3,139 research outputs found

    Overview of Security Plan for Offshore Floating Nuclear Plant

    Get PDF
    A new Offshore Floating Nuclear Plant (OFNP) concept with high potential for attractive economics and an unprecedented level of safety is presented, along with an overview of work done in the area of security. The OFNP creatively combines state-of-the-art Light Water Reactors (LWRs) with floating platforms such as those used in offshore oil/gas operations, both of which are well-established technologies which can allow implementation on a time scale consistent with combating climate change in the near future. OFNP is a plant that can be entirely built within a floating platform in a shipyard, transferred to the site. OFNP eliminates earthquakes and tsunamis as accident precursors; its ocean-based passive safety systems eliminate the loss of ultimate heat sink accident by design. The defense of an OFNP poses new security opportunities and challenges compared to land-based plants. Such a plant can be more easily defended by virtue of the clear 360 degree lines of sight and the relative ease of identifying surface threats. Conversely the offshore plant is potentially vulnerable to underwater approaches by mini-submarines and divers. We investigate security considerations of the OFNP applicable to two potential plant options, an OFNP-300 with a 300 MWe reactor, and an OFNP-1100 with an 1100 MWe reactor. Three innovative security system approaches could be combined for the offshore plant. The first is a comprehensive detection system which integrates radar, sonar and unmanned vehicles for a long distance overview of the vicinity of the plant. The second approach is the use of passive physical barriers about 100 meters from the plant, which will force a fast-moving power boat to lose speed or stop at the barrier allowing the plant security force more time to respond. The third approach takes advantage of the offshore plant siting and the monthly or biweekly rotation of crew to reduce the total on-plant and onshore security force by using the off-duty security force on the plant as a reserve force. Through the use of these approaches, the OFNP-300 should be able to achieve a similar security cost (on a per Megawatt basis) as land-based plants of similar or somewhat larger power rating. Due to non-linear scaling of cost, the security cost of the OFNP-1100 has the potential to be reduced significantly compared to its land-based equivalents

    Cyberterrorism after STUXNET

    Get PDF
    View the Executive SummaryThe discovery of STUXNET was a recent milestone in the arena of cyber security because it was the first malware designed to cause real world damage to industrial control systems. It demonstrated that a sufficiently determined adversary might be able to cause physical damage to U.S. critical infrastructure through a cyberattack. This monograph asks if STUXNET has had an effect on cyberterrorism in terms of motive, means, and opportunity. It is argued that terrorists have ample motive, opportunity, and modest means, which raises the question of why a major cyberattack has not happened yet. The lack of cyberattacks can be explained by a cost-benefit argument, and STUXNET has not changed the cost-benefit equation. Cyberattacks are unlikely in the near future, but the cost-benefit argument does not rule out the possibility of cyberattacks in the long term if costs change. There seems little that can be done to change terrorist motive or means. The only factor that is feasible to address is opportunity. Specifically, policies should enhance protection of national infrastructure to reduce the risk exposure to cyberattacks.https://press.armywarcollege.edu/monographs/1492/thumbnail.jp

    Forgery in Cyberspace: The Spoof Could Be on You!

    Get PDF
    Spoofing is one of the newest forms of cyber-attack, a technological methodology adapted to mask the identity of spammers who have faced hostile reaction in response to bulk, unsolicited, electronic mail messages.[1] Sending Spam, however, is no longer the only reason for deception, as crackers have taken pleasure in the challenge of manipulating computer systems and, additionally, find recreational enjoyment in doing so. In this legal Note, the author’s intent is to show that criminal, rather than civil liability is the best way to effectively deter and punish the spoofer. The injury that results when a computer system’s technological safety measures fail to adequately safeguard the system affects not only the owner of the hijacked e-mail address, but also the Internet Service Provider, and the Network as a whole. Current Anti-Spam Legislation is arguably ineffective at targeting these particular types of malicious attacks, and a different legal approach is suggested

    Systems thinking for safety and security

    Get PDF
    The fundamental challenge facing security professionals is preventing losses, be they operational, financial or mission losses. As a result, one could argue that security professionals share this challenge with safety professionals. Despite their shared challenge, there is little evidence that recent advances that enable one community to better prevent losses have been shared with the other for possible implementation. Limitations in current safety approaches have led researchers and practitioners to develop new models and techniques. These techniques could potentially benefit the field of security. This paper describes a new systems thinking approach to safety that may be suitable for meeting the challenge of securing complex systems against cyber disruptions. Systems-Theoretic Process Analysis for Security (STPA-Sec) augments traditional security approaches by introducing a top-down analysis process designed to help a multidisciplinary team consisting of security, operations, and domain experts identify and constrain the system from entering vulnerable states that lead to losses. This new framework shifts the focus of the security analysis away from threats as the proximate cause of losses and focuses instead on the broader system structure that allowed the system to enter a vulnerable system state that the threat exploits to produce the disruption leading to the loss

    Transportation, Terrorism and Crime: Deterrence, Disruption and Resilience

    Get PDF
    Abstract: Terrorists likely have adopted vehicle ramming as a tactic because it can be carried out by an individual (or “lone wolf terrorist”), and because the skills required are minimal (e.g. the ability to drive a car and determine locations for creating maximum carnage). Studies of terrorist activities against transportation assets have been conducted to help law enforcement agencies prepare their communities, create mitigation measures, conduct effective surveillance and respond quickly to attacks. This study reviews current research on terrorist tactics against transportation assets, with an emphasis on vehicle ramming attacks. It evaluates some of the current attack strategies, and the possible mitigation or response tactics that may be effective in deterring attacks or saving lives in the event of an attack. It includes case studies that can be used as educational tools for understanding terrorist methodologies, as well as ordinary emergencies that might become a terrorist’s blueprint

    Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences

    Full text link
    In this survey, we first briefly review the current state of cyber attacks, highlighting significant recent changes in how and why such attacks are performed. We then investigate the mechanics of malware command and control (C2) establishment: we provide a comprehensive review of the techniques used by attackers to set up such a channel and to hide its presence from the attacked parties and the security tools they use. We then switch to the defensive side of the problem, and review approaches that have been proposed for the detection and disruption of C2 channels. We also map such techniques to widely-adopted security controls, emphasizing gaps or limitations (and success stories) in current best practices.Comment: Work commissioned by CPNI, available at c2report.org. 38 pages. Listing abstract compressed from version appearing in repor

    A novel cyber-risk assessment method for ship systems

    Get PDF
    Recent advances in the maritime industry include research and development of new sophisticated ships with a number of smart functionalities and enhanced autonomy. The new functions and autonomy levels though come at the cost of increased connectivity. This results in increased ship vulnerability to cyber-attacks, which may lead to financial loss, environmental pollution, safety accidents. The aim of this study is to propose a novel method for cybersecurity risk assessment of ship systems. In this novel method, the Cyber-Preliminary Hazard Analysis method steps are enriched with new steps supporting the identification of cyber-attack scenarios and the risk assessment implementation. The proposed method is applied for the cyber-risk assessment and design enhancement of the navigation and propulsion systems of an inland waterways autonomous vessel. The results demonstrate that several critical scenarios can arise on the investigated autonomous vessel due to known vulnerabilities. These can be sufficiently controlled by introducing appropriate modifications to the systems design

    A Hierarchical Architectural Framework for Securing Unmanned Aerial Systems

    Get PDF
    Unmanned Aerial Systems (UAS) are becoming more widely used in the new era of evolving technology; increasing performance while decreasing size, weight, and cost. A UAS equipped with a Flight Control System (FCS) that can be used to fly semi- or fully-autonomous is a prime example of a Cyber Physical and Safety Critical system. Current Cyber-Physical defenses against malicious attacks are structured around security standards for best practices involving the development of protocols and the digital software implementation. Thus far, few attempts have been made to embed security into the architecture of the system considering security as a holistic problem. Therefore, a Hierarchical, Embedded, Cyber Attack Detection (HECAD) framework is developed to provide security in a holistic manor, providing resiliency against cyber-attacks as well as introducing strategies for mitigating and dealing with component failures. Traversing the hardware/software barrier, HECAD provides detection of malicious faults at the hardware and software level; verified through the development of an FPGA implementation and tested using a UAS FCS
    • …
    corecore