Search This Blog

Friday, August 26, 2005

Security Management Weekly - August 26, 2005

header
A weekly security news briefing from ASIS International

  Learn more! ->   sm professional  

August 26, 2005
 
 
CORPORATE SECURITY  
  1. " All School Workers Must Pass Background Test" Law Applies to All School Contractors in Florida
  2. " The New Face of Shoplifting" Conclusions From a University of Florida Study on Shoplifters
  3. " Shoplifting as Social Commentary" Anti-Consumerism Movement in Europe and South America Encourages the Masses to Shoplift
  4. " Benchmarks in Compensation" ASIS U.S. Security Salary Survey Finds Median Compensation for Security Professionals Rose 5.9 Percent in 2004
  5. " Intelligent Design" Universities Should Implement Security Standards for New Buildings

HOMELAND SECURITY   sponsored by  
  6. " Al Qaeda 'Preparing to Attack' Asian City" Alleged Plot Against Financial Hubs to Undermine Investor Confidence
  7. " Customs Blocked Accused Suicide Bomber" Customs Agents Prevented Bomber Who Killed 125 in Iraq From Entering U.S.
  8. " Homeland Security Chief Tells of Plan to Stabilize Border" Chertoff Details Plan to Secure Mexican Border
  9. " MTA Earmarks 212M to Beef Up Security" New York City Transit System to Receive $212 Million Security Upgrade
  10. " Ferry Passengers to Be Screened for Explosives Under Test Project" TSA to Launch Pilot Project in San Francisco Bay Area
  11. " Harm's Way" Research Center Provides Highly Detailed Models of Bioterrorist Attacks so Cities Can Prepare Response

CYBER SECURITY  
  12. " Hacker Steals Air Force Officers' Personal Information" Incident Involves Records of 33,000 Officers
  13. " Computer Experts Say Networks Are Still Vulnerable" All Internet-Connected Networks at Critical Infrastructure Facilities Said to Be Protected
  14. " Hackers Attack Via Chinese Web Sites" Hackers Have Been Attacking Hundreds of Unclassified U.S. Government Systems for Years
  15. " New Cybersecurity Center to Warn Law Enforcement of Critical Infrastructure Attacks"


   








 

"All School Workers Must Pass Background Test"
Pensacola News Journal (08/22/05) ; Stewart, Michael

All employees of companies that have working contracts with Florida school districts, including employees of vendors and contractors, will be subjected to fingerprinting and a detailed criminal background check before being allowed to work on school property when children are present. The Jessica Lunsford Act, which goes into effect Sept. 1, was signed into law earlier this year by Gov. Jeb Bush after a convicted sex offender kidnapped and killed a 9-year-old schoolgirl in February. Many types of workers will be affected by the law, and they include contracted laborers, roofers, delivery drivers, trash collectors, baseball umpires, and soda vendors. Florida school officials applaud the intention of the law but also fear that the scope of the law will make it difficult to implement and comply with. In the Santa Rosa School District, the issue of ensuring that workers have had the background checks will be the responsibility of contractors, said Jane Allen, the school district's assistant superintendent for human resources. However, she says that schools will also bear some of this responsibility: "I would suspect each school site will have to be responsible for making sure that a person doesn't come on campus without some type of identified clearance."
(go to web site)

"The New Face of Shoplifting"
Fashion Monitor Toronto (08/22/05)

A study from the University of Florida has determined that men shoplift more than women, a finding that disputes the common rule of thumb that, because there are more female shoppers than male shoppers, women shoplift more than men. "Many of them hit the film, pain relievers or batteries, steal them in large quantities and sell them, using shoplifting as a way to feed their drug habit," says criminologist Richard Hollinger. Overall, 8 percent of the shoppers who enter a store will steal something, with people who leave a store without paying for anything six times more likely to have stolen something than shoppers who go through the check-out line. The typical shoplifter falls between the ages of 35 and 54, usually has gainful employment, and is categorized as a "primary household shopper" who occasionally shoplifts merchandise that extends beyond their household budget. The study finds that in terms of race, whites, blacks, and Hispanics are equally likely to shoplift, though blacks are monitored more extensively and harassed in some cases. By racial and gender subcategory, the study finds that Hispanic females are the most likely to shoplift, stealing at a rate more than seven times higher than white females. Many shoplifters tend to steal household items like makeup and medicine, and they will steal candy off the shelf to keep their children from crying or being fussy. Family shoplifters use children as "distraction teams" to distract the sales clerk while the parents shoplift, the study says.
(go to web site)

