Search This Blog

Friday, March 13, 2009

Security Management Weekly - March 13, 2009

header

  Learn more! ->   sm professional  

March 13, 2009
 
 
CORPORATE SECURITY  
  1. " Madoff Jailed After Admitting Epic Scam" New York City
  2. " Japan to Send Navy Ships to Somalia for Anti-Piracy"
  3. " NFL Exempt From Terrorism Lawsuits"
  4. " Fired Worker Must Prove Danger Met Standard: Court" Hartford, Conn.
  5. " California's Breach Law May Get an Update"

HOMELAND SECURITY  
  6. " U.S. Arranging to Send Prisoners to Saudi Arabia"
  7. " U.S. Still Evaluating Mexican-Border Issue"
  8. " Intelligence Pick Derailed by Critics"
  9. " Group Finds Intelligence Gap Persists"
  10. " Militant Threat From Pakistan Alarms U.S. "

CYBER SECURITY  
  11. " Government Needs to Get Its Cybersecurity in Gear, Experts Tell Congress"
  12. " A Struggle Over U.S. Cybersecurity" Federal Cybersecurity Coordinator Resigns Amid Disagreement Over NSA Control of Government Security Efforts
  13. " Safer Net Surfing Is Goal of NIST Domain Name Security Experts"
  14. " Reports: Security Pros Shift Attention from External Hacks to Internal Threats"
  15. " Hackers Update Conficker Worm, Evade Countermeasures"


   







 

"Madoff Jailed After Admitting Epic Scam"
Wall Street Journal (03/13/09) ; Frank, Robert; Efrati, Amir; Lucchetti, Aaron

On March 12, Bernard Madoff apologized to the investors he is accused of defrauding in a multi-billion Ponzi scheme. In court, the disgraced financier offered a detailed account of the fraud and expressed remorse for the pain and suffering his actions caused investors and loved ones, saying "I am painfully aware that I have deeply hurt many, many people, including the members of my family, my closest friends, business associates and the thousands of clients who gave me their money." In the hopes of receiving a lesser sentence than the 150-year maximum he faces for the fraud, Madoff pled guilty to all 11 felony counts. U.S. District Judge Denny Chin responded by revoking his bail, an act that drew a round of applause from the courtroom packed with former investors elated that he will no longer be able to stay in his lush $7 million Manhattan penthouse he has been holed up in since mid-December. Judge Chin also allowed investors to address Madoff before he was escorted to a lower Manhattan correctional center.
(go to web site)

"Japan to Send Navy Ships to Somalia for Anti-Piracy"
Associated Press (03/12/09)

Two Japanese destroyers will leave the port city of Kure on Saturday to join the international coalition that is working to stop piracy off the coast of Somalia. The destroyers--which will carry roughly 400 sailors and eight coast guard officials, as well as two SH-60K patrol helicopters and two speedboats--are expected to arrive in Somali waters some time in early April. The mission has been controversial in Japan, which has a constitution that limits its military to defensive operations. Japanese politicians who oppose the mission say it could result in Japanese ships being used in combat or for protecting foreign ships in an emergency. Supporters of the mission, however, say it is necessary to protect the lives and assets of Japanese citizens off the coast of Somalia.
(go to web site)

"NFL Exempt From Terrorism Lawsuits"
USA Today (03/09/09) ; Frank, Thomas

The federal government recently approved the National Football League's nine-page stadium security guidelines--a move that makes the league exempt from lawsuits filed by victims of a terror attack. The exemption from such lawsuits is provided under the SAFETY Act (Support Anti-Terrorism by Fostering Effective Technologies), which was created in 2002 to protect companies whose services or equipment has been determined by the Department of Homeland Security as being effective in fighting terrorism. Under the recent decision, courts are required to dismiss any lawsuits against the NFL that stem from an attack on any of its stadiums because it has implemented security measures such as digital security cameras in stadiums, searches on spectators, and barriers that keep cars and trucks 100 feet from a stadium. A number of other companies have won exemptions under the SAFETY Act as well, including Boeing, which makes strengthened flight deck doors on airplanes. In addition, IBM has been granted an exemption for an application it developed to more accurately verify names and identities.
(go to web site)

