Search This Blog

Friday, June 05, 2009

Security Management Weekly - June 5, 2009

header

  Learn more! ->   sm professional  

Beginning Friday, June 5 the advertising and sponsorship space in Security Management Weekly has been enhanced. The editorial format has not been changed.

June 5, 2009
 
 
Corporate Security

  1. "Laid-off Workers Can Return to Haunt Employers"
  2. "S.F. Startup Protects From Airborne Attack"
  3. "California Supreme Court Considers Suit Over Workplace Spying"
  4. "Business Solutions: New Ways to Use RFID"
  5. "Abortion Provider Had Guards at Work, 'Rigorous' Security at Home"
Homeland Security

  1. "Report: US to Put Its Own Sanctions on NKorea"
  2. "N. Korea Boat Briefly Enters South"
  3. "U.S. Accidentally Posts List of Nuclear Sites; Disclosure Not a Security Risk, U.S. Officials Say"
  4. "MedImmune Wins Key Contract to Develop Swine Flu Vaccine"
  5. "Guantanamo Terrorism Trial Moved to New York"
Cyber Security

  1. "Obama Administration Begins Work on Cybersecurity R&D"
  2. "Homeland Security Keeping Central Cybersecurity Role"
  3. "Colleges Give Themselves C+ for Network Security"
  4. "Hackers Hit 40,000 Websites with Mass Compromise"
  5. "Obama Outlines Coordinated Cyber-Security Plan"

   

 
 
 

 


Laid-off Workers Can Return to Haunt Employers
Kiplinger.com (06/09) Schneider, Andrew C.

The layoffs that have resulted from the recession have created number of security problems for companies. Among those threats is the possibility that laid off workers could retaliate in some way against their managers. This has already happened in France, where soon to be laid off workers at 3M, Caterpillar, Sony, and Michelin plants recently took their managers hostage to protest their severance terms. Experts say that there are a number of things companies can to do to mitigate this threat. For instance, companies that have laid off employees should make on-site counseling available for those who have lost their jobs. Doing this is helpful because it can help workers express their feelings, said Gary Chaison, a professor of industrial relations at Clark University in Worcester, Mass. Businesses may also want to consider providing individual protection for their executives, though they should be sure to tell any bodyguard they hire why the person needs to be protected and what the extent of the threat against him is, said Robert Sena, a security consultant and a retired New York City police officer. Doing this will allow the bodyguard to create the appropriate countermeasures for dealing with the threat, Sena said. Managers may also want to consider taking steps to protect their families and homes, since laid off employees may in some cases hunt down their former bosses outside of the workplace, said Fred Burton, the vice president of counterterrorism and corporate security at the private intelligence firm Stratfor.


S.F. Startup Protects From Airborne Attack
SF Gate (06/03/09) Evangelista, Benny

San Francisco-based Building Protection Systems Inc. (BPS) has developed a new system that automatically shuts down a building's air intake system in the event that it detects evidence of an airborne chemical, radiological, or biological hazard. At the time of the shutdown, which occurs three seconds after detecting the toxic substance, the system also provides building managers and emergency workers with a detailed profile of the substance. The company, which recently signed former Homeland Security Secretary Tom Ridge as a senior advisor, has already installed one of the systems at Prudential Financial's headquarters in New Jersey in 2008 and another in March 2009. The systems have also been installed in other buildings but BPS says it cannot release specific names because of security reasons. According to Ridge, the system will note only help mitigate a major risk in office buildings, it could also be used for enclosed public spaces such as transportations systems. The system, known as Building Sentry One, has received a Qualified Anti-Terrorist Technology designation from the Homeland Security Department.


