Friday, March 27, 2009

Security Management Weekly - March 27, 2009

header

  Learn more! ->   sm professional  

March 27, 2009
 
 
CORPORATE SECURITY  
  1. " Economic Uncertainty Boils Over in Workplace"
  2. " Chertoff to Form Risk-Management Firm"
  3. " 3 Dead in MTS Shootings" San Diego
  4. " Drug-Free Workplace" West Virginia Legislature Considering Bill That Would Require Some Contractors to Pay for Employee Drug Screenings
  5. " London Bankers Warned to Dress Down Amid Violence Fears"

HOMELAND SECURITY  
  6. " U.S. Defines Its Afghan Strategy"
  7. " Clinton Offers Mexico Help in Drug War"
  8. " Director of FBI Urges Renewal of Patriot Act"
  9. " Transit Security: CTA Says It's on Slow Train for Terrorist Alerts" Chicago Transit Authority Asks for Federal Approval to Begin Receiving Highly Sensitive Security Information
  10. " U.S. Missile Strikes Take Heavy Toll on Al Qaeda, Officials Say"

CYBER SECURITY  
  11. " Advances in Data Safety Drawing Wider Attention"
  12. " NASCIO Says States Deal With Complex Array of IT Security Standards"
  13. " IE8 Best at Blocking Malware Sites, Says Study"
  14. " Scholarship Program Targets Need for Cybersecurity Skills"
  15. " Power Grid Is Found Susceptible to Cyberattack"


   






 

"Economic Uncertainty Boils Over in Workplace"
Globe and Mail (CAN) (03/26/09) ; Leeder, Jessica

Workplace violence experts are trying to determine whether the global recession has sparked an increase in the number of violent incidents in the workplace. A number of such incidents have taken place throughout the world as the economy deteriorated and job losses mounted over the last several months. At a 3M manufacturing plant in France, for example, workers are holding the company's director of French operations hostage in an effort to win better severance packages for those laid off and better conditions for those who remain on the job. There have also been incidents targeting high-profile executives. In one such incident in Scotland, Sir Fred Goodwin, the disgraced former head of Royal Bank of Scotland, had the windows of his home and Mercedes smashed by vandals who were upset about news that he left his job with a roughly $1.2 million annual pension. Experts say that it is not surprising executives are being targeted, since they are often perceived to be the ones who have instituted layoffs or badly managed a company. However, layoffs themselves are often not the cause of workplace violence, experts say. They noted that employees are often more upset about the unemotional way managers tend to handle lay offs.
(go to web site)

"Chertoff to Form Risk-Management Firm"
Wall Street Journal (03/26/09) ; Simpson, Cam

Former Department of Homeland Security Secretary Michael Chertoff has formed his own risk-management company to help corporate clients and governments deal with a variety of security issues. The company, known as The Chertoff Group, will be based in Washington, D.C., and will advise clients on issues such as cyber security, terrorism, fraud, border protection, and supply chain security. The Chertoff Group will also offer due diligence support and consulting services on mergers and acquisitions in the security industry.
(go to web site)

"3 Dead in MTS Shootings"
San Diego Union-Tribune (03/25/09) ; Gross, Greg; Martinez, Angelica; Wilkens, John

A mechanic for San Diego's Metropolitan Transit System shot and killed two of his co-workers at a bus-maintenance depot early Tuesday morning before being shot and killed himself by police officers. The shooting occurred despite MTS policies that prohibit firearms at work and despite the presence of security guards at the depot. Police are not saying why the man, 47-year-old Lonnie Glasco of El Cajon, Calif., may have killed 37-year -old Benjamin Mwangi and 55-year-old Michael Stevenson. According to San Diego police Lt. Kevin Rooney, investigators are following a number of leads and have some ideas about why Glasco decided to shoot his co-workers, though he added that "feelings are not facts." It appears that problems in the workplace may not have been a motive for the shooting. MTS spokesman Rob Schupp noted that Glasco had not been laid off and that he was unaware of any job-related actions against him. However, experts say that if other episodes of workplace violence are any indication, Glasco was likely mad at someone in particular at MTS or angry at the business itself. They added that the economy was likely not a factor in the shooting, since workplace shootings happen in good economic times and bad.
(go to web site)

"Drug-Free Workplace"
WVMetroNews.com (03/25/09)

The West Virginia state House has passed a bill that would require contractors doing publicly funded jobs worth more than $50,000 to provide pre-employment drug screenings for their employees. In addition, the bill requires contractors to refer employees who fail their drug tests to public programs that will help them get off of drugs. The bill has been criticized by small contractors in the state, who say that it will prevent them from competing for state financed construction projects because they cannot afford to pay for the required drug screenings. Supporters of the bill, however, say it will improve workplace safety. The bill now moves to the West Virginia state Senate for its consideration.
(go to web site)

"London Bankers Warned to Dress Down Amid Violence Fears"
Australian Broadcasting Corp. News (03/24/09) ; Alberici, Emma

Law enforcement officials in London are preparing for the possibility of violence in the days before the G20 summit of world leaders next week. The protests are set to begin this weekend with a rally and a march from London's embankment to Hyde Park. A number of groups are expected to descend on London to express their anger about the global recession, including a group known as the G20 Meltdown. The group has put up posters throughout London that feature pictures of a man in a suit hanging in a noose. Other groups, meanwhile, are running "burn a banker" appeals on their Web sites. As a result, authorities in London are advising workers in the city's financial district to dress casually so they do not draw the attention of protesters. But despite the warning, some bankers say they plan to wear three-piece suits and extra ties just to provoke the protesters.
(go to web site)

"U.S. Defines Its Afghan Strategy"
Wall Street Journal (03/27/09) P. A6 ; Dreazen, Yochi J.

The Obama administration had developed a new strategy for dealing with Afghanistan as part of an effort to prevent the resurgent Taliban and al-Qaida from destabilizing the country and neighboring Pakistan. The most notable element of the new strategy, which is scheduled to be unveiled Friday morning, is the $1.5 billion in economic development aid that will be given to Pakistan each year for the next five years. In addition, the plan calls for additional Predator drone strikes on militant targets inside Pakistan. U.S. and Pakistani officials are still determining which terrorist targets will be attacked in the strikes. In Afghanistan, meanwhile, the U.S. would deploy troops to the south of the country to disrupt the opium trade, which provides the Taliban with billions of dollars every year. The strategy calls for U.S. or Afghan troops to offer poppy farmers free wheat seed to use as a replacement crop. Farmers who refuse will have their fields will be burned. Senior U.S. officials are hoping the new strategy will change the current situation in Afghanistan, in which the Taliban has day-to-day control over many rural areas, as well as the situation in Pakistan, in which militants have battled the country's army to a draw in several regions. U.S. officials say that neither situation is "remotely sustainable."
(go to web site)

"Clinton Offers Mexico Help in Drug War"
Wall Street Journal (03/26/09) ; Solomon, Jay; De Cordoba, Jose

Secretary of State Hillary Clinton arrived in Mexico City on Wednesday and told Mexican President Felipe Calderon that the U.S. was prepared to help Mexico deal with the growing drug-related violence along the border between the two countries. Among the steps the U.S. would take, Clinton said, are efforts to reduce Americans' demand for illegal drugs, which she said has helped fuel the drug trade in Mexico. Clinton also pledged that the Obama administration would take steps to prevent weapons from being smuggled from the U.S. into Mexico. As part of that effort, the U.S. may begin to increase the inspections of cars and trains traveling south from the U.S. Finally, Clinton said the Obama administration would ask Congress for $80 million for three Black Hawk helicopters for Mexico. Clinton's pledge of U.S. support in Mexico's efforts to stamp out drug-related violence came as officials announced the capture of Hector Huerta, the third alleged drug lord taken into custody over the past week.
(go to web site)

"Director of FBI Urges Renewal of Patriot Act"
Washington Post (03/26/09) P. A8 ; Johnson, Carrie

