National Library of Energy BETA

Sample records for multiple security vulnerabilities

  1. T-681:IBM Lotus Symphony Multiple Unspecified Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critical security vulnerability issues."

  2. V-083: Oracle Java Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    A Critical Patch Update is a collection of patches for multiple security vulnerabilities. The Critical Patch Update for Java SE also includes non-security fixes. Critical Patch Updates are cumulative and each advisory describes only the security fixes added since the previous Critical Patch Update and Security Alert.

  3. U-104: Adobe Flash Player Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system.

  4. T-566: Citrix Secure Gateway Unspecified Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Citrix Secure Gateway, which can be exploited by malicious people to compromise a vulnerable system.

  5. V-092: Pidgin Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in Pidgin, which can be exploited by malicious people to manipulate certain data, cause a DoS (Denial of Service), and compromise a user's system.

  6. V-096: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    A weakness and multiple vulnerabilities have been reported in Mozilla Thunderbird and SeaMonkey, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, and compromise a user's system.

  7. V-059: MoinMoin Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in MoinMoin, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system and by malicious people to manipulate certain data.

  8. CYBER/PHYSICAL SECURITY VULNERABILITY ASSESSMENT INTEGRATION

    SciTech Connect (OSTI)

    MacDonald, Douglas G.; Key, Brad; Clements, Samuel L.; Hutton, William J.; Craig, Philip A.; Patrick, Scott W.; Crawford, Cary E.

    2011-07-17

    This internally funded Laboratory-Directed R&D project by the Pacific Northwest National Laboratory, in conjunction with QinetiQ North America, is intended to identify and properly assess areas of overlap (and interaction) in the vulnerability assessment process between cyber security and physical protection. Existing vulnerability analysis (VA) processes and software tools exist, and these are heavily utilized in the determination of predicted vulnerability within the physical and cyber security domains. These determinations are normally performed independently of one another, and only interact on a superficial level. Both physical and cyber security subject matter experts have come to realize that though the various interactive elements exist, they are not currently quantified in most periodic security assessments. This endeavor aims to evaluate both physical and cyber VA techniques and provide a strategic approach to integrate the interdependent relationships of each into a single VA capability. This effort will also transform the existing suite of software currently utilized in the physical protection world to more accurately quantify the risk associated with a blended attack scenario. Performance databases will be created to support the characterization of the cyber security elements, and roll them into prototype software tools. This new methodology and software capability will enable analysts to better identify and assess the overall risk during a vulnerability analysis.

  9. U-187: Adobe Flash Player Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Adobe released security updates for Adobe Flash Player 11.2.202.235 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.8 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.9 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

  10. Climate Change: Conflict, Security and Vulnerability Professor of Climate Change

    E-Print Network [OSTI]

    Hulme, Mike

    Climate Change: Conflict, Security and Vulnerability Mike Hulme Professor of Climate Change Science, Society and Sustainability Group School of Environmental Sciences Rethinking Climate Change, Conflict and Security University of Sussex, 18-19 October 2012 1 #12;Weather and climate ... vulnerability and security

  11. Common Cyber Security Vulnerabilities Observed in Control System...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Systems (September 2011) Vulnerability Analysis of Energy Delivery Control Systems - 2011 Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems...

  12. V-106: Citrix Access Gateway Unspecified Security Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Citrix Access Gateway, which can be exploited by malicious people to bypass certain security restrictions.

  13. U-171: DeltaV Products Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Multiple vulnerabilities have been reported in DeltaV products, which can be exploited by malicious people to conduct cross-site scripting attacks, SQL injection attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.

  14. T-560: Cisco Security Advisory: Management Center for Cisco Security Agent Remote Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    The Management Center for Cisco Security Agent is affected by a vulnerability that may allow an unauthenticated attacker to perform remote code execution on the affected device.

  15. CloudSafe: Securing Data Processing within Vulnerable Virtualization Environments in the Cloud

    E-Print Network [OSTI]

    Ryder, Barbara G.

    CloudSafe: Securing Data Processing within Vulnerable Virtualization Environments in the Cloud large-scale cloud applications. Index Terms--cloud security, outsourced computation, side- channel, newly discovered vulnerabilities in cloud virtualization envi- ronment have threatened the security

  16. CRITICAL INFRASTRUCTURE PROTECTION Multiple Efforts to Secure...

    Office of Environmental Management (EM)

    CRITICAL INFRASTRUCTURE PROTECTION Multiple Efforts to Secure Control Systems Are Under Way, but Challenges Remain CRITICAL INFRASTRUCTURE PROTECTION Multiple Efforts to Secure...

  17. U-234: Oracle MySQL User Login Security Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    Oracle MySQL is prone to a security bypass vulnerability Attackers can exploit this issue to bypass certain security restrictions.

  18. T-694: IBM Tivoli Federated Identity Manager Products Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    This Security Alert addresses a serious security issue CVE-2010-4476 (Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number). This vulnerability might cause the Java Runtime Environment to hang, be in infinite loop, and/or crash resulting in a denial of service exposure. This same hang might occur if the number is written without scientific notation (324 decimal places). In addition to the Application Server being exposed to this attack, any Java program using the Double.parseDouble method is also at risk of this exposure including any customer written application or third party written application.

  19. Static Security Analysis based on Vulnerability Index (VI) and Network Contribution Factor

    E-Print Network [OSTI]

    1 Static Security Analysis based on Vulnerability Index (VI) and Network Contribution Factor (NCF introduces a new approach of power system static security analysis based on the Vulnerability Index (VI with the full AC power flow method shows that this approach is promising for fast and accurate static security

  20. V-187: Mozilla Firefox Multiple Vulnerabilities | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of Natural GasAdjustmentsShirleyEnergyThe U.S.Lacledeutilities. The Economics ofConductMultiple vulnerabilities have been

  1. V-214: Mozilla Firefox Multiple Vulnerabilities | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of Natural GasAdjustmentsShirleyEnergyThe U.S.Lacledeutilities. The EconomicsVulnerabilities | DepartmentEnergyMultiple

  2. A Framework for Software Security Risk Evaluation using the Vulnerability Lifecycle and CVSS Metrics

    E-Print Network [OSTI]

    Malaiya, Yashwant K.

    430 A Framework for Software Security Risk Evaluation using the Vulnerability Lifecycle and CVSS if the discovery is made by a black-hat finder. Here, a framework for software risk evaluation with respect to the vulnerability lifecycle is proposed. Risk can be evaluated using the likelihood of a security breach

  3. Implementation of Secure Quantum Protocol using Multiple Photons for Communication

    E-Print Network [OSTI]

    Sayonnha Mandal; Gregory Macdonald; Mayssaa El Rifai; Nikhil Punekar; Farnaz Zamani; Yuhua Chen; Subhash Kak; Pramode K. Verma; Robert C Huck; James Sluss

    2012-08-30

    The paper presents the implementation of a quantum cryptography protocol for secure communication between servers in the cloud. As computing power increases, classical cryptography and key management schemes based on computational complexity become increasingly susceptible to brute force and cryptanalytic attacks. Current implementations of quantum cryptography are based on the BB84 protocol, which is susceptible to siphoning attacks on the multiple photons emitted by practical laser sources. The three-stage protocol, whose implementation is described in this paper, is a departure from conventional practice and it obviates some of the known vulnerabilities of the current implementations of quantum cryptography. This paper presents an implementation of the three-stage quantum communication protocol in free-space. To the best of the authors' knowledge, this is the first implementation of a quantum protocol where multiple photons can be used for secure communication.

  4. Mitigations for Security Vulnerabilities Found in Control System...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Cyber Assessment Methods for SCADA Security Introduction SCADA Security for Managers and Operators Good Practice Guide on Firewall Deployment for SCADA and Process Control Networks...

  5. T-528: Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities

    Broader source: Energy.gov [DOE]

    Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities. Mozilla Firefox, SeaMonkey, and Thunderbird are prone to multiple HTML-injection vulnerabilities. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

  6. International Journal of Smart Grid and Clean Energy Smart Grid Security: Threats, Vulnerabilities and Solutions

    E-Print Network [OSTI]

    Aloul, Fadi

    International Journal of Smart Grid and Clean Energy Smart Grid Security: Threats, Vulnerabilities is currently evolving into the smart grid. Smart grid integrates the traditional electrical power grid, controlling and managing the demands of customers. A smart grid is a huge complex network composed of millions

  7. Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire

    E-Print Network [OSTI]

    Xu, Wenyuan

    Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System companies to collect data ­ "iChange" controls the car via an iPhone ­ More in-car wireless sensor networks. Virtually, all new cars sold or manufactured after 2007 in US are equipped with wireless TPMS. Computer

  8. Hardware-Assisted Secure Resource Accounting under a Vulnerable Hypervisor

    E-Print Network [OSTI]

    - cure resource accounting, even if the hypervisor is compro- mised. Using a secure isolated execution Permission to make digital or hard copies of all or part of this work for personal or classroom use Although cloud computing provides elastic computing re- sources based upon service contracts between cloud

  9. V-207: Wireshark Multiple Denial of Service Vulnerabilities | Department of

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of Natural GasAdjustmentsShirleyEnergyThe U.S.Lacledeutilities. The EconomicsVulnerabilities | Department of Energy

  10. V-208: Google Chrome Multiple Vulnerabilities | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of Natural GasAdjustmentsShirleyEnergyThe U.S.Lacledeutilities. The EconomicsVulnerabilities | Department of Energy

  11. V-224: Google Chrome Multiple Vulnerabilities | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of Natural GasAdjustmentsShirleyEnergyThe U.S.Lacledeutilities. The EconomicsVulnerabilities

  12. U-197: Cisco Adaptive Security Appliances Denial of Service Vulnerability |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of Natural GasAdjustmentsShirleyEnergyThe U.S.Laclede GasEfficiency| DepartmentSecurity |Know |1, inUraniumDepartment of

  13. T-542: SAP Crystal Reports Server Multiple Vulnerabilities | Department of

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Delicious RankADVANCED MANUFACTURINGEnergyPlan | Department ofSUPPLEMENTSwitzerland 2012SystemSecurity Controls

  14. U-198: IBM Lotus Expeditor Multiple Vulnerabilities | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of Natural GasAdjustmentsShirleyEnergyThe U.S.Laclede GasEfficiency| DepartmentSecurity |Know |1, inUraniumDepartment

  15. U-169: Sympa Multiple Security Bypass Vulnerabilities | Department of

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Delicious RankADVANCEDInstallers/ContractorsPhotovoltaicsStateof Energy TwoEventScripting Attacks

  16. V-119: IBM Security AppScan Enterprise Multiple Vulnerabilities |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on DeliciousMathematics And Statistics » USAJobs Search USAJobs SearchWater-Savingof Energy 5: Apple iOS

  17. T-527: OpenSC Smart Card Serial Number Multiple Buffer Overflow Vulnerabilities

    Broader source: Energy.gov [DOE]

    OpenSC is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

  18. U-117: Potential security vulnerability has been identified with certain HP

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Delicious RankADVANCEDInstallers/ContractorsPhotovoltaicsStateof Energy TwoEvent atMultiple Vulnerabilities

  19. V-191: Apple Mac OS X Multiple Vulnerabilities | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of Natural GasAdjustmentsShirleyEnergyThe U.S.Lacledeutilities. The Economics ofConductMultiple vulnerabilitiesApple has

  20. V-211: IBM iNotes Multiple Vulnerabilities | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of Natural GasAdjustmentsShirleyEnergyThe U.S.Lacledeutilities. The EconomicsVulnerabilities | Department ofMultiple

  1. Sandia Energy - SCADA Vulnerability Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    SCADA Vulnerability Assessments Home Stationary Power Safety, Security & Resilience of Energy Infrastructure Grid Modernization Cyber Security for Electric Infrastructure National...

  2. Using Multiple Unmanned Systems for a Site Security Task

    SciTech Connect (OSTI)

    Matthew O. Anderson; Curtis W. Nielsen; Mark D. McKay; Derek C. Wadsworth; Ryan C. Hruska; John A. Koudelka

    2009-04-01

    Unmanned systems are often used to augment the ability of humans to perform challenging tasks. While the value of individual unmanned vehicles have been proven for a variety of tasks, it is less understood how multiple unmanned systems should be used together to accomplish larger missions such as site security. The purpose of this paper is to discuss efforts by researchers at the Idaho National Laboratory (INL) to explore the utility and practicality of operating multiple unmanned systems for a site security mission. This paper reviews the technology developed for a multi-agent mission and summarizes the lessons-learned from a technology demonstration.

  3. U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities

    Broader source: Energy.gov [DOE]

    Vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS).

  4. A Reliable and Secure Cloud Storage Schema Using Multiple Service Providers

    E-Print Network [OSTI]

    Xu, Haiping

    A Reliable and Secure Cloud Storage Schema Using Multiple Service Providers Haiping Xu and Deepti stored in the cloud. In this paper, we propose a reliable and secure cloud storage schema using multiple at the server side, we propose a reliable and secure cloud storage schema that can be implemented at the client

  5. Security Vulnerabilities of the Cisco IOS Implementation of the MPLS Transport Profile

    E-Print Network [OSTI]

    Floreano, Dario

    Profile (MPLS-TP), in the context of smart-grid communication networks. The security guidelines Transport Profile (MPLS-TP) is one of the proposed communication technologies for smart-grid networks [6

  6. Using Violation and Vulnerability Analysis to Understand the Root-Causes of Complex Security Incidents

    E-Print Network [OSTI]

    Johnson, Chris

    Department of Energy has also established the Information Security Resource Center to coordinate the `root 2003) highlighted several commercial initiatives to understand not simply what went wrong in any single the underlying `systemic' technical, managerial and organizational precursors. Unfortunately

  7. U-228: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Delicious RankADVANCEDInstallers/ContractorsPhotovoltaicsStateof Energy TwoEventScriptingVulnerabilityURLDepartment

  8. The 2011 Military Communications Conference -Track 3 -Cyber Security and Network Operations From Security to Vulnerability: Data Authentication

    E-Print Network [OSTI]

    Wang, Wenye

    lines and transform ers [5], to perform critical functions of energy transmission and distributionThe 2011 Military Communications Conference - Track 3 - Cyber Security and Network Operations From Wang· Zhuo Lu* Jianfeng Mat "Department of Electrical and Computer Engineering, NC State University

  9. The New Institutional Design of the Procuracy in Brazil: Multiplicity of Veto Players and Institutional Vulnerability

    E-Print Network [OSTI]

    Nóbrega, Flavianne Fernanda Bitencourt

    2007-01-01

    be used by certain political actors as a powerful instrumentto other relevant political actors in the executive andinteracting with other political actors in multiple arena

  10. U-186: IBM WebSphere Sensor Events Multiple Vulnerabilities | Department of

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of Natural GasAdjustmentsShirleyEnergyThe U.S.Laclede GasEfficiency| DepartmentSecurity |Know |1, inUranium

  11. V-197: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of Natural GasAdjustmentsShirleyEnergyThe U.S.Lacledeutilities. The Economics ofConductMultipleAccount Password

  12. T-597: WordPress Multiple Security Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Delicious RankADVANCED MANUFACTURINGEnergyPlan | Department ofSUPPLEMENTSwitzerland| Department of

  13. T-551: Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabilities

    Energy Savers [EERE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on QA:QA J-E-1 SECTION J APPENDIX E LIST OF APPLICABLEStatutory Authority SustainXSystem for Award35: OracleEnergy|

  14. Sandia Energy - Grid Cyber Vulnerability & Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Development of cyber security architectures and frameworks, including some for microgrids. Detailed vulnerability assessment of systems, devices, components, and procedures....

  15. VULCAN: Vulnerability Assessment Framework for Cloud Computing

    E-Print Network [OSTI]

    Kavi, Krishna

    services on Cloud is complex because the security depends on the vulnerability of infrastructure, platform services on Cloud is complex because the security depends on the vulnerability of infrastruc- ture?". Or "I want to host this software application in this cloud environment, what security vulnerabilities I

  16. Benefits of Multiple Transmit Antennas in Secure Communication: A Secrecy Outage Viewpoint

    E-Print Network [OSTI]

    Zhou, Xiangyun "Sean"

    Benefits of Multiple Transmit Antennas in Secure Communication: A Secrecy Outage Viewpoint Xi Zhang confusing the eavesdrop- per by delivering artificial noise. A recently developed secrecy outage formulation the security performance. We show that an arbitrarily low secrecy outage probability cannot be achieved

  17. Public views on multiple dimensions of security : nuclear waepons, terrorism, energy, and the environment : 2007.

    SciTech Connect (OSTI)

    Herron, Kerry Gale; Jenkins-Smith, Hank C.

    2008-01-01

    We analyze and compare findings from identical national surveys of the US general public on nuclear security and terrorism administered by telephone and Internet in mid-2007. Key areas of investigation include assessments of threats to US security; valuations of US nuclear weapons and nuclear deterrence; perspectives on nuclear proliferation, including the specific cases of North Korea and Iran; and support for investments in nuclear weapons capabilities. Our analysis of public views on terrorism include assessments of the current threat, progress in the struggle against terrorism, preferences for responding to terrorist attacks at different levels of assumed casualties, and support for domestic policies intended to reduce the threat of terrorism. Also we report findings from an Internet survey conducted in mid 2007 that investigates public views of US energy security, to include: energy supplies and reliability; energy vulnerabilities and threats, and relationships among security, costs, energy dependence, alternative sources, and research and investment priorities. We analyze public assessments of nuclear energy risks and benefits, nuclear materials management issues, and preferences for the future of nuclear energy in the US. Additionally, we investigate environmental issues as they relate to energy security, to include expected implications of global climate change, and relationships among environmental issues and potential policy options.

  18. Vendor System Vulnerability Testing Test Plan

    SciTech Connect (OSTI)

    James R. Davidson

    2005-01-01

    The Idaho National Laboratory (INL) prepared this generic test plan to provide clients (vendors, end users, program sponsors, etc.) with a sense of the scope and depth of vulnerability testing performed at the INL’s Supervisory Control and Data Acquisition (SCADA) Test Bed and to serve as an example of such a plan. Although this test plan specifically addresses vulnerability testing of systems applied to the energy sector (electric/power transmission and distribution and oil and gas systems), it is generic enough to be applied to control systems used in other critical infrastructures such as the transportation sector, water/waste water sector, or hazardous chemical production facilities. The SCADA Test Bed is established at the INL as a testing environment to evaluate the security vulnerabilities of SCADA systems, energy management systems (EMS), and distributed control systems. It now supports multiple programs sponsored by the U.S. Department of Energy, the U.S. Department of Homeland Security, other government agencies, and private sector clients. This particular test plan applies to testing conducted on a SCADA/EMS provided by a vendor. Before performing detailed vulnerability testing of a SCADA/EMS, an as delivered baseline examination of the system is conducted, to establish a starting point for all-subsequent testing. The series of baseline tests document factory delivered defaults, system configuration, and potential configuration changes to aid in the development of a security plan for in depth vulnerability testing. The baseline test document is provided to the System Provider,a who evaluates the baseline report and provides recommendations to the system configuration to enhance the security profile of the baseline system. Vulnerability testing is then conducted at the SCADA Test Bed, which provides an in-depth security analysis of the Vendor’s system.b a. The term System Provider replaces the name of the company/organization providing the system being evaluated. This can be the system manufacturer, a system user, or a third party organization such as a government agency. b. The term Vendor (or Vendor’s) System replaces the name of the specific SCADA/EMS being tested.

  19. Faculty Information Security Guide

    E-Print Network [OSTI]

    Faculty Information Security Guide Dartmouth Your information is vitally important to your teaching protect your information. THE DARTMOUTH INFORMATION SECURITY COMMITTEE The Dartmouth Information Security Committee (DISC) meets monthly to assess vulnerabilities of information security, and to develop and revise

  20. Security Science & Technology | Nuclear Science | ORNL

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Nuclear Security Science & Technology Border Security Comprehensive Vulnerability and Threat Analysis Consequence Management, Safeguards, and Non-Proliferation Tools Export...

  1. Security

    Broader source: Energy.gov [DOE]

    Security refers to the security of the stream of principal and interest repayments and what happens in the event that a secured loan defaults.

  2. V-216: Drupal Monster Menus Module Security Bypass and Script...

    Office of Environmental Management (EM)

    6: Drupal Monster Menus Module Security Bypass and Script Insertion Vulnerabilities V-216: Drupal Monster Menus Module Security Bypass and Script Insertion Vulnerabilities August...

  3. T-614: Cisco Unified Communications Manager Database Security...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    14: Cisco Unified Communications Manager Database Security Vulnerability T-614: Cisco Unified Communications Manager Database Security Vulnerability May 3, 2011 - 7:37am Addthis...

  4. T-565: Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability

    Broader source: Energy.gov [DOE]

    Microsoft is releasing this security advisory to help ensure customers are aware that an update to the Microsoft Malware Protection Engine also addresses a security vulnerability reported to Microsoft.

  5. COMMUNICATION VULNERABILITIES AND MITIGATIONS IN WIND POWER SCADA SYSTEMS

    E-Print Network [OSTI]

    1 COMMUNICATION VULNERABILITIES AND MITIGATIONS IN WIND POWER SCADA SYSTEMS American Wind Energy/ Abstract This paper focuses on securing wind power Supervisory Control And Data Acquisition (SCADA) systems security vulnerabilities. To address these new vulnerabilities in wind power SCADA systems, we apply

  6. T-551: Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabil...

    Broader source: Energy.gov (indexed) [DOE]

    Player Vulnerabilities. PLATFORM: Cisco WebEx recording players. Microsoft Windows, Apple Mac OS X, and Linux versions of the player are all affected. Affected versions of the...

  7. Energy vulnerability relationships

    SciTech Connect (OSTI)

    Shaw, B.R.; Boesen, J.L.

    1998-02-01

    The US consumption of crude oil resources has been a steadily growing indicator of the vitality and strength of the US economy. At the same time import diversity has also been a rapidly developing dimension of the import picture. In the early 1970`s, embargoes of crude oil from Organization of Producing and Exporting Countries (OPEC) created economic and political havoc due to a significant lack of diversity and a unique set of economic, political and domestic regulatory circumstances. The continued rise of imports has again led to concerns over the security of our crude oil resource but threats to this system must be considered in light of the diversity and current setting of imported oil. This report develops several important issues concerning vulnerability to the disruption of oil imports: (1) The Middle East is not the major supplier of oil to the United States, (2) The US is not vulnerable to having its entire import stream disrupted, (3) Even in stable countries, there exist vulnerabilities to disruption of the export stream of oil, (4) Vulnerability reduction requires a focus on international solutions, and (5) DOE program and policy development must reflect the requirements of the diverse supply. Does this increasing proportion of imported oil create a {open_quotes}dependence{close_quotes}? Does this increasing proportion of imported oil present a vulnerability to {open_quotes}price shocks{close_quotes} and the tremendous dislocations experienced during the 1970`s? Finally, what is the vulnerability of supply disruptions from the current sources of imported oil? If oil is considered to be a finite, rapidly depleting resource, then the answers to these questions must be {open_quotes}yes.{close_quotes} However, if the supply of oil is expanding, and not limited, then dependence is relative to regional supply sources.

  8. U-190: Microsoft Security Bulletin MS12-037- Critical

    Office of Energy Efficiency and Renewable Energy (EERE)

    This security update resolves one publicly disclosed and twelve privately reported vulnerabilities in Internet Explorer.

  9. Towards Evidence-Based Assessment of Factors Contributing to the Introduction and Detection of Software Vulnerabilities

    E-Print Network [OSTI]

    Finifter, Matthew Smith

    2013-01-01

    code analysis to detect software security vulnerabilities—A systematic review of software fault prediction studies.47] Noopur Davis. Secure Software Development Life Cycle

  10. TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED...

    Broader source: Energy.gov (indexed) [DOE]

    Vulnerabilities of Control Systems and Their Associated Migitations (2006) Introduction SCADA Security for Managers and Operators DOE National SCADA Test Bed Program Multi-Year...

  11. Top 10 Vulnerabilities of Control Systems and Their Associated...

    Broader source: Energy.gov (indexed) [DOE]

    and Theif Associated Mitigations (2006) More Documents & Publications Introduction SCADA Security for Managers and Operators TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND...

  12. V-145: IBM Tivoli Federated Identity Manager Products Java Multiple...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities V-145: IBM Tivoli Federated Identity Manager Products Java Multiple Vulnerabilities April 30, 2013 -...

  13. V-205: IBM Tivoli System Automation for Multiplatforms Java Multiple...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    5: IBM Tivoli System Automation for Multiplatforms Java Multiple Vulnerabilities V-205: IBM Tivoli System Automation for Multiplatforms Java Multiple Vulnerabilities July 29, 2013...

  14. V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilit...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    1: IBM Maximo Asset Management Products Java Multiple Vulnerabilities V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities May 22, 2013 - 12:46am Addthis...

  15. INFORMATION SECURITY University Policy No: IM7800

    E-Print Network [OSTI]

    Victoria, University of

    Page 1 INFORMATION SECURITY POLICY University Policy No: IM7800 Classification: Information to an Information Security Incident Procedures for Addressing Security Vulnerabilities of University Information Resources and Information Systems University Information Security Classification Procedures Procedures

  16. A Method for Estimating the Financial Impact of Cyber Information Security Breaches Utilizing the Common Vulnerability Scoring System and Annual Loss Expectancy

    E-Print Network [OSTI]

    Lindsey, Michael B.

    2010-05-14

    calculate the likelihood of a successful cyber security attack and the resulting financial impacts. The method incorporates annual loss expectancy and cost-benefit, which are tools familiar to most mid-level managers responsible for budget creation....

  17. Where computer security meets national security1 Helen Nissenbaum

    E-Print Network [OSTI]

    Nissenbaum, Helen

    of International Relations. Key words: cyber-security, computer security, securitization Introduction OverWhere computer security meets national security1 Helen Nissenbaum Department of Culture conceptions of security in contemporary concerns over the vulnerability of computers and networks to hostile

  18. U-106: Citrix XenServer Multiple Flaws in Web Self Service Have...

    Broader source: Energy.gov (indexed) [DOE]

    Multiple vulnerabilities were reported in Citrix XenServer Web Self Service. PLATFORM: Version(s): 5.5, 5.6 SP2, 6.0; Web Self Service prior to 1.1.1 ABSTRACT: A number of security...

  19. Validating Cyber Security Requirements: A Case Study

    SciTech Connect (OSTI)

    Abercrombie, Robert K; Sheldon, Frederick T; Mili, Ali

    2011-01-01

    Vulnerabilities in a system may have widely varying impacts on system security. In practice, security should not be defined as the absence of vulnerabilities. In practice, security should not be quantified by the number of vulnerabilities. Security should be managed by pursuing a policy that leads us first to the highest impact vulnerabilities. In light of these observations, we argue in favor of shifting our focus from vulnerability avoidance/removal to measurable security attributes. To this effect, we recommend a logic be used for system security, which captures/represents security properties in quantifiable, verifiable, measurable terms so that it is possible to reason about security in terms of its observable/perceptible effects rather than its hypothesized causes. This approach is orthogonal to existing techniques for vulnerability avoidance, removal, detection, and recovery, in the sense that it provides a means to assess, quantify, and combine these techniques.

  20. Study of Security Attributes of Smart Grid Systems- Current Cyber Security Issues

    SciTech Connect (OSTI)

    Wayne F. Boyer; Scott A. McBride

    2009-04-01

    This document provides information for a report to congress on Smart Grid security as required by Section 1309 of Title XIII of the Energy Independence and Security Act of 2007. The security of any future Smart Grid is dependent on successfully addressing the cyber security issues associated with the nation’s current power grid. Smart Grid will utilize numerous legacy systems and technologies that are currently installed. Therefore, known vulnerabilities in these legacy systems must be remediated and associated risks mitigated in order to increase the security and success of the Smart Grid. The implementation of Smart Grid will include the deployment of many new technologies and multiple communication infrastructures. This report describes the main technologies that support Smart Grid and summarizes the status of implementation into the existing U.S. electrical infrastructure.

