21,668 Search Results

As a potential source of low-carbon transportation energy, biofuels offer certain advantages over vehicle electrification (e.g., lower societal vulnerability to grid failures, and improved range of sustainable aviation), but also several challenges, including cost, carbon intensity, and land usage. There are also well-founded concerns that biofuel supply chains could be disrupted if extreme weather events impact feedstock yields. In this paper, we explore the use of multi-objective optimization to identify biofuel production pathways that balance cost, greenhouse gas emissions, and supply vulnerability to extreme weather. We compare the use of three different many-objective evolutionary algorithms and linear programming in optimizing biomass cultivation decisions in the U.S. Corn Belt under weather uncertainty using historical, modeled, and synthetic yield data. We consider four feedstock choices (corn, soy, switchgrass, and algae) with two land types (agricultural and marginal lands) and evaluate decisions using three alternative spatial resolutions (ranging from the USDA agricultural district level to the state level). Results show that feedstock choice is the primary driver of objective performance (i.e., the position and shape of 3D, approximate Pareto frontiers). Spatial diversification is a less effective tool in reducing exposure to weather-caused drops in crop yield.

The increasing number of air travelers each year presents a challenge as many airports are near their capacity in terms of resources and space for passenger screening. Fortunately, advancements in technologies like next-generation millimeter wave scanning offer solutions to ease this strain. The focus remains on managing risk while enhancing the passenger experience for the traveling public. The risk model presented in this paper known as the Aviation Security Screening Optimizer for Risk and Throughput (ASSORT) is designed to assess risk-based approaches for passenger screening and checkpoint operations. Additionally, ASSORT is exploring various traveler categories — general, trusted, and trusted-plus — along with different checkpoint screening Concept of Operations tailored to each traveler type. For instance, travelers with a higher trust level may experience fewer screening technologies, resulting in quicker processing times at the checkpoint. The output of ASSORT provides a risk score for predefined threat scenarios, as well as the overall risk to the checkpoint, aircraft, and airport by traveler type. In conclusion, benefits of using this tool include assessing the trade-offs between the overall risk associated with checkpoints and the throughput rate of passengers screened. We show for example the impact that different passenger volumes at the checkpoint can have on risk.

This study proposes a framework for evaluating cloud computing deployment in the electric sector, focusing on the digital transition of energy systems. It assesses the implications of cloud technology adoption, particularly in terms of security, operational resilience, and efficiency. The paper introduces a framework for consequence-driven applied risk analysis, enabling utilities to prioritize and mitigate potential threats effectively, and responsibly deploy cloud applications. It also discusses the shared responsibility model in cloud computing, highlighting the need for collaborative security efforts. The research aims to provide utilities with a strategic assessment tool for cloud adoption, emphasizing the importance of security culture in enhancing cloud computing's role in critical infrastructure.

CATCH CLI focuses on gathering telemetry data, storing it in the Neo4j database, querying for Mitre ATT&CK patterns, and creating STIX 2.1 reports. Key Components: Analysis Modules: Analyze data to detect attack patterns. GoSTOTS Collection Engines: Collect telemetry data. These tools can be used together or individually. Analysis modules rely on data from specific engines to identify attack patterns. Source Code Organization: Engines: CATCH/catch/cmd/collection Modules: CATCH/catch/cmd/analysis CGUI Overview CATCH Graphical User Interface (CGUI) offers a graphical shell to execute CATCH CLI, allowing easy editing of: Analysis Modules Database configurations Profiles (collection and device settings) Neo4j Overview Neo4j is a graph database using the Cypher query language, storing data in JSON. It seamlessly integrates with STIX 2.1 data for: Data Submission: CATCH Collection Engines Data Querying: Analysis Modules CATCH modifies STIX 2.1 data for Neo4j submission and reverts it back during querying. STIG Overview Structured Threat Intelligence Graph (STIG) is a tool for creating, editing, querying, analyzing, and visualizing threat intelligence using STIX 2.1 and storing data in Neo4j. Usage Tools can be run: Manually (CLI): Refer to CATCH documentation User Interface: Run ./cgui/CGUI or go run ./cgui/ Additional Information Logging System: Detailed in the config documentation Further Documentation: Available for CATCH and CGUI

Climate change is intensifying the frequency and severity of extreme events, posing challenges to food security. Corn, a staple crop for billions, is particularly vulnerable to heat stress, a primary driver of yield variability. While many studies have examined climate impact on average corn yields, little attention has been given to the climate impact on production volatility. This study investigates the future volatility and risks associated with global corn supply under climate change, evaluating the potential benefits of two key adaptation strategies: irrigation and market integration. A statistical model is employed to estimate corn yield response to heat stress and utilize NEX-GDDP-CMIP6 climate data to project future production volatility and risks of substantial yield losses. Three metrics are introduced to quantify these risks: Sigma (σ), the standard deviation of year-on-year yield change, which reflects overall yield volatility; Rho (ρ), the risk of substantial loss, defined as the probability of yield falling below a critical threshold; and Beta (β), a relative risk coefficient that captures the volatility of a region's corn production compared to the globally integrated market. The analysis reveals a concerning trend of increasing year-on-year yield volatility (σ) across most regions and climate models. This volatility increase is significant for key corn-producing regions like Brazil and the United States. While irrigated corn production exhibits a smaller rise in volatility, suggesting irrigation as a potential buffer against climate change impacts, it is not a sustainable option as it can cause groundwater depletion. On the other hand, global market integration reduces overall volatility and market risks significantly with less sustainability concerns. Furthermore, these findings highlight the importance of a multidimensional approach to adaptation in the food sector. While irrigation can benefit individual farmers, promoting global market integration offers a broader solution for fostering resilience and sustainability across the entire food system.

