Powered by Deep Web Technologies
Note: This page contains sample records for the topic "quality security cyber" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


1

CYBER SECURITY METRICS AND MEASURES  

Science Conference Proceedings (OSTI)

... CYBER SECURITY METRICS AND MEASURES ... Keywords: cyber security; metrics; measures; software; computer systems; IT ...

2013-05-07T23:59:59.000Z

2

Cyber Security Evaluations - Reports  

NLE Websites -- All DOE Office Websites (Extended Search)

Oversight Program Home Office of Security and Cyber Evaluations Office of Safety and Emergency Management Evaluations Guidance Documents Security and Cyber Evaluations ...

3

Cyber Security Module  

NLE Websites -- All DOE Office Websites (Extended Search)

Cyber Security Module Cyber security training is required for all facility users and must be submitted before or upon arrival at the GUV Center. System Requirements and Information...

4

NIST Cyber Security Framework  

Science Conference Proceedings (OSTI)

Page 1. NIST Cyber Security Framework ISA-62443-2-1 :2009 ISA-62443-2-1 (Ed. 2, D2E8 ... Page 2. Security NIST Cyber ...

2013-12-13T23:59:59.000Z

5

Cyber and Network Security Homepage  

Science Conference Proceedings (OSTI)

Cyber and Network Security. Cyber and network security is focused on ensuring three security objectives of information ...

2010-10-05T23:59:59.000Z

6

Cyber Security Evaluations Reports  

NLE Websites -- All DOE Office Websites (Extended Search)

Oversight Home Sub Offices Security Evaluations Cyber Security Evaluations Emergency Management Oversight Environment, Safety and Health Evaluations Mission &...

7

Berkeley Lab Cyber Security - Cyber Security Website - Berkeley...  

NLE Websites -- All DOE Office Websites (Extended Search)

Department of Energy logo Phone Book Jobs Search Contact Us About CPIC Intranet Cyber Home Resources Training Requirements Search Cyber Security Cyber Security Website FAQs...

8

Cyber Security Evaluations - Reports  

NLE Websites -- All DOE Office Websites (Extended Search)

Cyber Security Reports Cyber Security Reports 2012 Review of the Classified Cyber Security Programs at the Lawrence Livermore National Laboratory, January 2012, (OUO) Independent Oversight Review of the Classified Cyber Security Programs at the Savannah River Site, March 2012, (OUO) Independent Oversight Review of the Unclassified and Classified Cyber Security Programs at the Office of Scientific and Technical Information, March 2012, (OUO) Independent Oversight 2011 Report on Security Vulnerabilities of National Laboratory Computers, April 13, 2012, (OUO) Technical Review of the Office of Health, Safety and Security Classified Local Area Network, May 2012, (OUO) 2011 (U) Unclassified Cyber Security Technical Review of the Bonneville Power Administration Transmission Services Control Center Network, (OUO), May 2011

9

Enterprise Cyber Security Posture  

Science Conference Proceedings (OSTI)

... to enable organizations to transform uncertainties into ... org/issues- research/telecom/security-breach-notification ... systems C. Cyber-physical systems ...

2013-04-10T23:59:59.000Z

10

Cyber Security | National Security | ORNL  

NLE Websites -- All DOE Office Websites (Extended Search)

National Security Home | Science & Discovery | National Security | Initiatives | Cyber Security SHARE Cyber Security Through Science A Science-Based Approach image ORNL uses a science-based approach that combines experimentation, theory, modeling, and high performance computing to solve some of the nation's cyber security grand challenges. Significant, 'game-changing' transformation requires a science-based approach that combines fundamental understanding with experimentation, theory, and modeling. The most successful scientific programs use peer review to maximize intellectual capital and prioritize research needs. The Department of Energy has applied this approach through programs such as the Scientific Discovery through Advanced Computing (SciDAC) and ASCI,

11

Information Security: Coordination of Federal Cyber Security...  

NLE Websites -- All DOE Office Websites (Extended Search)

a federal agenda for cyber security research. GAO also recommends that the Office of Management and Budget (OMB) issue guidance to agencies for providing cyber security research...

12

Cyber Security Reports | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Guidance Cyber Security Reports Cyber Security Reports 2012 Review of the Classified Cyber Security Programs at the Lawrence Livermore National Laboratory, January 2012, (OUO)...

13

Cyber Security Issues and Requirements  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Program Program (SGIG) Cyber Security Issues and Requirements Jeff Dagle November 19, 2009 Communication and Information Technology will be Central to Smart Grid Deployment Final Interim Smart Grid Roadmap, prepared by the Electric Power Research Institute (EPRI) for the National Institute of Standards and Technology (NIST) Cyber Security Requirements Associated with ARRA Projects Proposals were required to include:  Discussion of how cyber security risks will be mitigated  What criteria will be used for vendor and technology selection  Relevant cyber security standards that will be followed (or industry best practices)  How emerging smart grid cyber security standards that are currently being developed will be adopted Cyber Security Objectives for Smart

14

Metaphors for cyber security.  

SciTech Connect

This report is based upon a workshop, called 'CyberFest', held at Sandia National Laboratories on May 27-30, 2008. Participants in the workshop came from organizations both outside and inside Sandia. The premise of the workshop was that thinking about cyber security from a metaphorical perspective could lead to a deeper understanding of current approaches to cyber defense and perhaps to some creative new approaches. A wide range of metaphors was considered, including those relating to: military and other types of conflict, biological, health care, markets, three-dimensional space, and physical asset protection. These in turn led to consideration of a variety of possible approaches for improving cyber security in the future. From the proposed approaches, three were formulated for further discussion. These approaches were labeled 'Heterogeneity' (drawing primarily on the metaphor of biological diversity), 'Motivating Secure Behavior' (taking a market perspective on the adoption of cyber security measures) and 'Cyber Wellness' (exploring analogies with efforts to improve individual and public health).

Moore, Judy Hennessey; Parrott, Lori K.; Karas, Thomas H.

2008-08-01T23:59:59.000Z

15

Security and Cyber Evaluations - Guidance Documents  

NLE Websites -- All DOE Office Websites (Extended Search)

Guidance Documents Security and Cyber Evaluations Security Evaluations Appraisal Process Guide, April 2008 Cyber Security Evaluations Appraisal Process Guide, April 2008 Security...

16

INSTITUTE FOR CYBER SECURITY Security Models  

E-Print Network (OSTI)

INSTITUTE FOR CYBER SECURITY 1 Security Models: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University of Texas at San Antonio July 2010 ravi.sandhu@utsa.edu www.profsandhu.com © Ravi Sandhu #12;INSTITUTE FOR CYBER SECURITY 2 THE BIG

Sandhu, Ravi

17

INSTITUTE FOR CYBER SECURITY Security Models  

E-Print Network (OSTI)

INSTITUTE FOR CYBER SECURITY 1 Security Models: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University of Texas at San Antonio July 2009 ravi.sandhu@utsa.edu www.profsandhu.com © Ravi Sandhu #12;INSTITUTE FOR CYBER SECURITY 2 THE BIG

Sandhu, Ravi

18

Chapter_14_Cyber_Security  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

4 4 Cyber Security The DOE Cyber Security Program aims to protect the Department's diverse missions in a cost- effective manner; identify threats, risks, and mitigations; and remain flexible in a changing environment. Key Departmental directives, policies, and procedures governing the implementation of the Cyber Security Program at DOE HQ are: * DOE Order 205.1B, Department of Energy Cyber Security Management * DOE Policy 205.1, Department of Energy Cyber Security Management Policy * Headquarters Program Cyber Security Plan (HQ PCSP) HQ Implementation Procedures The head of each HQ element is responsible for implementing a cyber security program within his or her element that conforms to the policies and procedures set forth in the HQ PCSP. Each Head of Element must appoint, in writing, an

19

Strengthening Cyber Security | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Strengthening Cyber Security Strengthening Cyber Security Describes the goals and activities of the National SCADA Test Bed program to secure control systems in the energy sector...

20

Security and Cyber Guidance | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Guidance Security and Cyber Guidance Appraisal Process Guides Security Evaluations Appraisal Process Guide - April 2008 Cyber Security Evaluations Appraisal Process Guide - April...

Note: This page contains sample records for the topic "quality security cyber" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


21

Using Operational Security (OPSEC) to Support a Cyber Security...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Using Operational Security (OPSEC) to Support a Cyber Security Culture in Control Systems Environments Using Operational Security (OPSEC) to Support a Cyber Security Culture in...

22

Cyber Security Management Memorandum | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Cyber Security Management Memorandum Cyber Security Management Memorandum On December 7, 2009, the Deputy Secretary of Energy released this memorandum directing the creation of a...

23

Technical Options to Address Cyber Security, Interoperability...  

NLE Websites -- All DOE Office Websites (Extended Search)

Technical Options to Address Cyber Security, Interoperability and Other Issues with ZigBee SEP Title Technical Options to Address Cyber Security, Interoperability and Other Issues...

24

INL Cyber Security Research | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Research Cyber security research at INL will help protect critical infrastructure control system computers against worms and other viruses. INL Cyber Security Research More...

25

Comprehensive National Cyber Security: Leap-Ahead ...  

Science Conference Proceedings (OSTI)

Comprehensive National Cyber Security: Leap-Ahead Security for Interconnected Systems (+10 FTE, +$5,500,000). Challenge. image: ...

2010-10-05T23:59:59.000Z

26

The Department's Unclassified Cyber Security Program 2002, IG...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Unclassified Cyber Security Program 2002, IG-0567 The Department's Unclassified Cyber Security Program 2002, IG-0567 The Department's Unclassified Cyber Security Program 2002,...

27

DOE CYBER SECURITY EBK: MINIMUM CORE COMPETENCY TRAINING REQUIREMENTS...  

NLE Websites -- All DOE Office Websites (Extended Search)

CYBER SECURITY EBK: MINIMUM CORE COMPETENCY TRAINING REQUIREMENTS DOE CYBER SECURITY EBK: MINIMUM CORE COMPETENCY TRAINING REQUIREMENTS DOE CYBER SECURITY EBK: CORE COMPETENCY...

28

RFI Comments - Advanced Cyber Security Center  

Science Conference Proceedings (OSTI)

Page 1. Page 1 of 3 Advanced Cyber Security Center Rollout ... The Need The advanced cyber threat is real and growing. ...

2013-04-09T23:59:59.000Z

29

DOE CYBER SECURITY EBK: CORE COMPETENCY TRAINING REQUIREMENTS...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

CORE COMPETENCY TRAINING REQUIREMENTS: CA DOE CYBER SECURITY EBK: CORE COMPETENCY TRAINING REQUIREMENTS: CA DOE CYBER SECURITY EBK: CORE COMPETENCY TRAINING REQUIREMENTS. Key Cyber...

30

Distribution System Cyber Security Architecture  

Science Conference Proceedings (OSTI)

The National Institute of Standards and Technology (NIST) has developed the NISTIR 7628: Guidelines for Smart Grid Cyber Security, while ASAP-SG has developed both the Security Profile for AMI (v2.0) and the Security Profile for Distribution Management. These documents are necessarily high level and generic, covering a broad range of smart grid assets, and focus exclusively on determining the security requirements. However, utilities and their vendors often cannot get a clear picture of what existing tec...

2010-12-31T23:59:59.000Z

31

Cyber Security and Resilient Systems  

Science Conference Proceedings (OSTI)

The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nations cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments to date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the next generation fighter jets or nuclear material safeguards systems in complex nuclear fuel cycle facilities. It is the intent of this paper to describe the cyber security programs that are currently in place, the experiences and successes achieved in industry including outreach and training, and suggestions about how other sectors and organizations can leverage this national expertise to help their monitoring and control systems become more secure.

Robert S. Anderson

2009-07-01T23:59:59.000Z

32

Cyber Security Standards.PDF  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1 1 I N S P E C T I O N R E P O R T U.S. DEPARTMENT OF ENERGY OFFICE OF INSPECTOR GENERAL OFFICE OF INSPECTIONS INSPECTION OF CYBER SECURITY STANDARDS FOR SENSITIVE PERSONAL INFORMATION NOVEMBER 2001 . DEPARTMENT OF ENERGY OFFICE OF INSPECTOR GENERAL U.S. DEPARTMENT OF ENERGY Washington, DC 20585 November 13, 2001 MEMORANDUM FOR THE SECRETARY FROM: Gregory H. Friedman /s/ Inspector General SUBJECT: INFORMATION: Report on "Inspection of Cyber Security Standards for Sensitive Personal Information" BACKGROUND The Office of Inspector General (OIG), U.S. Department of Energy (DOE), identified a concern relating to the cyber security of unclassified sensitive personal information maintained by the Department under the Privacy Act of 1974, and other personal information exempt from

33

Cyber Security Reports | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Cyber Security Reports Cyber Security Reports Cyber Security Reports 2012 Review of the Classified Cyber Security Programs at the Lawrence Livermore National Laboratory, January 2012, (OUO) Independent Oversight Review of the Classified Cyber Security Programs at the Savannah River Site, March 2012, (OUO) Independent Oversight Review of the Unclassified and Classified Cyber Security Programs at the Office of Scientific and Technical Information, March 2012, (OUO) Independent Oversight 2011 Report on Security Vulnerabilities of National Laboratory Computers, April 13, 2012, (OUO) Technical Review of the Office of Health, Safety and Security Classified Local Area Network, May 2012, (OUO) 2011 (U) Unclassified Cyber Security Technical Review of the Bonneville Power Administration Transmission Services Control Center Network, (OUO),

34

Cyber Security, Information Technology Division, ITD  

NLE Websites -- All DOE Office Websites (Extended Search)

ITD Home Cyber Security Links Cyber Security Home Network Access Antivirus Measures SSH Gateways Remote Access Computer Security Incidents Cyber Security Homepage Report a Security Incident Hotline: 631.344.8484 Email: security@bnl.gov Cyber Security Note: The links below supplement the Cyber Security, Unclassified SBMS subject area. Network Access Cyber Security image Network Access Registration - New connections to BNL's internal network must complete the registration process described in this link. Machines that are not registered will be denied access to the Laboratory's network. Proxy Configuration Virtual Private Network (VPN) RSA SecurID User Guide Desktop Security Locking Your Computer Disable Automatic Login (Mac OS X) Virus Protection Secure Shell (SSH) Resources

35

Before the House Subcommittee on Emerging Threats, Cyber Security...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Cyber Security and Science and Technology Committee on Homeland Security Before the House Subcommittee on Emerging Threats, Cyber Security and Science and Technology Committee...

36

Strategy for Improvements in Cyber Security | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Improvements in Cyber Security Strategy for Improvements in Cyber Security Brase-LLNL-SEAB.10.11.pdf More Documents & Publications Mobile Device Security Checklist Open...

37

Strengthening Cyber Security  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

E E n E rgyB i z November/December 2008 » TECHNOLOGY FRONTIER (Guest OpiniOn) remOte attaCks On systems that control power production and distribution are no longer hypothetical events. At least four utilities have been subjected to extortion demands by criminals who used the Internet to infect the utilities' computers and caused or threatened power outages. Cyber attacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. These are criminal acts, but nation-states are actively targeting utility computers, as well, so that in time of war they can turn off their adversary's power. While all this is happening, most executives in the

38

Cyber Security Procurement Methodology, Rev. 1  

Science Conference Proceedings (OSTI)

Determining how to apply cyber security requirements for new instrumentation and control (I&C) systems requires cyber security experts, I&C engineers, and procurement organizations to work together with vendors to implement and maintain cyber security controls. Improper or incomplete implementation of controls due to lack of proper requirements and/or unclear division of responsibilities between the utility and vendor can often result in costly retrofits to meet the ...

2013-12-17T23:59:59.000Z

39

Microgrid cyber security reference architecture.  

SciTech Connect

This document describes a microgrid cyber security reference architecture. First, we present a high-level concept of operations for a microgrid, including operational modes, necessary power actors, and the communication protocols typically employed. We then describe our motivation for designing a secure microgrid; in particular, we provide general network and industrial control system (ICS)-speci c vulnerabilities, a threat model, information assurance compliance concerns, and design criteria for a microgrid control system network. Our design approach addresses these concerns by segmenting the microgrid control system network into enclaves, grouping enclaves into functional domains, and describing actor communication using data exchange attributes. We describe cyber actors that can help mitigate potential vulnerabilities, in addition to performance bene ts and vulnerability mitigation that may be realized using this reference architecture. To illustrate our design approach, we present a notional a microgrid control system network implementation, including types of communica- tion occurring on that network, example data exchange attributes for actors in the network, an example of how the network can be segmented to create enclaves and functional domains, and how cyber actors can be used to enforce network segmentation and provide the neces- sary level of security. Finally, we describe areas of focus for the further development of the reference architecture.

Veitch, Cynthia K.; Henry, Jordan M.; Richardson, Bryan T.; Hart, Derek H.

2013-07-01T23:59:59.000Z

40

Cyber Security in Smart Grid Substations  

E-Print Network (OSTI)

Cyber Security in Smart Grid Substations Thijs Baars Lucas van den Bemd Michail Theuns Robin van.089 3508 TB Utrecht The Netherlands #12;CYBER SECURITY IN SMART GRID SUBSTATIONS Thijs Baars T.Brinkkemper@uu.nl Abstract. This report describes the state of smart grid security in Europe, specifically the Netherlands

Utrecht, Universiteit

Note: This page contains sample records for the topic "quality security cyber" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


41

Cyber Security Metrics and Measures abstract  

Science Conference Proceedings (OSTI)

Paul E. Black, Karen Scarfone, and Murugiah Souppaya, Cyber Security Metrics and Measures, in Wiley Handbook of Science and Technology for ...

2013-05-07T23:59:59.000Z

42

Computer Use Agreement, BNL Cyber Security  

NLE Websites -- All DOE Office Websites (Extended Search)

Users Be aware of, knowledgeable about, and comply with the requirements of the BNL Cyber Security Program as described in SBMS. Follow BNL policy regarding the use and...

43

Hiring and Managing a Cyber Security Workforce:  

Science Conference Proceedings (OSTI)

... DHS cyber security workers and others from outside of ... Sell the mission! Protecting the US nuclear arsenal or the New York City water supply is a ...

2013-09-19T23:59:59.000Z

44

Information Security: Coordination of Federal Cyber Security Research and  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Security: Coordination of Federal Cyber Security Security: Coordination of Federal Cyber Security Research and Development Information Security: Coordination of Federal Cyber Security Research and Development GAO recommends that the Office of Science and Technology Policy establish timelines for developing a federal agenda for cyber security research. GAO also recommends that the Office of Management and Budget (OMB) issue guidance to agencies for providing cyber security research data to repositories. In commenting on a draft of this report, OMB stated that it would review the need for such guidance. Information Security: Coordination of Federal Cyber Security Research and Development More Documents & Publications Networking and Information Technology Research and Development Supplement to the President's Budget (February 2010)

45

NNSA Seeking Comments on Consolidated IT and Cyber Security Support...  

NLE Websites -- All DOE Office Websites (Extended Search)

NNSA Seeking Comments on Consolidated IT and Cyber Security Support Services Draft NNSA Seeking Comments on Consolidated IT and Cyber Security Support Services Draft July 17, 2013...

46

THE DEPARTMENT'S UNCLASSIFIED CYBER SECURITY PROGRAM, IG-0519...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

THE DEPARTMENT'S UNCLASSIFIED CYBER SECURITY PROGRAM, IG-0519 THE DEPARTMENT'S UNCLASSIFIED CYBER SECURITY PROGRAM, IG-0519 Protecting unclassified information systems continues to...

47

DOE CYBER SECURITY EBK: MINIMUM CORE COMPETENCY TRAINING REQUIREMENTS...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

MINIMUM CORE COMPETENCY TRAINING REQUIREMENTS DOE CYBER SECURITY EBK: MINIMUM CORE COMPETENCY TRAINING REQUIREMENTS MINIMUM CORE COMPETENCY TRAINING REQUIREMENTS DOE CYBER SECURITY...

48

INSPECTION OF CYBER SECURITY STANDARDS FOR SENSITIVE PERSONAL...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

CYBER SECURITY STANDARDS FOR SENSITIVE PERSONAL INFORMATION, IG-0531 INSPECTION OF CYBER SECURITY STANDARDS FOR SENSITIVE PERSONAL INFORMATION, IG-0531 The Office of Inspector...

49

Lessons Learned from Cyber Security Assessments of SCADA and...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems...

50

Strategy for Improvements in Cyber Security | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Strategy for Improvements in Cyber Security Strategy for Improvements in Cyber Security Brase-LLNL-SEAB.10.11.pdf More Documents & Publications Computational Advances in Applied...

51

Office of Electricity Delivery and Energy Reliability Cyber Security...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Cyber Security Project Selections Office of Electricity Delivery and Energy Reliability Cyber Security Project Selections On September 23, 2010, speaking at the inaugural GridWise...

52

Report of the Cyber Security Research Needs for Open Science...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

the Cyber Security Research Needs for Open Science Workshop Report of the Cyber Security Research Needs for Open Science Workshop Protecting systems and users, while maintaining...

53

Evaluation Report on The Department's Unclassified Cyber Security...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Report on The Department's Unclassified Cyber Security Program 2002, DOEIG-0567 Evaluation Report on The Department's Unclassified Cyber Security Program 2002, DOEIG-0567 As...

54

Cyber Security Audit and Attack Detection Toolkit: Bandolier...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Cyber Security Audit and Attack Detection Toolkit: Bandolier and Portaledge, March 2010 Cyber Security Audit and Attack Detection Toolkit: Bandolier and Portaledge, March 2010 This...

55

Office of Cyber Security Evaluations - Mission and Functions  

NLE Websites -- All DOE Office Websites (Extended Search)

Cyber Security Evaluations Reports to the Independent Oversight Program Mission and Functions Mission The Office of Cyber Security Evaluations is responsible for the independent...

56

Common Cyber Security Vulnerabilities Observed in Control System...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program Common Cyber Security Vulnerabilities Observed in Control System Assessments by...

57

Smart Grid Investment Grant Program (SGIG): Cyber Security Issues...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

(SGIG): Cyber Security Issues and Requirements, November 19, 2009 Smart Grid Investment Grant Program (SGIG): Cyber Security Issues and Requirements, November 19, 2009 Presentation...

58

Cyber security exercises and competitions as a platform for cyber security experiments  

Science Conference Proceedings (OSTI)

This paper discusses the use of cyber security exercises and competitions to produce data valuable for security research. Cyber security exercises and competitions are primarily arranged to train participants and/or to offer competence contests for those ... Keywords: data collection, research method, security competitions, security exercises

Teodor Sommestad; Jonas Hallberg

2012-10-01T23:59:59.000Z

59

Proposed Comprehensive Cyber Security Legislation, May 2011  

Science Conference Proceedings (OSTI)

The role of cyber security in the critical infrastructures of the United States has been recognized by the President and by members of Congress. To address potential cyber security threats and vulnerabilities, the Senate has proposed revisions to specific laws and regulations. This white paper includes a technical assessment of some of the key proposed revisions.

2011-10-26T23:59:59.000Z

60

Definition: Cyber Security Incident | Open Energy Information  

Open Energy Info (EERE)

Security Incident Security Incident Jump to: navigation, search Dictionary.png Cyber Security Incident Any malicious act or suspicious event that: Compromises, or was an attempt to compromise, the Electronic Security Perimeter or Physical Security Perimeter of a Critical Cyber Asset, or, Disrupts, or was an attempt to disrupt, the operation of a Critical Cyber Asset.[1] Related Terms Electronic Security Perimeter References ↑ Glossary of Terms Used in Reliability Standards An LikeLike UnlikeLike You like this.Sign Up to see what your friends like. inline Glossary Definition Retrieved from "http://en.openei.org/w/index.php?title=Definition:Cyber_Security_Incident&oldid=480296" Categories: Definitions ISGAN Definitions What links here Related changes Special pages Printable version

Note: This page contains sample records for the topic "quality security cyber" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


61

Safeguards and Security and Cyber Security RM  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Safeguards and Security and Safeguards and Security and Cyber Security Review Module March 2010 CD- -0 OFFICE O S CD-1 OF ENVIRO Standard Safeguar and Cy Rev Critical D CD-2 M ONMENTA Review Pla rds and S yber Secu view Modul Decision (CD CD March 2010 AL MANAG an (SRP) Security urity le D) Applicabili D-3 GEMENT ity CD-4 Post Ope eration Standard Review Plan, 2 nd Edition, March 2010 i FOREWORD The Standard Review Plan (SRP) 1 provides a consistent, predictable corporate review framework to ensure that issues and risks that could challenge the success of Office of Environmental Management (EM) projects are identified early and addressed proactively. The internal EM project review process encompasses key milestones established by DOE O 413.3A, Change 1, Program and Project Management for the Acquisition of Capital Assets, DOE-STD-

62

AMI Cyber Security Incident Response Guidelines  

Science Conference Proceedings (OSTI)

This document is intended to be used by system and asset owners to assist in the preparation and response to AMI cyber security incidents. This document was developed by conducting interviews with EPRI members, AMI asset owners, and vendors, regarding practices involved in responding to AMI cyber security incidents and mapping the responses to requirements put forth by the Department of Homeland Security (DHS), National Institute of Standards and Technology (NIST), Open Smart Grid (Open-SG) Working ...

2012-12-07T23:59:59.000Z

63

Cyber Security Audit and Attack Detection Toolkit  

Science Conference Proceedings (OSTI)

This goal of this project was to develop cyber security audit and attack detection tools for industrial control systems (ICS). Digital Bond developed and released a tool named Bandolier that audits ICS components commonly used in the energy sector against an optimal security configuration. The Portaledge Project developed a capability for the PI Historian, the most widely used Historian in the energy sector, to aggregate security events and detect cyber attacks.

Peterson, Dale

2012-05-31T23:59:59.000Z

64

Security and Cyber Evaluations | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Security and Cyber Evaluations Security and Cyber Evaluations Security and Cyber Evaluations Security and Cyber Evaluations within the Office of Enforcement and Oversight implements the independent security performance monitoring functions for DOE. The other half of the Independent Oversight Program is implemented by the Office of Safety and Emergency Management Evaluations for safety oversight. The independent oversight function performed by these two offices is delineated in DOE Order 227.1, Independent Oversight Program, issued on August 30, 2011. This recently revised Order reflects lessons learned in conducting inspections and incorporates earlier and more frequent line management involvement in the inspection planning process. We welcome an opportunity to discuss our inspection process and potential

65

DOE Cyber Security Role, Competency and Functional Matrix  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5/4/2011 5/4/2011 DOE Cyber Security Role, Competency and Functional Matrix DOE Cyber Security EBK: A Competency and Functional Framework for Cyber Security Workforce Development DOE Cyber Security Functional Roles Chief Information Officer (CIO) Information Owner/Steward Chief Information Security Officer (CISO) Authorizing Official (AO) AO Designated Representative (AODR) Common Control Provider Information System Owner Cyber Security Program Manager (CSPM) Information System Security Officer (ISSO) Information Security Architect Information System Security Engineer Security Control Assessor Core Competencies Data Security ● ● ● ● ● ● ● ● ● ● Enterprise Continuity ● ● ● ● ● ● ● ● ● ● ●

66

Cyber Security Evaluations Appraisal Process Guide - April 2008 |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Cyber Security Evaluations Appraisal Process Guide - April 2008 Cyber Security Evaluations Appraisal Process Guide - April 2008 Cyber Security Evaluations Appraisal Process Guide - April 2008 April 2008 Cyber Security Evaluations Appraisal Process Guide was developed for the purpose of documenting the appraisal approach and techniques specific to evaluations of classified and unclassified cyber security programs throughout DOE. Office of Cyber Security Evaluations Appraisal Process Guide provides additional insight into the Office of Cyber Security Evaluations (HS-62) evaluation approach and processes associated with assessing classified and unclassified cyber security programs. The objective of this document is to establish a standard approach and methodology for conducting cyber security reviews that is well understood by all inspection participants.

67

Control Systems Cyber Security Standards Support Activities  

Science Conference Proceedings (OSTI)

The Department of Homeland Securitys Control Systems Security Program (CSSP) is working with industry to secure critical infrastructure sectors from cyber intrusions that could compromise control systems. This document describes CSSPs current activities with industry organizations in developing cyber security standards for control systems. In addition, it summarizes the standards work being conducted by organizations within the sector and provides a brief listing of sector meetings and conferences that might be of interest for each sector. Control systems cyber security standards are part of a rapidly changing environment. The participation of CSSP in the development effort for these standards has provided consistency in the technical content of the standards while ensuring that information developed by CSSP is included.

Robert Evans

2009-01-01T23:59:59.000Z

68

Cyber Assessment Methods for SCADA Security  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

5 by ISA - The Instrumentation, Systems and Automation Society. 5 by ISA - The Instrumentation, Systems and Automation Society. Presented at 15th Annual Joint ISA POWID/EPRI Controls and Instrumentation Conference http://www.isa.org Cyber Assessment Methods for SCADA Security May Robin Permann Kenneth Rohde Staff Computer Security Researcher Information & Communications Systems Cyber Security Technologies Idaho National Laboratory Idaho National Laboratory Idaho Falls, ID 83415 Idaho Falls, ID 83415 KEYWORDS Supervisory Control and Data Acquisition, SCADA, Cyber Security, Testing, Assessment ABSTRACT The terrorist attacks of September 11, 2001 brought to light threats and vulnerabilities that face the United States. In response, the U.S. Government is directing the effort to secure the nation's critical

69

Enhancing NASA Cyber Security Awareness From the C-Suite ...  

Science Conference Proceedings (OSTI)

... Leadership concerns with IT security impacts ? Cyber Security Summit Full day of workshops / panel sessions on transformation of IT / IT security ...

2013-03-28T23:59:59.000Z

70

Small Business Cyber Security Workshop for Portland, Oregon ...  

Science Conference Proceedings (OSTI)

Page 1. Portland District Office Small Business Cyber Security Workshop Portland District Office 601 SW Second Ave. Suite ...

2013-07-24T23:59:59.000Z

71

Cyber Security Guidelines, Information Technology Division, ITD  

NLE Websites -- All DOE Office Websites (Extended Search)

BNL Cyber Security Guidelines BNL Cyber Security Guidelines Appropriate Use Unauthorized and Malicious Access and Actions Blatant Disregard for Laboratory Computer Security Privacy of Electronic Files, and E-MAIL Publishing & Accessing Information on Electronic Networks The Laboratory's main concerns are protecting data and systems critical to operations in pursuit of its mission. The Laboratory's Computer Security Plan covers Laboratory systems, whether on-site and connected directly to the Laboratory network, or on- or off-site and connected to the Laboratory network by the telephone system or other means. The procedures and rules described here cover these systems no matter who is the owner or the method of connection to the network. Laboratory employees and registered users are responsible for their own actions under the computer security policy, as well as for the actions of any person who they permit to access a Laboratory system.

72

DOE P 205.1, Departmental Cyber Security Management Policy  

Directives, Delegations, and Requirements

The Departmental Cyber Security Management (DCSM) Policy was developed to further clarify and support the elements of the Integrated Safeguards and Security ...

2001-05-08T23:59:59.000Z

73

Obama's Call for Public-Private Cyber Security Collaboration...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

partnering with the private sector will be paramount for agencies working to secure the power grid and other critical infrastructures from cyber attack. Securing the...

74

Security Issues and Challenges for Cyber Physical System  

Science Conference Proceedings (OSTI)

In this paper, we investigate the security challenges and issues of cyber-physical systems. (1)We abstract the general workflow of cyber physical systems, (2)identify the possible vulnerabilities, attack issues, adversaries characteristics and a set ... Keywords: Cyber-Physical System, Security, actuation, context-aware

Eric Ke Wang; Yunming Ye; Xiaofei Xu; S. M. Yiu; L. C. K. Hui; K. P. Chow

2010-12-01T23:59:59.000Z

75

The Department's Unclassified Cyber Security Program - 2012, IG-0877  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Evaluation Report Evaluation Report The Department's Unclassified Cyber Security Program - 2012 DOE/IG-0877 November 2012 U.S. Department of Energy Office of Inspector General Office of Audits & Inspections Department of Energy Washington, DC 20585 November 8, 2012 MEMORANDUM FOR THE SECRETARY FROM: Gregory H. Friedman Inspector General SUBJECT: INFORMATION: Evaluation Report on "The Department's Unclassified Cyber Security Program - 2012" INTRODUCTION AND OBJECTIVE As the use of information technology resources continues to expand, the number of cyber security threats against Federal agencies has also increased. In fact, Federal cyber security officials have warned that the number of cyber attackers has increased and that the Nation's

76

Development of the PowerCyber SCADA security testbed  

Science Conference Proceedings (OSTI)

Meeting current demands for critical infrastructure cyber security education and research will require accurate testbed development. The PowerCyber was designed to closely resemble power grid communication utilizing actual field devices and SCADA software. ...

Adam Hahn; Ben Kregel; Manimaran Govindarasu; Justin Fitzpatrick; Rafi Adnan; Siddharth Sridhar; Michael Higdon

2010-04-01T23:59:59.000Z

77

Optimizing investments in cyber-security for critical infrastructure  

Science Conference Proceedings (OSTI)

Investments in the cyber-security of critical infrastructure must balance preventing intrusion, detecting a cyber-attack, and mitigating the attacker's physical effects on computer controlled equipment. For this purpose, we outline a method for making ...

Ike Patterson; James Nutaro; Glenn Allgood; Teja Kuruganti; David Fugate

2013-01-01T23:59:59.000Z

78

Cyber Security, Information Technology Division, ITD  

NLE Websites -- All DOE Office Websites (Extended Search)

Brookhaven Cyber Security Requirements Brookhaven Cyber Security Requirements Backup Data Sensitivity Physical Protection Computer Security Incidents Software Copyright Laws Virus Protection Passwords Accounts Backup Data ALWAYS BACKUP YOUR DATA. Keep the backups in a protected area. The more critical the data the more often you should backup. REQUIREMENTS: Users ("data owners") are responsible for determining what data requires protection and how their data is to be recovered if the online copy is destroyed (either by accidental or malicious damage). Users may choose not to back up data, but if so they must make sure they know how to recreate the lost data if needed. If backup is necessary then the users must coordinate a backup plan. This may either be an individual backup done by the users themselves or coordinated with the system managers into a regular system backup plan.

79

Office of Security and Cyber Evaluations  

NLE Websites -- All DOE Office Websites (Extended Search)

Welcome to the Office of Security and Cyber Evaluations The Office of Security and Cyber Evaluations within the Office of Enforcement and Oversight implements the independent security performance monitoring functions for DOE. The other half of the Independent Oversight Program is implemented by the Office of Safety and Emergency Management Evaluations for safety oversight. The independent oversight function performed by these two offices is delineated in DOE Order 227.1, Independent Oversight Program, issued on August 30, 2011. This recently revised Order reflects lessons learned in conducting inspections and incorporates earlier and more frequent line management involvement in the inspection planning process. We welcome an opportunity to discuss our inspection process and potential differences in approach since your last interaction with us.

