Collaborative, Trust-Based Security Mechanisms for a National Utility Intranet

This thesis investigates security mechanisms for utility control and protection networks using IP-based protocol interaction. It proposes flexible, cost-effective solutions in strategic locations to protect transitioning legacy and full IP-standards architectures. It also demonstrates how operational signatures can be defined to enact organizationally-unique standard operating procedures for zero failure in environments with varying levels of uncertainty and trust. The research evaluates layering encryption, authentication, traffic filtering, content checks, and event correlation mechanisms over time-critical primary and backup control/protection signaling to prevent disruption by internal and external malicious activity or errors. Finally, it shows how a regional/national implementation can protect private communities of interest and foster a mix of both centralized and distributed emergency prediction, mitigation, detection, and response with secure, automatic peer-to-peer notifications that share situational awareness across control, transmission, and reliability boundaries and prevent wide-spread, catastrophic power outages

The InfoSec Handbook

Computer scienc

A study of the applicability of software-defined networking in industrial networks

173 p.Las redes industriales interconectan sensores y actuadores para llevar a cabo funciones de monitorización, control y protección en diferentes entornos, tales como sistemas de transporte o sistemas de automatización industrial. Estos sistemas ciberfísicos generalmente están soportados por múltiples redes de datos, ya sean cableadas o inalámbricas, a las cuales demandan nuevas prestaciones, de forma que el control y gestión de tales redes deben estar acoplados a las condiciones del propio sistema industrial. De este modo, aparecen requisitos relacionados con la flexibilidad, mantenibilidad y adaptabilidad, al mismo tiempo que las restricciones de calidad de servicio no se vean afectadas. Sin embargo, las estrategias de control de red tradicionales generalmente no se adaptan eficientemente a entornos cada vez más dinámicos y heterogéneos.Tras definir un conjunto de requerimientos de red y analizar las limitaciones de las soluciones actuales, se deduce que un control provisto independientemente de los propios dispositivos de red añadiría flexibilidad a dichas redes. Por consiguiente, la presente tesis explora la aplicabilidad de las redes definidas por software (Software-Defined Networking, SDN) en sistemas de automatización industrial. Para llevar a cabo este enfoque, se ha tomado como caso de estudio las redes de automatización basadas en el estándar IEC 61850, el cual es ampliamente usado en el diseño de las redes de comunicaciones en sistemas de distribución de energía, tales como las subestaciones eléctricas. El estándar IEC 61850 define diferentes servicios y protocolos con altos requisitos en terminos de latencia y disponibilidad de la red, los cuales han de ser satisfechos mediante técnicas de ingeniería de tráfico. Como resultado, aprovechando la flexibilidad y programabilidad ofrecidas por las redes definidas por software, en esta tesis se propone una arquitectura de control basada en el protocolo OpenFlow que, incluyendo tecnologías de gestión y monitorización de red, permite establecer políticas de tráfico acorde a su prioridad y al estado de la red.Además, las subestaciones eléctricas son un ejemplo representativo de infraestructura crítica, que son aquellas en las que un fallo puede resultar en graves pérdidas económicas, daños físicos y materiales. De esta forma, tales sistemas deben ser extremadamente seguros y robustos, por lo que es conveniente la implementación de topologías redundantes que ofrezcan un tiempo de reacción ante fallos mínimo. Con tal objetivo, el estándar IEC 62439-3 define los protocolos Parallel Redundancy Protocol (PRP) y High-availability Seamless Redundancy (HSR), los cuales garantizan un tiempo de recuperación nulo en caso de fallo mediante la redundancia activa de datos en redes Ethernet. Sin embargo, la gestión de redes basadas en PRP y HSR es estática e inflexible, lo que, añadido a la reducción de ancho de banda debida la duplicación de datos, hace difícil un control eficiente de los recursos disponibles. En dicho sentido, esta tesis propone control de la redundancia basado en el paradigma SDN para un aprovechamiento eficiente de topologías malladas, al mismo tiempo que se garantiza la disponibilidad de las aplicaciones de control y monitorización. En particular, se discute cómo el protocolo OpenFlow permite a un controlador externo configurar múltiples caminos redundantes entre dispositivos con varias interfaces de red, así como en entornos inalámbricos. De esta forma, los servicios críticos pueden protegerse en situaciones de interferencia y movilidad.La evaluación de la idoneidad de las soluciones propuestas ha sido llevada a cabo, principalmente, mediante la emulación de diferentes topologías y tipos de tráfico. Igualmente, se ha estudiado analítica y experimentalmente cómo afecta a la latencia el poder reducir el número de saltos en las comunicaciones con respecto al uso de un árbol de expansión, así como balancear la carga en una red de nivel 2. Además, se ha realizado un análisis de la mejora de la eficiencia en el uso de los recursos de red y la robustez alcanzada con la combinación de los protocolos PRP y HSR con un control llevado a cabo mediante OpenFlow. Estos resultados muestran que el modelo SDN podría mejorar significativamente las prestaciones de una red industrial de misión crítica