During his testimony before the Senate Judiciary Committee on Wednesday, FBI Director Robert S. Mueller III called on lawmakers to renew several provisions in the USA Patriot Act that are scheduled to expire in December. One of the provisions that Mueller said he would like to see extended beyond December is a measure that allows investigators to seek a terrorist suspect's records from companies he does business with without notifying him. Mueller noted that the provision, which has been used roughly 220 times between 2004 and 2007, has been "exceptionally helpful" in the FBI's national security investigations. Mueller also noted that he would like Congress to renew the provision that allows investigators to obtain just one warrant to perform surveillance on every electronic device terrorist suspects carry. Before the Patriot Act was signed into law, investigators had to obtain a warrant for each device. According to Mueller, the provision has helped to eliminate a large amount of paperwork for the FBI. Critics of the provisions, including the American Civil Liberties Union, say they violate Americans' constitutional rights.
(go to web site)

"Transit Security: CTA Says It's on Slow Train for Terrorist Alerts"
Chicago Tribune (03/24/09) ; Hilkevitch, Jon

Officials from the Chicago Transit Authority told members of a homeland security working group convened by U.S. Rep. Peter Roskam (R-Ill.) that they are waiting for federal approval to receive highly sensitive security information, including tips about terrorist threats against rail systems. Among the CTA officials who spoke at the hearing was Amy Kovalan, CTA's vice president of safety. She noted that the transit agency would like to have five or six of its officials receive the top security clearance from the Transportation Security Administration so they can access classified materials that contain data that may be able to help them better secure Chicago's transit system. However, CTA currently has no officials who are capable of accessing federal terror alerts, said CTA Vice President of Safety Daniel Hall. As a result, Chicago area rail systems are vulnerable to a terrorist attack, officials said. Officials from CTA and Metra also noted that commuter, elevated, and subway trains in the Chicago area are vulnerable to attack because the federal government has not provided the agencies with the funding to upgrade security technology. The officials said that much of the communications equipment at CTA is not able to be used to talk with security officials at Metra in the event if a terrorist attack or some other type of emergency.
(go to web site)

"U.S. Missile Strikes Take Heavy Toll on Al Qaeda, Officials Say"
Los Angeles Times (03/22/09) ; Miller, Greg

U.S. intelligence and counter-terrorism officials say stepped-up Predator drone attacks in northwest Pakistan have caused al-Qaida militants to turn on one another. The CIA-controlled missile strikes from unmanned aircraft have intensified over the last six months, with at least 38 carried out since Aug. 31, compared with 10 for all of 2006 and 2007. According to counter-intelligence officials, the targeted killing program has netted significant gains since the missile strikes escalated, with at least nine senior al-Qaida leaders and dozens of subordinate operatives killed, including the purported mastermind of an alleged 2006 transatlantic airliner plot and the head of al-Qaida's chemical and biological weapons efforts. "This year has been a very hard year for them," says one unidentified intelligence official. "They're losing a bunch of their better leaders. But more importantly, at this point they're wondering who's next." The strikes have created a lot of confusion and paranoia among militants. "They have started hunting down people who they think are responsible" for security breaches, the same official says. "People are showing up dead of disappearing."
(go to web site)

"Advances in Data Safety Drawing Wider Attention"
University of Texas at Dallas (03/25/09) ; Moore, David

University of Texas at Dallas computer scientist Bhavani Thuraisingham recently traveled to Australia and Taiwan to discuss the school's research in the field of assured information sharing. Thuraisingham is leading an effort to develop an assured information-sharing lifecycle, with each researcher working on a different challenge. Thuraisingham and UTD professors Latifur Khan, Murat Kantarcioglu, and Kevin Hamlen are developing an assured information-sharing lifecycle, with each researcher working on a different challenge. Thuraisingham has developed a prototype system for policy-based information sharing to handle untrustworthy partners, Kantarcioglu has developed techniques based on game theory to manage semi-trustworthy partners, Khan has developed data-mining techniques to obtain defensive information operations from within untrustworthy partners, and Hamlen is examining program rewriting techniques that address offensive information operations executed by untrustworthy partners. "We are exploring the application of policy-based information sharing for health informatics and beginning collaborations with healthcare experts," Thuraisingham says. "We are also applying semantic Web technologies for information sharing and have projects with the National Science Foundation, the Intelligence Advanced Research Projects Activity, and the National Geospatial-Intelligence Agency."
(go to web site)

"NASCIO Says States Deal With Complex Array of IT Security Standards"
Government Technology (03/25/09)

NASCIO's new issue brief, "Desperately Seeking Security Frameworks—A Roadmap for State CIOs," says that state CIOs, CSOs, and IT security professionals have to deal with difficult and sometimes confusing security frameworks in the course of their work. Colorado CIO Mike Locatis, the co-chair of NASCIO's Security and Privacy Committee, which produced the brief, says that security frameworks could become even stricter in the future. He says the federal government could make the frameworks stricter as part of an effort to address concerns about transparency and accountability in the use funds from the American Recovery and Reinvestment Act. Locatis says the legislation will put pressure on state IT programs to support recovery programs and services, and will increase the need for states to understand existing and new IT security standards in order to ensure that their programs use these standards when necessary. Michigan CIO and NASCIO Security and Privacy Committee co-chair Ken Theis says the brief should make it obvious that the standards environment for IT security is "complex and dynamic."
(go to web site)

"IE8 Best at Blocking Malware Sites, Says Study"
Computerworld (03/24/09) ; Keizer, Gregg

A new report from NSS Labs claims Microsoft's Internet Explorer 8 (IE8) Web browser is more adept at fighting malware than other competing browsers. In the Microsoft-sponsored report, researchers tested malware on six browsers: IE8 RC1, Firefox 3.0.7, Safari 3, Chrome 1.0.154, Opera 9.64, and IE7. The study incorporated only socially manifested malware that tricks a user into downloading an infected file or visiting a compromised site. IE8 reportedly blocked 69 percent of the 492 malicious sites used in the study. Trailing the browser in security was Mozilla's Firefox, which includes malware site blocking in its 3.0 version. NSS Labs President Rick Moy says the company began its browser tests shortly after Apple released Safari 4's beta version and was unable to test the new browser, which includes a stronger anti-phishing and anti-malware tool. At this point, "most people are using [Version] 3 anyway," he says. Opera 9.64 and IE7 were the lowest-performing browsers, catching only 5 percent and 4 percent of malware attacks, respectively.
(go to web site)

"Scholarship Program Targets Need for Cybersecurity Skills"
Government Computer News (03/23/09) ; Walker, Richard W.

The Scholarship for Service (SFS) program, jointly run by the National Science Foundation and the U.S. Department of Homeland Security (DHS), is becoming a widely recognized, indispensable program, particularly at a time when government demand for highly skilled information technology security professionals is rapidly climbing. The SANS Institute's Alan Paller says the U.S. government is desperate for cybersecurity professionals. "We probably have only 1,000 of those people in the whole country, and we need between 10,000 and 30,000 in the next couple of years," Paller says. The SFS program was designed to increase and strengthen the federal government's core of cybersecurity professionals by underwriting two-year stipends for full-time students who specialize in information assurance at approved four-year colleges and universities in exchange for agreeing to serve at a federal agency in a cybersecurity position for at least two years. The program provides scholarships for tuition, room and board, and books. Since its creation in 2001, SFS has sent almost 900 students into federal cybersecurity positions. "We're looking for technologists who can build better mousetraps," says Mischel Kwon, director of DHS's U.S. Computer Emergency Readiness Team. "We're looking for analysts who can get to the real crux of the threat, and we're looking for writers who can articulate our geeking and beeping so that management, Congress, and the public can understand what we're talking about."
(go to web site)

"Power Grid Is Found Susceptible to Cyberattack"
IDG News Service (03/21/09) ; McMillan, Robert

Smart grid devices could make the U.S.'s power grid vulnerable to a cyberattack, say IOActive researchers. In their study of smart grid devices, IOActive researchers created a computer worm that spread from one device to another via wireless technology and changed the text in the device's display screen to say "pwned," a term that hackers use to mean "taken over." In addition, the worm could be used to cut power to smart grid devices that are equipped with a feature that allows electric companies to disconnect power to a consumer's home remotely, researchers said. IOActive has informed the U.S. Department of Homeland Security about its findings and has told the utilities industry that it should consider better testing smart grid devices before deploying them. In addition, IOActive has called on smart grid device makers to hire outside security experts to test their products for vulnerabilities.
(go to web site)

Abstracts Copyright © 2009 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments:

Post a Comment