Mitigating Information security risks during the Transition to Integrated Operations: Models & Data

This research studies the change of information security risks during the transition toIntegrated Operations (an operation extensively utilize advanced information communicationtechnology to connect offshore facilities and onshore control centers and even vendors.) inNorsk Hydro, a Norwegian oil and gas company. The specific case for this study is a pilotplatform in transition to Integrated Operations, Brage: twenty traditional work processes areto be replaced by new work processes. The operators on the Brage platform have to build uprelevant new knowledge to work effectively with new work processes. The new workprocesses, new knowledge and their interrelationship all affect information security risks.The management of Norsk Hydro is concerned with the problem of the increasinginformation security risks, which might cause incidents with severe consequences. We lookfor policies that support a successful (smooth and fast) operation transition.System dynamics is adopted in this research to model the causal structure (mechanism) ofthe operation transition. We chose system dynamics because operation transition is a processrich in feedback, delays, nonlinearity and tradeoffs. All these features are captured by systemdynamics models. Moreover, system dynamics models can be used to simulate variousscenarios. The analyses of these scenarios can lead to insights on policy rules. Wespecifically investigate policies concerning transition speed, resource allocation during thetransition to Integrated Operations and investment rules in incident response capability.Since historical time series data about incidents and information security risks are scarce, weuse following model-based interventions to elicit structural information from our client andexperts:May 2005 First group model-building workshop Problem articulationSep 2005 Second group model-building workshop Model conceptualizationDec 2005 Model-based interview Model formulationYear 2006 Series of model-based meetings Model refinementNov 2008 Model-based interview Model validationThe Brage model was developed and validated through these model-based interventions. Theanalyses of various simulation results lead to the following policy insights: 1. Transition speed. The operation transition should be designed with a speed that allowsthe operators not only to get familiar with new work processes, but also to build up thedetailed knowledge supporting these work processes. The relevance of such knowledge,which is mostly tacit, is sometimes underrated. If the operators only know what to do,but not how to do it effectively, the benefit of the new technology (embedded in the newwork processes) will not be fully realized, and the platform will be more vulnerable toinformation security threats.2. Resource allocation. Resources (operators’ time) are needed to learn new work processesand to acquire related knowledge. Generally, the operators will first put their time intoachieving the production target. Investment on learning activities will not be prioritizedif these activities hinder reaching the production target, even if the operators know thisshort-term performance drop is the cost for obtaining long-term higher performance.Nevertheless strategic decision should never be influenced by operative goals and highlevel managements should be responsible to make decisions on whether focusing onlong-term profits and accept short-term performance drop as a trade-off.3. Investment in incident response capability. The management in Norsk Hydro is aware ofthe increasing information security risks changing from unconnected platforms tointegrated ones. However, investment in incident response capability to handleincreasing incidents is not made proactively. Only if the frequency of incidents hasincreased or severe incidents has occurred or the incident cost have been proved high,will the management decide to invest more on incident response capability. The Bragemodel simulations illustrate that these reactive decision rules will trap the managementinto ignoring the early signs of increasing information security risks, and causeunderinvestment, which results in inadequate incident response capability, andsubsequently leads to severe consequence. Proactive decision rules work effectively inreducing severity of incidents.This work helps our client in two ways. First, the model-based communication helps themanagement in Norsk Hydro clarify the problem it is facing and understand the underlyingmechanism causing the problem. There is an increased insight into the relevance of newknowledge acquisition. Second, the Brage model offers the management a tool to investigatethe long-term operation results under different policies, thus, helping improve themanagement decision process. This work contributes to the information security literature in three ways. First, previousresearch in information security is mostly on risk assessment methodology and informationsecurity management checklist. The dynamics of information security risks during theoperation transition period has not been well studied before. In this fast changing society,this aspect of changing information security risks is of importance. Second, we introduce adynamic view with the long-term perspective of information security. Although incidentshappen in random manner, the underlying mechanism that leads to such incidents oftenexists for a period. Understanding such mechanism is the key to prevent incidents. Last, butnot least, we demonstrate how formal modeling and simulation can facilitate the building oftheories on information security management. Information security management involvesnot only “hard” aspects, such as work processes and technology, but also “soft” aspects, suchas people’s awareness, people’s perception, and the cultural environment, - and all of whichchange over time. These soft aspects are sometimes the major factors affecting informationsecurity.This work also contributes to the system dynamics literature by adding examples of howmodel-based interventions are used to identify problems, conceptualize and validate models.The activities of group model-building workshops and model validation interviews arecarefully documented and reflected. It is an important step towards the accumulation ofknowledge in model-based intervention