The 2023 National Cybersecurity Strategy has recommended a transition to secure-by-design methodologies in critical infrastructure. This paper presents the adoption of the National Cyber-Informed Engineering (CIE) Strategy as initiated by the U.S. DOE’s CESER office, advocating for the integration of cybersecurity at the earliest stages of system design. The strategy targets design engineers responsible for energy infrastructure to embed CIE principles within the engineering lifecycle, thus enhancing cyber resilience. This paper discusses the expansion of secure-by-design concepts to cyber-physical systems, moving beyond traditional IT security to include engineering considerations that can mitigate cyber risks through design choices. The paper introduces Digital Risk Management, balancing traditional cybersecurity with CIE to reduce both likelihood and impact of cyber threats. A set of CIE starter questions derived from 12 core principles is detailed, aiding engineers to consider cybersecurity in their designs and highlights the importance of CIE in anticipating and reducing the impacts of cyber attacks, suggesting that such integration is essential for national security and infrastructure resilience.

This project investigated risks involved in deploying a large-scale hydrogen storage system at the Port of Seattle (hereafter, the Port) for its on-terminal and maritime applications in an urban industrial setting. Alongside, the project attempted to address some of the barriers to risk assessment such as need for an exact system design for a systematic investigation, direct access to surrounding communities to gauge their perceptions, and an integrated software required to undertake a full-fledged risk assessment. These barriers were overcome using illustrative reference station designs, engaging with community-facing agencies through Port support, and pooling national laboratory capabilities available for risk assessments. The project identified relevant public safety risk metrics, compared various hydrogen carriers, engaged with community-facing agencies, and explored potential gaps in existing safety codes and standards. The primary impacts of this project include the development of risk assessment guidance for ports and utilities, informing them of the trade-offs in the choice of hydrogen carriers, and the ability to increase public capacity for dialog and engagement. This paves the way toward decarbonization of the Port activities, bringing about awareness around jobs in the market for risk assessments, and the need to ramp up community engagement long before any hydrogen system deployment is undertaken.

The Cybersecurity Value-at-Risk Framework is a tool that can be used by hydropower plant manager to make more educated cybersecurity investments. Users can take a self guided assessment allowing the tools to generate risk, impact and cybersecurity scores and be given risk-based recommendations to enhance decision-making.

Hydrogen storage systems may become more widely deployed throughout the country, and so it is possible that individual and interconnected systems will be exposed to cyber-attacks. These events can cause physical and financial harm to employees, people in the vicinity of the facility, and the company that owns the facility. The two main ways bad actors may access information or control from a hydrogen storage facility are through information technology and operations technology devices, the former of which refers to data and information from networked devices and the latter of which refers to onsite controls for the physical system. Both types of entryways into the system should be considered when companies conduct cyber risk assessments and when regulators develop or revise relevant codes and standards. This report analyzes cybersecurity risks associated with a generic hydrogen storage system by outlining the system's purpose and the importance of its cybersecurity. The hydrogen storage system architecture and communication protocols are provided to understand potential cyber vulnerabilities. Later, an event tree analysis is performed on hydrogen operation to identify system weaknesses by outlining potential attack scenarios. This report also identifies critical cyber assets related to different hydrogen operations followed by an examination of potential threats, and the impact of cyber assets on those operational assets.

This whitepaper provides strategic insights and recommendations into security cloud-based solutions for electric utilities, encompassing operational technology (OT), virtual power plants (VPP), distributed energy resources (DERs), applications, networks, and data storage as they transition to and leverage cloud infrastructure through managed service providers (MSPs) and cloud service providers (CSPs). Principles derived from established frameworks serve as a foundation for best practices across cybersecurity projects and remove the constraints of settling on a single framework. For organizations that prefer not to integrate a specific framework altogether, elements of the proposed approach could be adopted or tailored to best fit defined requirements and expected functionalities. The Cirrus assessment, a utility cloud feasibility tool, and the roadmap it provides serve as a precursor to this paper, which seeks to be a valuable resource for defining next steps following cloud technology integration feasibility appraisal. With its comprehensive approach to adoption, the Cirrus framework offers strategic guidance on responsibly preparing for or deploying a utility cloud solution. The previously published whitepaper, “Use Case-Informed Framework for Utility Cloud Migration,” details the guiding strategy, research, and deployment of cloud solutions within electric and interconnected grid systems. Before implementing the controls suggested in this document, it is recommended that stakeholders complete Cirrus's cloud integration assessment and pair the results with their unique cybersecurity controls to form a comprehensive cloud-based utility cybersecurity plan. The Cirrus outcome will consider a series of future architectures for the grid before and after the energy transition and evaluate the arguments for and against cloud applications for each electric and interconnected grid layer. This document is a companion to the original whitepaper, "Use Case-Informed Framework for Utility Cloud Migration" to further identify and recommend security controls based on Cirrus’s cloud integration assessment output. The following whitepaper outlines the cybersecurity controls that secure cloud-service models pertinent to the electric sector using the predefined categories identify, protect, detect, and respond and recover. The objective is to outline prescriptive security controls based on the type of architecture and data stored in the cloud. The focus includes dissecting the shared responsibility model and elucidating what on-premises Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) entail. A pivotal consideration in this context is allocating responsibility for foundational cybersecurity aspects—having used Cirrus for the cloud integration assessment. The ensuing controls detailed herein also represent a checklist of controls necessary for a secure cloud transition, equipping utilities with the knowledge to navigate this digital transformation with confidence and strategic foresight in a safe and responsible manner.