Friday, February 18, 2011

Security Management Weekly - February 18, 2011

header

  Learn more! ->   sm professional  

February 18, 2011
 
 
Corporate Security
Sponsored By:
  1. "Multinationals Monitor Bahrain Unrest"
  2. "Apple's New Chief Visits Chinese Factory to Hang Nets After Workplace Suicides"
  3. "Somali Pirate Gets Stiff Sentence in US Court. Will it Deter Piracy?"
  4. "CBS Correspondent Assaulted in Egypt"
  5. "U Student Sentenced for Wright County Ferret Farm Raid" University of Minnesota

Homeland Security
  1. "Spy Feud Hampers Antiterror Efforts" Dispute Between Pakistan and U.S.
  2. "Funerals Could Spark More Violence in Bahrain's Capital"
  3. "U.S. Intelligence Taxed by Middle East Unrest"
  4. "U.S. Agents Are Shot, One Killed in Mexico"
  5. "Lawmakers Suggest Extension of Chemical Security Regulations"

Cyber Security
  1. "Bulk of Browsers Found to Be at Risk of Attack"
  2. "Obama Seeks Big Boost in Cybersecurity Spending"
  3. "Bank of America Says Web Breach Was Tiny"
  4. "Maryland, Agencies Hope to Expand Cybersecurity Talent Pool"
  5. "Vulnerability Management Tools: Dos and Don'ts"

   

 
 
 

 


Multinationals Monitor Bahrain Unrest
Wall Street Journal (02/17/11) Berzon, Alexandra; Mattioli, Dana

Despite the unrest in Bahrain, multinational companies in the Middle Eastern nation have not seen a significant impact to their business. Among the multinational companies doing business in Bahrain is Marriott International, which runs the Marriott Executive Apartments Manama and The Ritz-Carlton, Bahrain Hotel & Spa in Manama. Marriott has put additional security in place in these hotels, and the police presence has been increased as well. Meanwhile, the GP2 Asia Series canceled its second round of motor races at the Bahrain International Circuit after the Bahrain Motorsport Federation asked it do so. Other companies that do business in Bahrain remain open but are closely monitoring the situation in the country. American Express' office in the capital of Manama, for example, are still open, as is Kimberly-Clark's manufacturing facility and office.


Apple's New Chief Visits Chinese Factory to Hang Nets After Workplace Suicides
Daily Mail (UK) (02/17/11) Young, Noel

In a report released by Apple this week, it was revealed that Chief Operating Officer Tim Cook visited a contract manufacturing plant in China last year following the suicides of more than a dozen workers. Cook, who traveled to the Foxconn plant as part of a team that also consisted of two leading experts in suicide prevention, pressured the plant to improve working conditions and to hang large nets from the factory buildings to prevent workers from jumping to their deaths. The team also talked to more than 1,000 workers at Foxconn and analyzed the facts of each suicide, as well as Foxconn's response. Apple also hired counselors for a 24-hour care center and recommended that the contractor take extra steps such as monitoring staff at care centers and providing increased training.


Somali Pirate Gets Stiff Sentence in US Court. Will it Deter Piracy?
Christian Science Monitor (02/16/11) Knickerbocker, Brad

Abduwali Abdukhadir Muse, the only pirate who participated in and survived the 2009 attack on the MV Maersk Alabama, was sentenced to nearly 34 years in prison by a U.S. judge in New York this week. In handing down the sentence, U.S. District Judge Loretta Preska chose to ignore the defense's plea for a shorter sentence, saying that she wanted to "deter other individuals from undertaking this kind of conduct." Preska also said that the longer sentence was warranted given Muse's cruel and threatening behavior during the hijacking. It remains to be seen whether longer sentences for pirates will deter piracy, since authorities have been unable to get at the organizers who pay for piracy operations. Experts say that the number of piracy attacks remains high, and that pirates are becoming more and more violent. Others say that ships sailing through areas that used to be considered safe, including the waters far off the Somali coast, are now being threatened due to the use of "mother ships" by pirates. For additional coverage of this story, please click here.


