cyber security in the nuclear age
play

Cyber Security in the Nuclear Age Dr. Jane LeClair, Chief - PowerPoint PPT Presentation

Jul 04, 2023 •25 likes •925 views

Cyber Security in the Nuclear Age Dr. Jane LeClair, Chief Operating Officer National Cybersecurity Institute at Excelsior College Washington, D.C. Overview 2 A Vested Interest Computers have provided the means the Internet has provided

  1. Cyber Security in the Nuclear Age Dr. Jane LeClair, Chief Operating Officer National Cybersecurity Institute at Excelsior College Washington, D.C.

  2. Overview 2

  3. A Vested Interest Computers have provided the means… the Internet has provided the pathway 3

  4. We are a Connected World 4

  5. Security for Convenience “If you sacrifice security for freedom you deserve neither” 5

  6. Security for Convenience 6

  7. Staggering Losses Identity theft costs Americans $37 BILLION annually Worldwide cyber crime costs about $1 TRILLION annually Cybercrime cost US economy over $70 BILLION annually 7

  8. Cybersecurity Timeline 8

  9. Cybersecurity Timeline 9

  10. Cybersecurity Timeline 10

  11. Not ‘IF’- but ‘WHEN’  In 2013…  Federal agents notified more than 3,000 U.S. companies last year that their computer systems had been hacked  White House officials revealed to industry executives how often it tipped off the private sector to cyber intrusions 11

  12. Cyber Crime 12

  13. What’s It All About? 13

  14. Integrating the Domains 14

  15. People Element  Cyber security professional does not work on an island, but requires building bridges  Human errors as major cause of security breaches  Psychology/behavior/motives of hackers 15

  16. Process Element  Integrating solutions into existing procedures of organization  Procedures must be well documented and established in organization  Procedures must be revised on regular basis 16

  17. Technology Element  Basic understanding of core technical areas  Programming, computer architecture, operating systems, database concepts, etc. 17

  18. Integrating the Domains 18

  19. Framework for Cyber Security Online Education Integration 19

  20. Integrating the Elements PEOPLE 20

  21. National Institute of Standards and Technology (NIST) 21

  22. Nuclear Information Technology Strategic Leadership (NITSL)  NITSL is a nuclear industry group with membership from all utilities  Members exchange pertinent information regarding evolving technologies issues  Participants collaborate to address the many issues related to information technologies as utilized at nuclear facilities 22

  23. Role of Cyber Security Education & Awareness  As part of the Cyberspace Policy Review, President Obama identified cyber security education and awareness as a key gap .  CE&A leads the following activities that are filling this gap:  Cyber Awareness Programs  Formal Cyber security Education  National Professionalization and Workforce Development Program  Training and Education Programs  Strategic Partnerships 23

  24. National Initiative for Cybersecurity Education (NICE 2.0)  NICE is a federally-endorsed program that interacts directly with academia and private industry on cyber security workforce issues.  NICE Component 1: Enhance Awareness  NICE Component 2: Expand the Pipeline  NICE Component 3: Evolve the Field 24

  25. National Cybersecurity Workforce Framework 25

  26. Defining the Cyber Workforce  The US can benefit from greater consistency in classifying cyber security workers.  Identifying and quantifying individuals performing cyber security work remains a challenge.  Organizations realize the need to determine specific types of demand for cyber security workers.  Government, private industry, and academia can create more effective cyber workforce structures by increasing collaboration and communication about the cyber workforce. 26

  27. The National Centers of Academic Excellence in Information Assurance  Two-step process sponsored by NSA 1. Committee on National Security Systems (CNSS) Training Standards as a prerequisite 2. Recognition as a Center for Academic Excellence  CAE - Information Assurance Education  CAE - 2 Year Education  CAE - Research 27

  28. NSA/DHS Information Assurance /Cyber Operations Designation  Goal is to replace existing programs designated as CAE/IAE, CAE/2Y and CAE/R and replace the two step process CNSS/CAE  Designation moves from Program to College level recognition  Creation of a designation to distinguish strengths of each CAE Institution  Benefit for students, employers, hiring managers throughout the nation  New designation will be NSA/DHS CAE Cyber Operations and will replace previous designations 28