80

Cyber Security in Smart Grid Substations  

E-Print Network (OSTI)

Abstract. This report describes the state of smart grid security in Europe, specifically the Netherlands, and the cyber security of substations in particular. The focus of this study is the perception of risks and threats in smart grid cyber security and the international standards implemented in smart grids. The created overview is based on semi-structured interviews with 13 experts originating from eight different European countries. These participants are employed at electricity producers, grid operators, technology consultants and technology providers in the utilities sector. Their expertise ranges from information security to electricity grids, specifically smart grid security. Some of them are members of smart grid security related standard committees. The key results of the state of practice are the following: 1. The interconnectivity of the smart grid with multiple stakeholders and European colleagues is indicated as the biggest threat to the security of the smart grid. 2. Another often mentioned threat is awareness. The experts generally indicate that awareness within top management is high. However, personnel on lower levels are reluctant to incorporate security in their processes. 3. All organizations are in a certain stage of implementing standards, the ISO27000 series

Thijs Baars; Lucas Van Den Bemd; Michail Theuns; Robin Van Den Akker; Machiel Schnbeck; Sjaak Brinkkemper; Thijs Baars; Lucas Van Den Bemd; Michail Theuns; Robin Van Den Akker; Machiel Schnbeck; Sjaak Brinkkemper

2012-01-01T23:59:59.000Z

Note: This page contains sample records for the topic "quality security cyber" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


81

Primer Control System Cyber Security Framework and Technical Metrics  

Science Conference Proceedings (OSTI)

The Department of Homeland Security National Cyber Security Division supported development of a control system cyber security framework and a set of technical metrics to aid owner-operators in tracking control systems security. The framework defines seven relevant cyber security dimensions and provides the foundation for thinking about control system security. Based on the developed security framework, a set of ten technical metrics are recommended that allow control systems owner-operators to track improvements or degradations in their individual control systems security posture.

Wayne F. Boyer; Miles A. McQueen

2008-05-01T23:59:59.000Z

82

Before the House Subcommittee on Emerging Threats, Cyber Security and  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Emerging Threats, Cyber Security Emerging Threats, Cyber Security and Science and Technology Committee on Homeland Security Before the House Subcommittee on Emerging Threats, Cyber Security and Science and Technology Committee on Homeland Security Before the House Subcommittee on Emerging Threats, Cyber Security and Science and Technology Committee on Homeland Security By: Patricia Hoffman, Acting Assistant Secretary for Electricity Delivery and Energy Reliability 7-21-09_Final_Testimony_Hoffman.pdf More Documents & Publications Statement of Patricia Hoffman, Acting Assistant Secretary for Electricity Delivery and Energy Reliability Before the Subcommittee on Emerging Threats, Cyber Security and Science and Technology Committee on Homeland Security U.S. House of Representatives, Before the House Science and Technology Subcommittee on Energy and

83

Advanced Metering Infrastructure Cyber Security Risks  

Science Conference Proceedings (OSTI)

The deployment of advanced metering infrastructure (AMI) systems is introducing millions of components to the electric grid that support two-way communication for next-generation grid applications. Although these systems can increase operational efficiencies and enable new capabilities such as demand-response, they also increase the attack surface for potential adversaries. Utilities must address these new cyber security risks as part of their overall enterprise risk management strategy. These ...

2013-12-23T23:59:59.000Z

84

Cyber Security | More Science | ORNL  

NLE Websites -- All DOE Office Websites (Extended Search)

System-of-systems analysis Visualization tools for complex information Next-generation smart grid technologies Quantum computing, security, and data fusion For more information,...

85

Cyber Security Procurement Methodology for Power Delivery Systems  

Science Conference Proceedings (OSTI)

Determining how to apply cyber security requirements for new power delivery systems requires cyber security experts, power system engineers, and procurement organizations to work together with vendors to implement and maintain cyber security controls. Improper or incomplete implementation of controls due to lack of proper requirements and/or division of responsibilities between the utility and vendor can often result in costly backfit to meet requirements.The Electric Power Research ...

2012-12-31T23:59:59.000Z

86

The Department of Energy Launches Cyber Security Initiative ...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

launching an initiative to enhance cyber security on the electric grid. The initiative, led by the Department's Office of Electricity Delivery and Energy Reliability (OE), the...

87

NERSC Cyber Security Challenges That Require DOE Development and Support  

E-Print Network (OSTI)

network segments. Table 1. Network Comparison: NERSC vs.Large Corporation NERSC External Network Traffic patternsLBNL-62284 NERSC Cyber Security Challenges That Require DOE

Draney, Brent; Campbell, Scott; Walter, Howard

2008-01-01T23:59:59.000Z

88

Cyber Security Audit and Attack Detection Toolkit: National SCADA...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

May 2008 This project of the cyber security audit and attack detection toolkit is adding control system intelligence to widely deployed enterprise vulnerability scanners and...

89

NIST Finalizes Initial Set of Smart Grid Cyber Security ...  

Science Conference Proceedings (OSTI)

... guidelines is intended to facilitate organization-specific Smart Grid cyber security ... the nation's electric infrastructure to make it smarter, more efficient ...

2010-09-29T23:59:59.000Z

90

Training Module for Cyber Security in Nuclear Plant Digital Modifications  

Science Conference Proceedings (OSTI)

Nuclear power plants face increasing regulatory requirements from the U.S. Nuclear Regulatory Commission (NRC) and the Federal Energy Regulatory Commission (FERC) for cyber security of digital devices, components, and systems. The focus of these cyber security requirements is to protect plant digital computer systems, communications systems, and networks from cyber attacks that would affect reactor safety or generation reliability. This Electric Power Research Institute (EPRI) computer-based training mod...

2011-04-28T23:59:59.000Z

91

Cyber Security Audit and Attack Detection Toolkit: Bandolier and  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Cyber Security Audit and Attack Detection Toolkit: Bandolier and Cyber Security Audit and Attack Detection Toolkit: Bandolier and Portaledge, March 2010 Cyber Security Audit and Attack Detection Toolkit: Bandolier and Portaledge, March 2010 This project of the cyber security audit and attack detection toolkit will employ Bandolier Audit Files for optimizing security configurations and the Portaledge event detection capability for energy control systems. By building configuration audit and attack detection capabilities into tools already used by the energy sector, Bandolier and Portaledge offer energy asset owners low-cost and easily integrable control systems security solutions. Energy system operators can optimize the security of their control system configuration using Bandolier Security Audit Files, which assess the current configuration against an optimal security configuration.

92

NCSec: a national cyber security referential for the development of a code of practice in national cyber security management  

Science Conference Proceedings (OSTI)

Governments worldwide have faced computer security challenges. These challenges are serious in a context where there is an absence of appropriate organizational and institutional structures to deal with incidents. But more important which agency or agencies ... Keywords: ISO27002, cyber criminality, cyber security, organizational structure, referential

Mohamed Dafir Ech-cherif el Kettani; Taieb Debbagh

2008-12-01T23:59:59.000Z

93

Office of Cyber Security Evaluations Appraisal Process Guide, April 2008  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

CYBER SECURITY EVALUATIONS CYBER SECURITY EVALUATIONS APPRAISAL PROCESS GUIDE April 2008 Office of Health, Safety and Security U.S. Department of Energy Office of Cyber Security Evaluations Appraisal Process Guide Preface April 2008 i Preface Department of Energy (DOE) Order 470.2B, Independent Oversight and Performance Assurance Program, and Office of Health, Safety and Security (HSS) Standard Operating Procedure, SOP-10-01, Independent Oversight Appraisal Process Protocols, February 2008, provide direction for the Office of Independent Oversight (HS-60) to establish the requirements, responsibilities, and processes for the development and maintenance of Appraisal Process Protocols that describe the activities for evaluating the effectiveness of DOE safeguards and security; cyber security; emergency management; and

94

Cyber Security and Privacy Landscape of the Electric Sector  

Science Conference Proceedings (OSTI)

Cyber-physical security and data privacy have become critical priorities for utilities over the past several decades. Many federal agencies (such as the Department of Energy, the Department of Homeland Security, and the Department of Defense), state organizations, and various industry and academic organizations are currently leading and executing cyber security and privacy activities, research, and working groups for the smart grid. Without an overall map of these various activities, the efforts may ...

2012-12-20T23:59:59.000Z

95

Cyber Security and Privacy Landscape of the Electric Sector  

Science Conference Proceedings (OSTI)

Cyber-physical security and data privacy have become critical priorities for utilities over the past several decades. Many federal agencies (such as the Department of Energy, the Department of Homeland Security, and the Department of Defense), state organizations, and various industry and academic organizations are currently leading and executing cyber security and privacy activities, research, and working groups for the smart grid. Without an overall map of these various activities, the efforts may ...

2012-10-01T23:59:59.000Z

96

The Department's Cyber Security Incident Management Program, IG-0787 |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Cyber Security Incident Management Program, Cyber Security Incident Management Program, IG-0787 The Department's Cyber Security Incident Management Program, IG-0787 The Department of Energy operates numerous interconnected computer networks and systems to help accon~plishit s strategic missions in the areas of energy, defense, science, and the environment. These systems are frequently subjected to sophisticated cyber attacks that could potentially affect the Department's ability to carry out its mission. During Fiscal Year 2006, the Department experienced 132 incidents of sufficient severity to require reporting to law enforcement, an increase of 22 percent over the prior year. These statistics, troubling as they may be, are not unique to the Department; they are, in fact, reflective of a trend in cyber attacks throughout the government.

97

NIST Finalizes Initial Set of Smart Grid Cyber Security Guidelines |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

NIST Finalizes Initial Set of Smart Grid Cyber Security Guidelines NIST Finalizes Initial Set of Smart Grid Cyber Security Guidelines NIST Finalizes Initial Set of Smart Grid Cyber Security Guidelines September 2, 2010 - 3:15pm Addthis WASHINGTON, D.C. - The National Institute of Standards and Technology (NIST) issued today its first Guidelines for Smart Grid Cyber Security, which includes high-level security requirements, a framework for assessing risks, an evaluation of privacy issues at personal residences, and additional information for businesses and organizations to use as they craft strategies to protect the modernizing power grid from attacks, malicious code, cascading errors, and other threats. The product of two formal public reviews and the focus of numerous workshops and teleconferences over the past 17 months, the three-volume set

98

NNSA Seeking Comments on Consolidated IT and Cyber Security Support  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Seeking Comments on Consolidated IT and Cyber Security Support Seeking Comments on Consolidated IT and Cyber Security Support Services Draft NNSA Seeking Comments on Consolidated IT and Cyber Security Support Services Draft July 17, 2013 - 9:10am Addthis John Hale III John Hale III Director, Office of Small and Disadvantaged Business Utilization The National Nuclear Security Administration (NNSA) is currently seeking comments, now through July 29, on an opportunity for Consolidated IT and Cyber Security Support Services. Comments are sought from interested vendors holding active GSA Schedule 70 contracts (General Purpose Commercial Information Technology Equipment, Software, and Services) covering SIN 132-51 (Information Technology Professional Services) on draft performance-based scopes of work. The anticipated NAICS code is 541513 - Computer Facilities Management Services,

99

NNSA Seeking Comments on Consolidated IT and Cyber Security Support  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

NNSA Seeking Comments on Consolidated IT and Cyber Security Support NNSA Seeking Comments on Consolidated IT and Cyber Security Support Services Draft NNSA Seeking Comments on Consolidated IT and Cyber Security Support Services Draft July 17, 2013 - 9:10am Addthis John Hale III John Hale III Director, Office of Small and Disadvantaged Business Utilization The National Nuclear Security Administration (NNSA) is currently seeking comments, now through July 29, on an opportunity for Consolidated IT and Cyber Security Support Services. Comments are sought from interested vendors holding active GSA Schedule 70 contracts (General Purpose Commercial Information Technology Equipment, Software, and Services) covering SIN 132-51 (Information Technology Professional Services) on draft performance-based scopes of work. The anticipated NAICS code is 541513 - Computer Facilities Management Services,

100

Microsoft Word - Cyber Security Strat Plan final.doc  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

R R A A T T E E G G I I C C P P L L A A N N FEBRUARY 12, 2007 CYBER SECURITY STRATEGIC PLAN VERSION 1.0 2 Table of Contents INTRODUCTION ......

Note: This page contains sample records for the topic "quality security cyber" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


101

The Department's Unclassified Cyber Security Program 2002, IG-0567  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

DEPARTMENT'S UNCLASSIFIED DEPARTMENT'S UNCLASSIFIED CYBER SECURITY PROGRAM 2002 SEPTEMBER 2002 Department of Energy Washington, DC 20585 September 9, 2002 MEMORANDUM FOR FROM: Inspector General SUBJECT: INFORMATION: Evaluation Report on "The Department's Unclassified Cyber Security Program 2002" As agencies strive to meet the President's goal of significantly increasing electronic government, the potential for disruption or damage to critical systems by malicious users continues to increase. In response to increasing threats to the Government's computer networks and systems, Congress enacted the Government hformation Security Reform Act (GISRA) in October 2000. GISRA focuses on program management, implementation, and evaluation of the security of unclassified and national security

102

Cyber Security Solutions for Instrumentation and Control Systems  

Science Conference Proceedings (OSTI)

Cyber security standards have been produced as a result of continual threats to business and process control networks. Many standards have been drafted, undergone revision, and are being enforced for compliance. In recent years, electric utilities have established cyber security programs to ensure compliance with critical infrastructure protection standards requirements of the North American Electric Reliability Corporation and related requirements in the international community. Compliance with ...

2012-12-12T23:59:59.000Z

103

Process Control System Cyber Security Standards - An Overview  

Science Conference Proceedings (OSTI)

The use of cyber security standards can greatly assist in the protection of process control systems by providing guidelines and requirements for the implementation of computer-controlled systems. These standards are most effective when the engineers and operators, using the standards, understand what each standard addresses. This paper provides an overview of several standards that deal with the cyber security of process measurements and control systems.

Robert P. Evans

2006-05-01T23:59:59.000Z

104

Ideal based cyber security technical metrics for control systems  

Science Conference Proceedings (OSTI)

Much of the world's critical infrastructure is at risk from attack through electronic networks connected to control systems. Security metrics are important because they provide the basis for management decisions that affect the protection of the ... Keywords: control system security, cyber security metrics

Wayne Boyer; Miles McQueen

2007-10-01T23:59:59.000Z

105

Evaluation Report on The Department's Unclassified Cyber Security Program  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Report on The Department's Unclassified Cyber Security Report on The Department's Unclassified Cyber Security Program 2002, DOE/IG-0567 Evaluation Report on The Department's Unclassified Cyber Security Program 2002, DOE/IG-0567 As agencies strive to meet the President's goal of significantly increasing electronic government, the potential for disruption or damage to critical systems by malicious users continues to increase. In response to increasing threats to the Government's computer networks and systems, Congress enacted the Government hformation Security Reform Act (GISRA) in October 2000. GISRA focuses on program management, implementation, and evaluation of the security of unclassified and national security information. It requires agencies to conduct annual reviews and evaluations of unclassified and

106

Cyber Security Testing and Training Programs for Industrial Control Systems  

DOE Green Energy (OSTI)

Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall security posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These trainings vary from web-based cyber security trainings for control systems engineers to more advanced hands-on training that culminates with a Red Team/ Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors.

Daniel Noyes

2012-03-01T23:59:59.000Z

107

Cyber Security Strategy Guidance for the Electric Sector  

Science Conference Proceedings (OSTI)

Smart grid technologies are introducing millions of new intelligent components to the electric grid that communicate in much more advanced ways (two-way communication, dynamic optimization, and wired and wireless communications) than in the past. Cyber security is important because the bi-directional flow of two-way communication and the control capabilities in the smart grid will enable an array of new functionalities and applications. Two areas of critical importance for the smart grid are cyber securi...

2012-05-30T23:59:59.000Z

108

Management of Naval Reactors' Cyber Security Program, OIG-0884  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Naval Reactors' Naval Reactors' Cyber Security Program DOE/IG-0884 April 2013 U.S. Department of Energy Office of Inspector General Office of Audits and Inspections Department of Energy Washington, DC 20585 April 12, 2013 MEMORANDUM FOR THE SECRETARY FROM: Gregory H. Friedman Inspector General SUBJECT: INFORMATION: Audit Report on "Management of Naval Reactors' Cyber Security Program" INTRODUCTION AND OBJECTIVE The Naval Reactors Program (Naval Reactors), an organization within the National Nuclear Security Administration, provides the military with safe and reliable nuclear propulsion plants to power warships and submarines. Naval Reactors maintains responsibility for activities supporting the United States Naval fleet nuclear propulsion systems, including research and

109

The development of cyber security warning, advice and report points  

Science Conference Proceedings (OSTI)

The threat to electronic information systems increasingly has origins in organised crime or nation-state sponsored or supported activity. Any successful cyber security programme relies upon the sharing of information. How this is achieved is a question ... Keywords: information sharing, security information, warning advice and reporting points

Tony Proctor

2012-10-01T23:59:59.000Z

110

Survey Cyber security in the Smart Grid: Survey and challenges  

Science Conference Proceedings (OSTI)

The Smart Grid, generally referred to as the next-generation power system, is considered as a revolutionary and evolutionary regime of existing power grids. More importantly, with the integration of advanced computing and communication technologies, ... Keywords: Attacks and countermeasures, Cryptography, Cyber security, Security protocols, Smart Grid

Wenye Wang; Zhuo Lu

2013-04-01T23:59:59.000Z

111

Overcoming performance collapse for 100Gbps cyber security  

Science Conference Proceedings (OSTI)

In this paper, we present a series of performance tests carried out on R-Scope Dominate-T (RDT), a 1U network security appliance configured with four Tilera Gx-36 processors and with an aggregated network IO capacity of 160Gbps. RDT is optimized with ... Keywords: cyber-security

Jordi Ros-Giralt; Bob Rotsted; Alan Commike

2013-06-01T23:59:59.000Z

112

Cyber-Physical Systems Security for Smart Grid  

E-Print Network (OSTI)

Cyber-Physical Systems Security for Smart Grid Future Grid Initiative White Paper Power Systems-Physical Systems Security for Smart Grid Prepared for the Project "The Future Grid to Enable Sustainable Energy, mitigation, and resilience ­ is among the most important R&D needs for the emerging smart grid. One

113

Cyber-Physical Systems Security for Smart Grid  

E-Print Network (OSTI)

Cyber-Physical Systems Security for Smart Grid Future Grid Initiative White Paper Power Systems-Physical Systems Security for Smart Grid Prepared for the Project "The Future Grid to Enable Sustainable Energy important R&D needs for the emerging smart grid. One of the overarching goals of the future research

114

Cyber Security Challenges in Using Cloud Computing in the Electric Utility Industry  

SciTech Connect

This document contains introductory material that discusses cyber security challenges in using cloud computing in the electric utility industry.

Akyol, Bora A.

2012-09-01T23:59:59.000Z

115

Cyber Security ProcurementApplication of the Methodology, Third Example: Digital Feedwater Control  

Science Conference Proceedings (OSTI)

Determining how to apply cyber security requirements to new instrumentation and control (I&C) systems requires cyber security experts, I&C engineers, and procurement organizations to work with vendors to implement and maintain cyber security controls. Improper or incomplete implementation of cyber security controls due to lack of proper requirements and/or unclear division of responsibilities between the utility and vendor can result in costly retrofits to meet the ...

2013-12-19T23:59:59.000Z

116

Cyber Security Procurement - Application of the Methodology, Second Example: Feedpump Turbine Speed Control  

Science Conference Proceedings (OSTI)

Determining how to apply cyber security requirements for new instrumentation and control (I&C) systems requires cyber security experts, I&C engineers, and procurement organizations to work together with vendors to implement and maintain cyber security controls. Improper or incomplete implementation of cyber security controls owing to a lack of proper requirements and/or division of responsibilities between the utility and vendor can often result in costly retrofits to meet the ...

2013-12-20T23:59:59.000Z

117

Towards A Network-of-Networks Framework for Cyber Security  

Science Conference Proceedings (OSTI)

Networks-of-networks (NoN) is a graph-theoretic model of interdependent networks that have distinct dynamics at each network (layer). By adding special edges to represent relationships between nodes in different layers, NoN provides a unified mechanism to study interdependent systems intertwined in a complex relationship. While NoN based models have been proposed for cyber-physical systems, in this paper we build towards a three-layer NoN model for an enterprise cyber system. Each layer captures a different facet of a cyber system. We then discuss the potential benefits of graph-theoretic analysis enabled from such a model. Our goal is to provide a novel and powerful tool for modeling and analyzing problems in cyber security.

Halappanavar, Mahantesh; Choudhury, Sutanay; Hogan, Emilie A.; Hui, Peter SY; Johnson, John R.; Ray, Indrajit; Holder, Lawrence B.

2013-06-07T23:59:59.000Z

118

of Western Area Power Administration's Cyber Security Program  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Western Area Power Western Area Power Administration's Cyber Security Program DOE/IG-0873 October 2012 U.S. Department of Energy Office of Inspector General Office of Audits & Inspections Department of Energy Washington, DC 20585 October 22, 2012 MEMORANDUM FOR THE UNDER SECRETARY OF ENERGY FROM: Gregory H. Friedman Inspector General SUBJECT: INFORMATION: Audit Report on "Management of Western Area Power Administration's Cyber Security Program" INTRODUCTION AND OBJECTIVE The Department of Energy's Western Area Power Administration (Western) markets and delivers hydroelectric power and related services to 15 states within the central and western United States. As the largest U.S. Power Marketing Administration, millions of households and

119

Process Control System Cyber Security Standards - An Overview  

Science Conference Proceedings (OSTI)

The use of cyber security standards can greatly assist in the protection of critical infrastructure by providing guidelines and requisite imperatives in the implementation of computer-controlled systems. These standards are most effective when the engineers and operators using the standards understand what each of the standards addresses and does not address. This paper provides a review and comparison of ten documents dealing with control system cyber security. It is not meant to be a complete treatment of all applicable standards; rather, this is an exemplary analysis showing the benefits of comparing and contrasting differing documents.

Robert P. Evans; V Stanley Scown; Rolf Carlson; Shabbir Shamsuddin; George Shaw; Jeff Dagle; Paul W Oman; Jeannine Schmidt

2005-10-01T23:59:59.000Z

120

On Cyber Security for Networked Control Systems  

E-Print Network (OSTI)

9.2.2 Security Interdependence . . . . . . Bounded Control7 Security Constrained Networked Control 7.1Inputs 9 Security Interdependencies for Networked 9.1

Amin, Saurabh

2011-01-01T23:59:59.000Z

Note: This page contains sample records for the topic "quality security cyber" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


121

A Hierarchical Security Architecture for Cyber-Physical Systems  

SciTech Connect

Security of control systems is becoming a pivotal concern in critical national infrastructures such as the power grid and nuclear plants. In this paper, we adopt a hierarchical viewpoint to these security issues, addressing security concerns at each level and emphasizing a holistic cross-layer philosophy for developing security solutions. We propose a bottom-up framework that establishes a model from the physical and control levels to the supervisory level, incorporating concerns from network and communication levels. We show that the game-theoretical approach can yield cross-layer security strategy solutions to the cyber-physical systems.

Quanyan Zhu; Tamer Basar

2011-08-01T23:59:59.000Z

122

Cyber Security and Privacy Landscape of the Electric Sector  

Science Conference Proceedings (OSTI)

This project provides ongoing updates on the status of research and development activities, federal and state policy and regulatory proposals, standards and guidance document development, key personnel, and organizations that are funding or executing smart grid cyber security and privacy activities.

2012-04-17T23:59:59.000Z

123

A Comparison of Cross-Sector Cyber Security Standards  

Science Conference Proceedings (OSTI)

This report presents a review and comparison (commonality and differences) of three cross-sector cyber security standards and an internationally recognized information technology standard. The comparison identifies the security areas covered by each standard and reveals where the standards differ in emphasis. By identifying differences in the standards, the user can evaluate which standard best meets their needs. For this report, only cross-sector standards were reviewed.

Robert P. Evans

2005-09-01T23:59:59.000Z

124

Cyber Security Summer School: Lessons for the Modern Grid | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Cyber Security Summer School: Lessons for the Modern Grid Cyber Security Summer School: Lessons for the Modern Grid Cyber Security Summer School: Lessons for the Modern Grid June 20, 2011 - 4:34pm Addthis Carol Hawk Program Manager, Cyber Security for Energy Delivery Systems What does this mean for me? Computer systems do more than store and share information. They help control our traffic lights, trains and specifically, our electric grid -- tasks for which continuous function is the primary concern. Protecting control systems on the grid from cyber attack requires a completely different approach to cyber security than information technology systems. The Cyber Summer School gave aspiring attendees a practical understanding of the connection between power systems and computer science required to secure a clean, reliable energy future.

125

Cyber Security, Information Technology Division, ITD  

NLE Websites -- All DOE Office Websites (Extended Search)

RSA SecurID User Guide VPN Home What is RSA SecurID? RSA SecurID two-factor authentication is based on something you know (a password or PIN) and something you have (an...

126

Mathematical and Statistical Opportunities in Cyber Security  

E-Print Network (OSTI)

3] Matt Bishop. Computer Security Art and Science. Addisonconference on Hot topics in security, pages 15, Berkeley,In IEEE Symposium on Security and Privacy, June 2005. [6

Meza, Juan

2009-01-01T23:59:59.000Z

127

Cyber Security Solutions for Instrumentation and Control Systems, Topic 3: Security Status Monitoring  

Science Conference Proceedings (OSTI)

Cyber security standards have been produced in response to continual threats to business and process control networks. Many standards have been drafted and subsequently revised and are now being enforced for compliance. In recent years, electric utilities have established cyber security programs to ensure compliance with the requirements set forth in the North American Electric Reliability Corporations Critical Infrastructure Protection standards and related requirements in the international ...

2013-11-08T23:59:59.000Z

128

On Cyber Security for Networked Control Systems  

E-Print Network (OSTI)

security efforts by establishing the national SCADA test bed program INL [INL/EXT- 05-00671, Idaho National Laboratory. US-CERT [2008], Control Systems Security

Amin, Saurabh

2011-01-01T23:59:59.000Z

129

CS2SAT: THE CONTROL SYSTEMS CYBER SECURITY SELF-ASSESSMENT TOOL  

Science Conference Proceedings (OSTI)

The Department of Homeland Security National Cyber Security Division has developed the Control System Cyber Security Self-Assessment Tool (CS2SAT) that provides users with a systematic and repeatable approach for assessing the cyber-security posture of their industrial control system networks. The CS2SAT was developed by cyber security experts from Department of Energy National Laboratories and with assistance from the National Institute of Standards and Technology. The CS2SAT is a desktop software tool that guides users through a step-by-step process to collect facility-specific control system information and then makes appropriate recommendations for improving the systems cyber-security posture. The CS2SAT provides recommendations from a database of industry available cyber-security practices, which have been adapted specifically for application to industry control system networks and components. Each recommendation is linked to a set of actions that can be applied to remediate-specific security vulnerabilities.

Kathleen A. Lee

2008-01-01T23:59:59.000Z

130

A Cyber-Physical Experimentation Environment for the Security Analysis  

E-Print Network (OSTI)

Although many studies address the security of Networked Industrial Control Systems (NICS), today we still lack an efficient way to conduct scientific experiments that measure the impact of attacks against both the physical and the cyber parts of these systems. This paper presents an innovative framework for an experimentation environment that can reproduce concurrently physical and cyber systems. The proposed approach uses an emulation testbed based on Emulab to recreate cyber components and a real-time simulator, based on Simulink, to recreate physical processes. The main novelty of the proposed framework is that it provides a set of experimental capabilities that are missing from other approaches, e.g. safe experimentation with real malware, flexibility to use different physical processes. The feasibility of the approach is confirmed by the development of a fully functional prototype, while its applicability is proven through two case studies of industrial systems from the electrical and chemical domain.

Bla Genge; Christos Siaterlis; Igor Nai Fovino; Marcelo Masera

2012-01-01T23:59:59.000Z

131

Wireless Policy, Cyber Security, Information Technology Division, ITD  

NLE Websites -- All DOE Office Websites (Extended Search)

Brookhaven Wireless Access Policy Brookhaven Wireless Access Policy Title: Deployment and Management of 802.11 and Related Wireless Standards Applicability: All Employees, Guests, System Administrators, and Management General Approved Technology Authentication Setting the Service Set Identifier (SSID) Exceptions Responsibilities of Requestor Responsibilities of the ITD WAP System Administrator Responsibility of Chief of Cyber Security Wireless Policy Definitions Standards-Based Management System (SBMS) Subject Area: Cyber Security, Unclassified Using Computing Resources (Steps 7-11 apply to BNL's wireless networks) General The purpose of the wireless policy and related standards and guidelines is to assure that Brookhaven National Laboratory's (BNL's) employees, guests, and contractors have access to a reliable, robust, and integrated wireless network, and to increase the security of the campus wireless network to the extent possible.

132

GAO-06-811 Information Security: Coordination of Federal Cyber Security Research and Development  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

the Chairman, Committee on the Chairman, Committee on Government Reform, House of Representatives INFORMATION SECURITY Coordination of Federal Cyber Security Research and Development September 2006 GAO-06-811 What GAO Found United States Government Accountability Office Why GAO Did This Study Highlights Accountability Integrity Reliability September 2006 INFORMATION SECURITY Coordination of Federal Cyber Security Research and Development Highlights of GAO-06-811, a report to Chairman, Committee on Government Reform, House of Representatives Research and development (R&D) of cyber security technology is essential to creating a broader range of choices and more robust tools for building secure, networked computer systems in the federal government and in the private sector. The National

133

Antivirus Procedures, Cyber Security, Information Technology...  

NLE Websites -- All DOE Office Websites (Extended Search)

Anti-virus Software Trend OfficeScan for PCs & Trend Micro Security for Mac Anti-Virus procedures are an important component of BNL's host-based security architecture. Anti-Virus...

134

GridStat Cyber Security and Regional Deployment Project Report  

Science Conference Proceedings (OSTI)

GridStat is a developing communication technology to provide real-time data delivery services to the electric power grid. It is being developed in a collaborative effort between the Electrical Power Engineering and Distributed Computing Science Departments at Washington State University. Improving the cyber security of GridStat was the principle focus of this project. A regional network was established to test GridStats cyber security mechanisms in a realistic environment. The network consists of nodes at Pacific Northwest National Laboratory, Idaho National Laboratory, and Washington State University. Idaho National Laboratory (INL) was tasked with performing the security assessment, the results of which detailed a number or easily resolvable and previously unknown issues, as well as a number of difficult and previously known issues. Going forward we recommend additional development prior to commercialization of GridStat. The development plan is structured into three domains: Core Development, Cyber Security and Pilot Projects. Each domain contains a number of phased subtasks that build upon each other to increase the robustness and maturity of GridStat.

Clements, Samuel L.

2009-02-18T23:59:59.000Z

135

A Novel Cyber-Insurance for Internet Security  

E-Print Network (OSTI)

Internet users such as individuals and organizations are subject to different types of epidemic risks such as worms, viruses, and botnets. To reduce the probability of risk, an Internet user generally invests in self-defense mechanisms like antivirus and antispam software. However, such software does not completely eliminate risk. Recent works have considered the problem of residual risk elimination by proposing the idea of cyber-insurance. In reality, an Internet user faces risks due to security attacks as well as risks due to non-security related failures (e.g., reliability faults in the form of hardware crash, buffer overflow, etc.) . These risk types are often indistinguishable by a naive user. However, a cyber-insurance agency would most likely insure risks only due to security attacks. In this case, it becomes a challenge for an Internet user to choose the right type of cyber-insurance contract as standard optimal contracts, i.e., contracts under security attacks only, might prove to be sub-optimal for ...

Pal, Ranjan; Psounis, Konstantinos

2011-01-01T23:59:59.000Z

136

Cyber Security Incidents, Information Technology Division, ITD  

NLE Websites -- All DOE Office Websites (Extended Search)

Reporting Computing Security Incidents Reporting Computing Security Incidents Incident Reporting Hotline: 631-344-8484 Security Incidents A computer security incident can range from a simple virus to the disclosure of sensitive information. Incidents can be minor, important, or significant. Incidents that must be reported include computer or network related activity, internal or external to the Laboratory, that may impact the Laboratory's mission. Examples of such activities include: the possibility of: loss of data; denial of services; compromise of computer security; unauthorized access to data that the Laboratory is required to control by law, regulation, or DOE orders; investigative activity by legal, law enforcement, bureaucratic, or political authorities; or a public relations embarrassment.

137

Cyber Assessment Methods for SCADA Security | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Assessment Methods for SCADA Security Assessment Methods for SCADA Security Cyber Assessment Methods for SCADA Security This paper describes vulnerability assessment methodologies used in ongoing research and assessment activities designed to identify and resolve vulnerabilities so as to improve the security of the nation's critical infrastructure. The terrorist attacks of September 11, 2001 brought to light threats and vulnerabilities that face the United States. In response, the U.S. Government is directing the effort to secure the nation's critical infrastructure by creating programs to implement the National Strategy to Secure Cyberspace (1). One part of this effort involves assessing Supervisory Control and Data Acquisition (SCADA) systems. These systems are essential to the control of critical elements of our national

138

Department of Energy's July 2013 Cyber Security Breach  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

The Department of Energy's July The Department of Energy's July 2013 Cyber Security Breach DOE/IG-0900 December 2013 U.S. Department of Energy Office of Inspector General Office of Audits and Inspections Department of Energy Washington, DC 20585 December 6, 2013 MEMORANDUM FOR THE SECRETARY FROM: Gregory H. Friedman Inspector General SUBJECT: INFORMATION: Special Review of the "Department of Energy's July 2013 Cyber Security Breach" BACKGROUND To facilitate its administrative and operational needs, the Department of Energy maintains a substantial amount of personally identifiable information (PII). The Department's Management Information System (MIS) provides a gateway for users to access a system known as the DOE Employee Data Repository (DOEInfo) database. That system was implemented in 1994, and

139

Cyber Security and Privacy Industry Tracking Newsletter, April 2012  

Science Conference Proceedings (OSTI)

EPRIs tracking and outreach efforts reflect its continued commitment to support the power industry in the identification of cyber security and privacy issues and efforts for the electric sector. In support of these efforts EPRI works diligently to stay abreast of the present state of standards and guideline developments as well as regulatory governance. This newsletter provides highlights and status of ongoing efforts by numerous working groups, as well as insights into future activities.

2012-04-11T23:59:59.000Z

140

Cyber Security and Privacy Industry Tracking Newsletter, April, 2013  

Science Conference Proceedings (OSTI)

EPRIs tracking and outreach efforts reflect its continued commitment to support the power industry in the identification of cyber security and privacy issues and efforts for the electric sector. In support of these efforts EPRI works diligently to stay abreast of the present state of standards and guideline developments as well as regulatory governance. This newsletter provides highlights and status of ongoing efforts by numerous working groups, as well as insights into future activities.

2013-03-26T23:59:59.000Z

Note: This page contains sample records for the topic "quality security cyber" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


141

Cyber Security and Privacy Industry Tracking Newsletter, July 2013  

Science Conference Proceedings (OSTI)

EPRI's tracking and outreach efforts reflect its continued commitment to support the power industry in the identification of cyber security and privacy issues and efforts for the electric sector. In support of these efforts EPRI works diligently to stay abreast of the present state of standards and guideline developments as well as regulatory governance. This newsletter provides highlights and status of ongoing efforts by numerous working groups, as well as insights into future activities.

2013-06-25T23:59:59.000Z

142

Cyber Security and Privacy Industry Tracking Newsletter: December 2012  

Science Conference Proceedings (OSTI)

The Electric Power Research Institute (EPRI) remains committed to supporting the power industry in the identification of cyber security and privacy issues and efforts for the electric sector. In support of these efforts, EPRI works diligently to stay abreast of the present state of standards and guideline developments, as well as regulatory governance. This newsletter provides highlights and status of ongoing efforts by numerous working groups and insights into future activities.This ...

2012-12-28T23:59:59.000Z

143

Cyber Security and Privacy Industry Tracking Newsletter, October 2013  

Science Conference Proceedings (OSTI)

EPRI's tracking and outreach efforts reflect its continued commitment to support the power industry in the identification of cyber security and privacy issues and efforts for the electric sector. In support of these efforts EPRI works diligently to stay abreast of the present state of standards and guideline developments as well as regulatory governance. This newsletter provides highlights and status of ongoing efforts by numerous working groups, as well as insights into future activities.

2013-10-11T23:59:59.000Z

144

Framework for Evaluating Cyber Security Posture for Power Delivery Systems  

Science Conference Proceedings (OSTI)

While many asset owners and operators are performing self-assessments of their control systems, the methods used vary widely across the electric sector. This lack of consistent criteria and metrics makes it difficult to benchmark and compare the cyber security posture of power delivery systems.The objective of this technical update is to develop an evaluation framework that uses both the Department of Energy (DOE) Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) ...

2013-11-28T23:59:59.000Z

145

Cyber Security and Privacy Industry Tracking Newsletter, October 2012  

Science Conference Proceedings (OSTI)

EPRI's tracking and outreach efforts reflect its continued commitment to support the power industry in the identification of cyber security and privacy issues and efforts for the electric sector. In support of these efforts EPRI works diligently to stay abreast of the present state of standards and guideline developments as well as regulatory governance. This newsletter provides highlights and status of ongoing efforts by numerous working groups, as well as insights into future activities.

2012-09-26T23:59:59.000Z

146

Cyber Security and Privacy Industry Tracking Newsletter, July 2012  

Science Conference Proceedings (OSTI)

EPRI's tracking and outreach efforts reflect its continued commitment to support the power industry in the identification of cyber security and privacy issues and efforts for the electric sector. In support of these efforts EPRI works diligently to stay abreast of the present state of standards and guideline developments as well as regulatory governance. This newsletter provides highlights and status of ongoing efforts by numerous working groups, as well as insights into future activities.

2012-07-02T23:59:59.000Z

147

Cyber Security Through Science | More Science | ORNL  

NLE Websites -- All DOE Office Websites (Extended Search)

System-of-systems analysis Visualization tools for complex information Next-generation smart grid technologies Quantum computing, security, and data fusion For more information,...

148

Cyber Security Procurement - Application of the Methodology, First Example: Single Loop  

Science Conference Proceedings (OSTI)

Determining how to apply cyber security requirements for new instrumentation and control (I&C) systems requires cyber security experts, I&C engineers, and procurement organizations to work together with vendors to implement and maintain cyber security controls. Improper or incomplete implementation of controls due to lack of proper requirements and/or division of responsibilities between the utility and vendor can often result in costly backfits to meet the requirements.The ...

2013-07-29T23:59:59.000Z

149

Survey Paper Cyber security in the Smart Grid: Survey and challenges q  

E-Print Network (OSTI)

Survey Paper Cyber security in the Smart Grid: Survey and challenges q Wenye Wang , Zhuo Lu Accepted 29 December 2012 Available online 17 January 2013 Keywords: Smart Grid Cyber security Attacks and countermeasures Cryptography Security protocols a b s t r a c t The Smart Grid, generally referred to as the next

Wang, Wenye

150

DOE O 205.1B Chg 2, Department of Energy Cyber Security Program  

Directives, Delegations, and Requirements

The order sets forth requirements and responsibilities for a Departmental Cyber Security Program that protects information and information systems for DOE. ...

2011-05-16T23:59:59.000Z

151

INDUSTRIAL CONTROL SYSTEM CYBER SECURITY: QUESTIONS AND ANSWERS RELEVANT TO NUCLEAR FACILITIES, SAFEGUARDS AND SECURITY  

SciTech Connect

Typical questions surrounding industrial control system (ICS) cyber security always lead back to: What could a cyber attack do to my system(s) and; how much should I worry about it? These two leading questions represent only a fraction of questions asked when discussing cyber security as it applies to any program, company, business, or organization. The intent of this paper is to open a dialog of important pertinent questions and answers that managers of nuclear facilities engaged in nuclear facility security and safeguards should examine, i.e., what questions should be asked; and how do the answers affect an organization's ability to effectively safeguard and secure nuclear material. When a cyber intrusion is reported, what does that mean? Can an intrusion be detected or go un-noticed? Are nuclear security or safeguards systems potentially vulnerable? What about the digital systems employed in process monitoring, and international safeguards? Organizations expend considerable efforts to ensure that their facilities can maintain continuity of operations against physical threats. However, cyber threats particularly on ICSs may not be well known or understood, and often do not receive adequate attention. With the disclosure of the Stuxnet virus that has recently attacked nuclear infrastructure, many organizations have recognized the need for an urgent interest in cyber attacks and defenses against them. Several questions arise including discussions about the insider threat, adequate cyber protections, program readiness, encryption, and many more. These questions, among others, are discussed so as to raise the awareness and shed light on ways to protect nuclear facilities and materials against such attacks.

Robert S. Anderson; Mark Schanfein; Trond Bjornard; Paul Moskowitz

2011-07-01T23:59:59.000Z

152

Obama's Call for Public-Private Cyber Security Collaboration Reflected in  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Obama's Call for Public-Private Cyber Security Collaboration Obama's Call for Public-Private Cyber Security Collaboration Reflected in DOE's Priorities Obama's Call for Public-Private Cyber Security Collaboration Reflected in DOE's Priorities May 29, 2009 - 4:08pm Addthis In releasing the results of his Administration's 60-day cyber security review, President Barack Obama today emphasized that partnering with the private sector will be paramount for agencies working to secure the power grid and other critical infrastructures from cyber attack. Securing the computer-based systems that monitor and control the nation's electric grid and oil and gas pipelines remains a shared challenge for the Department of Energy. As the industry quickly works to develop and demonstrate Smart Grid technologies to build a more reliable and resilient

153

Technical Guideline for Cyber Security Requirements and Life Cycle Implementation Guidelines for Nuclear Plant Digital Systems  

Science Conference Proceedings (OSTI)

Nuclear power plants face increasing regulatory requirements from the U.S. Nuclear Regulatory Commission (NRC) and the Federal Energy Regulatory Commission (FERC) for cyber security of digital devices, components, and systems. The focus of these cyber security requirements is to protect plant digital computer systems, communications systems, and networks from cyber attacks that would affect reactor safety or generation reliability. This EPRI guideline document provides technical guidance for addressing c...

2010-10-29T23:59:59.000Z

154

Cybercrime and cyber-security issues associated with China: some economic and institutional considerations  

Science Conference Proceedings (OSTI)

China is linked to cybercrimes of diverse types, scales, motivations and objectives. The Chinese cyberspace thus provides an interesting setting for the study of cybercrimes. In this paper, we first develop typology, classification and characterization ... Keywords: China, Cyber-security, Cyber-security related alliances, Cybercrime, International relations, International trade, Intrinsic and extrinsic motivations

Nir Kshetri

2013-03-01T23:59:59.000Z

155

Smart Grid Cyber Security Strategy and Requirements  

E-Print Network (OSTI)

(NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nations measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITLs responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Interagency Report discusses ITLs research, guidance, and outreach efforts in computer security and its collaborative activities with industry, government, and academic organizations. National Institute of Standards and Technology Interagency Report 7628 (draft) 305 pages (February 2010) Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose. Acknowledgments

The Smart; Grid Interoperability

2010-01-01T23:59:59.000Z

156

Probabilistic Characterization of Adversary Behavior in Cyber Security  

SciTech Connect

The objective of this SMS effort is to provide a probabilistic characterization of adversary behavior in cyber security. This includes both quantitative (data analysis) and qualitative (literature review) components. A set of real LLNL email data was obtained for this study, consisting of several years worth of unfiltered traffic sent to a selection of addresses at ciac.org. The email data was subjected to three interrelated analyses: a textual study of the header data and subject matter, an examination of threats present in message attachments, and a characterization of the maliciousness of embedded URLs.

Meyers, C A; Powers, S S; Faissol, D M

2009-10-08T23:59:59.000Z

157

21 Steps to Improve Cyber Security of SCADA Networks | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1 Steps to Improve Cyber Security of SCADA Networks 1 Steps to Improve Cyber Security of SCADA Networks 21 Steps to Improve Cyber Security of SCADA Networks Supervisory control and data acquisition (SCADA) networks contain computers and applications that perform key functions in providing essential services and commodities (e.g., electricity, natural gas, gasoline, water, waste treatment, transportation) to all Americans. As such, they are part of the nation's critical infrastructure and require protection from a variety of threats that exist in cyber space today. By allowing the collection and analysis of data and control of equipment such as pumps and valves from remote locations, SCADA networks provide great efficiency and are widely used. However, they also present a security risk. 21 Steps to Improve Cyber Security of SCADA Networks

158

Cyber Security and Privacy Landscape of the Electric Sector: Release 2  

Science Conference Proceedings (OSTI)

Cyber-physical security and data privacy have become critical priorities for utilities over the past several decades. Many federal agencies, such as the Department of Energy (DOE), the Department of Homeland Security (DHS), the Department of Defense (DOD), state organizations, and various industry and academic organizations are currently leading and executing cyber security and privacy activities, research, and working groups for the smart grid. Without an overall map of these various activities, the eff...

2012-07-02T23:59:59.000Z

159

Cyber Security and Privacy Landscape of the Electric Sector, Release 5  

Science Conference Proceedings (OSTI)

Cyber-physical security and data privacy have become critical priorities for utilities over the past several decades. Many federal agencies (such as the Department of Energy, the Department of Homeland Security, and the Department of Defense), state organizations, and various industry and academic organizations are currently leading and executing cyber security and privacy activities, research, and working groups for the smart grid. Without an overall map of these various activities, the efforts may ...

2013-03-27T23:59:59.000Z

160

Network Intrusion Detection and Visualization using Aggregations in a Cyber Security Data Warehouse  

SciTech Connect

The challenge of achieving situational understanding is a limiting factor in effective, timely, and adaptive cyber-security analysis. Anomaly detection fills a critical role in network assessment and trend analysis, both of which underlie the establishment of comprehensive situational understanding. To that end, we propose a cyber security data warehouse implemented as a hierarchical graph of aggregations that captures anomalies at multiple scales. Each node of our pro-posed graph is a summarization table of cyber event aggregations, and the edges are aggregation operators. The cyber security data warehouse enables domain experts to quickly traverse a multi-scale aggregation space systematically. We describe the architecture of a test bed system and a summary of results on the IEEE VAST 2012 Cyber Forensics data.

Czejdo, Bogdan [ORNL; Ferragut, Erik M [ORNL; Goodall, John R [ORNL; Laska, Jason A [ORNL

2012-01-01T23:59:59.000Z

Note: This page contains sample records for the topic "quality security cyber" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


161

Cyber Security Procurement Language for Control Systems Version 1.8 |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Cyber Security Procurement Language for Control Systems Version 1.8 Cyber Security Procurement Language for Control Systems Version 1.8 Cyber Security Procurement Language for Control Systems Version 1.8 Supervisory Control and Data Acquisition (SCADA), Process Control System (PCS), Distributed Control System (DCS), etc. generally refer to the systems which control, monitor, and manage the nation's critical infrastructures such as electric power generators, subway systems, dams, telecommunication systems, natural gas pipelines, and many others. Simply stated, a control system gathers information and then performs a function based on established parameters or information it received. Cyber Security Procurement Language for Control Systems Version 1.8 More Documents & Publications AMI System Security Requirements - v1_01-1

162

Towards an Experimental Testbed Facility for Cyber-Physical Security Research  

Science Conference Proceedings (OSTI)

Cyber-Physical Systems (CPSs) are under great scrutiny due to large Smart Grid investments and recent high profile security vulnerabilities and attacks. Research into improved security technologies, communication models, and emergent behavior is necessary to protect these systems from sophisticated adversaries and new risks posed by the convergence of CPSs with IT equipment. However, cyber-physical security research is limited by the lack of access to universal cyber-physical testbed facilities that permit flexible, high-fidelity experiments. This paper presents a remotely-configurable and community-accessible testbed design that integrates elements from the virtual, simulated, and physical environments. Fusing data between the three environments enables the creation of realistic and scalable environments where new functionality and ideas can be exercised. This novel design will enable the research community to analyze and evaluate the security of current environments and design future, secure, cyber-physical technologies.

Edgar, Thomas W.; Manz, David O.; Carroll, Thomas E.

2012-01-07T23:59:59.000Z

163

Cyber-Security Considerations for the Smart Grid  

Science Conference Proceedings (OSTI)

The electrical power grid is evolving into the smart grid. The goal of the smart grid is to improve efficiency and availability of power by adding more monitoring and control capabilities. These new technologies and mechanisms are certain to introduce vulnerabilities into the power grid. In this paper we provide an overview of the cyber security state of the electrical power grid. We highlight some of the vulnerabilities that already exist in the power grid including limited capacity systems, implicit trust and the lack of authentication. We also address challenges of complexity, scale, added capabilities and the move to multipurpose hardware and software as the power grid is upgraded. These changes create vulnerabilities that did not exist before and bring increased risks. We conclude the paper by showing that there are a number mitigation strategies that can help keep the risk at an acceptable level.

Clements, Samuel L.; Kirkham, Harold

2010-07-26T23:59:59.000Z

164

ABB and Energy Utilities Form Consortium to Fund SCADA/EMS Cyber Security  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

and Energy Utilities Form Consortium to Fund SCADA/EMS Cyber and Energy Utilities Form Consortium to Fund SCADA/EMS Cyber Security Assessment at National SCADA Test Bed ABB and Energy Utilities Form Consortium to Fund SCADA/EMS Cyber Security Assessment at National SCADA Test Bed Twelve utilities have formed a consortium with ABB, a supervisory control and data acquisition (SCADA) system vendor, to privately fund advanced research and testing through the U.S. Department of Energy's (DOE) National SCADA Test Bed (NSTB), announced a recent article in the journal Transmission & Distribution World. ABB and Energy Utilities Form Consortium to Fund SCADA/EMS Cyber Security Assessment at National SCADA Test Bed More Documents & Publications Security is Not an Option ABB SCADA/EMS System INEEL Baseline Summary Test Report (November 2004)

165

A cyber-physical experimentation environment for the security analysis of networked industrial control systems  

Science Conference Proceedings (OSTI)

Although many studies address the security of Networked Industrial Control Systems (NICSs), today we still lack an efficient way to conduct scientific experiments that measure the impact of attacks against both the physical and the cyber parts of these ...

BLa Genge; Christos Siaterlis; Igor Nai Fovino; Marcelo Masera

2012-09-01T23:59:59.000Z

166

Effective real-world project collaboration: Strategies from a cyber security degree program  

Science Conference Proceedings (OSTI)

The undergraduate degree of computer and cyber security has been offered at the School of Information Technology, Phetchaburi Rajabhat University, Thailand since 2005. Our program requires direct field experience when students are taking upper-level ...

Wajee Chookittikul; Peter E. Maher

2011-05-01T23:59:59.000Z

167

Strategic philanthropy for cyber security : an extended cost-benefit analysis framework to study cybersecurity  

E-Print Network (OSTI)

The international climate of cyber security is dramatically changing and thus unpredictable. As such, agile yet sustainable solutions are needed, along with an effective and a pragmatic evaluation framework to assess and ...

Cho, Yiseul

2012-01-01T23:59:59.000Z

168

Cyber Science and Security - An R&D Partnership at LLNL  

Science Conference Proceedings (OSTI)

Lawrence Livermore National Laboratory has established a mechanism for partnership that integrates the high-performance computing capabilities of the National Labs, the network and cyber technology expertise of leading information technology companies, and the long-term research vision of leading academic cyber programs. The Cyber Science and Security Center is designed to be a working partnership among Laboratory, Industrial, and Academic institutions, and provides all three with a shared R&D environment, technical information sharing, sophisticated high-performance computing facilities, and data resources for the partner institutions and sponsors. The CSSC model is an institution where partner organizations can work singly or in groups on the most pressing problems of cyber security, where shared vision and mutual leveraging of expertise and facilities can produce results and tools at the cutting edge of cyber science.

Brase, J; Henson, V

2011-03-11T23:59:59.000Z

169

Cyber Security Solutions for Instrumentation and Control Systems, Topic 2: Patch Management and Automated Change Management  

Science Conference Proceedings (OSTI)

Cyber security standards have been produced as a result of continual threats to business and process control networks. Many standards have been drafted, have undergone revision, and are being enforced for compliance. In recent years, electric utilities have established cyber security programs to ensure compliance with critical infrastructure protection (CIP) standards requirements of the North American Electric Reliability Corporation (NERC) and related requirements in the international ...

2013-04-18T23:59:59.000Z

170

DOE/DHS INDUSTRIAL CONTROL SYSTEM CYBER SECURITY PROGRAMS: A MODEL FOR USE IN NUCLEAR FACILITY SAFEGUARDS AND SECURITY  

SciTech Connect

Many critical infrastructure sectors have been investigating cyber security issues for several years especially with the help of two primary government programs. The U.S. Department of Energy (DOE) National SCADA Test Bed and the U.S. Department of Homeland Security (DHS) Control Systems Security Program have both implemented activities aimed at securing the industrial control systems that operate the North American electric grid along with several other critical infrastructure sectors (ICS). These programs have spent the last seven years working with industry including asset owners, educational institutions, standards and regulating bodies, and control system vendors. The programs common mission is to provide outreach, identification of cyber vulnerabilities to ICS and mitigation strategies to enhance security postures. The success of these programs indicates that a similar approach can be successfully translated into other sectors including nuclear operations, safeguards, and security. The industry regulating bodies have included cyber security requirements and in some cases, have incorporated sets of standards with penalties for non-compliance such as the North American Electric Reliability Corporation Critical Infrastructure Protection standards. These DOE and DHS programs that address security improvements by both suppliers and end users provide an excellent model for nuclear facility personnel concerned with safeguards and security cyber vulnerabilities and countermeasures. It is not a stretch to imagine complete surreptitious collapse of protection against the removal of nuclear material or even initiation of a criticality event as witnessed at Three Mile Island or Chernobyl in a nuclear ICS inadequately protected against the cyber threat.

Robert S. Anderson; Mark Schanfein; Trond Bjornard; Paul Moskowitz

2011-07-01T23:59:59.000Z

171

Follow-up Audit of the Department's Cyber Security Incident Management Program, IG-0878  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Department's Department's Cyber Security Incident Management Program DOE/IG-0878 December 2012 U.S. Department of Energy Office of Inspector General Office of Audits & Inspections Department of Energy Washington, DC 20585 December 11, 2012 MEMORANDUM FOR THE SECRETARY FROM: Gregory H. Friedman Inspector General SUBJECT: INFORMATION: Audit Report on "Follow-up Audit of the Department's Cyber Security Incident Management Program" INTRODUCTION AND OBJECTIVE The Department of Energy operates numerous networks and systems to help accomplish its strategic missions in the areas of energy, defense, science and the environment. The systems are frequently subjected to sophisticated cyber attacks that could impact the Department's

172

Proceedings of the 7th Annual Workshop on Cyber Security and Information Intelligence Research: Energy Infrastructure Cyber Protection  

Science Conference Proceedings (OSTI)

The energy industry is embarking upon an infrastructure transformation that will result in a national power grid that is more intelligent, robust, resilient, and secure. While the final form will not be known for quite some time, clearly a smarter grid will make better use of information. Whether an electric utility is making real-time adjustments in response to changing load conditions, or commercial and private consumers are making better choices, the timely availability of this information will become increasingly critical. Ultimately, the overall efficiency, reliability, and resilience of the grid is inextricably linked to information. Unfortunately, "the electric power sector is second from the bottom of all major U.S. industries in terms of R&D spending as a percentage of revenue, exceeding only pulp and paper [Amin2011]." Moreover, U.S. officials worry that cyber-spies could use their [demonstrated] access to shut down the grid or take control of power plants during a time of crisis or war [CIO09, WSJ09]. Protecting and trusting information is not unique to the grid. Indeed, the information security market is worth tens of billions of dollars, almost exclusively in cyber security products and services. Yet, solutions designed for the Internet are often not appropriate for securing the energy grid, which has a different set of priorities and communication needs. Any viable information security solution must address those unique challenges and features. The discussion at the CSIIR Workshop was primarily focused about the Energy Infrastructure Cyber Protection (ENCyP) Initiative. ENCyP is a multidisciplinary strategic theme oriented on cyber protection for the most critical and most vulnerable components of Energy Delivery System (EDS). The initiative derived from ORNL's focus on energy and cyber-physical defenses. On this basis we received just over 100 submissions stemming from both novel theoretical and empirical research focused on the many different aspects of ENCyP. We encouraged the participation of researchers and practitioners from a wide range of professional disciplines to ensure a comprehensive understanding of the needs, stakes and the evolving context ENCyP. Topics included: Security assurance/interoperability for Energy Delivery Systems (EDS) Scalable/trusted control (cyber-physical) systems security Visual analytics for cyber security Next generation control systems vulnerability assessment Wireless Smart Grid security SCADA, EDS communications security test beds Use cases and attack scenarios for EDS Wide area monitoring, protection & control AMI, demand-response, distribution grid management security Electric transportation & distributed energy resources security Policy/standards driven architectures for EDS Anti-tamper device architectures Cryptographic key management for EDS Security risk assessment and management for EDS Insider and life-cycle threats Automated vulnerability detection Access control management and authentication services for EDS Secure information exchange gateway & watchdog switches Bio-Inspired technologies for enhancing EDS cybersecurity A principle goal of the workshop was to foster discussions and dialog among the 210 registered attendees from North and South America, Europe, Asia, and Africa. This goal was initiated and facilitated by 8 plenary keynote addresses including our banquet and reception speakers. There were also six invited speakers, including two panels of government and national laboratory representatives. A total of one hundred and three papers (i.e., extended abstracts [EAs]) were submitted involving over three hundred independent reviews from more than one hundred reviewers. Thirty two percent of the papers that were submitted received two reviews while all of the rest of the papers received three or more. Fifty-four EAs were accepted. Twenty-five posters were invited. All of the EAs, presentations and posters are included in our proceedings. The subject areas span the topics above and were organized into nine tracks: Security Assurance for EDS; Wide Area Mo

Sheldon, Frederick T [ORNL; Abercrombie, Robert K [ORNL; Krings, Axel [University of Idaho

2011-01-01T23:59:59.000Z

173

Study of Security Attributes of Smart Grid Systems- Current Cyber Security Issues  

SciTech Connect

This document provides information for a report to congress on Smart Grid security as required by Section 1309 of Title XIII of the Energy Independence and Security Act of 2007. The security of any future Smart Grid is dependent on successfully addressing the cyber security issues associated with the nations current power grid. Smart Grid will utilize numerous legacy systems and technologies that are currently installed. Therefore, known vulnerabilities in these legacy systems must be remediated and associated risks mitigated in order to increase the security and success of the Smart Grid. The implementation of Smart Grid will include the deployment of many new technologies and multiple communication infrastructures. This report describes the main technologies that support Smart Grid and summarizes the status of implementation into the existing U.S. electrical infrastructure.

Wayne F. Boyer; Scott A. McBride

2009-04-01T23:59:59.000Z

174

Leadership Development Series: "A Holistic Look at Cyber Security" |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Leadership Development Series: "A Holistic Look at Cyber Security" Leadership Development Series: "A Holistic Look at Cyber Security" Leadership Development Series: "A Holistic Look at Cyber Security" January 30, 2014 10:30AM to 12:00PM EST Registration link: By e-mail, $0 Course type: Classroom/Auditorium, Video Cast & Teleconference Course Location: DOE Headquarters, Forrestal Building, Washington, DC/ Main Auditorium Course Description: Dr. Steven Bucci, Director, Douglas and Sarah Allison Center for Foreign Policy Studies. The sheer volume of cyber activity is masking serious threats that impact government, business and our personal lives every day. Incidents are now ubiquitous, pervasive and constitute the new "normal". These day to day threats are not existential, but if not addressed, will hinder our

175

Towards Resilient Critical Infrastructures: Application of Type-2 Fuzzy Logic in Embedded Network Security Cyber Sensor  

SciTech Connect

Resiliency and cyber security of modern critical infrastructures is becoming increasingly important with the growing number of threats in the cyber-environment. This paper proposes an extension to a previously developed fuzzy logic based anomaly detection network security cyber sensor via incorporating Type-2 Fuzzy Logic (T2 FL). In general, fuzzy logic provides a framework for system modeling in linguistic form capable of coping with imprecise and vague meanings of words. T2 FL is an extension of Type-1 FL which proved to be successful in modeling and minimizing the effects of various kinds of dynamic uncertainties. In this paper, T2 FL provides a basis for robust anomaly detection and cyber security state awareness. In addition, the proposed algorithm was specifically developed to comply with the constrained computational requirements of low-cost embedded network security cyber sensors. The performance of the system was evaluated on a set of network data recorded from an experimental cyber-security test-bed.

Ondrej Linda; Todd Vollmer; Jim Alves-Foss; Milos Manic

2011-08-01T23:59:59.000Z

176

Lab hosts multi-lab cyber security games  

NLE Websites -- All DOE Office Websites (Extended Search)

Joint Cyber Coordination Center, or JC3. The JC3 is focused on improving the national response to threats, leveraging complex resources, and sharing information to meet...

177

CYBER SECURITY AWARENESS & TRAINING Program Plan of Activity...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Publications IM-31, Policy, Guidance, and Planning Division Course Catalogue Cyber Tips Book Mark (2009 NCSA Month) Protect Your Family Brochure (Training and Awareness Materail)...

178

Smart Grid Cyber Security Strategy and Requirements The Cyber Security Coordination Task Group  

E-Print Network (OSTI)

(NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nations measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITLs responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Interagency Report discusses ITLs research, guidance, and outreach efforts in computer security and its collaborative activities with industry, government, and academic organizations. National Institute of Standards and Technology Interagency Report 7628 (draft) 236 pages (September 2009) Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose. Acknowledgments

Annabelle Lee Lead; Tanya Brewer; Annabelle Lee Lead; Tanya Brewer

2009-01-01T23:59:59.000Z

179

Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies  

SciTech Connect

The Annual Cyber Security and Information Intelligence Research Workshop [CSIIRW] was be held at Oak Ridge National Laboratory in Oak Ridge, TN on April 21 - 23, 2010. The aim of this workshop is to introduce and discuss novel theoretical and empirical research focused on (the many) different aspects of software security/dependability, because as we know, the heart of the cyber infrastructure is software. As our dependence on the cyber infrastructure grows more complex and more distributed, the systems that compose it become more prone to failures and exploitation. Intelligence refers to discrete or private information which possess currency and relevance. The ability to abstract, evaluate, and understand such information underlies its accuracy and true value (wiki). The collection, analysis and utilization of information constitutes a business-, sociopolitical-, military-intelligence activity that ultimately poses significant advantages and liabilities to the survivability of "our" society. Cyber crime is a very serious and growing problem which now has an annual global turnover in the criminal world of more than 1000 BUSD [recent numbers from an FBI white paper] with the hardest hit industries being the banks and the insurance companies. A recent EU study of the banking world showed that more than 60% of cyber crime in banks was carried out by insiders of which ~65% by senior managers. Moreover, cyber security practice and policy is largely heuristic, reactive, and increasingly cumbersome, struggling to keep pace with rapidly evolving threats. Advancing beyond this reactive posture will require a transformation in computing and communication systems architecture and new capabilities that do not merely solve today s plethora of security enigmas, but enable comprehensive game-changing strategies [A Scientific R&D Approach to Cyber Security, C. Catlett, et al., Community-driven report submitted to the DOE, Dec. 2008]. The aim of this workshop is to discuss (and publish) novel theoretical and empirical research focused on the many different aspects of cyber security and information intelligence. The scope will vary from methodologies and tools to systems and applications to more precise definition of the various problems and impacts. We encourage the participation of researchers and practitioners from a wide range of professional disciplines to ensure a comprehensive understanding of the needs, stakes and the ever evolving context of cyberspace.

Sheldon, Frederick T [ORNL; Prowell, Stacy J [ORNL; Abercrombie, Robert K [ORNL; Krings, Axel [ORNL

2010-01-01T23:59:59.000Z

180

Assessment And Testing of Industrial Devices Robustness Against Cyber Security Attacks  

E-Print Network (OSTI)

CERN (European Organization for Nuclear Research),like any organization, needs to achieve the conflicting objectives of connecting its operational network to Internet while at the same time keeping its industrial control systems secure from external and internal cyber attacks. With this in mind, the ISA-99[0F1] international cyber security standard has been adopted at CERN as a reference model to define a set of guidelines and security robustness criteria applicable to any network device. Devices robustness represents a key link in the defense-in-depth concept as some attacks will inevitably penetrate security boundaries and thus require further protection measures. When assessing the cyber security robustness of devices we have singled out control system-relevant attack patterns derived from the well-known CAPEC[1F2] classification. Once a vulnerability is identified, it needs to be documented, prioritized and reproduced at will in a dedicated test environment for debugging purposes. CERN - in collaboration ...

Tilaro, F

2011-01-01T23:59:59.000Z

Note: This page contains sample records for the topic "quality security cyber" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


181

Cyber Security and Information Intelligence Research Workshop (CSIIRW'11) Proceedings  

SciTech Connect

The energy industry is embarking upon an infrastructure transformation that will result in a national power grid that is more intelligent, robust, resilient, and secure. While the final form will not be known for quite some time, clearly a smarter grid will make better use of information. Whether an electric utility is making real-time adjustments in response to changing load conditions, or commercial and private consumers are making better choices, the timely availability of this information will become increasingly critical. Ultimately, the overall efficiency, reliability, and resilience of the grid is inextricably linked to information. Unfortunately, "the electric power sector is second from the bottom of all major U.S. industries in terms of R&D spending as a percentage of revenue, exceeding only pulp and paper [Amin2011]." Moreover, U.S. officials worry that cyber-spies could use their [demonstrated] access to shut down the grid or take control of power plants during a time of crisis or war [CIO09, WSJ09]. Moreover, Massachusetts Institute of Technology (MIT) released the results of a two-year study, The Future of the Electric Grid.

Sheldon, Frederick T [ORNL; Abercrombie, Robert K [ORNL; Krings, Axel [ORNL

2011-01-01T23:59:59.000Z

182

Fuzzy Logic Based Anomaly Detection for Embedded Network Security Cyber Sensor  

Science Conference Proceedings (OSTI)

Resiliency and security in critical infrastructure control systems in the modern world of cyber terrorism constitute a relevant concern. Developing a network security system specifically tailored to the requirements of such critical assets is of a primary importance. This paper proposes a novel learning algorithm for anomaly based network security cyber sensor together with its hardware implementation. The presented learning algorithm constructs a fuzzy logic rule based model of normal network behavior. Individual fuzzy rules are extracted directly from the stream of incoming packets using an online clustering algorithm. This learning algorithm was specifically developed to comply with the constrained computational requirements of low-cost embedded network security cyber sensors. The performance of the system was evaluated on a set of network data recorded from an experimental test-bed mimicking the environment of a critical infrastructure control system.

Ondrej Linda; Todd Vollmer; Jason Wright; Milos Manic

2011-04-01T23:59:59.000Z

183

Management of Los Alamos National Laboratory's Cyber Security Program, IG-0880  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Los Alamos National Los Alamos National Laboratory's Cyber Security Program DOE/IG-0880 February 2013 U.S. Department of Energy Office of Inspector General Office of Audits and Inspections Department of Energy Washington, DC 20585 February 11, 2013 MEMORANDUM FOR THE SECRETARY FROM: Gregory H. Friedman Inspector General SUBJECT: INFORMATION: Audit Report on "Management of Los Alamos National Laboratory's Cyber Security Program" INTRODUCTION AND OBJECTIVE The Los Alamos National Laboratory (LANL), operated by the National Nuclear Security Administration on behalf of the Department of Energy, is one of the world's largest multi- disciplinary laboratories and is primarily responsible for helping to ensure the safety and

184

Proceedings of the 4th Annual Workshop on Cyber Security and Information Intelligence Research: Developing Strategies To Meet The Cyber Security And Information Intelligence Challenges Ahead  

Science Conference Proceedings (OSTI)

As our dependence on the cyber infrastructure grows ever larger, more complex and more distributed, the systems that compose it become more prone to failures and/or exploitation. Intelligence is information valued for its currency and relevance rather than its detail or accuracy. Information explosion describes the pervasive abundance of (public/private) information and the effects of such. Gathering, analyzing, and making use of information constitutes a business- / sociopolitical- / military-intelligence gathering activity and ultimately poses significant advantages and liabilities to the survivability of "our" society. The combination of increased vulnerability, increased stakes and increased threats make cyber security and information intelligence (CSII) one of the most important emerging challenges in the evolution of modern cyberspace "mechanization." The goal of the workshop was to challenge, establish and debate a far-reaching agenda that broadly and comprehensively outlined a strategy for cyber security and information intelligence that is founded on sound principles and technologies. We aimed to discuss novel theoretical and applied research focused on different aspects of software security/dependability, as software is at the heart of the cyber infrastructure.

Sheldon, Frederick T [ORNL; Krings, Axel [ORNL; Abercrombie, Robert K [ORNL; Mili, Ali [New Jersey Insitute of Technology

2008-01-01T23:59:59.000Z

185

CYBER SECURITY AWARENESS & TRAINING Program Plan of Activity...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

III. Theme The theme for the 2009 Summer Takin' It to the Streets awareness event is "Shape Up...Get Cyber Fit." 3 7222009 Last update: 5312011 IV. Audience The intended...

186

T3: Secure, Scalable, Distributed Data Movement and Remote System Control for Enterprise Level Cyber Security  

Science Conference Proceedings (OSTI)

Enterprise level cyber security requires the deployment, operation, and monitoring of many sensors across geographically dispersed sites. Communicating with the sensors to gather data and control behavior is a challenging task when the number of sensors is rapidly growing. This paper describes the system requirements, design, and implementation of T3, the third generation of our transport software that performs this task. T3 relies on open source software and open Internet standards. Data is encoded in MIME format messages and transported via NNTP, which provides scalability. OpenSSL and public key cryptography are used to secure the data. Robustness and ease of development are increased by defining an internal cryptographic API, implemented by modules in C, Perl, and Python. We are currently using T3 in a production environment. It is freely available to download and use for other projects.

Thomas, Gregory S.; Nickless, William K.; Thiede, David R.; Gorton, Ian; Pitre, Bill J.; Christy, Jason E.; Faultersack, Elizabeth M.; Mauth, Jeffery A.

2009-07-20T23:59:59.000Z

187

Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies  

Science Conference Proceedings (OSTI)

Our reliance on the cyber infrastructure has further grown and the dependencies have become more complex. The infrastructure and applications running on it are not generally governed by the rules of bounded systems and inherit the properties of unbounded systems, such as the absence of global control, borders and barriers. Furthermore, the quest for increasing functionality and ease of operation is often at the cost of controllability, potentially opening up avenues for exploitation and failures. Intelligence is information valued for its currency and relevance rather than its detail or accuracy. In the presence of information explosion, i.e., the pervasive abundance of (public/private) information and the effects of such, intelligence has the potential to shift the advantages in the dynamic game of defense and attacks in cyber space. Gathering, analyzing, and making use of information constitutes a business-/sociopolitical-/military-intelligence gathering activity and ultimately poses significant advantages and liabilities to the survivability of "our" society. The combination of increased vulnerability, increased stakes and increased threats make cyber security and information intelligence (CSII) one of the most important emerging challenges in the evolution of modern cyberspace. The goal of the workshop is to establish, debate and challenge the far-reaching agenda that broadly and comprehensively outlines a strategy for cyber security and information intelligence that is founded on sound principles and technologies.

