Global ETD Search

11	A Proactive Risk-Aware Robotic Sensor Network for Critical Infrastructure Protection McCausland, Jamieson January 2014 (has links) In this thesis a Proactive Risk-Aware Robotic Sensor Network (RSN) is proposed for the application of Critical Infrastructure Protection (CIP). Each robotic member of the RSN is granted a perception of risk by means of a Risk Management Framework (RMF). A fuzzy-risk model is used to extract distress-based risk features and potential intrusion-based risk features for CIP. Detected high-risk events invoke a fuzzy-auction Multi-Robot Task Allocation (MRTA) algorithm to create a response group for each detected risk. Through Evolutionary Multi-Objective (EMO) optimization, a Pareto set of optimal robot configurations for a response group will be generated using the Non-Dominating Sorting Genetic Algorithm II (NSGA-II). The optimization objectives are to maximize sensor coverage of essential spatial regions and minimize the amount of energy exerted by the response group. A set of non-dominated solutions are produced from EMO optimization for a decision maker to select a single response. The RSN response group will re-organize based on the specifications of the selected response. robotic sensor network risk awareness self-organization territorial security critical infrastructure protection genetic algorithm fuzzy logic
12	On the Distribution of Inter-Arrival Times of 911 Emergency ResponseProcess Events Moss, Blake Cameron 22 May 2020 (has links) The 911 emergency response process is a core component of the emergency services critical infrastructure sector in the United States. Modeling and simulation of a complex stochastic system like the 911 response process enables policy makers and stakeholders to better understand, identify, and mitigate the impact of attacks/disasters affecting the 911 system. Modeling the 911 response process as a series of queue sub-systems will enable analysis into how CI failures impact the different phases of the 911 response process. Before such a model can be constructed, the probability distributions of the inter-arrivals of events into these various sub-systems needs to be identified. This research is a first effort into investigating the stochastic behavior of inter-arrival times of different events throughout the 911 response process. I use the methodology of input modeling, a statistical modeling approach, to determine whether the exponential distribution is an appropriate model for these inter-arrival times across a large dataset of historical 911 dispatch records. 911 emergency response critical infrastructure protection statistical modeling queuing theory input modeling Physical Sciences and Mathematics
13	Statistical and Fuzzy Set Modeling for the Risk Analysis for Critical Infrastructure Protection Cotellesso, Paul 25 September 2009 (has links) No description available. Civil Engineering Critical Infrastructure Protection Perimeter Security Fuzzy Triangular Model Proportional Odds Model Friedman's Test
14	THE APPLICATION OF AUTONOMIC COMPUTING FOR THE PROTECTION OF INDUSTRIAL CONTROL SYSTEMS Cox, Donald Patrick January 2011 (has links) Critical infrastructures are defined as the basic facilities, services and utilities needed to support the functioning of society. For over three-thousand years, civil engineers have built these infrastructures to ensure that needed services and products are available to make mankind more comfortable, secure and productive. Modern infrastructure control systems are vulnerable to disruption from natural disaster, accident, negligent operation and intentional cyber assaults from malicious agents. Many critical processes within our infrastructures are continuous (e.g., electric power, etc.) and cannot be interrupted without consequence to industry and the public. Failure to protect the critical infrastructure from cyber assaults will result in physical, economic and social impacts, extending from the local to the national level. Cyber weapons have shown that harm to infrastructures can occur before system operators have time to determine the source.We present the thesis that infrastructure control systems can employ autonomic computing technology to detect anomalies and mitigate process disruption. Specifically we focus on: 1) autonomic computing algorithms that can be integrated into control systems and networks to detect and respond to anomalies; 2) autonomic technology capable of detecting and blocking infrastructure controller commands, that if executed, would result in process disruption; 3) design and construction of a prototype Autonomic Critical Infrastructure Protection appliance (ACIP) for integration and testing of autonomic algorithms; and 4) the design and construction of a test bed capable of modeling critical infrastructures and related control systems and processes for the purpose of testing and demonstrating new autonomic technologies.We report on the development of a new, multi-dimension ontology that organizes cyber assault methodologies correlated with perpetrator motivation and goals. Using this ontology, we create a theoretical framework to identify the integration points for protective technology within infrastructure control systems. We have created a unique modeling and simulation test bed for critical infrastructure systems and processes, and a prototype autonomic computing appliance. Through this work, we have developed an expanded understanding of autonomic computing theory and its application to controls systems. We also, through experimentation, prove the thesis and establish a roadmap for future research. industrial control systems information Technology programmable controller SCADA Electrical & Computer Engineering autonomic computing critical infrastructure protection
