro, Francisco E. B.; Richard, Tom L.; Saddler, Jack; Samseth, Jon; Somerville, Chris R.

    2015-04-01

    This chapter considers the energy security implications and impacts of bioenergy. We provide an assessment to answer the following questions: What are the implications for bioenergy and energy security within the broader policy environment that includes food and water security, development, economic productivity, and multiple foreign policy aspects? What are the conditions under which bioenergy contributes positively to energy security?

  17. V-230: IBM TRIRIGA Application Platform Multiple Cross-Site Scripting...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    0: IBM TRIRIGA Application Platform Multiple Cross-Site Scripting Vulnerabilities V-230: IBM TRIRIGA Application Platform Multiple Cross-Site Scripting Vulnerabilities August 29, ...

  18. V-028: Splunk Multiple Cross-Site Scripting and Denial of Service...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    28: Splunk Multiple Cross-Site Scripting and Denial of Service Vulnerabilities V-028: Splunk Multiple Cross-Site Scripting and Denial of Service Vulnerabilities November 20, 2012 -...

  19. V-216: Drupal Monster Menus Module Security Bypass and Script Insertion

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Vulnerabilities | Department of Energy 6: Drupal Monster Menus Module Security Bypass and Script Insertion Vulnerabilities V-216: Drupal Monster Menus Module Security Bypass and Script Insertion Vulnerabilities August 12, 2013 - 6:00am Addthis PROBLEM: Two vulnerabilities have been reported in the Monster Menus module for Drupal PLATFORM: Drupal Monster Menus Module 6.x and 7.x ABSTRACT: The vulnerabilities can be exploited by malicious users to bypass certain security restrictions and

  20. T-657: Drupal Prepopulate- Multiple vulnerabilities

    Broader source: Energy.gov [DOE]

    The module does not adequately validate user input leading to an cross-site scripting (XSS) possibility in certain circumstances.

  1. V-214: Mozilla Firefox Multiple Vulnerabilities | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Firefox before 23.0 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors....

  2. U-100: Google Chrome Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    A remote user can create a specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

  3. David Telles wins NNSA Security

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    David Telles wins NNSA Security Professional of the Year award May 7, 2009 LOS ALAMOS, New Mexico, May 7, 2009 - David M. Telles, who leads Los Alamos National Laboratory's Vulnerability Analysis Office, received a 2008 National Nuclear Security Administration Security Professional of the Year award. NNSA administrator Tom D'Agostino said, "Our security professionals dedicate themselves to protecting some of the nation's most vital strategic assets, and in so doing, help advance broader

  4. Facility Environmental Vulnerability Assessment

    SciTech Connect (OSTI)

    Van Hoesen, S.D.

    2001-07-09

    From mid-April through the end of June 2001, a Facility Environmental Vulnerability Assessment (FEVA) was performed at Oak Ridge National Laboratory (ORNL). The primary goal of this FEVA was to establish an environmental vulnerability baseline at ORNL that could be used to support the Laboratory planning process and place environmental vulnerabilities in perspective. The information developed during the FEVA was intended to provide the basis for management to initiate immediate, near-term, and long-term actions to respond to the identified vulnerabilities. It was expected that further evaluation of the vulnerabilities identified during the FEVA could be carried out to support a more quantitative characterization of the sources, evaluation of contaminant pathways, and definition of risks. The FEVA was modeled after the Battelle-supported response to the problems identified at the High Flux Beam Reactor at Brookhaven National Laboratory. This FEVA report satisfies Corrective Action 3A1 contained in the Corrective Action Plan in Response to Independent Review of the High Flux Isotope Reactor Tritium Leak at the Oak Ridge National Laboratory, submitted to the Department of Energy (DOE) ORNL Site Office Manager on April 16, 2001. This assessment successfully achieved its primary goal as defined by Laboratory management. The assessment team was able to develop information about sources and pathway analyses although the following factors impacted the team's ability to provide additional quantitative information: the complexity and scope of the facilities, infrastructure, and programs; the significantly degraded physical condition of the facilities and infrastructure; the large number of known environmental vulnerabilities; the scope of legacy contamination issues [not currently addressed in the Environmental Management (EM) Program]; the lack of facility process and environmental pathway analysis performed by the accountable line management or facility owner; and poor

  5. President Obama Hosts Global Nuclear Security Summit | National Nuclear

    National Nuclear Security Administration (NNSA)

    Security Administration | (NNSA) Hosts Global Nuclear Security Summit President Obama Hosts Global Nuclear Security Summit Washington, DC President Obama hosts a Global Nuclear Security Summit to facilitate discussion on the nature of the nuclear threat and develop steps that can be taken together to secure vulnerable materials, combat nuclear smuggling and deter, detect, and disrupt attempts at nuclear terrorism

  6. U.S. Energy Sector Vulnerability Report | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    U.S. Energy Sector Vulnerability Report U.S. Energy Sector Vulnerability Report As part of the Administration's efforts to support climate change preparedness and resilience planning -- and to advance the Energy Department's goal of promoting energy security -- the Department is assessing the threats of climate change and extreme weather to the Nation' energy system. Two reports have been released that examine the current and potential future impacts of climate change and extreme weather on the

  7. NNSA: Securing Domestic Radioactive Material | National Nuclear Security

    National Nuclear Security Administration (NNSA)

    Administration | (NNSA) NNSA: Securing Domestic Radioactive Material February 01, 2011 In April 2009, President Obama outlined an ambitious agenda to secure vulnerable nuclear material around the world within four years, calling the danger of a terrorist acquiring nuclear weapons "the most immediate and extreme threat to global security." In this year's State of the Union, he called the threat of nuclear weapons, "the greatest danger to the American people." The

  8. Vulnerability Assessment for Cascading Failures in Electric Power Systems

    SciTech Connect (OSTI)

    Baldick, R.; Chowdhury, Badrul; Dobson, Ian; Dong, Zhao Yang; Gou, Bei; Hawkins, David L.; Huang, Zhenyu; Joung, Manho; Kim, Janghoon; Kirschen, Daniel; Lee, Stephen; Li, Fangxing; Li, Juan; Li, Zuyi; Liu, Chen-Ching; Luo, Xiaochuan; Mili, Lamine; Miller, Stephen; Nakayama, Marvin; Papic, Milorad; Podmore, Robin; Rossmaier, John; Schneider, Kevin P.; Sun, Hongbin; Sun, Kai; Wang, David; Wu, Zhigang; Yao, Liangzhong; Zhang, Pei; Zhang, Wenjie; Zhang, Xiaoping

    2008-09-10

    Cascading failures present severe threats to power grid security, and thus vulnerability assessment of power grids is of significant importance. Focusing on analytic methods, this paper reviews the state of the art of vulnerability assessment methods in the context of cascading failures in three categories: steady-state modeling based analysis; dynamic modeling analysis; and non-traditional modeling approaches. The impact of emerging technologies including phasor technology, high-performance computing techniques, and visualization techniques on the vulnerability assessment of cascading failures is then addressed, and future research directions are presented.

  9. Integrated Security System | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Integrated Security System Integrated Security System A security platform providing multi-layer intrusion detection and security management for a networked energy control systems architecture Integrated Security System (1.49 MB) More Documents & Publications Cybersecurity for Energy Delivery Systems 2010 Peer Review Presentations - Vulnerability and Intrusion Detection Protecting Intelligent Distributed Power Grids Against Cyber Attacks - May 2008 Impacts of IPv6 on Infrastructure Control

  10. Plutonium Vulnerability Management Plan

    SciTech Connect (OSTI)

    1995-03-01

    This Plutonium Vulnerability Management Plan describes the Department of Energy`s response to the vulnerabilities identified in the Plutonium Working Group Report which are a result of the cessation of nuclear weapons production. The responses contained in this document are only part of an overall, coordinated approach designed to enable the Department to accelerate conversion of all nuclear materials, including plutonium, to forms suitable for safe, interim storage. The overall actions being taken are discussed in detail in the Department`s Implementation Plan in response to the Defense Nuclear Facilities Safety Board (DNFSB) Recommendation 94-1. This is included as Attachment B.

  11. U-011: Cisco Security Response: Cisco TelePresence Video Communication

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Server Cross-Site Scripting Vulnerability | Department of Energy 11: Cisco Security Response: Cisco TelePresence Video Communication Server Cross-Site Scripting Vulnerability U-011: Cisco Security Response: Cisco TelePresence Video Communication Server Cross-Site Scripting Vulnerability October 14, 2011 - 12:30pm Addthis PROBLEM: Cisco Security Response: Cisco TelePresence Video Communication Server Cross-Site Scripting Vulnerability PLATFORM: Version(s): VCS prior to 7.0 ABSTRACT: A

  12. U-196: Cisco AnyConnect VPN Client Two Vulnerabilities | Department of

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Energy 6: Cisco AnyConnect VPN Client Two Vulnerabilities U-196: Cisco AnyConnect VPN Client Two Vulnerabilities June 21, 2012 - 7:00am Addthis PROBLEM: Two vulnerabilities have been reported in Cisco AnyConnect VPN Client, which can be exploited by malicious people to compromise a user's system. PLATFORM: Cisco AnyConnect VPN Client 2.x Cisco AnyConnect VPN Client 3.x ABSTRACT: The Cisco AnyConnect Secure Mobility Client is affected by the following vulnerabilities: Cisco AnyConnect Secure

  13. Center for Control System Security

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Control System Security Critical Infrastructure is at Risk As America's infrastructures have become more complex and interconnected, their operation and control has become more complicated as well. Automated control systems have been widely deployed to operate these infrastructures, and coupled with the networks they use to transfer data are a security vulnerability for the infrastructures they control. The Center for Control System Security at Sandia National Laboratories works with several

  14. T-668: Vulnerability in a BlackBerry Enterprise Server component could allow information disclosure and partial denial of service

    Broader source: Energy.gov [DOE]

    This advisory describes a security issue in the BlackBerry Administration API component. Successful exploitation of the vulnerability could result in information disclosure and partial denial of service (DoS). The BlackBerry Administration API is a BlackBerry Enterprise Server component that is installed on the server that hosts the BlackBerry Administration Service. The BlackBerry Administration API contains multiple web services that receive API requests from client applications. The BlackBerry Administration API then translates requests into a format that the BlackBerry Administration Service can process.

  15. U-101: Mozilla Firefox / Thunderbird / SeaMonkey XBL Binding Use-After-Free Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in multiple Mozilla products, which can be exploited by malicious people to compromise a user's system.

  16. T-645: Microsoft Security Bulletin Advance Notification

    Broader source: Energy.gov [DOE]

    Microsoft provides the Microsoft Security Bulletin Advance Notification Service. This advance notification is intended to help our customers plan for effective deployment of security updates, and includes information about the number of new security updates being released, the software affected, severity levels of vulnerabilities, and information about any detection tools relevant to the updates.

  17. High Explosives Application Facility | National Nuclear Security...

    National Nuclear Security Administration (NNSA)

    Its mission is to provide this expertise to serve multiple government agencies, including DOE, DoD, Transportation Security Administration, Homeland Security, the FBI and other law ...

  18. Infrastructure Security

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    the computational, physics, and engineering capability spans multiple physics phenomenologies, engineering disciplines, and brings to bear massively parallel processing computational power to solve very complex problems that result in realistic estimates of potential consequences resulting from these types of postulated accidents. the Sar that is developed must go through rigorous external review before it goes to the national Security Council for approval prior to launch. this process provides

  19. Lessons Learned from Cyber Security Assessments of SCADA and Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Management Systems | Department of Energy Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems Results from ten cyber security vulnerability assessments of process control, SCADA, and energy management systems were reviewed to identify common problem areas. In each vulnerability category, relative measures were assigned to the severity. Lessons Learned from Cyber Security

  20. Climate Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Climate Vulnerabilities Climate Vulnerabilities The Energy Sector's Vulnerabilities to Climatic Conditions x Impacts Due to... Increasing Temperatures Decreasing Water Availability Increasing Storms, Flooding, and Sea Level Rise See All Impacts Map locations are approximate. Find out more about this data here. Click and drag the map to read about each location

  1. Departmental Personnel Security- Clearance Automation

    Broader source: Energy.gov [DOE]

    The primary objective of the DOE Integrated Security System (eDISS+) Initiative is to support the integration of multiple DOE security systems and databases. This integrated environment provides...

  2. A review of video security training and assessment-systems and their applications

    SciTech Connect (OSTI)

    Cellucci, J.; Hall, R.J. )

    1991-01-01

    This paper reports that during the last 10 years computer-aided video data collection and playback systems have been used as nuclear facility security training and assessment tools with varying degrees of success. These mobile systems have been used by trained security personnel for response force training, vulnerability assessment, force-on-force exercises and crisis management. Typically, synchronous recordings from multiple video cameras, communications audio, and digital sensor inputs; are played back to the exercise participants and then edited for training and briefing. Factors that have influence user acceptance include: frequency of use, the demands placed on security personnel, fear of punishment, user training requirements and equipment cost. The introduction of S-VHS video and new software for scenario planning, video editing and data reduction; should bring about a wider range of security applications and supply the opportunity for significant cost sharing with other user groups.

  3. Cyber Security Testing and Training Programs for Industrial Control Systems

    SciTech Connect (OSTI)

    Daniel Noyes

    2012-03-01

    Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall security posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These trainings vary from web-based cyber security trainings for control systems engineers to more advanced hands-on training that culminates with a Red Team/ Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors.