The InfoSec Handbook

Computer scienc

Internet of Things Applications - From Research and Innovation to Market Deployment

The book aims to provide a broad overview of various topics of Internet of Things from the research, innovation and development priorities to enabling technologies, nanoelectronics, cyber physical systems, architecture, interoperability and industrial applications. It is intended to be a standalone book in a series that covers the Internet of Things activities of the IERC – Internet of Things European Research Cluster from technology to international cooperation and the global "state of play".The book builds on the ideas put forward by the European research Cluster on the Internet of Things Strategic Research Agenda and presents global views and state of the art results on the challenges facing the research, development and deployment of IoT at the global level. Internet of Things is creating a revolutionary new paradigm, with opportunities in every industry from Health Care, Pharmaceuticals, Food and Beverage, Agriculture, Computer, Electronics Telecommunications, Automotive, Aeronautics, Transportation Energy and Retail to apply the massive potential of the IoT to achieving real-world solutions. The beneficiaries will include as well semiconductor companies, device and product companies, infrastructure software companies, application software companies, consulting companies, telecommunication and cloud service providers. IoT will create new revenues annually for these stakeholders, and potentially create substantial market share shakeups due to increased technology competition. The IoT will fuel technology innovation by creating the means for machines to communicate many different types of information with one another while contributing in the increased value of information created by the number of interconnections among things and the transformation of the processed information into knowledge shared into the Internet of Everything. The success of IoT depends strongly on enabling technology development, market acceptance and standardization, which provides interoperability, compatibility, reliability, and effective operations on a global scale. The connected devices are part of ecosystems connecting people, processes, data, and things which are communicating in the cloud using the increased storage and computing power and pushing for standardization of communication and metadata. In this context security, privacy, safety, trust have to be address by the product manufacturers through the life cycle of their products from design to the support processes. The IoT developments address the whole IoT spectrum - from devices at the edge to cloud and datacentres on the backend and everything in between, through ecosystems are created by industry, research and application stakeholders that enable real-world use cases to accelerate the Internet of Things and establish open interoperability standards and common architectures for IoT solutions. Enabling technologies such as nanoelectronics, sensors/actuators, cyber-physical systems, intelligent device management, smart gateways, telematics, smart network infrastructure, cloud computing and software technologies will create new products, new services, new interfaces by creating smart environments and smart spaces with applications ranging from Smart Cities, smart transport, buildings, energy, grid, to smart health and life. Technical topics discussed in the book include: • Introduction• Internet of Things Strategic Research and Innovation Agenda• Internet of Things in the industrial context: Time for deployment.• Integration of heterogeneous smart objects, applications and services• Evolution from device to semantic and business interoperability• Software define and virtualization of network resources• Innovation through interoperability and standardisation when everything is connected anytime at anyplace• Dynamic context-aware scalable and trust-based IoT Security, Privacy framework• Federated Cloud service management and the Internet of Things• Internet of Things Application