Sheldon, Frederick T [ORNL; Peterson, Greg D [ORNL; Krings, Axel [ORNL; Abercrombie, Robert K [ORNL; Mili, Ali [New Jersey Insitute of Technology

2009-01-01T23:59:59.000Z

188

Pricing and Investments in Internet Security: A Cyber-Insurance Perspective  

E-Print Network (OSTI)

Internet users such as individuals and organizations are subject to different types of epidemic risks such as worms, viruses, spams, and botnets. To reduce the probability of risk, an Internet user generally invests in traditional security mechanisms like anti-virus and anti-spam software, sometimes also known as self-defense mechanisms. However, such software does not completely eliminate risk. Recent works have considered the problem of residual risk elimination by proposing the idea of cyber-insurance. In this regard, an important research problem is the analysis of optimal user self-defense investments and cyber-insurance contracts under the Internet environment. In this paper, we investigate two problems and their relationship: 1) analyzing optimal self-defense investments in the Internet, under optimal cyber-insurance coverage, where optimality is an insurer objective and 2) designing optimal cyber-insurance contracts for Internet users, where a contract is a (premium, coverage) pair.

Pal, Ranjan

2011-01-01T23:59:59.000Z

189

Proceedings of the 6th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber security and information intelligence challenges and strategies  

SciTech Connect

As our dependence on the cyber infrastructure grows more complex and more distributed, the systems that compose it become more prone to failures and exploitation. Intelligence refers to discrete or private information, which possess currency and relevance. The ability to abstract, evaluate, and understand such information underlies its accuracy and true value. The collection, analysis and utilization of information constitutes a business-, sociopolitical-, military-intelligence activity that ultimately poses significant advantages and liabilities to the survivability of "our" society. The aim of this workshop (www.csiir.ornl.gov/csiirw) was to discuss (and publish) novel theoretical and empirical research focused on the many different aspects of cyber security and information intelligence. The scope will vary from methodologies and tools to systems and applications to more precise definition of the various problems and impacts. Topics include: Scalable trustworthy systems Enterprise-level metrics Coping with insider and life-cycle threats Coping with malware and polymorphism Phishing/whaling, spam and cyber crime High assurance system survivability Cyber security for the Smart Grid Digital provenance and data integrity Privacy-aware security and usable security Social networking models for managing trust and security A principle goal of the workshop was to foster discussions and dialog among the 150 registered attendees from North America, Europe, Asia, and Africa. This goal was initiated and facilitated by 14 plenary keynote addresses including a banquet presentation and the CIO / CTO perspectives panel. A total of 98 papers (i.e., extended abstracts [EAs]) were submitted and 54 EAs were accepted plus 11 posters were invited. All of the abstracts and either presentation materials or posters are included in the proceedings. The subject areas span the topics above and were organized into eight tracks: Trust, Design, Malware, Network, Privacy and Metrics, Enterprise, Survivability and Formal Methods.

Sheldon, Frederick T [ORNL; Prowell, Stacy J [ORNL; Krings, Axel [University of Idaho; Abercrombie, Robert K [ORNL

2010-01-01T23:59:59.000Z

190

Modeling and simulation for cyber-physical system security research, development and applications.  

SciTech Connect

This paper describes a new hybrid modeling and simulation architecture developed at Sandia for understanding and developing protections against and mitigations for cyber threats upon control systems. It first outlines the challenges to PCS security that can be addressed using these technologies. The paper then describes Virtual Control System Environments (VCSE) that use this approach and briefly discusses security research that Sandia has performed using VCSE. It closes with recommendations to the control systems security community for applying this valuable technology.

Pollock, Guylaine M.; Atkins, William Dee; Schwartz, Moses Daniel; Chavez, Adrian R.; Urrea, Jorge Mario; Pattengale, Nicholas; McDonald, Michael James; Cassidy, Regis H.; Halbgewachs, Ronald D.; Richardson, Bryan T.; Mulder, John C.

2010-02-01T23:59:59.000Z

191

The Federal Energy Regulatory Commission's Unclassified Cyber Security Program … 2013  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Evaluation Report Evaluation Report The Federal Energy Regulatory Commission's Unclassified Cyber Security Program - 2013 OAS-M-14-01 October 2013 Department of Energy Washington, DC 20585 October 23, 2013 MEMORANDUM FOR THE EXECUTIVE DIRECTOR, FEDERAL ENERGY REGULATORY COMMISSION FROM: Rickey R. Hass Deputy Inspector General for Audits and Inspections Office of Inspector General SUBJECT: INFORMATION: Evaluation Report on "The Federal Energy Regulatory Commission's Unclassified Cyber Security Program - 2013" BACKGROUND The Federal Energy Regulatory Commission (Commission) is an independent agency within the Department of Energy (Department) responsible for, among other things, regulating the interstate

192

Cyber Security Audit and Attack Detection Toolkit: National SCADA Test Bed  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Audit and Attack Detection Toolkit: National SCADA Audit and Attack Detection Toolkit: National SCADA Test Bed May 2008 Cyber Security Audit and Attack Detection Toolkit: National SCADA Test Bed May 2008 This project of the cyber security audit and attack detection toolkit is adding control system intelligence to widely deployed enterprise vulnerability scanners and security event managers While many energy utilities employ vulnerability scanners and security event managers (SEM) on their enterprise systems, these tools often lack the intelligence necessary to be effective in control systems. This two-year project aims to integrate control system intelligence into widely deployed vulnerability scanners and SEM, and to integrate security incident detection intelligence into control system historians. These upgrades will

193

Security aspects of cyber-physical device safety in assistive environments  

Science Conference Proceedings (OSTI)

As more devices that affect their environment come into use, their proper functioning to protect the welfare of their charges is a concern. Examples include assistive transport devices, robotics, drug delivery systems, etc. Here privacy is not the primary ... Keywords: assistive-environments, cyber-physical systems, pervasive computing, safety, security, standards

Steven J. Templeton

2011-05-01T23:59:59.000Z

194

Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

U.S. Department of Energy U.S. Department of Energy Office of Electricity Delivery and Energy Reliability Enhancing control systems security in the energy sector NSTB September 2006 LESSONS LEARNED FROM CYBER SECURITY ASSESSMENTS OF SCADA AND ENERGY MANAGEMENT SYSTEMS Raymond K. Fink David F. Spencer Rita A. Wells NSTB INL/CON-06-11665 iii ABSTRACT Results from ten cyber security vulnerability assessments of process control, SCADA, and energy management systems, or components of those systems, were reviewed to identify common problem areas. The common vulnerabilities identified ranged from conventional IT security issues to specific weaknesses in control system protocols. In each vulnerability category, relative measures were assigned to the severity of the vulnerability and

195

2013 Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop  

SciTech Connect

Today's cyberspace is a powerful, virtual environment enabled by our global digital infrastructure that provides a bright landscape for commerce, science, education, communication, and government. The future of America's prosperity hinges on rebalancing cyberspace to mitigate threats and maximize benefits, ensuring security and privacy in a constantly changing adversarial environment. Recognizing this great need, we requested original paper submissions in four general areas derived from the Federal Cybersecurity R&D program thrusts: Designed-In-Security (DIS) Builds the capability to design, develop, and evolve high-assurance, software-intensive systems predictably and reliably while effectively managing risk, cost, schedule, quality, and complexity. Tailored Trustworthy Spaces (TTS) Provides flexible, adaptive, distributed trust environments that can support functional and policy requirements arising from a wide spectrum of activities in the face of an evolving range of threats--recognizing the user's context and evolves as the context evolves. Moving Target (MT) Enables us to create, analyze, evaluate, and deploy mechanisms and strategies that are diverse and that continually shift and change over time to increase complexity and cost for attackers, limit the exposure of vulnerabilities and opportunities for attack, and increase system resiliency. Cyber Economic Incentives (CEI) Develops effective incentives to make cybersecurity ubiquitous, including incentives affecting individuals and organizations.

Sheldon, Frederick T [ORNL; Giani, Annarita N. [Los Alamos National Laboratory (LANL); Krings, Axel [University of Idaho; Abercrombie, Robert K [ORNL

2013-01-01T23:59:59.000Z

196

2013 Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop  

SciTech Connect

Today's cyberspace is a powerful, virtual environment enabled by our global digital infrastructure that provides a bright landscape for commerce, science, education, communication, and government. The future of America's prosperity hinges on rebalancing cyberspace to mitigate threats and maximize benefits, ensuring security and privacy in a constantly changing adversarial environment. Recognizing this great need, we requested original paper submissions in four general areas derived from the Federal Cybersecurity R&D program thrusts: Designed-In-Security (DIS) Builds the capability to design, develop, and evolve high-assurance, software-intensive systems predictably and reliably while effectively managing risk, cost, schedule, quality, and complexity. Tailored Trustworthy Spaces (TTS) Provides flexible, adaptive, distributed trust environments that can support functional and policy requirements arising from a wide spectrum of activities in the face of an evolving range of threats--recognizing the user's context and evolves as the context evolves. Moving Target (MT) Enables us to create, analyze, evaluate, and deploy mechanisms and strategies that are diverse and that continually shift and change over time to increase complexity and cost for attackers, limit the exposure of vulnerabilities and opportunities for attack, and increase system resiliency. Cyber Economic Incentives (CEI) Develops effective incentives to make cybersecurity ubiquitous, including incentives affecting individuals and organizations.

Sheldon, Frederick T [ORNL; Giani, Annarita N. [Los Alamos National Laboratory (LANL); Krings, Axel [University of Idaho; Abercrombie, Robert K [ORNL

2013-01-01T23:59:59.000Z

197

Improving Cyber-Security of Smart Grid Systems via Anomaly Detection and Linguistic Domain Knowledge  

Science Conference Proceedings (OSTI)

The planned large scale deployment of smart grid network devices will generate a large amount of information exchanged over various types of communication networks. The implementation of these critical systems will require appropriate cyber-security measures. A network anomaly detection solution is considered in this work. In common network architectures multiple communications streams are simultaneously present, making it difficult to build an anomaly detection solution for the entire system. In addition, common anomaly detection algorithms require specification of a sensitivity threshold, which inevitably leads to a tradeoff between false positives and false negatives rates. In order to alleviate these issues, this paper proposes a novel anomaly detection architecture. The designed system applies the previously developed network security cyber-sensor method to individual selected communication streams allowing for learning accurate normal network behavior models. Furthermore, the developed system dynamically adjusts the sensitivity threshold of each anomaly detection algorithm based on domain knowledge about the specific network system. It is proposed to model this domain knowledge using Interval Type-2 Fuzzy Logic rules, which linguistically describe the relationship between various features of the network communication and the possibility of a cyber attack. The proposed method was tested on experimental smart grid system demonstrating enhanced cyber-security.

Ondrej Linda; Todd Vollmer; Milos Manic

2012-08-01T23:59:59.000Z

198

Evaluation Report on "The Department's Unclassified Cyber Security Program"  

SciTech Connect

Industry experts report that security challenges and threats are continually evolving as malicious activity has become more web-based and attackers are able to rapidly adapt their attack methods. In addition, the number of data breaches continues to rise. In an effort to mitigate and address threats and protect valuable information, the Department of Energy anticipated spending about $275 million in Fiscal Year (FY) 2009 to implement cyber security measures necessary to protect its information technology resources. These systems and data are designed to support the Department's mission and business lines of energy security, nuclear security, scientific discovery and innovation, and environmental responsibility. The Federal Information Security Management Act of 2002 (FISMA) provides direction to agencies on the management and oversight of information security risks, including design and implementation of controls to protect Federal information and systems. As required by FISMA, the Office of Inspector General conducts an annual independent evaluation to determine whether the Department's unclassified cyber security program adequately protects its information systems and data. This memorandum and the attached report present the results of our evaluation for FY 2009. The Department continued to make incremental improvements in its unclassified cyber security program. Our evaluation disclosed that most sites had taken action to address weaknesses previously identified in our FY 2008 evaluation report. They improved certification and accreditation of systems; strengthened configuration management of networks and systems; performed independent assessments; and, developed and/or refined certain policies and procedures. In addition, the Department instituted a centralized incident response organization designed to eliminate duplicative efforts throughout the Department. As we have noted in previous reports, the Department continued to maintain strong network perimeter defenses against malicious intruders and other externals threats. These are positive accomplishments. However, in our judgment, additional action is required to further enhance the Department's unclassified cyber security program and help reduce risks to its systems and data. For example, our current review identified opportunities for improvements in areas such as security planning and testing, systems inventory, access controls, and configuration management. In particular, we issued a number of findings at sites managed by the National Nuclear Security Administration (NNSA). We also identified weaknesses across various Department program elements. Issues that warrant further attention include: (1) Weaknesses such as outdated security plans and not completing annual security control self-assessments were identified at several sites; (2) The Department had not yet resolved systems inventory issues and had yet to deploy a complex-wide automated asset management tool to help track information technology resources and identify interfaces between systems or networks; (3) Although certain improvements had been made to enhance access controls, we noted deficiencies such as a lack of periodic account reviews and inadequate password management at a number of sites; and (4) Previously identified weaknesses in configuration management had been corrected, however, we found problems related to weak administrator account settings and failure to install software patches, as well as incomplete implementation of the Federal Desktop Core Configuration. These internal control weaknesses existed, at least in part, because certain cyber security roles and responsibilities were not clearly delineated. Program officials also had not effectively performed monitoring and review activities essential for evaluating the adequacy of cyber security performance. In some cases, officials had not ensured that weaknesses discovered during audits and other evaluations were recorded and tracked to resolution in the organizations' Plans of Action and Milestones. Our testing discl

2009-10-01T23:59:59.000Z

199

Ensuring a Secure and Robust Cyber Infrastructure (+$43.4 ...  

Science Conference Proceedings (OSTI)

... the Federal Information Security Management Act are ... the President's FY 2012 budget calls for ... National Program Office for the National Strategy for ...

2011-02-14T23:59:59.000Z

200

Defining and Computing a Value Based Cyber-Security Measure  

SciTech Connect

In past work, we presented a value based measure of cybersecurity that quantifies the security of a system in concrete terms, specifically, in terms of how much each system stakeholder stands to lose (in dollars per hour of operation) as a result of security threats and system vulnerabilities\\; our metric varies according to the stakes that each stakeholder has in meeting each security requirement. In this paper we discuss the specification and design of a system that collects, updates and maintains all the information that pertains to estimating our cybersecurity measure, and offers stakeholders quantitative means to make security-related decisions.

Aissa, Anis Ben [University of Tunis, Belvedere, Tunisia; Abercrombie, Robert K [ORNL; Sheldon, Frederick T [ORNL; Mili, Ali [New Jersey Insitute of Technology

2011-01-01T23:59:59.000Z

Note: This page contains sample records for the topic "quality security cyber" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


201

Office of Cyber Security Evaluations Appraisal Process Guide...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

IARC Information Assurance Resource Center IG Office of the Inspector General IP Internet Protocol ISSM Integrated Safeguards and Security Management NNSA National Nuclear...

202

NERSC Cyber Security Challenges That Require DOE Development and Support  

E-Print Network (OSTI)

manufacturer, or otherwise, does not necessarily constituteSecurity Challenges That Require DOE Development and Supportimpact on the ability of DOE to accomplish its science

Draney, Brent; Campbell, Scott; Walter, Howard

2008-01-01T23:59:59.000Z

203

Cyber Security Awareness Training in the Age of Mobile ...  

Science Conference Proceedings (OSTI)

... Page 24. Property of Titan Info Security Group, LLC ? Instead of clicking on links in email, go to the site like Facebook, LinkedIn, etc. ...

2013-03-28T23:59:59.000Z

204

Remote Access to the BNL Network, Cyber Security, Information Technology  

NLE Websites -- All DOE Office Websites (Extended Search)

Virtual Private Network (VPN) Virtual Private Network (VPN) at Brookhaven CryptoCard tokens (hard or soft) will not supported after December 31, 2010. Please switch to RSA SecurID tokens as soon as possible. Contact the ITD Helpdesk at x5522 (631-344-5522) or send an email to itdhelp@bnl.gov if you have questions or concerns. The VPN service allows remote users to securely access the Brookhaven internal network through their own personal Internet Service Provider, so that it appears as if their home computer is right on the BNL internal network. Requirements Some form of internet connectivity. Only BNL employees can access this service. You must have a RSA SecurID token. Desktop VPN Client Clientless VPN Obtain a RSA SecurID Token RSA SecurID User Guide Last Modified: September 23, 2013

205

Fact Sheet: Cyber Security Audit and Attack Detection Toolkit  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Audit and Audit and Attack Detection Toolkit Adding control system intelligence to widely deployed enterprise vulnerability scanners and security event managers While many energy utilities employ vulnerability scanners and security event managers (SEM) on their enterprise systems, these tools often lack the intelligence necessary to be effective in control systems. This two-year project aims to integrate control system intelligence into widely deployed vulnerability scanners and SEM, and to integrate security incident detection intelligence into control system historians. These upgrades will be provided at no or a low cost to control system asset owners. The popular Nessus Vulnerability Scanner supports an audit plug-in that gathers configuration information from

206

CyberPhysical System Security for the Electric Power Grid  

E-Print Network (OSTI)

on the vulnerabil- ity of SCADA protocols. Security venues such as DEFCON, Blackhat, and RSA have recently included implementation vulnerabilities that allow attack- ers to execute arbitrary code in specific SCADA protocols

Manimaran, Govindarasu

207

Remote Access to the BNL Network, Cyber Security, Information...  

NLE Websites -- All DOE Office Websites (Extended Search)

Virtual Private Network (VPN) at Brookhaven CryptoCard tokens (hard or soft) will not supported after December 31, 2010. Please switch to RSA SecureID tokens as soon as possible....

208

How to Lock Your Computer, Cyber Security, Information Technology...  

NLE Websites -- All DOE Office Websites (Extended Search)

How to Lock Your Computer One way to increase security on your computer is to use a password-protected screen saver. All Brookhaven computers are now required to run a...

209

Proxy Documentation, Cyber Security, Information Technology Division, ITD  

NLE Websites -- All DOE Office Websites (Extended Search)

Proxy Configuration Proxy Configuration Here you will find instructions for using the FTP and Web proxies. Keep in mind that depending on where you access the proxies from (whether you are inside or outside of the BNL network), the process will differ slightly. For FTP, you will not be required to enter any passwords to use the proxies while on the BNL network. However, when accessing the proxies from an outside network (e.g. anything not .bnl.gov), you will be required to authenticate using a RSA SecurID Token. If you do not already have one of these, please visit the RSA SecurID User Guide for instructions on obtaining one. Users who are only interested in configuring their web browsers need NOT bother with RSA SecurID, as the web proxies will not be needed when you are outside the BNL network.

210

THE FEDERAL ENERGY REGULATORY COMMISSION'S UNCLASSIFIED CYBER...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

THE FEDERAL ENERGY REGULATORY COMMISSION'S UNCLASSIFIED CYBER SECURITY PROGRAM 2002, IG-0569 THE FEDERAL ENERGY REGULATORY COMMISSION'S UNCLASSIFIED CYBER SECURITY PROGRAM 2002,...

211

IEC 61850 and IEC 62351 Cyber Security Acceleration Workshop  

Science Conference Proceedings (OSTI)

The purpose of this workshop was to identify and discuss concerns with the use and adoption of IEC 62351 security standard for IEC 61850 compliant control system products. The industry participants discussed performance, interoperability, adoption, challenges, business cases, and future issues.

Clements, Samuel L.; Edgar, Thomas W.; Manz, David O.

2012-04-01T23:59:59.000Z

212

NERSC Cyber Security Challenges That Require DOE Development and Support  

E-Print Network (OSTI)

) is to accelerate the pace of scientific discovery by providing high performance computing, information, data, and impacts the productivity of the DOE Science community. In particular, NERSC and other high performance computing (HPC) centers have special security challenges that are unlikely to be met unless DOE funds

Geddes, Cameron Guy Robinson

213

Network and System Management for Reliability and Cyber Security  

Science Conference Proceedings (OSTI)

The evolving control of the electric power grid is increasingly dependent on information technology and telecommunication infrastructures, which, like the grid itself, must be managed in a holistic way to ensure reliability and security. The management of this information infrastructure requires connectivity and analytics to support both information technology (IT) and operational technology (OT) assets in a unified manner.This project utilized a telecommunications modeled network ...

2012-11-28T23:59:59.000Z

214

The Federal Energy Regulatory Commission's Unclassified Cyber Security Program - 2012, OAS-L-13-01  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

2 2 OAS-L-13-01 November 2012 Department of Energy Washington, DC 20585 November 7, 2012 MEMORANDUM FOR THE EXECUTIVE DIRECTOR, FEDERAL ENERGY REGULATORY COMMISSION FROM: Daniel M. Weeber Assistant Inspector General for Audits and Administration Office of Inspector General SUBJECT: INFORMATION: Evaluation Report on "The Federal Energy Regulatory Commission's Unclassified Cyber Security Program - 2012" BACKGROUND The Federal Energy Regulatory Commission (Commission) is an independent agency within the Department of Energy responsible for, among other things, regulating interstate transmission of the Nation's electricity, natural gas and oil. In addition, the Commission licenses and inspects private, municipal and state hydroelectric projects. To achieve its mission, the Commission relies

215

The Federal Energy Regulatory Commission's Unclassified Cyber Security Program - 2011, OAS-M-12-01  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

1 1 OAS-M-12-01 November 2011 Department of Energy Washington, DC 20585 November 15, 2011 MEMORANDUM FOR THE CHAIRMAN, FEDERAL ENERGY REGULATORY COMMISSION FROM: Rickey R. Hass Deputy Inspector General for Audits and Inspections Office of Inspector General SUBJECT: INFORMATION: Evaluation Report on "The Federal Energy Regulatory Commission's Unclassified Cyber Security Program - 2011" INTRODUCTION AND OBJECTIVE The Federal Energy Regulatory Commission (Commission) is an independent agency within the Department of Energy responsible for regulating the Nation's oil pipeline, natural gas, hydroelectric and wholesale electric industries. The Commission relies on a wide range of information technology (IT) resources in achieving its mission of assisting consumers in

216

Improving Control System Cyber-State Awareness using Known Secure Sensor Measurements  

SciTech Connect

AbstractThis paper presents design and simulation of a low cost and low false alarm rate method for improved cyber-state awareness of critical control systems - the Known Secure Sensor Measurements (KSSM) method. The KSSM concept relies on physical measurements to detect malicious falsification of the control systems state. The KSSM method can be incrementally integrated with already installed control systems for enhanced resilience. This paper reviews the previously developed theoretical KSSM concept and then describes a simulation of the KSSM system. A simulated control system network is integrated with the KSSM components. The effectiveness of detection of various intrusion scenarios is demonstrated on several control system network topologies.

Ondrej Linda; Milos Manic; Miles McQueen

2012-09-01T23:59:59.000Z

217

Shopping For Danger: E-commerce techniques applied to collaboration in cyber security  

SciTech Connect

Collaboration among cyber security analysts is essential to a successful protection strategy on the Internet today, but it is uncommonly practiced or encouraged in operating environments. Barriers to productive collaboration often include data sensitivity, time and effort to communicate, institutional policy, and protection of domain knowledge. We propose an ambient collaboration framework, Vulcan, designed to remove the barriers of time and effort and mitigate the others. Vulcan automated data collection, collaborative filtering, and asynchronous dissemination, eliminating the effort implied by explicit collaboration among peers. We instrumented two analytic applications and performed a mock analysis session to build a dataset and test the output of the system.

Bruce, Joseph R.; Fink, Glenn A.

2012-05-24T23:59:59.000Z

218

Disable Automatic Login, Cyber Security, Information Technology Division,  

NLE Websites -- All DOE Office Websites (Extended Search)

Disable Automatic Login Disable Automatic Login Automatic Login MUST be disabled... Follow the steps below to verify that auto login is disabled. Verify Security Settings Select Personal Section: Click Make sure the following required boxes are checked. - Require password to wake this computer from sleep or screen saver - Disable automatic login If so, close panel. If not, continue... Note: Mac users should have the panel locked at all times. Click the lock image to lock the panel if its open to prevent further changes. To unlock the above panel, click the lock image to bring up the login box. Insert your username & password, click . You should now be able to make changes to the panel.

219

Guidelines for Smart Grid Cyber Security: Vol. 1, Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements  

E-Print Network (OSTI)

Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nations measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology (IT). ITLs responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in federal computer systems. This National Institute of Standards and Technology Interagency Report (NISTIR) discusses ITLs research, guidance, and outreach efforts in computer security and its collaborative activities with industry, government, and academic organizations. National Institute of Standards and Technology Interagency Report 7628, vol. 1 289 pages (August 2010) Certain commercial entities, equipment, or materials may be identified in this report in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply

The Smart; Grid Interoperability

2010-01-01T23:59:59.000Z

220

DOC Information System Security Conference on Innovating ...  

Science Conference Proceedings (OSTI)

... B. Walsh, Acting Director, Cyber Security Program, Department of Homeland Security. ... R. Clark, Senior Advisor National and Cyber Security, DOC. ...

2013-06-28T23:59:59.000Z

Note: This page contains sample records for the topic "quality security cyber" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


221

NERSC Cyber Security Challenges That Require DOE Development andSupport  

Science Conference Proceedings (OSTI)

Traditional security approaches do not adequately addressall the requirements of open, scientific computing facilities. Many ofthe methods used for more restricted environments, including almost allcorporate/commercial systems, do not meet the needs of today's science.Use of only the available "state of the practice" commercial methods willhave adverse impact on the ability of DOE to accomplish its sciencegoals, and impacts the productivity of the DOE Science community. Inparticular, NERSC and other high performance computing (HPC) centers havespecial security challenges that are unlikely to be met unless DOE fundsdevelopment and support of reliable and effective tools designed to meetthe cyber security needs of High Performance Science. The securitychallenges facing NERSC can be collected into three basic problem sets:network performance and dynamics, application complexity and diversity,and a complex user community that can have transient affiliations withactual institutions. To address these problems, NERSC proposes thefollowing four general solutions: auditing user and system activityacross sites; firewall port configuration in real time;cross-site/virtual organization identity management and access control;and detecting security issues in application middleware. Solutions arealsoproposed for three general long term issues: data volume,application complexity, and information integration.

Draney, Brent; Campbell, Scott; Walter, Howard

2007-01-16T23:59:59.000Z

222

Experiences and Challenges with Using Cert Data to Analyze International Cyber Security  

E-Print Network (OSTI)

With the increasing interconnection of computer networks and sophistication of cyber attacks, it is important to understand the dynamics of such situations, especially in regards to cyber international relations. The ...

Madnick, Stuart

223

Building the Next Generation of Cyber Defenders  

Science Conference Proceedings (OSTI)

Page 1. Building the Next Generation of Cyber Defenders ... 19th Century 20th Century The Cyber Security Problem Space ? Historic Background ...

2013-03-28T23:59:59.000Z

224

NISTIR 7751, Computer Security Division 2010 Annual  

Science Conference Proceedings (OSTI)

... 12 Smart Grid Cyber Security 13 Supply Chain Risk Management 14 ... 10. NISTIR 7628, Guidelines for Smart Grid Cyber Security. ...

2012-03-01T23:59:59.000Z

225

Cyber security of the smart grid: Attack exposure analysis, detection algorithms, and testbed evaluation.  

E-Print Network (OSTI)

??While smart grid technologies are deployed to help achieve improved grid resiliency and efficiency, they also present an increased dependency on cyber resources which may (more)

Hahn, Adam

2013-01-01T23:59:59.000Z

226

The cyber-physical attacker  

Science Conference Proceedings (OSTI)

The world of Cyber-Physical Systems ranges from industrial to national interest applications. Even though these systems are pervading our everyday life, we are still far from fully understanding their security properties. Devising a suitable attacker ... Keywords: attacker model, cyber-physical systems, cyber-physical threats, security protocol verification

Roberto Vigo

2012-09-01T23:59:59.000Z

227

Cyber Security and Information Intelligence Research Workshop (CSIIRW'11) Proceedings  

SciTech Connect

The energy industry is embarking upon an infrastructure transformation that will result in a national power grid that is more intelligent, robust, resilient, and secure. While the final form will not be known for quite some time, clearly a smarter grid will make better use of information. Whether an electric utility is making real-time adjustments in response to changing load conditions, or commercial and private consumers are making better choices, the timely availability of this information will become increasingly critical. Ultimately, the overall efficiency, reliability, and resilience of the grid is inextricably linked to information. Unfortunately, "the electric power sector is second from the bottom of all major U.S. industries in terms of R&D spending as a percentage of revenue, exceeding only pulp and paper [Amin2011]." Moreover, U.S. officials worry that cyber-spies could use their [demonstrated] access to shut down the grid or take control of power plants during a time of crisis or war [CIO09, WSJ09]. Moreover, Massachusetts Institute of Technology (MIT) released the results of a two-year study, The Future of the Electric Grid.

Sheldon, Frederick T [ORNL; Abercrombie, Robert K [ORNL; Krings, Axel [ORNL

2011-01-01T23:59:59.000Z

228

Response to Request for Additional Information regarding Request for Approval of the Cyber Security Plan San Onofre Nuclear Generating Station, Units 2 and 3  

E-Print Network (OSTI)

By letter dated July 22, 2010 (Reference) Southern California Edison submitted a license amendment request for approval of the Cyber Security Plan for San Onofre Nuclear Generating Station (SONGS) in accordance with 10 CFR 73.54. The purpose of this license amendment was to provide an Implementation Schedule, provide a table of SONGS deviations from NEI 08-09 Revision 6, and add a sentence to the existing Facilities Operating Licenses (FOL) license condition for Physical Security to require SCE to fully implement and maintain in effect all provisions of the Commission approved Cyber Security Plan. By e-mail dated March 1, 2011, the NRC requested additional information through three generic questions developed by the NRC staff following discussions with the Nuclear Energy Institute and the industry Cyber Security Task Force. Responses to the NRC request for additional information are provided in the Enclosure to this letter.

Southern Edison; Douglas R. Bauder

2011-01-01T23:59:59.000Z

229

NIST.gov - Computer Security Division - Computer Security ...  

Science Conference Proceedings (OSTI)

... cyber maryLaNd summit. Please NOTE -- Last Updated Wednesday, January 20, 2010. PRESENTATIONS: ... NIST Voting Cyber Security: ...

230

Physical Security Reports | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Oversight Security & Cyber Evaluations Security and Cyber Guidance Physical Security Reports Physical Security Reports 2012 (U) Pantex Plant Protective Force Response...

231

The economic impact of cyber terrorism  

Science Conference Proceedings (OSTI)

What is the economic impact of cyber terrorism? Can organizations achieve strategic advantage in the cyber terrorism game? A general game theoretical model is proposed to study the optimal information systems (ISs) security investment and then applied ... Keywords: Cyber terrorism, Game theory, Information systems security, Security investment

Jian Hua, Sanjay Bapna

2013-06-01T23:59:59.000Z

232

Security | Y-12 National Security Complex  

NLE Websites -- All DOE Office Websites (Extended Search)

Security Security The Y-12 National Security Complex places the highest priority on maintaining and improving its security posture. We employ security police officers, cyber...

233

Cyber Fit Pyramid for the home user. | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Pyramid for the home user. Cyber Fit Pyramid for the home user. Cyber Fit Pyramid for the home user. Developed for Security Awareness materials for the Department Cyber Fit Pyramid...

234

Simulating non-stationary congestion systems using splitting with applications to cyber security  

Science Conference Proceedings (OSTI)

According to the former counterterrorism czar, Richard A. Clarke (2010), our national infrastructure could be severely damaged in 15 minutes by a cyber attack. A worm attack on an Internet Protocol (IP) network is one type of attack that is possible. ...

Martin J. Fischer; Denise M. B. Masi; John F. Shortle; Chun-Hung Chen

2010-12-01T23:59:59.000Z

235

Fast track article: Looking ahead in pervasive computing: Challenges and opportunities in the era of cyber-physical convergence  

Science Conference Proceedings (OSTI)

The physical environment is becoming more and more saturated with computing and communication entities that interact among themselves, as well as with users: virtually everything will be enabled to source information and respond to appropriate stimuli. ... Keywords: Cyber-physical convergence, Cyber-world security, Data storage, Opportunistic networking and computing, Pervasive computing, Quality of Information, Self-*, Social networks, Wearable computing

Marco Conti; Sajal K. Das; Chatschik Bisdikian; Mohan Kumar; Lionel M. Ni; Andrea Passarella; George Roussos; Gerhard Trster; Gene Tsudik; Franco Zambonelli

2012-02-01T23:59:59.000Z

236

Bioinformatics Systems | National Security | ORNL  

NLE Websites -- All DOE Office Websites (Extended Search)

Initiatives Cyber Security Nuclear Forensics Bioinformatics Videos Workshops National Security Home | Science & Discovery | National Security | Initiatives | Bioinformatics SHARE...

237

The Future of Cyber Security: NIST Special Publication 800-53 ...  

Science Conference Proceedings (OSTI)

... PE Physical and Environmental Protection ... Extend the supplemental guidance for security controls ... Industry sectors (eg, nuclear power, transportation ...

2013-06-06T23:59:59.000Z

238

Transmission and Distribution World March 2007: DOE Focuses on Cyber Security  

Energy.gov (U.S. Department of Energy (DOE))

Energy sector owners, operators and system vendors team up to boost control system security with national SCADA test bed.

239

PSERC Webinar Series: Issues in Designing the Future Grid - Cyber...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Cyber-Physical Systems Security for the Smart Grid - February 7, 2012 PSERC Webinar Series: Issues in Designing the Future Grid - Cyber-Physical Systems Security for the Smart Grid...

240

The Departments Unclassified Cyber Security Program-2003, IG-0620  

Energy.gov (U.S. Department of Energy (DOE))

While improvements were made during the last year, we noted that additional work is needed to correct problems with risk-based security management, continuity of operations, configuration...

Note: This page contains sample records for the topic "quality security cyber" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


241

Submission to NIST RFI for Critical Infrastructure Cyber ...  

Science Conference Proceedings (OSTI)

... Page 2 of 3 3. The forces that govern cyber security implementation, innovation and transformation are diffuse and widely distributed. ...

2013-04-10T23:59:59.000Z

242

NISTIR 7628 Volume 3, Guidelines for Smart Grid Cyber ...  

Science Conference Proceedings (OSTI)

Page 1. NISTIR 7628 Guidelines for Smart Grid Cyber Security: Vol. 3, Supportive Analyses and References The Smart ...

2012-03-01T23:59:59.000Z

243

JM to Make Admin Chg to DOE O 205.1B, Department of Energy Cyber Security Program  

Directives, Delegations, and Requirements

Modifications correct changes to the composition of Senior DOE Management organizations, name change from DOE Cyber Incident Response Capability to Joint ...

2012-12-06T23:59:59.000Z

244

Internet voting: structural governance principles for election cyber security in democratic nations  

Science Conference Proceedings (OSTI)

In Europe, the U.S., and Asia, political and market forces seek expanded use of the Internet for voting and election administrative functions. Governmental responses have differed, but commonly governments omit qualified computer security experts from ... Keywords: assurance, cybersecurity, elections, governance, integrity, internet, mitigations, security, threats, transparency, voting

Candice Hoke

2010-12-01T23:59:59.000Z

245

Cyber Security for Power Grids Frank Mueller, Subhashish Bhattacharya, Christopher Zimmer  

E-Print Network (OSTI)

systems. 1 Introduction The power grid in the US is one-century old and aging in terms of infrastructure compromise of power systems can lead to physical outages or even dam- aged power devices. Hence, security and fault resilience of power as a utility must be a prime objective for power grids. Security compromises

Mueller, Frank

246

ABB and Energy Utilities Form Consortium to Fund SCADA/EMS Cyber...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

and Energy Utilities Form Consortium to Fund SCADAEMS Cyber Security Assessment at National SCADA Test Bed ABB and Energy Utilities Form Consortium to Fund SCADAEMS Cyber...

247

Cybersecurity for Cyber-Physical Systems  

Science Conference Proceedings (OSTI)

... The second day will focus on cyber security needs of CPSs in the electric Smart Grid. ... NIST - Smart Grid http://www.nist.gov/smartgrid/. ...

