Friday, March 26, 2010

Security Management Weekly - March 26, 2010

header

  Learn more! ->   sm professional  

March 26, 2010
 
 
Corporate Security

  1. "Juarez Violence Puts Factories on Defensive"
  2. "Gonzalez Lawyers, Judges Debate Data Breach Costs"
  3. "Jobs Aren't Protected for California's Medical Pot Users"
  4. "Thefts Plague Drug Makers"
  5. "Measuring Guard Performance"
Homeland Security

  1. "GOP Rep. Cantor Reports Threats"
  2. "What We Can Learn From the Christmas Day Bombing Attempt"
  3. "Visa Denial Was Reversed for Terrorism Suspect in 2004"
  4. "Metro to Stage Anti-Terrorism Drills" Washington, D.C.
  5. "Texas Senators Call on Obama to Refocus on U.S.-Mexico Border Violence"
Cyber Security

  1. "Cyberattacks Are 'Existential Threat' to U.S., FBI Says"
  2. "Legislators Propose International Cybercrime Cooperation Laws—With Teeth"
  3. "Vermont Legislature Joins Fight Against Ticket Companies That Use Software 'Bots'"
  4. "Isolated Security Zones Yield Stronger Network Protection"
  5. "Feds to Test Cybersecurity System"

   

 
 
 

 


Juarez Violence Puts Factories on Defensive
Wall Street Journal (03/26/10) Casey, Nicholas

The recent drug violence in the Mexican city of Juarez has impacted factories in the city as well as their employees. Although many crimes are not reported to Mexican police, several factory managers are known to have been kidnapped for ransom during the wave of homicides that has recently struck Juarez, while other employees have been killed in carjackings. In 2008, several factories in Juarez were stormed by armed robbers, according to Alan Russell, the president of El Paso-based Tecma Group, which owns 17 factories in Juarez. In addition to being vulnerable to violence, factories in Juarez are also vulnerable to criminals posing as employees so they can use factory warehouses to store drugs, said security analyst Alberto Islas. Factories have taken a number of steps to protect themselves from these threats, including building fences, encouraging employees to commute to work in carpools, and providing managers with training that teaches them what to do if they are kidnapped. In addition, plant managers are driving to and from work in bulletproof cars, while overtime for employees has been abolished so workers can get home before dark. But despite the violence, no businesses have decided to move factories out of Juarez, according to the local trade group Asociacion de Maquiladoras.


Gonzalez Lawyers, Judges Debate Data Breach Costs
Storefront Backtalk (03/25/10) Schuman, Evan

The Albert Gonzalez legal case demonstrates that it can be difficult to define the extent of alleged financial losses in the context of a data breach. TJX, one of Gonzalez's retailer victims, contended in its filing that "in cases involving stolen credit or debit cards, loss is quantified as a minimum of $500 per stolen payment card." TJX said that its filings to the U.S. Securities and Exchange Commission disclosed that data relating to at least 11.2 million unexpired payment cards was compromised during Gonzalez's hack, and that "applying the $500 per card minimum to these cards alone would yield a loss well above the $400 million threshold" to draw a maximum prison sentence. Defense counselor Martin Weinberg disagreed with that argument. He noted "that tens of millions of the accounts had expired and would therefore no longer have had credit limits at all," and also argued that "the $500 per access device equation from which this figure is derived is completely arbitrary and lacking in any empirical validation." Weinberg also took issue with Heartland Payment Systems' claim of $111.3 million in total losses from the intrusion it suffered. He argued that the supplied information is too broad and undifferentiated to provide a foundation for a reasoned loss assessment, and also should not include costs Heartland assumed in shielding itself against governmental probes into its systems and practices. Moreover, none of the major retailers have disclosed any revenue losses or negative consumer responses to the breaches.


Jobs Aren't Protected for California's Medical Pot Users
Sacramento Bee (CA) (03/24/10) Hecht, Peter

Although medical marijuana is legal in California, employers in the state can still opt to fire workers who use the drug. That was the ruling of the state Supreme Court in a landmark 2008 case involving Gary Ross, a lead systems administrator for Sacramento-based RagingWire Telecommunications and a medical marijuana user who was fired from his job after testing positive for the drug. Ross challenged his termination in court, saying that he was protected from job discrimination under the California Fair Employment and Housing Act as a qualified medical marijuana user. But the state Supreme Court disagreed, saying that nothing in the statute that legalized medical marijuana addresses "the respective rights and obligations of employers and employees." Since that ruling, legislation has been introduced in California that would ban companies from discriminating against employees or potential employees who are medical marijuana users. The bill passed both houses of the state Legislature, but was vetoed by Gov. Arnold Schwarzenegger. The legislation had been opposed by the California Chamber of Commerce, which said that employers should have the right to maintain a drug-free workplace in order to protect the safety of employees and protect themselves from potentially costly lawsuits.


