| |
Investigation Mandate Grows -- So Does Liability for Doing Them Wrong
Security Director's Report (10/09) Vol. 2009, No. 10,
Workplace investigations involving employee misconduct have been complicated by numerous federal corporate governance and financial disclosure laws like Sarbanes-Oxley and the Foreign Corrupt Practices Act, as well as new security laws at the state level and new accounting rules. To minimize liability, companies should address the investigation process before an investigation is needed. Companies should have a plan to coordinate investigators, records managers, and information technology staff with regard to electronic information storage, e-mail accessibility, and backups. They should conduct an audit of the communication devices and tools used by employees, such as instant messaging and text messaging on cell phones and Blackberries, since the company's ability to access the communications transmitted on these devices depends on who owns them. A workplace privacy policy is crucial, as employees can bring claims against companies for violating their privacy. However, employees cannot reasonably expect privacy or privilege when employers distribute notices that ban the use of company systems for personal use; deny personal privacy with regard to information stored, created, or sent via company e-mail, voice mail, or Internet; and indicate that the company can monitor all data on its systems. Additionally, during the beginning stages of the investigation, investigators should determine the individuals who may have relevant documents and information in their possession; create a plan to assemble pertinent documents from the systems and employees involved in the investigation; select interviewers who have no ties to the investigation; and ensure privacy policies are up to date, have been distributed, and are enforced.
Copyright Dispute Ensnares Creator of Copyright Shield
Wall Street Journal (10/01/09) Fowler, Geoffrey
A debate is underway in Silicon Valley over whether copyright law protects companies who make filters that screen for copyright theft. Author Elaine Scott filed a lawsuit in September in federal court claiming copyright infringement against Scribd.com, a Web site that allows people to publish their own books and documents online and share them with others. A user of the site had posted without Scott's permission a copy of one of her books. Scribd removed the book from its site after being notified, but the author claims the site didn't do enough to protect her copyright in the first place. Courts have ruled several times that Web sites can't be held accountable when users post stolen material. Scribd created filtering software to prevent books it knows are stolen from being posted again, and every time an author asks Scribd to remove copyrighted work, the company automatically adds that work to its filter. Scott claims that Scribd doesn't have the right to use her book in its filter, even if it claims to be doing so to protect her interests. Other Web sites that host user-generated content have avoided legal squabbles over their copyright filters, in part by being careful about first obtaining licenses from content owners. The dispute highlights the scant progress cyber law has made more than 10 years after Congress passed the Digital Millennium Copyright Act. The debate over filtering efforts "shows just how misdirected copyright law has gotten," says Eric Goldman, an associate professor of law at Santa Clara University in California.
Immigration Crackdown With Firings, Not Raids
New York Times (10/01/09) Preston, Julia
American Apparel, a clothing maker with a vast garment factory in downtown Los Angeles, is firing about 1,800 immigrant employees in the coming days after a federal investigation turned up irregularities in the identity documents the workers presented when they were hired. The firings have become a showcase for the Obama administration's effort to reduce illegal immigration by forcing employers to dismiss unauthorized workers rather than by using workplace raids. They have also divided opinion in California over the effects of the new approach, with Los Angeles Mayor Antonio Villaraigosa describing the dismissals as “devastating.” The mayor's office says the federal government should focus on employers that exploit their workers, as opposed to a company like American Apparel that has been praised for paying well above the garment industry standard, offering health benefits, and giving $18 million in stock to its workers. Opponents of illegal immigration, however, including Representative Brian Bilbray, a Republican from San Diego who is chairman of a House caucus that opposes efforts to extend legal status to illegal immigrants, back the enforcement effort. American Apparel is typical of many companies that have “become addicted to illegal labor,” according to Bilbray. In July, the federal Immigration and Customs Enforcement agency opened audits of employment records similar to the one at American Apparel at 654 companies around the country. John Morton, assistant secretary of homeland security and head of ICE, says the audits covered all types of employers with immigrant workers, including many like American Apparel that were not shadowy sweatshops or serial violators of labor codes.