"Shoplifting as Social Commentary"
Wired News (08/25/05)

An anti-consumerism, anti-capitalist social movement in Spain that celebrates coordinated incidents of mass shoplifting is spreading to other countries in Europe and South America. The movement, known as "Yomango"--slang for "I steal" in Spanish--urges its followers to "liberate" merchandise from retail stores in the name of "the free circulation of goods." The group's manifesto is the "promoting of shoplifting as a form of disobedience and direct action against multinational corporations." Followers of the movement, known as "Yomangistas," steal food from supermarkets, ride transit systems without paying, and conduct choreographed shoplifting incidents in which groups of shoplifters steal clothes from one store and return them to another. The movement has a Web site that provides news and videos about the movement's thefts and pranks. The movement also has "franchises" that have appeared recently in countries such as Argentina, Germany, Chile, and Mexico. Yomango began in Spain in 2002, but the movement has its roots in Argentina, where some people angrily reacted to the collapse of the country's economy in 2001 by purposely taking merchandise from stores without paying.
(go to web site)

"Benchmarks in Compensation"
Security Management (08/05) Vol. 49, No. 8, P. 74 ; Moran, Mike

An analysis of the 2005 ASIS U.S. Security Salary Survey shows that the median compensation for U.S. security professionals rose 5.9 percent in 2004, with certain segments of the profession posting even greater gains. The 2004 median compensation for security professionals working in the natural resources and mining sector rose 9 percent from the previous year's figures, to $92,000, the highest median compensation for any security sector. In second was the information sector, which increased its median compensation 8 percent, to $90,000, and the top five was rounded out by the construction sector ($85,000), transportation sector ($80,000), and utilities sector ($80,000). The lowest compensations were reported in the leisure and hospitality, health services, and education sectors, where median compensations ranged from $68,000 to $64,000, while the median compensation for the professional and business services industry, which had the most responses in the survey, was $76,000. Of the 2,205 survey respondents, 35 percent were the head of security in their organization, and these respondents reported a median compensation of $84,000. The figures also showed that compensation tends to be higher for those who have a responsibility for security at multiple facilities--indeed the highest median income ($106,000) was earned by those who have responsibility for facilities in more than one country. The survey also finds that experience, the size of an organization's security budget, and number of years with the organization also influence the amount of compensation. Those professionals with the Certified Protection Professional (CPP) designation earned a median compensation 16 percent higher than those without any certification.
(go to web site)

"Intelligent Design"
Security Management (08/05) Vol. 49, No. 8, P. 48 ; Keller, Dan

Universities that are constructing new buildings should have a set of security standards in place if they want to ensure that security at the new facilities is consistent with security across the rest of campus. If need be, campus security directors should take the initiative to lobby for the creation of security standards for campus building projects. A campus committee should be formed to design and implement the standards, and a design professional and the campus security director or a security consultant should also be involved. The security standards should address the unique aspects of the campus environment, including risks and threats, and the standards should reflect a minimum security threshold for all new building projects. Among the advantages of having security design standards is that operating costs can be reduced and the principles of crime prevention through environmental design (CPTED) can be implemented. CPTED principles, which utilize natural access control, natural surveillance, and territoriality, are best implemented during a facility's early design phase, and a discussion of these principles should be included in the security design standards. A properly detailed standard consists of half-a-dozen main sections or elements, including the objectives of the standard, circumstances that warrant additional security, specific design issues, guide specifications, and details pertaining to CPTED. There are a number of CPTED topics that can be included in the standard, including landscaping, fencing, entry points, concealment, perimeter planning, way-finding, shared space, unsafe areas, after-hours operation, and blast resistance.
(go to web site)

"Al Qaeda 'Preparing to Attack' Asian City"
Financial Times (08/26/05) ; Arnold, Martin

Citing "several elements of information," the French government's top terrorist investigator claims that Al Qaeda is preparing to attack an Asian city in order to cause economic harm and hurt investor confidence in the region. Japan in particular is a likely target, as are other large financial centers like Singapore and Sydney, says Jean-Louis Bruguiere. Some Asian countries have had little experience with Islamic terrorists, causing them to underestimate the risks of an attack, he says. "We are somewhat neglecting the capacity or desire of the Al Qaeda organization to destabilize the Southeast Asia region," Bruguiere warns, noting that one of Al Qaeda's key strategies is to hit economic and financial centers. Any attack on an Asian financial market, especially Japan, would shake investor confidence in the entire region, he says.
(go to web site)

"Customs Blocked Accused Suicide Bomber"
Los Angeles Times (08/24/05) ; Jordan, Lara Jakes

A Jordanian man who allegedly carried out a suicide bombing in Iraq in February that killed 125 people attempted to enter the United States 20 months before the attack but was turned away by U.S. Customs and Border Protection (CBP) officers. The suspected bomber, Ra'ed Mansour al-Banna, landed at Chicago's O'Hare International Airport on June 14, 2003, with a valid Jordanian passport and valid work visa. However, Customs agents suspected that his passport was fake, and after subjecting him to questioning and a secondary security screening process, they decided to bar him from entering the country. "While it is not clear that al-Banna was a suicidal jihadist, the basis for denying him entry was that CBP officers that interviewed him believed his intent for entering � was inconsistent with the purpose of his visa," said Customs and Border Protection Commissioner Robert Bonner in a recent letter to Homeland Security Secretary Michael Chertoff.
(go to web site)

"Homeland Security Chief Tells of Plan to Stabilize Border"
New York Times (08/24/05) P. A11 ; Lipton, Eric

Homeland Security Secretary Michael Chertoff has announced that he intends to address the border security problem not just with surveillance cameras, fences, and other security equipment, but with an improved deportation process that will ship illegal immigrants home instead of setting them free. This plan will include adding more beds for detainees, tracking down illegal immigrants who fail to appear for deportation hearings, and adding more judges and lawyers to the process. Congress will likely approve an additional 1,000 Border Patrol agents for the next year, and in preparation for this, Chertoff said that his department is examining how best to use the incoming agents and other resources. This examination includes mapping the entire Mexican border and determining how many illegal immigrants are accessing each of the entry routes across the border. The department's plan emphasizes increasing the speed of the deportation process and increasing the available space at detention centers so that illegal immigrants are not simply released before their proceedings. "We have decided to stand back and take a look at how we address the problem and solve it once and for all," Chertoff declared.
(go to web site)

"MTA Earmarks 212M to Beef Up Security"
New York Daily News Online (08/24/05) ; El-Ghobashy, Tamer

The New York City Metropolitan Transportation Authority (MTA) has embarked on a $212 million plan to improve the security measures of the city's transit system in order to prevent terrorist attacks like those that occurred in London last month. The key elements of the security upgrade include 3,000 new motion detectors, 1,000 new video cameras, and a new police command center. Security experts say that the new system will greatly enhance the security of the transit system. ASIS International security consultant and terrorism expert Henry Nocella says that while the security system is a significant step in the right direction, the system is not foolproof. "This is one step today with the understanding that there are 99 steps to take over several years," Nocella states. No cameras or sensors will be installed inside subway cars or buses, but the devices will be installed across the city's transit system, including bridges, tunnels, the Long Island Rail Road, and Metro-North hubs. MTA Executive Director Katherine Lapp says that work on the security upgrades will begin immediately. "This is a system that is not only going to record incidents after an attack, but it will actually detect intruders and unattended packages and will give us an alert," she says.
(go to web site)

"Ferry Passengers to Be Screened for Explosives Under Test Project"
San Jose Mercury News (CA) (08/24/05) ; Chu, Louise

The Transportation Security Administration (TSA) is launching a test project to screen ferry passengers in the San Francisco Bay area for traces of explosives. The Secure Automated Inspection Lanes (SAIL II) program kicks off Monday, Aug. 29, in Marin County, Calif., at the Larkspur ferry terminal of the Golden Gate Ferry, which averages 4,300 passengers per day. Initially, the testing will be restricted to off-peak hours, but it could be expanded to rush hour trips, and testing eventually could take place at the San Francisco terminal. Passengers will be screened for explosives by placing their hand on a piece of paper that captures trace amounts of explosives; the paper will then be passed through a scanning machine that identifies the presence of explosives. The process is quick, screening 16 passengers per minute. There has been no indication whether the pilot project will be introduced to other U.S. ferry systems, a TSA spokeswoman said. "This is just a 30-day pilot in this area, but I don't think they've determined where it will go beyond this," she said. The SAIL I testing project, which screened ferry-borne vehicles in New Jersey and Delaware for explosives, was deemed a success and will be introduced on a broader scale, according to the TSA.
(go to web site)

"Harm's Way"
Mechanical Engineering (08/05) ; Thilmany, Jean

The Army High Performance Computing Research Center in Minneapolis is using supercomputers and a powerful in-house computational fluid dynamics program to produce highly detailed models of how airborne contaminants from a bioterrorism attack would flow through certain U.S. cities. The models, which account for specific types of wind flow and weather, will be shared with the Department of Defense. The Defense Department will also receive related software that will allow officials to quickly simulate a bioterrorism attack in the event that city officials need to determine how best to respond to an actual attack. By using the related software, city officials can call upon any number of pregenerated scenarios developed by the research center that take into a variety of factors, including the type of airborne agent, point of release, cloud cover, wind speed, and airflow between buildings. These pregenerated scenarios would not be 100 percent accurate, but they would give city officials a good idea of how to respond to an attack, based on the flow pattern. The simulations would be particularly useful for conducting evacuations or instructing first responders. The research center has also developed a second type of simulation for city officials to use, one that models what just happened during an attack and uses actual strike statistics to predict how the airborne contaminant will flow in the hours and days ahead.
(go to web site)

"Hacker Steals Air Force Officers' Personal Information"
Washington Post (08/23/05) P. D1 ; Krim, Jonathan; Witte, Griffe

Sometime in either May or June, a hacker used a legitimate user's log-in information to access a military computer database and steal personal data, such as Social Security numbers, marital status, academic records and birth dates, on about 33,000 Air Force officers, according to Randolph Air Force Base Air Force Personnel Center officials. Victims of the attack were warned about an increased risk of identity theft, though no such activity has yet been reported due to the data breach. The information was online, because the Air Force used the data to help officers more effectively manage their careers and assignments. The breach was noticed due to one individual accessing many different records in an uncharacteristic manner, according to Air Force Maj. Gen. Anthony Przybyslawski. Both civilian and military law enforcement agencies are investigating the data breach, and Przybyslawski says the career-management system was shut down after the breach and returned to operation with improved security. Also, the Air Force is conducting a security audit to ensure security of all stored data, according to Przybyslawski. GlobalSecurity.org director John E. Pike blames the Air Force and other agencies for failing to make data security efforts, which are complex and expensive, a top priority. Much like ChoicePoint and other companies who recently fell prey to data breaches, the Pentagon is deficient in data security technology, according to Counterpane Internet Security CTO Bruce Schneier.
(go to web site)

"Computer Experts Say Networks Are Still Vulnerable"
Capital (Annapolis, MD) (08/21/05) ; Leiva, David E.

State and local government officials assert that all Internet-connected networks at water treatment plants, oil refineries, utility companies, and other critical infrastructure facilities are properly protected against hackers who could potentially break into the network and cause large-scale attacks and deaths. The reason so many networks are vulnerable is the increasing reliance on digital controls, so breaking into a network at a water treatment facility and changing the chlorine to fatal levels is possible. Glen Sharlun of Secure Cognition points out that many companies believe their networks are protected without really knowing what vulnerabilities are in their networks. Sharlun laments that companies are not willing to spend millions on improved cybersecurity and choose instead to focus on physical security issues. Therefore, many critical infrastructure networks are still vulnerable to cyberattack. State and county officials say that since the 9/11 attacks, protecting government water systems has been a high priority, especially since many are now controlled via Internet-based networked computers. Matt Diehl, a spokesperson for Anne Arundel county, says, "the Office of Information Technology has put in place many measures to secure the water system since 9/11."
(go to web site)

"Hackers Attack Via Chinese Web Sites"
Washington Post (08/25/05) P. A1 ; Graham, Bradley; Eggen, Dan

Hackers have been focusing attacks on hundreds of unclassified U.S. government systems through Chinese Web sites for several years, reported anonymous government officials. Analysts are split on whether these intrusions are the work of a coordinated Chinese government initiative to breach U.S. networks and monitor government databanks, or other hackers using Chinese networks to mask the attacks' point of origin. "This is an ongoing, organized attempt to siphon off information from our unclassified systems," said one official, who noted that State, Energy, Defense, and Homeland Security Department networks are among those targeted. With roughly 5 million computers spread across the globe, the Pentagon has more computers than any other agency, making its network the most vulnerable target to both foreign and domestic hackers, the officials said. The Pentagon estimates that China is the No. 1 source of Defense Department hacks, though Lt. Col. Mike VanPutte of the U.S. Strategic Command's Joint Task Force for Global Network Operations said this only proves that China is the probes' "last hop" before they strike their targets. One anonymous government official downplayed the severity of the attacks, while another said an FBI investigation has yet to yield any definitive proof of who is orchestrating the intrusions. U.S. concerns about Chinese military initiatives in general are fueling worries about China-based cyberattacks, and the spate of attacks on unclassified systems has added urgency to the Pentagon's effort to acquire new detection software programs and better train computer security specialists, according to several officials.
(go to web site)

"New Cybersecurity Center to Warn Law Enforcement of Critical Infrastructure Attacks"
InformationWeek (08/24/05) ; Greenemeier, Larry

A pilot of the Philadelphia-based Cyber Incident Detection Analysis Center (CIDDAC) is enabling numerous private enterprises to anonymously report cyberthreat and attack data with other enterprises and the government without fear of law enforcement audits. CIDDAC avoids audits by not being a government entity and not sharing from whom the information was collected. Currently, enterprises are not sharing important information, because a resulting security audit makes their valuable proprietary information available to the press and the public under the Freedom of Information Act. CIDDAC members are voluntarily participating and have donated about $100,000 to the project, while the Homeland Security Department's Science and Technology Directorate has provided $200,000 in funding. CIDDAC needs an additional $400,000 in funding to move out of the pilot phase and into a permanent phase where it can charge members $10,000 per year to participate. AdminForce Remote developed CIDDAC's real-time, cyberattack-detection sensor technology that gathers information from member networks. The intrusion-detection device alerts law enforcement and other CIDDAC members of developing threats on member networks without releasing identification data. Both the FBI and the Homeland Security Department will receive CIDDAC reports and will use the reports to begin informal investigations. The SANS Institute is running a similar program, the Internet Storm Center, using the Dshield intrusion-detection system technology, which is freeware the SANS Institute maintains. Internet Storm Center, which is free to use, enables users to anonymously submit firewall log data and read 30 days' worth of log submissions.
(go to web site)

Abstracts Copyright © 2005 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

1 comment:

Anonymous said...

Thanks quest of sharing information. I’ve written and shared my thoughts around this on my blog.