1 / 5

Take 5 for Safety

Computer Security ISO / OHSAS Registration Photo of the Week E. Lessard Collider-Accelerator Department 5-10-11. Take 5 for Safety. C-AD Computer Event.

royce
Download Presentation

Take 5 for Safety

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Security ISO / OHSAS Registration Photo of the Week E. Lessard Collider-Accelerator Department 5-10-11 Take 5 for Safety

  2. C-AD Computer Event • Malware discovered on April 26, 2011 while installing firewall on .31 subnet; this subnet used by Access Controls Group to talk to the safety system • The “event” involved discovery of a computer on .31 subnet with malware on it that was communicating with a computer in the Ukraine • The Ukraine computer was sending back messages • Isolated means the system was on C-AD’s Access Control List (ACL) and isolation is controlled by the C-AD network group • Summer of 2010, CAD’s network group learned the .31 subnet was not isolated; had to wait until April 26, 2011 to begin to fix • Trail shows malware appeared December 10, 2010 on a Human Machine Interface computer in 1004a • Trail shows infection came from a Kingston Data Traveler USB flash drive; this virus is not transmitted via internet • On April 27, 2011, 1004a computer was disconnected from network • On April 28, 2011, .31 subnet isolated – no impact on safety system • On April 29, 2011, three more objects on the .31 subnet found with malware

  3. Computer Security • BNL computer security policy is defense in depth • Most secure systems are those not connected to the internet and shielded from any interference (not the real world) • On defenses, computer security experts have learned that several low hurdles do not make a high hurdle • Computer security experts indicate there is no such thing as secure coding practices • Code can be disguised as data • Computer malware can be used for sabotage (e.g., Iran’s uranium centrifuges), not just theft • Software defenses • Trend antivirus and spyware detection software; checks flash drives automatically • Access control lists (ACLs); quick fix but known to have flaws • The owner of the object or the system owner decides who has access • Encryption during transmission • Hardware defenses • Physically isolated from network connections and routing services • Secure operating systems used by DoD and DOE for classified data (unique microprocessor, memory management and program that controls all other programs)

  4. ISO 14001 and OHSAS 18001 Registration Audit for OSH/E Programs • May 31 through June 3, 2011 - NSF International auditors on-site for annual OSH/E management system registration audit • New approach this year; interviews with scientists and users • Interviews at C-AD set up by Tracy Blydenburgh • ERL, EBIS and NSRL • Afternoon of Wednesday, June 1, 2011 • OSH/E refresher training for C-AD workers set up for Tuesdays and Thursdays, weeks of May 16 and May 30, 2011 • Snyder, 11:15 am to noon

  5. Photo of the Week -Safety Shortcut Extension ladder has no rope and pulley making it difficult to move this ladder Probably why barrel-ladder-stair approach was used Safety shortcuts are usually caused by time pressure Not worth risking your health to gain a few minutes

More Related