2013-01-11T23:59:59.000Z

248

DOE Issues Energy Sector Cyber Organization NOI  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Issues National Energy Sector Cyber Organization Notice of Intent Issues National Energy Sector Cyber Organization Notice of Intent February 11, 2010 The Department of Energy's (DOE) National Energy Technology Laboratory (NETL) announced on Jan. 7 that it intends to issue a Funding Opportunity Announcement (FOA) for a National Energy Sector Cyber Organization, envisioned as a partnership between the federal government and energy sector stakeholders to protect the bulk power electric grid and aid the integration of smart grid technology to enhance the security of the grid. The cyber organization is expected to have the knowledge, expertise, capabilities, and capacity, at a minimum to: * Identify and prioritize cyber security research and development issues.

249

NIST.gov - Computer Security Division - Computer Security ...  

Science Conference Proceedings (OSTI)

... Digital Age - Information Security Transformation for the ... to Information Systems (Transforming the Certification ... for Smart Grid Cyber Security (NIST ...

250

NIST.gov - Computer Security Division - Computer Security ...  

Science Conference Proceedings (OSTI)

... Automated Information Flows for Situational Awareness; Transformation of Dynamic Security ... Cyber security leadership in the Executive Branch. ...

251

Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research  

Science Conference Proceedings (OSTI)

The energy industry is embarking upon an infrastructure transformation that will result in a national power grid that is more intelligent, robust, resilient, and secure. While the final form will not be known for quite some time, clearly a smarter grid ...

Frederick T. Sheldon; Robert Abercrombie; Axel Krings

2011-10-01T23:59:59.000Z

252

Cautionary tales from real world failures for managing security in the cyber world  

Science Conference Proceedings (OSTI)

Any field of endeavor benefits from a body of knowledge of failures that provide guidance on what to avoid. As a relatively young discipline whose failures can often be handled privately, information security professionals do not have access to the volume ... Keywords: bridges, catastrophic failure, civil engineering, failure, lessons learned

Bill Naber

2010-10-01T23:59:59.000Z

253

Physical Security Evaluations - Reports  

NLE Websites -- All DOE Office Websites (Extended Search)

Summary Report - Independent Oversight Inspection of Safeguards and Security and Cyber Security at the Y-12 Site Office and the Y-12 National Security Complex (U), January...

254

IEEE TRANSACTIONS ON SMART GRID, VOL. 4, NO. 2, JUNE 2013 847 Cyber-Physical Security Testbeds: Architecture,  

E-Print Network (OSTI)

and secure versions of SCADA protocols. Examples of secure versions are Modbus and Inter- Control Center

Manimaran, Govindarasu

255

Why isn't cyberspace more secure?  

Science Conference Proceedings (OSTI)

Evaluating governmental actions---and inactions---toward improving cyber security and addressing future challenges.

Joel F. Brenner

2010-11-01T23:59:59.000Z

256

The Office of Health, Safety and Security  

NLE Websites -- All DOE Office Websites (Extended Search)

Independent Oversight Home Sub Offices Security Evaluations Cyber Security Evaluations Emergency Management Oversight Environment, Safety and Health Evaluations...

257

HAN System Security Requirements  

Science Conference Proceedings (OSTI)

This report, "Home Area Network (HAN) Security Requirements," identifies and discusses the key cyber security requirements for different interfaces of HAN-based systems. These cyber security requirements for HAN interfaces are derived from the Department of Homeland Security (DHS) "Catalog of Control Systems Security," which provides an excellent checklist of general security requirements.

2009-12-22T23:59:59.000Z

258

Self-aware cyber-physical systems and applications in smart buildings and cities  

Science Conference Proceedings (OSTI)

The world is facing several challenges that must be dealt within the coming years such as efficient energy management, need for economic growth, security and quality of life of its habitants. The increasing concentration of the world population into ... Keywords: autonomic computing, cyber-physical systems, self-aware systems, smart city

Levent Gurgen; Ozan Gunalp; Yazid Benazzouz; Mathieu Gallissot

2013-03-01T23:59:59.000Z

259

Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Guide to Critical Infrastructure Protection Cyber Vulnerability Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment This document describes a customized process for cyber vulnerability assessment in compliance with the Critical Infrastructure Protection standards adopted by the North American Electric Reliability Corporation in 2006. This guide covers the planning, execution, and reporting process. Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment More Documents & Publications Wireless System Considerations When Implementing NERC Critical Infrastructure Protection Standards New No-Cost ANTFARM Tool Maps Control System Networks to Help Implement Cyber Security Standards "Cybersecurity for State Regulators" - NARUC Primer (June 2012)

260

Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Guide to Critical Infrastructure Protection Cyber Vulnerability Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment This document describes a customized process for cyber vulnerability assessment in compliance with the Critical Infrastructure Protection standards adopted by the North American Electric Reliability Corporation in 2006. This guide covers the planning, execution, and reporting process. Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment More Documents & Publications Wireless System Considerations When Implementing NERC Critical Infrastructure Protection Standards New No-Cost ANTFARM Tool Maps Control System Networks to Help Implement Cyber Security Standards "Cybersecurity for State Regulators" - NARUC Primer (June

Note: This page contains sample records for the topic "quality security cyber" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


261

Deception used for Cyber Defense of Control Systems  

Science Conference Proceedings (OSTI)

Control system cyber security defense mechanisms may employ deception to make it more difficult for attackers to plan and execute successful attacks. These deceptive defense mechanisms are organized and initially explored according to a specific deception taxonomy and the seven abstract dimensions of security previously proposed as a framework for the cyber security of control systems.

Wayne F. Boyer; Miles A. McQueen

2009-05-01T23:59:59.000Z

262

The NIAC Convergence of Physical and Cyber Technbologies and...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

The NIAC Convergence of Physical and Cyber Technbologies and Related Security Management Challenges Working Group Final Report and Recommendations The NIAC Convergence of Physical...

263

NISTIR 7628 Volume 2, Guidelines for Smart Grid Cyber ...  

Science Conference Proceedings (OSTI)

... Volume 1 Smart Grid Cyber Security Strategy, Architecture, and High-Level ... Appendix F Logical Architecture and Interfaces of the Smart Grid ...

2012-03-01T23:59:59.000Z

264

Cyber Friendly Fire  

Science Conference Proceedings (OSTI)

Cyber friendly fire (FF) is a new concept that has been brought to the attention of Department of Defense (DoD) stakeholders through two workshops that were planned and conducted by the Air Force Research Laboratory (AFRL) and research conducted for AFRL by the Pacific Northwest National Laboratory. With this previous work in mind, we offer a definition of cyber FF as intentional offensive or defensive cyber/electronic actions intended to protect cyber systems against enemy forces or to attack enemy cyber systems, which unintentionally harms the mission effectiveness of friendly or neutral forces. Just as with combat friendly fire, a fundamental need in avoiding cyber FF is to maintain situation awareness (SA). We suggest that cyber SA concerns knowledge of a system's topology (connectedness and relationships of the nodes in a system), and critical knowledge elements such as the characteristics and vulnerabilities of the components that comprise the system (and that populate the nodes), the nature of the activities or work performed, and the available defensive (and offensive) countermeasures that may be applied to thwart network attacks. A training implication is to raise awareness and understanding of these critical knowledge units; an approach to decision aids and/or visualizations is to focus on supporting these critical knowledge units. To study cyber FF, we developed an unclassified security test range comprising a combination of virtual and physical devices that present a closed network for testing, simulation, and evaluation. This network offers services found on a production network without the associated costs of a real production network. Containing enough detail to appear realistic, this virtual and physical environment can be customized to represent different configurations. For our purposes, the test range was configured to appear as an Internet-connected Managed Service Provider (MSP) offering specialized web applications to the general public. The network is essentially divided into a production component that hosts the web and network services, and a user component that hosts thirty employee workstations and other end devices. The organization's network is separated from the Internet by a Cisco ASA network security device that both firewalls and detects intrusions. Business sensitive information is stored in various servers. This includes data comprising thousands of internal documents, such as finance and technical designs, email messages for the organization's employees including the CEO, CFO, and CIO, the organization's source code, and Personally Identifiable client data. Release of any of this information to unauthorized parties would have a significant, detrimental impact on the organization's reputation, which would harm earnings. The valuable information stored in these servers pose obvious points of interest for an adversary. We constructed several scenarios around this environment to support studies in cyber SA and cyber FF that may be run in the test range. We describe mitigation strategies to combat cyber FF including both training concepts and suggestions for decision aids and visualization approaches. Finally, we discuss possible future research directions.

Greitzer, Frank L.; Carroll, Thomas E.; Roberts, Adam D.

2011-09-01T23:59:59.000Z

265

Cyber Innovation Technology Summit | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Cyber Innovation Technology Summit Cyber Innovation Technology Summit Cyber Innovation Technology Summit November 5, 2013 8:00AM EST Course Title: Cyber Innovation Technology Summit Course Start/End Date: November 5, 2013 Start/End Time: 8:00AM-12:00 PM Course Type: Classrooom Course Location: Forrestal Large Auditorium Course Description: Every October and November, the Department of Energy (DOE) joins the Department of Homeland Security (DHS) and other federal, state and local agencies across the country in support of National Cybersecurity Awareness Month and the "Stop. Think. Connect." campaign. This year marks the tenth year of the cyber security awareness campaign. The theme for this year is Achieving Cybersecurity Together: It's Our Shared Responsibility. By consistently following simple

266

Strategic Insights on Security, Quality, Reliability, and Availability  

Science Conference Proceedings (OSTI)

This report provides security criteria and performance metrics for assessing the electric power system. It is part of a larger project on the strategy for managing security, quality, reliability, and availability (SQRA) performance of electric power systems. The main focus of this update is measurement of the security component. It also addresses emerging North American Electric Reliability Council (NERC) operating and planning standards and their roles in managing SQRA performance. This report is intend...

2005-03-31T23:59:59.000Z

267

Cyber Incidents Involving Control Systems  

Science Conference Proceedings (OSTI)

The Analysis Function of the US-CERT Control Systems Security Center (CSSC) at the Idaho National Laboratory (INL) has prepared this report to document cyber security incidents for use by the CSSC. The description and analysis of incidents reported herein support three CSSC tasks: establishing a business case; increasing security awareness and private and corporate participation related to enhanced cyber security of control systems; and providing informational material to support model development and prioritize activities for CSSC. The stated mission of CSSC is to reduce vulnerability of critical infrastructure to cyber attack on control systems. As stated in the Incident Management Tool Requirements (August 2005) ''Vulnerability reduction is promoted by risk analysis that tracks actual risk, emphasizes high risk, determines risk reduction as a function of countermeasures, tracks increase of risk due to external influence, and measures success of the vulnerability reduction program''. Process control and Supervisory Control and Data Acquisition (SCADA) systems, with their reliance on proprietary networks and hardware, have long been considered immune to the network attacks that have wreaked so much havoc on corporate information systems. New research indicates this confidence is misplaced--the move to open standards such as Ethernet, Transmission Control Protocol/Internet Protocol, and Web technologies is allowing hackers to take advantage of the control industry's unawareness. Much of the available information about cyber incidents represents a characterization as opposed to an analysis of events. The lack of good analyses reflects an overall weakness in reporting requirements as well as the fact that to date there have been very few serious cyber attacks on control systems. Most companies prefer not to share cyber attack incident data because of potential financial repercussions. Uniform reporting requirements will do much to make this information available to Department of Homeland Security (DHS) and others who require it. This report summarizes the rise in frequency of cyber attacks, describes the perpetrators, and identifies the means of attack. This type of analysis, when used in conjunction with vulnerability analyses, can be used to support a proactive approach to prevent cyber attacks. CSSC will use this document to evolve a standardized approach to incident reporting and analysis. This document will be updated as needed to record additional event analyses and insights regarding incident reporting. This report represents 120 cyber security incidents documented in a number of sources, including: the British Columbia Institute of Technology (BCIT) Industrial Security Incident Database, the 2003 CSI/FBI Computer Crime and Security Survey, the KEMA, Inc., Database, Lawrence Livermore National Laboratory, the Energy Incident Database, the INL Cyber Incident Database, and other open-source data. The National Memorial Institute for the Prevention of Terrorism (MIPT) database was also interrogated but, interestingly, failed to yield any cyber attack incidents. The results of this evaluation indicate that historical evidence provides insight into control system related incidents or failures; however, that the limited available information provides little support to future risk estimates. The documented case history shows that activity has increased significantly since 1988. The majority of incidents come from the Internet by way of opportunistic viruses, Trojans, and worms, but a surprisingly large number are directed acts of sabotage. A substantial number of confirmed, unconfirmed, and potential events that directly or potentially impact control systems worldwide are also identified. Twelve selected cyber incidents are presented at the end of this report as examples of the documented case studies (see Appendix B).

Robert J. Turk

2005-10-01T23:59:59.000Z

268

The Office of Health, Safety and Security  

NLE Websites -- All DOE Office Websites (Extended Search)

Summary Report - Independent Oversight Inspection of Safeguards and Security and Cyber Security at the Y-12 Site Office and the Y-12 National Security Complex (U), January...

269

National Security & Safety Reports | Department of Energy  

NLE Websites -- All DOE Office Websites (Extended Search)

National Security & Safety Reports National Security & Safety Reports October 29, 2013 Evaluation Report: IG-0897 The Department of Energy's Unclassified Cyber Security Program -...

270

Cyber Infrastructure Group Home Page  

Science Conference Proceedings (OSTI)

Cyber Infrastructure Group. Welcome. The Cyber Infrastructure Group (775.04) addresses the integration and interoperability ...

2012-07-17T23:59:59.000Z

271

Protecting Intelligent Distributed Power Grids Against Cyber Attacks - May  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Protecting Intelligent Distributed Power Grids Against Cyber Protecting Intelligent Distributed Power Grids Against Cyber Attacks - May 2008 Protecting Intelligent Distributed Power Grids Against Cyber Attacks - May 2008 Development of a novel distributed and hierarchical security layer specific to intelligent grid design will help protect intelligent distributed power grids from cyber attacks. Intelligent power grids are interdependent energy management systems-encompassing generation, distribution, IT networks, and control systems-that use automated data analysis and demand response capabilities to increase system functionality, efficiency, and reliability. But increased interconnection and automation over a large geographical area requires a distributed and hierarchical approach to cybersecurity. Protecting Intelligent Distributed Power Grids Again Cyber Attacks.pdf

272

Collaborative Utility Task Force Partners with DOE to Develop Cyber  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Collaborative Utility Task Force Partners with DOE to Develop Cyber Collaborative Utility Task Force Partners with DOE to Develop Cyber Security Requirements for Advanced Metering Infrastructure Collaborative Utility Task Force Partners with DOE to Develop Cyber Security Requirements for Advanced Metering Infrastructure The Advanced Metering Infrastructure Security (AMI-SEC) Task Force announces the release of the AMI System Security Requirements, a first-of-its-kind for the utility industry that will help utilities procure and implement secure components and systems using a common set of security requirements. Collaborative Utility Task Force Partners with DOE to Develop Cyber Security Requirements for Advanced Metering Infrastructure More Documents & Publications AMI System Security Requirements - v1_01-1 Before the Senate Energy and Natural Resources Committee

273

Randomness Quality of CI Chaotic Generators: Applications to Internet Security  

E-Print Network (OSTI)

Due to the rapid development of the Internet in recent years, the need to find new tools to reinforce trust and security through the Internet has became a major concern. The discovery of new pseudo-random number generators with a strong level of security is thus becoming a hot topic, because numerous cryptosystems and data hiding schemes are directly dependent on the quality of these generators. At the conference Internet`09, we have described a generator based on chaotic iterations, which behaves chaotically as defined by Devaney. In this paper, the proposal is to improve the speed and the security of this generator, to make its use more relevant in the Internet security context. To do so, a comparative study between various generators is carried out and statistical results are given. Finally, an application in the information hiding framework is presented, to give an illustrative example of the use of such a generator in the Internet security field.

Bahi, Jacques M; Guyeux, Christophe; Wang, Qianxue

2011-01-01T23:59:59.000Z

274

RFI - Comments on Computer Security Incident Coordination  

Science Conference Proceedings (OSTI)

... 21:49 To: incidentcoordination@nist.gov Subject: Computer Security Incident Coordination (CSIC): Providing Timely Cyber Incident Response ...

2013-08-19T23:59:59.000Z

275

Sandia National Laboratories: National Security Missions: Defense...  

NLE Websites -- All DOE Office Websites (Extended Search)

Cybersecurity Delivering experience & expertise Training the next generation of cyber defenders Cybersecurity computing Defending national security Applying science and engineering...

276

IEEE Communications Magazine August 2012 530163-6804/12/$25.00 2012 IEEE CYBER SECURITY FOR SMART GRID COMMUNICATIONS  

E-Print Network (OSTI)

FOR SMART GRID COMMUNICATIONS Daojing He, Chun Chen, and Jiajun Bu, Zhejiang University Sammy Chan, City University Secure Service Provision in Smart Grid Communications INTRODUCTION An increasing demand grids. As the world's largest engineered system, the smart grid will expand the current capabilities

Zhang, Yan

277

The NIAC Convergence of Physical and Cyber Technbologies and Related  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

The NIAC Convergence of Physical and Cyber Technbologies and The NIAC Convergence of Physical and Cyber Technbologies and Related Security Management Challenges Working Group Final Report and Recommendations The NIAC Convergence of Physical and Cyber Technbologies and Related Security Management Challenges Working Group Final Report and Recommendations The NIAC convened the Physical/Cyber Convergence Working Group (CWG), in October 2005, to investigate the ongoing convergence of physical and cyber technologies for Supervisory Control and Data Acquisition (SCADA) and process control systems and their consolidated network management. The Working Group convened a Study Group of subject matter experts to inform its work. The Working Group report informed the NIAC's deliberations. The NIAC Convergence of Physical and Cyber Technbologies and Related

278

What are we teaching in cyber competitions?  

Science Conference Proceedings (OSTI)

Student competitions are widespread across all academic disciplines, and are often touted as a means to motivate and educate students. Competitions may be internal within a single class or course, or vie school against school as regional, national, or ... Keywords: Educational institutions,Computer security,Robots,Computers,Organizations,Programming,Security Education,Cyber,Competitions

Steven Fulton, Dino Schweitzer, Judson Dressler

2012-10-01T23:59:59.000Z

279

Analysis of operations and cyber security policies for a system of cooperating Flexible Alternating Current Transmission System (FACTS) devices.  

SciTech Connect

Flexible Alternating Current Transmission Systems (FACTS) devices are installed on electric power transmission lines to stabilize and regulate power flow. Power lines protected by FACTS devices can increase power flow and better respond to contingencies. The University of Missouri Rolla (UMR) is currently working on a multi-year project to examine the potential use of multiple FACTS devices distributed over a large power system region in a cooperative arrangement in which the FACTS devices work together to optimize and stabilize the regional power system. The report describes operational and security challenges that need to be addressed to employ FACTS devices in this way and recommends references, processes, technologies, and policies to address these challenges.

Phillips, Laurence R.; Tejani, Bankim; Margulies, Jonathan; Hills, Jason L.; Richardson, Bryan T.; Baca, Micheal J.; Weiland, Laura

2005-12-01T23:59:59.000Z

280

Discovering collaborative cyber attack patterns using social network analysis  

Science Conference Proceedings (OSTI)

This paper investigates collaborative cyber attacks based on social network analysis. An Attack Social Graph (ASG) is defined to represent cyber attacks on the Internet. Features are extracted from ASGs to analyze collaborative patterns. We use principle ... Keywords: collaborative attacks, degree centrality, hierarchical clustering, network security

Haitao Du; Shanchieh Jay Yang

2011-03-01T23:59:59.000Z

Note: This page contains sample records for the topic "quality security cyber" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


281

Theorem-based, data-driven, cyber event detection  

Science Conference Proceedings (OSTI)

Nonlinear dynamics and graph theory may provide a theorem-based path to improve design security and aid detection of anomalous events in cyber applications. Using side-channel information such as power taken from underlying computer components and analyzing ... Keywords: cyber anomaly detection, graph theory, nonlinear dynamics, phasespace analysis, power measurement

Lee M. Hively; J. Todd McDonald

2013-01-01T23:59:59.000Z

282

Time-based intrusion detection in cyber-physical systems  

Science Conference Proceedings (OSTI)

Embedded systems, particularly real-time systems with temporal constraints, are increasingly deployed in every day life. Such systems that interact with the physical world are also referred to as cyber-physical systems (CPS). These systems commonly find ... Keywords: cyber-physical systems, real-time systems, security, timing analysis

Christopher Zimmer; Balasubramanya Bhat; Frank Mueller; Sibin Mohan

2010-04-01T23:59:59.000Z

283

Cyber-Terrorism and Ethical Journalism: A Need for Rationalism  

Science Conference Proceedings (OSTI)

Terrorism has been a constant threat in traditional and contemporary societies. Recently, it has been converged with new media technology and cyberspace, resulting in the modern tactic, cyber-terrorism, which has become most effective in achieving terrorist ... Keywords: Computer Security, Cyber-Terrorism, Decision-Making, Ethics, Game Theory, Journalism, Rationality

Mahmoud Eid

2010-10-01T23:59:59.000Z

284

Understanding cyber threats and vulnerabilities  

Science Conference Proceedings (OSTI)

This chapter reviews current and anticipated cyber-related threats to the Critical Information Infrastructure (CII) and Critical Infrastructures (CI). The potential impact of cyber-terrorism to CII and CI has been coined many times since the term was ... Keywords: actor, critical infrastructure, cyber crime, cyber terrorism, cyber threat, cyber vulnerabilities

Eric Luiijf

2012-01-01T23:59:59.000Z

285

Cyber sleuths face off  

NLE Websites -- All DOE Office Websites (Extended Search)

Cyber sleuths face off Cyber sleuths face off Computer specialists will meet for a grueling week that combines state-of-the-art training with opportunities to team up, solve...

286

Security and Privacy Controls for Federal Information Systems ...  

Science Conference Proceedings (OSTI)

... JOINT TASK FORCE TRANSFORMATION INITIATIVE ... aspects of information security (ie, technical ... physical, personnel, cyber-physical); and 4. Is ...

2013-05-09T23:59:59.000Z

287

Sandia National Laboratories: The Center for Cyber Defenders...  

NLE Websites -- All DOE Office Websites (Extended Search)

with the CCD have created a reputation on college campuses of Sandia as leader in cyber security. Interactions between the diverse group of students in the CCD has cultivated...

288

PSERC Webinar Series: Issues in Designing the Future Grid - Cyber...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Cyber-Physical Systems Security for the Smart Grid - February 7, 2012 PSERC is offering a free, public webinar series from January to May 2012 entitled "Issues in Designing the...

289

NIST.gov - Computer Security Division - Computer Security ...  

Science Conference Proceedings (OSTI)

... its unique and privileged position within the personal computer (PC) architecture. ... focus on cyber security needs of CPSs in the electric Smart Grid. ...

290

Security - Center for Transportation Analysis  

NLE Websites -- All DOE Office Websites (Extended Search)

successfully protect the surface transportation systems in an integrated and accessible cyber-secured environment. Primary Contact: Diane Davidson Focus Areas: integrated...

291

Federal Communications Commission Cyber Security ...  

Science Conference Proceedings (OSTI)

... Chief Information Officer for 25 Years ... the United Nations Under Secretary General and CIO ... after he hacked into a federal investigation database. ...

2011-11-15T23:59:59.000Z

292

Cyber security in power systems .  

E-Print Network (OSTI)

??Many automation and power control systems are integrated into the 'Smart Grid' concept for efficiently managing and delivering electric power. This integrated approach created several (more)

Sridharan, Venkatraman

2012-01-01T23:59:59.000Z

293

Chinese Attack Tools: Chinese cyber-attack tools continue to evolve  

Science Conference Proceedings (OSTI)

Cyber-attacks from China are on the rise. In September 2008, SecureWorks, a leading security services provider, published a report citing the locations of the computers from which the greatest number of cyber attacks were attempted against its clients. ...

Dennis Dwyer

2009-04-01T23:59:59.000Z

294

Safeguards and Security and Cyber Security RM  

Energy.gov (U.S. Department of Energy (DOE))

The SSCS RM is a tool that assists the DOE federal project review teams in evaluating the technical sufficiency of the project SSCS activities at CD-0 through CD-4.

295

Cyber Security: Innovative Technologies for National Security  

Science Conference Proceedings (OSTI)

... infrastructurestransportation, financial, power grids, military ... is inherently an open network, these systems ... dollars in direct losses, downtime, stolen ...

2010-10-05T23:59:59.000Z

296

Los Alamos director echoes cyber concerns  

NLE Websites -- All DOE Office Websites (Extended Search)

Los Alamos director echoes cyber concerns Los Alamos director echoes cyber concerns Los Alamos director echoes cyber concerns Director Charlie McMillan told a gathering of energy executives that securing the electrical grid is a major concern now and it's only becoming more serious. May 21, 2013 Los Alamos National Laboratory Director Charlie McMillan (right), with, from left, Anthony Cugini of the National Energy Technology Laboratory, Thom Mason of Oak Ridge National Laboratory, and Tomas Diaz de la Rubia of Deloitte Consulting LLP. Los Alamos National Laboratory Director Charlie McMillan (right), with, from left, Anthony Cugini of the National Energy Technology Laboratory, Thom Mason of Oak Ridge National Laboratory, and Tomas Diaz de la Rubia of Deloitte Consulting LLP. Contact Fred deSousa

297

Security  

Science Conference Proceedings (OSTI)

... Security. Organizations need standards, guidelines, and ... to support health IT implementations. HIPAA Security Rule Toolkit. ...

2011-12-05T23:59:59.000Z

298

Fact Sheet: Protecting Intelligent Distributed Power Grids Against Cyber Attacks  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Protecting Intelligent Distributed Protecting Intelligent Distributed Power Grids Against Cyber Attacks Development of a novel distributed and hierarchical security layer specific to intelligent grid design Intelligent power grids are interdependent energy management systems- encompassing generation, distribution, IT networks, and control systems-that use automated data analysis and demand response capabilities to increase system functionality, efficiency, and reliability. But increased interconnection and automation over a large geographical area requires a distributed and hierarchical approach to cyber security. This two-year project will develop three security components unique to intelligent power grids. The first is an automated

299

The Cyber Threat to National Critical Infrastructures: Beyond Theory  

Science Conference Proceedings (OSTI)

Adversary threats to critical infrastructures have always existed during times of conflict, but threat scenarios now include peacetime attacks from anonymous computer hackers. Current events, including examples from Israel and Estonia, prove that a certain ... Keywords: Estonia, business continuity and disaster recover planning, critical, cyber, infrastructure, security architecture and design, telecommunications and network security threat

Kenneth Geers

2009-01-01T23:59:59.000Z

300

IT issues on homeland security and defense  

Science Conference Proceedings (OSTI)

This paper surveys remarkable incidents that were related to the Homeland Security and Defense such as terrors, disasters and cyber-attacks and overviews the existing projects given by the department of Homeland Security and Defense of the US government. ... Keywords: and cyber threats, emergency readiness, homeland defense, homeland security, terror and disaster control

Kangbin Yim; Ilsun You

2011-08-01T23:59:59.000Z

Note: This page contains sample records for the topic "quality security cyber" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


301

National Security & Safety Reports | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

October 16, 2009 Audit Evaluation Report: IG-0828 The Department's Unclassified Cyber Security Program - 2009 September 11, 2009 Inspection Report: IG-0821 Fire Suppression and...

302

RFI - Comments on Computer Security Incident Coordination  

Science Conference Proceedings (OSTI)

For the purposes of this response, we categorise the cyber security maturity of organisations into these three categories with these attributes: ...

2013-08-19T23:59:59.000Z

303

FISSEA - Federal Information Systems Security Educators' ...  

Science Conference Proceedings (OSTI)

... to two CISOs at the US Department of Energy. ... Prior to EES, Al worked for Keane Federal Systems, Inc ... the FBI on all matters of cyber security policy. ...

304

Information Security and Privacy Advisory Board (ISPAB) ...  

Science Conference Proceedings (OSTI)

... simulated testing set up in fifteen government facilities. ... It is essential to understand the relationship ... to present his paper on Cyber Security Doctrine. ...

2011-07-20T23:59:59.000Z

305

Cyber in the Cloud -- Lessons Learned from INL's Cloud E-Mail Acquisition  

Science Conference Proceedings (OSTI)

As we look at the cyber security ecosystem, are we planning to fight the battle as we did yesterday, with firewalls and intrusion detection systems (IDS), or are we sensing a change in how security is evolving and planning accordingly? With the technology enablement and possible financial benefits of cloud computing, the traditional tools for establishing and maintaining our cyber security ecosystems are being dramatically altered.

Troy Hiltbrand; Daniel Jones

2012-12-01T23:59:59.000Z

306

Guide to Critical Infrastructure Protection Cyber Vulnerability...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Critical Infrastructure Protection Cyber Vulnerability Assessment Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment This document describes a customized...

307

Wayne Meitzler PNNL Component Security R&D Program Manager  

E-Print Network (OSTI)

Wayne Meitzler PNNL Component Security R&D Program Manager Wayne Meitzler, as Pacific Northwest National Laboratory (PNNL) Component Security R&D Program Manager, has over 15 years of cyber security R systems. In the 90s, Wayne was one of the early cyber security R&D leaders at PNNL, and his research

Perkins, Richard A.

308

July 2013 Cyber Incident  

Energy.gov (U.S. Department of Energy (DOE))

The Department of Energy (DOE) has confirmed a recent cyberincident that occurred at the end of July and resulted in the unauthorized disclosure of federal employee Personally Identifiable...

309

January 2013 Cyber Incident  

Energy.gov (U.S. Department of Energy (DOE))

The Department of Energy (DOE) has confirmed a recent cyberincident that occurred in mid-January 2013 which targeted the Headquarters'network and resulted in the unauthorized disclosure of...

310

Organized Cyber Defense Competitions  

Science Conference Proceedings (OSTI)

The Cyber Defense Exercise (CDX), an annual competition between students at the five U.S. Service Academies has developed into an extraordinary educational experience for the participants. During the exercise students will design and implement a realistic ...

Ronald C. Dodge JR; Daniel J. Ragsdale

2004-08-01T23:59:59.000Z

311

July 2013 Cyber Incident  

Energy.gov (U.S. Department of Energy (DOE))

The Department of Energy (DOE) has confirmed a cyber incident that occurred at the end of July and resulted in the unauthorized disclosure of federal employee Personally Identifiable Information ...

312

Innovating to Meet the Evolving Cyber Challenge | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Innovating to Meet the Evolving Cyber Challenge Innovating to Meet the Evolving Cyber Challenge Innovating to Meet the Evolving Cyber Challenge September 19, 2013 - 12:02pm Addthis Innovating to Meet the Evolving Cyber Challenge Patricia A. Hoffman Patricia A. Hoffman Assistant Secretary, Office of Electricity Delivery & Energy Reliability What are the key facts? Protecting critical energy infrastructure -- which makes reliable electricity transmission and robust national security possible -- is a top priority for the Energy Department. This week, the Energy Department announced more than $30 million in awards to cutting-edge energy sector stakeholders in seven states across the country. This funding will drive the development of new technologies that will help utilities and the oil and gas sectors further strengthen

313

Innovating to Meet the Evolving Cyber Challenge | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Innovating to Meet the Evolving Cyber Challenge Innovating to Meet the Evolving Cyber Challenge Innovating to Meet the Evolving Cyber Challenge September 19, 2013 - 12:02pm Addthis Innovating to Meet the Evolving Cyber Challenge Patricia A. Hoffman Patricia A. Hoffman Assistant Secretary, Office of Electricity Delivery & Energy Reliability What are the key facts? Protecting critical energy infrastructure -- which makes reliable electricity transmission and robust national security possible -- is a top priority for the Energy Department. This week, the Energy Department announced more than $30 million in awards to cutting-edge energy sector stakeholders in seven states across the country. This funding will drive the development of new technologies that will help utilities and the oil and gas sectors further strengthen

314

QoS2: a framework for integrating quality of security with quality of service  

Science Conference Proceedings (OSTI)

Different security measures have emerged to encounter various Internet security threats, ensuring a certain level of protection against them. However, this does not come without a price. Indeed, there is a general agreement that high security measures ...

Tarik Taleb; Yassine Hadjadj-Aoul

2012-12-01T23:59:59.000Z

315

Microgrids and Heterogeneous Security, Quality, Reliability, and Availability  

E-Print Network (OSTI)

quality, reliability, and availability, IEEE Power & EnergyReliability, and Availability Chris Marnay EnvironmentalQuality, Reliability, and Availability C. Marnay Ernest

Marnay, Chris

2007-01-01T23:59:59.000Z

316

PSERC Webinar Series: Issues in Designing the Future Grid - Cyber-Physical  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Cyber-Physical Systems Security for the Smart Grid - February 7, 2012 Cyber-Physical Systems Security for the Smart Grid - February 7, 2012 PSERC Webinar Series: Issues in Designing the Future Grid - Cyber-Physical Systems Security for the Smart Grid - February 7, 2012 PSERC is offering a free, public webinar series from January to May 2012 entitled "Issues in Designing the Future Grid," focusing on the information hierarchy for the future grid and grid enablers of sustainable energy systems. The second webinar, Cyber-Physical Systems Security for the Smart Grid, will be held on Fecruary 7, 2012 by Manimaran Govindarasu, Professor if Electrical and Computer Engineering at Iowa State University. Govindarasu_PSERC_Webinar_Feb_2012.pdf More Documents & Publications April 2012 PSERC Webinars on Issues in Designing the Future Grid

317

Cyber Security Recommendations for Digital I&C Systems Within Power Generation Facilities Unregulated by North American Electric Rel iability Corporation Critical Infrastructure Protection  

Science Conference Proceedings (OSTI)

Fossil generating facilities represent a significant investment, as well as a primary source of revenue, for many electric utilities. The digital instrumentation and control (I&C) systems of these generation facilities are essential to their successful operations. As such, the security of digital I&C systems is fundamental to ensure continued, reliable production. It is therefore prudent to employ appropriate ...

2012-12-12T23:59:59.000Z

318

Assessing Power Substation Network Security and Survivability  

E-Print Network (OSTI)

This paper reports our experiences with identifying cyber-based threats to the survivability of power substation control networks. Observations from the initial application of vulnerability and hardening assessment techniques have been presented. The paper also discusses the state of the power industry cyber security, which appears to lag behind the state-ofthe-practice in both network security and ultrareliable systems design.

Carol Taylor; Paul Oman; Axel Krings

2003-01-01T23:59:59.000Z

319

Protecting the Nation's Electric Grid from Cyber Threats | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Protecting the Nation's Electric Grid from Cyber Threats Protecting the Nation's Electric Grid from Cyber Threats Protecting the Nation's Electric Grid from Cyber Threats January 11, 2012 - 11:28am Addthis A smarter, modernized, and more secure grid will be pivotal to the United States’ world leadership in a clean energy future. | Photo courtesy of National Renewable Energy Laboratory. A smarter, modernized, and more secure grid will be pivotal to the United States' world leadership in a clean energy future. | Photo courtesy of National Renewable Energy Laboratory. Howard A. Schmidt White House Cybersecurity Coordinator Secretary Steven Chu: "Establishing a comprehensive cybersecurity approach will give utility companies and grid operators another important tool to improve the grid's ability to respond to cybersecurity risks."

