skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information
  1. A model for how to disclose physical security vulnerabilities.

    When security vulnerabilities are discovered, it is often unclear how much public disclosure of the vulnerabilities is prudent. This is especially true for physical security vis a vis cyber security. We never want to help the 'bad guys' more than the 'good guys', but if the good guys aren't made aware of the problems, they are unlikely to fix them. This paper presents a unique semi-quantitative tool, called the 'Vulnerability Disclosure Index' (VDI), to help determine how much disclosure of vulnerabilities is warranted and in what forum. The VDI certainly does not represent the final, definitive answer to this complexmore » issue. It does, however, provide a starting point for thinking about some of the factors that must go into making such a decision. Moreover, anyone using the VDI tool can at least claim to have shown some degree of responsibility in contemplating disclosure issues. The purpose of this paper is to provide a tool to help decide if and how security vulnerabilities should be disclosed. This tool, called the Vulnerability Disclosure Index (VDI), is not presented here as the ultimate, authoritative method for dealing with this complex issue. It is offered instead as a first step, and as a vehicle for thinking about and discussing some of the factors that need to be pondered when vulnerability disclosures are being considered.« less
  2. Sticky bomb detection with other implications for vehicle security.

    A 'sticky bomb' is a type of improvised explosive device (IED) placed on a motor vehicle by (for example) a terrorist. The bomb is typically attached with adhesive ('duct') tape, or with magnets. This paper reports some preliminary results for a very rudimentary demonstration of two techniques for detecting the placement of a sticky bomb on a motor vehicle. The two techniques are tire pressure and magnetic measurements. There are other possible security applications for these techniques as well.
  3. Research note : The security of urine drug testing.

    No abstract prepared.
  4. Security in organizations : expanding the frontiers of industrial-organizational psychology.

    No abstract prepared.
  5. Lessons about vulnerability assessments.

    The Vulnerability Assessment Team (VAT) at Los Alamos National Laboratory believes that physical security can only be optimized through the use of effective vulnerability assessments. As a result of conducting vulnerability assessments on hundreds of different security devices and systems in the last few years, we have identified some of the attributes of effective assessments. These, along with our recommendations and observations about vulnerability assessments, are summarized in this paper. While our work has primarily involved physical security (in contrast to, for example, computer, network, or information security), our experiences may have applicability to other types of security as well.
  6. Changing Security Paradigms

  7. Being Vulnerable to the Threat of Confusing Threats with Vulnerabilities

  8. Tamper-indicating seals : practices, problems, and standards

    Tamper-indicating seals have been used by customs officials for over 7,000 years. Today, seals are widely used to help counter theft, smuggling, sabotage, vandalism, terrorism, and espionage. Despite their antiquity and modern widespread use, however, there remains considerable confusion about seals, as well as a lot of misconceptions, wishful thinking, sloppy terminology, and poor practice. The absence of meaningful norms and standards, together with the surprisingly limited amount of research and development (R&D) in the field of tamper detection, has also hindered the effective use of seals. The Vulnerability Assessment Team (VAT) at Los Alamos National Laboratory has intensively studiedmore » tamper-indicating seals for the last 12 years. We have engaged in vulnerability assessments, R&D, consulting, and training for over two dozen United States government agencies and private companies, as well as for the International Atomic Energy Agency (IAEA) and Euratom. The VAT has also analyzed over 200 different types of seals in detail. This paper summarizes some of our conclusions, recommendations, and warnings regarding seals and tamper detection.« less
  9. Think GPS offers high security? Think again.

    The Global Positioning System (GPS) is being increasingly used for a variety of important applications. These include public safety services (police, fire, rescue, and ambulance), marine and aircraft navigation, vehicle theft monitoring, cargo tracking, and critical time synchronization for utility, telecommunications, banking, and computer industries. Civilian GPS signals-the only ones available to business and to most of the federal government-are high-tech, but not high-security. They were never meant for critical or security applications. Unlike the military GPS signals, civilian GPS satellite signals are unencrypted and unauthenticated. This makes it easy for even relatively unsophisticated adversaries to jam or counterfeit them.more » Counterfeiting ('spoofing') of civilian GPS signals is particularly troublesome because it is totally surreptitious, and (as we have demonstrated) surprisingly simple. The U.S. Department of Transportation (DOT) has warned of vulnerabilities and looming problems associated with over-reliance and over-confidence in civilian GPS. Few GPS users appear to be paying attention.« less
  10. Improved Security Via ''Town Crier'' Monitoring

    Waste managers are increasingly expected to provide good security for the hazardous materials they marshal. Good security requires, among other things, effective tamper and intrusion detection. We have developed and demonstrated a new method for tamper and intrusion detection which we call the ''town crier method''. It avoids many of the problems and vulnerabilities associated with traditional approaches, and has significant advantages for hazardous waste transport. We constructed two rudimentary town crier prototype systems, and tested them for monitoring cargo inside a truck. Preliminary results are encouraging.

Search for:
All Records
Creator / Author
"Johnston, R. G."

Refine by:
Resource Type
Publication Date
Creator / Author
Research Organization