The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Railroads play a significant role in the United States economy, transporting a wide variety of goods across a geographical disperse network. Hardening this network against all forms of attack is not possible. This paper will address the role of freight and passenger rail in the United States, provide an unclassified set of relatively easy attacks that can be used to disrupt rail traffic, outline actions...
Recent disasters and terrorist attacks have increased the demand on the US government in assuring the safety and reliability of the nation’s critical infrastructure. The response of the US Department of Homeland security, as set forth by the National Infrastructure Protection Plan (NIPP) is to decentralize much of the risk assessment and strategic decision-making processes to the owners and operators...
Positive Train Control (PTC) refers to microprocessor-based communication technologies that are capable of preventing train collisions, derailments, and injuries to workers operating within the railroad system. In North America, there are 11 competing PTC projects in various stages of refinement. The North American Joint Positive Train Control Project (NAJPTC) is one of those efforts, based on the...
Malicious insiders are one of the most serious threats to an organization’s information assets. The threat is also extremely difficult to mitigate: an insider can be more knowledgeable than an external attacker about the target system and is, therefore, more effective at defeating security controls that mainly defend against external attacks. A promising technique for addressing the insider threat...
This paper advocates the need to conceptualize or model critical information infrastructure protection (CIIP) in order to explain regulatory choices made by governments regarding CIIP. Building on previous attempts, it proposes two models of CIIP: the national security model and the business continuity model. Each of these models is based on a different, sometimes contrasting, set of values, namely,...
The Modbus protocol and its variants are widely used in industrial control applications, especially for pipeline operations in the oil and gas sector. This paper describes the principal attacks on the Modbus Serial and Modbus TCP protocols and presents the corresponding attack taxonomies. The attacks are summarized according to their threat categories, targets and impact on control system assets....
Multiprotocol label switching (MPLS) is one of the fastest growing telecommunications infrastructure technologies. MPLS provides OSI layer 2 switching speed coupled with layer 3 addressing, and supports multiple service models and sophisticated traffic management. Several telecommunications companies have made massive investments in MPLS technology. Indeed, within a few years, a major portion of global...
A Common Body of Knowledge (CBK) is a way to conceptually represent the knowledge of a discipline. It can serve as a guide when designing a curriculum, a course, or a training program, as it describes and sets the boundaries of a knowledge field. In this paper, we aim at extending our previous work on creating a CBK that can serve as the basis of an Information Security and Critical Information and...
Alternatives are needed to using intuition as the dominant approach for assessing critical infrastructure interdependencies. Since there is no single, measurable unit that accurately reflects interdependencies between critical infrastructure sectors, an interdependency metric must be a composite of measurable elements related to the dependency of one sector on another. This paper defines and applies...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.