CBS Correspondent Assaulted in Egypt
CNN International (02/15/11)

CBS revealed Tuesday that a correspondent for "60 Minutes" was attacked in Cairo while covering the aftermath of the resignation of Egyptian President Hosni Mubarak on Feb. 11. According to the network, 39-year-old Lara Logan was covering the celebrations that followed Mubarak's resignation when she and her crew, as well as their security team, were surrounded by a mob of 200 people in Tahrir Square. Logan was then beaten and sexually assaulted. She was eventually rescued after a group of Egyptian soldiers and women intervened. Logan made her way back to her hotel and returned to the U.S. on Saturday. Logan and her crew were also arrested on Feb. 3 on suspicion of being Israeli agents. While in custody, Logan and her crew were kept in stress positions throughout the night. The driver for the group was also beaten, while a producer was thrown against a wall and blindfolded.


U Student Sentenced for Wright County Ferret Farm Raid
Associated Press (02/15/11) Foley, Ryan J.

University of Minnesota graduate student Scott Ryan DeMuth was sentenced to six months in prison on Monday for taking part in a raid on a Minnesota ferret breeding farm that was perpetrated by the Animal Liberation Front, a group considered by the FBI to be a domestic terrorist organization. During the 2006 raid, activists for the Animal Liberation Front snuck onto the farm under the cover of darkness and cut holes in a fence and opened cages that they thought contained mink. Animal rights activists often target locations where mink are being held because they believe that conditions the animals are held in are not adequate. But instead of freeing mink, the activists freed ferrets that were being bred by an elderly man for pet stores. DeMuth's sentence comes after he pled guilty to one count to commit animal enterprise terrorism as part of a plea bargain with federal prosecutors in Iowa. In exchange for DeMuth's guilty plea in the ferret farm case, prosecutors dropped a charge against DeMuth in connection with his alleged involvement on a 2004 raid on a University of Iowa psychology lab, which resulted in the release of 400 mice and rats and the destruction of several years' worth of research data.




Spy Feud Hampers Antiterror Efforts
Wall Street Journal (02/18/11) Entous, Adam; Barnes, Julian E.; Wright, Tom

U.S. officials say that the relationship between the CIA and Pakistan's Inter-Services Intelligence is becoming increasingly strained. There are a number of reasons why relations between the two spy agencies are at a low point, including anger among Pakistanis about comments made by U.S. officials that Islamabad is not doing enough to fight militancy. Pakistan is also worried that the CIA is developing its own spy networks to bypass the ISI. U.S. officials, meanwhile, are upset about the detention of a U.S. government contractor for killing two Pakistanis, as well as the disclosure of the identity of the CIA's station chief in Islamabad in December. The deteriorating relationship between the CIA and ISI has resulted in less frequent meetings between officials from the two agencies, as well as the closure of at least two fusion centers that allowed U.S. and Pakistani intelligence officials to work together. The CIA has also begun operating autonomously in going after the Haqqani militant network, which has ties to the ISI, while the ISI has largely stopped providing the CIA with information to target militants. Counterterrorism and military officials are expressing concern about the fraying relations between the CIA and the ISI, saying that cooperation between the two agencies is necessary in the fight against al-Qaida, the Taliban, and other militant groups in Afghanistan. One senior official said that the deteriorating relationship has already caused the U.S. to miss the chance to attack some terrorists in the region.


Funerals Could Spark More Violence in Bahrain's Capital
Voice of America News (02/18/11)

Bahraini officials are concerned that funerals held for protesters killed in a crackdown of the Feb. 17 anti-government demonstrations could turn violent. At least five people were killed and 230 others were wounded when riot police stormed the protester's camp and fired birdshot, rubber bullets, and tear gas. The military is in control of the capital in the wake of the protests, and it has announced a ban on public gatherings. The demonstrators are part of the country's Shi'ite majority, which accounts for 70 percent of the population. They want the country's ruling family, who are Sunni, to give up control of prominent government positions and to better address Shi'ite concerns. Currently, Bahrain's king recruits foreigners to serve as police instead of allowing Shi'ites to join their ranks. The country voted in favor of moving towards democratic changes that would end those types of practices in 2001. However, the king imposes a constitutional decree that Shi'ite leaders argue has diluted their rights and prevented them from gaining a majority in parliament.


