Powered by Deep Web Technologies
Note: This page contains sample records for the topic "multiple security vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


1

T-551: Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabilities  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Delicious RankCombustion |Energy Usage »of Energy Strain Rate4SuperhardSuspectEnginesSystems forVulnerabilities ||

2

V-092: Pidgin Multiple Vulnerabilities  

Broader source: Energy.gov [DOE]

Multiple vulnerabilities have been reported in Pidgin, which can be exploited by malicious people to manipulate certain data, cause a DoS (Denial of Service), and compromise a user's system.

3

V-096: Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities  

Broader source: Energy.gov [DOE]

A weakness and multiple vulnerabilities have been reported in Mozilla Thunderbird and SeaMonkey, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, and compromise a user's system.

4

Common Cyber Security Vulnerabilities Observed in Control System...  

Broader source: Energy.gov (indexed) [DOE]

Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program Common Cyber Security Vulnerabilities Observed in Control System Assessments by...

5

Assessing the Security Vulnerabilities of Correctional Facilities  

SciTech Connect (OSTI)

The National Institute of Justice has tasked their Satellite Facility at Sandia National Laboratories and their Southeast Regional Technology Center in Charleston, South Carolina to devise new procedures and tools for helping correctional facilities to assess their security vulnerabilities. Thus, a team is visiting selected correctional facilities and performing vulnerability assessments. A vulnerability assessment helps to identi~ the easiest paths for inmate escape, for introduction of contraband such as drugs or weapons, for unexpected intrusion fi-om outside of the facility, and for the perpetration of violent acts on other inmates and correctional employees, In addition, the vulnerability assessment helps to quantify the security risks for the facility. From these initial assessments will come better procedures for performing vulnerability assessments in general at other correctional facilities, as well as the development of tools to assist with the performance of such vulnerability assessments.

Morrison, G.S.; Spencer, D.S.

1998-10-27T23:59:59.000Z

6

T-697: Google Chrome Prior to 13.0.782.107 Multiple Security...  

Broader source: Energy.gov (indexed) [DOE]

Chrome Prior to 13.0.782.107 Multiple Security Vulnerabilities Releases >> Chrome OS Beta: Channel Update Chromium Security >> Reporting Security Bugs IMPACT ASSESSMENT: High...

7

V-106: Citrix Access Gateway Unspecified Security Bypass Vulnerability...  

Broader source: Energy.gov (indexed) [DOE]

V-106: Citrix Access Gateway Unspecified Security Bypass Vulnerability March 7, 2013 - 6:00am Addthis PROBLEM: A vulnerability has been reported in Citrix Access Gateway...

8

T-551: Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabil...  

Office of Environmental Management (EM)

51: Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabilities T-551: Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabilities February 7, 2011 - 7:56am...

9

V-090: Adobe Flash Player / AIR Multiple Vulnerabilities | Department...  

Broader source: Energy.gov (indexed) [DOE]

0: Adobe Flash Player AIR Multiple Vulnerabilities V-090: Adobe Flash Player AIR Multiple Vulnerabilities February 13, 2013 - 12:14am Addthis PROBLEM: Adobe Flash Player AIR...

10

T-566: Citrix Secure Gateway Unspecified Vulnerability | Department...  

Broader source: Energy.gov (indexed) [DOE]

has been reported in Citrix Secure Gateway, which can be exploited by malicious people to compromise a vulnerable system. reference LINKS: Citrix ID:CTX128168 Secunia...

11

U-187: Adobe Flash Player Multiple Vulnerabilities  

Broader source: Energy.gov [DOE]

Adobe released security updates for Adobe Flash Player 11.2.202.235 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.8 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.9 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

12

V-005: ModSecurity Multipart Message Parsing Security Bypass Vulnerability  

Broader source: Energy.gov [DOE]

SEC Consult has reported a vulnerability in ModSecurity, which can be exploited by malicious people to bypass certain security restrictions.

13

U-013: HP Data Protector Multiple Unspecified Vulnerabilities  

Broader source: Energy.gov [DOE]

Multiple vulnerabilities were reported in HP Data Protector. A remote user can execute arbitrary code on the target system.

14

U-171: DeltaV Products Multiple Vulnerabilities  

Broader source: Energy.gov [DOE]

Multiple vulnerabilities have been reported in DeltaV products, which can be exploited by malicious people to conduct cross-site scripting attacks, SQL injection attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.

15

Climate Change: Conflict, Security and Vulnerability Professor of Climate Change  

E-Print Network [OSTI]

Climate Change: Conflict, Security and Vulnerability Mike Hulme Professor of Climate Change Science, Society and Sustainability Group School of Environmental Sciences Rethinking Climate Change, Conflict security" "increase risk of conflicts among and within nations" #12;· from `climatic change' to `climate-change

Hulme, Mike

16

T-540: Sybase EAServer Multiple Vulnerabilities | Department...  

Broader source: Energy.gov (indexed) [DOE]

and Remote Directory Traversal Vulnerability issues. Addthis Related Articles T-647: PHP File Upload Bug May Let Remote Users Overwrite Files on the Target System U-198: IBM...

17

T-543: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities...  

Broader source: Energy.gov (indexed) [DOE]

T-527: OpenSC Smart Card Serial Number Multiple Buffer Overflow Vulnerabilities U-202: Apple QuickTime Multiple Stack Overflow Vulnerabilities U-207: Pidgin 'mxitshowmessage()'...

18

ISS-011, Vulnerability Assessment Standard 1/3 UCIT INFORMATION SECURITY STANDARDS  

E-Print Network [OSTI]

ISS-011, Vulnerability Assessment Standard 1/3 UCIT INFORMATION SECURITY STANDARDS Vulnerability Assessment Standard Rationale 1 To enable timely identification and mitigation of vulnerabilities and security flaws affecting computing devices within UofC's computing environment. Scope 2 2.1 This standard

Habib, Ayman

19

T-694: IBM Tivoli Federated Identity Manager Products Multiple Vulnerabilities  

Broader source: Energy.gov [DOE]

This Security Alert addresses a serious security issue CVE-2010-4476 (Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number). This vulnerability might cause the Java Runtime Environment to hang, be in infinite loop, and/or crash resulting in a denial of service exposure. This same hang might occur if the number is written without scientific notation (324 decimal places). In addition to the Application Server being exposed to this attack, any Java program using the Double.parseDouble method is also at risk of this exposure including any customer written application or third party written application.

20

V-216: Drupal Monster Menus Module Security Bypass and Script...  

Office of Environmental Management (EM)

Module Security Bypass and Denial of Service Vulnerability U-162: Drupal Multiple Vulnerabilities V-052: Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities...

Note: This page contains sample records for the topic "multiple security vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


21

V-186: Drupal Login Security Module Security Bypass and Denial...  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

U-162: Drupal Multiple Vulnerabilities V-052: Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities V-216: Drupal Monster Menus Module Security Bypass and...

22

V-094: IBM Multiple Products Multiple Vulnerabilities | Department of  

Office of Environmental Management (EM)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May Jun Jul(Summary) "of EnergyEnergyENERGYWomen Owned SmallOf The 2012Nuclear Guide Remote Access08:Energy 94: IBM Multiple

23

V-208: Google Chrome Multiple Vulnerabilities | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May Jun Jul(Summary) "ofEarly Career Scientists' Research Petroleum ReserveDepartmentScriptingVulnerabilities | Department Multiple

24

T-544: Cisco Security Advisory: Cisco Content Services Gateway Vulnerabilities  

Broader source: Energy.gov [DOE]

Cisco IOS Software Release 12.4(24)MD1 on the Cisco CSG2 contains two vulnerabilities that can be exploited by a remote, unauthenticated attacker to create a denial of service condition that prevents traffic from passing through the CSG2. These vulnerabilities require only a single content service to be active on the Cisco CSG2 and can be exploited via crafted TCP packets. A three-way handshake is not required to exploit either of these vulnerabilities.

25

Secure Fragment Allocation in a Distributed Storage System with Heterogeneous Vulnerabilities  

E-Print Network [OSTI]

Secure Fragment Allocation in a Distributed Storage System with Heterogeneous Vulnerabilities Yun--There is a growing demand for large-scale dis- tributed storage systems to support resource sharing and fault attention has yet been paid to security solutions designed for distributed storage systems

Qin, Xiao

26

International Journal of Smart Grid and Clean Energy Smart Grid Security: Threats, Vulnerabilities and Solutions  

E-Print Network [OSTI]

International Journal of Smart Grid and Clean Energy Smart Grid Security: Threats, Vulnerabilities is currently evolving into the smart grid. Smart grid integrates the traditional electrical power grid, controlling and managing the demands of customers. A smart grid is a huge complex network composed of millions

Aloul, Fadi

27

U-116: IBM Tivoli Provisioning Manager Express for Software Distribution Multiple Vulnerabilities  

Broader source: Energy.gov [DOE]

Multiple vulnerabilities have been reported in IBM Tivoli Provisioning Manager Express for Software Distribution, which can be exploited by malicious people to conduct SQL injection attacks and compromise a user's system

28

Using vulnerability assessments to design facility safeguards and security systems  

SciTech Connect (OSTI)

The Weapons Complex Reconfiguration (WCR) Program is meant to prepare the Department of Energy (DOE) weapons complex to meet the needs of the next century through construction of now facilities or upgrades-in-place at existing facilities. This paper describes how a vulnerability (VA) was used to identify potential S&S features for the conceptual design for a plutonium storage facility as part of the WCR Program. We distinguish those features of the design that need to be investigated at the conceptual stage from those that can be evaluated later. We also examined what protection features may allow reduced S&S operating costs, with the main focus on protective force costs. While some of these concepts hold the promise for significantly reducing life-cycle protective force costs, their use depends on resolving long-standing tradeoffs between S&S and safety, which are discussed in the study.

Snell, M.; Jaeger, C.

1994-08-01T23:59:59.000Z

29

T-528: Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities  

Broader source: Energy.gov [DOE]

Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities. Mozilla Firefox, SeaMonkey, and Thunderbird are prone to multiple HTML-injection vulnerabilities. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

30

V-237: TYPO3 Security Bypass Vulnerabilities | Department of Energy  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr MayAtmosphericNuclear SecurityTensile Strain Switched Ferromagnetism inS-4500II Field EmissionFunctionalPortalV > 111 \il3:7: TYPO3

31

U-104: Adobe Flash Player Multiple Vulnerabilities | Department...  

Broader source: Energy.gov (indexed) [DOE]

have been reported in Adobe Flash Player, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and...

32

Physical Security System Sensitivity to DBT Perturbations  

E-Print Network [OSTI]

, multiple scenarios are assessed that test different sets of adversary capabilities to better uncover and understand any security system vulnerabilities that may exist. We believe the benefit of identifying these site-specific security vulnerabilities...

Conchewski, Curtis

2012-10-19T23:59:59.000Z

33

U-197: Cisco Adaptive Security Appliances Denial of Service Vulnerability |  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Delicious Rank EERE:YearRound-Up from theDepartment of EnergyTheDepartment of1: Oracle Java MultipleDepartment of

34

V-207: Wireshark Multiple Denial of Service Vulnerabilities | Department of  

Broader source: Energy.gov (indexed) [DOE]

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May Jun Jul(Summary) "ofEarly Career Scientists' Research Petroleum ReserveDepartmentScriptingVulnerabilities | Department

35

V-214: Mozilla Firefox Multiple Vulnerabilities | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May Jun Jul(Summary) "ofEarly Career Scientists' Research Petroleum ReserveDepartmentScriptingVulnerabilities |Energy

36

ISSO Information Alert Multiple Vulnerabilities in Adobe Flash  

E-Print Network [OSTI]

SHARING AND ANALYSIS CENTER CYBER SECURITY ADVISORY MS-ISAC ADVISORY NUMBER: 2012-014 DATE(S) ISSUED: 3 to take complete control of affected systems. Adobe Flash Player is a widely distributed multimedia or URL and distributes that file or URL to unsuspecting users via e-mail or some other means. When

Dyer, Bill

37

V-119: IBM Security AppScan Enterprise Multiple Vulnerabilities |  

Broader source: Energy.gov (indexed) [DOE]

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May Jun Jul(Summary) "ofEarlyEnergyDepartment of EnergyProgram2-26TheUtility-Scale Wind &AppleDepartmentofDepartment of

38

U-169: Sympa Multiple Security Bypass Vulnerabilities | Department of  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Delicious RankCombustion |Energy Usage »of EnergyTheTwo New Energy Storage6Scripting Attacks |Service |

39

T-527: OpenSC Smart Card Serial Number Multiple Buffer Overflow Vulnerabilities  

Broader source: Energy.gov [DOE]

OpenSC is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

40

V-081: Wireshark Multiple Vulnerabilities | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May Jun Jul(Summary) "ofEarlyEnergyDepartment of EnergyProgram2-26TheUtility-Scale Wind &Apple iOS MultipleWireshark

Note: This page contains sample records for the topic "multiple security vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


41

V-131: Adobe Shockwave Player Multiple Vulnerabilities | Department of  

Broader source: Energy.gov (indexed) [DOE]

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May Jun Jul(Summary) "ofEarlyEnergyDepartment of EnergyProgram2-26TheUtility-Scale WindDepartment ofEnergy Multiple

42

U-191: Oracle Java Multiple Vulnerabilities | Department of Energy  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Delicious Rank EERE:YearRound-Up from theDepartment of EnergyTheDepartment of1: Oracle Java Multiple

43

U-198: IBM Lotus Expeditor Multiple Vulnerabilities | Department of Energy  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Delicious Rank EERE:YearRound-Up from theDepartment of EnergyTheDepartment of1: Oracle Java MultipleDepartment of8:

44

V-187: Mozilla Firefox Multiple Vulnerabilities | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May Jun Jul(Summary) "ofEarly Career Scientists' Research Petroleum ReserveDepartmentScripting AttacksThere isAttacks |Multiple

45

SUPPORTING END-TO-END SECURITY ACROSS PROXIES WITH MULTIPLE-  

E-Print Network [OSTI]

SUPPORTING END-TO-END SECURITY ACROSS PROXIES WITH MULTIPLE- CHANNEL SSL Yong Song, Victor C Columbia, 2356 Main Mall, Vancouver, BC V6T 1Z4, Canada Abstract: Secure Socket Layer (SSL) has functional used by clients to communicate with servers. This paper introduces Multiple-Channel SSL (MC-SSL

46

The ASSESS (Analytic System and Software for Evaluating Safeguards and Security) Outsider module with multiple analyses  

SciTech Connect (OSTI)

The Analytic System and Software for Evaluating Safeguards and Security (ASSESS) includes modules for analyzing vulnerabilities against outsider and insider adversaries. The ASSESS Outsider Analysis Module has been upgraded to allow for defining, analyzing, and displaying the results of multiple analyses. Once a set of threat definitions have been defined in one Outsider file, they can be readily copied to other Outsider files. This multiple analysis, or batch, mode of operation provides an efficient way of covering the standard DOE outsider threat spectrum. A new approach for coupling the probability of interruption, P(I), values and values calculated by the ASSESS Neutralization module has been implemented in Outsider and is described. An enhanced capability for printing results of these multiple analyses is also included in the upgraded Outside module. 7 refs., 7 figs., 1 tab.

Snell, M.K.; Winblad, A.E. (Sandia National Labs., Albuquerque, NM (USA)); Bingham, B.; Key, B.; Walker, S. (Science and Engineering Associates, Inc., Albuquerque, NM (USA))

1990-01-01T23:59:59.000Z

47

V-211: IBM iNotes Multiple Vulnerabilities | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May Jun Jul(Summary) "ofEarly Career Scientists' Research Petroleum ReserveDepartmentScriptingVulnerabilities | DepartmentMultiple

48

Using Multiple Unmanned Systems for a Site Security Task  

SciTech Connect (OSTI)

Unmanned systems are often used to augment the ability of humans to perform challenging tasks. While the value of individual unmanned vehicles have been proven for a variety of tasks, it is less understood how multiple unmanned systems should be used together to accomplish larger missions such as site security. The purpose of this paper is to discuss efforts by researchers at the Idaho National Laboratory (INL) to explore the utility and practicality of operating multiple unmanned systems for a site security mission. This paper reviews the technology developed for a multi-agent mission and summarizes the lessons-learned from a technology demonstration.

Matthew O. Anderson; Curtis W. Nielsen; Mark D. McKay; Derek C. Wadsworth; Ryan C. Hruska; John A. Koudelka

2009-04-01T23:59:59.000Z

49

U-126: Cisco Adaptive Security Appliances Port Forwarder ActiveX Control Buffer Overflow Vulnerability  

Broader source: Energy.gov [DOE]

A vulnerability was reported in Cisco ASA. A remote user can cause arbitrary code to be executed on the target user's system.

50

V-021: Cisco IronPort Web / Email Security Appliance Sophos Anti...  

Broader source: Energy.gov (indexed) [DOE]

1: Cisco IronPort Web Email Security Appliance Sophos Anti-Virus Multiple Vulnerabilities V-021: Cisco IronPort Web Email Security Appliance Sophos Anti-Virus Multiple...

51

Visual analysis of code security  

SciTech Connect (OSTI)

To help increase the confidence that software is secure, researchers and vendors have developed different kinds of automated software security analysis tools. These tools analyze software for weaknesses and vulnerabilities, but the individual tools catch different vulnerabilities and produce voluminous data with many false positives. This paper describes a system that brings together the results of disparate software analysis tools into a visual environment to support the triage and exploration of code vulnerabilities. Our system allows software developers to explore vulnerability results to uncover hidden trends, triage the most important code weaknesses, and show who is responsible for introducing software vulnerabilities. By correlating and normalizing multiple software analysis tools' data, the overall vulnerability detection coverage of software is increased. A visual overview and powerful interaction allows the user to focus attention on the most pressing vulnerabilities within huge volumes of data, and streamlines the secure software development workflow through integration with development tools.

Goodall, John R [ORNL] [ORNL; Radwan, Hassan [Applied Visions, Inc.] [Applied Visions, Inc.; Halseth, Lenny [Applied Visions, Inc.] [Applied Visions, Inc.

2010-01-01T23:59:59.000Z

52

k-Zero Day Safety: A Network Security Metric for Measuring the Risk of Unknown Vulnerabilities  

E-Print Network [OSTI]

systems at nuclear power plants, implanted heart de brillators, and military satellites. One of the main. However, the scale and severity of security threats to computer networks have continued to grow at an ever

Wang, Lingyu

53

k-Zero Day Safety: A Network Security Metric for Measuring the Risk of Unknown Vulnerabilities  

E-Print Network [OSTI]

but also industrial control systems at nuclear power plants, implanted heart defibrillators, and military are increasingly dependent. However, the scale and severity of security threats to computer networks have continued

Noel, Steven

54

Using Violation and Vulnerability Analysis to Understand the Root-Causes of Complex Security Incidents  

E-Print Network [OSTI]

Incidents C.W. Johnson Dept. of Computing Science, University of Glasgow, Glasgow, Scotland. http Department of Energy has also established the Information Security Resource Center to coordinate the `root is appropriate because it included failures in the underlying audit and control mechanisms. It also stemmed from

Johnson, Chris

55

Microsoft Word - MitigationsForVulnerabilitiesInCSNetworks.doc  

Broader source: Energy.gov (indexed) [DOE]

for Security Vulnerabilities Found in Control System Networks May Permann John Hammer Computer Security Researcher Computer Security Researcher Communications & Cyber Security...

56

T-597: WordPress Multiple Security Vulnerabilities | Department of Energy  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Delicious RankCombustion |Energy Usage »of Energy Strain Rate4SuperhardSuspectEnginesSystemsForgery7: WordPress

57

Multiple Tenure/Tenure-Track Faculty Positions Software Engineering Focus: CyberSecurity and Big Data  

E-Print Network [OSTI]

Multiple Tenure/Tenure-Track Faculty Positions Software Engineering Focus: CyberSecurity and Big to cybersecurity and big data. Outstanding candidates from all areas of software engineering and computer science

Carver, Jeffrey C.

58

V-080: Apple iOS Multiple Vulnerabilities | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May Jun Jul(Summary) "ofEarlyEnergyDepartment of EnergyProgram2-26TheUtility-Scale Wind &Apple iOS Multiple

59

Public views on multiple dimensions of security : nuclear waepons, terrorism, energy, and the environment : 2007.  

SciTech Connect (OSTI)

We analyze and compare findings from identical national surveys of the US general public on nuclear security and terrorism administered by telephone and Internet in mid-2007. Key areas of investigation include assessments of threats to US security; valuations of US nuclear weapons and nuclear deterrence; perspectives on nuclear proliferation, including the specific cases of North Korea and Iran; and support for investments in nuclear weapons capabilities. Our analysis of public views on terrorism include assessments of the current threat, progress in the struggle against terrorism, preferences for responding to terrorist attacks at different levels of assumed casualties, and support for domestic policies intended to reduce the threat of terrorism. Also we report findings from an Internet survey conducted in mid 2007 that investigates public views of US energy security, to include: energy supplies and reliability; energy vulnerabilities and threats, and relationships among security, costs, energy dependence, alternative sources, and research and investment priorities. We analyze public assessments of nuclear energy risks and benefits, nuclear materials management issues, and preferences for the future of nuclear energy in the US. Additionally, we investigate environmental issues as they relate to energy security, to include expected implications of global climate change, and relationships among environmental issues and potential policy options.

Herron, Kerry Gale (University of Oklahoma, Norman, OK); Jenkins-Smith, Hank C. (University of Oklahoma, Norman, OK)

2008-01-01T23:59:59.000Z

60

Security  

Broader source: Energy.gov [DOE]

Security refers to the security of the stream of principal and interest repayments and what happens in the event that a secured loan defaults.

Note: This page contains sample records for the topic "multiple security vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


61

Security Science & Technology | Nuclear Science | ORNL  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Nuclear Security Science & Technology Border Security Comprehensive Vulnerability and Threat Analysis Consequence Management, Safeguards, and Non-Proliferation Tools Export...

62

Vendor System Vulnerability Testing Test Plan  

SciTech Connect (OSTI)

The Idaho National Laboratory (INL) prepared this generic test plan to provide clients (vendors, end users, program sponsors, etc.) with a sense of the scope and depth of vulnerability testing performed at the INLs Supervisory Control and Data Acquisition (SCADA) Test Bed and to serve as an example of such a plan. Although this test plan specifically addresses vulnerability testing of systems applied to the energy sector (electric/power transmission and distribution and oil and gas systems), it is generic enough to be applied to control systems used in other critical infrastructures such as the transportation sector, water/waste water sector, or hazardous chemical production facilities. The SCADA Test Bed is established at the INL as a testing environment to evaluate the security vulnerabilities of SCADA systems, energy management systems (EMS), and distributed control systems. It now supports multiple programs sponsored by the U.S. Department of Energy, the U.S. Department of Homeland Security, other government agencies, and private sector clients. This particular test plan applies to testing conducted on a SCADA/EMS provided by a vendor. Before performing detailed vulnerability testing of a SCADA/EMS, an as delivered baseline examination of the system is conducted, to establish a starting point for all-subsequent testing. The series of baseline tests document factory delivered defaults, system configuration, and potential configuration changes to aid in the development of a security plan for in depth vulnerability testing. The baseline test document is provided to the System Provider,a who evaluates the baseline report and provides recommendations to the system configuration to enhance the security profile of the baseline system. Vulnerability testing is then conducted at the SCADA Test Bed, which provides an in-depth security analysis of the Vendors system.b a. The term System Provider replaces the name of the company/organization providing the system being evaluated. This can be the system manufacturer, a system user, or a third party organization such as a government agency. b. The term Vendor (or Vendors) System replaces the name of the specific SCADA/EMS being tested.

James R. Davidson

2005-01-01T23:59:59.000Z

63

T-614: Cisco Unified Communications Manager Database Security...  

Energy Savers [EERE]

614: Cisco Unified Communications Manager Database Security Vulnerability T-614: Cisco Unified Communications Manager Database Security Vulnerability May 3, 2011 - 7:37am Addthis...

64

U-200: Red Hat Directory Server Information Disclosure Security...  

Broader source: Energy.gov (indexed) [DOE]

0: Red Hat Directory Server Information Disclosure Security Issue and Vulnerability U-200: Red Hat Directory Server Information Disclosure Security Issue and Vulnerability June 27,...

65

T-550: Apache Denial of Service Vulnerability | Department of...  

Broader source: Energy.gov (indexed) [DOE]

1.2.8 Multiple Vulnerabilities U-221: ISC BIND 9 DNSSEC Validation CVE-2012-3817 Denial of Service Vulnerability T-616: PHP Stream Component Remote Denial of Service Vulnerability...

66

Common Control System Vulnerability  

SciTech Connect (OSTI)

The Control Systems Security Program and other programs within the Idaho National Laboratory have discovered a vulnerability common to control systems in all sectors that allows an attacker to penetrate most control systems, spoof the operator, and gain full control of targeted system elements. This vulnerability has been identified on several systems that have been evaluated at INL, and in each case a 100% success rate of completing the attack paths that lead to full system compromise was observed. Since these systems are employed in multiple critical infrastructure sectors, this vulnerability is deemed common to control systems in all sectors. Modern control systems architectures can be considered analogous to today's information networks, and as such are usually approached by attackers using a common attack methodology to penetrate deeper and deeper into the network. This approach often is composed of several phases, including gaining access to the control network, reconnaissance, profiling of vulnerabilities, launching attacks, escalating privilege, maintaining access, and obscuring or removing information that indicates that an intruder was on the system. With irrefutable proof that an external attack can lead to a compromise of a computing resource on the organization's business local area network (LAN), access to the control network is usually considered the first phase in the attack plan. Once the attacker gains access to the control network through direct connections and/or the business LAN, the second phase of reconnaissance begins with traffic analysis within the control domain. Thus, the communications between the workstations and the field device controllers can be monitored and evaluated, allowing an attacker to capture, analyze, and evaluate the commands sent among the control equipment. Through manipulation of the communication protocols of control systems (a process generally referred to as ''reverse engineering''), an attacker can then map out the control system processes and functions. With the detailed knowledge of how the control data functions, as well as what computers and devices communicate using this data, the attacker can use a well known Man-in-the-Middle attack to perform malicious operations virtually undetected. The control systems assessment teams have used this method to gather enough information about the system to craft an attack that intercepts and changes the information flow between the end devices (controllers) and the human machine interface (HMI and/or workstation). Using this attack, the cyber assessment team has been able to demonstrate complete manipulation of devices in control systems while simultaneously modifying the data flowing back to the operator's console to give false information of the state of the system (known as ''spoofing''). This is a very effective technique for a control system attack because it allows the attacker to manipulate the system and the operator's situational awareness of the perceived system status. The three main elements of this attack technique are: (1) network reconnaissance and data gathering, (2) reverse engineering, and (3) the Man-in-the-Middle attack. The details of this attack technique and the mitigation techniques are discussed.

Trent Nelson

2005-12-01T23:59:59.000Z

67

Chemical-Terrorism Vulnerability Information Guidance Document January 7, 2011  

E-Print Network [OSTI]

.215; Not currently applicable (2) Site Security Plans under §27.225; Not currently applicable (3) Documents relating to the Department's review and approval of Security Vulnerability Assessments and Site Security Plans, including

Pawlowski, Wojtek

68

Energy vulnerability relationships  

SciTech Connect (OSTI)

The US consumption of crude oil resources has been a steadily growing indicator of the vitality and strength of the US economy. At the same time import diversity has also been a rapidly developing dimension of the import picture. In the early 1970`s, embargoes of crude oil from Organization of Producing and Exporting Countries (OPEC) created economic and political havoc due to a significant lack of diversity and a unique set of economic, political and domestic regulatory circumstances. The continued rise of imports has again led to concerns over the security of our crude oil resource but threats to this system must be considered in light of the diversity and current setting of imported oil. This report develops several important issues concerning vulnerability to the disruption of oil imports: (1) The Middle East is not the major supplier of oil to the United States, (2) The US is not vulnerable to having its entire import stream disrupted, (3) Even in stable countries, there exist vulnerabilities to disruption of the export stream of oil, (4) Vulnerability reduction requires a focus on international solutions, and (5) DOE program and policy development must reflect the requirements of the diverse supply. Does this increasing proportion of imported oil create a {open_quotes}dependence{close_quotes}? Does this increasing proportion of imported oil present a vulnerability to {open_quotes}price shocks{close_quotes} and the tremendous dislocations experienced during the 1970`s? Finally, what is the vulnerability of supply disruptions from the current sources of imported oil? If oil is considered to be a finite, rapidly depleting resource, then the answers to these questions must be {open_quotes}yes.{close_quotes} However, if the supply of oil is expanding, and not limited, then dependence is relative to regional supply sources.

Shaw, B.R.; Boesen, J.L.

1998-02-01T23:59:59.000Z

69

Energy Security Initiatives Update  

Broader source: Energy.gov (indexed) [DOE]

-- Aurora Electrical System Vulnerability Assessment and Mitigation Actions FUPWG-EEI CA Net Zero Energy Initiative (Vandenberg AFB, CA) Energy Security Tiger Team Visit (Ft...

70

Control Systems Security  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

systems within the nation's critical infrastructure. The CSSP assists control systems vendors and asset ownersoperators in identifying security vulnerabilities and developing...

71

Are Vulnerability Disclosure Deadlines Justified?  

SciTech Connect (OSTI)

Vulnerability research organizations Rapid7, Google Security team, and Zero Day Initiative recently imposed grace periods for public disclosure of vulnerabilities. The grace periods ranged from 45 to 182 days, after which disclosure might occur with or without an effective mitigation from the affected software vendor. At this time there is indirect evidence that the shorter grace periods of 45 and 60 days may not be practical. However, there is strong evidence that the recently announced Zero Day Initiative grace period of 182 days yields benefit in speeding up the patch creation process, and may be practical for many software products. Unfortunately, there is also evidence that the 182 day grace period results in more vulnerability announcements without an available patch.

Miles McQueen; Jason L. Wright; Lawrence Wellman

2011-09-01T23:59:59.000Z

72

T-674: Drupal Secure Password Hashes Module Security Bypass Vulnerabil...  

Broader source: Energy.gov (indexed) [DOE]

or later. Addthis Related Articles V-052: Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities V-216: Drupal Monster Menus Module Security Bypass and...

