1,102 research outputs found
The IACS Cybersecurity Certification Framework (ICCF). Lessons from the 2017 study of the state of the art.
The principal goal of this report is to present the experiments of the IACS component Cybersecurity Certification Framework (ICCF) performed in 2017 by the NETs (National Exercise Teams) of several Member States, namely France, Poland and Spain. Based on real life use cases and simulations of ICCF activities, this report documents the current practices of these countries and NET members’ views in relation to IACS products cybersecurity certification. These studies have led to a series of findings that will be useful for the future of the ICCF in the context of the European Cybersecurity Certification Framework. In conclusion, a plan of action is proposed for the 2018-2019 period.JRC.E.2-Technology Innovation in Securit
Technical Report on Deploying a highly secured OpenStack Cloud Infrastructure using BradStack as a Case Study
Cloud computing has emerged as a popular paradigm and an attractive model for
providing a reliable distributed computing model.it is increasing attracting
huge attention both in academic research and industrial initiatives. Cloud
deployments are paramount for institution and organizations of all scales. The
availability of a flexible, free open source cloud platform designed with no
propriety software and the ability of its integration with legacy systems and
third-party applications are fundamental. Open stack is a free and opensource
software released under the terms of Apache license with a fragmented and
distributed architecture making it highly flexible. This project was initiated
and aimed at designing a secured cloud infrastructure called BradStack, which
is built on OpenStack in the Computing Laboratory at the University of
Bradford. In this report, we present and discuss the steps required in
deploying a secured BradStack Multi-node cloud infrastructure and conducting
Penetration testing on OpenStack Services to validate the effectiveness of the
security controls on the BradStack platform. This report serves as a practical
guideline, focusing on security and practical infrastructure related issues. It
also serves as a reference for institutions looking at the possibilities of
implementing a secured cloud solution.Comment: 38 pages, 19 figures
Recommended from our members
Lawrence Livermore National Laboratory Safeguards and Security quarterly progress report to the U.S. Department of Energy. Quarter ending December 31, 1995
The Safeguards Technology Program (STP) is a program in LLNL`s Isotope Sciences Division of the Chemistry and Materials Science Department that develops advanced, nondestructive analysis (NDA) technology for measurement of special nuclear materials. Our work focuses on R&D relating to x- and gamma-ray spectrometry techniques and to the development of computer codes for interpreting the spectral data obtained by these techniques
Use of Service Oriented Architecture for Scada Networks
Supervisory Control and Data Acquisition (SCADA) systems involve the use of distributed processing to operate geographically dispersed endpoint hardware components. They manage the control networks used to monitor and direct large-scale operations such as utilities and transit systems that are essential to national infrastructure. SCADA industrial control networks (ICNs) have long operated in obscurity and been kept isolated largely through strong physical security. Today, Internet technologies are increasingly being utilized to access control networks, giving rise to a growing concern that they are becoming more vulnerable to attack. Like SCADA, distributed processing is also central to cloud computing or, more formally, the Service Oriented Architecture (SOA) computing model. Certain distinctive properties differentiate ICNs from the enterprise networks that cloud computing developments have focused on. The objective of this project is to determine if modern cloud computing technologies can be also applied to improving dated SCADA distributed processing systems. Extensive research was performed regarding control network requirements as compared to those of general enterprise networks. Research was also conducted into the benefits, implementation, and performance of SOA to determine its merits for application to control networks. The conclusion developed is that some aspects of cloud computing might be usefully applied to SCADA systems but that SOA fails to meet ICN requirements in a certain essential areas. The lack of current standards for SOA security presents an unacceptable risk to SCADA systems that manage dangerous equipment or essential services. SOA network performance is also not sufficiently deterministic to suit many real-time hardware control applications. Finally, SOA environments cannot as yet address the regulatory compliance assurance requirements of critical infrastructure SCADA systems
SUTMS - Unified Threat Management Framework for Home Networks
Home networks were initially designed for web browsing and non-business critical applications. As infrastructure improved, internet broadband costs decreased, and home internet usage transferred to e-commerce and business-critical applications. Today’s home computers host personnel identifiable information and financial data and act as a bridge to corporate networks via remote access technologies like VPN. The expansion of remote work and the transition to cloud computing have broadened the attack surface for potential threats. Home networks have become the extension of critical networks and services, hackers can get access to corporate data by compromising devices attacked to broad- band routers. All these challenges depict the importance of home-based Unified Threat Management (UTM) systems. There is a need of unified threat management framework that is developed specifically for home and small networks to address emerging security challenges. In this research, the proposed Smart Unified Threat Management (SUTMS) framework serves as a comprehensive solution for implementing home network security, incorporating firewall, anti-bot, intrusion detection, and anomaly detection engines into a unified system. SUTMS is able to provide 99.99% accuracy with 56.83% memory improvements. IPS stands out as the most resource-intensive UTM service, SUTMS successfully reduces the performance overhead of IDS by integrating it with the flow detection mod- ule. The artifact employs flow analysis to identify network anomalies and categorizes encrypted traffic according to its abnormalities. SUTMS can be scaled by introducing optional functions, i.e., routing and smart logging (utilizing Apriori algorithms). The research also tackles one of the limitations identified by SUTMS through the introduction of a second artifact called Secure Centralized Management System (SCMS). SCMS is a lightweight asset management platform with built-in security intelligence that can seamlessly integrate with a cloud for real-time updates
Risk analysis of LPG tanks at the wildland-urban interface
In areas of wildland-urban interface (WUI), especially residential developments, it is very
common to see liquefied petroleum gas (LPG) tanks, particularly with a higher ratio of
propane, in surface installations serving homes. The most common tanks are between 1 and 5
m3 of capacity, but smaller ones of less than 1 m3 are more frequent. In case of accident,
installations may be subject to fires and explosions, especially in those circumstances where
legal and normative requirements allow very close exposure to flames from vegetable fuel
near LPG tanks.
In this project, it is intended to do a comprehensive diagnosis of the problem, addressing
the compilation of information on real risk scenarios in historical fires. First, a preliminary
presentation of the properties and characteristics of liquefied petroleum gas will be exposed.
Its physical and chemical properties, production methodology, pressure and temperature
diagrams and important considerations will be defined when using this type of substances in a
storage tank of a certain volume.
Next, a review of the situation of the existence of LPG tanks in the urban forest interfaces
will be exposed. In this case, the main accidents caused by problems with the storage of LPG
will be analyzed taking into account the relevance of BLEVE events in this type of incidents. To
do this, the main scenarios that could take place in the event of a fire will be presented.
Next, the existing legislation on the storage of LPG in these environments in some
Mediterranean countries will be studied. In order to develop a comprehensive analysis, the
main safety measures and distances will be considered, as well as the awareness of the
possibility of vegetation material in the vicinity of LPG storage tanks, which is the main
problem that will arise in a possible BLEVE scenario in case of fire. To finalize and facilitate
understanding, a comparative table will be included with the aim of visualizing the main
advantages and legislative deficiencies between the different countries.
Following, the state of the art in terms of modelling LPG accidents at the WUI will be
reviewed. Trying to simulate and predict this type of scenarios, it will see the models normally
chosen to obtain the tolerable values selected and the answers obtained in each case.
Finally, several fire scenarios will be simulated by means of a CFD tool (FDS, Fire Dynamics
Simulator). In these simulations, the wind velocity and the distance of the combustible vegetal
mass to the tank will be controlled in a WUI fire in which there is a tank of fixed dimensions.
The temperature and the heat flow in each of the scenarios will be obtained, and the
differences among the location of the sensors and the characteristics of the scenario will be
analyzed.
As a conclusion, it has been observed that there is a great amount of variables that are
not contemplated by the regulatory organisms and that the existing legislation does not
guarantee the safety of the population in this type of environment. From the simulations
results, variables as temperature should be studied for further characterizations
Distance support in-service engineering for the high energy laser
The U.S. Navy anticipates moving to a shipboard high-energy laser program of record in the fiscal year 2018 and achieving an initial operational capability by 2020. The design of a distance support capability within the high-energy laser system was expected to assist the Navy in reaching this goal. This capstone project explored the current Navy architecture for distance support and applied system engineering methodologies to develop a conceptual distance support framework with application to the high-energy laser system. A model and simulation of distance support functions were developed and used to analyze the feasibility in terms of performance, cost, and risk. Results of this capstone study showed that the implementation of distance support for the high-energy laser system is feasible and would reduce the total ownership cost over the life of the program. Furthermore, the capstone shows that moving toward the team’s recommended distance support framework will address current gaps in the Navy distance support architecture and will provide a methodology tailored to modern enterprise naval systems.http://archive.org/details/distancesupporti1094545248Approved for public release; distribution is unlimited
Supervisory Control System Architecture for Advanced Small Modular Reactors
This technical report was generated as a product of the Supervisory Control for Multi-Modular SMR Plants project within the Instrumentation, Control and Human-Machine Interface technology area under the Advanced Small Modular Reactor (SMR) Research and Development Program of the U.S. Department of Energy. The report documents the definition of strategies, functional elements, and the structural architecture of a supervisory control system for multi-modular advanced SMR (AdvSMR) plants. This research activity advances the state-of-the art by incorporating decision making into the supervisory control system architectural layers through the introduction of a tiered-plant system approach. The report provides a brief history of hierarchical functional architectures and the current state-of-the-art, describes a reference AdvSMR to show the dependencies between systems, presents a hierarchical structure for supervisory control, indicates the importance of understanding trip setpoints, applies a new theoretic approach for comparing architectures, identifies cyber security controls that should be addressed early in system design, and describes ongoing work to develop system requirements and hardware/software configurations
- …