National Library of Energy BETA

Sample records for requirements doe cyber

  1. DOE CYBER SECURITY EBK: CORE COMPETENCY TRAINING REQUIREMENTS: CA

    Energy.gov [DOE]

    DOE CYBER SECURITY EBK: CORE COMPETENCY TRAINING REQUIREMENTS. Key Cyber Security Role: Certification Agent (CA)

  2. DOE CYBER SECURITY EBK: MINIMUM CORE COMPETENCY TRAINING REQUIREMENTS...

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    CYBER SECURITY EBK: MINIMUM CORE COMPETENCY TRAINING REQUIREMENTS DOE CYBER SECURITY EBK: MINIMUM CORE COMPETENCY TRAINING REQUIREMENTS puzzle-693870960720.jpg DOE CYBER SECURITY ...

  3. DOE Cyber Strategy | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Cyber Strategy DOE Cyber Strategy The Office of the Chief Information Officer is pleased to announce publication of the U.S. Department of Energy (DOE) Cyber Strategy. 151228-doe-cyber-strategy123.png To meet the challenges of today's rapidly evolving cyber landscape, the Department has crafted a comprehensive cyber strategy rooted in enterprise-wide collaboration, accountability, and transparency. The underlying principles and strategic goals that form the Strategy's foundation attest to DOE's

  4. Extension of DOE Directive on Cyber Security

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2003-06-04

    DOE N 205.4, Handling Cyber Security Alerts and Advisories and Reporting Cyber Security Incidents, is extended until 6/4/04.

  5. Cyber Security Requirements for Wireless Devices and Information Systems

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2004-02-11

    The Notice establishes DOE policy requirements and responsibilities for using wireless networks and devices within DOE and implements the requirements of DOE 0 205.1, Department of Energy Cyber Security Management Program, dated 3-21-03, including requirements for cyber resource protection, risk management, program evaluation, and cyber security plan development and maintenance. No cancellation. DOE N 205.15, dated 3/18/05, extends this directive until 3/18/06.

  6. Cyber Security Process Requirements Manual

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2008-08-12

    The Manual establishes minimum implementation standards for cyber security management processes throughout the Department. Admin Chg 1 dated 9-1-09; Admin Chg 2 dated 12-22-09. Canceled by DOE O 205.1B. No cancellations.

  7. Extension of DOE Directive on Cyber Security

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2004-07-06

    This Notice extends DOE N 205.4, Handling Cyber Security Alerts and Advisories and Reporting Cyber Security Incidents, dated 3-18-02, until 7-6-05.

  8. Cyber Security Requirements for Risk Management

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2004-02-19

    The Notice ensures that system owners consistently assess the threats to and vulnerabilities of systems in order to implement adequate security controls. The Notice will also ensure compliance with the requirements of DOE O 205.1, Department of Energy Cyber Security Management Program, dated 3-21-03, and protect DOE information and information systems from unauthorized access, use, disclosure, modification, or destruction. DOE N 205.15, dated 3/18/05, extends this directive until 3/18/06.

  9. DOE Cyber Distinguished Speaker Series

    Energy.gov [DOE]

    Join us at the Department of Energy’s Cyber Distinguished Speaker Series on Wednesday, 13 January 2016, for an opportunity to expand your knowledge and awareness of today’s most pressing cyber issues.

  10. DOE Cyber Distinguished Speaker Series | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    DOE Cyber Distinguished Speaker Series DOE Cyber Distinguished Speaker Series DOE Cyber Distinguished Speaker Series October DOE CDSS: A Look Forward Recognizing the importance of cybersecurity awareness, President Obama designated October as National Cybersecurity Awareness Month (NCSAM). NCSAM is a collaborative, interagency effort to raise awareness about the importance of cybersecurity and individual cyber hygiene. In celebration of NCSAM, the October DOE Cyber Distinguished Speaker Series

  11. Cyber Security Process Requirements Manual

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2008-08-12

    The Manual establishes the minimum implementation standards for cyber security management processes throughout the Department. No cancellation.

  12. Cyber Fed Model Application in support of DOE Cyber Security Initiatives -

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Ames Participation | The Ames Laboratory Cyber Fed Model Application in support of DOE Cyber Security Initiatives - Ames Participation FWP/Project Description: The Cyber Fed Model (CFM) is a communication and coordination framework focused on the reduction and mitigation of cyber security risk across a large distributed organization like the Department of Energy. The CFM framework can be used to help integrate various cyber security systems and capabilities spanning the DOE enterprise, the

  13. Foreign National Access to DOE Cyber Systems

    Directives, Delegations, and Requirements [Office of Management (MA)]

    1999-11-01

    DOE N 205.16, dated 9-15-05, extends this Notice until 9-30-06, unless sooner rescinded. To ensure foreign national access to DOE cyber systems continues to advance DOE program objectives while enforcing information access restrictions.

  14. Cyber Security Process Requirements Manual

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2008-08-12

    The Manual establishes the minimum implementation standards for cyber security management processes throughout the Department. No cancellation. Admin Chg 1 dated 9-1-09.

  15. Department of Energy Cyber Security Management

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2006-12-04

    The purpose of the DOE Cyber Security Management Program is to protect all DOE cyber information and information systems in order to implement the requirements of applicable laws required to maintain national security and ensure DOE business operations proceed without security events such as interruption or compromise. Cancels DOE O 205.1. Canceled by DOE O 205.1B.

  16. DOE/DHS INDUSTRIAL CONTROL SYSTEM CYBER SECURITY PROGRAMS: A MODEL FOR USE IN NUCLEAR FACILITY SAFEGUARDS AND SECURITY

    SciTech Connect (OSTI)

    Robert S. Anderson; Mark Schanfein; Trond Bjornard; Paul Moskowitz

    2011-07-01

    Many critical infrastructure sectors have been investigating cyber security issues for several years especially with the help of two primary government programs. The U.S. Department of Energy (DOE) National SCADA Test Bed and the U.S. Department of Homeland Security (DHS) Control Systems Security Program have both implemented activities aimed at securing the industrial control systems that operate the North American electric grid along with several other critical infrastructure sectors (ICS). These programs have spent the last seven years working with industry including asset owners, educational institutions, standards and regulating bodies, and control system vendors. The programs common mission is to provide outreach, identification of cyber vulnerabilities to ICS and mitigation strategies to enhance security postures. The success of these programs indicates that a similar approach can be successfully translated into other sectors including nuclear operations, safeguards, and security. The industry regulating bodies have included cyber security requirements and in some cases, have incorporated sets of standards with penalties for non-compliance such as the North American Electric Reliability Corporation Critical Infrastructure Protection standards. These DOE and DHS programs that address security improvements by both suppliers and end users provide an excellent model for nuclear facility personnel concerned with safeguards and security cyber vulnerabilities and countermeasures. It is not a stretch to imagine complete surreptitious collapse of protection against the removal of nuclear material or even initiation of a criticality event as witnessed at Three Mile Island or Chernobyl in a nuclear ICS inadequately protected against the cyber threat.

  17. Department of Energy Cyber Security Management Program

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2003-03-21

    The purpose of the Department of Energy (DOE) Cyber Security Management Program (hereafter called the Program) is to protect all DOE cyber information and information systems in order to implement the requirements of applicable laws required to maintain national security and ensure DOE business operations proceed without security events such as interruption or compromise. Cancels DOE N 205.1

  18. Handling Cyber Security Alerts and Advisories and Reporting Cyber Security Incidents

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2002-03-18

    To establish Department of Energy (DOE) requirements and responsibilities for reporting cyber security incidents involving classified and unclassified systems and responding to cyber security alerts and advisories; and to implement requirements of DOE N 205.1, Unclassified Cyber Security Program, and DOE M 471.2-2, Classified Information Systems Security Manual. DOE N 205.13, dated 7-6-04, extends this notice until 7-6-05. Cancels DOE M 471.2-2, Chapter III, section 8.

  19. Cyber Security Incident Management Manual

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2009-01-08

    The manual establishes minimum requirements for a structured cyber security incident detection and management process for detecting, identifying, categorizing, containing, reporting, and mitigating cyber security incidents involving DOE information and information systems operated by DOE or by contractors on behalf of the Department. No cancellations. Admin Chg 1 dated 9-1-09.

  20. Cyber Security Incident Management Manual

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2009-01-08

    The manual establishes minimum requirements for a structured cyber security incident detection and management process for detecting, identifying, categorizing, containing, reporting, and mitigating cyber security incidents involving DOE information and information systems operated by DOE or by contractors on behalf of the Department. No cancellations.

  1. cyber

    National Nuclear Security Administration (NNSA)

    and the review of information prior to public release or posting to publicly available web sites to assure it does not contain data that would assist an adversary.

  2. Cyber Security Incident Management Manual

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2009-01-08

    The manual establishes minimum requirements for a structured cyber security incident detection and management process for detecting, identifying, categorizing, containing, reporting, and mitigating cyber security incidents involving DOE information and information systems operated by DOE or by contractors on behalf of the Department. Admin Chg 1 dated 9-1-09; Admin Chg 2 dated 12-22-09. Canceled by DOE O 205.1B.

  3. Department of Energy Cyber Security Program

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2011-05-16

    The order sets forth requirements and responsibilities for a Departmental Cyber Security Program. Cancels DOE O 205.1A, DOE M 205.1-4, DOE M 205.1-5, DOE M 205.1-6, DOE M 205.1-7 and DOE M 205.1-8

  4. Chapter_14_Cyber_Security

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    4 Cyber Security The DOE Cyber Security Program aims to protect the Department's diverse missions in a cost- effective manner; identify threats, risks, and mitigations; and remain flexible in a changing environment. Key Departmental directives, policies, and procedures governing the implementation of the Cyber Security Program at DOE HQ are: * DOE Order 205.1B, Department of Energy Cyber Security Management * DOE Policy 205.1, Department of Energy Cyber Security Management Policy * Headquarters

  5. Cyber Security Evaluations Appraisal Process Guide - April 2008...

    Energy Savers

    techniques specific to evaluations of classified and unclassified cyber security ... oversight appraisals of DOE classified and unclassified cyber security programs. ...

  6. DOE to Provide Nearly $8 Million to Safeguard the Nation’s Energy Infrastructure from Cyber Attacks

    Energy.gov [DOE]

    U.S. Department of Energy (DOE) Assistant Secretary for Electricity Delivery and Energy Reliability Kevin M. Kolevar today announced five projects that have been selected for negotiation of awards of up to $7.9 million in DOE funding to develop and integrate technologically-advanced controls and cyber-security devices into our electric grid and energy infrastructure.

  7. cyber | National Nuclear Security Administration

    National Nuclear Security Administration (NNSA)

    cyber Information Security Information security deals with requirements for the protection and control of information and matter required to be classified or controlled by statutes, regulations, or NNSA and Department of Energy (DOE) directives.Classified Matter Protection and Control ensures the protection and control

  8. Cyber Security Architecture Guidelines

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2001-03-08

    This Guide provides supplemental information on the implementation of cyber security architectures throughout the Department of Energy. Canceled by DOE N 205.18

  9. Department of Energy Cyber Security Program

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2011-05-16

    The order sets forth requirements and responsibilities for a Departmental Cyber Security Program that protects information and information systems for DOE. Cancels DOE O 205.1A, DOE M 205.1-4, DOE M 205.1-5, DOE M 205.1-6, DOE M 205.1-7 and DOE M 205.1-8. Admin Chg 1, dated 12-7-2012; Chg 2, dated 3-11-13.

  10. Department of Energy Cyber Security Program

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2011-05-16

    The order sets forth requirements and responsibilities for a Departmental Cyber Security Program that protects information and information systems for DOE. Cancels DOE O 205.1A, DOE M 205.1-4, DOE M 205.1-5, DOE M 205.1-6, DOE M 205.1-7 and DOE M 205.1-8. Admin Chg 1, dated 12-7-2012.

  11. Cyber-Informed Engineering

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Cyber and Security Assessments Cyber and Security Assessments Cyber and Security Assessments within the Office of Independent Enterprise Assessments implements the independent security performance monitoring functions for DOE. The other half of the Independent Oversight Program is implemented by the Office of Safety and Emergency Management Evaluations for safety oversight. The independent oversight function performed by these two offices is delineated in DOE Order 227.1A, Independent Oversight

  12. DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    www.directives.doe.gov Directives are the Department of Energy's primary means of establishing policies, requirements, responsibilities, and procedures for Departmental elements and contractors. New - DOE O 552.1A Chg 2 (Minor Revision), Travel and Policy Procedures https://www.directives.doe.gov/news/new-doe-0-552.1a-chg2-minrev The Order supplements the Federal Travel Regulation as principal source of policy for Federal employee travel and relocation and establishes DOE M 552.1-1A, U.S.

  13. DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Website Administrator The DOE Directives, Regulations, and Requirements Portal is operated by Doxcelerate Corporation for the Office of Information Resources (MA-90). Location: Santa Fe, NM, USA Author's external home page... Select a document from the list below to leave feedback for the writer. For contact information, use the DOE Phonebook. Latest content created by this user May 22, 2015 Recently Approved Justification Memoranda May 20, 2015 DRAFT - DOE O 331.1D, Employee Performance and

  14. DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Patricia Greeson Select a document from the list below to leave feedback for the writer. For contact information, use the DOE Phonebook. Latest content created by this user Aug 04, 2016 Departmental Elements Oversight of Departmental Requirements Oct 24, 2016 Justification Memo - DOE Oct 24, 2016 Cancellation Notice - Policies, Notices, Orders Oct 24, 2016 Cancellation Notice - Guide Sep 15, 2016 New - DOE O 474.2 Chg 4 (PgChg), Nuclear Material Control and Accountability Aug 29, 2016 Department

  15. Obama's Call for Public-Private Cyber Security Collaboration...

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Obama's Call for Public-Private Cyber Security Collaboration Reflected in DOE's Priorities Obama's Call for Public-Private Cyber Security Collaboration Reflected in DOE's ...

  16. Collaborative Utility Task Force Partners with DOE to Develop...

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Collaborative Utility Task Force Partners with DOE to Develop Cyber Security Requirements for Advanced Metering Infrastructure Collaborative Utility Task Force Partners with DOE to ...

  17. DOE-STD-1104 Requirements Crosswalk

    Office of Environmental Management (EM)

    09 to DOE-STD-1104-2014 Requirements Matrix - 1 - No. Section Page Number DOE-STD-1104-2009 Requirement DOE-STD-1104-2014 Requirements Comment Gen DOE-STD-1104-2009 was broadly ...

  18. Security Requirements for Remote Access to DOE and Applicable Contractor Information Technology Systems

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2004-02-19

    The Notice establishes DOE policy requirements and responsibilities for remote connections to DOE and contractor information technology systems. The Notice will also ensure compliance with the requirements of DOE O 205.1, Department of Energy Cyber Security Management Program, dated 3-21-03, to protect DOE information and information technology systems commensurate with the risk and magnitude of harm that could result from their unauthorized access, use, disclosure, modification or destruction. DOE N 205.15, dated 3/18/05, extends this directive until 3/18/06. No cancellations.

  19. Order DOE O 205.1B

    Energy.gov [DOE]

    To set forth requirements and responsibilities for a Departmental Cyber Security Program (CSP) that protects information and information systems for the Department of Energy (DOE)

  20. Microsoft Word - Attachment J-6 List of Applicable DOE Directives and COntractor Requirements Documents.doc

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    J-6-1 ATTACHMENT J.6 LIST OF APPLICABLE DOE DIRECTIVES AND CONTRACTOR REQUIREMENTS DOCUMENTS (LIST B) The following is a list of applicable DOE Directives and Orders appended to this Contract as prescribed in Section I, Clause I.3. This list is not all inclusive. Document Number Title CRD O 150.1 Continuity Programs CRD O 205.1b, Chg.3 DOE Cyber Program CRD O 206.1 DOE Privacy Program CRD O 243.1B, Admin. Chg 1. Records Management Program CRD O 414.1D, Admin Chg 1. Quality Assurance CRD O

  1. Table 1 - DOE Requirements Requiring Central Technical Authority (CTA)

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Concurrence Prior to Granting Exemptions or Exceptions | Department of Energy 1 - DOE Requirements Requiring Central Technical Authority (CTA) Concurrence Prior to Granting Exemptions or Exceptions Table 1 - DOE Requirements Requiring Central Technical Authority (CTA) Concurrence Prior to Granting Exemptions or Exceptions Table 1 - DOE Requirements Requiring Central Technical Authority (CTA) Concurrence Prior to Granting Exemptions or Exceptions Table 1 - DOE Requirements Requiring Central

  2. January 2013 Cyber Incident

    Energy.gov [DOE]

    The Department of Energy (DOE) has confirmed a recent cyber incident that occurred in mid-January 2013 which targeted the Headquarters' network and resulted in the unauthorized disclosure of...

  3. July 2013 Cyber Incident

    Energy.gov [DOE]

    The Department of Energy (DOE) has confirmed a cyber incident that occurred at the end of July and resulted in the unauthorized disclosure of federal employee Personally Identifiable Information ...

  4. Department of Energy Cyber Security Program

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2011-05-16

    The order sets forth requirements and responsibilities for a Departmental Cyber Security Program (CSP) that protects information and information systems for the Department of Energy (DOE). Chg 1 dated 12-7-2012; Chg 2 dated 3-11-2013; Chg 3, dated 4-29-2014, supersedes Chg 2.

  5. Control Systems Security Center Comparison Study of Industrial Control System Standards against the Control Systems Protection Framework Cyber-Security Requirements

    SciTech Connect (OSTI)

    Robert P. Evans

    2005-09-01

    Cyber security standards, guidelines, and best practices for control systems are critical requirements that have been delineated and formally recognized by industry and government entities. Cyber security standards provide a common language within the industrial control system community, both national and international, to facilitate understanding of security awareness issues but, ultimately, they are intended to strengthen cyber security for control systems. This study and the preliminary findings outlined in this report are an initial attempt by the Control Systems Security Center (CSSC) Standard Awareness Team to better understand how existing and emerging industry standards, guidelines, and best practices address cyber security for industrial control systems. The Standard Awareness Team comprised subject matter experts in control systems and cyber security technologies and standards from several Department of Energy (DOE) National Laboratories, including Argonne National Laboratory, Idaho National Laboratory, Pacific Northwest National Laboratory, and Sandia National Laboratories. This study was conducted in two parts: a standard identification effort and a comparison analysis effort. During the standard identification effort, the Standard Awareness Team conducted a comprehensive open-source survey of existing control systems security standards, regulations, and guidelines in several of the critical infrastructure (CI) sectors, including the telecommunication, water, chemical, energy (electric power, petroleum and oil, natural gas), and transportation--rail sectors and sub-sectors. During the comparison analysis effort, the team compared the requirements contained in selected, identified, industry standards with the cyber security requirements in ''Cyber Security Protection Framework'', Version 0.9 (hereafter referred to as the ''Framework''). For each of the seven sector/sub-sectors listed above, one standard was selected from the list of standards identified

  6. Cyber Security and Resilient Systems

    SciTech Connect (OSTI)

    Robert S. Anderson

    2009-07-01

    The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation’s cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested – both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments to date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the

  7. DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    DOE Directives DOE Directives DOE Directives Initiated by the IG DOE O 221.3A, Establishment of Management Decisions on Office of Inspector General Reports - April 19, 2008 DOE O 221.1A, Reporting Fraud, Waste and Abuse to the Office of Inspector General - April 19, 2008 DOE O 221.2A, Cooperation with the Office of Inspector General - February 25, 2008 DOE O 224.2A, Auditing of Programs and Operations - November 9, 2007

    Views View Edit Select a document from the list below to leave feedback

  8. Acronyms - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Acronyms by Website Administrator CRD - Contractor Requirements Document DNFSB - Defense Nuclear Facilities Safety Board DMTeam - Directives Management Team (MA-90) DOE P - Department of Energy Policy DOE N - Department of Energy Notice DOE O - Department of Energy Order DOE M - Department of Energy Manual DOE G - Department of Energy Guide DPC - Directives Point of Contact DRB - Directives Review Board established by DOE O 251.1C OPI - Office of Primary Interest (the writing organization)

  9. DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    writer. For contact information, use the DOE Phonebook. Latest content created by this user Mar 13, 2014 Occurrence Reporting and Processing of Operations Information Apr 08,...

  10. DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    News Item Packaging and Transportation for Offsite Shipment of Materials of National Security Interest https:www.directives.doe.govinformational-purposes-only...

  11. DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    information, use the DOE Phonebook. Latest content created by this user Dec 29, 2015 Information Technology Project Execution Model Guide for Small and Medium Projects Jul 07,...

  12. DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Dustin Wright Select a document from the list below to leave feedback for the writer. For contact information, use the DOE Phonebook. Latest content created by this user Sep 30, 2016 Reporting Fraud, Waste and Abuse to the Office of Inspector General Apr 12, 2016 Notice of Intent to Revise DOE Order 221.2A, "Cooperation with the Office of Inspector General" Jan 29, 2016 Reporting Fraud, Waste and Abuse to the Office of Inspector General Jan 11, 2016 Notice of Intent to Revise DOE Order

  13. DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Diane Johnson I load documents, fix links etc. Select a document from the list below to leave feedback for the writer. For contact information, use the DOE Phonebook. Latest content created by this user Nov 07, 2016 Delegation Order No. 00-002.00P to the Under Secretary (for Management and Performance) Oct 28, 2016 New - DOE O 552.1A Chg 2 (Minor Revision), Travel and Policy Procedures Sep 30, 2016 Draft - DOE O 470.4B Chg 2 (PgChg), Safeguards and Security Program Sep 14, 2016 Clarification of

  14. DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Tiffany M Wheeler Select a document from the list below to leave feedback for the writer. For contact information, use the DOE Phonebook. Latest content created by this user Jan...

  15. Other Requirements - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Other Requirements by Website Administrator More filters Less filters Other Policy Type Secretarial Memo Program Office Memo Invoked Technical Standards 100 Office of Primary Interest (OPI) Office of Primary Interest (OPI) All AD - Office of Administrative Services AU - Office of Environment, Health, Safety and Security CF - Office of the Chief Financial Officer CI - Office of Congressional and Intergovernmental Affairs CN - Office of Counterintelligence CP - Office of the Press Secretary CR -

  16. DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    DOE Contracting Offices Directory DOE Contracting Offices Directory The Department of Energy has a decentralized procurement process for buying goods and services which is carried out by the contracting offices primarily at field locations. The Headquarters Procurement Services office buys for many of the program elements and offices at headquarters. One major responsibility of many of these contracting offices, along with their site offices, is to administer the contracts of their Facility

  17. Facility Safety - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    facility and programmatic safety requirements for DOE and NNSA for nuclear safety design criteria, fire protection, criticality safety, natural phenomena hazards (NPH)...

  18. Extension of DOE Directives

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2005-03-18

    The following directives are extended until 3-18-06: DOE N 205.8, Cyber Security Requirements for Wireless Devices and Information Systems, dated 2-11-04; DOE N 205.9, Certification and Accreditation Process for Information Systems Including National Security Systems, dated 02-19-04; DOE N 205.10, Cyber Security Requirements for Risk Management, dated 02-19-04; DOE N 205.11, Security Requirements for Remote Access to DOE and Applicable Contractor Information Technology Systems, dated 2-19-04. DOE N 205.12, Clearing, Sanitizing, and Destroying Information System Storage Media, Memory Devices, and Other Related Hardware, dated 2-19-04.

  19. Conduct of Operations Requirements for DOE Facilities

    Directives, Delegations, and Requirements [Office of Management (MA)]

    1990-07-09

    "To provide requirements and guidelines for Departmental Elements, including the National Nuclear Security Administration (NNSA), to use in developing directives, plans, and/or procedures relating to the conduct of operations at DOE facilities. The implementation of these requirements and guidelines should result in improved quality and uniformity of operations. Change 2, 10-23-2001. Canceled by DOE O 422.1.

  20. DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Site map An overview of the available content on this site. Keep the pointer still over an item for a few seconds to get its description. Directives Delegations Other Requirements Top 10 Directives Help Directives Tools RevCom

  1. DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Contact form Directives are the Department of Energy's primary means of establishing policies, requirements, responsibilities, and procedures for Departmental elements and contractors. Directives and Delegations Program Management Emily Stanton, (202) 287-5641 Directives Program Point of Contact Rachel Mack, (202) 287-6804 Delegations Program Point of Contact Gail Cephas,(202) 586-1049 Web Site Administration Technical Support Staff, (505) 663-1302 Fill in this form to contact us. Name Please

  2. CyberCon | Department of Energy

    Office of Environmental Management (EM)

    DOE Cyber-An Enterprise Approach: Excellence Through Innovation & Integration The Office ... presenters from federal interagency, academia, private sector, and international arena. ...

  3. Quality Assurance - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    services meet or exceed customers' requirements and expectations. Cancels DOE O 414.1C. Adm Chg 1, 5-8-13 o414.1d4-25-11.pdf -- PDF Document, 243 KB Writer: Colette Broussard...

  4. Understanding DOE Quality Assurance Requirements and ASME NQA...

    Energy.gov (indexed) [DOE]

    Training Materials for the Understanding DOE Quality Assurance Requirements and ASME NQA-1 ... Understanding DOE Quality Assurance Requirements and ASME NQA-1 For Application in DOE ...

  5. Directives Help - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Help by Website Administrator All DOE directives are available through this site. While it may seem overwhelming, given the number of documents, we have provided a number of ways in which you may get to the information you need. Navigating the DOE Directives, Delegations, and Requirements Portal A guide for using the new portal is available here. Navigation Tools The links at the top of the page will take you to the major elements of the site--directives, delegations and requirements. The

  6. Cyber and Security Assessments | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Cyber and Security Assessments Cyber and Security Assessments Cyber and Security Assessments within the Office of Independent Enterprise Assessments implements the independent security performance monitoring functions for DOE. The other half of the Independent Oversight Program is implemented by the Office of Safety and Emergency Management Evaluations for safety oversight. The independent oversight function performed by these two offices is delineated in DOE Order 227.1A, Independent Oversight

  7. Recent DOE Directives Changes

    Energy.gov [DOE]

    On September 1, 2009, the Department of Energy (DOE) manuals were revised and issued to correspond with the following recent Contractor Requirements Documents (CRDs) changes to the following Directives: DOE M 205.1-8 Administrative Change 1—Cyber Security Incident Management Manual; DOE M 205.1-7 Administrative Change 1—Security Controls for Unclassified Information Systems Manual; DOE M 205.1-6 Administrative Change 1—Media Sanitization Manual; DOE M 205.1-5 Administrative Change 1—Cyber Security Process Requirements Manual

  8. DOE O 205.1B Department of Energy Cyber Security Program

    Energy.gov [DOE]

    On May 16, 2011, the Department issued a Contractor Requirements Document (CRD) to the above listed Directive.

  9. Facility Safety - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    O 420.1C Chg 1, Facility Safety by Pranab Guha Functional areas: DNFSB, Defense Nuclear Facility Safety and Health Requirement, Facility Safety, Requires Crosswalk When Revised, Safety, Security The Order establishes facility and programmatic safety requirements for DOE and NNSA for nuclear safety design criteria, fire protection, criticality safety, natural phenomena hazards (NPH) mitigation, and System Engineer Program. This Page Change is limited in scope to changes necessary to invoke

  10. News - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    News by Website Administrator Site News New - DOE O 552.1A Chg 2 (Minor Revision), Travel and Policy Procedures - by Diane Johnson - last modified Oct 28, 2016 03:54 PM The Order supplements the Federal Travel Regulation as principal source of policy for Federal employee travel and relocation and establishes DOE M 552.1-1A, U.S. Department of Energy Travel Manual, dated 2-17-06, as the repository for supplementary travel requirements information. Supersedes DOE O 552.1A Chg 1 (Admin Chg), dated

  11. Headquarters Facilities Master Security Plan - Chapter 14, Cyber Security |

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Department of Energy 4, Cyber Security Headquarters Facilities Master Security Plan - Chapter 14, Cyber Security 2016 Headquarters Facilities Master Security Plan - Chapter 14, Cyber Security HQ cyber security activities are managed by the Cyber Support Division (IM-622) within the Office of Chief Information Officer (IM-1). This chapter only covers the requirement for each HQ program element to appoint an Information Systems Security Officer (ISSO) to act as the point of contact between the

  12. Understanding and Implementing DOE Quality Requirements and ASME...

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    and ASME NQA-1 in DOE Nuclear Projects, A Management Overview and Introduction, May 14, 2015 Understanding and Implementing DOE Quality Requirements and ASME NQA-1 in DOE ...

  13. Justification Memoranda - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Justification Memoranda by Diane Johnson Notice of Intent to Revise Department of Energy Order 350.1, Contractor Human Resources Management Program - by Robert Myers - last modified Jun 19, 2014 11:17 AM DOE O 350.1 establishes responsibilities, requirements, and cost allow-ability criteria for the management an oversight of contractor human resource management programs, is being revised to remove contractor requirements from Chapter IV, Compensation, Chapter V, Benefits, and Chapter VI Pensions

  14. DOE Challenge Home, California Program Requirements | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Challenge Home, California Program Requirements DOE Challenge Home, California Program Requirements DOE Challenge Home, California Program Requirements, as posted on the U.S. Department of Energy's DOE Challenge Home website. ch_california_requirements2013.pdf (296.75 KB) More Documents & Publications Washington DOE ZERH Program Requirements DOE Zero Energy Ready Home National Program Requirements (Rev. 04) California DOE ZERH Program Requiremets

  15. Office of Cyber Assessments | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Cyber Assessments Office of Cyber Assessments MISSION The Office of Cyber Assessments is responsible for the independent evaluation of the effectiveness of classified and unclassified computer security policies and programs throughout the Department. The Office has established and maintains a continuous program for assessing the security of DOE classified and unclassified networks through expert program and technical analysis, including detailed network penetration testing to detect

  16. Cyber Train Videos | The Ames Laboratory

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Cyber Train Videos Cyber Train Overview Cyber Train Opt-Out Process Cyber Train Complete Training Submitting Course Completion Materials...

  17. Washington DOE ZERH Program Requirements | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Washington DOE ZERH Program Requirements Washington DOE ZERH Program Requirements Washington specific program requirements for the U.S. Department of Energy's Zero Energy Ready Home Program. ch_washington_requirements8-23-13.pdf (289.63 KB) More Documents & Publications DOE Challenge Home, California Program Requirements Version Tracking Document for DOE Challenge Homes, National Program Requirements (Rev. 03) DOE Zero Energy Ready Home National Program Requirements (Rev. 04)

  18. DOE Zero Energy Ready Home National Program Requirements (Rev. 04) |

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Department of Energy Home National Program Requirements (Rev. 04) DOE Zero Energy Ready Home National Program Requirements (Rev. 04) U.S. Department of Energy Zero Energy Ready Home National Program Requirements (Rev. 04) DOE Zero Energy Ready Home National Program Requirements Rev04.pdf (291.11 KB) More Documents & Publications DOE Zero Energy Ready Home National Program Requirements (Rev. 05) California DOE ZERH Program Requiremets DOE Challenge Home, California Program Requirement

  19. Table 2 - DOE Regulations Requiring Central Technical Authority (CTA)

    Office of Environmental Management (EM)

    Concurrence Prior to Granting Exemptions or Exceptions | Department of Energy

    1 - DOE Requirements Requiring Central Technical Authority (CTA) Concurrence Prior to Granting Exemptions or Exceptions Table 1 - DOE Requirements Requiring Central Technical Authority (CTA) Concurrence Prior to Granting Exemptions or Exceptions Table 1 - DOE Requirements Requiring Central Technical Authority (CTA) Concurrence Prior to Granting Exemptions or Exceptions Table 1 - DOE Requirements Requiring

  20. Cyber Train Videos | The Ames Laboratory

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Cyber Train Videos Cyber Train Overview Cyber Train Opt-Out Process Cyber Train Complete Training Submitting Course Completion Materials Click here for information on accessing Cyber Train.

  1. Justification Memo - DOE - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    - DOE by Patricia Greeson Upload File Upload the file here JM-NonNNSA 10-24-16.docx - 23 KB Short Name justification-memo-doe

  2. Sandia Energy Cyber

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    sandia-cyber-engineering-research-laboratory-cerl-formally-opensfeed 0 Sandia Builds Android-Based Network to Study Cyber Disruptions http:energy.sandia.gov...

  3. Application of Engineering and Technical Requirements for DOE...

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    DOE Nuclear Facilities Standard Review Plan (SRP) Application of Engineering and Technical Requirements for DOE Nuclear Facilities Standard Review Plan (SRP) This Standard Review ...

  4. POLICY GUIDANCE MEMORANDUM #33 - Requirements for DOE Delegated...

    Office of Environmental Management (EM)

    POLICY GUIDANCE MEMORANDUM 33 - Requirements for DOE Delegated Examining Procedures The ... of Energy's (DOE's) Delegated Examining policy and procedures in order to ensure an ...

  5. Understanding DOE Quality Assurance Requirements and ASME NQA...

    Office of Environmental Management (EM)

    and ASME NQA-1 For Application in DOE Nuclear Projects Training Agenda Agenda for the Understanding DOE Quality Assurance Requirements and ASME NQA-1 For Application in ...

  6. Top 10 - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    of Capital Assets 588 DOE O 414.1D Admin Chg 1, Quality Assurance 512 DOE O 226.1B, Implementation of Department of Energy Oversight Policy 434 DOE O 151.1C, ...

  7. Facility Safety - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    DOE-STD-1189-2008, Integration of Safety into the Design Process DOE-STD-1066-2012, Fire Protection DOE-STD-3007-2007, Guidelines for Preparing Criticality Safety Evaluations at ...

  8. DOE Zero Energy Ready Home National Program Requirements (Rev. 05) |

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Department of Energy National Program Requirements (Rev. 05) DOE Zero Energy Ready Home National Program Requirements (Rev. 05) U.S. Department of Energy Zero Energy Ready Home National Program Requirements (Rev. 05), May, 11, 2015. DOE Zero Energy Ready Home National Program Requirements Rev05 - Final.pdf (522.94 KB) More Documents & Publications California DOE ZERH Program Requiremets DOE Zero Energy Ready Home National Program Requirements (Rev. 04) ENERGY STAR Window Specifications

  9. Table 3 - DOE Directives Requiring Central Technical Authority (CTA)

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Concurrence Prior to Any Revision or Cancellation | Department of Energy Table 3 - DOE Directives Requiring Central Technical Authority (CTA) Concurrence Prior to Any Revision or Cancellation Table 3 - DOE Directives Requiring Central Technical Authority (CTA) Concurrence Prior to Any Revision or Cancellation Table 3 - DOE Directives Requiring Central Technical Authority (CTA) Concurrence Prior to Any Revision or Cancellation Table 3 - DOE Directives Requiring Central Technical Authority

  10. DPC List - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    DPC List by Patricia Greeson Headquarters Field/ Operations Offices Contractors DPC Email address Telephone AR Adam Goldstein adam.goldstein@hq.doe.gov 202-287-1061 AU Cecelia Kenney cecelia.kenney@hq.doe.gov 202-586-4399 CF John Wall john.wall@hq.doe.gov 202-586-5728 CI Daniel Woomer daniel.woomer@hq.doe.gov 202-586-9886 CTA/CNS Bud Danielson bud.danielson@em.doe.gov 301-903-2954 EA (Enterprise Assessment) Sharon Edge-Harley sharon.edge-harley@hq.doe.gov 202-586-9275 ED Teresa Watts

  11. DOE RFI 2010-11129 NBP RFI: Communications Requirements Titled...

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Plan by Studying the Communications Requirements of Electric Utilities to Inform Federal Smart Grid Policy Silver Spring Networks comments on DOE NBP RFI: Comms Requirements

  12. Silver Spring Networks comments on DOE NBP RFI: Comms Requirements...

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Comms Requirements Silver Spring Networks comments on DOE NBP RFI: Comms Requirements Comments of Silver Spring Networks on Implementing the National Broadband Plan by Studying the ...

