ECHO Information sharing models

As part of the ECHO project, the Early Warning System (EWS) is one of four technologies under development. The E-EWS will provide the capability to share information to provide up to date information to all constituents involved in the E-EWS. The development of the E-EWS will be rooted in a comprehensive review of information sharing and trust models from within the cyber domain as well as models from other domains

CISE as a Tool for Sharing Sensitive Cyber Information in Maritime Domain

The ECHO project aims at organizing and coordinating an approach to strengthen proactive cyber security in the European Union through effective and efficient multi-sector collaboration. One important tool for this aim is the ECHO Early Warning System (E-EWS). The development of the E-EWS will be rooted in a comprehensive review of information sharing and trust models from within the cyber domain, as well as models from other domains. In 2009, the Commission adopted a Communication Towards the integration of maritime surveillance in the EU: “A common information sharing environment for the EU maritime domain (CISE),” setting out guiding principles towards its establishment. The aim of the COM(2010)584 final was to generate a situational awareness of activities at sea and impact overall maritime safety and security. As a outcome of COM(2010)584 final, the EUCISE2020 project has developed a test-bed for maritime information sharing. This case study analyses information sharing models in the maritime domain, the EUCISE2020 test bed and the CISE itself as an alternative for cyber information sharing system. The maritime sector represents a suitable research case because it is already digitized in many aspects

WTEC panel report on European nuclear instrumentation and controls

Control and instrumentation systems might be called the 'brain' and 'senses' of a nuclear power plant. As such they become the key elements in the integrated operation of these plants. Recent developments in digital equipment have allowed a dramatic change in the design of these instrument and control (I&C) systems. New designs are evolving with cathode ray tube (CRT)-based control rooms, more automation, and better logical information for the human operators. As these new advanced systems are developed, various decisions must be made about the degree of automation and the human-to-machine interface. Different stages of the development of control automation and of advanced digital systems can be found in various countries. The purpose of this technology assessment is to make a comparative evaluation of the control and instrumentation systems that are being used for commercial nuclear power plants in Europe and the United States. This study is limited to pressurized water reactors (PWR's). Part of the evaluation includes comparisons with a previous similar study assessing Japanese technology

The War on Cyberterror: Why Australia Should Examine the U.S. Approach to Critical Infrastructure Protection

As the global community focuses on detecting and fighting terrorism, defense strategists have identified the vulnerability of certain cybersystems. Traditional methods of defense and warfare, however, often do not apply to new technologies. Thus the cybercommunity is developing new standards for protecting computer resources against terrorist attack. From the perspective of national governments, much attention has been paid to the importance of secure critical infrastructure. This category of computer-dependent resources includes sectors vital to the smooth and orderly operation of public society, such as transportation, communications, and food production. These sectors are becoming increasingly dependent on computers to function, and the majority of critical infrastructure is owned by the private sector. This relationship between the public\u27s interest in critical infrastructure and the interests of the private sector raises questions about how to balance the public and private interests in a cyberterror protection plan. While governments have an interest in ensuring the security of critical infrastructure, they are reluctant to directly regulate privately-owned businesses. Since the late 1990s, the United States has been developing methods to secure infrastructure through public-private information-sharing partnerships, and has successfully taken steps to respect corporate privacy in the process. Conversely, Australia is in the early stages of developing a national strategy for critical infrastructure protection, and the government has faced corporate resistance to developing an information-sharing security network. In comparing the cybersecurity situation in Australia to that in the United States, the Australian government should follow many of the steps that have made the U.S. process such a success to date. In particular, it should adopt similar corporate privacy protection policies for information shared with the government for critical infrastructure protection purposes, and should emphasize the development of public-private co-regulation of critical infrastructure. While the United States has not yet reached complete cybersecurity, its extra years of experience should inform the development of Australian policymaking

Evaluation of the 2015 DoD Cyber Strategy: Mild Progress in a Complex and Dynamic Military Domain

