Secure Data Transfer Guidance for Industrial Control and SCADA Systems

This document was developed to provide guidance for the implementation of secure data transfer in a complex computational infrastructure representative of the electric power and oil and natural gas enterprises and the control systems they implement. For the past 20 years the cyber security community has focused on preventative measures intended to keep systems secure by providing a hard outer shell that is difficult to penetrate. Over time, the hard exterior, soft interior focus changed to focus on defense-in-depth adding multiple layers of protection, introducing intrusion detection systems, more effective incident response and cleanup, and many other security measures. Despite much larger expenditures and more layers of defense, successful attacks have only increased in number and severity. Consequently, it is time to re-focus the conventional approach to cyber security. While it is still important to implement measures to keep intruders out, a new protection paradigm is warranted that is aimed at discovering attempted or real compromises as early as possible. Put simply, organizations should take as fact that they have been, are now, or will be compromised. These compromises may be intended to steal information for financial gain as in the theft of intellectual property or credentials that lead to the theft of financial resources, or to lie silent until instructed to cause physical or electronic damage and/or denial of services. This change in outlook has been recently confirmed by the National Security Agency [19]. The discovery of attempted and actual compromises requires an increased focus on monitoring events by manual and/or automated log monitoring, detecting unauthorized changes to a system's hardware and/or software, detecting intrusions, and/or discovering the exfiltration of sensitive information and/or attempts to send inappropriate commands to ICS/SCADA (Industrial Control System/Supervisory Control And Data Acquisition) systems

Engineering Accomplishments in the Construction of NCSX

The National Compact Stellarator Experiment (NCSX) was designed to test a compact, quasiaxisymmetric stellarator configuration. Flexibility and accurate realization of its complex 3D geometry were key requirements affecting the design and construction. While the project was terminated before completing construction, there were significant engineering accomplishments in design, fabrication, and assembly. The design of the stellarator core device was completed. All of the modular coils, toroidal field coils, and vacuum vessel sectors were fabricated. Critical assembly steps were demonstrated. Engineering advances were made in the application of CAD modeling, structural analysis, and accurate fabrication of complex-shaped components and subassemblies. The engineering accomplishments of the project are summarize

The severity of pandemic H1N1 influenza in the United States, from April to July 2009: A Bayesian analysis

Background: Accurate measures of the severity of pandemic (H1N1) 2009 influenza (pH1N1) are needed to assess the likely impact of an anticipated resurgence in the autumn in the Northern Hemisphere. Severity has been difficult to measure because jurisdictions with large numbers of deaths and other severe outcomes have had too many cases to assess the total number with confidence. Also, detection of severe cases may be more likely, resulting in overestimation of the severity of an average case. We sought to estimate the probabilities that symptomatic infection would lead to hospitalization, ICU admission, and death by combining data from multiple sources. Methods and Findings: We used complementary data from two US cities: Milwaukee attempted to identify cases of medically attended infection whether or not they required hospitalization, while New York City focused on the identification of hospitalizations, intensive care admission or mechanical ventilation (hereafter, ICU), and deaths. New York data were used to estimate numerators for ICU and death, and two sources of data - medically attended cases in Milwaukee or self-reported influenza-like illness (ILI) in New York - were used to estimate ratios of symptomatic cases to hospitalizations. Combining these data with estimates of the fraction detected for each level of severity, we estimated the proportion of symptomatic patients who died (symptomatic case-fatality ratio, sCFR), required ICU (sCIR), and required hospitalization (sCHR), overall and by age category. Evidence, prior information, and associated uncertainty were analyzed in a Bayesian evidence synthesis framework. Using medically attended cases and estimates of the proportion of symptomatic cases medically attended, we estimated an sCFR of 0.048% (95% credible interval [CI] 0.026%-0.096%), sCIR of 0.239% (0.134%-0.458%), and sCHR of 1.44% (0.83%-2.64%). Using self-reported ILI, we obtained estimates approximately 7-96lower. sCFR and sCIR appear to be highest in persons aged 18 y and older, and lowest in children aged 5-17 y. sCHR appears to be lowest in persons aged 5-17; our data were too sparse to allow us to determine the group in which it was the highest. Conclusions: These estimates suggest that an autumn-winter pandemic wave of pH1N1 with comparable severity per case could lead to a number of deaths in the range from considerably below that associated with seasonal influenza to slightly higher, but with the greatest impact in children aged 0-4 and adults 18-64. These estimates of impact depend on assumptions about total incidence of infection and would be larger if incidence of symptomatic infection were higher or shifted toward adults, if viral virulence increased, or if suboptimal treatment resulted from stress on the health care system; numbers would decrease if the total proportion of the population symptomatically infected were lower than assumed.published_or_final_versio

Role of Pleiotropy in the Evolution of a Cryptic Developmental Variation in Caenorhabditis elegans

Using vulval phenotypes in Caenorhabditis elegans, the authors show that cryptic genetic variation can evolve through selection for pleiotropic effects that alter fitness, and identify a cryptic variant that has conferred enhanced fitness on domesticated worms under laboratory conditions

Diagnostics for the National Compact Stellarator Experiment

The status of planning of the National Compact Stellarator Experiment (NCSX) diagnostics is presented, with the emphasis on resolution of diagnostics access issues and on diagnostics required for the early phases of operation

Secure Data Transfer Guidance for Industrial Control and SCADA Systems

This document was developed to provide guidance for the implementation of secure data transfer in a complex computational infrastructure representative of the electric power and oil and natural gas enterprises and the control systems they implement. For the past 20 years the cyber security community has focused on preventative measures intended to keep systems secure by providing a hard outer shell that is difficult to penetrate. Over time, the hard exterior, soft interior focus changed to focus on defense-in-depth adding multiple layers of protection, introducing intrusion detection systems, more effective incident response and cleanup, and many other security measures. Despite much larger expenditures and more layers of defense, successful attacks have only increased in number and severity. Consequently, it is time to re-focus the conventional approach to cyber security. While it is still important to implement measures to keep intruders out, a new protection paradigm is warranted that is aimed at discovering attempted or real compromises as early as possible. Put simply, organizations should take as fact that they have been, are now, or will be compromised. These compromises may be intended to steal information for financial gain as in the theft of intellectual property or credentials that lead to the theft of financial resources, or to lie silent until instructed to cause physical or electronic damage and/or denial of services. This change in outlook has been recently confirmed by the National Security Agency [19]. The discovery of attempted and actual compromises requires an increased focus on monitoring events by manual and/or automated log monitoring, detecting unauthorized changes to a system's hardware and/or software, detecting intrusions, and/or discovering the exfiltration of sensitive information and/or attempts to send inappropriate commands to ICS/SCADA (Industrial Control System/Supervisory Control And Data Acquisition) systems