"Fired Worker Must Prove Danger Met Standard: Court"
Business Insurance (03/09/09) ; Greenwald, Judy

A federal district court in Hartford, Conn. has ruled that employees who file lawsuits about unsafe working environments must meet an objective standard of alleged danger that was laid out in a 1997 Connecticut Supreme Court Decision. The federal district court ruling came in a lawsuit brought by Cesar Ferrer, who claimed that his employer, T.L. Cannon Management Corp., fired him for complaining about the company's alleged violation of a public policy that required it to provide a reasonably safe workplace. Ferrer had complained to his supervisor that a coworker who tried to punch him and missed had assaulted another employee about a year earlier. In its ruling, the federal district court agreed that T.L. Cannon was required under the 1997 Connecticut Supreme Court Decision to take reasonable steps to provide a reasonably safe workplace, though it added that Ferrer's claims that the coworker who tried to punch him had assaulted someone else did not meet "the objective standard enunciated" in that decision. The federal district court said Ferrer could have three weeks to amend his lawsuit to show that the coworker "had a known propensity for violence" and that he specifically threatened him with serious bodily injury. In the wake of the ruling, Ferrer's attorney continued to maintain that T.L. Cannon fired his client in retaliation for his complaint about an unsafe workplace. Ferrer's attorney also noted that his client has not decided whether he will plead the case again.
(go to web site)

"California's Breach Law May Get an Update"
IDG News Service (03/06/09) ; McMillan, Robert

California Sen. Joe Simitian, who co-drafted the state's landmark data-breach notification law, has proposed an updated version that specifies what companies must tell customers in their data breach letters and mandates that the state's attorney general be notified of intrusions affecting more than 500 people. The current California breach law dictates that consumers be alerted when unencrypted, computerized financial data is lost or stolen, and is credited with inspiring similar legislation in 43 other states. Indiana University professor Fred Cate estimates that just one in 10 breaches are ever publicized. Although it is required that consumers must be told of breaches, most states do not demand any kind of centralized notification. Simitian says that observers would gain a "better understanding of the nature and scope of the problem" by requiring the attorney general or other central agency to keep track of breaches. The senator wants California Gov. Arnold Schwarzenegger to sign the bill by the end of the year.
(go to web site)

"U.S. Arranging to Send Prisoners to Saudi Arabia"
Wall Street Journal (03/13/09) P. A7 ; Solomon, Jay

U.S. officials have announced that most of the roughly 100 Yemenis that are still being held at the detention facility at Guantanamo Bay, Cuba, would be sent to Saudi Arabia under a plan being discussed by Washington and Riyadh. Once in Saudi Arabia, the detainees would participate in a rehabilitation program that includes vocational training, family reunification, and religious tutoring. The remaining Yemeni detainees, roughly 30, would face some kind of trial in the U.S. or would be sent back to Yemen. However, Yemen has said that it opposes any U.S. effort to send Yemeni nationals to Saudi Arabia. Officials there say they are developing their own rehabilitation program, though they need financial assistance from the U.S. Meanwhile, Secretary of State Hillary Clinton is gauging interest among European nations to take in some Guantanamo detainees. U.S. officials are anxious to address the fate of the remaining detainees so the controversial facility can be closed within a year, a goal that was set forth by President Obama shortly after he took office.
(go to web site)

"U.S. Still Evaluating Mexican-Border Issue"
Wall Street Journal (03/13/09) ; Perez, Evan; Simpson, Cam

The White House says there are no immediate plans to assign the National Guard border patrol duties. White House spokesman Robert Gibbs reiterated March 12 that the Obama administration was reviewing state requests to send National Guard troops to the U.S. border with Mexico, but that no decisions have been made. "Our long-term challenges relating to the many policy decisions around the border are not going to be solved in that long term through the miniaturization of the border," Gibbs said. His remarks sought to clarify the White House position on requests from states along the U.S. border to fortify border patrol with the National Guard. In February, Texas Gov. Rick Perry warned that the U.S. could begin seeing a new wave of border traffic from refugees fleeing the escalating violence between Mexican soldiers and drug gangs.
(go to web site)

"Intelligence Pick Derailed by Critics"
Wall Street Journal (03/11/09) ; Gorman, Siobhan

Charles Freeman, the former ambassador to Saudi Arabia and top defense official for international security, has withdrawn from consideration as the top U.S. intelligence analyst amid pressure from some critics in Congress, including Sen. Joseph Lieberman (I-Conn.). Critics such as Lieberman were concerned about some of the roles Freeman has held in the past, including a post on an advisory board at the state-owned China National Offshore Oil Corp. In addition, Freeman also previously served as the chairman of a Washington, D.C.-based consulting firm called Projects International--a position in which he consulted widely for international corporations. Lawmakers became concerned after a Director of National Intelligence Dennis Blair told them that his policy group received some funds from the government of Saudi Arabia, and that Freeman himself received about $10,000 a year from the Chinese oil company. Freeman has denied being paid by any foreign governments. Lawmakers were also concerned about some comments Freeman made that some have interpreted to be anti-Israeli or anti-Semitic. For his part, Freeman said the charges are nothing more than "character assassination" and a "willful distortion of the record" by the "Israel Lobby."
(go to web site)

"Group Finds Intelligence Gap Persists"
Wall Street Journal (03/10/09) ; Gorman, Siobhan

The Markle Foundation Task Force on National Security in the Information Age, a bipartisan group of security and technology officials that has been studying information sharing among federal intelligence agencies since 2002, has concluded that the government still lacks the ability to connect vital pieces of information that could warn of an imminent terrorist attack. "Today, we are still vulnerable to attack because--as on 9/11--we are still not able to connect the dots," the group said in a report to be released Tuesday. "At the same time, civil liberties are at risk because we don't have the government-wide policies in place to protect them as intelligence collection has expanded." According to the report, the Obama administration could begin to rectify this situation by ordering a high-level review focused on how to integrate all threat information, not just terrorism tips. The report also called for the information-sharing office that reports to the president through the director of national intelligence to be moved into the White House so that it has a more prominent position in the government. For its part, the office that is responsible for information sharing said the report does not give it enough credit for the efforts it is making to improve information sharing, such as its efforts to improve the sharing of threat information with state and local authorities. However, the office said that it agrees with the report's conclusion that much still needs to be done to improve information sharing.
(go to web site)

"Militant Threat From Pakistan Alarms U.S. "
Chicago Tribune (03/08/09) P. 7 ; Meyer, Josh

U.S. officials are concerned about the growing threat posed by Pakistani militants who have already established a significant foothold in the country. However, Pakistan’s government, who has traditionally held strong ties with militant organizations such as Lashkar-e Taiba (LT), continues to undermine U.S. efforts to thwart the growing terrorist presence. Of particular concern is the easy access members of organizations like LT have to the U.S. After training in Lashkar’s guerrilla camps in Pakistan, and having been indoctrinated in its hatred of the west, militants are free to travel to many western nations with practically no background check. According to testimony from Department of Homeland Security and FBI intelligence chiefs Charles Allen and Donald Van Duyn, U.S. authorities are particularly afraid of a Mumbai-style commando attack on U.S. soil, and have taken measures to brief state and local law enforcement officials, along with thousands of managers at hotels, restaurants and public transportation hubs, on how to protect their facilities in the even of an attack.
(go to web site)

"Government Needs to Get Its Cybersecurity in Gear, Experts Tell Congress"
Dark Reading (03/10/09) ; Wilson, Tim

A coalition of the country's top security officials told members of Congress on March 10 that the country is woefully unprepared for a cyberattack and needs to start moving on major critical infrastructure improvements. Officials and executives from the Government Accountability Office (GAO), Oracle, NetWitness, and the Center for Strategic and International Studies spoke to the House Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology about the need for a cabinet-level department for cyberdefense. "We're facing the same sort of attack we faced on 9/11, only on a virtual level," said NetWitness CEO Amit Yoram, a former White House cybersecurity expert. "And without the right defenses, we'll be just as vulnerable." Subcommittee members present at the meeting said they had many more questions to ask the experts, but were generally in favor of forming a cyberdefense department.
(go to web site)

"A Struggle Over U.S. Cybersecurity"
Washington Post (03/10/09) P. A11 ; Krebs, Brian

