18 resultados para Critical infrastructure security
em Doria (National Library of Finland DSpace Services) - National Library of Finland, Finland
Resumo:
A postgraduate seminar series with a title Critical Infrastructure Protection against Cyber Threats held at the Department of Military Technology of the National Defence University in the fall of 2013 and 2014. This book is a collection of some of talks that were presented in the seminar. The papers address origin of critical infrastructure protection, wargaming cyberwar in critical infrastructure defence, cyber-target categorization, supervisory control and data acquisition systems vulnerabilities, electric power as critical infrastructure, improving situational awareness of critical infrastructure and trust based situation awareness in high security cloud environment. This set of papers tries to give some insight to current issues of the network-centric critical infrastructure protection. The seminar has always made a publication of the papers but this has been an internal publication of the Finnish Defence Forces and has not hindered publication of the papers in international conferences. Publication of these papers in peer reviewed conferences has indeed been always the goal of the seminar, since it teaches writing conference level papers. We still hope that an internal publication in the department series is useful to the Finnish Defence Forces by offering an easy access to these papers.
Resumo:
Postgraduate seminar series with a title Situational Awareness for Critical Infrastructure Protection held at the Department of Military Technology of the National Defence University in 2015. This book is a collection of some of talks that were presented in the seminar. The papers address designing inter-organizational situation awareness system, principles of designing for situation awareness, situation awareness in distributed teams, vulnerability analysis in a critical system context, tactical Command, Control, Communications, Computers, & Intelligence (C4I) systems, and improving situational awareness in the circle of trust. This set of papers tries to give some insight to current issues of the situation awareness for critical infrastructure protection. The seminar has always made a publication of the papers but this has been an internal publication of the Finnish Defence Forces and has not hindered publication of the papers in international conferences. Publication of these papers in peer reviewed conferences has indeed been always the goal of the seminar, since it teaches writing conference level papers. We still hope that an internal publication in the department series is useful to the Finnish Defence Forces by offering an easy access to these papers.
Resumo:
Maritime transports are very essential for Finland as over 80% of the foreign trade in the country is seaborne and possibilities to carry out these transports by are limited. Any disruption in maritime transports has negative consequences to many sectors in the Finnish economy. Maritime transport thus represents critical infrastructure for Finland. This report focuses on the importance of maritime transports on security of supply in Finland and for the so called critical industries in particular. The report summarizes the results of the Work Package 2 of the research project STOCA – “Study of cargo flows in the Gulf of Finland in emergency situations”. The aim of the research was to analyze the cargo flows and infrastructure that are vital for maintaining security of supply in Finland, as well as the consequences of disruptions in the maritime traffic for the Finnish critical industries and for the Finnish society. In the report we give a presentation of the infrastructure and transport routes which are critical for maintaining security of supply in Finland. We discuss import dependency of the critical industries, and the importance of the Gulf of Finland ports for Finland. We assess vulnerabilities associated with the critical material flows of the critical industries, and possibilities for alternative routings in case either one or several of the ports in Finland would be closed. As a concrete example of a transport disruption we analyze the consequences of the Finnish stevedore strike at public ports (4.3.