73

David Telles wins NNSA Security  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

who conduct vulnerability analyses, authored the LANL Site Safeguards and Security Plan, and administered the Lab's Performance Assurance Program. Under his leadership,...

74

V-125: Cisco Connected Grid Network Management System Multiple...  

Broader source: Energy.gov (indexed) [DOE]

5: Cisco Connected Grid Network Management System Multiple Vulnerabilities V-125: Cisco Connected Grid Network Management System Multiple Vulnerabilities April 3, 2013 - 1:44am...

75

V-205: IBM Tivoli System Automation for Multiplatforms Java Multiple...  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

5: IBM Tivoli System Automation for Multiplatforms Java Multiple Vulnerabilities V-205: IBM Tivoli System Automation for Multiplatforms Java Multiple Vulnerabilities July 29, 2013...

76

T-532: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution  

Broader source: Energy.gov [DOE]

Microsoft is investigating new public reports of a vulnerability in the Windows Graphics Rendering Engine. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the logged-on user.

77

Study of Security Attributes of Smart Grid Systems- Current Cyber Security Issues  

SciTech Connect (OSTI)

This document provides information for a report to congress on Smart Grid security as required by Section 1309 of Title XIII of the Energy Independence and Security Act of 2007. The security of any future Smart Grid is dependent on successfully addressing the cyber security issues associated with the nations current power grid. Smart Grid will utilize numerous legacy systems and technologies that are currently installed. Therefore, known vulnerabilities in these legacy systems must be remediated and associated risks mitigated in order to increase the security and success of the Smart Grid. The implementation of Smart Grid will include the deployment of many new technologies and multiple communication infrastructures. This report describes the main technologies that support Smart Grid and summarizes the status of implementation into the existing U.S. electrical infrastructure.

Wayne F. Boyer; Scott A. McBride

2009-04-01T23:59:59.000Z

78

Cyber Security Audit and Attack Detection Toolkit: National SCADA...  

Broader source: Energy.gov (indexed) [DOE]

project of the cyber security audit and attack detection toolkit is adding control system intelligence to widely deployed enterprise vulnerability scanners and security event...

79

Increasing Automated Vulnerability Assessment Accuracy on Cloud and Grid Middleware  

E-Print Network [OSTI]

Hadron Collider by the CERN, up to industrial (water, power, electricity, oil, gas, etc.) distributed of critical and complex vulnerabilities. In addition, frequently middleware systems bases their security are safe. Therefore, security of distributed systems have been placed under the watchful eye of security

Miller, Barton P.

80

Architecture-level Simulations with Rapid Power Estimations for Security Processors with Multiple Power Domains  

E-Print Network [OSTI]

,tingting}@cs.nthu.edu.tw Abstract-- The power dissipation is the concern for SoC de- signs and embedded systems to extend battery- cal model, a workload generator, power parameter banks, versa- tile outputs, and succinct GUIs companies and IC design houses are working with clock gating, power gating, multiple frequen- cies

Lee, Jenq-Kuen

Note: This page contains sample records for the topic "multiple security vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


81

Advanced Vulnerability Analysis and Intrusion Detection Through Predictive Attack Graphs  

E-Print Network [OSTI]

Advanced Vulnerability Analysis and Intrusion Detection Through Predictive Attack Graphs Steven, without considering how they contribute to overall attack risk. Similarly, intrusion alarms are logged threats, complexity of security data, and network growth. Our approach to network defense applies attack

Noel, Steven

82

Indirection and computer security.  

SciTech Connect (OSTI)

The discipline of computer science is built on indirection. David Wheeler famously said, 'All problems in computer science can be solved by another layer of indirection. But that usually will create another problem'. We propose that every computer security vulnerability is yet another problem created by the indirections in system designs and that focusing on the indirections involved is a better way to design, evaluate, and compare security solutions. We are not proposing that indirection be avoided when solving problems, but that understanding the relationships between indirections and vulnerabilities is key to securing computer systems. Using this perspective, we analyze common vulnerabilities that plague our computer systems, consider the effectiveness of currently available security solutions, and propose several new security solutions.

Berg, Michael J.

2011-09-01T23:59:59.000Z

83

Analyses Of Two End-User Software Vulnerability Exposure Metrics  

SciTech Connect (OSTI)

The risk due to software vulnerabilities will not be completely resolved in the near future. Instead, putting reliable vulnerability measures into the hands of end-users so that informed decisions can be made regarding the relative security exposure incurred by choosing one software package over another is of importance. To that end, we propose two new security metrics, average active vulnerabilities (AAV) and vulnerability free days (VFD). These metrics capture both the speed with which new vulnerabilities are reported to vendors and the rate at which software vendors fix them. We then examine how the metrics are computed using currently available datasets and demonstrate their estimation in a simulation experiment using four different browsers as a case study. Finally, we discuss how the metrics may be used by the various stakeholders of software and to software usage decisions.

Jason L. Wright; Miles McQueen; Lawrence Wellman

2012-08-01T23:59:59.000Z

84

Proceedings of Student-Faculty Research Day, CSIS, Pace University, May 8th Virtual Forensics: Social Network Security Solutions  

E-Print Network [OSTI]

Forensics: Social Network Security Solutions Marilyn Silva, Rajeswari Ian, Anu Nagpal, Anthony Glover, Steve; Digital Dossier Aggregation Vulnerabilities; Secondary Data Collection Vulnerabilities; Face Recognition

Tappert, Charles

85

V-132: IBM Tivoli System Automation Application Manager Multiple...  

Broader source: Energy.gov (indexed) [DOE]

IBM has acknowledged multiple vulnerabilities in IBM Tivoli System Automation Application Manager PLATFORM: The vulnerabilities are reported in IBM Tivoli System Automation...

86

Apparatus and method supporting wireless access to multiple security layers in an industrial control and automation system or other system  

DOE Patents [OSTI]

A method includes receiving a message at a first wireless node. The first wireless node is associated with a first wired network, and the first wired network is associated with a first security layer. The method also includes transmitting the message over the first wired network when at least one destination of the message is located in the first security layer. The method further includes wirelessly transmitting the message for delivery to a second wireless node when at least one destination of the message is located in a second security layer. The second wireless node is associated with a second wired network, and the second wired network is associated with the second security layer. The first and second security layers may be associated with different security paradigms and/or different security domains. Also, the message could be associated with destinations in the first and second security layers.

Chen, Yu-Gene T.

2013-04-16T23:59:59.000Z

87

Ecosystem Vulnerability Assessment - Patterns of Climate Change...  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

Ecosystem Vulnerability Assessment - Patterns of Climate Change Vulnerability in the Southwest Ecosystem Vulnerability Assessment - Patterns of Climate Change Vulnerability in the...

88

Cyber Security Companies, governments, and consumers depend on secure and reliable  

E-Print Network [OSTI]

Cyber Security Companies, governments, and consumers depend on secure and reliable computer-speed computers all introduce new cyber-security challenges. Cyber- security researchers at the University in the software development cycle. e also creates secure authentication protocols for vulnerable distributed

Hill, Wendell T.

89

Development of a Software SecurityAssessment Instrument to Reduce Software SecurityRisk  

E-Print Network [OSTI]

system, has vulnerabilities. (SAT) for use in the software development and maintenance life cycle throughout the sofhvare development and maintenance life cycle. The. security assessment instrument includes security assessment for use in the software development and maintenance life cycle. Currently

Bishop, Matt

90

U-101: Mozilla Firefox / Thunderbird / SeaMonkey XBL Binding Use-After-Free Vulnerability  

Broader source: Energy.gov [DOE]

A vulnerability has been reported in multiple Mozilla products, which can be exploited by malicious people to compromise a user's system.

91

T-668: Vulnerability in a BlackBerry Enterprise Server component could allow information disclosure and partial denial of service  

Broader source: Energy.gov [DOE]

This advisory describes a security issue in the BlackBerry Administration API component. Successful exploitation of the vulnerability could result in information disclosure and partial denial of service (DoS). The BlackBerry Administration API is a BlackBerry Enterprise Server component that is installed on the server that hosts the BlackBerry Administration Service. The BlackBerry Administration API contains multiple web services that receive API requests from client applications. The BlackBerry Administration API then translates requests into a format that the BlackBerry Administration Service can process.

92

U-100: Google Chrome Multiple Vulnerabilities  

Broader source: Energy.gov [DOE]

A remote user can create a specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

93

Plutonium Vulnerability Management Plan  

SciTech Connect (OSTI)

This Plutonium Vulnerability Management Plan describes the Department of Energy`s response to the vulnerabilities identified in the Plutonium Working Group Report which are a result of the cessation of nuclear weapons production. The responses contained in this document are only part of an overall, coordinated approach designed to enable the Department to accelerate conversion of all nuclear materials, including plutonium, to forms suitable for safe, interim storage. The overall actions being taken are discussed in detail in the Department`s Implementation Plan in response to the Defense Nuclear Facilities Safety Board (DNFSB) Recommendation 94-1. This is included as Attachment B.

NONE

1995-03-01T23:59:59.000Z

94

Vulnerability Scanning Policy 1 Introduction  

E-Print Network [OSTI]

component of any computer security plan as it provides feedback on the effectiveness of security procedures

95

Lessons Learned from Cyber Security Assessments of SCADA and...  

Energy Savers [EERE]

Energy Management Systems Results from ten cyber security vulnerability assessments of process control, SCADA, and energy management systems were reviewed to identify common...

96

David Telles wins NNSA Security Professional of the Year award  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

who conduct vulnerability analyses, authored the LANL Site Safeguards and Security Plan, and administered the Lab's Performance Assurance Program. Under his leadership,...

97

V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerabil...  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

vulnerability has been reported in Apache Struts, which can be exploited by malicious people to bypass certain security restrictions. REFERENCE LINKS: Secunia Advisory SA53495...

98

T-527: OpenSC Smart Card Serial Number Multiple Buffer Overflow...  

Broader source: Energy.gov (indexed) [DOE]

Pidgin 'mxitshowmessage()' Function Stack-Based Buffer Overflow Vulnerability U-202: Apple QuickTime Multiple Stack Overflow Vulnerabilities T-543: Wireshark 0.8.20 through...

99

T-625: Opera Frameset Handling Memory Corruption Vulnerability...  

Broader source: Energy.gov (indexed) [DOE]

security and stability enhancements. Opera Download Addthis Related Articles V-164: Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code V-105: Google Chrome...

100

Supercomputing and Energy in China: How Investment in HPC Affects Oil Security  

E-Print Network [OSTI]

in HPC Affects Oil Security Jordan WILSON Researcher, StudyChinas energy security challenge briefly, an oil deficit ofOil Weapon: Myth of Chinas Vulnerability, China Security,

WILSON, Jordan

2014-01-01T23:59:59.000Z

Note: This page contains sample records for the topic "multiple security vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


101

T-611: Cisco IOS OCSP Revoked Certificate Security Issue | Department...  

Broader source: Energy.gov (indexed) [DOE]

Addthis Related Articles U-138: Cisco IOS IPSec IKE Unspecified Denial of Service Vulnerability V-080: Apple iOS Multiple Vulnerabilities U-196: Cisco AnyConnect VPN Client Two...

102

Defining and Enforcing Referential Security Jed Liu Andrew C. Myers  

E-Print Network [OSTI]

integrity can itself lead to security vulnerabilities that are not currently well understood. This paper. Referential integrity, which guarantees that named resources can be accessed when referenced, is an important identifies three kinds of referential security vulnerabilities related to the ref- erential integrity

Myers, Andrew C.

103

Improving application security with data flow assertions  

E-Print Network [OSTI]

Resin is a new language runtime that helps prevent security vulnerabilities, by allowing programmers to specify application-level data flow assertions. Resin provides policy objects, which programmers use to specify assertion ...

Yip, Alexander

104

CLIMATE CHANGE AND WATER SUPPLY SECURITY  

E-Print Network [OSTI]

CLIMATE CHANGE AND WATER SUPPLY SECURITY: Reconfiguring Groundwater Management to Reduce with climate change, present a significant planning challenge for California's water agencies. This research Drought Vulnerability A White Paper from the California Energy Commission's California Climate

105

Cyber Security Testing and Training Programs for Industrial Control Systems  

SciTech Connect (OSTI)

Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall security posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These trainings vary from web-based cyber security trainings for control systems engineers to more advanced hands-on training that culminates with a Red Team/ Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors.

Daniel Noyes

2012-03-01T23:59:59.000Z

106

AP1000 Design for Security  

SciTech Connect (OSTI)

Nuclear power plants are protected from potential security threats through a combination of robust structures around the primary system and other vital equipment, security systems and equipment, and defensive strategy. The overall objective for nuclear power plant security is to protect public health and safety by ensuring that attacks or sabotage do not challenge the ability to safely shutdown the plant or protect from radiological releases. In addition, plants have systems, features and operational strategies to cope with external conditions, such as loss of offsite power, which could be created as part of an attack. Westinghouse considered potential security threats during design of the AP1000 PWR. The differences in plant configuration, safety system design, and safe shutdown equipment between existing plants and AP1000 affect potential vulnerabilities. This paper provides an evaluation of AP1000 with respect to vulnerabilities to security threats. The AP1000 design differs from the design of operating PWRs in the US in the configuration and the functional requirements for safety systems. These differences are intentional departures from conventional PWR designs which simplify plant design and enhance overall safety. The differences between the AP1000 PWR and conventional PWRs can impact vulnerabilities to security threats. The NRC addressed security concerns as part of their reviews for AP1000 Design Certification, and did not identify any security issues of concern. However, much of the detailed security design information for the AP1000 was deferred to the combined Construction and Operating License (COL) phase as many of the security issues are site-specific. Therefore, NRC review of security issues related to the AP1000 is not necessarily complete. Further, since the AP1000 plant design differs from existing PWRs, it is not obvious that the analyses and assessments prepared for existing plants also apply to the AP1000. We conclude that, overall, the AP1000 is less vulnerable to security threats such as malevolent use of vehicles (land, water or air), than are conventional PWRs. Further, the AP1000 is less vulnerable to external events (e.g., loss of transmission) than conventional PWRs. For some of the threats evaluated the AP1000 is comparable to conventional PWRs, while for other threats the AP1000 is inherently less vulnerable. (authors)

Long, L.B. [Southern Nuclear Operating Company, 40 Inverness Center Parkway, Birmingham, AL 35242 (United States); Cummins, W.E.; Winters, J.W. [Westinghouse Electric Company, 4350 Northern Pike, Monroeville, PA 15146 (United States)

2006-07-01T23:59:59.000Z

107

Vulnerability of SSL to Chosen-Plaintext Attack Gregory V. Bard  

E-Print Network [OSTI]

Vulnerability of SSL to Chosen-Plaintext Attack Gregory V. Bard #3; May 11, 2004 Abstract The Secure Sockets Layer (SSL) protocol is widely used for securing communication over the Internet. When utilizing block ciphers for encryption, the SSL standard mandates the use of the cipher block chaining (CBC

108

Vulnerability of SSL to Chosen-Plaintext Attack Gregory V. Bard  

E-Print Network [OSTI]

Vulnerability of SSL to Chosen-Plaintext Attack Gregory V. Bard May 11, 2004 Abstract The Secure Sockets Layer (SSL) protocol is widely used for securing communication over the Internet. When utilizing block ciphers for encryption, the SSL standard mandates the use of the cipher block chaining (CBC) mode

109

LESSONS LEARNED FROM CYBER SECURITY ASSESSMENTS OF SCADA AND ENERGY MANAGEMENT SYSTEMS  

SciTech Connect (OSTI)

The results from ten cyber security vulnerability assessments of process control, SCADA and energy management systems, or components of those systems were reviewed to identify common problem areas. The common vulnerabilities ranged from conventional IT security issues to specific weaknesses in control system protocols. In each vulnerability category, relative measures were assigned to the severity of the vulnerability and ease with which an attacker could exploit the vulnerability. Suggested mitigations are identified in each category. Recommended mitigations having the highest impact on reducing vulnerability are listed for asset owners and system vendors.

Ray Fink

2006-10-01T23:59:59.000Z

110

Departmental Personnel Security- Clearance Automation  

Broader source: Energy.gov [DOE]

The primary objective of the DOE Integrated Security System (eDISS+) Initiative is to support the integration of multiple DOE security systems and databases. This integrated environment provides...

111

V-040: Apache Tomcat Bug Lets Remote Users Bypass Security Constraints...  

Broader source: Energy.gov (indexed) [DOE]

ABSTRACT: A vulnerability was reported in Apache Tomcat. REFERENCE LINKS: Apache Tomcat Red Hat Bugzilla - Bug 883634 SecurityTracker Alert ID: 1027833 CVE-2012-3546 IMPACT...

112

U-174: Serendipity Unspecified SQL Injection Vulnerability |...  

Broader source: Energy.gov (indexed) [DOE]

4: Serendipity Unspecified SQL Injection Vulnerability U-174: Serendipity Unspecified SQL Injection Vulnerability May 22, 2012 - 7:00am Addthis PROBLEM: Serendipity Unspecified SQL...

113

Test & Security G. DiNatale, M. Doulcier, M-L. Flottes, B. Rouzeyre  

E-Print Network [OSTI]

LIRMMLIRMM Test & Security G. DiNatale, M. Doulcier, M-L. Flottes, B. Rouzeyre Pastis 2008 lirmm-00365276,version1-2Mar2009 #12;LIRMM Circuit testing is mandatory to guarantee a good security level A hardware defect may induce some security vulnerability But Test & Security : the dilemma Test Security

Paris-Sud XI, Université de

114

Method and tool for network vulnerability analysis  

DOE Patents [OSTI]

A computer system analysis tool and method that will allow for qualitative and quantitative assessment of security attributes and vulnerabilities in systems including computer networks. The invention is based on generation of attack graphs wherein each node represents a possible attack state and each edge represents a change in state caused by a single action taken by an attacker or unwitting assistant. Edges are weighted using metrics such as attacker effort, likelihood of attack success, or time to succeed. Generation of an attack graph is accomplished by matching information about attack requirements (specified in "attack templates") to information about computer system configuration (contained in a configuration file that can be updated to reflect system changes occurring during the course of an attack) and assumed attacker capabilities (reflected in "attacker profiles"). High risk attack paths, which correspond to those considered suited to application of attack countermeasures given limited resources for applying countermeasures, are identified by finding "epsilon optimal paths."

Swiler, Laura Painton (Albuquerque, NM); Phillips, Cynthia A. (Albuquerque, NM)

2006-03-14T23:59:59.000Z

115

MAPPING CLIMATE CHANGE EXPOSURES, VULNERABILITIES,  

E-Print Network [OSTI]

MAPPING CLIMATE CHANGE EXPOSURES, VULNERABILITIES, AND ADAPTATION TO PUBLIC HEALTH RISKS's California Climate Change Center JULY 2012 CEC5002012041 Prepared for: California Energy Commission of California. #12; ii ABSTRACT This study reviewed first available frameworks for climate change adaptation

116

Some Modeling Challenges when Testing Rich Internet Applications for Security Kamara Benjamin, Gregor v. Bochmann,  

E-Print Network [OSTI]

Some Modeling Challenges when Testing Rich Internet Applications for Security Kamara Benjamin (RIAs), using technologies such as Ajax, Flex, or Silverlight, break away from the traditional approach and servers. RIAs introduce new challenges, new security vulnerabilities, and their behavior makes

Jourdan, Guy-Vincent

117

Lemnos interoperable security project.  

SciTech Connect (OSTI)

With the Lemnos framework, interoperability of control security equipment is straightforward. To obtain interoperability between proprietary security appliance units, one or both vendors must now write cumbersome 'translation code.' If one party changes something, the translation code 'breaks.' The Lemnos project is developing and testing a framework that uses widely available security functions and protocols like IPsec - to form a secure communications channel - and Syslog, to exchange security log messages. Using this model, security appliances from two or more different vendors can clearly and securely exchange information, helping to better protect the total system. Simplify regulatory compliance in a complicated security environment by leveraging the Lemnos framework. As an electric utility, are you struggling to implement the NERC CIP standards and other regulations? Are you weighing the misery of multiple management interfaces against committing to a ubiquitous single-vendor solution? When vendors build their security appliances to interoperate using the Lemnos framework, it becomes practical to match best-of-breed offerings from an assortment of vendors to your specific control systems needs. The Lemnos project is developing and testing a framework that uses widely available open-source security functions and protocols like IPsec and Syslog to create a secure communications channel between appliances in order to exchange security data.

Halbgewachs, Ronald D.

2010-03-01T23:59:59.000Z

118

Security Policy  

Broader source: Energy.gov [DOE]

The Office of Security Policy analyzes, develops and interprets safeguards and security policy governing national security functions and the protection of related critical assets entrusted to the...

119

CLIMATE CHANGE IMPACTS, VULNERABILITIES, AND  

E-Print Network [OSTI]

CLIMATE CHANGE IMPACTS, VULNERABILITIES, AND ADAPTATION IN THE SAN FRANCISCO BAY AREA Commission's California Climate Change Center JULY 2012 CEC5002012071 Prepared for: California Energy, as well as projections of future changes in climate based on modeling studies using various plausible

120

T-565: Vulnerability in Microsoft Malware Protection Engine Could...  

Broader source: Energy.gov (indexed) [DOE]

5: Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability T-565: Vulnerability in Microsoft Malware Protection Engine Could Allow...

Note: This page contains sample records for the topic "multiple security vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


121

Securing Infrastructure from High Explosive Threats  

SciTech Connect (OSTI)

Lawrence Livermore National Laboratory (LLNL) is working with the Department of Homeland Security's Science and Technology Directorate, the Transportation Security Administration, and several infrastructure partners to characterize and help mitigate principal structural vulnerabilities to explosive threats. Given the importance of infrastructure to the nation's security and economy, there is a clear need for applied research and analyses (1) to improve understanding of the vulnerabilities of these systems to explosive threats and (2) to provide decision makers with time-critical technical assistance concerning countermeasure and mitigation options. Fully-coupled high performance calculations of structural response to ideal and non-ideal explosives help bound and quantify specific critical vulnerabilities, and help identify possible corrective schemes. Experimental validation of modeling approaches and methodologies builds confidence in the prediction, while advanced stochastic techniques allow for optimal use of scarce computational resources to efficiently provide infrastructure owners and decision makers with timely analyses.

Glascoe, L; Noble, C; Reynolds, J; Kuhl, A; Morris, J

2009-03-20T23:59:59.000Z

122

Improving tamper detection for hazardous waste security  

SciTech Connect (OSTI)

After September 11, waste managers are increasingly expected to provide improved levels of security for the hazardous materials in their charge. Many low-level wastes that previously had minimal or no security must now be well protected, while high-level wastes require even greater levels of security than previously employed. This demand for improved security comes, in many cases, without waste managers being provided the necessary additional funding, personnel, or security expertise. Contributing to the problem is the fact that--at least in our experience--waste managers often fail to appreciate certain types of security vulnerabilities. They frequently overlook or underestimate the security risks associated with disgruntled or compromised insiders, or the potential legal and political liabilities associated with nonexistent or ineffective security. Also frequently overlooked are potential threats from waste management critics who could resort to sabotage, vandalism, or civil disobedience for purposes of discrediting a waste management program.

Johnston, R. G. (Roger G.); Garcia, A. R. E. (Anthony R. E.); Pacheco, A. N. (Adam N.); Trujillo, S. J. (Sonia J.); Martinez, R. K. (Ronald K.); Martinez, D. D. (Debbie D.); Lopez, L. N. (Leon N.)

2002-01-01T23:59:59.000Z

123

Security Implications of OPC, OLE, DCOM, and RPC in Control Systems  

SciTech Connect (OSTI)

OPC is a collection of software programming standards and interfaces used in the process control industry. It is intended to provide open connectivity and vendor equipment interoperability. The use of OPC technology simplifies the development of control systems that integrate components from multiple vendors and support multiple control protocols. OPC-compliant products are available from most control system vendors, and are widely used in the process control industry. OPC was originally known as OLE for Process Control; the first standards for OPC were based on underlying services in the Microsoft Windows computing environment. These underlying services (OLE [Object Linking and Embedding], DCOM [Distributed Component Object Model], and RPC [Remote Procedure Call]) have been the source of many severe security vulnerabilities. It is not feasible to automatically apply vendor patches and service packs to mitigate these vulnerabilities in a control systems environment. Control systems using the original OPC data access technology can thus inherit the vulnerabilities associated with these services. Current OPC standardization efforts are moving away from the original focus on Microsoft protocols, with a distinct trend toward web-based protocols that are independent of any particular operating system. However, the installed base of OPC equipment consists mainly of legacy implementations of the OLE for Process Control protocols.

Not Available

2006-01-01T23:59:59.000Z

124

V-001: Mozilla Security vulnerabilities | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

is accessible by other domain objects, which can be exploited to bypass the same origin policy and gain access to sensitive information. 2) An unspecified error within the...

125

Mitigations for Security Vulnerabilities Found in Control System Networks |  

Energy Savers [EERE]

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Office of Inspector General Office0-72.pdfGeorgeDoesn't32 MasterAcquisitiTechnologyPotomacRidge | Department

126

Common Cyber Security Vulnerabilities Observed in Control System  

Office of Environmental Management (EM)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May Jun Jul(Summary) "of Energy Power Systems EngineeringDepartmentSmart Grid RFI: AddressingEnergy

127

T-614: Cisco Unified Communications Manager Database Security Vulnerability  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Delicious RankCombustion |Energy Usage »of Energy Strain Rate4SuperhardSuspectEnginesSystemsForgery7:| Department

128

COMMON VULNERABILITIES IN CRITICAL INFRASTRUCTURE CONTROL SYSTEMS  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

enforcement and auditing. Page 114 SECURITY POLICY Figure 1. PCS administration. A security plan documents the overall security architecture for a system or subsystem. Typical...

129

Can Fault Prediction Models and Metrics be Used for Vulnerability Prediction? Yonghee Shin and Laurie Williams  

E-Print Network [OSTI]

Can Fault Prediction Models and Metrics be Used for Vulnerability Prediction? Yonghee Shin to prioritize security inspection and testing efforts may be better served by a prediction model that indicates commonalities that may allow development teams to use traditional fault prediction models and metrics

Young, R. Michael

130

Cyber Assessment Methods For SCADA Security  

SciTech Connect (OSTI)

The terrorist attacks of September 11, 2001 brought to light threats and vulnerabilities that face the United States. In response, the U.S. Government is directing the effort to secure the nation's critical infrastructure by creating programs to implement the National Strategy to Secure Cyberspace (1). One part of this effort involves assessing Supervisory Control and Data Acquisition (SCADA) systems. These systems are essential to the control of critical elements of our national infrastructure, such as electric power, oil, and gas production and distribution. Since their incapacitation or destruction would have a debilitating impact on the defense or economic security of the United States, one of the main objectives of this program is to identify vulnerabilities and encourage the public and private sectors to work together to design secure control systems that resolve these weaknesses. This paper describes vulnerability assessment methodologies used in ongoing research and assessment activities designed to identify and resolve vulnerabilities so as to improve the security of the nation's critical infrastructure.

May Robin Permann; Kenneth Rohde

2005-06-01T23:59:59.000Z

131

Cyber Assessment Methods for SCADA Security  

SciTech Connect (OSTI)

The terrorist attacks of September 11, 2001 brought to light threats and vulnerabilities that face the United States. In response, the U.S. Government is directing the effort to secure the nation's critical infrastructure by creating programs to implement the National Strategy to Secure Cyberspace (1). One part of this effort involves assessing Supervisory Control and Data Acquisition (SCADA) systems. These systems are essential to the control of critical elements of our national infrastructure, such as electric power, oil, and gas production and distribution. Since their incapacitation or destruction would have a debilitating impact on the defense or economic security of the United States, one of the main objectives of this program is to identify vulnerabilities and encourage the public and private sectors to work together to design secure control systems that resolve these weaknesses. This paper describes vulnerability assessment methodologies used in ongoing research and assessment activities designed to identify and resolve vulnerabilities so as to improve the security of the nation's critical infrastructure.

Not Available

2005-06-01T23:59:59.000Z

132

Methodology for prioritizing cyber-vulnerable critical infrastructure equipment and mitigation strategies.  

SciTech Connect (OSTI)

The Department of Homeland Security (DHS), National Cyber Security Division (NSCD), Control Systems Security Program (CSSP), contracted Sandia National Laboratories to develop a generic methodology for prioritizing cyber-vulnerable, critical infrastructure assets and the development of mitigation strategies for their loss or compromise. The initial project has been divided into three discrete deliverables: (1) A generic methodology report suitable to all Critical Infrastructure and Key Resource (CIKR) Sectors (this report); (2) a sector-specific report for Electrical Power Distribution; and (3) a sector-specific report for the water sector, including generation, water treatment, and wastewater systems. Specific reports for the water and electric sectors are available from Sandia National Laboratories.

Dawson, Lon Andrew; Stinebaugh, Jennifer A.

2010-04-01T23:59:59.000Z

133

Employee Concerns Reporting Form | National Nuclear Security...  

National Nuclear Security Administration (NNSA)

act requirements Nature of concern: * Safety Health EEO Human Resources Quality Security Environmental Workplace Violence FraudWasteAbuse Management Mismanagement Multiple...

134

Microgrid cyber security reference architecture.  

SciTech Connect (OSTI)

This document describes a microgrid cyber security reference architecture. First, we present a high-level concept of operations for a microgrid, including operational modes, necessary power actors, and the communication protocols typically employed. We then describe our motivation for designing a secure microgrid; in particular, we provide general network and industrial control system (ICS)-speci c vulnerabilities, a threat model, information assurance compliance concerns, and design criteria for a microgrid control system network. Our design approach addresses these concerns by segmenting the microgrid control system network into enclaves, grouping enclaves into functional domains, and describing actor communication using data exchange attributes. We describe cyber actors that can help mitigate potential vulnerabilities, in addition to performance bene ts and vulnerability mitigation that may be realized using this reference architecture. To illustrate our design approach, we present a notional a microgrid control system network implementation, including types of communica- tion occurring on that network, example data exchange attributes for actors in the network, an example of how the network can be segmented to create enclaves and functional domains, and how cyber actors can be used to enforce network segmentation and provide the neces- sary level of security. Finally, we describe areas of focus for the further development of the reference architecture.