  1. T-592: Cisco Security Advisory: Cisco Secure Access Control System...

    Broader source: Energy.gov (indexed) [DOE]

    A vulnerability was reported in Cisco Secure Access Control System. A remote user can change the passwords of arbitrary users. PLATFORM: Cisco Secure ACS versions 5.1 patch 3, 4,...

  2. V-230: IBM TRIRIGA Application Platform Multiple Cross-Site Scripting...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    0: IBM TRIRIGA Application Platform Multiple Cross-Site Scripting Vulnerabilities V-230: IBM TRIRIGA Application Platform Multiple Cross-Site Scripting Vulnerabilities August 29,...

  3. V-069: BlackBerry Tablet OS Adobe Flash Player and Samba Multiple...

    Broader source: Energy.gov (indexed) [DOE]

    OS Adobe Flash Player and Samba Multiple Vulnerabilities PLATFORM: BlackBerry Tablet Software versions 2.1.0.1032 and prior. ABSTRACT: Multiple vulnerabilities have been reported...

  4. Vulnerability assessment of water supply systems for insufficient fire flows 

    E-Print Network [OSTI]

    Kanta, Lufthansa Rahman

    2009-05-15

    Water supply systems’ vulnerability towards physical, chemical, biological, and cyber threats was recognized and was under study long before September 11, 2001. But greater attention toward security measures for water ...

  5. V-152: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilit...

    Broader source: Energy.gov (indexed) [DOE]

    Multiple vulnerabilities have been reported in Cisco Unified Customer Voice Portal (CVP) PLATFORM: The vulnerabilities are reported in versions prior to 9.0.1 ES 11 ABSTRACT:...

  6. V-132: IBM Tivoli System Automation Application Manager Multiple...

    Broader source: Energy.gov (indexed) [DOE]

    IBM has acknowledged multiple vulnerabilities in IBM Tivoli System Automation Application Manager PLATFORM: The vulnerabilities are reported in IBM Tivoli System Automation...

  7. V-180: IBM Application Manager For Smart Business Multiple Vulnerabili...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    (GSKit). 8) Multiple vulnerabilities are caused due to a bundled vulnerable version of Java. IMPACT: IBM Application Manager For Smart Business can be exploited by malicious...

  8. Analyses Of Two End-User Software Vulnerability Exposure Metrics

    SciTech Connect (OSTI)

    Jason L. Wright; Miles McQueen; Lawrence Wellman

    2012-08-01

    The risk due to software vulnerabilities will not be completely resolved in the near future. Instead, putting reliable vulnerability measures into the hands of end-users so that informed decisions can be made regarding the relative security exposure incurred by choosing one software package over another is of importance. To that end, we propose two new security metrics, average active vulnerabilities (AAV) and vulnerability free days (VFD). These metrics capture both the speed with which new vulnerabilities are reported to vendors and the rate at which software vendors fix them. We then examine how the metrics are computed using currently available datasets and demonstrate their estimation in a simulation experiment using four different browsers as a case study. Finally, we discuss how the metrics may be used by the various stakeholders of software and to software usage decisions.

  9. Apparatus and method supporting wireless access to multiple security layers in an industrial control and automation system or other system

    DOE Patents [OSTI]

    Chen, Yu-Gene T.

    2013-04-16

    A method includes receiving a message at a first wireless node. The first wireless node is associated with a first wired network, and the first wired network is associated with a first security layer. The method also includes transmitting the message over the first wired network when at least one destination of the message is located in the first security layer. The method further includes wirelessly transmitting the message for delivery to a second wireless node when at least one destination of the message is located in a second security layer. The second wireless node is associated with a second wired network, and the second wired network is associated with the second security layer. The first and second security layers may be associated with different security paradigms and/or different security domains. Also, the message could be associated with destinations in the first and second security layers.

  10. CIOs Uncensored: Security Smarts.

    SciTech Connect (OSTI)

    Johnson, Gerald R.

    2008-02-25

    This commentary for the CIOs Uncensored section of InformationWeek will discuss PNNL’s “defense in depth” approach to cyber security. It will cover external and internal safeguards, as well as the all-important role of employees in the cyber security equation. For employees are your greatest vulnerability – and your last line of defense.

  11. U-101: Mozilla Firefox / Thunderbird / SeaMonkey XBL Binding Use-After-Free Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in multiple Mozilla products, which can be exploited by malicious people to compromise a user's system.

  12. T-668: Vulnerability in a BlackBerry Enterprise Server component could allow information disclosure and partial denial of service

    Broader source: Energy.gov [DOE]

    This advisory describes a security issue in the BlackBerry Administration API component. Successful exploitation of the vulnerability could result in information disclosure and partial denial of service (DoS). The BlackBerry Administration API is a BlackBerry Enterprise Server component that is installed on the server that hosts the BlackBerry Administration Service. The BlackBerry Administration API contains multiple web services that receive API requests from client applications. The BlackBerry Administration API then translates requests into a format that the BlackBerry Administration Service can process.

  13. Cyber Security & Smart Grid 

    E-Print Network [OSTI]

    Shapiro, J.

    2011-01-01

    and interoperability ESL-KT-11-11-23 CATEE 2011, Dallas, Texas, Nov. 7 ? 9, 2011 Cyber Vulnerabilities In The Legacy Power Grid ? SCADA Security ? Supervisory Control and Data Acquisition (SCADA) systems are used extensively to control and monitor the national... & Smart Grid Jonathan Shapiro Texas Institute The Clean Air Through Energy Efficiency (CATEE) Conference Cyber Security & Smart Grid ESL-KT-11-11-23 CATEE 2011, Dallas, Texas, Nov. 7 ? 9, 2011 Cyber Security and The Smart Grid Networks...

  14. Facility Environmental Vulnerability Assessment

    SciTech Connect (OSTI)

    Van Hoesen, S.D.

    2001-07-09

    From mid-April through the end of June 2001, a Facility Environmental Vulnerability Assessment (FEVA) was performed at Oak Ridge National Laboratory (ORNL). The primary goal of this FEVA was to establish an environmental vulnerability baseline at ORNL that could be used to support the Laboratory planning process and place environmental vulnerabilities in perspective. The information developed during the FEVA was intended to provide the basis for management to initiate immediate, near-term, and long-term actions to respond to the identified vulnerabilities. It was expected that further evaluation of the vulnerabilities identified during the FEVA could be carried out to support a more quantitative characterization of the sources, evaluation of contaminant pathways, and definition of risks. The FEVA was modeled after the Battelle-supported response to the problems identified at the High Flux Beam Reactor at Brookhaven National Laboratory. This FEVA report satisfies Corrective Action 3A1 contained in the Corrective Action Plan in Response to Independent Review of the High Flux Isotope Reactor Tritium Leak at the Oak Ridge National Laboratory, submitted to the Department of Energy (DOE) ORNL Site Office Manager on April 16, 2001. This assessment successfully achieved its primary goal as defined by Laboratory management. The assessment team was able to develop information about sources and pathway analyses although the following factors impacted the team's ability to provide additional quantitative information: the complexity and scope of the facilities, infrastructure, and programs; the significantly degraded physical condition of the facilities and infrastructure; the large number of known environmental vulnerabilities; the scope of legacy contamination issues [not currently addressed in the Environmental Management (EM) Program]; the lack of facility process and environmental pathway analysis performed by the accountable line management or facility owner; and poor facility and infrastructure drawings. The assessment team believes that the information, experience, and insight gained through FEVA will help in the planning and prioritization of ongoing efforts to resolve environmental vulnerabilities at UT-Battelle--managed ORNL facilities.

  15. Vulnerability Assessment for Cascading Failures in Electric Power Systems

    SciTech Connect (OSTI)

    Baldick, R.; Chowdhury, Badrul; Dobson, Ian; Dong, Zhao Yang; Gou, Bei; Hawkins, David L.; Huang, Zhenyu; Joung, Manho; Kim, Janghoon; Kirschen, Daniel; Lee, Stephen; Li, Fangxing; Li, Juan; Li, Zuyi; Liu, Chen-Ching; Luo, Xiaochuan; Mili, Lamine; Miller, Stephen; Nakayama, Marvin; Papic, Milorad; Podmore, Robin; Rossmaier, John; Schneider, Kevin P.; Sun, Hongbin; Sun, Kai; Wang, David; Wu, Zhigang; Yao, Liangzhong; Zhang, Pei; Zhang, Wenjie; Zhang, Xiaoping

    2008-09-10

    Cascading failures present severe threats to power grid security, and thus vulnerability assessment of power grids is of significant importance. Focusing on analytic methods, this paper reviews the state of the art of vulnerability assessment methods in the context of cascading failures in three categories: steady-state modeling based analysis; dynamic modeling analysis; and non-traditional modeling approaches. The impact of emerging technologies including phasor technology, high-performance computing techniques, and visualization techniques on the vulnerability assessment of cascading failures is then addressed, and future research directions are presented.

  16. Plutonium Vulnerability Management Plan

    SciTech Connect (OSTI)

    1995-03-01

    This Plutonium Vulnerability Management Plan describes the Department of Energy`s response to the vulnerabilities identified in the Plutonium Working Group Report which are a result of the cessation of nuclear weapons production. The responses contained in this document are only part of an overall, coordinated approach designed to enable the Department to accelerate conversion of all nuclear materials, including plutonium, to forms suitable for safe, interim storage. The overall actions being taken are discussed in detail in the Department`s Implementation Plan in response to the Defense Nuclear Facilities Safety Board (DNFSB) Recommendation 94-1. This is included as Attachment B.

  17. Climate change vulnerability

    E-Print Network [OSTI]

    Hilderbrand, Robert H.

    Climate change vulnerability assessment of the Verde Island Passage, Philippines #12;ii This document should be cited as: R. Boquiren, G. Di Carlo, and M.C. Quibilan (Eds). 2010. Climate Change, Marine Climate Change Program Conservation International­Global Marine Division epidgeon

  18. V-094: IBM Multiple Products Multiple Vulnerabilities | Department of

    Energy Savers [EERE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on QA:QA J-E-1 SECTION J APPENDIX E LIST OF APPLICABLEStatutoryin theNuclearEnergy UtilityDepartment ofEnergy 094:

  19. U-200: Red Hat Directory Server Information Disclosure Security...

    Broader source: Energy.gov (indexed) [DOE]

    A security issue and a vulnerability have been reported in Red Hat Directory Server, which can be exploited by malicious users to disclose sensitive information. PLATFORM: Red Hat...

  20. OPTIMIZATION STRATEGIES FOR THE VULNERABILITY ANALYSIS OF THE ELECTRIC POWER GRID

    E-Print Network [OSTI]

    Pinar, Ali

    OPTIMIZATION STRATEGIES FOR THE VULNERABILITY ANALYSIS OF THE ELECTRIC POWER GRID ALI PINAR, JUAN would cause a severe blackout, is critical for the secure operation of the electric power grid. We show how power grid vulnerability analysis can be studied as a bilevel mixed integer nonlinear programming

  1. V-125: Cisco Connected Grid Network Management System Multiple...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    System 2.x ABSTRACT: Some vulnerabilities have been reported in Cisco Connected Grid Network Management System. REFERENCE LINKS: Cisco Security Notice CVE-2013-1163 Cisco...

  2. Increasing Automated Vulnerability Assessment Accuracy on Cloud and Grid Middleware

    E-Print Network [OSTI]

    Miller, Barton P.

    systems, i.e. SCADA systems. The use of automated tools for vulnerability assessment is quite attractive in most existing Grid and Cloud projects, and even in "Supervisory Control and Data Acquisition (SCADA]. Nowadays security is one of the most desirable features of the computational Grid, Cloud, and SCADA systems

  3. Winter, snow : an inquiry into vulnerability

    E-Print Network [OSTI]

    Orme, Wanda

    2012-01-01

    snow} ..SAN DIEGO Winter, Snow. An Inquiry into Vulnerability. AOF THE THESIS Winter, Snow. An Inquiry into Vulnerability by

  4. Secure Core Contact Information

    E-Print Network [OSTI]

    Secure Core Contact Information C. E. Irvine irvine@nps.edu 831-656-2461 Department of Computer for the secure management of local and/or remote information in multiple contexts. The SecureCore project Science Graduate School of Operations and Information Sciences www.cisr.nps.edu Project Description

  5. MALI CLIMATE VULNERABILITY JANUARY 2014

    E-Print Network [OSTI]

    Columbia University

    MALI CLIMATE VULNERABILITY MAPPING JANUARY 2014 This report is made possible by the support at Columbia University Cover Photo: Overall vulnerability map of Mali (quintile map legend), CIESIN, 2013 Project Manager Burlington, Vermont Tel.: 802-658-3890 Anna.Farmer@tetratech.com #12;MALI CLIMATE

  6. Cyber Security Testing and Training Programs for Industrial Control Systems

    SciTech Connect (OSTI)

    Daniel Noyes

    2012-03-01

    Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall security posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These trainings vary from web-based cyber security trainings for control systems engineers to more advanced hands-on training that culminates with a Red Team/ Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors.

  7. CLIMATE CHANGE AND WATER SUPPLY SECURITY

    E-Print Network [OSTI]

    CLIMATE CHANGE AND WATER SUPPLY SECURITY: Reconfiguring Groundwater Management to Reduce with climate change, present a significant planning challenge for California's water agencies. This research Drought Vulnerability A White Paper from the California Energy Commission's California Climate

  8. Developmental Integrative BiologyCyber Security UNT is recognized by the National Security Agency and the Department of

    E-Print Network [OSTI]

    Tarau, Paul

    security. Information and computer security, trust and information assurance, systems architecture to identify and address a range of changing information sources and security vulnerabilities. UNT brings experts to address next generation challenges. The UNT-based Center for Information and Computer Security

  9. V-167: GnuTLS TLS Record Decoding Denial of Service Vulnerability...

    Broader source: Energy.gov (indexed) [DOE]

    Write Error Lets Remote Users Execute Arbitrary Code V-178: IBM Data Studio Web Console Java Multiple Vulnerabilities JC3 Contact: Voice:Hotline at 1-866-941-2472 World Wide Web:...

  10. Departmental Personnel Security- Clearance Automation

    Broader source: Energy.gov [DOE]

    The primary objective of the DOE Integrated Security System (eDISS+) Initiative is to support the integration of multiple DOE security systems and databases. This integrated environment provides...

  11. Method and tool for network vulnerability analysis

    DOE Patents [OSTI]

    Swiler, Laura Painton (Albuquerque, NM); Phillips, Cynthia A. (Albuquerque, NM)

    2006-03-14

    A computer system analysis tool and method that will allow for qualitative and quantitative assessment of security attributes and vulnerabilities in systems including computer networks. The invention is based on generation of attack graphs wherein each node represents a possible attack state and each edge represents a change in state caused by a single action taken by an attacker or unwitting assistant. Edges are weighted using metrics such as attacker effort, likelihood of attack success, or time to succeed. Generation of an attack graph is accomplished by matching information about attack requirements (specified in "attack templates") to information about computer system configuration (contained in a configuration file that can be updated to reflect system changes occurring during the course of an attack) and assumed attacker capabilities (reflected in "attacker profiles"). High risk attack paths, which correspond to those considered suited to application of attack countermeasures given limited resources for applying countermeasures, are identified by finding "epsilon optimal paths."

  12. MAPPING CLIMATE CHANGE EXPOSURES, VULNERABILITIES,

    E-Print Network [OSTI]

    MAPPING CLIMATE CHANGE EXPOSURES, VULNERABILITIES, AND ADAPTATION TO PUBLIC HEALTH RISKS's California Climate Change Center JULY 2012 CEC5002012041 Prepared for: California Energy Commission of California. #12; ii ABSTRACT This study reviewed first available frameworks for climate change adaptation

  13. V-205: IBM Tivoli System Automation for Multiplatforms Java Multiple...

    Broader source: Energy.gov (indexed) [DOE]

    IBM has acknowledged a weakness and multiple vulnerabilities in IBM Tivoli System Automation for Multiplatforms, which can be exploited by malicious, local users to disclose...

  14. V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilit...

    Broader source: Energy.gov (indexed) [DOE]

    IBM Maximo Asset Management Products Java Multiple Vulnerabilities PLATFORM: IBM Maximo Asset Management 6.x IBM Maximo Asset Management 7.x IBM Maximo Asset Management Essentials...

  15. Test & Security G. DiNatale, M. Doulcier, M-L. Flottes, B. Rouzeyre

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    LIRMMLIRMM Test & Security G. DiNatale, M. Doulcier, M-L. Flottes, B. Rouzeyre Pastis 2008 lirmm-00365276,version1-2Mar2009 #12;LIRMM Circuit testing is mandatory to guarantee a good security level A hardware defect may induce some security vulnerability But Test & Security : the dilemma Test Security

  16. System and method for secure group transactions

    DOE Patents [OSTI]

    Goldsmith, Steven Y. (Rochester, MN)

    2006-04-25

    A method and a secure system, processing on one or more computers, provides a way to control a group transaction. The invention uses group consensus access control and multiple distributed secure agents in a network environment. Each secure agent can organize with the other secure agents to form a secure distributed agent collective.

  17. International Journal of Communication Networks and Information Security (IJCNIS) Vol. 1, No. 2, August 2009 A Secured Service Level Negotiation

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    9 International Journal of Communication Networks and Information Security (IJCNIS) Vol. 1, No. 2, August 2009 A Secured Service Level Negotiation In Ubiquitous Environments Mohamed Aymen Chalouf1 make the concerned communications vulnerable to security attacks because of the open medium on which

  18. CLIMATE CHANGE IMPACTS, VULNERABILITIES, AND

    E-Print Network [OSTI]

    CLIMATE CHANGE IMPACTS, VULNERABILITIES, AND ADAPTATION IN THE SAN FRANCISCO BAY AREA Commission's California Climate Change Center JULY 2012 CEC5002012071 Prepared for: California Energy, as well as projections of future changes in climate based on modeling studies using various plausible

  19. T-570: HP Security Bulletin- HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS), Authentication Bypass

    Broader source: Energy.gov [DOE]

    A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to execute arbitrary code or create a Denial of Service (DoS) or an authentication bypass.

  20. Structural Vulnerability Analysis of Electric Power Distribution Grids

    E-Print Network [OSTI]

    Koc, Yakup; Warnier, Martijn; Kumar, Tarun

    2015-01-01

    Power grid outages cause huge economical and societal costs. Disruptions in the power distribution grid are responsible for a significant fraction of electric power unavailability to customers. The impact of extreme weather conditions, continuously increasing demand, and the over-ageing of assets in the grid, deteriorates the safety of electric power delivery in the near future. It is this dependence on electric power that necessitates further research in the power distribution grid security assessment. Thus measures to analyze the robustness characteristics and to identify vulnerabilities as they exist in the grid are of utmost importance. This research investigates exactly those concepts- the vulnerability and robustness of power distribution grids from a topological point of view, and proposes a metric to quantify them with respect to assets in a distribution grid. Real-world data is used to demonstrate the applicability of the proposed metric as a tool to assess the criticality of assets in a distribution...

  1. Guide to Critical Infrastructure Protection Cyber Vulnerability...

    Broader source: Energy.gov (indexed) [DOE]

    Infrastructure Protection Cyber Vulnerability Assessment More Documents & Publications Wireless System Considerations When Implementing NERC Critical Infrastructure Protection...

  2. V-087: Adobe Flash Player Two Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities are reported as 0-day which can be exploited by malicious people to compromise a user's system.

  3. APPROACHES TO VULNERABILITY TO CLIMATE CHANGE

    E-Print Network [OSTI]

    Bateman, Ian J.

    APPROACHES TO VULNERABILITY TO CLIMATE CHANGE by W. Neil Adger CSERGE Working Paper GEC 96-05 #12;APPROACHES TO VULNERABILITY TO CLIMATE CHANGE by W. Neil Adger Centre for Social and Economic Research and Physical Approaches to Vulnerability to Climate Change in Vietnam' is also gratefully acknowledged. ISSN

  4. SPATIAL CLIMATE CHANGE VULNERABILITY ASSESSMENTS: A REVIEW

    E-Print Network [OSTI]

    Columbia University

    SPATIAL CLIMATE CHANGE VULNERABILITY ASSESSMENTS: A REVIEW OF DATA, METHODS, AND ISSUES AUGUST 2014: A Review of Data, Methods, and Issues i SPATIAL CLIMATE CHANGE VULNERABILITY ASSESSMENTS: A REVIEW OF DATA Climate Change Vulnerability Assessments: A Review of Data, Methods, and Issues ii TABLE OF CONTENTS

  5. SEISMIC HAZARD AND VULNERABILITY ASSESSMENT IN TURRIALBA, COSTA RICA Seismic hazard and vulnerability

    E-Print Network [OSTI]

    SEISMIC HAZARD AND VULNERABILITY ASSESSMENT IN TURRIALBA, COSTA RICA I Seismic hazard and vulnerability assessment in Turrialba, Costa Rica Rafael German Urban Lamadrid March 2002 #12;SEISMIC HAZARD AND VULNERABILITY ASSESSMENT IN TURRIALBA, COSTA RICA II Seismic hazard and vulnerability assessment in Turrialba

  6. CITI Technical Report 01-8 Personal Secure Booting

    E-Print Network [OSTI]

    Honeyman, Peter

    @eecs.umich.edu Electrical Engineering and Computer Science Department University of Michigan Abstract With the majority on information security, computer systems remain vulnerable to mali- cious modi#12;cations. This trend re ects

  7. Vulnerability of critical infrastructures : identifying critical nodes.

    SciTech Connect (OSTI)

    Cox, Roger Gary; Robinson, David Gerald

    2004-06-01

    The objective of this research was the development of tools and techniques for the identification of critical nodes within critical infrastructures. These are nodes that, if disrupted through natural events or terrorist action, would cause the most widespread, immediate damage. This research focuses on one particular element of the national infrastructure: the bulk power system. Through the identification of critical elements and the quantification of the consequences of their failure, site-specific vulnerability analyses can be focused at those locations where additional security measures could be effectively implemented. In particular, with appropriate sizing and placement within the grid, distributed generation in the form of regional power parks may reduce or even prevent the impact of widespread network power outages. Even without additional security measures, increased awareness of sensitive power grid locations can provide a basis for more effective national, state and local emergency planning. A number of methods for identifying critical nodes were investigated: small-world (or network theory), polyhedral dynamics, and an artificial intelligence-based search method - particle swarm optimization. PSO was found to be the only viable approach and was applied to a variety of industry accepted test networks to validate the ability of the approach to identify sets of critical nodes. The approach was coded in a software package called Buzzard and integrated with a traditional power flow code. A number of industry accepted test networks were employed to validate the approach. The techniques (and software) are not unique to power grid network, but could be applied to a variety of complex, interacting infrastructures.

  8. Security systems engineering overview

    SciTech Connect (OSTI)

    Steele, B.J.

    1996-12-31

    Crime prevention is on the minds of most people today. The concern for public safety and the theft of valuable assets are being discussed at all levels of government and throughout the public sector. There is a growing demand for security systems that can adequately safeguard people and valuable assets against the sophistication of those criminals or adversaries who pose a threat. The crime in this country has been estimated at $70 billion in direct costs and up to $300 billion in indirect costs. Health insurance fraud alone is estimated to cost American businesses $100 billion. Theft, warranty fraud, and counterfeiting of computer hardware totaled $3 billion in 1994. A threat analysis is a prerequisite to any security system design to assess the vulnerabilities with respect to the anticipated threat. Having established a comprehensive definition of the threat, crime prevention, detection, and threat assessment technologies can be used to address these criminal activities. This talk will outline the process used to design a security system regardless of the level of security. This methodology has been applied to many applications including: government high security facilities; residential and commercial intrusion detection and assessment; anti-counterfeiting/fraud detection technologies (counterfeit currency, cellular phone billing, credit card fraud, health care fraud, passport, green cards, and questionable documents); industrial espionage detection and prevention (intellectual property, computer chips, etc.); and security barrier technology (creation of delay such as gates, vaults, etc.).

  9. (No) Security in Automation!?

    E-Print Network [OSTI]

    Lüders, S

    2008-01-01

    Modern Information Technologies like Ethernet, TCP/IP, web server or FTP are nowadays increas-ingly used in distributed control and automation systems. Thus, information from the factory floor is now directly available at the management level (From Shop-Floor to Top-Floor) and can be ma-nipulated from there. Despite the benefits coming with this (r)evolution, new vulnerabilities are in-herited, too: worms and viruses spread within seconds via Ethernet and attackers are becoming interested in control systems. Unfortunately, control systems lack the standard security features that usual office PCs have. This contribution will elaborate on these problems, discuss the vulnerabilities of modern control systems and present international initiatives for mitigation.

  10. Embedding Security Policies into a Distributed Computing Environment

    E-Print Network [OSTI]

    Kühnhauser, Winfried

    : security policy, multipolicy system, information domain, policy domain, custodian, policy sep- arationD information systems must support information processing under multiple security policies of any complexity information support information processing among users with di erent security attributes employing resources

  11. T-614: Cisco Unified Communications Manager Database Security Vulnerability

    Energy Savers [EERE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on QA:QA J-E-1 SECTION J APPENDIX E LIST OF APPLICABLEStatutory Authority SustainXSystem for Award35:Department|

  12. Mitigations for Security Vulnerabilities Found in Control System Networks |

    Energy Savers [EERE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on DeliciousMathematicsEnergyInterested Parties - WAPAEnergy6-09.docAERMOD-PRIME, Units 4, 1,Ridge | Department

  13. V-237: TYPO3 Security Bypass Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Delicious Rank EERE: Alternative FuelsofProgram: Report1538-1950 TimelineUtility-Scale Solar

  14. Common Cyber Security Vulnerabilities Observed in Control System

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of Natural GasAdjustmentsShirleyEnergy A plug-in electric vehicle (PEV)Day-June 22, 2015OperationNonprofit| Department

  15. U-202: Apple QuickTime Multiple Stack Overflow Vulnerabilities

    Broader source: Energy.gov [DOE]

    Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.

  16. U-002:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities

    Broader source: Energy.gov [DOE]

    A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

  17. V-178: IBM Data Studio Web Console Java Multiple Vulnerabilities...

    Broader source: Energy.gov (indexed) [DOE]

    in IBM Data Studio PLATFORM: IBM Data Studio 3.x ABSTRACT: IBM Data Studio Web Console uses the IBM Java Runtime Environment (JRE) and might be affected by...

  18. V-041: Red Hat CloudForms Multiple Vulnerabilities | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    RHSA-2012-1543-1 Secunia Advisory SA51472 CVE-2012-1986 CVE-2012-1987 CVE-2012-1988 CVE-2012-2139 CVE-2012-2140 CVE-2012-2660 CVE-2012-2661 CVE-2012-2694 CVE-2012-2695...

  19. T-626: Xen Multiple Buffer Overflow and Integer Overflow Vulnerabilities

    Broader source: Energy.gov [DOE]

    It was found that the xc_try_bzip2_decode() and xc_try_lzma_decode() decode routines did not correctly check for a possible buffer size overflow in the decoding loop. As well, several integer overflow flaws and missing error/range checking were found that could lead to an infinite loop. A privileged guest user could use these flaws to crash the guest or, possibly, execute arbitrary code in the privileged management domain (Dom0). (CVE-2011-1583)

  20. Network Vulnerability to Single, Multiple, and Probabilistic Physical Attacks

    E-Print Network [OSTI]

    Agarwal, Pankaj K.

    , such as an Electromagnetic Pulse (EMP) attack. Large- scale disasters are likely to destroy network equipment and to severely--Network survivability, geographic networks, network design, Electromagnetic Pulse (EMP), computational geometry. I, such as an Electromagnetic Pulse (EMP) attack, as well as natural disasters, such as earth- quakes, hurricanes or floods [1

  1. V-152: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of Natural GasAdjustmentsShirleyEnergyThe U.S.Lacledeutilities. The Economics of Electric

  2. V-157: Adobe Reader / Acrobat Multiple Vulnerabilities | Department of

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of Natural GasAdjustmentsShirleyEnergyThe U.S.Lacledeutilities. The Economics of ElectricScripting Attacks

  3. V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of Natural GasAdjustmentsShirleyEnergyThe U.S.Lacledeutilities. The Economics of ElectricScripting

  4. V-178: IBM Data Studio Web Console Java Multiple Vulnerabilities |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of Natural GasAdjustmentsShirleyEnergyThe U.S.Lacledeutilities. The Economics ofConduct Cross-Site

  5. U-173: Symantec Web Gateway Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Delicious RankADVANCEDInstallers/ContractorsPhotovoltaicsStateof Energy TwoEventScripting AttacksCode |

  6. U-179: IBM Java 7 Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Delicious RankADVANCEDInstallers/ContractorsPhotovoltaicsStateof Energy TwoEventScripting AttacksCode |9: IBM Java

  7. U-191: Oracle Java Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Delicious RankADVANCEDInstallers/ContractorsPhotovoltaicsStateof Energy TwoEventScripting AttacksCode |9:1: Oracle

  8. U-273: Multiple vulnerabilities have been reported in Wireshark |

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Delicious RankADVANCEDInstallers/ContractorsPhotovoltaicsStateof Energy| Department ofAttacks |

  9. V-051: Oracle Solaris Java Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on DeliciousMathematics And Statistics » USAJobs Search USAJobs SearchWater-Saving Projects1: Oracle Solaris Java

  10. V-081: Wireshark Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on DeliciousMathematics And Statistics » USAJobs Search USAJobs SearchWater-Saving Projects1:Department of Energy

  11. V-097: Google Chrome Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on DeliciousMathematics And Statistics » USAJobs Search USAJobs SearchWater-Saving Projects1:Department ofDepartment of7:

  12. V-105: Google Chrome Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on DeliciousMathematics And Statistics » USAJobs Search USAJobs SearchWater-Saving Projects1:Department5: Google Chrome

  13. V-107: Wireshark Multiple Denial of Service Vulnerabilities | Department of

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on DeliciousMathematics And Statistics » USAJobs Search USAJobs SearchWater-Saving Projects1:Department5: Google

  14. V-111: Multiple vulnerabilities have been reported in Puppet | Department

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on DeliciousMathematics And Statistics » USAJobs Search USAJobs SearchWater-Saving Projects1:Department5:Arbitrary Codeof

  15. V-118: IBM Lotus Domino Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on DeliciousMathematics And Statistics » USAJobs Search USAJobs SearchWater-Savingof Energy 5: Apple iOS BugsPath8:

  16. V-121: Google Chrome Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on DeliciousMathematics And Statistics » USAJobs Search USAJobs SearchWater-Savingof Energy 5: Apple iOSFlaw Lets1:

  17. V-126: Mozilla Firefox Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on DeliciousMathematics And Statistics » USAJobs Search USAJobs SearchWater-Savingof Energy 5: AppleAttacks6: Mozilla

  18. V-131: Adobe Shockwave Player Multiple Vulnerabilities | Department of

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on DeliciousMathematics And Statistics » USAJobs Search USAJobs SearchWater-Savingof Energy

  19. U-035: Adobe Flash Player Multiple Vulnerabilities | Department of Energy

    Office of Environmental Management (EM)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of Natural GasAdjustmentsShirley Ann Jackson About1996HowFOAShowing YouNeed forUnruhDepartment ofM I C H AReactionDepartment35:

  20. U-162: Drupal Multiple Vulnerabilities | Department of Energy

    Office of Environmental Management (EM)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of Natural GasAdjustmentsShirley Ann Jackson About1996HowFOAShowing YouNeed forUnruhDepartment ofM I C HCommands on|6:2: Drupal

  1. V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities

    Office of Environmental Management (EM)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of Natural GasAdjustmentsShirley Ann Jackson About1996HowFOAShowing YouNeedofDepartment ofDeploymentDepartment ofUsers|

  2. Optimal redundancy against disjoint vulnerabilities in networks

    E-Print Network [OSTI]

    Krause, Sebastian M; Zlati?, Vinko

    2015-01-01

    Redundancy is commonly used to guarantee continued functionality in networked systems. However, often many nodes are vulnerable to the same failure or adversary. A "backup" path is not sufficient if both paths depend on nodes which share a vulnerability.For example, if two nodes of the Internet cannot be connected without using routers belonging to a given untrusted entity, then all of their communication-regardless of the specific paths utilized-will be intercepted by the controlling entity.In this and many other cases, the vulnerabilities affecting the network are disjoint: each node has exactly one vulnerability but the same vulnerability can affect many nodes. To discover optimal redundancy in this scenario, we describe each vulnerability as a color and develop a "color-avoiding percolation" which uncovers a hidden color-avoiding connectivity. We present algorithms for color-avoiding percolation of general networks and an analytic theory for random graphs with uniformly distributed colors including critic...

  3. Assessing Climate Change Impacts, Vulnerability and Adaptation...

    Open Energy Info (EERE)

    Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan Watershed Jump to: navigation, search Name Assessing Climate Change Impacts,...

  4. COLLOQUIUM: NOTE SPECIAL DATE - THURSDAY: Unique Vulnerability...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    MBG Auditorium COLLOQUIUM: NOTE SPECIAL DATE - THURSDAY: Unique Vulnerability of the New YorkNew Jersey Metro Region to Hurricane Destruction - A New Perspective Based on...

  5. V-186: Drupal Login Security Module Security Bypass and Denial...

    Office of Environmental Management (EM)

    is caused due to an error within the delay feature and can be exploited to consume all web server instances via multiple failed login attempts. IMPACT: Drupal Login Security...

  6. Cyber Security Requirements for Risk Management

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2004-02-19

    The Notice ensures that system owners consistently assess the threats to and vulnerabilities of systems in order to implement adequate security controls. The Notice will also ensure compliance with the requirements of DOE O 205.1, Department of Energy Cyber Security Management Program, dated 3-21-03, and protect DOE information and information systems from unauthorized access, use, disclosure, modification, or destruction. DOE N 205.15, dated 3/18/05, extends this directive until 3/18/06.

  7. Postal Security Device Security Policy

    E-Print Network [OSTI]

    Postal Security Device Security Policy FRAMA AG PSD - I Version: R01.06 Date: 25.05.2007 Doc.-ID: DE_FNKPSD_510_SPE File name: DE_FNKPSD_510_SPE_R0106_EN.Security Policy PSD Author: Bernd Zinke, Timo » Non-Confidential « #12;Security Policy FRAMA AG CH-3438 LAUPERSWIL / BERN TITLE: POSTAL SECURITY

  8. A Primer on Hardware Security: Models, Methods, and Metrics

    E-Print Network [OSTI]

    INVITED P A P E R A Primer on Hardware Security: Models, Methods, and Metrics The paper is a primer on hardware security threat models, metrics, and remedies. By Masoud Rostami, Farinaz Koushanfar, and Ramesh) production supply chain has intro- duced hardware-based vulnerabilities. Existing literature in hardware

  9. Proliferation Vulnerability Red Team report

    SciTech Connect (OSTI)

    Hinton, J.P.; Barnard, R.W.; Bennett, D.E. [and others

    1996-10-01

    This report is the product of a four-month independent technical assessment of potential proliferation vulnerabilities associated with the plutonium disposition alternatives currently under review by DOE/MD. The scope of this MD-chartered/Sandia-led study was limited to technical considerations that could reduce proliferation resistance during various stages of the disposition processes below the Stored Weapon/Spent Fuel standards. Both overt and covert threats from host nation and unauthorized parties were considered. The results of this study will be integrated with complementary work by others into an overall Nonproliferation and Arms Control Assessment in support of a Secretarial Record of Decision later this year for disposition of surplus U.S. weapons plutonium.

  10. Microgrid cyber security reference architecture.

    SciTech Connect (OSTI)

    Veitch, Cynthia K.; Henry, Jordan M.; Richardson, Bryan T.; Hart, Derek H.

    2013-07-01

    This document describes a microgrid cyber security reference architecture. First, we present a high-level concept of operations for a microgrid, including operational modes, necessary power actors, and the communication protocols typically employed. We then describe our motivation for designing a secure microgrid; in particular, we provide general network and industrial control system (ICS)-speci c vulnerabilities, a threat model, information assurance compliance concerns, and design criteria for a microgrid control system network. Our design approach addresses these concerns by segmenting the microgrid control system network into enclaves, grouping enclaves into functional domains, and describing actor communication using data exchange attributes. We describe cyber actors that can help mitigate potential vulnerabilities, in addition to performance bene ts and vulnerability mitigation that may be realized using this reference architecture. To illustrate our design approach, we present a notional a microgrid control system network implementation, including types of communica- tion occurring on that network, example data exchange attributes for actors in the network, an example of how the network can be segmented to create enclaves and functional domains, and how cyber actors can be used to enforce network segmentation and provide the neces- sary level of security. Finally, we describe areas of focus for the further development of the reference architecture.

  11. information security

    E-Print Network [OSTI]

    Faculty listing for "information security" ... 1167; Phone: +1 765 49-46022; Email: wagstaff@purdue.edu; Research Interests: number theory, information security.

  12. Climate Change and Infrastructure, Urban Systems, and Vulnerabilities

    SciTech Connect (OSTI)

    Wilbanks, Thomas J; Fernandez, Steven J

    2014-01-01

    This Technical Report on Climate Change and Infrastructure, Urban Systems, and Vulnerabilities has been prepared for the U.S. Department of Energy by the Oak Ridge National Laboratory in support of the U.S. National Climate Assessment (NCA). It is a summary of the currently existing knowledge base on its topic, nested within a broader framing of issues and questions that need further attention in the longer run. The report arrives at a number of assessment findings, each associated with an evaluation of the level of consensus on that issue within the expert community, the volume of evidence available to support that judgment, and the section of the report that provides an explanation for the finding. Cross-sectoral issues related to infrastructures and urban systems have not received a great deal of attention to date in research literatures in general and climate change assessments in particular. As a result, this technical report is breaking new ground as a component of climate change vulnerability and impact assessments in the U.S., which means that some of its assessment findings are rather speculative, more in the nature of propositions for further study than specific conclusions that are offered with a high level of confidence and research support. But it is a start in addressing questions that are of interest to many policymakers and stakeholders. A central theme of the report is that vulnerabilities and impacts are issues beyond physical infrastructures themselves. The concern is with the value of services provided by infrastructures, where the true consequences of impacts and disruptions involve not only the costs associated with the clean-up, repair, and/or replacement of affected infrastructures but also economic, social, and environmental effects as supply chains are disrupted, economic activities are suspended, and/or social well-being is threatened. Current knowledge indicates that vulnerability concerns tend to be focused on extreme weather events associated with climate change that can disrupt infrastructure services, often cascading across infrastructures because of extensive interdependencies threatening health and local economies, especially in areas where human populations and economic activities are concentrated in urban areas. Vulnerabilities are especially large where infrastructures are subject to multiple stresses, beyond climate change alone; when they are located in areas vulnerable to extreme weather events; and if climate change is severe rather than moderate. But the report also notes that there are promising approaches for risk management, based on emerging lessons from a number of innovative initiatives in U.S. cities and other countries, involving both structural and non-structural (e.g., operational) options.

  13. SMB Information Security Seminar (2013) Exercise 4 Actions taken to maintain awareness of

    E-Print Network [OSTI]

    Magee, Joseph W.

    2013-01-01

    SMB Information Security Seminar (2013) Exercise 4 Actions taken to maintain awareness of threats note of the data security issues covered in these publications. Ask yourself "Is my business vulnerable network with your peers, talk about cyber security issues. Give and get advice, hints, tips, etc. 4. Make

  14. Ninth Annual Cyber and Information Security Research Conference...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Ninth Annual Cyber and Information Security Research Conference Apr 08 2014 04-08-2014 08:30 AM - 04-10-2014 04:00 PM Multiple speakers, multiple disciplines, multiple affiliations...

  15. Research Data Data Security

    E-Print Network [OSTI]

    Alpay, S. Pamir

    Research Data Data Security Survey Collection FAQs Q: I am not a UConn Health Center employee; can multiple projects that share common data? Yes. As long as the projects have common fields as you would in SurveyMonkey; data forms, e.g. Case Report Forms (CRF); or a combination of both. For any

  16. Security and Privacy-Enhancing Multicloud Architectures

    E-Print Network [OSTI]

    Sandhu, Ravi

    activities, resulting in a quantity of proposals targeting the various cloud security threats. Alongside with these security issues, the cloud paradigm comes with a new set of unique features, which open the path toward security merits by making use of multiple distinct clouds simultaneously. Various distinct architectures

  17. UNCORRECTEDPROOF Diet, resource partitioning and gear vulnerability of

    E-Print Network [OSTI]

    Sorin, Eric J.

    UNCORRECTEDPROOF Diet, resource partitioning and gear vulnerability of Hawaiian jacks captured tournaments can provide synoptic data on diet and gear vulnerability that would otherwise be very dif

  18. TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED MITIGATIONS TOP 10 VULNERABILITIES OF CONTROL SYSTEMS AND THEIR ASSOCIATED MITIGATIONS This document provides...

  19. Top 10 Vulnerabilities of Control Systems and Their Associated...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Top 10 Vulnerabilities of Control Systems and Their Associated Migitations (2006) Top 10 Vulnerabilities of Control Systems and Their Associated Migitations (2006) This document...

  20. Tribal Energy System Vulnerabilities to Climate Change and Extreme...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    System Vulnerabilities to Climate Change and Extreme Weather Tribal Energy System Vulnerabilities to Climate Change and Extreme Weather This U.S. Department of Energy Office of...

  1. India-Vulnerability Assessment and Enhancing Adaptive Capacities...

    Open Energy Info (EERE)

    India-Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change Jump to: navigation, search Name India-Vulnerability Assessment and Enhancing Adaptive Capacities...

  2. Determining Vulnerability Importance in Environmental Impact Assessment

    SciTech Connect (OSTI)

    Toro, Javier; Duarte, Oscar; Requena, Ignacio; Zamorano, Montserrat

    2012-01-15

    The concept of vulnerability has been used to describe the susceptibility of physical, biotic, and social systems to harm or hazard. In this sense, it is a tool that reduces the uncertainties of Environmental Impact Assessment (EIA) since it does not depend exclusively on the value assessments of the evaluator, but rather is based on the environmental state indicators of the site where the projects or activities are being carried out. The concept of vulnerability thus reduces the possibility that evaluators will subjectively interpret results, and be influenced by outside interests and pressures during projects. However, up until now, EIA has been hindered by a lack of effective methods. This research study analyzes the concept of vulnerability, defines Vulnerability Importance and proposes its inclusion in qualitative EIA methodology. The method used to quantify Vulnerability Importance is based on a set of environmental factors and indicators that provide a comprehensive overview of the environmental state. The results obtained in Colombia highlight the usefulness and objectivity of this method since there is a direct relation between this value and the environmental state of the departments analyzed. - Research Highlights: Black-Right-Pointing-Pointer The concept of vulnerability could be considered defining Vulnerability Importance included in qualitative EIA methodology. Black-Right-Pointing-Pointer The use of the concept of environmental vulnerability could reduce the subjectivity of qualitative methods of EIA. Black-Right-Pointing-Pointer A method to quantify the Vulnerability Importance proposed provides a comprehensive overview of the environmental state. Black-Right-Pointing-Pointer Results in Colombia highlight the usefulness and objectivity of this method.

  3. V-164: Apple QuickTime Multiple Flaws Let Remote Users Execute...

    Broader source: Energy.gov (indexed) [DOE]

    Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code PLATFORM: Apple QuickTime prior to 7.7.4. ABSTRACT: Apple QuickTime Multiple Vulnerabilities REFERENCE LINKS:...

  4. CLIMATE VULNERABILITY AND ADAPTATION STUDY FOR

    E-Print Network [OSTI]

    CLIMATE VULNERABILITY AND ADAPTATION STUDY FOR CALIFORNIA Legal Analysis of Barriers's California Climate Change Center JULY 2012 CEC5002012019 Prepared for: California Energy Commission to that framework that would facilitate adaptation to climate change. Since such changes may be difficult

  5. Information Security: Coordination of Federal Cyber Security...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Information Security: Coordination of Federal Cyber Security Research and Development Information Security: Coordination of Federal Cyber Security Research and Development GAO...

  6. Information Security: Coordination of Federal Cyber Security...

    Office of Environmental Management (EM)

    Security: Coordination of Federal Cyber Security Research and Development Information Security: Coordination of Federal Cyber Security Research and Development GAO recommends that...

  7. Performing Energy Security Assessments: A How-To Guide for Federal Facility Managers

    Office of Energy Efficiency and Renewable Energy (EERE)

    Guide describes the best practices and recommended process for federal facility managers to prepare for the following sections of a facility’s energy security plan: vulnerability assessments, energy preparedness and operations plans, and remedial action plans.

  8. What is the Game in Cyber Security? Ravi Sandhu

    E-Print Network [OSTI]

    Sandhu, Ravi

    1 What is the Game in Cyber Security? Ravi Sandhu Executive Director and Endowed Professor February with Real-World Impact! Institute for Cyber Security #12; Multiple games at multiple levels More than 2 than offense Most important recommendation cyber security needs to be a proactive rather than

  9. Towards Designing a Biometric Measure for Enhancing ATM Security in Nigeria E-Banking System

    E-Print Network [OSTI]

    Ibidapo,; Omogbadegun, Zaccheous O; Oyelami, Olufemi M

    2011-01-01

    Security measures at banks can play a critical, contributory role in preventing attacks on customers. These measures are of paramount importance when considering vulnerabilities and causation in civil litigation. Banks must meet certain standards in order to ensure a safe and secure banking environment for their customers. This paper focuses on vulnerabilities and the increasing wave of criminal activities occurring at Automated Teller Machines (ATMs) where quick cash is the prime target for criminals rather than at banks themselves. A biometric measure as a means of enhancing the security has emerged from the discourse. Keywords-Security, ATM, Biometric, Crime.

  10. Trusted Grid Computing with Security Assurance and Resource Optimization

    E-Print Network [OSTI]

    Hwang, Kai

    Trusted Grid Computing with Security Assurance and Resource Optimization Shanshan Song and Kai The security of Grid sites can be enhanced by upgrading its intrusion defense capabilities against its previous security enforcement across multiple Grid resources sites. The design is aimed at securing Grid resources

  11. Review of Enabling Technologies to Facilitate Secure Compute Customization

    SciTech Connect (OSTI)

    Aderholdt, Ferrol; Caldwell, Blake A; Hicks, Susan Elaine; Koch, Scott M; Naughton, III, Thomas J; Pelfrey, Daniel S; Pogge, James R; Scott, Stephen L; Shipman, Galen M; Sorrillo, Lawrence

    2014-12-01

    High performance computing environments are often used for a wide variety of workloads ranging from simulation, data transformation and analysis, and complex workflows to name just a few. These systems may process data for a variety of users, often requiring strong separation between job allocations. There are many challenges to establishing these secure enclaves within the shared infrastructure of high-performance computing (HPC) environments. The isolation mechanisms in the system software are the basic building blocks for enabling secure compute enclaves. There are a variety of approaches and the focus of this report is to review the different virtualization technologies that facilitate the creation of secure compute enclaves. The report reviews current operating system (OS) protection mechanisms and modern virtualization technologies to better understand the performance/isolation properties. We also examine the feasibility of running ``virtualized'' computing resources as non-privileged users, and providing controlled administrative permissions for standard users running within a virtualized context. Our examination includes technologies such as Linux containers (LXC [32], Docker [15]) and full virtualization (KVM [26], Xen [5]). We categorize these different approaches to virtualization into two broad groups: OS-level virtualization and system-level virtualization. The OS-level virtualization uses containers to allow a single OS kernel to be partitioned to create Virtual Environments (VE), e.g., LXC. The resources within the host's kernel are only virtualized in the sense of separate namespaces. In contrast, system-level virtualization uses hypervisors to manage multiple OS kernels and virtualize the physical resources (hardware) to create Virtual Machines (VM), e.g., Xen, KVM. This terminology of VE and VM, detailed in Section 2, is used throughout the report to distinguish between the two different approaches to providing virtualized execution environments. As part of our technology review we analyzed several current virtualization solutions to assess their vulnerabilities. This included a review of common vulnerabilities and exposures (CVEs) for Xen, KVM, LXC and Docker to gauge their susceptibility to different attacks. The complete details are provided in Section 5 on page 33. Based on this review we concluded that system-level virtualization solutions have many more vulnerabilities than OS level virtualization solutions. As such, security mechanisms like sVirt (Section 3.3) should be considered when using system-level virtualization solutions in order to protect the host against exploits. The majority of vulnerabilities related to KVM, LXC, and Docker are in specific regions of the system. Therefore, future "zero day attacks" are likely to be in the same regions, which suggests that protecting these areas can simplify the protection of the host and maintain the isolation between users. The evaluations of virtualization technologies done thus far are discussed in Section 4. This includes experiments with 'user' namespaces in VEs, which provides the ability to isolate user privileges and allow a user to run with different UIDs within the container while mapping them to non-privileged UIDs in the host. We have identified Linux namespaces as a promising mechanism to isolate shared resources, while maintaining good performance. In Section 4.1 we describe our tests with LXC as a non-root user and leveraging namespaces to control UID/GID mappings and support controlled sharing of parallel file-systems. We highlight several of these namespace capabilities in Section 6.2.3. The other evaluations that were performed during this initial phase of work provide baseline performance data for comparing VEs and VMs to purely native execution. In Section 4.2 we performed tests using the High-Performance Computing Conjugate Gradient (HPCCG) benchmark to establish baseline performance for a scientific application when run on the Native (host) machine in contrast with execution under Docker and KVM. Our tests verified prior studie

  12. Cizelj, Koncar, Leskovar: Vulnerability of a partially flooded.... Vulnerability of a partially flooded

    E-Print Network [OSTI]

    Cizelj, Leon

    flooded PWR reactor cavity to a steam explosion Leon Cizelj, Bostjan Koncar, Matjaz Leskovar "Jozef StefanCizelj, Koncar, Leskovar: Vulnerability of a partially flooded.... Vulnerability of a partially 5885 215; fax + 386 1 5885 377; e-mail: Leon.Cizelj@ijs.si Keywords Steam explosion, reactor cavity

  13. An Overview of the Security Concerns in Enterprise Cloud Computing

    E-Print Network [OSTI]

    Bisong, Anthony; Rahman, M; 10.5121/ijnsa.2011.3103

    2011-01-01

    Deploying cloud computing in an enterprise infrastructure bring significant security concerns. Successful implementation of cloud computing in an enterprise requires proper planning and understanding of emerging risks, threats, vulnerabilities, and possible countermeasures. We believe enterprise should analyze the company/organization security risks, threats, and available countermeasures before adopting this technology. In this paper, we have discussed security risks and concerns in cloud computing and enlightened steps that an enterprise can take to reduce security risks and protect their resources. We have also explained cloud computing strengths/benefits, weaknesses, and applicable areas in information risk management.

  14. Defining and Computing a Valued Based Cyber-Security Measure

    SciTech Connect (OSTI)

    Aissa, Anis Ben; Abercrombie, Robert K; Sheldon, Frederick T; Mili, Ali

    2012-01-01

    In earlier work, we presented a value based measure of cybersecurity that quantifies the security of a system in concrete terms, specifically, in terms of how much each system stakeholder stands to lose (in dollars per hour of operation) as a result of security threats and system vulnerabilities; our metric varies according to the stakes that each stakeholder has in meeting each security requirement. In this paper, we discuss the specification and design of a system that collects, updates, and maintains all the information that pertains to estimating our cybersecurity measure, and offers stakeholders quantitative means to make security-related decisions.

  15. Optimization Online - A Security Framework for Smart Metering with ...

    E-Print Network [OSTI]

    Cristina Rottondi

    2011-12-05

    Dec 5, 2011 ... A Security Framework for Smart Metering with Multiple Data Consumers. Cristina ... This paper proposes a framework for allowing information ...

  16. Global Security

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    weapons from the James Martin center for Nonproliferation Studies Homeland Security Digital Library HSDL is the nation's premier research collection of open-source resources...

  17. Global security

    ScienceCinema (OSTI)

    Lynch, Patrick

    2014-07-15

    Patrick Lynch helps technical staff, academic leaders and governments around the world improve the safety and security of their nuclear power programs.

  18. Global security

    SciTech Connect (OSTI)

    Lynch, Patrick

    2014-07-14

    Patrick Lynch helps technical staff, academic leaders and governments around the world improve the safety and security of their nuclear power programs.

  19. Unconditionally Secure Quantum Signatures

    E-Print Network [OSTI]

    Ryan Amiri; Erika Andersson

    2015-08-08

    Signature schemes, proposed in 1976 by Diffie and Hellman, have become ubiquitous across modern communications. They allow for the exchange of messages from one sender to multiple recipients, with the guarantees that messages cannot be forged or tampered with and that messages also can be forwarded from one recipient to another without compromising their validity. Signatures are different from, but no less important than encryption, which ensures the privacy of a message. Commonly used signature protocols - signatures based on the Rivest-Adleman-Shamir (RSA) algorithm, the digital signature algorithm (DSA), and the elliptic curve digital signature algorithm (ECDSA) - are only computationally secure, similar to public key encryption methods. In fact, since these rely on the difficulty of finding discrete logarithms or factoring large primes, it is known that they will become completely insecure with the emergence of quantum computers. We may therefore see a shift towards signature protocols that will remain secure even in a post-quantum world. Ideally, such schemes would provide unconditional or information-theoretic security. In this paper, we aim to provide an accessible and comprehensive review of existing unconditionally secure signature schemes for signing classical messages, with a focus on unconditionally secure quantum signature schemes.

  20. WATER AND ENERGY SECTOR VULNERABILITY TO CLIMATE

    E-Print Network [OSTI]

    WATER AND ENERGY SECTOR VULNERABILITY TO CLIMATE WARMING IN THE SIERRA NEVADA: Water Year explores the sensitivity of water indexing methods to climate change scenarios to better understand how water management decisions and allocations will be affected by climate change. Many water management

  1. Characterizing Application Memory Error Vulnerability to

    E-Print Network [OSTI]

    Mutlu, Onur

    -reliability memory (HRM) Store error-tolerant data in less-reliable lower-cost memory Store error-vulnerable data an application Observation 2: Data can be recovered by software ·Heterogeneous-Reliability Memory (HRM: Data can be recovered by software ·Heterogeneous-Reliability Memory (HRM) ·Evaluation 4 #12;Server

  2. Funding Proposal to the Konrad-Adenauer-Stiftung (KAS) (Regional Project Energy Security and Climate Change-Asia Pacific)

    E-Print Network [OSTI]

    Po, Lai-Man

    ; urban studies, climate law) Expertise (climate change negotiations and implications for energy policy Young School of Policy Studies, Georgia State University, USA (urban planning, vulnerability assessmentFunding Proposal to the Konrad-Adenauer-Stiftung (KAS) (Regional Project Energy Security

  3. T-594: IBM solidDB Password Hash Authentication Bypass Vulnerability

    Broader source: Energy.gov [DOE]

    This vulnerability could allow remote attackers to execute arbitrary code on vulnerable installations of IBM solidDB. Authentication is not required to exploit this vulnerability.