Suicides in France Put Focus on Workplace
New York Times (09/30/09) Jolly, David; Saltmarsh, Matthew
Since February 2008, here have been 24 suicides at France Telecom, including eight since the beginning of summer this year. These suicides have caught the attention of the French media, the public, and the country's government because many of the suicides, as well as more than a dozen failed attempts, have been attributed to work-related problems by both experts and labor officials. Compared to most other countries, French workers enjoy excellent benefits and job security. However, for those individuals who do find themselves out of work, a new job can be tough to find because high labor costs and the difficulty of getting rid of existing employees put pressure on companies. Even before the recent economic downturn, French psychologists say that job-related anxiety has increased significantly for French workers. Between 2006 and 2007, three technicians working at a single Renault facility outside of Paris committed suicide. The company conducted a review of working conditions at the facility and went back to explain basic management rules throughout the chain of command to ensure they were understood. Since then, the Renault facility reports that it has not seen any suicides with an obvious connection to the workplace. France Telecom has now engaged the same consulting firm used to guide Renault's response, Technologia, to assess its own working conditions. The company has also reported that it plans to freeze worker transfers until the end of October, establish an anonymous help line for employees, and add additional psychological and human resources support.
Uncertainty About Job May Be a Cause of Workplace Violence
Hartford Courant (CT) (09/28/09) Megan, Kathleen
Although the number of workplace homicides is on the decline, the number of incidents of threatening behavior at work is on the rise. According to Larry Barton, the president of The American College in Bryn Mawr, Pa., and an expert on workplace violence, the number of incidents of threatening behavior rose roughly 26 percent between June 2008 and June 2009. Barton said the poor economy is likely to blame for the increase, since it has created more insecurity in the workplace and stress that could cause "some fractures in [employees'] personalities." Barton also noted that anyone could potentially be a perpetrator of workplace violence, though he said the most dangerous person in the workplace is someone he referred to as "the grievance collector," or someone who gets angry about problems in the workplace and cannot let that anger go. However, there are a number of steps that employers can take to prevent such employees from committing violent acts at work, experts say. For instance, employers need to pay close attention to employees' behaviors and emotions, since anyone has the potential to become aggressive in the workplace, said Jodi Jacobson, an assistant professor at the school of social work at the University of Maryland. She also noted that employers need to listen to employees' concerns about colleagues who display troubling behavior, and create a corporate culture in which such concerns can be raised without being perceived as a tattle-tale.
Iran Agrees to Transfer Uranium Abroad
Wall Street Journal (10/02/09) P. A1; Champion, Marc; Solomon, Jay
In a surprise move, Iranian officials who participated in talks with representatives from the permanent U.N. Security Council members and Germany in Geneva on Thursday agreed in principle to send part of their stockpile of enriched uranium to be reprocessed in Russia and France--a concession that Western officials say could temporarily reduce Iran's capability to make nuclear weapons. Under the agreement, the enriched uranium will be reprocessed into new fuel rods for a medical-research reactor in Tehran. In addition, Iranian officials agreed to allow U.N. inspectors to visit its uranium-enrichment facility in Qom, which had been a secret until its existence was disclosed by U.S. and European officials in late September. However, no progress was made on persuading Tehran to stop the expansion of its uranium-enrichment program, said Javier Solana, the European Union's foreign-policy chief. Nevertheless, Western officials were pleased with the apparent concessions made by the Iranians, though others were more skeptical. Some proliferation experts, for example, say they are concerned that Iran could sanitize the uranium-enrichment facility in Qom before inspectors arrive. Others say that the concessions may be a ploy by the Iranians to buy some time and avoid being sanctioned while simultaneously avoiding having to pledge to scale back the nuclear program. Further talks on Iran's nuclear program are scheduled to be held later this month.
Dallas Bomb Plot, Others Not Connected, FBI Says
Dallas Morning News (TX) (10/02/09) Gillman, Todd
Officials from the FBI and the Department of Homeland Security told members of the House Homeland Security intelligence subcommittee on Oct. 1 that there is no connection between the recent plot to attack a Dallas office building and two other terrorist schemes that were disrupted in New York and Illinois. When asked why arrests in the Dallas plot and the two other schemes--which allegedly targeted trains in New York City and a federal building in Illinois--occurred at roughly the same time, FBI officials said that they did not want to take the chance that one arrest would alert the other suspects, even though the three plots were unrelated. In addition to telling lawmakers that three terror plots were unrelated, FBI and DHS officials also briefed lawmakers about the investigation into the plot to blow up the 60-story Fountain Place building in downtown Dallas. Authorities said that the plot was disrupted when undercover agents provided the suspect, 19-year-old Hosam Maher Husein Smadi, with fake explosives and a detonator. The FBI also said that Smadi was eager to travel to Pakistan to seek the assistance of al-Qaida for his plot. Sen. Cornyn (R-Texas) said the case highlights the need to improve immigration enforcement. "It just emphasizes that, in addition to all of the anti-terrorism tools that we need under the Patriot Act, that it continues to be important that we know who comes into our country, why they're here, and protect our country and keep it safe," he said.
FBI, Homeland Security Directors Say Anti-Terrorism Measures Working
Dallas Morning News (TX) (10/01/09) Korn, Marjorie
FBI Director Robert Mueller and Homeland Security Secretary Janet Napolitano testified before the Senate Homeland Security Committee on Wednesday, telling lawmakers that the nation's anti-terrorism measures are working and are becoming increasingly sophisticated. In her remarks to the panel, Napolitano said that her department is taking a number of steps to fight terrorism, including reaching out to communities of foreign-born people in the U.S. to prevent anti-American sentiment from taking hold. In addition, Napolitano noted that her department's counterterrorism methods have diversified in order to fight terrorists in the U.S., which she said are motivated and well-financed. Napolitano also said that the Department of Homeland Security has created 72 so-called "fusion centers" that federal, state, and local law enforcement officers can use to share information about terrorist threats. More fusion centers will open soon, Napolitano said. In addition to discussing anti-terrorism measures, Mueller told lawmakers that he believed that the Internet played a role in radicalizing 19-year-old Hosam Smadi, the Jordanian man who has been accused of trying to blow up a skyscraper in Dallas. Mueller noted that the Internet has become a "powerful conduit for radicalization efforts" since it allows individuals to easily find like-minded extremists.
Obama, War Council Review Afghanistan Strategy
Los Angeles Times (10/01/09) Barnes, Julian E.; Parsons, Christi
President Obama met with his top military advisers on Sept. 30 to discuss options for military action in Afghanistan. The session was the first opportunity for the U.S. and allied commander in Afghanistan, Army Gen. Stanley A. McChrystal, to address the president directly since he submitted a report that recommends sending more troops to the country in order to expand counterinsurgency efforts. Top military officials say that in order to achieve victory, such a broad counterinsurgency strategy will be required. White House officials, however, want to consider alternatives that would focus on more limited objectives, such as training for Afghan security forces or concentrating on finding and killing al-Qaida leaders. Thus far, no agreement has been reached, and there is another meeting scheduled for Oct. 7. In other news, it was announced that Kai Eide, the senior U.N. representative in Afghanistan, has fired the highest-ranking American official, Peter W. Galbraith, after Galbraith pushed for more aggressive steps to weed out voter fraud in the recent Afghan election.
'Kill Obama' Facebook Poll: Latest Sign of Healthcare Anger?
Christian Science Monitor (09/29/09) Montero, David
The U.S. Secret Service has launched an investigation into a poll placed on the profile of an anonymous Facebook user that asked respondents whether or not they thought President Barack Obama should be assassinated. The poll, which was posted using third-party software that is unaffiliated with Facebook, was removed after the Secret Service contacted officials with the social networking site. The poll seemed to be playing off the debate over healthcare reform, since one of the answers to the question "Should Obama be killed?" was "Yes, if he cuts my healthcare." The Secret Service is also investigating several other threats against Obama. Among the people that the Secret Service is investigating is a Maryland man who held up a sign that read "Death to Obama" and "Death to Michelle and her two stupid kids" outside a town hall meeting earlier this week. In addition, the Secret Service is investigating a man who was carrying a loaded gun in plain view across the street from a town hall meeting hosted by Obama in New Hampshire. The threats come amid concerns that the Secret Service cannot adequately investigate such cases. Those concerns were sparked by the agency's 2010 budget request report, which said in May that it may be understaffed and under resourced. The Secret Service has since denied that it is understaffed and under resourced.
U.S. Homeland Security Wants Cybersecurity Pros
PC World (10/01/09) Cooney, Michael
Homeland Security Secretary Janet Napolitano has announced that her department will hire 1,000 cybersecurity professionals over the next three years. According to Napolitano, the individuals that fill these positions will be responsible for a variety of functions, including cyber risk and strategic analysis, cyber incident response, vulnerability detection and assessment, intelligence and investigation, and network and systems engineering. Napolitano also noted that the 1,000 new cybersecurity professionals will help DHS fulfill its mission to protect the nation's cyber infrastructure, systems and networks. Napolitano's announcement comes amid calls for DHS to improve its cybersecurity efforts. A report issued by the Government Accountability Office earlier this year noted that the creation of the National Cyber Security Division, which is responsible for overseeing day-to-day cybersecurity efforts across the nation, has not allowed DHS to become the national focal point of cybersecurity that some thought it would be. Instead, the Defense Department and other organizations in the intelligence community that have significant resources and capabilities have dominated federal cybersecurity efforts, the report said. Meanwhile, Congress is considering a bill that would provide scholarships for students who study in cybersecurity-related fields. In exchange, students who receive the scholarships would agree to work as cybersecurity professionals within the federal government.