Analyzing audit trails in a distributed and hybrid intrusion detection platform

Efforts have been made over the last decades in order to design and perfect Intrusion Detection Systems (IDS). In addition to the widespread use of Intrusion Prevention Systems (IPS) as perimeter defense devices in systems and networks, various IDS solutions are used together as elements of holistic approaches to cyber security incident detection and prevention, including Network-Intrusion Detection Systems (NIDS) and Host-Intrusion Detection Systems (HIDS). Nevertheless, specific IDS and IPS technology face several effectiveness challenges to respond to the increasing scale and complexity of information systems and sophistication of attacks. The use of isolated IDS components, focused on one-dimensional approaches, strongly limits a common analysis based on evidence correlation. Today, most organizations’ cyber-security operations centers still rely on conventional SIEM (Security Information and Event Management) technology. However, SIEM platforms also have significant drawbacks in dealing with heterogeneous and specialized security event-sources, lacking the support for flexible and uniform multi-level analysis of security audit-trails involving distributed and heterogeneous systems. In this thesis, we propose an auditing solution that leverages on different intrusion detection components and synergistically combines them in a Distributed and Hybrid IDS (DHIDS) platform, taking advantage of their benefits while overcoming the effectiveness drawbacks of each one. In this approach, security events are detected by multiple probes forming a pervasive, heterogeneous and distributed monitoring environment spread over the network, integrating NIDS, HIDS and specialized Honeypot probing systems. Events from those heterogeneous sources are converted to a canonical representation format, and then conveyed through a Publish-Subscribe middleware to a dedicated logging and auditing system, built on top of an elastic and scalable document-oriented storage system. The aggregated events can then be queried and matched against suspicious attack signature patterns, by means of a proposed declarative query-language that provides event-correlation semantics

The Role of Transportation in Campus Emergency Planning, MTI Report 08-06

In 2005, Hurricane Katrina created the greatest natural disaster in American history. The states of Louisiana, Mississippi and Alabama sustained significant damage, including 31 colleges and universities. Other institutions of higher education, most notably Louisiana State University (LSU), became resources to the disaster area. This is just one of the many examples of disaster impacts on institutions of higher education. The Federal Department of Homeland Security, under Homeland Security Presidential Directive–5, requires all public agencies that want to receive federal preparedness assistance to comply with the National Incident Management System (NIMS), which includes the creation of an Emergency Operations Plan (EOP). Universities, which may be victims or resources during disasters, must write NIMS–compliant emergency plans. While most university emergency plans address public safety and logistics management, few adequately address the transportation aspects of disaster response and recovery. This MTI report describes the value of integrating transportation infrastructure into the campus emergency plan, including planning for helicopter operations. It offers a list of materials that can be used to educate and inform campus leadership on campus emergency impacts, including books about the Katrina response by LSU and Tulane Hospital, contained in the report´s bibliography. It provides a complete set of Emergency Operations Plan checklists and organization charts updated to acknowledge lessons learned from Katrina, 9/11 and other wide–scale emergencies. Campus emergency planners can quickly update their existing emergency management documents by integrating selected annexes and elements, or create new NIMS–compliant plans by adapting the complete set of annexes to their university´s structures

Mitigating Information security risks during the Transition to Integrated Operations: Models & Data

