| How to Develop a Taser Program Security Management (07/13) Anderson, Teresa Hennepin County (Minn.) Medical Center's experience in providing its 40 security officers with conducted electrical weapons (CEWs), which are more commonly known as Tasers, may be instructive for other hospitals considering a similar move. The security department at the hospital, which is located in Minneapolis, decided that it wanted to provide its security officers with Tasers after it determined that doing so would be the best way to improve officer safety. But the security department first needed to get the approval of other stakeholders within the hospital before it could implement a policy that called for providing security officers with Tasers. The process of getting stakeholder approval lasted three and a half years, and involved convincing stakeholders such as doctors and nurses that the hospital needed to be a safe environment in order to effectively provide care to patients. Once the program was approved, the hospital's security department conducted a year-long study in which it collected data to determine whether giving security officers Tasers helped improve safety. That study found that the introduction of Tasers helped reduce injuries to staff members and security officers, and also often caused aggressive individuals to back down. Dr. Jeff Ho, the medical director for the hospital's security department, says that the program remains a success--so much so that those who were originally opposed to the use of Tasers now support the use of the devices. Dropped Cell Phone Helps Bust Theft Ring Operating From Huntsville to Clarke County AL.com (07/31/13) Kirby, Brendan A dropped cell phone found by an employee of Safford Hardware in Alabama following the March 23 theft of a trailer and flatbed truck helped investigators identify five men who have been charged with stealing heavy equipment from companies in the state and transporting the equipment across state lines. Pictures on the cell phone of Corey S. Howard showed two stolen vehicles, including a pickup truck and an ATV that was stolen from American Proteins in Hanceville, Ala., in March. The pickup was found at the home of Howard's co-defendant Timothy T. Beasley, and the ATV was found at Beasley's mother's home. Howard could face a maximum of 10 years in prison, though his plea agreement offers the possibility of leniency in exchange for his cooperation. In addition to the pickup and ATV, Howard has admitted to being involved in several other thefts, including the theft of a roll-back wrecker from Reliable Towing in Huntsville, Ala., the theft of a roll-back wrecker from Ralph's Heavy Duty Truck Equipment in Antioch, Ala., and the theft of several pieces of equipment from Lewis Environmental and Pest Control in Thomasville, Ala. Others believed to be involved include Wayne A. McCarty Sr., who has pleaded guilty; his son, Wayne A. McCarty Jr., who has since died; and Rickel D. Powell, who has pleaded not guilty. Jewel Heist on Riviera Raises Security Questions Associated Press (07/30/13) Keaten, Jamey; Hinnant, Laura Following the theft of $136 million of jewels from a diamond show on the ground floor of the Carlton Intercontinental Hotel in Cannes, France, last weekend, questions have arisen over how the jewels were left so vulnerable that a single thief armed with only handgun was able to get away with one of the largest thefts in history. The guards at the diamond show were few and unarmed, as private security guards are generally prohibited from carrying weapons in France. In addition, the police were not informed of the diamond show, which featured tens of million of dollars in gems that were to be on display for more than a month. John Kennedy, the president of the New York-based Jewelers Security Alliance, noted that when that kind of value is at stake, standard procedures are not enough, and added that those planning the show did not seem concerned about Cannes' storied history of jewel heists. A statement from collection owner Lev Leviev, said "Leviev takes the security of our staff and merchandise very seriously and all reasonable security measures required by our insurers were implemented prior to the robbery taking place." Former Citibank Employee Sentenced for Salomon Brothers Theft Reuters (07/30/13) Wiessner, Daniel Former Citibank employee Karen Febles was sentenced to more than four years in prison on Tuesday after having been convicted in January on charges of bank fraud, money laundering, tax evasion, and wire fraud. Febles was found guilty of stealing $1.3 million from William Salomon, who she served as an executive assistant. According to federal prosecutors, between 2005 and 2011, Febles changed the amount on checks signed by Salomon and kept the difference. Febles has been ordered to pay more than $1.1 million in restitution. In a separate case that is currently pending in New York state court, William Salomon has sued Citigroup for failing to properly supervise Febles while she was committing "systematic theft," which he said totaled $3 million. Citigroup has said that it cannot be held responsible for the theft because Febles was handling Salomon's personal finances, and was thus acting outside of her official job responsibilities. Dangerous Liaisons: Terrorism and Pharma PharmExec.com (07/01/13) Halperin Wernli, Miriam; Ganor, Boaz Pharmaceutical companies have a duty to address security gaps that could be exploited by terrorist groups, according to Dr. Miriam Halperin Wernli of Actelion Pharmaceuticals and Dr. Boaz Ganor, the co-founder of the International Centre for the Study of Radicalization and Political Violence. These gaps pose risks that fall under three major categories, the first being the possibility that terrorists could use cyberattacks to steal drug company formulas or technology, Wernli and Ganor say. The second risk is the possibility that an employee could contaminate medicines with toxins during drug production or packaging stages. The third is the potential for terrorists to access pharmaceutical technology to develop chemical or bio-terrorism weapons. Wernli and Ganor say that in order to prevent these types of incidents, pharmaceutical companies need to act preemptively. This means reviewing procedures for employee screening at all levels, from top researchers to warehouse workers. Organizations must also develop formal security Standard Operating Procedures (SOPs) to protect computer networks and physical supply chains alike from breaches that could result in the theft of information or products as well as malicious contamination, Wernli and Ganor say. These SOPs must be rigorously and repeatedly tested to properly prepare the organization to deal with attempted terrorist attacks, however unlikely they might seem. Terror Threat Prompts U.S. to Close Diplomatic Missions New York Times (08/02/13) Mazzetti, Mark U.S. officials announced Thursday that a credible threat from one of al-Qaida's regional affiliates has prompted the State Department to close nearly all American diplomatic facilities in the Middle East, North Africa, and South Asia this weekend. That includes diplomatic facilities in Egypt, Iraq, Israel, Kuwait, and Saudi Arabia. The officials said that the decision to close so many embassies at the same time was unusual, but that there was good reason to believe that an al-Qaida regional affiliate might be planning to carry out an attack in the next several days. A State Department spokeswoman also said that the decision to close the facilities was taken to protect employees and visitors to the installations. It is not clear which of al-Qaida's regional affiliates made the threat. However, the Yemen-based al-Qaida in the Arabian Peninsula is the only al-Qaida affiliate that has shown both the desire and the capability to attack American installations located abroad. The threat and the decision to close the diplomatic facilities comes at the end of Islam's Ramadan holidays as well as the approaching one-year anniversary of the attack on the U.S. diplomatic facility in Benghazi. Senate Panel Presses NSA on Phone Logs New York Times (08/01/13) Savage, Charlie; Sanger, David E. The National Security Agency's collection of domestic phone records was sharply criticized by members of both parties at a Senate Judiciary Committee hearing on Wednesday. Among the lawmakers who criticized the program was committee Chairman Sen. Patrick Leahy (D-Vt.), who said that there were major privacy implications associated with keeping the records of Americans' domestic phone calls. He added that the Obama administration has exaggerated the success of the program in disrupting terrorist attacks, and said that the program should be ended if it is not effective. Also appearing at the hearing was Robert S. Litt, the top lawyer in the Office of the Director of National Intelligence, who said that the Obama administration would consider re-evaluating the phone metadata collection program in order to give the public more assurance that privacy is being protected but said that the administration did not want the essence of the program to be changed. The hearing came the same day that Edward Snowden released a classified 32-page presentation about another surveillance program called XKeyscore, in which NSA collects data from 150 foreign sites about Internet activity around the world. Analysts specifically use the program to search for unusual Internet activity that may be associated with terrorists, though the presentation notes that the program can be used to identify any individual conducting suspicious Web searches. Manning Found Not Guilty of Aiding the Enemy, Guilty of Espionage Washington Post (07/31/13) Tate, Julie; Londoño, Ernesto A military court judge on Tuesday handed down a verdict in the case of Pfc. Bradley Manning, the Army soldier who used his access to classified information to obtain more than 700,000 sensitive government documents that he later provided to the whistleblower site WikiLeaks. Col. Denise Lind, the judge in the case, found Manning not on a charge of aiding the enemy as well as a charge related to his leak of a video of a U.S. airstrike in Afghanistan. In finding Manning not guilty on the charge of aiding the enemy, Lind rejected the argument put forth by government prosecutors that Manning's release of the documents amounted to treason because it had helped al-Qaida. Prosecutors also argued during the proceedings that Manning should have known that terrorist organizations such as al-Qaida would be interested in and could benefit from his disclosures of diplomatic cables and battlefield reports. But Manning was found guilty on a host of other charges, including several violations of the Espionage Act. The sentencing phase of the trial will begin Wednesday and could last several weeks. Manning could face as much as 136 years in prison. James ‘Whitey’ Bulger Team Builds its Defense Boston Globe (07/31/13) Murphy, Shelley; Valencia, Milton J. Two retired FBI agents scheduled to testify in the defense of alleged Boston mob boss James "Whitey" Bulger took the stand on July 31 in an effort to prove that Bulger never killed women and that was not an FBI informant. The first, Fred Davis, testified that agents in the Boston office were worried information was being leaked to Bulger's Winter Hill Gang, adding that Bulger's FBI handler, John J. Connolly Jr., went through his squad's files. Davis said he told a supervisor to prevent Connolly from accessing the files. He also reported that Bulger was "worthless" to the FBI as he was not providing much information, although cross-examination showed that during the time that Davis reviewed Bulger's file he was not acting as an informant because he was being investigated on race-fixing charges. The defense alleges that Connolly faked Bulger's file from 1975 to 1990 to cover up their dealings. Another former agent, James Crawford, testified about a meeting with the mother of Debra Davis, who believed her daughter had been murdered by her boyfriend, former Bulger associate Stephen Flemmi. Flemmi testified for the prosecution that Bulger had strangled Davis because she knew they were both FBI informants. Davis is just one of 19 murders with which Bulger is charged; two others are the 1982 slayings of Edward "Brian" Halloran and an innocent bystander, Michael Donahue. Crawford testified that Flemmi planned to kill Halloran because he knew Halloran was wearing a wire and was cooperating with the FBI. Administration to Reveal Order on Americans' Phone Records Washington Post (07/30/13) Horwitz, Sari The Obama administration has declassified a secret order issued by the Foreign Intelligence Surveillance Court in April that directed Verizon Communications to turn over data on Americans' phone records. The document is scheduled to be disclosed on Wednesday morning in time for a Senate Judiciary Committee hearing during which officials from the Justice Department, the National Security Agency, and the Office of the Director of National Intelligence will be questioned regarding NSA surveillance programs. The recently declassified document has been described as the formal order underlying the directive released by Edward Snowden in June. The officials said they hoped that the document will help citizens see how the federal government gathers communications records under the Foreign Intelligence Surveillance Act and that it will shed light on the restrictions which limit the nation's surveillance programs. IT System Security Authorization More Dynamic Than in Past, Says NIST Official FierceGovernmentIT (07/31/13) Perera, David U.S. National Institute of Standards and Technology's Ron Ross says NIST and the Department of Defense are collaborating to implement a new risk management-based authorization framework across federal agencies. "The old certification and accreditation process has been gone for three years now," Ross notes. The new framework calls for agencies to take a risk-based approach to authorization, accepting greater amounts of risk for systems that could be penetrated with only minor or moderate disruption, and taking greater care with more sensitive systems. The Defense Department has led the way in this effort, shifting away from the DoD Information Assurance Certification and Accreditation Process to the risk management framework. Ross says some cyberattacks are going to get through one way or another and that authorizing officials should be willing to accept the risk of penetration for lower-sensitivity systems. One factor Ross notes as holding back the transition to the risk management framework is the common separation of authorizing authority from IT security. "We've got to get the cybersecurity folks embedded within the acquisition office, the system development lifecycle, system engineering, and just the enterprise architecture in general," Ross says. "That hasn't happened in many, many organizations." Black Hat Event Highlights Vulnerability of U.S. Critical Infrastructure Homeland Security News Wire (07/30/13) Cybersecurity researchers at the ongoing Black Hat conference will be demonstrating the ways that hackers can gain access to the nation's critical infrastructure, and even cause explosions at oil and gas facilities simply by altering readings on wireless sensors. In addition, presenters will show companies how financially damaging it will be to refuse to replace these expensive wireless sensors, which are flawed in how they handle encryption, and install new standards that will not have the same vulnerability. The sensors in question typically cost between $1,000 and $2,000 each, and a single oil, gas, or water facility may have hundreds or even thousands of them installed. Lucas Apa and Carlos Mario Penagos of IOActive were able to gain access to the sensors with radio transmissions from as far as 39 miles away, and could then change the pressure and volume readings displayed by the sensor. They noted that if a facility's control system were to change in accordance with the inaccurate readings, they would be able to disable anything from a pipeline to a pump, or even the entire plant. While they noted that it would take a decent amount of specialized experience for a hacker to conduct a destructive attack, Apa and Penagos also said that it would take a long time for patches to be applied, as the encryption flaws were found in the devices supplied by three of the largest vendors in the field. They are working with Department of Homeland Security and the equipment manufacturers to correct the flaws. NIST Seeking Comments on Energy Industry Security Scenarios Homeland Security News Wire (07/30/13) The National Institute of Standards and Technology (NIST)'s National Cybersecurity Center of Excellence (NCCoE) is asking for the energy industry's assistance in addressing two information technology challenges that the sector faces. In particular, the center is asking for feedback on two proposed "use cases," the solutions of which would provide the sector with centralized control of access to structures and systems and would reduce the security blind spots in their operations. NCCoE Deputy Director Nate Lesser says that "These use cases represent sector-wide cybersecurity challenges" that will be addressed "through a collaborative effort between the NCCoE, the energy sector, and technology partners," though he added that public input is desired to ensure the usefulness of the resulting solutions. The first proposed use case is focused on energy companies' need to control the logical and physical access to their resources. This will require them to have the ability to authenticate identity with a high degree of certainty while enforcing access controls across all resources consistently, quickly, and uniformly. The second use case solution would allow security analysts to view operational and information technologies as a cohesive whole, making the detection of issues that could disrupt services easier. Successful solutions would provide blueprints for improving cybersecurity, and would support energy companies' business needs by reducing costs, risks, and system complexity. NATO Urges Military to Recruit White Hat Hacker Army to Boost Defenses V3.co.uk (07/29/13) Stevenson, Alastair The North Atlantic Treaty Organization (NATO) has called for the military and private industry to recruit more ethical hackers, as their skills can be an essential weapon in its ongoing anti-black hat war. "In order to have a defense you need to have a much wider group of people with a much broader set of skills working for you than as in the old days when we were talking about the man from the ministry with a set identity," says NATO deputy assistant secretary general Jamie Shea. The hacker community is currently an under-tapped source that could help temporarily plug the global cyberskills gap, adds a NATO spokesperson. Companies and governments must create an ethical disclosure culture making it financially advantageous for cyberprofessionals to responsibly report vulnerabilities, the spokesperson says. Many analysts have warned that governments are not training enough people with cybersecurity skills, and a recent United Kingdom National Audit Office report said the skills gap would last 20 years. However, the NATO spokesperson lauded the UK Cyber Strategy as a key step in the right direction. "The UK has recently launched a training and education initiative in schools and universities to address the skills gap," the spokesperson says. New Central Ohio FBI Chief Says Cyber Threats Will Eventually Surpass Terrorism Dangers 10TV (07/24/13) Kevin Cornelius, who has been named the Special Agent in Charge of the FBI in central Ohio, has commented that while terrorism is the top threat in the area, cyber crimes are a close second that will eventually surpass the threat posed by terrorism. Cornelius spoke to InfraGard, a group of security specialists in the public and private sector who share cyber threat information with the FBI, saying "We're losing data. We're losing money. We're losing innovative ideas, and that's something that we see across America. The intrusions outstrip what we have seen in the past, and it's time for us to take a look at it as a community, as a network, to prevent intrusions." Abstracts Copyright © 2013 Information, Inc. Bethesda, MD |
No comments:
Post a Comment