Veitch, Cynthia K.; Henry, Jordan M.; Richardson, Bryan T.; Hart, Derek H.

2013-07-01T23:59:59.000Z

135

Cyber Security Requirements for Risk Management  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

The Notice ensures that system owners consistently assess the threats to and vulnerabilities of systems in order to implement adequate security controls. The Notice will also ensure compliance with the requirements of DOE O 205.1, Department of Energy Cyber Security Management Program, dated 3-21-03, and protect DOE information and information systems from unauthorized access, use, disclosure, modification, or destruction. DOE N 205.15, dated 3/18/05, extends this directive until 3/18/06.

2004-02-19T23:59:59.000Z

136

Climate Vulnerabilities | Department of Energy  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May JunDatastreamsmmcrcalgovInstrumentsruc DocumentationP-Series to User Group and Userof aChristinaCliff joins EMSLClimate Vulnerabilities

137

V-088: Microsoft Security Bulletin Advance Notification for February 2013  

Broader source: Energy.gov [DOE]

Microsoft Security Bulletin Advance Notification for February 2013. Microsoft has posted 5 Critical Bulletins and 7 Important Bulletins. Bulletins with the Maximum Severity Rating and Vulnerability Impact of "Critical" may allow remote execution of code. Microsoft will host a webcast to address customer questions on the security bulletins on February 13, 2013, at 11:00 AM Pacific Time (US & Canada).

138

Cyber Security via Minority Games with Epistatic Signaling (Extended Abstract)  

E-Print Network [OSTI]

Cyber Security via Minority Games with Epistatic Signaling (Extended Abstract) W. Casey, L. Metcalf occurs when deceptions are employed in order to breach the security of the system, thus making the entire profiles (e.g., the distribution of players employing various kinds of vulnerability and threat predictions

Mishra, Bud

139

SESSION: CYBER-PHYSICAL SYSTEM SECURITY IN A SMART GRID ENVIROMENT 1 Cyber-Security of SCADA Systems  

E-Print Network [OSTI]

SESSION: CYBER-PHYSICAL SYSTEM SECURITY IN A SMART GRID ENVIROMENT 1 Cyber-Security of SCADA of the power network. From another perspective the authors of [7] attempted to quantify the impact of a cyber is to identify the vulnerabilities of these safety critical infrastruc- tures, determine the impact that possible

Johansson, Karl Henrik

140

Security in 3rd Generation Mobile Networks  

E-Print Network [OSTI]

-based transport technology to the core of 3G mobile networks brings along new vulnerabilities and potentialSecurity in 3rd Generation Mobile Networks Christos Xenakis and Lazaros Merakos Communication by the proliferation of mobile/wireless networks, the fixed- mobile network convergence, and the emergence of new

Stavrakakis, Ioannis

Note: This page contains sample records for the topic "multiple security vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


141

Assessing Climate Change Impacts, Vulnerability and Adaptation...  

Open Energy Info (EERE)

The Case of Pantabangan-Carranglan Watershed Jump to: navigation, search Name Assessing Climate Change Impacts, Vulnerability and Adaptation: The Case of Pantabangan-Carranglan...

142

T-626: Xen Multiple Buffer Overflow and Integer Overflow Vulnerabiliti...  

Broader source: Energy.gov (indexed) [DOE]

RedHat Enterprise Linux Desktop Multi OS 5 client ,RedHat Enterprise Linux 5 server, Red Hat Fedora 15 ,and Red Hat Enterprise Linux Desktop 5 client ABSTRACT: It was found...

143

V-070: Apache CouchDB Multiple Vulnerabilities | Department of...  

Broader source: Energy.gov (indexed) [DOE]

access files. This can be exploited to disclose the contents of arbitrary files via directory traversal sequences. Only Microsoft Windows versions of Apache CouchDB are affected....

144

V-059: MoinMoin Multiple Vulnerabilities | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

being used to write files. This can be exploited to overwrite arbitrary files via directory traversal sequences. 2) The application allows the upload of files with arbitrary...

145

V-051: Oracle Solaris Java Multiple Vulnerabilities | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May Jun Jul(Summary) "ofEarlyEnergyDepartment of EnergyProgram2-26TheUtility-Scale Wind & Solar PowerDepartmentOracle

146

V-097: Google Chrome Multiple Vulnerabilities | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May Jun Jul(Summary) "ofEarlyEnergyDepartment of EnergyProgram2-26TheUtility-Scale Wind &Apple iOSEnergy IBMMultiple

147

V-105: Google Chrome Multiple Vulnerabilities | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May Jun Jul(Summary) "ofEarlyEnergyDepartment of EnergyProgram2-26TheUtility-Scale Wind &Apple iOSEnergyRequirements

148

V-107: Wireshark Multiple Denial of Service Vulnerabilities | Department of  

Broader source: Energy.gov (indexed) [DOE]

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May Jun Jul(Summary) "ofEarlyEnergyDepartment of EnergyProgram2-26TheUtility-Scale Wind &Apple

149

V-111: Multiple vulnerabilities have been reported in Puppet | Department  

Broader source: Energy.gov (indexed) [DOE]

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May Jun Jul(Summary) "ofEarlyEnergyDepartment of EnergyProgram2-26TheUtility-Scale Wind &AppleDepartment ofDepartment ofof

150

V-118: IBM Lotus Domino Multiple Vulnerabilities | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May Jun Jul(Summary) "ofEarlyEnergyDepartment of EnergyProgram2-26TheUtility-Scale Wind &AppleDepartmentof

151

V-121: Google Chrome Multiple Vulnerabilities | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May Jun Jul(Summary) "ofEarlyEnergyDepartment of EnergyProgram2-26TheUtility-Scale Wind &AppleDepartmentofDepartmentGoogle

152

V-126: Mozilla Firefox Multiple Vulnerabilities | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May Jun Jul(Summary) "ofEarlyEnergyDepartment of EnergyProgram2-26TheUtility-Scale WindDepartment of Energy VMwareMozilla

153

V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities  

Office of Environmental Management (EM)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May Jun Jul(Summary) "of EnergyEnergyENERGYWomen Owned SmallOf The 2012Nuclear Guide Remote Access08:Energy 94: IBMof8:|

154

U-035: Adobe Flash Player Multiple Vulnerabilities | Department of Energy  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Delicious RankCombustion |Energy Usage »of EnergyTheTwo New Energy Storage6 (07/03) OMB Control2:

155

T-542: SAP Crystal Reports Server Multiple Vulnerabilities | Department of  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Delicious RankCombustion |Energy Usage »of Energy Strain Rate4SuperhardSuspectEnginesSystems for

156

U-162: Drupal Multiple Vulnerabilities | Department of Energy  

Energy Savers [EERE]

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Office of Inspector GeneralDepartment of EnergyofProject is on Track | Department ofLLCU-023: Debian|| DepartmentU-162:

157

V-152: Cisco Unified Customer Voice Portal (CVP) Multiple Vulnerabilities |  

Broader source: Energy.gov (indexed) [DOE]

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May Jun Jul(Summary) "ofEarly Career Scientists' Research Petroleum ReserveDepartment

158

V-157: Adobe Reader / Acrobat Multiple Vulnerabilities | Department of  

Broader source: Energy.gov (indexed) [DOE]

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May Jun Jul(Summary) "ofEarly Career Scientists' Research Petroleum ReserveDepartmentScripting Attacks | Department

159

V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities |  

Broader source: Energy.gov (indexed) [DOE]

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May Jun Jul(Summary) "ofEarly Career Scientists' Research Petroleum ReserveDepartmentScripting Attacks |

160

V-178: IBM Data Studio Web Console Java Multiple Vulnerabilities |  

Broader source: Energy.gov (indexed) [DOE]

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May Jun Jul(Summary) "ofEarly Career Scientists' Research Petroleum ReserveDepartmentScripting AttacksThere is a

Note: This page contains sample records for the topic "multiple security vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


161

V-224: Google Chrome Multiple Vulnerabilities | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May Jun Jul(Summary) "ofEarly Career Scientists' Research PetroleumDepartment of Energy Kaveh Ghaemmaghami has

162

U-173: Symantec Web Gateway Multiple Vulnerabilities | Department of Energy  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Delicious RankCombustion |Energy Usage »of EnergyTheTwo New Energy Storage6Scripting Attacks |Service |Code |3:

163

U-179: IBM Java 7 Multiple Vulnerabilities | Department of Energy  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Delicious RankCombustion |Energy Usage »of EnergyTheTwo New Energy Storage6Scripting Attacks |Service |Code |3:9:

164

U-273: Multiple vulnerabilities have been reported in Wireshark |  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Delicious RankCombustion |Energy Usage »of EnergyTheTwo New Energy Storage6ScriptingURLDepartment ofDepartment of

165

V-083: Oracle Java Multiple Vulnerabilities | Department of Energy  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Delicious RankCombustion |Energy Usage »of EnergyTheTwo New12.'6/0.2Contract (UESC)Department ofDepartment

166

U-202: Apple QuickTime Multiple Stack Overflow Vulnerabilities  

Broader source: Energy.gov [DOE]

Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.

167

U-002:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities  

Broader source: Energy.gov [DOE]

A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

168

Proliferation Vulnerability Red Team report  

SciTech Connect (OSTI)

This report is the product of a four-month independent technical assessment of potential proliferation vulnerabilities associated with the plutonium disposition alternatives currently under review by DOE/MD. The scope of this MD-chartered/Sandia-led study was limited to technical considerations that could reduce proliferation resistance during various stages of the disposition processes below the Stored Weapon/Spent Fuel standards. Both overt and covert threats from host nation and unauthorized parties were considered. The results of this study will be integrated with complementary work by others into an overall Nonproliferation and Arms Control Assessment in support of a Secretarial Record of Decision later this year for disposition of surplus U.S. weapons plutonium.

Hinton, J.P.; Barnard, R.W.; Bennett, D.E. [and others

1996-10-01T23:59:59.000Z

169

Detecting Network Vulnerabilities Through Graph Theoretical Methods  

E-Print Network [OSTI]

vulnerabilities in power networks is an important prob- lem, as even a small number of vulnerable connections can benchmark power networks. 1 Introduction The electric power grid network is susceptible to power outages northeast and Canada, which affected an estimated 50 million people, causing over $6 billion in damage

Geddes, Cameron Guy Robinson

170

SEISMIC VULNERABILITY ASSESSMENT USING AMBIENT VIBRATIONS  

E-Print Network [OSTI]

SEISMIC VULNERABILITY ASSESSMENT USING AMBIENT VIBRATIONS: METHOD AND VALIDATION Clotaire Michel, France cmichel@obs.ujf-grenoble.fr Abstract Seismic vulnerability in wide areas is usually assessed like USA or Italy. France is a country with moderate seismicity so that it requires lower-cost methods

Paris-Sud XI, Université de

171

Business-driven security White paper  

E-Print Network [OSTI]

March 2008 Business-driven security White paper Take a holistic approach to business-driven security. #12;Take a holistic approach to business-driven security. 2 Overview Today's corporate leaders face multiple challenges, including the need to innovate in extremely competitive business climates

172

Secure Transportation of HEU in Romania  

SciTech Connect (OSTI)

The National Nuclear Security Administration has announced the final shipments of Russian-origin highly enriched uranium (HEU) nuclear fuel from Romania. The material was removed and returned to Russia by air for storage at two secure nuclear facilities, making Romania the first country to remove all HEU since President Obama outlined his commitment to securing all vulnerable nuclear material around the world within four years. This was also the first time NNSA has shipped spent HEU by airplane, a development that will help accelerate efforts to meet the Presidents objective.

2009-07-06T23:59:59.000Z

173

On the Security of Public Key Protocols  

E-Print Network [OSTI]

Recently the use of public key encryption to provide secure network communication has received considerable attention. Such public key systems are usually effective against passive eavesdroppers, who merely tap the lines and try to decipher the message. It has been pointed out, however, that an improperly designed protocol could be vulnerable to an active saboteur, one who may impersonate another user or alter the message being transmitted. Several models are formulated in which the security of protocols can be discussed precisely. Algorithms and characteri-zations that can be used to determine protocol security in these models are given.

Danny Dolev; et al.

1983-01-01T23:59:59.000Z

174

GRiP - A flexible approach for calculating risk as a function of consequence, vulnerability, and threat.  

SciTech Connect (OSTI)

Get a GRiP (Gravitational Risk Procedure) on risk by using an approach inspired by the physics of gravitational forces between body masses! In April 2010, U.S. Department of Homeland Security Special Events staff (Protective Security Advisors [PSAs]) expressed concern about how to calculate risk given measures of consequence, vulnerability, and threat. The PSAs believed that it is not 'right' to assign zero risk, as a multiplicative formula would imply, to cases in which the threat is reported to be extremely small, and perhaps could even be assigned a value of zero, but for which consequences and vulnerability are potentially high. They needed a different way to aggregate the components into an overall measure of risk. To address these concerns, GRiP was proposed and developed. The inspiration for GRiP is Sir Isaac Newton's Universal Law of Gravitation: the attractive force between two bodies is directly proportional to the product of their masses and inversely proportional to the squares of the distance between them. The total force on one body is the sum of the forces from 'other bodies' that influence that body. In the case of risk, the 'other bodies' are the components of risk (R): consequence, vulnerability, and threat (which we denote as C, V, and T, respectively). GRiP treats risk as if it were a body within a cube. Each vertex (corner) of the cube represents one of the eight combinations of minimum and maximum 'values' for consequence, vulnerability, and threat. The risk at each of the vertices is a variable that can be set. Naturally, maximum risk occurs when consequence, vulnerability, and threat are at their maximum values; minimum risk occurs when they are at their minimum values. Analogous to gravitational forces among body masses, the GRiP formula for risk states that the risk at any interior point of the box depends on the squares of the distances from that point to each of the eight vertices. The risk value at an interior (movable) point will be dominated by the value of one vertex as that point moves closer and closer to that one vertex. GRiP is a visualization tool that helps analysts better understand risk and its relationship to consequence, vulnerability, and threat. Estimates of consequence, vulnerability, and threat are external to GRiP; however, the GRiP approach can be linked to models or data that provide estimates of consequence, vulnerability, and threat. For example, the Enhanced Critical Infrastructure Program/Infrastructure Survey Tool produces a vulnerability index (scaled from 0 to 100) that can be used for the vulnerability component of GRiP. We recognize that the values used for risk components can be point estimates and that, in fact, there is uncertainty regarding the exact values of C, V, and T. When we use T = t{sub o} (where t{sub o} is a value of threat in its range), we mean that threat is believed to be in an interval around t{sub o}. Hence, a value of t{sub o} = 0 indicates a 'best estimate' that the threat level is equal to zero, but still allows that it is not impossible for the threat to occur. When t{sub o} = 0 but is potentially small and not exactly zero, there will be little impact on the overall risk value as long as the C and V components are not large. However, when C and/or V have large values, there can be large differences in risk given t{sub o} = 0, and t{sub o} = epsilon (where epsilon is small but greater than a value of zero). We believe this scenario explains the PSA's intuition that risk is not equal to zero when t{sub o} = 0 and C and/or V have large values. (They may also be thinking that if C has an extremely large value, it is unlikely that T is equal to 0; in the terrorist context, T would likely be dependent on C when C is extremely large.) The PSAs are implicitly recognizing the potential that t{sub o} = epsilon. One way to take this possible scenario into account is to replace point estimates for risk with interval values that reflect the uncertainty in the risk components. In fact, one could argue that T never equals zero for a man-made hazard. This

Whitfield, R. G.; Buehring, W. A.; Bassett, G. W. (Decision and Information Sciences)

2011-04-08T23:59:59.000Z

175

Climate Change and Infrastructure, Urban Systems, and Vulnerabilities  

SciTech Connect (OSTI)

This Technical Report on Climate Change and Infrastructure, Urban Systems, and Vulnerabilities has been prepared for the U.S. Department of Energy by the Oak Ridge National Laboratory in support of the U.S. National Climate Assessment (NCA). It is a summary of the currently existing knowledge base on its topic, nested within a broader framing of issues and questions that need further attention in the longer run. The report arrives at a number of assessment findings, each associated with an evaluation of the level of consensus on that issue within the expert community, the volume of evidence available to support that judgment, and the section of the report that provides an explanation for the finding. Cross-sectoral issues related to infrastructures and urban systems have not received a great deal of attention to date in research literatures in general and climate change assessments in particular. As a result, this technical report is breaking new ground as a component of climate change vulnerability and impact assessments in the U.S., which means that some of its assessment findings are rather speculative, more in the nature of propositions for further study than specific conclusions that are offered with a high level of confidence and research support. But it is a start in addressing questions that are of interest to many policymakers and stakeholders. A central theme of the report is that vulnerabilities and impacts are issues beyond physical infrastructures themselves. The concern is with the value of services provided by infrastructures, where the true consequences of impacts and disruptions involve not only the costs associated with the clean-up, repair, and/or replacement of affected infrastructures but also economic, social, and environmental effects as supply chains are disrupted, economic activities are suspended, and/or social well-being is threatened. Current knowledge indicates that vulnerability concerns tend to be focused on extreme weather events associated with climate change that can disrupt infrastructure services, often cascading across infrastructures because of extensive interdependencies threatening health and local economies, especially in areas where human populations and economic activities are concentrated in urban areas. Vulnerabilities are especially large where infrastructures are subject to multiple stresses, beyond climate change alone; when they are located in areas vulnerable to extreme weather events; and if climate change is severe rather than moderate. But the report also notes that there are promising approaches for risk management, based on emerging lessons from a number of innovative initiatives in U.S. cities and other countries, involving both structural and non-structural (e.g., operational) options.

Wilbanks, Thomas J [ORNL] [ORNL; Fernandez, Steven J [ORNL] [ORNL

2014-01-01T23:59:59.000Z

176

U-133: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code  

Broader source: Energy.gov [DOE]

Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system.

177

Locating Climate Insecurity: Where Are the Most Vulnerable Places...  

Open Energy Info (EERE)

disasters, (2) household and community vulnerability, (3) governance and political violence, and (4) population density. Each of these areas of vulnerability was given...

178

aquifer contamination vulnerability: Topics by E-print Network  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

species vulnerability to climate and land use change: the case projections of likely impacts of global change to identify the most vulner- able species. We suggest an original...

179

Assessing Vulnerabilities, Risks, and Consequences of Damage to Critical Infrastructure  

SciTech Connect (OSTI)

Since the publication of 'Critical Foundations: Protecting America's Infrastructure,' there has been a keen understanding of the complexity, interdependencies, and shared responsibility required to protect the nation's most critical assets that are essential to our way of life. The original 5 sectors defined in 1997 have grown to 18 Critical Infrastructures and Key Resources (CIKR), which are discussed in the 2009 National Infrastructure Protection Plan (NIPP) and its supporting sector-specific plans. The NIPP provides the structure for a national program dedicated to enhanced protection and resiliency of the nation's infrastructure. Lawrence Livermore National Laboratory (LLNL) provides in-depth, multi-disciplinary assessments of threat, vulnerability, and consequence across all 18 sectors at scales ranging from specific facilities to infrastructures spanning multi-state regions, such as the Oil and Natural Gas (ONG) sector. Like many of the CIKR sectors, the ONG sector is comprised of production, processing, distribution, and storage of highly valuable and potentially dangerous commodities. Furthermore, there are significant interdependencies with other sectors, including transportation, communication, finance, and government. Understanding the potentially devastating consequences and collateral damage resulting from a terrorist attack or natural event is an important element of LLNL's infrastructure security programs. Our work began in the energy sector in the late 1990s and quickly expanded other critical infrastructure sectors. We have performed over 600 physical assessments with a particular emphasis on those sectors that utilize, store, or ship potentially hazardous materials and for whom cyber security is important. The success of our approach is based on building awareness of vulnerabilities and risks and working directly with industry partners to collectively advance infrastructure protection. This approach consists of three phases: The Pre-Assessment Phase brings together infrastructure owners and operators to identify critical assets and help the team create a structured information request. During this phase, we gain information about the critical assets from those who are most familiar with operations and interdependencies, making the time we spend on the ground conducting the assessment much more productive and enabling the team to make actionable recommendations. The Assessment Phase analyzes 10 areas: Threat environment, cyber architecture, cyber penetration, physical security, physical penetration, operations security, policies and procedures, interdependencies, consequence analysis, and risk characterization. Each of these individual tasks uses direct and indirect data collection, site inspections, and structured and facilitated workshops to gather data. Because of the importance of understanding the cyber threat, LLNL has built both fixed and mobile cyber penetration, wireless penetration and supporting tools that can be tailored to fit customer needs. The Post-Assessment Phase brings vulnerability and risk assessments to the customer in a format that facilitates implementation of mitigation options. Often the assessment findings and recommendations are briefed and discussed with several levels of management and, if appropriate, across jurisdictional boundaries. The end result is enhanced awareness and informed protective measures. Over the last 15 years, we have continued to refine our methodology and capture lessons learned and best practices. The resulting risk and decision framework thus takes into consideration real-world constraints, including regulatory, operational, and economic realities. In addition to 'on the ground' assessments focused on mitigating vulnerabilities, we have integrated our computational and atmospheric dispersion capability with easy-to-use geo-referenced visualization tools to support emergency planning and response operations. LLNL is home to the National Atmospheric Release Advisory Center (NARAC) and the Interagency Modeling and Atmospheric Assessment Center (IMAAC). NA

Suski, N; Wuest, C

2011-02-04T23:59:59.000Z

180

CLIMATE VULNERABILITY AND ADAPTATION STUDY FOR  

E-Print Network [OSTI]

CLIMATE VULNERABILITY AND ADAPTATION STUDY FOR CALIFORNIA Legal Analysis of Barriers's California Climate Change Center JULY 2012 CEC5002012019 Prepared for: California Energy Commission to that framework that would facilitate adaptation to climate change. Since such changes may be difficult

Note: This page contains sample records for the topic "multiple security vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


181

Cancer Vulnerabilities Unveiled by Genomic Loss  

E-Print Network [OSTI]

Due to genome instability, most cancers exhibit loss of regions containing tumor suppressor genes and collateral loss of other genes. To identify cancer-specific vulnerabilities that are the result of copy number losses, ...

Nijhawan, Deepak

182

Transportation Security  

Broader source: Energy.gov (indexed) [DOE]

Preliminary Draft - For Review Only 1 Transportation Security Draft Annotated Bibliography Review July 2007 Preliminary Draft - For Review Only 2 Work Plan Task * TEC STG Work...

183

Security Specialist  

Broader source: Energy.gov [DOE]

A successful candidate in this position will serve as a Security Specialist with responsibility as the performance monitor for protective force operations conducts line management oversight of the...

184

Global security  

ScienceCinema (OSTI)

Patrick Lynch helps technical staff, academic leaders and governments around the world improve the safety and security of their nuclear power programs.

Lynch, Patrick

2014-07-15T23:59:59.000Z

185

Global security  

SciTech Connect (OSTI)

Patrick Lynch helps technical staff, academic leaders and governments around the world improve the safety and security of their nuclear power programs.

Lynch, Patrick

2014-07-14T23:59:59.000Z

186

Cyber Security  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Cyber Security Previous cybersecurity evaluations and designs were often dependent upon personal experience and limited empirical evidence. An LDRD project focused on cybersecurity...

187

V-025: Bugzilla Multiple Cross Site Scripting and Information...  

Broader source: Energy.gov (indexed) [DOE]

to version 3.6.12, 4.0.9, or 4.2.4 or apply patches. Addthis Related Articles V-080: Apple iOS Multiple Vulnerabilities T-568: Mozilla Firefox Bugs Let Remote Users Conduct...

188

Improved Security Via ''Town Crier'' Monitoring  

SciTech Connect (OSTI)

Waste managers are increasingly expected to provide good security for the hazardous materials they marshal. Good security requires, among other things, effective tamper and intrusion detection. We have developed and demonstrated a new method for tamper and intrusion detection which we call the ''town crier method''. It avoids many of the problems and vulnerabilities associated with traditional approaches, and has significant advantages for hazardous waste transport. We constructed two rudimentary town crier prototype systems, and tested them for monitoring cargo inside a truck. Preliminary results are encouraging.

Johnston, R. G.; Garcia, A. R. E.; Pacheco, A. N.

2003-02-26T23:59:59.000Z

189

Improved security via 'Town Crier' monitoring  

SciTech Connect (OSTI)

Waste managers are increasingly expected to provide good security for the hazardous materials they marshal. Good security requires, among other things, effective tamper and intrusion detection. We have developed and demonstrated a new method for tamper and intrusion detection which we call the 'town crier' method. It avoids many of the problems and vulnerabilities associated with traditional approaches, and has significant advantages for hazardous waste transport. We constructed two rudimentary town crier prototype systems, and tested them for monitoring cargo inside a truck. Preliminary results are encouraging.

Johnston, R. G. (Roger G.); Garcia, A. R. E. (Anthony R. E.); Pacheco, A. N. (Adam N.)

2002-01-01T23:59:59.000Z

190

Enhancing Energy Infrastructure Resiliency and Addressing Vulnerabilities  

Broader source: Energy.gov [DOE]

Quadrennial Energy Review Task Force Secretariat and Energy Policy and Systems Analysis Staff, U. S. Department of Energy (DOE) Public Meeting on Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities On Friday, April 11, 2014, at 10 a.m. in room HVC-215 of the U.S. Capitol, the Department of Energy (DOE), acting as the Secretariat for the Quadrennial Energy Review Task Force, will hold a public meeting to discuss and receive comments on issues related to the Quadrennial Energy Review (QER). The meeting will focus on infrastructure vulnerabilities related to the electricity, natural gas and petroleum transmission, storage and distribution systems (TS&D). The meeting will consist of two facilitated panels of experts on identifying and addressing vulnerabilities within the nations energy TS&D infrastructure. Following the panels, an opportunity will be provided for public comment via an open microphone session. The meeting will be livestreamed at energy.gov/live

191

Security Conditions  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

This Notice ensures that DOE uniformly meets the requirements of the Homeland Security Advisory System outlined in Homeland Security Presidential Directive-3, Threat Conditions and Associated Protective Measures, dated 3-11-02, and provides responses specified in Presidential Decision Directive 39, U.S. Policy on Counterterrorism (U), dated 6-21-95. It cancels DOE N 473.8, Security Conditions, dated 8-7-02. Extended until 7-7-06 by DOE N 251.64, dated 7-7-05 Cancels DOE N 473.8

2004-07-08T23:59:59.000Z

192

Security In Information Systems  

E-Print Network [OSTI]

rights, and they are proposing security policies, security planning, personal data protection laws, etc

Candan, Selçuk

193

Resilient and Self-Organizing Overlay of Collaborative Security Monitors  

E-Print Network [OSTI]

, destructive and widespread, especially those distributed attacks that exploit multiple launching sites, security systems that are deployed in isolation within administrative domains and do not exchange infor

Li, Jun

194

Control Systems Security Test Center - FY 2004 Program Summary  

SciTech Connect (OSTI)

In May 2004, the US-CERT Control Systems Security Center (CSSC) was established at Idaho National Laboratory to execute assessment activities to reduce the vulnerability of the nations critical infrastructure control systems to terrorist attack. The CSSC implements a program to accomplish the five goals presented in the US-CERT National Strategy for Control Systems Security. This report summarizes the first year funding of startup activities and program achievements that took place in FY 2004 and early FY 2005. This document was prepared for the US-CERT Control Systems Security Center of the National Cyber Security Division of the Department of Homeland Security (DHS). DHS has been tasked under the Homeland Security Act of 2002 to coordinate the overall national effort to enhance the protection of the national critical infrastructure. Homeland Security Presidential Directive HSPD-7 directs federal departments to identify and prioritize the critical infrastructure and protect it from terrorist attack. The US-CERT National Strategy for Control Systems Security was prepared by the National Cyber Security Division to address the control system security component addressed in the National Strategy to Secure Cyberspace and the National Strategy for the Physical Protection of Critical Infrastructures and Key Assets. The US-CERT National Strategy for Control Systems Security identified five high-level strategic goals for improving cyber security of control systems.

Robert E. Polk; Alen M. Snyder

2005-04-01T23:59:59.000Z

195

Personnel Security  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

The manual establishes the overall objectives and requirements for the Department of Energy Personnel Security Program. Cancels DOE M 472.1-1B. Canceled by DOE O 472.2.

2005-08-26T23:59:59.000Z

196

DOE/DHS INDUSTRIAL CONTROL SYSTEM CYBER SECURITY PROGRAMS: A MODEL FOR USE IN NUCLEAR FACILITY SAFEGUARDS AND SECURITY  

SciTech Connect (OSTI)

Many critical infrastructure sectors have been investigating cyber security issues for several years especially with the help of two primary government programs. The U.S. Department of Energy (DOE) National SCADA Test Bed and the U.S. Department of Homeland Security (DHS) Control Systems Security Program have both implemented activities aimed at securing the industrial control systems that operate the North American electric grid along with several other critical infrastructure sectors (ICS). These programs have spent the last seven years working with industry including asset owners, educational institutions, standards and regulating bodies, and control system vendors. The programs common mission is to provide outreach, identification of cyber vulnerabilities to ICS and mitigation strategies to enhance security postures. The success of these programs indicates that a similar approach can be successfully translated into other sectors including nuclear operations, safeguards, and security. The industry regulating bodies have included cyber security requirements and in some cases, have incorporated sets of standards with penalties for non-compliance such as the North American Electric Reliability Corporation Critical Infrastructure Protection standards. These DOE and DHS programs that address security improvements by both suppliers and end users provide an excellent model for nuclear facility personnel concerned with safeguards and security cyber vulnerabilities and countermeasures. It is not a stretch to imagine complete surreptitious collapse of protection against the removal of nuclear material or even initiation of a criticality event as witnessed at Three Mile Island or Chernobyl in a nuclear ICS inadequately protected against the cyber threat.

Robert S. Anderson; Mark Schanfein; Trond Bjornard; Paul Moskowitz

2011-07-01T23:59:59.000Z

197

Information Security  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

The protection and control of classified information is critical to our nations security. This Order establishes requirements and responsibilities for Department of Energy (DOE) Departmental Elements, including the National Nuclear Security Administration (NNSA), to protect and control classified information as required by statutes, regulation, Executive Orders, government-wide policy directives and guidelines, and DOE policy and directives. Cancels DOE M 470.4-4A Chg except for Section D.

2011-06-20T23:59:59.000Z

198

Personnel Security  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

The Order establishes requirements for a successful, efficient and cost-effective personnel security program to ensure accurate, timely and equitable determinations of individuals eligibility for access to classified information and fitness for placement or retention in national security positions. Cancels DOE M 470.4-5, DOE N 470.4 and DOE N 470.5. Admin Chg 1, 10-8-13.

2011-07-27T23:59:59.000Z

199

Towards a Secure Email Service for The Future Muhammad Shoaib Saleem and Eric Renault  

E-Print Network [OSTI]

content distribution, user privacy and security, naming and addressing, routing and name resolutionTowards a Secure Email Service for The Future Internet Muhammad Shoaib Saleem and ´Eric Renault.renault}@it-sudparis.eu Abstract--Email is one of the most used application over the Internet and it is vulnerable to cyber attacks

Paris-Sud XI, Université de

200

Climate change and climate variability affect all regions of the world. U.S. vulnerability to the changes and variations are not only dependent on changes within the U.S. but also on  

E-Print Network [OSTI]

OVERVIEW Climate change and climate variability affect all regions of the world. U.S. vulnerability, it is important to assess emerging threats to national security due to climate change far into the future. Having with national security establish practical responses to climate change and extreme weather events

Note: This page contains sample records for the topic "multiple security vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


201

Cyber Security and Resilient Systems  

SciTech Connect (OSTI)

The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nations cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments to date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the next generation fighter jets or nuclear material safeguards systems in complex nuclear fuel cycle facilities. It is the intent of this paper to describe the cyber security programs that are currently in place, the experiences and successes achieved in industry including outreach and training, and suggestions about how other sectors and organizations can leverage this national expertise to help their monitoring and control systems become more secure.

Robert S. Anderson

2009-07-01T23:59:59.000Z

202

Transportation Security | ornl.gov  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Transportation Security SHARE Global Threat Reduction Initiative Transportation Security Cooperation Secure Transport Operations (STOP) Box Security of radioactive material while...

203

Chemical Safety Vulnerability Working Group Report  

SciTech Connect (OSTI)

This report marks the culmination of a 4-month review conducted to identify chemical safety vulnerabilities existing at DOE facilities. This review is an integral part of DOE's efforts to raise its commitment to chemical safety to the same level as that for nuclear safety.

Not Available

1994-09-01T23:59:59.000Z

204

WATER AND ENERGY SECTOR VULNERABILITY TO CLIMATE  

E-Print Network [OSTI]

WATER AND ENERGY SECTOR VULNERABILITY TO CLIMATE WARMING IN THE SIERRA NEVADA: Water Year explores the sensitivity of water indexing methods to climate change scenarios to better understand how water management decisions and allocations will be affected by climate change. Many water management

205

Fragile Networks: Identifying Vulnerabilities and Synergies  

E-Print Network [OSTI]

, Efficiency Measurement, and Vulnerability Analysis · Part II: Applications and Extensions · Part III: Mergers the foundations for transportation and logistics, for communication, energy provision, social interactions that underlie our societies and economies are large-scale and complex in nature, they are liable to be faced

Nagurney, Anna

206

CyberPhysical System Security for the Electric Power Grid  

E-Print Network [OSTI]

systems that may be vulnerable to security attacks is discussed in this paper as are control loop successful cyber attacks. Estimating feasible attack impact requires an evaluation of the grid's dependency of the cyber­physical relationships within the smart grid and a specific review of possible attack vectors

Manimaran, Govindarasu

207

U-124: Microsoft Security Bulletin Advance Notification for March 2012  

Broader source: Energy.gov [DOE]

Microsoft Security Bulletin Advance Notification for March 2012. Microsoft has posted 1 Critical Bulletin, 4 Important bulletins and 1 Moderate bulletin. Bulletins with the Maximum Severity Rating and Vulnerability Impact of "Critical" may allow remote execution of code. Microsoft is hosting a webcast to address customer questions on these bulletins on March 14, 2012, at 11:00 AM Pacific Time (US & Canada).

208

U-235: Microsoft Security Bulletin Advance Notification for August 2012  

Broader source: Energy.gov [DOE]

Microsoft Security Bulletin Advance Notification for August 2012. Microsoft has posted 5 Critical Bulletins and 4 Important Bulletins. Bulletins with the Maximum Severity Rating and Vulnerability Impact of "Critical" may allow remote execution of code. Microsoft is hosting a webcast to address customer questions on these bulletins on August 15, 2012, at 11:00 AM Pacific Time (US & Canada).

209

Guide to Critical Infrastructure Protection Cyber Vulnerability...  

Broader source: Energy.gov (indexed) [DOE]

Implementing NERC Critical Infrastructure Protection Standards New No-Cost ANTFARM Tool Maps Control System Networks to Help Implement Cyber Security Standards "Cybersecurity for...

210

Climate Change and National Security  

SciTech Connect (OSTI)

Climate change is increasingly recognized as having national security implications, which has prompted dialogue between the climate change and national security communities with resultant advantages and differences. Climate change research has proven useful to the national security community sponsors in several ways. It has opened security discussions to consider climate as well as political factors in studies of the future. It has encouraged factoring in the stresses placed on societies by climate changes (of any kind) to help assess the potential for state stability. And it has shown that, changes such as increased heat, more intense storms, longer periods without rain, and earlier spring onset call for building climate resilience as part of building stability. For the climate change research community, studies from a national security point of view have revealed research lacunae, for example, such as the lack of usable migration studies. This has also pushed the research community to consider second- and third-order impacts of climate change, such as migration and state stability, which broadens discussion of future impacts beyond temperature increases, severe storms, and sea level rise; and affirms the importance of governance in responding to these changes. The increasing emphasis in climate change science toward research in vulnerability, resilience, and adaptation also frames what the intelligence and defense communities need to know, including where there are dependencies and weaknesses that may allow climate change impacts to result in security threats and where social and economic interventions can prevent climate change impacts and other stressors from resulting in social and political instability or collapse.

Malone, Elizabeth L.

2013-02-01T23:59:59.000Z

211

T-594: IBM solidDB Password Hash Authentication Bypass Vulnerability  

Broader source: Energy.gov [DOE]

This vulnerability could allow remote attackers to execute arbitrary code on vulnerable installations of IBM solidDB. Authentication is not required to exploit this vulnerability.

212

Power System Extreme Event Detection: The Vulnerability Frontier  

E-Print Network [OSTI]

Figure 6. Vulnerability Frontier for a 13,374 node system.corresponding to points on the frontier suggests that theseDetection: The Vulnerability Frontier Bernard C. Lesieutre

Lesieutre, Bernard C.; Pinar, Ali; Roy, Sandip

2007-01-01T23:59:59.000Z

213

Information Security  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

The protection and control of classified information is critical to our nations security. This Order establishes requirements and responsibilities for Department of Energy (DOE) Departmental Elements, including the National Nuclear Security Administration (NNSA), to protect and control classified information as required by statutes, regulation, Executive Orders, government-wide policy directives and guidelines, and DOE policy and directives. Cancels DOE M 470.4-4A Chg except for Section D. Admin Chg 1, dated 11-23-2012, cancels DOE O 471.6.

2011-06-20T23:59:59.000Z

214

Information Security  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

This Manual establishes security requirements for the protection and control of information and matter required to be classified or controlled by statutes, regulations, or Department of Energy directives. Attachment E, Technical Surveillance Countermeasures Program, is for Official Use Only. Contact the Office of Security and Safety Performance Assurance at 301-903-3653 if your official duties require you to have access to this part of the directive. Cancels: DOE M 471.2-1B, DOE M 471.2-1C, DOE M 471.2-4, and DOE O 471.2A.

2005-08-26T23:59:59.000Z

215

Information Security  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

Establishes security requirements for the protection and control of information and matter required to be classified or controlled by statutes, regulations, or Department of Energy directives. Section E, Technical Surveillance Countermeasures Program, is Official Use Only. Please contact the DOE Office of Health, Safety and Security at 301-903-0292 if your official duties require you to have access to this part of the directive. Cancels: DOE M 471.2-1B, DOE M 471.2-1C, DOE M 471.2-4, and DOE O 471.2A

2007-06-29T23:59:59.000Z

216

Energy Vulnerability Assessment for the US Pacific Islands. Technical Appendix 2  

SciTech Connect (OSTI)

The study, Energy Vulnerability Assessment of the US Pacific Islands, was mandated by the Congress of the United States as stated in House Resolution 776-220 of 1992, Section 1406. The resolution states that the US Secretary of Energy shall conduct a study of the implications of the unique vulnerabilities of the insular areas to an oil supply disruption. Such study shall outline how the insular areas shall gain access to vital oil supplies during times of national emergency. The resolution defines insular areas as the US Virgin Islands, Puerto Rico, Guam, American Samoa, the Commonwealth of the Northern Mariana Islands, and Palau. The US Virgin Islands and Puerto Rico are not included in this report. The US Department of Energy (USDOE) has broadened the scope of the study contained in the House Resolution to include emergency preparedness and response strategies which would reduce vulnerability to an oil supply disruption as well as steps to ameliorate adverse economic consequences. This includes a review of alternative energy technologies with respect to their potential for reducing dependence on imported petroleum. USDOE has outlined the four tasks of the energy vulnerability assessment as the following: (1) for each island, determine crude oil and refined product demand/supply, and characterize energy and economic infrastructure; (2) forecast global and regional oil trade flow patterns, energy demand/supply, and economic activities; (3) formulate oil supply disruption scenarios and ascertain the general and unique vulnerabilities of these islands to oil supply disruptions; and (4) outline emergency preparedness and response options to secure oil supplies in the short run, and reduce dependence on imported oil in the longer term.

Fesharaki, F.; Rizer, J.P.; Greer, L.S.

1994-05-01T23:59:59.000Z

217

Best Practices for the Security of Radioactive Materials  

SciTech Connect (OSTI)

This work is funded under a grant provided by the US Department of Health and Human Services, Centers for Disease Control. The Department of Health and Mental Hygiene (DOHMH) awarded a contract to Brookhaven National Laboratory (BNL) to develop best practices guidance for Office of Radiological Health (ORH) licensees to increase on-site security to deter and prevent theft of radioactive materials (RAM). The purpose of this document is to describe best practices available to manage the security of radioactive materials in medical centers, hospitals, and research facilities. There are thousands of such facilities in the United States, and recent studies suggest that these materials may be vulnerable to theft or sabotage. Their malevolent use in a radiological-dispersion device (RDD), viz., a dirty bomb, can have severe environmental- and economic- impacts, the associated area denial, and potentially large cleanup costs, as well as other effects on the licensees and the public. These issues are important to all Nuclear Regulatory Commission and Agreement State licensees, and to the general public. This document outlines approaches for the licensees possessing these materials to undertake security audits to identify vulnerabilities in how these materials are stored or used, and to describe best practices to upgrade or enhance their security. Best practices can be described as the most efficient (least amount of effort/cost) and effective (best results) way of accomplishing a task and meeting an objective, based on repeatable procedures that have proven themselves over time for many people and circumstances. Best practices within the security industry include information security, personnel security, administrative security, and physical security. Each discipline within the security industry has its own 'best practices' that have evolved over time into common ones. With respect to radiological devices and radioactive-materials security, industry best practices encompass both physical security (hardware and engineering) and administrative procedures. Security regimes for these devices and materials typically use a defense-in-depth- or layered-security approach to eliminate single points of failure. The Department of Energy, the Department of Homeland Security, the Department of Defense, the American Society of Industrial Security (ASIS), the Security Industry Association (SIA) and Underwriters Laboratory (UL) all rovide design guidance and hardware specifications. With a graded approach, a physical-security specialist can tailor an integrated security-management system in the most appropriate cost-effective manner to meet the regulatory and non-regulatory requirements of the licensee or client.

Coulter, D.T.; Musolino, S.

2009-05-01T23:59:59.000Z

218

T-534: Vulnerability in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server  

Broader source: Energy.gov [DOE]

BlackBerry advisory describes a security issue that the BlackBerry Attachment Service component of the BlackBerry Enterprise Server is susceptible to. The issue relates to a known vulnerability in the PDF distiller component of the BlackBerry Attachment Service that affects how the BlackBerry Attachment Service processes PDF files.

219

Security Conditions  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

To ensure that DOE uniformly meets the protection requirements specified in Presidential Decision Directive 39, "U.S. Policy on Counterterrorism (U)." Attachment 2 is no longer available online. Please e-mail your request for the Attachment to: Security.Directives@hq.doe.gov. DOE N 251.44, dated 05/06/02, extends this directive until 12/31/02.

2000-09-18T23:59:59.000Z

220

Personnel Security  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

The order establishes requirements that will enable DOE to operate a successful, efficient, cost-effective personnel security program that will ensure accurate, timely and equitable determinations of individuals eligibility for access to classified information and Special Nuclear Material (SNM). Admin Chg 1, 10-8-13.

2011-07-27T23:59:59.000Z

Note: This page contains sample records for the topic "multiple security vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


221

SECURITY HANDBOOK 2 UH IT SECURITY HANDBOOK  

E-Print Network [OSTI]

Administration · 2-Factor Authentication Administration for PCI compliance · Web Site Security Scanning, please contact security@uh.edu. · Web Site Security Scanning · 2-Factor Authentication Administration

Azevedo, Ricardo

222

IMPLEMENTING MULTIPLE CHANNELS OVER SSL Yong Song, Victor C.M. Leung, Konstantin Beznosov  

E-Print Network [OSTI]

IMPLEMENTING MULTIPLE CHANNELS OVER SSL Yong Song, Victor C.M. Leung, Konstantin Beznosov:{yongs,vleung,beznosov}@ece.ubc.ca Keywords: Communication security, Mobile security, Multiple channels, SSL Abstract: Multiple-Channel SSL (MC-SSL) is our model and protocol for the security of client-server communication. In contrast to SSL

223

Physical security and tamper-indicating devices  

SciTech Connect (OSTI)

Computer systems, electronic communications, digital data, and computer storage media are often highly vulnerable to physical tampering. Tamper-indicating devices, also called security seals, are widely used to detect physical tampering or unauthorized access. We studied 94 different security seals, both passive and electronic, developed either commercially or by the US government. Most of these seals are in wide-spread use, including for critical applications. We learned how to defeat all 94 seals using rapid, inexpensive, low-tech methods. Cost was not a good predictor of seal security. It appears to us that many of these seals can be dramatically improved with minor, low-cost modifications to either the seal or the use protocol.

Johnston, R.G.; Garcia, A.R.E.

1997-02-01T23:59:59.000Z

224

Safeguards Evaluation Method for evaluating vulnerability to insider threats  

SciTech Connect (OSTI)

As protection of DOE facilities against outsiders increases to acceptable levels, attention is shifting toward achieving comparable protection against insiders. Since threats and protection measures for insiders are substantially different from those for outsiders, new perspectives and approaches are needed. One such approach is the Safeguards Evaluation Method. This method helps in assessing safeguards vulnerabilities to theft or diversion of special nuclear meterial (SNM) by insiders. The Safeguards Evaluation Method-Insider Threat is a simple model that can be used by safeguards and security planners to evaluate safeguards and proposed upgrades at their own facilities. The method is used to evaluate the effectiveness of safeguards in both timely detection (in time to prevent theft) and late detection (after-the-fact). The method considers the various types of potential insider adversaries working alone or in collusion with other insiders. The approach can be used for a wide variety of facilities with various quantities and forms of SNM. An Evaluation Workbook provides documentation of the baseline assessment; this simplifies subsequent on-site appraisals. Quantitative evaluation is facilitated by an accompanying computer program. The method significantly increases an evaluation team's on-site analytical capabilities, thereby producing a more thorough and accurate safeguards evaluation.

Al-Ayat, R.A.; Judd, B.R.; Renis, T.A.

1986-01-01T23:59:59.000Z

225

National Nuclear Security Administration  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

FROM: SUBJECT: USIUK Memorandum of Understanding between National Nuclear Security Administration's (NNSA) Associate Administrator for Defense Nuclear Security (AADNS)...

226

Multiplex Chaos Synchronization in Semiconductor Lasers with Multiple Optoelectronic Feedbacks  

E-Print Network [OSTI]

Secure chaos based multiplex communication system scheme is proposed utilizing globally coupled semiconductor lasers with multiple variable time delay optoelectronic feedbacks.

E. M. Shahverdiev; K. A. Shore

2011-11-06T23:59:59.000Z

227

Security seal  

DOE Patents [OSTI]

Security for a package or verifying seal in plastic material is provided by a print seal with unique thermally produced imprints in the plastic. If tampering is attempted, the material is irreparably damaged and thus detectable. The pattern of the imprints, similar to "fingerprints" are recorded as a positive identification for the seal, and corresponding recordings made to allow comparison. The integrity of the seal is proved by the comparison of imprint identification records made by laser beam projection.

Gobeli, Garth W. (Albuquerque, NM)

1985-01-01T23:59:59.000Z

228

CS2SAT: THE CONTROL SYSTEMS CYBER SECURITY SELF-ASSESSMENT TOOL  

SciTech Connect (OSTI)

The Department of Homeland Security National Cyber Security Division has developed the Control System Cyber Security Self-Assessment Tool (CS2SAT) that provides users with a systematic and repeatable approach for assessing the cyber-security posture of their industrial control system networks. The CS2SAT was developed by cyber security experts from Department of Energy National Laboratories and with assistance from the National Institute of Standards and Technology. The CS2SAT is a desktop software tool that guides users through a step-by-step process to collect facility-specific control system information and then makes appropriate recommendations for improving the systems cyber-security posture. The CS2SAT provides recommendations from a database of industry available cyber-security practices, which have been adapted specifically for application to industry control system networks and components. Each recommendation is linked to a set of actions that can be applied to remediate-specific security vulnerabilities.

Kathleen A. Lee

2008-01-01T23:59:59.000Z

229

Social vulnerability indicators as a sustainable planning tool  

SciTech Connect (OSTI)

In the face of global warming and environmental change, the conventional strategy of resource centralization will not be able to cope with a future of increasingly extreme climate events and related disasters. It may even contribute to inter-regional disparities as a result of these events. To promote sustainable development, this study offers a case study of developmental planning in Chiayi, Taiwan and a review of the relevant literature to propose a framework of social vulnerability indicators at the township level. The proposed framework can not only be used to measure the social vulnerability of individual townships in Chiayi, but also be used to capture the spatial developmental of Chiayi. Seventeen social vulnerability indicators provide information in five dimensions. Owing to limited access to relevant data, the values of only 13 indicators were calculated. By simply summarizing indicators without using weightings and by using zero-mean normalization to standardize the indicators, this study calculates social vulnerability scores for each township. To make social vulnerability indicators more useful, this study performs an overlay analysis of social vulnerability and patterns of risk associated with national disasters. The social vulnerability analysis draws on secondary data for 2012 from Taiwan's National Geographic Information System. The second layer of analysis consists of the flood potential ratings of the Taiwan Water Resources Agency as an index of biophysical vulnerability. The third layer consists of township-level administrative boundaries. Analytical results reveal that four out of the 18 townships in Chiayi not only are vulnerable to large-scale flooding during serious flood events, but also have the highest degree of social vulnerability. Administrative boundaries, on which social vulnerability is based, do not correspond precisely to cross-administrative boundaries, which are characteristics of the natural environment. This study adopts an exploratory approach that provides Chiayi and other government agencies with a foundation for sustainable strategic planning for environmental change. The final section offers four suggestions concerning the implications of social vulnerability for local development planning. -- Highlights: This study proposes a framework of social vulnerability indicators at the township level in Chiayi County, Taiwan. Seventeen social vulnerability indicators are categorized into four dimensions. This study performs a three-layer overlay analysis of social vulnerability and natural disaster risk patterns. 4 out of the 18 townships not only have potential for large-scale flooding, but also high degree of social vulnerability. This study provides a foundation for sustainable strategic planning to deal with environmental change. Four suggestions are proposed regarding the implications of social vulnerability for local development planning.

Lee, Yung-Jaan, E-mail: yungjaanlee@gmail.com

2014-01-15T23:59:59.000Z

230

Personnel Security  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

The order establishes requirements that will enable DOE to operate a successful, efficient, cost-effective personnel security program that will ensure accurate, timely and equitable determinations of individuals eligibility for access to classified information and Special Nuclear Material (SNM). This limited revision will ensure that individuals holding dual citizenship receive proper consideration from a counterintelligence perspective prior to being granted access to classified matter or Special Nuclear Material. Pg Chg 1, 7-9-14 cancels DOE O 472.2 Admin Chg 1.

2011-07-21T23:59:59.000Z

231

Evaluating operating system vulnerability to memory errors.  

SciTech Connect (OSTI)

Reliability is of great concern to the scalability of extreme-scale systems. Of particular concern are soft errors in main memory, which are a leading cause of failures on current systems and are predicted to be the leading cause on future systems. While great effort has gone into designing algorithms and applications that can continue to make progress in the presence of these errors without restarting, the most critical software running on a node, the operating system (OS), is currently left relatively unprotected. OS resiliency is of particular importance because, though this software typically represents a small footprint of a compute node's physical memory, recent studies show more memory errors in this region of memory than the remainder of the system. In this paper, we investigate the soft error vulnerability of two operating systems used in current and future high-performance computing systems: Kitten, the lightweight kernel developed at Sandia National Laboratories, and CLE, a high-performance Linux-based operating system developed by Cray. For each of these platforms, we outline major structures and subsystems that are vulnerable to soft errors and describe methods that could be used to reconstruct damaged state. Our results show the Kitten lightweight operating system may be an easier target to harden against memory errors due to its smaller memory footprint, largely deterministic state, and simpler system structure.

Ferreira, Kurt Brian; Bridges, Patrick G. (University of New Mexico); Pedretti, Kevin Thomas Tauke; Mueller, Frank (North Carolina State University); Fiala, David (North Carolina State University); Brightwell, Ronald Brian

2012-05-01T23:59:59.000Z

232

IT Security IT Services  

E-Print Network [OSTI]

Firewall management VPN Service SSL certificates Vulnerability scanning Tripwire 4 #12;Incident area VPNs 8 #12;SSL Certificates SSL Server certificates Coming soon Extended Validation 9 #12

233

AFTER A Framework for electrical power sysTems vulnerability...  

Open Energy Info (EERE)

Germany) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Germany Coordinates...

234

India-Vulnerability Assessment and Enhancing Adaptive Capacities...  

Open Energy Info (EERE)

Adaptive Capacities to Climate Change Jump to: navigation, search Name India-Vulnerability Assessment and Enhancing Adaptive Capacities to Climate Change AgencyCompany...

235

Mapping Climate Change Vulnerability and Impact Scenarios - A...  

Open Energy Info (EERE)

Sub-national Planners Jump to: navigation, search Tool Summary LAUNCH TOOL Name: Mapping Climate Change Vulnerability and Impact Scenarios - A Guidebook for Sub-national Planners...

236

areas vulnerabilities impacts: Topics by E-print Network  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

on residential electricity consumption for the nine San Francisco Bay Area counties 22 Seismic vulnerability analysis of moderate seismicity areas using in situ experimental...

237

assessing infrastructure vulnerability: Topics by E-print Network  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Websites Summary: , by improving the seismic hazard evaluation using probabilistic seismic hazard assessment (PSHA) methodsSeismic vulnerability assessment to slight dam- age...

238

AFTER A Framework for electrical power sysTems vulnerability...  

Open Energy Info (EERE)

Norway) Jump to: navigation, search Project Name AFTER A Framework for electrical power sysTems vulnerability identification, dEfense and Restoration Country Norway Coordinates...

239

Antioch University and EPA Webinar: Assessing Vulnerability of...  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

Water Conveyance Infrastructure from a Changing Climate in the Context of a Changing Landscape Antioch University and EPA Webinar: Assessing Vulnerability of Water Conveyance...

240

AFTER A Framework for electrical power sysTems vulnerability...  

Open Energy Info (EERE)

Projects Map1 Overview AFTER addresses vulnerability evaluation and contingency planning of the energy grids and energy plants considering also the ICT systems used in...

Note: This page contains sample records for the topic "multiple security vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


241

U-086:Linux Kernel "/proc//mem" Privilege Escalation Vulnerability  

Broader source: Energy.gov [DOE]

A vulnerability has been discovered in the Linux Kernel, which can be exploited by malicious, local users to gain escalated privileges.

242

AFTER A Framework for electrical power sysTems vulnerability...  

Open Energy Info (EERE)

:"","inlineLabel":"","visitedicon":"" Display map Period 2011-2014 References EU Smart Grid Projects Map1 Overview AFTER addresses vulnerability evaluation and contingency...

243

Border Security | ornl.gov  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Border Security SHARE Border Security Testing of unmanned aerial surveillance equipment. ORNL performs border security research at the Security Sciences Field Laboratory (SSFL),...

244

Visualizing Cyber Security: Usable Workspaces  

SciTech Connect (OSTI)

An environment that supports cyber analytics work should enable multiple, simultaneous investigations, information foraging, and provide a solution space for organizing data. We describe our study of cyber security professionals and visualizations in a large, high-resolution display work environment. We discuss the tasks and needs of analysts that such an environment can support and present several prototypes designed to support these needs. We conclude with a usability evaluation of the prototypes and additional lessons learned.

Fink, Glenn A.; North, Christopher L.; Endert, Alexander; Rose, Stuart J.

2009-10-11T23:59:59.000Z

245

Cyber-Security Considerations for the Smart Grid  

SciTech Connect (OSTI)

The electrical power grid is evolving into the smart grid. The goal of the smart grid is to improve efficiency and availability of power by adding more monitoring and control capabilities. These new technologies and mechanisms are certain to introduce vulnerabilities into the power grid. In this paper we provide an overview of the cyber security state of the electrical power grid. We highlight some of the vulnerabilities that already exist in the power grid including limited capacity systems, implicit trust and the lack of authentication. We also address challenges of complexity, scale, added capabilities and the move to multipurpose hardware and software as the power grid is upgraded. These changes create vulnerabilities that did not exist before and bring increased risks. We conclude the paper by showing that there are a number mitigation strategies that can help keep the risk at an acceptable level.

Clements, Samuel L.; Kirkham, Harold

2010-07-26T23:59:59.000Z

246

Designing security into software  

E-Print Network [OSTI]

When people talk about software security, they usually refer to security applications such as antivirus software, firewalls and intrusion detection systems. There is little emphasis on the security in the software itself. ...

Zhang, Chang Tony

2006-01-01T23:59:59.000Z

247

Threats to financial system security  

SciTech Connect (OSTI)

The financial system in the United States is slowly migrating from the bricks and mortar of banks on the city square to branch banks, ATM`s, and now direct linkage through computers to the home. Much work has been devoted to the security problems inherent in protecting property and people. The impact of attacks on the information aspects of the financial system has, however, received less attention. Awareness is raised through publicized events such as the junk bond fraud perpetrated by Milken or gross mismanagement in the failure of the Barings Bank through unsupervised trading activities by Leeson in Singapore. These events, although seemingly large (financial losses may be on the order of several billion dollars), are but small contributors to the estimated $114 billion loss to all types of financial fraud in 1993. Most of the losses can be traced to the contribution of many small attacks perpetrated against a variety of vulnerable components and systems. This paper explores the magnitude of these financial system losses and identifies new areas for security to be applied to high consequence events.

McGovern, D.E.

1997-06-01T23:59:59.000Z

248

Security guide for subcontractors  

SciTech Connect (OSTI)

This security guide of the Department of Energy covers contractor and subcontractor access to DOE and Mound facilities. The topics of the security guide include responsibilities, physical barriers, personnel identification system, personnel and vehicular access controls, classified document control, protecting classified matter in use, storing classified matter repository combinations, violations, security education clearance terminations, security infractions, classified information nondisclosure agreement, personnel security clearances, visitor control, travel to communist-controlled or sensitive countries, shipment security, and surreptitious listening devices.

Adams, R.C.

1991-01-01T23:59:59.000Z

249

T-616: PHP Stream Component Remote Denial of Service Vulnerability  

Broader source: Energy.gov [DOE]

PHP is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain FTP requests. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Versions prior to PHP 5.3.6 are vulnerable.

250

Personnel Security Activities  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

Establishes objectives, requirements and responsibilities for the Personnel Security Program and Personnel Security Assurance Program. Cancels DOE O 472.1B

2003-03-25T23:59:59.000Z

251

Global Nuclear Security  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Global Nuclear Security Both DOE and the National Nuclear Security Administration are working to reduce the risk of nuclear proliferation and provide technologies to improve...

252

Protection of Use Control Vulnerabilities and Designs  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

This Manual establishes a general process and provides direction for controlling access and dissemination of Sigma 14 and 15 Weapon Data at the Department of Energy (DOE). It supplements DOE O 452.4, SECURITY AND CONTROL OF NUCLEAR EXPLOSIVES AND NUCLEAR WEAPONS, which establishes DOE requirements and responsibilities to prevent the deliberate unauthorized use of U.S. nuclear explosives and U.S. nuclear weapons. Canceled by DOE M 452.4-1A. Does not cancel other directives.

1999-07-01T23:59:59.000Z

253

Security guide for subcontractors  

SciTech Connect (OSTI)

This guide is provided to aid in the achievement of security objectives in the Department of Energy (DOE) contractor/subcontractor program. The objectives of security are to protect information that, if released, would endanger the common defense and security of the nation and to safeguard plants and installations of the DOE and its contractors to prevent the interruption of research and production programs. The security objective and means of achieving the objective are described. Specific security measures discussed in this guide include physical barriers, personnel identification systems, personnel and vehicular access control, classified document control, protection of classified matter in use, storing classified matter, and repository combinations. Means of dealing with security violations and security infractions are described. Maintenance of a security education program is discussed. Also discussed are methods of handling clearance terminations, visitor control, travel to sensitive countries, and shipment security. The Technical Surveillance Countermeasures Program (TSCM), the Computer Security Program, and the Operations Security Plan (OPSEC) are examined.

Adams, R.C.