  29. Criteria for Measurement CAE 1. Academic Content 2. Cyber Operations Recognized via Degree, Certificate or Focus Area 3. Program Accreditation or Curricula Review 4. Cyber Operations treated as an Inter-Disciplinary Science 5. Cyber Operations Academic Program is Robust and Active 6. Faculty Involvement in Cyber Operations-Related Research 7. Student Involvement in Cyber Operations-Related Research 8. Student Participation in Cyber Service-Learning Activities 9. Commitment to Participate in Summer Seminars Provided by the CAE- Cyber Operations program 10. Number of Faculty Involved in Cyber Operations Education and Research Activities 29

  30. Criterion 1 Academic Content  Program must include knowledge units covering  100% of the mandatory academic content  60% of the optional academic content 30

  31. Criterion 1 Mandatory Academic Content 1. Low level programming languages  C programming, Assembly Language programming 2. Software reverse engineering  Reverse engineering for software specification recovery, malware analysis, tools, techniques, communications 3. Operating system theory  Privileged vs non-privileged states, Concurrency and synchronization, processes and threads, process/thread management, inter-process communications, Memory management/virtual memory, Uni-processor and multi- processor interface and support, File systems, IO issues, Distributed OS issues 4. Networking  Routing, network, and application protocols 31

  32. Criterion 1 Mandatory Academic Content 5. Cellular and Mobile Communications  Smart phone technologies, Embedded operating systems, Mobile protocols, Infrastructures, Core network 6. Discrete Math  Algorithms, Statistics, Calculus I and II, Automata 7. Overview of Cyber Defense (must include hands-on lab)  Network security techniques and components, cryptography, Malicious activity detection 8. Security Fundamental Principles  Domain separation, Process isolation, resource encapsulation, Least privilege, Layering, Abstraction, Data hiding, Modularity, Simplicity of design, Minimization of implementation 32

  33. Criterion 1 Mandatory Academic Content  9. Vulnerabilities  Vulnerability taxonomy, Root causes of Vulnerabilities, Mitigation strategies for classes of vulnerabilities  10. Legal  Laws, Regulations, Directives, Policies 33

  34. Criterion 1 Optional Academic Content 1. Programmable logic languages  Hardware design languages, Hardware programming Languages 2. FPGA design  Synthesize, simulate and implement a programmable logic program 3. Wireless security  2G, 3G, 4G, WiFi, Bluetooth, RFID 4. Virtualization  Virtualization techniques, Type 1 and Type 2 virtual machine architectures, Uses of virtualization for security, efficiency, simplicity, resource savings 5. Large scale distributed systems  Cloud computing, cloud security 34

  35. Criterion 1 Optional Academic Content 6. Risk management of information systems  Models, Processes 7. Computer architecture  Logic design 8. Microcontroller design  Integrate discrete components 9. Software security analysis  Source code analysis, binary code analysis, Static code analysis techniques, Dynamic code analysis techniques, Testing methodologies 10. Secure software development  Secure programming principles and practices, Constructive techniques 35

  36. Criterion 1 Optional Academic Content 11. Embedded systems  Program microcontrollers to achieve an application-specific design 12. Forensics and incident response or media exploitation  Operating system forensics, Media forensics, Network forensics, Component forensics 13. Systems programming  Kernel intervals, Device drivers, Multi-threading, Use of alternate processors 14. Applied cryptography  Use of symmetric and asymmetric encryption 15. SCADA systems  Embedded systems in industrial infrastructures and control systems 36

  37. Criterion 1 Optional Academic Content 16. HCI/Usable Security  User interface issues 17. Offensive Cyber Operations  Phases of cyber operation 18. Hardware Reverse Engineering  Fundamental procedures such as probing, measuring and data collection to identify functionality and affect modifications 37

  38. Criterion 2 Cyber Operations Recognized via Degree, Certificate or Focus Area  Cyber Operations must be explicitly recognized as a focus area or specialization and students must meet requirements to be awarded such recognition 38

  39. Criterion 3 Program Accreditation or Curricula Review  Accreditation of the academic program (CS, EE, CE) on which the proposal is based will be considered a significant plus. All programs will undergo an in-person curriculum review 39

  40. Criterion 4 Cyber Operations Treated as an Inter-Disciplinary Science  Cyber operations concepts must be integrated into foundational curriculum courses as appropriate 40

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cyber Security Evaluation for Nuclear I&C Systems Corresponding to V-Model Jiye Jeong ,

Cyber Security Evaluation for Nuclear I&C Systems Corresponding to V-Model Jiye Jeong ,

Transactions of the Korean Nuclear Society Virtual Spring Meeting July 9-10, 2020 Cyber Security Evaluation for Nuclear I&C Systems Corresponding to V-Model Jiye Jeong , Gyunyoung Heo Department of Nuclear Engineering, Kyung Hee

399 views • 3 slides
Cyber Security in Marine Nuclear Transport Systems Contents: 1. What are we protecting? 2.

Cyber Security in Marine Nuclear Transport Systems Contents: 1. What are we protecting? 2.

Cyber Security in Marine Nuclear Transport Systems Contents: 1. What are we protecting? 2. Why do we need Cyber Security? 3. How do they do it? 4. Cyber incidents and threats why it should be important to you 5. The dangers of

450 views • 18 slides
Nuclear Regulatory Commission Nuclear Regulatory Commission Cyber Security Program Cyber

Nuclear Regulatory Commission Nuclear Regulatory Commission Cyber Security Program Cyber

Nuclear Regulatory Commission Nuclear Regulatory Commission Cyber Security Program Cyber Security Program Barry Westreich Barry Westreich y Director Director Cyber Security Directorate Cyber Security Directorate Office of Nuclear Security

178 views • 14 slides
Cyber Security R&D (NE-1) Trevor Cook Office of Nuclear Energy U.S. Department of Energy NE

Cyber Security R&D (NE-1) Trevor Cook Office of Nuclear Energy U.S. Department of Energy NE

Cyber Security R&D (NE-1) Trevor Cook Office of Nuclear Energy U.S. Department of Energy NE Cyber Security R&D Objectives: To strength security through reduction of vulnerabilities To mitigate the consequences of threats To

51 views • 4 slides
Cyber Security Nuclear Skills Conference 2019 Introduction Katherine Hughes 18 months into my 2

Cyber Security Nuclear Skills Conference 2019 Introduction Katherine Hughes 18 months into my 2

Cyber Security Nuclear Skills Conference 2019 Introduction Katherine Hughes 18 months into my 2 year Cyber Security Apprenticeship Based in Cumbria working for Sellafield Ltd. My Career Journey Always had an interest in the STEM subjects

388 views • 9 slides
CYBER SECURITY ACCIDENTS AND I&C SYSTEMS IN NUCLEAR POWER PLANTS Assist. Prof. Magy M.

CYBER SECURITY ACCIDENTS AND I&C SYSTEMS IN NUCLEAR POWER PLANTS Assist. Prof. Magy M.

CYBER SECURITY ACCIDENTS AND I&C SYSTEMS IN NUCLEAR POWER PLANTS Assist. Prof. Magy M. Kandil Egyptian Nuclear and Radiation Regulatory Authority (ENRRA) Cairo, Egypt International Conference on Physical Protection of Nuclear Material

1k views • 25 slides
Mission Objective: Compromise Nuclear Facility Using Virtual Reality to Improve Cyber Security and

Mission Objective: Compromise Nuclear Facility Using Virtual Reality to Improve Cyber Security and

Mission Objective: Compromise Nuclear Facility Using Virtual Reality to Improve Cyber Security and Physical Protection of Nuclear Material and Nuclear Facilities 1. Mission Briefing 10. Mission Recap High sense of realism Browse thru this

506 views • 11 slides
Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

ABB MINING USER CONFERENCE, MAY 02-05, 2017 Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial Automation Division Agenda Why worry about cyber security? ABBs approach to cyber security Cyber security

1.07k views • 39 slides
Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web application weaknesses XSS AJAX weaknesses SQL Injection Attacks (Slides from Lars Olson)

588 views • 41 slides
Real-time Network Intrusion Detection System with Supporting Cyber Security Regulations for

Real-time Network Intrusion Detection System with Supporting Cyber Security Regulations for

Transactions of the Korean Nuclear Society Virtual Spring Meeting July 9-10, 2020 Real-time Network Intrusion Detection System with Supporting Cyber Security Regulations for Nuclear Power Plants Jae-Hee Roh a , Seok-Ki Lee a , Choul-Woong Son

362 views • 4 slides
Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three points of failure in any secure network: Technology (hardware and software) Technology Support (ITS) End Users (USD students and employees)

359 views • 23 slides
CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY HAPPEN London June 2019 INTRODUCTION Cyber Security The activity or process, ability or capability, or state whereby information and

735 views • 24 slides
ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* *

ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* *

ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* * Preliminary programme, subject to revision/update status 16 December 2014 4 February 2015 Day 1: Cyber Security Readiness Registration KU

306 views • 4 slides
Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford

Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford

16 Oct 2012 Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford Willke Cyber Security Advisor, MidAtlantic Region National Cyber Security Division (NCSD) Office of Cybersecurity and Communications

443 views • 20 slides
Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs !

Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs !

Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs ! 3 properties ... Confidentiality (including personal data) Integrity Availability 2 -Sminaire LIRIMA: Cyber security: current

876 views • 64 slides
An experimental setup to investigate intermittency in pipe systems Relatori: Candidato: Prof.

An experimental setup to investigate intermittency in pipe systems Relatori: Candidato: Prof.

Universit` a degli Studi di Genova SCUOLA POLITECNICA Corso di Laurea Magistrale in Ingegneria Meccanica Energia & Aeronautica Tesi di Laurea: An experimental setup to investigate intermittency in pipe systems Relatori: Candidato: Prof.

851 views • 83 slides
Online Conference on Accessible Transportation Hosted by Easter Seals Project ACTION in

Online Conference on Accessible Transportation Hosted by Easter Seals Project ACTION in

Online Conference on Accessible Transportation Hosted by Easter Seals Project ACTION in partnership with the Transportation Research Board August 2-5, 2010 WWW.TRB.ORG WWW.PROJECTACTION.ORG Public Right-of-Way Accessibility Guidelines for

870 views • 83 slides
A Next Generation Stem Cell Company Dr. Ross Macdonald, CEO Cynata Therapeutics Limited April

A Next Generation Stem Cell Company Dr. Ross Macdonald, CEO Cynata Therapeutics Limited April

A Next Generation Stem Cell Company Dr. Ross Macdonald, CEO Cynata Therapeutics Limited April 2017 Important Information This presentation has been prepared by Cynata Therapeutics Limited. (Cynata or the Company) based on

591 views • 15 slides
The Transitions to Adulthood Center for Research Acknowledgements Our mission is to promote the

The Transitions to Adulthood Center for Research Acknowledgements Our mission is to promote the

TIPS AND TRICKS TO DEVELOPING AND SUSTAINING YOUTH ADVISORY COUNCILS IN MENTAL HEALTH ORGANIZATIONS Raphael Mizrahi, B.S., Amanda Costa, B.S. Transitions to Adult Center for Research University of Massachusetts Medical School Worcester, MA

483 views • 31 slides
Spent Fuel Management at Stand Alone ISFSI Sites By: Paul Plante, Project Manager

Spent Fuel Management at Stand Alone ISFSI Sites By: Paul Plante, Project Manager

Spent Fuel Management at Stand Alone ISFSI Sites By: Paul Plante, Project Manager Connecticut Yankee/Maine Yankee/Yankee Rowe IAEA Technical Meeting on the Management of Spent Fuel at Shutdown Reactor Sites: 11-13 June 2018 What is an

602 views • 34 slides
Analyst & Investor Presentation Interim results to 30 June 2011 Ian T emple - Executive

Analyst & Investor Presentation Interim results to 30 June 2011 Ian T emple - Executive

Analyst & Investor Presentation Interim results to 30 June 2011 Ian T emple - Executive Chairman Tim Smeaton - Chief Executive Officer John Glover - Finance Director www.hydrogengroup.com Summary Introduction Contract continued to grow

653 views • 26 slides
Ntokozo Ndlovu Radiation Oncologist Harare, Zimbabwe Population 12 million 7,000 new

Ntokozo Ndlovu Radiation Oncologist Harare, Zimbabwe Population 12 million 7,000 new

Ntokozo Ndlovu Radiation Oncologist Harare, Zimbabwe Population 12 million 7,000 new cancer cases per year 2000 3000 cases referred for radiotherapy each year 80%+ - for palliative treatment All Zimbabweans : Female

263 views • 9 slides
Developing breakthrough therapies in NASH, systemic sclerosis and mucopolysaccharidosis (MPS)

Developing breakthrough therapies in NASH, systemic sclerosis and mucopolysaccharidosis (MPS)

Developing breakthrough therapies in NASH, systemic sclerosis and mucopolysaccharidosis (MPS) Wainwright 2018 Healthcare Conference September 2018 DISCLAIMER This document has been prepared by Inventiva (the " Company ") solely for

507 views • 32 slides

More recommend