320

Microsoft Word - OE Cyber Release 10 18 07.doc  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Megan Barnett, (202) 586-4940 Thursday, October 18, 2007 Megan Barnett, (202) 586-4940 Thursday, October 18, 2007 DOE to Provide Nearly $8 Million to Safeguard the Nation's Energy Infrastructure from Cyber Attacks WASHINGTON, DC - U.S. Department of Energy (DOE) Assistant Secretary for Electricity Delivery and Energy Reliability Kevin M. Kolevar today announced five projects that have been selected for negotiation of awards of up to $7.9 million in DOE funding to develop and integrate technologically- advanced controls and cyber-security devices into our electric grid and energy infrastructure. These projects aim to protect our Nation's energy infrastructure from cyber attacks and seek to modernize our electricity grid, advancing the President's efforts to increase energy and economic security. These projects will

Note: This page contains sample records for the topic "quality security cyber" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


321

Cyber threat metrics.  

SciTech Connect

Threats are generally much easier to list than to describe, and much easier to describe than to measure. As a result, many organizations list threats. Fewer describe them in useful terms, and still fewer measure them in meaningful ways. This is particularly true in the dynamic and nebulous domain of cyber threats - a domain that tends to resist easy measurement and, in some cases, appears to defy any measurement. We believe the problem is tractable. In this report we describe threat metrics and models for characterizing threats consistently and unambiguously. The purpose of this report is to support the Operational Threat Assessment (OTA) phase of risk and vulnerability assessment. To this end, we focus on the task of characterizing cyber threats using consistent threat metrics and models. In particular, we address threat metrics and models for describing malicious cyber threats to US FCEB agencies and systems.

Frye, Jason Neal; Veitch, Cynthia K.; Mateski, Mark Elliot; Michalski, John T.; Harris, James Mark; Trevino, Cassandra M.; Maruoka, Scott

2012-03-01T23:59:59.000Z

322

Security is Not an Option | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Security is Not an Option Security is Not an Option A 10-year roadmap for achieving control system cyber security in the energy industry has been hailed as a model for other...

323

NIST, DOD, Intelligence Agencies Join Forces to Secure US ...  

Science Conference Proceedings (OSTI)

... The updated security controlsmany addressing advanced ... from databases of known cyber attacks and ... SP 800-37, which will transform the current ...

2011-03-24T23:59:59.000Z

324

NIST Seeks Comments on Security Control Catalog for ...  

Science Conference Proceedings (OSTI)

... also one of the five foundational publications included in the Joint Task Force Transformation Initiativea federal cyber security partnership made ...

2011-03-02T23:59:59.000Z

325

The Internet Security Alliance Response to the National ...  

Science Conference Proceedings (OSTI)

... provides authority for even further cyber security regulation since this ... is not problematic for an incentive model because incentives too can ...

2013-04-11T23:59:59.000Z

326

Introduction SCADA Security for Managers and Operators | Department...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

To establish a National capability to support industry and government in addressing control system cyber security and vulnerabilities in the energy sector Introduction SCADA...

327

Final Version of Industrial Control Systems Security Guide ...  

Science Conference Proceedings (OSTI)

... Stouffer recommends using the new guide along with Guidelines for Smart Grid Cyber Security (NISTIR 7628), which NIST issued last September ...

2011-06-21T23:59:59.000Z

328

PACIFIC NORTHWEST CYBER SUMMIT  

SciTech Connect

On March 26, 2013, the Snohomish County Public Utility District (PUD) and the U.S. Department of Energys (DOEs) Pacific Northwest National Laboratory (PNNL) jointly hosted the Pacific Northwest Cyber Summit with the DOEs Office of Electricity Delivery and Energy Reliability, the White House, Washington State congressional delegation, Washington State National Guard, and regional energy companies.

Lesperance, Ann M.; Matlock, Gordon W.; Becker-Dippmann, Angela S.; Smith, Karen S.

2013-08-07T23:59:59.000Z

329

IEEE TRANSACTIONS ON SMART GRID, VOL. 2, NO. 4, DECEMBER 2011 835 Cyber Attack Exposure Evaluation Framework for  

E-Print Network (OSTI)

IEEE TRANSACTIONS ON SMART GRID, VOL. 2, NO. 4, DECEMBER 2011 835 Cyber Attack Exposure Evaluation Framework for the Smart Grid Adam Hahn, Student Member, IEEE, and Manimaran Govindarasu, Senior Member, IEEE Abstract--The smart grid's heavy reliance on cyber resources introduces numerous security concerns

Manimaran, Govindarasu

330

Microgrids and Heterogeneous Security, Quality, Reliability, and Availability  

E-Print Network (OSTI)

Abstract--This paper describes two stylized alternative visions in popular currency of how the power system might evolve to meet future requirements for the high quality electricity service that modern digital economies demand, a supergrids paradigm and a dispersed paradigm. Some of the economics of the dispersed vision are explored. Economic perspectives are presented on both the choice of homogeneous universal power quality upstream in the electricity supply, and also on the extremely heterogeneous requirements of end-use loads. Finally, the potential role of microgrids in delivering heterogeneous power quality is demonstrated by reference to two ongoing microgrid tests in the U.S. and Japan. Index Terms--cogeneration, dispersed storage and generation, power quality, power system economics I.

C. Marnay

2007-01-01T23:59:59.000Z

331

Protecting Intelligent Distributed Power Grids Against Cyber...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Protecting Intelligent Distributed Power Grids Against Cyber Attacks - May 2008 Protecting Intelligent Distributed Power Grids Against Cyber Attacks - May 2008 Development of a...

332

DOE Issues Energy Sector Cyber Organization NOI, Feb 2010 | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Issues Energy Sector Cyber Organization NOI, Feb 2010 Issues Energy Sector Cyber Organization NOI, Feb 2010 DOE Issues Energy Sector Cyber Organization NOI, Feb 2010 The Department of Energy's (DOE) National Energy Technology Laboratory (NETL) announced on Jan. 7 that it intends to issue a Funding Opportunity Announcement (FOA) for a National Energy Sector Cyber Organization, envisioned as a partnership between the federal government and energy sector stakeholders to protect the bulk power electric grid and aid the integration of smart grid technology to enhance the security of the grid. DOE Issues Energy Sector Cyber Organization NOI More Documents & Publications FAQ: Funding Opportunity Announcement-Smart Grid Investment Grants Grantsdown.xls Before the House Science and Technology Subcommittee on Energy and

333

Microgrids and Heterogeneous Security, Quality, Reliability, andAvailability  

Science Conference Proceedings (OSTI)

This paper describes two stylized alternative visions inpopular currencyof how the power system might evolve to meet futurerequirements for the high quality electricity service that modern digitaleconomies demand, a supergrids paradigm and a dispersed paradigm. Some ofthe economics of the dispersed vision are explored. Economic perspectivesare presented on both the choice of homogeneous universal power qualityupstream in the electricity supply, and also on the extremelyheterogeneous require-ments of end-use loads. Finally, the potential roleof microgrids in delivering heterogeneous power quality is demonstratedby reference to two ongoing microgrid tests in the U.S. andJapan.

Marnay, Chris

2007-01-31T23:59:59.000Z

334

North American Electricity Infrastructure: System Security, Quality, Reliability, Availability, and Efficiency  

E-Print Network (OSTI)

1 North American Electricity Infrastructure: System Security, Quality, Reliability, Availability for reliable and disturbance-free electricity. The massive power outages in the United States, Canada, UK and Italy in 2003 underscored electricity infrastructure's vulnerabilities [1-11]. This vital yet complex

Amin, S. Massoud

335

Underground Test Area Quality Assurance Project Plan Nevada National Security Site, Nevada, Revision 0  

SciTech Connect

This Quality Assurance Project Plan (QAPP) provides the overall quality assurance (QA) program requirements and general quality practices to be applied to the U.S. Department of Energy (DOE), National Nuclear Security Administration Nevada Site Office (NNSA/NSO) Underground Test Area (UGTA) Sub-Project (hereafter the Sub-Project) activities. The requirements in this QAPP are consistent with DOE Order 414.1C, Quality Assurance (DOE, 2005); U.S. Environmental Protection Agency (EPA) Guidance for Quality Assurance Project Plans for Modeling (EPA, 2002); and EPA Guidance on the Development, Evaluation, and Application of Environmental Models (EPA, 2009). The QAPP Revision 0 supersedes DOE--341, Underground Test Area Quality Assurance Project Plan, Nevada Test Site, Nevada, Revision 4.

Irene Farnham

2011-05-01T23:59:59.000Z

336

Protecting users of the cyber commons  

Science Conference Proceedings (OSTI)

Establish a global cyber "neighborhood watch" enabling users to take defensive action to protect their operations.

Stephen J. Lukasik

2011-09-01T23:59:59.000Z

337

Methodology for prioritizing cyber-vulnerable critical infrastructure equipment and mitigation strategies.  

Science Conference Proceedings (OSTI)

The Department of Homeland Security (DHS), National Cyber Security Division (NSCD), Control Systems Security Program (CSSP), contracted Sandia National Laboratories to develop a generic methodology for prioritizing cyber-vulnerable, critical infrastructure assets and the development of mitigation strategies for their loss or compromise. The initial project has been divided into three discrete deliverables: (1) A generic methodology report suitable to all Critical Infrastructure and Key Resource (CIKR) Sectors (this report); (2) a sector-specific report for Electrical Power Distribution; and (3) a sector-specific report for the water sector, including generation, water treatment, and wastewater systems. Specific reports for the water and electric sectors are available from Sandia National Laboratories.

Dawson, Lon Andrew; Stinebaugh, Jennifer A.

2010-04-01T23:59:59.000Z

338

Argonne Team Challenges Physical Security  

NLE Websites -- All DOE Office Websites (Extended Search)

Engineering & Systems Analysis Engineering & Systems Analysis Success Stories For further information, contact Roger Johnston, rogerj@anl.gov "Real security is thinking like the bad guys," maintains Roger Johnston, head of Argonne's VAT. Argonne Team Challenges Physical Security Physical security-the art of protecting tangible assets-is the counterpart to cyber security. Physical security can take the form of locks, tamper-indicating seals, guards who stand watch

339

Quantifying security threats and their impact  

Science Conference Proceedings (OSTI)

In earlier works, we present a computational infrastructure that allows an analyst to estimate the security of a system in terms of the loss that each stakeholder stands to sustain as a result of security breakdowns. In this paper, we illustrate this ... Keywords: cyber security metrics, information security, risk management

Anis Ben Aissa; Robert K. Abercrombie; Frederick T. Sheldon; Ali Mili

2009-04-01T23:59:59.000Z

340

Advanced Metering Infrastructure (AMI) System Security Requirements  

Science Conference Proceedings (OSTI)

This report identifies key cyber security requirements and suggests basic security approaches for safeguarding the many interfaces of Advanced Metering Infrastructure (AMI) systems. These requirements, which were developed through a clearly defined security assessment procedure, are generic; but they can be used to develop more specific security requirements based on actual configurations and environments.

2009-12-21T23:59:59.000Z

Note: This page contains sample records for the topic "quality security cyber" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


341

Cyber and physical infrastructure interdependencies.  

Science Conference Proceedings (OSTI)

The goal of the work discussed in this document is to understand the risk to the nation of cyber attacks on critical infrastructures. The large body of research results on cyber attacks against physical infrastructure vulnerabilities has not resulted in clear understanding of the cascading effects a cyber-caused disruption can have on critical national infrastructures and the ability of these affected infrastructures to deliver services. This document discusses current research and methodologies aimed at assessing the translation of a cyber-based effect into a physical disruption of infrastructure and thence into quantification of the economic consequences of the resultant disruption and damage. The document discusses the deficiencies of the existing methods in correlating cyber attacks with physical consequences. The document then outlines a research plan to correct those deficiencies. When completed, the research plan will result in a fully supported methodology to quantify the economic consequences of events that begin with cyber effects, cascade into other physical infrastructure impacts, and result in degradation of the critical infrastructure's ability to deliver services and products. This methodology enables quantification of the risks to national critical infrastructure of cyber threats. The work addresses the electric power sector as an example of how the methodology can be applied.

Phillips, Laurence R.; Kelic, Andjelka; Warren, Drake E.

2008-09-01T23:59:59.000Z

342

Recommended Practice: Creating Cyber Forensics Plans for Control Systems  

SciTech Connect

Cyber forensics has been in the popular mainstream for some time, and has matured into an information-technology capability that is very common among modern information security programs. The goal of cyber forensics is to support the elements of troubleshooting, monitoring, recovery, and the protection of sensitive data. Moreover, in the event of a crime being committed, cyber forensics is also the approach to collecting, analyzing, and archiving data as evidence in a court of law. Although scalable to many information technology domains, especially modern corporate architectures, cyber forensics can be challenging when being applied to non-traditional environments, which are not comprised of current information technologies or are designed with technologies that do not provide adequate data storage or audit capabilities. In addition, further complexity is introduced if the environments are designed using proprietary solutions and protocols, thus limiting the ease of which modern forensic methods can be utilized. The legacy nature and somewhat diverse or disparate component aspects of control systems environments can often prohibit the smooth translation of modern forensics analysis into the control systems domain. Compounded by a wide variety of proprietary technologies and protocols, as well as critical system technologies with no capability to store significant amounts of event information, the task of creating a ubiquitous and unified strategy for technical cyber forensics on a control systems device or computing resource is far from trivial. To date, no direction regarding cyber forensics as it relates to control systems has been produced other than what might be privately available from commercial vendors. Current materials have been designed to support event recreation (event-based), and although important, these requirements do not always satisfy the needs associated with incident response or forensics that are driven by cyber incidents. To address these issues and to accommodate for the diversity in both system and architecture types, a framework based in recommended practices to address forensics in the control systems domain is required. This framework must be fully flexible to allow for deployment into any control systems environment regardless of technologies used. Moreover, the framework and practices must provide for direction on the integration of modern network security technologies with traditionally closed systems, the result being a true defense-in-depth strategy for control systems architectures. This document takes the traditional concepts of cyber forensics and forensics engineering and provides direction regarding augmentation for control systems operational environments. The goal is to provide guidance to the reader with specifics relating to the complexity of cyber forensics for control systems, guidance to allow organizations to create a self-sustaining cyber forensics program, and guidance to support the maintenance and evolution of such programs. As the current control systems cyber security community of interest is without any specific direction on how to proceed with forensics in control systems environments, this information product is intended to be a first step.

Eric Cornelius; Mark Fabro

2008-08-01T23:59:59.000Z

343

Human dimensions in cyber operations research and development priorities.  

SciTech Connect

Within cyber security, the human element represents one of the greatest untapped opportunities for increasing the effectiveness of network defenses. However, there has been little research to understand the human dimension in cyber operations. To better understand the needs and priorities for research and development to address these issues, a workshop was conducted August 28-29, 2012 in Washington DC. A synthesis was developed that captured the key issues and associated research questions. Research and development needs were identified that fell into three parallel paths: (1) human factors analysis and scientific studies to establish foundational knowledge concerning factors underlying the performance of cyber defenders; (2) development of models that capture key processes that mediate interactions between defenders, users, adversaries and the public; and (3) development of a multi-purpose test environment for conducting controlled experiments that enables systems and human performance measurement. These research and development investments would transform cyber operations from an art to a science, enabling systems solutions to be engineered to address a range of situations. Organizations would be able to move beyond the current state where key decisions (e.g. personnel assignment) are made on a largely ad hoc basis to a state in which there exist institutionalized processes for assuring the right people are doing the right jobs in the right way. These developments lay the groundwork for emergence of a professional class of cyber defenders with defined roles and career progressions, with higher levels of personnel commitment and retention. Finally, the operational impact would be evident in improved performance, accompanied by a shift to a more proactive response in which defenders have the capacity to exert greater control over the cyber battlespace.

Forsythe, James Chris; Silva, Austin Ray; Stevens-Adams, Susan Marie; Bradshaw, Jeffrey [Institute for Human and Machine Cognition] Institute for Human and Machine Cognition

2012-11-01T23:59:59.000Z

344

NSS Labs - NIST: Cyber Security Framework RFI  

Science Conference Proceedings (OSTI)

... All rights reserved. 8 Page 9. ... upon other critical physical and information infrastructures, including telecommunications, energy, financial services ...

2013-04-10T23:59:59.000Z

345

Cyber Security Technologies Call for Commercialization Plans  

Technology commercialization strategy (e.g., in-house manufacturing, partnering with industry leaders, sublicensing, etc.); Business and marketing plan;

346

Bellingham, Washington, Control System Cyber Security Case ...  

Science Conference Proceedings (OSTI)

... of software used on the Olympic system was shipped to Houston to allow the ... site, the maximum bandwidth of the communication channel and the ...

2007-10-24T23:59:59.000Z

347

On Cyber Security for Networked Control Systems  

E-Print Network (OSTI)

ORNL, Pirelli, Qualcomm, Sun, Symantec, TCS, Telecom Italia, and United Technologies. In addition, financial

Amin, Saurabh

2011-01-01T23:59:59.000Z

348

MODELING SECURITY IN CYBER-PHYSICAL SYSTEMS  

E-Print Network (OSTI)

network at the Davis-Besse nuclear power plant in Oak Harbor, Ohio, was infected [39]. There have been-physical systems, threat models, protocols for treaty verification. 1. Introduction The rapid growth of information) sys- tems that monitor power, gas/oil transportation, water and waste-water distribution. Such systems

Burmester, Mike

349

Cyber Security and You National Perspective  

E-Print Network (OSTI)

to reflect the Department's transformation operational goals. The 2001 Quadrennial Defense Review Report created by these challenges." The 2001 Quadrennial Defense Review Report lists the six critical operational picture. 1 2001 Quadrennial Defense Review Report, September 30, 2001, pg. 30; www

Sorin, Eric J.

350

On Cyber Security for Networked Control Systems  

E-Print Network (OSTI)

on control systems . . . . . . . . . . . . . . . . 7.2control system. . . . . . . . . . . . . . . . . . . . . . . . . .8 Stabilization of Networked Control Systems using 8.1

Amin, Saurabh

2011-01-01T23:59:59.000Z

351

US Fedeal Cyber Security Research Program  

Science Conference Proceedings (OSTI)

... Automation Protocol (SCAP) ? Access Control Policy Machine [NIST] ? Military Networking Protocol (MNP) program [DARPA] ? High-Level ...

2012-02-10T23:59:59.000Z

352

Laws of Cyber Security Ravi Sandhu  

E-Print Network (OSTI)

to macroeconomics, which involves the "sum total of economic activity, dealing with the issues of growth, inflation Generation firewalls deployed 1992 IP Spoofing attacks proliferate in the wild 1993 VPNs emerge late 1990's Vulnerability shifts to accessing end-point Network Admission Control 2000's © Ravi Sandhu 5

Sandhu, Ravi

353

Data Diodes in Support of Trustworthy Cyber Infrastructure  

SciTech Connect

Interconnections between process control networks and en- terprise networks has resulted in the proliferation of stan- dard communication protocols in industrial control systems which exposes instrumentation, control systems, and the critical infrastructure components they operate to a variety of cyber attacks. Various standards and technologies have been proposed to protect industrial control systems against cyber attacks and to provide them with confidentiality, in- tegrity, and availability. Among these technologies, data diodes provide protection of critical systems by the means of physically enforcing traffic direction on the network. In order to deploy data diodes effectively, it is imperative to un- derstand the protection they provide, the protection they do not provide, their limitations, and their place in the larger security infrastructure. In this work, we briefly review the security challenges in an industrial control system, study data diodes, their functionalities and limitations, and pro- pose a scheme for their effective deployment in trusted pro- cess control networks (TPCNs.)

Sheldon, Frederick T [ORNL; Okhravi, Hamed [ORNL

2010-01-01T23:59:59.000Z

354

A nexus of Cyber-Geography and Cyber-Psychology: Topos/"Notopia" and identity in hacking  

Science Conference Proceedings (OSTI)

This paper explores the Cyber-Psychological and Cyber-Geographic aspects of hacking and hacktivism. An examination of the literature related to hackers and hacking reveals a complex nexus of spatial (including cyber-spatial such as ''Notopia'') and psychological ... Keywords: Cyber-Geography, Cyber-Identity, Cyber-Psychology, Hacking, Identity, Notopia

Fivos Papadimitriou

2009-11-01T23:59:59.000Z

355

GAO Information Security Update  

Science Conference Proceedings (OSTI)

... infrastructures Detecting, responding to, and mitigating cyber incidents ... Supporting cyber research and development ...

2013-06-04T23:59:59.000Z

356

Cyber-physical systems: imminent challenges  

Science Conference Proceedings (OSTI)

A German project is presented which was initiated in order to analyse the potential and risks associated with Cyber-Physical Systems. These have been recognised as the next wave of innovation in information and communication technology. Cyber-Physical ...

Manfred Broy; Mara Victoria Cengarle; Eva Geisberger

2012-03-01T23:59:59.000Z

357

Smart Manufacturing, Construction, and Cyber-Physical ...  

Science Conference Proceedings (OSTI)

Strategic Goal:Smart Manufacturing, Construction, and Cyber-Physical Systems. Enable the next generation of innovative ...

2013-01-03T23:59:59.000Z

358

Booz Allen Hamilton Cyber Assurance Testing Laboratory  

Science Conference Proceedings (OSTI)

Booz Allen Hamilton Cyber Assurance Testing Laboratory. NVLAP Lab Code: 200423-0. Address and Contact Information: ...

2013-08-16T23:59:59.000Z

359

CIKR Cyber Information Sharing and Collaboration Program ...  

Science Conference Proceedings (OSTI)

Page 1. CIKR Cyber Information Sharing and Collaboration Program (CISCP) In order to meet the Department of Homeland ...

2013-07-16T23:59:59.000Z

360

DRAFT Outline - Preliminary Framework to Reduce Cyber ...  

Science Conference Proceedings (OSTI)

Page 1. 1 DRAFT Outline - Preliminary Framework to Reduce Cyber Risks to Critical Infrastructure, July 1, 2013 NOTES ...

2013-07-02T23:59:59.000Z

Note: This page contains sample records for the topic "quality security cyber" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


361

sSCADA: securing SCADA infrastructure communications  

Science Conference Proceedings (OSTI)

Distributed control systems (DCS) and supervisory control and data acquisition (SCADA) systems were developed to reduce labour costs, and to allow system-wide monitoring and remote control from a central location. Control systems ... Keywords: DCS, SCADA, authenticated broadcast channels, authenticated emergency channels, authentication, critical infrastructures, cyber attacks, data acquisition, distributed control systems, infrastructure protection, secure channels, secure communications, smart grid security, supervisory control

Yongge Wang

2011-12-01T23:59:59.000Z

362

Coordinated Cyber-Physical Attacks, High-Impact Low-Frequency (HILF) Events, and Risk Management in the Electric Sector  

Science Conference Proceedings (OSTI)

Although the North American electricity grid is one of the most reliable power systems in the world, the high-impact low-frequency (HILF) class of rare but potentially catastrophically damaging events is of growing concern in the industry. This white paper summarizes key activities under two EPRI initiatives that address a HILF cyber-physical attack as well as risk assessment approaches and management tools relevant to a HILF event.EPRIs Cyber Security and Privacy Program ...

2012-12-12T23:59:59.000Z

363

SECURING HARDWARE, SOFTWARE AND DATA  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

of the Cyber Security of the Cyber Security Research Needs for Open Science Workshop July 23-24, 2007 Sponsored by the DOE Office of Science in Cooperation with the Office of Electricity Delivery and Energy Reliability i PNNL-16971 Report of the Cyber Security Research Needs for Open Science Workshop July 23-24, 2007 Sponsored by the DOE Office of Science in Cooperation with the Office of Electricity Delivery and Energy Reliability iii Acknowledgements The workshop chairs wish to thank Joree O'Neal and Rachel Smith for all their help and support with organizing the logistics and registration activities for this workshop; Sue Chin, Ted Tanasse, Barbara Wilson, and Stacy Larsen for their expert help with the assembly, text editing, and graphics for this report; and Lance Baatz for his masterful

364

Cyber Incident Information | Department of Energy  

NLE Websites -- All DOE Office Websites (Extended Search)

Services » Guidance » Privacy » Cyber Incident Information Services » Guidance » Privacy » Cyber Incident Information Cyber Incident Information July 2013 Cyber Incident The Department of Energy has confirmed a cyber incident that occurred at the end of July and resulted in the unauthorized disclosure of federal employee Personally Identifiable Information (PII). January 2013 Cyber Incident The Department of Energy (DOE) has confirmed a cyber incident that occurred in mid-January 2013 which targeted the Headquarters' network and resulted in the unauthorized disclosure of employee and contractor Personally Identifiable Information (PII). Tips to Monitor Your Identity Here is a suggested list of tips to monitor and protect yourself. Assistive Technology Forms Guidance Capital Planning Information Collection Management

365

Lemnos Interoperable Security Program  

Science Conference Proceedings (OSTI)

The manner in which the control systems are being designed and operated in the energy sector is undergoing some of the most significant changes in history due to the evolution of technology and the increasing number of interconnections to other system. With these changes however come two significant challenges that the energy sector must face; 1) Cyber security is more important than ever before, and 2) Cyber security is more complicated than ever before. A key requirement in helping utilities and vendors alike in meeting these challenges is interoperability. While interoperability has been present in much of the discussions relating to technology utilized within the energy sector and especially the Smart Grid, it has been absent in the context of cyber security. The Lemnos project addresses these challenges by focusing on the interoperability of devices utilized within utility control systems which support critical cyber security functions. In theory, interoperability is possible with many of the cyber security solutions available to utilities today. The reality is that the effort required to achieve cyber security interoperability is often a barrier for utilities. For example, consider IPSec, a widely-used Internet Protocol to define Virtual Private Networks, or ?? tunnels?, to communicate securely through untrusted public and private networks. The IPSec protocol suite has a significant number of configuration options and encryption parameters to choose from, which must be agreed upon and adopted by both parties establishing the tunnel. The exercise in getting software or devices from different vendors to interoperate is labor intensive and requires a significant amount of security expertise by the end user. Scale this effort to a significant number of devices operating over a large geographical area and the challenge becomes so overwhelming that it often leads utilities to pursue solutions from a single vendor. These single vendor solutions may inadvertently lock utilities into proprietary and closed systems Lemnos is built on the successes of Open PCS Security Architecture for Interoperable Design (OPSAID), a previous DOE National SCADA Test Bed (NSTB) project. It enhances security interoperability by identifying basic cyber security functions based on utility requirements and then selecting open source solutions, namely Internet Engineering Task Force (IETF) RFCs, to support these functions. Once identified, specific configuration parameters for each RFC suitable for the electric utility control system environment are identified and documented. These configuration parameters are referred to as Interoperable Configuration Profiles (ICP) and their effectiveness within the utility control systems environment is verified with comprehensive testing as the final step in the process. The project focused on development of ICPs for four security protocols (IPsec, SSH, LDAP, and Syslog) which represent fundamental building blocks which can be utilized for securing utility control systems. These ICPs are product agnostic and can be applied modularly to any device (router, substation gateway, intelligent electronic device, etc.) within the utility control system as the end user deems necessary for their unique system architecture. The Lemnos Interoperable Security Program is a public-private partnership under the U.S. Department of Energy (DOE) Office of Electricity Delivery and Energy Reliability's Cybersecurity for Energy Delivery Systems (CEDS) program and supports The Roadmap to Secure Energy Delivery Systems. In addition to EnerNex, the core team supporting the effort includes Tennessee Valley Authority, Sandia National Laboratories, and Schweitzer Engineering Laboratories. Adding to the core team effort is collaboration from additional industry participants in the project including the Electric Power Research Institute (EPRI), Alien Vault, Cisco, Encore Networks, GarrettCom, Industrial Defender, N-Dimension Solutions, Phoenix Contact, RuggedCom, and Siemens.

John Stewart; Ron Halbgewachs; Adrian Chavez; Rhett Smith; David Teumim

2012-01-31T23:59:59.000Z

366

Grid Strategy 2012: Cyber and Physical Strategy for Substation and Field Equipment (Greenfield and Legacy)  

Science Conference Proceedings (OSTI)

This technical update addresses cyber security for deployed field equipment. Although focused on remote equipment, it provides guidelines that are adaptable for use across a wide range of deployment scenarios and organizational structures. In view of the many-to-many relationship between available equipment and deployment scenarios, it cannot be presumed that vendor-supplied equipment or particular organizational structures will ensure secure and resilient equipment operation.To ensure ...

2012-11-28T23:59:59.000Z

367

CYBER-RELATED CRITICAL INFRASTRUCTURE IDENTIFICATION AND PROTECTION...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

CYBER-RELATED CRITICAL INFRASTRUCTURE IDENTIFICATION AND PROTECTION MEASURES, IG-0545 CYBER-RELATED CRITICAL INFRASTRUCTURE IDENTIFICATION AND PROTECTION MEASURES, IG-0545 In...

368

A Scalable Framework for Cyber Attack Discovery and Situational...  

NLE Websites -- All DOE Office Websites (Extended Search)

Scalable Framework for Cyber Attack Discovery and Situational Understanding (SITU) May 15, 2013 Problem Statement: Cyber attacks cost commercial and governmental organizations vast...

369

Cyber Tips Book Mark (2009 NCSA Month) | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Sites Power Marketing Administration Other Agencies You are here Home Cyber Tips Book Mark (2009 NCSA Month) Cyber Tips Book Mark (2009 NCSA Month) Training and Awareness...

370

Cyber Effects Analysis Using VCSE Promoting Control System Reliability...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Cyber Effects Analysis Using VCSE Promoting Control System Reliability Cyber Effects Analysis Using VCSE Promoting Control System Reliability This report describes the Virtual...

371

DOE Issues Energy Sector Cyber Organization NOI  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Issues National Energy Sector Cyber Organization Notice of Intent February 11, 2010 The Department of Energy's (DOE) National Energy Technology Laboratory (NETL) announced on Jan....

372

Guideline for Securing Control Systems and Corporate Network Interfaces  

Science Conference Proceedings (OSTI)

Until recent years, many electric utilities have dealt with the cyber security issues of protecting control system networks by keeping the control system and corporate system networks physically separate. Others have prohibited remote access to control system networks, requiring all connections be made onsite. While these techniques effectively protect the system from external cyber-security-based threats, they are restricting a growing requirement for access, particularly among corporate users who need ...

2005-12-05T23:59:59.000Z

373

Graph anomalies in cyber communications  

Science Conference Proceedings (OSTI)

Enterprises monitor cyber traffic for viruses, intruders and stolen information. Detection methods look for known signatures of malicious traffic or search for anomalies with respect to a nominal reference model. Traditional anomaly detection focuses on aggregate traffic at central nodes or on user-level monitoring. More recently, however, traffic is being viewed more holistically as a dynamic communication graph. Attention to the graph nature of the traffic has expanded the types of anomalies that are being sought. We give an overview of several cyber data streams collected at Los Alamos National Laboratory and discuss current work in modeling the graph dynamics of traffic over the network. We consider global properties and local properties within the communication graph. A method for monitoring relative entropy on multiple correlated properties is discussed in detail.

Vander Wiel, Scott A [Los Alamos National Laboratory; Storlie, Curtis B [Los Alamos National Laboratory; Sandine, Gary [Los Alamos National Laboratory; Hagberg, Aric A [Los Alamos National Laboratory; Fisk, Michael [Los Alamos National Laboratory

2011-01-11T23:59:59.000Z

374

PowerSec Generic Security Analysis Report  

Science Conference Proceedings (OSTI)

During 2006 and 2007, EPRI developed and executed the PowerSec Program to assess utility cyber security and evaluate the gap between existing and recommended practices. Nine electric power companies (EPUs) participated in this program. Six of those EPUs participated in a project to determine their aggregate security posture. This report presents the results of that project.

2007-12-11T23:59:59.000Z

375

A framework for federated two-factor authentication enabling cost-effective secure access to distributed cyberinfrastructure  

Science Conference Proceedings (OSTI)

As cyber attacks become increasingly sophisticated, the security measures used to mitigate the risks must also increase in sophistication. One time password (OTP) systems provide strong authentication because security credentials are not reusable, thus ... Keywords: OTP, XSEDE, authentication, radius

Matthew A. Ezell; Gary L. Rogers; Gregory D. Peterson

2012-07-01T23:59:59.000Z

376

Assessment of current cybersecurity practices in the public domain : cyber indications and warnings domain.  

SciTech Connect

This report assesses current public domain cyber security practices with respect to cyber indications and warnings. It describes cybersecurity industry and government activities, including cybersecurity tools, methods, practices, and international and government-wide initiatives known to be impacting current practice. Of particular note are the U.S. Government's Trusted Internet Connection (TIC) and 'Einstein' programs, which are serving to consolidate the Government's internet access points and to provide some capability to monitor and mitigate cyber attacks. Next, this report catalogs activities undertaken by various industry and government entities. In addition, it assesses the benchmarks of HPC capability and other HPC attributes that may lend themselves to assist in the solution of this problem. This report draws few conclusions, as it is intended to assess current practice in preparation for future work, however, no explicit references to HPC usage for the purpose of analyzing cyber infrastructure in near-real-time were found in the current practice. This report and a related SAND2010-4766 National Cyber Defense High Performance Computing and Analysis: Concepts, Planning and Roadmap report are intended to provoke discussion throughout a broad audience about developing a cohesive HPC centric solution to wide-area cybersecurity problems.

Hamlet, Jason R.; Keliiaa, Curtis M.

2010-09-01T23:59:59.000Z

377

NNSA Policies | National Nuclear Security Administration  

National Nuclear Security Administration (NNSA)

About Us > Our Operations > Management and Budget > NNSA Policy About Us > Our Operations > Management and Budget > NNSA Policy System > NNSA Policies NNSA Policies NNSA Policies (NAPs) impart policy and requirements unique to the Administration or provide short-term notices until more formal direction can be provided. NAP-4B Corporate Performance Process for M&O Contractors June 30, 2008 NAP-5 Standards Management October 16, 2002 NAP-6 FEOSH Program for NNSA Headquarters Employees December 19, 2002 NAP-7 NNSA's Acquisition and Assistance Policy Guidance December 9, 2002 NAP-14.1D Baseline Cyber Security Program December 14, 2012 NAP-21 Signed Governance and Oversight March 2, 2011 NAP-23 Transformational Governance and Oversight February 28, 2011 NAP-24 Weapons Quality Policy June 20, 2013 NAP-25 Management and Operating Contractor Business Meals and Light Refreshment

378

NIST Improves Tool for Hardening Software Against Cyber ...  

Science Conference Proceedings (OSTI)

NIST Improves Tool for Hardening Software Against Cyber Attack. From NIST Tech Beat: November 22, 2011. ...

2011-11-22T23:59:59.000Z

379

Underground Test Area Fiscal Year 2012 Annual Quality Assurance Report Nevada National Security Site, Nevada, Revision 0  

SciTech Connect

This report is mandated by the Underground Test Area (UGTA) Quality Assurance Project Plan (QAPP) and identifies the UGTA quality assurance (QA) activities for fiscal year (FY) 2012. All UGTA organizationsU.S. Department of Energy (DOE), National Nuclear Security Administration Nevada Site Office (NNSA/NSO); Desert Research Institute (DRI); Lawrence Livermore National Laboratory (LLNL); Los Alamos National Laboratory (LANL); Navarro-Intera, LLC (N-I); National Security Technologies, LLC (NSTec); and the U.S. Geological Survey (USGS)conducted QA activities in FY 2012. The activities included conducting assessments, identifying findings and completing corrective actions, evaluating laboratory performance, revising the QAPP, and publishing documents. In addition, processes and procedures were developed to address deficiencies identified in the FY 2011 QAPP gap analysis.