Thefts Plague Drug Makers
Wall Street Journal (03/23/10) Efrati, Amir; Rockoff, Jonathan D.

Over the past several years, pharmaceutical products have become popular targets among professional thieves. Some of these stolen prescription medications are sold on the black market in the U.S. or abroad, but an unknown amount also ends up at legitimate pharmacies or healthcare facilities. In one recent incident, thieves stole $75 million worth of antidepressants and other medications from an Eli Lilly & Co. warehouse in Connecticut. Industry experts say this theft is the largest of its kind on record. The Eli Lilly break-in mirrors several other unsolved incidents, including one at warehouse owned by GlaxoSmithKline in Richmond, Va., in 2009 and another several years ago at a Massachusetts facility owned by drug wholesaler AmerisourceBergen. All in all, a total of $184 million in prescription medications were stolen in the U.S. last year, a 350 percent increase from 2007, according to supply-chain security consultant FreightWatch International. One security expert at a major pharmaceutical company said that prescription medications have become a more attractive target because they are easier to transport across borders than illegal narcotics. The loosely regulated secondary wholesale market also provides thieves with the opportunity to sell stolen products to brokers and wholesale distributors. In response to the recent rise in prescription-product thefts, some pharmaceutical companies have begun to tighten security around their warehouses and have outfitted supply trucks with monitoring devices. Others have placed global positioning devices or codes on drug containers that can be checked at various points in the supply chain to ensure products are legitimate and to monitor any losses.


Measuring Guard Performance
Security Management (03/10) Vol. 54, No. 3, P. 100; Penso, Guillermo Guevara

To consistently train security personnel to perform at their optimal abilities, Guillermo Guevara Penso developed an evaluation program to use at his work site -- Escuela Campo Alegre, an international English language school in Caracas, Venezuela -- to gauge guard performance in a number of areas. After completing the first step of developing individual categories to measure, Penso developed a scoring process and rewards system. The following eight categories give the best reflection of performance: clear and accurate incident reporting; proficiency in the facility's security procedures; knowledge of the facility's physical layout; maintaining a neat, professional appearance; personal and professional cleanliness; positive attitude; public relations; and dedication, which includes punctuality, project completion, and attention to daily responsibilities. Each category is scored numerically, with four points awarded for an "excellent" performance, one point for a "regular" performance, and zero points for a "deficient" performance. The evaluation includes 100 total points; guards who obtain 100 points are evaluated as "excellent," a "very good" rating is between 80-99 points, and anything below 40 is considered "deficient." The company rewards high-achieving guards each month, and the gifts vary. Sometimes they are as simple as a certificate or a plaque for achievement, while at other times management might award a gift certificate or financial bonus.




GOP Rep. Cantor Reports Threats
Wall Street Journal (03/25/10) Johnson, Fawn

Rep. Eric Cantor (R-Va.) recently reported that a bullet broke a window in his campaign office in Richmond. Cantor also says that he has received threatening e-mails, but would not release them or say if they related to the recent passage of the healthcare bill. "I've received threats since I assumed elected office, not only because of my position but also because I am Jewish," Cantor said in a statement. Upon further investigation, Richmond police found that the bullet that entered Cantor's campaign office was not intentionally fired at the building but was shot in the air and entered the widow on a downward trajectory. However, Cantor is not the only lawmaker reporting threats. Several Democrats have also reportedly received death threats over the passage of the recent healthcare bill. A House panel is considering investigating the growing reports of threats and intimidation aimed at lawmakers.


What We Can Learn From the Christmas Day Bombing Attempt
Washington Post (03/26/10) P. A23; Jenkins, Brian Michael; Butterworth, Bruce; Flynn, Cathal

There are a number of lessons that can be learned from the failed attempt to bomb Northwest Airlines Flight 253 last Christmas, according to the authors of this article. For instance, U.S. leaders should accept that airliners will remain targets and that terrorists will continue to adopt their tactics in order to evade whatever types of security measures are in place. In addition, officials should study airport security measures in order to determine what works and what does not. Instead of simply adding new security measures, such as full-body scanners, officials should systematically reconfigure security checkpoints in order to combine several technologies and procedures and use them in a manner that addresses the most likely threat. The authors of this article also called on airport security officials to not screen all passengers in the same way, since doing so can result in inadequate screening. One way to avoid screening all passengers in the same manner would be to create a registered-passenger program that would allow frequent travelers to submit to background checks so they could be screened less thoroughly at airports. This would allow airport security officers to focus their efforts on thoroughly screening the small number of passengers who could pose a threat.


Visa Denial Was Reversed for Terrorism Suspect in 2004
Washington Post (03/25/10) P. A03; Solomon, John

Senior government sources say that Umar Farouk Abdulmutallab, the Nigerian man accused of trying to blow up a Northwest Airlines flight as it prepared to land in Detroit last Christmas, was given a U.S. visa after originally being denied one. According to the sources, Abdulmutallab first applied for a U.S. visa in 2004 in Togo but was told that he needed to apply at a location closer to his residence in Nigeria. Abdulmutallab then returned to the Nigerian city of Lagos and filled out an application, though he incorrectly stated in his application that he had never been denied a visa before. That prompted a consular official to deny Abdulmutallab a visa on the grounds that he had given incorrect information in his application. But a consulate supervisor overturned that decision, saying that his incorrect answer may have been the result of a misunderstanding. The supervisor also noted that Abdulmutallab was from a prominent family in Nigeria, and that a background check revealed that he had no history of wrongdoing. The incident was not re-examined in 2008 when Abdulmutallab applied for and received a second U.S. visa that allowed him to board the Northwest Airlines flight, since the matter was considered to have been resolved. The 2004 situation has been criticized by Sen. Charles E. Grassley (R-Iowa), who said that consular officials missed an opportunity to keep Abdulmutallab out of the country. He and Rep. Bennie Thompson (D-Miss.) are calling on the State Department to hire more visa security officers for embassies and missions around the world and to train them to use law-enforcement techniques when screening visa applicants.


Metro to Stage Anti-Terrorism Drills
Washington Post (03/23/10) Bolden, Michael

Washington, D.C.'s Metro transit system has announced that it will stage simulated explosions on one of its trains at 1 a.m. on March 28. The explosion will be staged in the tunnel between the Foggy Bottom Metro station in Washington and the Rosslyn station in Virginia. Riders using the Rosslyn station should not be alarmed by the presence of "numerous police, fire, and emergency response vehicles, first responders and volunteer 'victims,'" Metro said. A second drill will take place at 10 a.m. on March 29 in the parking lot at RFK Stadium in Washington. During that drill, participants will respond to a simulated explosion on a Metro bus, the discovery of a second explosive device in a Metro bus garage, and reports of explosives on other buses. Law enforcement agencies and fire and emergency medical services departments from Maryland, Washington, D.C., and Virginia will participate in both drills, as will the FBI and the American Red Cross. The drills are the latest in a series that began in February, which included a display of force at Washington's Union Station during rush hour.


Texas Senators Call on Obama to Refocus on U.S.-Mexico Border Violence
The Hill (03/22/10) Yager, Jordy

In a letter to President Obama last week, Texas' two Republican senators, Kay Bailey Hutchison and John Cornyn, urged the White House to give Congress a plan to deal with the drug-related violence along the U.S.-Mexico border. Sens. Hutchison and Cornyn noted in their letter that the violence in Mexico is escalating and is spilling over the border into Texas. As a result, border patrol agents and local law enforcement are having to use their already limited resources to deal with gunmen associated with drug cartels, Sens. Hutchison and Cornyn said. The two senators said that it is important for the White House to submit a plan for dealing with the violence so Congress knows what resources it can provide to help. Sens. Hutchison and Cornyn also called on Obama to order the military, the Drug Enforcement Agency, the FBI, and the CIA to provide them with a joint intelligence briefing about the drug violence in Mexico and how it will affect security in the U.S. The letter comes ahead of a visit by a number of top U.S. officials--including Secretary of State Hillary Clinton, Defense Secretary Robert Gates, and Homeland Security Secretary Janet Napolitano--to Mexico to meet with Mexican officials about the drug violence. That violence recently claimed the lives of three people associated with the U.S. consulate in the gang-ridden Mexican border city of Juarez.




Cyberattacks Are 'Existential Threat' to U.S., FBI Says
Computerworld (03/24/10) Thibodeau, Patrick

The threat from cyberattacks is so severe that it actually threatens the very existence of the United States, says Steven Chabinsky, the deputy assistant director of the U.S. Federal Bureau of Investigation's cyber division. Chabinsky says the threat comes from two sources—foreign governments and terrorists. He says foreign governments use cyberattacks in order to steal state secrets and private-sector intellectual property in the hopes of undermining the stability of the U.S. government and weakening the U.S. military and economy. But Chabinsky says a bigger threat comes from terrorists, who are increasingly turning to cyber technologies in order to exploit the U.S.'s weaknesses. He says there are several steps that need to be taken in order to deal with this threat, including adopting tier levels of service at federal agencies in order to limit the ability of vital systems to interoperate with weak and vulnerable systems. Chabinsky also says that government organizations need to evaluate their risk postures and ask vendors who provide them with security tools whether they can guarantee the security of their systems. Finally, citizens should help law enforcement officials by reporting cybersecurity breaches, Chabinsky says.


Legislators Propose International Cybercrime Cooperation Laws—With Teeth
Dark Reading (03/23/10) Wilson, Tim

The International Cybercrime Reporting and Cooperation Act, recently introduced by U.S. Sens. Kirsten Gillibrand (D-N.Y.) and Orrin Hatch (R-Utah), would require the U.S. government to study the cybercrime policies of other nations and either aid or punish those countries according to the findings. "Our new legislation will require the president to provide a global assessment, identify threats from abroad, work with other countries to crack down on their own cybercriminals, and urge the president to cut off U.S. assistance and resources for countries that refuse to take responsibility for cybersecurity," Gillibrand says. The bill requires the to annually report to Congress on the state of countries' employment of information technology (IT) in critical infrastructure, the scope of cybercrime based in each nation, the sufficiency of each country's cyberlaw enforcement systems, and countries' safeguarding of consumers and commerce online. Furthermore, the legislation would require that programs developed to fight cybercrime be prioritized to countries with low IT penetration in order to deter the creation of future cybercrime sanctuaries in these countries. Moreover, efforts to assist in the development of critical infrastructure would be encouraged to feature anti-cybercrime programs "to ensure that such assistance is not inadvertently being used to build future crime havens," say Gillibrand and Hatch. The president would be required to identify countries of cyberconcern where a pattern of cybercrime against the U.S. government or private entities likely exists. For each such country the president would set up an action plan with benchmarks designed to help the government of each nation enhance its capability to battle cybercrime, or face sanctions.


Vermont Legislature Joins Fight Against Ticket Companies That Use Software 'Bots'
TicketNews (03/23/10) Branch, Alfred

Vermont legislators are debating the state's first ticket resale bill, which would strictly ban the use of ticket purchasing software bots. The bill initially included language that would restrict what a broker or fan could resell a ticket for at 110 percent of the ticket's face value. However, that language was replaced with the bot-purchasing restrictions. Although several states have tried to outlaw the use of software bots, Vermont's bill also spells out the legal recourse aggrieved parties can take in civil court if they are victims of a bot attack. The bill states how and when consumers must be notified of security breaches because private consumer purchasing information may have been compromised. The bill also requires that consumers be notified as quickly as possible, or not later than 45 days after the breach, unless law enforcement requests a delay to conduct an investigation. The bill no longer requires resellers to obtain written permission from promoters, venues, or other ticket issuers to allow them to resell tickets.


Isolated Security Zones Yield Stronger Network Protection
InfoWorld (03/23/10) Grimes, Roger A.

Twice in just a span of a few weeks, InfoWorld security columnist Roger Grimes was present to see a sizable division of an organization get bombarded by a fast-moving worm. In both cases, the only thing that stopped the worm from wreaking organizational havoc was the company's isolated security zones. These scenarios underscore the notion that creating isolated security zones is one of the few tested organizational strategies that reap rewards in both time and resources, Grimes says. "In a nutshell, most workstations don't need to talk to most other workstations," he says. "Most servers don't need to talk to most other servers (although there are plenty of legitimate connections made server to server). Most workstations in your enterprise don't need to talk to every server in your enterprise, and vice versa—so don't let them." Organizations should determine which hosts in the organization need to be in contact with each other, and restrict access to other hosts by default.


Feds to Test Cybersecurity System
InformationWeek (03/22/10) Hoover, J. Nicholas

The U.S. Department of Homeland Security (DHS) has announced that it is partnering with a commercial Internet service provider (ISP) and a federal agency to conduct a pilot test of the Einstein 3 intrusion detection and prevention system. Einstein 3 will eventually be used to boost information security at federal agencies by performing real-time deep packet inspection and threat-based decision making on network traffic at the perimeter of federal networks. In addition, Einstein 3 will redirect agency traffic to DHS' cybersecurity systems, which will use pre-defined signatures to determine whether traffic is associated with cybersecurity threats and how to respond if it is. Einstein 3 also will use many of the analytical tools used by its predecessors Einstein 1 and 2 for managing security information. The pilot test of Einstein 3 will consist of four phases, the first of which will assess the ISP's ability to redirect traffic. The second phase will install the technology, while the third phase will bring the pilot online and ramp up the tests. The fourth phase, which will last a year, will consist of tests and reviews of Einstein 3's capabilities. DHS says the pilot will help it solidify the processes involved in managing and protecting information gathered through the observations of cyberattacks.


Abstracts Copyright © 2010 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

1 comment: