Secure Data Transfer Guidance for Industrial Control and SCADA Systems

This document was developed to provide guidance for the implementation of secure data transfer in a complex computational infrastructure representative of the electric power and oil and natural gas enterprises and the control systems they implement. For the past 20 years the cyber security community has focused on preventative measures intended to keep systems secure by providing a hard outer shell that is difficult to penetrate. Over time, the hard exterior, soft interior focus changed to focus on defense-in-depth adding multiple layers of protection, introducing intrusion detection systems, more effective incident response and cleanup, and many other security measures. Despite much larger expenditures and more layers of defense, successful attacks have only increased in number and severity. Consequently, it is time to re-focus the conventional approach to cyber security. While it is still important to implement measures to keep intruders out, a new protection paradigm is warranted that is aimed at discovering attempted or real compromises as early as possible. Put simply, organizations should take as fact that they have been, are now, or will be compromised. These compromises may be intended to steal information for financial gain as in the theft of intellectual property or credentials that lead to the theft of financial resources, or to lie silent until instructed to cause physical or electronic damage and/or denial of services. This change in outlook has been recently confirmed by the National Security Agency [19]. The discovery of attempted and actual compromises requires an increased focus on monitoring events by manual and/or automated log monitoring, detecting unauthorized changes to a system's hardware and/or software, detecting intrusions, and/or discovering the exfiltration of sensitive information and/or attempts to send inappropriate commands to ICS/SCADA (Industrial Control System/Supervisory Control And Data Acquisition) systems

The reliability of card-based and tablet-based left/right judgment measurements.

BACKGROUND: Left/right judgment (LRJ) measurement is a potential way to identify dysfunction in cortical body maps, and to measure improvement related to corresponding treatments. Few studies have explored the reliability of various methods for LRJ measurement. OBJECTIVES: To determine measurement reliability of LRJ utilizing two methods: card-based (CB) and tablet-based (TB). Establish minimal detectable difference (MDD) for accuracy and reaction time for both assessments. METHODS: Testing was done over two different days. Session 1 consisted of testing LRJ utilizing CB assessment with photos of left and right hands over two trial periods. The TB format was also tested over two trial periods. Session 2 tested with the CB assessment for two trial periods. 40 images were used in the basic upright position for both CB and TB formats. RESULTS: Fifty participants (N = 50; female = 35) with an average age of 24.3 (range 19-35) were studied. ICC (2,k) for reaction time for both methods were \u3e0.84. The MDD for reaction time was between 0.19 and 0.49 s for various test points for both methods. Combined left and right accuracy ICC (2,k) for both methods were \u3e0.51, with MDD between 5 and 14%. CONCLUSIONS: This study examined the reliability and MDD for the LRJ measurement for card and tablet-based assessments. Generally, LRJ reaction time had good reliability, while accuracy had moderate reliability and varied between testing methods

Secure Data Transfer Guidance for Industrial Control and SCADA Systems

This document was developed to provide guidance for the implementation of secure data transfer in a complex computational infrastructure representative of the electric power and oil and natural gas enterprises and the control systems they implement. For the past 20 years the cyber security community has focused on preventative measures intended to keep systems secure by providing a hard outer shell that is difficult to penetrate. Over time, the hard exterior, soft interior focus changed to focus on defense-in-depth adding multiple layers of protection, introducing intrusion detection systems, more effective incident response and cleanup, and many other security measures. Despite much larger expenditures and more layers of defense, successful attacks have only increased in number and severity. Consequently, it is time to re-focus the conventional approach to cyber security. While it is still important to implement measures to keep intruders out, a new protection paradigm is warranted that is aimed at discovering attempted or real compromises as early as possible. Put simply, organizations should take as fact that they have been, are now, or will be compromised. These compromises may be intended to steal information for financial gain as in the theft of intellectual property or credentials that lead to the theft of financial resources, or to lie silent until instructed to cause physical or electronic damage and/or denial of services. This change in outlook has been recently confirmed by the National Security Agency [19]. The discovery of attempted and actual compromises requires an increased focus on monitoring events by manual and/or automated log monitoring, detecting unauthorized changes to a system's hardware and/or software, detecting intrusions, and/or discovering the exfiltration of sensitive information and/or attempts to send inappropriate commands to ICS/SCADA (Industrial Control System/Supervisory Control And Data Acquisition) systems