  4. Safeguards and Security and Cyber Security RM

    Office of Environmental Management (EM)

    using security measures such as badging, pre-employment investigation and fitness for duty, training, and security awareness? Cyber Security CS-1 Has the project...

  5. Privacy Vulnerability of Published Anonymous Mobility Traces

    E-Print Network [OSTI]

    2012-08-01

    city residents or their vehicles are used to monitor various events of interest in their city areas. Example ...... security, network incentives, and smart grids. Dr. Yau ...

  6. Cyber Security | National Security | ORNL

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    System-of-systems analysis Visualization tools for complex information Next-generation smart grid technologies Quantum computing, security, and data fusion For more information,...

  7. Watchdog: Hardware for Safe and Secure Manual Memory Management and Full Memory Safety

    E-Print Network [OSTI]

    Plotkin, Joshua B.

    Watchdog: Hardware for Safe and Secure Manual Memory Management and Full Memory Safety Santosh) to become the root cause of exploitable security vulnerabilities. This paper proposes Watchdog, a hardware full hardware-enforced memory safety at low overheads. 1. Introduction Languages such as C and C

  8. T-564: Vulnerabilities in Citrix Licensing administration components

    Broader source: Energy.gov [DOE]

    The vulnerabilities impact all current versions of the Citrix Licensing Administration Console, formerly known as the License Management Console.

  9. Control Systems Security Test Center - FY 2004 Program Summary

    SciTech Connect (OSTI)

    Robert E. Polk; Alen M. Snyder

    2005-04-01

    In May 2004, the US-CERT Control Systems Security Center (CSSC) was established at Idaho National Laboratory to execute assessment activities to reduce the vulnerability of the nation’s critical infrastructure control systems to terrorist attack. The CSSC implements a program to accomplish the five goals presented in the US-CERT National Strategy for Control Systems Security. This report summarizes the first year funding of startup activities and program achievements that took place in FY 2004 and early FY 2005. This document was prepared for the US-CERT Control Systems Security Center of the National Cyber Security Division of the Department of Homeland Security (DHS). DHS has been tasked under the Homeland Security Act of 2002 to coordinate the overall national effort to enhance the protection of the national critical infrastructure. Homeland Security Presidential Directive HSPD-7 directs federal departments to identify and prioritize the critical infrastructure and protect it from terrorist attack. The US-CERT National Strategy for Control Systems Security was prepared by the National Cyber Security Division to address the control system security component addressed in the National Strategy to Secure Cyberspace and the National Strategy for the Physical Protection of Critical Infrastructures and Key Assets. The US-CERT National Strategy for Control Systems Security identified five high-level strategic goals for improving cyber security of control systems.

  10. DOE/DHS INDUSTRIAL CONTROL SYSTEM CYBER SECURITY PROGRAMS: A MODEL FOR USE IN NUCLEAR FACILITY SAFEGUARDS AND SECURITY

    SciTech Connect (OSTI)

    Robert S. Anderson; Mark Schanfein; Trond Bjornard; Paul Moskowitz

    2011-07-01

    Many critical infrastructure sectors have been investigating cyber security issues for several years especially with the help of two primary government programs. The U.S. Department of Energy (DOE) National SCADA Test Bed and the U.S. Department of Homeland Security (DHS) Control Systems Security Program have both implemented activities aimed at securing the industrial control systems that operate the North American electric grid along with several other critical infrastructure sectors (ICS). These programs have spent the last seven years working with industry including asset owners, educational institutions, standards and regulating bodies, and control system vendors. The programs common mission is to provide outreach, identification of cyber vulnerabilities to ICS and mitigation strategies to enhance security postures. The success of these programs indicates that a similar approach can be successfully translated into other sectors including nuclear operations, safeguards, and security. The industry regulating bodies have included cyber security requirements and in some cases, have incorporated sets of standards with penalties for non-compliance such as the North American Electric Reliability Corporation Critical Infrastructure Protection standards. These DOE and DHS programs that address security improvements by both suppliers and end users provide an excellent model for nuclear facility personnel concerned with safeguards and security cyber vulnerabilities and countermeasures. It is not a stretch to imagine complete surreptitious collapse of protection against the removal of nuclear material or even initiation of a criticality event as witnessed at Three Mile Island or Chernobyl in a nuclear ICS inadequately protected against the cyber threat.

  11. LAVA/CIS Version 2. 0: A software system for vulnerability and risk assessment

    SciTech Connect (OSTI)

    Smith, S.T.

    1990-01-01

    LAVA (the Los Alamos Vulnerability/Risk Assessment system) is an original systematic approach to risk assessment developed at the Los Alamos National Laboratory. It is an alternative to existing quantitative methods, providing an approach that is both objective and subjective, and producing results that are both quantitative and qualitative. LAVA was developed as a tool to help satisfy federal requirements for periodic vulnerability and risk assessments of a variety of systems and to satisfy the resulting need for an inexpensive, reusable, automated risk assessment tool firmly rooted in science. LAVA is a three-part systematic approach to risk assessment that can be used to model a variety of application systems such as computer security systems, communications security systems, information security systems, and others. The first part of LAVA is the mathematical model based on classical risk assessment, hierarchical multilevel system theory, decision theory, fuzzy possibility theory, expert system theory, utility theory, and cognitive science. The second part is the implementation of the mathematical risk model as a general software engine executed on a large class of personal computers. The third part is the application data sets written for a specific application system. The user of a LAVA application is not required to have knowledge of formal risk assessment techniques. All the technical expertise and specialized knowledge are built into the software engine and the application system itself. 36 refs., 5 figs.

  12. FAST ABSTRACT: Vulnerability Discovery Modeling using Weibull Distribution

    E-Print Network [OSTI]

    Malaiya, Yashwant K.

    models for the related processes. A few vulnerability discovery models (VDMs) have been proposed recently that attempt to model the vulnerability discovery process during the lifecycle of a given software productFAST ABSTRACT: Vulnerability Discovery Modeling using Weibull Distribution HyunChul Joh, Jinyoo Kim

  13. Modeling Learningless Vulnerability Discovery using a Folded Distribution

    E-Print Network [OSTI]

    Malaiya, Yashwant K.

    model is logistic, and thus the increase and decrease in the discovery process is assumedModeling Learningless Vulnerability Discovery using a Folded Distribution Awad A. Younis1 , Hyun, CO 80523, USA Abstract ­ A vulnerability discovery model describes the vulnerability discovery rate

  14. On automated prepared statement generation to remove SQL injection vulnerabilities

    E-Print Network [OSTI]

    Xie, Tao

    On automated prepared statement generation to remove SQL injection vulnerabilities Stephen Thomas in revised form 5 August 2008 Accepted 8 August 2008 Available online 27 September 2008 Keywords: SQL vulnerabilities were SQL injection vulnerabilities (SQLIVs). This paper presents an algorithm of prepared

  15. Energy Vulnerability Assessment for the US Pacific Islands. Technical Appendix 2

    SciTech Connect (OSTI)

    Fesharaki, F.; Rizer, J.P.; Greer, L.S.

    1994-05-01

    The study, Energy Vulnerability Assessment of the US Pacific Islands, was mandated by the Congress of the United States as stated in House Resolution 776-220 of 1992, Section 1406. The resolution states that the US Secretary of Energy shall conduct a study of the implications of the unique vulnerabilities of the insular areas to an oil supply disruption. Such study shall outline how the insular areas shall gain access to vital oil supplies during times of national emergency. The resolution defines insular areas as the US Virgin Islands, Puerto Rico, Guam, American Samoa, the Commonwealth of the Northern Mariana Islands, and Palau. The US Virgin Islands and Puerto Rico are not included in this report. The US Department of Energy (USDOE) has broadened the scope of the study contained in the House Resolution to include emergency preparedness and response strategies which would reduce vulnerability to an oil supply disruption as well as steps to ameliorate adverse economic consequences. This includes a review of alternative energy technologies with respect to their potential for reducing dependence on imported petroleum. USDOE has outlined the four tasks of the energy vulnerability assessment as the following: (1) for each island, determine crude oil and refined product demand/supply, and characterize energy and economic infrastructure; (2) forecast global and regional oil trade flow patterns, energy demand/supply, and economic activities; (3) formulate oil supply disruption scenarios and ascertain the general and unique vulnerabilities of these islands to oil supply disruptions; and (4) outline emergency preparedness and response options to secure oil supplies in the short run, and reduce dependence on imported oil in the longer term.

  16. National Nuclear Security Administration | National Nuclear Security...

    National Nuclear Security Administration (NNSA)

    National Nuclear Security Administration | National Nuclear Security Administration Facebook Twitter Youtube Flickr RSS People Mission Managing the Stockpile Preventing...

  17. Information Security Group IY5512 Computer Security

    E-Print Network [OSTI]

    Mitchell, Chris

    Information Security Group IY5512 Computer Security Part 7b: Windows securityPart 7b: Windows security Chris Mitchell me@chrismitchell.net http://www.chrismitchell.net 1 Information Security Group) of Windows machines. 2 Information Security Group Objectives II · Focus on Active Directory, authentication

  18. Security Conditions

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2004-07-08

    This Notice ensures that DOE uniformly meets the requirements of the Homeland Security Advisory System outlined in Homeland Security Presidential Directive-3, Threat Conditions and Associated Protective Measures, dated 3-11-02, and provides responses specified in Presidential Decision Directive 39, U.S. Policy on Counterterrorism (U), dated 6-21-95. It cancels DOE N 473.8, Security Conditions, dated 8-7-02. Extended until 7-7-06 by DOE N 251.64, dated 7-7-05 Cancels DOE N 473.8

  19. Secure PVM

    SciTech Connect (OSTI)

    Dunigan, T.H.; Venugopal, N.

    1996-09-01

    This research investigates techniques for providing privacy, authentication, and data integrity to PVM (Parallel Virtual Machine). PVM is extended to provide secure message passing with no changes to the user`s PVM application, or, optionally, security can be provided on a message-by message basis. Diffe-Hellman is used for key distribution of a single session key for n-party communication. Keyed MD5 is used for message authentication, and the user may select from various secret-key encryption algorithms for message privacy. The modifications to PVM are described, and the performance of secure PVM is evaluated.

  20. Cyber Security and Resilient Systems

    SciTech Connect (OSTI)

    Robert S. Anderson

    2009-07-01

    The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation’s cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested – both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments to date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the next generation fighter jets or nuclear material safeguards systems in complex nuclear fuel cycle facilities. It is the intent of this paper to describe the cyber security programs that are currently in place, the experiences and successes achieved in industry including outreach and training, and suggestions about how other sectors and organizations can leverage this national expertise to help their monitoring and control systems become more secure.

  1. Personnel Security

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2005-08-26

    The manual establishes the overall objectives and requirements for the Department of Energy Personnel Security Program. Cancels DOE M 472.1-1B. Canceled by DOE O 472.2.

  2. Climate Change and National Security

    SciTech Connect (OSTI)

    Malone, Elizabeth L.

    2013-02-01

    Climate change is increasingly recognized as having national security implications, which has prompted dialogue between the climate change and national security communities – with resultant advantages and differences. Climate change research has proven useful to the national security community sponsors in several ways. It has opened security discussions to consider climate as well as political factors in studies of the future. It has encouraged factoring in the stresses placed on societies by climate changes (of any kind) to help assess the potential for state stability. And it has shown that, changes such as increased heat, more intense storms, longer periods without rain, and earlier spring onset call for building climate resilience as part of building stability. For the climate change research community, studies from a national security point of view have revealed research lacunae, for example, such as the lack of usable migration studies. This has also pushed the research community to consider second- and third-order impacts of climate change, such as migration and state stability, which broadens discussion of future impacts beyond temperature increases, severe storms, and sea level rise; and affirms the importance of governance in responding to these changes. The increasing emphasis in climate change science toward research in vulnerability, resilience, and adaptation also frames what the intelligence and defense communities need to know, including where there are dependencies and weaknesses that may allow climate change impacts to result in security threats and where social and economic interventions can prevent climate change impacts and other stressors from resulting in social and political instability or collapse.

  3. Information Security

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2011-06-20

    The protection and control of classified information is critical to our nation’s security. This Order establishes requirements and responsibilities for Department of Energy (DOE) Departmental Elements, including the National Nuclear Security Administration (NNSA), to protect and control classified information as required by statutes, regulation, Executive Orders, government-wide policy directives and guidelines, and DOE policy and directives. Cancels DOE M 470.4-4A Chg except for Section D.

  4. Personnel Security

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2011-07-27

    The Order establishes requirements for a successful, efficient and cost-effective personnel security program to ensure accurate, timely and equitable determinations of individuals’ eligibility for access to classified information and fitness for placement or retention in national security positions. Cancels DOE M 470.4-5, DOE N 470.4 and DOE N 470.5. Admin Chg 1, 10-8-13.

  5. Security, LLC

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantityBonneville Power AdministrationRobust, High-ThroughputUpcomingmagnetoresistanceand Governmentm D mSecurity Security

  6. A Cloud-Oriented Cross-Domain Security Architecture

    E-Print Network [OSTI]

    A Cloud-Oriented Cross-Domain Security Architecture Thuy D. Nguyen, Mark A. Gondree, David J to support a cloud of cross-domain services, hosted within a federation of multilevel secure (MLS) MYSEA}@nps.edu Abstract--The Monterey Security Architecture addresses the need to share high-value data across multiple

  7. An Architecture for Concurrent Execution of Secure Environments in Clouds

    E-Print Network [OSTI]

    Capkun, Srdjan

    An Architecture for Concurrent Execution of Secure Environments in Clouds Ramya Jayaram Masti, Claudio Marforio, Srdjan Capkun Institute of Information Security ETH Zurich, Switzerland {rmasti,maclaudi,capkuns}@inf.ethz.ch ABSTRACT We propose an architecture that enables the creation and management of multiple, concurrent secure

  8. Power System Extreme Event Detection: The Vulnerability Frontier

    E-Print Network [OSTI]

    Lesieutre, Bernard C.; Pinar, Ali; Roy, Sandip

    2007-01-01

    Analysis of electric grid security under terrorist threat”,to analyze the security of electric grid under terrorist

  9. Towards a Relation Extraction Framework for Cyber-Security Concepts

    SciTech Connect (OSTI)

    Jones, Corinne L; Bridges, Robert A; Huffer, Kelly M; Goodall, John R

    2015-01-01

    In order to assist security analysts in obtaining information pertaining to their network, such as novel vulnerabilities, exploits, or patches, information retrieval methods tailored to the security domain are needed. As labeled text data is scarce and expensive, we follow developments in semi-supervised NLP and implement a bootstrapping algorithm for extracting security entities and their relationships from text. The algorithm requires little input data, specifically, a few relations or patterns (heuristics for identifying relations), and incorporates an active learning component which queries the user on the most important decisions to prevent drifting the desired relations. Preliminary testing on a small corpus shows promising results, obtaining precision of .82.

  10. Perspectives on plant vulnerabilities & other plant and containment improvements

    SciTech Connect (OSTI)

    LaChance, J.; Kolaczkowski, A.; Kahn, J. [and others

    1996-01-01

    The primary goal of the Individual Plant Examination (IPE) Program was for licensees to identify plant-unique vulnerabilities and actions to address these vulnerabilities. A review of these vulnerabilities and plant improvements that were identified in the IPEs was performed as part of the IPE Insights Program sponsored by the U.S. Nuclear Regulatory Commission (NRC). The purpose of this effort was to characterize the identified vulnerabilities and the impact of suggested plant improvements. No specific definition for {open_quotes}vulnerability{close_quotes} was provided in NRC Generic Letter 88-20 or in the subsequent NRC IPE submittal guidance documented in NUREG-1335. Thus licensees were left to use their own definitions. Only 20% of the plants explicitly stated that they had vulnerabilities. However, most licensees identified other plant improvements to address issues not explicitly classified as vulnerabilities, but pertaining to areas in which overall plant safety could potentially be increased. The various definitions of {open_quotes}vulnerability{close_quotes} used by the licensees, explicitly identified vulnerabilities, proposed plant improvements to address these vulnerabilities, and other plant improvements are summarized and discussed.

  11. Sandia Energy - Grid Cyber Vulnerability & Assessments

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity ofkandz-cm11 Outreach Home RoomPreservation of Fe(II)Geothermal Energy & Drilling Technology HomeGrid Cyber Vulnerability

  12. INSTITUTE FOR CYBER SECURITY Security Models

    E-Print Network [OSTI]

    Sandhu, Ravi

    INSTITUTE FOR CYBER SECURITY 1 Security Models: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University of Texas at San Antonio August 2010 ravi.sandhu@utsa.edu www.profsandhu.com © Ravi Sandhu #12;INSTITUTE FOR CYBER SECURITY Security

  13. INSTITUTE FOR CYBER SECURITY Cyber Security

    E-Print Network [OSTI]

    Sandhu, Ravi

    INSTITUTE FOR CYBER SECURITY 1 Cyber Security: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security (ICS) University of Texas at San Antonio August-world impact #12;INSTITUTE FOR CYBER SECURITY Institute for Cyber Security Founded June 2007: still in start

  14. NSM Secure UI Crypto Module Security Policy

    E-Print Network [OSTI]

    NSM Secure UI Crypto Module Security Policy Version: 1.4 Revision Date: April 1, 2010 This document. #12;McAfee, Inc NSM Secure UI Crypto Module Security Policy Page 2 of 15 CHANGE RECORD Revision Date Module Security Policy Page 3 of 15 Contents 1 Module Overview

  15. Security for grids

    E-Print Network [OSTI]

    Humphrey, Marty; Thompson, Mary R.; Jackson, Keith R.

    2005-01-01

    differences between Grid security and host or site securityof requirements for Grid security in order to achieve thecompletely. Index Terms — Grid security, authentication,

  16. Social vulnerability indicators as a sustainable planning tool

    SciTech Connect (OSTI)

    Lee, Yung-Jaan

    2014-01-15

    In the face of global warming and environmental change, the conventional strategy of resource centralization will not be able to cope with a future of increasingly extreme climate events and related disasters. It may even contribute to inter-regional disparities as a result of these events. To promote sustainable development, this study offers a case study of developmental planning in Chiayi, Taiwan and a review of the relevant literature to propose a framework of social vulnerability indicators at the township level. The proposed framework can not only be used to measure the social vulnerability of individual townships in Chiayi, but also be used to capture the spatial developmental of Chiayi. Seventeen social vulnerability indicators provide information in five dimensions. Owing to limited access to relevant data, the values of only 13 indicators were calculated. By simply summarizing indicators without using weightings and by using zero-mean normalization to standardize the indicators, this study calculates social vulnerability scores for each township. To make social vulnerability indicators more useful, this study performs an overlay analysis of social vulnerability and patterns of risk associated with national disasters. The social vulnerability analysis draws on secondary data for 2012 from Taiwan's National Geographic Information System. The second layer of analysis consists of the flood potential ratings of the Taiwan Water Resources Agency as an index of biophysical vulnerability. The third layer consists of township-level administrative boundaries. Analytical results reveal that four out of the 18 townships in Chiayi not only are vulnerable to large-scale flooding during serious flood events, but also have the highest degree of social vulnerability. Administrative boundaries, on which social vulnerability is based, do not correspond precisely to “cross-administrative boundaries,” which are characteristics of the natural environment. This study adopts an exploratory approach that provides Chiayi and other government agencies with a foundation for sustainable strategic planning for environmental change. The final section offers four suggestions concerning the implications of social vulnerability for local development planning. -- Highlights: • This study proposes a framework of social vulnerability indicators at the township level in Chiayi County, Taiwan. • Seventeen social vulnerability indicators are categorized into four dimensions. • This study performs a three-layer overlay analysis of social vulnerability and natural disaster risk patterns. • 4 out of the 18 townships not only have potential for large-scale flooding, but also high degree of social vulnerability. • This study provides a foundation for sustainable strategic planning to deal with environmental change. • Four suggestions are proposed regarding the implications of social vulnerability for local development planning.

  17. A comprehensive and lightweight security architecture to secure the IoT

    E-Print Network [OSTI]

    International Association for Cryptologic Research (IACR)

    and water management, or environmental sensing in a smart city environment. Security in such scenarios firstly reviews security and operational goals in an IoT scenario inspired in a smart city environment will be deployed in multiple scenarios including smart homes, healthcare, or smart cities. In each

  18. Information Security

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2007-06-29

    Establishes security requirements for the protection and control of information and matter required to be classified or controlled by statutes, regulations, or Department of Energy directives. Section E, Technical Surveillance Countermeasures Program, is Official Use Only. Please contact the DOE Office of Health, Safety and Security at 301-903-0292 if your official duties require you to have access to this part of the directive. Cancels: DOE M 471.2-1B, DOE M 471.2-1C, DOE M 471.2-4, and DOE O 471.2A

  19. Information Security

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2005-08-26

    This Manual establishes security requirements for the protection and control of information and matter required to be classified or controlled by statutes, regulations, or Department of Energy directives. Attachment E, Technical Surveillance Countermeasures Program, is for Official Use Only. Contact the Office of Security and Safety Performance Assurance at 301-903-3653 if your official duties require you to have access to this part of the directive. Cancels: DOE M 471.2-1B, DOE M 471.2-1C, DOE M 471.2-4, and DOE O 471.2A.

  20. Information Security

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2011-06-20

    The protection and control of classified information is critical to our nation’s security. This Order establishes requirements and responsibilities for Department of Energy (DOE) Departmental Elements, including the National Nuclear Security Administration (NNSA), to protect and control classified information as required by statutes, regulation, Executive Orders, government-wide policy directives and guidelines, and DOE policy and directives. Cancels DOE M 470.4-4A Chg except for Section D. Admin Chg 1, dated 11-23-2012, cancels DOE O 471.6. Canceled by Admin Chg 2 dated 5-15-15.

  1. Evaluating operating system vulnerability to memory errors.

    SciTech Connect (OSTI)

    Ferreira, Kurt Brian; Bridges, Patrick G.; Pedretti, Kevin Thomas Tauke; Mueller, Frank; Fiala, David; Brightwell, Ronald Brian

    2012-05-01

    Reliability is of great concern to the scalability of extreme-scale systems. Of particular concern are soft errors in main memory, which are a leading cause of failures on current systems and are predicted to be the leading cause on future systems. While great effort has gone into designing algorithms and applications that can continue to make progress in the presence of these errors without restarting, the most critical software running on a node, the operating system (OS), is currently left relatively unprotected. OS resiliency is of particular importance because, though this software typically represents a small footprint of a compute node's physical memory, recent studies show more memory errors in this region of memory than the remainder of the system. In this paper, we investigate the soft error vulnerability of two operating systems used in current and future high-performance computing systems: Kitten, the lightweight kernel developed at Sandia National Laboratories, and CLE, a high-performance Linux-based operating system developed by Cray. For each of these platforms, we outline major structures and subsystems that are vulnerable to soft errors and describe methods that could be used to reconstruct damaged state. Our results show the Kitten lightweight operating system may be an easier target to harden against memory errors due to its smaller memory footprint, largely deterministic state, and simpler system structure.

  2. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration (Smart Grid Project) (Ireland) Jump to: navigation, search Project Name AFTER A...

  3. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration (Smart Grid Project) (France) Jump to: navigation, search Project Name AFTER A...

  4. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration (Smart Grid Project) (United Kingdom) Jump to: navigation, search Project Name...

  5. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration (Smart Grid Project) (Germany) Jump to: navigation, search Project Name AFTER A...

  6. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration (Smart Grid Project) (Norway) Jump to: navigation, search Project Name AFTER A...

  7. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration (Smart Grid Project) (Czech Republic) Jump to: navigation, search Project Name...

  8. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration (Smart Grid Project) (Belgium) Jump to: navigation, search Project Name AFTER A...

  9. AFTER A Framework for electrical power sysTems vulnerability...

    Open Energy Info (EERE)

    AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration (Smart Grid Project) Jump to: navigation, search Project Name AFTER A Framework...

  10. Mapping Climate Change Vulnerability and Impact Scenarios - A...

    Open Energy Info (EERE)

    Mapping Climate Change Vulnerability and Impact Scenarios - A Guidebook for Sub-national Planners Jump to: navigation, search Tool Summary LAUNCH TOOL Name: Mapping Climate Change...

  11. U-086:Linux Kernel "/proc//mem" Privilege Escalation Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been discovered in the Linux Kernel, which can be exploited by malicious, local users to gain escalated privileges.

  12. Forward Security in Threshold Signature Schemes MICHEL ABDALLA SARA MINER y CHANATHIP NAMPREMPRE z

    E-Print Network [OSTI]

    International Association for Cryptologic Research (IACR)

    Forward Security in Threshold Signature Schemes MICHEL ABDALLA #3; SARA MINER y CHANATHIP of the Bellare­Miner forward­secure signature scheme, which is Fiat­Shamir­based. One scheme uses multiplicative secret sharing, and we prove it forward­secure based on the security of the Bellare­Miner scheme. We

  13. Personnel Security

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2011-07-21

    The order establishes requirements that will enable DOE to operate a successful, efficient, cost-effective personnel security program that will ensure accurate, timely and equitable determinations of individuals’ eligibility for access to classified information and Special Nuclear Material (SNM). Admin Chg 1, 10-8-13.

  14. Personnel Security

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2011-07-27

    The order establishes requirements that will enable DOE to operate a successful, efficient, cost-effective personnel security program that will ensure accurate, timely and equitable determinations of individuals’ eligibility for access to classified information and Special Nuclear Material (SNM). Admin Chg 1, 10-8-13.

  15. Security Conditions

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2000-09-18

    To ensure that DOE uniformly meets the protection requirements specified in Presidential Decision Directive 39, "U.S. Policy on Counterterrorism (U)." Attachment 2 is no longer available online. Please e-mail your request for the Attachment to: Security.Directives@hq.doe.gov. DOE N 251.44, dated 05/06/02, extends this directive until 12/31/02.

  16. SELECTING INFORMATION TECHNOLOGY SECURITY

    E-Print Network [OSTI]

    April 2004 SELECTING INFORMATION TECHNOLOGY SECURITY PRODUCTS Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Information technology security prod ucts are essential to better secure infor mation technology (IT) systems

  17. CS2SAT: THE CONTROL SYSTEMS CYBER SECURITY SELF-ASSESSMENT TOOL

    SciTech Connect (OSTI)

    Kathleen A. Lee

    2008-01-01

    The Department of Homeland Security National Cyber Security Division has developed the Control System Cyber Security Self-Assessment Tool (CS2SAT) that provides users with a systematic and repeatable approach for assessing the cyber-security posture of their industrial control system networks. The CS2SAT was developed by cyber security experts from Department of Energy National Laboratories and with assistance from the National Institute of Standards and Technology. The CS2SAT is a desktop software tool that guides users through a step-by-step process to collect facility-specific control system information and then makes appropriate recommendations for improving the system’s cyber-security posture. The CS2SAT provides recommendations from a database of industry available cyber-security practices, which have been adapted specifically for application to industry control system networks and components. Each recommendation is linked to a set of actions that can be applied to remediate-specific security vulnerabilities.

