Friday, May 01, 2009

Security Management Weekly - May 1, 2009

header

  Learn more! ->   sm professional  

May 1, 2009
 
 
CORPORATE SECURITY  
  1. " Labor Dispute at Conectiv Plant Raises Security Questions" Edgemoor, Del.
  2. " RIMS Offers Swine Flu RM Tips"
  3. " Sailor Sues Over Safety of Pirated Maersk Alabama" Houston
  4. " Preparing Your Workplace for Possible Swine Flu Pandemic"
  5. " Nurses Say They Are Fed Up With Workplace Violence" Canada

HOMELAND SECURITY  
  6. " Swine Flu Continues to Spread -- But Slowly"
  7. " Swine Flu May Have Originated in California"
  8. " White House Tempers Biden's Swine Flu Advice"
  9. " Pandemic-preparedness Money Stripped From Stimulus"
  10. " Plane Photo-op Sparks Panic, Outcry, Apology"

CYBER SECURITY  
  11. " Panel Advises Clarifying U.S. Plans on Cyberwar"
  12. " New Zero-Day Exploit Targets Adobe Reader"
  13. " Langevin Determined to Prevent a 'Cyber 9/11'"
  14. " U.S. Steps Up Effort on Digital Defenses"
  15. " Conficker Virus Begins to Attack PCs: Experts"


   






 

"Labor Dispute at Conectiv Plant Raises Security Questions"
Community News (05/01/09)

Conectiv Energy's hiring practices at its Edge Moor Power Plant in Edgemoor, Del., have angered union workers, with some claiming the practices could harm security at the power plant. John Czerwinski, business manager for the Plumbers and Pipefitters Local 74, says workers who have been contracted by the plant for years have been shutout in recent months because the company is unwilling to pay as much. He says that some of the people that have been hired to replace union workers don't have the proper credentials and training to be working in a high-security facility like a power plant. "Contractors like mine who spend a lot of money on training are being beat out by other people who don't do that," he said. "Here's a company expecting everyone to work for next to nothing, yet the keep raising their utility rates." The U.S. Coast Guard and the National Transportation Safety Agency requires a Transportation Workers Identification Credential (TWIC) card for those who work in facility with port or marine entrances. Workers must get a background check, be fingerprinted, and face other investigations to obtain a card. Unions require contractors that bid on jobs at Conectiv to have a TWIC Card, and since there's an administrative cost associated with getting the credentials, it can make their bids higher than a non-credentialed contractor. Conectiv Spokeswoman M.Q. Riding says any claims that undocumented, non-credentialed workers were working in areas of the plant requiring TWIC certification are untrue. She notes the plant has very strict procedures for purchasing that ensure contracts are awarded in a "fair, non-biased manner." Riding adds that "It's a competitive bid process that includes both union and non-union contractors and we went with the lowest bidder."
(go to web site)

"RIMS Offers Swine Flu RM Tips"
National Underwriter (Property & Casualty - Risk & Benefits Management Edition) (04/28/09) ; McDonald, Caroline

With the likelihood of a pandemic increasing, health officials in the United States and abroad are warning communities that outbreaks are likely given that the virus spreads person-to-person. The Risk & Insurance Management Society (RIMS) notes that precautions can be taken by risk managers to minimize risk to workers. One of the first steps is to restrict travel to outbreak locations like Mexico and keep travel to only those essential trips. Secondly, risk managers must review the business continuity plan for the firm to ensure essential operations can run if an outbreak occurs and people remain at home. RIMS also recommends companies keep abreast of the latest swine flu news and communicate regularly with personnel about the virus. Hygiene practices, sick-day policies, and other prevention measures are essential tools for risk managers and businesses. Moreover, firms will want to review workers' compensation and other insurance policies to determine their level of coverage for ill workers and business interruption. Some insurance experts, however, warn that there are no business interruption policies available to help firms weather a severe public health outbreak.
(go to web site)

"Sailor Sues Over Safety of Pirated Maersk Alabama"
Associated Press (04/28/09) ; Lozano, Juan A.