1993-06-01T23:59:59.000Z

254

Benjamin Livshits and Monica S. Lam 1. PHPList Admin Page SQL Injection Vulnerability  

E-Print Network [OSTI]

Escalation Vulnerability 8. Vim ModeLines Further Variant Arbitrary Command Execution Vulnerability 9. Zlib Local Race Condition Privilege Escalation Vulnerability 8. Vim ModeLines Further Variant Arbitrary

Livshits, Ben

255

EMISSION ABATEMENT VERSUS DEVELOPMENT AS STRATEGIES TO REDUCE VULNERABILITY TO CLIMATE CHANGE: AN APPLICATION OF  

E-Print Network [OSTI]

EMISSION ABATEMENT VERSUS DEVELOPMENT AS STRATEGIES TO REDUCE VULNERABILITY TO CLIMATE CHANGE development aid is more effective in reducing vulnerability than is emission abatement. The hypothesis, vulnerability, adaptive capacity, development #12;EMISSION ABATEMENT VERSUS DEVELOPMENT AS STRATEGIES TO REDUCE

256

Personnel Security Program Manual  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

provides detailed requirements and procedures to supplement DOE O 472.1B, PERSONNEL SECURITY ACTIVITIES, which establishes the overall objectives, requirements, and responsibilities for implementation and operation of the Personnel Security Program and the Personnel Security Assurance Program in the Department of Energy (DOE), including the National Nuclear Security Administration (NNSA). Cancels DOE M 472.1-1

2000-11-16T23:59:59.000Z

257

Personnel Security Manual  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

This Manual provides detailed requirements and procedures to supplement DOE O 472.1B, Personnel Security Activities, which establishes the overall objectives, requirements, and responsibilities for implementation and operation of the Personnel Security Program and the Personnel Security Assurance Program in the Department of Energy (DOE). This Manual addresses only the Personnel Security Program.

1998-05-22T23:59:59.000Z

258

Office of Security Assistance  

Broader source: Energy.gov [DOE]

The Office of Security Assistance manages the Technology Deployment Program to improve the security posture of the Department of Energy and the protection of its assets and facilities through the deployment of new safeguards and security technologies and development of advanced technologies that reduce operating costs, save protective force lives, and improve security effectiveness.

259

U-009:Microsoft Security Bulletin Summary for October 2011  

Broader source: Energy.gov [DOE]

Microsoft released 8 bulletins to address vulnerabilities. This Microsoft bulletin contains 2 critical vulnerabilities.

260

Secure Control Systems for the Energy Sector  

SciTech Connect (OSTI)

Schweitzer Engineering Laboratories (SEL) will conduct the Hallmark Project to address the need to reduce the risk of energy disruptions because of cyber incidents on control systems. The goals is to develop solutions that can be both applied to existing control systems and designed into new control systems to add the security measures needed to mitigate energy network vulnerabilities. The scope of the Hallmark Project contains four primary elements: 1. Technology transfer of the Secure Supervisory Control and Data Acquisition (SCADA) Communications Protocol (SSCP) from Pacific Northwest National Laboratories (PNNL) to Schweitzer Engineering Laboratories (SEL). The project shall use this technology to develop a Federal Information Processing Standard (FIPS) 140-2 compliant original equipment manufacturer (OEM) module to be called a Cryptographic Daughter Card (CDC) with the ability to directly connect to any PC enabling that computer to securely communicate across serial to field devices. Validate the OEM capabilities with another vendor. 2. Development of a Link Authenticator Module (LAM) using the FIPS 140-2 validated Secure SCADA Communications Protocol (SSCP) CDC module with a central management software kit. 3. Validation of the CDC and Link Authenticator modules via laboratory and field tests. 4. Creation of documents that record the impact of the Link Authenticator to the operators of control systems and on the control system itself. The information in the documents can assist others with technology deployment and maintenance.

Smith, Rhett; Campbell, Jack; Hadley, Mark

2012-03-31T23:59:59.000Z

Note: This page contains sample records for the topic "multiple security vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


261

U-097: PHP "php_register_variable_ex()" Code Execution Vulnerability...  

Broader source: Energy.gov (indexed) [DOE]

097: PHP "phpregistervariableex()" Code Execution Vulnerability U-097: PHP "phpregistervariableex()" Code Execution Vulnerability February 7, 2012 - 9:00am Addthis PROBLEM:...

262

U-157: Ruby Mail Gem Directory Traversal and Shell Command Injection Vulnerabilities  

Broader source: Energy.gov [DOE]

Some vulnerabilities have been reported in the Mail gem for Ruby, which can be exploited by malicious people to manipulate certain data and compromise a vulnerable system.

263

E-Print Network 3.0 - attitudes perceived vulnerability Sample...  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

vulnerability Page: << < 1 2 3 4 5 > >> 1 ORIGINAL ARTICLE Perceived Stress and Cognitive Vulnerability Mediate the Summary: ORIGINAL ARTICLE Perceived Stress and Cognitive...

264

The theory of diversity and redundancy in information system security : LDRD final report.  

SciTech Connect (OSTI)

The goal of this research was to explore first principles associated with mixing of diverse implementations in a redundant fashion to increase the security and/or reliability of information systems. Inspired by basic results in computer science on the undecidable behavior of programs and by previous work on fault tolerance in hardware and software, we have investigated the problem and solution space for addressing potentially unknown and unknowable vulnerabilities via ensembles of implementations. We have obtained theoretical results on the degree of security and reliability benefits from particular diverse system designs, and mapped promising approaches for generating and measuring diversity. We have also empirically studied some vulnerabilities in common implementations of the Linux operating system and demonstrated the potential for diversity to mitigate these vulnerabilities. Our results provide foundational insights for further research on diversity and redundancy approaches for information systems.

Mayo, Jackson R. (Sandia National Laboratories, Livermore, CA) [Sandia National Laboratories, Livermore, CA; Torgerson, Mark Dolan; Walker, Andrea Mae; Armstrong, Robert C. (Sandia National Laboratories, Livermore, CA) [Sandia National Laboratories, Livermore, CA; Allan, Benjamin A. (Sandia National Laboratories, Livermore, CA) [Sandia National Laboratories, Livermore, CA; Pierson, Lyndon George

2010-10-01T23:59:59.000Z

265

Protection of Use Control Vulnerabilities and Design  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

This manual establishes a general process and provides direction for controlling access to and disseminating Sigma 14 and 15 nuclear weapon data (NWD) at the Department of Energy (DOE). It supplements DOE O 452.4A, Security and Control of Nuclear Explosives and Nuclear Weapons, dated 12-17-01, which establishes DOE requirements and responsibilities to prevent the deliberate unauthorized use of U.S. nuclear explosives and nuclear weapons. Cancels DOE M 452.4-1. Canceled by DOE O 452.7, 5-14-2010

2004-03-11T23:59:59.000Z

266

Cyber Security & Smart Grid  

E-Print Network [OSTI]

Cyber Security & Smart Grid Jonathan Shapiro Texas Institute The Clean Air Through Energy Efficiency (CATEE) Conference Cyber Security & Smart Grid ESL-KT-11-11-23 CATEE 2011, Dallas, Texas, Nov. 7 ? 9, 2011 Cyber Security and The Smart... and communication protocols. ESL-KT-11-11-23 CATEE 2011, Dallas, Texas, Nov. 7 ? 9, 2011 Smart Grid Systems ?Current Cyber Security Issues ? Advanced Metering Infrastructure (AMI) Security ? The wireless devices are used in the smart meters located...

Shapiro, J.

2011-01-01T23:59:59.000Z

267

The 2011 Military Communications Conference -Track 3 -Cyber Security and Network Operations From Security to Vulnerability: Data Authentication  

E-Print Network [OSTI]

in Substation Automation Systems (SAS). To this end, we establish a small-scale SAS prototype with commonly, an upgrade of in formation technologies is essential from out-of-date serial communication technologies [2

Wang, Wenye

268

Automated Vulnerability Detection for Compiled Smart Grid Software  

SciTech Connect (OSTI)

While testing performed with proper experimental controls can provide scientifically quantifiable evidence that software does not contain unintentional vulnerabilities (bugs), it is insufficient to show that intentional vulnerabilities exist, and impractical to certify devices for the expected long lifetimes of use. For both of these needs, rigorous analysis of the software itself is essential. Automated software behavior computation applies rigorous static software analysis methods based on function extraction (FX) to compiled software to detect vulnerabilities, intentional or unintentional, and to verify critical functionality. This analysis is based on the compiled firmware, takes into account machine precision, and does not rely on heuristics or approximations early in the analysis.

Prowell, Stacy J [ORNL; Pleszkoch, Mark G [ORNL; Sayre, Kirk D [ORNL; Linger, Richard C [ORNL

2012-01-01T23:59:59.000Z

269

Analyzing the Security in the GSM Radio Network using Attack Jungles  

E-Print Network [OSTI]

Analyzing the Security in the GSM Radio Network using Attack Jungles Parosh Aziz Abdulla1 introduce the concept of attack jungles, which is a formalism for systematic representation of the vulnerabilities of systems. An attack jungle is a graph representation of all ways in which an attacker

Abdulla, Parosh Aziz

270

North American Electricity Infrastructure: System Security, Quality, Reliability, Availability, and Efficiency  

E-Print Network [OSTI]

1 North American Electricity Infrastructure: System Security, Quality, Reliability, Availability for reliable and disturbance-free electricity. The massive power outages in the United States, Canada, UK and Italy in 2003 underscored electricity infrastructure's vulnerabilities [1-11]. This vital yet complex

Amin, S. Massoud

271

sSCADA: Securing SCADA Infrastructure Communications Yongge Wang and Bei-Tseng Chu  

E-Print Network [OSTI]

sSCADA: Securing SCADA Infrastructure Communications Yongge Wang and Bei-Tseng Chu Dept. of SIS, UNC Charlotte, 9201 University City Blvd, Charlotte, NC 28223, August 5, 2004 Abstract Distributed, and wastewater industries. While control systems can be vulnerable to a variety of types of cyber attacks

272

Secure Communications in the Smart Grid Jeff Naruchitparames and Mehmet Hadi Gunes  

E-Print Network [OSTI]

Secure Communications in the Smart Grid Jeff Naruchitparames and Mehmet Hadi G¨unes¸ Department the smart grid by using smart meters as a gateway between intra- and inter-network communications if the communications infrastructure is insecure and vulnerable to cyber attacks. Currently, smart grid research focuses

Gunes, Mehmet Hadi

273

Climate Change Vulnerability and Resilience: Current Status and Trends for Mexico  

SciTech Connect (OSTI)

Climate change alters different localities on the planet in different ways. The impact on each region depends mainly on the degree of vulnerability that natural ecosystems and human-made infrastructure have to changes in climate and extreme meteorological events, as well as on the coping and adaptation capacity towards new environmental conditions. This study assesses the current resilience of Mexico and Mexican states to such changes, as well as how this resilience will look in the future. In recent studies (Moss et al. 2000, Brenkert and Malone 2005, Malone and Brenket 2008, Ibarrarn et al. 2007), the Vulnerability-Resilience Indicators Model (VRIM) is used to integrate a set of proxy variables that determine the resilience of a region to climate change. Resilience, or the ability of a region to respond to climate variations and natural events that result from climate change, is given by its adaptation and coping capacity and its sensitivity. On the one hand, the sensitivity of a region to climate change is assessed, emphasizing its infrastructure, food security, water resources, and the health of the population and regional ecosystems. On the other hand, coping and adaptation capacity is based on the availability of human resources, economic capacity and environmental capacity.

Ibarraran , Maria E.; Malone, Elizabeth L.; Brenkert, Antoinette L.

2008-12-30T23:59:59.000Z

274

Using Operational Security (OPSEC) to Support a Cyber Security...  

Broader source: Energy.gov (indexed) [DOE]

Cyber Security: Defense in Depth Strategies The Chief Information Officer (CIO) at the U 2014 Headquarters Facilities Master Security Plan - Chapter 8, Operations Security Program...

275

Information Security: Coordination of Federal Cyber Security...  

Broader source: Energy.gov (indexed) [DOE]

and Technology Policy establish timelines for developing a federal agenda for cyber security research. GAO also recommends that the Office of Management and Budget (OMB) issue...

276

Vulnerability and social risk management in India and Mexico  

E-Print Network [OSTI]

The development of effective community, regional and national risk-management strategies, especially for systemic risks, such as natural disasters, entails understanding the determinants of social vulnerability in individuals ...

Flores Ballesteros, Luis

2008-01-01T23:59:59.000Z

277

Assessing the vulnerability of the fiber infrastructure to disasters  

E-Print Network [OSTI]

Communication networks are vulnerable to natural disasters, such as earthquakes or floods, as well as to physical attacks, such as an Electromagnetic Pulse (EMP) attack. Such real- world events happen in specific geographical ...

Neumayer, Sebastian James

278

Nemesis: Preventing Authentication & Access Control Vulnerabilities in Web Applications  

E-Print Network [OSTI]

Nemesis: Preventing Authentication & Access Control Vulnerabilities in Web Applications Michael web applications. Authentication attacks occur when a web application authenticates users unsafely, granting access to web clients that lack the ap- propriate credentials. Access control attacks occur when

Sabatini, David M.

279

Assessing node risk and vulnerability in epidemics on networks  

E-Print Network [OSTI]

Which nodes are most vulnerable to an epidemic spreading through a network, and which carry the highest risk of causing a major outbreak if they are the source of the infection? Here we show how these questions can be answered to good approximation using the cavity method. Several curious properties of node vulnerability and risk are explored: some nodes are more vulnerable than others to weaker infections, yet less vulnerable to stronger ones; a node is always more likely to be caught in an outbreak than it is to start one, except when the disease has a deterministic lifetime; the rank order of node risk depends on the details of the distribution of infectious periods.

Rogers, Tim

2015-01-01T23:59:59.000Z

280

LAVA (Los Alamos Vulnerability and Risk Assessment Methodology): A conceptual framework for automated risk analysis  

SciTech Connect (OSTI)

At Los Alamos National Laboratory, we have developed an original methodology for performing risk analyses on subject systems characterized by a general set of asset categories, a general spectrum of threats, a definable system-specific set of safeguards protecting the assets from the threats, and a general set of outcomes resulting from threats exploiting weaknesses in the safeguards system. The Los Alamos Vulnerability and Risk Assessment Methodology (LAVA) models complex systems having large amounts of ''soft'' information about both the system itself and occurrences related to the system. Its structure lends itself well to automation on a portable computer, making it possible to analyze numerous similar but geographically separated installations consistently and in as much depth as the subject system warrants. LAVA is based on hierarchical systems theory, event trees, fuzzy sets, natural-language processing, decision theory, and utility theory. LAVA's framework is a hierarchical set of fuzzy event trees that relate the results of several embedded (or sub-) analyses: a vulnerability assessment providing information about the presence and efficacy of system safeguards, a threat analysis providing information about static (background) and dynamic (changing) threat components coupled with an analysis of asset ''attractiveness'' to the dynamic threat, and a consequence analysis providing information about the outcome spectrum's severity measures and impact values. By using LAVA, we have modeled our widely used computer security application as well as LAVA/CS systems for physical protection, transborder data flow, contract awards, and property management. It is presently being applied for modeling risk management in embedded systems, survivability systems, and weapons systems security. LAVA is especially effective in modeling subject systems that include a large human component.

Smith, S.T.; Lim, J.J.; Phillips, J.R.; Tisinger, R.M.; Brown, D.C.; FitzGerald, P.D.

1986-01-01T23:59:59.000Z

Note: This page contains sample records for the topic "multiple security vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


281

U-062: Pidgin SILC (Secure Internet Live Conferencing) Protocol Denial of Service Vulnerability  

Broader source: Energy.gov [DOE]

An attacker can exploit these issues by constructing and submitting a specially crafted SILC message. Successful exploits will cause the affected application to crash.

282

V-017: Apache Tomcat Security Bypass and Denial of Service Vulnerabilities  

Broader source: Energy.gov (indexed) [DOE]

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May Jun Jul(Summary) "ofEarlyEnergyDepartment of EnergyProgram2-26TheUtility-Scale Wind & Solar Power in the| Department

283

A Busy Year Securing Vulnerable Nuclear Material and Making the World Safer  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Delicious Rank EERE:YearRound-Up from theDepartment(October-December 2013Lamps;5SUMMARIES8/14Practices intoA

284

V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability |  

Broader source: Energy.gov (indexed) [DOE]

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May Jun Jul(Summary) "ofEarly Career Scientists' Research Petroleum ReserveDepartmentScripting Attacks |Department of Energy has

285

V-197: Adobe ColdFusion 10 WebSockets Security Bypass Vulnerability |  

Broader source: Energy.gov (indexed) [DOE]

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May Jun Jul(Summary) "ofEarly Career Scientists' Research Petroleum ReserveDepartmentScripting AttacksThereDepartment of

286

U-117: Potential security vulnerability has been identified with certain HP  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Delicious RankCombustion |Energy Usage »of EnergyTheTwo New Energy Storage6 (07/03)Arbitraryprinters and HP

287

U-188: MySQL User Login Security Bypass and Unspecified Vulnerability  

Broader source: Energy.gov [DOE]

An error when verifying authentication attempts can be exploited to bypass the authentication mechanism.

288

Information Security Group IY5512 Computer Security  

E-Print Network [OSTI]

for process that controls interactions between users and resources. · Access control system implements Information Security Group Agenda · Access control basics · ACLs and capabilities · Information flow policies· Information flow policies · Bell-LaPadula Model · Role-Based Access Control · Resources 3 Information Security

Mitchell, Chris

289

INFRASTRUCTURE SECURITY & ENERGY  

E-Print Network [OSTI]

price monitoring #12;INFRASTRUCTURE SECURITY & ENERGY RESTORATION OFFICE of ELECTRICITY DELIVERYINFRASTRUCTURE SECURITY & ENERGY RESTORATION OFFICE of ELECTRICITY DELIVERY & ENERGY RELIABILITY Real Time Monitoring of Energy Infrastructure Status Patrick Willging, PE Office of Electricity

Schrijver, Karel

290

Office of Security Policy  

Broader source: Energy.gov [DOE]

The Office of Security Policy is the central source within the Department of Energy for the development and analysis of safeguards and security policies and standards affecting facilities, nuclear materials, personnel, and classified information.

291

Data Security ROCKVILLE, MD  

E-Print Network [OSTI]

by respondent identification. Thus, data security plans must be tailored to the unique needs and concerns of each data set: a "one-security-plan-fits-all" approach is neither feasible nor desirable. Nevertheless

Rau, Don C.

292

Personnel Security Program Manual  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

This Manual provides detailed requirements and procedures to supplement DOE O 472.1B, Personnel Security Activities, which establishes the overall objectives, requirements, and responsibilities for implementation and operation of the Personnel Security Program and the Personnel Security Assurance Program in the Department of Energy (DOE), including the National Nuclear Security Administration (NNSA). Extended until 7-7-06 by DOE N 251.64, dated 7-7-05 Cancels: DOE M 472.1-1A.

2001-07-12T23:59:59.000Z

293

Security system signal supervision  

SciTech Connect (OSTI)

This purpose of this NUREG is to present technical information that should be useful to NRC licensees for understanding and applying line supervision techniques to security communication links. A review of security communication links is followed by detailed discussions of link physical protection and DC/AC static supervision and dynamic supervision techniques. Material is also presented on security for atmospheric transmission and video line supervision. A glossary of security communication line supervision terms is appended. 16 figs.

Chritton, M.R. (BE, Inc., Barnwell, SC (United States)); Matter, J.C. (Sandia National Labs., Albuquerque, NM (United States))

1991-09-01T23:59:59.000Z

294

Wide Area Security Region Final Report  

SciTech Connect (OSTI)

This report develops innovative and efficient methodologies and practical procedures to determine the wide-area security region of a power system, which take into consideration all types of system constraints including thermal, voltage, voltage stability, transient and potentially oscillatory stability limits in the system. The approach expands the idea of transmission system nomograms to a multidimensional case, involving multiple system limits and parameters such as transmission path constraints, zonal generation or load, etc., considered concurrently. The security region boundary is represented using its piecewise approximation with the help of linear inequalities (so called hyperplanes) in a multi-dimensional space, consisting of system parameters that are critical for security analyses. The goal of this approximation is to find a minimum set of hyperplanes that describe the boundary with a given accuracy. Methodologies are also developed to use the security hyperplanes, pre-calculated offline, to determine system security margins in real-time system operations, to identify weak elements in the system, and to calculate key contributing factors and sensitivities to determine the best system controls in real time and to assist in developing remedial actions and transmission system enhancements offline . A prototype program that automates the simulation procedures used to build the set of security hyperplanes has also been developed. The program makes it convenient to update the set of security hyperplanes necessitated by changes in system configurations. A prototype operational tool that uses the security hyperplanes to assess security margins and to calculate optimal control directions in real time has been built to demonstrate the project success. Numerical simulations have been conducted using the full-size Western Electricity Coordinating Council (WECC) system model, and they clearly demonstrated the feasibility and the effectiveness of the developed technology. Recommendations for the future work have also been formulated.

Makarov, Yuri V.; Lu, Shuai; Guo, Xinxin; Gronquist, James; Du, Pengwei; Nguyen, Tony B.; Burns, J. W.

2010-03-31T23:59:59.000Z

295

Secure MISO Cognitive Radio System with Perfect and Imperfect CSI  

E-Print Network [OSTI]

Secure MISO Cognitive Radio System with Perfect and Imperfect CSI Taesoo Kwon, Vincent W.S. Wong eavesdrop on the primary link. This paper explores multiple-input single-output (MISO) CR systems where a multiple- input single-output (MISO) beamforming algorithm for the secondary system. However, it only

Wong, Vincent

296

Supporting Multiple Workloads, Batch Systems,  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr MayAtmosphericNuclear Security AdministrationcontrollerNanocrystalline Gallium OxideSuminDepositionSupplierSupporting Multiple

297

Climate variability and climate change vulnerability and adaptation. Workshop summary  

SciTech Connect (OSTI)

Representatives from fifteen countries met in Prague, Czech Republic, on September 11-15, 1995, to share results from the analysis of vulnerability and adaptation to global climate change. The workshop focused on the issues of global climate change and its impacts on various sectors of a national economy. The U.N. Framework Convention on Climate Change (FCCC), which has been signed by more than 150 governments worldwide, calls on signatory parties to develop and communicate measures they are implementing to respond to global climate change. An analysis of a country`s vulnerability to changes in the climate helps it identify suitable adaptation measures. These analyses are designed to determine the extent of the impacts of global climate change on sensitive sectors such as agricultural crops, forests, grasslands and livestock, water resources, and coastal areas. Once it is determined how vulnerable a country may be to climate change, it is possible to identify adaptation measures for ameliorating some or all of the effects.The objectives of the vulnerability and adaptation workshop were to: The objectives of the vulnerability and adaptation workshop were to: Provide an opportunity for countries to describe their study results; Encourage countries to learn from the experience of the more complete assessments and adjust their studies accordingly; Identify issues and analyses that require further investigation; and Summarize results and experiences for governmental and intergovernmental organizations.

Bhatti, N.; Cirillo, R.R. [Argonne National Lab., IL (United States); Dixon, R.K. [U.S. Country Studies Program, Washington, DC (United States)] [and others

1995-12-31T23:59:59.000Z

298

Tag: Security | Y-12 National Security Complex  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr MayAtmosphericNuclear Security AdministrationcontrollerNanocrystallineForeign ObjectOUR TableE9. TotalNumberSecurity Tag: Security

299

Tag: security | Y-12 National Security Complex  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr MayAtmosphericNuclear Security AdministrationcontrollerNanocrystallineForeign ObjectOUR TableE9.security Tag: security Displaying 1 -

300

Secure Storage | Y-12 National Security Complex  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr MayAtmosphericNuclear Security Administrationcontroller systemsBi (2) SrEvaluating the Seasonalsw ' b 0 % bP.SecureSecure Storage

Note: This page contains sample records for the topic "multiple security vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


301

What is Security? A perspective on achieving security  

SciTech Connect (OSTI)

This presentation provides a perspective on achieving security in an organization. It touches upon security as a mindset, ability to adhere to rules, cultivating awareness of the reason for a security mindset, the quality of a security program, willingness to admit fault or acknowledge failure, peer review in security, science as a model that can be applied to the security profession, the security vision, security partnering, staleness in the security program, security responsibilities, and achievement of success over time despite the impossibility of perfection.

Atencio, Julian J.

2014-05-05T23:59:59.000Z

302

Chemical Safety Vulnerability Working Group report. Volume 1  

SciTech Connect (OSTI)

The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 1 contains the Executive summary; Introduction; Summary of vulnerabilities; Management systems weaknesses; Commendable practices; Summary of management response plan; Conclusions; and a Glossary of chemical terms.

Not Available

1994-09-01T23:59:59.000Z

303

[1] B. Genge, C. Siaterlis, and M. Hohenadel. AMICI: an assessment platform for multi-domain security experimentation on critical infrastructures. In B. M. Hmmerli, N. Kalstad Svendsen, and  

E-Print Network [OSTI]

critical infrastructures (NCIs), e.g., power plants. They revealed several vulnerabilities in today's NCIs: ICT, power grid and railway. Keywords: Critical Infrastructure; security; experimentation; testbed [2] B. Reaves and T. Morris. An open virtual testbed for industrial control system security research

Briesemeister, Linda

304

Securing Internet Routing Securing Internet Routing  

E-Print Network [OSTI]

Plane (Routing protocols): S h b d Secure BGP [Kent Lynn Seo 00] soBGP, IRV, SPV, pgBGP, psBGP, Listen Whisper etc Set up paths between nodes [Kent Lynn Seo 00] Listen-Whisper, etc., Data Plane: Given d Secure BGP [Kent Lynn Seo 00] soBGP, IRV, SPV, pgBGP, psBGP, Listen Whisper etc Set up paths

Goldberg, Sharon

305

Development of an Automated Security Risk Assessment Methodology Tool for Critical Infrastructures.  

SciTech Connect (OSTI)

This document presents the security automated Risk Assessment Methodology (RAM) prototype tool developed by Sandia National Laboratories (SNL). This work leverages SNL's capabilities and skills in security risk analysis and the development of vulnerability assessment/risk assessment methodologies to develop an automated prototype security RAM tool for critical infrastructures (RAM-CITM). The prototype automated RAM tool provides a user-friendly, systematic, and comprehensive risk-based tool to assist CI sector and security professionals in assessing and managing security risk from malevolent threats. The current tool is structured on the basic RAM framework developed by SNL. It is envisioned that this prototype tool will be adapted to meet the requirements of different CI sectors and thereby provide additional capabilities.

Jaeger, Calvin D.; Roehrig, Nathaniel S.; Torres, Teresa M.

2008-12-01T23:59:59.000Z

306

Vulnerability Analysis Considerations for the Transportation of Special Nuclear Material  

SciTech Connect (OSTI)

The vulnerability analysis methodology developed for fixed nuclear material sites has proven to be extremely effective in assessing associated transportation issues. The basic methods and techniques used are directly applicable to conducting a transportation vulnerability analysis. The purpose of this paper is to illustrate that the same physical protection elements (detection, delay, and response) are present, although the response force plays a dominant role in preventing the theft or sabotage of material. Transportation systems are continuously exposed to the general public whereas the fixed site location by its very nature restricts general public access.

Nicholson, Lary G.; Purvis, James W.

1999-07-21T23:59:59.000Z

307

Multiple Critical Vulnerabilities in Blackboard due to persistent Cross Site Scripting and Authorization bugs  

E-Print Network [OSTI]

and Authorization bugs Tung Tran tunghack@gmail.com Alireza Saberi - saberi.alireza@gmail.com The current version

Sekar, R.

308

U-022: Apple QuickTime Multiple Vulnerabilities | Department of Energy  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Delicious RankCombustion |Energy Usage »of EnergyTheTwo New Energy Storage6 (07/03) OMB Control2: Apple QuickTime

309

T-629: Avaya WinPDM Multiple Buffer Overflow Vulnerabilities | Department  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Delicious RankCombustion |Energy Usage »of Energy Strain Rate4SuperhardSuspectEnginesSystemsForgery7:|7: Adobeof

310

U-042: Mac RealPlayer Multiple Vulnerabilities | Department of Energy  

Energy Savers [EERE]

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Office of Inspector GeneralDepartment of EnergyofProject is on Track | Department ofLLCU-023: Debian update

311

U-146: Adobe Reader/Acrobat Multiple Vulnerabilities | Department of Energy  

Energy Savers [EERE]

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Office of Inspector GeneralDepartment of EnergyofProject is on Track | Department ofLLCU-023: Debian|

312

U-186: IBM WebSphere Sensor Events Multiple Vulnerabilities | Department of  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Delicious Rank EERE:YearRound-Up from theDepartment of EnergyTheDepartment of

313

V-041: Red Hat CloudForms Multiple Vulnerabilities | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May Jun Jul(Summary) "ofEarly Career Scientists' Research Petroleum ReserveDepartment ofEnergy,PotomacGeneratorsA documentRed Hat

314

V-158: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities |  

Broader source: Energy.gov (indexed) [DOE]

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May Jun Jul(Summary) "ofEarly Career Scientists' Research Petroleum ReserveDepartmentScripting Attacks | DepartmentDepartment of

315

V-191: Apple Mac OS X Multiple Vulnerabilities | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May Jun Jul(Summary) "ofEarly Career Scientists' Research Petroleum ReserveDepartmentScripting AttacksThere isAttacksService onApple

316

U-228: BlackBerry Tablet OS Flash Player Multiple Vulnerabilities |  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Delicious RankCombustion |Energy Usage »of EnergyTheTwo New Energy Storage6ScriptingURL Address Bar,Department of

317

Multiple layer insulation cover  

DOE Patents [OSTI]

A multiple layer insulation cover for preventing heat loss in, for example, a greenhouse, is disclosed. The cover is comprised of spaced layers of thin foil covered fabric separated from each other by air spaces. The spacing is accomplished by the inflation of spaced air bladders which are integrally formed in the cover and to which the layers of the cover are secured. The bladders are inflated after the cover has been deployed in its intended use to separate the layers of the foil material. The sizes of the material layers are selected to compensate for sagging across the width of the cover so that the desired spacing is uniformly maintained when the cover has been deployed. The bladders are deflated as the cover is stored thereby expediting the storage process and reducing the amount of storage space required.