  13. Programmatic Elements - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    the Operational Emergency Base Program Supersedes: DOE G 151.1-1 V5-4, Training and Drills on Jul 11, 2007 DOE G 151.1-1 V5-1, Program Administration on Jul 11, 2007 DOE G...

  14. DOE - NNSA/NFO -- National Security Template

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    DOE-CIRC NNSANFO Language Options U.S. DOENNSA - Nevada Field Office Department of Energy Cyber Incident Response Capability Department of Energy Cyber Incident Response ...

  15. Table 4 - DOE Technical Standards Requiring Central Technical Authority

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    (CTA) Concurrence Prior to Any Revisions or Cancellation | Department of Energy 4 - DOE Technical Standards Requiring Central Technical Authority (CTA) Concurrence Prior to Any Revisions or Cancellation Table 4 - DOE Technical Standards Requiring Central Technical Authority (CTA) Concurrence Prior to Any Revisions or Cancellation Table 4 - DOE Technical Standards Requiring Central Technical Authority (CTA) Concurrence Prior to Any Revisions or Cancellation Table 4 - DOE Technical Standards

  16. Directives Requiring Additional Documentation - DOE Directives,

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Delegations, and Requirements Requiring Additional Documentation by Website Administrator PDF document icon DirectivesRequiringAdditionalDocumentation (1).pdf - PDF document, 35 KB (36219

  17. Justification Memo DOE - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    DOE by Diane Johnson Justification for the creation or modification of a directive where ... File Upload the file here JM-NonNNSA 5-25-16.doc - 37 KB Short Name justificationmemodoe

  18. Fire Protection - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    are not comprehensively or adequately addressed in national consensus standards or other design criteria. DOE-STD-1062-2012: Fire Protection Type: Invoked Technical Standards OPI:...

  19. NERSC/DOE HEP Requirements Workshop Presentations

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    | DOE HEP Overview November 12, 2009 | Author(s): Amber Boehnlein | Workshop Logistics November 12, 2009 | Author(s): Harvey Wasserman | NERSC Role in High Energy Physics...

  20. Radiological Control - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    98-2008, Change Notice 1, Radiological Control by Diane Johnson The Department of Energy (DOE) has developed this Standard to assist line managers in meeting their responsibilities...

  1. DRB Liaison - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    DRB Liaison by Website Administrator Emily Stanton Directives Review Board Liaison 202-287-5641 Forrestal, Room 1G-051 Emily.Stanton@hq.doe.gov

  2. Sandia Energy - Sandia Cyber Engineering Research Laboratory...

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Cyber Engineering Research Laboratory (CERL) Formally Opens Home Infrastructure Security Cyber Infrastructure Assurance Facilities News News & Events Analysis Cyber Engineering...

  3. Facility Safety - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    0.1C Chg 1, Facility Safety by Pranab Guha Functional areas: DNFSB, Defense Nuclear Facility Safety and Health Requirement, Facility Safety, Requires Crosswalk When Revised,...

  4. Redelegation Procedures - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Recycling Programs Recycling Programs The Office of Administration manages many recycling activities at DOE Headquarters that significantly impact energy and the environment. The Department of Energy Headquarters has instituted several recycling programs, starting with standard, solid waste recycling in 1991, and has expanded to include carperting, batteries, and toner cartridges. Follow this link for a detailed listing of the products that DOE Headquarters recycles, and where to recycle them.

  5. U.S. Department of Energy Cyber Strategy

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    CYBER STRATEGY | 1 U.S. DEPARTMENT OF ENERGY CYBER STRATEGY DOE CYBER STRATEGY | 2 TABLE OF CONTENTS Message from the Deputy Secretary Message from the CIO Introduction Vision Principles Strategic Goals and Objectives The Way Forward Appendix: Applicable Mandates p. 3 p. 4 p. 5 p. 7 p. 8 p. 9 p. 15 p. 16 DOE CYBER STRATEGY | 3 Across the Department of Energy, our diverse missions are enabled by digital technolo- gies. We rely on these technologies to gather, share, store, and use information.

  6. Table 3. DOE Directives Requiring Central Technical Authority (CTA) Concurrence

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    3. DOE Directives Requiring Central Technical Authority (CTA) Concurrence Prior to Any Revision or Cancellation DOE Directives 1 as of September 2016 (Corresponding archived Directives as listed in 2007 DOE O 410.1) Title Office of Primary Interest Responsible EM CNS Staff 1 DOE O 151.1D (DOE O 151.1C) Comprehensive Emergency Management System National Nuclear Security Administration (NA) Bill Weaver 2 DOE O 153.1 (DOE O 5530.3 Chg 1 ) Departmental Radiological Emergency Response Assets NA

  7. Cyber Incidents Involving Control Systems

    SciTech Connect (OSTI)

    Robert J. Turk

    2005-10-01

    The Analysis Function of the US-CERT Control Systems Security Center (CSSC) at the Idaho National Laboratory (INL) has prepared this report to document cyber security incidents for use by the CSSC. The description and analysis of incidents reported herein support three CSSC tasks: establishing a business case; increasing security awareness and private and corporate participation related to enhanced cyber security of control systems; and providing informational material to support model development and prioritize activities for CSSC. The stated mission of CSSC is to reduce vulnerability of critical infrastructure to cyber attack on control systems. As stated in the Incident Management Tool Requirements (August 2005) ''Vulnerability reduction is promoted by risk analysis that tracks actual risk, emphasizes high risk, determines risk reduction as a function of countermeasures, tracks increase of risk due to external influence, and measures success of the vulnerability reduction program''. Process control and Supervisory Control and Data Acquisition (SCADA) systems, with their reliance on proprietary networks and hardware, have long been considered immune to the network attacks that have wreaked so much havoc on corporate information systems. New research indicates this confidence is misplaced--the move to open standards such as Ethernet, Transmission Control Protocol/Internet Protocol, and Web technologies is allowing hackers to take advantage of the control industry's unawareness. Much of the available information about cyber incidents represents a characterization as opposed to an analysis of events. The lack of good analyses reflects an overall weakness in reporting requirements as well as the fact that to date there have been very few serious cyber attacks on control systems. Most companies prefer not to share cyber attack incident data because of potential financial repercussions. Uniform reporting requirements will do much to make this information available to

  8. Sandia Cyber Omni Tracker

    Energy Science and Technology Software Center (OSTI)

    2014-07-02

    SCOT cyber security team enhancement tool that coordinates activities, captures knowledge, and serves as a platform to automate time-consuming tasks that a cyber security team needs to perform in its daily operations.

  9. DOE SC Exascale Requirements Reviews: High Energy Physics

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Physics DOE SC Exascale Requirements Reviews: High Energy Physics The DOE Office of Science Exascale Requirements Review for High Energy Physics will bring together key computational domain scientists, DOE planners and administrators, and experts in computer science and applied mathematics to determine the requirements for an exascale ecosystem that includes computation, data analysis, software, workflows, HPC services, and whatever else is needed to support forefront scientific research in High

  10. Staffing and Placement - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    DRAFT DOE O 325.3, Staffing and Placement by Tiffany M Wheeler Functional areas: Staffing, Placement, Recruiting, Excepted Service The Order establishes requirements and...

  11. References - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    References by Website Administrator This page provides information and links to references. Technical Standards Technical Standards Program Technical Standards Home RevCom for Technical Standards Technical Standards Crosswalk NNSA Directives National Nuclear Security Administration (NNSA) Supplemental Directives NNSA Policies (NAPs) FAR Federal Acquisition Regulations Federal Acquisition Regulations (FAR) DOE Acquisition Regulations (DEAR) CFR Code of Federal Regulations CFR (annual edition) 10

  12. May 3 PSERC Webinar: Physical and Cyber Infrastructure Supporting the

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Future Grid | Department of Energy May 3 PSERC Webinar: Physical and Cyber Infrastructure Supporting the Future Grid May 3 PSERC Webinar: Physical and Cyber Infrastructure Supporting the Future Grid April 26, 2016 - 4:03pm Addthis The DOE-funded Power Systems Engineering Research Center (PSERC) is offering a free public webinar that will address the final report summarizing findings from the PSERC/NSF Executive Forum and Workshop on Physical and Cyber Infrasture to Support the Future Grid,

  13. Biosafety Facilities - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    5, Biosafety Facilities by David Freshwater Functional areas: Defense Nuclear Facility Safety and Health Requirement, Safety and Security, The Guide assists DOENNSA field elements...

  14. Directives - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Accessibility Text size: (Requires JavaScript) Large Normal Small This site uses the Open Source Content Management System Plone and has been designed to be completely accessible...

  15. Delegation Procedures - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Accessibility Text size: (Requires JavaScript) Large Normal Small This site uses the Open Source Content Management System Plone and has been designed to be completely accessible...

  16. Delegations - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Accessibility Text size: (Requires JavaScript) Large Normal Small This site uses the Open Source Content Management System Plone and has been designed to be completely accessible...

  17. Help - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Accessibility Text size: (Requires JavaScript) Large Normal Small This site uses the Open Source Content Management System Plone and has been designed to be completely accessible...

  18. News & Updates - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Accessibility Text size: (Requires JavaScript) Large Normal Small This site uses the Open Source Content Management System Plone and has been designed to be completely accessible...

  19. Rescinded Delegations - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Accessibility Text size: (Requires JavaScript) Large Normal Small This site uses the Open Source Content Management System Plone and has been designed to be completely accessible...

  20. Directives Tools - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Accessibility Text size: (Requires JavaScript) Large Normal Small This site uses the Open Source Content Management System Plone and has been designed to be completely accessible ...

  1. Physical Protection - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    2A, Physical Protection by jcronin Functional areas: Security, This Manual establishes requirements for the physical protection of interests under the U.S. Department of Energys...

  2. Finance - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Finance & Accounting Finance & Accounting The mission of the Office of Finance and Accounting (CF-10) is to provide Department-wide central accounting and financial management services to the Department of Energy; to provide accurate and timely financial reporting and produce auditable financial statements; and to provide financial management support to DOE Headquarters program offices. Functions: Implement Departmental accounting and financial policies as well as general procedural

  3. Departmental Elements Oversight of Departmental Requirements - DOE

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Departmental Response: Assessment of the Report of the SEAB Task Force on National Laboratories Introduction The Department of Energy (DOE) and its network or national laboratories (labs) are responsible for advancing the national, economic. energy. and nuclear security of the U.S.: promoting innovative and transformative scientific and technological solutions in support or those missions: sponsoring basic research in the physical sciences: and ensuring environmental cleanup of the nation's

  4. DPC Resources - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    DPC Resources by Website Administrator This section contains DPC Resources and Responsibilities DPC Contact Directives Points of Contact Updated listing of contact information for DOE Headquarters, field, and contractor DPCs. DPC Responsibility DPC Responsibilities All DPCs are responsible for: Serving as a liaison between their organization and the Directives Program Disseminating changes in the Directives Program Assigning subject matter experts to review and comment on directives Creating a

  5. POLICY GUIDANCE MEMORANDUM #33 - Requirements for DOE Delegated Examining

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Procedures | Department of Energy 3 - Requirements for DOE Delegated Examining Procedures POLICY GUIDANCE MEMORANDUM #33 - Requirements for DOE Delegated Examining Procedures The purpose of this guidance is to establish the Department of Energy's (DOE's) Delegated Examining policy and procedures in order to ensure an effective competitive examining program that supports mission accomplishments and is in accordance with merit system principles and applicable laws and regulations. Policy

  6. Battery Pack Requirements and Targets Validation FY 2009 DOE Vehicle

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Technologies Program | Department of Energy Battery Pack Requirements and Targets Validation FY 2009 DOE Vehicle Technologies Program Battery Pack Requirements and Targets Validation FY 2009 DOE Vehicle Technologies Program 2009 DOE Hydrogen Program and Vehicle Technologies Program Annual Merit Review and Peer Evaluation Meeting, May 18-22, 2009 -- Washington D.C. es_01_santini.pdf (714.34 KB) More Documents & Publications Well-to-Wheels Analysis of Energy Use and Greenhouse Gas

  7. Table 1. DOE Requirements Requiring Central Technical Authority (CTA) Concurrence Prior to Granting

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    1. DOE Requirements Requiring Central Technical Authority (CTA) Concurrence Prior to Granting Exemptions or Exceptions DOE Directives 1 as of September 2016 (Corresponding Directives as listed in 2007 DOE O 410.1) Title Office of Primary Interest Responsible EM- CNS Staff 1 DOE O 413.3B, Chg2 (DOE O 413.3A) Program and Project Management for the Acquisition of Capital Assets Office of Project Management Oversight and Assessments (PM) Caroline Garzon 2 DOE O 414.1D Admin Chg 1 (DOE O 414.1C)

  8. Home - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) - all webpages

    Personal tools Log in Site Map | Contact Us | Help U.S. Department of Energy Office of Management Current Documents Archived Documents Entire Site Search Site Search only in current section Advanced Search Home Directives Delegations Other Requirements RevCom DPC Resources Directives Tools References Delegation Procedures Archives help Help Directives, Delegations, and Other Requirements Directives Directives All current, archived and draft Directives Delegations Delegations Legal instrument

  9. DOE Proposes Requirement for Certification of Admissibility for Covered

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Products and Equipment | Department of Energy Proposes Requirement for Certification of Admissibility for Covered Products and Equipment DOE Proposes Requirement for Certification of Admissibility for Covered Products and Equipment February 22, 2016 - 6:26pm Addthis DOE has issued a Notice of Proposed Rulemaking (NOPR) in which it proposes to require that a person importing into the United States any covered product or equipment subject to an applicable energy conservation standard provide,

  10. Types of Directives - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Types of Directives by Website Administrator Policies establish high level expectations in the conduct of the Department's mission impacting two or more Departmental elements. Policies do not contain requirements. However, Orders and Notices that flow from Policies must be consistent with them. Orders establish management objectives and requirements and assign responsibilities for DOE Federal employees consistent with policy regulations. Requirements must be unique to DOE and must avoid

  11. Department of Energy Cyber Security Program

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2012-12-06

    Modifications correct changes to the composition of Senior DOE Management organizations, name change from DOE Cyber Incident Response Capability to Joint Cybersecurity Coordination Center and transfer of responsibility for communications security and TEMPEST to the Office of Health, Safety and Security.

  12. DOE Recovery Act Reporting Requirements for the State Energy Program

    Energy.gov [DOE]

    U.S. Department of Energy (DOE) Office of Energy Efficiency and Renewable Energy (EERE) State Energy Program (SEP) reporting requirements for states and U.S. territories receiving SEP grants under the 2009 Recovery Act.

  13. Safeguards and Security and Cyber Security RM | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Safeguards and Security and Cyber Security RM Safeguards and Security and Cyber Security RM The SSCS RM is a tool that assists the DOE federal project review teams in evaluating the technical sufficiency of the project SSCS activities at CD-0 through CD-4. Safeguards and Security and Cyber Security RM (2.31 MB) More Documents & Publications Safeguards and Security Program, acronyms and abbereviations - DOE M 470.4-7 Safeguards and Security Glossary - DOE M 470.4-7 Standard Review Plan -

  14. NIST Finalizes Initial Set of Smart Grid Cyber Security Guidelines |

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Department of Energy Finalizes Initial Set of Smart Grid Cyber Security Guidelines NIST Finalizes Initial Set of Smart Grid Cyber Security Guidelines September 2, 2010 - 3:15pm Addthis WASHINGTON, D.C. - The National Institute of Standards and Technology (NIST) issued today its first Guidelines for Smart Grid Cyber Security, which includes high-level security requirements, a framework for assessing risks, an evaluation of privacy issues at personal residences, and additional information for

  15. Evaluation Report on The Department's Unclassified Cyber Security Program

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    2002, DOE/IG-0567 | Department of Energy Report on The Department's Unclassified Cyber Security Program 2002, DOE/IG-0567 Evaluation Report on The Department's Unclassified Cyber Security Program 2002, DOE/IG-0567 As agencies strive to meet the President's goal of significantly increasing electronic government, the potential for disruption or damage to critical systems by malicious users continues to increase. In response to increasing threats to the Government's computer networks and

  16. Cyber | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Cyber Cyber Job Announcement Number: 17-0001-40 Who May Apply: All qualified U.S. citizens Duty Location: Multiple vacancies; most positions are in Washington, DC Metro Area Annual Salary Range: Varies according to specific position Open Period: Varies according to specific position Position Information: Varies according to specific position Job Description Available for Download Submit Resume To submit your resume for Cyber, use the SUBMIT RESUME link to email your resume. Your resume will be

  17. DOE RFI 2010-11129 NBP RFI: Communications Requirements Titled

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    "Implementing the National Broadband Plan by Studying the Communications Requirements of Electric Utilities to Inform Federal Smart Grid Policy" | Department of Energy RFI 2010-11129 NBP RFI: Communications Requirements Titled "Implementing the National Broadband Plan by Studying the Communications Requirements of Electric Utilities to Inform Federal Smart Grid Policy" DOE RFI 2010-11129 NBP RFI: Communications Requirements Titled "Implementing the National Broadband

  18. Obama's Call for Public-Private Cyber Security Collaboration Reflected in

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    DOE's Priorities | Department of Energy Obama's Call for Public-Private Cyber Security Collaboration Reflected in DOE's Priorities Obama's Call for Public-Private Cyber Security Collaboration Reflected in DOE's Priorities May 29, 2009 - 4:08pm Addthis In releasing the results of his Administration's 60-day cyber security review, President Barack Obama today emphasized that partnering with the private sector will be paramount for agencies working to secure the power grid and other critical

  19. Implementation of DOE NPH Requirements at the Thomas Jefferson National Accelerator Facility (TJNAF), a Non-Nuclear DOE Lab

    Office of Energy Efficiency and Renewable Energy (EERE)

    Implementation of DOE NPH Requirements at the Thomas Jefferson National Accelerator Facility (TJNAF), a Non-Nuclear DOE Lab David Luke, DOE, Thomas Jefferson Site Office Stephen McDuffie, DOE, Office of the Chief of Nuclear Safety

  20. DOE DIRECTIVES, DELEGATIONS, AND OTHER REQUIREMENTS PORTAL What's New?

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    DIRECTIVES, DELEGATIONS, AND OTHER REQUIREMENTS PORTAL What's New? DOE DIRECTIVES, DELEGATIONS, AND REQUIREMENTS PORTAL Overview * The Policy Portal application is an enterprise content and document management system for policies and procedures that allows us to organize Directives, Delegations, and other requirements information simply and quickly in a secure, robust environment. * Documents are organized by number, subject, source, issue date, and relevance-and the Policy Portal lets us craft

  1. Security and Cyber Guidance | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Security and Cyber Guidance Security and Cyber Guidance Appraisal Process Guides Security Evaluations Appraisal Process Guide - April 2008 Cyber Security Evaluations Appraisal ...

  2. Help for the Developers of Control System Cyber Security Standards

    SciTech Connect (OSTI)

    Robert P. Evans

    2008-05-01

    A Catalog of Control Systems Security: Recommendations for Standards Developers (Catalog), aimed at assisting organizations to facilitate the development and implementation of control system cyber security standards, has been developed. This catalog contains requirements that can help protect control systems from cyber attacks and can be applied to the Critical Infrastructures and Key Resources of the United States and other nations. The requirements contained in the catalog are a compilation of practices or various industry bodies used to increase the security of control systems from both physical and cyber attacks. They should be viewed as a collection of recommendations to be considered and judiciously employed, as appropriate, when reviewing and developing cyber security standards for control systems. The recommendations in the Catalog are intended to be broad enough to provide any industry using control systems the flexibility needed to develop sound cyber security standards specific to their individual security requirements.

  3. Remediation of DOE hazardous waste sites: Planning and integration requirements

    SciTech Connect (OSTI)

    Geffen, C.A.; Garrett, B.A.; Cowan, C.E.; Siegel, M.R.; Keller, J.F. )

    1989-09-01

    The US Department of Energy (DOE) is faced with a immense challenge in effectively implementing a program to mitigate and manage the environmental impacts created by current operations and from past activities at its facilities. The current regulatory framework and public interest in the environmental arena have made operating DOE facilities in an environmentally responsible manner a compelling priority. This paper provides information on the results of a project funded by DOE to obtain a better understanding of the regulatory and institutional drivers in the hazardous waste market and the costs and timeframes required for remediation activities. Few realize that before remediating a hazardous waste site, a comprehensive planning process must be conducted to characterize the nature and extent of site contamination, calculate the risk to the public, and assess the effectiveness of various remediation technologies. The US Environmental Protection Agency (EPA) and others have found that it may take up to 7 years to complete the planning process at an average cost of $1.0 million per site. While cost information is not yet available for DOE sites, discussions with hazardous waste consulting firms indicate that average characterization and assessment costs will be 5 to 10 times this amount for DOE sites. The higher costs are expected because of the additional administrative requirements placed on DOE sites, the need to handle mixed wastes, the amount and extent of contamination at many of these sites, and the visibility of the sites. 15 refs., 1 fig., 2 tabs.

  4. Understanding DOE Quality Assurance Requirements and ASME NQA-1 For Application in DOE Nuclear Projects Training Agenda

    Office of Energy Efficiency and Renewable Energy (EERE)

    Agenda for the Understanding DOE Quality Assurance Requirements and ASME NQA-1 For Application in DOE Nuclear Projects Training Workshop held on May 14, 2015.

  5. Understanding DOE Quality Assurance Requirements and ASME NQA-1 For Application in DOE Nuclear Projects Training Materials

    Energy.gov [DOE]

    Training Materials for the Understanding DOE Quality Assurance Requirements and ASME NQA-1 For Application in DOE Nuclear Projects Training Workshop held on May 14, 2015.

  6. Personnel Selection, Qualification, and Training Requirements for DOE Nuclear Facilities

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2001-07-12

    To establish selection, qualification, and training requirements for management and operating (M&O) contractor personnel involved in the operation, maintenance, and technical support of Department of Energy and National Nuclear Security Administration Category A and B reactors and non-reactor nuclear facilities. Canceled by DOE O 426.2

  7. SECURITY AND CYBER REPORTS | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    SECURITY AND CYBER REPORTS SECURITY AND CYBER REPORTS Office of Security Assessments Office of Security Assessments - Report Titles

  8. Requirements Crosswalk of DOE-STD-1104-2014 | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Requirements Crosswalk of DOE-STD-1104-2014 Requirements Crosswalk of DOE-STD-1104-2014 February 5, 2015 Requirements Crosswalk from DOE-STD-1104-2009 going to DOE-STD-1104-2014. This document provides a requirements Crosswalk from DOE-STD-1104-2009 going to DOE-STD-1104-2014. Requirements Crosswalk of DOE-STD-1104-2014 (339.11 KB) More Documents & Publications DOE-STD-1104-2014 Training Crosswalk of DOE-STD-1104 Bases of Approval DOE-STD-1104-2014 Master Acronym List

  9. Strengthening Cyber Security

    Energy Savers

    Cyber attacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple ...

  10. Cyber sleuths face off

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Hacking skills put to the test in week of hands-on cyber warfare training LOS ALAMOS, New ... "Tracer FIRE 2," as the event is titled, will be a collaborative information security ...

  11. Metaphors for cyber security.

    SciTech Connect (OSTI)

    Moore, Judy Hennessey; Parrott, Lori K.; Karas, Thomas H.

    2008-08-01

    This report is based upon a workshop, called 'CyberFest', held at Sandia National Laboratories on May 27-30, 2008. Participants in the workshop came from organizations both outside and inside Sandia. The premise of the workshop was that thinking about cyber security from a metaphorical perspective could lead to a deeper understanding of current approaches to cyber defense and perhaps to some creative new approaches. A wide range of metaphors was considered, including those relating to: military and other types of conflict, biological, health care, markets, three-dimensional space, and physical asset protection. These in turn led to consideration of a variety of possible approaches for improving cyber security in the future. From the proposed approaches, three were formulated for further discussion. These approaches were labeled 'Heterogeneity' (drawing primarily on the metaphor of biological diversity), 'Motivating Secure Behavior' (taking a market perspective on the adoption of cyber security measures) and 'Cyber Wellness' (exploring analogies with efforts to improve individual and public health).

  12. Katrin Heitmann DOE HEP/ASCR Exascale Requirements Review

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Katrin Heitmann DOE HEP/ASCR Exascale Requirements Review June 10, 2015 Computational Cosmology Katrin Heitmann, Los Alamos National Laboratory Benasque Cosmology Workshop, August 2010 Roles of Cosmological Simulations in DE Survey Science * First part of end-to-end simulation * Control of systematics (1) Cosmology simulations and the survey (2) Solving the Inverse Problem from the LSST Science Book Cosmology Mock catalogs Athmosphere Optics Detector Images * Exploring fundamental physics *

  13. Departmental Cyber Security Management Policy

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2001-05-08

    The Departmental Cyber Security Management (DCSM) Policy was developed to further clarify and support the elements of the Integrated Safeguards and Security Management (ISSM) Policy regarding cyber security. Certified 9-23-10. No cancellation.

  14. Management of Naval Reactors' Cyber Security Program, OIG-0884

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Naval Reactors' Cyber Security Program DOE/IG-0884 April 2013 U.S. Department of Energy Office of Inspector General Office of Audits and Inspections Department of Energy Washington, DC 20585 April 12, 2013 MEMORANDUM FOR THE SECRETARY FROM: Gregory H. Friedman Inspector General SUBJECT: INFORMATION: Audit Report on "Management of Naval Reactors' Cyber Security Program" INTRODUCTION AND OBJECTIVE The Naval Reactors Program (Naval Reactors), an organization within the National Nuclear

  15. Continuous Monitoring And Cyber Security For High Performance Computing

    Office of Scientific and Technical Information (OSTI)

    (Conference) | SciTech Connect Conference: Continuous Monitoring And Cyber Security For High Performance Computing Citation Details In-Document Search Title: Continuous Monitoring And Cyber Security For High Performance Computing Authors: Malin, Alex B. [1] ; Van Heule, Graham K. [1] + Show Author Affiliations Los Alamos National Laboratory Publication Date: 2013-08-02 OSTI Identifier: 1089452 Report Number(s): LA-UR-13-21921 DOE Contract Number: AC52-06NA25396 Resource Type: Conference

  16. Cyber Dynamic Impact Modeling Engine

    Energy Science and Technology Software Center (OSTI)

    2014-07-01

    As the rate, sophistication, and potential damage of cyber attacks continue to grow, the latency of human-speed analysis and response is becoming increasingly costly. Intelligent response to detected attacks and other malicious activity requires both knowledge of the characteristics of the attack as well as how resources involved in the attack related to the mission of the organization. Cydime fills this need by estimating a key component of intrusion detection and response automation: the relationshipmore » type and strength between the target organization and the potential attacker.« less

  17. Office of Cyber Assessments (EA)-21 Assessment Process Guide - July 2016

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    | Department of Energy Cyber Assessments (EA)-21 Assessment Process Guide - July 2016 Office of Cyber Assessments (EA)-21 Assessment Process Guide - July 2016 July 2016 The EA-21 Assessment Process Guide describes the processes, techniques, and procedures used by EA-21 to evaluate DOE's (including the National Nuclear Security Administration) and contractor organizations' cyber security programs designed to protect special nuclear material, classified information, and sensitive information.

  18. Implementation of DOE NPH Requirements at the Thomas Jefferson...

    Office of Environmental Management (EM)

    Facility (TJNAF), a Non-Nuclear DOE Lab David Luke, DOE, Thomas Jefferson Site Office Stephen McDuffie, DOE, Office of the Chief of Nuclear Safety PDF icon Implementation of DOE...

  19. DOE Cyber—An Enterprise Approach: Excellence Through Innovation & Integration

    Energy.gov [DOE]

    In alignment with the DOE Cyber Strategy, the Office of the Chief Information Officer (OCIO) will host the DOE Cyber Conference, September 19-22, 2016 in Atlanta, Georgia. 

  20. Cyber threat metrics.

    SciTech Connect (OSTI)

    Frye, Jason Neal; Veitch, Cynthia K.; Mateski, Mark Elliot; Michalski, John T.; Harris, James Mark; Trevino, Cassandra M.; Maruoka, Scott

    2012-03-01

    Threats are generally much easier to list than to describe, and much easier to describe than to measure. As a result, many organizations list threats. Fewer describe them in useful terms, and still fewer measure them in meaningful ways. This is particularly true in the dynamic and nebulous domain of cyber threats - a domain that tends to resist easy measurement and, in some cases, appears to defy any measurement. We believe the problem is tractable. In this report we describe threat metrics and models for characterizing threats consistently and unambiguously. The purpose of this report is to support the Operational Threat Assessment (OTA) phase of risk and vulnerability assessment. To this end, we focus on the task of characterizing cyber threats using consistent threat metrics and models. In particular, we address threat metrics and models for describing malicious cyber threats to US FCEB agencies and systems.

  1. UVI Cyber-security Workshop Workshop Analysis.

    SciTech Connect (OSTI)

    Kuykendall, Tommie G.; Allsop, Jacob Lee; Anderson, Benjamin Robert; Boumedine, Marc; Carter, Cedric; Galvin, Seanmichael Yurko; Gonzalez, Oscar; Lee, Wellington K.; Lin, Han Wei; Morris, Tyler Jake; Nauer, Kevin S.; Potts, Beth A.; Ta, Kim Thanh; Trasti, Jennifer; White, David R.

    2015-07-08

    The cybersecurity consortium, which was established by DOE/NNSA’s Minority Serving Institutions Partnerships Program (MSIPP), allows students from any of the partner schools (13 HBCUs, two national laboratories, and a public school district) to have all consortia options available to them, to create career paths and to open doors to DOE sites and facilities to student members of the consortium. As a part of this year consortium activities, Sandia National Laboratories and the University of Virgin Islands conducted a week long cyber workshop that consisted of three courses; Digital Forensics and Malware Analysis, Python Programming, and ThunderBird Cup. These courses are designed to enhance cyber defense skills and promote learning within STEM related fields.

  2. IDENTIFICATION OF DOE'S POST-CLOSURE MONITORING NEEDS AND REQUIREMENTS

    SciTech Connect (OSTI)

    M.A. Ebadian, Ph.D.

    1999-01-01

    The 2006 plan sets an ambitious agenda for the U.S. Department of Energy (DOE), Office of Environmental Management (EM) and the remediation of sites contaminated by decades of nuclear weapons production activities. The plan's primary objective is to reduce overall clean up costs by first eliminating the environmental problems that are most expensive to control and safely maintain. In the context of the 2006 Plan, closure refers to the completion of area or facility specific cleanup projects. The cleanup levels are determined by the planned future use of the site or facility. Use restrictions are still undecided for most sites but are highly probable to exclude residential or agricultural activities. Most of the land will be remediated to ''industrial use'' levels with access restrictions and some areas will be closed-off through containment. Portions of the site will be reserved for waste disposal, either as a waste repository or the in-situ immobilization of contaminated soil and groundwater, and land use will be restricted to waste disposal only. The land used for waste disposal will require monitoring and maintenance activities after closure. Most of the land used for industrial use may also require such postclosure activities. The required postclosure monitoring and maintenance activities will be imposed by regulators and stakeholders. Regulators will not approve closure plans without clearly defined monitoring methods using approved technologies. Therefore, among all other more costly and labor-intensive closure-related activities, inadequate planning for monitoring and lack of appropriate monitoring technologies can prevent closure. The purpose of this project is to determine, document, and track the current and evolving postclosure monitoring requirements at DOE-EM sites. This information will aid CMST-CP in guiding its postclosure technology development and deployment efforts.

  3. Cyber Friendly Fire

    SciTech Connect (OSTI)

    Greitzer, Frank L.; Carroll, Thomas E.; Roberts, Adam D.

    2011-09-01

    Cyber friendly fire (FF) is a new concept that has been brought to the attention of Department of Defense (DoD) stakeholders through two workshops that were planned and conducted by the Air Force Research Laboratory (AFRL) and research conducted for AFRL by the Pacific Northwest National Laboratory. With this previous work in mind, we offer a definition of cyber FF as intentional offensive or defensive cyber/electronic actions intended to protect cyber systems against enemy forces or to attack enemy cyber systems, which unintentionally harms the mission effectiveness of friendly or neutral forces. Just as with combat friendly fire, a fundamental need in avoiding cyber FF is to maintain situation awareness (SA). We suggest that cyber SA concerns knowledge of a system's topology (connectedness and relationships of the nodes in a system), and critical knowledge elements such as the characteristics and vulnerabilities of the components that comprise the system (and that populate the nodes), the nature of the activities or work performed, and the available defensive (and offensive) countermeasures that may be applied to thwart network attacks. A training implication is to raise awareness and understanding of these critical knowledge units; an approach to decision aids and/or visualizations is to focus on supporting these critical knowledge units. To study cyber FF, we developed an unclassified security test range comprising a combination of virtual and physical devices that present a closed network for testing, simulation, and evaluation. This network offers services found on a production network without the associated costs of a real production network. Containing enough detail to appear realistic, this virtual and physical environment can be customized to represent different configurations. For our purposes, the test range was configured to appear as an Internet-connected Managed Service Provider (MSP) offering specialized web applications to the general public. The

  4. PACIFIC NORTHWEST CYBER SUMMIT

    SciTech Connect (OSTI)

    Lesperance, Ann M.; Matlock, Gordon W.; Becker-Dippmann, Angela S.; Smith, Karen S.

    2013-08-07

    On March 26, 2013, the Snohomish County Public Utility District (PUD) and the U.S. Department of Energy’s (DOE’s) Pacific Northwest National Laboratory (PNNL) jointly hosted the Pacific Northwest Cyber Summit with the DOE’s Office of Electricity Delivery and Energy Reliability, the White House, Washington State congressional delegation, Washington State National Guard, and regional energy companies.

  5. Comparison of selected DOE and non-DOE requirements, standards, and practices for Low-Level Radioactive Waste Disposal

    SciTech Connect (OSTI)

    Cole, L.; Kudera, D.; Newberry, W.

    1995-12-01

    This document results from the Secretary of Energy`s response to Defense Nuclear Facilities Safety Board Recommendation 94--2. The Secretary stated that the US Department of Energy (DOE) would ``address such issues as...the need for additional requirements, standards, and guidance on low-level radioactive waste management. `` The authors gathered information and compared DOE requirements and standards for the safety aspects Of low-level disposal with similar requirements and standards of non-DOE entities.

  6. International inspection activity impacts upon DOE safeguards requirements

    SciTech Connect (OSTI)

    Zack, N.R.; Crawford, D.W.

    1995-09-01

    The US has placed certain special nuclear materials declared excess to their strategic needs under international safeguards through the International Atomic Energy Agency (IAEA). This Presidential initiative has obligated materials at several Department of Energy (DOE) facilities for these safeguards activities to demonstrate the willingness of the US to ban production or use of nuclear materials outside of international safeguards. However, IAEA inspection activities generally tend to be intrusive in nature and are not consistent with several domestic safeguards procedures implemented to reduce worker radiation exposures and increase the cost-effectiveness and efficiency of accounting for and storing of special nuclear materials. To help identify and provide workable solutions to these concerns, the Office of Safeguards and Security has conducted a program to determine possible changes to the DOE safeguards and security requirements designed to help facilities under international safeguards inspections more easily comply with domestic safeguards goals during international inspection activities. This paper will discuss the impact of international inspection activities on facility safeguards operations and departmental safeguards procedures and policies.

  7. Modeling Cyber Conflicts Using an Extended Petri Net Formalism

    SciTech Connect (OSTI)

    Zakrzewska, Anita N; Ferragut, Erik M

    2011-01-01

    When threatened by automated attacks, critical systems that require human-controlled responses have difficulty making optimal responses and adapting protections in real- time and may therefore be overwhelmed. Consequently, experts have called for the development of automatic real-time reaction capabilities. However, a technical gap exists in the modeling and analysis of cyber conflicts to automatically understand the repercussions of responses. There is a need for modeling cyber assets that accounts for concurrent behavior, incomplete information, and payoff functions. Furthermore, we address this need by extending the Petri net formalism to allow real-time cyber conflicts to be modeled in a way that is expressive and concise. This formalism includes transitions controlled by players as well as firing rates attached to transitions. This allows us to model both player actions and factors that are beyond the control of players in real-time. We show that our formalism is able to represent situational aware- ness, concurrent actions, incomplete information and objective functions. These factors make it well-suited to modeling cyber conflicts in a way that allows for useful analysis. MITRE has compiled the Common Attack Pattern Enumera- tion and Classification (CAPEC), an extensive list of cyber attacks at various levels of abstraction. CAPEC includes factors such as attack prerequisites, possible countermeasures, and attack goals. These elements are vital to understanding cyber attacks and to generating the corresponding real-time responses. We demonstrate that the formalism can be used to extract precise models of cyber attacks from CAPEC. Several case studies show that our Petri net formalism is more expressive than other models, such as attack graphs, for modeling cyber conflicts and that it is amenable to exploring cyber strategies.

  8. Nuclear Safety Requirements DOE O 410.1 | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Requirements DOE O 410.1 Nuclear Safety Requirements DOE O 410.1 DOE O 410.1 Attachment 1 Contains a list the requirements requiring CTA concurrence prior to granting exemptions or exceptions. Table 1 contains the updated version (as of September 2016) of the requirements corresponding to requirements established in Attachment 1 of the 2007 DOE O 410.1. Table 1 also identifies the Office of Primary Interest and the Responsible EM-CNS Staff for each requirement. DOE O 410.1 Attachment 2 Contains

  9. Cyber security best practices for the nuclear industry

    SciTech Connect (OSTI)

    Badr, I.

    2012-07-01

    When deploying software based systems, such as, digital instrumentation and controls for the nuclear industry, it is vital to include cyber security assessment as part of architecture and development process. When integrating and delivering software-intensive systems for the nuclear industry, engineering teams should make use of a secure, requirements driven, software development life cycle, ensuring security compliance and optimum return on investment. Reliability protections, data loss prevention, and privacy enforcement provide a strong case for installing strict cyber security policies. (authors)

  10. Process Control System Cyber Security Standards - An Overview

    SciTech Connect (OSTI)

    Robert P. Evans

    2006-05-01

    The use of cyber security standards can greatly assist in the protection of process control systems by providing guidelines and requirements for the implementation of computer-controlled systems. These standards are most effective when the engineers and operators, using the standards, understand what each standard addresses. This paper provides an overview of several standards that deal with the cyber security of process measurements and control systems.

  11. EVMS Training Snippet: 1.1 DOE Order 413.3B EVM Requirements...

    Energy Savers

    1 DOE Order 413.3B EVM Requirements EVMS Training Snippet: 1.1 DOE Order 413.3B EVM Requirements This EVMS Training Snippet, sponsored by the Office of Project Management (PM), ...

  12. Applying DOE O 414.1C and NQA-1 Requirements to ISM Software...

    Office of Environmental Management (EM)

    Applying DOE O 414.1C and NQA-1 Requirements to ISM Software Applying DOE O 414.1C and NQA-1 Requirements to ISM Software August 2009 Presenter: Norman P. Moreau, Theseus ...

  13. DOE Proposes Requirement for Certification of Admissibility for...

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    subject to an applicable energy conservation standard provide, prior to ... compliant with all applicable energy conservation standards, using DOE's Compliance ...

  14. The Cyber Security Crisis

    ScienceCinema (OSTI)

    Spafford, Eugene [Purdue University, West Lafayette, Indiana, United States

    2016-07-12

    Despite considerable activity and attention, the overall state of information security continues to get worse. Attacks are increasing, fraud and theft are rising, and losses may exceed $100 billion per year worldwide. Many factors contribute to this, including misplaced incentives for industry, a lack of attention by government, ineffective law enforcement, and an uninformed image of who the perpetrators really are. As a result, many of the intended attempts at solutions are of limited (if any) overall effectiveness. This presentation will illustrate some key aspects of the cyber security problem and its magnitude, as well as provide some insight into causes and enabling factors. The talk will conclude with some observations on how the computing community can help improve the situation, as well as some suggestions for 'cyber self-defense.'

  15. Table 4. DOE Technical Standards Requiring Central Technical Authority (CTA) Concurrence

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    4. DOE Technical Standards Requiring Central Technical Authority (CTA) Concurrence Prior to Any Revisions or Cancellation DOE Technical Standards as of September 2016 1 (Corresponding archived Technical Standards as listed in 2007 DOE O 410.1) Title Office of Primary Interest Responsible EM- CNS Staff 1 DOE-STD-1020-2012 (DOE-STD-1020-2002, DOE-STD-1021-93, DOE-STD-1022-94, DOE-STD-1023-95) Natural Phenomena Hazards Design and Evaluation Criteria for DOE Facilities Office of Environment, Health,

  16. Notice of Intent to Develop DOE O 470.6, Integrating Existing Technical Security Program Requirements

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2013-08-21

    This memorandum provides justification for the development of one integrated and consolidated set of requirements for the Department of Energy (DOE) Technical Security Program (TSP). This Order will combine the existing necessary requirements from DOE Manual (M) 205.1-3, Telecommunications Security Manual, dated 4-17-2006 and DOE M 470.4-4A chg.1, Information Security Manual, dated 10-12-2010; Section D -Technical Surveillance Countermeasures, into a single DOE Order defining the DOE TSP.

  17. DOE NEPA Guidance and Requirements - Search Index - List of Contents...

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    the NEPA Process - Interim Actions DOE2003 Administrative Record Guidance DOJ1991 Aligning the NEPA Process with EMS CEQ2007 Alternative Actions For Analysis in ...

  18. DOE NEPA Guidance and Requirements - Search Index - List of Contents...

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Collaboration in NEPA: A Handbook for NEPA Practitioners ... - EJ in Minority and Low-income Populations EOP1994 EO ... Policy on EIS Distribution DOE2006 Policy on ...

  19. Headquarters Facilities Master Security Plan - Chapter 14, Cyber...

    Energy Savers

    Headquarters Facilities Master Security Plan - Chapter 14, Cyber Security 2016 Headquarters Facilities Master Security Plan - Chapter 14, Cyber Security HQ cyber security ...

  20. DOE TRANSCOM Technical Support Services DE-EM0002903 SECTION J - LIST OF ATTACHMENTS

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    1 LIST OF APPLICABLE DOE DIRECTIVES The Contractor shall comply with the requirements of the DOE Directives identified below. DOE directives may be found at http://www.directives.doe.gov/. Regulation and Number Regulation Title DOE O 150.1 Continuity Programs DOE O 200.1A Information Technology Management DOE O 203.1 Limited Personal use of Government Office Equipment including Information Technology DOE O 205.1B Chg 2 Department of Energy Cyber Security Program DOE O 206.1 Department of Energy

  1. DOE Requires Manufacturers to Halt Sales of Heat Pumps and Air...

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Media contact(s): (202) 586-4940 Addthis Related Articles DOE Requires Manufacturers to Halt Sales of Heat Pumps and Air Conditioners Violating Minimum Appliance Standards DOE Orders ...

  2. DOE NEPA Guidance and Requirements - Search Index - Table of...

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Congress 1970 Collaboration in NEPA a Handbook for NEPA ... EO 12898 - EJ in Minority and Low-income Populations EOP ... EPA 2008 Policy on EIS Distribution DOE 2006 Policy on NEPA ...

  3. Risk Assessment Tool - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Risk Assessment Technical Experts Working Group Risk Assessment Technical Experts Working Group The Risk Assessment Technical Experts Working Group (RWG) is established to assist DOE in the appropriate and effective use of quantitative risk assessment in nuclear safety related activities. The activities of the group will help DOE ensure that risk assessments supporting nuclear safety decisions are conducted in a consistent manner, of appropriate quality, properly tailored to the needs of the

  4. Defense of Cyber Infrastructures Against Cyber-Physical Attacks Using Game-Theoretic Models

    SciTech Connect (OSTI)

    Rao, Nageswara S. V.; Poole, Stephen W.; Ma, Chris Y. T.; He, Fei; Zhuang, Jun; Yau, David K. Y.

    2015-04-06

    The operation of cyber infrastructures relies on both cyber and physical components, which are subject to incidental and intentional degradations of different kinds. Within the context of network and computing infrastructures, we study the strategic interactions between an attacker and a defender using game-theoretic models that take into account both cyber and physical components. The attacker and defender optimize their individual utilities expressed as sums of cost and system terms. First, we consider a Boolean attack-defense model, wherein the cyber and physical sub-infrastructures may be attacked and reinforced as individual units. Second, we consider a component attack-defense model wherein their components may be attacked and defended, and the infrastructure requires minimum numbers of both to function. We show that the Nash equilibrium under uniform costs in both cases is computable in polynomial time, and it provides high-level deterministic conditions for the infrastructure survival. When probabilities of successful attack and defense, and of incidental failures are incorporated into the models, the results favor the attacker but otherwise remain qualitatively similar. This approach has been motivated and validated by our experiences with UltraScience Net infrastructure, which was built to support high-performance network experiments. In conclusion, the analytical results, however, are more general, and we apply them to simplified models of cloud and high-performance computing infrastructures.

  5. Defense of Cyber Infrastructures Against Cyber-Physical Attacks Using Game-Theoretic Models

    DOE PAGES-Beta [OSTI]

    Rao, Nageswara S. V.; Poole, Stephen W.; Ma, Chris Y. T.; He, Fei; Zhuang, Jun; Yau, David K. Y.

    2015-04-06

    The operation of cyber infrastructures relies on both cyber and physical components, which are subject to incidental and intentional degradations of different kinds. Within the context of network and computing infrastructures, we study the strategic interactions between an attacker and a defender using game-theoretic models that take into account both cyber and physical components. The attacker and defender optimize their individual utilities expressed as sums of cost and system terms. First, we consider a Boolean attack-defense model, wherein the cyber and physical sub-infrastructures may be attacked and reinforced as individual units. Second, we consider a component attack-defense model wherein theirmore » components may be attacked and defended, and the infrastructure requires minimum numbers of both to function. We show that the Nash equilibrium under uniform costs in both cases is computable in polynomial time, and it provides high-level deterministic conditions for the infrastructure survival. When probabilities of successful attack and defense, and of incidental failures are incorporated into the models, the results favor the attacker but otherwise remain qualitatively similar. This approach has been motivated and validated by our experiences with UltraScience Net infrastructure, which was built to support high-performance network experiments. In conclusion, the analytical results, however, are more general, and we apply them to simplified models of cloud and high-performance computing infrastructures.« less

  6. Cyber Security Evaluation Tool

    SciTech Connect (OSTI)

    2009-08-03

    CSET is a desktop software tool that guides users through a step-by-step process to assess their control system network security practices against recognized industry standards. The output from CSET is a prioritized list of recommendations for improving the cyber security posture of your organization?¢????s ICS or enterprise network. CSET derives the recommendations from a database of cybersecurity standards, guidelines, and practices. Each recommendation is linked to a set of actions that can be applied to enhance cybersecurity controls.

  7. Cyber Security Evaluation Tool

    Energy Science and Technology Software Center (OSTI)

    2009-08-03

    CSET is a desktop software tool that guides users through a step-by-step process to assess their control system network security practices against recognized industry standards. The output from CSET is a prioritized list of recommendations for improving the cyber security posture of your organization’s ICS or enterprise network. CSET derives the recommendations from a database of cybersecurity standards, guidelines, and practices. Each recommendation is linked to a set of actions that can be applied tomore » enhance cybersecurity controls.« less

  8. Process Control System Cyber Security Standards - An Overview

    SciTech Connect (OSTI)

    Robert P. Evans; V Stanley Scown; Rolf Carlson; Shabbir Shamsuddin; George Shaw; Jeff Dagle; Paul W Oman; Jeannine Schmidt

    2005-10-01

    The use of cyber security standards can greatly assist in the protection of critical infrastructure by providing guidelines and requisite imperatives in the implementation of computer-controlled systems. These standards are most effective when the engineers and operators using the standards understand what each of the standards addresses and does not address. This paper provides a review and comparison of ten documents dealing with control system cyber security. It is not meant to be a complete treatment of all applicable standards; rather, this is an exemplary analysis showing the benefits of comparing and contrasting differing documents.

  9. Cyber and physical infrastructure interdependencies.

    SciTech Connect (OSTI)

    Phillips, Laurence R.; Kelic, Andjelka; Warren, Drake E.

    2008-09-01

    The goal of the work discussed in this document is to understand the risk to the nation of cyber attacks on critical infrastructures. The large body of research results on cyber attacks against physical infrastructure vulnerabilities has not resulted in clear understanding of the cascading effects a cyber-caused disruption can have on critical national infrastructures and the ability of these affected infrastructures to deliver services. This document discusses current research and methodologies aimed at assessing the translation of a cyber-based effect into a physical disruption of infrastructure and thence into quantification of the economic consequences of the resultant disruption and damage. The document discusses the deficiencies of the existing methods in correlating cyber attacks with physical consequences. The document then outlines a research plan to correct those deficiencies. When completed, the research plan will result in a fully supported methodology to quantify the economic consequences of events that begin with cyber effects, cascade into other physical infrastructure impacts, and result in degradation of the critical infrastructure's ability to deliver services and products. This methodology enables quantification of the risks to national critical infrastructure of cyber threats. The work addresses the electric power sector as an example of how the methodology can be applied.

  10. WPN 10-13: ARRA Reporting Requirements: OMB Quarterly and DOE Monthly

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Reporting Requirements Under the American Recovery and Reinvestment Act of 2009 for the Weatherization Assistance Program | Department of Energy : ARRA Reporting Requirements: OMB Quarterly and DOE Monthly Reporting Requirements Under the American Recovery and Reinvestment Act of 2009 for the Weatherization Assistance Program WPN 10-13: ARRA Reporting Requirements: OMB Quarterly and DOE Monthly Reporting Requirements Under the American Recovery and Reinvestment Act of 2009 for the

  11. WPN 10-13a: ARRA Reporting Requirements: OMB Quarterly and DOE Monthly

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Reporting Requirements under the American Recovery and Reinvestment Act of 2009 for the Weatherization Assistance Program | Department of Energy a: ARRA Reporting Requirements: OMB Quarterly and DOE Monthly Reporting Requirements under the American Recovery and Reinvestment Act of 2009 for the Weatherization Assistance Program WPN 10-13a: ARRA Reporting Requirements: OMB Quarterly and DOE Monthly Reporting Requirements under the American Recovery and Reinvestment Act of 2009 for the

  12. DOE Requires Air-Con International to Cease Sales of Inefficient...

    Energy Savers

    Air-Con International to Cease Sales of Inefficient Air Conditioners and Proposes Penalties DOE Requires Air-Con International to Cease Sales of Inefficient Air Conditioners and ...

  13. Review Policy / Proposal Guidelines / Reporting Requirements| U.S. DOE

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Office of Science (SC) Review Policy / Proposal Guidelines / Reporting Requirements High Energy Physics (HEP) HEP Home About Research Facilities Science Highlights Benefits of HEP Funding Opportunities Closed Funding Opportunity Announcements (FOAs) Closed Lab Announcements Award Search / Public Abstracts HEP Early Career Opportunities Review Policy / Proposal Guidelines / Reporting Requirements Additional Requirements and Guidance for Digital Data Management Acknowledgements of Federal

  14. Enforcement handbook: Enforcement of DOE nuclear safety requirements

    SciTech Connect (OSTI)

    1995-06-01

    This Handbook provides detailed guidance and procedures to implement the General Statement of DOE Enforcement Policy (Enforcement Policy or Policy). A copy of this Enforcement Policy is included for ready reference in Appendix D. The guidance provided in this Handbook is qualified, however, by the admonishment to exercise discretion in determining the proper disposition of each potential enforcement action. As discussed in subsequent chapters, the Enforcement and Investigation Staff will apply a number of factors in assessing each potential enforcement situation. Enforcement sanctions are imposed in accordance with the Enforcement Policy for the purpose of promoting public and worker health and safety in the performance of activities at DOE facilities by DOE contractors (and their subcontractors and suppliers) who are indemnified under the Price-Anderson Amendments Act. These indemnified contractors, and their suppliers and subcontractors, will be referred to in this Handbook collectively as DOE contractors. It should be remembered that the purpose of the Department`s enforcement policy is to improve nuclear safety for the workers and the public, and this goal should be the prime consideration in exercising enforcement discretion.

  15. DOE Office of Science Exascale Requirements Reviews: Target 2020-2025

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Basic Energy Sciences Fusion Energy Sciences Biological and Environmental Research Nuclear Physics Advanced Scientific Computing Research Requirements Reviews: Target 2017 Requirements Reviews: Target 2014 Overview Published Reports Case Study FAQs NERSC HPC Achievement Awards Share Your Research User Submitted Research Citations NERSC Citations Home » Science at NERSC » HPC Requirements Reviews » Exascale Requirements Reviews DOE Office of Science Exascale Requirements Reviews: Target

  16. Browse Draft Directives - DOE Directives, Delegations, and Requirement...

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Accessibility Text size: (Requires JavaScript) Large Normal Small This site uses the Open Source Content Management System Plone and has been designed to be completely accessible...

  17. DOE Requires Manufacturer and Labeler to Cease Sale of Incandescent...

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    of Non-Compliance Determination to Westinghouse Lighting Corporation and Fuzhou Sunlight Lighting Electrical Appliance Company requiring that they halt the sale of 8 basic...

  18. RevCom - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    RevCom by Website Administrator RevCom is the online review, comment, and approval system for draft DOE directives. Login to RevCom For access to RevCom, contact your local Directives Point of Contact (DPC) or contact Technical Support. For information about how to use RevCom, see the User Guide and Tutorials. Choose your user role to login. Directives Point of Contact and Delegates Subject Matter Experts and Reviewers Writers Monitors

  19. INL@Work Cyber Security

    ScienceCinema (OSTI)

    Chaffin, May

    2013-05-28

    May Chaffin is one of many Idaho National Laboratory researchers who are helping secure the nation's critical infrastructure from cyber attacks. Lots more content like this is available at INL's facebook page http://www.facebook.com/idahonationallaboratory.

  20. INL@Work Cyber Security

    SciTech Connect (OSTI)

    Chaffin, May

    2010-01-01

    May Chaffin is one of many Idaho National Laboratory researchers who are helping secure the nation's critical infrastructure from cyber attacks. Lots more content like this is available at INL's facebook page http://www.facebook.com/idahonationallaboratory.

  1. Visualizing Cyber Security: Usable Workspaces

    SciTech Connect (OSTI)

    Fink, Glenn A.; North, Christopher L.; Endert, Alexander; Rose, Stuart J.

    2009-10-11

    An environment that supports cyber analytics work should enable multiple, simultaneous investigations, information foraging, and provide a solution space for organizing data. We describe our study of cyber security professionals and visualizations in a large, high-resolution display work environment. We discuss the tasks and needs of analysts that such an environment can support and present several prototypes designed to support these needs. We conclude with a usability evaluation of the prototypes and additional lessons learned.

  2. National Security and Cyber Security

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    National Security and Cyber Security National Security and Cyber Security National security depends on science and technology. The United States relies on Los Alamos National Laboratory for the best of both. No place on Earth pursues a broader array of world-class scientific endeavors. Contact thumbnail of Business Development Business Development Richard P. Feynman Center for Innovation (505) 665-9090 Email National security and weapons science at the laboratory spans essentially all the

  3. DOE Advisory and Assistance Services Contract Task Order 21: Operational Requirements for Standardized Dry Fuel

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    24 DOE Advisory and Assistance Services Contract Task Order 21: Operational Requirements for Standardized Dry Fuel Canister Systems UPDATED FINAL REPORT June 19, 2015 Prepared by Task Order 21: Operational Requirements for Standardized Dry Fuel Canister Systems Page 2 of 224 Revision History Revision Date Reason for Revision Originator Preliminary February 12, 2015 Preliminary Report for DOE Review I. Thomas Draft Final April 15, 2015 Draft Final Report for DOE Review I. Thomas Final May 20,

  4. Enforcement Guidance Supplement 99-02, DOE Enforcement Activities of Internal Dosimetry Program Requirements

    Office of Environmental Management (EM)

    EGS 99-02 Appendix E - Operational Procedures for Enforcement Department of Energy Washington, DC 20585 July 16, 1999 MEMORANDUM FOR DOE PAAA COORDINATORS CONTRACTOR PAAA COORDINATORS FROM: R. KEITH CHRISTOPHER DIRECTOR OFFICE OF ENFORCEMENT AND INVESTIGATION SUBJECT: Enforcement Guidance Supplement 99-02: DOE Enforcement Activities of Internal Dosimetry Program Requirements Section 1.3 of the Operational Procedure entitled Enforcement of DOE Nuclear Safety Requirements under Price-Anderson

  5. DOE Testing Reveals Samsung Refrigerator Does Not Meet Energy Star Requirements

    Energy.gov [DOE]

    DOE-initiated testing has revealed that a Samsung refrigerator (model RF26VAB), which the company had claimed was Energy Star compliant, consumed more energy than permitted by the Energy Star...

  6. Tensions in collaborative cyber security and how they affect incident detection and response

    SciTech Connect (OSTI)

    Fink, Glenn A.; McKinnon, Archibald D.; Clements, Samuel L.; Frincke, Deborah A.

    2009-12-01

    Security often requires collaboration, but when multiple stakeholders are involved, it is typical for their priorities to differ or even conflict with one another. In todays increasingly networked world, cyber security collaborations may span organizations and countries. In this chapter, we address collaboration tensions, their effects on incident detection and response, and how these tensions may potentially be resolved. We present three case studies of collaborative cyber security within the U.S. government and discuss technical, social, and regulatory challenges to collaborative cyber security. We suggest possible solutions, and present lessons learned from conflicts. Finally, we compare collaborative solutions from other domains and apply them to cyber security collaboration. Although we concentrate our analysis on collaborations whose purpose is to achieve cyber security, we believe that this work applies readily to security tensions found in collaborations of a general nature as well.

  7. ABB and Energy Utilities Form Consortium to Fund SCADA/EMS Cyber Security

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Assessment at National SCADA Test Bed | Department of Energy ABB and Energy Utilities Form Consortium to Fund SCADA/EMS Cyber Security Assessment at National SCADA Test Bed ABB and Energy Utilities Form Consortium to Fund SCADA/EMS Cyber Security Assessment at National SCADA Test Bed Twelve utilities have formed a consortium with ABB, a supervisory control and data acquisition (SCADA) system vendor, to privately fund advanced research and testing through the U.S. Department of Energy's (DOE)

  8. DOE SC Exascale Requirements Review: High Energy Physics

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    SC Exascale Requirements Review: High Energy Physics Bethesda Hyatt, June 10, 2015 Jim Siegrist Associate Director for High Energy Physics Office of Science, U.S. Department of Energy HEP Computing and Data Challenges * What's new? * In May 2014, the U.S. particle physics community updated its vision for the future - The P5 (Particle Physics Project Prioritization Panel) report presents a strategy for the next decade and beyond that enables discovery and maintains our position as a global leader

  9. Directives Review Board - DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Directives Review Board by Website Administrator Departmental Elements Oversight of Departmental Requirements Members Organizations Represented Ingrid Kolb, Chair Office of Management (MA) Office of the Chief Financial Officer (CF) Office of Congressional and Intergovernmental Affairs (CI) Office of Energy Policy and Systems Analysis (EPSA) Office of Inspector General (IG) Office of Intelligence and Counterintelligence (IN) Office of International Affairs (IA) Office of Public Affairs (PA)

  10. DOE Order 458.1 Property Clearance Requirements and Factors Considered to Update Its Clearance Limits

    Office of Energy Efficiency and Renewable Energy (EERE)

    DOE Order 458.1 Property Clearance Requirements and Factors Considered to Update Its Clearance Limits Carlos Corredor*, U.S. Department of Energy ;Gustavo Vasquez, U.S. Department of Energy; Derek Favret, U.S. Department of Energy This presentation will provide an explanation of the property clearance requirements contained in DOE O 458.1, including the methods to release or clear property: process knowledge and authorized limits. In addition, it will provide a special focus on the efforts to update the surface guidelines table in DOE directives. In planning to update its property clearance criteria DOE is considering many factors; such as their protectiveness, whether they are dose-based, consistency with voluntary consensus standards and national and international radiation protection recommendations, and consistency with DOE dose constraints. One option being considered is a hybrid approach using a national consensus standard for personal property and DOE derived values for real property.

  11. Requirements for shipment of DOE radioactive mixed waste

    SciTech Connect (OSTI)

    Gablin, K.; No, Hyo; Herman, J.

    1993-08-01

    There are several sources of radioactive mixed waste (RMW) at Argonne National Laboratory which, in the past, were collected at waste tanks and/or sludge tanks. They were eventually pumped out by special pumps and processed in an evaporator located in the waste operations area in Building No. 306. Some of this radioactive mixed waste represents pure elementary mercury. These cleaning tanks must be manually cleaned up because the RMW material was too dense to pump with the equipment in use. The four tanks being discussed in this report are located in Building No. 306. They are the Acid Waste Tank, IMOX/FLOC Tanks, Evaporation Feed Tanks, and Waste Storage Tanks. All of these tanks are characterized and handled separately. This paper discusses the process and the requirements for characterization and the associated paperwork for Argonne Waste to be shipped to Westinghouse Hanford Company for storage.

  12. Introduction to DOE Order 435.1 Low Level Radioactive Waste Disposal Requirements

    Energy.gov [DOE]

    Introduction to DOE Order 435.1 Low Level Radioactive Waste Disposal Requirements Christine Gelles*, U.S. Department of Energy ; Edward Regnier, U.S. Department of Energy; Andrew Wallo, U.S. Department of Energy Abstract: The Atomic Energy Act gives the U.S. Department of Energy (US DOE), the authority to regulate the management of radioactive waste generated by US DOE. This session will discuss DOE Order 435.1, which is protective of workers, public, and environment through specific requirements for the generation, treatment, storage, and disposal of US DOE radioactive waste. The Order is divided into four chapters: General Requirements, High-Level Waste, Transuranic Waste and Low-Level Waste. The requirements are consistent with existing promulgated Federal requirements but are specific to waste generated and disposed at US DOE facilities. A technical standard with requirements for documentation supporting the Disposal Authorization for a facility is also being prepared as well as a guide to accompany the Order. US DOE is in the process of updating the Order to maintain consistency with current practices and to increase efficiency in waste management. The draft Order will be available for public comment prior to being finalized.

  13. Cyber Threats to Nuclear Infrastructures

    SciTech Connect (OSTI)

    Robert S. Anderson; Paul Moskowitz; Mark Schanfein; Trond Bjornard; Curtis St. Michel

    2010-07-01

    Nuclear facility personnel expend considerable efforts to ensure that their facilities can maintain continuity of operations against both natural and man-made threats. Historically, most attention has been placed on physical security. Recently however, the threat of cyber-related attacks has become a recognized and growing world-wide concern. Much attention has focused on the vulnerability of the electric grid and chemical industries to cyber attacks, in part, because of their use of Supervisory Control and Data Acquisition (SCADA) systems. Lessons learned from work in these sectors indicate that the cyber threat may extend to other critical infrastructures including sites where nuclear and radiological materials are now stored. In this context, this white paper presents a hypothetical scenario by which a determined adversary launches a cyber attack that compromises the physical protection system and results in a reduced security posture at such a site. The compromised security posture might then be malevolently exploited in a variety of ways. The authors conclude that the cyber threat should be carefully considered for all nuclear infrastructures.

  14. Cyber Security Evaluation of II&C Technologies

    SciTech Connect (OSTI)

    Ken Thomas

    2014-11-01

    The Light Water Reactor Sustainability (LWRS) Program is a research and development program sponsored by the Department of Energy, which is conducted in close collaboration with industry to provide the technical foundations for licensing and managing the long-term, safe and economical operation of current nuclear power plants The LWRS Program serves to help the US nuclear industry adopt new technologies and engineering solutions that facilitate the continued safe operation of the plants and extension of the current operating licenses. Within the LWRS Program, the Advanced Instrumentation, Information, and Control (II&C) Systems Technologies Pathway conducts targeted research and development (R&D) to address aging and reliability concerns with the legacy instrumentation and control and related information systems of the U.S. operating light water reactor (LWR) fleet. The II&C Pathway is conducted by Idaho National Laboratory (INL). Cyber security is a common concern among nuclear utilities and other nuclear industry stakeholders regarding the digital technologies that are being developed under this program. This concern extends to the point of calling into question whether these types of technologies could ever be deployed in nuclear plants given the possibility that the information in them can be compromised and the technologies themselves can potentially be exploited to serve as attack vectors for adversaries. To this end, a cyber security evaluation has been conducted of these technologies to determine whether they constitute a threat beyond what the nuclear plants already manage within their regulatory-required cyber security programs. Specifically, the evaluation is based on NEI 08-09, which is the industry’s template for cyber security programs and evaluations, accepted by the Nuclear Regulatory Commission (NRC) as responsive to the requirements of the nuclear power plant cyber security regulation found in 10 CFR 73.54. The evaluation was conducted by a

  15. Application of Engineering and Technical Requirements for 30, 60, and 90% Design of DOE Nuclear Facilities

    Office of Energy Efficiency and Renewable Energy (EERE)

    This Standard Review Plan (SRP), Application of Engineering and Technical Requirements for 30, 60 and 90% Design of DOE Nuclear Facilities, was developed by the Office of Chief of Nuclear Safety (CNS), Office of the Environmental Management. The SRP is designed to help strengthen the technical rigor of line management oversight and federal monitoring of the design process of DOE nuclear facilities.

  16. DOE Requires Manufacturer and Labeler to Cease Sale of Incandescent Reflector Lamps

    Energy.gov [DOE]

    DOE has issued Notices of Non-Compliance Determination to Westinghouse Lighting Corporation and Fuzhou Sunlight Lighting Electrical Appliance Company requiring that they halt the sale of 8 basic...

  17. Cyber Security Standards.PDF

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    1 I N S P E C T I O N R E P O R T U.S. DEPARTMENT OF ENERGY OFFICE OF INSPECTOR GENERAL OFFICE OF INSPECTIONS INSPECTION OF CYBER SECURITY STANDARDS FOR SENSITIVE PERSONAL INFORMATION NOVEMBER 2001 . DEPARTMENT OF ENERGY OFFICE OF INSPECTOR GENERAL U.S. DEPARTMENT OF ENERGY Washington, DC 20585 November 13, 2001 MEMORANDUM FOR THE SECRETARY FROM: Gregory H. Friedman /s/ Inspector General SUBJECT: INFORMATION: Report on "Inspection of Cyber Security Standards for Sensitive Personal

  18. Application of Engineering and Technical Requirements for DOE Nuclear Facilities Standard Review Plan (SRP)

    Office of Energy Efficiency and Renewable Energy (EERE)

    This Standard Review Plan (SRP), Application of Engineering and Technical Requirements for DOE Nuclear Facilities, was developed by the Chief of Nuclear Safety (CNS)1, Office of the Under Secretary for Nuclear Security, to help strengthen the technical rigor of line management oversight and federal monitoring of DOE nuclear facilities. This SRP (hereafter refers to as the Engineering SRP) provides consistent review guidance to assure that engineering and technical requirements are appropriately applied for the design, operations and disposition2 of DOE nuclear facilities. It is one of a series of three SRPs developed by the CNS. The other two SRPs address: 1) nuclear safety basis program review; and 2) application of requirements of DOE O 413.3B, Program and Project Management for the Acquisition of Capital Assets, and DOE-STD-1189, Integration of Safety into the Design Process, for DOE Critical Decision (CD) review and approval. These SRPs may be revised in the future to reflect changes in the DOE requirements, lessons learned, and experience/insights from nuclear facility design, operations, and disposition.

  19. DOE Issues Energy Sector Cyber Organization NOI

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    the federal government and energy sector stakeholders to protect the bulk power electric grid and aid the integration of smart grid technology to enhance the security of the grid. ...

  20. Recommended Practice: Creating Cyber Forensics Plans for Control Systems

    SciTech Connect (OSTI)

    Eric Cornelius; Mark Fabro

    2008-08-01

    Cyber forensics has been in the popular mainstream for some time, and has matured into an information-technology capability that is very common among modern information security programs. The goal of cyber forensics is to support the elements of troubleshooting, monitoring, recovery, and the protection of sensitive data. Moreover, in the event of a crime being committed, cyber forensics is also the approach to collecting, analyzing, and archiving data as evidence in a court of law. Although scalable to many information technology domains, especially modern corporate architectures, cyber forensics can be challenging when being applied to non-traditional environments, which are not comprised of current information technologies or are designed with technologies that do not provide adequate data storage or audit capabilities. In addition, further complexity is introduced if the environments are designed using proprietary solutions and protocols, thus limiting the ease of which modern forensic methods can be utilized. The legacy nature and somewhat diverse or disparate component aspects of control systems environments can often prohibit the smooth translation of modern forensics analysis into the control systems domain. Compounded by a wide variety of proprietary technologies and protocols, as well as critical system technologies with no capability to store significant amounts of event information, the task of creating a ubiquitous and unified strategy for technical cyber forensics on a control systems device or computing resource is far from trivial. To date, no direction regarding cyber forensics as it relates to control systems has been produced other than what might be privately available from commercial vendors. Current materials have been designed to support event recreation (event-based), and although important, these requirements do not always satisfy the needs associated with incident response or forensics that are driven by cyber incidents. To address these

  1. TA-55 Final Safety Analysis Report Comparison Document and DOE Safety Evaluation Report Requirements

    SciTech Connect (OSTI)

    Alan Bond

    2001-04-01

    This document provides an overview of changes to the currently approved TA-55 Final Safety Analysis Report (FSAR) that are included in the upgraded FSAR. The DOE Safety Evaluation Report (SER) requirements that are incorporated into the upgraded FSAR are briefly discussed to provide the starting point in the FSAR with respect to the SER requirements.