California Supreme Court Considers Suit Over Workplace Spying
Los Angeles Times (06/03/09) Dolan, Maura

The California Supreme Court heard oral arguments Wednesday in the case of Hernandez vs. Hillsides, a lawsuit brought by two women against their employer for installing a hidden surveillance camera in their office. During their testimony, the women said they suffered emotional distress after discovering the camera in their office. One of the women noted that she sometimes changed her clothes in the office before going to the gym, while the other said she exposed her breasts and stomach to her co-worker at one point to show how she was losing weight. The employer, Hillsides Inc., the operator of a residential center for abused children, said the camera was only turned on in the evenings in order to learn who was looking at pornography on the women's computers. The company said that it did not suspect that the women were looking at pornography, and that it did not tell them about the camera because they "gossiped." It added that the women were never recorded by the camera. Hillsides Inc. said that since the employees had nothing to do with the sexual activity, they could not claim privacy rights--a contention that Chief Justice Ronald M. George disputed. But the justices were also skeptical of the women's claim that they had suffered serious harm as the result of the surveillance. The case is expected to be decided within 90 days.


Business Solutions: New Ways to Use RFID
Wall Street Journal (06/02/09) Totty, Michael

A number of businesses across the country are using radio frequency identification (RFID) technology for a variety of security applications. The Washington, D.C.-based intellectual property law firm Sughrue Mion PLLC, for example, has begun using the technology to track its 20,000 paper files. The firm labels all of its files with RFID tags, which allows them to be easily checked out when attorneys need them. In addition, Sughrue Mion installed RFID scanners in the ceilings around its office top track those files wherever they go. In the event one of the files is missing, employees can use the RFID system to get a report of the history of every time a file's tag passed a reader in the office. The system also comes equipped with a hand-held reader that can be used to find the missing file. Wells Fargo, meanwhile, has placed RFID tags on IT equipment such as servers, storage drives, and laptops. The system allows Wells Fargo's security guards to quickly determine whether laptops are being taken by their rightful owners. The company is also now in the process of tagging its data tapes in order to more easily keep track of them and to quickly determine whether one of them is missing.


Abortion Provider Had Guards at Work, 'Rigorous' Security at Home
CNN (06/01/09)

Dr. George Tiller, who was fatally shot on Sunday, maintained armed security at his Women's Health Care Services clinic in Wichita, Kan. Peter Brownlie, president of the regional Planned Parenthood office in Kansas City, Mo., said that Tiller also had "rigorous" security procedures in place at his home. One of the few U.S. physicians who still offered late-term abortions, Tiller had been shot through both arms in 1993, and his clinic was damaged by a bomb in the mid-1980s. The clinic has also been picketed for years, and vandalism earlier this month had forced it to close for at least a week, Brownlie said. Tiller had also faced numerous legal challenges, including 19 misdemeanor counts related to how he obtained second opinions for late-term abortions.




Report: US to Put Its Own Sanctions on NKorea
Associated Press (06/05/09) Chang, Jae-Soon

The South Korean newspaper Chosun Ilbo reported Friday that the U.S. will impose its own sanctions on North Korea for its recent underground nuclear test and missile launches. According to the paper, the sanctions will blacklist foreign financial institutions that help Pyongyang launder money and conduct other illegal deals. The sanctions would be in addition to the sanctions the U.N. Security Council imposes on North Korea in response to the nuclear test and missile launches. Ambassadors from key nations have been meeting behind closed doors in New York since shortly after the test to try to reach an agreement on new sanctions. Analysts are warning that any sanctions imposed on North Korea will not be effective unless China implements them. Getting China to implement sanctions on North Korea is important because Pyongyang relies heavily on Beijing for food, energy, and imports.


N. Korea Boat Briefly Enters South
Associated Press (06/05/09)

South Korea's Joint Chiefs of Staff said Thursday that a North Korean patrol boat briefly entered South Korean waters near the disputed western sea border before turning back. The Joint Chiefs of Staff noted that the North Korean patrol boat got as far as a mile into South Korean waters but turned back without incident after about 50 minutes after being repeatedly warned to leave by South Korean vessels. The North Korean vessel was likely chasing away Chinese fishing boats engaging in illegal crab fishing in the area, the Joint Chiefs said. Nevertheless, the incursion caused some concern because officials in South Korea believe that Pyongyang may try to provoke an armed clash in the area near the disputed western sea border. That area was the scene of deadly naval skirmishes between the two Koreas in 1999 and 2002. Tensions are also building because officials believe that North Korea is gearing up for another missile test. New commercial satellite images show North Korea's new Dongchang-ni launch site is ready for use after nearly 10 years of construction.