–19.3.2010). The strike stopped approximately 80% of the Finnish foreign trade. As a result of the strike Finnish companies could not export their products and/or import raw materials, components and spare parts, or other essential supplies. We carried out personal interviews with representatives of the companies in Finnish critical industries to find out about the problems caused by the strike, how companies carried out they transports and how they managed to continue their operations during the strike. Discussions with the representatives of the companies gave us very practical insights about companies’ preparedness towards transport disruptions in general. Companies in the modern world are very vulnerable to transport disruptions because companies regardless of industries have tried to improve their performance by optimizing their resources and e.g. by reducing their inventory levels. At the same time they have become more and more dependent on continuous transports. Most companies involved in foreign trade have global operations and global supply chains, so any disruption anywhere in the world can have an impact on the operations of the company causing considerable financial loss. The volcanic eruption in Iceland in April 2010 stopping air traffic in the whole Northern Europe and most recently the earth quake causing a tsunami in Japan in March 2011 are examples of severe disruptions causing considerable negative impacts to companies’ supply chains. Even though the Finnish stevedore strike was a minor disruption compared to the natural catastrophes mentioned above, it showed the companies’ vulnerability to transport disruptions very concretely. The Finnish stevedore strike gave a concrete learning experience of the importance of preventive planning for all Finnish companies: it made them re-think their practical preparedness towards transport risks and how they can continue with their daily operations despite the problems. Many companies realized they need to adapt their long-term countermeasures against transport disruptions. During the strike companies did various actions to secure their supply chains. The companies raised their inventory levels before the strike began, they re-scheduled or postponed their deliveries, shifted customer orders between production plants among their company’s production network or in the extreme case bought finished products from their competitor to fulfil their customers’ order. Our results also show that possibilities to prepare against transport disruptions differ between industries. The Finnish society as a whole is very dependent on imports of energy, various raw materials and other supplies needed by the different industries. For many of the Finnish companies in the export industries and e.g. in energy production maritime transport is the only transport mode the companies can use due to large volumes of materials transported or due to other characteristics of the goods. Therefore maritime transport cannot be replaced by any other transport mode. In addition, a significant amount of transports are concentrated in certain ports. From a security of supply perspective attention should be paid to finding ways to decrease import dependency and ensuring that companies in the critical industries can ensure the continuity of their operations.
Resumo:
A postgraduate seminar series with a title Cyber Warfare held at the Department of Military Technology of the National Defence University in the fall of 2012. This book is a collection of some of talks that were presented in the seminar. The papers address computer network defence in military cognitive networks, computer network exploitation, non-state actors in cyberspace operations, offensive cyber-capabilities against critical infrastructure and adapting the current national defence doctrine to cyber domain. This set of papers tries to give some insight to current issues of the cyber warfare. The seminar has always made a publication of the papers but this has been an internal publication of the Finnish Defence Forces and has not hindered publication of the papers in international conferences. Publication of these papers in peer reviewed conferences has indeed been always the goal of the seminar, since it teaches writing conference level papers. We still hope that an internal publication in the department series is useful to the Finnish Defence Forces by offering an easy access to these papers.
Resumo:
Web portaalit tarjoavat ainutlaatuisia apuvälineitä erilaisien sisältöjen luomiseksi, monenlaisia navigointipolkuja, henkilökohtaisia sivuja ja turvapalveluja. Portaali on monimutkainen systeemi, joka sisältää monta yhteistyötä tekevää komponenttia, yleensä toteutuu valmiiksi tehdyillä ongelmistoilla. Tämä tutkimus kansittelee portaalin toteutusta IBM/Tivolin tuotteella. Portaalin komponenttien integraatio on kriittinen koko järjestelmä arkkitehtuurille ja saattaa vaatia lisää ohjelmistokehittelyä. Tutkimuksen ensisijainen tavoite on kehittää räätälöityä komponenttia kahta portaali-alijärjestelmä varten, tilaaja - turvapalvelu. Tutkimuksessa Tivoli Personalized Services Manager (TPSM) ja Tivoli SecureWay Policy Director (PD) on tutkittu. Integraatio sisältää TPSM tietokaunan ja PD User Registry tiedon synkronisointia. Integraatio-ohjelmisto on suunniteltu ja tehty olemassaoloevien alijärjestelmien perusteella.
Resumo:
Elektroninen kaupankäynti ja pankkipalvelut ovat herättäneet toiminnan jatkuvuuden kannalta erittäin kriittisen kysymyksen siitä, kuinka näitä palveluja pystytään suojaamaan järjestäytynyttä rikollisuutta ja erilaisia hyväksikäyttöjä vastaan.