  2. Additional Requirements and Guidance for Digital Data Management | U.S. DOE

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Office of Science (SC) Additional Requirements and Guidance for Digital Data Management Small Business Innovation Research (SBIR) and Small Business Technology Transfer (STTR) SBIR/STTR Home About Funding Opportunity Announcements (FOAs) Applicant and Awardee Resources Quick Links DOE SBIR Online Learning Center External link DOE Phase 0 Small Business Assistance External link Protecting your Trade Secrets, Commercial, and Financial Information Preparing and Submitting a Phase I Letter of

  3. What do the DOE Zero Energy Ready Home Program Specs Actually Require?

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Alternate HVAC Systems & the Need to Use a Credentialed HVAC Contractor What do the DOE Zero Energy Ready Home Program Specs Actually Require? The DOE Zero Energy Ready Home program frequently receives inquiries about the need for qualifying projects to use an HVAC contractor who is certified by an H-QUITO 1 . The DOE Zero Energy Ready Home program incorporates all of the ENERGY STAR Homes provisions. While commissioning is important for all HVAC systems, Versions 3 and 3.1 of the ENERGY

  4. Office of Cyber Assessments - Report Titles | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Cyber Assessments - Report Titles Office of Cyber Assessments - Report Titles 2016 Independent Assessment of the Cyber Security Program at the Special Technologies Laboratory Field Intelligence Element, March 2016 (OUO) Independent Assessment of the Classified Cyber Security Program at the Pantex Plant, April 2016 (OUO) Independent Assessment of the Cyber Security Program at the Pantex Plant Field Intelligence Element, April 2016 (OUO) Independent Assessment of the Cyber Security Program of the

  5. Extension of DOE Directives

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2004-02-12

    The following directives are extended until 8-12-04. DOE N 205.2, Foreign National Access to DOE Cyber Systems, dated 11/1/99. DOE N 205.3, Password Generation, Protection, and Use, dated 11/23/99.

  6. Extension of DOE Directives

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2003-02-24

    This Notice extends the following directives until 2/16/04: DOE N 205.2, Foreign National Access to DOE Cyber Systems, and DOE N 205.3, Password Generation, Protection, and Use, dated 11/23/99-7/1/00.

  7. Extension of DOE Directives

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2004-08-12

    The following directives are extended until 8-12-05: DOE N 205.2, Foreign National Access to DOE Cyber Security Systems, dated 11-1-99 and DOE N 205.3, Password Generation, Protection, and Use, dated 11-23-99. No cancellations.

  8. Extension of DOE Directives

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2005-09-15

    Effective immediately, DOE N 205.2, Foreign National Access to DOE Cyber Systems, dated 11-1-99, and DOE N 205.3, Password Generation, Protection, and Use, dated 11-23-99, are extended until 9-30-06, unless sooner rescinded.

  9. Sandia Energy - Cyber Research Facility Opens at Sandia's California...

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Site Home Energy Assurance Cyber Energy Surety Facilities News News & Events Cybersecurity Technologies Research Laboratory Cyber Research Facility Opens at Sandia's...

  10. Lessons Learned from Cyber Security Assessments of SCADA and...

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems ...

  11. Lessons Learned from Cyber Security Assessments of SCADA and...

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems...

  12. Control Systems Cyber Security: Defense in Depth Strategies ...

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Control Systems Cyber Security: Defense in Depth Strategies Control Systems Cyber Security: Defense in Depth Strategies This document provides guidance and direction for developing ...

  13. NNSA Seeking Comments on Consolidated IT and Cyber Security Support...

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    NNSA Seeking Comments on Consolidated IT and Cyber Security Support Services Draft NNSA Seeking Comments on Consolidated IT and Cyber Security Support Services Draft July 17, 2013...

  14. Before the House Subcommittee on Emerging Threats, Cyber Security...

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Subcommittee on Emerging Threats, Cyber Security and Science and Technology Committee on Homeland Security Before the House Subcommittee on Emerging Threats, Cyber Security and ...

  15. Sandia Energy Cyber Engineering Research Laboratory (CERL...

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    wins-funding-for-programming-in-situ-data-analysisvisualizationfeed 0 Sandia Cyber Engineering Research Laboratory (CERL) Formally Opens http:energy.sandia.gov...

  16. Jefferson Lab - Cyber Physical Systems Summit

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    The three day event will consist of roundtable discussions, plenary and panel presentations across the intersection of cyber and three vectors - Autonomy, Internet of Things (IoT), ...

  17. Guide to Critical Infrastructure Protection Cyber Vulnerability...

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Protection Standards New No-Cost ANTFARM Tool Maps Control System Networks to Help Implement Cyber Security Standards "Cybersecurity for State Regulators" - NARUC Primer (June ...

  18. Information Security: Coordination of Federal Cyber Security...

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    GAO also recommends that the Office of Management and Budget (OMB) issue guidance to agencies for providing cyber security research data to repositories. In commenting on a draft ...

  19. Validating Cyber Security Requirements: A Case Study

    SciTech Connect (OSTI)

    Abercrombie, Robert K; Sheldon, Frederick T; Mili, Ali

    2011-01-01

    Vulnerabilities in a system may have widely varying impacts on system security. In practice, security should not be defined as the absence of vulnerabilities. In practice, security should not be quantified by the number of vulnerabilities. Security should be managed by pursuing a policy that leads us first to the highest impact vulnerabilities. In light of these observations, we argue in favor of shifting our focus from vulnerability avoidance/removal to measurable security attributes. To this effect, we recommend a logic be used for system security, which captures/represents security properties in quantifiable, verifiable, measurable terms so that it is possible to reason about security in terms of its observable/perceptible effects rather than its hypothesized causes. This approach is orthogonal to existing techniques for vulnerability avoidance, removal, detection, and recovery, in the sense that it provides a means to assess, quantify, and combine these techniques.

  20. Integrating total quality management principles with the requirements of DOE Order 5700.6C

    SciTech Connect (OSTI)

    Hedges, D.

    1993-03-01

    The Department of Energy has recently required its field offices, contractors, and subcontractors to implement DOE Order 5700.6C, ``Quality Assurance,`` for all work on waste management contracts. The order restructures the 18 criteria of NQA-1 and focuses on the role of management in achieving and assuring quality, performance of activities to achieve and assure quality, and management`s assessment of its performance for the purpose of identifying improvements to be made. The DOE order also introduces elements of the total quality management (TQM) philosophy, which were not present in DOE Order 5700.6B. The research community within DOE has recently issued a document entitled DOE Order 5700.6C Implementation Guide, which is more explicit about the integration of TQM principles with the implementation of DOE Order 5700.6C in research facilities. The Environmental Protection Agency is sponsoring a quality assurance standard (ANSI/ASQC E-4) to replace EPA`s QAMS 005/80. The new standard is consistent with DOE Order 5700.6C, and it also stresses the integration of TQM principles within the quality assurance process. This paper discusses the intent and philosophy of the 10 criteria of the new DOE order, the status of ANSI/ASQC E-4, and how to effectively integrate TQM principles into the quality assurance process as the conversion is made from NQA-1 to DOE Order 5700.6C. The purpose and value of DOE Order 5700.6C Implementation Guide for research will also be discussed.

  1. Comparative Analysis Between US NRC Requirements and US DOE Orders - 13402

    SciTech Connect (OSTI)

    Chakraborti, Sayan; Stone, Lynn; Hyatt, Jeannette

    2013-07-01

    Small modular reactor (SMR) is a nuclear reactor design approach that is expected to herald in a new era of clean energy in the U.S. These reactors are less than one-third the size of conventional large nuclear power reactors, and have factory-fabricated components that may be transported by rail or truck to a site selected to house a small nuclear reactor. To facilitate the licensing of these smaller nuclear reactor designs, the Nuclear Regulatory Commission (NRC) is in the process of developing a regulatory infrastructure to support licensing review of these unique reactor designs. As part of these activities, the NRC has been meeting with the Department of Energy (DOE) and with individual SMR designers to discuss potential policy, licensing, and key technical differences in SMR designs. It is anticipated by the NRC that such licensing interaction and guidance early in the design process will contribute towards minimizing complexity while adding stability and predictability in the licensing and subsequent regulation of new reactor designs such as SMRs. In conjunction with the current NRC initiative of developing the SMR licensing process, early communication and collaboration in the identification and resolution of any potential technical and licensing differences between NRC requirements and similar requirements applicable at DOE sites would help to expedite demonstration and implementation of SMR technology in the US. In order to foster such early communication, Savannah River Nuclear Solutions (SRNS) has begun taking the first steps in identifying and evaluating potential licensing gaps that may exist between NRC and DOE requirements in siting SMRs at DOE sites. A comparison between the existing NRC regulations for Early Site Permits and the DOE Orders was undertaken to establish the degree of correlation between NRC requirements and compliance methods in place at DOE sites. The ability to use existing data and information to expedite the development of the

  2. DOE Requires Manufacturers to Halt Sales of Heat Pumps and Air Conditioners

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Violating Minimum Appliance Standards | Department of Energy Requires Manufacturers to Halt Sales of Heat Pumps and Air Conditioners Violating Minimum Appliance Standards DOE Requires Manufacturers to Halt Sales of Heat Pumps and Air Conditioners Violating Minimum Appliance Standards June 3, 2010 - 12:00am Addthis Washington, DC - Today, the Department of Energy announced that three manufacturers -- Aspen Manufacturing, Inc., Summit Manufacturing, and Advanced Distributor Products -- must

  3. Personnel Selection, Training, Qualification, and Certification Requirements for DOE Nuclear Facilities

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2010-04-21

    The order establishes selection, training, qualification, and certification requirements for contractor personnel who can impact the safety basis through their involvement in the operation, maintenance, and technical support of Hazard Category 1, 2, and 3 nuclear facilities. Cancels DOE O 5480.20A. Admin Chg 1, dated 7-29-13.

  4. Personnel Selection, Training, Qualification, and Certification Requirements for DOE Nuclear Facilities

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2010-04-21

    The order establishes selection, training, qualification, and certification requirements for contractor personnel who can impact the safety basis through their involvement in the operation, maintenance, and technical support of Hazard Category 1, 2, and 3 nuclear facilities. Admin Chg 1, dated 7-29-13, supersedes DOE O 426.2.

  5. Clean Air Act General Conformity Requirements and the National Environmental Policy Act Process (DOE, 2000)

    Office of Energy Efficiency and Renewable Energy (EERE)

    This DOE guidance has three parts. The first part discusses how to coordinate the conformity and NEPA processes. The second part provides greater detail on the Clean Air Act conformity requirements, the conformity review process, and the conformity determination process. The third part provides related references.

  6. Microgrid cyber security reference architecture.

    SciTech Connect (OSTI)

    Veitch, Cynthia K.; Henry, Jordan M.; Richardson, Bryan T.; Hart, Derek H.

    2013-07-01

    This document describes a microgrid cyber security reference architecture. First, we present a high-level concept of operations for a microgrid, including operational modes, necessary power actors, and the communication protocols typically employed. We then describe our motivation for designing a secure microgrid; in particular, we provide general network and industrial control system (ICS)-speci c vulnerabilities, a threat model, information assurance compliance concerns, and design criteria for a microgrid control system network. Our design approach addresses these concerns by segmenting the microgrid control system network into enclaves, grouping enclaves into functional domains, and describing actor communication using data exchange attributes. We describe cyber actors that can help mitigate potential vulnerabilities, in addition to performance bene ts and vulnerability mitigation that may be realized using this reference architecture. To illustrate our design approach, we present a notional a microgrid control system network implementation, including types of communica- tion occurring on that network, example data exchange attributes for actors in the network, an example of how the network can be segmented to create enclaves and functional domains, and how cyber actors can be used to enforce network segmentation and provide the neces- sary level of security. Finally, we describe areas of focus for the further development of the reference architecture.

  7. DOE's General Counsel Announces New Policy Requiring Online Posting of NEPA Categorical Exclusion Determinations to Further Transparency

    Energy.gov [DOE]

    Washington, DC - Consistent with the President's commitment to "disclose information rapidly in forms that the public can readily find and use," DOE announced today a new policy requiring all DOE...

  8. Towards Resilient Critical Infrastructures: Application of Type-2 Fuzzy Logic in Embedded Network Security Cyber Sensor

    SciTech Connect (OSTI)

    Ondrej Linda; Todd Vollmer; Jim Alves-Foss; Milos Manic

    2011-08-01

    Resiliency and cyber security of modern critical infrastructures is becoming increasingly important with the growing number of threats in the cyber-environment. This paper proposes an extension to a previously developed fuzzy logic based anomaly detection network security cyber sensor via incorporating Type-2 Fuzzy Logic (T2 FL). In general, fuzzy logic provides a framework for system modeling in linguistic form capable of coping with imprecise and vague meanings of words. T2 FL is an extension of Type-1 FL which proved to be successful in modeling and minimizing the effects of various kinds of dynamic uncertainties. In this paper, T2 FL provides a basis for robust anomaly detection and cyber security state awareness. In addition, the proposed algorithm was specifically developed to comply with the constrained computational requirements of low-cost embedded network security cyber sensors. The performance of the system was evaluated on a set of network data recorded from an experimental cyber-security test-bed.

  9. Gamification for Measuring Cyber Security Situational Awareness

    SciTech Connect (OSTI)

    Fink, Glenn A.; Best, Daniel M.; Manz, David O.; Popovsky, V. M.; Endicott-Popovsky, Barbara E.

    2013-03-01

    Cyber defense competitions arising from U.S. service academy exercises, offer a platform for collecting data that can inform research that ranges from characterizing the ideal cyber warrior to describing behaviors during certain challenging cyber defense situations. This knowledge could lead to better preparation of cyber defenders in both military and civilian settings. This paper describes how one regional competition, the PRCCDC, a participant in the national CCDC program, conducted proof of concept experimentation to collect data during the annual competition for later analysis. The intent is to create an ongoing research agenda that expands on this current work and incorporates augmented cognition and gamification methods for measuring cybersecurity situational awareness under the stress of cyber attack.

  10. Defense on the Move: Ant-Based Cyber Defense

    SciTech Connect (OSTI)

    Fink, Glenn A.; Haack, Jereme N.; McKinnon, Archibald D.; Fulp, Errin W.

    2014-04-15

    Many common cyber defenses (like firewalls and IDS) are as static as trench warfare allowing the attacker freedom to probe them at will. The concept of Moving Target Defense (MTD) adds dynamism to the defender side, but puts the systems to be defended themselves in motion, potentially at great cost to the defender. An alternative approach is a mobile resilient defense that removes attackers’ ability to rely on prior experience without requiring motion in the protected infrastructure itself. The defensive technology absorbs most of the cost of motion, is resilient to attack, and is unpredictable to attackers. The Ant-Based Cyber Defense (ABCD) is a mobile resilient defense providing a set of roaming, bio-inspired, digital-ant agents working with stationary agents in a hierarchy headed by a human supervisor. The ABCD approach provides a resilient, extensible, and flexible defense that can scale to large, multi-enterprise infrastructures like the smart electric grid.

  11. Automatic Labeling for Entity Extraction in Cyber Security

    SciTech Connect (OSTI)

    Bridges, Robert A; Jones, Corinne L; Iannacone, Michael D; Testa, Kelly M; Goodall, John R

    2014-01-01

    Timely analysis of cyber-security information necessitates automated information extraction from unstructured text. While state-of-the-art extraction methods produce extremely accurate results, they require ample training data, which is generally unavailable for specialized applications, such as detecting security related entities; moreover, manual annotation of corpora is very costly and often not a viable solution. In response, we develop a very precise method to automatically label text from several data sources by leveraging related, domain-specific, structured data and provide public access to a corpus annotated with cyber-security entities. Next, we implement a Maximum Entropy Model trained with the average perceptron on a portion of our corpus (~750,000 words) and achieve near perfect precision, recall, and accuracy, with training times under 17 seconds.

  12. INDUSTRIAL CONTROL SYSTEM CYBER SECURITY: QUESTIONS AND ANSWERS RELEVANT TO NUCLEAR FACILITIES, SAFEGUARDS AND SECURITY

    SciTech Connect (OSTI)

    Robert S. Anderson; Mark Schanfein; Trond Bjornard; Paul Moskowitz

    2011-07-01

    Typical questions surrounding industrial control system (ICS) cyber security always lead back to: What could a cyber attack do to my system(s) and; how much should I worry about it? These two leading questions represent only a fraction of questions asked when discussing cyber security as it applies to any program, company, business, or organization. The intent of this paper is to open a dialog of important pertinent questions and answers that managers of nuclear facilities engaged in nuclear facility security and safeguards should examine, i.e., what questions should be asked; and how do the answers affect an organization's ability to effectively safeguard and secure nuclear material. When a cyber intrusion is reported, what does that mean? Can an intrusion be detected or go un-noticed? Are nuclear security or safeguards systems potentially vulnerable? What about the digital systems employed in process monitoring, and international safeguards? Organizations expend considerable efforts to ensure that their facilities can maintain continuity of operations against physical threats. However, cyber threats particularly on ICSs may not be well known or understood, and often do not receive adequate attention. With the disclosure of the Stuxnet virus that has recently attacked nuclear infrastructure, many organizations have recognized the need for an urgent interest in cyber attacks and defenses against them. Several questions arise including discussions about the insider threat, adequate cyber protections, program readiness, encryption, and many more. These questions, among others, are discussed so as to raise the awareness and shed light on ways to protect nuclear facilities and materials against such attacks.

  13. Action Recommendation for Cyber Resilience

    SciTech Connect (OSTI)

    Choudhury, Sutanay; Rodriguez, Luke R.; Curtis, Darren S.; Oler, Kiri J.; Nordquist, Peter L.; Chen, Pin-Yu; Ray, Indrajit

    2015-09-01

    This paper presents an unifying graph-based model for representing the infrastructure, behavior and missions of an enterprise. We describe how the model can be used to achieve resiliency against a wide class of failures and attacks. We introduce an algorithm for recommending resilience establishing actions based on dynamic updates to the models. Without loss of generality, we show the effectiveness of the algorithm for preserving latency based quality of service (QoS). Our models and the recommendation algorithms are implemented in a software framework that we seek to release as an open source framework for simulating resilient cyber systems.

  14. OPTIMIZING RADIATION PROTECTION OF THE PUBLIC AND THE ENVIRONMENT FOR USE WITH DOE O 458.1, ALARA REQUIREMENTS

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    HDBK-1215-2014 October 2014 DOE HANDBOOK OPTIMIZING RADIATION PROTECTION OF THE PUBLIC AND THE ENVIRONMENT FOR USE WITH DOE O 458.1, ALARA REQUIREMENTS U.S. Department of Energy AREA ENVR Washington, D.C. 20585 DISTRIBUTION STATEMENT A. Approved for public release; distribution is unlimited. NOT MEASUREMENT SENSITIVE DOE-HDBK-1215-2014 ii PREFACE This Handbook provides information to assist Department of Energy (DOE) program and field offices in understanding what is necessary and acceptable for

  15. Enforcement Guidance Supplement 99-02: DOE Enforcement Activities of Internal Dosimetry Program Requirements

    Energy.gov [DOE]

    Section 1.3 of the Operational Procedure entitled Enforcement of DOE Nuclear Safety Requirements under Price-Anderson Amendments Act of 1988, published in June 1998, provides the opportunity for the Office of Enforcement and Investigation (EH Enforcement) to issue clarifying guidance in a timely manner with respect to the processes used in its enforcement activities. The focus of this enforcement guidance clarifies internal dosimetry program requirements identified by the Department of Energy’s nuclear safety requirements in 10 CFR 835 (Occupational Radiation Protection Programs) and 10 CFR 830.120 (Quality Assurance Requirements). To develop the enforcement guidance, EH Enforcement convened a DOE working group which included representatives from the Field Office elements and the Office of Worker Protection Programs and Hazards Management, which is the office responsible for the content and technical clarifications of 10 CFR 835. The guide discusses the following areas: (1) prospective determination of employees that are “likely to receive” 100 millirem (mrem) or greater per 10 CFR 835.402, (Individual Monitoring); (2) application of enforcement policy in taking credit for respiratory protection in prospective determinations; (3) use of contractor’s policies regarding personnel internal exposure to radioactive material; (4) As Low As Reasonably Achievable (ALARA) programs; (5) clarification of enforcement with regard to internal dosimetry programs; and Final Comments.

  16. Modification of the U.S. Department of Energy`s (DOE) sytem of radiation protection requirements and guidance

    SciTech Connect (OSTI)

    O`Connell, P.V.; Rabovsky, J.L.; Zobel, S.G.

    1996-06-01

    DOE has undertaken a major modification of its system of radiation protection guidance and requirements. The objectives of this modification are to (1) eliminate unnecessary and redundant requirements, (2) clearly delineate requirements from guidance, (3) codify all radiation protection requirements, and (4) move from a compliance based approach towards a performance based approach. To achieve these objectives DOE has (1) canceled DOE Order 5480.11, {open_quotes}Radiation Protection for DOE Workers,{close_quotes} DOE Order 5480.15, {open_quotes}Department of Energy Laboratory Accreditation Program (DOELAP) for Personnel Dosimetry,{close_quotes} and DOE Notice 5400.13, {open_quotes}Sealed Radioactive Source Accountability,{close_quotes} (2) converted the DOE Radiological Control (RadCon) Manual from mandatory to non mandatory status, and (3) issued DOE Notice 441.1 to maintain those requirements (not in 10 CFR 835) considered necessary for radiation protection of workers. DOE has initiated actions to (1) amend 10 CFR 835 (the Federal rule on occupational radiation protection in the DOE complex) to incorporate the requirements, or their equivalent, in DOE Notice 441.1, (2) issue a technical standard containing guidance on DOELAP, (3) reissue the DOE RadCon Manual as a non mandatory technical standard that reflects the amendments to 10 CFR 835, and (4) revise the implementation guides on radiation protection for consistency with 10 CFR 835 and the RadCon Manual. As a result of these modifications, the system of radiation protection in the DOE will become more comparable with the system of radiation protection used by commercial industry and with the system of protection applied to other areas of worker health and safety.

  17. DOE Integrated Safeguards and Security (DISS) historical document archival and retrieval analysis, requirements and recommendations

    SciTech Connect (OSTI)

    Guyer, H.B.; McChesney, C.A.

    1994-10-07

    The overall primary Objective of HDAR is to create a repository of historical personnel security documents and provide the functionality needed for archival and retrieval use by other software modules and application users of the DISS/ET system. The software product to be produced from this specification is the Historical Document Archival and Retrieval Subsystem The product will provide the functionality to capture, retrieve and manage documents currently contained in the personnel security folders in DOE Operations Offices vaults at various locations across the United States. The long-term plan for DISS/ET includes the requirement to allow for capture and storage of arbitrary, currently undefined, clearance-related documents that fall outside the scope of the ``cradle-to-grave`` electronic processing provided by DISS/ET. However, this requirement is not within the scope of the requirements specified in this document.

  18. Fuzzy Logic Based Anomaly Detection for Embedded Network Security Cyber Sensor

    SciTech Connect (OSTI)

    Ondrej Linda; Todd Vollmer; Jason Wright; Milos Manic

    2011-04-01

    Resiliency and security in critical infrastructure control systems in the modern world of cyber terrorism constitute a relevant concern. Developing a network security system specifically tailored to the requirements of such critical assets is of a primary importance. This paper proposes a novel learning algorithm for anomaly based network security cyber sensor together with its hardware implementation. The presented learning algorithm constructs a fuzzy logic rule based model of normal network behavior. Individual fuzzy rules are extracted directly from the stream of incoming packets using an online clustering algorithm. This learning algorithm was specifically developed to comply with the constrained computational requirements of low-cost embedded network security cyber sensors. The performance of the system was evaluated on a set of network data recorded from an experimental test-bed mimicking the environment of a critical infrastructure control system.

  19. Realizing Scientific Methods for Cyber Security

    SciTech Connect (OSTI)

    Carroll, Thomas E.; Manz, David O.; Edgar, Thomas W.; Greitzer, Frank L.

    2012-07-18

    There is little doubt among cyber security researchers about the lack of scientic rigor that underlies much of the liter-ature. The issues are manifold and are well documented. Further complicating the problem is insufficient scientic methods to address these issues. Cyber security melds man and machine: we inherit the challenges of computer science, sociology, psychology, and many other elds and create new ones where these elds interface. In this paper we detail a partial list of challenges imposed by rigorous science and survey how other sciences have tackled them, in the hope of applying a similar approach to cyber security science. This paper is by no means comprehensive: its purpose is to foster discussion in the community on how we can improve rigor in cyber security science.

  20. Camp Smith Microgrid Controls and Cyber Security

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    ADVANCING THE POWER OF ENERGY Camp Smith Microgrid Controls and Cyber Security Darrell D. Massie, PhD, PE Aura Lee Keating, CISSP SPIDERS Industry Day - Camp Smith, HI 27 August ...

  1. DOE nuclear material packaging manual: storage container requirements for plutonium oxide materials

    SciTech Connect (OSTI)

    Veirs, D Kirk

    2009-01-01

    Loss of containment of nuclear material stored in containers such as food-pack cans, paint cans, or taped slip lid cans has generated concern about packaging requirements for interim storage of nuclear materials in working facilities such as the plutonium facility at Los Alamos National Laboratory (LANL). In response, DOE has recently issued DOE M 441.1 'Nuclear Material Packaging Manual' with encouragement from the Defense Nuclear Facilities Safety Board. A unique feature compared to transportation containers is the allowance of filters to vent flammable gases during storage. Defining commonly used concepts such as maximum allowable working pressure and He leak rate criteria become problematic when considering vented containers. Los Alamos has developed a set of container requirements that are in compliance with 441.1 based upon the activity of heat-source plutonium (90% Pu-238) oxide, which bounds the requirements for weapons-grade plutonium oxide. The pre and post drop-test He leak rates depend upon container size as well as the material contents. For containers that are routinely handled, ease of handling and weight are a major consideration. Relatively thin-walled containers with flat bottoms are desired yet they cannot be He leak tested at a differential pressure of one atmosphere due to the potential for plastic deformation of the flat bottom during testing. The He leak rates and He leak testing configuration for containers designed for plutonium bearing materials will be presented. The approach to meeting the other manual requirements such as corrosion and thermal degradation resistance will be addressed. The information presented can be used by other sites to evaluate if their conditions are bounded by LANL requirements when considering procurement of 441.1 compliant containers.

  2. Cyber Security Audit and Attack Detection Toolkit

    SciTech Connect (OSTI)

    Peterson, Dale

    2012-05-31

    This goal of this project was to develop cyber security audit and attack detection tools for industrial control systems (ICS). Digital Bond developed and released a tool named Bandolier that audits ICS components commonly used in the energy sector against an optimal security configuration. The Portaledge Project developed a capability for the PI Historian, the most widely used Historian in the energy sector, to aggregate security events and detect cyber attacks.

  3. Cyber Assessment Methods for SCADA Security

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    5 by ISA - The Instrumentation, Systems and Automation Society. Presented at 15th Annual Joint ISA POWID/EPRI Controls and Instrumentation Conference http://www.isa.org Cyber Assessment Methods for SCADA Security May Robin Permann Kenneth Rohde Staff Computer Security Researcher Information & Communications Systems Cyber Security Technologies Idaho National Laboratory Idaho National Laboratory Idaho Falls, ID 83415 Idaho Falls, ID 83415 KEYWORDS Supervisory Control and Data Acquisition,

  4. Tom Harper receives cyber security award

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Harper receives cyber security award Tom Harper receives cyber security award The Charlene Douglass Memorial Award recognizes an individual's expertise, dedication, and significant contributions to information security. June 8, 2009 Los Alamos National Laboratory sits on top of a once-remote mesa in northern New Mexico with the Jemez mountains as a backdrop to research and innovation covering multi-disciplines from bioscience, sustainable energy sources, to plasma physics and new materials. Los

  5. Data Intensive Architecture for Scalable Cyber Analytics

    SciTech Connect (OSTI)

    Olsen, Bryan K.; Johnson, John R.; Critchlow, Terence J.

    2011-12-19

    Cyber analysts are tasked with the identification and mitigation of network exploits and threats. These compromises are difficult to identify due to the characteristics of cyber communication, the volume of traffic, and the duration of possible attack. In this paper, we describe a prototype implementation designed to provide cyber analysts an environment where they can interactively explore a month’s worth of cyber security data. This prototype utilized On-Line Analytical Processing (OLAP) techniques to present a data cube to the analysts. The cube provides a summary of the data, allowing trends to be easily identified as well as the ability to easily pull up the original records comprising an event of interest. The cube was built using SQL Server Analysis Services (SSAS), with the interface to the cube provided by Tableau. This software infrastructure was supported by a novel hardware architecture comprising a Netezza TwinFin® for the underlying data warehouse and a cube server with a FusionIO drive hosting the data cube. We evaluated this environment on a month’s worth of artificial, but realistic, data using multiple queries provided by our cyber analysts. As our results indicate, OLAP technology has progressed to the point where it is in a unique position to provide novel insights to cyber analysts, as long as it is supported by an appropriate data intensive architecture.

  6. DOE to Provide Nearly $8 Million to Safeguard the Nation's Energy

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Infrastructure from Cyber Attacks | Department of Energy 8 Million to Safeguard the Nation's Energy Infrastructure from Cyber Attacks DOE to Provide Nearly $8 Million to Safeguard the Nation's Energy Infrastructure from Cyber Attacks October 18, 2007 - 3:21pm Addthis WASHINGTON, DC - U.S. Department of Energy (DOE) Assistant Secretary for Electricity Delivery and Energy Reliability Kevin M. Kolevar today announced five projects that have been selected for negotiation of awards of up to $7.9

  7. Security Informatics Research Challenges for Mitigating Cyber Friendly Fire

    SciTech Connect (OSTI)

    Carroll, Thomas E.; Greitzer, Frank L.; Roberts, Adam D.

    2014-09-30

    This paper addresses cognitive implications and research needs surrounding the problem of cyber friendly re (FF). We dene cyber FF as intentional o*ensive or defensive cyber/electronic actions intended to protect cyber systems against enemy forces or to attack enemy cyber systems, which unintentionally harms the mission e*ectiveness of friendly or neutral forces. We describe examples of cyber FF and discuss how it ts within a general conceptual framework for cyber security failures. Because it involves human failure, cyber FF may be considered to belong to a sub-class of cyber security failures characterized as unintentional insider threats. Cyber FF is closely related to combat friendly re in that maintaining situation awareness (SA) is paramount to avoiding unintended consequences. Cyber SA concerns knowledge of a system's topology (connectedness and relationships of the nodes in a system), and critical knowledge elements such as the characteristics and vulnerabilities of the components that comprise the system and its nodes, the nature of the activities or work performed, and the available defensive and o*ensive countermeasures that may be applied to thwart network attacks. We describe a test bed designed to support empirical research on factors a*ecting cyber FF. Finally, we discuss mitigation strategies to combat cyber FF, including both training concepts and suggestions for decision aids and visualization approaches.

  8. Cyber

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Sandia Home Locations Contact Us Employee Locator Energy & Climate Secure & Sustainable Energy Future Stationary Power Energy Conversion Efficiency Solar Energy Wind Energy Water ...

  9. DOE-STD-3009-2014 Requirements Matrix | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    More Documents & Publications DOE-STD-3009-2014 Training Modules (Changes to DOE-STD-3009 and Expectations for Effective Implementation) DOE-STD-3009-2014 Frequently Asked ...

  10. Cyber-Informed Engineering: The Need for a New Risk Informed and Design Methodology

    SciTech Connect (OSTI)

    Price, Joseph Daniel; Anderson, Robert Stephen

    2015-06-01

    Current engineering and risk management methodologies do not contain the foundational assumptions required to address the intelligent adversary’s capabilities in malevolent cyber attacks. Current methodologies focus on equipment failures or human error as initiating events for a hazard, while cyber attacks use the functionality of a trusted system to perform operations outside of the intended design and without the operator’s knowledge. These threats can by-pass or manipulate traditionally engineered safety barriers and present false information, invalidating the fundamental basis of a safety analysis. Cyber threats must be fundamentally analyzed from a completely new perspective where neither equipment nor human operation can be fully trusted. A new risk analysis and design methodology needs to be developed to address this rapidly evolving threatscape.

  11. Cyber Friendly Fire: Research Challenges for Security Informatics

    SciTech Connect (OSTI)

    Greitzer, Frank L.; Carroll, Thomas E.; Roberts, Adam D.

    2013-06-06

    This paper addresses cognitive implications and research needs surrounding the problem of cyber friendly fire (FF). We define cyber FF as intentional offensive or defensive cyber/electronic actions intended to protect cyber systems against enemy forces or to attack enemy cyber systems, which unintention-ally harms the mission effectiveness of friendly or neutral forces. Just as with combat friendly fire, maintaining situation awareness (SA) is paramount to avoiding cyber FF incidents. Cyber SA concerns knowledge of a systems topology (connectedness and relationships of the nodes in a system), and critical knowledge elements such as the characteristics and vulnerabilities of the components that comprise the system and its nodes, the nature of the activities or work performed, and the available defensive and offensive countermeasures that may be applied to thwart network attacks. Mitigation strategies to combat cyber FF including both training concepts and suggestions for decision aids and visualization approachesare discussed.

  12. Sandia National Laboratories: The Center for Cyber Defenders...

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    at Sandia National Laboratories for high school and college students interested in Computer Science and Cyber Security. A typical Cyber Boot Camp lasts from 9:00am until 3pm...

  13. Sandia National Laboratories’ Cyber Tracer Program

    ScienceCinema (OSTI)

    Nauer, Kevin; Carbajal, Armida; Ta, Kim; Lee, Wellington; Galvin, Seanmichael; Mixon-Baca, Ben; Speed, Ann; Obama, Barack

    2016-07-12

    The Cyber Tracer Program at Sandia National Laboratories develops methods to prevent, counter and minimize cyber-attacks and protect valuable digital assets in the interest of national security.

  14. DOE

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    O 580 .1 A Admin Chg 1 3 10-23 2012 U.S. Department of Energyadmin change DOE O XXX.XWashington, D.C. DOE O XXX.X Chg X: XX-XX-XXXX SUBJECT: ADMINISTRATIVE CHANGE TO DOE O XXX.X, TITLE (IN ITALICS) EXPLANATION OF CHANGES. [This information can be copied from the Approval Memo] LOCATIONS OF CHANGES: Page Paragraph Changed To [Original text that was changed] [Revised text]

  15. Lessons Learned from Cyber Security Assessments of SCADA and Energy

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Management Systems | Department of Energy Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems Results from ten cyber security vulnerability assessments of process control, SCADA, and energy management systems were reviewed to identify common problem areas. In each vulnerability category, relative measures were assigned to the severity. Lessons Learned from Cyber Security

  16. Secretary Moniz visits the Office of Cyber Assessments | Department of

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Energy Secretary Moniz visits the Office of Cyber Assessments Secretary Moniz visits the Office of Cyber Assessments May 5, 2014 - 10:59am Addthis Secretary Moniz visits the Office of Cyber Assessments for hands-on experience with the tools and techniques that are used by sophisticated adversaries to attack modern IT systems. Secretary Moniz visits the Office of Cyber Assessments for hands-on experience with the tools and techniques that are used by sophisticated adversaries to attack modern

  17. INL Cyber Security Research (2008) | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    INL Cyber Security Research (2008) INL Cyber Security Research (2008) Cybersecurity research at INL will help protect critical infrastructure control system computers against worms and other viruses. INL Cyber Security Research (2008) (1.06 MB) More Documents & Publications Mitigations for Security Vulnerabilities Found in Control System Networks Introduction SCADA Security for Managers and Operators The NIAC Convergence of Physical and Cyber Technbologies and Related Security Management

  18. Office of Cyber Security Evaluations Appraisal Process Guide...

    Energy.gov (indexed) [DOE]

    the overall philosophy, approach, scope, and methods to be used by all HS-60 ......... 2 Scope of Cyber Security Evaluation ...