In 2011, the Department of Defense (DoD) released its Strategy for Operating in Cyberspace, which officially recognized cyberspace as an operational domain akin to the traditional military domains of land, sea, air, and space. This monograph examines the 2015 DoD Cyber Strategy to evaluate how well its five strategic goals and associated implementation objectives define an actionable strategy to achieve three primary missions in cyberspace: defend the DoD network, defend the United States and its interests, and develop cyber capabilities to support military operations. This monograph focuses on events and documents from the period of about 1 year before and 1 year after the 2015 strategy was released. This allows sufficient time to examine the key policies and guidance that influenced the development of the strategy as well as follow-on activities for the impacts from the strategy. This inquiry has five major sections that utilize different frameworks of analysis to assess the strategy: 1. Prima Facie Analysis: What is its stated purpose and key messages? 2. Historical Context Analysis: What unique contributions does it introduce into the evolution of national security cyberspace activities? 3. Traditional Strategy Analysis: Does it properly address specific DoD needs as well as broader U.S. ends in a way that is appropriate and actionable? 4. Analysis of Subsequent DoD Action: How are major military cyberspace components—joint and Service—planning to implement these goals and objectives? 5. Whole of U.S. Government Analysis: Does it integrate with the cyberspace-related activities of other U.S. Government departments and agencies? The monograph concludes with a section that integrates the individual section findings and offers recommendations to improve future cyberspace strategic planning documents.https://press.armywarcollege.edu/monographs/1401/thumbnail.jp

Ubiquitous Healthcare Information System: Toward Crossing the Security Chasm

Ubiquitous healthcare information system is increasingly seen as a viable option for reducing the inherent time lag and inaccuracies in the traditional model of healthcare and promoting the delivery and practice of evidence-based healthcare―as and when needed―without any location and time constraints. Although promising, the realization of ubiquitous healthcare information system brings several threats and risks rooted in real-time collection, analysis, storage, transmission, and access of critical medical data. In this research, we address information security concerns pertaining to the paradigm of ubiquitous healthcare information system. To accomplish this we use National Institute for Standards and Technology’s (NIST’s) system development lifecycle model (SDLC) as the underlying framework to explore the current state of ubiquitous healthcare from the perspective of security. We then leverage the model to propose future research directions in this area. By implementing the NIST’s SDLC model in such a manner, we offer a different dynamic of healthcare security that has not been addressed in literature before

Information Sharing for Homeland Security: A Brief Overview

This report reviews some of the principal existing homeland security information sharing arrangements, as well as some projected arrangements in this regard, and discusses related policy, evaluations, and proposed legislation

Critical Infrastructure Protection: Challenges for Selected Agencies and Industry Sectors

A letter report issued by the General Accounting Office with an abstract that begins "The explosive growth of computer interconnectivity is transforming the workings of our nation, its government, and its critical infrastructures. But with the enormous benefits of this interconnectivity comes a threat: both physical and cyber assets are potentially vulnerable to computer-based attack. In response, Presidential Decision Directive 63 (PDD 63, May 1998) called for a range of actions to improve the nation's ability to detect and respond to serious infrastructure attacks. For specific agencies under the Committee on Energy and Commerce's jurisdiction and for private-sector organizations for which these agencies have responsibilities, GAO was asked, among other things, to assess their progress and challenges in undertaking critical infrastructure protection (CIP) activities.

Evaluation of the MSAG/IPSTC train-the-trainer project in physical security and stockpile management

There are still large deficiencies in small arms and light weapons (SALW) and conventional ammunition (CA) storage and management in the Great Lakes Region, the Horn of Africa and bordering states. Particularly state capacities to plan and implement physical security and stockpile management (PSSM) interventions remain limited. Addressing these capacity shortfalls, the Multinational Small Arms and Ammunition Group (MSAG, with Germany as the lead nation), in collaboration with the International Peace Support Training Centre (IPSTC) in Nairobi, has implemented a PSSM train-the-trainer project since 2014. This report provides an overview of the project’s achievements and challenges, and gives recommendations on the way forward to enhance PSSM capacity in the region. The information provided is mostly drawn from interviews with training participants