  18. NIST Interagency Report 7435 The Common Vulnerability

    E-Print Network [OSTI]

    by providing technical leadership for the nation's measurement and standards infrastructure. ITL develops tests of technical, physical, administrative, and management standards and guidelines for the cost-effective security Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 August 2007 U

  19. Privacy Vulnerability of Published Anonymous Mobility Traces

    E-Print Network [OSTI]

    2010-07-07

    Sep 20, 2010 ... a function of the nodal mobility (captured in both real and synthetic traces), the ... Systems; K.6.5 [Management of Computing and Infor- mation Systems]: Security and ..... We first describe them for case A1: (1) MLE Approach ...

  20. Nuclear security

    SciTech Connect (OSTI)

    Not Available

    1991-07-01

    This paper reports that despite an Executive Order limiting the authority to make original classification decisions to government officials, DOE has delegated this authority to a number of contractor employees. Although the number of original classification decisions made by these contractors is small, this neither negates nor diminishes the significance of the improper delegation of authority. If misclassification were to occur, particularly at the Top Secret level, U.S. national security interests could potentially be seriously affected and threatened. DOE's argument that the delegation of such authority is a long-standing policy and done on a selective basis does not legitimize the practice and does not relieve DOE of its responsibility to meet the requirements of the Executive Order. DOE needs to independently assess all original classification determinations made by contractors; otherwise, it cannot be sure that U.S. national security interests have been or are being adequately protected.

  1. T-622: Adobe Acrobat and Reader Unspecified Memory Corruption Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is due to an unspecified error in the affected software when it processes .pdf files. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a malicious .pdf file. When viewed, the file could trigger a memory corruption error that could allow the attacker to execute arbitrary code on the system with the privileges of the user.

  2. T-616: PHP Stream Component Remote Denial of Service Vulnerability

    Broader source: Energy.gov [DOE]

    PHP is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain FTP requests. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Versions prior to PHP 5.3.6 are vulnerable.

  3. Security seal

    DOE Patents [OSTI]

    Gobeli, Garth W. (Albuquerque, NM)

    1985-01-01

    Security for a package or verifying seal in plastic material is provided by a print seal with unique thermally produced imprints in the plastic. If tampering is attempted, the material is irreparably damaged and thus detectable. The pattern of the imprints, similar to "fingerprints" are recorded as a positive identification for the seal, and corresponding recordings made to allow comparison. The integrity of the seal is proved by the comparison of imprint identification records made by laser beam projection.

  4. Information Security

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2011-06-29

    This Order establishes requirements and responsibilities for Department of Energy (DOE) Departmental Elements, including the National Nuclear Security Administration (NNSA), to protect and control classified information as required by statutes, regulation, Executive Orders, government-wide policy directives and guidelines, and DOE policy and directives. (The original DOE O 471.6 canceled DOE M 470.4-4A, except for Section D). Admin Chg 2, dated 5-15-15, supersedes Admin Chg 1. Certified 5-21-2015.

  5. Information Security Advisory Information Security, Computing and Information Services

    E-Print Network [OSTI]

    Qiu, Weigang

    Information Security Advisory Information Security, Computing and Information Services security's IT Security Procedures require that non-public University information, including social security numbers and professional information in a secure and appropriate manner. #12;

  6. INSTITUTE FOR CYBER SECURITY Security Models

    E-Print Network [OSTI]

    Sandhu, Ravi

    INSTITUTE FOR CYBER SECURITY 1 Security Models: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University of Texas at San Antonio July 2009 ravi.sandhu@utsa.edu www.profsandhu.com © Ravi Sandhu #12;INSTITUTE FOR CYBER SECURITY 2 THE BIG

  7. INSTITUTE FOR CYBER SECURITY Security Models

    E-Print Network [OSTI]

    Sandhu, Ravi

    INSTITUTE FOR CYBER SECURITY 1 Security Models: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University of Texas at San Antonio July 2010 ravi.sandhu@utsa.edu www.profsandhu.com © Ravi Sandhu #12;INSTITUTE FOR CYBER SECURITY 2 THE BIG

  8. 2014 Headquarters Facilities Master Security Plan- Chapter 14, Cyber Security

    Broader source: Energy.gov [DOE]

    2014 Headquarters Facilities Master Security Plan - Chapter 14, Cyber Security Describes the DOE Headquarters Cyber Security Program.

  9. Cyber-Security Considerations for the Smart Grid

    SciTech Connect (OSTI)

    Clements, Samuel L.; Kirkham, Harold

    2010-07-26

    The electrical power grid is evolving into the “smart grid”. The goal of the smart grid is to improve efficiency and availability of power by adding more monitoring and control capabilities. These new technologies and mechanisms are certain to introduce vulnerabilities into the power grid. In this paper we provide an overview of the cyber security state of the electrical power grid. We highlight some of the vulnerabilities that already exist in the power grid including limited capacity systems, implicit trust and the lack of authentication. We also address challenges of complexity, scale, added capabilities and the move to multipurpose hardware and software as the power grid is upgraded. These changes create vulnerabilities that did not exist before and bring increased risks. We conclude the paper by showing that there are a number mitigation strategies that can help keep the risk at an acceptable level.

  10. Hayawardh Vijayakumar Security Research Engineer

    E-Print Network [OSTI]

    Smith, Adam D.

    vulnerabilities across 17 programs in Ubuntu and Fedora distributions ([9], [12]). · Locating System-Wide Attack

  11. Protection of Use Control Vulnerabilities and Designs

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1999-07-01

    This Manual establishes a general process and provides direction for controlling access and dissemination of Sigma 14 and 15 Weapon Data at the Department of Energy (DOE). It supplements DOE O 452.4, SECURITY AND CONTROL OF NUCLEAR EXPLOSIVES AND NUCLEAR WEAPONS, which establishes DOE requirements and responsibilities to prevent the deliberate unauthorized use of U.S. nuclear explosives and U.S. nuclear weapons. Canceled by DOE M 452.4-1A. Does not cancel other directives.

  12. Visualizing Cyber Security: Usable Workspaces

    SciTech Connect (OSTI)

    Fink, Glenn A.; North, Christopher L.; Endert, Alexander; Rose, Stuart J.

    2009-10-11

    An environment that supports cyber analytics work should enable multiple, simultaneous investigations, information foraging, and provide a solution space for organizing data. We describe our study of cyber security professionals and visualizations in a large, high-resolution display work environment. We discuss the tasks and needs of analysts that such an environment can support and present several prototypes designed to support these needs. We conclude with a usability evaluation of the prototypes and additional lessons learned.

  13. Evaluation of methodologies for estimating vulnerability to electromagnetic pulse effects. Final report 28 August 1982-30 April 1984

    SciTech Connect (OSTI)

    Not Available

    1984-01-01

    Estimation of vulnerability to high-altitude electromagnetic pulse (EMP) effects is essential for strategic and tactical decisions affecting national security. Both the design and the assessment of protection against EMP are inherently subject to uncertainty. The reason is that these processes must be conducted without exposure to actual EMP, in contrast to the situation for other forms of electrical overstress. Estimating vulnerability of systems to EMP effects depends greatly on the nature of the system. The soundest results can be obtained where stress within the system is controlled, through integral shielding and penetration-control devices, to well known values. In this case, one can rely on engineering analysis and systematic testing of a predominantly deterministic nature. Where control and knowledge of stress, as well as of strength, are not possible because of system design, complexity, or uncontrolled changes, probabilistic estimates become necessary. Statistical methods for estimating and combining uncertai

  14. 2014 Headquarters Facilities Master Security Plan- Chapter 3, Personnel Security

    Broader source: Energy.gov [DOE]

    2014 Headquarters Facilities Master Security Plan - Chapter 3, Personnel Security Describes DOE Headquarters Personnel Security procedures for acquiring, maintaining, and passing security clearances.

  15. Using Operational Security (OPSEC) to Support a Cyber Security...

    Energy Savers [EERE]

    Using Operational Security (OPSEC) to Support a Cyber Security Culture in Control Systems Environments Using Operational Security (OPSEC) to Support a Cyber Security Culture in...

  16. T-557: Microsoft Office Excel Office Art Object Parsing Remote Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

  17. Personnel Security

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2011-07-21

    The order establishes requirements that will enable DOE to operate a successful, efficient, cost-effective personnel security program that will ensure accurate, timely and equitable determinations of individuals’ eligibility for access to classified information and Special Nuclear Material (SNM). This limited revision will ensure that individuals holding dual citizenship receive proper consideration from a counterintelligence perspective prior to being granted access to classified matter or Special Nuclear Material. Pg Chg 1, 7-9-14 supersedes DOE O 472.2 Admin Chg 1.

  18. Personnel Security

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2011-07-21

    The order establishes requirements that will enable DOE to operate a successful, efficient, cost-effective personnel security program that will ensure accurate, timely and equitable determinations of individuals’ eligibility for access to classified information and Special Nuclear Material (SNM). This limited revision will ensure that individuals holding dual citizenship receive proper consideration from a counterintelligence perspective prior to being granted access to classified matter or Special Nuclear Material. Pg Chg 1, 7-9-14 cancels DOE O 472.2 Admin Chg 1.

  19. Energy, Climate, & Infrastructure Security

    E-Print Network [OSTI]

    Siefert, Chris

    Infrastructure Demonstration for Energy reliability and Security) (web link) program to demonstrate: · Cyber-securityEnergy, Climate, & Infrastructure Security ExCEptIonal SErvICE In thE natIonal IntErESt Sandia Security Administration under contract DE-AC04-94AL85000. SAND2013-7809W to enhance the nation's security

  20. U-157: Ruby Mail Gem Directory Traversal and Shell Command Injection Vulnerabilities

    Broader source: Energy.gov [DOE]

    Some vulnerabilities have been reported in the Mail gem for Ruby, which can be exploited by malicious people to manipulate certain data and compromise a vulnerable system.

  1. Climate Change and the U.S. Energy Sector: Regional Vulnerabilities...

    Energy Savers [EERE]

    Climate Change and the U.S. Energy Sector: Regional Vulnerabilities and Resilience Solutions Climate Change and the U.S. Energy Sector: Regional Vulnerabilities and Resilience...

  2. Automated Vulnerability Detection for Compiled Smart Grid Software

    SciTech Connect (OSTI)

    Prowell, Stacy J; Pleszkoch, Mark G; Sayre, Kirk D; Linger, Richard C

    2012-01-01

    While testing performed with proper experimental controls can provide scientifically quantifiable evidence that software does not contain unintentional vulnerabilities (bugs), it is insufficient to show that intentional vulnerabilities exist, and impractical to certify devices for the expected long lifetimes of use. For both of these needs, rigorous analysis of the software itself is essential. Automated software behavior computation applies rigorous static software analysis methods based on function extraction (FX) to compiled software to detect vulnerabilities, intentional or unintentional, and to verify critical functionality. This analysis is based on the compiled firmware, takes into account machine precision, and does not rely on heuristics or approximations early in the analysis.

  3. Protection of Use Control Vulnerabilities and Design

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2004-03-11

    This manual establishes a general process and provides direction for controlling access to and disseminating Sigma 14 and 15 nuclear weapon data (NWD) at the Department of Energy (DOE). It supplements DOE O 452.4A, Security and Control of Nuclear Explosives and Nuclear Weapons, dated 12-17-01, which establishes DOE requirements and responsibilities to prevent the deliberate unauthorized use of U.S. nuclear explosives and nuclear weapons. Cancels DOE M 452.4-1. Canceled by DOE O 452.7, 5-14-2010

  4. Climate change and climate variability affect all regions of the world. U.S. vulnerability to the changes and variations are not only dependent on changes within the U.S. but also on

    E-Print Network [OSTI]

    OVERVIEW Climate change and climate variability affect all regions of the world. U.S. vulnerability, it is important to assess emerging threats to national security due to climate change far into the future. Having access to relevant weather and climate data is essential for developing appropriate planning, risk

  5. Energy, Climate & Infrastructure Security

    E-Print Network [OSTI]

    Energy, Climate & Infrastructure Security EXCEPTIONAL SERVICE IN THE NATIONAL INTEREST Sandia, and reactorsystemoverviews. Training in Action: Gulf Nuclear Energy InfrastructureInstitute In2011,SandiateamedwiththeNuclearSecurity energy safety, security,safeguards,andnonproliferation. Training Sandia National Laboratories experts

  6. Designing security into software

    E-Print Network [OSTI]

    Zhang, Chang Tony

    2006-01-01

    When people talk about software security, they usually refer to security applications such as antivirus software, firewalls and intrusion detection systems. There is little emphasis on the security in the software itself. ...

  7. Climate Change Vulnerability and Resilience: Current Status and Trends for Mexico

    SciTech Connect (OSTI)

    Ibarraran , Maria E.; Malone, Elizabeth L.; Brenkert, Antoinette L.

    2008-12-30

    Climate change alters different localities on the planet in different ways. The impact on each region depends mainly on the degree of vulnerability that natural ecosystems and human-made infrastructure have to changes in climate and extreme meteorological events, as well as on the coping and adaptation capacity towards new environmental conditions. This study assesses the current resilience of Mexico and Mexican states to such changes, as well as how this resilience will look in the future. In recent studies (Moss et al. 2000, Brenkert and Malone 2005, Malone and Brenket 2008, Ibarrarán et al. 2007), the Vulnerability-Resilience Indicators Model (VRIM) is used to integrate a set of proxy variables that determine the resilience of a region to climate change. Resilience, or the ability of a region to respond to climate variations and natural events that result from climate change, is given by its adaptation and coping capacity and its sensitivity. On the one hand, the sensitivity of a region to climate change is assessed, emphasizing its infrastructure, food security, water resources, and the health of the population and regional ecosystems. On the other hand, coping and adaptation capacity is based on the availability of human resources, economic capacity and environmental capacity.

  8. Optimization Strategies for the Vulnerability Analysis of the Electric Power Grid

    SciTech Connect (OSTI)

    Pinar, A.; Meza, J.; Donde, V.; Lesieutre, B.

    2007-11-13

    Identifying small groups of lines, whose removal would cause a severe blackout, is critical for the secure operation of the electric power grid. We show how power grid vulnerability analysis can be studied as a mixed integer nonlinear programming (MINLP) problem. Our analysis reveals a special structure in the formulation that can be exploited to avoid nonlinearity and approximate the original problem as a pure combinatorial problem. The key new observation behind our analysis is the correspondence between the Jacobian matrix (a representation of the feasibility boundary of the equations that describe the flow of power in the network) and the Laplacian matrix in spectral graph theory (a representation of the graph of the power grid). The reduced combinatorial problem is known as the network inhibition problem, for which we present a mixed integer linear programming formulation. Our experiments on benchmark power grids show that the reduced combinatorial model provides an accurate approximation, to enable vulnerability analyses of real-sized problems with more than 10,000 power lines.

  9. Optimization strategies for the vulnerability analysis of the electric power grid.

    SciTech Connect (OSTI)

    Meza, Juan C.; Pinar, Ali; Lesieutre, Bernard; Donde, Vaibhav

    2009-03-01

    Identifying small groups of lines, whose removal would cause a severe blackout, is critical for the secure operation of the electric power grid. We show how power grid vulnerability analysis can be studied as a mixed integer nonlinear programming (minlp) problem. Our analysis reveals a special structure in the formulation that can be exploited to avoid nonlinearity and approximate the original problem as a pure combinatorial problem. The key new observation behind our analysis is the correspondence between the Jacobian matrix (a representation of the feasibility boundary of the equations that describe the flow of power in the network) and the Laplacian matrix in spectral graph theory (a representation of the graph of the power grid). The reduced combinatorial problem is known as the network inhibition problem, for which we present a mixed integer linear programming formulation. Our experiments on benchmark power grids show that the reduced combinatorial model provides an accurate approximation, to enable vulnerability analyses of real-sized problems with more than 10,000 power lines.

  10. Wireless physical-layer security: The case of colluding eavesdroppers

    E-Print Network [OSTI]

    Win, Moe Z.

    We consider the fundamental security limits of stochastic wireless networks in the presence of colluding eavesdroppers. By establishing a direct connection with the single-input multiple-output (SIMO) Gaussian wiretap ...

  11. T-625: Opera Frameset Handling Memory Corruption Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to an error when handling certain frameset constructs during page unloading and can be exploited to corrupt memory via a specially crafted web page.

  12. Vulnerability and social risk management in India and Mexico

    E-Print Network [OSTI]

    Flores Ballesteros, Luis

    2008-01-01

    The development of effective community, regional and national risk-management strategies, especially for systemic risks, such as natural disasters, entails understanding the determinants of social vulnerability in individuals ...

  13. FAITH: Scanning of Rich Web Applications for Parameter Tampering Vulnerabilities

    E-Print Network [OSTI]

    Fung, Adonis P H; Wong, T Y

    2012-01-01

    Modern HTML forms are designed to generate form controls dynamically and submit over AJAX as a result of recent advances in Javascript programming techniques. Existing scanners are constrained by interacting only with traditional forms, and vulnerabilities are often left undetected even after scrutiny. In this paper, we overcome a number of client-side challenges that used to make automated fuzzing of form submissions difficult and unfaithful. We build FAITH, a pragmatic scanner for uncovering parameter tampering vulnerabilities in real-world rich web applications. It is the first scanner that enables fuzzing in most kinds of form submissions while faithfully preserving the required user actions, HTML 5, AJAX, anti-CSRF tokens and dynamic form updates. The importance of this work is demonstrated by the severe vulnerabilities uncovered, including a way to bypass the most-trusted One-Time Password (OTP) in one of the largest multinational banks. These vulnerabilities cannot be detected by existing scanners.

  14. VULNERABILITY OF BLUETOOTH TO IMPULSIVE NOISE IN ELECTRICITY TRANSMISSION SUBSTATIONS

    E-Print Network [OSTI]

    Atkinson, Robert C

    be routed around electricity substation compounds wirelessly. Furthermore, wireless communication with the deployment of Bluetooth (and other similar wireless technologies) in electricity substations for controlVULNERABILITY OF BLUETOOTH TO IMPULSIVE NOISE IN ELECTRICITY TRANSMISSION SUBSTATIONS S A Bhattil

  15. Ethical Issues in Research with "Vulnerable" and "HardtoReach"

    E-Print Network [OSTI]

    Illinois at Chicago, University of

    are interdependentinterdependent · One can be vulnerable w/o being harmed or d ( d i )wronged (and vice versa) #12;2 Ways women (Subpart B) ADDITIONAL SAFEGUARDS? · handicapped persons · Prisoners (Subpart C) · Children

  16. Nemesis: Preventing Authentication & Access Control Vulnerabilities in Web Applications

    E-Print Network [OSTI]

    Sabatini, David M.

    Nemesis: Preventing Authentication & Access Control Vulnerabilities in Web Applications Michael web applications. Authentication attacks occur when a web application authenticates users unsafely, granting access to web clients that lack the ap- propriate credentials. Access control attacks occur when

  17. Systematic Techniques for Finding and Preventing Script Injection Vulnerabilities

    E-Print Network [OSTI]

    Saxena, Prateek

    2012-01-01

    HTML content of the blog. HTML and other web languages lackmecha- nisms in HTML and other web languages to separateHTML pseudocode generated by a vulnerable social networking web

  18. Personnel Security Activities

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2003-03-25

    Establishes objectives, requirements and responsibilities for the Personnel Security Program and Personnel Security Assurance Program. Cancels DOE O 472.1B

  19. Security | Department of Energy

    Office of Environmental Management (EM)

    Security Security Preventing nuclear weapons materials and technologies from falling into the hands of adversaries seeking to develop weapons of mass destruction is the top...

  20. Advancing Global Nuclear Security

    Broader source: Energy.gov [DOE]

    Today world leaders gathered at The Hague for the Nuclear Security Summit, a meeting to measure progress and take action to secure sensitive nuclear materials.

  1. The theory of diversity and redundancy in information system security : LDRD final report.

    SciTech Connect (OSTI)

    Mayo, Jackson R. (Sandia National Laboratories, Livermore, CA) [Sandia National Laboratories, Livermore, CA; Torgerson, Mark Dolan; Walker, Andrea Mae; Armstrong, Robert C. (Sandia National Laboratories, Livermore, CA) [Sandia National Laboratories, Livermore, CA; Allan, Benjamin A. (Sandia National Laboratories, Livermore, CA) [Sandia National Laboratories, Livermore, CA; Pierson, Lyndon George

    2010-10-01

    The goal of this research was to explore first principles associated with mixing of diverse implementations in a redundant fashion to increase the security and/or reliability of information systems. Inspired by basic results in computer science on the undecidable behavior of programs and by previous work on fault tolerance in hardware and software, we have investigated the problem and solution space for addressing potentially unknown and unknowable vulnerabilities via ensembles of implementations. We have obtained theoretical results on the degree of security and reliability benefits from particular diverse system designs, and mapped promising approaches for generating and measuring diversity. We have also empirically studied some vulnerabilities in common implementations of the Linux operating system and demonstrated the potential for diversity to mitigate these vulnerabilities. Our results provide foundational insights for further research on diversity and redundancy approaches for information systems.

  2. Web Services Security and Load Balancing in Grid Environment Liang Fang, Aleksander Slominski, and Dennis Gannon

    E-Print Network [OSTI]

    }@cs.indiana.edu Abstract Web services security has some crucial problems to be solved in building Grid applications extremely vulnerable to even the simplest types of Denial of Service (DoS) attacks. The more advanced milliseconds to process a SOAP envelope. To- gether with XML parsing and conversion efforts, message- level

  3. Open access to the Proceedings of the 22nd USENIX Security Symposium

    E-Print Network [OSTI]

    Lee, Wenke

    · Washington, D.C., USA ISBN 978-1-931971-03-4 Take This Personally: Pollution Attacks on Personalized Servicesnd USENIX Security Symposium 671 Take This Personally: Pollution Attacks on Personalized Services. By demonstrating the attack against three popular Web services, we high- light a new class of vulnerability

  4. North American Electricity Infrastructure: System Security, Quality, Reliability, Availability, and Efficiency

    E-Print Network [OSTI]

    Amin, S. Massoud

    1 North American Electricity Infrastructure: System Security, Quality, Reliability, Availability for reliable and disturbance-free electricity. The massive power outages in the United States, Canada, UK and Italy in 2003 underscored electricity infrastructure's vulnerabilities [1-11]. This vital yet complex

  5. Modeling the Vulnerability Discovery Process O. H. Alhazmi and Y. K. Malaiya

    E-Print Network [OSTI]

    Malaiya, Yashwant K.

    1 Modeling the Vulnerability Discovery Process O. H. Alhazmi and Y. K. Malaiya Computer Science models for the vulnerability discovery process have just been published recently. Such models will allow of vulnerability exploitation. Here we examine these models for the vulnerability discovery process. The models

  6. T-607: Update: Adobe Acrobat, Reader, and Flash Player SWF File Processing Arbitrary Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    Update: Adobe Acrobat, Reader, and Flash Player SWF File Processing Arbitrary Code Execution Vulnerability.

  7. Faculty Information Security Guide

    E-Print Network [OSTI]

    Myers, Lawrence C.

    society. www.ists.dartmouth.edu THE DARTMOUTH CYBER SECURITY INITIATIVE The Dartmouth Cyber Security, TECHNOLOGY, AND SOCIETY THE DARTMOUTH CYBER SECURITY INITIATIVE #12;The number of laptop thefts at Dartmouth, and Society; and the Dartmouth Cyber Security Initiative offer the following solutions: · Whole

  8. Personnel Security Manual

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1998-05-22

    This Manual provides detailed requirements and procedures to supplement DOE O 472.1B, Personnel Security Activities, which establishes the overall objectives, requirements, and responsibilities for implementation and operation of the Personnel Security Program and the Personnel Security Assurance Program in the Department of Energy (DOE). This Manual addresses only the Personnel Security Program.

  9. Personnel Security Program Manual

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2000-11-16

    provides detailed requirements and procedures to supplement DOE O 472.1B, PERSONNEL SECURITY ACTIVITIES, which establishes the overall objectives, requirements, and responsibilities for implementation and operation of the Personnel Security Program and the Personnel Security Assurance Program in the Department of Energy (DOE), including the National Nuclear Security Administration (NNSA). Cancels DOE M 472.1-1

  10. U-188: MySQL User Login Security Bypass and Unspecified Vulnerability

    Broader source: Energy.gov [DOE]

    An error when verifying authentication attempts can be exploited to bypass the authentication mechanism.

  11. U-062: Pidgin SILC (Secure Internet Live Conferencing) Protocol Denial of Service Vulnerability

    Broader source: Energy.gov [DOE]

    An attacker can exploit these issues by constructing and submitting a specially crafted SILC message. Successful exploits will cause the affected application to crash.

  12. Low-level software security : exploiting memory safety vulnerabilities and assumptions

    E-Print Network [OSTI]

    Checkoway, Stephen

    2012-01-01

    memory cartridge slots . . . . . . . . . . . . . . . . .by means of a memory cartridge containing a specially-by means of a memory cartridge containing a specially-

  13. Managing Secure Survivable Critical Infrastructures To Avoid Vulnerabilities Frederick Sheldon, Tom Potok, Andy Loebl

    E-Print Network [OSTI]

    Krings, Axel W.

    for the strategic and economic well being of the Nation. The blackout of August 14, 2003 affected 8 states and fifty 3 The DOE/NERC reports are at https://reports.energy.gov/ and ftp://www.nerc.com/pub/sys/all_updl/docs/pressrel/Blackout

  14. Analysis of Security Vulnerabilities in the Movie Production and Distribution Process

    E-Print Network [OSTI]

    McDaniel, Patrick Drew

    , Lorrie Cranor, Dave Kormann, Patrick McDaniel AT&T Labs - Research Florham Park, NJ byers picture industry. While unauthorized copies of movies have been distributed via video cassette and DVD threat to the movie industry. Our research at- tempts to determine the source of unauthorized copies

  15. V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of Natural GasAdjustmentsShirleyEnergyThe U.S.Lacledeutilities. The Economics of ElectricScriptingDepartment of Energy

  16. V-017: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on DeliciousMathematics And Statistics » USAJobs Search USAJobs SearchWater-Saving Projects |SummitVOCs| Department of

  17. A Busy Year Securing Vulnerable Nuclear Material and Making the World Safer

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of Natural GasAdjustmentsShirley Ann JacksonDepartment| Department ofApplianceU.S.Department of5th

  18. Page 1Securing the Microsoft Cloud Securing the

    E-Print Network [OSTI]

    Chaudhuri, Surajit

    Page 1Securing the Microsoft Cloud Securing the Microsoft Cloud #12;Page 2Securing the Microsoft to have confidence in Microsoft as their preferred cloud provider. Our security policies and practices their security and compliance related needs. Securing the Microsoft Cloud #12;Page 3Securing the Microsoft Cloud

  19. Climate variability and climate change vulnerability and adaptation. Workshop summary

    SciTech Connect (OSTI)

    Bhatti, N.; Cirillo, R.R.; Dixon, R.K.

    1995-12-31

    Representatives from fifteen countries met in Prague, Czech Republic, on September 11-15, 1995, to share results from the analysis of vulnerability and adaptation to global climate change. The workshop focused on the issues of global climate change and its impacts on various sectors of a national economy. The U.N. Framework Convention on Climate Change (FCCC), which has been signed by more than 150 governments worldwide, calls on signatory parties to develop and communicate measures they are implementing to respond to global climate change. An analysis of a country`s vulnerability to changes in the climate helps it identify suitable adaptation measures. These analyses are designed to determine the extent of the impacts of global climate change on sensitive sectors such as agricultural crops, forests, grasslands and livestock, water resources, and coastal areas. Once it is determined how vulnerable a country may be to climate change, it is possible to identify adaptation measures for ameliorating some or all of the effects.The objectives of the vulnerability and adaptation workshop were to: The objectives of the vulnerability and adaptation workshop were to: Provide an opportunity for countries to describe their study results; Encourage countries to learn from the experience of the more complete assessments and adjust their studies accordingly; Identify issues and analyses that require further investigation; and Summarize results and experiences for governmental and intergovernmental organizations.

  20. The New Institutional Design of the Procuracy in Brazil: Multiplicity of Veto Players and Institutional Vulnerability

    E-Print Network [OSTI]

    Nóbrega, Flavianne Fernanda Bitencourt

    2007-01-01

    política: entre o autoritarismo e a democracia. Record, 2005o autoritarismo e a democracia. Record, 2005, p. 31 raised

  1. V-041: Red Hat CloudForms Multiple Vulnerabilities | Department of Energy

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of Natural GasAdjustmentsShirleyEnergyThe U.S.Lacledeutilities. The Economics of Electric System Municipalization LooksRed

  2. V-158: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of Natural GasAdjustmentsShirleyEnergyThe U.S.Lacledeutilities. The Economics of ElectricScripting AttacksDepartment of

  3. T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities | Department

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Delicious RankADVANCED MANUFACTURINGEnergyPlan | Department ofSUPPLEMENTSwitzerland| Department of| Department

  4. U-022: Apple QuickTime Multiple Vulnerabilities | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Delicious RankADVANCEDInstallers/ContractorsPhotovoltaicsStateof Energy TwoEvent at the Pu2: Apple QuickTime

  5. U-042: Mac RealPlayer Multiple Vulnerabilities | Department of Energy

    Office of Environmental Management (EM)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of Natural GasAdjustmentsShirley Ann Jackson About1996HowFOAShowing YouNeed forUnruhDepartment ofM I C H

  6. U-146: Adobe Reader/Acrobat Multiple Vulnerabilities | Department of Energy

    Office of Environmental Management (EM)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of Natural GasAdjustmentsShirley Ann Jackson About1996HowFOAShowing YouNeed forUnruhDepartment ofM I C HCommands on|6: Adobe

  7. Briefing Memo: Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities

    Office of Energy Efficiency and Renewable Energy (EERE)

    Quadrennial Energy Review Task Force Secretariat and Energy Policy and Systems Analysis Staff, U. S. Department of Energy Public Meeting on “Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities” On Friday, April 11, 2014, at 10 a.m. in room HVC-215 of the U.S. Capitol, the Department of Energy (DOE), acting as the Secretariat for the Quadrennial Energy Review Task Force, will hold a public meeting to discuss and receive comments on issues related to the Quadrennial Energy Review (QER). The meeting will focus on infrastructure vulnerabilities related to the electricity, natural gas and petroleum transmission, storage and distribution systems (TS&D). The meeting will consist of two facilitated panels of experts on identifying and addressing vulnerabilities within the nation’s energy TS&D infrastructure. Following the panels, an opportunity will be provided for public comment via an open microphone session.

  8. Nuclear Security Summit | National Nuclear Security Administration

    National Nuclear Security Administration (NNSA)

    Summit | National Nuclear Security Administration Facebook Twitter Youtube Flickr RSS People Mission Managing the Stockpile Preventing Proliferation Powering the Nuclear Navy...

  9. Building Extensible and Secure Networks

    E-Print Network [OSTI]

    Popa, Lucian

    2011-01-01

    adoption of cloud computing is security, as customers oftenpreserving security when migrating to the cloud computingto the security principals used in the cloud access control

  10. Climate Change and National Security

    E-Print Network [OSTI]

    Alyson, Fleming; Summer, Kelly; Summer, Martin; Lauren, Franck; Jonathan, Mark

    2015-01-01

    for Environment and National Security Scripps Institution ofMultiplying Threats to National Security Higher temperaturesefforts to protect national security. Page 2 The U.S. Armed

  11. Sandia Energy - Security Risk Assessment

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Security Risk Assessment Home Climate & Earth Systems WaterEnergy Nexus Water Monitoring & Treatment Technology Security Risk Assessment Security Risk Assessmentcwdd2015-05-04T21:...

  12. Multiple sclerosis genetics

    E-Print Network [OSTI]

    Cree, BAC

    2014-01-01

    recurrence rates in multiple sclerosis. Proc Natl Acad Sci Ualloantigen Ag 7a in multiple sclerosis. Lancet 2: 814. Yeosusceptibility locus for multiple sclerosis. Ann Neurol 61:

  13. Information Security for Libraries (1) INFORMATION SECURITY FOR LIBRARIES

    E-Print Network [OSTI]

    Newby, Gregory B.

    Information Security for Libraries (1) INFORMATION SECURITY FOR LIBRARIES Gregory B. Newby School an active role in information security. INTRODUCTION By most accounts, the proliferation of the Internet of information security, making concrete recommendations for safeguarding information and information access

  14. Wide Area Security Region Final Report

    SciTech Connect (OSTI)

    Makarov, Yuri V.; Lu, Shuai; Guo, Xinxin; Gronquist, James; Du, Pengwei; Nguyen, Tony B.; Burns, J. W.

    2010-03-31

    This report develops innovative and efficient methodologies and practical procedures to determine the wide-area security region of a power system, which take into consideration all types of system constraints including thermal, voltage, voltage stability, transient and potentially oscillatory stability limits in the system. The approach expands the idea of transmission system nomograms to a multidimensional case, involving multiple system limits and parameters such as transmission path constraints, zonal generation or load, etc., considered concurrently. The security region boundary is represented using its piecewise approximation with the help of linear inequalities (so called hyperplanes) in a multi-dimensional space, consisting of system parameters that are critical for security analyses. The goal of this approximation is to find a minimum set of hyperplanes that describe the boundary with a given accuracy. Methodologies are also developed to use the security hyperplanes, pre-calculated offline, to determine system security margins in real-time system operations, to identify weak elements in the system, and to calculate key contributing factors and sensitivities to determine the best system controls in real time and to assist in developing remedial actions and transmission system enhancements offline . A prototype program that automates the simulation procedures used to build the set of security hyperplanes has also been developed. The program makes it convenient to update the set of security hyperplanes necessitated by changes in system configurations. A prototype operational tool that uses the security hyperplanes to assess security margins and to calculate optimal control directions in real time has been built to demonstrate the project success. Numerical simulations have been conducted using the full-size Western Electricity Coordinating Council (WECC) system model, and they clearly demonstrated the feasibility and the effectiveness of the developed technology. Recommendations for the future work have also been formulated.

  15. [1] B. Genge, C. Siaterlis, and M. Hohenadel. AMICI: an assessment platform for multi-domain security experimentation on critical infrastructures. In B. M. Hmmerli, N. Kalstad Svendsen, and

    E-Print Network [OSTI]

    Briesemeister, Linda

    critical infrastructures (NCIs), e.g., power plants. They revealed several vulnerabilities in today's NCIs: ICT, power grid and railway. Keywords: Critical Infrastructure; security; experimentation; testbed [2] B. Reaves and T. Morris. An open virtual testbed for industrial control system security research

  16. Office of Information Security

    Broader source: Energy.gov [DOE]

    The Office of Information Security is responsible for implementation of the Classified Matter Protection and Control Program (CMPC), the Operations Security Program (OPSEC) and the Facility Clearance Program and the Survey Program for Headquarters

  17. Office of Security Policy

    Broader source: Energy.gov [DOE]

    The Office of Security Policy is the central source within the Department of Energy for the development and analysis of safeguards and security policies and standards affecting facilities, nuclear materials, personnel, and classified information.

  18. INFRASTRUCTURE SECURITY & ENERGY

    E-Print Network [OSTI]

    Schrijver, Karel

    INFRASTRUCTURE SECURITY & ENERGY RESTORATION OFFICE of ELECTRICITY DELIVERY & ENERGY RELIABILITY Real Time Monitoring of Energy Infrastructure Status Patrick Willging, PE Office of Electricity Delivery and Energy Reliability #12;INFRASTRUCTURE SECURITY & ENERGY RESTORATION OFFICE of ELECTRICITY

  19. nevada national security site

    National Nuclear Security Administration (NNSA)

    7%2A en Nevada National Security Site operator recognized for green fleet http:www.nnsa.energy.govblognevada-national-security-site-operator-recognized-green-fleet

    The...

  20. Multiple piece turbine rotor blade

    DOE Patents [OSTI]

    Jones, Russell B; Fedock, John A

    2013-05-21

    A multiple piece turbine rotor blade with a shell having an airfoil shape and secured between a spar and a platform with the spar including a tip end piece. a snap ring fits around the spar and abuts against the spar tip end piece on a top side and abuts against a shell on the bottom side so that the centrifugal loads from the shell is passed through the snap ring and into the spar and not through a tip cap dovetail slot and projection structure.

  1. Security system signal supervision

    SciTech Connect (OSTI)

    Chritton, M.R. (BE, Inc., Barnwell, SC (United States)); Matter, J.C. (Sandia National Labs., Albuquerque, NM (United States))

    1991-09-01

    This purpose of this NUREG is to present technical information that should be useful to NRC licensees for understanding and applying line supervision techniques to security communication links. A review of security communication links is followed by detailed discussions of link physical protection and DC/AC static supervision and dynamic supervision techniques. Material is also presented on security for atmospheric transmission and video line supervision. A glossary of security communication line supervision terms is appended. 16 figs.

  2. Personnel Security Program Manual

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2001-07-12

    This Manual provides detailed requirements and procedures to supplement DOE O 472.1B, Personnel Security Activities, which establishes the overall objectives, requirements, and responsibilities for implementation and operation of the Personnel Security Program and the Personnel Security Assurance Program in the Department of Energy (DOE), including the National Nuclear Security Administration (NNSA). Extended until 7-7-06 by DOE N 251.64, dated 7-7-05 Cancels: DOE M 472.1-1A.

  3. Climate Change and National Security

    E-Print Network [OSTI]

    Alyson, Fleming; Summer, Kelly; Summer, Martin; Lauren, Franck; Jonathan, Mark

    2015-01-01

    Pew Project on National Security, Energy and Climate http://of climate change, energy security and economic stability.DoD is improving U.S. energy security and national security.

  4. Identifying Vulnerabilities and Critical Requirements Using Criminal Court Proceeding

    E-Print Network [OSTI]

    Breaux, Travis D.

    , as applied to criminal court records to identify mitigating requirements that improve privacy protectionsIdentifying Vulnerabilities and Critical Requirements Using Criminal Court Proceeding Travis D,jdlewis,pnotto,anton}@ncsu.edu ABSTRACT Information systems governed by laws and regulations are subject to civil and criminal violations

  5. Identifying Vulnerabilities and Critical Requirements Using Criminal Court Proceedings

    E-Print Network [OSTI]

    Young, R. Michael

    and goal models, as applied to criminal court records to identify mitigating requirements. In a sustainableIdentifying Vulnerabilities and Critical Requirements Using Criminal Court Proceedings Travis D,jdlewis,pnotto,anton}@ncsu.edu Abstract Information systems governed by laws and regulations are subject to both civil and criminal

  6. Flood Vulnerability and Flood Protection North and Baltic Seas

    E-Print Network [OSTI]

    Vries, Hans de

    G G G G Flood Vulnerability and Flood Protection North and Baltic Seas Meteorological Forcings for the Dutch Continental Shelf Model Hans de Vries KNMI, Weather Service Research and Development G G G G control forecast 50 perturbed forecasts 240 hours 2 per day Not enough spread for tf

  7. Predicting Cancer-Specific Vulnerability via Data-Driven

    E-Print Network [OSTI]

    Ruppin, Eytan

    Resource Predicting Cancer-Specific Vulnerability via Data-Driven Detection of Synthetic LethalityCancer Research UK, The Beatson Institute for Cancer Research, Switchback Road, Glasgow G61 1BD, Scotland the inhibition of each single gene is not. It can be harnessed to selectively treat cancer by identifying

  8. Pretty Good Piggy-backing Parsing vulnerabilities in PGP Desktop

    E-Print Network [OSTI]

    Verheul, Eric

    Guard (GPG). Despite the long established PGP open source policy these vulnerabilities were apparently find their basis in PGP, the most prominent being the GNU Privacy Guard or GPG. PGP was also. These specifications are adhered to by all `PGP' implementations most notably GPG and the PGP products developed by PGP

  9. Flooding of Industrial Facilities -Vulnerability Reduction in Practice

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    any improvement. As human activities historically developed in river areas and floodplains, industrial-use planning in flood-prone areas and vulnerability reduction in flood-prone facilities. This paper focuses of hazardous material, soil or water pollutions by hazardous substances for the environment, fires, explosions

  10. Vulnerability analysis for complex networks using aggressive abstraction.

    SciTech Connect (OSTI)

    Colbaugh, Richard; Glass, Kristin L.

    2010-06-01

    Large, complex networks are ubiquitous in nature and society, and there is great interest in developing rigorous, scalable methods for identifying and characterizing their vulnerabilities. This paper presents an approach for analyzing the dynamics of complex networks in which the network of interest is first abstracted to a much simpler, but mathematically equivalent, representation, the required analysis is performed on the abstraction, and analytic conclusions are then mapped back to the original network and interpreted there. We begin by identifying a broad and important class of complex networks which admit vulnerability-preserving, finite state abstractions, and develop efficient algorithms for computing these abstractions. We then propose a vulnerability analysis methodology which combines these finite state abstractions with formal analytics from theoretical computer science to yield a comprehensive vulnerability analysis process for networks of realworld scale and complexity. The potential of the proposed approach is illustrated with a case study involving a realistic electric power grid model and also with brief discussions of biological and social network examples.

  11. Exploiting MMS Vulnerabilities to Stealthily Exhaust Mobile Phone's Battery

    E-Print Network [OSTI]

    Chen, Hao

    Exploiting MMS Vulnerabilities to Stealthily Exhaust Mobile Phone's Battery Radmilo Racic' battery power up to 22 times faster and therefore could render these devices useless before the end of business hours. This attack targets a unique resource bot­ tleneck in mobile devices (the battery power

  12. Exploiting MMS Vulnerabilities to Stealthily Exhaust Mobile Phone's Battery

    E-Print Network [OSTI]

    Chen, Hao

    Exploiting MMS Vulnerabilities to Stealthily Exhaust Mobile Phone's Battery Radmilo Racic' battery power up to 22 times faster and therefore could render these devices useless before the end of business hours. This attack targets a unique resource bot- tleneck in mobile devices (the battery power

  13. Information Security Guide

    E-Print Network [OSTI]

    Information Security Guide For Government Executives Pauline Bowen Elizabeth Chew Joan Hash #12; Table of Contents Introduction 1 Why do I need to invest in information security? 2 Where do I need to focus my attention in accomplishing critical information security goals? 4 What are the key activities

  14. cyber security guru

    E-Print Network [OSTI]

    Sandhu, Ravi

    cyber security guru By: Virginia Scott Posted: 4/17/07 UTSA has received a grant from the Texas Emerging Fund to create an institute for cyber security research. According to UTSA industry and educational initiatives in Texas. The creation of UTSA's Institute for Cyber Security Research

  15. Energy, Climate, & Infrastructure Security

    E-Print Network [OSTI]

    Siefert, Chris

    Energy, Climate, & Infrastructure Security ExCEptIonal SErvICE In thE natIonal IntErESt Sandia owned subsidiary of Lockheed Martin Corporation, for the U.S. Department of Energy's National Nuclear Security Administration under contract DE-AC04-94AL85000. SAND2013-7809W to enhance the nation's security

  16. Development of an Automated Security Risk Assessment Methodology Tool for Critical Infrastructures.

    SciTech Connect (OSTI)

    Jaeger, Calvin D.; Roehrig, Nathaniel S.; Torres, Teresa M.

    2008-12-01

    This document presents the security automated Risk Assessment Methodology (RAM) prototype tool developed by Sandia National Laboratories (SNL). This work leverages SNL's capabilities and skills in security risk analysis and the development of vulnerability assessment/risk assessment methodologies to develop an automated prototype security RAM tool for critical infrastructures (RAM-CITM). The prototype automated RAM tool provides a user-friendly, systematic, and comprehensive risk-based tool to assist CI sector and security professionals in assessing and managing security risk from malevolent threats. The current tool is structured on the basic RAM framework developed by SNL. It is envisioned that this prototype tool will be adapted to meet the requirements of different CI sectors and thereby provide additional capabilities.

  17. Towards an Experimental Testbed Facility for Cyber-Physical Security Research

    SciTech Connect (OSTI)

    Edgar, Thomas W.; Manz, David O.; Carroll, Thomas E.

    2012-01-07

    Cyber-Physical Systems (CPSs) are under great scrutiny due to large Smart Grid investments and recent high profile security vulnerabilities and attacks. Research into improved security technologies, communication models, and emergent behavior is necessary to protect these systems from sophisticated adversaries and new risks posed by the convergence of CPSs with IT equipment. However, cyber-physical security research is limited by the lack of access to universal cyber-physical testbed facilities that permit flexible, high-fidelity experiments. This paper presents a remotely-configurable and community-accessible testbed design that integrates elements from the virtual, simulated, and physical environments. Fusing data between the three environments enables the creation of realistic and scalable environments where new functionality and ideas can be exercised. This novel design will enable the research community to analyze and evaluate the security of current environments and design future, secure, cyber-physical technologies.

  18. Assessment And Testing of Industrial Devices Robustness Against Cyber Security Attacks

    E-Print Network [OSTI]

    Tilaro, F

    2011-01-01

    CERN (European Organization for Nuclear Research),like any organization, needs to achieve the conflicting objectives of connecting its operational network to Internet while at the same time keeping its industrial control systems secure from external and internal cyber attacks. With this in mind, the ISA-99[0F1] international cyber security standard has been adopted at CERN as a reference model to define a set of guidelines and security robustness criteria applicable to any network device. Devices robustness represents a key link in the defense-in-depth concept as some attacks will inevitably penetrate security boundaries and thus require further protection measures. When assessing the cyber security robustness of devices we have singled out control system-relevant attack patterns derived from the well-known CAPEC[1F2] classification. Once a vulnerability is identified, it needs to be documented, prioritized and reproduced at will in a dedicated test environment for debugging purposes. CERN - in collaboration ...

  19. U.S. Energy Sector Vulnerabilities to Climate Change and Extreme...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    U.S. Energy Sector Vulnerabilities to Climate Change and Extreme Weather U.S. Energy Sector Vulnerabilities to Climate Change and Extreme Weather This report-part of the...

  20. U-114: IBM Personal Communications WS File Processing Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability in WorkStation files (.ws) by IBM Personal Communications could allow a remote attacker to cause a denial of service (application crash) or potentially execute arbitrary code on vulnerable installations of IBM Personal Communications.

  1. V-190: ASUS RT-N66U Router AiCloud Security Bypass Security Issue |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of Natural GasAdjustmentsShirleyEnergyThe U.S.Lacledeutilities. The Economics ofConductMultiple vulnerabilities

  2. Secure Transportation Management

    SciTech Connect (OSTI)

    Gibbs, P. W.

    2014-10-15

    Secure Transport Management Course (STMC) course provides managers with information related to procedures and equipment used to successfully transport special nuclear material. This workshop outlines these procedures and reinforces the information presented with the aid of numerous practical examples. The course focuses on understanding the regulatory framework for secure transportation of special nuclear materials, identifying the insider and outsider threat(s) to secure transportation, organization of a secure transportation unit, management and supervision of secure transportation units, equipment and facilities required, training and qualification needed.

  3. What is Security? A perspective on achieving security

    SciTech Connect (OSTI)

    Atencio, Julian J.

    2014-05-05

    This presentation provides a perspective on achieving security in an organization. It touches upon security as a mindset, ability to adhere to rules, cultivating awareness of the reason for a security mindset, the quality of a security program, willingness to admit fault or acknowledge failure, peer review in security, science as a model that can be applied to the security profession, the security vision, security partnering, staleness in the security program, security responsibilities, and achievement of success over time despite the impossibility of perfection.

  4. U-028: Microsoft Windows win32k.sys TrueType Font Parsing Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.

  5. U-069: Telnet code execution vulnerability: FreeBSD and Kerberos

    Broader source: Energy.gov [DOE]

    Vulnerability was reported in FreeBSD Telnet. A remote user can execute arbitrary code on the target system.

  6. Vulnerability Discovery in Multi-Version Software Systems Jinyoo Kim, Yashwant K. Malaiya, Indrakshi Ray

    E-Print Network [OSTI]

    Ray, Indrakshi

    a model of the discovery process that can predict the number of vulnerabilities that are likely to be discovered in a given time frame. Recent studies have produced vulnerability discovery process models a new approach for quantitatively modeling the vulnerability discovery process, based on shared source

  7. Impacts of Control and Communication System Vulnerabilities on Power Systems Under

    E-Print Network [OSTI]

    Hayat, Majeed M.

    1 Impacts of Control and Communication System Vulnerabilities on Power Systems Under Contingencies vulnerabilities such as failures of the communication and control systems that transmit and implement critical smart grids. In this paper the vulnerabilities in the control and communication system are coupled

  8. GMO, CONSUMPTION AND CONSUMER VULNERABILITY IN BRAZILIAN CONSUMER LAW: THE RIGHT TO BE

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    GMO, CONSUMPTION AND CONSUMER VULNERABILITY IN BRAZILIAN CONSUMER LAW: THE RIGHT TO BE DULY genetically modified organisms. Key words: Consumer. Vulnerability. Lacking of resources. GMO Résumé - Le : France (2010)" #12;GMO, consumption and consumer vulnerability in Brazilian Consumer Law: the right

  9. Probabilistic Vulnerability Assessment Based on Power Flow and Voltage Distribution

    SciTech Connect (OSTI)

    Ma, Jian; Huang, Zhenyu; Wong, Pak C.; Ferryman, Thomas A.

    2010-04-30

    Risk assessment of large scale power systems has been an important problem in power system reliability study. Probabilistic technique provides a powerful tool to solve the task. In this paper, we present the results of a study on probabilistic vulnerability assessment on WECC system. Cumulant based expansion method is applied to obtain the probabilistic distribution function (PDF) and cumulative distribution function (CDF) of power flows on transmission lines and voltage. Overall risk index based on the system vulnerability analysis is calculated using the WECC system. The simulation results based on WECC system is used to demonstrate the effectiveness of the method. The methodology can be applied to the risk analysis on large scale power systems.

  10. T-682:Double free vulnerability in MapServer

    Broader source: Energy.gov [DOE]

    MapServer developers have discovered flaws in the OGC filter support in MapServer. Specific code is used in support of WFS, WMS-SLD and SOS specifications. All versions may be susceptible to SQL injection under certain circumstances. The extent of the vulnerability depends on the MapServer version, relational database and mapfile configuration being used. All users are strongly encouraged to upgrade to these latest releases.

  11. INDUSTRIAL CONTROL SYSTEM CYBER SECURITY: QUESTIONS AND ANSWERS RELEVANT TO NUCLEAR FACILITIES, SAFEGUARDS AND SECURITY

    SciTech Connect (OSTI)

    Robert S. Anderson; Mark Schanfein; Trond Bjornard; Paul Moskowitz

    2011-07-01

    Typical questions surrounding industrial control system (ICS) cyber security always lead back to: What could a cyber attack do to my system(s) and; how much should I worry about it? These two leading questions represent only a fraction of questions asked when discussing cyber security as it applies to any program, company, business, or organization. The intent of this paper is to open a dialog of important pertinent questions and answers that managers of nuclear facilities engaged in nuclear facility security and safeguards should examine, i.e., what questions should be asked; and how do the answers affect an organization's ability to effectively safeguard and secure nuclear material. When a cyber intrusion is reported, what does that mean? Can an intrusion be detected or go un-noticed? Are nuclear security or safeguards systems potentially vulnerable? What about the digital systems employed in process monitoring, and international safeguards? Organizations expend considerable efforts to ensure that their facilities can maintain continuity of operations against physical threats. However, cyber threats particularly on ICSs may not be well known or understood, and often do not receive adequate attention. With the disclosure of the Stuxnet virus that has recently attacked nuclear infrastructure, many organizations have recognized the need for an urgent interest in cyber attacks and defenses against them. Several questions arise including discussions about the insider threat, adequate cyber protections, program readiness, encryption, and many more. These questions, among others, are discussed so as to raise the awareness and shed light on ways to protect nuclear facilities and materials against such attacks.

  12. Climate Change Vulnerability Assessment for Idaho National Laboratory

    SciTech Connect (OSTI)

    Christopher P. Ischay; Ernest L. Fossum; Polly C. Buotte; Jeffrey A. Hicke; Alexander Peterson

    2014-10-01

    The University of Idaho (UI) was asked to participate in the development of a climate change vulnerability assessment for Idaho National Laboratory (INL). This report describes the outcome of that assessment. The climate change happening now, due in large part to human activities, is expected to continue in the future. UI and INL used a common framework for assessing vulnerability that considers exposure (future climate change), sensitivity (system or component responses to climate), impact (exposure combined with sensitivity), and adaptive capacity (capability of INL to modify operations to minimize climate change impacts) to assess vulnerability. Analyses of climate change (exposure) revealed that warming that is ongoing at INL will continue in the coming decades, with increased warming in later decades and under scenarios of greater greenhouse gas emissions. Projections of precipitation are more uncertain, with multi model means exhibiting somewhat wetter conditions and more wet days per year. Additional impacts relevant to INL include estimates of more burned area and increased evaporation and transpiration, leading to reduced soil moisture and plant growth.

  13. Information Security Advisory Information Security, Computing and Information Services

    E-Print Network [OSTI]

    Qiu, Weigang

    Information Security Advisory Information Security, Computing and Information Services security.cuny.edu Published: November 2014 Holiday Season Phishing Scams and Malware Campaigns CUNY/CIS Information Security.cuny.edu under "CUNY Issued Security Advisories" Visit the Federal Trade Commission's Consumer Information page

  14. INFORMATION SECURITY POLICY.doc INFORMATION SECURITY POLICY

    E-Print Network [OSTI]

    Subramanian, Sriram

    - 1 ­ INFORMATION SECURITY POLICY.doc INFORMATION SECURITY POLICY Ratified by RCA Senate, February 2007 Contents Introduction 2 Policy Statement 3 Information Security at RCA 5 Annexes A. Applicable ­ INFORMATION SECURITY POLICY.doc Introduction Why Information Security? The access, availability

  15. Information Security Governance: When Compliance Becomes more Important than Security

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    Information Security Governance: When Compliance Becomes more Important than Security Terence Tan1 information security must adapt to changing conditions by extending security governance to middle management for implementing information security are more interested in complying with organizational standards and policies

  16. GAANN -Computer Systems Security GAANN Computer Systems Security

    E-Print Network [OSTI]

    Alpay, S. Pamir

    GAANN - Computer Systems Security GAANN ­ Computer Systems Security · What is computer systems security? ­ The protection of all aspects of a computer system from unauthorized use · Why is it important is critical October 7, 2009 GAANN ­ Computer Systems Security 1 #12;GAANN - Computer Systems Security

  17. Federated Cloud Security Architecture for Secure and Agile Clouds

    E-Print Network [OSTI]

    Xu, Shouhuai

    Federated Cloud Security Architecture for Secure and Agile Clouds Weiliang Luo, Li Xu, Zhenxin Zhan. This chapter introduces the novel federated cloud security architecture that includes proactive cloud defense technologies for secure and agile cloud development. The federated security architecture consists of a set

  18. Towards Secure Information Sharing Models for Community Cyber Security

    E-Print Network [OSTI]

    Sandhu, Ravi

    Towards Secure Information Sharing Models for Community Cyber Security Ravi Sandhu, Ram Krishnan and Gregory B. White Institute for Cyber Security University of Texas at San Antonio #12;Secure Information ­ Security mechanisms such as authentication, cryptography, trusted hardware, etc. #12;Community Cyber

  19. Implementing Advances in Transport Security Technologies | Department...

    Office of Environmental Management (EM)

    Implementing Advances in Transport Security Technologies Implementing Advances in Transport Security Technologies Implementing Advances in Transport Security Technologies More...