BlackBerry SmartPhones Open to SMS Attack
ZDNet UK (09/30/09)
Research in Motion (RIM) is warning BlackBerry users that use BlackBerry Device Software versions 4.5 and up that their devices could be vulnerable to an short messaging service (SMS) attack. According to RIM, attackers could exploit the vulnerability by sending victims a link to a malicious domain name that contains a null character. If the user clicks on the link, the certificate-handling software in the BlackBerry Browser will alert them that the URL they have clicked on does not match the domain they are being sent to, although it will not display the null character in the link. As a result, the alert will appear to be telling users that they are being sent to a site with the same domain name as the URL they clicked on, which means users may be inclined to ignore the warning and visit the malicious site. RIM has provided a patch to address this issue on its Web site. The company also is urging users to use caution when clicking on links in SMS messages and emails, and to select "close connection" if they receive a warning that the URL they have clicked on does not match the domain they are being sent to.
Smart Grid Vulnerabilities Could Cause Widespread Disruptions
InfoWorld (09/29/09) Vijayan, Jaikumar
A new cybersecurity coordination task force report highlights the need for planners to prepare for possible attacks on the U.S.'s smart grid, technology designed to transmit, distribute, and deliver electricity to consumers in a more reliable and efficient manner. The report, prepared by members from private industry, academia, regulatory bodies, and government agencies including the National Institutes of Standards and Technology, notes that there are many security vulnerabilities in the smart grid, including those that occur as the result of problems with authenticating and authorizing users to substations, key management for meters, and intrusion detection for power equipment. Vulnerabilities in the smart grid also can be caused by inadequate patch, configuration, and change management processes, insufficient access controls, and the failure to create risk assessment, audit, management, and incident response plans. There also are a number of privacy concerns associated with the real-time, two-way communication between consumers and suppliers that the smart grid will allow, the report says. One important issue that needs to be dealt with is the data that will be collected automatically from smart meters and how that information will be distributed and used throughout the grid. The report also points out that cybersecurity strategies for protecting the grid need to deal with both deliberate attacks and accidental security breaches that result from user errors, equipment failures, and software bugs.
Conficker Showdown: No End in Sight
Dark Reading (09/29/09) Higgins, Kelly Jackson
Despite the efforts of security researchers and vendors to fight it, the Conficker worm has maintained a steady botnet count of about six million machines since mid 2009, with no signs of abating. Experts are unsure what the botnet operators plan to do with all that power. "We've done a good job at getting a grasp on Conficker itself and its architecture, and have also had great response from groups within the Conficker Working Group," says Andre DiMino with the Shadowserver Foundation, which follows Conficker contaminations for the Conficker Working Group. "Now we just need to be a little more aggressive in remediation and with more awareness to really make a concerted effort to get this thing cleaned up." What bothers security experts is that despite all of the time and money being invested in rooting out Conficker--Microsoft has even promised a $250,000 reward for anyone who identifies the group behind the worm--infections continue to appear around the world. "It continues to be a giant engine idling, and we wait and see what they're going to do with it," DiMino says.
Microsoft Offers Free Security Essentials
InformationWeek (09/29/09) McDougall, Paul
Microsoft on Sept. 29 introduced Microsoft Security Essentials, a free anti-virus application for PCs running Windows XP SP2 and later versions of the operating system. The service, which replaces Microsoft's subscription-based Windows Live OneCare security service, uses a new technology called Dynamic Signature Service to constantly update its malware detection capabilities and keep computers protected from the latest security threats. Microsoft says it is releasing the software because doing so will reduce the number of unprotected computers and keep the Windows environment free of viruses. However, Microsoft's competitors could see the move as an attempt by the company to dominate the anti-virus market by bundling security software with Windows, though the extent to which Microsoft will promote Security Essentials as the default antivirus software in its new Windows 7 operating system remains unclear.
Abstracts Copyright © 2009 Information, Inc. Bethesda, MD |
No comments:
Post a Comment