Rod A. Beckstrom, the U.S. federal government's cybersecurity coordinator, has resigned after less than a year on the job, citing a lack of funding and the National Security Agency's (NSA's) growing control over government cybersecurity measures. Beckstrom was director of the National Cyber Security Center, which was launched last March to help coordinate cybersecurity efforts between intelligence communities. However, he says recently there have been efforts to fold the National Cyber Security Center into the NSA. Beckstrom says the center was created to coordinate the various agencies' efforts and not to be controlled by NSA. "This is a coordination body and it resides alongside or above the other centers, but certainly not below them," he says. "In my view, it is very important that there be independence for the [center], and that it be able to carry out its role." The Obama administration is currently in the middle of a 60-day review of the government's cybersecurity initiative, and is expected to release recommendations sometime next month. Last month, director of national intelligence Adm. Dennis C. Blair told the House Intelligence Committee that NSA was the proper agency to preside over protecting military and government networks. The National Cyber Security Center was part of the Bush administration's comprehensive national cybersecurity initiative to protect the government against online attacks.
(go to web site)

"Safer Net Surfing Is Goal of NIST Domain Name Security Experts"
NIST Tech Beat (03/10/09) ; Brown, Evelyn

Scientists from the National Institute of Standards and Technology (NIST) are developing standards, guidance, and testing procedures designed to improve the security of the Domain Name System (DNS). Currently, the DNS system lacks the ability to authenticate the integrity of the source or response to the system, making it easier to redirect users away from legitimate addresses to Web sites that participate in phishing or other illegal Internet-based activity. NIST computer scientists led the development of new Internet Engineering Task Force standards to add digital signatures and associated key management procedures to DNS protocols. These additions, known as DNSSEC, let users validate the authenticity and integrity of the data and will supply the foundation for a new trust infrastructure for the DNS and protocols and systems that depend on it. NIST has posted a draft update of guidelines for DNS security, which is now available for public comment. Additionally, NIST recently provided technical assistance to ensure the security of the .gov top level domain. "We hope that the .gov deployment of DNSSEC will encourage rapid deployment in other sectors, including government contractors, trading partners, and general e-commerce sites," says NIST researcher Scott Rose.
(go to web site)

"Reports: Security Pros Shift Attention from External Hacks to Internal Threats"
Dark Reading (03/09/09) ; Wilson, Tim

For the first time ever, security managers are more concerned about the possibility of insider attacks than they are about the possibility of external threats, reveals a new survey of more than 400 IT and security professionals. The survey found that 52 percent of IT and security professionals are more worried about the possibility of both accidental and intentional data leaks than they are about data leaks caused by hackers. The shift in focus away from external threats comes as security managers say they believe that their organizations will be increasingly impacted by internal threats. The survey found that about 59 percent of security managers feel that it is inevitable or likely that their organizations will be infected by malware that is unintentionally introduced by internal employees or business partners over the next 12 months. An additional 52 percent of respondents said that they believe it is likely that an employee will accidentally leak sensitive data to outsiders. Other recent surveys have confirmed security managers' concerns about insider threats. For instance, a study released by Cyber-Ark Software in December found that nearly 60 percent of U.S. workers have already downloaded sensitive data from their employers with the expectation that they may be laid off in the future. Another survey published by Ponemon Institute in February found that the same percentage of employees who have been fired or laid off actually take sensitive data with them when they leave.
(go to web site)

"Hackers Update Conficker Worm, Evade Countermeasures"
Computerworld (03/08/09) ; Keizer, Gregg

A variation of the Conficker worm is being loaded onto infected computers as a way to preserve the link between the machines and their controllers, say Symantec researchers. In February, about 20 technology firms partnered to register the Internet URLs that Conficker's ringleaders use to keep a grip on corrupted computers. Though the original version of the trojan snatches up roughly 250 domain names a day to be used as conduits for manipulation, the updated version, referred to as Conficker.c, generates as many as 50,000 URLs a day. "Conficker.c makes it even more difficult for us," says Symantec's Vincent Weafer. He adds that registering tens of thousands of new domain names each day would "probably not be feasible." The new version also is capable of turning off security services that detect malware, Weafer says.
(go to web site)

Abstracts Copyright © 2009 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments: