"Congress Passes Broad New Terrorism Insurance Bill" The Hill (12/19/07) ; Holzer, Jessica The U.S. Congress passed a seven-year extension of the Terrorism Risk Insurance Act (TRIA) that provides coverage for domestic terrorism acts after the U.S. House was forced to accept the U.S. Senate's scaled-down program or risk the expiration of the program altogether. The original extension bill passing in the House would have provided coverage for group life and domestic terrorism as well as extend the program for 15 years, but that program was shunned by the Senate. After much wrangling, the House then passed a modified bill that extended the program for seven years, eliminated coverage for nuclear, chemical, biological, and radiological risks present in the first version of the legislation, but again the Senate balked. The American Insurance Association had lobbied hard for doomsday risk inclusion, but the issue split the insurance industry into two camps, making it difficult for legislators to agree on its inclusion. The TRIA extension bill passing through Congress, which President Bush is expected to sign, also does not lower the coverage trigger from $100 million. (go to web site) "Using Technology to Improve Emergency Management" Chronicle of Higher Education (12/21/07) Vol. 54, No. 17, P. 22 Colleges are placing a greater emphasis on disaster planning after the spring 2007 shootings at Virginia Tech. Many technology companies are now marketing alert systems to colleges that could help improve communication in an emergency scenario. The technology includes text devices, video, and cell phones that can be used to send messages to academic buildings and residence halls. However, security experts warn that technology will not provide a one-step solution for emergency management. Security officers and police are the first to be involved in a disaster situation, with up to 30 minutes passing before a university president and chief information officer is informed of the situation. Forming a disaster plan is vital for any college campus, even if an alert system is in place. "CIO's many times think this is just a technology issue," said Marshall University CIO Jan I. Fox. "But you have to communicate. If you are not sitting down with your head of security, your safety officers, your president, and people who understand what has to happen in an emergency, it means absolutely nothing." (go to web site) "Many States Still Fall Short in Emergency Preparedness" U.S. News & World Report (12/18/07) ; Reinberg, Steven States need to take additional steps to prepare for a potential public health disaster, according to a new report released Tuesday by the Trust for America's Health. Although the report acknowledges that many states have made progress, it cites the seven states that have yet to purchase antiviral medications and the 13 states that have no plan for distribution of medical supplies in an emergency. Additionally, the report said that decreases in federal funding for state and local programs "threaten the nation's safety." One health expert estimates that it would take $5 billion to get U.S. hospitals to the necessary level of preparedness, with an additional $1 billion annually to maintain that level. However, hospital funding has declined to just $400 million a year. The report commended the federal government for passing the Pandemic and All-Hazards Preparedness Act of 2006 and for the creation of the Office of the Assistant Secretary for Preparedness and Response, but called for additional funding for public health and preparedness programs. The report also includes a survey of over 1,000 adults, 54 percent of whom feel that the country is less safe than it was before Sept. 11, 2001. Approximately 60 percent of respondents believe that their community is not adequately prepared to deal with a natural disaster. (go to web site) "The Realities of Risk Management" InformationWeek (12/15/07) ; Conry-Murray, Andrew Cigna Chief Information Security Officer Craig Shumard says that even though security software and hardware vendors integrate a variety of applications into one suite to foster user-friendliness, deployment may not always be successful for client firms. He indicates, "There may be issues around audit trails, unauthorized access, or fine-grained authorization you need to get for a business process or regulation." Integrated vendor suites can provide clients with well-defined policies and processes that monitor an entire organization through an enterprise risk management perspective, but Shumard believes niche security firms may always be necessary given the nature of network security and the evolving regulatory environment. (go to web site) "Energy Companies Face Costly Upgrades to Secure Electric Grid" Network World (12/11/07) ; Messmer, Ellen IT managers at energy companies are concerned about a new cybersecurity mandate that would require energy companies to back up the most critical parts of their industrial control systems against sabotage and unauthorized use. The Federal Energy Regulatory Commission is expected