  4. Computer Security Risk Assessment

    Energy Science and Technology Software Center (OSTI)

    1992-02-11

    LAVA/CS (LAVA for Computer Security) is an application of the Los Alamos Vulnerability Assessment (LAVA) methodology specific to computer and information security. The software serves as a generic tool for identifying vulnerabilities in computer and information security safeguards systems. Although it does not perform a full risk assessment, the results from its analysis may provide valuable insights into security problems. LAVA/CS assumes that the system is exposed to both natural and environmental hazards and tomore » deliberate malevolent actions by either insiders or outsiders. The user in the process of answering the LAVA/CS questionnaire identifies missing safeguards in 34 areas ranging from password management to personnel security and internal audit practices. Specific safeguards protecting a generic set of assets (or targets) from a generic set of threats (or adversaries) are considered. There are four generic assets: the facility, the organization''s environment; the hardware, all computer-related hardware; the software, the information in machine-readable form stored both on-line or on transportable media; and the documents and displays, the information in human-readable form stored as hard-copy materials (manuals, reports, listings in full-size or microform), film, and screen displays. Two generic threats are considered: natural and environmental hazards, storms, fires, power abnormalities, water and accidental maintenance damage; and on-site human threats, both intentional and accidental acts attributable to a perpetrator on the facility''s premises.« less

  5. Security Policy

    Broader source: Energy.gov [DOE]

    The Office of Security Policy analyzes, develops and interprets safeguards and security policy governing national security functions and the protection of related critical assets entrusted to the...

  6. NNSA: Securing Domestic Radioactive Material | National Nuclear Security

    National Nuclear Security Administration (NNSA)

    Administration | (NNSA) NNSA: Securing Domestic Radioactive Material May 29, 2014 Mission In 2004 NNSA established the Global Threat Reduction Initiative (GTRI) in the Office of Defense Nuclear Nonproliferation to, as quickly as possible, identify, secure, remove and/or facilitate the disposition of high risk nuclear and radiological materials around the world that pose a threat to the United States and the international community. GTRI's mission is to reduce and protect vulnerable nuclear

  7. System and method for secure group transactions

    DOE Patents [OSTI]

    Goldsmith, Steven Y.

    2006-04-25

    A method and a secure system, processing on one or more computers, provides a way to control a group transaction. The invention uses group consensus access control and multiple distributed secure agents in a network environment. Each secure agent can organize with the other secure agents to form a secure distributed agent collective.

  8. Cyber Security Audit and Attack Detection Toolkit: National SCADA Test Bed

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    May 2008 | Department of Energy Security Audit and Attack Detection Toolkit: National SCADA Test Bed May 2008 Cyber Security Audit and Attack Detection Toolkit: National SCADA Test Bed May 2008 This project of the cyber security audit and attack detection toolkit is adding control system intelligence to widely deployed enterprise vulnerability scanners and security event managers While many energy utilities employ vulnerability scanners and security event managers (SEM) on their enterprise

  9. V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 7: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability December 28, 2012 - 6:00am Addthis PROBLEM: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability PLATFORM: eXtplorer 2.x ABSTRACT: A vulnerability has been reported in eXtplorer, which can be exploited by malicious people to bypass certain security restrictions. REFERENCE LINKS: Secunia Advisory

  10. V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 57: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability V-057: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability December 28, 2012 - 6:00am Addthis December 28 2012 - 6:00am PROBLEM: eXtplorer "ext_find_user()" Authentication Bypass Vulnerability PLATFORM: eXtplorer 2.x ABSTRACT: A vulnerability has been reported in eXtplorer, which can be exploited by malicious people to bypass certain security restrictions.

  11. V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    | Department of Energy 6: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability V-236: MediaWiki CentralAuth Extension Authentication Bypass Vulnerability September 6, 2013 - 4:36am Addthis PROBLEM: A vulnerability has been reported in the CentralAuth extension for MediaWiki, which can be exploited by malicious people to bypass certain security restrictions. PLATFORM: MediaWiki CentralAuth Extension ABSTRACT: A vulnerability has been reported in the CentralAuth extension for

  12. LESSONS LEARNED FROM CYBER SECURITY ASSESSMENTS OF SCADA AND ENERGY MANAGEMENT SYSTEMS

    SciTech Connect (OSTI)

    Ray Fink

    2006-10-01

    The results from ten cyber security vulnerability assessments of process control, SCADA and energy management systems, or components of those systems were reviewed to identify common problem areas. The common vulnerabilities ranged from conventional IT security issues to specific weaknesses in control system protocols. In each vulnerability category, relative measures were assigned to the severity of the vulnerability and ease with which an attacker could exploit the vulnerability. Suggested mitigations are identified in each category. Recommended mitigations having the highest impact on reducing vulnerability are listed for asset owners and system vendors.

  13. V-230: IBM TRIRIGA Application Platform Multiple Cross-Site Scripting

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Vulnerabilities | Department of Energy 0: IBM TRIRIGA Application Platform Multiple Cross-Site Scripting Vulnerabilities V-230: IBM TRIRIGA Application Platform Multiple Cross-Site Scripting Vulnerabilities August 29, 2013 - 4:10am Addthis PROBLEM: Multiple vulnerabilities have been reported in IBM TRIRIGA Application Platform, which can be exploited by malicious people to conduct cross-site scripting attacks. PLATFORM: IBM TRIRIGA Application Platform 2.x ABSTRACT: The vulnerabilities are

  14. Introduction SCADA Security for Managers and Operators | Department of

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Energy Introduction SCADA Security for Managers and Operators Introduction SCADA Security for Managers and Operators SCADA Test Bed introduction to managers and operators in the field- To establish a National capability to support industry and government in addressing control system cyber security and vulnerabilities in the energy sector Introduction SCADA Security for Managers and Operators (8.15 MB) More Documents & Publications Intermediate SCADA Security Training Course Slides

  15. Sandia National Laboratories: National Security Missions: International

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Homeland and Nuclear Security: Cyber and Infrastructure Security Cyber and Infrastructure Security Cyber Infrastructure Image We assess physical and cyber vulnerabilities under a common risk-management framework. We conduct large-scale analyses to understand infrastructure interdependencies and guide efforts to improve resiliency. We develop technologies for preventing disruption and enhancing recovery in vital cyber systems. We are committed to working with U.S. government agencies to

  16. SECURITY-CLEARENCE-TRACKING-SYSTEM.pdf

    Energy Savers [EERE]

    Department of Energy SECURING OIL AND NATURAL GAS INFRASTRUCTURES IN THE NEW ECONOMY SECURING OIL AND NATURAL GAS INFRASTRUCTURES IN THE NEW ECONOMY Based on the finding of a growing potential vulnerability, the President of the United States issued, in May 1998, a directive outlining the Administration's policy on critical infrastructure protection. SECURING OIL AND NATURAL GAS INFRASTRUCTURES IN THE NEW ECONOMY (1.55 MB) More Documents & Publications Energy Sector-Specific Plan: An

  17. V-069: BlackBerry Tablet OS Adobe Flash Player and Samba Multiple...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    9: BlackBerry Tablet OS Adobe Flash Player and Samba Multiple Vulnerabilities V-069: BlackBerry Tablet OS Adobe Flash Player and Samba Multiple Vulnerabilities January 15, 2013 -...

  18. Regional Climate Vulnerabilities and Resilience Solutions | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Regional Climate Vulnerabilities and Resilience Solutions Regional Climate Vulnerabilities and Resilience Solutions This interactive map is not viewable in your browser. Please ...

  19. Assessing Climate Change Impacts, Vulnerability and Adaptation...

    Open Energy Info (EERE)

    Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed Jump to: navigation, search Name Assessing Climate Change Impacts, Vulnerability...

  20. Method and tool for network vulnerability analysis

    DOE Patents [OSTI]

    Swiler, Laura Painton; Phillips, Cynthia A.

    2006-03-14

    A computer system analysis tool and method that will allow for qualitative and quantitative assessment of security attributes and vulnerabilities in systems including computer networks. The invention is based on generation of attack graphs wherein each node represents a possible attack state and each edge represents a change in state caused by a single action taken by an attacker or unwitting assistant. Edges are weighted using metrics such as attacker effort, likelihood of attack success, or time to succeed. Generation of an attack graph is accomplished by matching information about attack requirements (specified in "attack templates") to information about computer system configuration (contained in a configuration file that can be updated to reflect system changes occurring during the course of an attack) and assumed attacker capabilities (reflected in "attacker profiles"). High risk attack paths, which correspond to those considered suited to application of attack countermeasures given limited resources for applying countermeasures, are identified by finding "epsilon optimal paths."

  1. MODELING UNDERGROUND STRUCTURE VULNERABILITY IN JOINTED ROCK

    SciTech Connect (OSTI)

    R. SWIFT; D. STEEDMAN

    2001-02-01

    The vulnerability of underground structures and openings in deep jointed rock to ground shock attack is of chief concern to military planning and security. Damage and/or loss of stability to a structure in jointed rock, often manifested as brittle failure and accompanied with block movement, can depend significantly on jointed properties, such as spacing, orientation, strength, and block character. We apply a hybrid Discrete Element Method combined with the Smooth Particle Hydrodynamics approach to simulate the MIGHTY NORTH event, a definitive high-explosive test performed on an aluminum lined cylindrical opening in jointed Salem limestone. Representing limestone with discrete elements having elastic-equivalence and explicit brittle tensile behavior and the liner as an elastic-plastic continuum provides good agreement with the experiment and damage obtained with finite-element simulations. Extending the approach to parameter variations shows damage is substantially altered by differences in joint geometry and liner properties.

  2. Security Officer

    Broader source: Energy.gov [DOE]

    This position is located in the Security and Continuity of Operations (NN) organization of the Chief Administrative Office (N), Bonneville Power Administration. The Security and Continuity of...

  3. National Security and Cyber Security

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    National Security and Cyber Security National Security and Cyber Security National security depends on science and technology. The United States relies on Los Alamos National Laboratory for the best of both. No place on Earth pursues a broader array of world-class scientific endeavors. Contact thumbnail of Business Development Business Development Richard P. Feynman Center for Innovation (505) 665-9090 Email National security and weapons science at the laboratory spans essentially all the

  4. U-117: Potential security vulnerability has been identified with...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Senders ABSTRACT: Remote attackers could execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update. reference LINKS: Vendor Advisory...

  5. V-033: ownCloud Cross-Site Scripting and File Upload Vulnerabilities |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy 3: ownCloud Cross-Site Scripting and File Upload Vulnerabilities V-033: ownCloud Cross-Site Scripting and File Upload Vulnerabilities November 26, 2012 - 2:00am Addthis PROBLEM: ownCloud Cross-Site Scripting and File Upload Vulnerabilities PLATFORM: ownCloud 4.5.2, 4.5.1, 4.0.9 ABSTRACT: Multiple vulnerabilities have been reported in ownCloud REFERENCE LINKS: ownCloud Server Advisories Secunia Advisory SA51357 IMPACT ASSESSMENT: Medium DISCUSSION: 1) Input passed via the

  6. Securing Infrastructure from High Explosive Threats

    SciTech Connect (OSTI)

    Glascoe, L; Noble, C; Reynolds, J; Kuhl, A; Morris, J

    2009-03-20

    Lawrence Livermore National Laboratory (LLNL) is working with the Department of Homeland Security's Science and Technology Directorate, the Transportation Security Administration, and several infrastructure partners to characterize and help mitigate principal structural vulnerabilities to explosive threats. Given the importance of infrastructure to the nation's security and economy, there is a clear need for applied research and analyses (1) to improve understanding of the vulnerabilities of these systems to explosive threats and (2) to provide decision makers with time-critical technical assistance concerning countermeasure and mitigation options. Fully-coupled high performance calculations of structural response to ideal and non-ideal explosives help bound and quantify specific critical vulnerabilities, and help identify possible corrective schemes. Experimental validation of modeling approaches and methodologies builds confidence in the prediction, while advanced stochastic techniques allow for optimal use of scarce computational resources to efficiently provide infrastructure owners and decision makers with timely analyses.

  7. Safety, Security

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Safety, Security Safety, Security The Lab's mission is to develop and apply science and technology to ensure the safety, security, and reliability of the U.S. nuclear deterrent; reduce global threats; and solve other emerging national security and energy challenges. Contact Operator Los Alamos National Laboratory (505) 667-5061 We do not compromise safety for personal, programmatic, or operational reasons. Safety: we integrate safety, security, and environmental concerns into every step of our

  8. U-106: Citrix XenServer Multiple Flaws in Web Self Service Have Unspecified Impact

    Broader source: Energy.gov [DOE]

    A number of security vulnerabilities have been identified in the management web interface of Citrix XenServer Web Self Service.

  9. Nuclear safeguards and security: we can do better.

    SciTech Connect (OSTI)

    Johnston, R. G.; Warner, Jon S.; Garcia, A. R. E.; Martinez, R. K.; Lopez, L. N.; Pacheco, A. N.; Trujillo, S. J.; Herrera, A. M.; Bitzer, E. G. , III

    2005-01-01

    There are a number of practical ways to significantly improve nuclear safeguards and security. These include recognizing and minimizing the insider threat; using adversarial vulnerability assessments to find vulnerabilities and countermeasures; fully appreciating the disparate nature of domestic and international nuclear safeguards; improving tamper detection and tamper-indicating seals; not confusing the inventory and security functions; and recognizing the limitations of GPS tracking, contact memory buttons, and RFID tags. The efficacy of nuclear safeguards depends critically on employing sophisticated security strategies and effective monitoring hardware. The Vulnerability Assessment Team (VAT) at Los Alamos National Laboratory has extensively researched issues associated with nuclear safeguards, especially in the areas of tamper/intrusion detection, transport security, and vulnerability assessments. This paper discusses some of our findings, recommendations, and warnings.

  10. Secure key storage and distribution

    SciTech Connect (OSTI)

    Agrawal, Punit

    2015-06-02

    This disclosure describes a distributed, fault-tolerant security system that enables the secure storage and distribution of private keys. In one implementation, the security system includes a plurality of computing resources that independently store private keys provided by publishers and encrypted using a single security system public key. To protect against malicious activity, the security system private key necessary to decrypt the publication private keys is not stored at any of the computing resources. Rather portions, or shares of the security system private key are stored at each of the computing resources within the security system and multiple security systems must communicate and share partial decryptions in order to decrypt the stored private key.

  11. security | National Nuclear Security Administration

    National Nuclear Security Administration (NNSA)

    security NNSA Announces 2015 Bradley A. Peterson Federal and Contractor Security Professional of the Year Awards WASHINGTON, D.C. - The Department of Energy's National Nuclear Security Administration (DOE/NNSA) announced the recipients of the Bradley A. Peterson Federal and Contractor Security Professional of the Year Awards. Joseph Houghton from the Los Alamos Field Office will receive... Apex Gold discussion fosters international cooperation in run-up to 2016 Nuclear Security Summit

  12. Cyber-Based Vulnerability Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Safety, Security & Resilience of the Energy Infrastructure Energy Storage Nuclear Power & Engineering Grid Modernization Battery Testing Nuclear Fuel Cycle Defense Waste Management ...

  13. Cyber Assessment Methods for SCADA Security

    SciTech Connect (OSTI)

    Not Available

    2005-06-01

    The terrorist attacks of September 11, 2001 brought to light threats and vulnerabilities that face the United States. In response, the U.S. Government is directing the effort to secure the nation's critical infrastructure by creating programs to implement the National Strategy to Secure Cyberspace (1). One part of this effort involves assessing Supervisory Control and Data Acquisition (SCADA) systems. These systems are essential to the control of critical elements of our national infrastructure, such as electric power, oil, and gas production and distribution. Since their incapacitation or destruction would have a debilitating impact on the defense or economic security of the United States, one of the main objectives of this program is to identify vulnerabilities and encourage the public and private sectors to work together to design secure control systems that resolve these weaknesses. This paper describes vulnerability assessment methodologies used in ongoing research and assessment activities designed to identify and resolve vulnerabilities so as to improve the security of the nation's critical infrastructure.

  14. Cyber Assessment Methods For SCADA Security

    SciTech Connect (OSTI)

    May Robin Permann; Kenneth Rohde

    2005-06-01

    The terrorist attacks of September 11, 2001 brought to light threats and vulnerabilities that face the United States. In response, the U.S. Government is directing the effort to secure the nation's critical infrastructure by creating programs to implement the National Strategy to Secure Cyberspace (1). One part of this effort involves assessing Supervisory Control and Data Acquisition (SCADA) systems. These systems are essential to the control of critical elements of our national infrastructure, such as electric power, oil, and gas production and distribution. Since their incapacitation or destruction would have a debilitating impact on the defense or economic security of the United States, one of the main objectives of this program is to identify vulnerabilities and encourage the public and private sectors to work together to design secure control systems that resolve these weaknesses. This paper describes vulnerability assessment methodologies used in ongoing research and assessment activities designed to identify and resolve vulnerabilities so as to improve the security of the nation's critical infrastructure.

  15. National Security Facility (NSF) | Argonne National Laboratory

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    National Security Facility (NSF) National Security Facility (NSF) Argonne National Laboratory's National Security Facility (NSF) is a flexible, state-of-the-art secure user facility that contains multiple national security networks, video teleconference capability, high-resolution graphics support, a fully powered and cooled data center, multi-level training facilities, and conferencing facilities. The NSF provides tools and resources to enable and strengthen connections between government

  16. V-043: Perl Locale::Maketext Module '_compile()' Multiple Code...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    V-043: Perl Locale::Maketext Module 'compile()' Multiple Code Injection Vulnerabilities ... Arbitrary Code and View Arbitrary Files V-002: EMC NetWorker Module for Microsoft ...

  17. U-277: Google Chrome Multiple Flaws Let Remote Users Execute...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Addthis PROBLEM: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Version(s): prior to 22.0.1229.92 ABSTRACT: Several vulnerabilities were...

  18. V-145: IBM Tivoli Federated Identity Manager Products Java Multiple...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    V-145: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities April 30, 2013 - 12:09am Addthis PROBLEM: IBM Tivoli Federated Identity Manager Products Java ...

  19. T-570: HP Security Bulletin- HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS), Authentication Bypass

    Broader source: Energy.gov [DOE]

    A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to execute arbitrary code or create a Denial of Service (DoS) or an authentication bypass.

  20. Water Security

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    SunShot Grand Challenge: Regional Test Centers Water Security HomeTag:Water Security Electricity use by water service sector and county. Shown are electricity use by (a) ...

  1. Costs of strikes between vulnerable missile forces

    SciTech Connect (OSTI)

    Canavan, G.H.

    1997-02-01

    This note derives the first and second strike magnitudes and costs for strikes between vulnerable missile forces with multiple warheads. The extension to mixes with invulnerable missiles is performed in a companion note. Stability increases as the number of weapons per missile is reduced. The optimal allocation of weapons between missiles and value is significant in predicting the stability impact of the reduction of the number of weapons per missile at large numbers of missiles, less significant in reducing the number of missiles for fixed weapons per missile. At low numbers of missiles, the stability indices for singlet and triplet configurations are comparable, as are the number of weapons each would deliver on value targets.

  2. Employee Concerns Reporting Form | National Nuclear Security...

    National Nuclear Security Administration (NNSA)

    Nature of concern * Safety Health EEO Human Resources Quality Security Environmental Workplace Violence FraudWasteAbuse Management Mismanagement Multiple Concerns Other concern ...

  3. Microgrid cyber security reference architecture.

    SciTech Connect (OSTI)

    Veitch, Cynthia K.; Henry, Jordan M.; Richardson, Bryan T.; Hart, Derek H.

    2013-07-01

    This document describes a microgrid cyber security reference architecture. First, we present a high-level concept of operations for a microgrid, including operational modes, necessary power actors, and the communication protocols typically employed. We then describe our motivation for designing a secure microgrid; in particular, we provide general network and industrial control system (ICS)-speci c vulnerabilities, a threat model, information assurance compliance concerns, and design criteria for a microgrid control system network. Our design approach addresses these concerns by segmenting the microgrid control system network into enclaves, grouping enclaves into functional domains, and describing actor communication using data exchange attributes. We describe cyber actors that can help mitigate potential vulnerabilities, in addition to performance bene ts and vulnerability mitigation that may be realized using this reference architecture. To illustrate our design approach, we present a notional a microgrid control system network implementation, including types of communica- tion occurring on that network, example data exchange attributes for actors in the network, an example of how the network can be segmented to create enclaves and functional domains, and how cyber actors can be used to enforce network segmentation and provide the neces- sary level of security. Finally, we describe areas of focus for the further development of the reference architecture.

  4. Cyber Security Requirements for Risk Management

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2004-02-19

    The Notice ensures that system owners consistently assess the threats to and vulnerabilities of systems in order to implement adequate security controls. The Notice will also ensure compliance with the requirements of DOE O 205.1, Department of Energy Cyber Security Management Program, dated 3-21-03, and protect DOE information and information systems from unauthorized access, use, disclosure, modification, or destruction. DOE N 205.15, dated 3/18/05, extends this directive until 3/18/06.

  5. V-087: Adobe Flash Player Two Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities are reported as 0-day which can be exploited by malicious people to compromise a user's system.

  6. Temperature-based Instanton Analysis: Identifying Vulnerability in Transmission Networks

    SciTech Connect (OSTI)

    Kersulis, Jonas; Hiskens, Ian; Chertkov, Michael; Backhaus, Scott N.; Bienstock, Daniel

    2015-04-08

    A time-coupled instanton method for characterizing transmission network vulnerability to wind generation fluctuation is presented. To extend prior instanton work to multiple-time-step analysis, line constraints are specified in terms of temperature rather than current. An optimization formulation is developed to express the minimum wind forecast deviation such that at least one line is driven to its thermal limit. Results are shown for an IEEE RTS-96 system with several wind-farms.

  7. Vulnerability of critical infrastructures : identifying critical nodes.

    SciTech Connect (OSTI)

    Cox, Roger Gary; Robinson, David Gerald

    2004-06-01

    The objective of this research was the development of tools and techniques for the identification of critical nodes within critical infrastructures. These are nodes that, if disrupted through natural events or terrorist action, would cause the most widespread, immediate damage. This research focuses on one particular element of the national infrastructure: the bulk power system. Through the identification of critical elements and the quantification of the consequences of their failure, site-specific vulnerability analyses can be focused at those locations where additional security measures could be effectively implemented. In particular, with appropriate sizing and placement within the grid, distributed generation in the form of regional power parks may reduce or even prevent the impact of widespread network power outages. Even without additional security measures, increased awareness of sensitive power grid locations can provide a basis for more effective national, state and local emergency planning. A number of methods for identifying critical nodes were investigated: small-world (or network theory), polyhedral dynamics, and an artificial intelligence-based search method - particle swarm optimization. PSO was found to be the only viable approach and was applied to a variety of industry accepted test networks to validate the ability of the approach to identify sets of critical nodes. The approach was coded in a software package called Buzzard and integrated with a traditional power flow code. A number of industry accepted test networks were employed to validate the approach. The techniques (and software) are not unique to power grid network, but could be applied to a variety of complex, interacting infrastructures.

  8. National Security Complex | National Nuclear Security Administration

    National Nuclear Security Administration (NNSA)

    Security Complex Y-12 National Security Complex Completes W69 Dismantlement

  9. Radiological Security Partnership | National Nuclear Security

    National Nuclear Security Administration (NNSA)

    Administration | (NNSA) Programs / Nonproliferation / Global Material Security / Radiological Security Radiological Security Partnership Radiological Security Partnership Secure Your Business, Your Community, and Your Country. Sign Up Today for Services Provided by the Radiological Security Partnership. RSP Logo Initiative of the Global Material Security Program Formerly the Global Threat Reduction Initiative RSP Registration RSP More Info Learn More Radiological Security Partnership

  10. T-626: Xen Multiple Buffer Overflow and Integer Overflow Vulnerabilities

    Broader source: Energy.gov [DOE]

    It was found that the xc_try_bzip2_decode() and xc_try_lzma_decode() decode routines did not correctly check for a possible buffer size overflow in the decoding loop. As well, several integer overflow flaws and missing error/range checking were found that could lead to an infinite loop. A privileged guest user could use these flaws to crash the guest or, possibly, execute arbitrary code in the privileged management domain (Dom0). (CVE-2011-1583)

  11. V-105: Google Chrome Multiple Vulnerabilities | Department of...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    navigation handling. 3) An error in Web Audio can be exploited to cause memory corruption. 4) A use-after-free error exists in SVG animations. 5) An error in Indexed DB can...

  12. U-202: Apple QuickTime Multiple Stack Overflow Vulnerabilities

    Broader source: Energy.gov [DOE]

    Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.

  13. V-081: Wireshark Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    High DISCUSSION: 1) Errors in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors can be exploited to...

  14. U-002:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities

    Broader source: Energy.gov [DOE]

    A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

  15. U-022: Apple QuickTime Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

  16. V-041: Red Hat CloudForms Multiple Vulnerabilities | Department...

    Energy Savers [EERE]

    installed as world readable can be exploited to disclose e.g. the administrative password. 4) An error due to grinder having insecure permissions for the cache folder (var...

  17. V-023: Microsoft Security Bulletin Advance Notification for November 2012

    Broader source: Energy.gov [DOE]

    Microsoft Security Bulletin Advance Notification for November 2012. Microsoft has posted 4 Critical Bulletins and 1 Important Bulletins. Bulletins with the Maximum Severity Rating and Vulnerability Impact of "Critical" may allow remote execution of code.Microsoft will host a webcast to address customer questions on the security bulletins on November 14, 2012, at 11:00 AM Pacific Time (US & Canada).

  18. V-064: Microsoft Security Bulletin Advance Notification for January 2013

    Broader source: Energy.gov [DOE]

    Microsoft Security Bulletin Advance Notification for January 2013 . Microsoft has posted 2 Critical Bulletins and 5 Important Bulletins. Bulletins with the Maximum Severity Rating and Vulnerability Impact of "Critical" may allow remote execution of code. Microsoft will host a webcast to address customer questions on the security bulletins on January 9, 2013, at 11:00 AM Pacific Time (US & Canada).

  19. V-042: Microsoft Security Bulletin Advance Notification for December 2012

    Broader source: Energy.gov [DOE]

    Microsoft Security Bulletin Advance Notification for December 2012. Microsoft has posted 5 Critical Bulletins and 2 Important Bulletins. Bulletins with the Maximum Severity Rating and Vulnerability Impact of "Critical" may allow remote execution of code. Microsoft will host a webcast to address customer questions on the security bulletins on December 12, 2012, at 11:00 AM Pacific Time (US & Canada).

  20. V-130: Microsoft Security Bulletin Advance Notification for April 2013

    Broader source: Energy.gov [DOE]

    Microsoft Security Bulletin Advance Notification for April 2013. Microsoft has posted 2 Critical Bulletins and 7 Important Bulletins. Bulletins with the Maximum Severity Rating and Vulnerability Impact of "Critical" may allow remote execution of code. Microsoft will host a webcast to address customer questions on the security bulletins on April 10, 2013, at 11:00 AM Pacific Time (US & Canada).

  1. V-108: Microsoft Security Bulletin Advance Notification for March 2013

    Broader source: Energy.gov [DOE]

    Microsoft Security Bulletin Advance Notification for March 2013. Microsoft has posted 4 Critical Bulletins and 3 Important Bulletins. Bulletins with the Maximum Severity Rating and Vulnerability Impact of "Critical" may allow remote execution of code. Microsoft will host a webcast to address customer questions on the security bulletins on March 13, 2013, at 11:00 AM Pacific Time (US & Canada).

  2. V-154: Microsoft Security Bulletin Advance Notification for May 2013

    Broader source: Energy.gov [DOE]

    Microsoft Security Bulletin Advance Notification for May 2013. Microsoft has posted 2 Critical Bulletins and 8 Important Bulletins. Bulletins with the Maximum Severity Rating and Vulnerability Impact of "Critical" may allow remote execution of code. Microsoft will host a webcast to address customer questions on the security bulletins on May 15, 2013, at 11:00 AM Pacific Time (US & Canada).

  3. V-175: Microsoft Security Bulletin Advance Notification for June 2013

    Broader source: Energy.gov [DOE]

    Microsoft Security Bulletin Advance Notification for June 2013. Microsoft has posted 1 Critical Bulletin and 4 Important Bulletins. Bulletins with the Maximum Severity Rating and Vulnerability Impact of "Critical" June allow remote execution of code. Microsoft will host a webcast to address customer questions on the security bulletins on June 12, 2013, at 11:00 AM Pacific Time (US & Canada).

  4. V-196: Microsoft Security Bulletin Advance Notification for July 2013

    Broader source: Energy.gov [DOE]

    Microsoft Security Bulletin Advance Notification for July 2013. Microsoft has posted 6 Critical Bulletin and 1 Important Bulletins. Bulletins with the Maximum Severity Rating and Vulnerability Impact of "Critical" July allow remote execution of code. Microsoft will host a webcast to address customer questions on the security bulletins on July 10, 2013, at 11:00 AM Pacific Time (US & Canada).

  5. V-088: Microsoft Security Bulletin Advance Notification for February 2013

    Broader source: Energy.gov [DOE]

    Microsoft Security Bulletin Advance Notification for February 2013. Microsoft has posted 5 Critical Bulletins and 7 Important Bulletins. Bulletins with the Maximum Severity Rating and Vulnerability Impact of "Critical" may allow remote execution of code. Microsoft will host a webcast to address customer questions on the security bulletins on February 13, 2013, at 11:00 AM Pacific Time (US & Canada).

  6. U-057: Microsoft Security Bulletin Advance Notification for December 2011

    Broader source: Energy.gov [DOE]

    Microsoft Security Bulletin Advance Notification for December 2011. Microsoft has posted 3 Critical Bulletins and 11 Important bulletins. Bulletins with the Maximum Severity Rating and Vulnerability Impact of "Critical" may allow propagation of Internet worm without user action. Microsoft will host a webcast to address customer questions on the security bulletins on December 14, 2011, at 11:00 AM Pacific Time (US & Canada).

  7. Cybersecurity Intrusion Detection and Security Monitoring for Field Area Networks

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Intrusion Detection and Security Monitoring for Field Area Networks Continuous security validation, intrusion detection, and situational awareness for advanced metering infrastructure and distribution automation Background Advanced metering infrastructure (AMI) and distribution automation (DA) field area networks (FANs) are among the largest, possibly most complex, networks operated by utilities in the United States. Exploitable vulnerabilities in AMI and DA systems may arise from weaknesses in

  8. An Overview of High-performance Parallel Big Data transfers over multiple network channels with Transport Layer Security (TLS) and TLS plus Perfect Forward Secrecy (PFS)

    SciTech Connect (OSTI)

    Fang, Chin; Corttrell, R. A.

    2015-05-06

    This Technical Note provides an overview of high-performance parallel Big Data transfers with and without encryption for data in-transit over multiple network channels. It shows that with the parallel approach, it is feasible to carry out high-performance parallel "encrypted" Big Data transfers without serious impact to throughput. But other impacts, e.g. the energy-consumption part should be investigated. It also explains our rationales of using a statistics-based approach for gaining understanding from test results and for improving the system. The presentation is of high-level nature. Nevertheless, at the end we will pose some questions and identify potentially fruitful directions for future work.

  9. V-145: IBM Tivoli Federated Identity Manager Products Java Multiple

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Vulnerabilities | Department of Energy 45: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities V-145: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities April 30, 2013 - 12:09am Addthis PROBLEM: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities PLATFORM: IBM Tivoli Federated Identity Manager versions 6.1, 6.2.0, 6.2.1, and 6.2.2. IBM Tivoli Federated Identity Manager Business Gateway versions 6.1.1, 6.2.0, 6.2.1

  10. Global security

    ScienceCinema (OSTI)

    Lynch, Patrick

    2014-07-15

    Patrick Lynch helps technical staff, academic leaders and governments around the world improve the safety and security of their nuclear power programs.

  11. physical security

    National Nuclear Security Administration (NNSA)

    5%2A en Physical Security Systems http:nnsa.energy.govaboutusourprogramsnuclearsecurityphysicalsecuritysystems

  12. Security Specialist

    Broader source: Energy.gov [DOE]

    These positions are located in the Office of Enterprise Assessments (EA), Office of Security Enforcement. A successful candidate in this position will rovide technical assistance to the Director,...

  13. Global security

    SciTech Connect (OSTI)

    Lynch, Patrick

    2014-07-14

    Patrick Lynch helps technical staff, academic leaders and governments around the world improve the safety and security of their nuclear power programs.

  14. Infrastructure Security

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    and Small Modular reactors projects. the collaboration takes place under the umbrella of a joint oUSnl "Center for Energy, Security and Society". the Center serves to...

  15. Water Security

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Water Security - Sandia Energy Energy Search Icon Sandia Home Locations Contact Us ... Energy Conversion Efficiency Solar Energy Wind Energy Water Power Supercritical CO2 ...

  16. Process Control Systems in the Chemical Industry: Safety vs. Security

    SciTech Connect (OSTI)

    Jeffrey Hahn; Thomas Anderson

    2005-04-01

    Traditionally, the primary focus of the chemical industry has been safety and productivity. However, recent threats to our nations critical infrastructure have prompted a tightening of security measures across many different industry sectors. Reducing vulnerabilities of control systems against physical and cyber attack is necessary to ensure the safety, security and effective functioning of these systems. The U.S. Department of Homeland Security has developed a strategy to secure these vulnerabilities. Crucial to this strategy is the Control Systems Security and Test Center (CSSTC) established to test and analyze control systems equipment. In addition, the CSSTC promotes a proactive, collaborative approach to increase industry's awareness of standards, products and processes that can enhance the security of control systems. This paper outlines measures that can be taken to enhance the cybersecurity of process control systems in the chemical sector.

  17. V-134: Cisco AnyConnect Secure Mobility Client Heap Overflow Lets Local

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Users Gain Elevated Privileges | Department of Energy 4: Cisco AnyConnect Secure Mobility Client Heap Overflow Lets Local Users Gain Elevated Privileges V-134: Cisco AnyConnect Secure Mobility Client Heap Overflow Lets Local Users Gain Elevated Privileges April 15, 2013 - 1:30am Addthis PROBLEM: Cisco AnyConnect Secure Mobility Client Heap Overflow Lets Local Users Gain Elevated Privileges PLATFORM: Cisco AnyConnect Secure Mobility Client Cisco Secure Desktop ABSTRACT: Some vulnerabilities

  18. Infrastructure Security EXCEPTIONAL SERVICE IN THE NATIONAL INTEREST

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    5759P Nuclear Cyber Vulnerability Sandia National Laboratories has conducted cyber-based vulnerability assessments on multiple commercial digital I&C platforms being deployed in the nuclear industry for the purpose of identifying vulnerabilities and improving the design and implementation of these systems. The assessment methodology has been developed at Sandia and is used to determine the risk associated with the design, configuration and operation of cyber-based products. Threat

  19. Secure Transportation of HEU in Romania

    SciTech Connect (OSTI)

    2009-07-06

    The National Nuclear Security Administration has announced the final shipments of Russian-origin highly enriched uranium (HEU) nuclear fuel from Romania. The material was removed and returned to Russia by air for storage at two secure nuclear facilities, making Romania the first country to remove all HEU since President Obama outlined his commitment to securing all vulnerable nuclear material around the world within four years. This was also the first time NNSA has shipped spent HEU by airplane, a development that will help accelerate efforts to meet the Presidents objective.

  20. Physical Security

    SciTech Connect (OSTI)

    2008-01-01

    The future of physical security at government facilities and national laboratories is rapidly progressing beyond the cliché of gates, guns and guards, and is quickly being replaced by radars, sensors and cameras. Learn more about INL's security research at http://www.facebook.com/idahonationallaboratory.

  1. DOE - NNSA/NFO -- National Security Technologies Contract Award

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Award NNSA/NFO Language Options U.S. DOE/NNSA - Nevada Field Office TechSource, Inc. Contract Award TechSource, Inc. is the security support contractor responsible for operating the Badge Office, managing the Vulnerability Assessment lab, maintaining OPSEC and security awareness programs, security clearances, and classified matter protection. The contract valued at approximately $12,383,205 was awarded on 5/28/2015. The contract period of performance is July 1, 2015 through June 30, 2016

  2. Intermediate SCADA Security Training Course Slides (September 2006) |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Department of Energy Intermediate SCADA Security Training Course Slides (September 2006) Intermediate SCADA Security Training Course Slides (September 2006) Presentation for Intermediate SCADA Security, SS-2 SANS SCADA Summit, September 28-29, 2006. The class enabled attendees to develop an understanding of tools and methods that can be used to discover and identify system vulnerabilities (CIP-005 R3.2, CIP-005 R4, & CIP-007 R8); develop mitigation strategies for resolving these issues

  3. Methodology for prioritizing cyber-vulnerable critical infrastructure equipment and mitigation strategies.

    SciTech Connect (OSTI)

    Dawson, Lon Andrew; Stinebaugh, Jennifer A.

    2010-04-01

    The Department of Homeland Security (DHS), National Cyber Security Division (NSCD), Control Systems Security Program (CSSP), contracted Sandia National Laboratories to develop a generic methodology for prioritizing cyber-vulnerable, critical infrastructure assets and the development of mitigation strategies for their loss or compromise. The initial project has been divided into three discrete deliverables: (1) A generic methodology report suitable to all Critical Infrastructure and Key Resource (CIKR) Sectors (this report); (2) a sector-specific report for Electrical Power Distribution; and (3) a sector-specific report for the water sector, including generation, water treatment, and wastewater systems. Specific reports for the water and electric sectors are available from Sandia National Laboratories.

  4. Software security for a network storage service

    SciTech Connect (OSTI)

    Haynes, R.A.; Kelly, S.M.

    1992-09-01

    In 1991, Sandia National Laboratories acquired a Network Storage Service (NSS) as a result of a fully competitive procurement. The Network Storage Service, which provides access to over a terabyte of data storage in a two-tiered hierarchy, had minimal software security features. Before the NSS could be placed into production, it had to be accredited by the Department of Energy, Sandia`s accrediting authority. Sandia was faced with implementing security features to allow the NSS to be operated in its secure computing network, which is a single security clearance, multiple data security level environment. This paper describes the software security design alternatives that were considered and what was ultimately implemented.

  5. Software security for a network storage service

    SciTech Connect (OSTI)

    Haynes, R.A.; Kelly, S.M.

    1992-01-01

    In 1991, Sandia National Laboratories acquired a Network Storage Service (NSS) as a result of a fully competitive procurement. The Network Storage Service, which provides access to over a terabyte of data storage in a two-tiered hierarchy, had minimal software security features. Before the NSS could be placed into production, it had to be accredited by the Department of Energy, Sandia's accrediting authority. Sandia was faced with implementing security features to allow the NSS to be operated in its secure computing network, which is a single security clearance, multiple data security level environment. This paper describes the software security design alternatives that were considered and what was ultimately implemented.

  6. Secure content objects

    DOE Patents [OSTI]

    Evans, William D.

    2009-02-24

    A secure content object protects electronic documents from unauthorized use. The secure content object includes an encrypted electronic document, a multi-key encryption table having at least one multi-key component, an encrypted header and a user interface device. The encrypted document is encrypted using a document encryption key associated with a multi-key encryption method. The encrypted header includes an encryption marker formed by a random number followed by a derivable variation of the same random number. The user interface device enables a user to input a user authorization. The user authorization is combined with each of the multi-key components in the multi-key encryption key table and used to try to decrypt the encrypted header. If the encryption marker is successfully decrypted, the electronic document may be decrypted. Multiple electronic documents or a document and annotations may be protected by the secure content object.

  7. Radiological Security Program | National Nuclear Security Administrati...

    National Nuclear Security Administration (NNSA)

    Radiological Security Program Armenia Secures Dangerous Radioactive Sources in Cooperation with NNSA The Department of Energy's National Nuclear Security Administration (NNSA) ...

  8. Nuclear Security Enterprise | National Nuclear Security Administration

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    About Our Programs Defense Programs Nuclear Security Enterprise The Nuclear Security Enterprise (NSE) mission is to ensure the Nation sustains a safe, secure, and effective ...

  9. T-536: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Security Controls | Department of Energy 36: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls T-536: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls January 18, 2011 - 2:30pm Addthis PROBLEM: Cisco ASA Multiple Flaws Let Remote Users Deny Service and Bypass Security Controls. PLATFORM: Cisco 5500 Series Adaptive Security Appliances (ASA) ABSTRACT: Cisco ASA 5500 Series Adaptive Security Appliances are affected by multiple

  10. Secure PVM

    SciTech Connect (OSTI)

    Dunigan, T.H.; Venugopal, N.

    1996-09-01

    This research investigates techniques for providing privacy, authentication, and data integrity to PVM (Parallel Virtual Machine). PVM is extended to provide secure message passing with no changes to the user`s PVM application, or, optionally, security can be provided on a message-by message basis. Diffe-Hellman is used for key distribution of a single session key for n-party communication. Keyed MD5 is used for message authentication, and the user may select from various secret-key encryption algorithms for message privacy. The modifications to PVM are described, and the performance of secure PVM is evaluated.