5,267 Search Results

CATCH CLI focuses on gathering telemetry data, storing it in the Neo4j database, querying for Mitre ATT&CK patterns, and creating STIX 2.1 reports. Key Components: Analysis Modules: Analyze data to detect attack patterns. GoSTOTS Collection Engines: Collect telemetry data. These tools can be used together or individually. Analysis modules rely on data from specific engines to identify attack patterns. Source Code Organization: Engines: CATCH/catch/cmd/collection Modules: CATCH/catch/cmd/analysis CGUI Overview CATCH Graphical User Interface (CGUI) offers a graphical shell to execute CATCH CLI, allowing easy editing of: Analysis Modules Database configurations Profiles (collection and device settings) Neo4j Overview Neo4j is a graph database using the Cypher query language, storing data in JSON. It seamlessly integrates with STIX 2.1 data for: Data Submission: CATCH Collection Engines Data Querying: Analysis Modules CATCH modifies STIX 2.1 data for Neo4j submission and reverts it back during querying. STIG Overview Structured Threat Intelligence Graph (STIG) is a tool for creating, editing, querying, analyzing, and visualizing threat intelligence using STIX 2.1 and storing data in Neo4j. Usage Tools can be run: Manually (CLI): Refer to CATCH documentation User Interface: Run ./cgui/CGUI or go run ./cgui/ Additional Information Logging System: Detailed in the config documentation Further Documentation: Available for CATCH and CGUI

This document supports the application of Cyber-Informed Engineering (CIE) within the context of Enterprise Risk Management (ERM) to enhance cyber-resilience. It highlights that many critical infrastructure organizations use ERM to manage business risks and emphasizes the importance of evaluating critical systems and assets. The proposed approach can be adopted independently of formal ERM processes and offers a starting point for integrating CIE alongside existing or new ERM practices. Both CIE and ERM are iterative, and their alignment fosters continuous improvement and supports the engineering and operations cultures of an organization.

Grid planning decisions involve weighing risks against benefits. The best decisions will facilitate development of electrical infrastructure that minimizes risk and maximizes benefits. With the rapidly evolving energy landscape, today's planner must discern new loads and demand cycles; embrace the operational complexity of climate risk; revise settled standards; and anticipate and manage the system impacts of distributed energy resource (DER) adoption. Only by managing the combined uncertainty of these dynamic processes can a planner hope to make effective decisions. Our analysis focuses on the management of temporal and locational uncertainty, and particularly on the risks presented to customers by the mismanagement of the factors that are the sources of these uncertainties.

The report, prepared for the U.S. Department of Energy West Valley Demonstration Project office (DOE-WVDP), summarizes the environmental protection program at the WVDP for calendar year (CY) 2023. Monitoring and surveillance of the facilities used by the DOE are conducted to verify protection of public health and safety and the environment. The report is a key component of DOE’s effort to keep the public informed of environmental conditions at the WVDP. The quality assurance protocols applied to the environmental monitoring program ensure the validity and accuracy of the monitoring data. In addition to demonstrating compliance with environmental laws, regulations, and directives, evaluation of data collected in 2023 continued to indicate that WVDP activities pose no threat to public health or safety, or to the environment.

Over the past decades, the global marine energy industry has suffered a number of serious technological and commercial setbacks. To help reduce the risks of industry failures and advance the development of new technologies, the U.S. Department of Energy (DOE) and the National Renewable Energy Laboratory (NREL) developed a Marine Energy Risk Management Framework in 2015, with this revision published in 2024. This risk management framework shall be utilized on all DOE Water Power Technologies Office (WPTO) projects that require system testing in the open water. By addressing uncertainties, the Marine Energy Risk Management Framework increases the likelihood of successful development of marine energy converter technology. It covers projects of any technology readiness level technology performance level (TPL) and all risk types (e.g. technological risk, regulatory risk, commercial risk) over the development cycle. This risk framework is not a substitute for other risk management procedures that may be required for marine operations, such as installations at sea, hoisting and rigging, safe diver operations, and other safety requirements. This risk framework is intended to meet DOE's risk management expectations for marine energy technology research and development efforts from WPTO. It also provides an overview of other relevant risk management tools and documentation.

CalWave has developed a submerged pressure differential type Wave Energy Converter (WEC) architecture called xWave. The single body device oscillates submerged, is positively buoyant, and taut moored to the sea floor and integrates novel features such as absorber submergence depth control. Since participation in the US Wave Energy Prize, CalWave has evolved the design and successfully concluded a scaled 10-month open ocean pilot. CalWave recently concluded the final design phase of a scaled up WEC version for PacWave and started component order/build of the WEC towards the grid-connected demonstration at PacWave. Documentation and data here includes: a system certification plan, a risk registry in the form of an FMECA (Failure Mode, Effects, and Criticality Analysis) table, an updated LCOE content model, a report on performance metrics, and a risk management plan.

Federal minimum safety standards for underground natural gas storage (UNGS) operations in the United States (U.S.) were set by the Pipeline and Hazardous Materials Safety Administration (PHMSA) in the aftermath of the 2015 Aliso Canyon well leakage incident. Beginning in 2017, these standards required operators of U.S. UNGS facilities to publicly report: 1) leakage events that meet established criteria for incidents; 2) annual details of well construction, maintenance, and integrity testing activities; and 3) the occurrence of leading indicators of leakage (i.e., safety-related conditions). We reviewed both PHMSA reports and previously published studies to compile a dataset of 53 well leakage events at UNGS facilities in the U.S. that align with the PHMSA reporting requirements. Casings (55.0%) and wellheads (32.5%) were the most common failed well components identified. Human intervention through incorrect operation or outside force damage was the most common (39.3%) cause of well leakage events. Well leakage events caused by corrosion resulted in significantly greater emissions than those with other causes. UNGS annual reports detailed operations at 406 UNGS facilities with 17,993 wells—14,469 were injection and the remainder monitoring. Of these wells, 11,446 (63.6%) were reported to have a design that is potentially susceptible to a single point of failure, which is more than three times the previous estimate. Additional information about the status and construction of individual wells is needed to confirm the number of operational wells with a single-point-of-failure design. These data would help regulators identify single-point-of-failure wells and ensure the elevated risks associated with them are appropriately mitigated by proposed risk management plans. Statistically significant differences in the characteristics of UNGS facilities that have and have not experienced well leakage events were observed among those operating in depleted hydrocarbon reservoirs. Depleted hydrocarbon UNGS facilities that experienced well leakage events were generally larger, which suggests that focusing regulatory inspections and reviews on these facilities may be justified. The UNGS data reported were not sufficient to build a predictive model that forecasts well leakage events. Modeling efforts were limited by the data reporting format, which requires UNGS operators to aggregate data by facility in their annual reports. Gathering and evaluating information for individual wells at UNGS facilities would be valuable and may provide additional insights into well leakage risks to better inform risk management planning efforts.

The present work is a continuation of the 2020 IEA PVPS Task 12 Human Health Risk Assessment Methods for PV Part 3: Module Disposal Risks. The 2020 report performed a human health risk assessment (HHRA) for disposal of a cadmium telluride (CdTe) PV module in an unlined landfill, focusing solely on risks from cadmium. This study extends the 2020 HHRA on CdTe PV, analyzing eleven constituent elements: Cd, Se, Te, Cu, Si, Cr(III), Mo, Sn, Zn, Ni, and Al. The present HHRA was performed through two methods: utilization of the U.S. Environmental Protection Agency's (USEPA) Delisting Risk Assessment Software (DRAS V.4.0) on eight exposure pathways for cancer risk and non-cancer hazards; and comparison of exposure point concentrations to federal standards for groundwater, surface water, air, and soil exposure pathways. Cancer risks and non-cancer hazards posed by elemental leaching through all evaluated exposure pathways, using both methods, were found to be several orders of magnitude below USEPA health-protective thresholds. Cadmium exhibited both the highest risks and lowest uncertainty considering data availability on chemical content, leachate, and federal screening levels.

As more variable renewable energy sources are added to the grid, the role of hydropower as a reliable baseline and firming resource is growing more critical. However, the U.S hydropower fleet is not fully prepared to face modern issues such as cybersecurity threats. Hydropower accounts for 37% of U.S. utility-scale renewable electricity but is challenged by diverse infrastructure and legacy devices that predate modern security practices. While new cybersecurity solutions cannot simply be added to current hydropower generation and operation technologies, custom cybersecurity assessments can reveal system-specific threats and risk probabilities and identify mitigating enhancements.

The primary goal for this project is the production of a robust, flexible graphical user interface (GUI) to support functionality in the open-source, command-line oriented National Risk Assessment Partnership (NRAP) OpenIAM geologic carbon storage (GCS) scientific simulation tool1. The GUI, called the GCS Risk manager, or GCSRiskman, supports multiple workflows by multiple user types. The vision for GCSRiskman is that it will ultimately fit within a broader system that interacts with high fidelity reservoir simulation tools and has an advanced post-processing interface for visually displaying and interrogating the results. The GUI is constructed using technologies that will allow use of the completed system on the Illinois Rocstar Simverse scientific Software-as-a-Service (SaaS) cloud computing system, which is being constructed on other funding.