This research studies the change of information security risks during the transition toIntegrated Operations (an operation extensively utilize advanced information communicationtechnology to connect offshore facilities and onshore control centers and even vendors.) inNorsk Hydro, a Norwegian oil and gas company. The specific case for this study is a pilotplatform in transition to Integrated Operations, Brage: twenty traditional work processes areto be replaced by new work processes. The operators on the Brage platform have to build uprelevant new knowledge to work effectively with new work processes. The new workprocesses, new knowledge and their interrelationship all affect information security risks.The management of Norsk Hydro is concerned with the problem of the increasinginformation security risks, which might cause incidents with severe consequences. We lookfor policies that support a successful (smooth and fast) operation transition.System dynamics is adopted in this research to model the causal structure (mechanism) ofthe operation transition. We chose system dynamics because operation transition is a processrich in feedback, delays, nonlinearity and tradeoffs. All these features are captured by systemdynamics models. Moreover, system dynamics models can be used to simulate variousscenarios. The analyses of these scenarios can lead to insights on policy rules. Wespecifically investigate policies concerning transition speed, resource allocation during thetransition to Integrated Operations and investment rules in incident response capability.Since historical time series data about incidents and information security risks are scarce, weuse following model-based interventions to elicit structural information from our client andexperts:May 2005 First group model-building workshop Problem articulationSep 2005 Second group model-building workshop Model conceptualizationDec 2005 Model-based interview Model formulationYear 2006 Series of model-based meetings Model refinementNov 2008 Model-based interview Model validationThe Brage model was developed and validated through these model-based interventions. Theanalyses of various simulation results lead to the following policy insights: 1. Transition speed. The operation transition should be designed with a speed that allowsthe operators not only to get familiar with new work processes, but also to build up thedetailed knowledge supporting these work processes. The relevance of such knowledge,which is mostly tacit, is sometimes underrated. If the operators only know what to do,but not how to do it effectively, the benefit of the new technology (embedded in the newwork processes) will not be fully realized, and the platform will be more vulnerable toinformation security threats.2. Resource allocation. Resources (operators’ time) are needed to learn new work processesand to acquire related knowledge. Generally, the operators will first put their time intoachieving the production target. Investment on learning activities will not be prioritizedif these activities hinder reaching the production target, even if the operators know thisshort-term performance drop is the cost for obtaining long-term higher performance.Nevertheless strategic decision should never be influenced by operative goals and highlevel managements should be responsible to make decisions on whether focusing onlong-term profits and accept short-term performance drop as a trade-off.3. Investment in incident response capability. The management in Norsk Hydro is aware ofthe increasing information security risks changing from unconnected platforms tointegrated ones. However, investment in incident response capability to handleincreasing incidents is not made proactively. Only if the frequency of incidents hasincreased or severe incidents has occurred or the incident cost have been proved high,will the management decide to invest more on incident response capability. The Bragemodel simulations illustrate that these reactive decision rules will trap the managementinto ignoring the early signs of increasing information security risks, and causeunderinvestment, which results in inadequate incident response capability, andsubsequently leads to severe consequence. Proactive decision rules work effectively inreducing severity of incidents.This work helps our client in two ways. First, the model-based communication helps themanagement in Norsk Hydro clarify the problem it is facing and understand the underlyingmechanism causing the problem. There is an increased insight into the relevance of newknowledge acquisition. Second, the Brage model offers the management a tool to investigatethe long-term operation results under different policies, thus, helping improve themanagement decision process. This work contributes to the information security literature in three ways. First, previousresearch in information security is mostly on risk assessment methodology and informationsecurity management checklist. The dynamics of information security risks during theoperation transition period has not been well studied before. In this fast changing society,this aspect of changing information security risks is of importance. Second, we introduce adynamic view with the long-term perspective of information security. Although incidentshappen in random manner, the underlying mechanism that leads to such incidents oftenexists for a period. Understanding such mechanism is the key to prevent incidents. Last, butnot least, we demonstrate how formal modeling and simulation can facilitate the building oftheories on information security management. Information security management involvesnot only “hard” aspects, such as work processes and technology, but also “soft” aspects, suchas people’s awareness, people’s perception, and the cultural environment, - and all of whichchange over time. These soft aspects are sometimes the major factors affecting informationsecurity.This work also contributes to the system dynamics literature by adding examples of howmodel-based interventions are used to identify problems, conceptualize and validate models.The activities of group model-building workshops and model validation interviews arecarefully documented and reflected. It is an important step towards the accumulation ofknowledge in model-based intervention

Emergency Management Training for Transportation Agencies

State transportation agencies have a variety of responsibilities related to emergency management. Field personnel manage events--from day-to-day emergencies to disasters--using the Incident Command System (ICS) as their organizational basis. At the headquarters level, the Emergency Operations Center (EOC) coordinates the use of resources across the department and its districts, with other state departments and agencies, and through the federal Emergency Support Function 1. District-level EOCs coordinate with the department. In extreme events, the transportation department may only be able to deliver limited essential services in austere conditions, so a continuity of operations/ continuity of government plan (COOP/COG) is essential. This research applied the principles of andragogy to deliver ICS field level training, EOC training and COOP/COG training to state transportation agency’s staff in all districts and at headquarters. The data supports the need for adult-oriented methods in emergency management training

Job Corps: Preliminary Observations on Student Safety and Security Data

The deaths of two Job Corps students in 2015 raised concerns about the safety and security of students in this program. The Job Corps program serves approximately 50,000 students each year at 125 centers nationwide. Multiple DOL Office of Inspector General (OIG) audits have found deficiencies in the Office of Job Corps’ efforts to oversee student safety. ETA and the Office of Job Corps have taken steps to address these concerns, but in March 2017, the DOL OIG raised new safety and security concerns, including some underreporting of incident data, and made related recommendations. This testimony is based on GAO’s ongoing work on these issues and provides preliminary observations on (1) the number and types of reported safety and security incidents involving Job Corps students, and (2) student perceptions of safety at Job Corps centers. GAO analyzed ETA’s reported incident data from January 1, 2007 through June 30, 2016. GAO’s preliminary analysis summarizes reported incidents in the aggregate over this time period but the actual number is likely greater. GAO also analyzed student survey data from March 2007 through March 2017, reviewed relevant documentation, and interviewed ETA officials and DOL OIG officials

Emergency Management Training and Exercises for Transportation Agency Operations, MTI Report 09-17

Training and exercises are an important part of emergency management. Plans are developed based on threat assessment, but they are not useful unless staff members are trained on how to use the plan, and then practice that training. Exercises are also essential for ensuring that the plan is effective, and outcomes from exercises are used to improve the plan. Exercises have been an important part of gauging the preparedness of response organizations since Civil Defense days when full-scale exercises often included the community. Today there are various types of exercises that can be used to evaluate the preparedness of public agencies and communities: seminars, drills, tabletop exercises, functional exercises, facilitated exercises and full-scale exercises. Police and fire agencies have long used drills and full-scale exercises to evaluate the ability of staff to use equipment, protocols and plans. Transit and transportation agencies have seldom been included in these plans, and have little guidance for their participation in the exercises. A research plan was designed to determine whether urban transit systems are holding exercises, and whether they have the training and guidance documents that they need to be successful. The main research question was whether there was a need for a practical handbook to guide the development of transit system exercises

Generic Continuity of Operations/Continuity of Government Plan for State-Level Transportation Agencies, Research Report 11-01

The Homeland Security Presidential Directive 20 (HSPD-20) requires all local, state, tribal and territorial government agencies, and private sector owners of critical infrastructure and key resources (CI/KR) to create a Continuity of Operations/Continuity of Government Plan (COOP/COG). There is planning and training guidance for generic transportation agency COOP/COG work, and the Transportation Research Board has offered guidance for transportation organizations. However, the special concerns of the state-level transportation agency’s (State DOT’s) plan development are not included, notably the responsibilities for the entire State Highway System and the responsibility to support specific essential functions related to the State DOT Director’s role in the Governor’s cabinet. There is also no guidance on where the COOP/COG planning and organizing fits into the National Incident Management System (NIMS) at the local or state-level department or agency. This report covers the research conducted to determine how to integrate COOP/COG into the overall NIMS approach to emergency management, including a connection between the emergency operations center (EOC) and the COOP/COG activity. The first section is a presentation of the research and its findings and analysis. The second section provides training for the EOC staff of a state-level transportation agency, using a hybrid model of FEMA’s ICS and ESF approaches, including a complete set of EOC position checklists, and other training support material. The third section provides training for the COOP/COG Branch staff of a state-level transportation agency, including a set of personnel position descriptions for the COOP/COG Branch members

Assessment of crisis readiness to move a patient from the airport with suspected Ebola

The aim of this article is to verify the readiness of patient transport from the airport with symptoms for Ebola disease by the rescue services of the Integrated Rescue System of the Czech Republic. Detection of possible risks and causes of risks during patient transport. In one part of the article, the part is devoted to the current legislation regulating the cooperation of IRS, economic measures for crisis situations, functions of state material reserves management, material security of selected IRS components and the work of BIOHAZARD TEAM. The main part of the article describes the course of the extraordinary event. There is a chapter devoted to the analysis and evaluation of risks during transport. It also deals with the issues of transport, risks and problems that may be encountered by the intervening members of the IRS units. In conclusion, the proposed measures to help minimize risks in the transport of infected patient