Riverine sustainment 2012

Student Integrated ProjectIncludes supplementary materialThis technical report analyzed the Navy's proposed Riverine Force (RF) structure and capabilities for 2012. The Riverine Sustainment 2012 Team (RST) examined the cost and performance of systems of systems which increased RF sustainment in logistically barren environments. RF sustainment was decomposed into its functional areas of supply, repair, and force protection. The functional and physical architectures were developed in parallel and were used to construct an operational architecture for the RF. The RST used mathematical, agent-based and queuing models to analyze various supply, repair and force protection system alternatives. Extraction of modeling data revealed several key insights. Waterborne heavy lift connectors such as the LCU-2000 are vital in the re-supply of the RF when it is operating up river in a non-permissive environment. Airborne heavy lift connectors such as the MV-22 were ineffective and dominated by the waterborne variants in the same environment. Increase in manpower and facilities did appreciable add to the operational availability of the RF. Mean supply response time was the biggest factor effecting operational availability and should be kept below 24 hours to maintain operational availability rates above 80%. Current mortar defenses proposed by the RF are insufficient.N

Maritime threat response

This report was prepared by Systems Engineering and Analysis Cohort Nine (SEA-9) Maritime Threat Response, (MTR) team members.Background: The 2006 Naval Postgraduate School (NPS) Cross-Campus Integrated Study, titled “Maritime Threat Response” involved the combined effort of 7 NPS Systems Engineering students, 7 Singaporean Temasek Defense Systems Institute (TDSI) students, 12 students from the Total Ship Systems Engineering (TSSE) curriculum, and numerous NPS faculty members from different NPS departments. After receiving tasking provided by the Wayne E. Meyer Institute of Systems Engineering at NPS in support of the Office of the Assistant Secretary of Defense for Homeland Defense, the study examined ways to validate intelligence and respond to maritime terrorist attacks against United States coastal harbors and ports. Through assessment of likely harbors and waterways to base the study upon, the San Francisco Bay was selected as a representative test-bed for the integrated study. The NPS Systems Engineering and Analysis Cohort 9 (SEA-9) Maritime Threat Response (MTR) team, in conjunction with the TDSI students, used the Systems Engineering Lifecycle Process (SELP) [shown in Figure ES-1, p. xxiii ] as a systems engineering framework to conduct the multi-disciplinary study. While not actually fabricating any hardware, such a process was well-suited for tailoring to the team’s research efforts and project focus. The SELP was an iterative process used to bound and scope the MTR problem, determine needs, requirements, functions, and to design architecture alternatives to satisfy stakeholder needs and desires. The SoS approach taken [shown in Figure ES-2, p. xxiv ]enabled the team to apply a systematic approach to problem definition, needs analysis, requirements, analysis, functional analysis, and then architecture development and assessment.In the twenty-first century, the threat of asymmetric warfare in the form of terrorism is one of the most likely direct threats to the United States homeland. It has been recognized that perhaps the key element in protecting the continental United States from terrorist threats is obtaining intelligence of impending attacks in advance. Enormous amounts of resources are currently allocated to obtaining and parsing such intelligence. However, it remains a difficult problem to deal with such attacks once intelligence is obtained. In this context, the Maritime Threat Response Project has applied Systems Engineering processes to propose different cost-effective System of Systems (SoS) architecture solutions to surface-based terrorist threats emanating from the maritime domain. The project applied a five-year time horizon to provide near-term solutions to the prospective decision makers and take maximum advantage of commercial off-the-shelf (COTS) solutions and emphasize new Concepts of Operations (CONOPS) for existing systems. Results provided insight into requirements for interagency interactions in support of Maritime Security and demonstrated the criticality of timely and accurate intelligence in support of counterterror operations.This report was prepared for the Office of the Assistant Secretary of Defense for Homeland DefenseApproved for public release; distribution is unlimited

CIRA annual report FY 2015/2016

Reporting period April 1, 2015-March 31, 2016

Summary of Research 1994

The views expressed in this report are those of the authors and do not reflect the official policy or position of the Department of Defense or the U.S. Government.This report contains 359 summaries of research projects which were carried out under funding of the Naval Postgraduate School Research Program. A list of recent publications is also included which consists of conference presentations and publications, books, contributions to books, published journal papers, and technical reports. The research was conducted in the areas of Aeronautics and Astronautics, Computer Science, Electrical and Computer Engineering, Mathematics, Mechanical Engineering, Meteorology, National Security Affairs, Oceanography, Operations Research, Physics, and Systems Management. This also includes research by the Command, Control and Communications (C3) Academic Group, Electronic Warfare Academic Group, Space Systems Academic Group, and the Undersea Warfare Academic Group