15	Exécution sécurisée de code sur systèmes embarqués / Trustworthy code execution on embedded devices Perito, Daniele 13 October 2011 (has links) Les systèmes embarqués sont utilisés dans de nombreux systèmes critiques, depuis les automobiles jusqu'aux les systèmes de contrôle industriels. La plupart des recherches sur ces systèmes embarqués se sont concentrés sur l'amélioration de leur fiabilité face à des fautes ou erreurs de fonctionnent non intentionnelles, moins de travaux on été réalisés considérant les attaques intentionnelles. Ces systèmes embarqués sont de plus en plus connectés, souvent à Internet, via des réseaux sans fils, par exemple pour leur administration à distance. Cela augmente les risques d'attaques à distance ou d'injection de code malicieux. Les fautes de fonctionnement de ces équipements peuvent causer des dommages physiques comme par example rendre des appareils médicaux dangereux. Par conséquent, il est primordial de protéger ces systèmes embarqués contre les attaques. Dans cette thèse nous présentons des attaques et défenses contre les systèmes embarqués contraints. Nous présentons plusieurs attaques contre des techniques d'attestation logicielle utilisées dans les systèmes embarqués. Puis nous présentons la conception et l'implémentation d'une technique d'attestation logicielle qui est résistante aux attaque présentées précédemment. Finalement, nous présentons la conception d'une solution permettant de réaliser l'attestation de code ainsi que la création d'une racine de confiance dynamique (dynamic root of trust) pour les systèmes embarqués. Cette solution est prouvée sure et ne dépend pas d'assomptions fortes faites dans le cas de l'attestation logicielle. / Embedded devices are currently used in many critical systems, ranging from automotive to medical devices and industrial control systems. Most of the research on such devices has focused on improving their reliability against unintentional failures, while fewer efforts have been spent to prevent intentional and malicious attacks. These devices are increasingly being connected via wireless and connected to the Internet for remote administration, this increases the risk of remote exploits and malicious code injected in such devices. Failures in such devices might cause physical damage and health and safety risks. Therefore, protecting embedded devices from attacks is of the utmost importance. In this thesis we present novel attacks and defenses against low-end embedded devices. We present several attacks against software-based attestation techniques used in embedded devices. Furthermore we design and implement a novel software-based attestation technique that is immune to the aforementioned attacks. Finally, we design a hardware solution to attest and establish a dyna Wsn Capteurs Actioneurs Wsan Protection des infrastructures critiques Sécurité Wsn Sensors Security Wsan Embedded systems Critical infrastructure protection Cip
16	Dopady výpadku elektrické energie ve velkých potravinářských podnicích v Jihočeském kraji / Impacts of a power outage in great food - processing companies in South Bohemia county HÁSKOVÁ, Michaela January 2014 (has links) Indispensability of electricity in all areas of life, including industry, requires enterprises to be prepared for possible power outages, which would minimize impacts on the population. The aim of this thesis titled "Impacts of a power outage in great food - processing companies in the South Bohemia county" is to analyze possible impacts of power cuts in the awareness system of large food enterprises and to assess the effects it would have on the protection of the population when power outage occurs. To obtain the data for the thesis, I used a qualitative research in the form of structured interviews with employees of five large food enterprises, who are responsible for the given area. SWOT analyse was used to evaluate the interviews and a KARS method was used for the analysis of the most significant impacts of an electric power outage in the system of awareness of enterprises and in the protection of the population. The results of the research revealed a basic fact that electricity outage would mean an immediate interruption of production for the food enterprises in South Bohemia. None of the enterprises surveyed owns a standby electric power source, so the sustainability of the standby energy supply does not exist. This fact is alarming mainly from the point of view of the crisis management, because two of the surveyed enterprises are included in the Crises plan of South Bohemia and implement corresponding measures. An important factor influencing the current state of food enterprises awareness for electricity outage is undoubtedly the fact that there is no legislation in the Czech Republic at the moment, which would impose an obligation for food enterprises to prepare for electric power outages. To increase the awareness of the food enterprises for electricity outage, for example in the form back up power sources, would require considerable investments. I hope that this thesis will serve not only as a study material, but also will be a subject of discussion for food enterprises, presenting a model for a case of electric power outage.