  19. Lab hosts multi-lab cyber security games

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Lab hosts multi-lab cyber security games Lab hosts multi-lab cyber security games Eventide brought together cyber and IT leaders from 20 sites to develop recommendations on resources they need from the Joint Cyber Coordination Center. April 12, 2012 Los Alamos National Laboratory sits on top of a once-remote mesa in northern New Mexico with the Jemez mountains as a backdrop to research and innovation covering multi-disciplines from bioscience, sustainable energy sources, to plasma physics and

  20. Cyber Defense Competition draws students to Argonne | Argonne National

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Laboratory Members of the team from Lewis University work to defend their virtual grid system from attack at the first annual Argonne Collegiate Cyber Defense Competition. Members of the team from Lewis University work to defend their virtual grid system from attack at the first annual Argonne Collegiate Cyber Defense Competition. Cyber Defense Competition draws students to Argonne By Greg Cunningham * April 26, 2016 Tweet EmailPrint More than 75 aspiring cyber defenders from across Illinois

  1. Microsoft PowerPoint - 4_JOHN_BALLARD_MARY_MCCDONNELL_NRC DOE REporting requirements_presentations_4-29-14.ppt [Compatibility M

    National Nuclear Security Administration (NNSA)

    Overview of DOE and NRC Reporting to NMMSS Similarities, Differences, and Challenges John Ballard, DOE Reconciliation Mary McConnell, NRC Reconciliation LINK Technologies Reporting to NMMSS Regulatory Compliance DOE Reporting Requirements NRC Reporting Requirements Resources 2 Regulatory Compliance DOE regulatory questions? - Contact Pete Dessaules DOE NMMSS Program Manager 301-903-4525 pete.dessaules@nnsa.doe.gov NRC regulatory questions? - Contact Brian Horn NRC NMMSS Program Manager

  2. Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    | Department of Energy Critical Infrastructure Protection Cyber Vulnerability Assessment Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment This document describes a customized process for cyber vulnerability assessment in compliance with the Critical Infrastructure Protection standards adopted by the North American Electric Reliability Corporation in 2006. This guide covers the planning, execution, and reporting process. Guide to Critical Infrastructure Protection

  3. DOE Cybersecurity Awareness Program

    Energy.gov [DOE]

    The OCIO supports a variety of cybersecurity awareness activities that impress upon DOE employees the importance of cybersecurity and the adverse consequences of its failure. The primary purpose of awareness activities is to enhance the 'general awareness and understanding' of current cyber threats and recommended mitigations as well as to cultivate a computing environment where cybersecurity behaviors and responses are automatic and consistent.

  4. Hazardous Substance Release Reporting Under CERCLA, EPCR {section}304 and DOE Emergency Management System (EMS) and DOE Occurrence Reporting Requirements. Environmental Guidance

    SciTech Connect (OSTI)

    Traceski, T.T.

    1994-06-01

    Releases of various substances from DOE facilities may be subject to reporting requirements under the Comprehensive Environmental Response, Compensation, and Liability Act (CERCLA) and the Emergency Planning and Community Right-to-Know Act (EPCRA), as well as DOE`s internal ``Occurrence Reporting and Processing of Operations Information`` and the ``Emergency Management System`` (EMS). CERCLA and EPCPA are Federal laws that require immediate reporting of a release of a Hazardous Substance (HS) and an Extremely Hazardous Substance (EHS), respectively, in a Reportable Quantity (RQ) or more within a 24-hour period. This guidance uses a flowchart, supplemental information, and tables to provide an overview of the process to be followed, and more detailed explanations of the actions that must be performed, when chemical releases of HSs, EHSs, pollutants, or contaminants occur at DOE facilities. This guidance should be used in conjunction with, rather than in lieu of, applicable laws, regulations, and DOE Orders. Relevant laws, regulations, and DOE Orders are referenced throughout this guidance.

  5. Embracing the Cloud for Better Cyber Security

    SciTech Connect (OSTI)

    Shue, Craig A; Lagesse, Brent J

    2011-01-01

    The future of cyber security is inextricably tied to the future of computing. Organizational needs and economic factors will drive computing outcomes. Cyber security researchers and practitioners must recognize the path of computing evolution and position themselves to influence the process to incorporate security as an inherent property. The best way to predict future computing trends is to look at recent developments and their motivations. Organizations are moving towards outsourcing their data storage, computation, and even user desktop environments. This trend toward cloud computing has a direct impact on cyber security: rather than securing user machines, preventing malware access, and managing removable media, a cloud-based security scheme must focus on enabling secure communication with remote systems. This change in approach will have profound implications for cyber security research efforts. In this work, we highlight existing and emerging technologies and the limitations of cloud computing systems. We then discuss the cyber security efforts that would support these applications. Finally, we discuss the implications of these computing architecture changes, in particular with respect to malware and social engineering.

  6. CYBER/PHYSICAL SECURITY VULNERABILITY ASSESSMENT INTEGRATION

    SciTech Connect (OSTI)

    MacDonald, Douglas G.; Key, Brad; Clements, Samuel L.; Hutton, William J.; Craig, Philip A.; Patrick, Scott W.; Crawford, Cary E.

    2011-07-17

    This internally funded Laboratory-Directed R&D project by the Pacific Northwest National Laboratory, in conjunction with QinetiQ North America, is intended to identify and properly assess areas of overlap (and interaction) in the vulnerability assessment process between cyber security and physical protection. Existing vulnerability analysis (VA) processes and software tools exist, and these are heavily utilized in the determination of predicted vulnerability within the physical and cyber security domains. These determinations are normally performed independently of one another, and only interact on a superficial level. Both physical and cyber security subject matter experts have come to realize that though the various interactive elements exist, they are not currently quantified in most periodic security assessments. This endeavor aims to evaluate both physical and cyber VA techniques and provide a strategic approach to integrate the interdependent relationships of each into a single VA capability. This effort will also transform the existing suite of software currently utilized in the physical protection world to more accurately quantify the risk associated with a blended attack scenario. Performance databases will be created to support the characterization of the cyber security elements, and roll them into prototype software tools. This new methodology and software capability will enable analysts to better identify and assess the overall risk during a vulnerability analysis.

  7. Secure control systems with application to cyber-physical systems

    SciTech Connect (OSTI)

    Dong, Jin; Djouadi, Seddik M; Nutaro, James J; Kuruganti, Phani Teja

    2014-01-01

    Control systems are computer-based systems with networked units consisting of sensors, actuators, control processing units, and communication devices. The role of control system is to interact, monitor, and control physical processes. Reactive power control is a fundamental issue in ensuring the security of the power network. It is claimed that Synchronous Condensers (SC) have been used at both distribution and transmission voltage levels to improve stability and to maintain voltages within desired limits under changing load conditions and contingency situations. Performance of PI controller corresponding to various tripping faults are analyzed for SC systems. Most of the eort in protecting these systems has been in protection against random failures or reliability. However, besides failures these systems are subject to various signal attacks for which new analysis are discussed here. When a breach does occur, it is necessary to react in a time commensurate with the physical dynamics of the system as it responds to the attack. Failure to act swiftly enough may result in undesirable, and possibly irreversible, physical eects. Therefore, it is meaningful to evaluate the security of a cyber-physical system, especially to protect it from cyber-attack. Illustrative numerical examples are provided together with an application to the SC systems.

  8. "Order Module--DOE O 426.2, PERSONNEL SELECTION, TRAINING, QUALIFICATION, AND CERTIFICATION REQUIREMENTS FOR DOE NUCLEAR FACILITIES

    Energy.gov [DOE]

    "To establish selection, training, qualification, and certification requirements for contractor personnel who can impact the safety basis through their involvement in the operation, maintenance,...

  9. Introduction to Cyber Technologies exercise environment

    SciTech Connect (OSTI)

    2014-12-17

    Exercise environment for Introduction to Cyber Technologies class. This software is essentially a collection of short scripts, configuration files, and small executables that form the exercise component of the Sandia Cyber Technologies Academy?s Introduction to Cyber Technologies class. It builds upon other open-source technologies, such as Debian Linux and minimega, to provide comprehensive Linux and networking exercises that make learning these topics exciting and fun. Sample exercises: a pre-built set of home directories the student must navigate through to learn about privilege escalation, the creation of a virtual network playground designed to teach the student about the resiliency of the Internet, and a two-hour Capture the Flag challenge for the final lesson. There are approximately thirty (30) exercises included for the students to complete as part of the course.

  10. Introduction to Cyber Technologies exercise environment

    Energy Science and Technology Software Center (OSTI)

    2014-12-17

    Exercise environment for Introduction to Cyber Technologies class. This software is essentially a collection of short scripts, configuration files, and small executables that form the exercise component of the Sandia Cyber Technologies Academy’s Introduction to Cyber Technologies class. It builds upon other open-source technologies, such as Debian Linux and minimega, to provide comprehensive Linux and networking exercises that make learning these topics exciting and fun. Sample exercises: a pre-built set of home directories the studentmore » must navigate through to learn about privilege escalation, the creation of a virtual network playground designed to teach the student about the resiliency of the Internet, and a two-hour Capture the Flag challenge for the final lesson. There are approximately thirty (30) exercises included for the students to complete as part of the course.« less

  11. Control Systems Cyber Security Standards Support Activities

    SciTech Connect (OSTI)

    Robert Evans

    2009-01-01

    The Department of Homeland Security’s Control Systems Security Program (CSSP) is working with industry to secure critical infrastructure sectors from cyber intrusions that could compromise control systems. This document describes CSSP’s current activities with industry organizations in developing cyber security standards for control systems. In addition, it summarizes the standards work being conducted by organizations within the sector and provides a brief listing of sector meetings and conferences that might be of interest for each sector. Control systems cyber security standards are part of a rapidly changing environment. The participation of CSSP in the development effort for these standards has provided consistency in the technical content of the standards while ensuring that information developed by CSSP is included.

  12. Cyber-intrusion Auto-response and Policy Management System (CAPMS)

    SciTech Connect (OSTI)

    Lusk, Steve; Lawrence, David; Suvana, Prakash

    2015-11-11

    The Cyber-intrusion Auto-response and Policy Management System (CAPMS) project was funded by a grant from the US Department of Energy (DOE) Cybersecurity for Energy Delivery Systems (CEDS) program with contributions from two partner electric utilities: Southern California Edison (SCE) and Duke Energy. The goal of the project was to demonstrate protecting smart grid assets from a cyber attack in a way that “does not impede critical energy delivery functions.” This report summarizes project goals and activities for the CAPMS project and explores what did and did not work as expected. It concludes with an assessment of possible benefits and value of the system for the future.

  13. Decontaminating the DOE-STD-3013 Inner Container to Meet 10-CFR-835 Appendix D Requirements

    SciTech Connect (OSTI)

    Martinez, H.E.; Nelson, T.O.; Rivera, Y.M.; Wedman, D.E.; Weisbrod, K.R.

    1999-03-03

    The United States Department of Energy (DOE) has published a standard that specifies the criteria for preparation and packaging of plutonium metals and oxides for safe long-term storage (DOE-STD-3013-96). This standard is followed for the packaging of materials resulting from the disassembly of nuclear weapons at Los Alamos National Laboratory under the Advanced Retirement and Integrated Extraction System (ARIES) project. Declassified plutonium metal or oxide material from the ARES project is packaged into doubly contained and welded type 304L stainless steel containers that comply with the DOE standard. The 3013-96 standard describes requirements for maximum contamination limits on the outer surface of the sealed inner container. These limits are 500 dpm per 100 cm2 for direct measurements and 20 dpm per 100 cm2 for removable contamination. For containers filled, welded, and handled inside a highly contaminated glovebox line, these limits are difficult to obtain. Simple handling within the line is demonstrated to contaminate surfaces from 10,000 to 10,000,000 dpm alpha per 100 cm2. To routinely achieve contamination levels below the maximum contamination levels specified by the 3013-96 standard within a processing operation, a decontamination step must be included. In the ARIES line, this decontamination step is an electrolytic process that produces a controlled uniform etch of the container surfaces. Decontamination of the 3013-96 compliant ARIES inner container is well demonstrated. Within 30 to 50 minutes electrolysis time, tixed contamination is reduced to hundreds of dpm generally occurring only at electrode contact points and welds. Removable contamination is routinely brought to non-detectable levels. The total process time for the cycle (includes electrolysis, rinse, and dry stages) is on the order of 1.5 to 2 hours per container. The ARIES inner container decontamination system highly automated and consists of a plumbing loop, electronic controls and

  14. Improving Cyber-Security of Smart Grid Systems via Anomaly Detection and Linguistic Domain Knowledge

    SciTech Connect (OSTI)

    Ondrej Linda; Todd Vollmer; Milos Manic

    2012-08-01

    The planned large scale deployment of smart grid network devices will generate a large amount of information exchanged over various types of communication networks. The implementation of these critical systems will require appropriate cyber-security measures. A network anomaly detection solution is considered in this work. In common network architectures multiple communications streams are simultaneously present, making it difficult to build an anomaly detection solution for the entire system. In addition, common anomaly detection algorithms require specification of a sensitivity threshold, which inevitably leads to a tradeoff between false positives and false negatives rates. In order to alleviate these issues, this paper proposes a novel anomaly detection architecture. The designed system applies the previously developed network security cyber-sensor method to individual selected communication streams allowing for learning accurate normal network behavior models. Furthermore, the developed system dynamically adjusts the sensitivity threshold of each anomaly detection algorithm based on domain knowledge about the specific network system. It is proposed to model this domain knowledge using Interval Type-2 Fuzzy Logic rules, which linguistically describe the relationship between various features of the network communication and the possibility of a cyber attack. The proposed method was tested on experimental smart grid system demonstrating enhanced cyber-security.

  15. TYLCV-Is movement in planta does not require V2 protein

    SciTech Connect (OSTI)

    Hak, Hagit; Levy, Yael; Chandran, Sam A.; Belausov, Eduard; Loyter, Abraham; Lapidot, Moshe; Gafni, Yedidya

    2015-03-15

    Tomato yellow leaf curl virus (TYLCV), a major tomato pathogen causing extensive crop losses, is a whitefly-transmitted geminivirus. V2 mutants of TYLCV-Is and related viruses tend to induce symptomless infection with attenuated viral DNA levels, while accumulating close to wild-type DNA levels in protoplasts, suggesting V2 as a movement protein. The discovery of plant-silencing mechanisms and viral silencing suppressors, V2 included, led us to reconsider V2's involvement in viral movement. We studied two mutant versions of the virus, one impaired in V2 silencing-suppression activity, and another carrying a non-translatable V2. While both mutant viruses spread in the infected plant to newly emerged leaves at the same rate as the wild-type virus, their DNA-accumulation levels were tenfold lower than in the wild-type virus. Thus, we suggest that the setback in virus proliferation, previously ascribed to a movement impediment, is due to lack of silencing-suppression activity. - Highlights: • TYLCV-Is V2 protein is localized in distinct microbodies throughout the cell cytoplasm, around the nucleus and in association with cytoplasmic strands but is not associated with the plasmodesmata. • Disruption of RNA-silencing suppression activity of TYLCV-Is V2 protein causes low titer of the virus in the infected plants. • The movement of TYLCV-Is in planta does not require a functional V2 protein.

  16. DEMO: Action Recommendation for Cyber Resilience

    SciTech Connect (OSTI)

    Rodriguez, Luke R.; Curtis, Darren S.; Choudhury, Sutanay; Oler, Kiri J.; Nordquist, Peter L.; Chen, Pin-Yu; Ray, Indrajit

    2015-09-01

    In this demonstration we show the usefulness of our unifying graph-based model for the representation of infrastructure, behavior, and missions of cyber enterprise in both a software simulation and on an Amazon Web Services (AWS) instance. We show the effectiveness of our recommendation algorithm for preserving various system health metrics in both cases.

  17. DOE O 205.1B Reference List | Department of Energy

    Office of Environmental Management (EM)

    DOE O 205.1B Reference List Includes a list of sources cited in the directive and additional information sources to assist in implementing DOE Order 205.1B, Cyber Security Program. ...

  18. Deputy CIO for Cyber Security

    Energy.gov [DOE]

    This position is located in the Department of Energy (DOE) Office of the Chief Information Officer (OCIO). The OCIO is responsible for enabling the Departments urgent missions in energy, science,...

  19. Control Systems Cyber Security:Defense in Depth Strategies

    SciTech Connect (OSTI)

    David Kuipers; Mark Fabro

    2006-05-01

    Information infrastructures across many public and private domains share several common attributes regarding IT deployments and data communications. This is particularly true in the control systems domain. A majority of the systems use robust architectures to enhance business and reduce costs by increasing the integration of external, business, and control system networks. However, multi-network integration strategies often lead to vulnerabilities that greatly reduce the security of an organization, and can expose mission-critical control systems to cyber threats. This document provides guidance and direction for developing ‘defense-in-depth’ strategies for organizations that use control system networks while maintaining a multi-tier information architecture that requires: Maintenance of various field devices, telemetry collection, and/or industrial-level process systems Access to facilities via remote data link or modem Public facing services for customer or corporate operations A robust business environment that requires connections among the control system domain, the external Internet, and other peer organizations.

  20. Michael M. May, 1970 | U.S. DOE Office of Science (SC)

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Michael M. Johnson About Us Michael M. Johnson - Chief Information Officer Mr. Michael Johnson is the Chief Information Officer (CIO) for the U.S. Department of Energy (DOE), where he leads and manages cybersecurity, cyber (information sharing and safeguarding) enterprise integration, enterprise information resources management, cyber supply chain risk management, and DOE-HQ information technology (IT) operations. This includes DOE leadership, management, and oversight serving as DOE's Senior

  1. DOE Requires Westinghouse to Cease Sales of Two Light Bulb Models and Allows Sale of Another

    Energy.gov [DOE]

    As a part of DOE's continuing enforcement action against Westinghouse Lighting Corporation, the company must cease sales of two light bulb models - medium based CFL basic model 15GLOBE/65/2 ...

  2. Protecting Intelligent Distributed Power Grids Against Cyber Attacks - May

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    2008 | Department of Energy Protecting Intelligent Distributed Power Grids Against Cyber Attacks - May 2008 Protecting Intelligent Distributed Power Grids Against Cyber Attacks - May 2008 Development of a novel distributed and hierarchical security layer specific to intelligent grid design will help protect intelligent distributed power grids from cyber attacks. Intelligent power grids are interdependent energy management systems-encompassing generation, distribution, IT networks, and

  3. 7 Key Challenges for Visualization in Cyber Network Defense

    SciTech Connect (OSTI)

    Best, Daniel M.; Endert, Alexander; Kidwell, Dan

    2014-12-02

    In this paper we present seven challenges, informed by two user studies, to be considered when developing a visualization for cyber security purposes. Cyber security visualizations must go beyond isolated solutions and pretty picture visualizations in order to make impact to users. We provide an example prototype that addresses the challenges with a description of how they are met. Our aim is to assist in increasing utility and adoption rates for visualization capabilities in cyber security.

  4. The NIAC Convergence of Physical and Cyber Technbologies and Related

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Security Management Challenges Working Group Final Report and Recommendations | Department of Energy The NIAC Convergence of Physical and Cyber Technbologies and Related Security Management Challenges Working Group Final Report and Recommendations The NIAC Convergence of Physical and Cyber Technbologies and Related Security Management Challenges Working Group Final Report and Recommendations The NIAC convened the Physical/Cyber Convergence Working Group (CWG), in October 2005, to investigate

  5. OCIO Technology Summit: Cyber Innovation | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Cyber Innovation OCIO Technology Summit: Cyber Innovation November 26, 2013 - 4:52pm Addthis OCIO Technology Summit: Cyber Innovation Robert G. Green Robert G. Green Principal Deputy CIO for Enterprise Information Resources Management Many people are aware of Energy's mission and how our Laboratories contribute to the Nation's economic prosperity and security through scientific discovery. Our transformative advances also include technology solutions such as scientific computing and maintaining a

  6. SPIDERS JCTD Smart Cyber-Secure Microgrids | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    SPIDERS JCTD Smart Cyber-Secure Microgrids SPIDERS JCTD Smart Cyber-Secure Microgrids Office of the Secretary of Defense Recognizes SPIDERS Project with 2015 JCTD "TEAM OF THE YEAR" Award Smart Power Infrastructure Demonstration for Energy Reliability and Security (SPIDERS) Joint Capability Technology Demonstration (JCTD) was a groundbreaking program to bolster the cyber security and energy efficiency of U.S. military installations and transfer the knowhow to non-military critical

  7. The Department's Cyber Security Incident Management Program, IG-0787 |

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Department of Energy Cyber Security Incident Management Program, IG-0787 The Department's Cyber Security Incident Management Program, IG-0787 The Department of Energy operates numerous interconnected computer networks and systems to help accon~plishit s strategic missions in the areas of energy, defense, science, and the environment. These systems are frequently subjected to sophisticated cyber attacks that could potentially affect the Department's ability to carry out its mission. During

  8. Suspect/Counterfeit Items Guide for Use with 10 CFR 830 Subpart A, Quality Assurance Requirements, and DOE O 414.1B, Quality Assurance

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2004-11-03

    This Guide provides guidance to assist DOE/NNSA and its contractors in mitigating the safety threat of suspect/counterfeit items (S/CIs). Cancels DOE G 440.1-6, Implementation Guide for use with Suspect/Counterfeit Items Requirements of DOE O 440.1, Worker Protection Management; 10 CFR 830.120; and DOE O 5700.6C, Quality Assurance, dated 6-30-97. Canceled by DOE G 414.1-2B.

  9. DOE

    Gasoline and Diesel Fuel Update

    DOE /E/A- 0202( 83//Q J Sh or t-T er m En er gy O ut lo ok a to m Quar terly Proje ction s Febru ary 1983 Ene rgy Info rma tion Adm inist ratio n Was hing ton, D.C. t rt jrt .or t lor t lor t .lor t- ior t- ior t <.o rt ort . m .er m -Te rm -Te rm -Te rm -Te rm -Te rm -Te rm -Te rm -Te rm -Te rm -Te rm -Te rm -Te rm -T erm -T erm -T erm Nrm ue rgy En erg y En erg y En erg y En erg y En erg y En erg y En erg y En erg y En erg y En erg y En erg y En erg y En erg y En erg y En erg y En erg y En

  10. Investigating the effectiveness of many-core network processors for high performance cyber protection systems. Part I, FY2011.

    SciTech Connect (OSTI)

    Wheeler, Kyle Bruce; Naegle, John Hunt; Wright, Brian J.; Benner, Robert E., Jr.; Shelburg, Jeffrey Scott; Pearson, David Benjamin; Johnson, Joshua Alan; Onunkwo, Uzoma A.; Zage, David John; Patel, Jay S.

    2011-09-01

    This report documents our first year efforts to address the use of many-core processors for high performance cyber protection. As the demands grow for higher bandwidth (beyond 1 Gbits/sec) on network connections, the need to provide faster and more efficient solution to cyber security grows. Fortunately, in recent years, the development of many-core network processors have seen increased interest. Prior working experiences with many-core processors have led us to investigate its effectiveness for cyber protection tools, with particular emphasis on high performance firewalls. Although advanced algorithms for smarter cyber protection of high-speed network traffic are being developed, these advanced analysis techniques require significantly more computational capabilities than static techniques. Moreover, many locations where cyber protections are deployed have limited power, space and cooling resources. This makes the use of traditionally large computing systems impractical for the front-end systems that process large network streams; hence, the drive for this study which could potentially yield a highly reconfigurable and rapidly scalable solution.

  11. Cyber Security Audit and Attack Detection Toolkit: National SCADA...

    Energy Savers

    Security Audit and Attack Detection Toolkit: National SCADA Test Bed May 2008 Cyber Security Audit and Attack Detection Toolkit: National SCADA Test Bed May 2008 This project of ...

  12. Common Cyber Security Vulnerabilities Observed in Control System...

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Systems (September 2011) Vulnerability Analysis of Energy Delivery Control Systems - 2011 Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems

  13. Cyber Security Procurement Language for Control Systems Version...

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Cyber Security Procurement Language for Control Systems Version 1.8 Supervisory Control and Data Acquisition (SCADA), Process Control System (PCS), Distributed Control System ...

  14. The NIAC Convergence of Physical and Cyber Technbologies and...

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    of physical and cyber technologies for Supervisory Control and Data Acquisition (SCADA) and process control systems and their consolidated network management. The Working...

  15. 21 Steps to Improve Cyber Security of SCADA Networks | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    SCADA Networks 21 Steps to Improve Cyber Security of SCADA Networks Supervisory control ... natural gas, gasoline, water, waste treatment, transportation) to all Americans. ...

  16. Continuous Monitoring And Cyber Security For High Performance...

    Office of Scientific and Technical Information (OSTI)

    Continuous Monitoring And Cyber Security For High Performance Computing Malin, Alex B. Los Alamos National Laboratory; Van Heule, Graham K. Los Alamos National Laboratory...

  17. Office of Cyber and Security Assessments | Department of Energy

    Office of Environmental Management (EM)

    and classified and unclassified cyber security policies and programs throughout the Department, including protection of special nuclear material, and classified and ...

  18. Office of Electricity Delivery and Energy Reliability Cyber Security...

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Office of Electricity Delivery and Energy Reliability Cyber Security Project Selections On September 23, 2010, speaking at the inaugural GridWise Global Forum, U.S. Energy ...

  19. The NIAC Convergence of Physical and Cyber Technbologies and...

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    deliberations. The NIAC Convergence of Physical and Cyber Technbologies and Related ... Vol 7 No 8 Cybersecurity for Energy Delivery Systems 2010 Peer Review Energy ...

  20. Reducing Cyber Risk to Critical Infrastructure: NIST Framework...

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Cyber Community C Voluntary Program Electricity Subsector Cybersecurity Risk Management ... November 3, 2015 National Critical Infrastructure Security and Resilience Month: Improving ...

  1. Cyber-Physical Modeling and Simulation for Situational Awareness...

    Office of Environmental Management (EM)

    ... (R&D) program, which aims to enhance the reliability and resilience of the nation's energy infrastructure by reducing the risk of energy disruptions due to cyber attacks. ...

  2. Picture of the Week: Cyber-imaging the cosmos

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    5 Cyber-imaging the cosmos A team of astrophysicists and computer scientists, including Los Alamos National Laboratory researchers, completed the first-ever complete...

  3. Using Operational Security (OPSEC) to Support a Cyber Security...

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    This document reviews several key operational cyber security elements that are important for control systems and industrial networks and how those elements can drive the creation ...

  4. Towards Efficient Collaboration in Cyber Security

    SciTech Connect (OSTI)

    Hui, Peter SY; Bruce, Joseph R.; Fink, Glenn A.; Gregory, Michelle L.; Best, Daniel M.; McGrath, Liam R.; Endert, Alexander

    2010-06-03

    Cyber security analysts in different geographical and organizational domains are often largely tasked with similar duties, albeit with domain-specific variations. These analysts necessarily perform much of the same work independently for instance, analyzing the same list of security bulletins released by largely the same set of software vendors. As such, communication and collaboration between such analysts would be mutually beneficial to the analysts involved, potentially reducing redundancy and offering the opportunity to preemptively alert each other to high-severity security alerts in a more timely fashion. However, several barriers to practical and efficient collaboration exist, and as such, no such framework exists to support such efforts. In this paper, we discuss the inherent difficulties which make efficient collaboration between cyber security analysts a difficult goal to achieve. We discuss preliminary ideas and concepts towards a collaborative cyber-security framework currently under development, whose goal is to facilitate analyst collaboration across these boundaries. While still in its early stages, we describe work-in-progress towards achieving this goal, including motivation, functionality, concepts, and a high-level description of the proposed system architecture.

  5. The Clean Air Act Amendments of 1990: Hazardous Air Pollutant Requirements and the DOE Clean Coal Technology Program

    SciTech Connect (OSTI)

    Moskowitz, P.D.; DePhillips, M.; Fthenakis, V.M.; Hemenway, A.

    1991-12-31

    The purpose of the US Department of Energy -- Office of Fossil Energy (DOE FE) Clean Coal Technology Program (CCTP) is to provide the US energy marketplace with advanced, efficient, and environmentally sound coal-based technologies. The design, construction, and operation of Clean Coal Technology Demonstration Projects (CCTDP) will generate data needed to make informed, confident decisions on the commercial readiness of these technologies. These data also will provide information needed to ensure a proactive response by DOE and its industrial partners to the establishment of new regulations or a reactive response to existing regulations promulgated by the US Environmental Protection Agency (EPA). The objectives of this paper are to: (1) Present a preliminary examination of the potential implications of the Clean Air Act Amendments (CAAA) -- Title 3 Hazardous Air Pollutant requirements to the commercialization of CCTDP; and (2) help define options available to DOE and its industrial partners to respond to this newly enacted Legislation.

  6. The Clean Air Act Amendments of 1990: Hazardous Air Pollutant Requirements and the DOE Clean Coal Technology Program

    SciTech Connect (OSTI)

    Moskowitz, P.D.; DePhillips, M.; Fthenakis, V.M. ); Hemenway, A. )

    1991-01-01

    The purpose of the US Department of Energy -- Office of Fossil Energy (DOE FE) Clean Coal Technology Program (CCTP) is to provide the US energy marketplace with advanced, efficient, and environmentally sound coal-based technologies. The design, construction, and operation of Clean Coal Technology Demonstration Projects (CCTDP) will generate data needed to make informed, confident decisions on the commercial readiness of these technologies. These data also will provide information needed to ensure a proactive response by DOE and its industrial partners to the establishment of new regulations or a reactive response to existing regulations promulgated by the US Environmental Protection Agency (EPA). The objectives of this paper are to: (1) Present a preliminary examination of the potential implications of the Clean Air Act Amendments (CAAA) -- Title 3 Hazardous Air Pollutant requirements to the commercialization of CCTDP; and (2) help define options available to DOE and its industrial partners to respond to this newly enacted Legislation.

  7. Additional Requirements and Guidance for Digital Data Management | U.S. DOE

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Office of Science (SC) Opportunities » Additional Requirements and Guidance for Digital Data Management High Energy Physics (HEP) HEP Home About Research Facilities Science Highlights Benefits of HEP Funding Opportunities Closed Funding Opportunity Announcements (FOAs) Closed Lab Announcements Award Search / Public Abstracts HEP Early Career Opportunities Review Policy / Proposal Guidelines / Reporting Requirements Additional Requirements and Guidance for Digital Data Management

  8. Essential Body of Knowledge (EBK) | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    More Documents & Publications Essential Body of Knowledge (EBK) DOE CYBER SECURITY EBK: CORE COMPETENCY TRAINING REQUIREMENTS: CA DOE CYBER SECURITY EBK: MINIMUM CORE COMPETENCY ...

  9. DOE Issues Request for Information for Scope Requirements Planning at Los Alamos National Laboratory

    Energy.gov [DOE]

    Cincinnati – The U.S. Department of Energy (DOE) Environmental Management Consolidated Business Center (EMCBC) today issued a Sources Sought/Request for Information (RFI) seeking 8(a) small business concerns with the capabilities to provide architect-engineer-like services to support a potential upcoming Environmental Management (EM) procurement at Los Alamos National Laboratory (LANL).

  10. Guidance on meeting DOE order requirements for traceable nondestructive assay measurements

    SciTech Connect (OSTI)

    Not Available

    1994-05-01

    Purpose of this guide is to facilitate accuracy and precision of nondestructive assay measurements through improvement of the materials and process of traceability. This document provides DOE and its contractor facilities with guidance to establish traceability to the national measurement base for site-prepared NDA working reference materials.

  11. Evaluation Report on "The Department's Unclassified Cyber Security Program"

    SciTech Connect (OSTI)

    2009-10-01

    Industry experts report that security challenges and threats are continually evolving as malicious activity has become more web-based and attackers are able to rapidly adapt their attack methods. In addition, the number of data breaches continues to rise. In an effort to mitigate and address threats and protect valuable information, the Department of Energy anticipated spending about $275 million in Fiscal Year (FY) 2009 to implement cyber security measures necessary to protect its information technology resources. These systems and data are designed to support the Department's mission and business lines of energy security, nuclear security, scientific discovery and innovation, and environmental responsibility. The Federal Information Security Management Act of 2002 (FISMA) provides direction to agencies on the management and oversight of information security risks, including design and implementation of controls to protect Federal information and systems. As required by FISMA, the Office of Inspector General conducts an annual independent evaluation to determine whether the Department's unclassified cyber security program adequately protects its information systems and data. This memorandum and the attached report present the results of our evaluation for FY 2009. The Department continued to make incremental improvements in its unclassified cyber security program. Our evaluation disclosed that most sites had taken action to address weaknesses previously identified in our FY 2008 evaluation report. They improved certification and accreditation of systems; strengthened configuration management of networks and systems; performed independent assessments; and, developed and/or refined certain policies and procedures. In addition, the Department instituted a centralized incident response organization designed to eliminate duplicative efforts throughout the Department. As we have noted in previous reports, the Department continued to maintain strong network perimeter

  12. Towards A Theory of Autonomous Reconstitution of Compromised Cyber-Systems

    SciTech Connect (OSTI)

    Ramuhalli, Pradeep; Halappanavar, Mahantesh; Coble, Jamie B.; Dixit, Mukul

    2013-11-12

    The ability to maintain mission-critical operations in cyber-systems in the face of disruptions is critical. Faults in cyber systems can come from accidental sources (e.g., natural failure of a component) or deliberate sources (e.g., an intelligent adversary). Natural and intentional manipulation of data, computing, or coordination are the most impactful ways that an attacker can prevent an infrastructure from realizing its mission goals. Under these conditions, the ability to reconstitute critical infrastructure becomes important. Specifically, the question is: Given an intelligent adversary, how can cyber systems respond to keep critical infrastructure operational? In cyber systems, the distributed nature of the system poses serious difficulties in maintaining operations, in part due to the fact that a centralized command and control apparatus is unlikely to provide a robust framework for resilience. Resilience in cyber-systems, in general, has several components, and requires the ability to anticipate and withstand attacks or faults, as well as recover from faults and evolve the system to improve future resilience. The recovery effort (and any subsequent evolution) may require significant reconfiguration of the system (at all levels – hardware, software, services, permissions, etc.) if the system is to be made resilient to further attack or faults. This is especially important in the case of ongoing attacks, where reconfiguration decisions must be taken with care to avoid further compromising the system while maintaining continuity of operations. Collectively, we will label this recovery and evolution process as “reconstitution”. Currently, reconstitution is performed manually, generally after-the-fact, and usually consists of either standing up redundant systems, check-points (rolling back the configuration to a “clean” state), or re-creating the system using “gold-standard” copies. For enterprise systems, such reconstitution may be performed

  13. Microsoft PowerPoint - Snippet 1.1 DOE O 413.3B EVM Requirements...

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    requirements and leading practices for project and acquisition management. The Order applies to capital asset acquisition projects with a Total Project Cost greater than or equal ...