to vote on what regulators have dubbed the Critical Infrastructure Protection standards for physical and cybersecurity of the electric power grid on Dec. 20. Should the FERC approve the new rules, electric power companies would have to upgrade their system control and data-acquisition (SCADA) systems with best practices widely associated with the corporate computer systems. IT managers at energy companies say the scale of what amounts to a "wholesale replacement" of their SCADA systems would be unprecedented and costly. "There are SCADA systems out there for 40 or 50 years and they're running fine," says Energy Security Northwest Chairman Patrick Miller. Miller and energy companies say the FERC decision will likely determine whether they will need to do a complete overhaul of their control systems. (go to web site) "Al-Qaida Offers 'Interview' With No. 2" Associated Press (12/19/07) ; Michael, Maggie Al-Sahab, the media arm of al-Qaeda, invited journalists Sunday to send them questions for Ayman al-Zawahri, the terrorist organization's second-in command. The statement, posted on several Web sites, invited "individuals, agencies and all media" to send questions to Islamic Web forums, which will forward the questions to Al-Sahab. They will be accepting questions until Jan. 16, 2008, though the statement did not specify what medium al-Zawahri would use to give his answers. Al-Qaeda leader Osama bin Laden and al-Zawahri gave interviews to the Western and Arabic media in the 1990s, but neither has offered an interview since the Sept. 11 attacks and the subsequent United States invasion of Afghanistan. Al-Zawahri has appeared in at least 16 messages this year, including a video released Monday. Al-Sahab's releases have become more sophisticated as the organization attempts to target a broader audience. Videos featuring bin-Laden and al-Zawahri are subtitled in English and dubbed in the local languages of Pakistan and Afghanistan. (go to web site) "Administration Plans to Shrink U.S. Nuclear Arms Program" Washington Post (12/19/07) P. A1 ; Pincus, Walter The White House announced plans Tuesday to reduce the size of the nuclear weapons program by closing 600 buildings at nuclear facilities and cutting down the number of active nuclear weapons. The Oak Ridge, Tenn., facility and Lawrence Livermore National Laboratory in California will both be consolidated, losing approximately 90 percent of their nuclear-related land. At least 7,200 jobs will be eliminated, though the plan will leave nuclear research centers intact. The active nuclear arsenal will also be reduced by 15 percent by 2012, which will leave the military with less than 25 percent of the stockpile it possessed at the end of the Cold War. The weapons will not be dismantled, but will be transferred to the Energy Department for storage. The program is a result of a 2003 nuclear reduction treaty with Russia, which led the National Nuclear Security Administration to eliminate production facilities made unnecessary by a shrinking arsenal. The plan will also help the Energy Department consolidate nuclear material, providing better security of nuclear facilities against terrorism. Currently the NNSA spends $800 million annually on nuclear security, a figure that would be substantially reduced under the plan. (go to web site) "3rd Man Pleads Guilty in Homegrown Terrorism Case in Southern California" Associated Press (12/18/07) ; Marquez, Jeremiah A third man accused of plotting to attack Southern California military sites and other targets pleaded guilty to a terrorism conspiracy charge in federal court. Gregory Vernon Patterson, 23, entered his plea in U.S. District Court in Santa Ana to one count of conspiring to levy war against the U.S. government through terrorism. Patterson could face as many as 25 years in prison. Two other men Kevin James, 31, and Levar Haley Washington, 28 pleaded guilty in the case last week. A fourth, Hammad Riaz Samana, has been declared mentally unfit to stand trial and is undergoing psychiatric care at a federal prison. All except Samana, a citizen of Pakistan, are American-born Muslim converts. The men were indicted in 2005 for what authorities said was a plot to attack American military facilities, Israeli government offices, and synagogues in the Los Angeles area. Prosecutors said the plot was orchestrated at the behest of James, an inmate at California State Prison in Sacramento and founder of the radical Muslim group Jamiyyat Ul-Islam Is-Saheeh. The plotters were within weeks of being able to carry out an attack before they were discovered about two months before the Jewish holiday Yom Kippur, officials said. Police uncovered the plot in July 2005 while investigating a string of gas station robberies that authorities say were committed to finance the attacks. (go to web site) "Freed Terrorists Behind U.N. Bomb" CNN (12/14/07) The suicide bombers behind last week's bombings in Algiers were convicted terrorists freed by a government amnesty, according to Algerian security officials. The government has offered amnesties to thousands of militants in an effort to end a long insurgency. The bombers were identified as a 64-year-old man who had terminal cancer and a 32-year-old man, both linked to terrorist organization al-Qaeda in Islamic North Africa. Algerian officials reported 37 people were killed in the Dec. 11, 2007 bombings on the U.N offices and Constitutional Council building, the largest attack on a U.N. facility since 22 people were killed in a 2003 Baghdad bombing. Nine U.N. staff members were confirmed dead, although local media provided higher initial estimates. U.N. Secretary-General Ban Ki-moon condemned the attacks Wednesday, calling for a review of organizational security throughout the Middle East and Africa. The Algerian insurgency began in the early 1990s after national elections were cancelled to prevent victory by an Islamic fundamentalist party. (go to web site) "Chertoff Identifies Four DHS Priorities in 2008" HSToday (12/17/07) Department of Homeland Security (DHS) Secretary Michael Chertoff outlined four priorities for 2008 in a Dec. 12 speech in Washington, D.C. A continued priority for DHS is the improvement of immigration control and border security. Chertoff called for a program that would reform the immigration process to provide some rights for the approximately 12 million illegal immigrants currently in the United States. In order to prevent further illegal immigration, DHS plans on building an additional 380 miles of fencing along the U.S.-Mexico border and building up a force of 18,000 Border Patrol agents. Chertoff also defended the e-Verify system, a controversial new initiative that can match employee social security numbers to identification records in order to identify illegal immigrants. A related priority for 2008 is the further development of a standardized secure identification card; the Western Hemisphere Travel Initiative will mandate all U.S. citizens to show an approved type of identification, such as a new Enhanced Driver's License, before returning to the United States by land. DHS is also expected to issue the final regulations for the REAL ID program in 2008. Other priorities include expanding the Einstein Program to further improve national cyber-security and institutionalize internal positions, which would allow employees to work faster and collaborate more effectively with other agencies. (go to web site) "Pictures Through the Air" Access Control & Security Systems (11/01/07) Vol. 50, No. 12, P. 16 ; Fickes, Michael In the aftermath of the 2005 London terrorist attack involving three underground trains and a bus, the transit system's video system enabled Scotland Yard to weed through the footage as part of its investigation. However, transit authorities in the United States increasingly are employing wireless video systems as a means of curtailing crime and speeding up the emergency response. Wireless video systems use multiple small nodes to transmit signals and establish a network, with these nodes placed on the buses and trains, police cars, poles lining city streets, and subway tunnel walls, among other locations. Because constantly transmitting videos from numerous buses and trains would burden the network, drivers are equipped with radios to communicate with law enforcement and transit headquarters, as well as panic buttons that send emergency alerts and mark the video for a specified time period. The wireless video systems installed on the Massachusetts Bay Transportation Authority buses create wireless networks with police cars within range, allowing officers to view the cameras as necessary. Grants from the Department of Homeland Security are enabling transportation authorities to install cameras in transit vehicles; and, despite the added costs, some experts recommend mesh networks. With mesh networks, cities benefit from being able to offer WiFi hotspots to commuters, as well as sell network time to advertisers. (go to web site) "Hackers Have Poor Nations' PCs in Their Sights" New Scientist (12/15/07)No. 2634, P. 22 ; Reilly, Michael Cybersecurity remains an untamed frontier in developing countries, allowing hackers to operate and wreak havoc with near-total impunity. "All in all, you have a perfect recipe for botnet attacks in the developing world," notes Ethan Zuckerman of the Berkman Center for Internet and Society. He observes that hacker activity rises dramatically once a country achieves 10 percent to 15 percent Internet penetration. The International Telecommunications Union (ITU) is rolling out a global effort to implement cybersecurity measures that the developed world uses within the Third World, but it will be a formidable challenge. Poorer nations do not possess the funds for countermeasures nor the technical training to erect effective cyberdefenses, partly because the cost of Internet connectivity is much higher than it is in industrialized countries. Africa, which is already beset with economic turmoil and computer vulnerability, could become even more ripe for cyber-exploitation as cheap, streamlined computers become widely available through initiatives such as the One Laptop Per Child program. International cooperation is essential to the improvement of developing nations' cyberdefenses, says the University of Cologne's Marco Gercke. Seymour Goodman of the Georgia Institute of Technology cites the importance of organizing national computer emergency response teams (CERTs), which would analyze the type of attack and the required countermeasures while also informing ISPs, and the ITU wants to supply the expertise and training to set up CERTs in all developing countries. (go to web site) "Six Federal Security Programs That Are Making a Difference" Computerworld (12/12/07) ; Vijayan, Jaikumar Six federal security initiatives have brought about significant improvements in one or more of three areas: Preventing cyber attacks against critical infrastructure targets, reducing national vulnerability to cyber attacks, and minimizing damage and recovery time from attacks that do occur, says the SANS Institute. One of those initiatives is the Federal Desktop Core Configuration initiative, which helps government agencies lower procurement costs and improve the security of their desktop environments by requiring agencies to implement standard baseline security configurations on machines running Windows XP and Vista. One federal entity that uses the configurations is the U.S. Air Force, which was able to reduce patching time from 57 days to less than 72 hours. In addition, the configurations helped the Air Force reduce its desktop procurement costs by more than $100 million, according to the SANS Institute. The Air Force's success has not gone unnoticed by the rest of the federal government, which is in the midst of an initiative to implement similar baseline standards on millions of desktops. (go to web site) "Roundup 2007: Top 5 Influential IT Security Thinkers" SC Magazine (12/01/07) Vol. 18, No. 12, P. 27 Karen Evans is in her fifth year as the administrator for e-government and IT at the federal Office of Management and Budget (OMB), a role that puts her in charge of IT at 26 cabinet-level federal agencies. Evans has lately been focusing on data security, and acknowledges that there is a lot of federal data to protect, and that many improvements must be made. Evans believes agencies cannot secure their data until they are familiar with their inventory, which is why she oversaw a 2007 OMB memo requiring federal agencies to minimize their storage of personal records and to design a strategy for ending the unwarranted use of Social Security numbers. Another major accomplishment in 2007 was OMB's mandate that all agencies must shift to a common Microsoft operating system configuration. "When you analyze these breaches, you realize what it comes down to is that a lot of these could be avoided if you have good configuration management and patch on time," Evans explains. She is also striving to ensure than agencies can respond appropriately when data breaches occur, and to that end OMB has signed contracts with two vendors for credit monitoring services and risk analysis services. Evans is also pushing agencies to comply with the 2002 Federal Information Security Management Act. Alan Paller of the SANS Institute testifies that Evans is "the right character with the right experience" to guide federal information efforts. "I despair that we'll never find another one like her," he adds. (go to web site) "Managing Technology 2008" Government Executive (12/01/07) Vol. 39, No. 21, P. 32 ; Aitoro, Jill R. Securing personal information for both the public and for government workers will be a key aspect of data security in 2008, according to feedback from IT managers, researchers, and consultants. Indeed, as of October 2007, personally identifiable data was exposed in 30 incidents a day, on average, according to reports from federal agencies. Organizations are striving to prove that they know how to respond to a privacy breach; response guidelines can be found in past laws and communications. The Homeland Security Department recently updated the 1974 Privacy Act to mandate every agency to ratify rules of conduct for employees working with records systems, and to institute technical, physical, and administrative defenses to guarantee records' confidentiality. The Office of Management and Budget also published memorandums on privacy that compel every agency to appoint a senior agency official for privacy and to review all policies and processes. Agencies are also required to report all security incidents that expose personally identifiable information to the U.S. Computer Emergency Readiness Team within one hour of the incident. To reduce risk, agencies should treat personal information the same way they treat other sensitive data, particularly when kept on mobile devices. Experts add that 2008 would be a good time to ensure that agencies are using the National Institute of Standards and Technology's checklist, which includes such tasks as encrypting all data and locking applications housing personal information. (go to web site) Abstracts Copyright © 2007 Information, Inc. Bethesda, MD |
No comments:
Post a Comment