17	Essential Healthcare Services and Cloud Computing Hourani, Osama January 2021 (has links) Like many organizations, critical infrastructures and essential services are adopting cloud computing. The many benefits are however clouded with security concerns. These types of organizations and services are associated with severe societal and individual consequences from failures or incidents. They are naturally subject to strict regulations and requirements. Even if critical and essential services are adopting and utilizing cloud computing, organizations hesitate due to unsolved challenges with cloud computing for critical and essential services. To mitigate such unnecessary impediments and to enhance secure Health-CC, there is a need for an exploration of existing solutions for Health-CC, as well as investigating gaps, to provide improving considerations. To address this problem, the thesis investigated existing challenges and solutions for cloud computing security, regarding cloud computing within essential healthcare. Here, called “Health-CC”, and encompasses settings and processes where cloud computing is highly involved and where system, assets, and data protection are intensively actualized. The research question required the author to identify cloud computing challenges, thematize related solutions, patterns, gaps, and laying a basis for a well-based discussion on possible improving considerations – from a pertinent critical infrastructure protection perspective, for essential healthcare services. The chosen research question necessitated a problem-driven mixed methods approach, where a systematic literature review was utilized for the overall research guidance and selection procedures. Selection criteria were formulated to capture the mentioned Health-CC security settings. An integrated traditional literature review was added for the purpose of the scientific base. At the analysis level, the mixed methods approach facilitated a thematic synthesis analysis – to identify themes, patterns, and gaps or shortcomings, as well as lay the basis for following discussion of improving security considerations. Three solution groups were identified: specific techniques, software architecture, and assessment models. Further analysis of their solution types from a pertinent critical infrastructure protection perspective, identified multiple patterns: from recurring techniques or administrative components, targeted security issues, Health-CC environment focus, framework coverage, to the type of aspects and perspectives involved. This resulted in general patterns of solution components and perspectives, although revealing several shortcomings and possible improving considerations for enhanced Health-CC security: explicit critical infrastructure protection perspective; focus on continuity aspects; multi-party and multi-actor nature of Health-CC arrangement deserves more focus; system protection emphasis; availability concept and deterring properties highly considered; cloud environment specified when possible; data protection concerns only crucial and sensitive data required by law. Its conclusions on the exploration of solutions as well as improving considerations contribute to the HealthCC security field, to a satisfying degree. cloud computing essential healthcare cloud security critical infrastructure protection system protection data protection. Computer Sciences Datavetenskap (datalogi)
18	Critical Digital Infrastructure Protection: An Investigatoin Into The Intergovernmental Activities Of Information Technology Directors In Florida Counties Devenny, Joah Nicole 01 January 2004 (has links) As cyber attacks become more sophisticated, the risk to all networked computer systems increases. Whether public or private, whether federal, state, or local, the threat is equally real. Consequently, local governments must respond accordingly to understand the threats, take measures to protect themselves, and determine how to respond in the event of a system breach. Additionally, since cyber criminals do not respect geographic or administrative boundaries, local leaders must be prepared to instantly interact with other governments, agencies, and departments to suppress an attack. Guided by the theory of intergovernmental management (IGM), this exploratory research investigated how Information Technology (IT) Directors in Florida county constitutional offices use intergovernmental relations and management activities as part of their information security efforts. Specifically, this research sought to determine: 1) which IGM activities do county IT Directors most often perform; 2) do county IT Directors make more use of vertical or horizontal IGM relationships; 3) is there a relationship between office/county demographics and the IGM activities its IT Directors most often perform? To answer these questions, an electronic survey was distributed to 209 directors, of which 125 responded. Overwhelmingly, the findings indicate that these Directors rarely engage in IGM activities regardless of the purpose or type of government/department contacted. However, when seeking intergovernmental assistance, it is most often horizontally with other Departments within their own government and least often vertically with Federal offices. The most frequently performed intergovernmental activity is seeking technical assistance, however seeking program/project information is also perform more frequently than the other activities explored in this research. The least frequently performed activities involved seeking to modify established IT partnerships. Further, there was evidence of relationships between certain office/county demographics and IGM activity. The discovery of these patterns and relationships can be used to aid policy and program development, as well as to stimulate deeper inquiry into the intergovernmental dimensions involved in protecting local elements of the U.S. Critical Digital Infrastructure. County Critical infrastructure protection Information technology Intergovernmental management Local government Public Affairs
19	Sviluppo di una metodologia per la gestione del rischio attentati terroristici contro infrastrutture critiche / The Development of a Terrorism Risk Management Framework (TRMF) for the Protection of Critical Infrastructure Facilities from Terrorist Physical Attacks PISAPIA, GIOVANNI 10 March 2008 (has links) Questa tesi di dottorato consiste nello sviluppo di una metodologia per gestire il rischio attentati terroristici contro infrastrutture fisiche per proprietari o gestori di impianti appartenenti ad infrastrutture critiche. / This Ph.D. thesis consists in developing a terrorism risk management framework (TRMF) to guide critical infrastructure facilities' owners and operators in their decision making process related to the risk of terrorism.
20	L'identification des infrastructures critiques : réflexion à partir de l'exemple européen / The Identification of critical infrastructures : reflection about the European case Bouchon, Sara 10 January 2011 (has links) Les méthodes actuelles utilisées pour l'identification des infrastructures critiques, souvent envisagées dans leurs seules dimensions techniques, montrent certaines limites. Notre thèse postule qu'il est nécessaire de tenir compte du contexte territorial dans lequel ces infrastructures s'inscrivent, dans la mesure où les caractéristiques d'un territoire contribuent à leur criticité. En retour, les infrastructures critiques sont susceptibles d'aggraver la vulnérabilité de ces territoires. Nous développons deux hypothèses de recherche: 1. La "criticité territoriale" exprime le fait que les infrastructures critiques ne sont pas critiques en elles-mêmes, mais par rapport à un contexte socio-économique, politique et géographique. Nous proposons ainsi un ensemble de critères, associés à une approche multiscalaire des systèmes d'infrastructures, permettant l'identification des infrastructures critiques. Une étude de cas portant sur les infrastructures critiques d'énergie de l'Union Européenne valide cette approche. 2. La "criticité politique" souligne la dimension géopolitique des infrastructures critiques : celles-ci reflètent les seuils d'acceptabilité des autorités territoriales, au regard des conséquences potentielles de l'interruption de services essentiels. Cette hypothèse est développée et testée dans le cadre de notre participation au processus de concertation entre l'Union Européenne et ses pays membres pour la mise en place de la Directive 2008/114/EC sur l'identification et la protection des infrastructures critiques européennes. Les conclusions soulignent la pertinence d'une approche géographique et territoriale pour l'identification des infrastructures critiques. / The existing methods for identifying critical infrastructures, mainly based on risk analysis, were found to be insufficient. Our PhD states that the existing territorial vulnerability factors contribute to the criticality of the infrastructures; in return, critical infrastructures enhance this vulnerability. As a consequence, the identification process should be based, not only on technical aspects, but also on a geographical approach. Two main research hypothesis are developed: 1. The "territorial criticality" expresses the fact that an infrastructure is not critical in itself, but its criticality is related to the socio-economic, political and geographical context. We propose a set of criteria and related indicators associated to a multilevel model. A case study shows how these criteria can be applied in the case of the European energy critical infrastructures. 2. The "political criticality" means that the designation of an infrastructure as critical reflects the level of consequences decision-makers are ready to accept. These acceptability thresholds are related to the potential consequences the disruption of such infrastructure could trigger. If the potential consequences go beyond a given threshold, then the infrastructure is considered as critical. We developed and tested this hypothesis in the context of our participation to the preparatory work carried out by the European Commission Joint Research Center to support the European Commission and its member states on the definition of criteria for identifying European Critical Infrastructures (ECI). Conclusions highlight the benefits of a geographical approach to identify critical infrastructures. Infrastructures critiques Protection des infrastructures critiques Vulnérabilité territoriale Union européenne Infrastructures d'énergie Critical infrastructures Critical infrastructure protection Vulnerability assessment European Union Energy infrastructures

Search results