  14. Regulations and Requirements | U.S. DOE Office of Science (SC...

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Regulations and Requirements Human Subjects Protection Program (HSPP) HSPP Home About ... Glossary Abbreviations Contact BER Home Contact Information Human Subjects Protection ...

  15. Strategy for Improvements in Cyber Security | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Strategy for Improvements in Cyber Security Strategy for Improvements in Cyber Security Brase-LLNL-SEAB.10.11.pdf (3.32 MB) More Documents & Publications Lessons Learned by Lawrence Livermore National Laboratory Activity-level Work Planning & Control Lesson Learned by Lawrence Livermore National Laboratory Activity-level Work Planning and Control Chemical Kinetic Research on HCCI & Diesel Fuels

  16. Deception used for Cyber Defense of Control Systems

    SciTech Connect (OSTI)

    Wayne F. Boyer; Miles A. McQueen

    2009-05-01

    Control system cyber security defense mechanisms may employ deception to make it more difficult for attackers to plan and execute successful attacks. These deceptive defense mechanisms are organized and initially explored according to a specific deception taxonomy and the seven abstract dimensions of security previously proposed as a framework for the cyber security of control systems.

  17. Additional Requirements and Guidance for Digital Data Management | U.S. DOE

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Office of Science (SC) Opportunities » Additional Requirements and Guidance for Digital Data Management Biological and Environmental Research (BER) BER Home About Research Facilities Science Highlights Benefits of BER Funding Opportunities Closed Funding Opportunity Announcements (FOAs) Closed Lab Announcements Award Search / Public Abstracts Additional Requirements and Guidance for Digital Data Management Peer Review Policy Grants & Contracts Guidance Laboratory Scientific Focus Area

  18. Additional Requirements and Guidance for Digital Data Management | U.S. DOE

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Office of Science (SC) Opportunities » Additional Requirements and Guidance for Digital Data Management Basic Energy Sciences (BES) BES Home About Research Facilities Science Highlights Benefits of BES Funding Opportunities Closed Funding Opportunity Announcements (FOAs) Closed Lab Announcements Award Search / Public Abstracts Additional Requirements and Guidance for Digital Data Management Peer Review Policies EFRCs FOA Applications from Universities and Other Research Institutions

  19. Additional Requirements and Guidance for Digital Data Management | U.S. DOE

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Office of Science (SC) Opportunities » Additional Requirements and Guidance for Digital Data Management Fusion Energy Sciences (FES) FES Home About Research Facilities Science Highlights Benefits of FES Funding Opportunities Closed Funding Opportunity Announcements (FOAs) Closed Lab Announcements Award Search / Public Abstracts Additional Requirements and Guidance for Digital Data Management Fusion Energy Sciences Advisory Committee (FESAC) Community Resources Contact Information Fusion

  20. Additional Requirements and Guidance for Digital Data Management | U.S. DOE

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Office of Science (SC) Opportunities » Additional Requirements and Guidance for Digital Data Management Nuclear Physics (NP) NP Home About Research Facilities Science Highlights Benefits of NP Funding Opportunities Closed Funding Opportunity Announcements (FOAs) Closed Lab Announcements Award Search / Public Abstracts Additional Requirements and Guidance for Digital Data Management Reviews NP Early Career Opportunities Nuclear Science Advisory Committee (NSAC) Community Resources Contact

  1. DOE G 423.1-1B, Implementation Guide for Use in Developing Technical Safety Requirements

    Directives, Delegations, and Requirements [Office of Management (MA)]

    This Guide provides a complete description of what Technical Safety Requirements should contain and how they should be developed and maintained. This revision of the guide provides new guidance on Technical Safety Requirements for Specific Administrative Controls, incorporates and addresses lessons learned, and makes clarifications and organization changes to improve usability.

  2. DOE Requires Air-Con International to Cease Sales of Inefficient Air Conditioners and Proposes Penalties

    Energy.gov [DOE]

    The Department has issued a Notice of Noncompliance Determination and Proposed Civil Penalty to Air-Con, International, requiring Air-Con to cease the sale of certain air-conditioning systems in...

  3. Additional Requirements and Guidance for Digital Data Management | U.S. DOE

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Office of Science (SC) Opportunities » Additional Requirements and Guidance for Digital Data Management Advanced Scientific Computing Research (ASCR) ASCR Home About Research Facilities Science Highlights Benefits of ASCR Funding Opportunities Closed Funding Opportunity Announcements (FOAs) Closed Lab Announcements Award Search / Public Abstracts Additional Requirements and Guidance for Digital Data Management 2013 Exascale Operating and Runtime Systems RX-Solvers FAQ 2015 EXPRESS FAQ .pdf

  4. Implementation guide for use with suspect/counterfeit items: Requirements of DOE O 440.1, worker protection management; 10 CFR 830.120; and DOE 5700.6C, quality assurance

    SciTech Connect (OSTI)

    1997-06-01

    Department of Energy (DOE) Order (O) 440.1, Worker Protection Management For DOE Federal and Contractors Employees, [7] sets forth requirements for DOE and its contractors to implement suspect and counterfeit items (S/CI) controls as part of the quality assurance (QA) programs required by 10 Code of Federal Regulations (CFR) 830.120 [8] or DOE 5700.6C, Quality Assurance [9]. DOE G-830.120, Implementation Guide for Use with 10 CFR Part 830.120, Quality Assurance, [10] provides additional guidance on establishing and implementing effective QA processes to control S/CIs. DOE O 232.1, Occurrence Reporting and Processing of Operations, [11] specifies requirements for reporting S/CIs under the DOE Occurrence Reporting and Processing System (ORPS). DOE promulgated the requirements and guidance to control or eliminate the hazards posed by S/CIs, which can lead to unexpected equipment failures and undue risks to the DOE mission, the environment, and personnel. This Guide is a compendium of information contained in the referenced DOE directives and other documents concerning S/CI controls. It incorporates, updates, and supersedes earlier guidance issued in Plan for the Suspect/Counterfeit Products Issue in the Department of Energy, dated October 1993, [4] and in memoranda issued by Defense Programs (DP) [12-16] and other DOE program offices. This guidance was developed to strengthen the procurement process, identify and eliminate S/CIs, and improve the reporting of S/CIs. The information in this Guide, when implemented by DOE and its contractors, will satisfy the S/CI requirements contained in the referenced DOE directives.

  5. DOE Issues Energy Sector Cyber Organization NOI, Feb 2010 | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Announcement-Smart Grid Investment Grants Statement of Patricia Hoffman, Assistant Secretary for Electricity Delivery and Energy Reliability, Before the House Committee on ...

  6. Notice of Intent to Revise Department of Energy Order 426.2 Change 1, Personnel Selection, Training, Qualification and Certification Requirements for DOE Nuclear Facilities

    Directives, Delegations, and Requirements [Office of Management (MA)]

    The Office of Nuclear Safety consulted field and Headquarters (HQ) offices on whether or not a revision is warranted for DOE O 426.2. As a result, certain aspects of DOE O 426.2 were identified as needing clarification and revision. Based on this feedback, the revision is intended to clarify educational requirements, certification requirements, and applicability. Addressing these concerns should improve operating training programs, and result in less time focused on managing ambiguous or possibly unnecessary requirements.

  7. Notice of Intent to Revise Department of Energy Order 426.2 Change 1, Personnel Selection, Training, Qualification and Certification Requirements for DOE Nuclear Facilities

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2015-02-19

    The Office of Nuclear Safety consulted field and Headquarters (HQ) offices on whether or not a revision is warranted for DOE O 426.2. As a result, certain aspects of DOE O 426.2 were identified as needing clarification and revision. Based on this feedback, the revision is intended to clarify educational requirements, certification requirements, and applicability. Addressing these concerns should improve operating training programs, and result in less time focused on managing ambiguous or possibly unnecessary requirements.

  8. Towards a Research Agenda for Cyber Friendly Fire

    SciTech Connect (OSTI)

    Greitzer, Frank L.; Clements, Samuel L.; Carroll, Thomas E.; Fluckiger, Jerry D.

    2009-11-18

    Historical assessments of combat fratricide reveal principal contributing factors in the effects of stress, degradation of skills due to continuous operations or sleep deprivation, poor situation awareness, and lack of training and discipline in offensive/defense response selection. While these problems are typically addressed in R&D focusing on traditional ground-based combat, there is also an emerging need for improving situation awareness and decision making on defensive/offensive response options in the cyber defense arena, where a mistaken response to an actual or perceived cyber attack could lead to destruction or compromise of friendly cyber assets. The purpose of this report is to examine cognitive factors that may affect cyber situation awareness and describe possible research needs to reduce the likelihood and effects of "friendly cyber fire" on cyber defenses, information infrastructures, and data. The approach is to examine concepts and methods that have been described in research applied to the more traditional problem of mitigating the occurrence of combat identification and fratricide. Application domains of interest include cyber security defense against external or internal (insider) threats.

  9. Cyber security analysis testbed : combining real, emulation, and simulation.

    SciTech Connect (OSTI)

    Villamarin, Charles H.; Eldridge, John M.; Van Leeuwen, Brian P.; Urias, Vincent E.

    2010-07-01

    Cyber security analysis tools are necessary to evaluate the security, reliability, and resilience of networked information systems against cyber attack. It is common practice in modern cyber security analysis to separately utilize real systems of computers, routers, switches, firewalls, computer emulations (e.g., virtual machines) and simulation models to analyze the interplay between cyber threats and safeguards. In contrast, Sandia National Laboratories has developed novel methods to combine these evaluation platforms into a hybrid testbed that combines real, emulated, and simulated components. The combination of real, emulated, and simulated components enables the analysis of security features and components of a networked information system. When performing cyber security analysis on a system of interest, it is critical to realistically represent the subject security components in high fidelity. In some experiments, the security component may be the actual hardware and software with all the surrounding components represented in simulation or with surrogate devices. Sandia National Laboratories has developed a cyber testbed that combines modeling and simulation capabilities with virtual machines and real devices to represent, in varying fidelity, secure networked information system architectures and devices. Using this capability, secure networked information system architectures can be represented in our testbed on a single, unified computing platform. This provides an 'experiment-in-a-box' capability. The result is rapidly-produced, large-scale, relatively low-cost, multi-fidelity representations of networked information systems. These representations enable analysts to quickly investigate cyber threats and test protection approaches and configurations.

  10. CyberGIS software: a synthetic review and integration roadmap

    SciTech Connect (OSTI)

    Wang, Shaowen; Anselin, Luc; Bhaduri, Budhendra L; Cosby, Christopher; Goodchild, Michael; Liu, Yan; Nygers, Timothy L.

    2013-01-01

    CyberGIS defined as cyberinfrastructure-based geographic information systems (GIS) has emerged as a new generation of GIS representing an important research direction for both cyberinfrastructure and geographic information science. This study introduces a 5-year effort funded by the US National Science Foundation to advance the science and applications of CyberGIS, particularly for enabling the analysis of big spatial data, computationally intensive spatial analysis and modeling (SAM), and collaborative geospatial problem-solving and decision-making, simultaneously conducted by a large number of users. Several fundamental research questions are raised and addressed while a set of CyberGIS challenges and opportunities are identified from scientific perspectives. The study reviews several key CyberGIS software tools that are used to elucidate a vision and roadmap for CyberGIS software research. The roadmap focuses on software integration and synthesis of cyberinfrastructure, GIS, and SAM by defining several key integration dimensions and strategies. CyberGIS, based on this holistic integration roadmap, exhibits the following key characteristics: high-performance and scalable, open and distributed, collaborative, service-oriented, user-centric, and community-driven. As a major result of the roadmap, two key CyberGIS modalities gateway and toolkit combined with a community-driven and participatory approach have laid a solid foundation to achieve scientific breakthroughs across many geospatial communities that would be otherwise impossible.

  11. Primer Control System Cyber Security Framework and Technical Metrics

    SciTech Connect (OSTI)

    Wayne F. Boyer; Miles A. McQueen

    2008-05-01

    The Department of Homeland Security National Cyber Security Division supported development of a control system cyber security framework and a set of technical metrics to aid owner-operators in tracking control systems security. The framework defines seven relevant cyber security dimensions and provides the foundation for thinking about control system security. Based on the developed security framework, a set of ten technical metrics are recommended that allow control systems owner-operators to track improvements or degradations in their individual control systems security posture.

  12. DOE to Provide Nearly $8 Million to Safeguard the Nation's Energy...

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    energy disruptions due to cyber incidents on control systems. SRI International of Menlo Park, CA - selected for an award of up to 1.8 million from DOE (total DOEindustry shared...

  13. The Knotted Sky II: does BICEP2 require a nontrivial primordial power spectrum?

    SciTech Connect (OSTI)

    Abazajian, Kevork N.; Aslanyan, Grigor; Easther, Richard; Price, Layne C. E-mail: g.aslanyan@auckland.ac.nz E-mail: lpri691@aucklanduni.ac.nz

    2014-08-01

    An inflationary gravitational wave background consistent with BICEP2 is difficult to reconcile with a simple power-law spectrum of primordial scalar perturbations. Tensor modes contribute to the temperature anisotropies at multipoles with l∼< 100, and this effect — together with a prior on the form of the scalar perturbations — was the source of previous bounds on the tensor-to-scalar ratio. We compute Bayesian evidence for combined fits to BICEP2 and Planck for three nontrivial primordial spectra: a) a running spectral index, b) a cutoff at fixed wavenumber, and c) a spectrum described by a linear spline with a single internal knot. We find no evidence for a cutoff, weak evidence for a running index, and significant evidence for a ''broken'' spectrum. Taken at face-value, the BICEP2 results require two new inflationary parameters in order to describe both the broken scale invariance in the perturbation spectrum and the observed tensor-to-scalar ratio. Alternatively, this tension may be resolved by additional data and more detailed analyses.

  14. Quality Assurance Management System Guide for Use with 10 CFR 830 Subpart A, Quality Assurance Requirements, and DOE O 414.1C, Quality Assurance

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2005-06-17

    This Guide provides information on principles and practices used to establish and implement an effective quality assurance program or quality management system in accordance with the requirements of 10 CFR 830. Cancels DOE G 414.1-2. Canceled by DOE G 414.1-2B.

  15. Supplemental Requirements for the Use of Management and Operating or Other Facility Management Contractor Employees for Services to DOE in the Washington, D.C., Area

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2005-10-19

    The Notice supplements review and approval requirements of DOE O 350.2A, Use of Management and Operating (M&O) or Other Facility Management Contractor Employees for Services to DOE in the Washington, D.C., Area, dated 10-29-03.

  16. Parking and Cafe Changes to Accommodate Cyber Summit | Jefferson...

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Parking and Cafe Changes to Accommodate Cyber Summit Sept. 18-23: JLab Road, Parking and ... and the Support Service Center (Rutherford Road) and the ARC building's overflow parking ...

  17. TCIP: Trustworthy CyberInfrastructure for the Power Grid

    Energy.gov [DOE]

    The TCIP, or Trustworthy CyberInfrastructure for the Power Grid, project's vision is to provide the fundamental science and technology to create an intelligent, adaptive power grid which survives...

  18. PSERC Webinar Series: Issues in Designing the Future Grid - Cyber...

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    PSERC Webinar Series: Issues in Designing the Future Grid - Cyber-Physical Systems Security for the Smart Grid - February 7, 2012 PSERC is offering a free, public webinar series ...

  19. Towards A Network-of-Networks Framework for Cyber Security

    SciTech Connect (OSTI)

    Halappanavar, Mahantesh; Choudhury, Sutanay; Hogan, Emilie A.; Hui, Peter SY; Johnson, John R.; Ray, Indrajit; Holder, Lawrence B.

    2013-06-07

    Networks-of-networks (NoN) is a graph-theoretic model of interdependent networks that have distinct dynamics at each network (layer). By adding special edges to represent relationships between nodes in different layers, NoN provides a unified mechanism to study interdependent systems intertwined in a complex relationship. While NoN based models have been proposed for cyber-physical systems, in this paper we build towards a three-layer NoN model for an enterprise cyber system. Each layer captures a different facet of a cyber system. We then discuss the potential benefits of graph-theoretic analysis enabled from such a model. Our goal is to provide a novel and powerful tool for modeling and analyzing problems in cyber security.

  20. Reducing Cyber Risk to Critical Infrastructure: NIST Framework

    Energy.gov [DOE]

    The National Institute of Standards and Technology (NIST) works with stakeholders to develop a voluntary Framework for reducing cyber risks to critical infrastructure. The Framework aims to be flexible and repeatable, while helping asset owner and operators manage cybersecurity risk.

  1. Safety Software Guide for Use with 10 CFR 830, Subpart A, Quality Assurance Requirements, and DOE O 414.1C, Quality Assurance

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2005-06-17

    This Guide provides acceptable methods for implementing the safety software quality assurance requirements of DOE O 414.1C, Quality Assurance. Certified 11-3-10. No cancellation.

  2. Good Things in Small Packages: Micro Worlds and Cyber Security

    SciTech Connect (OSTI)

    David I Gertman

    2013-11-01

    Cyber events, as perpetrated by terrorists and nation states, have become commonplace as evidenced in national and international news media. Cyber attacks affect day-to-day activities of end users through exploitation of social networks, businesses such as banking and stock exchanges, and government entities including Departments of Defense. They are becoming more frequent and sophisticated. Currently, efforts are directed to understanding the methods employed by attackers and towards dissecting the planning and activities of the perpetrator, including review of psychosocial factors.

  3. Office of Electricity Delivery and Energy Reliability Cyber Security

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Project Selections | Department of Energy and Energy Reliability Cyber Security Project Selections Office of Electricity Delivery and Energy Reliability Cyber Security Project Selections On September 23, 2010, speaking at the inaugural GridWise Global Forum, U.S. Energy Secretary Steven Chu today announced the investment of more than $30 million for ten projects that will address cybersecurity issues facing the nation's electric grid. Together, these projects represent a significant

  4. Common Cyber Security Vulnerabilities Observed in Control System

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Assessments by the INL NSTB Program | Department of Energy Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program This document presents results from 16 control system assessments performed under the NSTB program from 2003 through 2007. Information found in individual stakeholder reports is protected from disclosure. Researchers recognized that

  5. The Department's Unclassified Cyber Security Program 2002, IG-0567

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    DEPARTMENT'S UNCLASSIFIED CYBER SECURITY PROGRAM 2002 SEPTEMBER 2002 Department of Energy Washington, DC 20585 September 9, 2002 MEMORANDUM FOR FROM: Inspector General SUBJECT: INFORMATION: Evaluation Report on "The Department's Unclassified Cyber Security Program 2002" As agencies strive to meet the President's goal of significantly increasing electronic government, the potential for disruption or damage to critical systems by malicious users continues to increase. In response to

  6. Elaine Santantonio-Creating an efficient cyber workplace

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Elaine Santantonio Elaine Santantonio-Creating an efficient cyber workplace She improved communication and increased efficiency by helping put mobile devices into the hands of Lab employees. March 11, 2014 Elaine Santantonio A recipient of the Lab's 2014 Women Who Inspire awards, as the Network and Infrastructure Engineering (NIE) Division Leader, Santantonio helps provide technical communication and workplace infrastructure and services for the "desktop to teraflops" cyber workplace.

  7. Control Systems Cyber Security: Defense-in-Depth Strategies

    SciTech Connect (OSTI)

    Mark Fabro

    2007-10-01

    Information infrastructures across many public and private domains share several common attributes regarding IT deployments and data communications. This is particularly true in the control systems domain. A majority of the systems use robust architectures to enhance business and reduce costs by increasing the integration of external, business, and control system networks. However, multi-network integration strategies often lead to vulnerabilities that greatly reduce the security of an organization, and can expose mission-critical control systems to cyber threats. This document provides guidance and direction for developing ‘defense-in-depth’ strategies for organizations that use control system networks while maintaining a multi-tier information architecture that requires: • Maintenance of various field devices, telemetry collection, and/or industrial-level process systems • Access to facilities via remote data link or modem • Public facing services for customer or corporate operations • A robust business environment that requires connections among the control system domain, the external Internet, and other peer organizations.

  8. Proceedings Second Annual Cyber Security and Information Infrastructure Research Workshop

    SciTech Connect (OSTI)

    Sheldon, Frederick T; Krings, Axel; Yoo, Seong-Moo; Mili, Ali; Trien, Joseph P

    2006-01-01

    The workshop theme is Cyber Security: Beyond the Maginot Line Recently the FBI reported that computer crime has skyrocketed costing over $67 billion in 2005 alone and affecting 2.8M+ businesses and organizations. Attack sophistication is unprecedented along with availability of open source concomitant tools. Private, academic, and public sectors invest significant resources in cyber security. Industry primarily performs cyber security research as an investment in future products and services. While the public sector also funds cyber security R&D, the majority of this activity focuses on the specific mission(s) of the funding agency. Thus, broad areas of cyber security remain neglected or underdeveloped. Consequently, this workshop endeavors to explore issues involving cyber security and related technologies toward strengthening such areas and enabling the development of new tools and methods for securing our information infrastructure critical assets. We aim to assemble new ideas and proposals about robust models on which we can build the architecture of a secure cyberspace including but not limited to: * Knowledge discovery and management * Critical infrastructure protection * De-obfuscating tools for the validation and verification of tamper-proofed software * Computer network defense technologies * Scalable information assurance strategies * Assessment-driven design for trust * Security metrics and testing methodologies * Validation of security and survivability properties * Threat assessment and risk analysis * Early accurate detection of the insider threat * Security hardened sensor networks and ubiquitous computing environments * Mobile software authentication protocols * A new "model" of the threat to replace the "Maginot Line" model and more . . .

  9. Understanding and Implementing DOE Quality Requirements and ASME NQA-1 in DOE Nuclear Projects, A Management Overview and Introduction, May 14, 2015

    Energy.gov [DOE]

    The CNS was requested by Paul Bosco, Director, Office of Acquisition and Project Management (APM) to provide management overview training on the DOE Nuclear Safety Regulatory Structure including...

  10. Real-Time SCADA Cyber Protection Using Compression Techniques

    SciTech Connect (OSTI)

    Lyle G. Roybal; Gordon H Rueff

    2013-11-01

    The Department of Energy’s Office of Electricity Delivery and Energy Reliability (DOE-OE) has a critical mission to secure the energy infrastructure from cyber attack. Through DOE-OE’s Cybersecurity for Energy Delivery Systems (CEDS) program, the Idaho National Laboratory (INL) has developed a method to detect malicious traffic on Supervisory, Control, and Data Acquisition (SCADA) network using a data compression technique. SCADA network traffic is often repetitive with only minor differences between packets. Research performed at the INL showed that SCADA network traffic has traits desirable for using compression analysis to identify abnormal network traffic. An open source implementation of a Lempel-Ziv-Welch (LZW) lossless data compression algorithm was used to compress and analyze surrogate SCADA traffic. Infected SCADA traffic was found to have statistically significant differences in compression when compared against normal SCADA traffic at the packet level. The initial analyses and results are clearly able to identify malicious network traffic from normal traffic at the packet level with a very high confidence level across multiple ports and traffic streams. Statistical differentiation between infected and normal traffic level was possible using a modified data compression technique at the 99% probability level for all data analyzed. However, the conditions tested were rather limited in scope and need to be expanded into more realistic simulations of hacking events using techniques and approaches that are better representative of a real-world attack on a SCADA system. Nonetheless, the use of compression techniques to identify malicious traffic on SCADA networks in real time appears to have significant merit for infrastructure protection.

  11. DOE G 414.1-4, Safety Software Guide for Use with 10 CFR 830 Subpart A, Quality Assurance Requirements, and DOE O 414.1C, Quality Assurance

    Office of Energy Efficiency and Renewable Energy (EERE)

    "This Department of Energy (DOE or Department) Guide provides information plus acceptable methods for implementing the safety software quality assurance (SQA) requirements of DOE O 414.1C, Quality Assurance, dated 6-17-05. DOE O 414.1C requirements supplement the quality assurance program (QAP) requirements of Title 10 Code of Federal Regulations (CFR) 830, Subpart A, Quality Assurance, for DOE nuclear facilities and activities. The safety SQA requirements for DOE, including the National Nuclear Security Administration (NNSA), and its contractors are necessary to implement effective quality assurance (QA) processes and achieve safe nuclear facility operations. DOE promulgated the safety software requirements and this guidance to control or eliminate the hazards and associated postulated accidents posed by nuclear operations, including radiological operations. Safety software failures or unintended output can lead to unexpected system or equipment failures and undue risks to the DOE/NNSA mission, the environment, the public, and the workers. Thus DOE G 414.1-4 has been developed to provide guidance on establishing and implementing effective QA processes tied specifically to nuclear facility safety software applications. DOE also has guidance1 for the overarching QA program, which includes safety software within its scope. This Guide includes software application practices covered by appropriate national and international consensus standards and various processes currently in use at DOE facilities.2 This guidance is also considered to be of sufficient rigor and depth to ensure acceptable reliability of safety software at DOE nuclear facilities. This guidance should be used by organizations to help determine and support the steps necessary to address possible design or functional implementation deficiencies that might exist and to reduce operational hazards-related risks to an acceptable level. Attributes such as the facility life-cycle stage and the hazardous nature

  12. Cyber Power Group Ltd aka Fine Silicon Co Ltd | Open Energy Informatio...

    Open Energy Information (Open El) [EERE & EIA]

    Cyber Power Group Ltd aka Fine Silicon Co Ltd Jump to: navigation, search Name: Cyber Power Group Ltd (aka Fine Silicon Co Ltd) Place: Baoding, Hebei Province, China Product:...

  13. Cyber Security Challenges in Using Cloud Computing in the Electric Utility Industry

    SciTech Connect (OSTI)

    Akyol, Bora A.

    2012-09-01

    This document contains introductory material that discusses cyber security challenges in using cloud computing in the electric utility industry.

  14. Report of the Cyber Security Research Needs for Open Science Workshop |

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Department of Energy Report of the Cyber Security Research Needs for Open Science Workshop Report of the Cyber Security Research Needs for Open Science Workshop Protecting systems and users, while maintaining ease of access, represents the "perfect storm" of challenges in the area of cyber security. Report of the Cyber Security Research Needs for Open Science Workshop (1.71 MB) More Documents & Publications Networking and Information Technology Research and Development

  15. Cyber Security Testing and Training Programs for Industrial Control Systems

    SciTech Connect (OSTI)

    Daniel Noyes

    2012-03-01

    Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall security posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These trainings vary from web-based cyber security trainings for control systems engineers to more advanced hands-on training that culminates with a Red Team/ Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors.

  16. Nuclear Instrumentation and Control Cyber Testbed Considerations – Lessons Learned

    SciTech Connect (OSTI)

    Jonathan Gray; Robert Anderson; Julio G. Rodriguez; Cheol-Kwon Lee

    2014-08-01

    Abstract: Identifying and understanding digital instrumentation and control (I&C) cyber vulnerabilities within nuclear power plants and other nuclear facilities, is critical if nation states desire to operate nuclear facilities safely, reliably, and securely. In order to demonstrate objective evidence that cyber vulnerabilities have been adequately identified and mitigated, a testbed representing a facility’s critical nuclear equipment must be replicated. Idaho National Laboratory (INL) has built and operated similar testbeds for common critical infrastructure I&C for over ten years. This experience developing, operating, and maintaining an I&C testbed in support of research identifying cyber vulnerabilities has led the Korean Atomic Energy Research Institute of the Republic of Korea to solicit the experiences of INL to help mitigate problems early in the design, development, operation, and maintenance of a similar testbed. The following information will discuss I&C testbed lessons learned and the impact of these experiences to KAERI.

  17. DOE Testing Reveals Samsung Refrigerator Does Not Meet Energy...

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Reveals Samsung Refrigerator Does Not Meet Energy Star Requirements DOE Testing Reveals Samsung Refrigerator Does Not Meet Energy Star Requirements March 16, 2010 - 4:28pm Addthis...

  18. Human dimensions in cyber operations research and development priorities.

    SciTech Connect (OSTI)

    Forsythe, James Chris; Silva, Austin Ray; Stevens-Adams, Susan Marie; Bradshaw, Jeffrey

    2012-11-01

    Within cyber security, the human element represents one of the greatest untapped opportunities for increasing the effectiveness of network defenses. However, there has been little research to understand the human dimension in cyber operations. To better understand the needs and priorities for research and development to address these issues, a workshop was conducted August 28-29, 2012 in Washington DC. A synthesis was developed that captured the key issues and associated research questions. Research and development needs were identified that fell into three parallel paths: (1) human factors analysis and scientific studies to establish foundational knowledge concerning factors underlying the performance of cyber defenders; (2) development of models that capture key processes that mediate interactions between defenders, users, adversaries and the public; and (3) development of a multi-purpose test environment for conducting controlled experiments that enables systems and human performance measurement. These research and development investments would transform cyber operations from an art to a science, enabling systems solutions to be engineered to address a range of situations. Organizations would be able to move beyond the current state where key decisions (e.g. personnel assignment) are made on a largely ad hoc basis to a state in which there exist institutionalized processes for assuring the right people are doing the right jobs in the right way. These developments lay the groundwork for emergence of a professional class of cyber defenders with defined roles and career progressions, with higher levels of personnel commitment and retention. Finally, the operational impact would be evident in improved performance, accompanied by a shift to a more proactive response in which defenders have the capacity to exert greater control over the cyber battlespace.

  19. Autonomic Intelligent Cyber Sensor (AICS) Version 1.0.1

    SciTech Connect (OSTI)

    2015-03-01

    The Autonomic Intelligent Cyber Sensor (AICS) provides cyber security and industrial network state awareness for Ethernet based control network implementations. The AICS utilizes collaborative mechanisms based on Autonomic Research and a Service Oriented Architecture (SOA) to: 1) identify anomalous network traffic; 2) discover network entity information; 3) deploy deceptive virtual hosts; and 4) implement self-configuring modules. AICS achieves these goals by dynamically reacting to the industrial human-digital ecosystem in which it resides. Information is transported internally and externally on a standards based, flexible two-level communication structure.

  20. Autonomic Intelligent Cyber Sensor (AICS) Version 1.0.1

    Energy Science and Technology Software Center (OSTI)

    2015-03-01

    The Autonomic Intelligent Cyber Sensor (AICS) provides cyber security and industrial network state awareness for Ethernet based control network implementations. The AICS utilizes collaborative mechanisms based on Autonomic Research and a Service Oriented Architecture (SOA) to: 1) identify anomalous network traffic; 2) discover network entity information; 3) deploy deceptive virtual hosts; and 4) implement self-configuring modules. AICS achieves these goals by dynamically reacting to the industrial human-digital ecosystem in which it resides. Information is transportedmore » internally and externally on a standards based, flexible two-level communication structure.« less

  1. Safeguards and Security and Cyber Security RM

    Office of Environmental Management (EM)

    and Project Management for the Acquisition of Capital Assets, DOE-STD-1189-2008, Integration of Safety into the Design Process, and EM's internal business management practices. ...

  2. Office of Cyber Assessments | Department of Energy

    Energy Savers

    evaluation of the effectiveness of classified and unclassified computer security ... for assessing the security of DOE classified and unclassified networks through ...

  3. Quantifying and Addressing the DOE Material Reactivity Requirements with Analysis and Testing of Hydrogen Storage Materials & Systems

    SciTech Connect (OSTI)

    Khalil, Y. F

    2015-01-05

    The objective of this project is to examine safety aspects of candidate hydrogen storage materials and systems being developed in the DOE Hydrogen Program. As a result of this effort, the general DOE safety target will be given useful meaning by establishing a link between the characteristics of new storage materials and the satisfaction of safety criteria. This will be accomplished through the development and application of formal risk analysis methods, standardized materials testing, chemical reactivity characterization, novel risk mitigation approaches and subscale system demonstration. The project also will collaborate with other DOE and international activities in materials based hydrogen storage safety to provide a larger, highly coordinated effort.

  4. Fact Sheet: Protecting Intelligent Distributed Power Grids Against Cyber Attacks

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Protecting Intelligent Distributed Power Grids Against Cyber Attacks Development of a novel distributed and hierarchical security layer specific to intelligent grid design Intelligent power grids are interdependent energy management systems- encompassing generation, distribution, IT networks, and control systems-that use automated data analysis and demand response capabilities to increase system functionality, effciency, and reliability. But increased interconnection and automation over a large

  5. Protecting the Nation's Electric Grid from Cyber Threats

    Energy.gov [DOE]

    The Electric Sector Cybersecurity Risk Maturity Model Pilot is a new White House initiative led by the Department of Energy to develop a model to help us identify how secure the electric grid is from cyber threats and to test that model with participating utilities.

  6. A DOE contractor`s perspective of environmental monitoring requirements at a low-level waste facility

    SciTech Connect (OSTI)

    Ferns, T.W.

    1989-11-01

    Environmental monitoring at a low-level waste disposal facility (LLWDF) should, (1) demonstrate compliance with environmental laws; (2) detect any spatial or temporal environmental changes; and (3) provide information on the potential or actual exposure of humans and/or the environment to disposed waste and/or waste by-products. Under the DOE Order system the LLWDF site manager has more freedom of implementation for a monitoring program than either the semi-prescriptive NRC, or the prescriptive EPA hazardous waste programs. This paper will attempt to compare and contrast environmental monitoring under the different systems (DOE, NRC, and EPA), and determine if the DOE might benefit from a more prescriptive system.

  7. T3: Secure, Scalable, Distributed Data Movement and Remote System Control for Enterprise Level Cyber Security

    SciTech Connect (OSTI)

    Thomas, Gregory S.; Nickless, William K.; Thiede, David R.; Gorton, Ian; Pitre, Bill J.; Christy, Jason E.; Faultersack, Elizabeth M.; Mauth, Jeffery A.

    2009-07-20

    Enterprise level cyber security requires the deployment, operation, and monitoring of many sensors across geographically dispersed sites. Communicating with the sensors to gather data and control behavior is a challenging task when the number of sensors is rapidly growing. This paper describes the system requirements, design, and implementation of T3, the third generation of our transport software that performs this task. T3 relies on open source software and open Internet standards. Data is encoded in MIME format messages and transported via NNTP, which provides scalability. OpenSSL and public key cryptography are used to secure the data. Robustness and ease of development are increased by defining an internal cryptographic API, implemented by modules in C, Perl, and Python. We are currently using T3 in a production environment. It is freely available to download and use for other projects.

  8. A cognitive and economic decision theory for examining cyber defense strategies.

    SciTech Connect (OSTI)

    Bier, Asmeret Brooke

    2014-01-01

    Cyber attacks pose a major threat to modern organizations. Little is known about the social aspects of decision making among organizations that face cyber threats, nor do we have empirically-grounded models of the dynamics of cooperative behavior among vulnerable organizations. The effectiveness of cyber defense can likely be enhanced if information and resources are shared among organizations that face similar threats. Three models were created to begin to understand the cognitive and social aspects of cyber cooperation. The first simulated a cooperative cyber security program between two organizations. The second focused on a cyber security training program in which participants interact (and potentially cooperate) to solve problems. The third built upon the first two models and simulates cooperation between organizations in an information-sharing program.

  9. Taxonomies of Cyber Adversaries and Attacks: A Survey of Incidents and Approaches

    SciTech Connect (OSTI)

    Meyers, C A; Powers, S S; Faissol, D M

    2009-10-08

    In this paper we construct taxonomies of cyber adversaries and methods of attack, drawing from a survey of the literature in the area of cyber crime. We begin by addressing the scope of cyber crime, noting its prevalence and effects on the US economy. We then survey the literature on cyber adversaries, presenting a taxonomy of the different types of adversaries and their corresponding methods, motivations, maliciousness, and skill levels. Subsequently we survey the literature on cyber attacks, giving a taxonomy of the different classes of attacks, subtypes, and threat descriptions. The goal of this paper is to inform future studies of cyber security on the shape and characteristics of the risk space and its associated adversaries.

  10. DOE-STD-1073-93-Pt. 1; DOE Standard Guide for Operational Configuratio...

    Energy Savers

    ... Guides) * Specific regulatory requirements - DOE rules - DOE Orders - DOE safety guides * DOE correspondence and commitments - DOE safety evaluation reports - Facility safety ...

  11. Breaking into a computer : attack techniques and tools used by cyber-criminals

    ScienceCinema (OSTI)

    None

    2016-07-12

    Oral presentation in English, slides in English. We will show you how and why cyber-criminals attack your computers: their motives, methods and tools.

  12. Situational Awareness as a Measure of Performance in Cyber Security Collaborative Work

    SciTech Connect (OSTI)

    Malviya, Ashish; Fink, Glenn A.; Sego, Landon H.; Endicott-Popovsky, Barbara E.

    2011-04-11

    Cyber defense competitions arising from U.S. service academy exercises, offer a platform for collecting data that can inform research that ranges from characterizing the ideal cyber warrior to describing behaviors during certain challenging cyber defense situations. This knowledge in turn could lead to better preparation of cyber defenders in both military and civilian settings. We conducted proof of concept experimentation to collect data during the Pacific-rim Regional Collegiate Cyber Defense Competition (PRCCDC) and analyzed it to study the behavior of cyber defenders. We propose that situational awareness predicts performance of cyber security professionals, and in this paper we focus on our collection and analysis of competition data to determine whether it supports our hypothesis. In addition to normal cyber data, we collected situational awareness and workload data and compared it against the performance of cyber defenders as indicated by their competition score. We conclude that there is a weak correlation between our measure of situational awareness and performance that we hope to exploit in further studies.

  13. NNSA Seeking Comments on Consolidated IT and Cyber Security Support Services Draft

    Energy.gov [DOE]

    The National Nuclear Security Administration (NNSA) is currently seeking comments, now through July 29, on an opportunity for Consolidated IT and Cyber Security Support Services.

  14. ABB and Energy Utilities Form Consortium to Fund SCADA/EMS Cyber...

    Energy Savers

    Assessment at National SCADA Test Bed ABB and Energy Utilities Form Consortium to Fund SCADAEMS Cyber Security Assessment at National SCADA Test Bed Twelve utilities have ...

  15. Cyber Security Audit and Attack Detection Toolkit: Bandolier and Portaledge, March 2010

    Energy.gov [DOE]

    This project of the cyber security audit and attack detection toolkit will employ Bandolier Audit Files for optimizing security configurations and the Portaledge event detection capability for...

  16. Cyber-Intrusion Auto-Response Policy and Management System (CAPMS...

    Office of Environmental Management (EM)

    ... input to operational control systems New techniques for visualizing the extent and root causes behind combined cyber and operational attacks Autonomous and ...

  17. A Comparison of Cross-Sector Cyber Security Standards

    SciTech Connect (OSTI)

    Robert P. Evans

    2005-09-01

    This report presents a review and comparison (commonality and differences) of three cross-sector cyber security standards and an internationally recognized information technology standard. The comparison identifies the security areas covered by each standard and reveals where the standards differ in emphasis. By identifying differences in the standards, the user can evaluate which standard best meets their needs. For this report, only cross-sector standards were reviewed.

  18. Cyber Assessment Methods for SCADA Security | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Assessment Methods for SCADA Security Cyber Assessment Methods for SCADA Security This paper describes vulnerability assessment methodologies used in ongoing research and assessment activities designed to identify and resolve vulnerabilities so as to improve the security of the nation's critical infrastructure. The terrorist attacks of September 11, 2001 brought to light threats and vulnerabilities that face the United States. In response, the U.S. Government is directing the effort to secure

  19. Cyber Security Research Frameworks For Coevolutionary Network Defense

    SciTech Connect (OSTI)

    Rush, George D.; Tauritz, Daniel Remy

    2015-12-03

    Several architectures have been created for developing and testing systems used in network security, but most are meant to provide a platform for running cyber security experiments as opposed to automating experiment processes. In the first paper, we propose a framework termed Distributed Cyber Security Automation Framework for Experiments (DCAFE) that enables experiment automation and control in a distributed environment. Predictive analysis of adversaries is another thorny issue in cyber security. Game theory can be used to mathematically analyze adversary models, but its scalability limitations restrict its use. Computational game theory allows us to scale classical game theory to larger, more complex systems. In the second paper, we propose a framework termed Coevolutionary Agent-based Network Defense Lightweight Event System (CANDLES) that can coevolve attacker and defender agent strategies and capabilities and evaluate potential solutions with a custom network defense simulation. The third paper is a continuation of the CANDLES project in which we rewrote key parts of the framework. Attackers and defenders have been redesigned to evolve pure strategy, and a new network security simulation is devised which specifies network architecture and adds a temporal aspect. We also add a hill climber algorithm to evaluate the search space and justify the use of a coevolutionary algorithm.

  20. Bio-Inspired Cyber Security for Smart Grid Deployments

    SciTech Connect (OSTI)

    McKinnon, Archibald D.; Thompson, Seth R.; Doroshchuk, Ruslan A.; Fink, Glenn A.; Fulp, Errin W.

    2013-05-01

    mart grid technologies are transforming the electric power grid into a grid with bi-directional flows of both power and information. Operating millions of new smart meters and smart appliances will significantly impact electric distribution systems resulting in greater efficiency. However, the scale of the grid and the new types of information transmitted will potentially introduce several security risks that cannot be addressed by traditional, centralized security techniques. We propose a new bio-inspired cyber security approach. Social insects, such as ants and bees, have developed complex-adaptive systems that emerge from the collective application of simple, light-weight behaviors. The Digital Ants framework is a bio-inspired framework that uses mobile light-weight agents. Sensors within the framework use digital pheromones to communicate with each other and to alert each other of possible cyber security issues. All communication and coordination is both localized and decentralized thereby allowing the framework to scale across the large numbers of devices that will exist in the smart grid. Furthermore, the sensors are light-weight and therefore suitable for implementation on devices with limited computational resources. This paper will provide a brief overview of the Digital Ants framework and then present results from test bed-based demonstrations that show that Digital Ants can identify a cyber attack scenario against smart meter deployments.

  1. Compliance with the Clean Air Act Title VI Stratospheric Ozone Protection Program requirements at U.S. DOE Oak Ridge Reservation Facilities

    SciTech Connect (OSTI)

    Humphreys, M.P.; Atkins, E.M.

    1999-07-01

    The Title VI Stratospheric Ozone Protection Program of the Clean Air Act (CAA) requires promulgation of regulations to reduce and prevent damage to the earth's protective ozone layer. Regulations pursuant to Title VI of the CAA are promulgated in the Code of Federal Regulations (CFR) at Title 40 CFR, Part 822. The regulations include ambitious production phaseout schedules for ozone depleting substances (ODS) including chlorofluorocarbons (CFCs), hydrochlorofluorocarbons (HCFCs), halons, carbon tetrachloride, and methyl chloroform under 40 CFR 82, Subpart A. The regulations also include requirements for recycling and emissions reduction during the servicing of refrigeration equipment and technician certification requirements under Subpart F; provisions for servicing of motor vehicle air conditioners under Subpart B; a ban on nonessential products containing Class 1 ODS under Subpart C; restrictions on Federal procurement of ODS under Subpart D; labeling of products using ODS under Subpart E; and the Significant New Alternatives Policy Program under Subpart G. This paper will provide details of initiatives undertaken at US Department of Energy (DOE) Oak Ridge Reservation (ORR) Facilities for implementation of requirements under the Title VI Stratospheric Ozone Protection Program. The Stratospheric Ozone Protection Plans include internal DOE requirements for: (1) maintenance of ODS inventories; (2) ODS procurement practices; (3) servicing of refrigeration and air conditioning equipment; (4) required equipment modifications or replacement; (5) technician certification training; (6) labeling of products containing ODS; (7) substitution of chlorinated solvents; and (8) replacement of halon fire protection systems. The plans also require establishment of administrative control systems which assure that compliance is achieved and maintained as the regulations continue to develop and become effective.

  2. DOE-FLEX: DOE's Telework Program

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2013-02-11

    The order establishes the requirements and responsibilities for the Departments telework program. Supersedes DOE N 314.1.

  3. Study of Security Attributes of Smart Grid Systems- Current Cyber Security Issues

    SciTech Connect (OSTI)

    Wayne F. Boyer; Scott A. McBride

    2009-04-01

    This document provides information for a report to congress on Smart Grid security as required by Section 1309 of Title XIII of the Energy Independence and Security Act of 2007. The security of any future Smart Grid is dependent on successfully addressing the cyber security issues associated with the nation’s current power grid. Smart Grid will utilize numerous legacy systems and technologies that are currently installed. Therefore, known vulnerabilities in these legacy systems must be remediated and associated risks mitigated in order to increase the security and success of the Smart Grid. The implementation of Smart Grid will include the deployment of many new technologies and multiple communication infrastructures. This report describes the main technologies that support Smart Grid and summarizes the status of implementation into the existing U.S. electrical infrastructure.

  4. DOE TEAM Initiative

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    ... lingering odors or off lingering odors or off - - gassing gassing Does Does not coat ductwork coat ductwork Cleaning ductwork Cleaning ductwork not required before sealing ...

  5. Implementation of the Clean Air Act, Title V operating permit program requirements for the U.S. DOE Oak Ridge Reservation facilities

    SciTech Connect (OSTI)

    Humphreys, M.P.

    1998-12-31

    Title V of the Clean Air Act (CAA) establishes a new permit program requiring major sources and sources subject to Title III (Hazardous Air Pollutants) to obtain a state operating permit. Historically, most states have issued operating permits for individual emission units. Under the Title V permit program, a single permit will be issued for all of the emission units at the facility much like the current National Pollutant Discharge Elimination System (NPDES) permit program. The permit will specify all reporting, monitoring, and record-keeping requirements for the facility. Sources required to obtain permits include (a) major sources that emit 100 tons per year or more of any criteria air contaminant, (b) any source subject to the HAP provisions of Title III, (c) any source subject to the acid rain provisions of Title IV, (d) any source subject to New Source Performance Standards, and (e) any source subject to new source review under the nonattainment or Prevention of Significant Deterioration provisions. The State of Tennessee Title V Operating Permit Program was approved by EPA on August 28, 1996. This paper will provide details of initiatives underway at US Department of Energy (DOE) Oak Ridge Reservation (ORR) Facilities for implementation of requirements under the Title V Operating Permit Program. The ORR encompasses three DOE Facilities: the Y-12 Plant, Oak Ridge National Laboratory (ORNL), and the East Tennessee Technology Park (ETTP). The Y-12 Plant manufactures component parts for the national nuclear weapons program; the ORNL is responsible for research and development activities including nuclear engineering, engineering technologies, and the environmental sciences; and the ETTP conducts a variety of research and development activities and is the home of a mixed waste incinerator. Each of the three DOE Facilities is considered a major source under Title V of the CAA.

  6. Video Requirements

    Energy.gov [DOE]

    All EERE videos, including webinar recordings, must meet Section 508's requirements for accessibility. All videos should be hosted on the DOE YouTube channel.

  7. Deployment Requirements

    Energy.gov (indexed) [DOE]

    Troy, Michigan June 13, 2014 THIS PRESENTATION DOES NOT CONTAIN ANY PROPRIETARY, CONFIDENTIAL OR OTHERWISE RESTRICTED INFORMATION 2 Outline of talk * SAE 2719 Requirements and ...

  8. Does the orbit-averaged theory require a scale separation between periodic orbit size and perturbation correlation length?

    SciTech Connect (OSTI)

    Zhang, Wenlu; Department of Modern Physics, University of Science and Technology of China, Hefei, Anhui 230026; Department of Physics and Astronomy, University of California, Irvine, California 92697 ; Lin, Zhihong; Fusion Simulation Center, Peking University, Beijing 100871

    2013-10-15

    Using the canonical perturbation theory, we show that the orbit-averaged theory only requires a time-scale separation between equilibrium and perturbed motions and verifies the widely accepted notion that orbit averaging effects greatly reduce the microturbulent transport of energetic particles in a tokamak. Therefore, a recent claim [Hauff and Jenko, Phys. Rev. Lett. 102, 075004 (2009); Jenko et al., ibid. 107, 239502 (2011)] stating that the orbit-averaged theory requires a scale separation between equilibrium orbit size and perturbation correlation length is erroneous.

  9. Office Inspector General DOE Annual Performance Report FY 2008, Annual

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Performance Plan FY 2009 | Department of Energy Inspector General DOE Annual Performance Report FY 2008, Annual Performance Plan FY 2009 Office Inspector General DOE Annual Performance Report FY 2008, Annual Performance Plan FY 2009 During Fiscal Year (FY) 2008, we reviewed a variety of critical areas relevant to the Department's mission priorities. One of our goals, for example, was to examine possible programmatic improvements in Department operations relating to cyber security and

  10. FY 2013 DOE Agency Financial Report | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Agency Financial Reports » FY 2013 DOE Agency Financial Report FY 2013 DOE Agency Financial Report Notable accomplishments in FY 2013: Investments in energy transformation have resulted in testing of greenhouse gas storage, the first grid-connected offshore wind prototype, cost competitive advances in cellulosic ethanol, the first commercial geothermal system to deliver power to the electric grid, improved efficiency and cyber security for the electric grid, new appliance efficiency standards,

  11. Cyber Science and Security - An R&D Partnership at LLNL

    SciTech Connect (OSTI)

    Brase, J; Henson, V

    2011-03-11

    Lawrence Livermore National Laboratory has established a mechanism for partnership that integrates the high-performance computing capabilities of the National Labs, the network and cyber technology expertise of leading information technology companies, and the long-term research vision of leading academic cyber programs. The Cyber Science and Security Center is designed to be a working partnership among Laboratory, Industrial, and Academic institutions, and provides all three with a shared R&D environment, technical information sharing, sophisticated high-performance computing facilities, and data resources for the partner institutions and sponsors. The CSSC model is an institution where partner organizations can work singly or in groups on the most pressing problems of cyber security, where shared vision and mutual leveraging of expertise and facilities can produce results and tools at the cutting edge of cyber science.

  12. Network Intrusion Detection and Visualization using Aggregations in a Cyber Security Data Warehouse

    SciTech Connect (OSTI)

    Czejdo, Bogdan; Ferragut, Erik M; Goodall, John R; Laska, Jason A

    2012-01-01

    The challenge of achieving situational understanding is a limiting factor in effective, timely, and adaptive cyber-security analysis. Anomaly detection fills a critical role in network assessment and trend analysis, both of which underlie the establishment of comprehensive situational understanding. To that end, we propose a cyber security data warehouse implemented as a hierarchical graph of aggregations that captures anomalies at multiple scales. Each node of our pro-posed graph is a summarization table of cyber event aggregations, and the edges are aggregation operators. The cyber security data warehouse enables domain experts to quickly traverse a multi-scale aggregation space systematically. We describe the architecture of a test bed system and a summary of results on the IEEE VAST 2012 Cyber Forensics data.

  13. Comparison and Analysis of Regulatory and Derived Requirements for Certain DOE Spent Nuclear Fuel Shipments; Lessons Learned for Future Spent Fuel Transportation Campaigns

    SciTech Connect (OSTI)

    Kramer, George L., Ph.D.; Fawcett, Rick L.; Rieke, Philip C.

    2003-02-27

    Radioactive materials transportation is stringently regulated by the Department of Transportation and the Nuclear Regulatory Commission to protect the public and the environment. As a Federal agency, however, the U.S. Department of Energy (DOE) must seek State, Tribal and local input on safety issues for certain transportation activities. This interaction has invariably resulted in the imposition of extra-regulatory requirements, greatly increasing transportation costs and delaying schedules while not significantly enhancing the level of safety. This paper discusses the results an analysis of the regulatory and negotiated requirements established for a July 1998 shipment of spent nuclear fuel from foreign countries through the west coast to the Idaho National Engineering and Environmental Laboratory (INEEL). Staff from the INEEL Nuclear Materials Engineering and Disposition Department undertook the analysis in partnership with HMTC, to discover if there were instances where requirements derived from stakeholder interactions duplicate, contradict, or otherwise overlap with regulatory requirements. The study exhaustively lists and classifies applicable Department of Transportation (DOT) and Nuclear Regulatory Commission (NRC) regulations. These are then compared with a similarly classified list of requirements from the Environmental Impact Statements (EIS) and those developed during stakeholder negotiations. Comparison and analysis reveals numerous attempts to reduce transportation risk by imposing more stringent safety measures than those required by DOT and NRC. These usually took the form of additional inspection, notification and planning requirements. There are also many instances of overlap with, and duplication of regulations. Participants will gain a greater appreciation for the need to understand the risk-oriented basis of the radioactive materials regulations and their effectiveness in ensuring safety when negotiating extra-regulatory requirements.

  14. Implementation of the Clean Air Act, Title III, Section 112(r) Prevention of Accidental Release Rule requirements at U.S. DOE Oak Ridge Reservation facilities

    SciTech Connect (OSTI)

    Humphreys, M.P. [Dept. of Energy Oak Ridge Operations Office, TN (United States). Environmental Protection Div.; Fellers, H.L. [Lockheed-Martin Energy Systems K-25 Site, Oak Ridge, TN (United States)

    1997-12-31

    Title III, Section 112(r) of the Clean Air Act (CAA) Amendments of 1990 requires the Environmental Protection Agency (EPA) to promulgate regulations to prevent accidental releases of regulated substances and to reduce the severity of those releases that do occur. The final EPA rule for Risk Management Programs under Section 112(r)(7) of the CAA, promulgated June 20, 1996, applies to all stationary sources with processes that contain more than a threshold quantity of any of 139 regulated substances listed under 40 CFR 68.130. All affected sources will be required to prepare a risk management plan which must be submitted to EPA and be made available to state and local governments and to the public. This paper will provide details of initiatives underway at US Department of Energy (DOE) Oak Ridge Reservation (ORR) Facilities for implementation of the Prevention of Accidental Release Rule. The ORR encompasses three DOE Facilities: the Y-12 Plant, Oak Ridge National Laboratory (ORNL), and the K-25 Site. The Y-12 Plant manufactures component parts for the national nuclear weapons program; the ORNL is responsible for research and development activities including nuclear engineering, engineering technologies, and the environmental sciences; and the K-25 Site conducts a variety of research and development activities and is the home of a mixed waste incinerator. ORR activities underway and soon to be undertaken toward implementation of the Prevention of Accidental Release Rule include: compilation of inventories of regulated substances at all processes at each of the three ORR Facilities for determination of affected processes and facilities; plans for inventory reduction to levels below threshold quantities, where necessary and feasible; determination of the overlap of processes subject to the OSHA PSM Standard and determination of parallel requirements; preparation of Risk Management Plans and Programs for affected processes and facilities including detailed requirements

  15. Probabilistic Characterization of Adversary Behavior in Cyber Security

    SciTech Connect (OSTI)

    Meyers, C A; Powers, S S; Faissol, D M

    2009-10-08

    The objective of this SMS effort is to provide a probabilistic characterization of adversary behavior in cyber security. This includes both quantitative (data analysis) and qualitative (literature review) components. A set of real LLNL email data was obtained for this study, consisting of several years worth of unfiltered traffic sent to a selection of addresses at ciac.org. The email data was subjected to three interrelated analyses: a textual study of the header data and subject matter, an examination of threats present in message attachments, and a characterization of the maliciousness of embedded URLs.

  16. Ant-Based Cyber Defense (also known as

    Energy Science and Technology Software Center (OSTI)

    2015-09-29

    ABCD is a four-level hierarchy with human supervisors at the top, a top-level agent called a Sergeant controlling each enclave, Sentinel agents located at each monitored host, and mobile Sensor agents that swarm through the enclaves to detect cyber malice and misconfigurations. The code comprises four parts: (1) the core agent framework, (2) the user interface and visualization, (3) test-range software to create a network of virtual machines including a simulated Internet and user andmore » host activity emulation scripts, and (4) a test harness to allow the safe running of adversarial code within the framework of monitored virtual machines.« less

  17. A Hierarchical Security Architecture for Cyber-Physical Systems

    SciTech Connect (OSTI)

    Quanyan Zhu; Tamer Basar

    2011-08-01

    Security of control systems is becoming a pivotal concern in critical national infrastructures such as the power grid and nuclear plants. In this paper, we adopt a hierarchical viewpoint to these security issues, addressing security concerns at each level and emphasizing a holistic cross-layer philosophy for developing security solutions. We propose a bottom-up framework that establishes a model from the physical and control levels to the supervisory level, incorporating concerns from network and communication levels. We show that the game-theoretical approach can yield cross-layer security strategy solutions to the cyber-physical systems.

  18. Comparison of two methods to quantify cyber and physical security effectiveness.

    SciTech Connect (OSTI)

    Wyss, Gregory Dane; Gordon, Kristl A.

    2005-11-01

    With the increasing reliance on cyber technology to operate and control physical security system components, there is a need for methods to assess and model the interactions between the cyber system and the physical security system to understand the effects of cyber technology on overall security system effectiveness. This paper evaluates two methodologies for their applicability to the combined cyber and physical security problem. The comparison metrics include probabilities of detection (P{sub D}), interruption (P{sub I}), and neutralization (P{sub N}), which contribute to calculating the probability of system effectiveness (P{sub E}), the probability that the system can thwart an adversary attack. P{sub E} is well understood in practical applications of physical security but when the cyber security component is added, system behavior becomes more complex and difficult to model. This paper examines two approaches (Bounding Analysis Approach (BAA) and Expected Value Approach (EVA)) to determine their applicability to the combined physical and cyber security issue. These methods were assessed for a variety of security system characteristics to determine whether reasonable security decisions could be made based on their results. The assessments provided insight on an adversary's behavior depending on what part of the physical security system is cyber-controlled. Analysis showed that the BAA is more suited to facility analyses than the EVA because it has the ability to identify and model an adversary's most desirable attack path.

  19. What is the current state of the science of Cyber defense?

    SciTech Connect (OSTI)

    Hurd, Alan J.

    2015-10-09

    My overall sense of the cyber defense field is one of an adolescent discipline currently bogged down in a cloud of issues, the most iconic of which is the great diversity of approaches that are being aggregated to form a coherent field. Because my own expertise is complex systems and materials physics research, I have limited direct experience in cyber security sciences except as a user of secure networks and computing resources. However, in producing this report, I have found with certainty that there exists no calculus for cyber risk assessment, mitigation, and response, although some hopeful precepts toward this end are emerging.

  20. Notice of Intent to Revise DOE G 423.1-1A, Implementation Guide for Use in Developing Technical Safety Requirements

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2014-06-05

    The purpose of this revision is to incorporate lessons learned as identified by DOE program offices.

  1. Contract to coordinate on-going documentation requirements associated with Title X legislation for DOE active-solar activities. Final project technical report

    SciTech Connect (OSTI)

    Not Available

    1982-06-01

    The objectives of this work were to ensure that Title X Active Solar Program reports complied with all guidance regarding length, format, coverage, tone, tables and schedules; provide necessary Conservation and Renewable Energy Office background and back-up material; follow this activity through to its completion in January 1982; assess information requirements associated with on-going documentation of Federal Buildings Program and its predecessors; establish a method for collecting, maintaining and utilizing appropriate program data specifically related to the preparation of report due in June 1982. Work on this project has generally remained on schedule and within budget. DOE-SAN has been instrumental in keeping us on track, by providing timely guidance as needed. Attached are recommendations and methods for documenting solar heat technologies research and the Title X sunset policy, planning, and evaluation long report for Active Solar Heating and Cooling Program.

  2. DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Did you not find what you were looking for? Try the Advanced Search to refine your search. Search results 0 items matching your search terms. Filter the results. Item type Select All/None Collection Delegation Directive Other Policy Page File Form Folder Link News Item Collection (old-style) DoxFile New items since Yesterday Last week Last month Ever Search Sort by relevance * date (newest first) * alphabetically No results were found.

  3. DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Authority Order No. 011.01-04 to the Realty Specialist, Office of Engineering and Construction Management Oct 18, 2011 Designation Order 00-01.00A to Susan F. Beard Aug 30, 2012...

  4. DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    search form enables you to find content on the site by specifying one or more search terms. ... Notice Secretarial Memo Text For a simple text search, enter your search term here. ...

  5. DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Lost Password For security reasons, we store your password encrypted, and cannot mail it to you. If you would like to reset your password, fill out the form below and we will send ...

  6. DOE Directives, Delegations, and Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    You must enable cookies before you can log in. Login Name Password * * * NOTICE TO USERS * ... I agree to the conditions of this warning. Log in Forgot your password? If you have ...

  7. Towards an Experimental Testbed Facility for Cyber-Physical Security Research

    SciTech Connect (OSTI)

    Edgar, Thomas W.; Manz, David O.; Carroll, Thomas E.

    2012-01-07

    Cyber-Physical Systems (CPSs) are under great scrutiny due to large Smart Grid investments and recent high profile security vulnerabilities and attacks. Research into improved security technologies, communication models, and emergent behavior is necessary to protect these systems from sophisticated adversaries and new risks posed by the convergence of CPSs with IT equipment. However, cyber-physical security research is limited by the lack of access to universal cyber-physical testbed facilities that permit flexible, high-fidelity experiments. This paper presents a remotely-configurable and community-accessible testbed design that integrates elements from the virtual, simulated, and physical environments. Fusing data between the three environments enables the creation of realistic and scalable environments where new functionality and ideas can be exercised. This novel design will enable the research community to analyze and evaluate the security of current environments and design future, secure, cyber-physical technologies.

  8. CyberShake3.0: Physics-Based Probabilistic Seismic Hazard Analysis...

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    CyberShake3.0: Physics-Based Probabilistic Seismic Hazard Analysis PI Name: Thomas Jordan PI Email: tjordan@usc.edu Institution: University of Southern California Allocation ...

  9. CyberShake 3.0: Physics-based Probabilistic Seismic Hazard Analysis...

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    CyberShake 3.0: Physics-based Probabilistic Seismic Hazard Analysis PI Name: Thomas Jordan ... A team led by Thomas Jordan of the Southern California Earthquake Center (SCEC) at the ...

  10. Collaborative Defense of Transmission and Distribution Protection and Control Devices against Cyber Attacks (CODEF)

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Collaborative Defense of Transmission and Distribution Protection and Control Devices against Cyber Attacks (CODEF) Real-time cybersecurity with power grid devices working together to validate commands and operations Background A cyber attack against a utility's sensor network could pose a risk of energy delivery disruption. For example, an attacker could attempt to maliciously control the operation of switching devices to weaken the state of a power system. Access to the utility network may

  11. Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    U.S. Department of Energy Office of Electricity Delivery and Energy Reliability Enhancing control systems security in the energy sector NSTB September 2006 LESSONS LEARNED FROM CYBER SECURITY ASSESSMENTS OF SCADA AND ENERGY MANAGEMENT SYSTEMS Raymond K. Fink David F. Spencer Rita A. Wells NSTB INL/CON-06-11665 iii ABSTRACT Results from ten cyber security vulnerability assessments of process control, SCADA, and energy management systems, or components of those systems, were reviewed to identify

  12. Cyber Security Audit and Attack Detection Toolkit: National SCADA Test Bed

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    May 2008 | Department of Energy Security Audit and Attack Detection Toolkit: National SCADA Test Bed May 2008 Cyber Security Audit and Attack Detection Toolkit: National SCADA Test Bed May 2008 This project of the cyber security audit and attack detection toolkit is adding control system intelligence to widely deployed enterprise vulnerability scanners and security event managers While many energy utilities employ vulnerability scanners and security event managers (SEM) on their enterprise

  13. Cyber in the Cloud -- Lessons Learned from INL's Cloud E-Mail Acquisition

    SciTech Connect (OSTI)

    Troy Hiltbrand; Daniel Jones

    2012-12-01

    As we look at the cyber security ecosystem, are we planning to fight the battle as we did yesterday, with firewalls and intrusion detection systems (IDS), or are we sensing a change in how security is evolving and planning accordingly? With the technology enablement and possible financial benefits of cloud computing, the traditional tools for establishing and maintaining our cyber security ecosystems are being dramatically altered.

  14. The Federal Energy Regulatory Commission's Unclassified Cyber Security Program - 2011, OAS-M-12-01

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Evaluation Report The Federal Energy Regulatory Commission's Unclassified Cyber Security Program - 2011 OAS-M-12-01 November 2011 Department of Energy Washington, DC 20585 November 15, 2011 MEMORANDUM FOR THE CHAIRMAN, FEDERAL ENERGY REGULATORY COMMISSION FROM: Rickey R. Hass Deputy Inspector General for Audits and Inspections Office of Inspector General SUBJECT: INFORMATION: Evaluation Report on "The Federal Energy Regulatory Commission's Unclassified Cyber Security Program - 2011"

  15. The Federal Energy Regulatory Commission's Unclassified Cyber Security Program … 2013

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Evaluation Report The Federal Energy Regulatory Commission's Unclassified Cyber Security Program - 2013 OAS-M-14-01 October 2013 Department of Energy Washington, DC 20585 October 23, 2013 MEMORANDUM FOR THE EXECUTIVE DIRECTOR, FEDERAL ENERGY REGULATORY COMMISSION FROM: Rickey R. Hass Deputy Inspector General for Audits and Inspections Office of Inspector General SUBJECT: INFORMATION: Evaluation Report on "The Federal Energy Regulatory Commission's Unclassified Cyber Security Program -

  16. DOE-FLEX: DOE's Telework Program

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2011-07-05

    The directive establishes the requirements and responsibilities for the Departments telework program. Canceled by DOE O 314.1.

  17. Quantifying the Impact of Unavailability in Cyber-Physical Environments

    SciTech Connect (OSTI)

    Aissa, Anis Ben; Abercrombie, Robert K; Sheldon, Federick T.; Mili, Ali

    2014-01-01

    The Supervisory Control and Data Acquisition (SCADA) system discussed in this work manages a distributed control network for the Tunisian Electric & Gas Utility. The network is dispersed over a large geographic area that monitors and controls the flow of electricity/gas from both remote and centralized locations. The availability of the SCADA system in this context is critical to ensuring the uninterrupted delivery of energy, including safety, security, continuity of operations and revenue. Such SCADA systems are the backbone of national critical cyber-physical infrastructures. Herein, we propose adapting the Mean Failure Cost (MFC) metric for quantifying the cost of unavailability. This new metric combines the classic availability formulation with MFC. The resulting metric, so-called Econometric Availability (EA), offers a computational basis to evaluate a system in terms of the gain/loss ($/hour of operation) that affects each stakeholder due to unavailability.

  18. Cyber-Security Considerations for the Smart Grid

    SciTech Connect (OSTI)

    Clements, Samuel L.; Kirkham, Harold

    2010-07-26

    The electrical power grid is evolving into the “smart grid”. The goal of the smart grid is to improve efficiency and availability of power by adding more monitoring and control capabilities. These new technologies and mechanisms are certain to introduce vulnerabilities into the power grid. In this paper we provide an overview of the cyber security state of the electrical power grid. We highlight some of the vulnerabilities that already exist in the power grid including limited capacity systems, implicit trust and the lack of authentication. We also address challenges of complexity, scale, added capabilities and the move to multipurpose hardware and software as the power grid is upgraded. These changes create vulnerabilities that did not exist before and bring increased risks. We conclude the paper by showing that there are a number mitigation strategies that can help keep the risk at an acceptable level.

  19. Brookhaven National Laboratory's capabilities for advanced analyses of cyber threats

    SciTech Connect (OSTI)

    DePhillips, M. P.

    2014-01-01

    BNL has several ongoing, mature, and successful programs and areas of core scientific expertise that readily could be modified to address problems facing national security and efforts by the IC related to securing our nation’s computer networks. In supporting these programs, BNL houses an expansive, scalable infrastructure built exclusively for transporting, storing, and analyzing large disparate data-sets. Our ongoing research projects on various infrastructural issues in computer science undoubtedly would be relevant to national security. Furthermore, BNL frequently partners with researchers in academia and industry worldwide to foster unique and innovative ideas for expanding research opportunities and extending our insights. Because the basic science conducted at BNL is unique, such projects have led to advanced techniques, unlike any others, to support our mission of discovery. Many of them are modular techniques, thus making them ideal for abstraction and retrofitting to other uses including those facing national security, specifically the safety of the nation’s cyber space.

  20. Final report : impacts analysis for cyber attack on electric power systems (National SCADA Test Bed FY08).

    SciTech Connect (OSTI)

    Phillips, Laurence R.; Richardson, Bryan T.; Stamp, Jason Edwin; LaViolette, Randall A.

    2009-02-01

    To analyze the risks due to cyber attack against control systems used in the United States electrical infrastructure, new algorithms are needed to determine the possible impacts. This research is studying the Reliability Impact of Cyber ttack (RICA) in a two-pronged approach. First, malevolent cyber actions are analyzed in terms of reduced grid reliability. Second, power system impacts are investigated using an abstraction of the grid's dynamic model. This second year of esearch extends the work done during the first year.

  1. Before the House Subcommittee on Emerging Threats, Cyber Security and Science and Technology Committee on Homeland Security

    Energy.gov [DOE]

    Before the House Subcommittee on Emerging Threats, Cyber Security and Science and Technology Committee on Homeland SecurityBy: Patricia Hoffman, Acting Assistant Secretary for Electricity Delivery...

  2. DOE Responses to DOE Challenge Home (formerly Builders Challenge) National

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Program Requirements Public Comments | Department of Energy Responses to DOE Challenge Home (formerly Builders Challenge) National Program Requirements Public Comments DOE Responses to DOE Challenge Home (formerly Builders Challenge) National Program Requirements Public Comments DOE Responses to DOE Challenge Home (formerly Builders Challenge) National Program Requirements Public Comments, a publication of the U.S. Department of Energy's Office of Energy Efficiency and Renewable Energy.

  3. The Fe-type nitrile hydratase from Comamonas testosteroni Ni1 does not require an activator accessory protein for expression in Escherichia coli

    SciTech Connect (OSTI)

    Kuhn, Misty L.; Martinez, Salette; Gumataotao, Natalie; Bornscheuer, Uwe; Liu, Dali; Holz, Richard C.

    2012-10-10

    We report herein the functional expression of an Fe-type nitrile hydratase (NHase) without the co-expression of an activator protein or the Escherichia coli chaperone proteins GroES/EL. Soluble protein was obtained when the {alpha}- and {beta}-subunit genes of the Fe-type NHase Comamonas testosteroni Ni1 (CtNHase) were synthesized with optimized E. coli codon usage and co-expressed. As a control, the Fe-type NHase from Rhodococcus equi TG328-2 (ReNHase) was expressed with (ReNHase{sup +Act}) and without (ReNHase{sup -Act}) its activator protein, establishing that expression of a fully functional, metallated ReNHase enzyme requires the co-expression of its activator protein, similar to all other Fe-type NHase enzymes reported to date, whereas the CtNHase does not. The X-ray crystal structure of CtNHase was determined to 2.4 {angstrom} resolution revealing an {alpha}{beta} heterodimer, similar to other Fe-type NHase enzymes, except for two important differences. First, two His residues reside in the CtNHase active site that are not observed in other Fe-type NHase enzymes and second, the active site Fe(III) ion resides at the bottom of a wide solvent exposed channel. The solvent exposed active site, along with the two active site histidine residues, are hypothesized to play a role in iron incorporation in the absence of an activator protein.

  4. Notice of Intent to Revise DOE G 414.1-4, Safety Software Guide for Use with 10 CFR 830, Subpart A, Quality Assurance Requirements, and DOE O 414.1C, Quality Assurance

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2013-07-17

    The revision to DOE G 414.1-4 will conform to the revised DOE O 414.1D and incorporate new information and lessons learned since 2005, including information gained as a result of the February 2011, Government Accountability Office (GAO) report, GAO-11-143.

  5. DOE Form

    National Nuclear Security Administration (NNSA)

    /1991) PROJECT: U.S. Department of Energy Requirements Change Notice Baseline List of Required Compliance Documents CONTRACTOR: Babcock & Wilcox Technical Services Y-12, LLC CONTRACT NO.: DE-AC05-000R22800, I.85 , Laws, Regulations, and DOE Directives (December 2000), DEAR 970.5204-2 No.: NNSA-50 Page 1 of 36 Pages LOCATION: Oak Ridge, Tennessee DATE OF CONTRACT: August 31 , 2000 This Requirements Change Notice (RCN) No. NNSA-50 incorporates, into Section J, Attachment E, Contract No.

  6. DOE Form

    National Nuclear Security Administration (NNSA)

    11991) PROJECT: U.S. Department of Energy Requirements Change Notice Baseline List of Required Compliance Documents CONTRACTOR: Babcock & Wilcox Technical Services Y-12, LLC CONTRACT NO. : DE-AC05-000R22800, 1.85, Laws, Regulations, and DOE Directives (December 2 000), DEAR 970.5204-2 COR-NP0-60 ESH-6.6.2013-515290 No.: NNSA-51 Page 1 of 34 Pages LOCATION : Oak Ridge, Tennessee DATE OF CONTRACT: August 31, 2000 This Requirements Change Notice (RCN) No. NNSA-51 incorporates, into Section J,

  7. Contact Us | DOE PAGES

    Office of Scientific and Technical Information (OSTI)

    Contact Us Contact Us DOE PAGES Beta is the central element in the Department of Energy (DOE) Public Access Plan for fulfilling requirements to provide long-term preservation and access to scholarly publications resulting from DOE research. The DOE Office of Scientific and Technical Information (OSTI) is committed to making DOE PAGES Beta as serviceable and easy to use as possible. We will appreciate your assistance as we work to ensure that PAGES Beta serves to help us fulfill our mission of

  8. fy10 | netl.doe.gov

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    0 Archive Fiscal Year 2010 Solicitations POSTED DATE SOLICITATION/ FUNDING OPPORTUNITY ANNOUNCEMENT NUMBER SOLICITATION/FUNDING OPPORTUNITY ANNOUNCEMENT SUBJECT TITLE CLOSING DATE(S) DOE CONTACT 06/30/10 RC-CEDS-2010 Technical Support for Cybersecurity for Energy Delivery Systems 07/30/10 J. Briones 06/25/10 DE-FOA-0000334 Solid-State Lighting U.S. Manufacturing - Round 2 08/18/10 B. Robbins 06/11/10 DE-FOA-0000359 Innovation for Increasing CyberSecurity for Energy Delivery Systems (12CSEDS)

  9. DOE O 231.1B, Environment, Safety and Health Reporting | Department of

    Energy Savers

    National SCADA Test Bed Program Multi-Year Plan DOE National SCADA Test Bed Program Multi-Year Plan This document presents the National SCADA Test Bed Program Multi-Year Plan, a coherent strategy for improving the cyber security of control systems in the energy sector. The NSTB Program is conducted within DOE's Office of Electricity Delivery and Energy Reliability (OE), which leads national efforts to modernize the electric grid, enhance the security and reliability of the energy infrastructure,

  10. Safety Software Guide for Use with 10 CFR 830, Subpart A, Quality Assurance Requirements, and DOE O 414.1C, Quality Assurance

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2013-07-17

    The revision to DOE G 414.1-4 will conform to the revised DOE O 414.1D and incorporate new information and lessons learned since 2005, including information gained as a result of the February 2011, Government Accountability Office (GAO) report, GAO-11-143.

  11. Assessment of current cybersecurity practices in the public domain : cyber indications and warnings domain.

    SciTech Connect (OSTI)

    Hamlet, Jason R.; Keliiaa, Curtis M.

    2010-09-01

    This report assesses current public domain cyber security practices with respect to cyber indications and warnings. It describes cybersecurity industry and government activities, including cybersecurity tools, methods, practices, and international and government-wide initiatives known to be impacting current practice. Of particular note are the U.S. Government's Trusted Internet Connection (TIC) and 'Einstein' programs, which are serving to consolidate the Government's internet access points and to provide some capability to monitor and mitigate cyber attacks. Next, this report catalogs activities undertaken by various industry and government entities. In addition, it assesses the benchmarks of HPC capability and other HPC attributes that may lend themselves to assist in the solution of this problem. This report draws few conclusions, as it is intended to assess current practice in preparation for future work, however, no explicit references to HPC usage for the purpose of analyzing cyber infrastructure in near-real-time were found in the current practice. This report and a related SAND2010-4766 National Cyber Defense High Performance Computing and Analysis: Concepts, Planning and Roadmap report are intended to provoke discussion throughout a broad audience about developing a cohesive HPC centric solution to wide-area cybersecurity problems.

  12. DOE Explosives Safety Manual

    Directives, Delegations, and Requirements [Office of Management (MA)]

    1996-03-29

    This Manual describes DOE's explosives safety requirements applicable to operations involving the development, testing, handling, and processing of explosives or assemblies containing explosives.

  13. Protecting Intelligent Distributed Power Grids against Cyber Attacks

    SciTech Connect (OSTI)

    Dong Wei; Yan Lu; Mohsen Jafari; Paul Skare; Kenneth Rohde

    2010-12-31

    Like other industrial sectors, the electrical power industry is facing challenges involved with the increasing demand for interconnected operations and control. The electrical industry has largely been restructured due to deregulation of the electrical market and the trend of the Smart Grid. This moves new automation systems from being proprietary and closed to the current state of Information Technology (IT) being highly interconnected and open. However, while gaining all of the scale and performance benefits of IT, existing IT security challenges are acquired as well. The power grid automation network has inherent security risks due to the fact that the systems and applications for the power grid were not originally designed for the general IT environment. In this paper, we propose a conceptual layered framework for protecting power grid automation systems against cyber attacks. The following factors are taken into account: (1) integration with existing, legacy systems in a non-intrusive fashion; (2) desirable performance in terms of modularity, scalability, extendibility, and manageability; (3) alignment to the 'Roadmap to Secure Control Systems in the Energy Sector' and the future smart grid. The on-site system test of the developed prototype security system is briefly presented as well.

  14. Materials Informatics for the ICME CyberInfrastructure

    Office of Energy Efficiency and Renewable Energy (EERE)

    2011 DOE Hydrogen and Fuel Cells Program, and Vehicle Technologies Program Annual Merit Review and Peer Evaluation

  15. Cyber Security Indications and Warning System (SV): CRADA 1573.94 Project Accomplishments Summary

    SciTech Connect (OSTI)

    Hu, Tan Chang; Robinson, David G.

    2011-09-08

    As the national focus on cyber security increases, there is an evolving need for a capability to provide for high-speed sensing of events, correlation of events, and decision-making based on the adverse events seen across multiple independent large-scale network environments. The purpose of this Shared Vision project, Cyber Security Indications and Warning System, was to combine both Sandia's and LMC's expertise to discover new solutions to the challenge of protecting our nation's infrastructure assets. The objectives and scope of the proposal was limited to algorithm and High Performance Computing (HPC) model assessment in the unclassified environment within funding and schedule constraints. The interest is the identification, scalability assessment, and applicability of current utilized cyber security algorithms as applied in an HPC environment.

  16. Combining Traditional Cyber Security Audit Data with Psychosocial Data: Towards Predictive Modeling for Insider Threat Mitigation

    SciTech Connect (OSTI)

    Greitzer, Frank L.; Frincke, Deborah A.

    2010-09-01

    The purpose of this chapter is to motivate the combination of traditional cyber security audit data with psychosocial data, so as to move from an insider threat detection stance to one that enables prediction of potential insider presence. Two distinctive aspects of the approach are the objective of predicting or anticipating potential risks and the use of organizational data in addition to cyber data to support the analysis. The chapter describes the challenges of this endeavor and progress in defining a usable set of predictive indicators, developing a framework for integrating the analysis of organizational and cyber security data to yield predictions about possible insider exploits, and developing the knowledge base and reasoning capability of the system. We also outline the types of errors that one expects in a predictive system versus a detection system and discuss how those errors can affect the usefulness of the results.

  17. Radiological Protection for DOE Activities

    Directives, Delegations, and Requirements [Office of Management (MA)]

    1995-09-29

    Establishes radiological protection program requirements that, combined with 10 CFR 835 and its associated implementation guidance, form the basis for a comprehensive program for protection of individuals from the hazards of ionizing radiation in controlled areas. Extended by DOE N 441.3. Cancels DOE 5480.11, DOE 5480.15, DOE N 5400.13, DOE N 5480.11; please note: the DOE radiological control manual (DOE/EH-0256T)

  18. Transmission and Distribution World March 2007: DOE Focuses on Cyber Security

    Office of Energy Efficiency and Renewable Energy (EERE)

    Energy sector owners, operators and system vendors team up to boost control system security with national SCADA test bed. 

  19. A Probabilistic Framework for Quantifying Mixed Uncertainties in Cyber Attacker Payoffs

    SciTech Connect (OSTI)

    Chatterjee, Samrat; Tipireddy, Ramakrishna; Oster, Matthew R.; Halappanavar, Mahantesh

    2015-12-28

    Quantification and propagation of uncertainties in cyber attacker payoffs is a key aspect within multiplayer, stochastic security games. These payoffs may represent penalties or rewards associated with player actions and are subject to various sources of uncertainty, including: (1) cyber-system state, (2) attacker type, (3) choice of player actions, and (4) cyber-system state transitions over time. Past research has primarily focused on representing defender beliefs about attacker payoffs as point utility estimates. More recently, within the physical security domain, attacker payoff uncertainties have been represented as Uniform and Gaussian probability distributions, and mathematical intervals. For cyber-systems, probability distributions may help address statistical (aleatory) uncertainties where the defender may assume inherent variability or randomness in the factors contributing to the attacker payoffs. However, systematic (epistemic) uncertainties may exist, where the defender may not have sufficient knowledge or there is insufficient information about the attackers payoff generation mechanism. Such epistemic uncertainties are more suitably represented as generalizations of probability boxes. This paper explores the mathematical treatment of such mixed payoff uncertainties. A conditional probabilistic reasoning approach is adopted to organize the dependencies between a cyber-systems state, attacker type, player actions, and state transitions. This also enables the application of probabilistic theories to propagate various uncertainties in the attacker payoffs. An example implementation of this probabilistic framework and resulting attacker payoff distributions are discussed. A goal of this paper is also to highlight this uncertainty quantification problem space to the cyber security research community and encourage further advancements in this area.

  20. PSERC Webinar Series: Issues in Designing the Future Grid - Cyber-Physical

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Systems Security for the Smart Grid - February 7, 2012 | Department of Energy Cyber-Physical Systems Security for the Smart Grid - February 7, 2012 PSERC Webinar Series: Issues in Designing the Future Grid - Cyber-Physical Systems Security for the Smart Grid - February 7, 2012 PSERC is offering a free, public webinar series from January to May 2012 entitled "Issues in Designing the Future Grid," focusing on the information hierarchy for the future grid and grid enablers of

  1. Methodology for prioritizing cyber-vulnerable critical infrastructure equipment and mitigation strategies.

    SciTech Connect (OSTI)

    Dawson, Lon Andrew; Stinebaugh, Jennifer A.

    2010-04-01

    The Department of Homeland Security (DHS), National Cyber Security Division (NSCD), Control Systems Security Program (CSSP), contracted Sandia National Laboratories to develop a generic methodology for prioritizing cyber-vulnerable, critical infrastructure assets and the development of mitigation strategies for their loss or compromise. The initial project has been divided into three discrete deliverables: (1) A generic methodology report suitable to all Critical Infrastructure and Key Resource (CIKR) Sectors (this report); (2) a sector-specific report for Electrical Power Distribution; and (3) a sector-specific report for the water sector, including generation, water treatment, and wastewater systems. Specific reports for the water and electric sectors are available from Sandia National Laboratories.

  2. Emulytics for Cyber-Enabled Physical Attack Scenarios: Interim LDRD Report of Year One Results.

    SciTech Connect (OSTI)

    Clem, John; Urias, Vincent; Atkins, William Dee; Symonds, Christopher J.

    2015-12-08

    Sandia National Laboratories has funded the research and development of a new capability to interactively explore the effects of cyber exploits on the performance of physical protection systems. This informal, interim report of progress summarizes the project’s basis and year one (of two) accomplishments. It includes descriptions of confirmed cyber exploits against a representative testbed protection system and details the development of an emulytics capability to support live, virtual, and constructive experiments. This work will support stakeholders to better engineer, operate, and maintain reliable protection systems.

  3. Fact Sheet: Cyber Security Audit and Attack Detection Toolkit

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    ... National SCADA Test Bed Screenshot from NESSUS Vulnerability Scanner Technical Objectives ... DOE National SCADA Test Bed (NSTB) NSTB is a multi-laboratory resource that partners with ...

  4. Secretary Moniz visits the Office of Cyber Assessments | Department...

    Energy.gov (indexed) [DOE]

    of Energy. The team leverages over 300 years of collective expertise while employing core values to produce actionable information for DOE stakeholders. Our adversaries won't...

  5. DOE standard: Radiological control

    SciTech Connect (OSTI)

    Not Available

    1999-07-01

    The Department of Energy (DOE) has developed this Standard to assist line managers in meeting their responsibilities for implementing occupational radiological control programs. DOE has established regulatory requirements for occupational radiation protection in Title 10 of the Code of Federal Regulations, Part 835 (10 CFR 835), ``Occupational Radiation Protection``. Failure to comply with these requirements may lead to appropriate enforcement actions as authorized under the Price Anderson Act Amendments (PAAA). While this Standard does not establish requirements, it does restate, paraphrase, or cite many (but not all) of the requirements of 10 CFR 835 and related documents (e.g., occupational safety and health, hazardous materials transportation, and environmental protection standards). Because of the wide range of activities undertaken by DOE and the varying requirements affecting these activities, DOE does not believe that it would be practical or useful to identify and reproduce the entire range of health and safety requirements in this Standard and therefore has not done so. In all cases, DOE cautions the user to review any underlying regulatory and contractual requirements and the primary guidance documents in their original context to ensure that the site program is adequate to ensure continuing compliance with the applicable requirements. To assist its operating entities in achieving and maintaining compliance with the requirements of 10 CFR 835, DOE has established its primary regulatory guidance in the DOE G 441.1 series of Guides. This Standard supplements the DOE G 441.1 series of Guides and serves as a secondary source of guidance for achieving compliance with 10 CFR 835.

  6. Promulgating Nuclear Safety Requirements

    Directives, Delegations, and Requirements [Office of Management (MA)]

    1996-05-15

    Applies to all Nuclear Safety Requirements Adopted by the Department to Govern the Conduct of its Nuclear Activities. Cancels DOE P 410.1. Canceled by DOE N 251.85.

  7. ARM - Reporting Requirements

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    required to report to the DOE ARM Program Director, to the DOE's Office of Biological and Environmental Research, and to the White House Office of Management and Budget. A primary...

  8. NSF Perspective DOE Composites Workshop

    Energy.gov (indexed) [DOE]

    ... Key Scientific Drivers Affecting Advanced Mfg. Research 7 * Nano - - Improving ... components (including cyber) - Range from nano to micro to macro - Few to billions * ...

  9. Addressing the Challenges of Anomaly Detection for Cyber Physical Energy Grid Systems

    SciTech Connect (OSTI)

    Ferragut, Erik M; Laska, Jason A; Melin, Alexander M; Czejdo, Bogdan

    2013-01-01

    The consolidation of cyber communications networks and physical control systems within the energy smart grid introduces a number of new risks. Unfortunately, these risks are largely unknown and poorly understood, yet include very high impact losses from attack and component failures. One important aspect of risk management is the detection of anomalies and changes. However, anomaly detection within cyber security remains a difficult, open problem, with special challenges in dealing with false alert rates and heterogeneous data. Furthermore, the integration of cyber and physical dynamics is often intractable. And, because of their broad scope, energy grid cyber-physical systems must be analyzed at multiple scales, from individual components, up to network level dynamics. We describe an improved approach to anomaly detection that combines three important aspects. First, system dynamics are modeled using a reduced order model for greater computational tractability. Second, a probabilistic and principled approach to anomaly detection is adopted that allows for regulation of false alerts and comparison of anomalies across heterogeneous data sources. Third, a hierarchy of aggregations are constructed to support interactive and automated analyses of anomalies at multiple scales.

  10. Approaches for scalable modeling and emulation of cyber systems : LDRD final report.

    SciTech Connect (OSTI)

    Mayo, Jackson R.; Minnich, Ronald G.; Armstrong, Robert C.; Rudish, Don W.

    2009-09-01

    The goal of this research was to combine theoretical and computational approaches to better understand the potential emergent behaviors of large-scale cyber systems, such as networks of {approx} 10{sup 6} computers. The scale and sophistication of modern computer software, hardware, and deployed networked systems have significantly exceeded the computational research community's ability to understand, model, and predict current and future behaviors. This predictive understanding, however, is critical to the development of new approaches for proactively designing new systems or enhancing existing systems with robustness to current and future cyber threats, including distributed malware such as botnets. We have developed preliminary theoretical and modeling capabilities that can ultimately answer questions such as: How would we reboot the Internet if it were taken down? Can we change network protocols to make them more secure without disrupting existing Internet connectivity and traffic flow? We have begun to address these issues by developing new capabilities for understanding and modeling Internet systems at scale. Specifically, we have addressed the need for scalable network simulation by carrying out emulations of a network with {approx} 10{sup 6} virtualized operating system instances on a high-performance computing cluster - a 'virtual Internet'. We have also explored mappings between previously studied emergent behaviors of complex systems and their potential cyber counterparts. Our results provide foundational capabilities for further research toward understanding the effects of complexity in cyber systems, to allow anticipating and thwarting hackers.

  11. DOE Directives | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    DOE Directives DOE Directives Directives are the Department of Energy's primary means to communicate and institutionalize directives and policies and to establish requirements, responsibilities, and procedures for Departmental elements and contractors. DOE O 413.3A - Program and Project Management for the Acquisition of Capital Assets DOE G 413.3-1 - Managing Design and Construction Using Systems Engineering for Use with DOE O 413.3A DOE G 413.3-2 - Quality Assurance Guide for Project Management

  12. Feed tank transfer requirements

    SciTech Connect (OSTI)

    Freeman-Pollard, J.R.

    1998-09-16

    This document presents a definition of tank turnover; DOE responsibilities; TWRS DST permitting requirements; TWRS Authorization Basis (AB) requirements; TWRS AP Tank Farm operational requirements; unreviewed safety question (USQ) requirements; records and reporting requirements, and documentation which will require revision in support of transferring a DST in AP Tank Farm to a privatization contractor for use during Phase 1B.

  13. Unreviewed Safety Question Requirements

    Office of Environmental Management (EM)

    DOE G 424.1-1, Implementation Guide for Use in Addressing Unreviewed Safety Question Requirements Performance Objective 1: Contractor Program Documentation 1. The USQ ...

  14. Transuranic Waste Requirements

    Directives, Delegations, and Requirements [Office of Management (MA)]

    1999-07-09

    The guide provides criteria for determining if a waste is to be managed in accordance with DOE M 435.1-1, Chapter III, Transuranic Waste Requirements.

  15. DRAFT - DOE O 227.1A, Independent Oversight Program - DOE Directives,

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Delegations, and Requirements DRAFT - DOE O 227.1A, Independent Oversight Program by Website Administrator The Order prescribes requirements and responsibilities for DOE Independent Oversight Program. DOE O 227.1A, Independent Oversight Program

  16. DOE and Industry Showcase New Control Systems Security Technologies at DistribuTECH

    Energy.gov [DOE]

    Join the Department of Energy and its industry partners as they showcase six new products and technologies designed to secure the nation’s energy infrastructure from cyber attack on Tuesday through Thursday, March 23–25. Visit Booth #231 at the DistribuTECH 2010 Conference & Exhibition in Tampa, FL, to see first-hand demonstrations of several newly commercialized control systems security products—each developed through a unique partnership between DOE and industry leaders in the private sector.

  17. Microsoft Word - SmartGrid - NRC Input to DOE Requestrvjcomments.docx

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Regulatory Commission Input to DOE Request for Information/RFI (Federal Register / Vol. 75, No. 180 / Friday, September 17, 2010/Pages 57006-57011 / Notices) / Smart Grid Implementation Input - NRC Contact: Kenn A. Miller, Office of Nuclear Reactor Regulation, 301-415-3152 Comments relevant to the following two sections of the RFI: "Long Term Issues: Managing a Grid with High Penetration of New Technologies" and "Reliability and Cyber-Security," Page 57010. Nuclear Power

  18. Transportation Infrastructure Requirement Resources | Department...

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Find infrastructure requirement resources below. DOE Resource Alternative Fuels Data Center: Natural Gas Fueling Infrastructure Development. Other Resource National Governors ...

  19. DOE Code

    Office of Scientific and Technical Information (OSTI)

    Toggle Navigation OSTI Home DOE Code Home The Department of Energy (DOE) Office of Scientific and Technical Information (OSTI) is building a new DOE software center. DOE Code is the reimagining of OSTI's current product for the submission of software, the Energy Science and Technology Software Center, or ESTSC. Since DOE Code is still under development, if you need to submit, search, or order software, please visit the ESTSC site for instructions. DOE Code, when launched, will provide a

  20. DOE Explosives Safety Manual

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2006-01-09

    The Manual describes the Departments explosive safety requirements applicable to operations involving the development, testing, handling, and processing of explosives or assemblies containing explosives. Cancels DOE M 440.1-1. Canceled by DOE O 440.1B Chg 1.

  1. DOE/LM-1469

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    DOE/LM-1469

  2. Machine Learning for Power System Disturbance and Cyber-attack Discrimination

    SciTech Connect (OSTI)

    Borges, Raymond Charles; Beaver, Justin M; Buckner, Mark A; Morris, Thomas; Adhikari, Uttam; Pan, Shengyi

    2014-01-01

    Power system disturbances are inherently complex and can be attributed to a wide range of sources, including both natural and man-made events. Currently, the power system operators are heavily relied on to make decisions regarding the causes of experienced disturbances and the appropriate course of action as a response. In the case of cyber-attacks against a power system, human judgment is less certain since there is an overt attempt to disguise the attack and deceive the operators as to the true state of the system. To enable the human decision maker, we explore the viability of machine learning as a means for discriminating types of power system disturbances, and focus specifically on detecting cyber-attacks where deception is a core tenet of the event. We evaluate various machine learning methods as disturbance discriminators and discuss the practical implications for deploying machine learning systems as an enhancement to existing power system architectures.

  3. DOE - Fossil Energy:

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Pass LNG Terminal to any country with which the United States does not have a Free Trade Agreement requiring the national treatment for trade in natural gas and LNG, that has or...

  4. Required Annual Notices

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    A Token Requesting A Token RSA_SecurID_SID800.jpg Step One - Registering with the DOE's Management Information System (MIS) Before you request a DOE Digital Identity, you must register in DOE's Management Information System (MIS). Please note that DOE Federal employees are already registered and do not need to complete this step. They may skip to step two. During the registration process, you will be required to select a DOE sponsor. Your sponsor is the DOE employee who certifies that you have a

  5. Chapter 3: Enabling Modernization of the Electric Power System Technology Assessment | Cyber and Physical Security

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    Cyber and Physical Security Chapter 3: Technology Assessments Introduction As understanding of the threats facing the operation, components, and subsystems of the electric power system is gained, a need has emerged for improvements in grid security and resilience. The focus on resiliency implies that threats will not go away and that some attacks, in addition to natural events, will be carried out successfully. The objective is for the system and associated subsystems to be designed and operated

  6. Modeling and simulation for cyber-physical system security research, development and applications.

    SciTech Connect (OSTI)

    Pollock, Guylaine M.; Atkins, William Dee; Schwartz, Moses Daniel; Chavez, Adrian R.; Urrea, Jorge Mario; Pattengale, Nicholas; McDonald, Michael James; Cassidy, Regis H.; Halbgewachs, Ronald D.; Richardson, Bryan T.; Mulder, John C.

    2010-02-01

    This paper describes a new hybrid modeling and simulation architecture developed at Sandia for understanding and developing protections against and mitigations for cyber threats upon control systems. It first outlines the challenges to PCS security that can be addressed using these technologies. The paper then describes Virtual Control System Environments (VCSE) that use this approach and briefly discusses security research that Sandia has performed using VCSE. It closes with recommendations to the control systems security community for applying this valuable technology.

  7. COLLOQUIUM: Risks of Nuclear Weapons Use in an Era of Proliferation, Cyber

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    Warfare and Terrorism | Princeton Plasma Physics Lab 5, 2014, 4:00pm to 5:30pm Colloquia MGB Auditorium COLLOQUIUM: Risks of Nuclear Weapons Use in an Era of Proliferation, Cyber Warfare and Terrorism Dr. Bruce G. Blair Princeton University The United States and eight other countries that possess nuclear weapons run myriad risks every day -- risks of accidental detonations, of unauthorized launches caused by false warning, of provoking escalation between nuclear forces, and of nuclear

  8. The Federal Energy Regulatory Commission's Unclassified Cyber Security Program - 2012, OAS-L-13-01

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    2 OAS-L-13-01 November 2012 Department of Energy Washington, DC 20585 November 7, 2012 MEMORANDUM FOR THE EXECUTIVE DIRECTOR, FEDERAL ENERGY REGULATORY COMMISSION FROM: Daniel M. Weeber Assistant Inspector General for Audits and Administration Office of Inspector General SUBJECT: INFORMATION: Evaluation Report on "The Federal Energy Regulatory Commission's Unclassified Cyber Security Program - 2012" BACKGROUND The Federal Energy Regulatory Commission (Commission) is an independent

  9. National cyber defense high performance computing and analysis : concepts, planning and roadmap.

    SciTech Connect (OSTI)

    Hamlet, Jason R.; Keliiaa, Curtis M.

    2010-09-01

    There is a national cyber dilemma that threatens the very fabric of government, commercial and private use operations worldwide. Much is written about 'what' the problem is, and though the basis for this paper is an assessment of the problem space, we target the 'how' solution space of the wide-area national information infrastructure through the advancement of science, technology, evaluation and analysis with actionable results intended to produce a more secure national information infrastructure and a comprehensive national cyber defense capability. This cybersecurity High Performance Computing (HPC) analysis concepts, planning and roadmap activity was conducted as an assessment of cybersecurity analysis as a fertile area of research and investment for high value cybersecurity wide-area solutions. This report and a related SAND2010-4765 Assessment of Current Cybersecurity Practices in the Public Domain: Cyber Indications and Warnings Domain report are intended to provoke discussion throughout a broad audience about developing a cohesive HPC centric solution to wide-area cybersecurity problems.

  10. GridStat – Cyber Security and Regional Deployment Project Report

    SciTech Connect (OSTI)

    Clements, Samuel L.

    2009-02-18

    GridStat is a developing communication technology to provide real-time data delivery services to the electric power grid. It is being developed in a collaborative effort between the Electrical Power Engineering and Distributed Computing Science Departments at Washington State University. Improving the cyber security of GridStat was the principle focus of this project. A regional network was established to test GridStat’s cyber security mechanisms in a realistic environment. The network consists of nodes at Pacific Northwest National Laboratory, Idaho National Laboratory, and Washington State University. Idaho National Laboratory (INL) was tasked with performing the security assessment, the results of which detailed a number or easily resolvable and previously unknown issues, as well as a number of difficult and previously known issues. Going forward we recommend additional development prior to commercialization of GridStat. The development plan is structured into three domains: Core Development, Cyber Security and Pilot Projects. Each domain contains a number of phased subtasks that build upon each other to increase the robustness and maturity of GridStat.

  11. A Mathematical Framework for the Analysis of Cyber-Resilient Control Systems

    SciTech Connect (OSTI)

    Melin, Alexander M; Ferragut, Erik M; Laska, Jason A; Fugate, David L; Kisner, Roger

    2013-01-01

    The increasingly recognized vulnerability of industrial control systems to cyber-attacks has inspired a considerable amount of research into techniques for cyber-resilient control systems. The majority of this effort involves the application of well known information security (IT) techniques to control system networks. While these efforts are important to protect the control systems that operate critical infrastructure, they are never perfectly effective. Little research has focused on the design of closed-loop dynamics that are resilient to cyber-attack. The majority of control system protection measures are concerned with how to prevent unauthorized access and protect data integrity. We believe that the ability to analyze how an attacker can effect the closed loop dynamics of a control system configuration once they have access is just as important to the overall security of a control system. To begin to analyze this problem, consistent mathematical definitions of concepts within resilient control need to be established so that a mathematical analysis of the vulnerabilities and resiliencies of a particular control system design methodology and configuration can be made. In this paper, we propose rigorous definitions for state awareness, operational normalcy, and resiliency as they relate to control systems. We will also discuss some mathematical consequences that arise from the proposed definitions. The goal is to begin to develop a mathematical framework and testable conditions for resiliency that can be used to build a sound theoretical foundation for resilient control research.

  12. SuperIdentity: Fusion of Identity across Real and Cyber Domains

    SciTech Connect (OSTI)

    Black, Sue; Creese, Sadie; Guest, Richard; Pike, William A.; Saxby, Steven; Stanton Fraser, Danae; Stevenage, Sarah; Whitty, Monica

    2012-04-23

    Under both benign and malign circumstances, people now manage a spectrum of identities across both real-world and cyber domains. Our belief, however, is that all these instances ultimately track back for an individual to reflect a single 'SuperIdentity'. This paper outlines the assumptions underpinning the SuperIdentity Project, describing the innovative use of data fusion to incorporate novel real-world and cyber cues into a rich framework appropriate for modern identity. The proposed combinatorial model will support a robust identification or authentication decision, with confidence indexed both by the level of trust in data provenance, and the diagnosticity of the identity factors being used. Additionally, the exploration of correlations between factors may underpin the more intelligent use of identity information so that known information may be used to predict previously hidden information. With modern living supporting the 'distribution of identity' across real and cyber domains, and with criminal elements operating in increasingly sophisticated ways in the hinterland between the two, this approach is suggested as a way forwards, and is discussed in terms of its impact on privacy, security, and the detection of threat.

  13. Cyber-Physical Correlations for Infrastructure Resilience: A Game-Theoretic Approach

    SciTech Connect (OSTI)

    Rao, Nageswara S; He, Fei; Ma, Chris Y. T.; Yao, David K. Y.; Zhuang, Jun

    2014-01-01

    In several critical infrastructures, the cyber and physical parts are correlated so that disruptions to one affect the other and hence the whole system. These correlations may be exploited to strategically launch components attacks, and hence must be accounted for ensuring the infrastructure resilience, specified by its survival probability. We characterize the cyber-physical interactions at two levels: (i) the failure correlation function specifies the conditional survival probability of cyber sub-infrastructure given the physical sub-infrastructure as a function of their marginal probabilities, and (ii) the individual survival probabilities of both sub-infrastructures are characterized by first-order differential conditions. We formulate a resilience problem for infrastructures composed of discrete components as a game between the provider and attacker, wherein their utility functions consist of an infrastructure survival probability term and a cost term expressed in terms of the number of components attacked and reinforced. We derive Nash Equilibrium conditions and sensitivity functions that highlight the dependence of infrastructure resilience on the cost term, correlation function and sub-infrastructure survival probabilities. These results generalize earlier ones based on linear failure correlation functions and independent component failures. We apply the results to models of cloud computing infrastructures and energy grids.

  14. General Responsibilities and Requirements

    Directives, Delegations, and Requirements [Office of Management (MA)]

    1999-07-09

    The material presented in this guide provides suggestions and acceptable ways of implementing DOE M 435.1-1 and should not be viewed as additional or mandatory requirements. The objective of the guide is to ensure that responsible individuals understand what is necessary and acceptable for implementing the requirements of DOE M 435.1-1.

  15. Integrated Management Requirements mapping

    SciTech Connect (OSTI)

    Holmes, J.T.; Andrews, N.S.

    1992-06-01

    This document contains five appendices documenting how Sandia implemented the DOE Conduct of Operations (5480.19) and DOE Quality Assurance (5700.6C) orders. It provides a mapping of the Sandia integrated requirements to the specific requirements of each Order and a mapping to Sandia's approved program for implementing the Conduct of Operations Order.

  16. Integrated Management Requirements mapping

    SciTech Connect (OSTI)

    Holmes, J.T.; Andrews, N.S.

    1992-06-01

    This document contains five appendices documenting how Sandia implemented the DOE Conduct of Operations (5480.19) and DOE Quality Assurance (5700.6C) orders. It provides a mapping of the Sandia integrated requirements to the specific requirements of each Order and a mapping to Sandia`s approved program for implementing the Conduct of Operations Order.

  17. Cancellation Justification Memo for DOE - DOE Directives, Delegations,

    U.S. Department of Energy (DOE) all webpages (Extended Search)

    and Requirements DOE by Website Administrator Microsoft Word Document icon CANCELLATIONJM-NonNNSAELEMENTS (1).doc - Microsoft Word Document, 25 KB (25600

  18. DOE Cooperative Research and Development Agreements

    Directives, Delegations, and Requirements [Office of Management (MA)]

    2013-11-06

    The order establishes policy, requirements, and responsibilities for the oversight, management, and administration of Cooperative Research and Development Agreement (CRADA) activities at DOE facilities. Supersedes DOE O 483.1 Admin Chg 1 and DOE M 483.1-1.

  19. Alliance Project: Cyber-Physical Security Unified Access Solution

    Energy.gov (indexed) [DOE]

    in validating credentials. Product validation to FIPS 140-2 Level 2 requirements. ... hardware based on the authentication credentials gathered by the AT and authorized by ...

  20. Management of Los Alamos National Laboratory's Cyber Security...

    Office of Energy Efficiency and Renewable Energy (EERE) (indexed site)

    the Los Alamos National Laboratory (OAS-SR-07-01, November ... management process consistent with Federal requirements. ... used to support office automation and general productivity. ...