U.S. Intelligence Taxed by Middle East Unrest
Los Angeles Times (02/16/11) Bennett, Brian

Director of National Intelligence James Clapper told members of the Senate Select Committee on Intelligence on Wednesday that the nation's intelligence community had a great deal of information on the situation in the Middle East but was unable to predict the unrest that has taken place in the region over the past month. Over the past year, the CIA wrote more than 450 reports on the repressive regimes and economic stagnation in the Middle East, as well as other factors that it considered to be "dangerous." In addition, more than 15,000 reports have been produced by the nation's intelligence community since mid-December about what is being discussed in the media and on the Internet in the Middle East and North Africa. However, those reports could not predict that the self-immolation of a fruit vendor in Tunisia or the sudden decision of that country's president to step down would spark unrest throughout the region, Clapper said. Also testifying at the hearing was CIA Director Leon E. Panetta, who said that his agency has created a task force that analyzes trends on social media Web sites in order to predict uprisings like the ones that have taken place in the Middle East over the last several weeks. Some experts are concerned that the focus on the instability in the Middle East could take the focus off of counterterrorism efforts.


U.S. Agents Are Shot, One Killed in Mexico
Wall Street Journal (02/16/11) De Cordoba, Jose; Luhnow, David

U.S. officials say that two Immigration and Customs Enforcement agents were attacked in Mexico on Tuesday. The two men were traveling from Mexico City to Monterrey by car when they were fired upon by unknown gunmen in the violence-plagued central state of San Luis Potosi. One of the agents was killed, while the other suffered gunshot wounds to his arm and leg. U.S. officials would not say what they believe the motive for the attack was. Mexican federal police and authorities in San Luis Potosi state are conducting an investigation into the shooting. The attack is likely to increase concerns in the U.S. about the ongoing drug violence in Mexico, which has resulted in the deaths of at least 34,000 people over the past four years. The U.S. is already providing intelligence and training to Mexican security forces in order to help the country deal with the violence.


Lawmakers Suggest Extension of Chemical Security Regulations
Global Security Newswire (02/14/2011) Matishak, Martin

The House Homeland Security Committee's infrastructure protection subcommittee held a hearing last Friday to discuss a possible long-term extension of the Department of Homeland Security's Chemical Facility Antiterrorism Standards (CFATS). Under those standards, which had been scheduled to expire at the end of the last fiscal year but were temporarily extended under the continuing budget resolution that expires on March 4, high-risk chemical facilities would be required to conduct assessments to identify protection weaknesses. After conducting those assessments, the facilities would be required to implement plans that address the risks they face. During Friday's hearing, subcommittee Chairman Dan Lungren (R-Calif.) said that extending the standards would assure chemical facilities that security rules and requirements will not change each year while CFATS is being implemented. However, Lungren and other lawmakers said that they were not satisfied with the results of CFATS so far. Out of the nearly 5,000 chemical facilities covered by CFATS, only 175 visits that aim to gather in-depth knowledge of a chemical plant and assist it in complying with the standards have been conducted so far, Lungren said. But Dow Chemical Chief Security Officer Timothy Scott disagreed with the assertion that CFATS has not produced results, saying that the program has reduced the number of high-risk chemical sites while lowering the risks to the high-profile sites that are still left.




Bulk of Browsers Found to Be at Risk of Attack
Computerworld (02/17/11) Keizer, Gregg

Roughly 80 percent of Web browsers run by consumers are susceptible to attack by exploits of already-fixed bugs, according to Qualys CTO Wolfgang Kandek. The dismal state of browser patching alarmed Kandek, who presented data from Qualys' free BrowserCheck service at the RSA Conference in San Francisco. Kandek says he did not anticipate that nearly eight out of every 10 browsers would lack one or more patches. BrowserCheck scans Windows, Mac, and Linux systems for vulnerable browsers, as well as up to 18 browser plug-ins, including Adobe's Flash and Reader, Oracle's Java, and Microsoft's Silverlight and Windows Media Player. When browsers and their plug-ins are calculated together, as many as 95 percent of all consumer systems scanned with BrowserCheck since June 2010 reported at least one out-of-date component, depending on the month. This January, about 80 percent of all computers were susceptible. What is worse, about 30 percent of browser plug-ins are perpetually vulnerable, a rate three times that of Windows, where Qualys' data has shown that, on average, about 10 percent of all PCs never get Microsoft's patches. When plug-ins were not tabulated, browsers performed much better—only around one quarter of the scanned machines had an unpatched browser in January.


Obama Seeks Big Boost in Cybersecurity Spending
Computerworld (02/15/11) Thibodeau, Patrick

President Obama's 2012 budget proposal calls for a 35 percent increase in cybersecurity research and development (R&D) to enhance its ability to mitigate the risk of insider threats and guarantee the security of control systems such as those employed at power plants. The hike in cybersecurity research spending is part of an overarching R&D budget proposal that includes boosts in a broad spectrum of research initiatives, including robotics, climate change, and funding to increase the supply and skills of science, technology, engineering, and math teachers. Generally, the budget asks for $66.1 billion for fundamental and applied science research across all areas, an 11.6 percent increase. The Obama administration's research proposal would allocate $7.8 billion to the National Science Foundation and $5.4 billion to Department of Energy's Office of Science. The proposal especially seeks new research in advanced manufacturing technologies, such as nano-manufacturing and robotics. A grant proposal initiated by the White House last fall says the government is aiming for development of co-robots, which are systems "that can safely coexist in close proximity to or in physical contact with humans in the pursuit of mundane, dangerous, precise or expensive tasks."


Bank of America Says Web Breach Was Tiny
American Banker (02/15/11) Johnson, Andrew

Jalopnik, an automobile news Web site owned by Gawker Media, reported last weekend that a small number of Bank of America customers saw other people's transaction details instead of their own, through online banking. "They had problems accessing their online accounts … There were no reports of fraud as a result of this incident. We worked with the impacted customers to ensure their information is protected," says a BofA spokeswoman. The incident lasted from around 4:30 p.m. to 10:30 p.m. Eastern time on Feb. 12. Incidents such as this are quite rare, but they do happen, especially considering the amount of data that a bank's servers handle, according to online security expert James Van Dyke. Van Dyke says that the server can give the wrong data from the wrong database if the instructions give the wrong request. In June of 2010, AT&T had a similar incident and customers were able to see others' credit card or social security numbers. The upside to these incidents is that they are easy to trace back to figure out exactly what happened and why.


Maryland, Agencies Hope to Expand Cybersecurity Talent Pool
Washington Post (02/14/11) Censer, Marjorie

Maryland government and industry officials are increasing their efforts to cultivate new employees with math, science, and engineering skills to work in the cybersecurity field. Maryland is home to several key U.S. cybersecurity agencies, including the National Security Agency (NSA), the U.S. Cyber Command, and the Defense Information Systems Agency (DISA). NSA officials are anticipating a significant number of retirements in the coming years and plans to hire about 1,800 people this year, says agency chief of staff Deborah A. Bonanni. DISA recently completed a mission to increase its workforce by more than 70 percent, says director Mark Orndorff. However, more cybersecurity workers are needed, and NSA and DISA are working with Maryland schools to encourage students' interest in a cybersecurity or intelligence career. For example, NSA recently hosted an event in which college juniors and seniors met with agency computer scientists, engineers, and mathematicians, while DISA is using internships to attracts new recruits.


Vulnerability Management Tools: Dos and Don'ts
CSO Online (02/14/11) Roiter, Neil

There are several dos and don'ts that organizations need to keep in mind when using vulnerability management tools. For instance, they should not shortchange remediation by choosing only one or two critical vulnerabilities to correct after performing a vulnerability scan. Instead, organizations should remediate vulnerability and configuration management within a change-control process that is well defined, supported by the organization's vulnerability management tool, and integrated to control mechanisms such as the ticketing system. The vulnerability management tool should support the process through vulnerability and error detection as well as through a risk assessment that is based on the seriousness of the security threat and the value of the system that is vulnerable. The process is not finished and the ticket cannot be closed until a second scan verifies that a vulnerability has been repaired. Meanwhile, organizations should use scanning services such as software-as-a-service and managed services. Some organizations also may be required to occasionally conduct third-party scanning. Finally, organizations should integrate vulnerability management with security tools such as security information and event management.


Abstracts Copyright © 2011 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments:

Post a Comment