The chief cook of the Maersk Alabama, the ship whose captain was taken hostage by Somali pirates several weeks ago, has filed a lawsuit against the vessel's owner and the company that provided the ship's crew for knowingly putting him and other sailors in danger. The lawsuit, which was filed by Richard E. Hicks in Houston, alleges that Maersk Alabama owner Maersk Line Limited and Waterman Steamship Corp. ignored requests to improve safety for ships sailing in the waters off the coast of Somalia. The lawsuit is seeking at least $75,000 in damages. Hicks is also asking that the two companies take steps to improve safety for ships in the region, including providing armed security or allowing crew members to carry weapons, sending ships through less dangerous routes, and installing barbed wire on vessels to make it impossible for pirates to climb aboard. Maersk Line and Waterman refused to comment on the lawsuit.
(go to web site)

"Preparing Your Workplace for Possible Swine Flu Pandemic"
Business Management Daily (04/27/09) ; Anderson, Megan

Although it remains unclear whether the swine flu outbreak in Mexico and the U.S. will grow into a pandemic, employers should start considering what to do if the virus becomes widespread and begin preparing to prevent the spread of the flu at work. The best way for employers to protect themselves from a possible swine flu pandemic is by devising a pandemic plan. This plan should include implementing a communicable disease policy that forbids employees with flu symptoms from coming to work, educating employees about good hygiene practices, and taking steps to prevent the spread of the flu, including installing air ventilation and purifying systems and limiting employee travel. Employers also need to consider the legal obligations they have to balance with their obligation to provide employees with a safe workplace. For instance, employers will need to keep contagious workers at home but will have to be careful about asking workers about their medical conditions or requiring them to take medical exams, since disability laws may forbid these practices. Another consideration that an employer may have to make involves how to handle an employee who refuses to come to work due to fear about being exposed to swine flue. Federal law protects employees from retaliation if they choose not to come to work because of concerns about workplace safety.
(go to web site)

"Nurses Say They Are Fed Up With Workplace Violence"
CTV News (04/25/09) ; Mulholland, Angela

A recent report from Statistics Canada has found that a large number of Canadian nurses are being physically abused by the patients they care for. According to the report, 34 percent of nurses in Canada had been assaulted by a patient in 2005. The report also noted that nurses working in geriatrics and long-term care facilities were at the highest risk for suffering physical abuse at the hands of their patients. Registered psychiatric nurses were also found to be at high risk of being abused. The report's findings did not come as a surprise to many Canadian nurses, who said the numbers may actually understate the problem of physical abuse. "This is just the tip of the iceberg," said Linda Haslam-Stroud, a registered nurse and the president of the Ontario Nurses Association. "Nurses generally underreport violence. We accept it as part of our job." Haslam-Stroud's organization has been lobbying the government of Ontario to amend the Occupational Health and Safety Act to provide better protection for nurses. The government has responded to those requests by considering amendments that would require employers to develop violence and harassment protocols and take precautions that would protect employees from domestic violence in the workplace.
(go to web site)

"Swine Flu Continues to Spread -- But Slowly"
New York Times (05/01/09) ; Grady, Denise; Cowell, Alan

The World Health Organization is reporting that the swine flu outbreak is continuing to spread, albeit slowly. According to the Geneva-based organization, there are now 331 confirmed cases of swine flu around the world, up from 257 on Thursday. However, the virus has not spread to any new countries. The WHO has also reported that there have been seven deaths from the swine flu virus in Mexico and one in the U.S.--a 23-month-old Mexican child in Texas. Dr. Paul Offit, the chief of infectious diseases at the Children's Hospital of Philadelphia, noted that the death of the child did not mean that the swine flu outbreak was unusually dangerous. He said that every year between 75 and 150 children die of the flu, most of whom had no health problems before becoming sick. Nevertheless, precautions continue to be taken to stop the spread of the virus. In Texas, the Fort Worth school district--which is made up of about 80,000 students--closed all of its schools. There are 26 confirmed cases of swine flu in the state. In Hong Kong, travelers are now required to complete health declarations before they are allowed to enter the city.
(go to web site)

"Swine Flu May Have Originated in California"
Fox News (05/01/09)

There is growing evidence that the swine flu outbreak in California may have a separate origin than the outbreak in Mexico. According to Gilberto Chavez, an epidemiologist with the California Department of Health, the swine flu virus has been circulating around California-Mexico border region for some time now but was not caught because patients display symptoms that are similar to the seasonal flu. The first case of swine flu in California was a 10-year-old boy in the San Diego area, who came down with a fever March 30. Doctors tracking the outbreak say the boy and the second California swine flu patient had not traveled to Mexico and had no contact with pigs. Doctors also believe that some of the first California swine flu patients may have been sick before anyone in Mexico. However, Michael Shaw, the associate director for laboratory science for the Centers for Disease Control and Prevention's influenza division, said that while the swine flu may have first appeared in California, a definitive conclusion about where the outbreak started cannot yet be made because the strain has exhibited genetic characteristics that are traceable to Eurasia.
(go to web site)

"White House Tempers Biden's Swine Flu Advice"
Boston Globe (05/01/09)

The White House has issued a clarification of the advice Vice President Joe Biden gave on NBC's "Today" show on Thursday on how to avoid the swine flu. During his interview on the program, Biden said he had advised his family members not to go "anywhere" in confined spaces such as airplanes and subways. That advice goes beyond the precautions that the Obama administrations health officials have given. Two hours after Biden's appearance on "Today," his spokeswoman, Elizabeth Alexander, issued a statement saying that the advice her boss had given "is the same advice the administration is giving to all Americans: that they should avoid unnecessary air travel to and from Mexico. If they are sick, they should avoid airplanes and other confined public spaces, such as subways." White House spokesman Robert Gibbs, meanwhile, also clarified Biden's remarks and apologized if anyone was "unduly alarmed" by the vice president's comments. An industry group representing the nation's airlines has criticized Biden's comments, and have sent him a letter urging him to be responsible in his efforts to deal with the swine flu outbreak while also keeping the economy moving forward.
(go to web site)

"Pandemic-preparedness Money Stripped From Stimulus"
USA Today (04/28/09) ; Schouten, Fredreka

In light of the new threat of a swine flu pandemic, critics are sharply criticizing Congress' decision to eliminate close to $900 million in flu pandemic preparedness funding from the economic stimulus package earlier this year. "It was a short-sighted decision," says Robert Pestronk, executive director of the National Association of County and City Health Officials, as state-level budget cuts in the current recession have "reduced the ability of state and local governments to cope" with such a problem. The pandemic preparedness funding would have represented the final installment on a $7.1 billion program began four years ago to prepare for the threat of a global flu outbreak, with one goal being to make enough vaccines by 2011 so that every American can be immunized within six months of pandemic virus identification.
(go to web site)

"Plane Photo-op Sparks Panic, Outcry, Apology"
Associated Press (04/28/09) ; Ilnytzky, Ula; Kugler, Sara

Offices in Lower Manhattan were evacuated yesterday after a Boeing 747 and an F-16 fighter jet were seen flying low in the sky near the World Trade Center site. Although some feared that the planes were part of a terrorist attack, they were actually doing a flyover near the Statue of Liberty as part of a photo op for the Defense Department. The Pentagon wanted to carry out the photo op in order to get pictures of the Boeing 747, which is used as an Air Force One backup plane, in front of national landmarks. Although the flyover was benign, New York City officials were furious because it was carried out with little warning from the Pentagon. Among those who did not know about the flyover was Mayor Michael Bloomberg, who said it was "insensitive" to fly so close to the site of the September 11, 2001 terrorist attacks. President Obama was also angered when told of the flight, according to a White House official who spoke on condition of anonymity. However, the Federal Aviation Administration said that the New York Police Department and an official in Mayor Bloomberg's office were both notified of the flight. The NYPD said it did not notify the public of the flyover because it was under orders not to, while the official in Bloomberg's office has not yet explained why he did not tell the mayor. The White House official who approved the flight has apologized for the confusion and panic that it caused.
(go to web site)

"Panel Advises Clarifying U.S. Plans on Cyberwar"
New York Times (04/30/09) P. A18 ; Markoff, John; Shanker, Thom

A report based on a three-year study by a panel assembled by the National Academy of Sciences says the United States does not have a clear military policy on how to respond to a cyberattack. The report, "Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities," says the United States needs to clarify both its offensive capabilities and its planned defensive response. Admiral William A. Owens, a former vice chairman of the joint chiefs of staff and an author of the report, says the notion of "enduring unilateral dominance in cyberspace" by the U.S. is not realistic, in part due to the low cost of the technologies required to mount attacks. Owens also says the idea that offensive attacks are non-risky military options also is incorrect. The report's authors included several scientists and cyberspecialists. The report says the United States should create a public national policy regarding cyberattacks based on an open debate about the issues and urges the United States to find common ground with other nations on cyberattacks to avoid future military crises. The Pentagon National Military Strategy states that cyberattacks on U.S. commercial information systems or transportation networks could have a greater economic or psychological effect than a relatively small release of a lethal agent. The effort to project a lack of clarity is seen as being important to keeping adversaries uncertain of the severity of a U.S. counterattack, which has historically been an essential element of deterrence.
(go to web site)

"New Zero-Day Exploit Targets Adobe Reader"
Computerworld (04/28/09) ; Keizer, Gregg

Adobe Systems has confirmed that it is investigating reports of a critical vulnerability in several versions of its Adobe Reader PDF viewing software. The vulnerability was disclosed April 27 in an advisory posed on the SecurityFocus Web site. The advisory noted that an attacker could exploit the vulnerability--which exists in the Linux versions of Reader 9.1 and Reader 8.1.4 and may exist in Windows and Mac versions of the software--"to execute arbitrary code with the privileges of the user running the application." The flaw seems to be a JavaScript vulnerability that is similar to one discovered in Adobe Reader in February, says nCircle Network Security's Andrew Storms. Adobe has since patched that vulnerability, as well as several others that exist in the software. Nevertheless, Storms criticized Adobe's security efforts and said the company should try to model its approach to security on the strategy Microsoft uses. But Storms, who is a frequent critic of Adobe, stopped short of calling on users to switch to different PDF viewers.
(go to web site)

"Langevin Determined to Prevent a 'Cyber 9/11'"
NextGov.com (04/27/09) ; Casey, Winter; Strohm, Chris

In an interview, Rep. Jim Langevin (D-R.I.), the co-founder and co-chair of the House Cybersecurity Caucus, said he promises to do everything he can to prevent a massive cyberattack on the U.S.'s infrastructure--an event he said would be the equivalent of a "cyber 9/11." For example, Langevin says he plans to work with his colleagues in the U.S. Congress to exercise strong oversight of the nation's information technology (IT) networks. He also says it is important that Congress work with the Obama administration to ensure that the federal government adopts the correct cybersecurity strategy. Congress also could pass legislation that would improve cybersecurity, Langevin says, such as legislation that would directly codify the findings of the CSIS Commission on Cybersecurity, which he co-chaired. But Congress alone cannot take charge of efforts to bolster the security of the nation's IT networks, Langevin says. He calls on the Obama administration to create the position of special assistant to the president for cybersecurity. Langevin says there also should be someone in the White House that has budgetary and policy authority across federal departments and agencies. One thing that should not be done to bolster cybersecurity is to put the National Security Agency in charge of protecting the nation from cyberattacks, Langevin says. He points out that such a "large and complex issue" should not be handled by just one agency, but should instead be coordinated at a policy and budgetary level from the White House.
(go to web site)

"U.S. Steps Up Effort on Digital Defenses"
New York Times (04/27/09) ; Sanger, David E.; Markoff, John; Shanker, Thom

The United States is engaged in an international race to develop both cyberweapons and cyberdefenses. Thousands of daily attacks on federal and private computer systems in the United States, some malicious and some testing for weak points in the U.S.'s firewalls, have prompted the Obama administration to review the nation's strategy. Efforts include developing a highly classified replica of the Internet of the future to simulate what would be needed for the country's enemies to shut down power stations, telecommunications, and aviation systems. Obama is expected to propose a significantly larger cyberdefensive effort, including the expansion of a $17 billion, five-year program approved by Congress last year, as well as an end to the bureaucratic battle over who is responsible for defending the country's cyberinfrastructure. However, Obama is not expected to discuss the U.S.'s cyberoffensive capabilities, which has been a major investment area for the nation's intelligence agencies, as many of these cyberweapons remain classified. The White House declined to comment on whether Obama supports or opposes the use of U.S. cyberweapons. Some exotic cyberweapons under consideration would enable a military programmer to enter a computer server in Russia or China and destroy a botnet, or activate malicious code that is secretly embedded on computer chips when manufactured, enabling the U.S. to take control of an enemy's computer system.
(go to web site)

"Conficker Virus Begins to Attack PCs: Experts"
Reuters (04/24/09) ; Finkle, Jim

Weeks after duping security experts with reports of an April 1 release of the Conficker worm, researchers say the virus is creeping up in thousands of personal computers and servers. The worm, also known as Downadup or Kido, began infiltrating computers in late 2008 and turning them into botnet zombies. In recent weeks, botnet administrators have been putting malware on a small percentage of the machines under their control and using these systems to steal money and information. Once Conficker installs the Waledac virus on a machine, that computer begins sending email spam loaded with malicious spyware software without the computer owner's knowledge, says Symantec's Vincent Weafer. The Waledac virus then lures the machines into a second botnet that specializes in sending large volumes of email spam. Trend Micro researcher Paul Ferguson says Conficker is "probably one of the most sophisticated botnets on the planet," and he believes the criminals behind it "absolutely know what they are doing." Ferguson says the virus' creators have planted the spam generator and another malware program on tens of thousands of PCs since the first week of April.
(go to web site)

Abstracts Copyright © 2009 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments:

Post a Comment