U.S. Accidentally Posts List of Nuclear Sites; Disclosure Not a Security Risk, U.S. Officials Say
Associated Press (06/04/09) P. 13; Sullivan, Eileen; Hebert, H. Josef

Department of Energy Secretary Steven Chu said June 3 that the accidental disclosure of a full list of all government and private nuclear facilities and their activities in the United States does not pose a national security threat. However, at the House hearing about the disclosure, Chu admitted the compilation of all facilities onto a single document was troubling, and expressed concern about the now-publicized location of a uranium storage facility in Oak Ridge, Tenn., that holds enough enriched uranium to make a nuclear weapon. "While we would have preferred it not be released, the Departments of Energy, Defense, and Commerce and the [Nuclear Regulatory Commission] all thoroughly reviewed it to ensure that no information of direct national security significance would be compromised," said National Nuclear Security Administration Spokesman Damien LaVera. In addition to the Y-12 storage facility in Tennessee, the document lists some facilities at the federal Hanford nuclear site in Washington and a number of private nuclear fuel processing plants including a few uranium enrichment facilities, government insiders confirmed.


MedImmune Wins Key Contract to Develop Swine Flu Vaccine
The Washington Post (06/02/09) Rosenwald, Michael S.

The U.S. Department of Health and Human Services has awarded a $90 million contract to Gaithersburg, Md.-based MedImmune to begin producing a swine flu vaccine. The vaccine MedImmune will produce to fight the swine flu outbreak, which has killed 99 people and sickened more than 15,000 in 53 countries around the world, will be different than the vaccine produced by other companies. MedImmune's vaccine will be a nasal spray instead of an injection, and will use live, weakened virus strains instead of dead ones. The differences will give MedImmune's vaccine, known as FluMist, some advantages over other swine flu vaccines. For instance, FluMist will have some ability to protect against the swine flu if the original virus the vaccine is targeting changes. In addition, the live virus strains in FluMist will produce a stronger immune response than the dead virus strains contained in flu shots. However, MedImmune is unsure of how much FluMist it will be able to make because it remains unclear how well the new virus will grow in eggs during the manufacturing process. Makers of traditional vaccines may run into the same problem, because they will also need to grow the virus in eggs.


Guantanamo Terrorism Trial Moved to New York
Miami Herald (06/01/09) Rosenberg, Carol

The Pentagon has decided to drop war-crimes charges against Ahmed Ghailani, a 35-year-old Tanzanian national who is accused of helping to plan the 1998 attacks on the U.S. Embassies in Kenya and Tanzania. The decision, which was made at the request of President Obama, means that Ghailani will no longer face a trial by a military commission at the detention facility at Guantanamo Bay, Cuba. He will instead be tried in a civilian court in New York City. The move makes Ghailani the first detainee at Guantanamo Bay to be put on trial in a civilian court instead of in a military commission. Meanwhile, Omar Khadr, a Canadian citizen who is accused of killing a U.S. soldier in a firefight in Afghanistan in 2002, will appear before the military commission at Guantanamo on Monday to determine who his lawyers will be. Two other military commission trials, however, will be suspended until September to give the Obama administration time to review its terrorism prosecutions. Military judges are deciding whether to grant the president's request to delay eight other cases, including the case against Khalid Sheik Mohammed, the alleged mastermind of the September 11, 2001 terrorist attacks.




Obama Administration Begins Work on Cybersecurity R&D
NextGov.com (06/03/09) Noyes, Andrew

A major aspect of U.S. President Barack Obama's plan to improve the country's cyberdefenses involves maximizing government investment in cybersecurity research and development. The final objective is the cybersecurity equivalent of the Manhattan Project. The new U.S. cyberczar will be tasked with developing a framework for research and development strategies that will create game-changing technologies, and provide the research community with access to event data to help develop tools and testing theories. Eventually, the czar will develop threat scenarios and metrics for risk management decisions, recovery planning, and prioritizing research and development efforts. "Research on new approaches to achieving security and resiliency in information and communications infrastructures is insufficient," says a new federal report based on a 60-day review of the U.S. government's existing cybersecurity initiatives. "The government needs to increase investment in research that will help address cybersecurity vulnerabilities while also meeting our economic needs and national security requirements." One such initiative cited in the study is a National Science Foundation grant program for students dedicated to pursuing cyber-related government careers, which has supported more than 1,000 students in eight years. Obama also has proposed a $37.2 million cyber research and development budget for the Department of Homeland Security for fiscal 2010 to support operations in its national cybersecurity division and projects within the Comprehensive National Cybersecurity Initiative.


Homeland Security Keeping Central Cybersecurity Role
InformationWeek (06/03/09) Hoover, J. Nicholas

During his testimony before Congress on Tuesday, Rand Beers, President Obama's nominee for undersecretary of the Department of Homeland Security for the National Protection and Programs Directorate, said the administration's plans to appoint a cybersecurity coordinator will not end DHS's central operational role in cybersecurity. However, it remains unclear whether the White House will shift some of DHS's cybersecurity responsibilities to other agencies. It is also unclear how the Obama administration will deal with disputes between agencies over their roles in protecting the nation's cyber infrastructure, such as the dispute earlier this year between DHS and the National Security Agency. That dispute resulted in the resignation of the director of the National Cyber Security Center at DHS. In his testimony, Beers acknowledged that the White House will have to play a peacemaker role to resolve such disputes. "I'm sorry to say we need help from the White House for people to play in the same sandbox," he said.


Colleges Give Themselves C+ for Network Security
Network World (06/03/09) Greene, Tim

IT administrators say that network security at colleges and universities has improved in the past five years, but a majority are still concerned about malware and other threats. Eighty-four percent of the respondents to the Association for Information Communications Technology Professionals in Higher Education (ACUTA) survey gave their networks an average security performance of 3.7 out of 5, roughly a C+. Most of the 68 respondents listed mobile devices as their networks' most vulnerable point, followed by malware and internal hackers. The most commonly used strategies for fighting network attacks are employee education, restricting internal controls, regularly installing updates, and updating anti-virus software.


Hackers Hit 40,000 Websites with Mass Compromise
eWeek (06/01/09) Prince, Brian

Hackers involved in a mass compromise infected approximately 40,000 machines with malware that effectively redirects users to exploited Web sites, according to Websense. Security researchers say the compromised sites, which do not include any major government sites or business pages, ultimately lead users to the malware-laden page Beladen.net. Websense says the Beladen page is loaded with as many as 15 to 20 different types of malware. Researchers speculate that the hack targets legitimate Google Analytics domains through SQL injections, though it is still unknown why the sites permit the injections to occur. Websense Security Labs' Stephan Chenette says the Russian Business Network (RBN), which uses the Beladen.net domain, has used similar tactics in previous attacks. "The group behind this might be either connected with RBN, might be RBN themselves, or might be a copycat group that is using some of the resources that RBN used," he says.


Obama Outlines Coordinated Cyber-Security Plan
New York Times (05/29/09) Sanger, David E.; Markoff, John

U.S. President Barack Obama announced that the country's disjointed efforts to "deter, prevent, detect, and defend" against cyberattacks will now be run by the White House, though he promised that he will prohibit the federal government from monitoring "private-sector networks" and Internet traffic used for communications. Obama's announcement accompanied the release of a new government strategy to combat rising computer security threats. The policy review was not specific on how the administration will turn many of the goals into practical realities or how the turf wars between the Pentagon, the National Security Agency, the Department of Homeland Security, and other agencies would be resolved. In response to critics who questioned how much authority the new cyberczar will have, Obama said the new coordinator would have "regular access to me," similar to the coordinator of nuclear and conventional threats. Many computer security experts hope President Obama's announcement will mark a turning point in the U.S.'s efforts to fight and reduce the cybersecurity threat, which have been largely unsuccessful so far. Although Obama did not discuss details on expanding the role of the military in offensive, pre-emptive, and defensive cyberoperations, senior officials said the Pentagon planned to create a new cybercommand to organize and train for digital war and to oversee offensive and defensive operations.


Abstracts Copyright © 2009 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments: