Sample records for multiple security vulnerabilities

  1. T-551: Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabilities

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23, 2014,Zaleski -BlueprintThisVulnerabilities | Department of Energy Cisco|

  2. T-597: WordPress Multiple Security Vulnerabilities | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23, 2014,Zaleski -BlueprintThisVulnerabilities | DepartmentDepartment ofWordPress

  3. V-092: Pidgin Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Pidgin, which can be exploited by malicious people to manipulate certain data, cause a DoS (Denial of Service), and compromise a user's system.

  4. V-096: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    A weakness and multiple vulnerabilities have been reported in Mozilla Thunderbird and SeaMonkey, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, and compromise a user's system.

  5. Common Cyber Security Vulnerabilities Observed in Control System...

    Energy Savers [EERE]

    Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program Common Cyber Security Vulnerabilities Observed in Control System Assessments by...

  6. Assessing the Security Vulnerabilities of Correctional Facilities

    SciTech Connect (OSTI)

    Morrison, G.S.; Spencer, D.S.

    1998-10-27T23:59:59.000Z

    The National Institute of Justice has tasked their Satellite Facility at Sandia National Laboratories and their Southeast Regional Technology Center in Charleston, South Carolina to devise new procedures and tools for helping correctional facilities to assess their security vulnerabilities. Thus, a team is visiting selected correctional facilities and performing vulnerability assessments. A vulnerability assessment helps to identi~ the easiest paths for inmate escape, for introduction of contraband such as drugs or weapons, for unexpected intrusion fi-om outside of the facility, and for the perpetration of violent acts on other inmates and correctional employees, In addition, the vulnerability assessment helps to quantify the security risks for the facility. From these initial assessments will come better procedures for performing vulnerability assessments in general at other correctional facilities, as well as the development of tools to assist with the performance of such vulnerability assessments.

  7. T-697: Google Chrome Prior to 13.0.782.107 Multiple Security...

    Broader source: Energy.gov (indexed) [DOE]

    Chrome Prior to 13.0.782.107 Multiple Security Vulnerabilities Releases >> Chrome OS Beta: Channel Update Chromium Security >> Reporting Security Bugs IMPACT ASSESSMENT: High...

  8. T-551: Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabil...

    Office of Environmental Management (EM)

    51: Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabilities T-551: Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabilities February 7, 2011 - 7:56am...

  9. V-090: Adobe Flash Player / AIR Multiple Vulnerabilities | Department...

    Broader source: Energy.gov (indexed) [DOE]

    0: Adobe Flash Player AIR Multiple Vulnerabilities V-090: Adobe Flash Player AIR Multiple Vulnerabilities February 13, 2013 - 12:14am Addthis PROBLEM: Adobe Flash Player AIR...

  10. T-566: Citrix Secure Gateway Unspecified Vulnerability | Department...

    Broader source: Energy.gov (indexed) [DOE]

    has been reported in Citrix Secure Gateway, which can be exploited by malicious people to compromise a vulnerable system. reference LINKS: Citrix ID:CTX128168 Secunia...

  11. V-106: Citrix Access Gateway Unspecified Security Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Citrix Access Gateway, which can be exploited by malicious people to bypass certain security restrictions.

  12. V-005: ModSecurity Multipart Message Parsing Security Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    SEC Consult has reported a vulnerability in ModSecurity, which can be exploited by malicious people to bypass certain security restrictions.

  13. U-171: DeltaV Products Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in DeltaV products, which can be exploited by malicious people to conduct cross-site scripting attacks, SQL injection attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.

  14. Climate Change: Conflict, Security and Vulnerability Professor of Climate Change

    E-Print Network [OSTI]

    Hulme, Mike

    Climate Change: Conflict, Security and Vulnerability Mike Hulme Professor of Climate Change Science, Society and Sustainability Group School of Environmental Sciences Rethinking Climate Change, Conflict security" "increase risk of conflicts among and within nations" #12;· from `climatic change' to `climate-change

  15. CRITICAL INFRASTRUCTURE PROTECTION Multiple Efforts to Secure...

    Energy Savers [EERE]

    CRITICAL INFRASTRUCTURE PROTECTION Multiple Efforts to Secure Control Systems Are Under Way, but Challenges Remain CRITICAL INFRASTRUCTURE PROTECTION Multiple Efforts to Secure...

  16. Network Vulnerability to Single, Multiple, and Probabilistic Physical Attacks

    E-Print Network [OSTI]

    Hay, David

    Network Vulnerability to Single, Multiple, and Probabilistic Physical Attacks Pankaj K. Agarwal, swami}@cs.arizona.edu Electrical Engineering, Columbia University. {hdavid, gil}@ee.columbia.edu Abstract--Telecommunications networks heavily rely on the physical infrastructure and, are therefore

  17. U-234: Oracle MySQL User Login Security Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    Oracle MySQL is prone to a security bypass vulnerability Attackers can exploit this issue to bypass certain security restrictions.

  18. Managing Secure Survivable Critical Infrastructures To Avoid Vulnerabilities Frederick Sheldon, Tom Potok, Andy Loebl

    E-Print Network [OSTI]

    Krings, Axel W.

    Managing Secure Survivable Critical Infrastructures To Avoid Vulnerabilities Frederick Sheldon, Tom technologically complex society makes knowing the vulnerability of such systems essential to improving their intrinsic reliability/survivability. Our discussion employs the power transmission grid. 1 Introduction

  19. T-694: IBM Tivoli Federated Identity Manager Products Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    This Security Alert addresses a serious security issue CVE-2010-4476 (Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number). This vulnerability might cause the Java Runtime Environment to hang, be in infinite loop, and/or crash resulting in a denial of service exposure. This same hang might occur if the number is written without scientific notation (324 decimal places). In addition to the Application Server being exposed to this attack, any Java program using the Double.parseDouble method is also at risk of this exposure including any customer written application or third party written application.

  20. UEA Water Security Research Centre Climate Change and Variability Adaptation and Vulnerability

    E-Print Network [OSTI]

    Everest, Graham R

    UEA Water Security Research Centre Climate Change and Variability · Adaptation and Vulnerability · Transboundary Cooperation ­ Conflict · Irrigation Performance and Policy · River Basin Management · Water Allocation · Hydropolitics www.uea.ac.uk/watersecurity #12;The UEA Water Security Research Centre applies

  1. Implementation of Secure Quantum Protocol using Multiple Photons for Communication

    E-Print Network [OSTI]

    Sayonnha Mandal; Gregory Macdonald; Mayssaa El Rifai; Nikhil Punekar; Farnaz Zamani; Yuhua Chen; Subhash Kak; Pramode K. Verma; Robert C Huck; James Sluss

    2012-08-30T23:59:59.000Z

    The paper presents the implementation of a quantum cryptography protocol for secure communication between servers in the cloud. As computing power increases, classical cryptography and key management schemes based on computational complexity become increasingly susceptible to brute force and cryptanalytic attacks. Current implementations of quantum cryptography are based on the BB84 protocol, which is susceptible to siphoning attacks on the multiple photons emitted by practical laser sources. The three-stage protocol, whose implementation is described in this paper, is a departure from conventional practice and it obviates some of the known vulnerabilities of the current implementations of quantum cryptography. This paper presents an implementation of the three-stage quantum communication protocol in free-space. To the best of the authors' knowledge, this is the first implementation of a quantum protocol where multiple photons can be used for secure communication.

  2. International Journal of Smart Grid and Clean Energy Smart Grid Security: Threats, Vulnerabilities and Solutions

    E-Print Network [OSTI]

    Aloul, Fadi

    to be able to communicate with smart meters via a Home Area Network (HAN) facilitating efficient powerInternational Journal of Smart Grid and Clean Energy Smart Grid Security: Threats, Vulnerabilities is currently evolving into the smart grid. Smart grid integrates the traditional electrical power grid

  3. T-528: Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities

    Broader source: Energy.gov [DOE]

    Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities. Mozilla Firefox, SeaMonkey, and Thunderbird are prone to multiple HTML-injection vulnerabilities. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

  4. T-614: Cisco Unified Communications Manager Database Security Vulnerability

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23, 2014,Zaleski -BlueprintThisVulnerabilities | DepartmentDepartment| Department

  5. T-657: Drupal Prepopulate - Multiple vulnerabilities | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23, 2014,Zaleski -BlueprintThisVulnerabilities |Vulnerability |PROBLEM:

  6. U-104: Adobe Flash Player Multiple Vulnerabilities | Department...

    Broader source: Energy.gov (indexed) [DOE]

    have been reported in Adobe Flash Player, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and...

  7. Using vulnerability assessments to design facility safeguards and security systems

    SciTech Connect (OSTI)

    Snell, M.; Jaeger, C.

    1994-08-01T23:59:59.000Z

    The Weapons Complex Reconfiguration (WCR) Program is meant to prepare the Department of Energy (DOE) weapons complex to meet the needs of the next century through construction of now facilities or upgrades-in-place at existing facilities. This paper describes how a vulnerability (VA) was used to identify potential S&S features for the conceptual design for a plutonium storage facility as part of the WCR Program. We distinguish those features of the design that need to be investigated at the conceptual stage from those that can be evaluated later. We also examined what protection features may allow reduced S&S operating costs, with the main focus on protective force costs. While some of these concepts hold the promise for significantly reducing life-cycle protective force costs, their use depends on resolving long-standing tradeoffs between S&S and safety, which are discussed in the study.

  8. Application of artificial neural networks in power system security and vulnerability assessment

    SciTech Connect (OSTI)

    Qin Zhou; Davidson, J.; Fouad, A.A.

    1994-02-01T23:59:59.000Z

    In a companion paper the concept of system vulnerability is introduced as a new framework for power system dynamic security assessment. Using the TEF method of transient stability analysis, the energy margin [Delta]V is used as an indicator of the level of security, and its sensitivity to a changing system parameter p ([partial derivative][Delta]V/[partial derivative]p) as indicator of its trend with changing system conditions. These two indicators are combined to determine the degree of system vulnerability to contingent disturbances in a stability-limited power system. Thresholds for acceptable levels of the security indicator and its trend are related to the stability limits of a critical system parameter (plant generation limits). Operating practices and policies are used to determine these thresholds. In this paper the artificial neural networks (ANNs) technique is applied to the concept of system vulnerability within the recently developed framework, for fast pattern recognition and classification of system dynamic security status. A suitable topology for the neural network is developed, and the appropriate training method and input and output signals are selected. The procedure developed is successfully applied to the IEEE 50-generator test system. Data previously obtained by heuristic techniques are used for training the ANN.

  9. V-081: Wireshark Multiple Vulnerabilities | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA group current C3EDepartment of EnergyTheVulnerabilitiesDepartmentWireshark

  10. V-131: Adobe Shockwave Player Multiple Vulnerabilities | Department of

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA group current C3EDepartment ofPrivileges |Vulnerabilities | DepartmentEnergy

  11. V-178: IBM Data Studio Web Console Java Multiple Vulnerabilities |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA group current C3EDepartment ofPrivileges |VulnerabilitiesCodeCode |Department of

  12. System vulnerability as a concept to assess power system dynamic security

    SciTech Connect (OSTI)

    Fouad, A.A.; Qin Zhou; Vittal, V. (Iowa State Univ., Ames, IA (United States))

    1994-05-01T23:59:59.000Z

    The concept of system vulnerability is introduced as a new framework for power system dynamic security assessment. This new concept combines information on the level of security and its trend with changing system condition. In this paper the transient energy function (TEF) method is used as a tool of analysis. The energy margin [Delta]V is used as an indicator of the level of security, and its sensitivity ([partial derivative][Delta]V/[partial derivative]p) to a changing system parameter p as an indicator of its trend. The thresholds for acceptable levels of the security indicator ([Delta]V) and its trend ([partial derivative][Delta]V/[partial derivative]p) are related to the stability limits of a critical system parameter. A method is proposed to determine these thresholds using heuristic techniques derived from operating practices and policies for a change in plant generation. Results from the IEEE 50 generator test system are presented to illustrate the procedure.

  13. ISSO Information Alert Multiple Vulnerabilities in Adobe Flash

    E-Print Network [OSTI]

    Dyer, Bill

    SHARING AND ANALYSIS CENTER CYBER SECURITY ADVISORY MS-ISAC ADVISORY NUMBER: 2012-014 DATE(S) ISSUED: 3 to take complete control of affected systems. Adobe Flash Player is a widely distributed multimedia or URL and distributes that file or URL to unsuspecting users via e-mail or some other means. When

  14. V-119: IBM Security AppScan Enterprise Multiple Vulnerabilities |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA group current C3EDepartment ofPrivileges | DepartmentDepartment of Energy IBM

  15. U-169: Sympa Multiple Security Bypass Vulnerabilities | Department of

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23,EnergyChicopeeTechnologyfactTuscarora PhaseArbitraryDrupal

  16. V-207: Wireshark Multiple Denial of Service Vulnerabilities | Department of

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742Energy China 2015ofDepartment of Energy Microsoft Security BulletinDepartment ofEnergy

  17. V-208: Google Chrome Multiple Vulnerabilities | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742Energy China 2015ofDepartment of Energy Microsoft Security BulletinDepartment

  18. V-214: Mozilla Firefox Multiple Vulnerabilities | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742Energy China 2015ofDepartment of Energy Microsoft SecurityEnergy SEARCH-LAB has

  19. V-224: Google Chrome Multiple Vulnerabilities | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742Energy China 2015ofDepartment of Energy Microsoft SecurityEnergyDepartment ofSUSEMultiple

  20. T-527: OpenSC Smart Card Serial Number Multiple Buffer Overflow Vulnerabilities

    Broader source: Energy.gov [DOE]

    OpenSC is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

  1. U-191: Oracle Java Multiple Vulnerabilities | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23,EnergyChicopeeTechnologyfactTuscarora PhaseArbitraryDrupalCodeMultiple

  2. SUPPORTING END-TO-END SECURITY ACROSS PROXIES WITH MULTIPLE-

    E-Print Network [OSTI]

    SUPPORTING END-TO-END SECURITY ACROSS PROXIES WITH MULTIPLE- CHANNEL SSL Yong Song, Victor C Columbia, 2356 Main Mall, Vancouver, BC V6T 1Z4, Canada Abstract: Secure Socket Layer (SSL) has functional used by clients to communicate with servers. This paper introduces Multiple-Channel SSL (MC-SSL

  3. Sandia Energy - SCADA Vulnerability Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    SCADA Vulnerability Assessments Home Stationary Power Safety, Security & Resilience of Energy Infrastructure Grid Modernization Cyber Security for Electric Infrastructure National...

  4. Vulnerability Scanning Policy 1 Introduction

    E-Print Network [OSTI]

    Vulnerability Scanning Policy 1 Introduction Vulnerability scanning is an important and necessary and can alert system administrators to potentially serious problems. However vulnerability scanning also to compromise system security. The following policy details the conditions under which vulnerability scans may

  5. The ASSESS (Analytic System and Software for Evaluating Safeguards and Security) Outsider module with multiple analyses

    SciTech Connect (OSTI)

    Snell, M.K.; Winblad, A.E. (Sandia National Labs., Albuquerque, NM (USA)); Bingham, B.; Key, B.; Walker, S. (Science and Engineering Associates, Inc., Albuquerque, NM (USA))

    1990-01-01T23:59:59.000Z

    The Analytic System and Software for Evaluating Safeguards and Security (ASSESS) includes modules for analyzing vulnerabilities against outsider and insider adversaries. The ASSESS Outsider Analysis Module has been upgraded to allow for defining, analyzing, and displaying the results of multiple analyses. Once a set of threat definitions have been defined in one Outsider file, they can be readily copied to other Outsider files. This multiple analysis, or batch, mode of operation provides an efficient way of covering the standard DOE outsider threat spectrum. A new approach for coupling the probability of interruption, P(I), values and values calculated by the ASSESS Neutralization module has been implemented in Outsider and is described. An enhanced capability for printing results of these multiple analyses is also included in the upgraded Outside module. 7 refs., 7 figs., 1 tab.

  6. Using Multiple Unmanned Systems for a Site Security Task

    SciTech Connect (OSTI)

    Matthew O. Anderson; Curtis W. Nielsen; Mark D. McKay; Derek C. Wadsworth; Ryan C. Hruska; John A. Koudelka

    2009-04-01T23:59:59.000Z

    Unmanned systems are often used to augment the ability of humans to perform challenging tasks. While the value of individual unmanned vehicles have been proven for a variety of tasks, it is less understood how multiple unmanned systems should be used together to accomplish larger missions such as site security. The purpose of this paper is to discuss efforts by researchers at the Idaho National Laboratory (INL) to explore the utility and practicality of operating multiple unmanned systems for a site security mission. This paper reviews the technology developed for a multi-agent mission and summarizes the lessons-learned from a technology demonstration.

  7. V-021: Cisco IronPort Web / Email Security Appliance Sophos Anti...

    Broader source: Energy.gov (indexed) [DOE]

    1: Cisco IronPort Web Email Security Appliance Sophos Anti-Virus Multiple Vulnerabilities V-021: Cisco IronPort Web Email Security Appliance Sophos Anti-Virus Multiple...

  8. U-126: Cisco Adaptive Security Appliances Port Forwarder ActiveX Control Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Cisco ASA. A remote user can cause arbitrary code to be executed on the target user's system.

  9. V-186: Drupal Login Security Module Security Bypass and Denial...

    Office of Environmental Management (EM)

    186: Drupal Login Security Module Security Bypass and Denial of Service Vulnerability V-186: Drupal Login Security Module Security Bypass and Denial of Service Vulnerability June...

  10. U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS).

  11. Security Vulnerabilities of the Cisco IOS Implementation of the MPLS Transport Profile

    E-Print Network [OSTI]

    Floreano, Dario

    Profile (MPLS-TP), in the context of smart-grid communication networks. The security guidelines Transport Profile (MPLS-TP) is one of the proposed communication technologies for smart-grid networks [6

  12. k-Zero Day Safety: A Network Security Metric for Measuring the Risk of Unknown Vulnerabilities

    E-Print Network [OSTI]

    Wang, Lingyu

    systems at nuclear power plants, implanted heart de brillators, and military satellites. One of the main. However, the scale and severity of security threats to computer networks have continued to grow at an ever

  13. k-Zero Day Safety: A Network Security Metric for Measuring the Risk of Unknown Vulnerabilities

    E-Print Network [OSTI]

    Noel, Steven

    but also industrial control systems at nuclear power plants, implanted heart defibrillators, and military are increasingly dependent. However, the scale and severity of security threats to computer networks have continued

  14. The 2011 Military Communications Conference -Track 3 -Cyber Security and Network Operations From Security to Vulnerability: Data Authentication

    E-Print Network [OSTI]

    Wang, Wenye

    lines and transform ers [5], to perform critical functions of energy transmission and distributionThe 2011 Military Communications Conference - Track 3 - Cyber Security and Network Operations From Wang· Zhuo Lu* Jianfeng Mat "Department of Electrical and Computer Engineering, NC State University

  15. Using Violation and Vulnerability Analysis to Understand the Root-Causes of Complex Security Incidents

    E-Print Network [OSTI]

    Johnson, Chris

    Incidents C.W. Johnson Dept. of Computing Science, University of Glasgow, Glasgow, Scotland. http Department of Energy has also established the Information Security Resource Center to coordinate the `root is appropriate because it included failures in the underlying audit and control mechanisms. It also stemmed from

  16. V-197: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742Energy China 2015ofDepartment of Energy Microsoft Security Bulletin Advance Notification

  17. V-080: Apple iOS Multiple Vulnerabilities | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA group current C3EDepartment of EnergyTheVulnerabilitiesDepartment

  18. T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities | Department

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23, 2014,Zaleski -BlueprintThisVulnerabilities | DepartmentDepartment|Adobe

  19. V-191: Apple Mac OS X Multiple Vulnerabilities | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742Energy China 2015of 2005UNSDepartmentFebruaryPhase|PotomacDepartmentRemoteVulnerabilityApple has

  20. V-211: IBM iNotes Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels DataDepartment of Energy Your DensityEnergy U.S.-China Electric Vehicle and03/02 TUE 08:59CapabilityVulnerabilities | Department1: IBM

  1. T-592: Cisco Security Advisory: Cisco Secure Access Control System...

    Energy Savers [EERE]

    92: Cisco Security Advisory: Cisco Secure Access Control System Unauthorized Password Change Vulnerability T-592: Cisco Security Advisory: Cisco Secure Access Control System...

  2. Public views on multiple dimensions of security : nuclear waepons, terrorism, energy, and the environment : 2007.

    SciTech Connect (OSTI)

    Herron, Kerry Gale (University of Oklahoma, Norman, OK); Jenkins-Smith, Hank C. (University of Oklahoma, Norman, OK)

    2008-01-01T23:59:59.000Z

    We analyze and compare findings from identical national surveys of the US general public on nuclear security and terrorism administered by telephone and Internet in mid-2007. Key areas of investigation include assessments of threats to US security; valuations of US nuclear weapons and nuclear deterrence; perspectives on nuclear proliferation, including the specific cases of North Korea and Iran; and support for investments in nuclear weapons capabilities. Our analysis of public views on terrorism include assessments of the current threat, progress in the struggle against terrorism, preferences for responding to terrorist attacks at different levels of assumed casualties, and support for domestic policies intended to reduce the threat of terrorism. Also we report findings from an Internet survey conducted in mid 2007 that investigates public views of US energy security, to include: energy supplies and reliability; energy vulnerabilities and threats, and relationships among security, costs, energy dependence, alternative sources, and research and investment priorities. We analyze public assessments of nuclear energy risks and benefits, nuclear materials management issues, and preferences for the future of nuclear energy in the US. Additionally, we investigate environmental issues as they relate to energy security, to include expected implications of global climate change, and relationships among environmental issues and potential policy options.

  3. U-246: Tigase XMPP Dialback Protection Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Tigase, which can be exploited by malicious people to bypass certain security restrictions.

  4. Faculty Information Security Guide

    E-Print Network [OSTI]

    Myers, Lawrence C.

    Faculty Information Security Guide Dartmouth Your information is vitally important to your teaching protect your information. THE DARTMOUTH INFORMATION SECURITY COMMITTEE The Dartmouth Information Security Committee (DISC) meets monthly to assess vulnerabilities of information security, and to develop and revise

  5. Security Science & Technology | Nuclear Science | ORNL

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Nuclear Security Science & Technology Border Security Comprehensive Vulnerability and Threat Analysis Consequence Management, Safeguards, and Non-Proliferation Tools Export...

  6. Vendor System Vulnerability Testing Test Plan

    SciTech Connect (OSTI)

    James R. Davidson

    2005-01-01T23:59:59.000Z

    The Idaho National Laboratory (INL) prepared this generic test plan to provide clients (vendors, end users, program sponsors, etc.) with a sense of the scope and depth of vulnerability testing performed at the INL’s Supervisory Control and Data Acquisition (SCADA) Test Bed and to serve as an example of such a plan. Although this test plan specifically addresses vulnerability testing of systems applied to the energy sector (electric/power transmission and distribution and oil and gas systems), it is generic enough to be applied to control systems used in other critical infrastructures such as the transportation sector, water/waste water sector, or hazardous chemical production facilities. The SCADA Test Bed is established at the INL as a testing environment to evaluate the security vulnerabilities of SCADA systems, energy management systems (EMS), and distributed control systems. It now supports multiple programs sponsored by the U.S. Department of Energy, the U.S. Department of Homeland Security, other government agencies, and private sector clients. This particular test plan applies to testing conducted on a SCADA/EMS provided by a vendor. Before performing detailed vulnerability testing of a SCADA/EMS, an as delivered baseline examination of the system is conducted, to establish a starting point for all-subsequent testing. The series of baseline tests document factory delivered defaults, system configuration, and potential configuration changes to aid in the development of a security plan for in depth vulnerability testing. The baseline test document is provided to the System Provider,a who evaluates the baseline report and provides recommendations to the system configuration to enhance the security profile of the baseline system. Vulnerability testing is then conducted at the SCADA Test Bed, which provides an in-depth security analysis of the Vendor’s system.b a. The term System Provider replaces the name of the company/organization providing the system being evaluated. This can be the system manufacturer, a system user, or a third party organization such as a government agency. b. The term Vendor (or Vendor’s) System replaces the name of the specific SCADA/EMS being tested.

  7. U-200: Red Hat Directory Server Information Disclosure Security...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    0: Red Hat Directory Server Information Disclosure Security Issue and Vulnerability U-200: Red Hat Directory Server Information Disclosure Security Issue and Vulnerability June 27,...

  8. T-565: Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability

    Broader source: Energy.gov [DOE]

    Microsoft is releasing this security advisory to help ensure customers are aware that an update to the Microsoft Malware Protection Engine also addresses a security vulnerability reported to Microsoft.

  9. Common Control System Vulnerability

    SciTech Connect (OSTI)

    Trent Nelson

    2005-12-01T23:59:59.000Z

    The Control Systems Security Program and other programs within the Idaho National Laboratory have discovered a vulnerability common to control systems in all sectors that allows an attacker to penetrate most control systems, spoof the operator, and gain full control of targeted system elements. This vulnerability has been identified on several systems that have been evaluated at INL, and in each case a 100% success rate of completing the attack paths that lead to full system compromise was observed. Since these systems are employed in multiple critical infrastructure sectors, this vulnerability is deemed common to control systems in all sectors. Modern control systems architectures can be considered analogous to today's information networks, and as such are usually approached by attackers using a common attack methodology to penetrate deeper and deeper into the network. This approach often is composed of several phases, including gaining access to the control network, reconnaissance, profiling of vulnerabilities, launching attacks, escalating privilege, maintaining access, and obscuring or removing information that indicates that an intruder was on the system. With irrefutable proof that an external attack can lead to a compromise of a computing resource on the organization's business local area network (LAN), access to the control network is usually considered the first phase in the attack plan. Once the attacker gains access to the control network through direct connections and/or the business LAN, the second phase of reconnaissance begins with traffic analysis within the control domain. Thus, the communications between the workstations and the field device controllers can be monitored and evaluated, allowing an attacker to capture, analyze, and evaluate the commands sent among the control equipment. Through manipulation of the communication protocols of control systems (a process generally referred to as ''reverse engineering''), an attacker can then map out the control system processes and functions. With the detailed knowledge of how the control data functions, as well as what computers and devices communicate using this data, the attacker can use a well known Man-in-the-Middle attack to perform malicious operations virtually undetected. The control systems assessment teams have used this method to gather enough information about the system to craft an attack that intercepts and changes the information flow between the end devices (controllers) and the human machine interface (HMI and/or workstation). Using this attack, the cyber assessment team has been able to demonstrate complete manipulation of devices in control systems while simultaneously modifying the data flowing back to the operator's console to give false information of the state of the system (known as ''spoofing''). This is a very effective technique for a control system attack because it allows the attacker to manipulate the system and the operator's situational awareness of the perceived system status. The three main elements of this attack technique are: (1) network reconnaissance and data gathering, (2) reverse engineering, and (3) the Man-in-the-Middle attack. The details of this attack technique and the mitigation techniques are discussed.

  10. Energy vulnerability relationships

    SciTech Connect (OSTI)

    Shaw, B.R.; Boesen, J.L.

    1998-02-01T23:59:59.000Z

    The US consumption of crude oil resources has been a steadily growing indicator of the vitality and strength of the US economy. At the same time import diversity has also been a rapidly developing dimension of the import picture. In the early 1970`s, embargoes of crude oil from Organization of Producing and Exporting Countries (OPEC) created economic and political havoc due to a significant lack of diversity and a unique set of economic, political and domestic regulatory circumstances. The continued rise of imports has again led to concerns over the security of our crude oil resource but threats to this system must be considered in light of the diversity and current setting of imported oil. This report develops several important issues concerning vulnerability to the disruption of oil imports: (1) The Middle East is not the major supplier of oil to the United States, (2) The US is not vulnerable to having its entire import stream disrupted, (3) Even in stable countries, there exist vulnerabilities to disruption of the export stream of oil, (4) Vulnerability reduction requires a focus on international solutions, and (5) DOE program and policy development must reflect the requirements of the diverse supply. Does this increasing proportion of imported oil create a {open_quotes}dependence{close_quotes}? Does this increasing proportion of imported oil present a vulnerability to {open_quotes}price shocks{close_quotes} and the tremendous dislocations experienced during the 1970`s? Finally, what is the vulnerability of supply disruptions from the current sources of imported oil? If oil is considered to be a finite, rapidly depleting resource, then the answers to these questions must be {open_quotes}yes.{close_quotes} However, if the supply of oil is expanding, and not limited, then dependence is relative to regional supply sources.

  11. A Method for Estimating the Financial Impact of Cyber Information Security Breaches Utilizing the Common Vulnerability Scoring System and Annual Loss Expectancy

    E-Print Network [OSTI]

    Lindsey, Michael B.

    2010-05-14T23:59:59.000Z

    Information security is relatively new field that is experiencing rapid growth in terms of malicious attack frequency and the amount of capital that firms must spend on attack defense. This rise in security expenditures has prompted corporate...

  12. INFORMATION SECURITY University Policy No: IM7800

    E-Print Network [OSTI]

    Herwig, Falk

    Page 1 INFORMATION SECURITY POLICY University Policy No: IM7800 Classification: Information to an Information Security Incident Procedures for Addressing Security Vulnerabilities of University Information Resources and Information Systems University Information Security Classification Procedures Procedures

  13. Are Vulnerability Disclosure Deadlines Justified?

    SciTech Connect (OSTI)

    Miles McQueen; Jason L. Wright; Lawrence Wellman

    2011-09-01T23:59:59.000Z

    Vulnerability research organizations Rapid7, Google Security team, and Zero Day Initiative recently imposed grace periods for public disclosure of vulnerabilities. The grace periods ranged from 45 to 182 days, after which disclosure might occur with or without an effective mitigation from the affected software vendor. At this time there is indirect evidence that the shorter grace periods of 45 and 60 days may not be practical. However, there is strong evidence that the recently announced Zero Day Initiative grace period of 182 days yields benefit in speeding up the patch creation process, and may be practical for many software products. Unfortunately, there is also evidence that the 182 day grace period results in more vulnerability announcements without an available patch.

  14. Sandia National Laboratories: Energy Security

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    States. I&C systems monitor the safe, reliable and secure generation and delivery of electricity and could have potential cyber vulnerabilities. At Sandia National Laboratories,...

  15. T-532: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution

    Broader source: Energy.gov [DOE]

    Microsoft is investigating new public reports of a vulnerability in the Windows Graphics Rendering Engine. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the logged-on user.

  16. Study of Security Attributes of Smart Grid Systems- Current Cyber Security Issues

    SciTech Connect (OSTI)

    Wayne F. Boyer; Scott A. McBride

    2009-04-01T23:59:59.000Z

    This document provides information for a report to congress on Smart Grid security as required by Section 1309 of Title XIII of the Energy Independence and Security Act of 2007. The security of any future Smart Grid is dependent on successfully addressing the cyber security issues associated with the nation’s current power grid. Smart Grid will utilize numerous legacy systems and technologies that are currently installed. Therefore, known vulnerabilities in these legacy systems must be remediated and associated risks mitigated in order to increase the security and success of the Smart Grid. The implementation of Smart Grid will include the deployment of many new technologies and multiple communication infrastructures. This report describes the main technologies that support Smart Grid and summarizes the status of implementation into the existing U.S. electrical infrastructure.

  17. President Obama Hosts Global Nuclear Security Summit | National...

    National Nuclear Security Administration (NNSA)

    a Global Nuclear Security Summit to facilitate discussion on the nature of the nuclear threat and develop steps that can be taken together to secure vulnerable materials, combat...

  18. Advanced Vulnerability Analysis and Intrusion Detection Through Predictive Attack Graphs

    E-Print Network [OSTI]

    Noel, Steven

    Advanced Vulnerability Analysis and Intrusion Detection Through Predictive Attack Graphs Steven, without considering how they contribute to overall attack risk. Similarly, intrusion alarms are logged threats, complexity of security data, and network growth. Our approach to network defense applies attack

  19. Chemical-Terrorism Vulnerability Information Guidance Document January 7, 2011

    E-Print Network [OSTI]

    Pawlowski, Wojtek

    Chemical-Terrorism Vulnerability Information Guidance Document January 7, 2011 The following) section on Chemical-Terrorism Vulnerability Information (CVI) 6 CFR 27.400. The Program Manager's comments.215; Not currently applicable (2) Site Security Plans under §27.225; Not currently applicable (3) Documents relating

  20. Architecture-level Simulations with Rapid Power Estimations for Security Processors with Multiple Power Domains

    E-Print Network [OSTI]

    Lee, Jenq-Kuen

    ,tingting}@cs.nthu.edu.tw Abstract-- The power dissipation is the concern for SoC de- signs and embedded systems to extend battery- cal model, a workload generator, power parameter banks, versa- tile outputs, and succinct GUIs companies and IC design houses are working with clock gating, power gating, multiple frequen- cies

  1. Proceedings of Student-Faculty Research Day, CSIS, Pace University, May 8th Virtual Forensics: Social Network Security Solutions

    E-Print Network [OSTI]

    Tappert, Charles

    Forensics: Social Network Security Solutions Marilyn Silva, Rajeswari Ian, Anu Nagpal, Anthony Glover, Steve; Digital Dossier Aggregation Vulnerabilities; Secondary Data Collection Vulnerabilities; Face Recognition

  2. Analyses Of Two End-User Software Vulnerability Exposure Metrics

    SciTech Connect (OSTI)

    Jason L. Wright; Miles McQueen; Lawrence Wellman

    2012-08-01T23:59:59.000Z

    The risk due to software vulnerabilities will not be completely resolved in the near future. Instead, putting reliable vulnerability measures into the hands of end-users so that informed decisions can be made regarding the relative security exposure incurred by choosing one software package over another is of importance. To that end, we propose two new security metrics, average active vulnerabilities (AAV) and vulnerability free days (VFD). These metrics capture both the speed with which new vulnerabilities are reported to vendors and the rate at which software vendors fix them. We then examine how the metrics are computed using currently available datasets and demonstrate their estimation in a simulation experiment using four different browsers as a case study. Finally, we discuss how the metrics may be used by the various stakeholders of software and to software usage decisions.

  3. V-132: IBM Tivoli System Automation Application Manager Multiple...

    Broader source: Energy.gov (indexed) [DOE]

    IBM has acknowledged multiple vulnerabilities in IBM Tivoli System Automation Application Manager PLATFORM: The vulnerabilities are reported in IBM Tivoli System Automation...

  4. Apparatus and method supporting wireless access to multiple security layers in an industrial control and automation system or other system

    DOE Patents [OSTI]

    Chen, Yu-Gene T.

    2013-04-16T23:59:59.000Z

    A method includes receiving a message at a first wireless node. The first wireless node is associated with a first wired network, and the first wired network is associated with a first security layer. The method also includes transmitting the message over the first wired network when at least one destination of the message is located in the first security layer. The method further includes wirelessly transmitting the message for delivery to a second wireless node when at least one destination of the message is located in a second security layer. The second wireless node is associated with a second wired network, and the second wired network is associated with the second security layer. The first and second security layers may be associated with different security paradigms and/or different security domains. Also, the message could be associated with destinations in the first and second security layers.

  5. Cyber Security Companies, governments, and consumers depend on secure and reliable

    E-Print Network [OSTI]

    Hill, Wendell T.

    Cyber Security Companies, governments, and consumers depend on secure and reliable computer-speed computers all introduce new cyber-security challenges. Cyber- security researchers at the University in the software development cycle. e also creates secure authentication protocols for vulnerable distributed

  6. Ecosystem Vulnerability Assessment - Patterns of Climate Change...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Ecosystem Vulnerability Assessment - Patterns of Climate Change Vulnerability in the Southwest Ecosystem Vulnerability Assessment - Patterns of Climate Change Vulnerability in the...

  7. Development of a Software SecurityAssessment Instrument to Reduce Software SecurityRisk

    E-Print Network [OSTI]

    Bishop, Matt

    system, has vulnerabilities. (SAT) for use in the software development and maintenance life cycle throughout the sofhvare development and maintenance life cycle. The. security assessment instrument includes security assessment for use in the software development and maintenance life cycle. Currently

  8. T-668: Vulnerability in a BlackBerry Enterprise Server component could allow information disclosure and partial denial of service

    Broader source: Energy.gov [DOE]

    This advisory describes a security issue in the BlackBerry Administration API component. Successful exploitation of the vulnerability could result in information disclosure and partial denial of service (DoS). The BlackBerry Administration API is a BlackBerry Enterprise Server component that is installed on the server that hosts the BlackBerry Administration Service. The BlackBerry Administration API contains multiple web services that receive API requests from client applications. The BlackBerry Administration API then translates requests into a format that the BlackBerry Administration Service can process.

  9. U-101: Mozilla Firefox / Thunderbird / SeaMonkey XBL Binding Use-After-Free Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in multiple Mozilla products, which can be exploited by malicious people to compromise a user's system.

  10. Vulnerability Assessment for Cascading Failures in Electric Power Systems

    SciTech Connect (OSTI)

    Baldick, R.; Chowdhury, Badrul; Dobson, Ian; Dong, Zhao Yang; Gou, Bei; Hawkins, David L.; Huang, Zhenyu; Joung, Manho; Kim, Janghoon; Kirschen, Daniel; Lee, Stephen; Li, Fangxing; Li, Juan; Li, Zuyi; Liu, Chen-Ching; Luo, Xiaochuan; Mili, Lamine; Miller, Stephen; Nakayama, Marvin; Papic, Milorad; Podmore, Robin; Rossmaier, John; Schneider, Kevin P.; Sun, Hongbin; Sun, Kai; Wang, David; Wu, Zhigang; Yao, Liangzhong; Zhang, Pei; Zhang, Wenjie; Zhang, Xiaoping

    2008-09-10T23:59:59.000Z

    Cascading failures present severe threats to power grid security, and thus vulnerability assessment of power grids is of significant importance. Focusing on analytic methods, this paper reviews the state of the art of vulnerability assessment methods in the context of cascading failures in three categories: steady-state modeling based analysis; dynamic modeling analysis; and non-traditional modeling approaches. The impact of emerging technologies including phasor technology, high-performance computing techniques, and visualization techniques on the vulnerability assessment of cascading failures is then addressed, and future research directions are presented.

  11. Securing Wireless Sensor Networks: Introducing ASLAN -A Secure Lightweight Architecture for WSNs

    E-Print Network [OSTI]

    Dobson, Simon

    Securing Wireless Sensor Networks: Introducing ASLAN - A Secure Lightweight Architecture for WSNs://www.comp.dit.ie/mcollins 2 http://www.csi.ucd.ie/Staff/AcademicStaff/{sdobson, pnixon} Abstract Wireless sensor networks. To address the security vulnerabilities in a wireless sensor network, this paper proposes a secure

  12. Lessons Learned from Cyber Security Assessments of SCADA and...

    Energy Savers [EERE]

    Energy Management Systems Results from ten cyber security vulnerability assessments of process control, SCADA, and energy management systems were reviewed to identify common...

  13. Plutonium Vulnerability Management Plan

    SciTech Connect (OSTI)

    NONE

    1995-03-01T23:59:59.000Z

    This Plutonium Vulnerability Management Plan describes the Department of Energy`s response to the vulnerabilities identified in the Plutonium Working Group Report which are a result of the cessation of nuclear weapons production. The responses contained in this document are only part of an overall, coordinated approach designed to enable the Department to accelerate conversion of all nuclear materials, including plutonium, to forms suitable for safe, interim storage. The overall actions being taken are discussed in detail in the Department`s Implementation Plan in response to the Defense Nuclear Facilities Safety Board (DNFSB) Recommendation 94-1. This is included as Attachment B.

  14. OPTIMIZATION STRATEGIES FOR THE VULNERABILITY ANALYSIS OF THE ELECTRIC POWER GRID

    E-Print Network [OSTI]

    Pinar, Ali

    OPTIMIZATION STRATEGIES FOR THE VULNERABILITY ANALYSIS OF THE ELECTRIC POWER GRID ALI PINAR, JUAN would cause a severe blackout, is critical for the secure operation of the electric power grid. We show how power grid vulnerability analysis can be studied as a bilevel mixed integer nonlinear programming

  15. Modeling Complex Control Systems to Identify Remotely Accessible Devices Vulnerable to Cyber Attack1

    E-Print Network [OSTI]

    Krings, Axel W.

    : Security, Vulnerabilities, Cyber Attack, Critical Infrastructure Protection, Electric Power Management present a model developed for Electric Power Management Systems (EPMS) and Supervisory Control and Data vulnerable to cyber attack. We use graph theory to model electric power control and protection devices

  16. Security Protection and Checking for Embedded System Integration against Buffer

    E-Print Network [OSTI]

    Sha, Edwin

    serious security problems for decades. More than 50 percent of today's widely exploited vulnerabilities in the early days is the Internet worm in 1988 that made use of buffer overflow vulnerabilities in fingerd, and their variations which exploited known buffer overflow vulnerabilities in the Microsoft Index Service DLL. The two

  17. Secure Core Contact Information

    E-Print Network [OSTI]

    Secure Core Contact Information C. E. Irvine irvine@nps.edu 831-656-2461 Department of Computer for the secure management of local and/or remote information in multiple contexts. The SecureCore project Science Graduate School of Operations and Information Sciences www.cisr.nps.edu Project Description

  18. Defining and Enforcing Referential Security Jed Liu Andrew C. Myers

    E-Print Network [OSTI]

    Myers, Andrew C.

    integrity can itself lead to security vulnerabilities that are not currently well understood. This paper. Referential integrity, which guarantees that named resources can be accessed when referenced, is an important identifies three kinds of referential security vulnerabilities related to the ref- erential integrity

  19. V-094: IBM Multiple Products Multiple Vulnerabilities | Department of

    Energy Savers [EERE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page onYou are now leaving Energy.gov You are now leaving Energy.gov You are being directedAnnual Siteof Energy 2, 2015 -Helicopter-Japan Joint NuclearDepartment ofEnergy 094: IBM

  20. Cyber Security Testing and Training Programs for Industrial Control Systems

    SciTech Connect (OSTI)

    Daniel Noyes

    2012-03-01T23:59:59.000Z

    Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall security posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These trainings vary from web-based cyber security trainings for control systems engineers to more advanced hands-on training that culminates with a Red Team/ Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors.

  1. Developmental Integrative BiologyCyber Security UNT is recognized by the National Security Agency and the Department of

    E-Print Network [OSTI]

    Tarau, Paul

    security. Information and computer security, trust and information assurance, systems architecture to identify and address a range of changing information sources and security vulnerabilities. UNT brings experts to address next generation challenges. The UNT-based Center for Information and Computer Security

  2. Vulnerability of SSL to Chosen-Plaintext Attack Gregory V. Bard

    E-Print Network [OSTI]

    Vulnerability of SSL to Chosen-Plaintext Attack Gregory V. Bard #3; May 11, 2004 Abstract The Secure Sockets Layer (SSL) protocol is widely used for securing communication over the Internet. When utilizing block ciphers for encryption, the SSL standard mandates the use of the cipher block chaining (CBC

  3. Vulnerability of SSL to Chosen-Plaintext Attack Gregory V. Bard

    E-Print Network [OSTI]

    Vulnerability of SSL to Chosen-Plaintext Attack Gregory V. Bard May 11, 2004 Abstract The Secure Sockets Layer (SSL) protocol is widely used for securing communication over the Internet. When utilizing block ciphers for encryption, the SSL standard mandates the use of the cipher block chaining (CBC) mode

  4. LESSONS LEARNED FROM CYBER SECURITY ASSESSMENTS OF SCADA AND ENERGY MANAGEMENT SYSTEMS

    SciTech Connect (OSTI)

    Ray Fink

    2006-10-01T23:59:59.000Z

    The results from ten cyber security vulnerability assessments of process control, SCADA and energy management systems, or components of those systems were reviewed to identify common problem areas. The common vulnerabilities ranged from conventional IT security issues to specific weaknesses in control system protocols. In each vulnerability category, relative measures were assigned to the severity of the vulnerability and ease with which an attacker could exploit the vulnerability. Suggested mitigations are identified in each category. Recommended mitigations having the highest impact on reducing vulnerability are listed for asset owners and system vendors.

  5. Departmental Personnel Security- Clearance Automation

    Broader source: Energy.gov [DOE]

    The primary objective of the DOE Integrated Security System (eDISS+) Initiative is to support the integration of multiple DOE security systems and databases. This integrated environment provides...

  6. AP1000 Design for Security

    SciTech Connect (OSTI)

    Long, L.B. [Southern Nuclear Operating Company, 40 Inverness Center Parkway, Birmingham, AL 35242 (United States); Cummins, W.E.; Winters, J.W. [Westinghouse Electric Company, 4350 Northern Pike, Monroeville, PA 15146 (United States)

    2006-07-01T23:59:59.000Z

    Nuclear power plants are protected from potential security threats through a combination of robust structures around the primary system and other vital equipment, security systems and equipment, and defensive strategy. The overall objective for nuclear power plant security is to protect public health and safety by ensuring that attacks or sabotage do not challenge the ability to safely shutdown the plant or protect from radiological releases. In addition, plants have systems, features and operational strategies to cope with external conditions, such as loss of offsite power, which could be created as part of an attack. Westinghouse considered potential security threats during design of the AP1000 PWR. The differences in plant configuration, safety system design, and safe shutdown equipment between existing plants and AP1000 affect potential vulnerabilities. This paper provides an evaluation of AP1000 with respect to vulnerabilities to security threats. The AP1000 design differs from the design of operating PWRs in the US in the configuration and the functional requirements for safety systems. These differences are intentional departures from conventional PWR designs which simplify plant design and enhance overall safety. The differences between the AP1000 PWR and conventional PWRs can impact vulnerabilities to security threats. The NRC addressed security concerns as part of their reviews for AP1000 Design Certification, and did not identify any security issues of concern. However, much of the detailed security design information for the AP1000 was deferred to the combined Construction and Operating License (COL) phase as many of the security issues are site-specific. Therefore, NRC review of security issues related to the AP1000 is not necessarily complete. Further, since the AP1000 plant design differs from existing PWRs, it is not obvious that the analyses and assessments prepared for existing plants also apply to the AP1000. We conclude that, overall, the AP1000 is less vulnerable to security threats such as malevolent use of vehicles (land, water or air), than are conventional PWRs. Further, the AP1000 is less vulnerable to external events (e.g., loss of transmission) than conventional PWRs. For some of the threats evaluated the AP1000 is comparable to conventional PWRs, while for other threats the AP1000 is inherently less vulnerable. (authors)

  7. Test & Security G. DiNatale, M. Doulcier, M-L. Flottes, B. Rouzeyre

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    LIRMMLIRMM Test & Security G. DiNatale, M. Doulcier, M-L. Flottes, B. Rouzeyre Pastis 2008 lirmm-00365276,version1-2Mar2009 #12;LIRMM Circuit testing is mandatory to guarantee a good security level A hardware defect may induce some security vulnerability But Test & Security : the dilemma Test Security

  8. Security of high-dimensional quantum key distribution protocols using Franson interferometers

    E-Print Network [OSTI]

    Thomas Brougham; Stephen M. Barnett; Kevin T. McCusker; Paul G. Kwiat; Daniel J. Gauthier

    2013-05-20T23:59:59.000Z

    Franson interferometers are increasingly being proposed as a means of securing high-dimensional energy-time entanglement-based quantum key distribution (QKD) systems. Heuristic arguments have been proposed that purport to demonstrate the security of these schemes. We show, however, that such systems are vulnerable to attacks that localize the photons to several temporally separate locations. This demonstrates that a single pair of Franson interferometers is not a practical approach to securing high-dimensional energy-time entanglement based QKD. This observations leads us to investigate the security of modified Franson-based-protocols, where Alice and Bob have two or more Franson interferometers. We show that such setups can improve the sensitivity against attacks that localize the photons to multiple temporal locations. While our results do not constituting a full security proof, they do show that a single pair of Franson interferometers is not secure and that multiple such interferometers could be a promising candidate for experimentally realizable high-dimensional QKD.

  9. Method and tool for network vulnerability analysis

    DOE Patents [OSTI]

    Swiler, Laura Painton (Albuquerque, NM); Phillips, Cynthia A. (Albuquerque, NM)

    2006-03-14T23:59:59.000Z

    A computer system analysis tool and method that will allow for qualitative and quantitative assessment of security attributes and vulnerabilities in systems including computer networks. The invention is based on generation of attack graphs wherein each node represents a possible attack state and each edge represents a change in state caused by a single action taken by an attacker or unwitting assistant. Edges are weighted using metrics such as attacker effort, likelihood of attack success, or time to succeed. Generation of an attack graph is accomplished by matching information about attack requirements (specified in "attack templates") to information about computer system configuration (contained in a configuration file that can be updated to reflect system changes occurring during the course of an attack) and assumed attacker capabilities (reflected in "attacker profiles"). High risk attack paths, which correspond to those considered suited to application of attack countermeasures given limited resources for applying countermeasures, are identified by finding "epsilon optimal paths."

  10. Engineering secure software

    E-Print Network [OSTI]

    Jetly, Prateek

    2001-01-01T23:59:59.000Z

    the vulnerabilities based on their coverage and cost. The above modeling approach is also known as thc onion peel model due to its nature of dividing the problem space into zones of similar security. These zones represent the peels of the onion. Each zone is also... into peels based on the security considerations of the entities of the system. The model describes minimum interaction among components across peels and maximum within peels. The onion diagram includes the physical entities of the systems and not just...

  11. Cyber Security & Smart Grid 

    E-Print Network [OSTI]

    Shapiro, J.

    2011-01-01T23:59:59.000Z

    to complexity, proprietary nature and different management teams ? Ripe for exploitation ? Intel, Microsoft, Security vendors are not focused on this technology ? Many are NOT PC?s ? Many can be infected and the devices cannot be cleaned ESL-KT-11...-11-23 CATEE 2011, Dallas, Texas, Nov. 7 ? 9, 2011 Inherent Vulnerabilities ? Two-way communications ? Distributed connectivity ? Customer usage data ? Metering devices ? Weak authentication and access control ? Lack of adequate training ? Lack...

  12. MAPPING CLIMATE CHANGE EXPOSURES, VULNERABILITIES,

    E-Print Network [OSTI]

    MAPPING CLIMATE CHANGE EXPOSURES, VULNERABILITIES, AND ADAPTATION TO PUBLIC HEALTH RISKS's California Climate Change Center JULY 2012 CEC5002012041 Prepared for: California Energy Commission of California. #12; ii ABSTRACT This study reviewed first available frameworks for climate change adaptation

  13. International Journal of Communication Networks and Information Security (IJCNIS) Vol. 1, No. 2, August 2009 A Secured Service Level Negotiation

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    9 International Journal of Communication Networks and Information Security (IJCNIS) Vol. 1, No. 2, August 2009 A Secured Service Level Negotiation In Ubiquitous Environments Mohamed Aymen Chalouf1 make the concerned communications vulnerable to security attacks because of the open medium on which

  14. Security Analysis of Palm Operating System Martin Vandepas and Karin Olsrud

    E-Print Network [OSTI]

    and Network Security Department of Electrical and Computer Engineering Oregon State University Corvallis there are deficiencies in the code of the OS itself which introduce various security vulnerabilities. In this paper, we improvements which would prevent the exploitation of these vulnerabilities. 1 Introduction With the modern

  15. T-570: HP Security Bulletin- HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS), Authentication Bypass

    Broader source: Energy.gov [DOE]

    A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to execute arbitrary code or create a Denial of Service (DoS) or an authentication bypass.

  16. Security Policy

    Broader source: Energy.gov [DOE]

    The Office of Security Policy analyzes, develops and interprets safeguards and security policy governing national security functions and the protection of related critical assets entrusted to the...

  17. Improving tamper detection for hazardous waste security

    SciTech Connect (OSTI)

    Johnston, R. G. (Roger G.); Garcia, A. R. E. (Anthony R. E.); Pacheco, A. N. (Adam N.); Trujillo, S. J. (Sonia J.); Martinez, R. K. (Ronald K.); Martinez, D. D. (Debbie D.); Lopez, L. N. (Leon N.)

    2002-01-01T23:59:59.000Z

    After September 11, waste managers are increasingly expected to provide improved levels of security for the hazardous materials in their charge. Many low-level wastes that previously had minimal or no security must now be well protected, while high-level wastes require even greater levels of security than previously employed. This demand for improved security comes, in many cases, without waste managers being provided the necessary additional funding, personnel, or security expertise. Contributing to the problem is the fact that--at least in our experience--waste managers often fail to appreciate certain types of security vulnerabilities. They frequently overlook or underestimate the security risks associated with disgruntled or compromised insiders, or the potential legal and political liabilities associated with nonexistent or ineffective security. Also frequently overlooked are potential threats from waste management critics who could resort to sabotage, vandalism, or civil disobedience for purposes of discrediting a waste management program.

  18. Embedding Security Policies into a Distributed Computing Environment

    E-Print Network [OSTI]

    Kühnhauser, Winfried

    : security policy, multipolicy system, information domain, policy domain, custodian, policy sep- arationD information systems must support information processing under multiple security policies of any complexity information support information processing among users with di erent security attributes employing resources

  19. Threat Insight Quarterly Vulnerability Management

    E-Print Network [OSTI]

    X-Force ® Threat Insight Quarterly Vulnerability Management July 2006 #12;X - F O R C E T H R E.................. 7 X-Force Catastrophic Risk Index.............................. 10 Future X-Force Threat Insight Introduction There is a wide range of threats that can exist in any network. The presence of unpatched

  20. CLIMATE CHANGE IMPACTS, VULNERABILITIES, AND

    E-Print Network [OSTI]

    CLIMATE CHANGE IMPACTS, VULNERABILITIES, AND ADAPTATION IN THE SAN FRANCISCO BAY AREA Commission's California Climate Change Center JULY 2012 CEC5002012071 Prepared for: California Energy, as well as projections of future changes in climate based on modeling studies using various plausible

  1. Securing Infrastructure from High Explosive Threats

    SciTech Connect (OSTI)

    Glascoe, L; Noble, C; Reynolds, J; Kuhl, A; Morris, J

    2009-03-20T23:59:59.000Z

    Lawrence Livermore National Laboratory (LLNL) is working with the Department of Homeland Security's Science and Technology Directorate, the Transportation Security Administration, and several infrastructure partners to characterize and help mitigate principal structural vulnerabilities to explosive threats. Given the importance of infrastructure to the nation's security and economy, there is a clear need for applied research and analyses (1) to improve understanding of the vulnerabilities of these systems to explosive threats and (2) to provide decision makers with time-critical technical assistance concerning countermeasure and mitigation options. Fully-coupled high performance calculations of structural response to ideal and non-ideal explosives help bound and quantify specific critical vulnerabilities, and help identify possible corrective schemes. Experimental validation of modeling approaches and methodologies builds confidence in the prediction, while advanced stochastic techniques allow for optimal use of scarce computational resources to efficiently provide infrastructure owners and decision makers with timely analyses.

  2. Can Fault Prediction Models and Metrics be Used for Vulnerability Prediction? Yonghee Shin and Laurie Williams

    E-Print Network [OSTI]

    Young, R. Michael

    Can Fault Prediction Models and Metrics be Used for Vulnerability Prediction? Yonghee Shin to prioritize security inspection and testing efforts may be better served by a prediction model that indicates commonalities that may allow development teams to use traditional fault prediction models and metrics

  3. Guide to Critical Infrastructure Protection Cyber Vulnerability...

    Office of Environmental Management (EM)

    Infrastructure Protection Cyber Vulnerability Assessment More Documents & Publications Wireless System Considerations When Implementing NERC Critical Infrastructure Protection...

  4. Power Grid Vulnerability to Geographically Correlated Failures

    E-Print Network [OSTI]

    Shepard, Kenneth

    Power Grid Vulnerability to Geographically Correlated Failures ­ Analysis and Control Implications such as telecommunications networks [14]. The power grid is vulnerable to natural disasters, such as earthquakes, hurricanes [17], [34]. Thus, we focus on the vulnerability of the power grid to an outage of several lines

  5. Vulnerability of critical infrastructures : identifying critical nodes.

    SciTech Connect (OSTI)

    Cox, Roger Gary; Robinson, David Gerald

    2004-06-01T23:59:59.000Z

    The objective of this research was the development of tools and techniques for the identification of critical nodes within critical infrastructures. These are nodes that, if disrupted through natural events or terrorist action, would cause the most widespread, immediate damage. This research focuses on one particular element of the national infrastructure: the bulk power system. Through the identification of critical elements and the quantification of the consequences of their failure, site-specific vulnerability analyses can be focused at those locations where additional security measures could be effectively implemented. In particular, with appropriate sizing and placement within the grid, distributed generation in the form of regional power parks may reduce or even prevent the impact of widespread network power outages. Even without additional security measures, increased awareness of sensitive power grid locations can provide a basis for more effective national, state and local emergency planning. A number of methods for identifying critical nodes were investigated: small-world (or network theory), polyhedral dynamics, and an artificial intelligence-based search method - particle swarm optimization. PSO was found to be the only viable approach and was applied to a variety of industry accepted test networks to validate the ability of the approach to identify sets of critical nodes. The approach was coded in a software package called Buzzard and integrated with a traditional power flow code. A number of industry accepted test networks were employed to validate the approach. The techniques (and software) are not unique to power grid network, but could be applied to a variety of complex, interacting infrastructures.

  6. Cyber Assessment Methods for SCADA Security

    SciTech Connect (OSTI)

    Not Available

    2005-06-01T23:59:59.000Z

    The terrorist attacks of September 11, 2001 brought to light threats and vulnerabilities that face the United States. In response, the U.S. Government is directing the effort to secure the nation's critical infrastructure by creating programs to implement the National Strategy to Secure Cyberspace (1). One part of this effort involves assessing Supervisory Control and Data Acquisition (SCADA) systems. These systems are essential to the control of critical elements of our national infrastructure, such as electric power, oil, and gas production and distribution. Since their incapacitation or destruction would have a debilitating impact on the defense or economic security of the United States, one of the main objectives of this program is to identify vulnerabilities and encourage the public and private sectors to work together to design secure control systems that resolve these weaknesses. This paper describes vulnerability assessment methodologies used in ongoing research and assessment activities designed to identify and resolve vulnerabilities so as to improve the security of the nation's critical infrastructure.

  7. Cyber Assessment Methods For SCADA Security

    SciTech Connect (OSTI)

    May Robin Permann; Kenneth Rohde

    2005-06-01T23:59:59.000Z

    The terrorist attacks of September 11, 2001 brought to light threats and vulnerabilities that face the United States. In response, the U.S. Government is directing the effort to secure the nation's critical infrastructure by creating programs to implement the National Strategy to Secure Cyberspace (1). One part of this effort involves assessing Supervisory Control and Data Acquisition (SCADA) systems. These systems are essential to the control of critical elements of our national infrastructure, such as electric power, oil, and gas production and distribution. Since their incapacitation or destruction would have a debilitating impact on the defense or economic security of the United States, one of the main objectives of this program is to identify vulnerabilities and encourage the public and private sectors to work together to design secure control systems that resolve these weaknesses. This paper describes vulnerability assessment methodologies used in ongoing research and assessment activities designed to identify and resolve vulnerabilities so as to improve the security of the nation's critical infrastructure.

  8. Methodology for prioritizing cyber-vulnerable critical infrastructure equipment and mitigation strategies.

    SciTech Connect (OSTI)

    Dawson, Lon Andrew; Stinebaugh, Jennifer A.

    2010-04-01T23:59:59.000Z

    The Department of Homeland Security (DHS), National Cyber Security Division (NSCD), Control Systems Security Program (CSSP), contracted Sandia National Laboratories to develop a generic methodology for prioritizing cyber-vulnerable, critical infrastructure assets and the development of mitigation strategies for their loss or compromise. The initial project has been divided into three discrete deliverables: (1) A generic methodology report suitable to all Critical Infrastructure and Key Resource (CIKR) Sectors (this report); (2) a sector-specific report for Electrical Power Distribution; and (3) a sector-specific report for the water sector, including generation, water treatment, and wastewater systems. Specific reports for the water and electric sectors are available from Sandia National Laboratories.

  9. U-117: Potential security vulnerability has been identified with...

    Broader source: Energy.gov (indexed) [DOE]

    printer firmware. PLATFORM: Select HP printers and Digital Senders ABSTRACT: Remote attackers could execute arbitrary code by using a session on TCP port 9100 to upload a...

  10. Common Cyber Security Vulnerabilities Observed in Control System

    Office of Environmental Management (EM)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742 33 111 1,613PortsmouthBartlesville EnergyDepartment. CashDay-JuneOffice of

  11. V-237: TYPO3 Security Bypass Vulnerabilities | Department of Energy

    Energy Savers [EERE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page onYou are now leaving Energy.gov You are now leaving Energy.gov You are being directed off Energy.gov. Are you sureReportsofDepartmentSeries |Attacks | Department of Energy3:7: TYPO3

  12. U-197: Cisco Adaptive Security Appliances Denial of Service Vulnerability |

    Energy Savers [EERE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page onYou are now leaving Energy.gov You are now leaving Energy.gov You are being directed offOCHCO Overview OCHCOSystems Analysis Success| Department ofServicesPointsInjection1

  13. U-197: Cisco Adaptive Security Appliances Denial of Service Vulnerability |

    Office of Environmental Management (EM)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742 33Frequently AskedEnergyIssuesEnergyTransportation WorkDecemberInjury at FY6:Energy

  14. Common Cyber Security Vulnerabilities Observed in Control System

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels DataDepartment of Energy Your Density Isn't Your Destiny: Theof"Wave the WhiteNational| Department ofCommittee Report for

  15. Mitigations for Security Vulnerabilities Found in Control System Networks |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742Energy China 2015of 2005 atthe DistrictIndependentDepartment4.docfromImpact |Guidance

  16. Mitigations for Security Vulnerabilities Found in Control System Networks |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels DataDepartment of Energy Your Density Isn't YourTransport(FactDepartment3311,Official FileEnergyAERMOD-PRIME,Department of Energy

  17. Cyber Security Requirements for Risk Management

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2004-02-19T23:59:59.000Z

    The Notice ensures that system owners consistently assess the threats to and vulnerabilities of systems in order to implement adequate security controls. The Notice will also ensure compliance with the requirements of DOE O 205.1, Department of Energy Cyber Security Management Program, dated 3-21-03, and protect DOE information and information systems from unauthorized access, use, disclosure, modification, or destruction. DOE N 205.15, dated 3/18/05, extends this directive until 3/18/06.

  18. Cyber Security via Minority Games with Epistatic Signaling (Extended Abstract)

    E-Print Network [OSTI]

    Mishra, Bud

    Cyber Security via Minority Games with Epistatic Signaling (Extended Abstract) W. Casey, L. Metcalf occurs when deceptions are employed in order to breach the security of the system, thus making the entire profiles (e.g., the distribution of players employing various kinds of vulnerability and threat predictions

  19. ANALYSIS OF ELECTRIC GRID SECURITY UNDER TERRORIST THREAT Javier Salmeron

    E-Print Network [OSTI]

    Baldick, Ross

    analytical techniques to help mitigate the disruptions to electric power grids caused by terrorist attacks; Homeland security I. INTRODUCTION Electric power systems are critical to any country's economy and security has long been recognized [1]. This vulnerability has increased in recent years because infrastructure

  20. Cyber Security

    Energy Savers [EERE]

    Associate CIO for Cyber Security (IM-30) Rod Turk Deputy Associate CIO for Cyber Security (IM-30) Michael Maraya Incident Management Division (IM-32) Rob Ciochon Director Policy,...

  1. information security

    E-Print Network [OSTI]

    Faculty listing for "information security" ... 1167; Phone: +1 765 49-46022; Email: wagstaff@purdue.edu; Research Interests: number theory, information security.

  2. Microgrid cyber security reference architecture.

    SciTech Connect (OSTI)

    Veitch, Cynthia K.; Henry, Jordan M.; Richardson, Bryan T.; Hart, Derek H.

    2013-07-01T23:59:59.000Z

    This document describes a microgrid cyber security reference architecture. First, we present a high-level concept of operations for a microgrid, including operational modes, necessary power actors, and the communication protocols typically employed. We then describe our motivation for designing a secure microgrid; in particular, we provide general network and industrial control system (ICS)-speci c vulnerabilities, a threat model, information assurance compliance concerns, and design criteria for a microgrid control system network. Our design approach addresses these concerns by segmenting the microgrid control system network into enclaves, grouping enclaves into functional domains, and describing actor communication using data exchange attributes. We describe cyber actors that can help mitigate potential vulnerabilities, in addition to performance bene ts and vulnerability mitigation that may be realized using this reference architecture. To illustrate our design approach, we present a notional a microgrid control system network implementation, including types of communica- tion occurring on that network, example data exchange attributes for actors in the network, an example of how the network can be segmented to create enclaves and functional domains, and how cyber actors can be used to enforce network segmentation and provide the neces- sary level of security. Finally, we describe areas of focus for the further development of the reference architecture.

  3. Optimal redundancy against disjoint vulnerabilities in networks

    E-Print Network [OSTI]

    Krause, Sebastian M; Zlati?, Vinko

    2015-01-01T23:59:59.000Z

    Redundancy is commonly used to guarantee continued functionality in networked systems. However, often many nodes are vulnerable to the same failure or adversary. A "backup" path is not sufficient if both paths depend on nodes which share a vulnerability.For example, if two nodes of the Internet cannot be connected without using routers belonging to a given untrusted entity, then all of their communication-regardless of the specific paths utilized-will be intercepted by the controlling entity.In this and many other cases, the vulnerabilities affecting the network are disjoint: each node has exactly one vulnerability but the same vulnerability can affect many nodes. To discover optimal redundancy in this scenario, we describe each vulnerability as a color and develop a "color-avoiding percolation" which uncovers a hidden color-avoiding connectivity. We present algorithms for color-avoiding percolation of general networks and an analytic theory for random graphs with uniformly distributed colors including critic...

  4. SMB Information Security Seminar (2013) Exercise 4 Actions taken to maintain awareness of

    E-Print Network [OSTI]

    Magee, Joseph W.

    2013-01-01T23:59:59.000Z

    SMB Information Security Seminar (2013) Exercise 4 Actions taken to maintain awareness of threats note of the data security issues covered in these publications. Ask yourself "Is my business vulnerable network with your peers, talk about cyber security issues. Give and get advice, hints, tips, etc. 4. Make

  5. Network Traffic Analysis and SCADA Security

    E-Print Network [OSTI]

    Hu, Jiankun

    systems are widely used for monitoring and controlling industrial systems including power plants, water of traffic generated. Finally, network traffic monitoring can be used in security management to identify the vulnerabilities of SCADA systems because this 383 © Springer 2010 , Handbook of Information and Communication

  6. Process Control Systems in the Chemical Industry: Safety vs. Security

    SciTech Connect (OSTI)

    Jeffrey Hahn; Thomas Anderson

    2005-04-01T23:59:59.000Z

    Traditionally, the primary focus of the chemical industry has been safety and productivity. However, recent threats to our nation’s critical infrastructure have prompted a tightening of security measures across many different industry sectors. Reducing vulnerabilities of control systems against physical and cyber attack is necessary to ensure the safety, security and effective functioning of these systems. The U.S. Department of Homeland Security has developed a strategy to secure these vulnerabilities. Crucial to this strategy is the Control Systems Security and Test Center (CSSTC) established to test and analyze control systems equipment. In addition, the CSSTC promotes a proactive, collaborative approach to increase industry's awareness of standards, products and processes that can enhance the security of control systems. This paper outlines measures that can be taken to enhance the cybersecurity of process control systems in the chemical sector.

  7. COLLOQUIUM: NOTE SPECIAL DATE - THURSDAY: Unique Vulnerability...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    DATE - THURSDAY: Unique Vulnerability of the New YorkNew Jersey Metro Region to Hurricane Destruction - A New Perspective Based on Recent Research on Irene 2011 and Sandy...

  8. Mining Bug Databases for Unidentified Software Vulnerabilities

    SciTech Connect (OSTI)

    Dumidu Wijayasekara; Milos Manic; Jason Wright; Miles McQueen

    2012-06-01T23:59:59.000Z

    Identifying software vulnerabilities is becoming more important as critical and sensitive systems increasingly rely on complex software systems. It has been suggested in previous work that some bugs are only identified as vulnerabilities long after the bug has been made public. These vulnerabilities are known as hidden impact vulnerabilities. This paper discusses the feasibility and necessity to mine common publicly available bug databases for vulnerabilities that are yet to be identified. We present bug database analysis of two well known and frequently used software packages, namely Linux kernel and MySQL. It is shown that for both Linux and MySQL, a significant portion of vulnerabilities that were discovered for the time period from January 2006 to April 2011 were hidden impact vulnerabilities. It is also shown that the percentage of hidden impact vulnerabilities has increased in the last two years, for both software packages. We then propose an improved hidden impact vulnerability identification methodology based on text mining bug databases, and conclude by discussing a few potential problems faced by such a classifier.

  9. Assessing Climate Change Impacts, Vulnerability and Adaptation...

    Open Energy Info (EERE)

    The Case of Pantabangan-Carranglan Watershed Jump to: navigation, search Name Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan...

  10. Business-driven security White paper

    E-Print Network [OSTI]

    March 2008 Business-driven security White paper Take a holistic approach to business-driven security. #12;Take a holistic approach to business-driven security. 2 Overview Today's corporate leaders face multiple challenges, including the need to innovate in extremely competitive business climates

  11. T-626: Xen Multiple Buffer Overflow and Integer Overflow Vulnerabilities

    Broader source: Energy.gov [DOE]

    It was found that the xc_try_bzip2_decode() and xc_try_lzma_decode() decode routines did not correctly check for a possible buffer size overflow in the decoding loop. As well, several integer overflow flaws and missing error/range checking were found that could lead to an infinite loop. A privileged guest user could use these flaws to crash the guest or, possibly, execute arbitrary code in the privileged management domain (Dom0). (CVE-2011-1583)

  12. U-002:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities

    Broader source: Energy.gov [DOE]

    A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

  13. Network Vulnerability to Single, Multiple, and Probabilistic Physical Attacks

    E-Print Network [OSTI]

    Agarwal, Pankaj K.

    , such as an Electromagnetic Pulse (EMP) attack. Large- scale disasters are likely to destroy network equipment and to severely--Network survivability, geographic networks, network design, Electromagnetic Pulse (EMP), computational geometry. I, such as an Electromagnetic Pulse (EMP) attack, as well as natural disasters, such as earth- quakes, hurricanes or floods [1

  14. V-051: Oracle Solaris Java Multiple Vulnerabilities | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA group current C3EDepartment of EnergyThe

  15. V-083: Oracle Java Multiple Vulnerabilities | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA group current C3EDepartment of

  16. V-097: Google Chrome Multiple Vulnerabilities | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA group current C3EDepartment ofPrivileges | Department of Energy

  17. V-105: Google Chrome Multiple Vulnerabilities | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA group current C3EDepartment ofPrivileges | Department of EnergySUSEGoogle

  18. V-107: Wireshark Multiple Denial of Service Vulnerabilities | Department of

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA group current C3EDepartment ofPrivileges | Department of

  19. V-111: Multiple vulnerabilities have been reported in Puppet | Department

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA group current C3EDepartment ofPrivileges | Department ofDepartment ofDepartmentof

  20. V-118: IBM Lotus Domino Multiple Vulnerabilities | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA group current C3EDepartment ofPrivileges | Department

  1. V-121: Google Chrome Multiple Vulnerabilities | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA group current C3EDepartment ofPrivileges | DepartmentDepartment of

  2. V-126: Mozilla Firefox Multiple Vulnerabilities | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA group current C3EDepartment ofPrivileges | DepartmentDepartmentAttacksMozilla

  3. T-542: SAP Crystal Reports Server Multiple Vulnerabilities | Department of

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23, 2014,Zaleski -BlueprintThis

  4. U-100: Google Chrome Multiple Vulnerabilities | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23,EnergyChicopeeTechnologyfactTuscarora Phase IIDOEArbitrary Code |Energy

  5. U-173: Symantec Web Gateway Multiple Vulnerabilities | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23,EnergyChicopeeTechnologyfactTuscarora PhaseArbitraryDrupalCode | Department

  6. U-179: IBM Java 7 Multiple Vulnerabilities | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23,EnergyChicopeeTechnologyfactTuscarora PhaseArbitraryDrupalCode | DepartmentIBM

  7. U-273: Multiple vulnerabilities have been reported in Wireshark |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23,EnergyChicopeeTechnologyfactTuscaroraDepartmentAuthentication Client 3.5

  8. U-198: IBM Lotus Expeditor Multiple Vulnerabilities | Department of Energy

    Energy Savers [EERE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page onYou are now leaving Energy.gov You are now leaving Energy.gov You are being directed offOCHCO Overview OCHCOSystems Analysis Success| Department ofServicesPointsInjection198: IBM Lotus

  9. V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities

    Energy Savers [EERE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page onYou are now leaving Energy.gov You are now leaving Energy.gov You are being directedAnnual Siteof Energy 2, 2015 -Helicopter-Japan Joint NuclearDepartment ofEnergy| Department

  10. U-035: Adobe Flash Player Multiple Vulnerabilities | Department of Energy

    Office of Environmental Management (EM)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742 33Frequently AskedEnergyIssuesEnergyTransportation WorkDecemberInjury at FY 20113: Debian

  11. U-162: Drupal Multiple Vulnerabilities | Department of Energy

    Office of Environmental Management (EM)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742 33Frequently AskedEnergyIssuesEnergyTransportation WorkDecemberInjury at FY6: Adobe|2: Drupal

  12. V-152: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742Energy China 2015of 2005UNSDepartmentFebruaryPhase|Potomac RiverWithDepartment ofGain

  13. V-157: Adobe Reader / Acrobat Multiple Vulnerabilities | Department of

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742Energy China 2015of 2005UNSDepartmentFebruaryPhase|Potomac RiverWithDepartmentFixation Attacks

  14. V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742Energy China 2015of 2005UNSDepartmentFebruaryPhase|Potomac

  15. V-178: IBM Data Studio Web Console Java Multiple Vulnerabilities |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742Energy China 2015of 2005UNSDepartmentFebruaryPhase|PotomacDepartment ofConductThere

  16. V-187: Mozilla Firefox Multiple Vulnerabilities | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742Energy China 2015of 2005UNSDepartmentFebruaryPhase|PotomacDepartmentRemote

  17. V-152: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels DataDepartment of Energy Your DensityEnergy U.S.-China Electric Vehicle and03/02 TUE 08:59Capability for2:ofDepartment of Energy

  18. V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels DataDepartment of Energy Your DensityEnergy U.S.-China Electric Vehicle and03/02 TUE 08:59Capability for2:ofDepartment of

  19. V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels DataDepartment of Energy Your DensityEnergy U.S.-China Electric Vehicle and03/02 TUE 08:59Capability for2:ofDepartment| Department of

  20. U-133: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system.

  1. GRiP - A flexible approach for calculating risk as a function of consequence, vulnerability, and threat.

    SciTech Connect (OSTI)

    Whitfield, R. G.; Buehring, W. A.; Bassett, G. W. (Decision and Information Sciences)

    2011-04-08T23:59:59.000Z

    Get a GRiP (Gravitational Risk Procedure) on risk by using an approach inspired by the physics of gravitational forces between body masses! In April 2010, U.S. Department of Homeland Security Special Events staff (Protective Security Advisors [PSAs]) expressed concern about how to calculate risk given measures of consequence, vulnerability, and threat. The PSAs believed that it is not 'right' to assign zero risk, as a multiplicative formula would imply, to cases in which the threat is reported to be extremely small, and perhaps could even be assigned a value of zero, but for which consequences and vulnerability are potentially high. They needed a different way to aggregate the components into an overall measure of risk. To address these concerns, GRiP was proposed and developed. The inspiration for GRiP is Sir Isaac Newton's Universal Law of Gravitation: the attractive force between two bodies is directly proportional to the product of their masses and inversely proportional to the squares of the distance between them. The total force on one body is the sum of the forces from 'other bodies' that influence that body. In the case of risk, the 'other bodies' are the components of risk (R): consequence, vulnerability, and threat (which we denote as C, V, and T, respectively). GRiP treats risk as if it were a body within a cube. Each vertex (corner) of the cube represents one of the eight combinations of minimum and maximum 'values' for consequence, vulnerability, and threat. The risk at each of the vertices is a variable that can be set. Naturally, maximum risk occurs when consequence, vulnerability, and threat are at their maximum values; minimum risk occurs when they are at their minimum values. Analogous to gravitational forces among body masses, the GRiP formula for risk states that the risk at any interior point of the box depends on the squares of the distances from that point to each of the eight vertices. The risk value at an interior (movable) point will be dominated by the value of one vertex as that point moves closer and closer to that one vertex. GRiP is a visualization tool that helps analysts better understand risk and its relationship to consequence, vulnerability, and threat. Estimates of consequence, vulnerability, and threat are external to GRiP; however, the GRiP approach can be linked to models or data that provide estimates of consequence, vulnerability, and threat. For example, the Enhanced Critical Infrastructure Program/Infrastructure Survey Tool produces a vulnerability index (scaled from 0 to 100) that can be used for the vulnerability component of GRiP. We recognize that the values used for risk components can be point estimates and that, in fact, there is uncertainty regarding the exact values of C, V, and T. When we use T = t{sub o} (where t{sub o} is a value of threat in its range), we mean that threat is believed to be in an interval around t{sub o}. Hence, a value of t{sub o} = 0 indicates a 'best estimate' that the threat level is equal to zero, but still allows that it is not impossible for the threat to occur. When t{sub o} = 0 but is potentially small and not exactly zero, there will be little impact on the overall risk value as long as the C and V components are not large. However, when C and/or V have large values, there can be large differences in risk given t{sub o} = 0, and t{sub o} = epsilon (where epsilon is small but greater than a value of zero). We believe this scenario explains the PSA's intuition that risk is not equal to zero when t{sub o} = 0 and C and/or V have large values. (They may also be thinking that if C has an extremely large value, it is unlikely that T is equal to 0; in the terrorist context, T would likely be dependent on C when C is extremely large.) The PSAs are implicitly recognizing the potential that t{sub o} = epsilon. One way to take this possible scenario into account is to replace point estimates for risk with interval values that reflect the uncertainty in the risk components. In fact, one could argue that T never equals zero for a man-made hazard. This

  2. Software Security Rules, SDLC Perspective

    E-Print Network [OSTI]

    Banerjee, C

    2009-01-01T23:59:59.000Z

    Software has become an integral part of everyday life. Everyday, millions of people perform transaction through internet, ATM, mobile phone, they send email and Egreetings, and use word processing and spreadsheet for various purpose. People use software bearing in mind that it is reliable and can be trust upon and the operation they perform is secured. Now, if these software have exploitable security hole then how can they be safe for use. Security brings value to software in terms of peoples trust. The value provided by secure software is of vital importance because many critical functions are entirely dependent on the software. That is why security is a serious topic which should be given proper attention during the entire SDLC, right from the beginning. For the proper implementation of security in the software, twenty one security rules are proposed in this paper along with validation results. It is found that by applying these rules as per given implementation mechanism, most of the vulnerabilities are el...

  3. Nuclear power plant security systems - The need for upgrades

    SciTech Connect (OSTI)

    Murskyj, M.P.; Furlow, C.H.

    1989-01-01T23:59:59.000Z

    Most perimeter security systems for nuclear power plants were designed and installed in the late 1970s or early 1980s. This paper explores the need to regularly evaluate and possibly upgrade a security system in the area of perimeter intrusion detection and surveillance. this paper discusses US Nuclear Regulatory Commission audits and regulatory effectiveness reviews (RERs), which have raised issues regarding the performance of perimeter security systems. The audits and RERs identified various degrees of vulnerability in certain aspects of existing perimeter security systems. In addition to reviewing the regulatory concerns, this paper discusses other reasons to evaluate and/or upgrade a perimeter security system.

  4. Ninth Annual Cyber and Information Security Research Conference...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Ninth Annual Cyber and Information Security Research Conference Apr 08 2014 04-08-2014 08:30 AM - 04-10-2014 04:00 PM Multiple speakers, multiple disciplines, multiple affiliations...

  5. On the Security of Public Key Protocols

    E-Print Network [OSTI]

    Danny Dolev; et al.

    1983-01-01T23:59:59.000Z

    Recently the use of public key encryption to provide secure network communication has received considerable attention. Such public key systems are usually effective against passive eavesdroppers, who merely tap the lines and try to decipher the message. It has been pointed out, however, that an improperly designed protocol could be vulnerable to an active saboteur, one who may impersonate another user or alter the message being transmitted. Several models are formulated in which the security of protocols can be discussed precisely. Algorithms and characteri-zations that can be used to determine protocol security in these models are given.

  6. Proliferation Vulnerability Red Team report

    SciTech Connect (OSTI)

    Hinton, J.P.; Barnard, R.W.; Bennett, D.E. [and others

    1996-10-01T23:59:59.000Z

    This report is the product of a four-month independent technical assessment of potential proliferation vulnerabilities associated with the plutonium disposition alternatives currently under review by DOE/MD. The scope of this MD-chartered/Sandia-led study was limited to technical considerations that could reduce proliferation resistance during various stages of the disposition processes below the Stored Weapon/Spent Fuel standards. Both overt and covert threats from host nation and unauthorized parties were considered. The results of this study will be integrated with complementary work by others into an overall Nonproliferation and Arms Control Assessment in support of a Secretarial Record of Decision later this year for disposition of surplus U.S. weapons plutonium.

  7. Information Security: Coordination of Federal Cyber Security...

    Office of Environmental Management (EM)

    Security: Coordination of Federal Cyber Security Research and Development Information Security: Coordination of Federal Cyber Security Research and Development GAO recommends that...

  8. Detecting Network Vulnerabilities Through Graph Theoretical Methods

    E-Print Network [OSTI]

    Geddes, Cameron Guy Robinson

    vulnerabilities in power networks is an important prob- lem, as even a small number of vulnerable connections can benchmark power networks. 1 Introduction The electric power grid network is susceptible to power outages northeast and Canada, which affected an estimated 50 million people, causing over $6 billion in damage

  9. SEISMIC VULNERABILITY ASSESSMENT USING AMBIENT VIBRATIONS

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    SEISMIC VULNERABILITY ASSESSMENT USING AMBIENT VIBRATIONS: METHOD AND VALIDATION Clotaire Michel, France cmichel@obs.ujf-grenoble.fr Abstract Seismic vulnerability in wide areas is usually assessed like USA or Italy. France is a country with moderate seismicity so that it requires lower-cost methods

  10. Climate Change and Infrastructure, Urban Systems, and Vulnerabilities

    SciTech Connect (OSTI)

    Wilbanks, Thomas J [ORNL] [ORNL; Fernandez, Steven J [ORNL] [ORNL

    2014-01-01T23:59:59.000Z

    This Technical Report on Climate Change and Infrastructure, Urban Systems, and Vulnerabilities has been prepared for the U.S. Department of Energy by the Oak Ridge National Laboratory in support of the U.S. National Climate Assessment (NCA). It is a summary of the currently existing knowledge base on its topic, nested within a broader framing of issues and questions that need further attention in the longer run. The report arrives at a number of assessment findings, each associated with an evaluation of the level of consensus on that issue within the expert community, the volume of evidence available to support that judgment, and the section of the report that provides an explanation for the finding. Cross-sectoral issues related to infrastructures and urban systems have not received a great deal of attention to date in research literatures in general and climate change assessments in particular. As a result, this technical report is breaking new ground as a component of climate change vulnerability and impact assessments in the U.S., which means that some of its assessment findings are rather speculative, more in the nature of propositions for further study than specific conclusions that are offered with a high level of confidence and research support. But it is a start in addressing questions that are of interest to many policymakers and stakeholders. A central theme of the report is that vulnerabilities and impacts are issues beyond physical infrastructures themselves. The concern is with the value of services provided by infrastructures, where the true consequences of impacts and disruptions involve not only the costs associated with the clean-up, repair, and/or replacement of affected infrastructures but also economic, social, and environmental effects as supply chains are disrupted, economic activities are suspended, and/or social well-being is threatened. Current knowledge indicates that vulnerability concerns tend to be focused on extreme weather events associated with climate change that can disrupt infrastructure services, often cascading across infrastructures because of extensive interdependencies threatening health and local economies, especially in areas where human populations and economic activities are concentrated in urban areas. Vulnerabilities are especially large where infrastructures are subject to multiple stresses, beyond climate change alone; when they are located in areas vulnerable to extreme weather events; and if climate change is severe rather than moderate. But the report also notes that there are promising approaches for risk management, based on emerging lessons from a number of innovative initiatives in U.S. cities and other countries, involving both structural and non-structural (e.g., operational) options.

  11. Towards Designing a Biometric Measure for Enhancing ATM Security in Nigeria E-Banking System

    E-Print Network [OSTI]

    Ibidapo,; Omogbadegun, Zaccheous O; Oyelami, Olufemi M

    2011-01-01T23:59:59.000Z

    Security measures at banks can play a critical, contributory role in preventing attacks on customers. These measures are of paramount importance when considering vulnerabilities and causation in civil litigation. Banks must meet certain standards in order to ensure a safe and secure banking environment for their customers. This paper focuses on vulnerabilities and the increasing wave of criminal activities occurring at Automated Teller Machines (ATMs) where quick cash is the prime target for criminals rather than at banks themselves. A biometric measure as a means of enhancing the security has emerged from the discourse. Keywords-Security, ATM, Biometric, Crime.

  12. attitudes perceived vulnerability: Topics by E-print Network

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Summary: BIODIVERSITY RESEARCH Assessing species vulnerability to climate and land use change: the case projections of likely impacts of global change to identify the most vulner-...

  13. TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED...

    Energy Savers [EERE]

    TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED MITIGATIONS TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED MITIGATIONS This document provides...

  14. Top 10 Vulnerabilities of Control Systems and Their Associated...

    Energy Savers [EERE]

    Top 10 Vulnerabilities of Control Systems and Their Associated Migitations (2006) Top 10 Vulnerabilities of Control Systems and Their Associated Migitations (2006) This document...

  15. aquifer contamination vulnerability: Topics by E-print Network

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    species vulnerability to climate and land use change: the case projections of likely impacts of global change to identify the most vulner- able species. We suggest an original...

  16. Determining Vulnerability Importance in Environmental Impact Assessment

    SciTech Connect (OSTI)

    Toro, Javier, E-mail: jjtoroca@unal.edu.co [Institute of Environmental Studies, National University of Colombia, Bogota (Colombia); Duarte, Oscar, E-mail: ogduartev@unal.edu.co [Department of Electrical and Electronics Engineering, National University of Colombia, Bogota (Colombia); Requena, Ignacio, E-mail: requena@decsai.ugr.es [Department of Computer Science and Artificial Intelligence, University of Granada (Spain); Zamorano, Montserrat, E-mail: zamorano@ugr.es [Department of Civil Engineering, University of Granada (Spain)

    2012-01-15T23:59:59.000Z

    The concept of vulnerability has been used to describe the susceptibility of physical, biotic, and social systems to harm or hazard. In this sense, it is a tool that reduces the uncertainties of Environmental Impact Assessment (EIA) since it does not depend exclusively on the value assessments of the evaluator, but rather is based on the environmental state indicators of the site where the projects or activities are being carried out. The concept of vulnerability thus reduces the possibility that evaluators will subjectively interpret results, and be influenced by outside interests and pressures during projects. However, up until now, EIA has been hindered by a lack of effective methods. This research study analyzes the concept of vulnerability, defines Vulnerability Importance and proposes its inclusion in qualitative EIA methodology. The method used to quantify Vulnerability Importance is based on a set of environmental factors and indicators that provide a comprehensive overview of the environmental state. The results obtained in Colombia highlight the usefulness and objectivity of this method since there is a direct relation between this value and the environmental state of the departments analyzed. - Research Highlights: Black-Right-Pointing-Pointer The concept of vulnerability could be considered defining Vulnerability Importance included in qualitative EIA methodology. Black-Right-Pointing-Pointer The use of the concept of environmental vulnerability could reduce the subjectivity of qualitative methods of EIA. Black-Right-Pointing-Pointer A method to quantify the Vulnerability Importance proposed provides a comprehensive overview of the environmental state. Black-Right-Pointing-Pointer Results in Colombia highlight the usefulness and objectivity of this method.

