Identifying security-related requirements in regulatory documents based on cross-project classification

Security is getting substantial focus in many industries, especially safety-critical ones. When new regulations and standards which can run to hundreds of pages are introduced, it is necessary to identify the requirements in those documents which have an impact on security. Additionally, it is necessary to revisit the requirements of existing systems and identify the security related ones. We investigate the feasibility of using a classifier for security-related requirements trained on requirement specifications available online. We base our investigation on 15 requirement documents, randomly selected and partially pre-labelled, with a total of 3,880 requirements. To validate the model, we run a cross-project prediction on the data where each specification constitutes a group. We also test the model on three different United Nations (UN) regulations from the automotive domain with different magnitudes of security relevance. Our results indicate the feasibility of training a model from a heterogeneous data set including specifications from multiple domains and in different styles. Additionally, we show the ability of such a classifier to identify security requirements in real-life regulations and discuss scenarios in which such a classification becomes useful to practitioners

Medical Cyber-Physical Systems Development: A Forensics-Driven Approach

The synthesis of technology and the medical industry has partly contributed to the increasing interest in Medical Cyber-Physical Systems (MCPS). While these systems provide benefits to patients and professionals, they also introduce new attack vectors for malicious actors (e.g. financially-and/or criminally-motivated actors). A successful breach involving a MCPS can impact patient data and system availability. The complexity and operating requirements of a MCPS complicates digital investigations. Coupling this information with the potentially vast amounts of information that a MCPS produces and/or has access to is generating discussions on, not only, how to compromise these systems but, more importantly, how to investigate these systems. The paper proposes the integration of forensics principles and concepts into the design and development of a MCPS to strengthen an organization's investigative posture. The framework sets the foundation for future research in the refinement of specific solutions for MCPS investigations.Comment: This is the pre-print version of a paper presented at the 2nd International Workshop on Security, Privacy, and Trustworthiness in Medical Cyber-Physical Systems (MedSPT 2017

Keeping America's Food Safe: A Blueprint for Fixing the Food Safety System at the U.S. Department of Health and Human Services

Summarizes Health and Human Services' food safety programs, highlights concerns about current laws and policies, and outlines reform proposals. Suggests creating a Food Safety Administration to coordinate policy, inspection, and enforcement activities

The Critical Challenges from International High-Tech and Computer-Related Crime at the Millennium

The automotive industry stands in front of a great challenge, to decrease its impact on the environment. One important part in succeeding with this is to decrease the structural weight of the body structure and by that the fuel consumption or the required battery power. Carbon fibre composites are by many seen as the only real option when traditional engineering materials are running out of potential for further weight reduction. However, the automotive industry lacks experience working with structural composites and the methods for high volume composite manufacturing are immature. The development of a composite automotive body structure, therefore, needs methods to support and guide the conceptual work to improve the financial and technical results. In this thesis a framework is presented which will provide guidelines for the conceptual phase of the development of an automotive body structure. The framework follows two main paths, one to strive for the ideal material diversity, which also defines an initial partition of the body structure based on the process and material selection. Secondly, a further analysis of the structures are made to evaluate if a more cost and weight efficient solution can be found by a more differential design and by that define the ideal part size. In the case and parameter studies performed, different carbon fibre composite material systems and processes are compared and evaluated. The results show that high performance material system with continuous fibres becomes both more cost and performance effective compared to industrialised discontinuous fibre composites. But also that cycle times, sometimes, are less important than a competitive feedstock cost for a manufacturing process. When further analysing the manufacturing design of the structures it is seen that further partition(s) can become cost effective if the size and complexity is large enough.      QC 20140527</p

Stronger Partnerships for Safer Food: An Agenda for Strengthening State and Local Roles in the Nation's Food Safety System

Examines federal, state, and local agencies' responsibilities, strengths, and weaknesses in ensuring food safety. Recommends systemwide reforms to enhance state and local roles and improve surveillance, outbreak response, and regulation and inspection

A framework for the successful implementation of food traceability systems in China

Implementation of food traceability systems in China faces many challenges due to the scale, diversity and complexity of China’s food supply chains. This study aims to identify critical success factors specific to the implementation of traceability systems in China. Twenty-seven critical success factors were identified in the literature. Interviews with managers at four food enterprises in a pre-study helped identify success criteria and five additional critical success factors. These critical success factors were tested through a survey of managers in eighty-three food companies. This study identifies six dimensions for critical success factors: laws, regulations and standards; government support; consumer knowledge and support; effective management and communication; top management and vendor support; and information and system quality

Safety-Critical Systems and Agile Development: A Mapping Study

In the last decades, agile methods had a huge impact on how software is developed. In many cases, this has led to significant benefits, such as quality and speed of software deliveries to customers. However, safety-critical systems have widely been dismissed from benefiting from agile methods. Products that include safety critical aspects are therefore faced with a situation in which the development of safety-critical parts can significantly limit the potential speed-up through agile methods, for the full product, but also in the non-safety critical parts. For such products, the ability to develop safety-critical software in an agile way will generate a competitive advantage. In order to enable future research in this important area, we present in this paper a mapping of the current state of practice based on {a mixed method approach}. Starting from a workshop with experts from six large Swedish product development companies we develop a lens for our analysis. We then present a systematic mapping study on safety-critical systems and agile development through this lens in order to map potential benefits, challenges, and solution candidates for guiding future research.Comment: Accepted at Euromicro Conf. on Software Engineering and Advanced Applications 2018, Prague, Czech Republi

Interoperability and information sharing

Communication and information sharing are two of the most pressing issues facing the public safety community today. In previous chapters of this volume, authors have made note of the changing public safety landscape as it relates to the need for enhanced information and intelligence sharing among a broad cross-section of organizations. Public safety organizations, particularly law enforcement agencies, have been quick to adopt emerging technologies that have allowed for greater communication and information sharing capacities. While substantial improvements have been made over the decades that enhanced communication and information sharing, many challenges remain in the move to seamlessly integrated communication capacities. The key challenge in the upcoming decades relates to the technical and cultural changes necessary to achieve integrated communication systems. There is no shortage of resources given to increasing the communications capacity of the public safety community, yet serious challenges remain in the degree of interoperability within and across public safety domains. Interoperability has in many ways become the defining issue in the arenas of communications and information sharing. This chapter will provide an overview of critical historical events that placed questions of interoperability and information sharing on the national agenda. The chapter will also provide an overview of national models for information sharing