Global ETD Search

91	Hacking the airport X-ray machine Zuber, Felix January 2024 (has links) Recent and frequent reports of important systems being hacked are being presented almost daily, and the fact that our digitized society has fallen behind on securing these systems is becoming more and more obvious. Vital infrastructure - systems that we depend on for our safety. The security of these systems is of utmost importance, but how well are they protected? Even systems that are supposed to be isolated and never exposed to the general public have shown through history to be vulnerable. This thesis analyzed the security of such a vital system, namely a common unit among X-ray security scanners (Smiths Detection HI-SCAN 6040i) that are not only used by airports to search bags and belongings but also by an increasing multitude of applications such as prisons, jails, courts, government buildings, hotels and public events. In order to structure the work and present the attack vectors, a threat model was determined for the target system. In total, 11 vulnerabilities were found in the system. Most of them grant access to the X-ray machine, where it is also possible to escalate privileges to root access. This work will also show that once one has gained access to the network connecting these machines, there are multiple paths to gaining full access to the system. When access has then been obtained, it will also be demonstrated how to manipulate the scanning function of the X-ray machine in such a way that one could bring prohibited items through the security checkpoint unknowingly of the security operators, concluding that the system is vulnerable and that the impact of successful exploitation could have catastrophic consequences. / Nya rapporter om samhällsviktiga system som blivit hackade kommer hela tiden, och faktumet att vårat digitaliserade samhälle har hamnat på efterkälken med att säkra upp dessa system blir mer och mer tydligt. Kritisk infrastruktur - system som vi är beroende av för vår säkerhet. Säkerheten i dessa system är av yttersta betydelse, men hur säkra är dem? Även system förment att vara isolerade och aldrig exponerade för allmänheten har visat sig genom historien vara sårbara. Denna uppsats har analyserat säkerheten för att sådant kritiskt system, nämligen ett vanligt använt röntgenanalyssystem (Smiths Detection HI-SCAN 6040i) som används frekvent på flygplatser för att skanna handbagage men finns även på en tilltagande skara sektorer såsom kriminalvårdsanstalter, häkten, domstolar, samhällsviktiga byggnader, hotel och publika evenemang. I syfte att strukturera arbetet samt att presentera attackvektorerna, bestämdes en hotmodell för målsystemet. Totalt hittades 11 sårbarheter i systemet. De flesta av dem resulterade i tillträde till röntgenmaskinen, där det även var möjligt att eskalera privilegierna till root-behörighet. Det här arbetet kommer även visa att när tillträde erhållits till nätverket som sammankopplar dessa maskiner, så finns det flera vägar att nå full tillgång till systemet. När sådan tillgång erhållits, kommer det även demonstreras hur det är möjligt att manipulera skanningsfunktionen på röntgenmaskinen på ett sådant sätt att det vore möjligt att få igenom otillåtna föremål genom säkerhetskontrollen utan att säkerhetspersonalen märker någonting. Slutsatsen blir att systemet är sårbart och att resultatet av att framgångsrikt utnyttja en sådan sårbarhet kan få katastrofala konsekvenser. X-ray ethical hacking airport aviation security critical infrastructure Röntgen etisk hackning flygplats luftfartsskydd kritisk infrastruktur Elektroteknik och elektronik
92	ALGORITHM TO DEVELOP A MODEL PROVIDING SECURITY AND SUSTAINABILITY FOR THE U.S. INFRASTRUCTURE BY PROVIDING INCREMENTAL ELECTRICAL RESTORATION AFTER BLACKOUT Casey Allen Shull (7039955) 15 August 2019 (has links) <p>Is North America vulnerable to widespread electrical blackout from natural or man-made disasters? Yes. Are electric utilities and critical infrastructure (CI) operators prepared to maintain CI operations such as, hospitals, sewage lift stations, food, water, police stations etc., after electrical blackout to maintain National security and sustainability? No. Why? Requirements to prioritize electrical restoration to CI do not exist as a requirement or regulation for electrical distribution operators. Thus, the CI operators cannot maintain services to the public without electricity that provides power for the critical services to function. The problem is that electric utilities are not required to develop or deploy a prioritized systematic plan or procedure to decrease the duration of electrical outage, commonly referred to as blackout. The consequence of local blackout to CI can be multi-billion-dollar financial losses and loss of life for a single outage event attributed to the duration of blackout. This study utilized the review of authoritative literature to answer the question: “Can a plan be developed to decrease the duration of electrical outage to critical infrastructure”. The literature revealed that electric utilities are not required to prioritize electrical restoration efforts and do not have plans available to deploy minimizing the duration of blackout to CI. Thus, this study developed a plan and subsequent model using Model Based System Engineering (MBSE) to decrease the duration of blackout by providing incremental electrical service to CI.</p> security sustainability mbse model algorithm approach logic blackout Crisis resiliency reliability infrastructure systems Infrastructure design decisions utility company utility decision maker critical infrastructure protection Critical Infrastructure Resilience National Security disaster relief applications terrorist attacks MBSE SysML electric utility resilient hospitals
93	Strategic Objectives in Complex Planning Environments : Insights from a Swedish Case for Critical Infrastructure Protection Große, Christine January 2018 (has links) Large-scale and long-term planning imposes extensive requirements on governance efforts regardless of whether it involves public organisations, private organisations, or both. The proportions of such planning entangle many actors and stakeholders as system components within and around a complex system. These system components and conditions in a complex planning environment introduce a diverse variety of strategic objectives into the planning. This study investigates how strategic objectives can affect the governance of complex planning systems, particularly in the context of national critical infrastructure protection. For this purpose, this thesis concentrates on a national planning procedure, STYREL, which Sweden has recently implemented for the case of power shortages. This case involves various actors from the national, regional and local levels who act on behalf of both public and private organisations in a planning process with four-year intervals, and it thus constitutes a relevant subject for this study. The investigation entailed the collection of evidence from documents and interviews. First, publicly available Swedish documents regarding the case provided an understanding of the planning. Second, interviews with decision-makers who are entrusted with this planning at municipalities and county administrative boards as well as with a few planners from power grid providers offered a deeper comprehension of both the proceedings in practice and the strategic objectives involved in this complex system for planning of critical infrastructure protection. Particularly, the findings resulted in several conceptual models that demonstrate these understandings in more detail. A soft system model visualises the problem situation and contains several elements, such as the system components, interrelations and conditions. Moreover, a multi-level planning model specifies sources of uncertainty in the planning and decision-making process that are associated with an insufficient alignment of strategic objectives in the STYREL case. These decompositions of the Swedish planning environment – both horizontal and vertical – further enabled this study to identify significant parameters of the systemic conditions and strategic objectives involved in such complex planning environments that challenge their governance. The findings of this study suggest that the Swedish process is not yet fully developed. The investigation particularly indicates that a better alignment of strategic objectives is necessary to ensure a selection of adequate goals and means that advances the future usability of the produced plan, which in turn would legitimate and strengthen this complex planning process for critical infrastructure protection. / Storskalig och långvarig planering ställer höga krav på styrning. Detta gäller oavsett om offentliga eller privata organisationer, eller båda, är involverade. Omfattningen av en sådan planering engagerar många aktörer och intressenter som komponenter inom och omkring ett komplext system. Dessa komponenter samt deras villkor inbäddade i en komplex planeringsmiljö skapar en mångfald av strategiska målbilder som följer med in till planeringen. Denna studie undersöker därför hur strategiska målbilder kan påverka styrningen av komplexa planeringssystem, särskilt i kontexten av skyddet av kritisk infrastruktur i samhället. Undersökningen fokuserar på en nationell planeringsprocess, kallad STYREL, som avser beredskapsplanering för elbristsituationer och som implementerats i Sverige. Planeringsmiljön omkring STYREL är ett relevant studieobjekt eftersom den involverar många aktörer från nationell, regional och lokal nivå. Dessa aktörer representerar offentliga och privata organisationer i den planeringsprocess som genomförs med fyraårsintervaller. Under undersökningens gång har bevis samlats in från dokument och intervjustudier. Först har offentlig tillgängliga dokument om fallet skapat en förståelse om planeringen. Intervjuer med beslutsfattare som är ansvariga för STYREL-planeringen hos länsstyrelser, kommuner samt elnätsbolag har sedan genererat en ännu djupare förståelse. Detta gällande både förfaringssättet i praktiken och de strategiska målbilder som är involverade i detta komplexa system för planering av kritisk infrastruktur-skydd. Resultaten ledde i synnerhet till några konceptuella modeller vilka demonstrerar förståelserna på ett detaljerat sätt. En systemmodell visualiserar problemsituationen och innehåller flera element såsom systemkomponenter, relationer och villkor. En multinivå-planeringsmodell specificerar källor av osäkerhet i planerings- och beslutsprocessen vilka är associerade med en otillräcklig harmonisering av strategiska målbilder i STYREL fallet. Dekompositionerna av den svenska planeringsmiljön – både horisontellt och vertikalt – gjorde det möjligt att identifiera signifikanta parametrar av de systemiska villkor och strategiska målbilder som är involverade i dessa komplexa planeringsmiljöer och utmanar deras styrning. Resultaten av studien indikerar att den svenska processen inte är fullt utvecklat. Undersökningen visar att en bättre harmonisering av strategiska målbilder är nödvändig för att säkerställa ett urval av adekvata mål och medel som skulle utveckla den framtida användbarheten av den producerade planen. Denna skulle i sin tur legitimera och stärka den komplexa planeringsprocessen för skyddet av kritisk infrastruktur. Därtill kunde detta främja en målgruppsorienterad kommunikation om risker och relevanta åtgärder. / <p>Vid tidpunkten för framläggningen av avhandlingen var följande delarbeten opublicerade: delarbete 1 under granskning, delarbete 3 under granskning.</p><p>At the time of the defence the following papers were unpublished: paper 1 under review, paper 3 under review.</p> Systemic Thinking Soft Operations Research Governance Complex Systems Critical Infrastructure Protection Largescale Planning Multi-level Planning Strategic Management Information Systems, Social aspects
94	Omezení činnosti soudů během mimořádných událostí / Restrictions on activities of the courts during emergencies DOSTÁL, Petr January 2011 (has links) The thesis discusses the limitations of courts during emergencies and the meaningfulness of the classification system of justice in critical infrastructure. Judicial power is in addition to legislative and executive branches in a classic triangle of state power. The scope of its activities is to introduce the first part. With an analysis of relevant laws to the reader's raised the breadth and importance to society. The text below is followed by a list of incidents that affect the limitations on the exercise of judicial power. They provide a list of departmental emergency preparedness plan and have added two new current threats. The last part of the introductory essay to speak of critical infrastructure, which includes the judiciary. The thesis aims to determine how the judicial administration immune to the impact of emergencies. Whether the system needs more investment in security measures applied so far as eliminating the effect of well-defined emergencies, and if justice is rightly placed in the framework of critical infrastructure. For the actual processing of the results is the methodology used in operational analysis. Specifically, it is the discipline of multi-criteria evaluation of alternatives. The method itself is appropriate for the assessment of phenomena, where the value of multiple criteria. The results are processed according to the principles of the WSA (weighted sum) and Fuller (comparison and scoring method). Naturally, there is comparison of the results of both disciplines. Examined measures designed to limit exposure incidents are classified into thematic blocks. The ranking of construction services, technology, internal structure and physical site security. Taking the first and third block is formed by means of passive protection and the second and fourth block is formed by means of active defense. It is interesting comparison between the blocks and those stand block. A summary of results and their own and departmental analysis of threats to judicial authorities indicate readiness for the events listed in the Plan of departmental emergency preparedness as an emergency.
95	La contribution des dynamiques internationales formelles au renforcement de la cybersécurité canadienne Vodouhe, Carolle 05 1900 (has links) No description available. Canada convention de Budapest cybersécurité cybercriminalité infrastructures critiques cybercrimes de type 1 MSP Canada Budapest Convention cybersecurity cybercriminality critical infrastructure cybercrimes type 1 MSP
96	Důsledky velkých výpadků elektrické energie na zemědělské chovy Jihočeského kraje / Consequences of blackouts on agricultural farms of South Bohemia PARLÁSKOVÁ, Lucie January 2013 (has links) Electrical energy plays an indispensable role in our contemporary society. However, we mostly realize its position in agriculture in a situation which often already entails irreversible consequences. Therefore, the thesis aims to assess the consequences of power blackout on agricultural farming. In connection with the selected objective, a question arises whether long-term power blackouts also constitute a serious threat to agricultural farms of South Bohemia? The theoretical part briefly describes electrical energy, its production and method of transmission. It also includes basic elements of the power system including its stability and safety. The chapter also acquaints the reader with the critical infrastructure of the Czech Republic and its legislative base. Then, it globally analyzes the term blackout.Given the topic of the thesis, it is necessary to mention the valuable work of the integrated rescue system which in addition to the basic obligations to ensure the protection of human life and property is required to provide missions to rescue animals in emergency situations. Finally, this chapter deals with the application of electrical energy in agriculture, including the characteristics of surveyed farms and a high degree of automation used in farming.The research part is based on the search of the current state of selected agricultural farms. The research was focused on the South Bohemian Region which makes no exception in relation to this issue. Used for the research was a qualitative method of data collection with the information obtained through the techniques of controlled interviews and the secondary analysis of data provided by competent employees of farms in South Bohemia. The results are then outlined in two planes. During recent years, breeding stations have been completely renovated, especially in the section of technological processes. Modern electronic devices which include e.g. automated milking, feeding, suction and washing equipment, heating of service water and heating, should ensure trouble-free operation in such farms. However, what the vast majority of farms is not adequately prepared for is to ensure their smooth operation even during a failure of the electrical system. A number of farms do not have an alternate source of electrical energy. The percentage of self-sufficient farms having on its premises a pumping station that can supply the local diesel-aggregate, is also negligible. Moreover, in case of a diesel-aggregate failure, no alternative source is available. A crucial problem arises in the category of poultry. The animals are situated in large-volume halls where all processes are controlled by fully automated control systems. An alternative source of electrical energy is a crucial element needed to ensure normal operation of the farms. Unless the established criteria are in compliance (ventilation, lighting, etc.), reaction of the animals becomes evident within tens of minutes. Any deviation results in rapid loss of animals. It is assumed that the resulting data will be used both for research purposes in the area of secondary impacts in case of electrical system failures and for objective assessment of the effectiveness in farming security within the current methods. The purpose is to educate the above entities.
97	Uma ferramenta de manipula??o de pacotes para an?lise de protocolos de redes industriais baseados em TCP/IP Kobayashi, Tiago Hiroshi 07 June 2009 (has links) Made available in DSpace on 2014-12-17T14:55:38Z (GMT). No. of bitstreams: 1 TiagoHK.pdf: 2636025 bytes, checksum: ce24354f7859d7a6bcea2ea448265402 (MD5) Previous issue date: 2009-06-07 / This work presents a packet manipulation tool developed to realize tests in industrial devices that implements TCP/IP-based communication protocols. The tool was developed in Python programming language, as a Scapy extension. This tool, named IndPM- Industrial Packet Manipulator, can realize vulnerability tests in devices of industrial networks, industrial protocol compliance tests, receive server replies and utilize the Python interpreter to build tests. The Modbus/TCP protocol was implemented as proof-of-concept. The DNP3 over TCP protocol was also implemented but tests could not be realized because of the lack of resources. The IndPM results with Modbus/TCP protocol show some implementation faults in a Programmable Logic Controller communication module frequently utilized in automation companies / Neste trabalho ? apresentada uma ferramenta de manipula??o de pacotes destinada ? realiza??o de testes em dispositivos que implementam protocolos de comunica??o baseados em TCP/IP utilizados em redes industriais. A ferramenta foi desenvolvida em linguagem de programa??o Python, como uma extens?o ao Scapy. Esta ferramenta, denominada IndPM - Industrial Packet Manipulator, permite testar os dispositivos presentes em redes industriais em rela??o a poss?veis vulnerabilidades, realizar testes de conformidade de protocolos, coletar respostas de servidores existentes nas redes e utilizar os recursos do interpretador Python para compor testes. Como prova de conceito, foi implementado o protocolo Modbus/TCP. O protocolo DNP3 sobre TCP tamb?m foi implementado, mas n?o foi testado por indisponibilidade de recursos. Os resultados dos testes obtidos com a manipula??o de pacotes Modbus/TCP mostram falhas de implementa??o em um m?dulo de comunica??o para um Controlador L?gico Program?vel bastante utilizado na ind?stria Seguran?a em redes industriais Modbus/TCP DNP3 sobre TCP Industrial network security Critical infrastructure security Industrial protocols compliance tests Modbus/TCP DNP3 over TCP CNPQ::ENGENHARIAS::ENGENHARIA ELETRICA
98	Návrh přístupového systému jako součást řešení fyzické bezpečnosti / Design of Access System as a Part of Physical Security Solution Dohnal, Matěj January 2017 (has links) This master’s thesis deals with design of an access system as a part of physical security solution for an energy company in the Czech Republic. The access system is designed to meet all legal requirements and conform to ISO 27001 certification. Implementation of the proposed access system is demonstrated on the selected company object, a representative example of connecting the critical infrastructure element and the company's common facility.
99	Návrh elektronického zabezpečovacího systému jako část fyzického zabezpečení energetických objektů kritické infrastruktury / Proposal of an electronic security system as part of the physical securing of critical infrastructure energetic objects Mihálik, Andrej January 2018 (has links) This master's thesis deals with the design of an electronic security system as part of the physical security for the energy company in the Czech Republic. The electronic security system is designed to meet all legal requirements, internal directives and has also passed ISO 27001 certification. The Implementation of the security system is demonstrated on the selected object of the company that belongs to the elements of the critical infrastructure.
100	Bezpečnostní rizika podle standardu ISO 27001 / Security risks according to ISO 27001 Doubková, Veronika January 2020 (has links) This diploma thesis deals with the management of security information, according to ISO/IEC 27005 and it is implementation in the Verinice software environment. The risk information management process is applied to a critical infrastructure, that is connected to a optical fiber network. The work focuses on incidents aimed at threatening data from optical threats and active network elements in transmission systems. The result of the work is defined as a risk file in the .VNA format containing identified risks, for which appropriate measures are implemented in connection with the requirements of ISO/IEC 27001, for the protection of critical infrastructures and transmitted data in the transmission system.

Search results