  17. Assessing Vulnerabilities, Risks, and Consequences of Damage to Critical Infrastructure

    SciTech Connect (OSTI)

    Suski, N; Wuest, C

    2011-02-04T23:59:59.000Z

    Since the publication of 'Critical Foundations: Protecting America's Infrastructure,' there has been a keen understanding of the complexity, interdependencies, and shared responsibility required to protect the nation's most critical assets that are essential to our way of life. The original 5 sectors defined in 1997 have grown to 18 Critical Infrastructures and Key Resources (CIKR), which are discussed in the 2009 National Infrastructure Protection Plan (NIPP) and its supporting sector-specific plans. The NIPP provides the structure for a national program dedicated to enhanced protection and resiliency of the nation's infrastructure. Lawrence Livermore National Laboratory (LLNL) provides in-depth, multi-disciplinary assessments of threat, vulnerability, and consequence across all 18 sectors at scales ranging from specific facilities to infrastructures spanning multi-state regions, such as the Oil and Natural Gas (ONG) sector. Like many of the CIKR sectors, the ONG sector is comprised of production, processing, distribution, and storage of highly valuable and potentially dangerous commodities. Furthermore, there are significant interdependencies with other sectors, including transportation, communication, finance, and government. Understanding the potentially devastating consequences and collateral damage resulting from a terrorist attack or natural event is an important element of LLNL's infrastructure security programs. Our work began in the energy sector in the late 1990s and quickly expanded other critical infrastructure sectors. We have performed over 600 physical assessments with a particular emphasis on those sectors that utilize, store, or ship potentially hazardous materials and for whom cyber security is important. The success of our approach is based on building awareness of vulnerabilities and risks and working directly with industry partners to collectively advance infrastructure protection. This approach consists of three phases: The Pre-Assessment Phase brings together infrastructure owners and operators to identify critical assets and help the team create a structured information request. During this phase, we gain information about the critical assets from those who are most familiar with operations and interdependencies, making the time we spend on the ground conducting the assessment much more productive and enabling the team to make actionable recommendations. The Assessment Phase analyzes 10 areas: Threat environment, cyber architecture, cyber penetration, physical security, physical penetration, operations security, policies and procedures, interdependencies, consequence analysis, and risk characterization. Each of these individual tasks uses direct and indirect data collection, site inspections, and structured and facilitated workshops to gather data. Because of the importance of understanding the cyber threat, LLNL has built both fixed and mobile cyber penetration, wireless penetration and supporting tools that can be tailored to fit customer needs. The Post-Assessment Phase brings vulnerability and risk assessments to the customer in a format that facilitates implementation of mitigation options. Often the assessment findings and recommendations are briefed and discussed with several levels of management and, if appropriate, across jurisdictional boundaries. The end result is enhanced awareness and informed protective measures. Over the last 15 years, we have continued to refine our methodology and capture lessons learned and best practices. The resulting risk and decision framework thus takes into consideration real-world constraints, including regulatory, operational, and economic realities. In addition to 'on the ground' assessments focused on mitigating vulnerabilities, we have integrated our computational and atmospheric dispersion capability with easy-to-use geo-referenced visualization tools to support emergency planning and response operations. LLNL is home to the National Atmospheric Release Advisory Center (NARAC) and the Interagency Modeling and Atmospheric Assessment Center (IMAAC). NA

  18. Fragile Networks: Identifying Vulnerabilities and Synergies

    E-Print Network [OSTI]

    Nagurney, Anna

    , Efficiency Measurement, and Vulnerability Analysis · Part II: Applications and Extensions · Part III: Mergers the foundations for transportation and logistics, for communication, energy provision, social interactions as the major theme. #12;Interdisciplinary Impact of Networks Networks Energy Manufacturing Telecommunications

  19. Structural Vulnerability Assessment of Electric Power Grids

    E-Print Network [OSTI]

    Koç, Yakup; Kooij, Robert E; Brazier, Frances M T

    2013-01-01T23:59:59.000Z

    Cascading failures are the typical reasons of black- outs in power grids. The grid topology plays an important role in determining the dynamics of cascading failures in power grids. Measures for vulnerability analysis are crucial to assure a higher level of robustness of power grids. Metrics from Complex Networks are widely used to investigate the grid vulnerability. Yet, these purely topological metrics fail to capture the real behaviour of power grids. This paper proposes a metric, the effective graph resistance, as a vulnerability measure to de- termine the critical components in a power grid. Differently than the existing purely topological measures, the effective graph resistance accounts for the electrical properties of power grids such as power flow allocation according to Kirchoff laws. To demonstrate the applicability of the effective graph resistance, a quantitative vulnerability assessment of the IEEE 118 buses power system is performed. The simulation results verify the effectiveness of the effect...

  20. CLIMATE VULNERABILITY AND ADAPTATION STUDY FOR

    E-Print Network [OSTI]

    CLIMATE VULNERABILITY AND ADAPTATION STUDY FOR CALIFORNIA Legal Analysis of Barriers's California Climate Change Center JULY 2012 CEC5002012019 Prepared for: California Energy Commission to that framework that would facilitate adaptation to climate change. Since such changes may be difficult

  1. Cancer Vulnerabilities Unveiled by Genomic Loss

    E-Print Network [OSTI]

    Nijhawan, Deepak

    Due to genome instability, most cancers exhibit loss of regions containing tumor suppressor genes and collateral loss of other genes. To identify cancer-specific vulnerabilities that are the result of copy number losses, ...

  2. V-164: Apple QuickTime Multiple Flaws Let Remote Users Execute...

    Broader source: Energy.gov (indexed) [DOE]

    Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Apple QuickTime prior to 7.7.4. ABSTRACT: Apple QuickTime Multiple Vulnerabilities REFERENCE LINKS:...

  3. T-574: Google Chrome Multiple Flaws Let Remote Users Execute...

    Broader source: Energy.gov (indexed) [DOE]

    Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can bypass the pop-up...

  4. Global security

    SciTech Connect (OSTI)

    Lynch, Patrick

    2014-07-14T23:59:59.000Z

    Patrick Lynch helps technical staff, academic leaders and governments around the world improve the safety and security of their nuclear power programs.

  5. Global security

    ScienceCinema (OSTI)

    Lynch, Patrick

    2014-07-15T23:59:59.000Z

    Patrick Lynch helps technical staff, academic leaders and governments around the world improve the safety and security of their nuclear power programs.

  6. PowerCyber: A Cyber-Physical Security Testbed for Smart Grid PI: Manimaran Govindarasu (gmani@iastate.edu)

    E-Print Network [OSTI]

    Manimaran, Govindarasu

    /Opal-RT, provide ability to simulate large power systems with monitoring, protecIon, control modeling bulk power system for cyber security experimentaIons. powercyber power system wherein, vulnerability analysis, system impact studies, risk assessment

  7. Climate change and climate variability affect all regions of the world. U.S. vulnerability to the changes and variations are not only dependent on changes within the U.S. but also on

    E-Print Network [OSTI]

    OVERVIEW Climate change and climate variability affect all regions of the world. U.S. vulnerability, it is important to assess emerging threats to national security due to climate change far into the future. Having with national security establish practical responses to climate change and extreme weather events

  8. Control Systems Security Test Center - FY 2004 Program Summary

    SciTech Connect (OSTI)

    Robert E. Polk; Alen M. Snyder

    2005-04-01T23:59:59.000Z

    In May 2004, the US-CERT Control Systems Security Center (CSSC) was established at Idaho National Laboratory to execute assessment activities to reduce the vulnerability of the nation’s critical infrastructure control systems to terrorist attack. The CSSC implements a program to accomplish the five goals presented in the US-CERT National Strategy for Control Systems Security. This report summarizes the first year funding of startup activities and program achievements that took place in FY 2004 and early FY 2005. This document was prepared for the US-CERT Control Systems Security Center of the National Cyber Security Division of the Department of Homeland Security (DHS). DHS has been tasked under the Homeland Security Act of 2002 to coordinate the overall national effort to enhance the protection of the national critical infrastructure. Homeland Security Presidential Directive HSPD-7 directs federal departments to identify and prioritize the critical infrastructure and protect it from terrorist attack. The US-CERT National Strategy for Control Systems Security was prepared by the National Cyber Security Division to address the control system security component addressed in the National Strategy to Secure Cyberspace and the National Strategy for the Physical Protection of Critical Infrastructures and Key Assets. The US-CERT National Strategy for Control Systems Security identified five high-level strategic goals for improving cyber security of control systems.

  9. Octopus: A Secure and Anonymous DHT Lookup

    E-Print Network [OSTI]

    Wang, Qiyan

    2012-01-01T23:59:59.000Z

    Distributed Hash Table (DHT) lookup is a core technique in structured peer-to-peer (P2P) networks. Its decentralized nature introduces security and privacy vulnerabilities for applications built on top of them; we thus set out to design a lookup mechanism achieving both security and anonymity, heretofore an open problem. We present Octopus, a novel DHT lookup which provides strong guarantees for both security and anonymity. Octopus uses attacker identification mechanisms to discover and remove malicious nodes, severely limiting an adversary's ability to carry out active attacks, and splits lookup queries over separate anonymous paths and introduces dummy queries to achieve high levels of anonymity. We analyze the security of Octopus by developing an event-based simulator to show that the attacker discovery mechanisms can rapidly identify malicious nodes with low error rate. We calculate the anonymity of Octopus using probabilistic modeling and show that Octopus can achieve near-optimal anonymity. We evaluate ...

  10. Improved Security Via ''Town Crier'' Monitoring

    SciTech Connect (OSTI)

    Johnston, R. G.; Garcia, A. R. E.; Pacheco, A. N.

    2003-02-26T23:59:59.000Z

    Waste managers are increasingly expected to provide good security for the hazardous materials they marshal. Good security requires, among other things, effective tamper and intrusion detection. We have developed and demonstrated a new method for tamper and intrusion detection which we call the ''town crier method''. It avoids many of the problems and vulnerabilities associated with traditional approaches, and has significant advantages for hazardous waste transport. We constructed two rudimentary town crier prototype systems, and tested them for monitoring cargo inside a truck. Preliminary results are encouraging.

  11. Improved security via 'Town Crier' monitoring

    SciTech Connect (OSTI)

    Johnston, R. G. (Roger G.); Garcia, A. R. E. (Anthony R. E.); Pacheco, A. N. (Adam N.)

    2002-01-01T23:59:59.000Z

    Waste managers are increasingly expected to provide good security for the hazardous materials they marshal. Good security requires, among other things, effective tamper and intrusion detection. We have developed and demonstrated a new method for tamper and intrusion detection which we call the 'town crier' method. It avoids many of the problems and vulnerabilities associated with traditional approaches, and has significant advantages for hazardous waste transport. We constructed two rudimentary town crier prototype systems, and tested them for monitoring cargo inside a truck. Preliminary results are encouraging.

  12. Towards a Secure Email Service for The Future Muhammad Shoaib Saleem and Eric Renault

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    content distribution, user privacy and security, naming and addressing, routing and name resolutionTowards a Secure Email Service for The Future Internet Muhammad Shoaib Saleem and ´Eric Renault.renault}@it-sudparis.eu Abstract--Email is one of the most used application over the Internet and it is vulnerable to cyber attacks

  13. A Learning-Based Approach to Reactive Security Adam Barth1

    E-Print Network [OSTI]

    Song, Dawn

    Information Security Officer (CISO) to man- age the enterprise's information security risks. Typically the enterprise "insecure" until every last vulnerability is plugged, CISOs typi- cally perform a cost-benefit analysis to identify which risks to address, but what constitutes an effective CISO strategy

  14. Assessing Power Substation Network Security and Survivability: A Work in Progress Report1

    E-Print Network [OSTI]

    Krings, Axel W.

    critical infrastructure systems identified was the electric power grid since this system supports all other: Cyber security, electric power security, assessment techniques 1. Introduction The on-going problem non-military infrastructures. Power grid vulnerabilities and mitigations were documented in the PCCIP

  15. Cyber Security for Power Grids Frank Mueller, Subhashish Bhattacharya, Christopher Zimmer

    E-Print Network [OSTI]

    Mueller, Frank

    systems. 1 Introduction The power grid in the US is one-century old and aging in terms of infrastructure methods to remove bugs as well as security vulnerabilities in soft- ware for intelligent power devicesCyber Security for Power Grids Frank Mueller, Subhashish Bhattacharya, Christopher Zimmer Dept

  16. Enhancing Energy Infrastructure Resiliency and Addressing Vulnerabilities

    Broader source: Energy.gov [DOE]

    Quadrennial Energy Review Task Force Secretariat and Energy Policy and Systems Analysis Staff, U. S. Department of Energy (DOE) Public Meeting on “Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities” On Friday, April 11, 2014, at 10 a.m. in room HVC-215 of the U.S. Capitol, the Department of Energy (DOE), acting as the Secretariat for the Quadrennial Energy Review Task Force, will hold a public meeting to discuss and receive comments on issues related to the Quadrennial Energy Review (QER). The meeting will focus on infrastructure vulnerabilities related to the electricity, natural gas and petroleum transmission, storage and distribution systems (TS&D). The meeting will consist of two facilitated panels of experts on identifying and addressing vulnerabilities within the nation’s energy TS&D infrastructure. Following the panels, an opportunity will be provided for public comment via an open microphone session. The meeting will be livestreamed at energy.gov/live

  17. National Nuclear Security Administration | National Nuclear Security...

    National Nuclear Security Administration (NNSA)

    National Nuclear Security Administration | National Nuclear Security Administration Facebook Twitter Youtube Flickr RSS People Mission Managing the Stockpile Preventing...

  18. Assessment of Chemical and Radiological Vulnerabilities

    SciTech Connect (OSTI)

    SETH, S.S.

    2000-05-17T23:59:59.000Z

    Following the May 14, 1997 chemical explosion at Hanford's Plutonium Reclamation Facility, the Department of Energy Richland Operations Office and its prime contractor, Fluor Hanford, Inc., completed an extensive assessment to identify and address chemical and radiological safety vulnerabilities at all facilities under the Project Hanford Management Contract. This was a challenging undertaking because of the immense size of the problem, unique technical issues, and competing priorities. This paper focuses on the assessment process, including the criteria and methodology for data collection, evaluation, and risk-based scoring. It does not provide details on the facility-specific results and corrective actions, but discusses the approach taken to address the identified vulnerabilities.

  19. Information Security Group IY5512 Computer Security

    E-Print Network [OSTI]

    Mitchell, Chris

    Information Security Group IY5512 Computer Security Part 7b: Windows securityPart 7b: Windows security Chris Mitchell me@chrismitchell.net http://www.chrismitchell.net 1 Information Security Group) of Windows machines. 2 Information Security Group Objectives II · Focus on Active Directory, authentication

  20. IMPLEMENTING MULTIPLE CHANNELS OVER SSL Yong Song, Victor C.M. Leung, Konstantin Beznosov

    E-Print Network [OSTI]

    IMPLEMENTING MULTIPLE CHANNELS OVER SSL Yong Song, Victor C.M. Leung, Konstantin Beznosov:{yongs,vleung,beznosov}@ece.ubc.ca Keywords: Communication security, Mobile security, Multiple channels, SSL Abstract: Multiple-Channel SSL (MC-SSL) is our model and protocol for the security of client-server communication. In contrast to SSL

  1. Transportation Security | ornl.gov

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Transportation Security SHARE Global Threat Reduction Initiative Transportation Security Cooperation Secure Transport Operations (STOP) Box Security of radioactive material while...

  2. U-124: Microsoft Security Bulletin Advance Notification for March 2012

    Broader source: Energy.gov [DOE]

    Microsoft Security Bulletin Advance Notification for March 2012. Microsoft has posted 1 Critical Bulletin, 4 Important bulletins and 1 Moderate bulletin. Bulletins with the Maximum Severity Rating and Vulnerability Impact of "Critical" may allow remote execution of code. Microsoft is hosting a webcast to address customer questions on these bulletins on March 14, 2012, at 11:00 AM Pacific Time (US & Canada).

  3. A Learning-Based Approach to Reactive Security

    E-Print Network [OSTI]

    Song, Dawn

    theory. Ç 1 INTRODUCTION MANY enterprises employ a Chief Information Security Officer (CISO) to manage vulnerability is plugged, CISOs typically perform a cost- benefit analysis to identify which risks to address. But what constitutes an effective CISO strategy? The conventional wisdom [1], [2] is that CISOs ought

  4. Hardware implementation of secure Shamir's secret sharing scheme

    E-Print Network [OSTI]

    Karpovsky, Mark

    Hardware implementation of secure Shamir's secret sharing scheme Pei Luo and Andy Yu-Lun Lin Electrical and Computer Engineering Boston University Email: markkar@bu.edu Abstract--Shamir's secret sharing scheme is an effective way to distribute secret to a group of shareholders. But this scheme is vulnerable

  5. Cyber Security and Resilient Systems

    SciTech Connect (OSTI)

    Robert S. Anderson

    2009-07-01T23:59:59.000Z

    The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation’s cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested – both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments to date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the next generation fighter jets or nuclear material safeguards systems in complex nuclear fuel cycle facilities. It is the intent of this paper to describe the cyber security programs that are currently in place, the experiences and successes achieved in industry including outreach and training, and suggestions about how other sectors and organizations can leverage this national expertise to help their monitoring and control systems become more secure.

  6. Security Conditions

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2004-07-08T23:59:59.000Z

    This Notice ensures that DOE uniformly meets the requirements of the Homeland Security Advisory System outlined in Homeland Security Presidential Directive-3, Threat Conditions and Associated Protective Measures, dated 3-11-02, and provides responses specified in Presidential Decision Directive 39, U.S. Policy on Counterterrorism (U), dated 6-21-95. It cancels DOE N 473.8, Security Conditions, dated 8-7-02. Extended until 7-7-06 by DOE N 251.64, dated 7-7-05 Cancels DOE N 473.8

  7. Chemical Safety Vulnerability Working Group Report

    SciTech Connect (OSTI)

    Not Available

    1994-09-01T23:59:59.000Z

    This report marks the culmination of a 4-month review conducted to identify chemical safety vulnerabilities existing at DOE facilities. This review is an integral part of DOE's efforts to raise its commitment to chemical safety to the same level as that for nuclear safety.

  8. Bluetooth Vulnerabilities ECE 478 Winter 05

    E-Print Network [OSTI]

    Bluetooth Vulnerabilities ECE 478 Winter 05 Victor Yee #12;Topics · What is Bluetooth? · History ­ Automobiles #12;What is Bluetooth? · Short-range (10m-100m) wireless specification · Operating at 2.4GHz radio 2Mb/s #12;History · Named from Danish King Harold Bluetooth from the 10th century ­ instrumental

  9. WATER AND ENERGY SECTOR VULNERABILITY TO CLIMATE

    E-Print Network [OSTI]

    WATER AND ENERGY SECTOR VULNERABILITY TO CLIMATE WARMING IN THE SIERRA NEVADA: Water Year explores the sensitivity of water indexing methods to climate change scenarios to better understand how water management decisions and allocations will be affected by climate change. Many water management

  10. T-594: IBM solidDB Password Hash Authentication Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    This vulnerability could allow remote attackers to execute arbitrary code on vulnerable installations of IBM solidDB. Authentication is not required to exploit this vulnerability.

  11. Climate Change and National Security

    SciTech Connect (OSTI)

    Malone, Elizabeth L.

    2013-02-01T23:59:59.000Z

    Climate change is increasingly recognized as having national security implications, which has prompted dialogue between the climate change and national security communities – with resultant advantages and differences. Climate change research has proven useful to the national security community sponsors in several ways. It has opened security discussions to consider climate as well as political factors in studies of the future. It has encouraged factoring in the stresses placed on societies by climate changes (of any kind) to help assess the potential for state stability. And it has shown that, changes such as increased heat, more intense storms, longer periods without rain, and earlier spring onset call for building climate resilience as part of building stability. For the climate change research community, studies from a national security point of view have revealed research lacunae, for example, such as the lack of usable migration studies. This has also pushed the research community to consider second- and third-order impacts of climate change, such as migration and state stability, which broadens discussion of future impacts beyond temperature increases, severe storms, and sea level rise; and affirms the importance of governance in responding to these changes. The increasing emphasis in climate change science toward research in vulnerability, resilience, and adaptation also frames what the intelligence and defense communities need to know, including where there are dependencies and weaknesses that may allow climate change impacts to result in security threats and where social and economic interventions can prevent climate change impacts and other stressors from resulting in social and political instability or collapse.

  12. Security Specialist

    Broader source: Energy.gov [DOE]

    The position is located in the Office of Environmental Management (EM),Office of Safeguards, Security and Emergency Preparedness (EM-44). The mission of EM-44 is to develop and oversee the...

  13. Personnel Security

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2005-08-26T23:59:59.000Z

    The manual establishes the overall objectives and requirements for the Department of Energy Personnel Security Program. Cancels DOE M 472.1-1B. Canceled by DOE O 472.2.

  14. Personnel Security

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2011-07-27T23:59:59.000Z

    The Order establishes requirements for a successful, efficient and cost-effective personnel security program to ensure accurate, timely and equitable determinations of individuals’ eligibility for access to classified information and fitness for placement or retention in national security positions. Cancels DOE M 470.4-5, DOE N 470.4 and DOE N 470.5. Admin Chg 1, 10-8-13.

  15. Information Security

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2011-06-20T23:59:59.000Z

    The protection and control of classified information is critical to our nation’s security. This Order establishes requirements and responsibilities for Department of Energy (DOE) Departmental Elements, including the National Nuclear Security Administration (NNSA), to protect and control classified information as required by statutes, regulation, Executive Orders, government-wide policy directives and guidelines, and DOE policy and directives. Cancels DOE M 470.4-4A Chg except for Section D.

  16. PNNL-SA-33642 VULNERABILITY TO CLIMATE CHANGE

    E-Print Network [OSTI]

    Hultman, Nathan E.

    PNNL-SA-33642 VULNERABILITY TO CLIMATE CHANGE A Quantitative Approach R. H. Moss A. L. Brenkert E@ntis.fedworld.gov Online ordering: http://www.ntis.gov/ordering.htm #12;iii EXECUTIVE SUMMARY The PNNL Vulnerability

  17. Empirical Estimates and Observations of 0Day Vulnerabilities

    SciTech Connect (OSTI)

    Miles A. McQueen; Trevor A. McQueen; Wayne F. Boyer; May R. Chaffin

    2009-01-01T23:59:59.000Z

    We define a 0Day vulnerability to be any vulnerability, in deployed software, that has been discovered by at least one person but has not yet been publicly announced or patched. These 0Day vulnerabilities are of particular interest when assessing the risk to a system from exploit of vulnerabilities which are not generally known to the public or, most importantly, to the owners of the system. Using the 0Day definition given above, we analyzed the 0Day lifespans of 491 vulnerabilities and conservatively estimated that in the worst year there were on average 2500 0Day vulnerabilities in existence on any given day. Then using a small but intriguing set of 15 0Day vulnerability lifespans representing the time from actual discovery to public disclosure, we made a more aggressive estimate. In this case, we estimated that in the worst year there were, on average, 4500 0Day vulnerabilities in existence on any given day.

  18. DECISION-MAKING AND THE VULNERABILITY OF INTERDEPENDENT CRITICAL

    E-Print Network [OSTI]

    Wang, Hai

    , telecommunications, water supply, wastewater, electric power and other energy infrastructure. Event databasesDECISION-MAKING AND THE VULNERABILITY OF INTERDEPENDENT CRITICAL INFRASTRUCTURE Zimmerman, R interdependencies, extreme events, vulnerability assessment 1 Introduction The provision of infrastructure services

  19. Cyber Vulnerability Disclosure Policies for the Department of Electrical and

    E-Print Network [OSTI]

    Manimaran, Govindarasu

    Cyber Vulnerability Disclosure Policies for the Smart Grid Adam Hahn Department of Electrical ATTRIBUTES The "Vulnerability Disclosure Framework" developed by the National Infrastructure Advisory Council Department of Electrical and Computer Engineering Iowa State University Ames, IA 50011 Email: gmani

  20. Vulnerability assessment of water supply systems for insufficient fire flows

    E-Print Network [OSTI]

    Kanta, Lufthansa Rahman

    2009-05-15T23:59:59.000Z

    supply systems are vulnerable to many forms of terrorist acts, most of the vulnerability analysis studies on these systems have been for chemical and biological threats. Because of the interdependency of water supply infrastructure and emergency fire...

  1. T-534: Vulnerability in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server

    Broader source: Energy.gov [DOE]

    BlackBerry advisory describes a security issue that the BlackBerry Attachment Service component of the BlackBerry Enterprise Server is susceptible to. The issue relates to a known vulnerability in the PDF distiller component of the BlackBerry Attachment Service that affects how the BlackBerry Attachment Service processes PDF files.

  2. Energy Vulnerability Assessment for the US Pacific Islands. Technical Appendix 2

    SciTech Connect (OSTI)

    Fesharaki, F.; Rizer, J.P.; Greer, L.S.

    1994-05-01T23:59:59.000Z

    The study, Energy Vulnerability Assessment of the US Pacific Islands, was mandated by the Congress of the United States as stated in House Resolution 776-220 of 1992, Section 1406. The resolution states that the US Secretary of Energy shall conduct a study of the implications of the unique vulnerabilities of the insular areas to an oil supply disruption. Such study shall outline how the insular areas shall gain access to vital oil supplies during times of national emergency. The resolution defines insular areas as the US Virgin Islands, Puerto Rico, Guam, American Samoa, the Commonwealth of the Northern Mariana Islands, and Palau. The US Virgin Islands and Puerto Rico are not included in this report. The US Department of Energy (USDOE) has broadened the scope of the study contained in the House Resolution to include emergency preparedness and response strategies which would reduce vulnerability to an oil supply disruption as well as steps to ameliorate adverse economic consequences. This includes a review of alternative energy technologies with respect to their potential for reducing dependence on imported petroleum. USDOE has outlined the four tasks of the energy vulnerability assessment as the following: (1) for each island, determine crude oil and refined product demand/supply, and characterize energy and economic infrastructure; (2) forecast global and regional oil trade flow patterns, energy demand/supply, and economic activities; (3) formulate oil supply disruption scenarios and ascertain the general and unique vulnerabilities of these islands to oil supply disruptions; and (4) outline emergency preparedness and response options to secure oil supplies in the short run, and reduce dependence on imported oil in the longer term.

  3. Best Practices for the Security of Radioactive Materials

    SciTech Connect (OSTI)

    Coulter, D.T.; Musolino, S.

    2009-05-01T23:59:59.000Z

    This work is funded under a grant provided by the US Department of Health and Human Services, Centers for Disease Control. The Department of Health and Mental Hygiene (DOHMH) awarded a contract to Brookhaven National Laboratory (BNL) to develop best practices guidance for Office of Radiological Health (ORH) licensees to increase on-site security to deter and prevent theft of radioactive materials (RAM). The purpose of this document is to describe best practices available to manage the security of radioactive materials in medical centers, hospitals, and research facilities. There are thousands of such facilities in the United States, and recent studies suggest that these materials may be vulnerable to theft or sabotage. Their malevolent use in a radiological-dispersion device (RDD), viz., a dirty bomb, can have severe environmental- and economic- impacts, the associated area denial, and potentially large cleanup costs, as well as other effects on the licensees and the public. These issues are important to all Nuclear Regulatory Commission and Agreement State licensees, and to the general public. This document outlines approaches for the licensees possessing these materials to undertake security audits to identify vulnerabilities in how these materials are stored or used, and to describe best practices to upgrade or enhance their security. Best practices can be described as the most efficient (least amount of effort/cost) and effective (best results) way of accomplishing a task and meeting an objective, based on repeatable procedures that have proven themselves over time for many people and circumstances. Best practices within the security industry include information security, personnel security, administrative security, and physical security. Each discipline within the security industry has its own 'best practices' that have evolved over time into common ones. With respect to radiological devices and radioactive-materials security, industry best practices encompass both physical security (hardware and engineering) and administrative procedures. Security regimes for these devices and materials typically use a defense-in-depth- or layered-security approach to eliminate single points of failure. The Department of Energy, the Department of Homeland Security, the Department of Defense, the American Society of Industrial Security (ASIS), the Security Industry Association (SIA) and Underwriters Laboratory (UL) all rovide design guidance and hardware specifications. With a graded approach, a physical-security specialist can tailor an integrated security-management system in the most appropriate cost-effective manner to meet the regulatory and non-regulatory requirements of the licensee or client.

  4. U-122 Google Chrome Two Code Execution Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to compromise a user's system.

  5. Taxation and Social Security

    E-Print Network [OSTI]

    Kaplow, Louis

    2006-01-01T23:59:59.000Z

    Re: Taxation and Social Security Attached is draft chapter11 TAXATION AND SOCIAL SECURITY A substantial fraction ofaspects of social security schemes in a setting in which

  6. Security and Elections

    E-Print Network [OSTI]

    Bishop, Matt; Peisert, Sean

    2012-01-01T23:59:59.000Z

    World Conf. Information Security Education, 2007, pp. 17–24;Security andElections IEEE Security & Privacy, 10(5):64–67, Sept. -

  7. CAMPUS SECURITY REPORT 2009

    E-Print Network [OSTI]

    CAMPUS SECURITY REPORT 2009 San Francisco State University University Police Department 1600 & Procedure Concerning Security, Access & Maintenance of Campus Facilities & Weapons Policies........................................................... 6 g. Safety & Security

  8. Safeguards Evaluation Method for evaluating vulnerability to insider threats

    SciTech Connect (OSTI)

    Al-Ayat, R.A.; Judd, B.R.; Renis, T.A.

    1986-01-01T23:59:59.000Z

    As protection of DOE facilities against outsiders increases to acceptable levels, attention is shifting toward achieving comparable protection against insiders. Since threats and protection measures for insiders are substantially different from those for outsiders, new perspectives and approaches are needed. One such approach is the Safeguards Evaluation Method. This method helps in assessing safeguards vulnerabilities to theft or diversion of special nuclear meterial (SNM) by insiders. The Safeguards Evaluation Method-Insider Threat is a simple model that can be used by safeguards and security planners to evaluate safeguards and proposed upgrades at their own facilities. The method is used to evaluate the effectiveness of safeguards in both timely detection (in time to prevent theft) and late detection (after-the-fact). The method considers the various types of potential insider adversaries working alone or in collusion with other insiders. The approach can be used for a wide variety of facilities with various quantities and forms of SNM. An Evaluation Workbook provides documentation of the baseline assessment; this simplifies subsequent on-site appraisals. Quantitative evaluation is facilitated by an accompanying computer program. The method significantly increases an evaluation team's on-site analytical capabilities, thereby producing a more thorough and accurate safeguards evaluation.

  9. Physical security and tamper-indicating devices

    SciTech Connect (OSTI)

    Johnston, R.G.; Garcia, A.R.E.

    1997-02-01T23:59:59.000Z

    Computer systems, electronic communications, digital data, and computer storage media are often highly vulnerable to physical tampering. Tamper-indicating devices, also called security seals, are widely used to detect physical tampering or unauthorized access. We studied 94 different security seals, both passive and electronic, developed either commercially or by the US government. Most of these seals are in wide-spread use, including for critical applications. We learned how to defeat all 94 seals using rapid, inexpensive, low-tech methods. Cost was not a good predictor of seal security. It appears to us that many of these seals can be dramatically improved with minor, low-cost modifications to either the seal or the use protocol.

  10. Tag: Security | Y-12 National Security Complex

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Security Tag: Security Displaying 1 - 6 of 6... Category: Security Sheltering in Place If you are advised to shelter-in-place by local news or our website, please follow these...

  11. Self-securing Ad Hoc Wireless Networks Haiyun Luo, Petros Zerfos, Jiejun Kong, Songwu Lu, Lixia Zhang

    E-Print Network [OSTI]

    Lu, Songwu

    evaluate the solution through simulation and implementation. 1. Introduction Mobile ad hoc networkingSelf-securing Ad Hoc Wireless Networks Haiyun Luo, Petros Zerfos, Jiejun Kong, Songwu Lu, Lixia wireless channel. However, the nature of ad hoc networks makes them vulner- able to security attacks

  12. Information Security

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2007-06-29T23:59:59.000Z

    Establishes security requirements for the protection and control of information and matter required to be classified or controlled by statutes, regulations, or Department of Energy directives. Section E, Technical Surveillance Countermeasures Program, is Official Use Only. Please contact the DOE Office of Health, Safety and Security at 301-903-0292 if your official duties require you to have access to this part of the directive. Cancels: DOE M 471.2-1B, DOE M 471.2-1C, DOE M 471.2-4, and DOE O 471.2A

  13. Information Security

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2005-08-26T23:59:59.000Z

    This Manual establishes security requirements for the protection and control of information and matter required to be classified or controlled by statutes, regulations, or Department of Energy directives. Attachment E, Technical Surveillance Countermeasures Program, is for Official Use Only. Contact the Office of Security and Safety Performance Assurance at 301-903-3653 if your official duties require you to have access to this part of the directive. Cancels: DOE M 471.2-1B, DOE M 471.2-1C, DOE M 471.2-4, and DOE O 471.2A.

  14. Security Rulemaking

    Office of Environmental Management (EM)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742 33Frequently AskedEnergy SmallImplementingSecurity SymposiumSecuring the Nation's509Department2

  15. SELECTING INFORMATION TECHNOLOGY SECURITY

    E-Print Network [OSTI]

    April 2004 SELECTING INFORMATION TECHNOLOGY SECURITY PRODUCTS Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Information technology security prod ucts are essential to better secure infor mation technology (IT) systems

  16. CS2SAT: THE CONTROL SYSTEMS CYBER SECURITY SELF-ASSESSMENT TOOL

    SciTech Connect (OSTI)

    Kathleen A. Lee

    2008-01-01T23:59:59.000Z

    The Department of Homeland Security National Cyber Security Division has developed the Control System Cyber Security Self-Assessment Tool (CS2SAT) that provides users with a systematic and repeatable approach for assessing the cyber-security posture of their industrial control system networks. The CS2SAT was developed by cyber security experts from Department of Energy National Laboratories and with assistance from the National Institute of Standards and Technology. The CS2SAT is a desktop software tool that guides users through a step-by-step process to collect facility-specific control system information and then makes appropriate recommendations for improving the system’s cyber-security posture. The CS2SAT provides recommendations from a database of industry available cyber-security practices, which have been adapted specifically for application to industry control system networks and components. Each recommendation is linked to a set of actions that can be applied to remediate-specific security vulnerabilities.

  17. National Nuclear Security Administration

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    FROM: SUBJECT: USIUK Memorandum of Understanding between National Nuclear Security Administration's (NNSA) Associate Administrator for Defense Nuclear Security (AADNS)...

  18. Data management for geospatial vulnerability assessment of interdependencies in US power generation

    SciTech Connect (OSTI)

    Shih, C.Y.; Scown, C.D.; Soibelman, L.; Matthews, H.S.; Garrett, J.H.; Dodrill, K.; McSurdy, S. [Carnegie Mellon University, Pittsburgh, PA (United States). Dept. of Civil & Environmental Engineering

    2009-09-15T23:59:59.000Z

    Critical infrastructures maintain our society's stability, security, and quality of life. These systems are also interdependent, which means that the disruption of one infrastructure system can significantly impact the operation of other systems. Because of the heavy reliance on electricity production, it is important to assess possible vulnerabilities. Determining the source of these vulnerabilities can provide insight for risk management and emergency response efforts. This research uses data warehousing and visualization techniques to explore the interdependencies between coal mines, rail transportation, and electric power plants. By merging geospatial and nonspatial data, we are able to model the potential impacts of a disruption to one or more mines, rail lines, or power plants, and visually display the results using a geographical information system. A scenario involving a severe earthquake in the New Madrid Seismic Zone is used to demonstrate the capabilities of the model when given input in the form of a potentially impacted area. This type of interactive analysis can help decision makers to understand the vulnerabilities of the coal distribution network and the potential impact it can have on electricity production.

  19. Personnel Security

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2011-07-27T23:59:59.000Z

    The order establishes requirements that will enable DOE to operate a successful, efficient, cost-effective personnel security program that will ensure accurate, timely and equitable determinations of individuals’ eligibility for access to classified information and Special Nuclear Material (SNM). Admin Chg 1, 10-8-13.

  20. Information Security

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2011-06-29T23:59:59.000Z

    This Order establishes requirements and responsibilities for Department of Energy (DOE) Departmental Elements, including the National Nuclear Security Administration (NNSA), to protect and control classified information as required by statutes, regulation, Executive Orders, government-wide policy directives and guidelines, and DOE policy and directives. Admin Chg 2, dated 5-15-15, cancels Admin Chg 1.

  1. Security Conditions

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2000-09-18T23:59:59.000Z

    To ensure that DOE uniformly meets the protection requirements specified in Presidential Decision Directive 39, "U.S. Policy on Counterterrorism (U)." Attachment 2 is no longer available online. Please e-mail your request for the Attachment to: Security.Directives@hq.doe.gov. DOE N 251.44, dated 05/06/02, extends this directive until 12/31/02.

  2. Information Security Advisory Information Security, Computing and Information Services

    E-Print Network [OSTI]

    Qiu, Weigang

    Information Security Advisory Information Security, Computing and Information Services security's IT Security Procedures require that non-public University information, including social security numbers and professional information in a secure and appropriate manner. #12;

  3. Social vulnerability indicators as a sustainable planning tool

    SciTech Connect (OSTI)

    Lee, Yung-Jaan, E-mail: yungjaanlee@gmail.com

    2014-01-15T23:59:59.000Z

    In the face of global warming and environmental change, the conventional strategy of resource centralization will not be able to cope with a future of increasingly extreme climate events and related disasters. It may even contribute to inter-regional disparities as a result of these events. To promote sustainable development, this study offers a case study of developmental planning in Chiayi, Taiwan and a review of the relevant literature to propose a framework of social vulnerability indicators at the township level. The proposed framework can not only be used to measure the social vulnerability of individual townships in Chiayi, but also be used to capture the spatial developmental of Chiayi. Seventeen social vulnerability indicators provide information in five dimensions. Owing to limited access to relevant data, the values of only 13 indicators were calculated. By simply summarizing indicators without using weightings and by using zero-mean normalization to standardize the indicators, this study calculates social vulnerability scores for each township. To make social vulnerability indicators more useful, this study performs an overlay analysis of social vulnerability and patterns of risk associated with national disasters. The social vulnerability analysis draws on secondary data for 2012 from Taiwan's National Geographic Information System. The second layer of analysis consists of the flood potential ratings of the Taiwan Water Resources Agency as an index of biophysical vulnerability. The third layer consists of township-level administrative boundaries. Analytical results reveal that four out of the 18 townships in Chiayi not only are vulnerable to large-scale flooding during serious flood events, but also have the highest degree of social vulnerability. Administrative boundaries, on which social vulnerability is based, do not correspond precisely to “cross-administrative boundaries,” which are characteristics of the natural environment. This study adopts an exploratory approach that provides Chiayi and other government agencies with a foundation for sustainable strategic planning for environmental change. The final section offers four suggestions concerning the implications of social vulnerability for local development planning. -- Highlights: • This study proposes a framework of social vulnerability indicators at the township level in Chiayi County, Taiwan. • Seventeen social vulnerability indicators are categorized into four dimensions. • This study performs a three-layer overlay analysis of social vulnerability and natural disaster risk patterns. • 4 out of the 18 townships not only have potential for large-scale flooding, but also high degree of social vulnerability. • This study provides a foundation for sustainable strategic planning to deal with environmental change. • Four suggestions are proposed regarding the implications of social vulnerability for local development planning.

  4. INSTITUTE FOR CYBER SECURITY Security Models

    E-Print Network [OSTI]

    Sandhu, Ravi

    INSTITUTE FOR CYBER SECURITY 1 Security Models: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University of Texas at San Antonio July 2010 ravi.sandhu@utsa.edu www.profsandhu.com © Ravi Sandhu #12;INSTITUTE FOR CYBER SECURITY 2 THE BIG

  5. INSTITUTE FOR CYBER SECURITY Security Models

    E-Print Network [OSTI]

    Sandhu, Ravi

    INSTITUTE FOR CYBER SECURITY 1 Security Models: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University of Texas at San Antonio July 2009 ravi.sandhu@utsa.edu www.profsandhu.com © Ravi Sandhu #12;INSTITUTE FOR CYBER SECURITY 2 THE BIG

  6. Security Procedures Caltech Campus Security Dispatch

    E-Print Network [OSTI]

    Goddard III, William A.

    Security Procedures Caltech Campus Security Dispatch: 5000 (from any Caltech phone) or (626) 395-5000 (from any phone) When emergencies arise, contact Caltech Campus Security MEDICAL If someone experiences a medical emergency: · Remain calm · Notify Campus Security Dispatch · Do NOT move victim EARTHQUAKE When

  7. Security rules versus Security properties Mathieu Jaume

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    Security rules versus Security properties Mathieu Jaume SPI ­ LIP6 ­ University Pierre & Marie components of security policies can be expressed, and we identify their role in the de- scription of a policy, of a system and of a secure system. In this setting, we formally describe two approaches to define policies

  8. Using Operational Security (OPSEC) to Support a Cyber Security...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Using Operational Security (OPSEC) to Support a Cyber Security Culture in Control Systems Environments Using Operational Security (OPSEC) to Support a Cyber Security Culture in...

  9. Security seal

    DOE Patents [OSTI]

    Gobeli, Garth W. (Albuquerque, NM)

    1985-01-01T23:59:59.000Z

    Security for a package or verifying seal in plastic material is provided by a print seal with unique thermally produced imprints in the plastic. If tampering is attempted, the material is irreparably damaged and thus detectable. The pattern of the imprints, similar to "fingerprints" are recorded as a positive identification for the seal, and corresponding recordings made to allow comparison. The integrity of the seal is proved by the comparison of imprint identification records made by laser beam projection.

  10. V-203: HP LoadRunner Multiple Bugs Let Remote Users Deny Service...

    Broader source: Energy.gov (indexed) [DOE]

    execute arbitrary code on the target system. A remote user can cause denial of service conditions. PLATFORM: HP LoadRunner prior to 11.52 ABSTRACT: Multiple vulnerabilities were...

  11. Sandia Energy - Installation Energy Security

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Installation Energy Security Home Stationary Power Grid Modernization Resilient Electric Infrastructures Military Installation Energy Security Installation Energy SecurityTara...

  12. Evaluating operating system vulnerability to memory errors.

    SciTech Connect (OSTI)

    Ferreira, Kurt Brian; Bridges, Patrick G. (University of New Mexico); Pedretti, Kevin Thomas Tauke; Mueller, Frank (North Carolina State University); Fiala, David (North Carolina State University); Brightwell, Ronald Brian

    2012-05-01T23:59:59.000Z

    Reliability is of great concern to the scalability of extreme-scale systems. Of particular concern are soft errors in main memory, which are a leading cause of failures on current systems and are predicted to be the leading cause on future systems. While great effort has gone into designing algorithms and applications that can continue to make progress in the presence of these errors without restarting, the most critical software running on a node, the operating system (OS), is currently left relatively unprotected. OS resiliency is of particular importance because, though this software typically represents a small footprint of a compute node's physical memory, recent studies show more memory errors in this region of memory than the remainder of the system. In this paper, we investigate the soft error vulnerability of two operating systems used in current and future high-performance computing systems: Kitten, the lightweight kernel developed at Sandia National Laboratories, and CLE, a high-performance Linux-based operating system developed by Cray. For each of these platforms, we outline major structures and subsystems that are vulnerable to soft errors and describe methods that could be used to reconstruct damaged state. Our results show the Kitten lightweight operating system may be an easier target to harden against memory errors due to its smaller memory footprint, largely deterministic state, and simpler system structure.

  13. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    sysTems vulnerability identification, dEfense and Restoration (Smart Grid Project) (Germany) Jump to: navigation, search Project Name AFTER A Framework for electrical power...

  14. Antioch University and EPA Webinar: Assessing Vulnerability of...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Webinar: Assessing Vulnerability of Water Conveyance Infrastructure from a Changing Climate in the Context of a Changing Landscape Antioch University and EPA Webinar: Assessing...

  15. areas vulnerabilities impacts: Topics by E-print Network

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    on residential electricity consumption for the nine San Francisco Bay Area counties 22 Seismic vulnerability analysis of moderate seismicity areas using in situ experimental...

  16. assessing infrastructure vulnerability: Topics by E-print Network

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Websites Summary: , by improving the seismic hazard evaluation using probabilistic seismic hazard assessment (PSHA) methodsSeismic vulnerability assessment to slight dam- age...

  17. Microsoft Word - MitigationsForVulnerabilitiesInCSNetworks.doc

    Broader source: Energy.gov (indexed) [DOE]

    DMZs, the corporate network, and the outside. In an on-site assessment, while scanning for vulnerabilities on the CS network, the assessment team discovered IP addresses...

  18. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    United Kingdom) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country United Kingdom...

  19. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration (Smart Grid Project) (Norway) Jump to: navigation, search Project Name AFTER A...

  20. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    Ireland) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Ireland Coordinates...

  1. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    Belgium) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Belgium Coordinates...

  2. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    Czech Republic) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Czech Republic...

  3. Mapping Climate Change Vulnerability and Impact Scenarios - A...

    Open Energy Info (EERE)

    Sub-national Planners Jump to: navigation, search Tool Summary LAUNCH TOOL Name: Mapping Climate Change Vulnerability and Impact Scenarios - A Guidebook for Sub-national Planners...

  4. Empirical Estimates of 0Day Vulnerabilities in Control Systems

    SciTech Connect (OSTI)

    Miles A. McQueen; Wayne F. Boyer; Sean M. McBride; Trevor A. McQueen

    2009-01-01T23:59:59.000Z

    We define a 0Day vulnerability to be any vulnerability, in deployed software, which has been discovered by at least one person but has not yet been publicly announced or patched. These 0Day vulnerabilities are of particular interest when assessing the risk to well managed control systems which have already effectively mitigated the publicly known vulnerabilities. In these well managed systems the risk contribution from 0Days will have proportionally increased. To aid understanding of how great a risk 0Days may pose to control systems, an estimate of how many are in existence is needed. Consequently, using the 0Day definition given above, we developed and applied a method for estimating how many 0Day vulnerabilities are in existence on any given day. The estimate is made by: empirically characterizing the distribution of the lifespans, measured in days, of 0Day vulnerabilities; determining the number of vulnerabilities publicly announced each day; and applying a novel method for estimating the number of 0Day vulnerabilities in existence on any given day using the number of vulnerabilities publicly announced each day and the previously derived distribution of 0Day lifespans. The method was first applied to a general set of software applications by analyzing the 0Day lifespans of 491 software vulnerabilities and using the daily rate of vulnerability announcements in the National Vulnerability Database. This led to a conservative estimate that in the worst year there were, on average, 2500 0Day software related vulnerabilities in existence on any given day. Using a smaller but intriguing set of 15 0Day software vulnerability lifespans representing the actual time from discovery to public disclosure, we then made a more aggressive estimate. In this case, we estimated that in the worst year there were, on average, 4500 0Day software vulnerabilities in existence on any given day. We then proceeded to identify the subset of software applications likely to be used in some control systems, analyzed the associated subset of vulnerabilities, and characterized their lifespans. Using the previously developed method of analysis, we very conservatively estimated 250 control system related 0Day vulnerabilities in existence on any given day. While reasonable, this first order estimate for control systems is probably far more conservative than those made for general software systems since the estimate did not include vulnerabilities unique to control system specific components. These control system specific vulnerabilities were unable to be included in the estimate for a variety of reasons with the most problematic being that the public announcement of unique control system vulnerabilities is very sparse. Consequently, with the intent to improve the above 0Day estimate for control systems, we first identified the additional, unique to control systems, vulnerability estimation constraints and then investigated new mechanisms which may be useful for estimating the number of unique 0Day software vulnerabilities found in control system components. We proceeded to identify a number of new mechanisms and approaches for estimating and incorporating control system specific vulnerabilities into an improved 0Day estimation method. These new mechanisms and approaches appear promising and will be more rigorously evaluated during the course of the next year.

  5. Cyber-Security Considerations for the Smart Grid

    SciTech Connect (OSTI)

    Clements, Samuel L.; Kirkham, Harold

    2010-07-26T23:59:59.000Z

    The electrical power grid is evolving into the “smart grid”. The goal of the smart grid is to improve efficiency and availability of power by adding more monitoring and control capabilities. These new technologies and mechanisms are certain to introduce vulnerabilities into the power grid. In this paper we provide an overview of the cyber security state of the electrical power grid. We highlight some of the vulnerabilities that already exist in the power grid including limited capacity systems, implicit trust and the lack of authentication. We also address challenges of complexity, scale, added capabilities and the move to multipurpose hardware and software as the power grid is upgraded. These changes create vulnerabilities that did not exist before and bring increased risks. We conclude the paper by showing that there are a number mitigation strategies that can help keep the risk at an acceptable level.

  6. IT Security IT Services

    E-Print Network [OSTI]

    · Firewall management · VPN Service · SSL certificates · Vulnerability scanning · Tripwire 4 #12;Incident area VPNs 8 #12;SSL Certificates · SSL Server certificates · Coming soon ­ Extended Validation 9 #12

  7. Security Perimeter

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645U.S. DOE Office of ScienceandMesa del Sol HomeFacebook TwitterSearch-Comments Sign InNuclear SecurityUnder Budget

  8. Safety, Security

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645U.S. DOE Office of Scienceand Requirements RecentlyElectronicResourcesjobsJuly throughR EMaterialsSafety, Security

  9. Computer Security

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOnItem NotEnergy,ARMForms AboutRESEARCHHydrosilylationComputer Security All JLF

  10. Evaluation of methodologies for estimating vulnerability to electromagnetic pulse effects. Final report 28 August 1982-30 April 1984

    SciTech Connect (OSTI)

    Not Available

    1984-01-01T23:59:59.000Z

    Estimation of vulnerability to high-altitude electromagnetic pulse (EMP) effects is essential for strategic and tactical decisions affecting national security. Both the design and the assessment of protection against EMP are inherently subject to uncertainty. The reason is that these processes must be conducted without exposure to actual EMP, in contrast to the situation for other forms of electrical overstress. Estimating vulnerability of systems to EMP effects depends greatly on the nature of the system. The soundest results can be obtained where stress within the system is controlled, through integral shielding and penetration-control devices, to well known values. In this case, one can rely on engineering analysis and systematic testing of a predominantly deterministic nature. Where control and knowledge of stress, as well as of strength, are not possible because of system design, complexity, or uncontrolled changes, probabilistic estimates become necessary. Statistical methods for estimating and combining uncertai

  11. INFRASTRUCTURE SECURITY & ENERGY

    E-Print Network [OSTI]

    Schrijver, Karel

    INFRASTRUCTURE SECURITY & ENERGY RESTORATION OFFICE of ELECTRICITY DELIVERY & ENERGY RELIABILITY Delivery and Energy Reliability #12;INFRASTRUCTURE SECURITY & ENERGY RESTORATION OFFICE of ELECTRICITY Federal agencies to support waivers and specific response legal authorities #12;INFRASTRUCTURE SECURITY

  12. CAMPUS SECURITY CARD REQUISITION

    E-Print Network [OSTI]

    CAMPUS SECURITY CARD REQUISITION DEPARTMENT LAST NAME GIVEN NAME(S) SFU ID NUMBER CARD NUMBER CAMPUS SECURITY OFFICE USE ONLY SERVICE CHARGE: ___________________________ DEPOSIT be reported or returned to Campus Security TC 050 (291-5448). CARDHOLDER SIGNATURE DATE: #12;

  13. Designing security into software

    E-Print Network [OSTI]

    Zhang, Chang Tony

    2006-01-01T23:59:59.000Z

    When people talk about software security, they usually refer to security applications such as antivirus software, firewalls and intrusion detection systems. There is little emphasis on the security in the software itself. ...

  14. Importance-Scanning Worm Using Vulnerable-Host Distribution

    E-Print Network [OSTI]

    Ji, Chuanyi

    Importance-Scanning Worm Using Vulnerable-Host Distribution Zesheng Chen School of Electrical scanning. The distribution of vulnerable hosts on the Internet, however, is highly non- uniform over the IP-address space. This implies that random scanning wastes many scans on invulnerable addresses, and more virulent

  15. T-616: PHP Stream Component Remote Denial of Service Vulnerability

    Broader source: Energy.gov [DOE]

    PHP is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain FTP requests. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Versions prior to PHP 5.3.6 are vulnerable.

  16. T-622: Adobe Acrobat and Reader Unspecified Memory Corruption Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is due to an unspecified error in the affected software when it processes .pdf files. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a malicious .pdf file. When viewed, the file could trigger a memory corruption error that could allow the attacker to execute arbitrary code on the system with the privileges of the user.

  17. Defense of Trust Management Vulnerabilities in Distributed Networks

    E-Print Network [OSTI]

    Sun, Yan Lindsay

    Defense of Trust Management Vulnerabilities in Distributed Networks Yan (Lindsay) Sun , Zhu Han into distributed networks, the vulnerabilities in trust establishment methods, and the defense mechanisms. Five networks inherently rely on cooper- ation among distributed entities. However, coopera- tion is fragile

  18. Threats to financial system security

    SciTech Connect (OSTI)

    McGovern, D.E.

    1997-06-01T23:59:59.000Z

    The financial system in the United States is slowly migrating from the bricks and mortar of banks on the city square to branch banks, ATM`s, and now direct linkage through computers to the home. Much work has been devoted to the security problems inherent in protecting property and people. The impact of attacks on the information aspects of the financial system has, however, received less attention. Awareness is raised through publicized events such as the junk bond fraud perpetrated by Milken or gross mismanagement in the failure of the Barings Bank through unsupervised trading activities by Leeson in Singapore. These events, although seemingly large (financial losses may be on the order of several billion dollars), are but small contributors to the estimated $114 billion loss to all types of financial fraud in 1993. Most of the losses can be traced to the contribution of many small attacks perpetrated against a variety of vulnerable components and systems. This paper explores the magnitude of these financial system losses and identifies new areas for security to be applied to high consequence events.

  19. Protection of Use Control Vulnerabilities and Designs

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1999-07-01T23:59:59.000Z

    This Manual establishes a general process and provides direction for controlling access and dissemination of Sigma 14 and 15 Weapon Data at the Department of Energy (DOE). It supplements DOE O 452.4, SECURITY AND CONTROL OF NUCLEAR EXPLOSIVES AND NUCLEAR WEAPONS, which establishes DOE requirements and responsibilities to prevent the deliberate unauthorized use of U.S. nuclear explosives and U.S. nuclear weapons. Canceled by DOE M 452.4-1A. Does not cancel other directives.

  20. Cyber Security | National Security | ORNL

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645U.S. DOEThe Bonneville Power Administration would likeConstitution4Customer-Comments Sign In About |Cyber SecurityCyber

  1. Personnel Security Activities

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2003-03-25T23:59:59.000Z

    Establishes objectives, requirements and responsibilities for the Personnel Security Program and Personnel Security Assurance Program. Cancels DOE O 472.1B

  2. Security & Privacy | EMSL

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Security & Privacy Security & Privacy Privacy Notice We collect no personal information about you without your knowledge when you visit this site, although you may choose to...

  3. Advancing Global Nuclear Security

    Broader source: Energy.gov [DOE]

    Today world leaders gathered at The Hague for the Nuclear Security Summit, a meeting to measure progress and take action to secure sensitive nuclear materials.

  4. Storms exploding off the surface of the sun can wreak havoc on technologies like satellites, phones, GPS, and electrical power grids. As society's dependence on these technologies grows, so does our vulnerability to changes on the Sun and in space.

    E-Print Network [OSTI]

    , GPS, and electrical power grids. As society's dependence on these technologies grows, so does our vulnerability to changes on the Sun and in space. For example, GPS is present in almost all aspects of our Office of Infrastructure Protection, Department of Homeland Security For admission to the CVC (note 11

  5. Security tasks are highly interdependent.

    E-Print Network [OSTI]

    Motivation Security tasks are highly interdependent. To improve security tools, we need to understand how security practitioners collaborate in their organizations. Security practitioners in context Exchange of Information Develop security tools that: · Integrate information from different communication

  6. Security Policies Dr. Ahmad Almulhem

    E-Print Network [OSTI]

    Almulhem, Ahmad

    Security Policies Dr. Ahmad Almulhem Computer Engineering Department, KFUPM Spring 2008 Ahmad Almulhem - Network Security Engineering - 2008 1 / 51 #12;Security Policies Types of Security Policies Trust Types of Access Control Summary Part I Overview Ahmad Almulhem - Network Security Engineering

  7. The theory of diversity and redundancy in information system security : LDRD final report.

    SciTech Connect (OSTI)

    Mayo, Jackson R. (Sandia National Laboratories, Livermore, CA) [Sandia National Laboratories, Livermore, CA; Torgerson, Mark Dolan; Walker, Andrea Mae; Armstrong, Robert C. (Sandia National Laboratories, Livermore, CA) [Sandia National Laboratories, Livermore, CA; Allan, Benjamin A. (Sandia National Laboratories, Livermore, CA) [Sandia National Laboratories, Livermore, CA; Pierson, Lyndon George

    2010-10-01T23:59:59.000Z

    The goal of this research was to explore first principles associated with mixing of diverse implementations in a redundant fashion to increase the security and/or reliability of information systems. Inspired by basic results in computer science on the undecidable behavior of programs and by previous work on fault tolerance in hardware and software, we have investigated the problem and solution space for addressing potentially unknown and unknowable vulnerabilities via ensembles of implementations. We have obtained theoretical results on the degree of security and reliability benefits from particular diverse system designs, and mapped promising approaches for generating and measuring diversity. We have also empirically studied some vulnerabilities in common implementations of the Linux operating system and demonstrated the potential for diversity to mitigate these vulnerabilities. Our results provide foundational insights for further research on diversity and redundancy approaches for information systems.

  8. Advanced Dynamic Encryption – A Security Enhancement Protocol for IEEE 802.11 and Hybrid Wireless Network 

    E-Print Network [OSTI]

    Yu, Peter Huan Pe

    2012-02-14T23:59:59.000Z

    secret key is vulnerable to cracking by capturing sufficient packets or launching a dictionary attack. In this research, a dynamic re-keying encryption protocol was developed to enhance the security protection for IEEE 802.11 and hybrid wireless network...

  9. A Learning-Based Approach to Reactive Security , Benjamin I. P. Rubinstein

    E-Print Network [OSTI]

    Rubinstein, Benjamin

    Ocer (CISO) to man- age the enterprise's information security risks. Typically, an enterprise has many insecure until every last vulnerability is plugged, CISOs typi- cally perform a cost-benet analysis to identify which risks to address, but what constitutes an eective CISO strategy? The conventional wisdom [28

  10. Analyzing the Security in the GSM Radio Network using Attack Jungles

    E-Print Network [OSTI]

    Abdulla, Parosh Aziz

    Analyzing the Security in the GSM Radio Network using Attack Jungles Parosh Aziz Abdulla1 introduce the concept of attack jungles, which is a formalism for systematic representation of the vulnerabilities of systems. An attack jungle is a graph representation of all ways in which an attacker

  11. U-157: Ruby Mail Gem Directory Traversal and Shell Command Injection Vulnerabilities

    Broader source: Energy.gov [DOE]

    Some vulnerabilities have been reported in the Mail gem for Ruby, which can be exploited by malicious people to manipulate certain data and compromise a vulnerable system.

  12. Secure Control Systems for the Energy Sector

    SciTech Connect (OSTI)

    Smith, Rhett; Campbell, Jack; Hadley, Mark

    2012-03-31T23:59:59.000Z

    Schweitzer Engineering Laboratories (SEL) will conduct the Hallmark Project to address the need to reduce the risk of energy disruptions because of cyber incidents on control systems. The goals is to develop solutions that can be both applied to existing control systems and designed into new control systems to add the security measures needed to mitigate energy network vulnerabilities. The scope of the Hallmark Project contains four primary elements: 1. Technology transfer of the Secure Supervisory Control and Data Acquisition (SCADA) Communications Protocol (SSCP) from Pacific Northwest National Laboratories (PNNL) to Schweitzer Engineering Laboratories (SEL). The project shall use this technology to develop a Federal Information Processing Standard (FIPS) 140-2 compliant original equipment manufacturer (OEM) module to be called a Cryptographic Daughter Card (CDC) with the ability to directly connect to any PC enabling that computer to securely communicate across serial to field devices. Validate the OEM capabilities with another vendor. 2. Development of a Link Authenticator Module (LAM) using the FIPS 140-2 validated Secure SCADA Communications Protocol (SSCP) CDC module with a central management software kit. 3. Validation of the CDC and Link Authenticator modules via laboratory and field tests. 4. Creation of documents that record the impact of the Link Authenticator to the operators of control systems and on the control system itself. The information in the documents can assist others with technology deployment and maintenance.

  13. Protection of Use Control Vulnerabilities and Design

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2004-03-11T23:59:59.000Z

    This manual establishes a general process and provides direction for controlling access to and disseminating Sigma 14 and 15 nuclear weapon data (NWD) at the Department of Energy (DOE). It supplements DOE O 452.4A, Security and Control of Nuclear Explosives and Nuclear Weapons, dated 12-17-01, which establishes DOE requirements and responsibilities to prevent the deliberate unauthorized use of U.S. nuclear explosives and nuclear weapons. Cancels DOE M 452.4-1. Canceled by DOE O 452.7, 5-14-2010

  14. Personnel Security Manual

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1998-05-22T23:59:59.000Z

    This Manual provides detailed requirements and procedures to supplement DOE O 472.1B, Personnel Security Activities, which establishes the overall objectives, requirements, and responsibilities for implementation and operation of the Personnel Security Program and the Personnel Security Assurance Program in the Department of Energy (DOE). This Manual addresses only the Personnel Security Program.

  15. Personnel Security Program Manual

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2000-11-16T23:59:59.000Z

    provides detailed requirements and procedures to supplement DOE O 472.1B, PERSONNEL SECURITY ACTIVITIES, which establishes the overall objectives, requirements, and responsibilities for implementation and operation of the Personnel Security Program and the Personnel Security Assurance Program in the Department of Energy (DOE), including the National Nuclear Security Administration (NNSA). Cancels DOE M 472.1-1

  16. Office of Security Assistance

    Broader source: Energy.gov [DOE]

    The Office of Security Assistance manages the Technology Deployment Program to improve the security posture of the Department of Energy and the protection of its assets and facilities through the deployment of new safeguards and security technologies and development of advanced technologies that reduce operating costs, save protective force lives, and improve security effectiveness.

  17. Automated Vulnerability Detection for Compiled Smart Grid Software

    SciTech Connect (OSTI)

    Prowell, Stacy J [ORNL; Pleszkoch, Mark G [ORNL; Sayre, Kirk D [ORNL; Linger, Richard C [ORNL

    2012-01-01T23:59:59.000Z

    While testing performed with proper experimental controls can provide scientifically quantifiable evidence that software does not contain unintentional vulnerabilities (bugs), it is insufficient to show that intentional vulnerabilities exist, and impractical to certify devices for the expected long lifetimes of use. For both of these needs, rigorous analysis of the software itself is essential. Automated software behavior computation applies rigorous static software analysis methods based on function extraction (FX) to compiled software to detect vulnerabilities, intentional or unintentional, and to verify critical functionality. This analysis is based on the compiled firmware, takes into account machine precision, and does not rely on heuristics or approximations early in the analysis.

  18. Climate Change Vulnerability and Resilience: Current Status and Trends for Mexico

    SciTech Connect (OSTI)

    Ibarraran , Maria E.; Malone, Elizabeth L.; Brenkert, Antoinette L.

    2008-12-30T23:59:59.000Z

    Climate change alters different localities on the planet in different ways. The impact on each region depends mainly on the degree of vulnerability that natural ecosystems and human-made infrastructure have to changes in climate and extreme meteorological events, as well as on the coping and adaptation capacity towards new environmental conditions. This study assesses the current resilience of Mexico and Mexican states to such changes, as well as how this resilience will look in the future. In recent studies (Moss et al. 2000, Brenkert and Malone 2005, Malone and Brenket 2008, Ibarrarán et al. 2007), the Vulnerability-Resilience Indicators Model (VRIM) is used to integrate a set of proxy variables that determine the resilience of a region to climate change. Resilience, or the ability of a region to respond to climate variations and natural events that result from climate change, is given by its adaptation and coping capacity and its sensitivity. On the one hand, the sensitivity of a region to climate change is assessed, emphasizing its infrastructure, food security, water resources, and the health of the population and regional ecosystems. On the other hand, coping and adaptation capacity is based on the availability of human resources, economic capacity and environmental capacity.

  19. Optimization strategies for the vulnerability analysis of the electric power grid.

    SciTech Connect (OSTI)

    Meza, Juan C. (Lawrence Berkeley National Laboratory); Pinar, Ali; Lesieutre, Bernard (Lawrence Berkeley National Laboratory); Donde, Vaibhav (ABB Inc., Raleigh NC)

    2009-03-01T23:59:59.000Z

    Identifying small groups of lines, whose removal would cause a severe blackout, is critical for the secure operation of the electric power grid. We show how power grid vulnerability analysis can be studied as a mixed integer nonlinear programming (minlp) problem. Our analysis reveals a special structure in the formulation that can be exploited to avoid nonlinearity and approximate the original problem as a pure combinatorial problem. The key new observation behind our analysis is the correspondence between the Jacobian matrix (a representation of the feasibility boundary of the equations that describe the flow of power in the network) and the Laplacian matrix in spectral graph theory (a representation of the graph of the power grid). The reduced combinatorial problem is known as the network inhibition problem, for which we present a mixed integer linear programming formulation. Our experiments on benchmark power grids show that the reduced combinatorial model provides an accurate approximation, to enable vulnerability analyses of real-sized problems with more than 10,000 power lines.

  20. Optimization Strategies for the Vulnerability Analysis of the Electric Power Grid

    SciTech Connect (OSTI)

    Pinar, A.; Meza, J.; Donde, V.; Lesieutre, B.

    2007-11-13T23:59:59.000Z

    Identifying small groups of lines, whose removal would cause a severe blackout, is critical for the secure operation of the electric power grid. We show how power grid vulnerability analysis can be studied as a mixed integer nonlinear programming (MINLP) problem. Our analysis reveals a special structure in the formulation that can be exploited to avoid nonlinearity and approximate the original problem as a pure combinatorial problem. The key new observation behind our analysis is the correspondence between the Jacobian matrix (a representation of the feasibility boundary of the equations that describe the flow of power in the network) and the Laplacian matrix in spectral graph theory (a representation of the graph of the power grid). The reduced combinatorial problem is known as the network inhibition problem, for which we present a mixed integer linear programming formulation. Our experiments on benchmark power grids show that the reduced combinatorial model provides an accurate approximation, to enable vulnerability analyses of real-sized problems with more than 10,000 power lines.

  1. Multiple-Objective Metric for Placing Multiple Base Stations in Wireless Sensor Networks

    E-Print Network [OSTI]

    Liblit, Ben

    positioning in sensor networks based on directional antennas [6], but it addresses secure positioningMultiple-Objective Metric for Placing Multiple Base Stations in Wireless Sensor Networks Soo Kim in wireless sensor networks. First, the ratio of sensor nodes which can communicate with a base station via

  2. The Data and Application Security and Privacy (DASPY) Challenge

    E-Print Network [OSTI]

    Sandhu, Ravi

    Computer security Information security = Computer security + Communications security Information Computer security Information security = Computer security + Communications security Information Cyber security (defensive) goals have evolved Computer security Information security = Computer

  3. MasteringWeb Services Security MasteringWeb Services Security

    E-Print Network [OSTI]

    Preview of MasteringWeb Services Security Preview of MasteringWeb Services Security Konstantin introduction Highlights of the book Web Services security problem XML Security WS-Security Security mechanisms for ASP.NET Web Services Planning and building secure Web Service systems ­ Architectural and policy

  4. LAVA (Los Alamos Vulnerability and Risk Assessment Methodology): A conceptual framework for automated risk analysis

    SciTech Connect (OSTI)

    Smith, S.T.; Lim, J.J.; Phillips, J.R.; Tisinger, R.M.; Brown, D.C.; FitzGerald, P.D.

    1986-01-01T23:59:59.000Z

    At Los Alamos National Laboratory, we have developed an original methodology for performing risk analyses on subject systems characterized by a general set of asset categories, a general spectrum of threats, a definable system-specific set of safeguards protecting the assets from the threats, and a general set of outcomes resulting from threats exploiting weaknesses in the safeguards system. The Los Alamos Vulnerability and Risk Assessment Methodology (LAVA) models complex systems having large amounts of ''soft'' information about both the system itself and occurrences related to the system. Its structure lends itself well to automation on a portable computer, making it possible to analyze numerous similar but geographically separated installations consistently and in as much depth as the subject system warrants. LAVA is based on hierarchical systems theory, event trees, fuzzy sets, natural-language processing, decision theory, and utility theory. LAVA's framework is a hierarchical set of fuzzy event trees that relate the results of several embedded (or sub-) analyses: a vulnerability assessment providing information about the presence and efficacy of system safeguards, a threat analysis providing information about static (background) and dynamic (changing) threat components coupled with an analysis of asset ''attractiveness'' to the dynamic threat, and a consequence analysis providing information about the outcome spectrum's severity measures and impact values. By using LAVA, we have modeled our widely used computer security application as well as LAVA/CS systems for physical protection, transborder data flow, contract awards, and property management. It is presently being applied for modeling risk management in embedded systems, survivability systems, and weapons systems security. LAVA is especially effective in modeling subject systems that include a large human component.

  5. Nemesis: Preventing Authentication & Access Control Vulnerabilities in Web Applications

    E-Print Network [OSTI]

    Sabatini, David M.

    Nemesis: Preventing Authentication & Access Control Vulnerabilities in Web Applications Michael web applications. Authentication attacks occur when a web application authenticates users unsafely, granting access to web clients that lack the ap- propriate credentials. Access control attacks occur when

  6. Vulnerability and social risk management in India and Mexico

    E-Print Network [OSTI]

    Flores Ballesteros, Luis

    2008-01-01T23:59:59.000Z

    The development of effective community, regional and national risk-management strategies, especially for systemic risks, such as natural disasters, entails understanding the determinants of social vulnerability in individuals ...

  7. Assessing the vulnerability of the fiber infrastructure to disasters

    E-Print Network [OSTI]

    Neumayer, Sebastian James

    Communication networks are vulnerable to natural disasters, such as earthquakes or floods, as well as to physical attacks, such as an Electromagnetic Pulse (EMP) attack. Such real- world events happen in specific geographical ...

  8. T-625: Opera Frameset Handling Memory Corruption Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to an error when handling certain frameset constructs during page unloading and can be exploited to corrupt memory via a specially crafted web page.

  9. Researchers Develop Tool to Assess Supernetwork Efficiency and Vulnerability

    E-Print Network [OSTI]

    Nagurney, Anna

    , electrical power supply chains and telecommunications networks. University of Massachusetts Amherst components like roads, electrical power stations or transmission lines are destroyed and captures how usersResearchers Develop Tool to Assess Supernetwork Efficiency and Vulnerability Natural disasters

  10. Fragile Networks: Identifying Vulnerabilities and Synergies in an Uncertain Age

    E-Print Network [OSTI]

    Nagurney, Anna

    , electric power, smart grid, critical infrastructure, emergency and disaster pre- paredness, mergers for the determination of network vulnerability and robustness, since critical infrastructure networks from transportation, telecommunications, supply chains, to financial and electric power ones, provide the ties

  11. Ethical Issues in Research with "Vulnerable" and "HardtoReach"

    E-Print Network [OSTI]

    Illinois at Chicago, University of

    are interdependentinterdependent · One can be vulnerable w/o being harmed or d ( d i )wronged (and vice versa) #12;2 Ways women (Subpart B) ADDITIONAL SAFEGUARDS? · handicapped persons · Prisoners (Subpart C) · Children

  12. Assessing node risk and vulnerability in epidemics on networks

    E-Print Network [OSTI]

    Rogers, Tim

    2015-01-01T23:59:59.000Z

    Which nodes are most vulnerable to an epidemic spreading through a network, and which carry the highest risk of causing a major outbreak if they are the source of the infection? Here we show how these questions can be answered to good approximation using the cavity method. Several curious properties of node vulnerability and risk are explored: some nodes are more vulnerable than others to weaker infections, yet less vulnerable to stronger ones; a node is always more likely to be caught in an outbreak than it is to start one, except when the disease has a deterministic lifetime; the rank order of node risk depends on the details of the distribution of infectious periods.

  13. Sandia Energy - Security Risk Assessment

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Security Risk Assessment Home Climate & Earth Systems WaterEnergy Nexus Water Monitoring & Treatment Technology Security Risk Assessment Security Risk Assessmentcwdd2015-05-04T21:...

  14. Sandia National Laboratories: Climate Security

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    MonitoringClimate Security Climate Security Climate Security Global reductions in greenhouse gases will eventually be motivated by an international climate treaty and will entail...

  15. SECURITY ASSESSMENTS: TOOLS FOR MEASURING THE EFFECTIVENESS OF SECURITY CONTROLS

    E-Print Network [OSTI]

    SECURITY ASSESSMENTS: TOOLS FOR MEASURING THE EFFECTIVENESS OF SECURITY CONTROLS Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute of Standards and Technology The selection and implementation of security controls are critical decisions for protecting

  16. Campus Security Report 1 Campus seCurity

    E-Print Network [OSTI]

    Wilmers, Chris

    Campus Security Report 1 Campus seCurity and Fire saFety report UC Santa Cruz 2010 #12;Campus Security Report 2 UC Santa Cruz Geography ........................................................ 8 Security and Access to Campus Buildings and Grounds ........................................ 8

  17. Information Security for Libraries (1) INFORMATION SECURITY FOR LIBRARIES

    E-Print Network [OSTI]

    Newby, Gregory B.

    Information Security for Libraries (1) INFORMATION SECURITY FOR LIBRARIES Gregory B. Newby School an active role in information security. INTRODUCTION By most accounts, the proliferation of the Internet of information security, making concrete recommendations for safeguarding information and information access

  18. Secure MISO Cognitive Radio System with Perfect and Imperfect CSI

    E-Print Network [OSTI]

    Wong, Vincent

    Secure MISO Cognitive Radio System with Perfect and Imperfect CSI Taesoo Kwon, Vincent W.S. Wong eavesdrop on the primary link. This paper explores multiple-input single-output (MISO) CR systems where a multiple- input single-output (MISO) beamforming algorithm for the secondary system. However, it only

  19. U-062: Pidgin SILC (Secure Internet Live Conferencing) Protocol Denial of Service Vulnerability

    Broader source: Energy.gov [DOE]

    An attacker can exploit these issues by constructing and submitting a specially crafted SILC message. Successful exploits will cause the affected application to crash.

  20. V-017: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA group current C3EDepartment of EnergyThe followingRemote Users Execute|

  1. U-117: Potential security vulnerability has been identified with certain HP

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23,EnergyChicopeeTechnologyfactTuscarora Phase

  2. A Busy Year Securing Vulnerable Nuclear Material and Making the World Safer

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742 33Frequently20,000 RussianBy:Whether you're a16-17, 2015 |7 Energy Literacy5.1 (March 2011)|

  3. V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742Energy China 2015of 2005UNSDepartmentFebruaryPhase|PotomacDepartment of Energy A

  4. Wide Area Security Region Final Report

    SciTech Connect (OSTI)

    Makarov, Yuri V.; Lu, Shuai; Guo, Xinxin; Gronquist, James; Du, Pengwei; Nguyen, Tony B.; Burns, J. W.

    2010-03-31T23:59:59.000Z

    This report develops innovative and efficient methodologies and practical procedures to determine the wide-area security region of a power system, which take into consideration all types of system constraints including thermal, voltage, voltage stability, transient and potentially oscillatory stability limits in the system. The approach expands the idea of transmission system nomograms to a multidimensional case, involving multiple system limits and parameters such as transmission path constraints, zonal generation or load, etc., considered concurrently. The security region boundary is represented using its piecewise approximation with the help of linear inequalities (so called hyperplanes) in a multi-dimensional space, consisting of system parameters that are critical for security analyses. The goal of this approximation is to find a minimum set of hyperplanes that describe the boundary with a given accuracy. Methodologies are also developed to use the security hyperplanes, pre-calculated offline, to determine system security margins in real-time system operations, to identify weak elements in the system, and to calculate key contributing factors and sensitivities to determine the best system controls in real time and to assist in developing remedial actions and transmission system enhancements offline . A prototype program that automates the simulation procedures used to build the set of security hyperplanes has also been developed. The program makes it convenient to update the set of security hyperplanes necessitated by changes in system configurations. A prototype operational tool that uses the security hyperplanes to assess security margins and to calculate optimal control directions in real time has been built to demonstrate the project success. Numerical simulations have been conducted using the full-size Western Electricity Coordinating Council (WECC) system model, and they clearly demonstrated the feasibility and the effectiveness of the developed technology. Recommendations for the future work have also been formulated.

  5. ANNUAL SECURITY FIRE SAFETY REPORT

    E-Print Network [OSTI]

    ANNUAL SECURITY AND FIRE SAFETY REPORT OCTOBER 1, 2013 DARTMOUTH COLLEGE http://www.dartmouth.edu/~security/ #12;1 Table of Contents MESSAGE FROM THE DIRECTOR OF SAFETY AND SECURITY................................................................................................................................................................... 7 ANNUAL SECURITY REPORT

  6. Climate Change and National Security

    E-Print Network [OSTI]

    Alyson, Fleming; Summer, Kelly; Summer, Martin; Lauren, Franck; Jonathan, Mark

    2015-01-01T23:59:59.000Z

    of climate change, energy security and economic stability.DoD is improving U.S. energy security and national security.www.greenpacks.org • Energy Security & Climate Change:

  7. Office of Information Security

    Broader source: Energy.gov [DOE]

    The Office of Information Security is responsible for implementation of the Classified Matter Protection and Control Program (CMPC), the Operations Security Program (OPSEC) and the Facility Clearance Program and the Survey Program for Headquarters

  8. Office of Security Policy

    Broader source: Energy.gov [DOE]

    The Office of Security Policy is the central source within the Department of Energy for the development and analysis of safeguards and security policies and standards affecting facilities, nuclear materials, personnel, and classified information.

  9. Information Security Group IY5512 Computer Security

    E-Print Network [OSTI]

    Mitchell, Chris

    for process that controls interactions between users and resources. · Access control system implements Information Security Group Agenda · Access control basics · ACLs and capabilities · Information flow policies· Information flow policies · Bell-LaPadula Model · Role-Based Access Control · Resources 3 Information Security

  10. Security system signal supervision

    SciTech Connect (OSTI)

    Chritton, M.R. (BE, Inc., Barnwell, SC (United States)); Matter, J.C. (Sandia National Labs., Albuquerque, NM (United States))

    1991-09-01T23:59:59.000Z

    This purpose of this NUREG is to present technical information that should be useful to NRC licensees for understanding and applying line supervision techniques to security communication links. A review of security communication links is followed by detailed discussions of link physical protection and DC/AC static supervision and dynamic supervision techniques. Material is also presented on security for atmospheric transmission and video line supervision. A glossary of security communication line supervision terms is appended. 16 figs.

  11. Personnel Security Program Manual

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2001-07-12T23:59:59.000Z

    This Manual provides detailed requirements and procedures to supplement DOE O 472.1B, Personnel Security Activities, which establishes the overall objectives, requirements, and responsibilities for implementation and operation of the Personnel Security Program and the Personnel Security Assurance Program in the Department of Energy (DOE), including the National Nuclear Security Administration (NNSA). Extended until 7-7-06 by DOE N 251.64, dated 7-7-05 Cancels: DOE M 472.1-1A.

  12. Towards an Experimental Testbed Facility for Cyber-Physical Security Research

    SciTech Connect (OSTI)

    Edgar, Thomas W.; Manz, David O.; Carroll, Thomas E.

    2012-01-07T23:59:59.000Z

    Cyber-Physical Systems (CPSs) are under great scrutiny due to large Smart Grid investments and recent high profile security vulnerabilities and attacks. Research into improved security technologies, communication models, and emergent behavior is necessary to protect these systems from sophisticated adversaries and new risks posed by the convergence of CPSs with IT equipment. However, cyber-physical security research is limited by the lack of access to universal cyber-physical testbed facilities that permit flexible, high-fidelity experiments. This paper presents a remotely-configurable and community-accessible testbed design that integrates elements from the virtual, simulated, and physical environments. Fusing data between the three environments enables the creation of realistic and scalable environments where new functionality and ideas can be exercised. This novel design will enable the research community to analyze and evaluate the security of current environments and design future, secure, cyber-physical technologies.

  13. Development of an Automated Security Risk Assessment Methodology Tool for Critical Infrastructures.

    SciTech Connect (OSTI)

    Jaeger, Calvin D.; Roehrig, Nathaniel S.; Torres, Teresa M.

    2008-12-01T23:59:59.000Z

    This document presents the security automated Risk Assessment Methodology (RAM) prototype tool developed by Sandia National Laboratories (SNL). This work leverages SNL's capabilities and skills in security risk analysis and the development of vulnerability assessment/risk assessment methodologies to develop an automated prototype security RAM tool for critical infrastructures (RAM-CITM). The prototype automated RAM tool provides a user-friendly, systematic, and comprehensive risk-based tool to assist CI sector and security professionals in assessing and managing security risk from malevolent threats. The current tool is structured on the basic RAM framework developed by SNL. It is envisioned that this prototype tool will be adapted to meet the requirements of different CI sectors and thereby provide additional capabilities.

  14. SECURITY AND FIRE SAFETY

    E-Print Network [OSTI]

    Barrash, Warren

    ANNUAL SECURITY AND FIRE SAFETY REPORT 2014 #12;2 Boise State University 2014 Annual Security and Fire Safety Report From the Vice President for Campus Operations and General Counsel At Boise State University, we are committed to providing a safe and secure environment for students, staff

  15. UNIVERSITY POLICE ANNUAL SECURITY

    E-Print Network [OSTI]

    Kulp, Mark

    UNIVERSITY POLICE 2013 ANNUAL SECURITY AND FIRE SAFETY GUIDE In compliance with the Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act The University of New Orleans. Please take a moment to read the following information. #12;ANNUAL SECURITY AND FIRE SAFETY GUIDE 2013

  16. Energy, Climate & Infrastructure Security

    E-Print Network [OSTI]

    Energy, Climate & Infrastructure Security EXCEPTIONAL SERVICE IN THE NATIONAL INTEREST Sandia Security Administration under contract DE-AC04-94AL85000. SAND 2012-1846P CustomTraining Sandia providesPRAsandhowtheycanbemanaged to increase levels of safety and security. Like othertrainings,Sandiaexpertsdesigncoursesto beasbroadorin

  17. Information Security Guide

    E-Print Network [OSTI]

    Information Security Guide For Government Executives Pauline Bowen Elizabeth Chew Joan Hash #12; Table of Contents Introduction 1 Why do I need to invest in information security? 2 Where do I need to focus my attention in accomplishing critical information security goals? 4 What are the key activities

  18. What is Security? A perspective on achieving security

    SciTech Connect (OSTI)

    Atencio, Julian J.

    2014-05-05T23:59:59.000Z

    This presentation provides a perspective on achieving security in an organization. It touches upon security as a mindset, ability to adhere to rules, cultivating awareness of the reason for a security mindset, the quality of a security program, willingness to admit fault or acknowledge failure, peer review in security, science as a model that can be applied to the security profession, the security vision, security partnering, staleness in the security program, security responsibilities, and achievement of success over time despite the impossibility of perfection.

  19. Multiple layer insulation cover

    DOE Patents [OSTI]

    Farrell, James J. (Livingston Manor, NY); Donohoe, Anthony J. (Ovid, NY)

    1981-11-03T23:59:59.000Z

    A multiple layer insulation cover for preventing heat loss in, for example, a greenhouse, is disclosed. The cover is comprised of spaced layers of thin foil covered fabric separated from each other by air spaces. The spacing is accomplished by the inflation of spaced air bladders which are integrally formed in the cover and to which the layers of the cover are secured. The bladders are inflated after the cover has been deployed in its intended use to separate the layers of the foil material. The sizes of the material layers are selected to compensate for sagging across the width of the cover so that the desired spacing is uniformly maintained when the cover has been deployed. The bladders are deflated as the cover is stored thereby expediting the storage process and reducing the amount of storage space required.

  20. Secure Transportation Management

    SciTech Connect (OSTI)

    Gibbs, P. W. [Brookhaven National Lab. (BNL), Upton, NY (United States)

    2014-10-15T23:59:59.000Z

    Secure Transport Management Course (STMC) course provides managers with information related to procedures and equipment used to successfully transport special nuclear material. This workshop outlines these procedures and reinforces the information presented with the aid of numerous practical examples. The course focuses on understanding the regulatory framework for secure transportation of special nuclear materials, identifying the insider and outsider threat(s) to secure transportation, organization of a secure transportation unit, management and supervision of secure transportation units, equipment and facilities required, training and qualification needed.

  1. Briefing Memo: Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities

    Broader source: Energy.gov [DOE]

    Quadrennial Energy Review Task Force Secretariat and Energy Policy and Systems Analysis Staff, U. S. Department of Energy Public Meeting on “Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities” On Friday, April 11, 2014, at 10 a.m. in room HVC-215 of the U.S. Capitol, the Department of Energy (DOE), acting as the Secretariat for the Quadrennial Energy Review Task Force, will hold a public meeting to discuss and receive comments on issues related to the Quadrennial Energy Review (QER). The meeting will focus on infrastructure vulnerabilities related to the electricity, natural gas and petroleum transmission, storage and distribution systems (TS&D). The meeting will consist of two facilitated panels of experts on identifying and addressing vulnerabilities within the nation’s energy TS&D infrastructure. Following the panels, an opportunity will be provided for public comment via an open microphone session.

  2. A new secure process for steganography: CI2 Stego-security and topological-security

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    A new secure process for steganography: CI2 Stego-security and topological-security Nicolas Friot1- formation hiding security fields. We show that the proposed scheme is stego-secure, which is the highest level of security in a well defined and studied category of attack called "watermark-only attack

  3. T-680:Samba SWAT 'user' Field Cross Site Scripting Vulnerability |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23, 2014,Zaleski -BlueprintThisVulnerabilities |VulnerabilityEnergyDepartment

  4. T-731:Symantec IM Manager Code Injection Vulnerability | Department of

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23, 2014,Zaleski -BlueprintThisVulnerabilitiesVulnerability

  5. Assessing environmental vulnerability in EIA-The content and context of the vulnerability concept in an alternative approach to standard EIA procedure

    SciTech Connect (OSTI)

    Kvaerner, Jens [Bioforsk-Norwegian Institute for Agricultural and Environmental Research, Soil and Environmental Division, Frederik A. Dahls vei 20, N-1432 As (Norway)]. E-mail: jens.kvarner@bioforsk.no; Swensen, Grete [NIKU, Norwegian Institute for Cultural Heritage Research, Storgata 2, P.O. Box 736, Sentrum, N-0105 Oslo (Norway)]. E-mail: grete.swensen@niku.no; Erikstad, Lars [NINA, Norwegian Institute for Nature Research, Dronningens gt. 13., P.O. Box 736, Sentrum, N-0105 Oslo (Norway)]. E-mail: lars.erikstad@nina.no

    2006-07-15T23:59:59.000Z

    In the traditional EIA procedure environmental vulnerability is only considered to a minor extent in the early stages when project alternatives are worked out. In Norway, an alternative approach to EIA, an integrated vulnerability model (IVM), emphasising environmental vulnerability and alternatives development in the early stages of EIA, has been tried out in a few pilot cases. This paper examines the content and use of the vulnerability concept in the IVM approach, and discusses the concept in an EIA context. The vulnerability concept is best suited to overview analyses and large scale spatial considerations. The concept is particularly useful in the early stages of EIA when alternatives are designed and screened. By introducing analyses of environmental vulnerability at the start of the EIA process, the environment can be a more decisive issue for the creation of project alternatives as well as improving the basis for scoping. Vulnerability and value aspects should be considered as separate dimensions. There is a need to operate with a specification between general and specific vulnerability. The concept of environmental vulnerability has proven useful in a wide range of disciplines. Different disciplines have different lengths of experience regarding vulnerability. In disciplines such as landscape planning and hydrogeology we find elements suitable as cornerstones in the further development of an interdisciplinary methodology. Further development of vulnerability criteria in different disciplines and increased public involvement in the early stages of EIA are recommended.

  6. Information SecurityInformation Security--Applications andApplications and

    E-Print Network [OSTI]

    Ahmed, Farid

    Information SecurityInformation Security-- Applications andApplications and Techniques about? InformationInformation SecuritySecurity Information SecurityInformation Security What?What? Why of Information SecuritySecurity Network SecurityNetwork Security PGP, SSL,PGP, SSL, IPsecIPsec Data Security

  7. Securing Internet Routing Securing Internet Routing

    E-Print Network [OSTI]

    Goldberg, Sharon

    Plane (Routing protocols): S h b d Secure BGP [Kent Lynn Seo 00] soBGP, IRV, SPV, pgBGP, psBGP, Listen Whisper etc · Set up paths between nodes [Kent Lynn Seo 00] Listen-Whisper, etc., Data Plane: · Given d Secure BGP [Kent Lynn Seo 00] soBGP, IRV, SPV, pgBGP, psBGP, Listen Whisper etc · Set up paths

  8. Multiple Critical Vulnerabilities in Blackboard due to persistent Cross Site Scripting and Authorization bugs

    E-Print Network [OSTI]

    Sekar, R.

    and Authorization bugs Tung Tran ­ tunghack@gmail.com Alireza Saberi - saberi.alireza@gmail.com The current version

  9. U-022: Apple QuickTime Multiple Vulnerabilities | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23,EnergyChicopeeTechnologyfactTuscarora Phase IIDOE O 484.1Department

  10. U-228: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23,EnergyChicopeeTechnologyfactTuscaroraDepartment ofDepartment of Energy

  11. U-186: IBM WebSphere Sensor Events Multiple Vulnerabilities | Department of

    Energy Savers [EERE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page onYou are now leaving Energy.gov You are now leaving Energy.gov You are being directed offOCHCO Overview OCHCOSystems Analysis Success| Department ofServicesPointsInjection1 -Energy

  12. V-041: Red Hat CloudForms Multiple Vulnerabilities | Department of Energy

    Energy Savers [EERE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page onYou are now leaving Energy.gov You are now leaving Energy.gov You are being directed offOCHCO Overview OCHCOSystems Analysis Success|SustainableDepartmentregulations.gov to1: Red Hat

  13. V-211: IBM iNotes Multiple Vulnerabilities | Department of Energy

    Energy Savers [EERE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page onYou are now leaving Energy.gov You are now leaving Energy.gov You are being directed offOCHCO Overview OCHCOSystems Analysis Success|SustainableDepartmentregulations.gov

  14. U-042: Mac RealPlayer Multiple Vulnerabilities | Department of Energy

    Office of Environmental Management (EM)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742 33Frequently AskedEnergyIssuesEnergyTransportation WorkDecemberInjury at FY 20113: Debian42: Mac

  15. U-146: Adobe Reader/Acrobat Multiple Vulnerabilities | Department of Energy

    Office of Environmental Management (EM)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742 33Frequently AskedEnergyIssuesEnergyTransportation WorkDecemberInjury at FY6: Adobe

  16. U-186: IBM WebSphere Sensor Events Multiple Vulnerabilities | Department of

    Office of Environmental Management (EM)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742 33Frequently AskedEnergyIssuesEnergyTransportation WorkDecemberInjury at FY6:Energy 86: IBM

  17. V-158: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742Energy China 2015of 2005UNSDepartmentFebruaryPhase|Potomac RiverWithDepartmentFixation

  18. V-041: Red Hat CloudForms Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels DataDepartment of Energy Your DensityEnergy U.S.-China Electric Vehicle and03/02 TUE 08:59Capability for PHEVs |

  19. V-191: Apple Mac OS X Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels DataDepartment of Energy Your DensityEnergy U.S.-China Electric Vehicle and03/02 TUE 08:59Capability for2:ofDepartment|Attacks |1: Apple

  20. Abstract--Distribution factors play a key role in many system security analysis and market applications. The injection shift

    E-Print Network [OSTI]

    for and the computationally efficient evaluation of LODFs under multiple- line outages. Index Terms--power transfer distribution factors, line outage distribution factors, multiple-line outages, system security. I. INTRODUCTION. Given the usefulness of LODFs in the study of security with many outaged lines, such as in blackouts

  1. SECURITY AND COMMUNICATION NETWORKS Security Comm. Networks (2013)

    E-Print Network [OSTI]

    2013-01-01T23:59:59.000Z

    SECURITY AND COMMUNICATION NETWORKS Security Comm. Networks (2013) Published online in Wiley Online Library (wileyonlinelibrary.com). DOI: 10.1002/sec.819 SPECIAL ISSUE PAPER Integrating security mechanisms, must be protected against security threats. Due to the security and also resource constraint concerns

  2. Using Security and Domain ontologies for Security Requirements Analysis

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    Using Security and Domain ontologies for Security Requirements Analysis Amina Souag, Camille.Mouratidis@uel.ac.uk Abstract-- Recent research has argued about the importance of considering security during Requirements that security being a multi-faceted problem, a single security ontology is not enough to guide SR Engineering

  3. Information Security Governance: When Compliance Becomes more Important than Security

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    Information Security Governance: When Compliance Becomes more Important than Security Terence Tan1 information security must adapt to changing conditions by extending security governance to middle management for implementing information security are more interested in complying with organizational standards and policies

  4. Information Security Advisory Information Security, Computing and Information Services

    E-Print Network [OSTI]

    Qiu, Weigang

    Information Security Advisory Information Security, Computing and Information Services security.cuny.edu Published: November 2014 Holiday Season Phishing Scams and Malware Campaigns CUNY/CIS Information Security.cuny.edu under "CUNY Issued Security Advisories" Visit the Federal Trade Commission's Consumer Information page

  5. INFORMATION SECURITY POLICY.doc INFORMATION SECURITY POLICY

    E-Print Network [OSTI]

    Subramanian, Sriram

    - 1 ­ INFORMATION SECURITY POLICY.doc INFORMATION SECURITY POLICY Ratified by RCA Senate, February 2007 Contents Introduction 2 Policy Statement 3 Information Security at RCA 5 Annexes A. Applicable ­ INFORMATION SECURITY POLICY.doc Introduction Why Information Security? The access, availability

  6. DO-IT-YOURSELF SCADA VULNERABILITY TESTING WITH LZFUZZ

    E-Print Network [OSTI]

    Smith, Sean W.

    Chapter 1 DO-IT-YOURSELF SCADA VULNERABILITY TESTING WITH LZFUZZ Rebecca Shapiro, Sergey Bratus, for SCADA software used in critical infrastructure, the widespread use of propri- etary protocols makes't apply in real-world infrastructure such as power SCADA. Domain experts often do not have the time

  7. Flooding of Industrial Facilities -Vulnerability Reduction in Practice

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    any improvement. As human activities historically developed in river areas and floodplains, industrial-use planning in flood-prone areas and vulnerability reduction in flood-prone facilities. This paper focuses of hazardous material, soil or water pollutions by hazardous substances for the environment, fires, explosions

  8. Pretty Good Piggy-backing Parsing vulnerabilities in PGP Desktop

    E-Print Network [OSTI]

    Verheul, Eric

    Guard (GPG). Despite the long established PGP open source policy these vulnerabilities were apparently find their basis in PGP, the most prominent being the GNU Privacy Guard or GPG. PGP was also. These specifications are adhered to by all `PGP' implementations most notably GPG and the PGP products developed by PGP

  9. Vulnerability of Hydropower Projects to Climate Change Revision: 20th

    E-Print Network [OSTI]

    Harrison, Gareth

    Vulnerability of Hydropower Projects to Climate Change Revision: 20th December 2001 Dr Gareth P and increased use of renewable sources including hydropower. Paradoxically, climate change itself may alter role in whether emissions cuts are achieved. 2. Climate Change and Hydropower A rising demand

  10. Cyber-Vulnerability of Power Grid Monitoring and Control Systems

    E-Print Network [OSTI]

    Manimaran, Govindarasu

    Cyber-Vulnerability of Power Grid Monitoring and Control Systems Chee-Wooi Ten Iowa State, and power infrastructures due to the complexity of required compliances [5]. Although the complex outages. Three modes of malicious attacks on the power infrastructure are (i) attack upon the system, (ii

  11. Vulnerability Analysis of Complex Networks from Transportation Networks to

    E-Print Network [OSTI]

    Nagurney, Anna

    and Electric Power Supply Chains Anna Nagurney John F. Smith Memorial Professor Department of Finance to Dynamic Networks · Where Are We Now? An Empirical Case Study to Real-World Electric Power Supply ChainsVulnerability Analysis of Complex Networks from Transportation Networks to the Internet

  12. Vulnerability analysis for complex networks using aggressive abstraction.

    SciTech Connect (OSTI)

    Colbaugh, Richard; Glass, Kristin L.

    2010-06-01T23:59:59.000Z

    Large, complex networks are ubiquitous in nature and society, and there is great interest in developing rigorous, scalable methods for identifying and characterizing their vulnerabilities. This paper presents an approach for analyzing the dynamics of complex networks in which the network of interest is first abstracted to a much simpler, but mathematically equivalent, representation, the required analysis is performed on the abstraction, and analytic conclusions are then mapped back to the original network and interpreted there. We begin by identifying a broad and important class of complex networks which admit vulnerability-preserving, finite state abstractions, and develop efficient algorithms for computing these abstractions. We then propose a vulnerability analysis methodology which combines these finite state abstractions with formal analytics from theoretical computer science to yield a comprehensive vulnerability analysis process for networks of realworld scale and complexity. The potential of the proposed approach is illustrated with a case study involving a realistic electric power grid model and also with brief discussions of biological and social network examples.

  13. Climate Change, Agriculture and Poverty Vulnerabilityand Poverty Vulnerability

    E-Print Network [OSTI]

    Climate Change, Agriculture and Poverty Vulnerabilityand Poverty Vulnerability Presentation by-Medium-High productivity ­ Implications for agricultural production, trade and poverty · The issue of climate volatility ­ Impact of extreme climate events on poverty #12;Climate Science Debate Detection: - Little doubt about

  14. A Game Theoretical Approach to Communication Security

    E-Print Network [OSTI]

    Gueye, Assane

    2011-01-01T23:59:59.000Z

    Information and communication systems’ securityTrust: An Element of Information Security,” in Security andInternational Journal of Information Security, vol. 4, pp.

  15. Public perspectives on nuclear security. US national security surveys, 1993--1997

    SciTech Connect (OSTI)

    Herron, K.G.; Jenkins-Smith, H.C. [Univ. of New Mexico, Albuquerque, NM (United States). UNM Inst. for Public Policy

    1998-08-01T23:59:59.000Z

    This is the third report in a series of studies to examine how US attitudes about nuclear security are evolving in the post-Cold War era and to identify trends in public perceptions and preferences relevant to the evolution of US nuclear security policy. It presents findings from three surveys: a nationwide telephone survey of randomly selected members of the US general public; a written survey of randomly selected members of American Men and Women of Science; and a written survey of randomly selected state legislators from all fifty US states. Key areas of investigation included nuclear security, cooperation between US and Russian scientists about nuclear issues, vulnerabilities of critical US infrastructures and responsibilities for their protection, and broad areas of US national science policy. While international and US national security were seen to be slowly improving, the primary nuclear threat to the US was perceived to have shifted from Russia to China. Support was found for nuclear arms control measures, including mutual reductions in stockpiles. However, respondents were pessimistic about eliminating nuclear armaments, and nuclear deterrence continued to be highly values. Participants favored decreasing funding f/or developing and testing new nuclear weapons, but supported increased investments in nuclear weapons infrastructure. Strong concerns were expressed about nuclear proliferation and the potential for nuclear terrorism. Support was evident for US scientific cooperation with Russia to strengthen security of Russian nuclear assets. Elite and general public perceptions of external and domestic nuclear weapons risks and external and domestic nuclear weapons benefits were statistically significantly related to nuclear weapons policy options and investment preferences. Demographic variables and individual belief systems were systematically related both to risk and benefit perceptions and to policy and spending preferences.

  16. INDUSTRIAL CONTROL SYSTEM CYBER SECURITY: QUESTIONS AND ANSWERS RELEVANT TO NUCLEAR FACILITIES, SAFEGUARDS AND SECURITY

    SciTech Connect (OSTI)

    Robert S. Anderson; Mark Schanfein; Trond Bjornard; Paul Moskowitz

    2011-07-01T23:59:59.000Z

    Typical questions surrounding industrial control system (ICS) cyber security always lead back to: What could a cyber attack do to my system(s) and; how much should I worry about it? These two leading questions represent only a fraction of questions asked when discussing cyber security as it applies to any program, company, business, or organization. The intent of this paper is to open a dialog of important pertinent questions and answers that managers of nuclear facilities engaged in nuclear facility security and safeguards should examine, i.e., what questions should be asked; and how do the answers affect an organization's ability to effectively safeguard and secure nuclear material. When a cyber intrusion is reported, what does that mean? Can an intrusion be detected or go un-noticed? Are nuclear security or safeguards systems potentially vulnerable? What about the digital systems employed in process monitoring, and international safeguards? Organizations expend considerable efforts to ensure that their facilities can maintain continuity of operations against physical threats. However, cyber threats particularly on ICSs may not be well known or understood, and often do not receive adequate attention. With the disclosure of the Stuxnet virus that has recently attacked nuclear infrastructure, many organizations have recognized the need for an urgent interest in cyber attacks and defenses against them. Several questions arise including discussions about the insider threat, adequate cyber protections, program readiness, encryption, and many more. These questions, among others, are discussed so as to raise the awareness and shed light on ways to protect nuclear facilities and materials against such attacks.

  17. T-605: Oracle Critical Patch Update Advisory- April 2011

    Broader source: Energy.gov [DOE]

    A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Critical Patch Updates are cumulative.

  18. T-537: Oracle Critical Patch Update Advisory- January 2011

    Broader source: Energy.gov [DOE]

    A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Critical Patch Updates are cumulative.

  19. Security incidents on the Internet, 1989--1995

    SciTech Connect (OSTI)

    Howard, J.D.

    1995-12-31T23:59:59.000Z

    This paper presents an analysis of trends in Internet security based on an investigation of 4,299 Internet security-related incidents reported to the CERT{reg_sign} Coordination Center (CERT{reg_sign}/CC) from 1989 through 1995. Prior to this research, knowledge of actual Internet security incidents was limited and primarily anecdotal. This research: (1) developed a taxonomy to classify Internet attacks and incidents, (2) organized, classified, and analyzed CERT{reg_sign}/CC incident records, (3) summarized the relative frequency of the use of tools and vulnerabilities, success in achieving access, and results of attacks, (4) estimated total Internet incident activity, (5) developed recommendations for Internet users and suppliers, and (6) developed recommendations for future research. With the exception of denial-of-service attacks, security incidents were found to be increasing at a rate less than Internet growth. Estimates showed that most, if not all, severe incidents were reported to the CERT{reg_sign}/CC, and that more than one out of three above average incidents (in terms of duration and number of sites) were reported. Estimates also indicated that a typical Internet site was involved in, at most, around one incident (of any kind) per year, and a typical Internet host in, at most, around one incident in 45 years. The probability of unauthorized privileged access was around an order of magnitude less likely. As a result, simple and reasonable security precautions should be sufficient for most Internet users.

  20. An assessment of fire vulnerability for aged electrical relays

    SciTech Connect (OSTI)

    Vigil, R.A. [Sandia National Labs., Albuquerque, NM (United States)]|[Science and Engineering Associates, Inc., Albuquerque, NM (United States); Nowlen, S.P. [Sandia National Labs., Albuquerque, NM (United States)

    1995-03-01T23:59:59.000Z

    There has been some concern that, as nuclear power plants age, protective measures taken to control and minimize the impact of fire may become ineffective, or significantly less effective, and hence result in an increased fire risk. One objective of the Fire Vulnerability of Aged Electrical Components Program is to assess the effects of aging and service wear on the fire vulnerability of electrical equipment. An increased fire vulnerability of components may lead to an overall increase in fire risk to the plant. Because of their widespread use in various electrical safety systems, electromechanical relays were chosen to be the initial components for evaluation. This test program assessed the impact of operational and thermal aging on the vulnerability of these relays to fire-induced damage. Only thermal effects of a fire were examined in this test program. The impact of smoke, corrosive materials, or fire suppression effects on relay performance were not addressed in this test program. The purpose of this test program was to assess whether the fire vulnerability of electrical relays increased with aging. The sequence followed for the test program was to: identify specific relay types, develop three fire scenarios, artificially age several relays, test the unaged and aged relays in the fire exposure scenarios, and compare the results. The relays tested were Agastat GPI, General Electric (GE) HMA, HGA, and HFA. At least two relays of each type were artificially aged and at least two relays of each type were new. Relays were operationally aged by cycling the relay under rated load for 2,000 operations. These relays were then thermally aged for 60 days with their coil energized.

  1. Enhance your Cyber Security Knowledge

    E-Print Network [OSTI]

    Enhance your Cyber Security Knowledge About NPS CS FUNDAMENTALS: Create a strong foundational by increasing the effectiveness of the armed forces of the United States and its allies. Cyber Security-4015 About CISR #12;Cyber Security Adversarial Techniques Cyber Security Defense Cyber Security Fundamentals

  2. Annual Security Report October 2013

    E-Print Network [OSTI]

    Goddard III, William A.

    1 Annual Security Report October 2013 Mission Statement The Campus Security and Parking Services Department ("Security") exists to provide a secure and welcoming research, educational, and work environment in which security concerns are balanced with freedom of movement in an open campus atmosphere while

  3. Dumb Ideas in Computer Security

    E-Print Network [OSTI]

    Dumb Ideas in Computer Security Dr Charles P Pfleeger Pfleeger Consulting Group 19 July 2011 chuck Security" (2005) http://www.ranum.com/security/computer_security/editorials/dumb/ Default permit Ideas in Computer Security 219 Jul 2011 #12;Struck a Nerve Results 1-10 of about 2,030,000 for dumb

  4. Security Division 2007 Annual Report

    E-Print Network [OSTI]

    Computer Security Division 2007 Annual Report #12;TAble of ConTenTS Welcome Division Organization The Computer Security Division Responds to the Federal Information Security Management Act of 2002 Security Information Technology 15 Security Testing and Metrics 17 Validation Programs and Laboratory Accreditation 17

  5. August 2003 IT SECURITY METRICS

    E-Print Network [OSTI]

    August 2003 IT SECURITY METRICS Elizabeth B. Lennon, Editor Information Technology Laboratory approach to measuring information security. Evaluating security at the sys tem level, IT security metrics and techniques contained in NIST SP 800-26, Security Self-Assessment Guide for Information Technology Systems

  6. A case study of social vulnerability mapping: issues of scale and aggregation

    E-Print Network [OSTI]

    Burns, Gabriel Ryan

    2009-05-15T23:59:59.000Z

    This study uses geographic information systems to determine if the aggregation of census block data are better than census block group data for analyzing social vulnerability. This was done by applying a social vulnerability method that used census...

  7. Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities

    E-Print Network [OSTI]

    Narasayya, Vivek

    programs by exploiting browser vulnerabilities are a serious emerging threat. In response, we have-management methodology to cybersecurity: instead of directly detecting the acts of vulnerability exploits, the system

  8. Secure Hop-by-Hop Aggregation of End-to-End Concealed Data in Wireless Sensor Networks

    E-Print Network [OSTI]

    Mlaih, Esam

    2008-01-01T23:59:59.000Z

    In-network data aggregation is an essential technique in mission critical wireless sensor networks (WSNs) for achieving effective transmission and hence better power conservation. Common security protocols for aggregated WSNs are either hop-by-hop or end-to-end, each of which has its own encryption schemes considering different security primitives. End-to-end encrypted data aggregation protocols introduce maximum data secrecy with in-efficient data aggregation and more vulnerability to active attacks, while hop-by-hop data aggregation protocols introduce maximum data integrity with efficient data aggregation and more vulnerability to passive attacks. In this paper, we propose a secure aggregation protocol for aggregated WSNs deployed in hostile environments in which dual attack modes are present. Our proposed protocol is a blend of flexible data aggregation as in hop-by-hop protocols and optimal data confidentiality as in end-to-end protocols. Our protocol introduces an efficient $O(1)$ heuristic for checking...

  9. Energy Security Initiatives Update

    Broader source: Energy.gov [DOE]

    Presentation—given at the Spring 2009 Federal Utility Partnership Working Group (FUPWG) meeting—lists Federal government energy security initiatives.

  10. TEC Information Security

    Broader source: Energy.gov (indexed) [DOE]

    External Coordination Working Group Information Security E. Ralph Smith, Manager Institutional Programs April 22, 2004 Albuquerque, NM WIPP * Open communications * Notifications *...

  11. Personnel Security Specialist

    Broader source: Energy.gov [DOE]

    The Office of the Associate Under Secretary for Environment, Health, Safety, and Security (AU) which provides corporate leadership and strategic approaches for protecting DOEs workers, the public,...

  12. NNSA orders security enhancements

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    badge or valid driver's license) before proceeding, and will be asked to vouch for other vehicle occupants. LOS ALAMOS, N. M., Dec. 21, 2012-The National Nuclear Security...

  13. Cyber Security Architecture Guidelines

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2001-03-08T23:59:59.000Z

    This Guide provides supplemental information on the implementation of cyber security architectures throughout the Department of Energy. Canceled by DOE N 205.18

  14. Hazardous Material Security (Maryland)

    Broader source: Energy.gov [DOE]

    All facilities processing, storing, managing, or transporting hazardous materials must be evaluated every five years for security issues. A report must be submitted to the Department of the...

  15. National Nuclear Security Administration

    Broader source: Energy.gov (indexed) [DOE]

    and Related Structures within TA-3 at Los Alamos National Laboratory, Los Alamos, New Mexico U. S. Department of Energy National Nuclear Security Administration Los Alamos Area...

  16. U-069: Telnet code execution vulnerability: FreeBSD and Kerberos

    Broader source: Energy.gov [DOE]

    Vulnerability was reported in FreeBSD Telnet. A remote user can execute arbitrary code on the target system.

  17. U-028: Microsoft Windows win32k.sys TrueType Font Parsing Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.

  18. Multiple piece turbine rotor blade

    DOE Patents [OSTI]

    Jones, Russell B; Fedock, John A

    2013-05-21T23:59:59.000Z

    A multiple piece turbine rotor blade with a shell having an airfoil shape and secured between a spar and a platform with the spar including a tip end piece. a snap ring fits around the spar and abuts against the spar tip end piece on a top side and abuts against a shell on the bottom side so that the centrifugal loads from the shell is passed through the snap ring and into the spar and not through a tip cap dovetail slot and projection structure.

  19. Office of Departmental Personnel Security

    Broader source: Energy.gov [DOE]

    The Office of Departmental Personnel Security serves as the central leader and advocate vested with the authority to ensure consistent and effective implementation of personnel security programs Department-wide (including for the National Nuclear Security Administration (NNSA).

  20. UC SECURITY FRAMEWORK 2011 -2012

    E-Print Network [OSTI]

    Hickman, Mark

    1 UC SECURITY FRAMEWORK 2011 - 2012 #12;2 Contents Background..................................................................................................................................4 About UC Security & Campus Community Support .................................................................5 Security Service Authority and Relationship with NZ Police and Emergency Services ...........5

  1. The security of machine learning

    E-Print Network [OSTI]

    Barreno, Marco; Nelson, Blaine; Joseph, Anthony D.; Tygar, J. D.

    2010-01-01T23:59:59.000Z

    of the IEEE symposium on security and privacy (pp. 188–201).and communications security (CCS) (pp. 59–68). Globerson,detection. In USENIX security symposium. Klimt, B. , & Yang,

  2. January 2005 INTEGRATING IT SECURITY

    E-Print Network [OSTI]

    January 2005 INTEGRATING IT SECURITY INTO THE CAPITAL PLANNING AND INVESTMENT CONTROL PROCESS By Joan S. Hash, Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology Introduction To assist federal agencies with effec tively integrating security

  3. Departmental Cyber Security Management Policy

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2001-05-08T23:59:59.000Z

    The Departmental Cyber Security Management (DCSM) Policy was developed to further clarify and support the elements of the Integrated Safeguards and Security Management (ISSM) Policy regarding cyber security. Certified 9-23-10. No cancellation.

  4. Too Hot To Handle: Climate Change, Geopolitics, and U.S. National Security in 2025

    E-Print Network [OSTI]

    Boggs, Jay W.; Chellinsky, Andrew; Ege, David; Hodges, Allen; Reynolds, Tripp; Williams, Adam

    2007-01-01T23:59:59.000Z

    of Mexico.10 The United States runs the risk of becoming increasingly exposed to hurricanes unless America diversifies the locations of its oil refineries or the fuel sources used by the transportation sector. Figure 6. Vulnerability... Security in 2025 15 Coast. Salt domes along the Gulf Coast were chosen as the natural storage sites for crude oil because of their proximity to the oil reserves, refineries, and distributions facilities that long have been established...

  5. Information Security Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1997-03-27T23:59:59.000Z

    Establishes an Information Security Program for the protection and control of classified and sensitive information. Extended until 5-11-06 by DOE N 251.63, dated 5-11-05. DOE O 471.2A, Information Security Program, dated 3/27/1997, extended by DOE N 251.57, dated 4/28/2004. Cancels: DOE O 471.2

  6. Incidents of Security Concern

    SciTech Connect (OSTI)

    Atencio, Julian J.

    2014-05-01T23:59:59.000Z

    This presentation addresses incidents of security concern and an incident program for addressing them. It addresses the phases of an inquiry, and it divides incidents into categories based on severity and interest types based on whether security, management, or procedural interests are involved. A few scenarios are then analyzed according to these breakdowns.

  7. Social Networking? Secure Networking?

    E-Print Network [OSTI]

    Chapman, Michael S.

    Social Networking? Secure Networking? Teaching & Learning Technology Roundtable February 2010 #12 ­ The intent behind the current security measures in place at OHSU ­ The OHSU Social Networking Guidelines 2. To begin a campus wide dialogue exploring the changing world of online social networking and it

  8. Information Security Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1992-10-19T23:59:59.000Z

    To establish the Department of Energy (DOE) Information Security Program and set forth policies, procedures and responsibilities for the protection and control of classified and sensitive information. The Information Security Program is a system of elements which serve to deter collection activities, This directive does not cancel another directive. Canceled by DOE O 471.2 of 9-28-1995.

  9. Safeguards and Security Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2010-12-29T23:59:59.000Z

    The Safeguards and Security Program ensures that the Department of Energy efficiently and effectively meets all its obligations to protect Special Nuclear Material, other nuclear materials, classified matter, sensitive information, government property, and the safety and security of employees, contractors, and the general public. Cancels DOE P 470.1.

  10. December 2007 SECURING EXTERNAL

    E-Print Network [OSTI]

    devices such as desktop and laptop computers, personal digital assistants (PDAs), and cell phones. These teleworkers use devices such as desktop and laptop computers, personal digital assistants (PDAs), and cellDecember 2007 SECURING EXTERNAL COMPUTERS AND OTHER DEVICES USED BY TELEWORKERS SECURING EXTERNAL

  11. Global Material Security | National Nuclear Security Administration

    National Nuclear Security Administration (NNSA)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA groupTuba City, Arizona,SiteNational Nuclear SecuritySecurity

  12. Development of a novel technique to assess the vulnerability of micro-mechanical system components to environmentally assisted cracking.

    SciTech Connect (OSTI)

    Enos, David George; Goods, Steven Howard

    2006-11-01T23:59:59.000Z

    Microelectromechanical systems (MEMS) will play an important functional role in future DOE weapon and Homeland Security applications. If these emerging technologies are to be applied successfully, it is imperative that the long-term degradation of the materials of construction be understood. Unlike electrical devices, MEMS devices have a mechanical aspect to their function. Some components (e.g., springs) will be subjected to stresses beyond whatever residual stresses exist from fabrication. These stresses, combined with possible abnormal exposure environments (e.g., humidity, contamination), introduce a vulnerability to environmentally assisted cracking (EAC). EAC is manifested as the nucleation and propagation of a stable crack at mechanical loads/stresses far below what would be expected based solely upon the materials mechanical properties. If not addressed, EAC can lead to sudden, catastrophic failure. Considering the materials of construction and the very small feature size, EAC represents a high-risk environmentally induced degradation mode for MEMS devices. Currently, the lack of applicable characterization techniques is preventing the needed vulnerability assessment. The objective of this work is to address this deficiency by developing techniques to detect and quantify EAC in MEMS materials and structures. Such techniques will allow real-time detection of crack initiation and propagation. The information gained will establish the appropriate combinations of environment (defining packaging requirements), local stress levels, and metallurgical factors (composition, grain size and orientation) that must be achieved to prevent EAC.

  13. Army Energy Security and Independence

    Broader source: Energy.gov (indexed) [DOE]

    ARMY ENERGY SECURITY AND INDEPENDENCE Leadership Ownership Partnership 19 NOV 2008 Don Juhasz, PE, CEM CHIEF ARMY ENERGY POLICY Army Energy Security - "The Way Ahead" 2 ARMY ENERGY...

  14. Headquarters Facilities Master Security Plan

    Office of Environmental Management (EM)

    It implements the requirements of: Title 32, CFR, Part 2001, Classified National Security Information Executive Order 13526, Classified National Security Information...

  15. Sandia Energy - Water Infrastructure Security

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Infrastructure Security Home Climate & Earth Systems WaterEnergy Nexus Decision Models for Integrating EnergyWater Water Infrastructure Security Water Infrastructure...

  16. Smart-Grid Security Issues

    SciTech Connect (OSTI)

    Khurana, Himanshu; Hadley, Mark D.; Lu, Ning; Frincke, Deborah A.

    2010-01-29T23:59:59.000Z

    TITLE: Smart-Grid Security Issues (Editorial Material, English) IEEE SECURITY & PRIVACY 8 (1). JAN-FEB 2010. p.81-85 IEEE COMPUTER SOC, LOS ALAMITOS

  17. International Nuclear Security

    SciTech Connect (OSTI)

    Doyle, James E. [Los Alamos National Laboratory

    2012-08-14T23:59:59.000Z

    This presentation discusses: (1) Definitions of international nuclear security; (2) What degree of security do we have now; (3) Limitations of a nuclear security strategy focused on national lock-downs of fissile materials and weapons; (4) What do current trends say about the future; and (5) How can nuclear security be strengthened? Nuclear security can be strengthened by: (1) More accurate baseline inventories; (2) Better physical protection, control and accounting; (3) Effective personnel reliability programs; (4) Minimize weapons-usable materials and consolidate to fewer locations; (5) Consider local threat environment when siting facilities; (6) Implement pledges made in the NSS process; and (7) More robust interdiction, emergency response and special operations capabilities. International cooperation is desirable, but not always possible.

  18. Probabilistic Vulnerability Assessment Based on Power Flow and Voltage Distribution

    SciTech Connect (OSTI)

    Ma, Jian; Huang, Zhenyu; Wong, Pak C.; Ferryman, Thomas A.

    2010-04-30T23:59:59.000Z

    Risk assessment of large scale power systems has been an important problem in power system reliability study. Probabilistic technique provides a powerful tool to solve the task. In this paper, we present the results of a study on probabilistic vulnerability assessment on WECC system. Cumulant based expansion method is applied to obtain the probabilistic distribution function (PDF) and cumulative distribution function (CDF) of power flows on transmission lines and voltage. Overall risk index based on the system vulnerability analysis is calculated using the WECC system. The simulation results based on WECC system is used to demonstrate the effectiveness of the method. The methodology can be applied to the risk analysis on large scale power systems.

  19. Development of an ASTM standard guide on performing vulnerability assessments for nuclear facilities

    SciTech Connect (OSTI)

    Wilkey, D.D.

    1995-09-01T23:59:59.000Z

    This paper describes an effort undertaken by subcommittee C26.12 (Safeguards) of the American Society for Testing and Materials (ASTM) to develop a standard guide for performing vulnerability assessments (VAs). VAs are performed to determine the effectiveness of safeguards and security systems for both domestic and international nuclear facilities. These assessments address a range of threats, including theft of nuclear material and sabotage, and use an array of methods. The approach to performing and documenting VAs is varied and is largely dependent upon the tools used to perform them. This diversity can lead to tools being misused, making validation of VAs more difficult. The development of a standard guide for performing VAs would, if generally accepted, alleviate these concerns. ASTM provides a forum for developing guides that includes a high level of peer review to assure that the result is acceptable to all potential users. Additionally, the ASTM is widely recognized for setting standards, and endorsement by the Society may increase the likelihood of acceptance by the nuclear community. The goal of this work is to develop a guide that is independent of the tools being used to perform the VA and applicable to the spectrum of threats described above.

  20. T-682:Double free vulnerability in MapServer

    Broader source: Energy.gov [DOE]

    MapServer developers have discovered flaws in the OGC filter support in MapServer. Specific code is used in support of WFS, WMS-SLD and SOS specifications. All versions may be susceptible to SQL injection under certain circumstances. The extent of the vulnerability depends on the MapServer version, relational database and mapfile configuration being used. All users are strongly encouraged to upgrade to these latest releases.

  1. T-613: Microsoft Excel Axis Properties Remote Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    Microsoft Excel is prone to a remote code-execution vulnerability because the applications fails to sufficiently validate user-supplied input. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

  2. Climate Change Vulnerability Assessment for Idaho National Laboratory

    SciTech Connect (OSTI)

    Christopher P. Ischay; Ernest L. Fossum; Polly C. Buotte; Jeffrey A. Hicke; Alexander Peterson

    2014-10-01T23:59:59.000Z

    The University of Idaho (UI) was asked to participate in the development of a climate change vulnerability assessment for Idaho National Laboratory (INL). This report describes the outcome of that assessment. The climate change happening now, due in large part to human activities, is expected to continue in the future. UI and INL used a common framework for assessing vulnerability that considers exposure (future climate change), sensitivity (system or component responses to climate), impact (exposure combined with sensitivity), and adaptive capacity (capability of INL to modify operations to minimize climate change impacts) to assess vulnerability. Analyses of climate change (exposure) revealed that warming that is ongoing at INL will continue in the coming decades, with increased warming in later decades and under scenarios of greater greenhouse gas emissions. Projections of precipitation are more uncertain, with multi model means exhibiting somewhat wetter conditions and more wet days per year. Additional impacts relevant to INL include estimates of more burned area and increased evaporation and transpiration, leading to reduced soil moisture and plant growth.

  3. Extracting Security Control Requirements University of Tulsa

    E-Print Network [OSTI]

    Gamble, R. F.

    , Requirements, Security Policy Modeling. 1. INTRODUCTION Networks and information systems have grown. Security has become a larger issue with the democratization of technology and information. Security accepted security controls for "Federal Information Systems and Organizations" [8]. NIST defines security

  4. Sandia National Laboratories: Cyber-Based Vulnerability Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Assessments Digital Instrument and Control (I&C) is an integral part of the nuclear power industry in the United States. I&C systems monitor the safe, reliable and secure...

  5. Analyses of power system vulnerability and total transfer capability

    E-Print Network [OSTI]

    Yu, Xingbin

    2006-04-12T23:59:59.000Z

    limits. Both steady state and dynamic security assessments are included in the process of obtaining total transfer capability. Particularly, the effect of FACTS (Flexible AC Transmission Systems) devices on TTC is examined. FACTS devices have been shown...

  6. INSTITUTE FOR CYBER SECURITY Application-Centric Security

    E-Print Network [OSTI]

    Sandhu, Ravi

    INSTITUTE FOR CYBER SECURITY Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security (ICS) University of Texas at San Antonio Executive Director and Endowed Chair Institute for Cyber Security (ICS) University of Texas at San Antonio

  7. March 24, 2008 Databases: Security 1 Database Security and Authorization

    E-Print Network [OSTI]

    Adam, Salah

    to control login process by the DBMS Inference control The countermeasures to statistical database security database #12;March 24, 2008 Databases: Security 3 Chapter Outline Introduction Access Control Methods Policy System-related Security levels and categories Security Threats Loss of integrity Loss

  8. Safety and Security What do Safety/Security work with?

    E-Print Network [OSTI]

    Safety and Security on campus #12;Agenda · What do Safety/Security work with? · If something happens · Opening hours · Remember · Website · How to find us #12;The Section for Safety and Security work with; · Security revolving work environment · Handle locks, keys, alarms, surveillance · Responsible

  9. Urban Commerce and Security Study Urban Commerce and Security Study

    E-Print Network [OSTI]

    Urban Commerce and Security Study Urban Commerce and Security Study Contact Information Fred S. Roberts Research Sponsor: Department of Homeland Security Rutgers University/CCICADA Center Professor.S. Department of Homeland Security, under Agreement 2009-ST-061-CCI002-02. Any opinions, findings

  10. SOCIAL SECURITY ADMINISTRATION Application for a Social Security Card

    E-Print Network [OSTI]

    Li, Mo

    SOCIAL SECURITY ADMINISTRATION Application for a Social Security Card Applying for a Social Security Card is easy AND it is FREE! If you DO NOT follow these instructions, we CANNOT process your and evidence to any Social Security office. Follow instructions below. HOW TO COMPLETE THE APPLICATION Most

  11. Wireless Security: Secure and Public Networks Villanova University

    E-Print Network [OSTI]

    36 Wireless Security: Secure and Public Networks Kory Kirk Villanova University Computer wireless access points. Security protocols exist for wireless networks; however, all widely implemented at implementing a protocol which allows public access to a secure wireless network have been made. In this report

  12. ITS Identity & Information Security Information Security Program Date 10-02-2013 Page 1

    E-Print Network [OSTI]

    Su, Xiao

    ITS Identity & Information Security Information Security Program Date 10-02-2013 Page 1 Information................................................................................................................................................................................3 Information Security Policy...............................................................................................................................................4 Information Security Policy Management

  13. Airport Viz - a 3D Tool to Enhance Security Operations

    SciTech Connect (OSTI)

    Koch, Daniel B [ORNL

    2006-01-01T23:59:59.000Z

    In the summer of 2000, the National Safe Skies Alliance (NSSA) awarded a project to the Applied Visualization Center (AVC) at the University of Tennessee, Knoxville (UTK) to develop a 3D computer tool to assist the Federal Aviation Administration security group, now the Transportation Security Administration (TSA), in evaluating new equipment and procedures to improve airport checkpoint security. A preliminary tool was demonstrated at the 2001 International Aviation Security Technology Symposium. Since then, the AVC went on to construct numerous detection equipment models as well as models of several airports. Airport Viz has been distributed by the NSSA to a number of airports around the country which are able to incorporate their own CAD models into the software due to its unique open architecture. It provides a checkpoint design and passenger flow simulation function, a layout design and simulation tool for checked baggage and cargo screening, and a means to assist in the vulnerability assessment of airport access points for pedestrians and vehicles.

  14. Cyber Security & Smart Grid

    E-Print Network [OSTI]

    Shapiro, J.

    2011-01-01T23:59:59.000Z

    of the impacts of long-term power shortages from the destruction of critical electric infrastructure. ? A Hitachi factory north of Tokyo that makes 60% of the world?s supply of airflow sensors was shut down. This caused General Motors to shut a plant... at The University of Texas at Dallas ? Next Generation Control Systems ? Trustworthy Cyber Infrastructure for the Power Grid ? Active Defense Systems ? System Vulnerability Assessments ? Grid Test Bed ? Integrated Risk Analysis ? Modeling and Simulation...

  15. SECURING RADIO FREQUENCY IDENTIFICATION (RFID)

    E-Print Network [OSTI]

    business process for an organization; as a result, the security risks for RFID systems and the controls for an organization; as a result, the security risks for RFID systems and the controls available to address themMay 2007 SECURING RADIO FREQUENCY IDENTIFICATION (RFID) SYSTEMS SECURING RADIO FREQUENCY

  16. UNCG Security Awareness Training & Instructions

    E-Print Network [OSTI]

    Saidak, Filip

    UNCG Security Awareness Training & Instructions 02.09.2010 Page 1 of 4 Educating UNCG faculty and staff with respect to security best practices is essential in securing the University's information University employee that works with restricted or financial data. UNCG engaged Fishnet Security, a nationally

  17. ANNUAL SECURITY & FIRE SAFETY REPORT

    E-Print Network [OSTI]

    Maxwell, Bruce D.

    ANNUAL SECURITY & FIRE SAFETY REPORT 2014 A guide to policies, procedures, practices, and programs implemented to keep students, faculty, and staff safe and facilities secure. www.montana.edu/reports/security.pdf #12;Inside this Report 2014 Annual Security and Fire Safety Report for Reporting Year 2013

  18. Operations Security Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1992-04-30T23:59:59.000Z

    To establish policies, responsibilities and authorities for implementing and sustaining the Department of Energy (DOE) Operations Security (OPSEC) Program. Cancels DOE O 5632.3B. Canceled by DOE O 471.2 of 9-28-1995.

  19. Safeguards and Security Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2007-05-25T23:59:59.000Z

    The Order establishes roles and responsibilities for the Department of Energy Safeguards and Security Program. Cancels DOE O 470.4. Canceled by DOE O 470.4B

  20. AMALGAMATED SECURITY COMMUNITIES

    E-Print Network [OSTI]

    Harvey, Andrew Stephen

    2011-08-31T23:59:59.000Z

    This dissertation examines the process of the formation and dissolution of Amalgamated Security Communities, a topic that has been ignored by the academic community except as a side note when the origins of Pluralistic ...

  1. Safeguards and Security Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1988-01-22T23:59:59.000Z

    To establish the policy and responsibilities for the Department of Energy safeguards and security program. Does not cancel another directive. Canceled by DOE O 5630.11A dated 12-7-92.

  2. National Nuclear Security Administration

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Nuclear Security Administration FY 2011 - FY 2015 Budget Outlook Managing the NNSA 4.0% Science, Technology & Engineering 14.5% Stockpile Support 17.9% Preventing the Spread of...

  3. Data port security lock

    DOE Patents [OSTI]

    Quinby, Joseph D. (Albuquerque, NM); Hall, Clarence S. (Albuquerque, NM)

    2008-06-24T23:59:59.000Z

    In a security apparatus for securing an electrical connector, a plug may be fitted for insertion into a connector receptacle compliant with a connector standard. The plug has at least one aperture adapted to engage at least one latch in the connector receptacle. An engagement member is adapted to partially extend through at least one aperture and lock to at least one structure within the connector receptacle.

  4. Engineering secure software 

    E-Print Network [OSTI]

    Jetly, Prateek

    2001-01-01T23:59:59.000Z

    breaches in the operating environment. Security breaches resulting from misuse or tnisconfiguration of the program should not be blamed on the software. T'his is a debatable position. A security breach that results from an unintentional enor... units with public key algorithms, private keys, and certificates. Any attempt to access or modify the data in these devices will render them unusable. The device contains software tools. These devices use the computer they reside on as a general...

  5. Incidents of Security Concern

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2004-03-17T23:59:59.000Z

    Sets forth requirements for the DOE Incidents of Security Concern Program, including timely identification and notification of, response to, inquiry into, reporting of, and closure actions for incidents of security concern. Cancels Chapter VII of DOE O 470.1; DOE N 471.3; and Chapter IV of DOE M 471.2-1B (Note: Paragraphs 1 and 2 of Chapter III remain in effect.) Canceled by DOE O 470.4.

  6. Vol 442|6 July 2006 Multiple introductions of H5N1 in Nigeria

    E-Print Network [OSTI]

    Cai, Long

    Vol 442|6 July 2006 37 Multiple introductions of H5N1 in Nigeria Phylogenetic analysis reveals- try farming industry is second only to oil production in Nigeria and is particularly vulnerable the two flight paths that link Nigeria with the south- ern Russian region and Europe, and with western

  7. Lemnos Interoperable Security Program

    SciTech Connect (OSTI)

    John Stewart; Ron Halbgewachs; Adrian Chavez; Rhett Smith; David Teumim

    2012-01-31T23:59:59.000Z

    The manner in which the control systems are being designed and operated in the energy sector is undergoing some of the most significant changes in history due to the evolution of technology and the increasing number of interconnections to other system. With these changes however come two significant challenges that the energy sector must face; 1) Cyber security is more important than ever before, and 2) Cyber security is more complicated than ever before. A key requirement in helping utilities and vendors alike in meeting these challenges is interoperability. While interoperability has been present in much of the discussions relating to technology utilized within the energy sector and especially the Smart Grid, it has been absent in the context of cyber security. The Lemnos project addresses these challenges by focusing on the interoperability of devices utilized within utility control systems which support critical cyber security functions. In theory, interoperability is possible with many of the cyber security solutions available to utilities today. The reality is that the effort required to achieve cyber security interoperability is often a barrier for utilities. For example, consider IPSec, a widely-used Internet Protocol to define Virtual Private Networks, or â?? tunnelsâ?ť, to communicate securely through untrusted public and private networks. The IPSec protocol suite has a significant number of configuration options and encryption parameters to choose from, which must be agreed upon and adopted by both parties establishing the tunnel. The exercise in getting software or devices from different vendors to interoperate is labor intensive and requires a significant amount of security expertise by the end user. Scale this effort to a significant number of devices operating over a large geographical area and the challenge becomes so overwhelming that it often leads utilities to pursue solutions from a single vendor. These single vendor solutions may inadvertently lock utilities into proprietary and closed systems Lemnos is built on the successes of Open PCS Security Architecture for Interoperable Design (OPSAID), a previous DOE National SCADA Test Bed (NSTB) project. It enhances security interoperability by identifying basic cyber security functions based on utility requirements and then selecting open source solutions, namely Internet Engineering Task Force (IETF) RFCs, to support these functions. Once identified, specific configuration parameters for each RFC suitable for the electric utility control system environment are identified and documented. These configuration parameters are referred to as Interoperable Configuration Profiles (ICP) and their effectiveness within the utility control systems environment is verified with comprehensive testing as the final step in the process. The project focused on development of ICPs for four security protocols (IPsec, SSH, LDAP, and Syslog) which represent fundamental building blocks which can be utilized for securing utility control systems. These ICPs are product agnostic and can be applied modularly to any device (router, substation gateway, intelligent electronic device, etc.) within the utility control system as the end user deems necessary for their unique system architecture. The Lemnos Interoperable Security Program is a public-private partnership under the U.S. Department of Energy (DOE) Office of Electricity Delivery and Energy Reliability's Cybersecurity for Energy Delivery Systems (CEDS) program and supports The Roadmap to Secure Energy Delivery Systems. In addition to EnerNex, the core team supporting the effort includes Tennessee Valley Authority, Sandia National Laboratories, and Schweitzer Engineering Laboratories. Adding to the core team effort is collaboration from additional industry participants in the project including the Electric Power Research Institute (EPRI), Alien Vault, Cisco, Encore Networks, GarrettCom, Industrial Defender, N-Dimension Solutions, Phoenix Contact, RuggedCom, and Siemens.

  8. National Center for Nuclear Security - NCNS

    SciTech Connect (OSTI)

    None

    2014-11-12T23:59:59.000Z

    As the United States embarks on a new era of nuclear arms control, the tools for treaty verification must be accurate and reliable, and must work at stand-off distances. The National Center for Nuclear Security, or NCNS, at the Nevada National Security Site, is poised to become the proving ground for these technologies. The center is a unique test bed for non-proliferation and arms control treaty verification technologies. The NNSS is an ideal location for these kinds of activities because of its multiple environments; its cadre of experienced nuclear personnel, and the artifacts of atmospheric and underground nuclear weapons explosions. The NCNS will provide future treaty negotiators with solid data on verification and inspection regimes and a realistic environment in which future treaty verification specialists can be trained. Work on warhead monitoring at the NCNS will also support future arms reduction treaties.

  9. National Center for Nuclear Security - NCNS

    ScienceCinema (OSTI)

    None

    2015-01-09T23:59:59.000Z

    As the United States embarks on a new era of nuclear arms control, the tools for treaty verification must be accurate and reliable, and must work at stand-off distances. The National Center for Nuclear Security, or NCNS, at the Nevada National Security Site, is poised to become the proving ground for these technologies. The center is a unique test bed for non-proliferation and arms control treaty verification technologies. The NNSS is an ideal location for these kinds of activities because of its multiple environments; its cadre of experienced nuclear personnel, and the artifacts of atmospheric and underground nuclear weapons explosions. The NCNS will provide future treaty negotiators with solid data on verification and inspection regimes and a realistic environment in which future treaty verification specialists can be trained. Work on warhead monitoring at the NCNS will also support future arms reduction treaties.

  10. Quantum Strongly Secure Ramp Secret Sharing

    E-Print Network [OSTI]

    Paul Zhang; Ryutaroh Matsumoto

    2014-08-08T23:59:59.000Z

    Quantum secret sharing is a scheme for encoding a quantum state (the secret) into multiple shares and distributing them among several participants. If a sufficient number of shares are put together, then the secret can be fully reconstructed. If an insufficient number of shares are put together however, no information about the secret can be revealed. In quantum ramp secret sharing, partial information about the secret is allowed to leak to a set of participants, called an unqualified set, that cannot fully reconstruct the secret. By allowing this, the size of a share can be drastically reduced. This paper introduces a quantum analog of classical strong security in ramp secret sharing schemes. While the ramp secret sharing scheme still leaks partial information about the secret to unqualified sets of participants, the strong security condition ensures that qudits with critical information can no longer be leaked.

  11. IY5512: Part 1 Information Security Group

    E-Print Network [OSTI]

    Mitchell, Chris

    IY5512: Part 1 1 Information Security Group IY5512 Computer Security Part 1: Introduction to computer security Chris Mitchell me@chrismitchell.net http://www.chrismitchell.net 1 Information Security) ... 2 Information Security Group Agenda · Overview · Security goals · Security approaches ­ prevention

  12. Towards a Standard for Highly Secure SCADA Systems

    SciTech Connect (OSTI)

    Carlson, R.

    1998-09-25T23:59:59.000Z

    The critical energy inkstructures include gas, OL and electric power. These Mrastructures are complex and interdependent nmvorks that are vital to the national secwiy and social well being of our nation. Many electric power systems depend upon gas and oil, while fossil energy delive~ systems depend upon elecnic power. The control mechanisms for these Mrastructures are often referred to as SCADA (Supmivry CkmdandDaU Ac@itz&z) systems. SCADA systems provide remote monitoring and centralized control for a distributed tmnsportation infmsmucture in order to facilitate delivery of a commodi~. AIthough many of the SCADA concepts developed in this paper can be applied to automotive mmsponation systems, we will use transportation to refer to the movement of electrici~, gas, and oil. \\ Recently, there have been seveml reports suggesting that the widespread and increasing use of SCADA for control of energy systems provides an increasing opportuni~ for an advers~ to cause serious darnage to the energy inbstmcturei~. This damage could arise through cyber infiltration of the SCADA networks, by physically tampering with the control networks, or through a combination of both means. SCADA system threats decompose into cyber and physical threats. One solution to the SCADA security problem is to design a standard for a highly secure KA.DA system that is both cyber, and physdly secure. Not all-physical threats are possible to guard again% but of those threats that are, high security SCADA provides confidence that the system will continue to operate in their presence. One of the most important problems in SCADA securi~ is the relationship between the cyber and physical vulnerabilities. Cyber intrusion increases physical Vulnerabilities, while in the dual problem physical tampering increases cyber vulnerabilit.ies. There is potential for feedback and the precise dynamics need to be understood. As a first step towards a stan~ the goal of this paper is to facilitate a discussion of the requirements analysis for a highly secure SCADA system. The fi-arnework for the discussion consists of the identification of SCADA security investment areas coupled with the tradeoffs that will force compromises in the solution. For example, computational and bandwidth requirements of a security standard could force the replacement of entire SCADA systems. The requirements for a real-time response in a cascading electric power failure could pose limitations on authentication and encryption mechanisms. The shortest path to the development of a high securi~ SC.ADA standard will be achieved by leveraging existing standards efforts and ensuring that security is being properly addressed in those standards. The Utility Communications Architecture 2.o (UC@, for real-time utili~ decision control, represents one such standard. The development of a SCADA secwiy specification is a complex task that will benefit from a systems engineering approach.

  13. Water vulnerabilities for existing coal-fired power plants.

    SciTech Connect (OSTI)

    Elcock, D.; Kuiper, J.; Environmental Science Division

    2010-08-19T23:59:59.000Z

    This report was funded by the U.S. Department of Energy's (DOE's) National Energy Technology Laboratory (NETL) Existing Plants Research Program, which has an energy-water research effort that focuses on water use at power plants. This study complements the Existing Plants Research Program's overall research effort by evaluating water issues that could impact power plants. Water consumption by all users in the United States over the 2005-2030 time period is projected to increase by about 7% (from about 108 billion gallons per day [bgd] to about 115 bgd) (Elcock 2010). By contrast, water consumption by coal-fired power plants over this period is projected to increase by about 21% (from about 2.4 to about 2.9 bgd) (NETL 2009b). The high projected demand for water by power plants, which is expected to increase even further as carbon-capture equipment is installed, combined with decreasing freshwater supplies in many areas, suggests that certain coal-fired plants may be particularly vulnerable to potential water demand-supply conflicts. If not addressed, these conflicts could limit power generation and lead to power disruptions or increased consumer costs. The identification of existing coal-fired plants that are vulnerable to water demand and supply concerns, along with an analysis of information about their cooling systems and related characteristics, provides information to help focus future research and development (R&D) efforts to help ensure that coal-fired generation demands are met in a cost-effective manner that supports sustainable water use. This study identified coal-fired power plants that are considered vulnerable to water demand and supply issues by using a geographical information system (GIS) that facilitated the analysis of plant-specific data for more than 500 plants in the NETL's Coal Power Plant Database (CPPDB) (NETL 2007a) simultaneously with 18 indicators of water demand and supply. Two types of demand indicators were evaluated. The first type consisted of geographical areas where specific conditions can generate demand vulnerabilities. These conditions include high projected future water consumption by thermoelectric power plants, high projected future water consumption by all users, high rates of water withdrawal per square mile (mi{sup 2}), high projected population increases, and areas projected to be in a water crisis or conflict by 2025. The second type of demand indicator was plant specific. These indicators were developed for each plant and include annual water consumption and withdrawal rates and intensities, net annual power generation, and carbon dioxide (CO{sub 2}) emissions. The supply indictors, which are also area based, include areas with low precipitation, high temperatures, low streamflow, and drought. The indicator data, which were in various formats (e.g., maps, tables, raw numbers) were converted to a GIS format and stored, along with the individual plant data from the CPPDB, in a single GIS database. The GIS database allowed the indicator data and plant data to be analyzed and visualized in any combination. To determine the extent to which a plant would be considered 'vulnerable' to a given demand or supply concern (i.e., that the plant's operations could be affected by water shortages represented by a potential demand or supply indicator), criteria were developed to categorize vulnerability according to one of three types: major, moderate, or not vulnerable. Plants with at least two major demand indicator values and/or at least four moderate demand indicator values were considered vulnerable to demand concerns. By using this approach, 144 plants were identified as being subject to demand concerns only. Plants with at least one major supply indicator value and/or at least two moderate supply indicator values were considered vulnerable to supply concerns. By using this approach, 64 plants were identified as being subject to supply concerns only. In addition, 139 plants were identified as subject to both demand and supply concerns. Therefore, a total of 347 plants were considere

  14. V-062: Asterisk Two Denial of Service Vulnerabilities | Department of

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA group current C3EDepartment of EnergyTheVulnerabilities |Remote

  15. V-074: IBM Informix Genero libpng Integer Overflow Vulnerability |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA group current C3EDepartment of EnergyTheVulnerabilitiesDepartment of

  16. T-578: Vulnerability in MHTML Could Allow Information Disclosure |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23, 2014,Zaleski -BlueprintThisVulnerabilities | Department ofForgery

  17. T-596: 0-Day Windows Network Interception Configuration Vulnerability |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23, 2014,Zaleski -BlueprintThisVulnerabilities | DepartmentDepartment of

  18. ata security feature: Topics by E-print Network

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    sensitive data. The security of the data depends on physical security, OS security and DBMS security. Database security can be compromised by obtaining sensitive data, changing...

  19. CRITICAL INFRASTRUCTURE PROTECTION Multiple Efforts to Secure Control

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742Energy China U.S. Department ofJune 2,TheEnergy December 14, 2007 SpecificSystems Are Under

  20. A Security Framework for Smart Metering with Multiple Data ...

    E-Print Network [OSTI]

    2011-11-28T23:59:59.000Z

    ities and end users being involved in the reshaped market of utilities [1]. Therefore ... even not related to the resource measured (presence at home, habits, etc.) ...

  1. CRITICAL INFRASTRUCTURE PROTECTION Multiple Efforts to Secure Control

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page onYouTube YouTube Note: Since the YouTube platformBuilding Removal OngoingCERCLA(Expenditure-Based)Services0)Systems Are

  2. Security enhanced with increased vehicle inspections

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Security enhanced with increased vehicle inspections Security measures increase as of March: vehicle inspections won't delay traffic New increased security procedures meet LANL's...

  3. On Cyber Security for Networked Control Systems

    E-Print Network [OSTI]

    Amin, Saurabh

    2011-01-01T23:59:59.000Z

    her students on security of process control systems. I amcyber-security tools for process control systems. In theon the security mechanisms of process control systems, few

  4. Global Environmental Change and Human Security

    E-Print Network [OSTI]

    Kunnas, Jan

    2011-01-01T23:59:59.000Z

    with human rights, human security or environmental change ifEnvironmental Change and Human Security By Matthew, RichardChange and Human Security. Cambridge, Massachusetts &

  5. Security and United States Immigration Policy

    E-Print Network [OSTI]

    Totten, Robbie James

    2012-01-01T23:59:59.000Z

    Change and European Security. London: Brassey's. Furer,1981]. American National Security, 6th ed. Baltimore, MD:J. Wheeler. 2008. The Security Dilemma: Fear, Cooperation

  6. Energy and Security in Northeast Asia

    E-Print Network [OSTI]

    May, Michael; Johnson, Celeste; Fei, Edward; Suzuki, Tatsujiro

    1996-01-01T23:59:59.000Z

    regional cooperation on energy and security issues in Asia.Energy and Security in Northeast Asia An IGCC studycan be drawn. The energy security situation and outlook are

  7. Sandia Energy - Cyber Security for Electric Infrastructure

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Cyber Security for Electric Infrastructure Home Stationary Power Grid Modernization Cyber Security for Electric Infrastructure Cyber Security for Electric Infrastructureashoter2015...

  8. Preliminary Notice of Violation, National Security Technologies...

    Office of Environmental Management (EM)

    National Security Technologies, LLC - September 26, 2014 Preliminary Notice of Violation, National Security Technologies, LLC - September 26, 2014 September 26, 2014 Security...

  9. Personnel Security - DOE Directives, Delegations, and Requirements

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    72.2 Chg 1, Personnel Security by Mark Pekrul Functional areas: Personnel Security, Security, Human Capital The order establishes requirements that will enable DOE to operate a...

  10. Some Thoughts on Teaching Secure Programming

    E-Print Network [OSTI]

    Bishop, Matt

    2013-01-01T23:59:59.000Z

    Teaching Context in Information Security,” ACM Journal onWorld Conference on Information Security Education pp. 23–Colloquium on Information Systems Security Education (CISSE)

  11. On Cyber Security for Networked Control Systems

    E-Print Network [OSTI]

    Amin, Saurabh

    2011-01-01T23:59:59.000Z

    Analysis of Information Security Games, Proceedings of theon the Economics of Information Security WEIS’, Hanover, NH,on the Economics of Information Security’. Anderson, R. and

  12. Correlates of vulnerability among arthropod species threatened by invasive ants

    E-Print Network [OSTI]

    Krushelnycky, Paul D.; Gillespie, Rosemary G.

    2010-01-01T23:59:59.000Z

    declines and extinctions of native species worldwide.and even extinctions, of native species through variousG (2004) How species respond to multiple extinction threats.

  13. Energy Sector Vulnerability to Climate Change: Adaptation Options to Increase Resilience (Presentation)

    SciTech Connect (OSTI)

    Newmark, R. L.; Bilello, D.; Macknick, J.; Hallet, K. C.; Anderson, R.; Tidwell, V.; Zamuda, C.

    2013-02-01T23:59:59.000Z

    The U.S. Department of Energy is conducting an assessment of vulnerabilities of the U.S. energy sector to climate change and extreme weather. Emphasizing peer reviewed research, it seeks to quantify vulnerabilities and identify specific knowledge or technology gaps. It draws upon a July 2012 workshop, ?Climate Change and Extreme Weather Vulnerability Assessment of the US Energy Sector?, hosted by the Atlantic Council and sponsored by DOE to solicit industry input.

  14. Vulnerability of nuclear power plant structures to large external fires

    SciTech Connect (OSTI)

    Bennett, D.E.

    1983-08-01T23:59:59.000Z

    This report examines the inherent vulnerability of nuclear power plant structures to the thermal environments arising from large, external fires. The inherent vulnerability is the capacity of the concrete safety-related structures to absorb thermal loads without exceeding the appropriate thermal and structural design criteria. The potential sources of these thermal environments are large, offsite fires arising from accidents involving the transportation or storage of large quantities of flammable gases or liquids. A realistic thermal response analysis of a concrete panel was performed using three limiting criteria: temperature at the first rebar location, erosion and ablation of the front (exterior) surface due to high heat fluxes, and temperature at the back (interior) surface. The results of this analysis yield a relationship between incident heat flux and the maximum allowable exposure duration. Example calculations for the break of a 0.91 m (3') diameter high-pressure natural gas pipeline and a 1 m/sup 2/ hole in a 2-1/2 million gallon gasoline tank show that the resulting fires do not pose a significant hazard for ranges of 500 m or greater.

  15. Chemical Safety Vulnerability Working Group report. Volume 2

    SciTech Connect (OSTI)

    Not Available

    1994-09-01T23:59:59.000Z

    The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 2 consists of seven appendices containing the following: Tasking memorandums; Project plan for the CSV Review; Field verification guide for the CSV Review; Field verification report, Lawrence Livermore National Lab.; Field verification report, Oak Ridge Reservation; Field verification report, Savannah River Site; and the Field verification report, Hanford Site.

  16. Chemical Safety Vulnerability Working Group report. Volume 3

    SciTech Connect (OSTI)

    Not Available

    1994-09-01T23:59:59.000Z

    The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 3 consists of eleven appendices containing the following: Field verification reports for Idaho National Engineering Lab., Rocky Flats Plant, Brookhaven National Lab., Los Alamos National Lab., and Sandia National Laboratories (NM); Mini-visits to small DOE sites; Working Group meeting, June 7--8, 1994; Commendable practices; Related chemical safety initiatives at DOE; Regulatory framework and industry initiatives related to chemical safety; and Chemical inventory data from field self-evaluation reports.

  17. V-054: IBM WebSphere Application Server for z/OS Arbitrary Command Execution Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server (WAS) for z/OS

  18. U-108: Net4Switch ipswcom ActiveX Control Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to a boundary error within the "CxDbgPrint()" function (cxcmrt.dll) when creating a debug message string.

  19. U-016: Cisco IOS Software HTTP Service Loading Denial of Service Vulnerability

    Broader source: Energy.gov [DOE]

    An unauthenticated, remote attacker could exploit this vulnerability to cause a targeted device to stop responding, resulting in a DoS condition

  20. T-655: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability

    Broader source: Energy.gov [DOE]

    Mozilla Firefox is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.