Farnham, Irene; Marutzky, Sam

2013-01-01T23:59:59.000Z

380

Underground Test Area Fiscal Year 2013 Annual Quality Assurance Report Nevada National Security Site, Nevada, Revision 0  

SciTech Connect

This report is required by the Underground Test Area (UGTA) Quality Assurance Plan (QAP) and identifies the UGTA quality assurance (QA) activities for fiscal year (FY) 2013. All UGTA organizationsU.S. Department of Energy (DOE), National Nuclear Security Administration Nevada Field Office (NNSA/NFO); Desert Research Institute (DRI); Lawrence Livermore National Laboratory (LLNL); Los Alamos National Laboratory (LANL); Navarro-Intera, LLC (N-I); National Security Technologies, LLC (NSTec); and the U.S. Geological Survey (USGS)conducted QA activities in FY 2013. The activities included conducting assessments, identifying findings and completing corrective actions, evaluating laboratory performance, and publishing documents. In addition, integrated UGTA required reading and corrective action tracking was instituted.

Krenzien, Susan; Martuzky, Sam

2014-01-01T23:59:59.000Z

Note: This page contains sample records for the topic "quality security cyber" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


381

Environment/Health/Safety/Security (EHSS): Security & Emergency Services:  

NLE Websites -- All DOE Office Websites (Extended Search)

Security & Emergency Services Security & Emergency Services Security Update ID Cards Gate Procedures Visitor/Guest Access Bus/Shuttle Reporting Foreign Contacts Mail Handling Contacts Cyber Protection Website ISSM Website ISSM: Counterintelligence and Counterterrorism Emergency Services Website Security and Emergency Operations Website Security Update THREAT ASSESSMENT: January 9, 2004-- The Department of Energy has directed all DOE sites to lower their security status to Secon Level 3, to coincide with the Department of Homeland Security advisory system. Security measures as listed below are in place. If you have any questions, call Dan Lunsford at x6016. ID Cards: Every employee must have a valid LBNL proximity badge and either wear it or produce it upon request. Badges and clips are available in the Site Access

382

DOE to Provide Nearly $8 Million to Safeguard the Nations Energy Infrastructure from Cyber Attacks  

Energy.gov (U.S. Department of Energy (DOE))

U.S. Department of Energy (DOE) Assistant Secretary for Electricity Delivery and Energy Reliability Kevin M. Kolevar today announced five projects that have been selected for negotiation of awards of up to $7.9 million in DOE funding to develop and integrate technologically-advanced controls and cyber-security devices into our electric grid and energy infrastructure.

383

Innovating Security  

Science Conference Proceedings (OSTI)

... Situational Awareness and Incident Response R. Slaybaugh, Cyber Threat Analyst ... Factors to consider in transforming our acquisition due diligence ...

2012-10-13T23:59:59.000Z

384

Performance and security tradeoff  

Science Conference Proceedings (OSTI)

A tradeoff is a situation that involves losing one quality or aspect of something in return for gaining another quality or aspect. Speaking about the tradeoff between performance and security indicates that both, performance and security, can be measured, ...

Katinka Wolter; Philipp Reinecke

2010-06-01T23:59:59.000Z

385

Definition: Critical Cyber Assets | Open Energy Information  

Open Energy Info (EERE)

Related Terms Cyber Assets References Glossary of Terms Used in Reliability Standards An LikeLike UnlikeLike You like this.Sign Up to see what your friends like. inline...

386

Cyber-Physical Challenges for Space Systems  

Science Conference Proceedings (OSTI)

Modern space systems necessarily have a tight coupling between onboard cyber (processing, communication) and physical (sensing, actuation) elements to survive the harsh extraterrestrial environment and successfully complete ambitious missions. This article ... Keywords: attitude control, communication, robotics, space systems

Andrew T. Klesh; James W. Cutler; Ella M. Atkins

2012-04-01T23:59:59.000Z

387

Protecting Intelligent Distributed Power Grids against Cyber Attacks  

Science Conference Proceedings (OSTI)

Like other industrial sectors, the electrical power industry is facing challenges involved with the increasing demand for interconnected operations and control. The electrical industry has largely been restructured due to deregulation of the electrical market and the trend of the Smart Grid. This moves new automation systems from being proprietary and closed to the current state of Information Technology (IT) being highly interconnected and open. However, while gaining all of the scale and performance benefits of IT, existing IT security challenges are acquired as well. The power grid automation network has inherent security risks due to the fact that the systems and applications for the power grid were not originally designed for the general IT environment. In this paper, we propose a conceptual layered framework for protecting power grid automation systems against cyber attacks. The following factors are taken into account: (1) integration with existing, legacy systems in a non-intrusive fashion; (2) desirable performance in terms of modularity, scalability, extendibility, and manageability; (3) alignment to the 'Roadmap to Secure Control Systems in the Energy Sector' and the future smart grid. The on-site system test of the developed prototype security system is briefly presented as well.

Dong Wei; Yan Lu; Mohsen Jafari; Paul Skare; Kenneth Rohde

2010-12-31T23:59:59.000Z

388

Addressing the Challenges of Anomaly Detection for Cyber Physical Energy Grid Systems  

Science Conference Proceedings (OSTI)

The consolidation of cyber communications networks and physical control systems within the energy smart grid introduces a number of new risks. Unfortunately, these risks are largely unknown and poorly understood, yet include very high impact losses from attack and component failures. One important aspect of risk management is the detection of anomalies and changes. However, anomaly detection within cyber security remains a difficult, open problem, with special challenges in dealing with false alert rates and heterogeneous data. Furthermore, the integration of cyber and physical dynamics is often intractable. And, because of their broad scope, energy grid cyber-physical systems must be analyzed at multiple scales, from individual components, up to network level dynamics. We describe an improved approach to anomaly detection that combines three important aspects. First, system dynamics are modeled using a reduced order model for greater computational tractability. Second, a probabilistic and principled approach to anomaly detection is adopted that allows for regulation of false alerts and comparison of anomalies across heterogeneous data sources. Third, a hierarchy of aggregations are constructed to support interactive and automated analyses of anomalies at multiple scales.

Ferragut, Erik M [ORNL; Laska, Jason A [ORNL; Melin, Alexander M [ORNL; Czejdo, Bogdan [ORNL

2013-01-01T23:59:59.000Z

389

Control Systems Security Test Center - FY 2004 Program Summary  

Science Conference Proceedings (OSTI)

In May 2004, the US-CERT Control Systems Security Center (CSSC) was established at Idaho National Laboratory to execute assessment activities to reduce the vulnerability of the nations critical infrastructure control systems to terrorist attack. The CSSC implements a program to accomplish the five goals presented in the US-CERT National Strategy for Control Systems Security. This report summarizes the first year funding of startup activities and program achievements that took place in FY 2004 and early FY 2005. This document was prepared for the US-CERT Control Systems Security Center of the National Cyber Security Division of the Department of Homeland Security (DHS). DHS has been tasked under the Homeland Security Act of 2002 to coordinate the overall national effort to enhance the protection of the national critical infrastructure. Homeland Security Presidential Directive HSPD-7 directs federal departments to identify and prioritize the critical infrastructure and protect it from terrorist attack. The US-CERT National Strategy for Control Systems Security was prepared by the National Cyber Security Division to address the control system security component addressed in the National Strategy to Secure Cyberspace and the National Strategy for the Physical Protection of Critical Infrastructures and Key Assets. The US-CERT National Strategy for Control Systems Security identified five high-level strategic goals for improving cyber security of control systems.

Robert E. Polk; Alen M. Snyder

2005-04-01T23:59:59.000Z

390

Breakthrough: Fighting cancer with nanoparticles | Argonne National...  

NLE Websites -- All DOE Office Websites (Extended Search)

& technology --Atmospheric & climate research --Ecology --Environmental modeling tools --Land reclamation --Water quality Security -Cyber security -Decision science --Emergency &...

391

Nuclear Forensics | National Security | ORNL  

NLE Websites -- All DOE Office Websites (Extended Search)

Initiatives Initiatives Cyber Security Nuclear Forensics Bioinformatics National Security Home | Science & Discovery | National Security | Initiatives | Nuclear Forensics SHARE Nuclear Forensics image Tools, techniques, and expertise in nuclear fuel cycle research gained over seven decades help ORNL scientists control and track nuclear bomb-grade materials to be sure they don't fall into the wrong hands. Among the leading-edge technologies used by researchers are high-resolution techniques that allow analysis of radiation detector data in stunning detail. Researchers are also developing aerosol sampling systems to collect airborne particulates and instantly send an alert if radiation is detected. For more information, please contact: nuclearforensicsinitiative

392

Sandia National Laboratories: The Center for Cyber Defenders...  

NLE Websites -- All DOE Office Websites (Extended Search)

Cyber Boot Camps The Cyber Boot Camp Program was developed to help make science and technology more exciting by treating students to hands-on experience and interaction with...

393

Microsoft Word - Cyber Effects Analysis Using VCSE 09.doc  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

8-5954 8-5954 Unlimited Release Printed September 2008 Cyber Effects Analysis Using VCSE Promoting Control System Reliability Michael J. McDonald, Gregory N. Conrad, Travis C. Service, Regis H. Cassidy Prepared by Sandia National Laboratories Albuquerque, New Mexico 87185 and Livermore, California 94550 Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy's National Nuclear Security Administration under Contract DE-AC04-94AL85000. Approved for public release; further dissemination unlimited. Issued by Sandia National Laboratories, operated for the United States Department of Energy by Sandia Corporation. NOTICE: This report was prepared as an account of work sponsored by an agency of

394

The growing trend of government involvement in IT security  

Science Conference Proceedings (OSTI)

In today's society, information security has come to the forefront of discussion, especially as terrorism, illegal corporate activities, and cyber crime incidents are increasing. The government is now taking on a larger role in determining standards ... Keywords: awareness training, information security

Christin Moore

2004-10-01T23:59:59.000Z

395

M.: On the impact of network infrastructure parameters to the effectiveness of cyber attacks against industrial control systems  

E-Print Network (OSTI)

The fact that modern Networked Industrial Control Systems (NICS) depend on Information and Communication Technologies (ICT), is well known. Although many studies have focused on the security of SCADA systems, today we still lack the proper understanding of the effects that cyber attacks have on NICS. In this paper we identify the communication and control logic implementation parameters that influence the outcome of attacks against NICS and that could be used as effective measures for increasing the resilience of industrial installations. The implemented scenario involves a powerful attacker that is able to send legitimate Modbus packets/commands to control hardware in order to bring the physical process into a critical state, i.e. dangerous, or more generally unwanted state of the system. The analysis uses a Boiling Water Power Plant to show that the outcome of cyber attacks is influenced by network delays, packet losses, background traffic and control logic scheduling time. The main goal of this paper is to start an exploration of cyber-physical effects in particular scenarios. This study is the first of its kind to analyze cyber-physical systems and provides insight to the way that the cyber realm affects the physical realm.

B. Genge; C. Siaterlis; M. Hohenadel; Bla Genge; Christos Siaterlis; Marc Hohenadel

2012-01-01T23:59:59.000Z

396

Investigating the effectiveness of many-core network processors for high performance cyber protection systems. Part I, FY2011.  

SciTech Connect

This report documents our first year efforts to address the use of many-core processors for high performance cyber protection. As the demands grow for higher bandwidth (beyond 1 Gbits/sec) on network connections, the need to provide faster and more efficient solution to cyber security grows. Fortunately, in recent years, the development of many-core network processors have seen increased interest. Prior working experiences with many-core processors have led us to investigate its effectiveness for cyber protection tools, with particular emphasis on high performance firewalls. Although advanced algorithms for smarter cyber protection of high-speed network traffic are being developed, these advanced analysis techniques require significantly more computational capabilities than static techniques. Moreover, many locations where cyber protections are deployed have limited power, space and cooling resources. This makes the use of traditionally large computing systems impractical for the front-end systems that process large network streams; hence, the drive for this study which could potentially yield a highly reconfigurable and rapidly scalable solution.

Wheeler, Kyle Bruce; Naegle, John Hunt; Wright, Brian J.; Benner, Robert E., Jr.; Shelburg, Jeffrey Scott; Pearson, David Benjamin; Johnson, Joshua Alan; Onunkwo, Uzoma A.; Zage, David John; Patel, Jay S.

2011-09-01T23:59:59.000Z

397

CyberDesign & Infrastructure for Multiscale Modeling and Simulations  

Science Conference Proceedings (OSTI)

Multiscale cyber design methodology, which usually disparate entities such as material characterization, mechanical experimentation, material design, and...

398

A Mathematical Framework for the Analysis of Cyber-Resilient Control Systems  

Science Conference Proceedings (OSTI)

The increasingly recognized vulnerability of industrial control systems to cyber-attacks has inspired a considerable amount of research into techniques for cyber-resilient control systems. The majority of this effort involves the application of well known information security (IT) techniques to control system networks. While these efforts are important to protect the control systems that operate critical infrastructure, they are never perfectly effective. Little research has focused on the design of closed-loop dynamics that are resilient to cyber-attack. The majority of control system protection measures are concerned with how to prevent unauthorized access and protect data integrity. We believe that the ability to analyze how an attacker can effect the closed loop dynamics of a control system configuration once they have access is just as important to the overall security of a control system. To begin to analyze this problem, consistent mathematical definitions of concepts within resilient control need to be established so that a mathematical analysis of the vulnerabilities and resiliencies of a particular control system design methodology and configuration can be made. In this paper, we propose rigorous definitions for state awareness, operational normalcy, and resiliency as they relate to control systems. We will also discuss some mathematical consequences that arise from the proposed definitions. The goal is to begin to develop a mathematical framework and testable conditions for resiliency that can be used to build a sound theoretical foundation for resilient control research.

Melin, Alexander M [ORNL; Ferragut, Erik M [ORNL; Laska, Jason A [ORNL; Fugate, David L [ORNL; Kisner, Roger [ORNL

2013-01-01T23:59:59.000Z

399

Transportation Secure Data Center: Real-World Data for Environmental and Air Quality Analysis (Fact Sheet)  

SciTech Connect

The National Renewable Energy Laboratory (NREL) and the U.S. Department of Transportation (DOT) have launched the free, web-based Transportation Secure Data Center (TSDC). The TSDC (www.nrel.gov/tsdc) preserves respondent anonymity while making vital transportation data available to a broad group of users through secure, online access. The TSDC database provides free-of-charge web-based access to valuable transportation data that can be used for: Emissions and air pollution modeling, Vehicle energy and power analysis, Climate change impact studies, Alternative fuel station planning, and Validating transportation data from other sources. The TSDC's two levels of access make composite data available with simple online registration, and allow researchers to use detailed spatial data after completing a straight forward application process.

Not Available

2013-01-01T23:59:59.000Z

400

Security data extraction from IEC 61850 ACSI models for network and system management  

Science Conference Proceedings (OSTI)

The international standard IEC 62351 proposed the format of abstract data object for secure smart grid controls which is named as Network and System Management (NSM). It is devised to respond not only deliberate attacks such as cyber hacking and sabotage, ... Keywords: IEC 61850, IEC 62351, network and system management, power grid security, smart grid security

Chung-Hyo Kim; Moon-Seok Choi; Seong-Ho Ju; Yong-Hun Lim; Jong-Mock Baek

2011-08-01T23:59:59.000Z

Note: This page contains sample records for the topic "quality security cyber" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


401

Data Diodes in Support of a Power Grid Trustworthy Cyber Infrastructure  

SciTech Connect

Industrial Control Systems (ICS) are an integral part of the industrial infrastructure providing for the national good. While sharing basic constructs with Information Technology (IT) business systems, ICSs are technically, administratively, and functionally more complex and unique than business IT systems. Critical infrastructure protection focuses on protecting and maintaining a safe and reliable supply of electric power, oil, water, gasoline, chemicals, food, etc. Cyber vul-nerabilities are important if they can affect the safe, functional performance of these systems and processes. The majority of ICS exhibit vulnerable devices with unsecured physical access and/or subject to insider attack. In this whitepaper, we advocate trusted process control networks as a way to address the serious cyber security flaws which combines both white/black listing into a design philosophy that addresses information warfare scenarios, software process monitoring and an attack recognition and management architecture.

Sheldon, Frederick T [ORNL; MacIntyre, Lawrence Paul [ORNL; Okhravi, Hamed [ORNL; Munson, Dr. John C. [Computer Measurement Laboratory, Inc.

2009-12-01T23:59:59.000Z

402

GAO Challenges and Efforts to Secure Control Systems (March 2004) |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

GAO Challenges and Efforts to Secure Control Systems (March 2004) GAO Challenges and Efforts to Secure Control Systems (March 2004) GAO Challenges and Efforts to Secure Control Systems (March 2004) Computerized control systems perform vital functions across many of our nation's critical infrastructures. For example, in natural gas distribution, they can monitor and control the pressure and flow of gas through pipelines. In October 1997, the President's Commission on Critical Infrastructure Protection emphasized the increasing vulnerability of control systems to cyber attacks. The House Committee on Government Reform and its Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census asked GAO to report on potential cyber vulnerabilities, focusing on (1) significant cybersecurity risks associated with control systems (2) potential and reported cyber attacks

403

Technical Services | Y-12 National Security Complex  

NLE Websites -- All DOE Office Websites (Extended Search)

Technical Technical Services Technical Services Technical services spans Y-12 disciplines that support manufacturing at Y-12. Information Systems (National Security Systems Development) Provide solutions for information security, including the protection of national security, proprietary and any other class of highly sensitive information. Develop highly integrated, enterprise level software applications for use within the federal space and adaptable to commercial application. Leverage the transformative information technology capabilities of the NNSA to a broad spectrum of federal applications for rapidly deployed, cost effective and reproducible technical solutions. Develop virtual collaborative networks for cluster manufacturing. Develop, test, and implement operational cyber security strategies

404

Simplifying cyber foraging for mobile devices  

Science Conference Proceedings (OSTI)

Cyber foraging is the transient and opportunistic use of compute servers bymobile devices. The short market life of such devices makes rapid modification of applications for remote execution an important problem. We describe a solution that combines ... Keywords: mobile computing, programmer productivity, rapid prototyping, retargeting applications, software engineering, user study

Rajesh Krishna Balan; Darren Gergle; Mahadev Satyanarayanan; James Herbsleb

2007-06-01T23:59:59.000Z

405

BNL Password Procedures, Cyber Security,Information Technology Division,  

NLE Websites -- All DOE Office Websites (Extended Search)

Password Policy, Procedures, and Guidance Password Policy, Procedures, and Guidance Password Policy Choosing a Good Password - Online Random Password Generator Password Do's and Don'ts Password Protection Password Changing Password Change Process - Using Windows NT/2000/XP Operating Systems - Unix Systems Users not logged into the BNL Domain Password Policy for BlackBerry and Windows-based Hand-held Wireless Devices Password Policy Based upon DOE Notice N205.3 and guidance in DOE G 205.3-1, all BNL computer platforms capable of supporting password protection systems must have passwords that are in accord with the following. Password contains at least eight non-blank characters, provided such passwords are allowed by the operating system or application. Password contains a combination of letters (a mixture of upper and lowercase), numbers, and at least one special character within the first seven positions, provided such passwords are allowed by the operating system or application.

406

Lessons Learned from Cyber Security Assessments of SCADA and...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

monitor and control critical infrastructure equipment, ranging from valves in oil and gas pipelines to switches and breakers in the national electric grid. If compromised, these...

407

NIST Issues Expanded Draft of Smart Grid Cyber Security ...  

Science Conference Proceedings (OSTI)

... including electric transportation, electric storage, advanced metering infrastructure, distribution grid management, energy management in homes ...

2010-12-07T23:59:59.000Z

408

NERSC Cyber Security Challenges That Require DOE Development and Support  

E-Print Network (OSTI)

NERSC and other high performance computing (HPC) centersby providing high performance computing, information, data,shell accounts on high performance computing systems poses

Draney, Brent; Campbell, Scott; Walter, Howard

2008-01-01T23:59:59.000Z

409

Cyber Security and You Who's `Phishing' in Your Backyard?  

E-Print Network (OSTI)

://www.nik.no/ Open Source Software for the Smartgrid: Challenges for Software Safety and Evolution Tosin Daniel, Trondheim, Norway. Abstract The growing Smartgrid behind today's electricity supply introduces many domains (generation, transmission, distribution and consumption) and nodes of the Smartgrid network

Sorin, Eric J.

410

CyberForensics: Understanding Information Security Investigations, 1st edition  

Science Conference Proceedings (OSTI)

This fascinating and highly topical subject has a history dating back to the secret world of 1970s Cold War espionage, when the US military and Central intelligence agencies, aided by the latest mainframe systems, were the first to use computer forensics ...

Jennifer Bayuk

2010-09-01T23:59:59.000Z

411

Control Systems Cyber Security: Defense in Depth Strategies ...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

and direction for developing 'defense-in-depth' strategies for organizations that use control system networks while maintaining a multi-tier information architecture. Control...

412

OIA: Office of Contract Assurance: Assurance Systems: Cyber Security...  

NLE Websites -- All DOE Office Websites (Extended Search)

with applicable Federal, State and local regulations and the US Department of Energy (DOE) orders and requirements. It is the intent of LBNL to establish a culture and work...

413

Cyber-Physical Systems Security for the Smart Grid  

Science Conference Proceedings (OSTI)

... Untrusted input Smart Grid Function ... Smart meter, control data Load balancing ... System (FACTS) Transmission/Distribution Automation

2012-05-05T23:59:59.000Z

414

Cyber-Physical Systems Security for the Smart Grid  

Science Conference Proceedings (OSTI)

... D. Transmission Automation ... or reputation manage ment systems for smart grid applications where ... the topology of the power distribution network to ...

2012-04-05T23:59:59.000Z

415

SuperIdentity: Fusion of Identity across Real and Cyber Domains  

Science Conference Proceedings (OSTI)

Under both benign and malign circumstances, people now manage a spectrum of identities across both real-world and cyber domains. Our belief, however, is that all these instances ultimately track back for an individual to reflect a single 'SuperIdentity'. This paper outlines the assumptions underpinning the SuperIdentity Project, describing the innovative use of data fusion to incorporate novel real-world and cyber cues into a rich framework appropriate for modern identity. The proposed combinatorial model will support a robust identification or authentication decision, with confidence indexed both by the level of trust in data provenance, and the diagnosticity of the identity factors being used. Additionally, the exploration of correlations between factors may underpin the more intelligent use of identity information so that known information may be used to predict previously hidden information. With modern living supporting the 'distribution of identity' across real and cyber domains, and with criminal elements operating in increasingly sophisticated ways in the hinterland between the two, this approach is suggested as a way forwards, and is discussed in terms of its impact on privacy, security, and the detection of threat.

Black, Sue; Creese, Sadie; Guest, Richard; Pike, William A.; Saxby, Steven; Stanton Fraser, Danae; Stevenage, Sarah; Whitty, Monica

2012-04-23T23:59:59.000Z

416

National cyber defense high performance computing and analysis : concepts, planning and roadmap.  

SciTech Connect

There is a national cyber dilemma that threatens the very fabric of government, commercial and private use operations worldwide. Much is written about 'what' the problem is, and though the basis for this paper is an assessment of the problem space, we target the 'how' solution space of the wide-area national information infrastructure through the advancement of science, technology, evaluation and analysis with actionable results intended to produce a more secure national information infrastructure and a comprehensive national cyber defense capability. This cybersecurity High Performance Computing (HPC) analysis concepts, planning and roadmap activity was conducted as an assessment of cybersecurity analysis as a fertile area of research and investment for high value cybersecurity wide-area solutions. This report and a related SAND2010-4765 Assessment of Current Cybersecurity Practices in the Public Domain: Cyber Indications and Warnings Domain report are intended to provoke discussion throughout a broad audience about developing a cohesive HPC centric solution to wide-area cybersecurity problems.

Hamlet, Jason R.; Keliiaa, Curtis M.

2010-09-01T23:59:59.000Z

417

Cyber Framework NIST In Support of CIS 4-12-13  

Science Conference Proceedings (OSTI)

... April 12, 2013 Cyber Framework NIST ... Our state and local governments are on the front lines of the cyber battle every day. ...

2013-04-13T23:59:59.000Z

418

Control System Applicable Use Assessment of the Secure Computing Corporation - Secure Firewall (Sidewinder)  

Science Conference Proceedings (OSTI)

Battelles National Security & Defense objective is, applying unmatched expertise and unique facilities to deliver homeland security solutions. From detection and protection against weapons of mass destruction to emergency preparedness/response and protection of critical infrastructure, we are working with industry and government to integrate policy, operational, technological, and logistical parameters that will secure a safe future. In an ongoing effort to meet this mission, engagements with industry that are intended to improve operational and technical attributes of commercial solutions that are related to national security initiatives are necessary. This necessity will ensure that capabilities for protecting critical infrastructure assets are considered by commercial entities in their development, design, and deployment lifecycles thus addressing the alignment of identified deficiencies and improvements needed to support national cyber security initiatives. The Secure Firewall (Sidewinder) appliance by Secure Computing was assessed for applicable use in critical infrastructure control system environments, such as electric power, nuclear and other facilities containing critical systems that require augmented protection from cyber threat. The testing was performed in the Pacific Northwest National Laboratorys (PNNL) Electric Infrastructure Operations Center (EIOC). The Secure Firewall was tested in a network configuration that emulates a typical control center network and then evaluated. A number of observations and recommendations are included in this report relating to features currently included in the Secure Firewall that support critical infrastructure security needs.

Hadley, Mark D.; Clements, Samuel L.

2009-01-01T23:59:59.000Z

419

Microsoft Word - OE Cyber Release 10 18 07.doc  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

DOE to Provide Nearly 8 Million to Safeguard the Nation's Energy Infrastructure from Cyber Attacks WASHINGTON, DC - U.S. Department of Energy (DOE) Assistant Secretary for...

420

Cyber-Enabled Materials Simulations via NanoHUB.org  

Science Conference Proceedings (OSTI)

Symposium, Integrating and Leveraging Collaborative Efforts for ICME Education . Presentation Title, Cyber-Enabled Materials Simulations via NanoHUB.org.

Note: This page contains sample records for the topic "quality security cyber" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


421

Proceedings of the Cybersecurity in Cyber-Physical Workshop ...  

Science Conference Proceedings (OSTI)

... modes of operation (such as home health setting ... temperature, pressure, and cooling/heating rates. ... other cyber-physical domains (ie oil/ natural gas ...

2013-02-14T23:59:59.000Z

422

Lessons to Learn for U.S. Electric Grid Critical Infrastructure Protection: Organizational Challenges for Utilities in Identification of Critical Assets and Adequate Security Measures  

Science Conference Proceedings (OSTI)

The U.S. Federal Energy Regulatory Commission (FERC) approved the first critical infrastructure protection (CIP) standards for transmission and generation providers in January 2008. These standards require utilities to implement cyber security measures ...

Brian McKay

2011-01-01T23:59:59.000Z

423

Hallmark Project Commercialization of the Secure SCADA Communications  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Project Commercialization of the Secure SCADA Project Commercialization of the Secure SCADA Communications Protocol, a cryptographic security solution for device-to-device communication Hallmark Project Commercialization of the Secure SCADA Communications Protocol, a cryptographic security solution for device-to-device communication Increased connectivity and automation in the control systems that manage the nation's energy infrastructure have improved system functionality, but left systems more vulnerable to cyber attack. Intruders could severely disrupt control system operation by sending fabricated information or commands to control system devices. To ensure message integrity, supervisory control and data acquisition (SCADA) systems require a method to validate device-to-device communication and verify that information has

424

Enemy at the Water Cooler: True Stories of Insider Threats and Enterprise Security Management Countermeasures  

Science Conference Proceedings (OSTI)

The book covers a decade of work with some of the largest commercial and government agencies around the world in addressing cyber security related to malicious insiders (trusted employees, contractors, and partners). It explores organized crime, terrorist ... Keywords: Computer Science, Security

Brian Contos; Dave Kleiman

2006-12-01T23:59:59.000Z

425

Questions About The US Cyber Challenge Program  

Science Conference Proceedings (OSTI)

... Plus counter intelligence. And managers with strong technical security skills Page 8. ... Plus counter intelligence ? Foundations: ...

2011-03-25T23:59:59.000Z

426

Security analysis of smart grid data collection technologies  

Science Conference Proceedings (OSTI)

In the last few years we are witnessing a dramatic increase in cyber-attacks targeted against Critical Infrastructures. Attacks against Critical Infrastructures are especially dangerous because they are tailored to disrupt assets which are essential ... Keywords: phasor data concentrators, phasor measurement units, power grids, security analysis, smart grids, synchrophasors

Luigi Coppolino; Salvatore D'Antonio; Ivano Alessandro Elia; Luigi Romano

2011-09-01T23:59:59.000Z

427

Towards a secure Frequency Monitoring NETwork (FNET) system  

Science Conference Proceedings (OSTI)

Reactive and real-time wide area monitoring systems (WAMS), such as the Frequency Monitoring NETwork (FNET) developed at Virginia Tech, allow for the gathering of frequency data throughout the entire power grid. FNET uses the Internet as a communication ... Keywords: FNET, Smart Grid, cyber security

Joseph L. McDaniel; Ambareen Siraj

2010-04-01T23:59:59.000Z

428

Cyber-physical energy systems: focus on smart buildings  

Science Conference Proceedings (OSTI)

Operating at the intersection of multiple sensing and control systems designed for occupant comfort, performability and operational efficiency, modern buildings represent a prototypical cyber-physical system with deeply coupled embedded sensing and networked ... Keywords: LEED, ZNEB, buildings, cyber-physical, embedded, energy management, energy metering, smart grid

Jan Kleissl; Yuvraj Agarwal

2010-06-01T23:59:59.000Z

429

Review: From wireless sensor networks towards cyber physical systems  

Science Conference Proceedings (OSTI)

In the past two decades, a lot of research activities have been dedicated to the fields of mobile ad hoc network (MANET) and wireless sensor networks (WSN). More recently, the cyber physical system (CPS) has emerged as a promising direction to enrich ... Keywords: Cyber physical system, Internet technology, Mobile ad hoc network, Pervasive computing, Sensing and actuation, Wireless sensor network

Fang-Jing Wu; Yu-Fen Kao; Yu-Chee Tseng

2011-08-01T23:59:59.000Z

430

Embedded Cyber-Physical Anomaly Detection in Smart Meters  

E-Print Network (OSTI)

Embedded Cyber-Physical Anomaly Detection in Smart Meters Massimiliano Raciti, Simin Nadjm vulnerabilities that arise from deployment of local cyber-physical attacks at a smart metering location at destabilisation. In this paper we study a smart metering device that uses a trusted platform for storage

431

Security Perimeter  

NLE Websites -- All DOE Office Websites (Extended Search)

Security Perimeter Security Perimeter Protecting the Laboratory against threats and vulnerabilities. Contact Security Perimeter Coordinators Email The security perimeter helps to...

432

Cyber Effects Analysis Using VCSE Promoting Control System Reliability |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Cyber Effects Analysis Using VCSE Promoting Control System Cyber Effects Analysis Using VCSE Promoting Control System Reliability Cyber Effects Analysis Using VCSE Promoting Control System Reliability This report describes the Virtual Control System Environment (VCSE) technology- developed at Sandia National Laboratories-to investigate Supervisory Control And Data Acquisition (SCADA) vulnerabilities associated with energy systems; and it describes a set of experiments with findings from using that environment. The report explains how VCSE can be used to analyze and develop an understanding of cyber attacks. Specific analyses in this report focus on unencrypted, unsecured data channels on Internet protocol (IP)-routed computer networks within electric power systems. Cyber Effects Analysis Using VCSE Promoting Control System Reliability

433

Mitigations for Security Vulnerabilities Found in Control System Networks |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Mitigations for Security Vulnerabilities Found in Control System Mitigations for Security Vulnerabilities Found in Control System Networks Mitigations for Security Vulnerabilities Found in Control System Networks Industry is aware of the need for Control System (CS) security, but in on-site assessments, Idaho National Laboratory (INL) has observed that security procedures and devices are not consistently and effectively implemented. The Department of Homeland Security (DHS), National Cyber Security Division (NCSD), established the Control Systems Security Center (CSSC) at INL to help industry and government improve the security of the CSs used in the nation's critical infrastructures. One of the main CSSC objectives is to identify control system vulnerabilities and develop effective mitigations for them. This paper discusses common problems and vulnerabilities seen in

434

Neumann Receives Computer System Security Award  

Science Conference Proceedings (OSTI)

... in the area of information security and assurance. ... significant long-term contributions to computer security ... trade, and improve the quality of life. ...

2012-12-13T23:59:59.000Z

435

Quantitative Cyber Risk Reduction Estimation Methodology for a Small Scada Control System  

SciTech Connect

We propose a new methodology for obtaining a quick quantitative measurement of the risk reduction achieved when a control system is modified with the intent to improve cyber security defense against external attackers. The proposed methodology employs a directed graph called a compromise graph, where the nodes represent stages of a potential attack and the edges represent the expected time-to-compromise for differing attacker skill levels. Time-to-compromise is modeled as a function of known vulnerabilities and attacker skill level. The methodology was used to calculate risk reduction estimates for a specific SCADA system and for a specific set of control system security remedial actions. Despite an 86% reduction in the total number of vulnerabilities, the estimated time-to-compromise was increased only by about 3 to 30% depending on target and attacker skill level.

Miles A. McQueen; Wayne F. Boyer; Mark A. Flynn; George A. Beitel

2006-01-01T23:59:59.000Z

436

Agent-based Cyber Control Strategy Design for Resilient Control Systems: Concepts, Architecture and Methodologies  

SciTech Connect

The implementation of automated regulatory control has been around since the middle of the last century through analog means. It has allowed engineers to operate the plant more consistently by focusing on overall operations and settings instead of individual monitoring of local instruments (inside and outside of a control room). A similar approach is proposed for cyber security, where current border-protection designs have been inherited from information technology developments that lack consideration of the high-reliability, high consequence nature of industrial control systems. Instead of an independent development, however, an integrated approach is taken to develop a holistic understanding of performance. This performance takes shape inside a multiagent design, which provides a notional context to model highly decentralized and complex industrial process control systems, the nervous system of critical infrastructure. The resulting strategy will provide a framework for researching solutions to security and unrecognized interdependency concerns with industrial control systems.

Craig Rieger; Milos Manic; Miles McQueen

2012-08-01T23:59:59.000Z

437

NIST.gov - Computer Security Division - Computer Security ...  

Science Conference Proceedings (OSTI)

... cyber maryLaNd summit. DATE: ... Cyber Maryland Report Cover (click image to follow link to full report - you will be leaving NIST webservers). ...

438

Quality of Security Service  

Science Conference Proceedings (OSTI)

... here has been to help determine if this reliability, predictability and efficiency can be ... That is, a range may be unitary, or degenerate, in which case it ...

2000-11-03T23:59:59.000Z

439

CyberGIS software: a synthetic review and integration roadmap  

Science Conference Proceedings (OSTI)

CyberGIS defined as cyberinfrastructure-based geographic information systems (GIS) has emerged as a new generation of GIS representing an important research direction for both cyberinfrastructure and geographic information science. This study introduces a 5-year effort funded by the US National Science Foundation to advance the science and applications of CyberGIS, particularly for enabling the analysis of big spatial data, computationally intensive spatial analysis and modeling (SAM), and collaborative geospatial problem-solving and decision-making, simultaneously conducted by a large number of users. Several fundamental research questions are raised and addressed while a set of CyberGIS challenges and opportunities are identified from scientific perspectives. The study reviews several key CyberGIS software tools that are used to elucidate a vision and roadmap for CyberGIS software research. The roadmap focuses on software integration and synthesis of cyberinfrastructure, GIS, and SAM by defining several key integration dimensions and strategies. CyberGIS, based on this holistic integration roadmap, exhibits the following key characteristics: high-performance and scalable, open and distributed, collaborative, service-oriented, user-centric, and community-driven. As a major result of the roadmap, two key CyberGIS modalities gateway and toolkit combined with a community-driven and participatory approach have laid a solid foundation to achieve scientific breakthroughs across many geospatial communities that would be otherwise impossible.

