The IACS Cybersecurity Certification Framework (ICCF). Lessons from the 2017 study of the state of the art.

The principal goal of this report is to present the experiments of the IACS component Cybersecurity Certification Framework (ICCF) performed in 2017 by the NETs (National Exercise Teams) of several Member States, namely France, Poland and Spain. Based on real life use cases and simulations of ICCF activities, this report documents the current practices of these countries and NET members’ views in relation to IACS products cybersecurity certification. These studies have led to a series of findings that will be useful for the future of the ICCF in the context of the European Cybersecurity Certification Framework. In conclusion, a plan of action is proposed for the 2018-2019 period.JRC.E.2-Technology Innovation in Securit

Technical Report on Deploying a highly secured OpenStack Cloud Infrastructure using BradStack as a Case Study

Cloud computing has emerged as a popular paradigm and an attractive model for providing a reliable distributed computing model.it is increasing attracting huge attention both in academic research and industrial initiatives. Cloud deployments are paramount for institution and organizations of all scales. The availability of a flexible, free open source cloud platform designed with no propriety software and the ability of its integration with legacy systems and third-party applications are fundamental. Open stack is a free and opensource software released under the terms of Apache license with a fragmented and distributed architecture making it highly flexible. This project was initiated and aimed at designing a secured cloud infrastructure called BradStack, which is built on OpenStack in the Computing Laboratory at the University of Bradford. In this report, we present and discuss the steps required in deploying a secured BradStack Multi-node cloud infrastructure and conducting Penetration testing on OpenStack Services to validate the effectiveness of the security controls on the BradStack platform. This report serves as a practical guideline, focusing on security and practical infrastructure related issues. It also serves as a reference for institutions looking at the possibilities of implementing a secured cloud solution.Comment: 38 pages, 19 figures

Lawrence Livermore National Laboratory Safeguards and Security quarterly progress report to the U.S. Department of Energy. Quarter ending December 31, 1995

The Safeguards Technology Program (STP) is a program in LLNL`s Isotope Sciences Division of the Chemistry and Materials Science Department that develops advanced, nondestructive analysis (NDA) technology for measurement of special nuclear materials. Our work focuses on R&D relating to x- and gamma-ray spectrometry techniques and to the development of computer codes for interpreting the spectral data obtained by these techniques

Use of Service Oriented Architecture for Scada Networks

Supervisory Control and Data Acquisition (SCADA) systems involve the use of distributed processing to operate geographically dispersed endpoint hardware components. They manage the control networks used to monitor and direct large-scale operations such as utilities and transit systems that are essential to national infrastructure. SCADA industrial control networks (ICNs) have long operated in obscurity and been kept isolated largely through strong physical security. Today, Internet technologies are increasingly being utilized to access control networks, giving rise to a growing concern that they are becoming more vulnerable to attack. Like SCADA, distributed processing is also central to cloud computing or, more formally, the Service Oriented Architecture (SOA) computing model. Certain distinctive properties differentiate ICNs from the enterprise networks that cloud computing developments have focused on. The objective of this project is to determine if modern cloud computing technologies can be also applied to improving dated SCADA distributed processing systems. Extensive research was performed regarding control network requirements as compared to those of general enterprise networks. Research was also conducted into the benefits, implementation, and performance of SOA to determine its merits for application to control networks. The conclusion developed is that some aspects of cloud computing might be usefully applied to SCADA systems but that SOA fails to meet ICN requirements in a certain essential areas. The lack of current standards for SOA security presents an unacceptable risk to SCADA systems that manage dangerous equipment or essential services. SOA network performance is also not sufficiently deterministic to suit many real-time hardware control applications. Finally, SOA environments cannot as yet address the regulatory compliance assurance requirements of critical infrastructure SCADA systems

SUTMS - Unified Threat Management Framework for Home Networks

Home networks were initially designed for web browsing and non-business critical applications. As infrastructure improved, internet broadband costs decreased, and home internet usage transferred to e-commerce and business-critical applications. Today’s home computers host personnel identifiable information and financial data and act as a bridge to corporate networks via remote access technologies like VPN. The expansion of remote work and the transition to cloud computing have broadened the attack surface for potential threats. Home networks have become the extension of critical networks and services, hackers can get access to corporate data by compromising devices attacked to broad- band routers. All these challenges depict the importance of home-based Unified Threat Management (UTM) systems. There is a need of unified threat management framework that is developed specifically for home and small networks to address emerging security challenges. In this research, the proposed Smart Unified Threat Management (SUTMS) framework serves as a comprehensive solution for implementing home network security, incorporating firewall, anti-bot, intrusion detection, and anomaly detection engines into a unified system. SUTMS is able to provide 99.99% accuracy with 56.83% memory improvements. IPS stands out as the most resource-intensive UTM service, SUTMS successfully reduces the performance overhead of IDS by integrating it with the flow detection mod- ule. The artifact employs flow analysis to identify network anomalies and categorizes encrypted traffic according to its abnormalities. SUTMS can be scaled by introducing optional functions, i.e., routing and smart logging (utilizing Apriori algorithms). The research also tackles one of the limitations identified by SUTMS through the introduction of a second artifact called Secure Centralized Management System (SCMS). SCMS is a lightweight asset management platform with built-in security intelligence that can seamlessly integrate with a cloud for real-time updates

Risk analysis of LPG tanks at the wildland-urban interface

In areas of wildland-urban interface (WUI), especially residential developments, it is very common to see liquefied petroleum gas (LPG) tanks, particularly with a higher ratio of propane, in surface installations serving homes. The most common tanks are between 1 and 5 m3 of capacity, but smaller ones of less than 1 m3 are more frequent. In case of accident, installations may be subject to fires and explosions, especially in those circumstances where legal and normative requirements allow very close exposure to flames from vegetable fuel near LPG tanks. In this project, it is intended to do a comprehensive diagnosis of the problem, addressing the compilation of information on real risk scenarios in historical fires. First, a preliminary presentation of the properties and characteristics of liquefied petroleum gas will be exposed. Its physical and chemical properties, production methodology, pressure and temperature diagrams and important considerations will be defined when using this type of substances in a storage tank of a certain volume. Next, a review of the situation of the existence of LPG tanks in the urban forest interfaces will be exposed. In this case, the main accidents caused by problems with the storage of LPG will be analyzed taking into account the relevance of BLEVE events in this type of incidents. To do this, the main scenarios that could take place in the event of a fire will be presented. Next, the existing legislation on the storage of LPG in these environments in some Mediterranean countries will be studied. In order to develop a comprehensive analysis, the main safety measures and distances will be considered, as well as the awareness of the possibility of vegetation material in the vicinity of LPG storage tanks, which is the main problem that will arise in a possible BLEVE scenario in case of fire. To finalize and facilitate understanding, a comparative table will be included with the aim of visualizing the main advantages and legislative deficiencies between the different countries. Following, the state of the art in terms of modelling LPG accidents at the WUI will be reviewed. Trying to simulate and predict this type of scenarios, it will see the models normally chosen to obtain the tolerable values selected and the answers obtained in each case. Finally, several fire scenarios will be simulated by means of a CFD tool (FDS, Fire Dynamics Simulator). In these simulations, the wind velocity and the distance of the combustible vegetal mass to the tank will be controlled in a WUI fire in which there is a tank of fixed dimensions. The temperature and the heat flow in each of the scenarios will be obtained, and the differences among the location of the sensors and the characteristics of the scenario will be analyzed. As a conclusion, it has been observed that there is a great amount of variables that are not contemplated by the regulatory organisms and that the existing legislation does not guarantee the safety of the population in this type of environment. From the simulations results, variables as temperature should be studied for further characterizations

Distance support in-service engineering for the high energy laser

The U.S. Navy anticipates moving to a shipboard high-energy laser program of record in the fiscal year 2018 and achieving an initial operational capability by 2020. The design of a distance support capability within the high-energy laser system was expected to assist the Navy in reaching this goal. This capstone project explored the current Navy architecture for distance support and applied system engineering methodologies to develop a conceptual distance support framework with application to the high-energy laser system. A model and simulation of distance support functions were developed and used to analyze the feasibility in terms of performance, cost, and risk. Results of this capstone study showed that the implementation of distance support for the high-energy laser system is feasible and would reduce the total ownership cost over the life of the program. Furthermore, the capstone shows that moving toward the team’s recommended distance support framework will address current gaps in the Navy distance support architecture and will provide a methodology tailored to modern enterprise naval systems.http://archive.org/details/distancesupporti1094545248Approved for public release; distribution is unlimited

Supervisory Control System Architecture for Advanced Small Modular Reactors

This technical report was generated as a product of the Supervisory Control for Multi-Modular SMR Plants project within the Instrumentation, Control and Human-Machine Interface technology area under the Advanced Small Modular Reactor (SMR) Research and Development Program of the U.S. Department of Energy. The report documents the definition of strategies, functional elements, and the structural architecture of a supervisory control system for multi-modular advanced SMR (AdvSMR) plants. This research activity advances the state-of-the art by incorporating decision making into the supervisory control system architectural layers through the introduction of a tiered-plant system approach. The report provides a brief history of hierarchical functional architectures and the current state-of-the-art, describes a reference AdvSMR to show the dependencies between systems, presents a hierarchical structure for supervisory control, indicates the importance of understanding trip setpoints, applies a new theoretic approach for comparing architectures, identifies cyber security controls that should be addressed early in system design, and describes ongoing work to develop system requirements and hardware/software configurations