Resumo:
Wireless sensor networks and its applications have been widely researched and implemented in both commercial and non commercial areas. The usage of wireless sensor network has developed its market from military usage to daily use of human livings. Wireless sensor network applications from monitoring prospect are used in home monitoring, farm fields and habitant monitoring to buildings structural monitoring. As the usage boundaries of wireless sensor networks and its applications are emerging there are definite ongoing research, such as lifetime for wireless sensor network, security of sensor nodes and expanding the applications with modern day scenarios of applications as web services. The main focus in this thesis work is to study and implement monitoring application for infrastructure based sensor network and expand its usability as web service to facilitate mobile clients. The developed application is implemented for wireless sensor nodes information collection and monitoring purpose enabling home or office environment remote monitoring for a user.
Resumo:
Since his inauguration, President Barack Obama has emphasized the need for a new cybersecurity policy, pledging to make it a "national security priority". This is a significant change in security discourse after an eight-year war on terror – a term Obama announced to be no longer in use. After several white papers, reports and the release of the so-called 60-day Cybersecurity Review, Obama announced the creation of a "cyber czar" position and a new military cyber command to coordinate American cyber defence and warfare. China, as an alleged cyber rival, has played an important role in the discourse that introduced the need for the new office and the proposals for changes in legislation. Research conducted before this study suggest the dominance of state-centric enemy descriptions paused briefly after 9/11, but returned soon into threat discourse. The focus on China's cyber activities fits this trend. The aim of this study is to analyze the type of modern threat scenarios through a linguistic case study on the reporting on Chinese hackers. The methodology of this threat analysis is based on the systemic functional language theory, and realizes as an analysis of action and being descriptions (verbs) used by the American authorities. The main sources of data include the Cybersecurity Act 2009, Securing Cyberspace for the 44th Presidency, and 2008 Report to Congress of the U.S. - China Economic and Security Review Commission. Contrary to the prevailing and popularized terrorism discourse, the results show the comeback of Cold War rhetoric as well as the establishment of a state-centric threat perception in cyber discourse. Cyber adversaries are referred to with descriptions of capacity, technological superiority and untrustworthiness, whereas the ‘self’ is described as vulnerable and weak. The threat of cyber attacks is compared to physical attacks on critical military and civilian infrastructure. The authorities and the media form a cycle, in which both sides quote each other and foster each other’s distrust and rhetoric. The white papers present China's cyber army as an existential threat. This leads to cyber discourse turning into a school-book example of a securitization process. The need for security demands action descriptions, which makes new rules and regulations acceptable. Cyber discourse has motives and agendas that are separate from real security discourse: the arms race of the 21st century is about unmanned war.
Resumo:
The objective of this research was to describe how Nordic companies manage hazard risks in their operations in Russia and how the local business environment is considered to affect the hazard risks. Research methods used in this research were literature review and expert interviews. Twelve Nordic industrial companies operating in different fields of industry were interviewed. Large Nordic companies typically guide risk management centralized from the parent company on behalf of the whole company group and the risk management standards and policies are integrated in all subsidiaries. Parent companies typically control hazard risk management in Russia by regular risk management reporting, auditing the Russian sites and by training local managers and employees to risk management work. Many companies have experienced several losses in the first years of operating in Russia before the risk management policies have been implemented in Russian subsidiaries. The companies have learned to take local characteristics better into account by experience and most companies are quite satisfied with their current risk management standards in Russia. The interviews indicate that companies experience especially the poor quality of infrastructure, some features in Russian organizational culture and high level of criminality to increase hazard risks in Russia. However, understanding these features and risks in the business environment makes the management of these risks possible. Risks related to infrastructure can be managed in advance by decreasing dependencies of infrastructure and considering the infrastructure quality already when planning the business operations. Also good local network is often considered critical in order to overcome the complications related to infrastructure. Russian personnel has typically different attitude towards risk management than Nordic personnel and neglecting safety and maintenance and concealing losses is more typical in Russia. By training and guiding the local personnel risk management and safety work and desired ways of actions these risks can be decreased. Criminality risks are often managed to certain extent by investing in security, increasing supervising and paying attention to reliability of the employees and other interest groups of the company.
Resumo:
Inhimilliseen turvallisuuteen kriisinhallinnan kautta – oppimisen mahdollisuuksia ja haasteita Kylmän sodan jälkeen aseelliset konfliktit ovat yleensä alkaneet niin sanotuissa hauraissa valtioissa ja köyhissä maissa, ne ovat olleet valtioiden sisäisiä ja niihin on osallistunut ei-valtiollisia aseellisia ryhmittymiä. Usein ne johtavat konfliktikierteeseen, jossa sota ja vakaammat olot vaihtelevat. Koska kuolleisuus konflikteissa voi jäädä alle kansainvälisen määritelmän (1000 kuollutta vuodessa), kutsun tällaisia konflikteja ”uusiksi konflikteiksi”. Kansainvälinen yhteisö on pyrkinyt kehittämään kriisinhallinnan ja rauhanrakentamisen malleja, jotta pysyvä rauhantila saataisiin aikaiseksi. Inhimillinen turvallisuus perustuu näkemykseen, jossa kunnioitetaan jokaisen yksilön ihmisoikeuksia ja jolla on vaikutusta myös kriisinhallinnan ja rauhanrakentamisen toteuttamiseen. Tutkimukseen kuuluu kaksi empiiristä osaa: Delfoi tulevaisuuspaneeliprosessin sekä kriisinhallintahenkilöstön haastattelut. Viisitoista eri alojen kriisinhallinta-asiantuntijaa osallistui paneeliin, joka toteutettiin vuonna 2008. Paneelin tulosten mukaan tulevat konfliktit usein ovat uusien konfliktien kaltaisia. Lisäksi kriisinhallintahenkilöstöltä edellytetään vuorovaikutus- ja kommunikaatiokykyä ja luonnollisesti myös varsinaisia ammatillisia valmiuksia. Tulevaisuuspaneeli korosti vuorovaikutus- ja kommunikaatiotaitoja erityisesti siviilikriisinhallintahenkilöstön kompetensseissa, mutta samat taidot painottuivat sotilaallisen kriisinhallinnan henkilöstön kompetensseissakin. Kriisinhallinnassa tarvitaan myös selvää työnjakoa eri toimijoiden kesken. Kosovossa työskennelleen henkilöstön haastatteluaineisto koostui yhteensä 27 teemahaastattelusta. Haastateltavista 9 oli ammattiupseeria, 10 reservistä rekrytoitua rauhanturvaajaa ja 8 siviilikriisinhallinnassa työskennellyttä henkilöä. Haastattelut toteutettiin helmi- ja kesäkuun välisenä aikana vuonna 2008. Haastattelutuloksissa korostui vuorovaikutus- ja kommunikaatiotaitojen merkitys, sillä monissa käytännön tilanteissa haastateltavat olivat ratkoneet ongelmia yhteistyössä muun kriisinhallintahenkilöstön tai paikallisten asukkaiden kanssa. Kriisinhallinnassa toteutui oppimisprosesseja, jotka usein olivat luonteeltaan myönteisiä ja informaalisia. Tällaisten onnistumisten vaikutus yksilön minäkuvaan oli myönteinen. Tällaisia prosesseja voidaan kuvata ”itseä koskeviksi oivalluksiksi”. Kriisinhallintatehtävissä oppimisella on erityinen merkitys, jos halutaan kehittää toimintoja inhimillisen turvallisuuden edistämiseksi. Siksi on tärkeää, että kriisinhallintakoulutusta ja kriisinhallintatyössä oppimista kehitetään ottamaan huomioon oppimisen eri tasot ja ulottuvuudet sekä niiden merkitys. Informaaliset oppimisen muodot olisi otettava paremmin huomioon kriisinhallintakoulutusta ja kriisinhallintatehtävissä oppimista kehitettäessä. Palautejärjestelmää olisi kehitettävä eri tavoin. Koko kriisinhallintaoperaation on saatava tarvittaessa myös kriittistä palautetta onnistumisista ja epäonnistumisista. Monet kriisinhallinnassa työskennelleet kaipaavat kunnollista palautetta työrupeamastaan. Liian rutiininomaiseksi koettu palaute ei edistä yksilön oppimista. Spontaanisti monet haastatellut pitivät tärkeänä, että kriisinhallinnassa työskennelleillä olisi mahdollisuus debriefing- tyyppiseen kotiinpaluukeskusteluun. Pelkkä tällainen mahdollisuus ilmeisesti voisi olla monelle myönteinen uutinen, vaikka tilaisuutta ei hyödynnettäisikään. Paluu kriisinhallintatehtävistä Suomeen on monelle haasteellisempaa kuin näissä tehtävissä työskentelyn aloittaminen ulkomailla. Tutkimuksen tulokset kannustavat tutkimaan kriisinhallintaa oppimisen näkökulmasta. On myös olennaista, että kriisinhallinnan palautejärjestelmiä kehitetään mahdollisimman hyvin edistämään sekä yksilöllistä että organisatorista oppimista kriisinhallinnassa. Kriisinhallintaoperaatio on oppimisympäristö. Kriisinhallintahenkilöstön kommunikaatio- ja vuorovaikutustaitojen kehittäminen on olennaista tavoiteltaessa kestävää rauhanprosessia, jossa konfliktialueen asukkaatkin ovat mukana.
Resumo:
Cyber security is one of the main topics that are discussed around the world today. The threat is real, and it is unlikely to diminish. People, business, governments, and even armed forces are networked in a way or another. Thus, the cyber threat is also facing military networking. On the other hand, the concept of Network Centric Warfare sets high requirements for military tactical data communications and security. A challenging networking environment and cyber threats force us to consider new approaches to build security on the military communication systems. The purpose of this thesis is to develop a cyber security architecture for military networks, and to evaluate the designed architecture. The architecture is described as a technical functionality. As a new approach, the thesis introduces Cognitive Networks (CN) which are a theoretical concept to build more intelligent, dynamic and even secure communication networks. The cognitive networks are capable of observe the networking environment, make decisions for optimal performance and adapt its system parameter according to the decisions. As a result, the thesis presents a five-layer cyber security architecture that consists of security elements controlled by a cognitive process. The proposed architecture includes the infrastructure, services and application layers that are managed and controlled by the cognitive and management layers. The architecture defines the tasks of the security elements at a functional level without introducing any new protocols or algorithms. For evaluating two separated method were used. The first method is based on the SABSA framework that uses a layered approach to analyze overall security of an organization. The second method was a scenario based method in which a risk severity level is calculated. The evaluation results show that the proposed architecture fulfills the security requirements at least at a high level. However, the evaluation of the proposed architecture proved to be very challenging. Thus, the evaluation results must be considered very critically. The thesis proves the cognitive networks are a promising approach, and they provide lots of benefits when designing a cyber security architecture for the tactical military networks. However, many implementation problems exist, and several details must be considered and studied during the future work.
Resumo:
The number of security violations is increasing and a security breach could have irreversible impacts to business. There are several ways to improve organization security, but some of them may be difficult to comprehend. This thesis demystifies threat modeling as part of secure system development. Threat modeling enables developers to reveal previously undetected security issues from computer systems. It offers a structured approach for organizations to find and address threats against vulnerabilities. When implemented correctly threat modeling will reduce the amount of defects and malicious attempts against the target environment. In this thesis Microsoft Security Development Lifecycle (SDL) is introduced as an effective methodology for reducing defects in the target system. SDL is traditionally meant to be used in software development, principles can be however partially adapted to IT-infrastructure development. Microsoft threat modeling methodology is an important part of SDL and it is utilized in this thesis to find threats from the Acme Corporation’s factory environment. Acme Corporation is used as a pseudonym for a company providing high-technology consumer electronics. Target for threat modeling is the IT-infrastructure of factory’s manufacturing execution system. Microsoft threat modeling methodology utilizes STRIDE –mnemonic and data flow diagrams to find threats. Threat modeling in this thesis returned results that were important for the organization. Acme Corporation now has more comprehensive understanding concerning IT-infrastructure of the manufacturing execution system. On top of vulnerability related results threat modeling provided coherent views of the target system. Subject matter experts from different areas can now agree upon functions and dependencies of the target system. Threat modeling was recognized as a useful activity for improving security.