Wang, Shaowen [University of Illinois, Urbana-Champaign; Anselin, Luc [Arizona State University; Bhaduri, Budhendra L [ORNL; Cosby, Christopher [University Navstar Consortium, Boulder, CO; Goodchild, Michael [University of California, Santa Barbara; Liu, Yan [University of Illinois, Urbana-Champaign; Nygers, Timothy L. [University of Washington, Seattle

2013-01-01T23:59:59.000Z

440

National SCADA Test Bed Enhancing control systems security in the energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

SCADA Test Bed Enhancing control systems security in the SCADA Test Bed Enhancing control systems security in the energy sector National SCADA Test Bed Enhancing control systems security in the energy sector Improving the security of energy control systems has become a national priority. Since the mid-1990's, security experts have become increasingly concerned about the threat of malicious cyber attacks on the vital supervisory control and data acquisition (SCADA) and distributed control systems (DCS) used to monitor and manage our energy infrastructure. Many of the systems still in use today were designed to operate in closed, proprietary networks. National SCADA Test Bed Enhancing control systems security in the energy sector More Documents & Publications NSTB Summarizes Vulnerable Areas Transmission and Distribution World March 2007: DOE Focuses on Cyber

Note: This page contains sample records for the topic "quality security cyber" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


441

Sandia National Laboratories: The Center for Cyber Defenders...  

NLE Websites -- All DOE Office Websites (Extended Search)

Us Screen reader users: click here for plain HTML Go to Google Maps Home The Center for Cyber Defenders Loading... Still loading... Slow? Use the troubleshooting guide or basic...

442

UPBOT: a testbed for cyber-physical systems  

Science Conference Proceedings (OSTI)

Developing software for cyber-physical systems presents a unique challenge. These systems are not simply software; they are composed of software running on a collection of machines that present a risk to human safety if anything goes wrong. Researchers ...

Tanya L. Crenshaw; Steven Beyer

2010-08-01T23:59:59.000Z

443

Loosely time-triggered architectures for cyber-physical systems  

Science Conference Proceedings (OSTI)

Cyber-Physical Systems require distributed architectures to support safety critical real-time control. Kopetz' Time-Triggered Architectures (TTA) have been proposed as both an architecture and a comprehensive paradigm for systems architecture, for such ...

Albert Benveniste

2010-03-01T23:59:59.000Z

444

Global Security  

NLE Websites -- All DOE Office Websites (Extended Search)

Global Security Global Security LANL's mission is to develop and apply science and technology to ensure the safety, security, and effectiveness of the U.S. nuclear deterrent;...

445

Security metrics for source code structures  

Science Conference Proceedings (OSTI)

Software security metrics are measurements to assess security related imperfections (or perfections) introduced during software development. A number of security metrics have been proposed. However, all the perspectives of a software system have not ... Keywords: code quality and security., metrics, security metrics

Istehad Chowdhury; Brian Chan; Mohammad Zulkernine

2008-05-01T23:59:59.000Z

446

Building the Next Generation of Cyber Defenders  

Science Conference Proceedings (OSTI)

... the National Security Agency and the Energy ... Management (IAM) and Information Assurance ... new theatre of battle ? Enter a job market where there ...

2013-09-17T23:59:59.000Z

447

Security Plans  

Science Conference Proceedings (OSTI)

... Appendix A Glossary - A glossary of security terms used within the security planning document. ... F, Glossary. None applicable.

2013-09-30T23:59:59.000Z

448

National Security & Safety | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Safety Safety National Security & Safety In the video above, three veterans discuss how the skills they learned in the service are helping them advance energy security and grow the clean energy economy. The veterans shared their experiences at a Champions of Change event at the White House. | Video by Matty Greene, Energy Department. The Energy Department plays an important and multifaceted role in protecting national security. In addition to our work to increase nuclear nonproliferation and ensure the security of the U.S. nuclear weapons stockpile, we manage the Strategic Petroleum Reserve, invest in protections against cyber and physical attacks on U.S. energy infrastructure, conduct programs to ensure worker health and safety, provide training tools and

449

Protecting Accelerator Control Systems in the Face of Sophisticated Cyber Attacks  

SciTech Connect

Cyber security for industrial control systems has received significant attention in the past two years. The news coverage of the Stuxnet attack, believed to be targeted at the control system for a uranium enrichment plant, brought the issue to the attention of news media and policy makers. This has led to increased scrutiny of control systems for critical infrastructure such as power generation and distribution, and industrial systems such as chemical plants and petroleum refineries. The past two years have also seen targeted network attacks aimed at corporate and government entities including US Department of Energy National Laboratories. Both of these developments have potential repercussions for the control systems of particle accelerators. The need to balance risks from potential attacks with the operational needs of an accelerator present a unique challenge for the system architecture and access model.

Hartman, Steven M [ORNL

2012-01-01T23:59:59.000Z

450

Data Intensive Architecture for Scalable Cyber Analytics  

SciTech Connect

Cyber analysts are tasked with the identification and mitigation of network exploits and threats. These compromises are difficult to identify due to the characteristics of cyber communication, the volume of traffic, and the duration of possible attack. It is necessary to have analytical tools to help analysts identify anomalies that span seconds, days, and weeks. Unfortunately, providing analytical tools effective access to the volumes of underlying data requires novel architectures, which is often overlooked in operational deployments. Our work is focused on a summary record of communication, called a flow. Flow records are intended to summarize a communication session between a source and a destination, providing a level of aggregation from the base data. Despite this aggregation, many enterprise network perimeter sensors store millions of network flow records per day. The volume of data makes analytics difficult, requiring the development of new techniques to efficiently identify temporal patterns and potential threats. The massive volume makes analytics difficult, but there are other characteristics in the data which compound the problem. Within the billions of records of communication that transact, there are millions of distinct IP addresses involved. Characterizing patterns of entity behavior is very difficult with the vast number of entities that exist in the data. Research has struggled to validate a model for typical network behavior with hopes it will enable the identification of atypical behavior. Complicating matters more, typically analysts are only able to visualize and interact with fractions of data and have the potential to miss long term trends and behaviors. Our analysis approach focuses on aggregate views and visualization techniques to enable flexible and efficient data exploration as well as the capability to view trends over long periods of time. Realizing that interactively exploring summary data allowed analysts to effectively identify events, we utilized multidimensional OLAP data cubes. The data cube structure supports interactive analysis of summary data across multiple dimensions, such as location, time, and protocol. Cube technology also allows the analyst to drill-down into the underlying data set, when events of interest are identified and detailed analysis is required. Unfortunately, when creating these cubes, we ran into significant performance issues with our initial architecture, caused by a combination of the data volume and attribute characteristics. Overcoming, these issues required us to develop a novel, data intensive computing infrastructure. In particular, we ended up combining a Netezza Twin Fin data warehouse appliance, a solid state Fusion IO ioDrive, and the Tableau Desktop business intelligence analytic software. Using this architecture, we were able to analyze a month's worth of flow records comprising 4.9B records, totaling approximately 600GB of data. This paper describes our architecture, the challenges that we encountered, and the work that remains to deploy a fully generalized cyber analytical infrastructure.

Olsen, Bryan K.; Johnson, John R.; Critchlow, Terence J.

2011-11-15T23:59:59.000Z

451

Cumulative strategic capability and performance of early movers and followers in the cyber market  

Science Conference Proceedings (OSTI)

Today, the cyber market is evolving rapidly in the networked age. In the cyber market, the traditional competitive strategy appears to no longer be effective. This study investigates the strategic choice differences of online firms based on their strategic ... Keywords: Cyber market, Early mover, Follower, Porter's generic strategies, Sand Cone model

Sang-Gun Lee; Chulmo Koo; Kichan Nam

2010-06-01T23:59:59.000Z

452

On the impact of physical-cyber world interactions during unexpected events  

Science Conference Proceedings (OSTI)

Physical world events have a strong and direct impact on the communication activity seen in the cyber world. In this paper, we present three physical world events where we conducted passive network traffic measurements to study the interaction between ... Keywords: cyber world behavior, cyber-physical world interactions, emergency response, high network traffic deviation, non-invasive network measurement, unexpected events, wireless mesh networks

B. S. Manoj; Bheemarjuna Reddy Tamma; Ramesh R. Rao

2011-12-01T23:59:59.000Z

453

An efficient secure code approach based on indexed table quasi group encryption with Hadamard and Number Theoretic Transformation for software protection  

Science Conference Proceedings (OSTI)

Software security has become one of the active areas of research due to various cyber threats and attacks that can be very dangerous. A majority of these software threats directly affects the security aspects such as confidentiality, integrity and accessibility. ... Keywords: Number Theoretic Transforms and Hadamard transforms, cryptography, encryption, indexed table, quasigroup, software piracy

N. Sasirekha; M. Hemalatha

2012-10-01T23:59:59.000Z

454

or are "Cyberspace " and "Cyber Space " the same?  

E-Print Network (OSTI)

This project has at least two facets to it: (1) advancing the algorithms in the sub-field of bibliometrics often referred to as "text mining " whereby hundreds of thousands of documents (such as journal articles) are scanned and relationships amongst words and phrases are established and (2) applying these tools in support of the Explorations in Cyber International Relations (ECIR) research effort. In international relations, it is important that all the parties understand each other. Although dictionaries, glossaries, and other sources tell you what words/phrases are supposed to mean (somewhat complicated by the fact that they often contradict each other), they do not tell you how people are actually using them. As an example, when we started, we assumed that "cyberspace " and "cyber space " were essentially the same word with just a minor variation in punctuation (i.e., the space, or lack thereof, between "cyber " and "space") and that the choice of the punctuation was a rather random occurrence. With that assumption in mind, we would expect that the taxonomies that would be constructed by our algorithms using "cyberspace " and "cyber space " as seed terms would be basically the same. As it turned out, they were quite different, both in overall shape and groupings within the taxonomy. Since the overall field of cyber international relations is so new, understanding the field and how people think about (as evidenced by their actual usage of terminology, and how usage changes over time) is an important goal as part of the overall ECIR project. 1.

Steven Camia; Stuart Madnick; Nazli Choucri; Wei Lee Woon; Steven Camia; Wei Lee Woon

2011-01-01T23:59:59.000Z

455

Compliance Order, Los Alamos National Security, LLC - July 12, 2007 |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Compliance Order, Los Alamos National Security, LLC - July 12, 2007 Compliance Order, Los Alamos National Security, LLC - July 12, 2007 Compliance Order, Los Alamos National Security, LLC - July 12, 2007 July 12, 2007 Issued to Los Alamos National Security, LLC related to the Unauthorized Reproduction and Removal of Classified Matter from the Los Alamos National Laboratory The Compliance Order directs LANS to implement specific corrective actions to remediate both the laboratory management deficiencies that contributed to the thumb drive security incident at Los Alamos National Laboratory (LANL) discovered in October 2006 and, more broadly, longstanding deficiencies in the classified information and cyber security programs at LANL. Violation of the Compliance Order would subject LANS to issuance of a notice of violation and assessment of civil penalties up to S100,000 per

456

Compliance Order, Los Alamos National Security, LLC - July 12, 2007 |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Compliance Order, Los Alamos National Security, LLC - July 12, 2007 Compliance Order, Los Alamos National Security, LLC - July 12, 2007 Compliance Order, Los Alamos National Security, LLC - July 12, 2007 July 12, 2007 Issued to Los Alamos National Security, LLC related to the Unauthorized Reproduction and Removal of Classified Matter from the Los Alamos National Laboratory The Compliance Order directs LANS to implement specific corrective actions to remediate both the laboratory management deficiencies that contributed to the thumb drive security incident at Los Alamos National Laboratory (LANL) discovered in October 2006 and, more broadly, longstanding deficiencies in the classified information and cyber security programs at LANL. Violation of the Compliance Order would subject LANS to issuance of a notice of violation and assessment of civil penalties up to S100,000 per

457

Process Control Systems in the Chemical Industry: Safety vs. Security  

Science Conference Proceedings (OSTI)

Traditionally, the primary focus of the chemical industry has been safety and productivity. However, recent threats to our nations critical infrastructure have prompted a tightening of security measures across many different industry sectors. Reducing vulnerabilities of control systems against physical and cyber attack is necessary to ensure the safety, security and effective functioning of these systems. The U.S. Department of Homeland Security has developed a strategy to secure these vulnerabilities. Crucial to this strategy is the Control Systems Security and Test Center (CSSTC) established to test and analyze control systems equipment. In addition, the CSSTC promotes a proactive, collaborative approach to increase industry's awareness of standards, products and processes that can enhance the security of control systems. This paper outlines measures that can be taken to enhance the cybersecurity of process control systems in the chemical sector.

Jeffrey Hahn; Thomas Anderson

2005-04-01T23:59:59.000Z

458

Securing cloud infrastructure against co-resident DoS attacks using game theoretic defense mechanisms  

Science Conference Proceedings (OSTI)

Evolution in cloud services and infrastructure has been constantly reshaping the way we conduct business and provide services in our day to day lives. Tools and technologies created to improve such cloud services can also be used to impair them. By using ... Keywords: cloud computing infrastructure, cyber security, denial of service (DoS), game theory

Harkeerat Singh Bedi; Sajjan Shiva

2012-08-01T23:59:59.000Z

459

A spotlight on security and privacy risks with future household robots: attacks and lessons  

Science Conference Proceedings (OSTI)

Future homes will be populated with large numbers of robots with diverse functionalities, ranging from chore robots to elder care robots to entertainment robots. While household robots will offer numerous benefits, they also have the potential to introduce ... Keywords: cyber-physical systems, domestic robots, household robots, multi-robot attack, privacy, robots, security, single-robot attack, ubiquitous robots

Tamara Denning; Cynthia Matuszek; Karl Koscher; Joshua R. Smith; Tadayoshi Kohno

2009-09-01T23:59:59.000Z

460

Active security  

Science Conference Proceedings (OSTI)

In this paper we introduce active security, a new methodology which introduces programmatic control within a novel feedback loop into the defense infrastructure. Active security implements a unified programming environment which provides interfaces ... Keywords: central management, digital forensics, network security

Ryan Hand, Michael Ton, Eric Keller

2013-11-01T23:59:59.000Z

Note: This page contains sample records for the topic "quality security cyber" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


461

Critical issues in process control system security : DHS spares project.  

SciTech Connect

The goals of this event are: (1) Discuss the next-generation issues and emerging risks in cyber security for control systems; (2) Review and discuss common control system architectures; (3) Discuss the role of policy, standards, and supply chain issues; (4) Interact to determine the most pertinent risks and most critical areas of the architecture; and (5) Merge feedback from Control System Managers, Engineers, IT, and Auditors.

Hernandez, Jacquelynne; McIntyre, Annie; Henrie, Morgan

2010-10-01T23:59:59.000Z

462

NIST Manuscript Publication Search  

Science Conference Proceedings (OSTI)

... Title: The Economic Benefits from Improved Cyber Security Infrastructure. ... Pages: 6 pp. Keywords: cyber security; economic; cyber infrastructure. ...

2013-05-22T23:59:59.000Z

463

A Game Theoretical Approach to Communication Security  

E-Print Network (OSTI)

Security solutions . . . . . . . . . . . . . . . .Practical security solutions . . . . . . . . . . . . .Communication security

Gueye, Assane

2011-01-01T23:59:59.000Z

464

Windows Phone 7 Configuration for UR_RC_InternalSecure {Please note that the quality of the screenshots is subject to lack of a screenshot function on Windows Mobile 7 Phone}  

E-Print Network (OSTI)

Windows Phone 7 Configuration for UR_RC_InternalSecure {Please note that the quality of the screenshots is subject to lack of a screenshot function on Windows Mobile 7 Phone} Page 1 of 4 http the Windows logoimprinted button usually on the bottom of the device. Note the arrow in upper right

Portman, Douglas

465

Computationally Efficient Neural Network Intrusion Security Awareness  

SciTech Connect

An enhanced version of an algorithm to provide anomaly based intrusion detection alerts for cyber security state awareness is detailed. A unique aspect is the training of an error back-propagation neural network with intrusion detection rule features to provide a recognition basis. Network packet details are subsequently provided to the trained network to produce a classification. This leverages rule knowledge sets to produce classifications for anomaly based systems. Several test cases executed on ICMP protocol revealed a 60% identification rate of true positives. This rate matched the previous work, but 70% less memory was used and the run time was reduced to less than 1 second from 37 seconds.

Todd Vollmer; Milos Manic

2009-08-01T23:59:59.000Z

466

Cyber-sustainability: leaving a lasting legacy of human wellbeing  

Science Conference Proceedings (OSTI)

This paper presents a case for the importance of sustainability in HCI as it relates to the Web. So far, the discussion about sustainability in HCI has focused on environmental aspects. However, our belief is that cyber-sustainability is much greater ... Keywords: cyberspace, design, environment, sustainability, wellbeing, worldview

Bran Richards; Stuart Walker; Lynne Blair

2011-07-01T23:59:59.000Z

467

Cyber-physical systems for next generation intelligent buildings  

Science Conference Proceedings (OSTI)

The proliferation of the smart grid creates new opportunities for large buildings to act as smart end-points that provide mutually beneficial services for building occupants and the grid. In this article we describe how Cyber-Physical systems that provide ...

Andreas Savvides; Ioannis Paschalidis; Michael Caramanis

2011-06-01T23:59:59.000Z

468

PARS II New Contractor Information for Interconnection Security Agreement  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

New Contractor Information for Interconnection Security Agreement New Contractor Information for Interconnection Security Agreement V1.0 (November 18, 2010) The Department of Energy (DOE) Headquarters Program Cyber Security Plan (PCSP), dated February 2008, requires the Project Assessment and Reporting System (PARS) II System Owner and the contractor sign an Interconnection Security Agreement (ISA). The requirement for an Interconnection Security Agreement can be found on page 182 of the PCSP. The ISA template is available for review on the PARS II portal (http://management.energy.gov/online_resources/pars2.htm) under Contractor Documents. Before the contractor begins sending data to PARS II, DOE will send the ISA to the contractor for review and signature. In order to prepare the ISA for review and signature, the PARS II Support Team needs

469

National Security & Safety Reports | Department of Energy  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

July 2, 2012 July 2, 2012 Inspection Report: INS-O-12-02 Management of Explosives at Selected Department Sites June 29, 2012 Audit Report: OAS-M-12-05 Office of Secure Transportation Capabilities May 31, 2012 Audit Report: IG-0866 Integrated Safety Management at Sandia National Laboratories April 23, 2012 Audit Report: OAS-L-12-05 The Joint Actinide Shock Physics Experimental Research Facility at the Nevada National Security Site March 6, 2012 Inspection Report: INS-L-12-02 Follow-up Inspection on Security Clearance Terminations and Badge Retrieval at the Lawrence Livermore National Laboratory February 28, 2012 Audit Report: IG-0860 The Department of Energy's Implementation of Homeland Security Presidential Directive 12 November 15, 2011 Evaluation Report: OAS-M-12-01 The Federal Energy Regulatory Commission's Unclassified Cyber Security

470

DOE and Industry Showcase New Control Systems Security Technologies at  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Technology Development » Energy Delivery Systems Technology Development » Energy Delivery Systems Cybersecurity » Control Systems Security News Archive » DOE and Industry Showcase New Control Systems Security Technologies at DistribuTECH DOE and Industry Showcase New Control Systems Security Technologies at DistribuTECH DistribuTECH Conference Tuesday-Thursday, March 23-25, 2010 Tampa Convention Center Booth #231 Tampa, FL Join the Department of Energy and its industry partners as they showcase six new products and technologies designed to secure the nation's energy infrastructure from cyber attack on Tuesday through Thursday, March 23-25. Visit Booth #231 at the DistribuTECH 2010 Conference & Exhibition in Tampa, FL, to see first-hand demonstrations of several newly commercialized control systems security products-each developed through a

471

August 2012 CIP Report Focuses on Smart Grid Security | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

August 2012 CIP Report Focuses on Smart Grid Security August 2012 CIP Report Focuses on Smart Grid Security August 2012 CIP Report Focuses on Smart Grid Security September 4, 2012 - 2:01pm Addthis The August 2012 issue of The CIP Report from George Mason University's Center for Infrastructure Protection and Homeland Security highlights the significance and challenges to securing the smart grid. The report includes an overview of smart grid security by Deputy Assistant Secretary Hank Kenchington and the findings for reducing cyber risks from the Workshop on Securing the Smart Grid: Best Practices in Supply Chain Security, Integrity, and Resilience. The issue also includes contributions from Progress Energy explaining their collaborative efforts in building bridges between operations technology, information technology, and supply chain

472

August 2012 CIP Report Focuses on Smart Grid Security | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

August 2012 CIP Report Focuses on Smart Grid Security August 2012 CIP Report Focuses on Smart Grid Security August 2012 CIP Report Focuses on Smart Grid Security September 4, 2012 - 2:01pm Addthis The August 2012 issue of The CIP Report from George Mason University's Center for Infrastructure Protection and Homeland Security highlights the significance and challenges to securing the smart grid. The report includes an overview of smart grid security by Deputy Assistant Secretary Hank Kenchington and the findings for reducing cyber risks from the Workshop on Securing the Smart Grid: Best Practices in Supply Chain Security, Integrity, and Resilience. The issue also includes contributions from Progress Energy explaining their collaborative efforts in building bridges between operations technology, information technology, and supply chain

473

Cyber Criminals on the Internet Super Highways: A Technical Investigation of Different Shades and Colours within the Nigerian Cyber Space  

Science Conference Proceedings (OSTI)

The internet has impacted the lives of individuals, organisations, and governments all over the world. However, it is now viewed and adopted with caution due mainly to the criminal tendencies of some misguided elements within the society. The internet ... Keywords: Cyber Crimes, E-Mails, Internet, Nigeria, Stakeholders

Edwin Agwu

2013-04-01T23:59:59.000Z

474

Secure Facilities & Capabilities | National Security | ORNL  

NLE Websites -- All DOE Office Websites (Extended Search)

Facilities Events and Conferences Supporting Organizations National Security Home | Science & Discovery | National Security | Facilities SHARE Secure Facilities and Capabilities...

475

TCIP: Trustworthy CyberInfrastructure for the Power Grid | Department of  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

TCIP: Trustworthy CyberInfrastructure for the Power Grid TCIP: Trustworthy CyberInfrastructure for the Power Grid TCIP: Trustworthy CyberInfrastructure for the Power Grid The TCIP, or Trustworthy CyberInfrastructure for the Power Grid, project's vision is to provide the fundamental science and technology to create an intelligent, adaptive power grid which survives malicious adversaries, provides continuous delivery of power, and supports dynamically varying trust requirements. This goal may be reached by creating the cyber building blocks, architecture, and validation technology to quantify the amount of trust provided by a proposed approach. The presentation below was given by William H. Saunders at the Visualization and Controls Program Peer Review in October 2006. TCIP: Trustworthy CyberInfrastructure for the Power Grid

476

Software Assurance: Enabling Security throughout the ...  

Science Conference Proceedings (OSTI)

... Vulnerability Assessment & Management Cyber Threat Analysis ... used to produce and transform the software (brief summary response)? ? ? ? ...

2012-10-15T23:59:59.000Z

477

Security Cases  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

security-cases Office of Hearings and Appeals 1000 security-cases Office of Hearings and Appeals 1000 Independence Ave., SW Washington, DC, 20585 202-287-1566 en PSH-13-0103 - In the Matter of Personnel Security http://energy.gov/oha/downloads/psh-13-0103-matter-personnel-security security" class="title-link">PSH-13-0103 - In the Matter of Personnel Security

478

Security Policy  

Science Conference Proceedings (OSTI)

... M/S ACES Pvt. Ltd. Pakistan Page Security Policy ... 2013 M/S ACES Pvt. Ltd. Pakistan 5/27/2013 Page 2. [SECURITY POLICY] May 27, 2013 ...

2013-05-29T23:59:59.000Z

479

Cyber-Enabled Ab Initio Simulations in Nanohub.org: Simulation ...  

Science Conference Proceedings (OSTI)

This presentation describes recent progress in cyber-enabling ab initio codes and in the development and deployment of supporting material and learning...

480

Agenda for the Designed-in Cybersecurity for Cyber-Physical ...  

Science Conference Proceedings (OSTI)

Page 1. Designed-in Cybersecurity for Cyber-Physical Systems Workshop Thursday, April 4, 2013 8:00 Breakfast 9:00 Plenary ...

2013-04-03T23:59:59.000Z

Note: This page contains sample records for the topic "quality security cyber" from the National Library of EnergyBeta (NLEBeta).
While these samples are representative of the content of NLEBeta,
they are not comprehensive nor are they the most current set.
We encourage you to perform a real-time search of NLEBeta
to obtain the most current and comprehensive results.


481

Life-changing Computer Security Research careers. The Sandia Difference  

NLE Websites -- All DOE Office Websites (Extended Search)

Addressing sophisticated cyber threats demands a Addressing sophisticated cyber threats demands a multidisciplinary team with a unique mindset. Sandia provides challenging career opportunities for those with a passion to tackle the complexities of protecting critical systems. World-changing technologies. Life-changing Computer Security Research careers. The Sandia Difference S A N D I A E N V I R O N M E N T At Sandia, you will have access to first-class, state- of-the-art facilities and equipment to develop advanced technologies. Sandia's unique work requires the collective, creative minds of the nation's top scientists, engineers, and support staff. L O C A T I O N & W E A T H E R Sandia's principal sites are in Albuquerque, NM and Livermore, CA. You will find diverse cultural, sport, and outdoor activities amid countryside and climate

482

Roadmap to Secure Control Systems in the Energy Sector  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Roadmap Roadmap to Secure Control Systems in the Energy Sector -  - Foreword T his document, the Roadmap to Secure Control Systems in the Energy Sector, outlines a coherent plan for improing cyber security in the energy sector. It is the result of an unprecedented collaboration between the energy sector and goernment to identify concrete steps to secure control systems used in the electricity, oil, and natural gas sectors oer the next ten years. The Roadmap proides a strategic framework for guiding industry and goernment efforts based on a clear ision supported by goals and time-based milestones. It addresses the energy sector's most urgent challenges as well as longer-term needs and practices. A distinctie feature of this collaboratie effort is the actie inolement and leadership of energy asset

483

OPC Security Whitepaper #3Hardening Guidelines for OPC Hosts | Department  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

OPC Security Whitepaper #3Hardening Guidelines for OPC Hosts OPC Security Whitepaper #3Hardening Guidelines for OPC Hosts OPC Security Whitepaper #3Hardening Guidelines for OPC Hosts In recent years, Supervisory Control and Data Acquisition (SCADA), process control and industrial manufacturing systems have increasingly relied on commercial Information Technologies (IT) such as Ethernet(tm), Transmission Control Protocol/Internet Protocol (TCP/IP) and Windows® for both critical and non-critical communications. This has made the interfacing of industrial control equipment much easier, but has resulted in significantly less isolation from the outside world, resulting in the increased risk of cyber-based attacks impacting industrial production and human safety. OPC Security Whitepaper #3 Hardening Guidelines for OPC Hosts

484

Enforcement Letter, National Security Technologies, LLC - May...  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

May 21, 2007 Enforcement Letter issued to National Security Technologies, LLC related to Nuclear Safety Quality Assurance Requirements Deficiencies at the Nevada Test Site The...

485

SecureBox: National Security Through Secure Cargo Team Members  

SecureBox: National Security Through Secure Cargo Team Members: Front Row (left to right): Howard Lowdermilk, Greg Dallum, Faranak Nekoogar, Vickie ...

486

Virtual Queue Based Distributed Data Traffic Scheduling for Cyber Physical Systems with Application in Smart Grid  

Science Conference Proceedings (OSTI)

Communication is needed in cyber physical system (CPS) to convey information from sensors to controllers. In this paper, a wireless network is considered to serve as the communication infrastructure in CPS. The data traffic scheduling problem is studied ... Keywords: Kalman filtering, cyber physical system, scheduling

Husheng Li

2012-06-01T23:59:59.000Z

487

Toward a cyber-physical topology language: applications to NERC CIP audit  

Science Conference Proceedings (OSTI)

Our Cyber-Physical Topology Language (CPTL) provides a language that utilities can use to programmatically analyze current and future cyber-physical architectures. The motivation for our research emerged from the importance and limitations of several ... Keywords: NERC CIP, audit, graph theory

Gabriel A. Weaver, Carmen Cheh, Edmond J. Rogers, William H. Sanders, Dennis Gammel

2013-11-01T23:59:59.000Z

488

Modeling Effects of Physical Factors on Controller Area Network in Cyber-physical Systems  

Science Conference Proceedings (OSTI)

Cyber-physical systems (CPS) are becoming a promising research field to integrate the computing components, the physical processes, and the communication networks. A primary challenge in designing CPS is to understand the effect of physical factors on ... Keywords: Cyber-physical systems (CPS), Controller Area Network (CAN), performance analysis, temperature, electromagnetic interference

Bo Shen, Xingshe Zhou, Ru Wang

2013-08-01T23:59:59.000Z

489

Routing in Cyber Physical Systems with Application for Voltage Control in Microgrids: A Hybrid System Approach  

Science Conference Proceedings (OSTI)

A key challenge of cyber physical system is how to design the communication system. In this paper, the framework of hybrid system which consists of both continuous and discrete system states is adopted for the communication system design, particularly ... Keywords: cyber physical system, hybrid systems, routing

Husheng Li; Robert C. Qiu; Zhiqiang Wu

2012-06-01T23:59:59.000Z

490

Proceedings of the ACM/IEEE 4th International Conference on Cyber-Physical Systems  

Science Conference Proceedings (OSTI)

This volume contains the papers presented at the Fourth IEEE/ACM International Conference on Cyber-Physical Systems (ICCPS 2013), which was held with the Cyber- Physical Systems Week in Philadelphia, USA, on 8-11 April 2013. ICCPS has been the flagship ...

Chenyang Lu, P. R. Kumar, R. Stoleru

2013-04-01T23:59:59.000Z

491

Integrating CyberGIS gateway with Windows Azure: a case study on MODFLOW groundwater simulation  

Science Conference Proceedings (OSTI)

The CyberGIS Gateway represents a cutting-edge cyberin-frastructure-based geographic information system that facilitates computationally intensive and collaborative spatial analysis and modeling. As more and more geospatial problems are becoming increasingly ... Keywords: CyberGIS, MODFLOW, Windows Azure, cloud computing, science gateway

Babak Behzad; Anand Padmanabhan; Yong Liu; Yan Liu; Shaowen Wang

2011-11-01T23:59:59.000Z

492

Modeling Complex Control Systems to Identify Remotely Accessible Devices Vulnerable to Cyber Attack1  

E-Print Network (OSTI)

Modeling Complex Control Systems to Identify Remotely Accessible Devices Vulnerable to Cyber Attack Acquisition (SCADA) systems that allows us to calculate device vulnerability and help power substation vulnerable to cyber attack. We use graph theory to model electric power control and protection devices

Krings, Axel W.

493

Measurable Control System Security through Ideal Driven Technical Metrics  

Science Conference Proceedings (OSTI)

The Department of Homeland Security National Cyber Security Division supported development of a small set of security ideals as a framework to establish measurable control systems security. Based on these ideals, a draft set of proposed technical metrics was developed to allow control systems owner-operators to track improvements or degradations in their individual control systems security posture. The technical metrics development effort included review and evaluation of over thirty metrics-related documents. On the bases of complexity, ambiguity, or misleading and distorting effects the metrics identified during the reviews were determined to be weaker than necessary to aid defense against the myriad threats posed by cyber-terrorism to human safety, as well as to economic prosperity. Using the results of our metrics review and the set of security ideals as a starting point for metrics development, we identified thirteen potential technical metrics - with at least one metric supporting each ideal. Two case study applications of the ideals and thirteen metrics to control systems were then performed to establish potential difficulties in applying both the ideals and the metrics. The case studies resulted in no changes to the ideals, and only a few deletions and refinements to the thirteen potential metrics. This led to a final proposed set of ten core technical metrics. To further validate the security ideals, the modifications made to the original thirteen potential metrics, and the final proposed set of ten core metrics, seven separate control systems security assessments performed over the past three years were reviewed for findings and recommended mitigations. These findings and mitigations were then mapped to the security ideals and metrics to assess gaps in their coverage. The mappings indicated that there are no gaps in the security ideals and that the ten core technical metrics provide significant coverage of standard security issues with 87% coverage. Based on the two case studies and evaluation of the seven assessments, the security ideals demonstrated their value in guiding security thinking. Further, the final set of core technical metrics has been demonstrated to be both usable in the control system environment and provide significant coverage of standard security issues.

Miles McQueen; Wayne Boyer; Sean McBride; Marie Farrar; Zachary Tudor

2008-01-01T23:59:59.000Z

494

Safety, Security  

NLE Websites -- All DOE Office Websites (Extended Search)

Safety, Security Safety, Security Safety, Security LANL's mission is to develop and apply science and technology to ensure the safety, security, and reliability of the U.S. nuclear deterrent; reduce global threats; and solve other emerging national security and energy challenges. Contact Operator Los Alamos National Laboratory (505) 667-5061 We do not compromise safety for personal, programmatic, or operational reasons. Safety: we integrate safety, security, and environmental concerns into every step of our work Our commitments We conduct our work safely and responsibly to achieve our mission. We ensure a safe and healthful environment for workers, contractors, visitors, and other on-site personnel. We protect the health, safety, and welfare of the general public. We do not compromise safety for personal, programmatic, or

495

Transportation Security  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

For Review Only 1 Transportation Security Draft Annotated Bibliography Review July 2007 Preliminary Draft - For Review Only 2 Work Plan Task * TEC STG Work Plan, dated 8206,...

496

Global Security  

NLE Websites -- All DOE Office Websites (Extended Search)

transparency, and security that are preconditions to the ultimate fulfillment of the Non-Proliferation Treaty's goals and ambitions. Open Source Center The Open Source Center...

497

Security Automation Conference & Workshop  

Science Conference Proceedings (OSTI)

... Security Automation Conference & Workshop. ... Richard Hale, DISA - Information Security & Security Automation in DoD (coming soon); ...

498

HIPAA Security Rule  

Science Conference Proceedings (OSTI)

Related ActivitiesHIPAA Security RuleHealth Information Exchange (HIE) Security Architecture. Related ... HIPAA Security Rule. NIST ...

2011-11-21T23:59:59.000Z

499

Security Enforcement Reporting Criteria  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

Classified Information Security Noncompliance Reporting Criteria January 2012 MANDATORY SECURITY INCIDENT REPORTING Classified information security noncompliances are categorized...

500

VIDEO: Secretary Moniz on Meeting U.S. Energy Security Policy Challenges |  

Energy.gov (U.S. Department of Energy (DOE)) Indexed Site

VIDEO: Secretary Moniz on Meeting U.S. Energy Security Policy VIDEO: Secretary Moniz on Meeting U.S. Energy Security Policy Challenges VIDEO: Secretary Moniz on Meeting U.S. Energy Security Policy Challenges October 26, 2013 - 3:35pm Addthis Secretary Moniz speaks at the Center for Strategic and International Studies on October 24, 2013. | Video courtesy of the Center for Strategic and International Studies. Marissa Newhall Marissa Newhall Managing Editor, Energy.gov Learn More About U.S. Energy Security Explore a map that shows the potential effects of climate change on our energy supplies and infrastructure. Learn about recent steps the Energy Department has taken to protect our energy infrastructure from cyber attacks. See ways the Energy Department is working to ensure national security and safety. Read the President's Blueprint for a Secure Energy Future.