  20. Security incidents on the Internet, 1989--1995

    SciTech Connect (OSTI)

    Howard, J.D.

    1995-12-31

    This paper presents an analysis of trends in Internet security based on an investigation of 4,299 Internet security-related incidents reported to the CERT{reg_sign} Coordination Center (CERT{reg_sign}/CC) from 1989 through 1995. Prior to this research, knowledge of actual Internet security incidents was limited and primarily anecdotal. This research: (1) developed a taxonomy to classify Internet attacks and incidents, (2) organized, classified, and analyzed CERT{reg_sign}/CC incident records, (3) summarized the relative frequency of the use of tools and vulnerabilities, success in achieving access, and results of attacks, (4) estimated total Internet incident activity, (5) developed recommendations for Internet users and suppliers, and (6) developed recommendations for future research. With the exception of denial-of-service attacks, security incidents were found to be increasing at a rate less than Internet growth. Estimates showed that most, if not all, severe incidents were reported to the CERT{reg_sign}/CC, and that more than one out of three above average incidents (in terms of duration and number of sites) were reported. Estimates also indicated that a typical Internet site was involved in, at most, around one incident (of any kind) per year, and a typical Internet host in, at most, around one incident in 45 years. The probability of unauthorized privileged access was around an order of magnitude less likely. As a result, simple and reasonable security precautions should be sufficient for most Internet users.

  1. Vol 442|6 July 2006 Multiple introductions of H5N1 in Nigeria

    E-Print Network [OSTI]

    Cai, Long

    Vol 442|6 July 2006 37 Multiple introductions of H5N1 in Nigeria Phylogenetic analysis reveals- try farming industry is second only to oil production in Nigeria and is particularly vulnerable the two flight paths that link Nigeria with the south- ern Russian region and Europe, and with western

  2. Development of a novel technique to assess the vulnerability of micro-mechanical system components to environmentally assisted cracking.

    SciTech Connect (OSTI)

    Enos, David George; Goods, Steven Howard

    2006-11-01

    Microelectromechanical systems (MEMS) will play an important functional role in future DOE weapon and Homeland Security applications. If these emerging technologies are to be applied successfully, it is imperative that the long-term degradation of the materials of construction be understood. Unlike electrical devices, MEMS devices have a mechanical aspect to their function. Some components (e.g., springs) will be subjected to stresses beyond whatever residual stresses exist from fabrication. These stresses, combined with possible abnormal exposure environments (e.g., humidity, contamination), introduce a vulnerability to environmentally assisted cracking (EAC). EAC is manifested as the nucleation and propagation of a stable crack at mechanical loads/stresses far below what would be expected based solely upon the materials mechanical properties. If not addressed, EAC can lead to sudden, catastrophic failure. Considering the materials of construction and the very small feature size, EAC represents a high-risk environmentally induced degradation mode for MEMS devices. Currently, the lack of applicable characterization techniques is preventing the needed vulnerability assessment. The objective of this work is to address this deficiency by developing techniques to detect and quantify EAC in MEMS materials and structures. Such techniques will allow real-time detection of crack initiation and propagation. The information gained will establish the appropriate combinations of environment (defining packaging requirements), local stress levels, and metallurgical factors (composition, grain size and orientation) that must be achieved to prevent EAC.

  3. Secure Hop-by-Hop Aggregation of End-to-End Concealed Data in Wireless Sensor Networks

    E-Print Network [OSTI]

    Mlaih, Esam

    2008-01-01

    In-network data aggregation is an essential technique in mission critical wireless sensor networks (WSNs) for achieving effective transmission and hence better power conservation. Common security protocols for aggregated WSNs are either hop-by-hop or end-to-end, each of which has its own encryption schemes considering different security primitives. End-to-end encrypted data aggregation protocols introduce maximum data secrecy with in-efficient data aggregation and more vulnerability to active attacks, while hop-by-hop data aggregation protocols introduce maximum data integrity with efficient data aggregation and more vulnerability to passive attacks. In this paper, we propose a secure aggregation protocol for aggregated WSNs deployed in hostile environments in which dual attack modes are present. Our proposed protocol is a blend of flexible data aggregation as in hop-by-hop protocols and optimal data confidentiality as in end-to-end protocols. Our protocol introduces an efficient $O(1)$ heuristic for checking...

  4. A Detailed Survey on Various Aspects of SQL Injection: Vulnerabilities, Innovative Attacks, and Remedies

    E-Print Network [OSTI]

    Kindy, Diallo Abdoulaye

    2012-01-01

    In today's world, Web applications play a very important role in individual life as well as in any country's development. Web applications have gone through a very rapid growth in the recent years and their adoption is moving faster than that was expected few years ago. Now-a-days, billions of transactions are done online with the aid of different Web applications. Though these applications are used by hundreds of people, in many cases the security level is weak, which makes them vulnerable to get compromised. In most of the scenarios, a user has to be identified before any communication is established with the backend database. An arbitrary user should not be allowed access to the system without proof of valid credentials. However, a crafted injection gives access to unauthorized users. This is mostly accomplished via SQL Injection input. In spite of the development of different approaches to prevent SQL injection, it still remains an alarming threat to Web applications. In this paper, we present a detailed ...

  5. Supervisory Industrial Security Specialist

    Broader source: Energy.gov [DOE]

    A successful candidate in this position will serve as the Deputy Assistant Manager for Safeguards, Security, and Emergency Management sharing the overall responsibility for execution of the...

  6. Oil Security Metrics Model

    SciTech Connect (OSTI)

    Greene, David L.; Leiby, Paul N.

    2005-03-06

    A presentation to the IWG GPRA USDOE, March 6, 2005, Washington, DC. OSMM estimates oil security benefits of changes in the U.S. oil market.

  7. Cyber Security Architecture Guidelines

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2001-03-08

    This Guide provides supplemental information on the implementation of cyber security architectures throughout the Department of Energy. Canceled by DOE N 205.18

  8. defense nuclear security

    National Nuclear Security Administration (NNSA)

    3%2A en Defense Nuclear Security http:www.nnsa.energy.govaboutusourprogramsnuclearsecurity

  9. Natlonal Nuclear Security Admlnlstratlon

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Natlonal Nuclear Security Admlnlstratlon Washington, DC 20585 January 18, 2007 OFFICE OF THE ADMINISTRATOR MEMORANDUM FOR The Deputy Secretary FROM: SUBJECT: Linton F. Brooks...

  10. National Nuclear Security Administration

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Washington, DC 20585 MEMORANDUM FOR THE ADMINISTRATOR FROM: THEODORE D. SHERRY II 4 flA. * -. SUBJECT: REFERENCE: NATIONAL SECURITY ENTI's'E FIELD COUNCIL CHAIR ACTION:...

  11. Alamos National Security, LLC

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    30 nonprofit organizations to receive monetary donations from Los Alamos National Security, LLC June 25, 2012 Recognizing employee and retiree volunteer efforts LOS ALAMOS, NEW...

  12. A Game Theoretical Approach to Communication Security

    E-Print Network [OSTI]

    Gueye, Assane

    2011-01-01

    Information and communication systems’ securityTrust: An Element of Information Security,” in Security andInternational Journal of Information Security, vol. 4, pp.

  13. August 2003 IT SECURITY METRICS

    E-Print Network [OSTI]

    August 2003 IT SECURITY METRICS Elizabeth B. Lennon, Editor Information Technology Laboratory approach to measuring information security. Evaluating security at the sys tem level, IT security metrics and techniques contained in NIST SP 800-26, Security Self-Assessment Guide for Information Technology Systems

  14. Cloud Security by Max Garvey

    E-Print Network [OSTI]

    Tolmach, Andrew

    Cloud Security Survey by Max Garvey #12;Cloudy Cloud is Cloudy What is the cloud? On Demand Service, performance SECaaS - Cloud hosted security measures Certifications - measurements for cloud security. #12;Cloud Questions If you have $0 security budget, could cloud be a security improvement? Who owns the data

  15. Security Division 2007 Annual Report

    E-Print Network [OSTI]

    research programs. These programs, which include Cyber Security, Pervasive Information TechnologiesComputer Security Division 2007 Annual Report #12;TAble of ConTenTS Welcome Division Organization The Computer Security Division Responds to the Federal Information Security Management Act of 2002 Security

  16. 2014 Headquarters Facilities Master Security Plan- Chapter 1, Physical Security

    Broader source: Energy.gov [DOE]

    2014 Headquarters Facilities Master Security Plan - Chapter 1, Physical Security Describes DOE Headquarters Physical Security procedures related to badges, inspections, access controls, visitor controls, and removal of government property.

  17. Headquarters Facilities Master Security Plan - Chapter 10, Security...

    Office of Environmental Management (EM)

    be completed each year by all those who hold a security clearance; and the Security Termination Briefing, which is conducted when a person no longer requires a security clearance....

  18. Microsoft Word - MitigationsForVulnerabilitiesInCSNetworks.doc

    Office of Environmental Management (EM)

    in CS network security. Most CS LANs allow unsupervised vendor access directly into the heart of the CS network. Therefore, the vendor VPN should only be accessible when needed,...

  19. The Flask Security Architecture: System Support for Diverse Security Policies Ray Spencer Secure Computing Corporation

    E-Print Network [OSTI]

    Andersen, Dave

    Computing Corporation Stephen Smalley, Peter Loscocco National Security Agency Mike Hibler, David AndersenThe Flask Security Architecture: System Support for Diverse Security Policies Ray Spencer Secure be flexible in their support for security policies, providing sufficient mechanisms for supporting the wide

  20. Global Security | Y-12 National Security Complex

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of NaturalDukeWakefieldSulfateSciTechtail.Theory ofDid you not findGeoscience/EnvironmentGlobal Security Global Security We

  1. Computing Legacy Software Behavior to Understand Functionality and Security Properties: An IBM/370 Demonstration

    SciTech Connect (OSTI)

    Linger, Richard C [ORNL; Pleszkoch, Mark G [ORNL; Prowell, Stacy J [ORNL; Sayre, Kirk D [ORNL; Ankrum, Scott [MITRE Corporation

    2013-01-01

    Organizations maintaining mainframe legacy software can benefit from code modernization and incorporation of security capabilities to address the current threat environment. Oak Ridge National Laboratory is developing the Hyperion system to compute the behavior of software as a means to gain understanding of software functionality and security properties. Computation of functionality is critical to revealing security attributes, which are in fact specialized functional behaviors of software. Oak Ridge is collaborating with MITRE Corporation to conduct a demonstration project to compute behavior of legacy IBM Assembly Language code for a federal agency. The ultimate goal is to understand functionality and security vulnerabilities as a basis for code modernization. This paper reports on the first phase, to define functional semantics for IBM Assembly instructions and conduct behavior computation experiments.

  2. MULTIPLE AUTHORIZATION A Model and Architecture for Increased, Practical Security

    E-Print Network [OSTI]

    ]. Contraction-Minimal triangulations are called minimal or irreducible triangu- lations by various authors. 1

  3. A Security Framework for Smart Metering with Multiple Data ...

    E-Print Network [OSTI]

    2011-11-28

    personal data related to energy, water or gas consumption, from which details about ... with the goal of improving the overall efficiency in the use of energy and

  4. Efficient Secure and Verifiable Outsourcing of Matrix Multiplications

    E-Print Network [OSTI]

    International Association for Cryptologic Research (IACR)

    by the client, the need to verify integrity of the returned computation result arises. The ability to do so the need to verify the result to guarantee integrity of the computation. Another one is the need to protect confidentiality of the data used in the outsourced computation, which can be proprietary, personal, or otherwise

  5. CRITICAL INFRASTRUCTURE PROTECTION Multiple Efforts to Secure Control

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of Natural GasAdjustmentsShirley Ann JacksonDepartment|Marketing, LLCEfficiencyCOP 21: The Revolution WillSuperstormSystems Are

  6. Security tasks are highly interdependent.

    E-Print Network [OSTI]

    Exchange of Information Develop security tools that: · Integrate information from different communication channels · Provide flexible reporting (reports adapted to the recipient) · Communicate security information Security practitioners perform many activities: · Information exchanged in different formats across

  7. Security Cases | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Security Cases Security Cases RSS June 19, 2015 PSH-15-0011 - In the Matter of Personnel Security Hearing On June 19, 2015, an OHA Administrative Judge (AJ) issued a decision in...

  8. Computer Security Incident Handling Guide

    E-Print Network [OSTI]

    Computer Security Incident Handling Guide Recommendationsof the National Institute of Standards Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD Tom Millar United States Computer Emergency Readiness Team National Cyber Security Division

  9. Security Policy: Radio Network Controller

    E-Print Network [OSTI]

    Security Policy: Radio Network Controller Encryption Module Controller (RNC EMC) Cryptographic, 2007 Security Policy: RNC EMC Page 1 of 22 #12;Security Policy: RNC EMC Page 2 of 22 #12;Table...........................................................14 7. IDENTIFICATION AND AUTHENTICATION POLICY

  10. Departmental Cyber Security Management Policy

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2001-05-08

    The Departmental Cyber Security Management (DCSM) Policy was developed to further clarify and support the elements of the Integrated Safeguards and Security Management (ISSM) Policy regarding cyber security. Certified 9-23-10. No cancellation.

  11. Information Security Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1997-03-27

    Establishes an Information Security Program for the protection and control of classified and sensitive information. Extended until 5-11-06 by DOE N 251.63, dated 5-11-05. DOE O 471.2A, Information Security Program, dated 3/27/1997, extended by DOE N 251.57, dated 4/28/2004. Cancels: DOE O 471.2

  12. Energy, Climate & Infrastructure Security

    E-Print Network [OSTI]

    Energy, Climate & Infrastructure Security EXCEPTIONAL SERVICE IN THE NATIONAL INTEREST Sandia owned subsidiary of Lockheed Martin Corporation, for the U.S. Department of Energy's National Nuclear Security Administration under contract DE-AC04-94AL85000. SAND 2012-1670P Ensuring the Safe Containment

  13. Energy, Climate & Infrastructure Security

    E-Print Network [OSTI]

    Energy, Climate & Infrastructure Security EXCEPTIONAL SERVICE IN THE NATIONAL INTEREST Sandia Corporation, for the U.S. Department of Energy's National Nuclear Security Administration under contract DE owned subsidiary of Lockheed Martin Corporation, for the U.S. Department of Energy's National Nuclear

  14. Incidents of Security Concern

    SciTech Connect (OSTI)

    Atencio, Julian J.

    2014-05-01

    This presentation addresses incidents of security concern and an incident program for addressing them. It addresses the phases of an inquiry, and it divides incidents into categories based on severity and interest types based on whether security, management, or procedural interests are involved. A few scenarios are then analyzed according to these breakdowns.

  15. Safeguards and Security Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2010-12-29

    The Safeguards and Security Program ensures that the Department of Energy efficiently and effectively meets all its obligations to protect Special Nuclear Material, other nuclear materials, classified matter, sensitive information, government property, and the safety and security of employees, contractors, and the general public. Supersedes DOE P 470.1.

  16. Engineering secure software 

    E-Print Network [OSTI]

    Jetly, Prateek

    2001-01-01

    -the-fact fixes in the form of software patches. The root causes for security problems in software are explored. A survey of research attempts at engineering secure software is presented. The techniques discussed range from those that are very similar...

  17. Information Security Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1992-10-19

    To establish the Department of Energy (DOE) Information Security Program and set forth policies, procedures and responsibilities for the protection and control of classified and sensitive information. The Information Security Program is a system of elements which serve to deter collection activities, This directive does not cancel another directive. Canceled by DOE O 471.2 of 9-28-1995.

  18. Energy, Climate, & Infrastructure Security

    E-Print Network [OSTI]

    Siefert, Chris

    Energy, Climate, & Infrastructure Security ExCEptIonal SErvICE In thE natIonal IntErESt Sandia owned subsidiary of Lockheed Martin Corporation, for the U.S. Department of Energy's National Nuclear Security Administration under contract DE-AC04-94AL85000. SAND2013-7809W the computational, physics

  19. International Nuclear Security

    SciTech Connect (OSTI)

    Doyle, James E.

    2012-08-14

    This presentation discusses: (1) Definitions of international nuclear security; (2) What degree of security do we have now; (3) Limitations of a nuclear security strategy focused on national lock-downs of fissile materials and weapons; (4) What do current trends say about the future; and (5) How can nuclear security be strengthened? Nuclear security can be strengthened by: (1) More accurate baseline inventories; (2) Better physical protection, control and accounting; (3) Effective personnel reliability programs; (4) Minimize weapons-usable materials and consolidate to fewer locations; (5) Consider local threat environment when siting facilities; (6) Implement pledges made in the NSS process; and (7) More robust interdiction, emergency response and special operations capabilities. International cooperation is desirable, but not always possible.

  20. V-112: Microsoft SharePoint Input Validation Flaws Permit Cross...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Flaws Permit Cross-Site Scripting Attacks U-276: VMware vCenter Operations Cross-Site Scripting Vulnerability V-119: IBM Security AppScan Enterprise Multiple Vulnerabilities...

  1. Smart-Grid Security Issues

    SciTech Connect (OSTI)

    Khurana, Himanshu; Hadley, Mark D.; Lu, Ning; Frincke, Deborah A.

    2010-01-29

    TITLE: Smart-Grid Security Issues (Editorial Material, English) IEEE SECURITY & PRIVACY 8 (1). JAN-FEB 2010. p.81-85 IEEE COMPUTER SOC, LOS ALAMITOS

  2. Secure Virtualization with Formal Methods

    E-Print Network [OSTI]

    Sturton, Cynthia

    2013-01-01

    cloud computing, virtualization software has a variety of security-cloud computing, researchers have proposed using system virtualization software as a platform to increase the security

  3. Program Areas | National Security | ORNL

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Organizations National Security Home | Science & Discovery | National Security | Program Areas SHARE Program Areas image Oak Ridge National Laboratory (ORNL) has a robust...

  4. Office of Secure Transportation Activities

    Office of Environmental Management (EM)

    6th, 2012 WIPP Knoxville, TN OFFICE OF SECURE TRANSPORTATION Agency Integration Briefing Our Mission To provide safe and secure ground and air transportation of nuclear weapons,...

  5. Security Rulemaking | Department of Energy

    Office of Environmental Management (EM)

    Activities Transportation Security Rulemaking Activities at the U.S. Nuclear Regulatory Commission NRC Transportation Security (Part 73 SNF Update and Part 37 Category 1...

  6. National Nuclear Security Administration Overview

    Office of Environmental Management (EM)

    May 11, 2011 Ahmad Al-Daouk Manager, National Security Department (NSD) National Nuclear Security Administration (NNSA) Service Center - Albuquerque, NM May 11, 2011 - Page 2...

  7. Water vulnerabilities for existing coal-fired power plants.

    SciTech Connect (OSTI)

    Elcock, D.; Kuiper, J.; Environmental Science Division

    2010-08-19

    This report was funded by the U.S. Department of Energy's (DOE's) National Energy Technology Laboratory (NETL) Existing Plants Research Program, which has an energy-water research effort that focuses on water use at power plants. This study complements the Existing Plants Research Program's overall research effort by evaluating water issues that could impact power plants. Water consumption by all users in the United States over the 2005-2030 time period is projected to increase by about 7% (from about 108 billion gallons per day [bgd] to about 115 bgd) (Elcock 2010). By contrast, water consumption by coal-fired power plants over this period is projected to increase by about 21% (from about 2.4 to about 2.9 bgd) (NETL 2009b). The high projected demand for water by power plants, which is expected to increase even further as carbon-capture equipment is installed, combined with decreasing freshwater supplies in many areas, suggests that certain coal-fired plants may be particularly vulnerable to potential water demand-supply conflicts. If not addressed, these conflicts could limit power generation and lead to power disruptions or increased consumer costs. The identification of existing coal-fired plants that are vulnerable to water demand and supply concerns, along with an analysis of information about their cooling systems and related characteristics, provides information to help focus future research and development (R&D) efforts to help ensure that coal-fired generation demands are met in a cost-effective manner that supports sustainable water use. This study identified coal-fired power plants that are considered vulnerable to water demand and supply issues by using a geographical information system (GIS) that facilitated the analysis of plant-specific data for more than 500 plants in the NETL's Coal Power Plant Database (CPPDB) (NETL 2007a) simultaneously with 18 indicators of water demand and supply. Two types of demand indicators were evaluated. The first type consisted of geographical areas where specific conditions can generate demand vulnerabilities. These conditions include high projected future water consumption by thermoelectric power plants, high projected future water consumption by all users, high rates of water withdrawal per square mile (mi{sup 2}), high projected population increases, and areas projected to be in a water crisis or conflict by 2025. The second type of demand indicator was plant specific. These indicators were developed for each plant and include annual water consumption and withdrawal rates and intensities, net annual power generation, and carbon dioxide (CO{sub 2}) emissions. The supply indictors, which are also area based, include areas with low precipitation, high temperatures, low streamflow, and drought. The indicator data, which were in various formats (e.g., maps, tables, raw numbers) were converted to a GIS format and stored, along with the individual plant data from the CPPDB, in a single GIS database. The GIS database allowed the indicator data and plant data to be analyzed and visualized in any combination. To determine the extent to which a plant would be considered 'vulnerable' to a given demand or supply concern (i.e., that the plant's operations could be affected by water shortages represented by a potential demand or supply indicator), criteria were developed to categorize vulnerability according to one of three types: major, moderate, or not vulnerable. Plants with at least two major demand indicator values and/or at least four moderate demand indicator values were considered vulnerable to demand concerns. By using this approach, 144 plants were identified as being subject to demand concerns only. Plants with at least one major supply indicator value and/or at least two moderate supply indicator values were considered vulnerable to supply concerns. By using this approach, 64 plants were identified as being subject to supply concerns only. In addition, 139 plants were identified as subject to both demand and supply concerns. Therefore, a total of 347 plants were considere

  8. On Building Secure SCADA Systems using Security Eduardo B. Fernandez

    E-Print Network [OSTI]

    Wu, Jie

    On Building Secure SCADA Systems using Security Patterns Eduardo B. Fernandez Dept. of Comp. Sci, also known as the supervisory, control, and data acquisition (SCADA) system. On the other hand systems. This paper aims to propose methods to build a secure SCADA system using security patterns

  9. INSTITUTE FOR CYBER SECURITY Application-Centric Security Models

    E-Print Network [OSTI]

    Sandhu, Ravi

    INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University of Texas at San Antonio July 2009 ravi.sandhu@utsa.edu www.profsandhu.com © Ravi Sandhu #12;INSTITUTE FOR CYBER SECURITY Dr. Robert W. Gracy Vice President

  10. INSTITUTE FOR CYBER SECURITY Application-Centric Security

    E-Print Network [OSTI]

    Sandhu, Ravi

    INSTITUTE FOR CYBER SECURITY Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security (ICS) University of Texas at San Antonio Executive Director and Endowed Chair Institute for Cyber Security (ICS) University of Texas at San Antonio

  11. Towards Secure Information Sharing Models for Community Cyber Security

    E-Print Network [OSTI]

    Sandhu, Ravi

    Towards Secure Information Sharing Models for Community Cyber Security Ravi Sandhu Dept. of Computer Science Institute for Cyber Security University of Texas at San Antonio Email: ravi.sandhu@utsa.edu Ram Krishnan Dept. of Electrical and Computer Engineering Institute for Cyber Security University

  12. INSTITUTE FOR CYBER SECURITY Application-Centric Security Models

    E-Print Network [OSTI]

    Sandhu, Ravi

    INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University of Texas at San Antonio June 2009 ravi.sandhu@utsa.edu www.profsandhu.com © Ravi Sandhu #12;INSTITUTE FOR CYBER SECURITY Dr. Robert W. Gracy Vice President

  13. 1Computer Security Shambhu Upadhyaya Cyber Security @CEISARE

    E-Print Network [OSTI]

    Upadhyaya, Shambhu

    , there are 100+ centers ­ Based on curriculum mapping to CNSS (committee of National Security Standards) 4011 at Google (2010) · Threats to national security ­ Insider attacks ­ Examples: Bradley Manning leaked1Computer Security Shambhu Upadhyaya Cyber Security @CEISARE Professor S. Upadhyaya Department

  14. A SECURE EUROPE IN A BETTER WORLD EUROPEAN SECURITY STRATEGY

    E-Print Network [OSTI]

    Sussex, University of

    EN A SECURE EUROPE IN A BETTER WORLD EUROPEAN SECURITY STRATEGY Brussels, 12 December 2003 #12;1 EN's complex problems on its own Introduction Europe has never been so prosperous, so secure nor so free problems on its own. Europe still faces security threats and challenges. The outbreak of conflict

  15. SecuritySmart

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantityBonneville Power AdministrationRobust, High-ThroughputUpcomingmagnetoresistanceand Governmentm D mSecurity SecuritySecuritySmart

  16. Energy Sector Vulnerability to Climate Change: Adaptation Options to Increase Resilience (Presentation)

    SciTech Connect (OSTI)

    Newmark, R. L.; Bilello, D.; Macknick, J.; Hallet, K. C.; Anderson, R.; Tidwell, V.; Zamuda, C.

    2013-02-01

    The U.S. Department of Energy is conducting an assessment of vulnerabilities of the U.S. energy sector to climate change and extreme weather. Emphasizing peer reviewed research, it seeks to quantify vulnerabilities and identify specific knowledge or technology gaps. It draws upon a July 2012 workshop, ?Climate Change and Extreme Weather Vulnerability Assessment of the US Energy Sector?, hosted by the Atlantic Council and sponsored by DOE to solicit industry input.

  17. Chemical Safety Vulnerability Working Group report. Volume 2

    SciTech Connect (OSTI)

    Not Available

    1994-09-01

    The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 2 consists of seven appendices containing the following: Tasking memorandums; Project plan for the CSV Review; Field verification guide for the CSV Review; Field verification report, Lawrence Livermore National Lab.; Field verification report, Oak Ridge Reservation; Field verification report, Savannah River Site; and the Field verification report, Hanford Site.

  18. Chemical Safety Vulnerability Working Group report. Volume 3

    SciTech Connect (OSTI)

    Not Available

    1994-09-01

    The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 3 consists of eleven appendices containing the following: Field verification reports for Idaho National Engineering Lab., Rocky Flats Plant, Brookhaven National Lab., Los Alamos National Lab., and Sandia National Laboratories (NM); Mini-visits to small DOE sites; Working Group meeting, June 7--8, 1994; Commendable practices; Related chemical safety initiatives at DOE; Regulatory framework and industry initiatives related to chemical safety; and Chemical inventory data from field self-evaluation reports.

  19. Seismic Vulnerability and Performance Level of confined brick walls

    SciTech Connect (OSTI)

    Ghalehnovi, M.; Rahdar, H. A. [University of Sistan and Baluchestan, Zahedan (Iran, Islamic Republic of)

    2008-07-08

    There has been an increase on the interest of Engineers and designers to use designing methods based on displacement and behavior (designing based on performance) Regarding to the importance of resisting structure design against dynamic loads such as earthquake, and inability to design according to prediction of nonlinear behavior element caused by nonlinear properties of constructional material.Economically speaking, easy carrying out and accessibility of masonry material have caused an enormous increase in masonry structures in villages, towns and cities. On the other hand, there is a necessity to study behavior and Seismic Vulnerability in these kinds of structures since Iran is located on the earthquake belt of Alpide.Different reasons such as environmental, economic, social, cultural and accessible constructional material have caused different kinds of constructional structures.In this study, some tied walls have been modeled with software and with relevant accelerator suitable with geology conditions under dynamic analysis to research on the Seismic Vulnerability and performance level of confined brick walls. Results from this analysis seem to be satisfactory after comparison of them with the values in Code ATC40, FEMA and standard 2800 of Iran.

  20. Climate Change and the U.S. Energy Sector: Regional Vulnerabilities...

    Energy Savers [EERE]

    Thermoelectric power generation is vulnerable to increasing temperatures and reduced water availability in most regions, particularly in the Midwest, Great Plains, and southern...

  1. V-054: IBM WebSphere Application Server for z/OS Arbitrary Command Execution Vulnerability

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server (WAS) for z/OS

  2. U-225: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Vulnerabilities

    Broader source: Energy.gov [DOE]

    Two vulnerabilities in Citrix Access Gateway Plug-in for Windows can be exploited by malicious people to compromise a user's system.

  3. U-016: Cisco IOS Software HTTP Service Loading Denial of Service Vulnerability

    Broader source: Energy.gov [DOE]

    An unauthenticated, remote attacker could exploit this vulnerability to cause a targeted device to stop responding, resulting in a DoS condition

  4. T-655: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability

    Broader source: Energy.gov [DOE]

    Mozilla Firefox is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

  5. U-108: Net4Switch ipswcom ActiveX Control Buffer Overflow Vulnerability

    Broader source: Energy.gov [DOE]

    The vulnerability is caused due to a boundary error within the "CxDbgPrint()" function (cxcmrt.dll) when creating a debug message string.

  6. T-572: VMware ESX/ESXi SLPD denial of service vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE)

    VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.

  7. 2014 Headquarters Facilities Master Security Plan- Chapter 8, Operations Security Program

    Broader source: Energy.gov [DOE]

    2014 Headquarters Facilities Master Security Plan - Chapter 8, Operations Security Program Describes the DOE Headquarters Operations Security (OPSEC) Program.

  8. 2014 Headquarters Facilities Master Security Plan- Chapter 10, Security Awareness Program

    Broader source: Energy.gov [DOE]

    2014 Headquarters Facilities Master Security Plan - Chapter 10, Security Awareness Program Describes the DOE Headquarters Security Awareness Program

  9. BROADER National Security Missions

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Metal Chips (U) Uranium Trioxide (UO 3 ) UO 2 (NO 3 ) 2 Ur anyl Nitrate Ammonium Uranyl Carbonate (NH 4 ) 2 UO 2 (CO 3 ) 4 DEVELOP NEW NATIONAL SECURITY MISSIONS Y-12 has...

  10. AMALGAMATED SECURITY COMMUNITIES

    E-Print Network [OSTI]

    Harvey, Andrew Stephen

    2011-08-31

    This dissertation examines the process of the formation and dissolution of Amalgamated Security Communities, a topic that has been ignored by the academic community except as a side note when the origins of Pluralistic ...

  11. Safeguards and Security Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2007-05-25

    The Order establishes roles and responsibilities for the Department of Energy Safeguards and Security Program. Cancels DOE O 470.4. Canceled by DOE O 470.4B

  12. Safeguards and Security Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1988-01-22

    To establish the policy and responsibilities for the Department of Energy safeguards and security program. Does not cancel another directive. Canceled by DOE O 5630.11A dated 12-7-92.

  13. Operations Security Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1992-04-30

    To establish policies, responsibilities and authorities for implementing and sustaining the Department of Energy (DOE) Operations Security (OPSEC) Program. Cancels DOE O 5632.3B. Canceled by DOE O 471.2 of 9-28-1995.

  14. Tensions in collaborative cyber security and how they affect incident detection and response

    SciTech Connect (OSTI)

    Fink, Glenn A.; McKinnon, Archibald D.; Clements, Samuel L.; Frincke, Deborah A.

    2009-12-01

    Security often requires collaboration, but when multiple stakeholders are involved, it is typical for their priorities to differ or even conflict with one another. In today’s increasingly networked world, cyber security collaborations may span organizations and countries. In this chapter, we address collaboration tensions, their effects on incident detection and response, and how these tensions may potentially be resolved. We present three case studies of collaborative cyber security within the U.S. government and discuss technical, social, and regulatory challenges to collaborative cyber security. We suggest possible solutions, and present lessons learned from conflicts. Finally, we compare collaborative solutions from other domains and apply them to cyber security collaboration. Although we concentrate our analysis on collaborations whose purpose is to achieve cyber security, we believe that this work applies readily to security tensions found in collaborations of a general nature as well.

  15. ITS Identity & Information Security Information Security Program Date 10-02-2013 Page 1

    E-Print Network [OSTI]

    Su, Xiao

    ITS Identity & Information Security Information Security Program Date 10-02-2013 Page 1 Information................................................................................................................................................................................3 Information Security Policy...............................................................................................................................................4 Information Security Policy Management

  16. Policy Paper 35: Energy and Security in Northeast Asia: Fueling Security

    E-Print Network [OSTI]

    Calder, Kent; Fesharaki, Fereidun; Shirk, Susan L.; Stankiewicz, Michael

    1998-01-01

    Deese (editors). Energy and Security. 3. Fereidun Fesharaki,Energy and Security in Northeast Asia: Fueling Security Anrising energy demand. Energy and Security in Northeast Asia

  17. Secure Quantum Key Distribution

    E-Print Network [OSTI]

    Hoi-Kwong Lo; Marcos Curty; Kiyoshi Tamaki

    2015-05-20

    Secure communication plays a crucial role in the Internet Age. Quantum mechanics may revolutionise cryptography as we know it today. In this Review Article, we introduce the motivation and the current state of the art of research in quantum cryptography. In particular, we discuss the present security model together with its assumptions, strengths and weaknesses. After a brief introduction to recent experimental progress and challenges, we survey the latest developments in quantum hacking and counter-measures against it.

  18. Incidents of Security Concern

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2004-03-17

    Sets forth requirements for the DOE Incidents of Security Concern Program, including timely identification and notification of, response to, inquiry into, reporting of, and closure actions for incidents of security concern. Cancels Chapter VII of DOE O 470.1; DOE N 471.3; and Chapter IV of DOE M 471.2-1B (Note: Paragraphs 1 and 2 of Chapter III remain in effect.) Canceled by DOE O 470.4.

  19. Data port security lock

    DOE Patents [OSTI]

    Quinby, Joseph D. (Albuquerque, NM); Hall, Clarence S. (Albuquerque, NM)

    2008-06-24

    In a security apparatus for securing an electrical connector, a plug may be fitted for insertion into a connector receptacle compliant with a connector standard. The plug has at least one aperture adapted to engage at least one latch in the connector receptacle. An engagement member is adapted to partially extend through at least one aperture and lock to at least one structure within the connector receptacle.

  20. Quantum Strongly Secure Ramp Secret Sharing

    E-Print Network [OSTI]

    Paul Zhang; Ryutaroh Matsumoto

    2014-08-08

    Quantum secret sharing is a scheme for encoding a quantum state (the secret) into multiple shares and distributing them among several participants. If a sufficient number of shares are put together, then the secret can be fully reconstructed. If an insufficient number of shares are put together however, no information about the secret can be revealed. In quantum ramp secret sharing, partial information about the secret is allowed to leak to a set of participants, called an unqualified set, that cannot fully reconstruct the secret. By allowing this, the size of a share can be drastically reduced. This paper introduces a quantum analog of classical strong security in ramp secret sharing schemes. While the ramp secret sharing scheme still leaks partial information about the secret to unqualified sets of participants, the strong security condition ensures that qudits with critical information can no longer be leaked.

  1. National Center for Nuclear Security - NCNS

    ScienceCinema (OSTI)

    None

    2015-01-09

    As the United States embarks on a new era of nuclear arms control, the tools for treaty verification must be accurate and reliable, and must work at stand-off distances. The National Center for Nuclear Security, or NCNS, at the Nevada National Security Site, is poised to become the proving ground for these technologies. The center is a unique test bed for non-proliferation and arms control treaty verification technologies. The NNSS is an ideal location for these kinds of activities because of its multiple environments; its cadre of experienced nuclear personnel, and the artifacts of atmospheric and underground nuclear weapons explosions. The NCNS will provide future treaty negotiators with solid data on verification and inspection regimes and a realistic environment in which future treaty verification specialists can be trained. Work on warhead monitoring at the NCNS will also support future arms reduction treaties.

  2. National Center for Nuclear Security - NCNS

    SciTech Connect (OSTI)

    2014-11-12

    As the United States embarks on a new era of nuclear arms control, the tools for treaty verification must be accurate and reliable, and must work at stand-off distances. The National Center for Nuclear Security, or NCNS, at the Nevada National Security Site, is poised to become the proving ground for these technologies. The center is a unique test bed for non-proliferation and arms control treaty verification technologies. The NNSS is an ideal location for these kinds of activities because of its multiple environments; its cadre of experienced nuclear personnel, and the artifacts of atmospheric and underground nuclear weapons explosions. The NCNS will provide future treaty negotiators with solid data on verification and inspection regimes and a realistic environment in which future treaty verification specialists can be trained. Work on warhead monitoring at the NCNS will also support future arms reduction treaties.

  3. Lemnos Interoperable Security Program

    SciTech Connect (OSTI)

    John Stewart; Ron Halbgewachs; Adrian Chavez; Rhett Smith; David Teumim

    2012-01-31

    The manner in which the control systems are being designed and operated in the energy sector is undergoing some of the most significant changes in history due to the evolution of technology and the increasing number of interconnections to other system. With these changes however come two significant challenges that the energy sector must face; 1) Cyber security is more important than ever before, and 2) Cyber security is more complicated than ever before. A key requirement in helping utilities and vendors alike in meeting these challenges is interoperability. While interoperability has been present in much of the discussions relating to technology utilized within the energy sector and especially the Smart Grid, it has been absent in the context of cyber security. The Lemnos project addresses these challenges by focusing on the interoperability of devices utilized within utility control systems which support critical cyber security functions. In theory, interoperability is possible with many of the cyber security solutions available to utilities today. The reality is that the effort required to achieve cyber security interoperability is often a barrier for utilities. For example, consider IPSec, a widely-used Internet Protocol to define Virtual Private Networks, or â?? tunnelsâ?ť, to communicate securely through untrusted public and private networks. The IPSec protocol suite has a significant number of configuration options and encryption parameters to choose from, which must be agreed upon and adopted by both parties establishing the tunnel. The exercise in getting software or devices from different vendors to interoperate is labor intensive and requires a significant amount of security expertise by the end user. Scale this effort to a significant number of devices operating over a large geographical area and the challenge becomes so overwhelming that it often leads utilities to pursue solutions from a single vendor. These single vendor solutions may inadvertently lock utilities into proprietary and closed systems Lemnos is built on the successes of Open PCS Security Architecture for Interoperable Design (OPSAID), a previous DOE National SCADA Test Bed (NSTB) project. It enhances security interoperability by identifying basic cyber security functions based on utility requirements and then selecting open source solutions, namely Internet Engineering Task Force (IETF) RFCs, to support these functions. Once identified, specific configuration parameters for each RFC suitable for the electric utility control system environment are identified and documented. These configuration parameters are referred to as Interoperable Configuration Profiles (ICP) and their effectiveness within the utility control systems environment is verified with comprehensive testing as the final step in the process. The project focused on development of ICPs for four security protocols (IPsec, SSH, LDAP, and Syslog) which represent fundamental building blocks which can be utilized for securing utility control systems. These ICPs are product agnostic and can be applied modularly to any device (router, substation gateway, intelligent electronic device, etc.) within the utility control system as the end user deems necessary for their unique system architecture. The Lemnos Interoperable Security Program is a public-private partnership under the U.S. Department of Energy (DOE) Office of Electricity Delivery and Energy Reliability's Cybersecurity for Energy Delivery Systems (CEDS) program and supports The Roadmap to Secure Energy Delivery Systems. In addition to EnerNex, the core team supporting the effort includes Tennessee Valley Authority, Sandia National Laboratories, and Schweitzer Engineering Laboratories. Adding to the core team effort is collaboration from additional industry participants in the project including the Electric Power Research Institute (EPRI), Alien Vault, Cisco, Encore Networks, GarrettCom, Industrial Defender, N-Dimension Solutions, Phoenix Contact, RuggedCom, and Siemens.

  4. V-188: Apache XML Security XPointer Expressions Processing Buffer Overflow

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of Natural GasAdjustmentsShirleyEnergyThe U.S.Lacledeutilities. The Economics ofConductMultiple vulnerabilities have

  5. V-192: Symantec Security Information Manager Input Validation Flaws Permit

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of Natural GasAdjustmentsShirleyEnergyThe U.S.Lacledeutilities. The Economics ofConductMultiple vulnerabilitiesApple

  6. Extended defense systems :I. adversary-defender modeling grammar for vulnerability analysis and threat assessment.

    SciTech Connect (OSTI)

    Merkle, Peter Benedict

    2006-03-01

    Vulnerability analysis and threat assessment require systematic treatments of adversary and defender characteristics. This work addresses the need for a formal grammar for the modeling and analysis of adversary and defender engagements of interest to the National Nuclear Security Administration (NNSA). Analytical methods treating both linguistic and numerical information should ensure that neither aspect has disproportionate influence on assessment outcomes. The adversary-defender modeling (ADM) grammar employs classical set theory and notation. It is designed to incorporate contributions from subject matter experts in all relevant disciplines, without bias. The Attack Scenario Space U{sub S} is the set universe of all scenarios possible under physical laws. An attack scenario is a postulated event consisting of the active engagement of at least one adversary with at least one defended target. Target Information Space I{sub S} is the universe of information about targets and defenders. Adversary and defender groups are described by their respective Character super-sets, (A){sub P} and (D){sub F}. Each super-set contains six elements: Objectives, Knowledge, Veracity, Plans, Resources, and Skills. The Objectives are the desired end-state outcomes. Knowledge is comprised of empirical and theoretical a priori knowledge and emergent knowledge (learned during an attack), while Veracity is the correspondence of Knowledge with fact or outcome. Plans are ordered activity-task sequences (tuples) with logical contingencies. Resources are the a priori and opportunistic physical assets and intangible attributes applied to the execution of associated Plans elements. Skills for both adversary and defender include the assumed general and task competencies for the associated plan set, the realized value of competence in execution or exercise, and the opponent's planning assumption of the task competence.

  7. The extreme vulnerability of interdependent spatially embedded networks

    E-Print Network [OSTI]

    Bashan, Amir; Buldyrev, Sergey V; Havlin, Shlomo

    2015-01-01

    Recent studies show that in interdependent networks a very small failure in one network may lead to catastrophic consequences. Above a critical fraction of interdependent nodes, even a single node failure can invoke cascading failures that may abruptly fragment the system, while below this "critical dependency" (CD) a failure of few nodes leads only to small damage to the system. So far, the research has been focused on interdependent random networks without space limitations. However, many real systems, such as power grids and the Internet, are not random but are spatially embedded. Here we analytically and numerically analyze the stability of systems consisting of interdependent spatially embedded networks modeled as lattice networks. Surprisingly, we find that in lattice systems, in contrast to non-embedded systems, there is no CD and \\textit{any} small fraction of interdependent nodes leads to an abrupt collapse. We show that this extreme vulnerability of very weakly coupled lattices is a consequence of t...

  8. IY5512: Part 1 Information Security Group

    E-Print Network [OSTI]

    Mitchell, Chris

    IY5512: Part 1 1 Information Security Group IY5512 Computer Security Part 1: Introduction to computer security Chris Mitchell me@chrismitchell.net http://www.chrismitchell.net 1 Information Security) ... 2 Information Security Group Agenda · Overview · Security goals · Security approaches ­ prevention

  9. T-569: Adobe Flash SWF File Processing Memory Corruption Remote Code Execution Vulnerability

    Broader source: Energy.gov [DOE]

    Critical vulnerabilities have been identified in Adobe Flash Player 10.1.102.64 and earlier versions for Windows, Macintosh, Linux, and Solaris. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.

  10. Prediction Capabilities of Vulnerability Discovery Models Omar H. Alhazmi, Colorado State University

    E-Print Network [OSTI]

    Malaiya, Yashwant K.

    Prediction Capabilities of Vulnerability Discovery Models Omar H. Alhazmi, Colorado State Discovery Models (VDMs) have been proposed to model vulnerability discovery and have has been fitted discovery process, presenting a static approach to estimating the initial values of one of the VDM

  11. VULNERABILITY ANALYSIS AND RISK ASSESSMENT FOR SEISMIC AND FLOOD HAZARD IN TURIALBA CITY, COSTA RICA

    E-Print Network [OSTI]

    VULNERABILITY ANALYSIS AND RISK ASSESSMENT FOR SEISMIC AND FLOOD HAZARD IN TURIALBA CITY, COSTA and Earth Observation (ITC) Enschede Netherlands Figure 5.4. Damage maps for #12;Vulnerability Analysis And Risk Assessment For Seismic And Flood Hazard In Turialba City, Costa Rica By Muh Aris Marfai and Jacob

  12. Vulnerability and household livelihoods in small scale fishing areas in Africa: An asset-based approach

    E-Print Network [OSTI]

    Krivobokova, Tatyana

    Vulnerability and household livelihoods in small scale fishing areas in Africa: An asset vulnerability to poverty and livelihood choices in small-scale fishing areas. The use of an asset on natural resources for their livelihoods, such as fishing, are often marginalized or ignored in national

  13. Emotion Regulation and Vulnerability to Depression: Spontaneous Versus Instructed Use of Emotion Suppression and Reappraisal

    E-Print Network [OSTI]

    Gross, James J.

    Emotion Regulation and Vulnerability to Depression: Spontaneous Versus Instructed Use of Emotion vulnerability is related to difficulties with emotion regulation by comparing recovered-depressed and never of emotion regulation strategies. In the second phase, sad mood was induced using a film clip, and the degree

  14. Modeling Complex Control Systems to Identify Remotely Accessible Devices Vulnerable to Cyber Attack1

    E-Print Network [OSTI]

    Krings, Axel W.

    Acquisition (SCADA) systems that allows us to calculate device vulnerability and help power substation and SCADA systems such as: "Which is the most vulnerable device of our power substation under an attack, SCADA. 1. Introduction Today's electric power substations are becoming more automated and connected

  15. 1836 IEEE TRANSACTIONS ON POWER SYSTEMS, VOL. 23, NO. 4, NOVEMBER 2008 Vulnerability Assessment of Cybersecurity

    E-Print Network [OSTI]

    Hu, Fei

    of Cybersecurity for SCADA Systems Chee-Wooi Ten, Student Member, IEEE, Chen-Ching Liu, Fellow, IEEE on supervisory control and data acquisition (SCADA) systems. Compliance of the require- ment to meet the standard a vulnerability assessment framework to systemat- ically evaluate the vulnerabilities of SCADA systems at three

  16. T-526: Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulnerability

    Office of Energy Efficiency and Renewable Energy (EERE)

    Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. Microsoft Internet Explorer 8.0.7600.16385 is vulnerable; other versions may also be affected.

  17. Experimental Studies of Vulnerabilities in Devices and On-Chip Protection

    E-Print Network [OSTI]

    Anlage, Steven

    ). · Identify most prominent vulnerabilities of the units to RF direct injection and irradiation, and examine and fabricated and the packaged chips were placed on the boards with matching elements for RF injection. The RF vulnerabilities are examined both by simulation and experimental injection of RF at the MOSFETGate, Drain, Source

  18. U.S. Patent Pending, Cyberspace Security System for Complex Systems, U.S. Patent Application No.: 14/134,949

    SciTech Connect (OSTI)

    Abercrombie, Robert K; Sheldon, Frederick T; Mili, Ali

    2013-01-01

    A computer implemented method monetizes the security of a cyber-system in terms of losses each stakeholder may expect to lose if a security break down occurs. A non-transitory media stores instructions for generating a stake structure that includes costs that each stakeholder of a system would lose if the system failed to meet security requirements and generating a requirement structure that includes probabilities of failing requirements when computer components fails. The system generates a vulnerability model that includes probabilities of a component failing given threats materializing and generates a perpetrator model that includes probabilities of threats materializing. The system generates a dot product of the stakes structure, the requirement structure, the vulnerability model and the perpetrator model. The system can further be used to compare, contrast and evaluate alternative courses of actions best suited for the stakeholders and their requirements.

  19. Security | Y-12 National Security Complex

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of NaturalDukeWakefieldSulfateSciTechtail.Theory ofDidDevelopment Top Scientific Impact Since its SearchSecurity

  20. Secure Manufacturing | Y-12 National Security Complex

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantityBonneville Power AdministrationRobust, High-ThroughputUpcomingmagnetoresistanceand Governmentm D m r345 UnlimitedSecure

  1. national security campus | National Nuclear Security Administration

    National Nuclear Security Administration (NNSA)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of NaturalDukeWakefield Municipal Gas &SCE-SessionsSouthReporteeo | National Nuclear Securityhr | Nationalnational security

  2. Tag: security | Y-12 National Security Complex

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantityBonneville Power AdministrationRobust,Field-effectWorking With U.S. Coal StocksSuppliers Tag: Supplierssecurity Tag: security

  3. physical security | National Nuclear Security Administration

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantityBonneville Power AdministrationRobust,Field-effectWorkingLosThe 26thI D- 6 0 4 2 r m m m m port m fm f mphysical security |

  4. Headquarters Facilities Master Security Plan - Chapter 14, Cyber...

    Office of Environmental Management (EM)

    4, Cyber Security Headquarters Facilities Master Security Plan - Chapter 14, Cyber Security June 2015 2015 Headquarters Facilities Master Security Plan - Chapter 14, Cyber Security...

  5. Some Thoughts on Teaching Secure Programming

    E-Print Network [OSTI]

    Bishop, Matt

    2013-01-01

    Teaching Context in Information Security,” ACM Journal onWorld Conference on Information Security Education pp. 23–Colloquium on Information Systems Security Education (CISSE)

  6. On Cyber Security for Networked Control Systems

    E-Print Network [OSTI]

    Amin, Saurabh

    2011-01-01

    Analysis of Information Security Games, Proceedings of theon the Economics of Information Security WEIS’, Hanover, NH,on the Economics of Information Security’. Anderson, R. and

  7. Securities Class Actions and Bankrupt Companies

    E-Print Network [OSTI]

    Park, James J.

    2014-01-01

    the utility of securities class actions. Certainly, contextthe merit of securities class actions. UCLA | SCHOOL OF LAWof James J. Park, Securities Class Actions and Bankrupt

  8. Security enhanced with increased vehicle inspections

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Security enhanced with increased vehicle inspections Security measures increase as of March: vehicle inspections won't delay traffic New increased security procedures meet LANL's...

  9. Review of digital image security in Dermatology

    E-Print Network [OSTI]

    Nielson, Colton; West, Cameron; Shimizu, Ikue

    2015-01-01

    encrypted communications, cloud security breaches, and phonebreaches in security demonstrate, such cloud storage ofand security rules 22 Audits of CSP data center operations and cloud

  10. Integrated Security System | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Security System A security platform providing multi-layer intrusion detection and security management for a networked energy control systems architecture Integrated...

  11. Data security on the national fusion grid

    E-Print Network [OSTI]

    Burruss, Justine R.; Fredian, Tom W.; Thompson, Mary R.

    2005-01-01

    of any computational grid is security. Effective sharing oflike ITER. Keywords: security, FusionGrid, grid computing 1.A Security Architecture for Computational Grids,” Proc. 5th

  12. Security on the US Fusion Grid

    E-Print Network [OSTI]

    Burruss, Justin R.; Fredian, Tom W.; Thompson, Mary R.

    2005-01-01

    of any computational grid is security. Effective sharing oflike ITER. Keywords: security, FusionGrid, grid computing 1.A Security Architecture for Computational Grids,” Proc. 5th

  13. A Game Theoretical Approach to Communication Security

    E-Print Network [OSTI]

    Gueye, Assane

    2011-01-01

    CERT. (2010, Dec) Technical Cyber Security Alerts. [Online].a broad overview of cyber security incidents in the laststrategic war and viable cyber security solutions should be

  14. Mathematical and Statistical Opportunities in Cyber Security

    E-Print Network [OSTI]

    Meza, Juan

    2009-01-01

    development approach to cyber security. Report submitted to2007. Committee on Improving Cyber- security Research in theOpportunities in Cyber Security ? Juan Meza † Scott

  15. Security and United States Immigration Policy

    E-Print Network [OSTI]

    Totten, Robbie James

    2012-01-01

    2009 [1981]. American National Security, 6th ed. Baltimore,1977. Economic Issues and National Security. Lawrence, KS:Immigration and National Security. Westport, CT: Praeger

  16. Office of Security Assessments | Department of Energy

    Energy Savers [EERE]

    Security Assessments Office of Security Assessments MISSION The Office of Security Assessments is responsible for the independent evaluation of the effectiveness of safeguards and...

  17. PACE: Pattern Accurate Computationally Efficient Bootstrapping for Timely Discovery of Cyber-Security Concepts

    SciTech Connect (OSTI)

    McNeil, Nikki C; Bridges, Robert A; Iannacone, Michael D; Czejdo, Bogdan; Perez, Nicolas E; Goodall, John R

    2013-01-01

    Public disclosure of important security information, such as knowledge of vulnerabilities or exploits, often occurs in blogs, tweets, mailing lists, and other online sources significantly before proper classification into structured databases. In order to facilitate timely discovery of such knowledge, we propose a novel semi-supervised learning algorithm, PACE, for identifying and classifying relevant entities in text sources. The main contribution of this paper is an enhancement of the traditional bootstrapping method for entity extraction by employing a time-memory trade-off that simultaneously circumvents a costly corpus search while strengthening pattern nomination, which should increase accuracy. An implementation in the cyber-security domain is discussed as well as challenges to Natural Language Processing imposed by the security domain.

  18. Google Android: A State-of-the-Art Review of Security Mechanisms

    E-Print Network [OSTI]

    Shabtai, A; Kanonov, U; Elovici, Y; Dolev, S

    2009-01-01

    Google's Android is a comprehensive software framework for mobile communication devices (i.e., smartphones, PDAs). The Android framework includes an operating system, middleware and a set of key applications. The incorporation of integrated access services to the Internet on such mobile devices, however, increases their exposure to damages inflicted by various types of malware. This paper provides a comprehensive security assessment of the Android framework and the security mechanisms incorporated into it. A methodological qualitative risk analysis that we conducted identifies the high-risk threats to the framework and any potential danger to information or to the system resulting from vulnerabilities that have been uncovered and exploited. Our review of current academic and commercial solutions in the area of smartphone security yields a list of applied and recommended defense mechanisms for hardening mobile devices in general and the Android in particular. Lastly, we present five major (high-risk) threats t...

  19. Towards Evidence-Based Assessment of Factors Contributing to the Introduction and Detection of Software Vulnerabilities

    E-Print Network [OSTI]

    Finifter, Matthew Smith

    2013-01-01

    for windows vista. In Software Testing, Verification andthe Effectiveness of Software Testing Strate- gies. IEEEBruce Potter. Software security testing. IEEE Security and

  20. AUDIT REPORT Security at the Nevada National Security Site

    Broader source: Energy.gov (indexed) [DOE]

    Security at the Nevada National Security Site OAS-L-15-06 May 2015 U.S. Department of Energy Office of Inspector General Office of Audits and Inspections . Department of Energy...