Farrell, James J. (Livingston Manor, NY); Donohoe, Anthony J. (Ovid, NY)

1981-11-03T23:59:59.000Z

318

Energy Security Initiatives Update  

Broader source: Energy.gov [DOE]

Presentationgiven at the Spring 2009 Federal Utility Partnership Working Group (FUPWG) meetinglists Federal government energy security initiatives.

319

Industrial Security Specialst  

Broader source: Energy.gov [DOE]

A successful candidate in this position will serve in a developmental capacity assisting senior specialists in carrying out a variety of industrial security and oversight functions.

320

Nevada National Security Site  

Broader source: Energy.gov [DOE]

HISTORYIn 1950, President Truman established what is now known as the Nevada National Security Site (NNSS) to perform nuclear weapons testing activities. In support of national defense initiatives...

Note: This page contains sample records for the topic "multiple security vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


321

Securing Cloud Storage Service.  

E-Print Network [OSTI]

?? Cloud computing brought flexibility, scalability, and capital cost savings to the IT industry. As more companies turn to cloud solutions, securing cloud based services (more)

Zapolskas, Vytautas

2012-01-01T23:59:59.000Z

322

National Nuclear Security Administration  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

the safety, security and effectiveness of the nuclear deterrent without underground nuclear testing, consistent with the principles of the Stockpile Management Program...

323

TEC Information Security  

Broader source: Energy.gov (indexed) [DOE]

External Coordination Working Group Information Security E. Ralph Smith, Manager Institutional Programs April 22, 2004 Albuquerque, NM WIPP * Open communications * Notifications *...

324

Cyber Security Architecture Guidelines  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

This Guide provides supplemental information on the implementation of cyber security architectures throughout the Department of Energy. Canceled by DOE N 205.18

2001-03-08T23:59:59.000Z

325

National Nuclear Security Administration  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Project Reviews, etc., except those specifically reserved for the Administrator for the National Nuclear Security Administration and the Deputy Secretary. cc: Mike Hickman. NA-Stl...

326

NNSA orders security enhancements  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

badge or valid driver's license) before proceeding, and will be asked to vouch for other vehicle occupants. LOS ALAMOS, N. M., Dec. 21, 2012-The National Nuclear Security...

327

Hazardous Material Security (Maryland)  

Broader source: Energy.gov [DOE]

All facilities processing, storing, managing, or transporting hazardous materials must be evaluated every five years for security issues. A report must be submitted to the Department of the...

328

National Nuclear Security Administration  

Broader source: Energy.gov (indexed) [DOE]

and Related Structures within TA-3 at Los Alamos National Laboratory, Los Alamos, New Mexico U. S. Department of Energy National Nuclear Security Administration Los Alamos Area...

329

National Security Initiatives | ORNL  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Our Primary Thrusts A science-based approach to cyber security Develop breakthrough nuclear forensic science Expand bioinformatics program to address critical biosurveillance gaps...

330

Experimental Investigation of Microwave Vulnerabilities in CMOS Inverters  

E-Print Network [OSTI]

Experimental Investigation of Microwave Vulnerabilities in CMOS Inverters Agis A. Iliadis effects on single CMOS inverters, the fundamental building block of logic ICs, consisting of an NMOS and a PMOS transistor. The inverters were designed in our group and fabricated in the AMI-1.5µm MOSIS line

Anlage, Steven

331

NV: Nessus Vulnerability Visualization for the Web Lane Harrison  

E-Print Network [OSTI]

NV: Nessus Vulnerability Visualization for the Web Lane Harrison Oak Ridge National Laboratory Oak Ridge TN, USA harrisonlt@ornl.gov Riley Spahn Oak Ridge National Laboratory Oak Ridge TN, USA spahnrb1@ornl.gov Mike Iannacone Oak Ridge National Laboratory Oak Ridge TN, USA iannaconemd@ornl.gov Evan

Kaiser, Gail E.

332

Vulnerability of Hydropower Projects to Climate Change Revision: 20th  

E-Print Network [OSTI]

Vulnerability of Hydropower Projects to Climate Change Revision: 20th December 2001 Dr Gareth P and increased use of renewable sources including hydropower. Paradoxically, climate change itself may alter role in whether emissions cuts are achieved. 2. Climate Change and Hydropower A rising demand

Harrison, Gareth

333

Climate Change, Agriculture and Poverty Vulnerabilityand Poverty Vulnerability  

E-Print Network [OSTI]

Climate Change, Agriculture and Poverty Vulnerabilityand Poverty Vulnerability Presentation by-Medium-High productivity Implications for agricultural production, trade and poverty The issue of climate volatility Impact of extreme climate events on poverty #12;Climate Science Debate Detection: - Little doubt about

334

Public perspectives on nuclear security. US national security surveys, 1993--1997  

SciTech Connect (OSTI)

This is the third report in a series of studies to examine how US attitudes about nuclear security are evolving in the post-Cold War era and to identify trends in public perceptions and preferences relevant to the evolution of US nuclear security policy. It presents findings from three surveys: a nationwide telephone survey of randomly selected members of the US general public; a written survey of randomly selected members of American Men and Women of Science; and a written survey of randomly selected state legislators from all fifty US states. Key areas of investigation included nuclear security, cooperation between US and Russian scientists about nuclear issues, vulnerabilities of critical US infrastructures and responsibilities for their protection, and broad areas of US national science policy. While international and US national security were seen to be slowly improving, the primary nuclear threat to the US was perceived to have shifted from Russia to China. Support was found for nuclear arms control measures, including mutual reductions in stockpiles. However, respondents were pessimistic about eliminating nuclear armaments, and nuclear deterrence continued to be highly values. Participants favored decreasing funding f/or developing and testing new nuclear weapons, but supported increased investments in nuclear weapons infrastructure. Strong concerns were expressed about nuclear proliferation and the potential for nuclear terrorism. Support was evident for US scientific cooperation with Russia to strengthen security of Russian nuclear assets. Elite and general public perceptions of external and domestic nuclear weapons risks and external and domestic nuclear weapons benefits were statistically significantly related to nuclear weapons policy options and investment preferences. Demographic variables and individual belief systems were systematically related both to risk and benefit perceptions and to policy and spending preferences.

Herron, K.G.; Jenkins-Smith, H.C. [Univ. of New Mexico, Albuquerque, NM (United States). UNM Inst. for Public Policy

1998-08-01T23:59:59.000Z

335

INDUSTRIAL CONTROL SYSTEM CYBER SECURITY: QUESTIONS AND ANSWERS RELEVANT TO NUCLEAR FACILITIES, SAFEGUARDS AND SECURITY  

SciTech Connect (OSTI)

Typical questions surrounding industrial control system (ICS) cyber security always lead back to: What could a cyber attack do to my system(s) and; how much should I worry about it? These two leading questions represent only a fraction of questions asked when discussing cyber security as it applies to any program, company, business, or organization. The intent of this paper is to open a dialog of important pertinent questions and answers that managers of nuclear facilities engaged in nuclear facility security and safeguards should examine, i.e., what questions should be asked; and how do the answers affect an organization's ability to effectively safeguard and secure nuclear material. When a cyber intrusion is reported, what does that mean? Can an intrusion be detected or go un-noticed? Are nuclear security or safeguards systems potentially vulnerable? What about the digital systems employed in process monitoring, and international safeguards? Organizations expend considerable efforts to ensure that their facilities can maintain continuity of operations against physical threats. However, cyber threats particularly on ICSs may not be well known or understood, and often do not receive adequate attention. With the disclosure of the Stuxnet virus that has recently attacked nuclear infrastructure, many organizations have recognized the need for an urgent interest in cyber attacks and defenses against them. Several questions arise including discussions about the insider threat, adequate cyber protections, program readiness, encryption, and many more. These questions, among others, are discussed so as to raise the awareness and shed light on ways to protect nuclear facilities and materials against such attacks.

Robert S. Anderson; Mark Schanfein; Trond Bjornard; Paul Moskowitz

2011-07-01T23:59:59.000Z

336

Enhance your Cyber Security Knowledge  

E-Print Network [OSTI]

Enhance your Cyber Security Knowledge About NPS CS FUNDAMENTALS: Create a strong foundational by increasing the effectiveness of the armed forces of the United States and its allies. Cyber Security-4015 About CISR #12;Cyber Security Adversarial Techniques Cyber Security Defense Cyber Security Fundamentals

337

Operational Security (OPSEC) Reminder | Department of Energy  

Broader source: Energy.gov (indexed) [DOE]

Operational Security (OPSEC) Reminder Operational Security (OPSEC) Reminder June 3, 2014 - 1:24pm Addthis Operational Security (OPSEC) Reminder Operational Security (OPSEC)...

338

Multi Cloud Architecture to Provide Data Security And Integrity  

E-Print Network [OSTI]

Abstract-- Cloud servers are being used to store data and application but its security is a major issue in current context. To solve the data security problems in public environment we propose an effective model for security and integrity of data stored in a cloud, through data segmentation followed by data encryption programs in a multiple cloud architecture. This architecture forms a multi cloud system where primary cloud is available for multiple users for data storage offering lesser load on client systems thereby using the cloud computing architecture. This architecture introduces a secondary cloud controlled by a single administrator which provides the data backup for primary cloud after undergoing specific segmentation and encryption algorithms to ensure security and integrity of data. The proposed system also offers protection against virus attacks by using linux as the base OS. Keywords-- Encryption, Linux, Multi cloud system, Primary cloud, Secondary cloud, Segmentation.

Nikhil Dutta; Himanshu Bakshi; Mujammill Mulla; Viraj Shinde

339

Security incidents on the Internet, 1989--1995  

SciTech Connect (OSTI)

This paper presents an analysis of trends in Internet security based on an investigation of 4,299 Internet security-related incidents reported to the CERT{reg_sign} Coordination Center (CERT{reg_sign}/CC) from 1989 through 1995. Prior to this research, knowledge of actual Internet security incidents was limited and primarily anecdotal. This research: (1) developed a taxonomy to classify Internet attacks and incidents, (2) organized, classified, and analyzed CERT{reg_sign}/CC incident records, (3) summarized the relative frequency of the use of tools and vulnerabilities, success in achieving access, and results of attacks, (4) estimated total Internet incident activity, (5) developed recommendations for Internet users and suppliers, and (6) developed recommendations for future research. With the exception of denial-of-service attacks, security incidents were found to be increasing at a rate less than Internet growth. Estimates showed that most, if not all, severe incidents were reported to the CERT{reg_sign}/CC, and that more than one out of three above average incidents (in terms of duration and number of sites) were reported. Estimates also indicated that a typical Internet site was involved in, at most, around one incident (of any kind) per year, and a typical Internet host in, at most, around one incident in 45 years. The probability of unauthorized privileged access was around an order of magnitude less likely. As a result, simple and reasonable security precautions should be sufficient for most Internet users.

Howard, J.D.

1995-12-31T23:59:59.000Z

340

Secure Manufacturing | Y-12 National Security Complex  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr MayAtmosphericNuclear Security Administrationcontroller systemsBi (2) SrEvaluating the Seasonalsw ' b 0 % bP.Secure Manufacturing

Note: This page contains sample records for the topic "multiple security vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


341

Energy as a Framework for Prioritizing Conservation Vulnerabilities and Management Strategies  

E-Print Network [OSTI]

Energy as a Framework for Prioritizing Conservation Vulnerabilities and Management Strategies for Prioritizing Management #12;Low-Energy Ecoregions: Greater Yellowstone Energy Richness Conservation Category systems may be vulnerable to human activities. #12;-difficult for managers to crystallize key conservation

Hansen, Andrew J.

342

TO APPEAR IN IEEE TRANSACTIONS ON POWER SYSTEMS 1 Vulnerability Assessment of Cybersecurity for  

E-Print Network [OSTI]

TO APPEAR IN IEEE TRANSACTIONS ON POWER SYSTEMS 1 Vulnerability Assessment of Cybersecurity Govindarasu, Member, IEEE Abstract--Vulnerability assessment is a requirement of NERC's cybersecurity within the substation networks. Countermeasures are identified for improvement of the cybersecurity

Manimaran, Govindarasu

343

Information Security Program  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

Establishes an Information Security Program for the protection and control of classified and sensitive information. Extended until 5-11-06 by DOE N 251.63, dated 5-11-05. DOE O 471.2A, Information Security Program, dated 3/27/1997, extended by DOE N 251.57, dated 4/28/2004. Cancels: DOE O 471.2

1997-03-27T23:59:59.000Z

344

December 2003 SECURITY CONSIDERATIONS  

E-Print Network [OSTI]

December 2003 SECURITY CONSIDERATIONS IN THE INFORMATION SYSTEM DEVELOPMENT LIFE CYCLE Shirley security early in the information system development life cycle (SDLC), you may be able to avoid higher and a generic system development life cycle for illustrative purposes, the basic con cepts can be applied

Perkins, Richard A.

345

DATABASE SECURITY APPLICATIONS  

E-Print Network [OSTI]

DATABASE SECURITY #12;APPLICATIONS #12;Polyinstantiation for Cover Stories Ravi S. Sandhu and Sushil Jajodia* Center for Secure Information Systems & Department of Information and Software Systems Engineering George Mason University Falffax, VA 22030, USA emaih {sandhu, jajodia}Qsitevax.gmu.edu Abstract

Sandhu, Ravi

346

Incidents of Security Concern  

SciTech Connect (OSTI)

This presentation addresses incidents of security concern and an incident program for addressing them. It addresses the phases of an inquiry, and it divides incidents into categories based on severity and interest types based on whether security, management, or procedural interests are involved. A few scenarios are then analyzed according to these breakdowns.

Atencio, Julian J.

2014-05-01T23:59:59.000Z

347

Information Security Program  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

To establish the Department of Energy (DOE) Information Security Program and set forth policies, procedures and responsibilities for the protection and control of classified and sensitive information. The Information Security Program is a system of elements which serve to deter collection activities, This directive does not cancel another directive. Canceled by DOE O 471.2 of 9-28-1995.

1992-10-19T23:59:59.000Z

348

Safeguards and Security Program  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

The Safeguards and Security Program ensures that the Department of Energy efficiently and effectively meets all its obligations to protect Special Nuclear Material, other nuclear materials, classified matter, sensitive information, government property, and the safety and security of employees, contractors, and the general public. Cancels DOE P 470.1.

2010-12-29T23:59:59.000Z

349

SELECTING INFORMATION TECHNOLOGY SECURITY  

E-Print Network [OSTI]

be selected and used within the organization's overall program to man age the design, development, and maintenance of its IT security infra structure, and to protect the confiden tiality, integrity objectives and to protect information. Guide to Selecting Information Technology Security Products NIST

350

December 2007 SECURING EXTERNAL  

E-Print Network [OSTI]

devices such as desktop and laptop computers, personal digital assistants (PDAs), and cell phones. These teleworkers use devices such as desktop and laptop computers, personal digital assistants (PDAs), and cellDecember 2007 SECURING EXTERNAL COMPUTERS AND OTHER DEVICES USED BY TELEWORKERS SECURING EXTERNAL

351

U-069: Telnet code execution vulnerability: FreeBSD and Kerberos  

Broader source: Energy.gov [DOE]

Vulnerability was reported in FreeBSD Telnet. A remote user can execute arbitrary code on the target system.

352

International Nuclear Security  

SciTech Connect (OSTI)

This presentation discusses: (1) Definitions of international nuclear security; (2) What degree of security do we have now; (3) Limitations of a nuclear security strategy focused on national lock-downs of fissile materials and weapons; (4) What do current trends say about the future; and (5) How can nuclear security be strengthened? Nuclear security can be strengthened by: (1) More accurate baseline inventories; (2) Better physical protection, control and accounting; (3) Effective personnel reliability programs; (4) Minimize weapons-usable materials and consolidate to fewer locations; (5) Consider local threat environment when siting facilities; (6) Implement pledges made in the NSS process; and (7) More robust interdiction, emergency response and special operations capabilities. International cooperation is desirable, but not always possible.

Doyle, James E. [Los Alamos National Laboratory

2012-08-14T23:59:59.000Z

353

Office of Departmental Personnel Security  

Broader source: Energy.gov [DOE]

The Office of Departmental Personnel Security serves as the central leader and advocate vested with the authority to ensure consistent and effective implementation of personnel security programs Department-wide (including for the National Nuclear Security Administration (NNSA).

354

Departmental Cyber Security Management Policy  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

The Departmental Cyber Security Management (DCSM) Policy was developed to further clarify and support the elements of the Integrated Safeguards and Security Management (ISSM) Policy regarding cyber security. Certified 9-23-10. No cancellation.

2001-05-08T23:59:59.000Z

355

Climate Change Vulnerability of Native and Alien Freshwater Fishes of California: A Systematic Assessment  

E-Print Network [OSTI]

Climate Change Vulnerability of Native and Alien Freshwater Fishes of California: A Systematic and climate change vulnerability scores were derived for 121 native and 43 alien fish species. The two scores baseline and greater climate change vulnerability than did alien species. Fifty percent of California

356

Vulnerability of Xylem Vessels to Cavitation in Sugar Maple. Scaling from Individual Vessels to  

E-Print Network [OSTI]

Vulnerability of Xylem Vessels to Cavitation in Sugar Maple. Scaling from Individual Vessels 02318 (M.A.Z., N.M.H.) The relation between xylem vessel age and vulnerability to cavitation of sugar-related changes in vulnerability to the overall resistance to cavitation, we combined data on the pressure

Melcher, Peter

357

Headquarters Facilities Master Security Plan  

Energy Savers [EERE]

Security Briefing. Failure of any employee to complete the SF-312 results in the termination of hisher security clearance and denial of access to classified matter. The badge...

358

Energy Security | ornl.gov  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Energy Security SHARE Energy Security ORNL has supported the DOE Cybersecurity for Energy Delivery Systems (CEDS) program in making advances in cybersecurity capabilities for...

359

Smart-Grid Security Issues  

SciTech Connect (OSTI)

TITLE: Smart-Grid Security Issues (Editorial Material, English) IEEE SECURITY & PRIVACY 8 (1). JAN-FEB 2010. p.81-85 IEEE COMPUTER SOC, LOS ALAMITOS

Khurana, Himanshu; Hadley, Mark D.; Lu, Ning; Frincke, Deborah A.

2010-01-29T23:59:59.000Z

360

ANNUAL SECURITY FIRE SAFETY REPORT  

E-Print Network [OSTI]

ANNUAL SECURITY AND FIRE SAFETY REPORT OCTOBER 1, 2013 DARTMOUTH COLLEGE http................................................................................................................................................................... 7 ANNUAL SECURITY REPORT........................................................................................................................9 PREPARATION OF THE REPORT AND DISCLOSURE OF CRIME STATISTICS

Note: This page contains sample records for the topic "multiple security vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


361

Probabilistic Vulnerability Assessment Based on Power Flow and Voltage Distribution  

SciTech Connect (OSTI)

Risk assessment of large scale power systems has been an important problem in power system reliability study. Probabilistic technique provides a powerful tool to solve the task. In this paper, we present the results of a study on probabilistic vulnerability assessment on WECC system. Cumulant based expansion method is applied to obtain the probabilistic distribution function (PDF) and cumulative distribution function (CDF) of power flows on transmission lines and voltage. Overall risk index based on the system vulnerability analysis is calculated using the WECC system. The simulation results based on WECC system is used to demonstrate the effectiveness of the method. The methodology can be applied to the risk analysis on large scale power systems.

Ma, Jian; Huang, Zhenyu; Wong, Pak C.; Ferryman, Thomas A.

2010-04-30T23:59:59.000Z

362

Vulnerability assessment of water supply systems for insufficient fire flows  

E-Print Network [OSTI]

VULNERABILITY ASSESSMENT OF WATER SUPPLY SYSTEMS FOR INSUFFICIENT FIRE FLOWS A Thesis by LUFTHANSA RAHMAN KANTA Submitted to the Office of Graduate Studies of Texas A&M University in partial fulfillment of the requirements... Studies of Texas A&M University in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE Approved by: Chair of Committee, Kelly Brumbelow Committee Members, Francisco Olivera Sergiy Butenko Head of Department...

Kanta, Lufthansa Rahman

2009-05-15T23:59:59.000Z

363

T-613: Microsoft Excel Axis Properties Remote Code Execution Vulnerability  

Broader source: Energy.gov [DOE]

Microsoft Excel is prone to a remote code-execution vulnerability because the applications fails to sufficiently validate user-supplied input. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

364

T-682:Double free vulnerability in MapServer  

Broader source: Energy.gov [DOE]

MapServer developers have discovered flaws in the OGC filter support in MapServer. Specific code is used in support of WFS, WMS-SLD and SOS specifications. All versions may be susceptible to SQL injection under certain circumstances. The extent of the vulnerability depends on the MapServer version, relational database and mapfile configuration being used. All users are strongly encouraged to upgrade to these latest releases.

365

Colombia-Cartagena Vulnerability Assessment | Open Energy Information  

Open Energy Info (EERE)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Office of Inspector GeneralDepartmentAUDITOhioOglesby,Sullivan,Information Feed JumpCartagena Vulnerability

366

National Security Science  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr MayAtmosphericNuclear Security Administration the Contributions andDataNational Library of Energy LoginofNational SecuritySecurity

367

Report to Congress on Insular Area energy vulnerability  

SciTech Connect (OSTI)

This report was prepared in response to Section 1406 of the Energy Policy Act of 1992 (Public Law 102-486), which directed the Department of Energy (DOE) to ``conduct a study of the implications of the unique vulnerabilities of the insular areas to an oil supply disruption,`` and to ``outline how the insular areas shall gain access to vital oil supplies during times of national emergency.`` The Act defines the insular areas to be the US Virgin Islands and Puerto Rico in the Caribbean, and Guam, American Samoa, the Commonwealth of the Northern Mariana Islands (CNMI), and Palau in the Pacific. In the study, ``unique vulnerabilities`` were defined as susceptibility to: (1) more frequent or more likely interruptions of oil supplies compared to the US Mainland, and/or (2) disproportionately larger or more likely economic losses in the event of an oil supply disruption. In order to assess unique vulnerabilities, the study examined the insular areas` experience during past global disruptions of oil supplies and during local emergencies caused by natural disasters. The effects of several possible future global disruptions and local emergencies were also analyzed. Analyses were based on historical data, simulations using energy and economic models, and interviews with officials in the insular governments and the energy industry.

Not Available

1994-05-01T23:59:59.000Z

368

Climate Change Vulnerability Assessment for Idaho National Laboratory  

SciTech Connect (OSTI)

The University of Idaho (UI) was asked to participate in the development of a climate change vulnerability assessment for Idaho National Laboratory (INL). This report describes the outcome of that assessment. The climate change happening now, due in large part to human activities, is expected to continue in the future. UI and INL used a common framework for assessing vulnerability that considers exposure (future climate change), sensitivity (system or component responses to climate), impact (exposure combined with sensitivity), and adaptive capacity (capability of INL to modify operations to minimize climate change impacts) to assess vulnerability. Analyses of climate change (exposure) revealed that warming that is ongoing at INL will continue in the coming decades, with increased warming in later decades and under scenarios of greater greenhouse gas emissions. Projections of precipitation are more uncertain, with multi model means exhibiting somewhat wetter conditions and more wet days per year. Additional impacts relevant to INL include estimates of more burned area and increased evaporation and transpiration, leading to reduced soil moisture and plant growth.

Christopher P. Ischay; Ernest L. Fossum; Polly C. Buotte; Jeffrey A. Hicke; Alexander Peterson

2014-10-01T23:59:59.000Z

369

March 24, 2008 Databases: Security 1 Database Security and Authorization  

E-Print Network [OSTI]

to control login process by the DBMS Inference control The countermeasures to statistical database security database #12;March 24, 2008 Databases: Security 3 Chapter Outline Introduction Access Control Methods Policy System-related Security levels and categories Security Threats Loss of integrity Loss

Adam, Salah

370

INSTITUTE FOR CYBER SECURITY Application-Centric Security  

E-Print Network [OSTI]

INSTITUTE FOR CYBER SECURITY Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security (ICS) University of Texas at San Antonio Executive Director and Endowed Chair Institute for Cyber Security (ICS) University of Texas at San Antonio

Sandhu, Ravi

371

Development of a novel technique to assess the vulnerability of micro-mechanical system components to environmentally assisted cracking.  

SciTech Connect (OSTI)

Microelectromechanical systems (MEMS) will play an important functional role in future DOE weapon and Homeland Security applications. If these emerging technologies are to be applied successfully, it is imperative that the long-term degradation of the materials of construction be understood. Unlike electrical devices, MEMS devices have a mechanical aspect to their function. Some components (e.g., springs) will be subjected to stresses beyond whatever residual stresses exist from fabrication. These stresses, combined with possible abnormal exposure environments (e.g., humidity, contamination), introduce a vulnerability to environmentally assisted cracking (EAC). EAC is manifested as the nucleation and propagation of a stable crack at mechanical loads/stresses far below what would be expected based solely upon the materials mechanical properties. If not addressed, EAC can lead to sudden, catastrophic failure. Considering the materials of construction and the very small feature size, EAC represents a high-risk environmentally induced degradation mode for MEMS devices. Currently, the lack of applicable characterization techniques is preventing the needed vulnerability assessment. The objective of this work is to address this deficiency by developing techniques to detect and quantify EAC in MEMS materials and structures. Such techniques will allow real-time detection of crack initiation and propagation. The information gained will establish the appropriate combinations of environment (defining packaging requirements), local stress levels, and metallurgical factors (composition, grain size and orientation) that must be achieved to prevent EAC.

Enos, David George; Goods, Steven Howard

2006-11-01T23:59:59.000Z

372

Development of an ASTM standard guide on performing vulnerability assessments for nuclear facilities  

SciTech Connect (OSTI)

This paper describes an effort undertaken by subcommittee C26.12 (Safeguards) of the American Society for Testing and Materials (ASTM) to develop a standard guide for performing vulnerability assessments (VAs). VAs are performed to determine the effectiveness of safeguards and security systems for both domestic and international nuclear facilities. These assessments address a range of threats, including theft of nuclear material and sabotage, and use an array of methods. The approach to performing and documenting VAs is varied and is largely dependent upon the tools used to perform them. This diversity can lead to tools being misused, making validation of VAs more difficult. The development of a standard guide for performing VAs would, if generally accepted, alleviate these concerns. ASTM provides a forum for developing guides that includes a high level of peer review to assure that the result is acceptable to all potential users. Additionally, the ASTM is widely recognized for setting standards, and endorsement by the Society may increase the likelihood of acceptance by the nuclear community. The goal of this work is to develop a guide that is independent of the tools being used to perform the VA and applicable to the spectrum of threats described above.

Wilkey, D.D.

1995-09-01T23:59:59.000Z

373

Multiple piece turbine rotor blade  

DOE Patents [OSTI]

A multiple piece turbine rotor blade with a shell having an airfoil shape and secured between a spar and a platform with the spar including a tip end piece. a snap ring fits around the spar and abuts against the spar tip end piece on a top side and abuts against a shell on the bottom side so that the centrifugal loads from the shell is passed through the snap ring and into the spar and not through a tip cap dovetail slot and projection structure.

Jones, Russell B; Fedock, John A

2013-05-21T23:59:59.000Z

374

AMALGAMATED SECURITY COMMUNITIES  

E-Print Network [OSTI]

This dissertation examines the process of the formation and dissolution of Amalgamated Security Communities, a topic that has been ignored by the academic community except as a side note when the origins of Pluralistic ...

Harvey, Andrew Stephen

2011-08-31T23:59:59.000Z

375

Safeguards and Security Program  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

To establish the policy and responsibilities for the Department of Energy safeguards and security program. Does not cancel another directive. Canceled by DOE O 5630.11A dated 12-7-92.

1988-01-22T23:59:59.000Z

376

Safety, Security & Fire Report  

E-Print Network [OSTI]

2013 Safety, Security & Fire Report Stanford University #12;Table of Contents Public Safety About the Stanford University Department of Public Safety Community Outreach & Education Programs Emergency Access Transportation Safety Bicycle Safety The Jeanne Clery and Higher Education Act Timely Warning

Straight, Aaron

377

Safeguards and Security Program  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

The Order establishes roles and responsibilities for the Department of Energy Safeguards and Security Program. Cancels DOE O 470.4. Canceled by DOE O 470.4B

2007-05-25T23:59:59.000Z

378

Operations Security Program  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

To establish policies, responsibilities and authorities for implementing and sustaining the Department of Energy (DOE) Operations Security (OPSEC) Program. Cancels DOE O 5632.3B. Canceled by DOE O 471.2 of 9-28-1995.

1992-04-30T23:59:59.000Z

379

Engineering secure software  

E-Print Network [OSTI]

In recent years computer software has gained notoriety for the endemic nature of security problems in software. These problems have been exploited with malicious intent by attackers. Most attempts at fixing these problems have been after...

Jetly, Prateek

2001-01-01T23:59:59.000Z

380

Incidents of Security Concern  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

Sets forth requirements for the DOE Incidents of Security Concern Program, including timely identification and notification of, response to, inquiry into, reporting of, and closure actions for incidents of security concern. Cancels Chapter VII of DOE O 470.1; DOE N 471.3; and Chapter IV of DOE M 471.2-1B (Note: Paragraphs 1 and 2 of Chapter III remain in effect.) Canceled by DOE O 470.4.

2004-03-17T23:59:59.000Z

Note: This page contains sample records for the topic "multiple security vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


381

SECURING RADIO FREQUENCY IDENTIFICATION (RFID)  

E-Print Network [OSTI]

business process for an organization; as a result, the security risks for RFID systems and the controls for an organization; as a result, the security risks for RFID systems and the controls available to address themMay 2007 SECURING RADIO FREQUENCY IDENTIFICATION (RFID) SYSTEMS SECURING RADIO FREQUENCY

382

ANNUAL SECURITY & FIRE SAFETY REPORT  

E-Print Network [OSTI]

ANNUAL SECURITY & FIRE SAFETY REPORT 2014 A guide to policies, procedures, practices, and programs implemented to keep students, faculty, and staff safe and facilities secure. www.montana.edu/reports/security.pdf #12;Inside this Report 2014 Annual Security and Fire Safety Report for Reporting Year 2013

Maxwell, Bruce D.

383

Applications for cyber security - System and application monitoring  

SciTech Connect (OSTI)

Standard network security measures are adequate for defense against external attacks. However, many experts agree that the greater threat is from internal sources. Insiders with malicious intentions can change controller instructions, change alarm thresholds, and issue commands to equipment which can damage equipment and compromise control system integrity. In addition to strict physical security the state of the system must be continually monitored. System and application monitoring goes beyond the capabilities of network security appliances. It will include active processes, operating system services, files, network adapters and IP addresses. The generation of alarms is a crucial feature of system and application monitoring. The alarms should be integrated to avoid the burden on operators of checking multiple locations for security violations. Tools for system and application monitoring include commercial software, free software, and ad-hoc tools that can be easily created. System and application monitoring is part of a 'defense-in-depth' approach to a control network security plan. Layered security measures prevent an individual security measure failure from being exploited into a successful security breach. Alarming of individual failures is essential for rapid isolation and correction of single failures. System and application monitoring is the innermost layer of this defense strategy. (authors)

Marron, J. E. [Invensys Process Systems, 33 Commercial Street, Foxboro, MA 02035 (United States)

2006-07-01T23:59:59.000Z

384

Lemnos Interoperable Security Program  

SciTech Connect (OSTI)

The manner in which the control systems are being designed and operated in the energy sector is undergoing some of the most significant changes in history due to the evolution of technology and the increasing number of interconnections to other system. With these changes however come two significant challenges that the energy sector must face; 1) Cyber security is more important than ever before, and 2) Cyber security is more complicated than ever before. A key requirement in helping utilities and vendors alike in meeting these challenges is interoperability. While interoperability has been present in much of the discussions relating to technology utilized within the energy sector and especially the Smart Grid, it has been absent in the context of cyber security. The Lemnos project addresses these challenges by focusing on the interoperability of devices utilized within utility control systems which support critical cyber security functions. In theory, interoperability is possible with many of the cyber security solutions available to utilities today. The reality is that the effort required to achieve cyber security interoperability is often a barrier for utilities. For example, consider IPSec, a widely-used Internet Protocol to define Virtual Private Networks, or ?? tunnels?, to communicate securely through untrusted public and private networks. The IPSec protocol suite has a significant number of configuration options and encryption parameters to choose from, which must be agreed upon and adopted by both parties establishing the tunnel. The exercise in getting software or devices from different vendors to interoperate is labor intensive and requires a significant amount of security expertise by the end user. Scale this effort to a significant number of devices operating over a large geographical area and the challenge becomes so overwhelming that it often leads utilities to pursue solutions from a single vendor. These single vendor solutions may inadvertently lock utilities into proprietary and closed systems Lemnos is built on the successes of Open PCS Security Architecture for Interoperable Design (OPSAID), a previous DOE National SCADA Test Bed (NSTB) project. It enhances security interoperability by identifying basic cyber security functions based on utility requirements and then selecting open source solutions, namely Internet Engineering Task Force (IETF) RFCs, to support these functions. Once identified, specific configuration parameters for each RFC suitable for the electric utility control system environment are identified and documented. These configuration parameters are referred to as Interoperable Configuration Profiles (ICP) and their effectiveness within the utility control systems environment is verified with comprehensive testing as the final step in the process. The project focused on development of ICPs for four security protocols (IPsec, SSH, LDAP, and Syslog) which represent fundamental building blocks which can be utilized for securing utility control systems. These ICPs are product agnostic and can be applied modularly to any device (router, substation gateway, intelligent electronic device, etc.) within the utility control system as the end user deems necessary for their unique system architecture. The Lemnos Interoperable Security Program is a public-private partnership under the U.S. Department of Energy (DOE) Office of Electricity Delivery and Energy Reliability's Cybersecurity for Energy Delivery Systems (CEDS) program and supports The Roadmap to Secure Energy Delivery Systems. In addition to EnerNex, the core team supporting the effort includes Tennessee Valley Authority, Sandia National Laboratories, and Schweitzer Engineering Laboratories. Adding to the core team effort is collaboration from additional industry participants in the project including the Electric Power Research Institute (EPRI), Alien Vault, Cisco, Encore Networks, GarrettCom, Industrial Defender, N-Dimension Solutions, Phoenix Contact, RuggedCom, and Siemens.

John Stewart; Ron Halbgewachs; Adrian Chavez; Rhett Smith; David Teumim

2012-01-31T23:59:59.000Z

385

An ethernet/IP security review with intrusion detection applications  

SciTech Connect (OSTI)

Supervisory Control and Data Acquisition (SCADA) and automation networks, used throughout utility and manufacturing applications, have their own specific set of operational and security requirements when compared to corporate networks. The modern climate of heightened national security and awareness of terrorist threats has made the security of these systems of prime concern. There is a need to understand the vulnerabilities of these systems and how to monitor and protect them. Ethernet/IP is a member of a family of protocols based on the Control and Information Protocol (CIP). Ethernet/IP allows automation systems to be utilized on and integrated with traditional TCP/IP networks, facilitating integration of these networks with corporate systems and even the Internet. A review of the CIP protocol and the additions Ethernet/IP makes to it has been done to reveal the kind of attacks made possible through the protocol. A set of rules for the SNORT Intrusion Detection software is developed based on the results of the security review. These can be used to monitor, and possibly actively protect, a SCADA or automation network that utilizes Ethernet/IP in its infrastructure. (authors)

Laughter, S. A.; Williams, R. D. [Dept. of Electrical and Computer Engineering, Univ. of Virginia, Box 400743, 351 McCormick Rd., Charlottesville, VA 22904-4743 (United States)

2006-07-01T23:59:59.000Z

386

T-688: McAfee Security Bulletin - McAfee SaaS Endpoint Protection...  

Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

on the target user's system. PLATFORM: Endpoint Protection 5.2.1 and prior versions ABSTRACT: McAfee Security Bulletin - McAfee SaaS Endpoint Protection update fixes multiple...

387

0-7803-8985-9/05/$20.00 2005 IEEE 21st IEEE SEMI-THERM Symposium Potential Thermal Security Risks  

E-Print Network [OSTI]

0-7803-8985-9/05/$20.00 ©2005 IEEE 21st IEEE SEMI-THERM Symposium Potential Thermal Security Risks or even permanent damage. This paper provides an overview of the various vulnerabilities, their costs of damage that are possible, which attacks require supervisor privileges, and offers preliminary suggestions

Skadron, Kevin

388

A Security Framework for Smart Metering with Multiple Data ...  

E-Print Network [OSTI]

personal data related to energy, water or gas consumption, from which details about ... ities and end users being involved in the reshaped market of utilities [1].

2011-11-28T23:59:59.000Z

389

CRITICAL INFRASTRUCTURE PROTECTION Multiple Efforts to Secure Control  

Office of Environmental Management (EM)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May Jun Jul(Summary) "of Energy Power Systems EngineeringDepartment of4 Federal6Clean EnergyofF.CEM:Systems Are Under Way, but

390

Global Material Security | National Nuclear Security Administration  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May JunDatastreamsmmcrcalgovInstrumentsruc DocumentationP-SeriesFlickr Flickr Editor'sshortGeothermal HeatStartedGirlsMaterial Security |

391

physical security | National Nuclear Security Administration  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr MayAtmosphericNuclear SecurityTensile Strain Switched5 Industrial Carbon CaptureFY08 Joint JOULECorrective Actions Program LANL TRU

392

safeguards and security | National Nuclear Security Administration  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr MayAtmosphericNuclear SecurityTensile Strain Switched5 Industrial Carbon CaptureFY08 JointProgram Consortium -

393

Nuclear Security 101 | National Nuclear Security Administration  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May JunDatastreamsmmcrcalgovInstrumentsrucLas Conchas recoveryLaboratory | NationalJohnSecurityControls |Navy NuclearNuclear Science

394

Nuclear Security Enterprise | National Nuclear Security Administration  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May JunDatastreamsmmcrcalgovInstrumentsrucLas Conchas recoveryLaboratory | NationalJohnSecurityControls |Navy NuclearNuclear

395

International Nuclear Security | National Nuclear Security Administration  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May JunDatastreamsmmcrcalgovInstrumentsruc DocumentationP-SeriesFlickrinformation for and NovelFEG-SEMInterlibrary LoanExercises |Security

396

Defense Nuclear Security | National Nuclear Security Administration  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May JunDatastreamsmmcrcalgovInstrumentsruc DocumentationP-Series to UserProduct: CrudeOffice ofINLNuclear Security | National Nuclear

397

Physical Security Systems | National Nuclear Security Administration  

National Nuclear Security Administration (NNSA)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May Jun Jul(Summary) "ofEarlyEnergyDepartment ofDepartment ofofOxfordVeteransAdministrationPhysical Security Systems |

398

Water vulnerabilities for existing coal-fired power plants.  

SciTech Connect (OSTI)

This report was funded by the U.S. Department of Energy's (DOE's) National Energy Technology Laboratory (NETL) Existing Plants Research Program, which has an energy-water research effort that focuses on water use at power plants. This study complements the Existing Plants Research Program's overall research effort by evaluating water issues that could impact power plants. Water consumption by all users in the United States over the 2005-2030 time period is projected to increase by about 7% (from about 108 billion gallons per day [bgd] to about 115 bgd) (Elcock 2010). By contrast, water consumption by coal-fired power plants over this period is projected to increase by about 21% (from about 2.4 to about 2.9 bgd) (NETL 2009b). The high projected demand for water by power plants, which is expected to increase even further as carbon-capture equipment is installed, combined with decreasing freshwater supplies in many areas, suggests that certain coal-fired plants may be particularly vulnerable to potential water demand-supply conflicts. If not addressed, these conflicts could limit power generation and lead to power disruptions or increased consumer costs. The identification of existing coal-fired plants that are vulnerable to water demand and supply concerns, along with an analysis of information about their cooling systems and related characteristics, provides information to help focus future research and development (R&D) efforts to help ensure that coal-fired generation demands are met in a cost-effective manner that supports sustainable water use. This study identified coal-fired power plants that are considered vulnerable to water demand and supply issues by using a geographical information system (GIS) that facilitated the analysis of plant-specific data for more than 500 plants in the NETL's Coal Power Plant Database (CPPDB) (NETL 2007a) simultaneously with 18 indicators of water demand and supply. Two types of demand indicators were evaluated. The first type consisted of geographical areas where specific conditions can generate demand vulnerabilities. These conditions include high projected future water consumption by thermoelectric power plants, high projected future water consumption by all users, high rates of water withdrawal per square mile (mi{sup 2}), high projected population increases, and areas projected to be in a water crisis or conflict by 2025. The second type of demand indicator was plant specific. These indicators were developed for each plant and include annual water consumption and withdrawal rates and intensities, net annual power generation, and carbon dioxide (CO{sub 2}) emissions. The supply indictors, which are also area based, include areas with low precipitation, high temperatures, low streamflow, and drought. The indicator data, which were in various formats (e.g., maps, tables, raw numbers) were converted to a GIS format and stored, along with the individual plant data from the CPPDB, in a single GIS database. The GIS database allowed the indicator data and plant data to be analyzed and visualized in any combination. To determine the extent to which a plant would be considered 'vulnerable' to a given demand or supply concern (i.e., that the plant's operations could be affected by water shortages represented by a potential demand or supply indicator), criteria were developed to categorize vulnerability according to one of three types: major, moderate, or not vulnerable. Plants with at least two major demand indicator values and/or at least four moderate demand indicator values were considered vulnerable to demand concerns. By using this approach, 144 plants were identified as being subject to demand concerns only. Plants with at least one major supply indicator value and/or at least two moderate supply indicator values were considered vulnerable to supply concerns. By using this approach, 64 plants were identified as being subject to supply concerns only. In addition, 139 plants were identified as subject to both demand and supply concerns. Therefore, a total of 347 plants were considere

Elcock, D.; Kuiper, J.; Environmental Science Division

2010-08-19T23:59:59.000Z

399

National Center for Nuclear Security - NCNS  

ScienceCinema (OSTI)

As the United States embarks on a new era of nuclear arms control, the tools for treaty verification must be accurate and reliable, and must work at stand-off distances. The National Center for Nuclear Security, or NCNS, at the Nevada National Security Site, is poised to become the proving ground for these technologies. The center is a unique test bed for non-proliferation and arms control treaty verification technologies. The NNSS is an ideal location for these kinds of activities because of its multiple environments; its cadre of experienced nuclear personnel, and the artifacts of atmospheric and underground nuclear weapons explosions. The NCNS will provide future treaty negotiators with solid data on verification and inspection regimes and a realistic environment in which future treaty verification specialists can be trained. Work on warhead monitoring at the NCNS will also support future arms reduction treaties.

None

2015-01-09T23:59:59.000Z

400

National Center for Nuclear Security - NCNS  

SciTech Connect (OSTI)

As the United States embarks on a new era of nuclear arms control, the tools for treaty verification must be accurate and reliable, and must work at stand-off distances. The National Center for Nuclear Security, or NCNS, at the Nevada National Security Site, is poised to become the proving ground for these technologies. The center is a unique test bed for non-proliferation and arms control treaty verification technologies. The NNSS is an ideal location for these kinds of activities because of its multiple environments; its cadre of experienced nuclear personnel, and the artifacts of atmospheric and underground nuclear weapons explosions. The NCNS will provide future treaty negotiators with solid data on verification and inspection regimes and a realistic environment in which future treaty verification specialists can be trained. Work on warhead monitoring at the NCNS will also support future arms reduction treaties.

None

2014-11-12T23:59:59.000Z

Note: This page contains sample records for the topic "multiple security vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


401

Towards a Standard for Highly Secure SCADA Systems  

SciTech Connect (OSTI)

The critical energy inkstructures include gas, OL and electric power. These Mrastructures are complex and interdependent nmvorks that are vital to the national secwiy and social well being of our nation. Many electric power systems depend upon gas and oil, while fossil energy delive~ systems depend upon elecnic power. The control mechanisms for these Mrastructures are often referred to as SCADA (Supmivry CkmdandDaU Ac@itz&z) systems. SCADA systems provide remote monitoring and centralized control for a distributed tmnsportation infmsmucture in order to facilitate delivery of a commodi~. AIthough many of the SCADA concepts developed in this paper can be applied to automotive mmsponation systems, we will use transportation to refer to the movement of electrici~, gas, and oil. \\ Recently, there have been seveml reports suggesting that the widespread and increasing use of SCADA for control of energy systems provides an increasing opportuni~ for an advers~ to cause serious darnage to the energy inbstmcturei~. This damage could arise through cyber infiltration of the SCADA networks, by physically tampering with the control networks, or through a combination of both means. SCADA system threats decompose into cyber and physical threats. One solution to the SCADA security problem is to design a standard for a highly secure KA.DA system that is both cyber, and physdly secure. Not all-physical threats are possible to guard again% but of those threats that are, high security SCADA provides confidence that the system will continue to operate in their presence. One of the most important problems in SCADA securi~ is the relationship between the cyber and physical vulnerabilities. Cyber intrusion increases physical Vulnerabilities, while in the dual problem physical tampering increases cyber vulnerabilit.ies. There is potential for feedback and the precise dynamics need to be understood. As a first step towards a stan~ the goal of this paper is to facilitate a discussion of the requirements analysis for a highly secure SCADA system. The fi-arnework for the discussion consists of the identification of SCADA security investment areas coupled with the tradeoffs that will force compromises in the solution. For example, computational and bandwidth requirements of a security standard could force the replacement of entire SCADA systems. The requirements for a real-time response in a cascading electric power failure could pose limitations on authentication and encryption mechanisms. The shortest path to the development of a high securi~ SC.ADA standard will be achieved by leveraging existing standards efforts and ensuring that security is being properly addressed in those standards. The Utility Communications Architecture 2.o (UC@, for real-time utili~ decision control, represents one such standard. The development of a SCADA secwiy specification is a complex task that will benefit from a systems engineering approach.

Carlson, R.

1998-09-25T23:59:59.000Z

402

Security Administration Production Office,  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr MayAtmosphericNuclear Security Administrationcontroller systemsBi (2) SrEvaluating the Seasonalsw ' b 0 %Security and

403

SecuritySmart  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr MayAtmosphericNuclear Security Administrationcontroller systemsBi (2) SrEvaluating the Seasonalsw ' b 0SecuritySmart March 2009

404

Safety, Security & Environment  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr MayAtmosphericNuclear Security Administration the1 -the Mid-Infrared0 ResourceAwardsSafeguards and SecuritySafety for

405

Personnel Security - DOE Directives, Delegations, and Requirements  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

2.2 Admin Chg 1, Personnel Security by Mark Pekrul Functional areas: Administrative Change, Personnel Security, Safety and Security The order establishes requirements that will...

406

Personnel Security - DOE Directives, Delegations, and Requirements  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

72.2 Chg 1, Personnel Security by Mark Pekrul Functional areas: Personnel Security, Security, Human Capital The order establishes requirements that will enable DOE to operate a...

407

Security enhanced with increased vehicle inspections  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Security enhanced with increased vehicle inspections Security measures increase as of March: vehicle inspections won't delay traffic New increased security procedures meet LANL's...

408

On Cyber Security for Networked Control Systems  

E-Print Network [OSTI]

her students on security of process control systems. I amcyber-security tools for process control systems. In theon the security mechanisms of process control systems, few

Amin, Saurabh

2011-01-01T23:59:59.000Z

409

Chemical Safety Vulnerability Working Group report. Volume 2  

SciTech Connect (OSTI)

The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 2 consists of seven appendices containing the following: Tasking memorandums; Project plan for the CSV Review; Field verification guide for the CSV Review; Field verification report, Lawrence Livermore National Lab.; Field verification report, Oak Ridge Reservation; Field verification report, Savannah River Site; and the Field verification report, Hanford Site.

Not Available

1994-09-01T23:59:59.000Z

410

Chemical Safety Vulnerability Working Group report. Volume 3  

SciTech Connect (OSTI)

The Chemical Safety Vulnerability (CSV) Working Group was established to identify adverse conditions involving hazardous chemicals at DOE facilities that might result in fires or explosions, release of hazardous chemicals to the environment, or exposure of workers or the public to chemicals. A CSV Review was conducted in 148 facilities at 29 sites. Eight generic vulnerabilities were documented related to: abandoned chemicals and chemical residuals; past chemical spills and ground releases; characterization of legacy chemicals and wastes; disposition of legacy chemicals; storage facilities and conditions; condition of facilities and support systems; unanalyzed and unaddressed hazards; and inventory control and tracking. Weaknesses in five programmatic areas were also identified related to: management commitment and planning; chemical safety management programs; aging facilities that continue to operate; nonoperating facilities awaiting deactivation; and resource allocations. Volume 3 consists of eleven appendices containing the following: Field verification reports for Idaho National Engineering Lab., Rocky Flats Plant, Brookhaven National Lab., Los Alamos National Lab., and Sandia National Laboratories (NM); Mini-visits to small DOE sites; Working Group meeting, June 7--8, 1994; Commendable practices; Related chemical safety initiatives at DOE; Regulatory framework and industry initiatives related to chemical safety; and Chemical inventory data from field self-evaluation reports.

Not Available

1994-09-01T23:59:59.000Z

411

Correlates of vulnerability among arthropod species threatened by invasive ants  

E-Print Network [OSTI]

declines and extinctions of native species worldwide.and even extinctions, of native species through variousG (2004) How species respond to multiple extinction threats.

Krushelnycky, Paul D.; Gillespie, Rosemary G.

2010-01-01T23:59:59.000Z

412

Energy Sector Vulnerability to Climate Change: Adaptation Options to Increase Resilience (Presentation)  

SciTech Connect (OSTI)

The U.S. Department of Energy is conducting an assessment of vulnerabilities of the U.S. energy sector to climate change and extreme weather. Emphasizing peer reviewed research, it seeks to quantify vulnerabilities and identify specific knowledge or technology gaps. It draws upon a July 2012 workshop, ?Climate Change and Extreme Weather Vulnerability Assessment of the US Energy Sector?, hosted by the Atlantic Council and sponsored by DOE to solicit industry input.

Newmark, R. L.; Bilello, D.; Macknick, J.; Hallet, K. C.; Anderson, R.; Tidwell, V.; Zamuda, C.

2013-02-01T23:59:59.000Z

413

ata security feature: Topics by E-print Network  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

sensitive data. The security of the data depends on physical security, OS security and DBMS security. Database security can be compromised by obtaining sensitive data, changing...

414

T-572: VMware ESX/ESXi SLPD denial of service vulnerability  

Broader source: Energy.gov [DOE]

VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.

415

U-016: Cisco IOS Software HTTP Service Loading Denial of Service Vulnerability  

Broader source: Energy.gov [DOE]

An unauthenticated, remote attacker could exploit this vulnerability to cause a targeted device to stop responding, resulting in a DoS condition

416

V-054: IBM WebSphere Application Server for z/OS Arbitrary Command Execution Vulnerability  

Broader source: Energy.gov [DOE]

A vulnerability was reported in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server (WAS) for z/OS

417

T-655: Mozilla Firefox CVE-2011-2369 HTML Injection Vulnerability  

Broader source: Energy.gov [DOE]

Mozilla Firefox is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

418

Effect of beta on Seismic Vulnerability Curve for RC Bridge Based on Double Damage Criterion  

SciTech Connect (OSTI)

In the analysis of seismic vulnerability curve based on double damage criterion, the randomness of structural parameter and randomness of seismic should be considered. Firstly, the distribution characteristics of structure capability and seismic demand are obtained based on IDA and PUSHOVER, secondly, the vulnerability of the bridge is gained based on ANN and MC and a vulnerability curve according to this bridge and seismic is drawn. Finally, the analysis for a continuous bridge is displayed as an example, and parametric analysis for the effect of beta is done, which reflects the bridge vulnerability overall from the point of total probability, and in order to reduce the discreteness, large value of beta are suggested.

Feng Qinghai [CCCC Highway, CO., Ltd. (China); Yuan Wancheng [Bridge Department, Tongji University, Shanghai (China)

2010-05-21T23:59:59.000Z

419

T-534: Vulnerability in the PDF distiller of the BlackBerry Attachment...  

Broader source: Energy.gov (indexed) [DOE]

process termination, the PDF rendering process will restart automatically but will not resume processing the same PDF file. Successful exploitation of this vulnerability requires a...

420

Safety and Security What do Safety/Security work with?  

E-Print Network [OSTI]

Safety and Security on campus #12;Agenda · What do Safety/Security work with? · If something happens · Opening hours · Remember · Website · How to find us #12;The Section for Safety and Security work with Police reports · Education in "First medical aid" · Education in laboratory safety #12;If something

Note: This page contains sample records for the topic "multiple security vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


421

GAANN -Computer Systems Security GAANN Computer Systems Security  

E-Print Network [OSTI]

GAANN - Computer Systems Security GAANN ­ Computer Systems Security · What is computer systems security? ­ The protection of all aspects of a computer system from unauthorized use · Why is it important? ­ Computing devices have a large impact on our daily life ­ Guaranteeing that the devices perform as desired

Alpay, S. Pamir

422

National Security System Manual  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

The manual provides baseline requirements and controls for the graded protection of the confidentiality, integrity, and availability of classified information and information systems used or operated by the Department of Energy (DOE), contractors, and any other organization on behalf of DOE, including the National Nuclear Security Administration. Cancels DOE M 471.2-2. Canceled by DOE O 205.1B.

2007-03-08T23:59:59.000Z

423

Information Security Program  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

Establishes an Information Security Program for the protection and control of classified and sensitive information. Cancels DOE 5630.8A, DOE 5639.1, DOE 5639.5, DOE 5639.6A, DOE 5639.7, DOE M 5632.1C-1, Chapter III, Para. 1, 2, and 4-9

1995-09-28T23:59:59.000Z

424

Safeguards and Security Program  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

To establish responsibilities for the U.S. Department of Energy (DOE) Safeguards and Security (S&S) Program, and to establish program planning and management requirements for the S&S Program. Cancels DOE O 470.4A, DOE M 470.4-1, Chg. 2, and DOE O 142.1.

2011-07-21T23:59:59.000Z

425

September 2004 INFORMATION SECURITY  

E-Print Network [OSTI]

September 2004 INFORMATION SECURITY WITHIN THE SYSTEM DEVELOPMENT LIFE CYCLE Annabelle Lee of Standards and Technology Many System Development Life Cycle (SDLC) models exist that can be used. This model assumes that the system will be delivered near the end of its life cycle. Another SDLC model uses

426

Headquarters Security Operations  

Broader source: Energy.gov [DOE]

DOE strengthens national security by protecting personnel, facilities, property, classified information, and sensitive unclassified information for DOE Headquarters facilities in the National Capital Area under normal and abnormal (i.e., emergency) conditions; manages access authorization functions; ensures that executives and dignitaries are fully protected, and supports efforts to ensure the continuity of government in all circumstances as mandated by Presidential Decision Directive.

427

Metaphors for cyber security.  

SciTech Connect (OSTI)

This report is based upon a workshop, called 'CyberFest', held at Sandia National Laboratories on May 27-30, 2008. Participants in the workshop came from organizations both outside and inside Sandia. The premise of the workshop was that thinking about cyber security from a metaphorical perspective could lead to a deeper understanding of current approaches to cyber defense and perhaps to some creative new approaches. A wide range of metaphors was considered, including those relating to: military and other types of conflict, biological, health care, markets, three-dimensional space, and physical asset protection. These in turn led to consideration of a variety of possible approaches for improving cyber security in the future. From the proposed approaches, three were formulated for further discussion. These approaches were labeled 'Heterogeneity' (drawing primarily on the metaphor of biological diversity), 'Motivating Secure Behavior' (taking a market perspective on the adoption of cyber security measures) and 'Cyber Wellness' (exploring analogies with efforts to improve individual and public health).

Moore, Judy Hennessey; Parrott, Lori K.; Karas, Thomas H.

2008-08-01T23:59:59.000Z

428

Information Security Manual  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

The Manual establishes security requirements for the protection and control of matter required to be classified or controlled by statutes, regulations, or U.S. Department of Energy (DOE) directives. Original dated dated 1-16-09. Canceled by DOE O 471.6--except for Section D.

2010-10-12T23:59:59.000Z

429

Information Security Manual  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

This Manual establishes security requirements for the protection and control of matter required to be classified or controlled by statutes, regulations, or U.S. Department of Energy directives. Cancels DOE M 470.4-4 Chg 1. DOE M 470.4-4A Chg 1 issued 10-12-10.

2009-01-16T23:59:59.000Z

430

Safeguards and Security Program  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

Establishes roles and responsibilities for the Department of Energy Safeguards and Security Program. Cancels: DOE O 470.1, DOE O 471.2A, DOE O 471.4, DOE O 472.1C, DOE O 473.1, DOE O 473.2, DOE O 474.1A. Canceled by DOE O 470.4A.

2005-08-26T23:59:59.000Z

431

A network security monitor  

SciTech Connect (OSTI)

The study of security in computer networks is a rapidly growing area of interest because of the proliferation of networks and the paucity of security measures in most current networks. Since most networks consist of a collection of inter-connected local area networks (LANs), this paper concentrates on the security-related issues in a single broadcast LAN such as Ethernet. Specifically, we formalize various possible network attacks and outline methods of detecting them. Our basic strategy is to develop profiles of usage of network resources and then compare current usage patterns with the historical profile to determine possible security violations. Thus, our work is similar to the host-based intrusion-detection systems such as SRI's IDES. Different from such systems, however, is our use of a hierarchical model to refine the focus of the intrusion-detection mechanism. We also report on the development of our experimental LAN monitor currently under implementation. Several network attacks have been simulated and results on how the monitor has been able to detect these attacks are also analyzed. Initial results demonstrate that many network attacks are detectable with our monitor, although it can surely be defeated. Current work is focusing on the integration of network monitoring with host-based techniques. 20 refs., 2 figs.

Heberlein, L.T.; Dias, G.V.; Levitt, K.N.; Mukherjee, B.; Wood, J.; Wolber, D. (California Univ., Davis, CA (USA). Dept. of Electrical Engineering and Computer Science)

1989-11-01T23:59:59.000Z

432

ARMY Energy Security Considerations  

E-Print Network [OSTI]

ARMY Energy Security Considerations Don Juhasz, PE, CEM HQDA, OACSIM, DAIM-FDF Telephone: (703-FDF (703) 601-0374 (DSN 329) / don.juhasz@hqda.army.mil 5 April 2007 Army Energy · · · · FOREIGN OIL 2 Situation OIL & GAS LIQUIDS 38% Rise in NTV Fuel Use 35% of DoD utilities 21% of Fed government 11

433

Transmission Line Security Monitor  

ScienceCinema (OSTI)

The Transmission Line Security Monitor is a multi-sensor monitor that mounts directly on high-voltage transmission lines to detect, characterize and communicate terrorist activity, human tampering and threatening conditions around support towers. For more information about INL's critical infrastructure protection research, visit http://www.facebook.com/idahonationallaboratory.

None

2013-05-28T23:59:59.000Z

434

Database Security: A Historical Perspective  

E-Print Network [OSTI]

The importance of security in database research has greatly increased over the years as most of critical functionality of the business and military enterprises became digitized. Database is an integral part of any information system and they often hold sensitive data. The security of the data depends on physical security, OS security and DBMS security. Database security can be compromised by obtaining sensitive data, changing data or degrading availability of the database. Over the last 30 years the information technology environment have gone through many changes of evolution and the database research community have tried to stay a step ahead of the upcoming threats to the database security. The database research community has thoughts about these issues long before they were address by the implementations. This paper will examine the different topics pertaining to database security and see the adaption of the research to the changing environment. Some short term database research trends will be ascertained ...

Lesov, Paul

2010-01-01T23:59:59.000Z

435

System security Dr Len Hamey  

E-Print Network [OSTI]

, firewalls, detecting intrusions) Security process cycle policy implementation administration audit risk access with firewall Use generic service banners Use intrusion detection system that can detect;2 Security Services Confidentiality service. Authentication service. Integrity service. Access Control

Hamey, Len

436

Safeguard Security and Awareness Program  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

Provides detailed requirements and procedures to supplement DOE O 470.1, Safeguards and Security Program, Chapter IV.

2002-10-02T23:59:59.000Z

437

Cyber Security Process Requirements Manual  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

The Manual establishes the minimum implementation standards for cyber security management processes throughout the Department. No cancellation.

2008-08-12T23:59:59.000Z

438

Safeguards and Security Program References  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

The manual establishes definitions for terms related to the Department of Energy Safeguards and Security (S&S) Program and includes lists of references and acronyms/abbreviations applicable to S&S Program directives. Cancels the Safeguards and Security Glossary of Terms, dated 12-18-95. Current Safeguards and Security Program References can also be found at Safeguards and Security Policy Information Resource (http://pir.pnl.gov/)

2005-08-26T23:59:59.000Z

439

East Asian Security in 2025  

E-Print Network [OSTI]

East Asian Security in 2025 Who We Are Reagan Heavin Energy Adam Hudson State Capacity Brandon Krueger Military Sean ONeil Demographics Griffin Rozell Balance of Power Matt Suma Economy East Asian Security in 2025 China...: Competition, Cooperation, Plateau? Reagan Heavin Adam Hudson Brandon Krueger Sean ONeil Griffin Rozell Matt Suma 24 April 2008 East Asian Security in 2025 Agenda Conclusions Projections Drivers Four Outcomes Questions East Asian Security in 2025...

Heavin, Reagan; Hudson, Adam; Krueger, Brandon; O'Neil, Sean; Rozell, Griffin; Suma, Matt

2008-01-01T23:59:59.000Z

440

January 2005 INTEGRATING IT SECURITY  

E-Print Network [OSTI]

January 2005 INTEGRATING IT SECURITY INTO THE CAPITAL PLANNING AND INVESTMENT CONTROL PROCESS technology (IT) security and capital planning and investment control (CPIC) processes have been performed taining appropriate security controls, both at the enterprise-wide and system level, commensurate

Note: This page contains sample records for the topic "multiple security vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


441

RECOMMENDED SECURITY CONTROLS FOR FEDERAL  

E-Print Network [OSTI]

May 2005 RECOMMENDED SECURITY CONTROLS FOR FEDERAL INFORMATION SYSTEMS: GUIDANCE FOR SELECTING COST-EFFECTIVE CONTROLS USING A RISK-BASED PROCESS Shirley Radack, Editor, Computer Security Division, Information-53, Recommended Security Controls for Federal Information Systems The basic questions that organizations should

442

August 2003 IT SECURITY METRICS  

E-Print Network [OSTI]

, efficiency, effectiveness, and the impact of the security controls. The process steps need not be sequen tial metrics program and provides examples of metrics based on the criti cal elements and security controls and techniques contained in NIST SP 800-26, Security Self-Assessment Guide for Information Technology Systems

443

Positioning Security from electronic warfare  

E-Print Network [OSTI]

Positioning Security from electronic warfare to cheating RFID and road-tax systems Markus Kuhn;Military positioning-security concerns Electronic warfare is primarily about denying or falsifying location of the importance of global positioning security has led to the military discipline of "navigation warfare". 5 #12

Kuhn, Markus

444

Architectural support for enhancing security in clusters  

E-Print Network [OSTI]

to security, numerous security loopholes in cluster servers come to the forefront. Clusters usually rely on rewalls for their security, but the rewalls cannot prevent all security attacks; therefore, cluster systems should be designed to be robust...

Lee, Man Hee

2009-05-15T23:59:59.000Z

445

Line Management Perspective: National Nuclear Security Administration...  

Broader source: Energy.gov (indexed) [DOE]

National Nuclear Security Administration (NNSA) Line Management Perspective: National Nuclear Security Administration (NNSA) Addthis Description Slide Presentation by Jim...

446

Workforce Statistics - Office of Secure Transportation | National...  

National Nuclear Security Administration (NNSA)

Office of Secure Transportation | National Nuclear Security Administration Facebook Twitter Youtube Flickr RSS People Mission Managing the Stockpile Preventing Proliferation...

447

Secretary Richardson Accepts Recommendations for Improving Security...  

National Nuclear Security Administration (NNSA)

Secretary Richardson Accepts Recommendations for Improving Security at Nuclear Weapons Laboratories | National Nuclear Security Administration Facebook Twitter Youtube Flickr RSS...

448

FOILFEST :community enabled security.  

SciTech Connect (OSTI)

The Advanced Concepts Group of Sandia National Laboratories hosted a workshop, ''FOILFest: Community Enabled Security'', on July 18-21, 2005, in Albuquerque, NM. This was a far-reaching look into the future of physical protection consisting of a series of structured brainstorming sessions focused on preventing and foiling attacks on public places and soft targets such as airports, shopping malls, hotels, and public events. These facilities are difficult to protect using traditional security devices since they could easily be pushed out of business through the addition of arduous and expensive security measures. The idea behind this Fest was to explore how the public, which is vital to the function of these institutions, can be leveraged as part of a physical protection system. The workshop considered procedures, space design, and approaches for building community through technology. The workshop explored ways to make the ''good guys'' in public places feel safe and be vigilant while making potential perpetrators of harm feel exposed and convinced that they will not succeed. Participants in the Fest included operators of public places, social scientists, technology experts, representatives of government agencies including DHS and the intelligence community, writers and media experts. Many innovative ideas were explored during the fest with most of the time spent on airports, including consideration of the local airport, the Albuquerque Sunport. Some provocative ideas included: (1) sniffers installed in passage areas like revolving door, escalators, (2) a ''jumbotron'' showing current camera shots in the public space, (3) transparent portal screeners allowing viewing of the screening, (4) a layered open/funnel/open/funnel design where open spaces are used to encourage a sense of ''communitas'' and take advantage of citizen ''sensing'' and funnels are technological tunnels of sensors (the tunnels of truth), (5) curved benches with blast proof walls or backs, (6) making it easy for the public to report, even if not sure/''non-event'' (e.g. ''I'm uncomfortable'') and processing those reports in aggregate not individually, (7) transforming the resident working population into a part-time undercover security/sensor force through more innovative training and (8) adding ambassadors/security that engage in unexpected conversation with the public. The group recommended that we take actions to pursue the following ideas next: (a) A concept for a mobile sensor transport (JMP); (b) Conduct a follow-on workshop; (c) Conduct social experiments/activities to see how people would react to the concepts related to community and security; (d) Explore further aesthetically pleasing, blast-resistance seating areas; and (e) The Art of Freedom (an educational, multi-media campaign).

Moore, Judy Hennessey; Johnson, Curtis Martin; Whitley, John B.; Drayer, Darryl Donald; Cummings, John C., Jr. (.,; .)

2005-09-01T23:59:59.000Z

449

Practical security for multi-user web application databases  

E-Print Network [OSTI]

Online web applications are continuously vulnerable to attacks on their users' data. Outside adversaries can gain unauthorized access by exploiting unknown vulnerabilities; curious or malicious database administrators can ...

Redfield, Catherine M. S

2012-01-01T23:59:59.000Z

450

Response surfaces of vulnerability to climate change: the Colorado River Basin, the High Plains, and California  

E-Print Network [OSTI]

the vulnerability of water supply to shortage for the Colorado River Basin and basins of the High Plains, it becomes ever more important to assess the vulnerability of current and future water supplies to shortage more likely to experience water shortages (Barnett et al. 2004; Barnett and Pierce 2008, 2009; Cayan et

451

Finding Semantic Vulnerabilities in PHP Applications The University of Texas at Austin  

E-Print Network [OSTI]

SAFERPHP: Finding Semantic Vulnerabilities in PHP Applications Sooel Son The University of Texas the first characterization of these types of vulner- abilities in PHP applications, develop novel inter-procedural algorithms for discovering them in PHP source code, and implement these algorithms as part of SAFERPHP

Shmatikov, Vitaly

452

Indra Prasad Paneru Livelihood strategy and occupational vulnerability of street ice cream vendors in Kathmandu Valley  

E-Print Network [OSTI]

Indra Prasad Paneru Livelihood strategy and occupational vulnerability of street ice cream vendors in Kathmandu Valley Livelihood strategy and occupational vulnerability of street ice cream vendors in Kathmandu-cream vendors of Kathmandu valley, Case study of Jawalakhel, Ratnapark area and Balaju area' explores

Richner, Heinz

453

Geospatial analysis of vulnerable beach-foredune systems from decadal time series of lidar data  

E-Print Network [OSTI]

Geospatial analysis of vulnerable beach-foredune systems from decadal time series of lidar data, Geospatial analysis of vulnerable beach- foredune systems from decadal time series of lidar data, Journal densities; therefore, geospatial analysis, when applied to decadal lidar time series, needs to address

Mitasova, Helena

454

Impact of relief accuracy on flood simulations and road network vulnerability analysis  

E-Print Network [OSTI]

network by forcing users to take detours. In a risk preventive viewpoint, the network administrator has 1 Impact of relief accuracy on flood simulations and road network vulnerability analysis Jean in the water level and its consequences on the road network vulnerability. The first part focuses

Paris-Sud XI, Universit de

455

What about vulnerability to a fault attack of the Miller algorithm during an  

E-Print Network [OSTI]

What about vulnerability to a fault attack of the Miller algorithm during an Identity Based is to analyse the weakness of the Miller algorithm when it undergoes a fault attack. We prove that the Miller algorithm is vulnerable to a fault attack which is valid in all coordinate systems, through the resolution

Paris-Sud XI, Université de

456

What About Vulnerability to a Fault Attack of the Miller's Algorithm During an  

E-Print Network [OSTI]

What About Vulnerability to a Fault Attack of the Miller's Algorithm During an Identity Based of this article is to analyse the weakness of the Miller's algorithm when it undergoes a fault attack. We prove that the Miller's algorithm is vulnerable to a fault attack which is valid in all coordinate systems, through

Paris-Sud XI, Université de

457

Modeling Complex Control Systems to Identify Remotely Accessible Devices Vulnerable to Cyber Attack1  

E-Print Network [OSTI]

and SCADA systems such as: "Which is the most vulnerable device of our power substation under an attack to remote power substations and control centers comes with the added risk of cyber attack by hackers andModeling Complex Control Systems to Identify Remotely Accessible Devices Vulnerable to Cyber Attack

Krings, Axel W.

458

Update on the Department of Energy's 1994 plutonium vulnerability assessment for the plutonium finishing plant  

SciTech Connect (OSTI)

A review of the environmental, safety, and health vulnerabilities associated with the continued storage of PFP's inventory of plutonium bearing materials and other SNM. This report re-evaluates the five vulnerabilities identified in 1994 at the PFP that are associated with SNM storage. This new evaluation took a more detailed look and applied a risk ranking process to help focus remediation efforts.

HERZOG, K.R.

1999-09-01T23:59:59.000Z

459

Seismic vulnerability analysis of moderate seismicity areas using in situ experimental  

E-Print Network [OSTI]

Seismic vulnerability analysis of moderate seismicity areas using in situ experimental techniques (LGIT), LCPC, CNRS, Université Joseph Fourier Grenoble Abstract Seismic vulnerability analysis. This curve is particularly interesting in moderate seismic areas. This methodology is applied to the Grenoble

Paris-Sud XI, Université de

460

VULNERABILITY ASSESSMENT OF WATER RESOURCES SYSTEMS IN THE EASTERN NILE BASIN  

E-Print Network [OSTI]

VULNERABILITY ASSESSMENT OF WATER RESOURCES SYSTEMS IN THE EASTERN NILE BASIN TO ENVIRONMENTAL Resources VULNERABILITY ASSESSMENT OF WATER RESOURCES SYSTEMS IN THE EASTERN NILE BASIN TO ENVIRONMENTAL Resources Institute of African Research and Studies, Cairo University For the Degree of MASTER OF SCIENCE

Richner, Heinz

Note: This page contains sample records for the topic "multiple security vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


461

Climate change impacts and vulnerability of the southern populations of Pinus nigra subsp. salzmannii  

E-Print Network [OSTI]

vulnerability to climate change in Mediterranean mountain forests is not well developed. Climate change impactsClimate change impacts and vulnerability of the southern populations of Pinus nigra subsp-sensitive species. Trees will adapt not only to changes in mean climate variables but also to increased extreme

Herrera, Carlos M.

462

T-526: Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulnerability  

Broader source: Energy.gov [DOE]

Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. Microsoft Internet Explorer 8.0.7600.16385 is vulnerable; other versions may also be affected.

463

Security seal. [Patent application  

DOE Patents [OSTI]

Security for a package or verifying seal in plastic material is provided by a print seal with unique thermally produced imprints in the plastic. If tampering is attempted, the material is irreparably damaged and thus detectable. The pattern of the imprints, similar to fingerprints are recorded as a positive identification for the seal, and corresponding recordings made to allow comparison. The integrity of the seal is proved by the comparison of imprint identification records made by laser beam projection.

Gobeli, G.W.

1981-11-17T23:59:59.000Z

464

NNSA orders security enhancements  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May JunDatastreamsmmcrcalgovInstrumentsrucLas Conchas recoveryLaboratory | National Nuclear SecurityAdministration

465

National Security Initiatives | ORNL  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May JunDatastreamsmmcrcalgovInstrumentsrucLas Conchas recoveryLaboratory | NationalJohn Cyber Security Nuclear Forensics Bioinformatics

466

Security Clearances; Limitations  

Energy Savers [EERE]

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on Office of Inspector GeneralDepartment of Energyof the Americas | Department ofofDeliveredSectionSecuring theSEC. 1072.

467

Strengthening Global Security  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr MayAtmosphericNuclear Security Administrationcontroller systemsBiSiteNeutronStrategic Plan The

468

Summary of The 3rd Control System Cyber-Security (CS)2/HEP Workshop  

E-Print Network [OSTI]

Over the last decade modern accelerator and experiment control systems have increasingly been based on commercial-off-the-shelf products (VME crates, programmable logic controllers (PLCs), supervisory control and data acquisition (SCADA) systems, etc.), on Windows or Linux PCs, and on communication infrastructures using Ethernet and TCP/IP. Despite the benefits coming with this (r)evolution, new vulnerabilities are inherited, too: Worms and viruses spread within seconds via the Ethernet cable, and attackers are becoming interested in control systems. The Stuxnet worm of 2010 against a particular Siemens PLC is a unique example for a sophisticated attack against control systems [1]. Unfortunately, control PCs cannot be patched as fast as office PCs. Even worse, vulnerability scans at CERN using standard IT tools have shown that commercial automation systems lack fundamental security precautions: Some systems crashed during the scan, others could easily be stopped or their process data being ...

Lders, S

2011-01-01T23:59:59.000Z

469

Management of Control System Information SecurityI: Control System Patch Management  

SciTech Connect (OSTI)

The use of information technologies in control systems poses additional potential threats due to the frequent disclosure of software vulnerabilities. The management of information security involves a series of policy-making on the vulnerability discovery, disclosure, patch development and patching. In this paper, we use a system approach to devise a model to understand the interdependencies of these decision processes. In more details, we establish a theoretical framework for making patching decision for control systems, taking into account the requirement of functionability of control systems. We illustrate our results with numerical simulations and show that the optimal operation period of control systems given the currently estimated attack rate is roughly around a half a month.

Quanyan Zhu; Miles McQueen; Craig Rieger; Tamer Basar

2011-09-01T23:59:59.000Z

470

Control Systems Cyber Security:Defense in Depth Strategies  

SciTech Connect (OSTI)

Information infrastructures across many public and private domains share several common attributes regarding IT deployments and data communications. This is particularly true in the control systems domain. A majority of the systems use robust architectures to enhance business and reduce costs by increasing the integration of external, business, and control system networks. However, multi-network integration strategies often lead to vulnerabilities that greatly reduce the security of an organization, and can expose mission-critical control systems to cyber threats. This document provides guidance and direction for developing defense-in-depth strategies for organizations that use control system networks while maintaining a multi-tier information architecture that requires: Maintenance of various field devices, telemetry collection, and/or industrial-level process systems Access to facilities via remote data link or modem Public facing services for customer or corporate operations A robust business environment that requires connections among the control system domain, the external Internet, and other peer organizations.

David Kuipers; Mark Fabro

2006-05-01T23:59:59.000Z

471

Control Systems Cyber Security: Defense-in-Depth Strategies  

SciTech Connect (OSTI)

Information infrastructures across many public and private domains share several common attributes regarding IT deployments and data communications. This is particularly true in the control systems domain. A majority of the systems use robust architectures to enhance business and reduce costs by increasing the integration of external, business, and control system networks. However, multi-network integration strategies often lead to vulnerabilities that greatly reduce the security of an organization, and can expose mission-critical control systems to cyber threats. This document provides guidance and direction for developing defense-in-depth strategies for organizations that use control system networks while maintaining a multi-tier information architecture that requires: Maintenance of various field devices, telemetry collection, and/or industrial-level process systems Access to facilities via remote data link or modem Public facing services for customer or corporate operations A robust business environment that requires connections among the control system domain, the external Internet, and other peer organizations.

Mark Fabro

2007-10-01T23:59:59.000Z

472

Securing AODV for MANETs using Message Digest with Secret Key  

E-Print Network [OSTI]

Due to lack of the infrastructure, open peer-to-peer architecture, shared wireless medium, limited resource constraints and highly dynamic topology, MANETs (Mobile Adhoc Networks) are frequently established in insecure environments, which make them more vulnerable to attacks. These attacks are initiated by sharing malicious nodes against different services of network. The binding force in these networks is routing protocol, which is a common target of malicious nodes. MANETs routing protocols are being developed without having security in mind. Ad-hoc On-Demand Distance Vector (AODV) is one such widely used routing protocol that is at present undergo extensive research and development. AODV is based on distance vector routing, but here the updates are shared not on a periodic basis but on an as per demand basis. The control packets contain a hop-count and sequence number field which recognizes the freshness of routing. These fields are editable, so it creates a possible susceptibility that is frequently abuse...

Lakhtaria, Mr Kamaljit; Prajapati, Mr Satish G; Jani, N N

2010-01-01T23:59:59.000Z

473

APPENDIX A: Climate Change Vulnerability Literature Review The purpose of this discussion is to review the existing literature surrounding climate change adaptation  

E-Print Network [OSTI]

1 APPENDIX A: Climate Change Vulnerability Literature Review Purpose The purpose of this discussion is to review the existing literature surrounding climate change adaptation and vulnerability with a focus thought surrounding methods for conducting climate change vulnerability assessments. The review

Brownstone, Rob

474

On Building Secure SCADA Systems using Security Eduardo B. Fernandez  

E-Print Network [OSTI]

power generation plants and oil refineries often involve components that are geographically distributed. To continuously monitor and control the different sections of the plant in order to ensure its appropriate the concepts of SCADA systems, analyze the threats and vulnerabilities of these systems, and illustrate

Wu, Jie

475

Smart Grid Embedded Cyber Security: Ensuring Security While Promoting Interoperability  

E-Print Network [OSTI]

Smart Grid Embedded Cyber Security: Ensuring Security While Promoting Interoperability Communications and Embedded Systems Department Southwest Research Institute Gary Ragsdale, Ph.D., P.E. August 24 ? 25, 2010 ESL-HH-10-08-09 Proceedings of the 17... of Smart Grid devices ? Describe progress made in Smart Grid security ? Propose a more robust approach to SG security ? Describe needs for further research and development ESL-HH-10-08-09 Proceedings of the 17th Symposium for Improving Building Systems...

Ragsdale, G.

476

Dye filled security seal  

DOE Patents [OSTI]

A security seal for providing an indication of unauthorized access to a sealed object includes an elongate member to be entwined in the object such that access is denied unless the member is removed. The elongate member has a hollow, pressurizable chamber extending throughout its length that is filled with a permanent dye under greater than atmospheric pressure. Attempts to cut the member and weld it together are revealed when dye flows through a rupture in the chamber wall and stains the outside surface of the member.

Wilson, Dennis C. W. (Tijeras, NM)

1982-04-27T23:59:59.000Z

477

Cyberspace security system  

SciTech Connect (OSTI)

A system evaluates reliability, performance and/or safety by automatically assessing the targeted system's requirements. A cost metric quantifies the impact of failures as a function of failure cost per unit of time. The metrics or measurements may render real-time (or near real-time) outcomes by initiating active response against one or more high ranked threats. The system may support or may be executed in many domains including physical domains, cyber security domains, cyber-physical domains, infrastructure domains, etc. or any other domains that are subject to a threat or a loss.

Abercrombie, Robert K; Sheldon, Frederick T; Ferragut, Erik M

2014-06-24T23:59:59.000Z

478

National Security Science  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May JunDatastreamsmmcrcalgovInstrumentsrucLas Conchas recoveryLaboratory | NationalJohn Cyber Security Nuclear ForensicsScience National

479

National Security Science Archive  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May JunDatastreamsmmcrcalgovInstrumentsrucLas Conchas recoveryLaboratory | NationalJohn Cyber Security Nuclear ForensicsScienceScience »

480

Security | Argonne National Laboratory  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr May Jun Jul(Summary)morphinanInformation Desert Southwest RegionatSearchScheduled System OutagesNews PressThemesLinksUserSecurity

Note: This page contains sample records for the topic "multiple security vulnerabilities" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


481

Security | Department of Energy  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr MayAtmosphericNuclear Security Administrationcontroller systemsBi (2) SrEvaluating the Seasonalsw ' b 0

482

PNNL: Security & Privacy  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr MayAtmosphericNuclear Security Administration the1 - September 2006 TheSteven Ashby Dr. Steven Ashby Photo Dr.1999alt=Search

483

Energy Security Overview  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr MayAtmospheric Optical Depth7-1D: Vegetation ProposedUsing Zirconia Nanoparticles asSecondCareerFebruaryEnergySecurity Overview We are

484

National Nuclear Security Administration  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr MayAtmosphericNuclear Security Administration the Contributions andDataNational Library of Energy Login The National

485

National Nuclear Security Administration  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr MayAtmosphericNuclear Security Administration the Contributions andDataNational Library of Energy Login The NationalWashington. DC

486

Natlonal Nuclear Security Admlnlstratlon  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr MayAtmosphericNuclear Security Administration the Contributions andDataNational Library of Energy2015 | JeffersonNations

487

A graph-based network-vulnerability analysis system  

SciTech Connect (OSTI)

This paper presents a graph based approach to network vulnerability analysis. The method is flexible, allowing analysis of attacks from both outside and inside the network. It can analyze risks to a specific network asset, or examine the universe of possible consequences following a successful attack. The analysis system requires as input a database of common attacks, broken into atomic steps, specific network configuration and topology information, and an attacker profile. The attack information is matched with the network configuration information and an attacker profile to create a superset attack graph. Nodes identify a stage of attack, for example the class of machines the attacker has accessed and the user privilege level he or she has compromised. The arcs in the attack graph represent attacks or stages of attacks. By assigning probabilities of success on the arcs or costs representing level of effort for the attacker, various graph algorithms such as shortest path algorithms can identify the attack paths with the highest probability of success.

Swiler, L.P.; Phillips, C.; Gaylor, T.

1998-05-03T23:59:59.000Z

488

A graph-based network-vulnerability analysis system  

SciTech Connect (OSTI)

This report presents a graph-based approach to network vulnerability analysis. The method is flexible, allowing analysis of attacks from both outside and inside the network. It can analyze risks to a specific network asset, or examine the universe of possible consequences following a successful attack. The analysis system requires as input a database of common attacks, broken into atomic steps, specific network configuration and topology information, and an attacker profile. The attack information is matched with the network configuration information and an attacker profile to create a superset attack graph. Nodes identify a stage of attack, for example the class of machines the attacker has accessed and the user privilege level he or she has compromised. The arcs in the attack graph represent attacks or stages of attacks. By assigning probabilities of success on the arcs or costs representing level-of-effort for the attacker, various graph algorithms such as shortest-path algorithms can identify the attack paths with the highest probability of success.

Swiler, L.P.; Phillips, C. [Sandia National Labs., Albuquerque, NM (United States); Gaylor, T. [3M, Austin, TX (United States). Visual Systems Div.

1998-01-01T23:59:59.000Z

489

A graph-based system for network-vulnerability analysis  

SciTech Connect (OSTI)

This paper presents a graph-based approach to network vulnerability analysis. The method is flexible, allowing analysis of attacks from both outside and inside the network. It can analyze risks to a specific network asset, or examine the universe of possible consequences following a successful attack. The graph-based tool can identify the set of attack paths that have a high probability of success (or a low effort cost) for the attacker. The system could be used to test the effectiveness of making configuration changes, implementing an intrusion detection system, etc. The analysis system requires as input a database of common attacks, broken into atomic steps, specific network configuration and topology information, and an attacker profile. The attack information is matched with the network configuration information and an attacker profile to create a superset attack graph. Nodes identify a stage of attack, for example the class of machines the attacker has accessed and the user privilege level he or she has compromised. The arcs in the attack graph represent attacks or stages of attacks. By assigning probabilities of success on the arcs or costs representing level-of-effort for the attacker, various graph algorithms such as shortest-path algorithms can identify the attack paths with the highest probability of success.

Swiler, L.P.; Phillips, C.

1998-06-01T23:59:59.000Z

490

National Security | ornl.gov  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Mobile Applications StreamingReal-time Data Data System Architectures for National Security Sensor Networks Visual Analytics Risk Analysis Systems Modeling Engineering Analysis...

491

Technology Transfer Success Stories, Security  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

Security Navigate Home About Us Contact Information Hide Thumbs First Previous Pause Next Last Set Speed Slideshow speed: 5 seconds Move Autoinduction system New Image Set...

492

Climate Change and National Security  

E-Print Network [OSTI]

CLIMATE CHANGE Multiplying Threats to National Securityfor the impacts of climate change on national security. Pagea warming world. Page 11 Climate change acts as a threat

Alyson, Fleming; Summer, Kelly; Summer, Martin; Lauren, Franck; Jonathan, Mark

2015-01-01T23:59:59.000Z

493

Cyber Security Process Requirements Manual  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

The Manual establishes the minimum implementation standards for cyber security management processes throughout the Department. No cancellation. Admin Chg 1 dated 9-1-09.

2008-08-12T23:59:59.000Z

494

Secure Data Center (Fact Sheet)  

SciTech Connect (OSTI)

This fact sheet describes the purpose, lab specifications, applications scenarios, and information on how to partner with NREL's Secure Data Center at the Energy Systems Integration Facility.

Not Available

2012-08-01T23:59:59.000Z

495

Sandia National Laboratories: Cyber-Based Vulnerability Assessments  

Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE:1 First Use of Energy for All Purposes (Fuel and Nonfuel),Feet) Year Jan Feb Mar Apr MayAtmosphericNuclear Security Administration the1 -the Mid-Infrared0EnergySandia Involves Wind-FarmCool EarthSafety

496

Fast Machine Code for Modular Multiplication Michael Scott  

E-Print Network [OSTI]

Fast Machine Code for Modular Multiplication Michael Scott School of Computer Applications Dublin, that is the calculation of a = b e mod n where for acceptable levels of security a, b, e, and n are large multiprecision will be not much larger than the number of bits in the binary representation of e. Therefore fast modular

Bernstein, Daniel

497

Safeguards and Security Program  

Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

Ensures appropriate levels of protection against unauthorized access; theft, diversion, loss of custody, or destruction of nuclear weapons, or weapons components; espionage; loss or theft of classified matter or Government property; and other hostile acts that may cause unacceptable adverse impacts on national security or on the health and safety of Department of Energy (DOE) and contractor employees, the public, or the environment. DOE O 470.1 Extended until 5-11-06 by DOE N 251.63, dated 5-11-05. Chg 1, Safeguards and Security Program, dated 9/28/95, extended by DOE N 251.57, dated 4/28/2004. Change 1, 5/21/96, revises Chapter IV. Cancels: DOE 5630.11B, DOE 5630.13A, DOE 5630.14A, DOE 5630.15, DOE 5630.16A, DOE 5630.17, DOE 5631.1C, DOE 5631.4A, DOE 5634.1B, DOE 5634.3, DOE 5639.3, DOE M 5632.1C-1 in part.

1995-09-28T23:59:59.000Z

498

Security classification of information  

SciTech Connect (OSTI)

This document is the second of a planned four-volume work that comprehensively discusses the security classification of information. The main focus of Volume 2 is on the principles for classification of information. Included herein are descriptions of the two major types of information that governments classify for national security reasons (subjective and objective information), guidance to use when determining whether information under consideration for classification is controlled by the government (a necessary requirement for classification to be effective), information disclosure risks and benefits (the benefits and costs of classification), standards to use when balancing information disclosure risks and benefits, guidance for assigning classification levels (Top Secret, Secret, or Confidential) to classified information, guidance for determining how long information should be classified (classification duration), classification of associations of information, classification of compilations of information, and principles for declassifying and downgrading information. Rules or principles of certain areas of our legal system (e.g., trade secret law) are sometimes mentioned to .provide added support to some of those classification principles.

Quist, A.S.

1993-04-01T23:59:59.000Z

499

Electronic security device  

DOE Patents [OSTI]

The present invention relates to a security device having a control box containing an electronic system and a communications loop over which the system transmits a signal. The device is constructed so that the communications loop can extend from the control box across the boundary of a portal such as a door into a sealed enclosure into which access is restricted whereby the loop must be damaged or moved in order for an entry to be made into the enclosure. The device is adapted for detecting unauthorized entries into such enclosures such as rooms or containers and for recording the time at which such entries occur for later reference. Additionally, the device detects attempts to tamper or interfere with the operation of the device itself and records the time at which such events take place. In the preferred embodiment, the security device includes a microprocessor-based electronic system and a detection module capable of registering changes in the voltage and phase of the signal transmitted over the loop. 11 figs.

Eschbach, E.A.; LeBlanc, E.J.; Griffin, J.W.

1992-03-17T23:59:59.000Z

500

Ideas for Security Assurance in Security Critical Software using Modelica  

E-Print Network [OSTI]

Ideas for Security Assurance in Security Critical Software using Modelica David Broman, Peter critical software. Modelica is a modern, strongly typed, de- clarative, and object-oriented language assurance, by expanding the scope of Modelica into also becoming a declarative modeling language for other

Zhao, Yuxiao