| |
Israeli Police Kill American Gunman in Hotel Shoot-Out
NBC News (10/05/12)
Israeli officials say that an American tourist is dead Friday after he went on a shooting spree at an Israeli hotel in Eilat on the Red Sea. According to officials, the man stole a gun from a security guard and then killed a hotel worker before barricading himself in the hotel kitchen and exchanging gunfire with police. Police returned fire, evidently hitting and killing the shooter. Not much is known about the perpetrator, other than that he was an American and that he may have worked at the hotel before. The motive for the attack remains unclear. Police Spokesman Micky Rosenfeld says that police do not believe the attack was at all related to terrorism.
California Passes Strict Social Media Privacy Law
Security InfoWatch (10/03/12) Rosenberg, Mike
California Gov. Jerry Brown signed in to law a pair of online privacy bills on Sept. 27 that prohibit business and schools from requesting access to the personal e-mail and social media accounts of current and prospective students and employees. The bills follow a series of similar legislation in Maryland, Illinois, and Delaware that grew out of media reports earlier this year that some employers were requesting access to the social media accounts of some job candidates. Some of these applicants reported that they had lost out on jobs after they refused such requests. "No boss should be able to ask for this kind of personal information. You don't go on a fishing expedition when [people] apply for a job or admission for college," said state Sen. Leland Yee (D-San Francisco), who wrote one of the two bills passed by Gov. Brown. However, human resources experts point out that the new laws apply only to private, personal media accounts. If workers or students leave their Facebook, Twitter, Google+, or other social media account open to the public, employers and admissions workers are still allowed to peruse them. "You still need to be very careful with what you post online," said Maryland social-media attorney Bradley Shear.
Masked Robbers Steal $2 Million of Gold, Gems from Calif. Mining Museum
NBC News (10/02/12)
At least two masked robbers broke into the California State Mining and Mineral Museum in Mariposa, Calif., on Sept. 28, forcing employees to hide in one corner of the museum before making off with an estimated $2 million worth of gold and gemstones. While the robbers were able to make off with a substantial amount of loot, they failed to steal the museum's prized piece: the 14-pound Fricot Nugget. The Fricot Nugget, the largest remaining intact mass of crystalline gold discovered during the 1864 gold rush, was being held in an iron safe and the robbers triggered an alarm as they attempted to force their way into it. The California Department of Parks and Recreation says that the museum will remain closed until further notice, and that its remaining treasure has been moved to a safe location while the museum conducts an inventory to see exactly which pieces were stolen.
Casino Industry Relies on Updated Security Technology
KLAS-TV (10/02/12) Drawhorn, Aaron; Cashell, Kash
With the constant threat of cheats and thieves looming over them, casinos are some of the biggest consumers of security technology and this week the latest in casino-centric security technology is on display at the Global Gaming Expo (G2E), in Las Vegas, Nev. Gary Powell and Glen Haimovitz are at the convention representing the security firm Cyrun and promoting its suite of multipurpose casino security software. Haimovitz says that the software was developed with the Las Vegas casino security community, which is made up in large part of former FBI and law enforcement, in mind. Such people have a great deal of experience tracking and identifying criminals, "and this enables them to do this a lot easier," says Haimovitz. George O'Dowd of Cellbusters is showing off his company's products, which are used to detect and thwart unauthorized cell phone and Wi-Fi signals, useful for casinos looking to crack down on the rising use of mobile devices by cheaters. Honeywell representative Greg Tomasko is at the convention to push networked camera systems, pointing out that there are still casinos using analog systems that record to VHS tapes.
Most Workplace Violence at Agencies Committed by Federal Employees
Federal News Radio (10/01/12) Gomez, Ruben
A new analysis by the federal Merit System Protection Board (MSPB) looks at the occurrence of workplace violence at federal agencies and suggests approaches for handling such incidents. The new analysis, which drew from data in the 2010 Merit Principles Survey, defined workplace violence as assaults, threats of violence, harassment, intimidation, and bullying. The MSPB found that 13 percent of federal employees reported having observed or experienced workplace violence, which was committed 54 percent of the time by current or former federal workers. Other instigators of violence in federal workplaces included those seeking or receiving services from federal agencies, criminals, and family or acquaintances of agency employees. While most incidences of workplace violence were ascribed to current or former federal workers, these individuals were also the least likely to cause injury or property damage. Among the MSPB's preventative suggestions were providing violence prevention training to employees and training supervisors to make use of internal and external preventative resources. Other suggestions include reducing stress-levels in the workplace, completing pre-employment background checks, and resolving workplace conflicts before they escalate.
Private Army Formed to Fight Somali Pirates Leaves Troubled Legacy
New York Times (10/05/12)
There is concern that an anti-piracy force in Somalia could pose a threat to the security of that East African nation and the region as a whole. According to the a report from a United Nations investigative group, the anti-piracy force was started several years ago by a Dubai-based company called Sterling Corporate Services, which received secret payments for its work from the United Arab Emirates. The UAE secretly bankrolled Sterling's anti-piracy force, which was intended to be an elite unit made up of 1,000 men equipped with helicopters and airplanes, because it was concerned about the effects that piracy was having on commercial shipping in the Middle East. But Sterling ended its involvement with the force in June after a South African trainer was shot and killed by a Somali man who had been in training to help combat piracy. Now the 500 soldiers who make up the force have gone weeks without pay and are passing their time wandering their main compound and two other camps in the region of Puntland, said Michael Stock, the president of a company that had been hired to determine whether the men could be integrated into other security forces in Somalia. As a result, there is concern that the heavily-armed men could become pirates themselves, join al-Qaida-linked militant groups, or become paid fighters for warring Somali clans. Andre Le Sage, a senior research fellow who specializes in Africa at the National Defense University, said that one of two things needs to be done to address the potential threat from the anti-piracy force: either make it part of a regular force or disarm it and take control of it.
FBI Visits Site of Attack in Libya
CNN.com (10/04/12) Starr, Barbara
Pentagon officials on Thursday announced that a team of FBI investigators escorted by a U.S. military support mission had visited the site of the Sept. 11 attack on a U.S. diplomatic outpost in Benghazi, Libya. It was the first time FBI agents, who have been in Libya since days after the assault, have visited the burned out Benghazi compound in the more than three weeks since the attack. This, however, does not mean that the investigation has not progressed, according to Attorney General Eric Holder and Pentagon press secretary George Little. "You should not assume that all we could do or have been doing is restricted solely to Benghazi," said Holder, while Little told reporters on Thursday that investigators and U.S. special forces teams were "actively chasing leads" throughout the country and the region. Some, however, worry that the failure of the military and FBI to visit the compound sooner may have already had consequences. Despite State Department claims that no classified material had been left behind in the Benghazi consulate, a CNN reporter visiting the site this week found several documents including records of Libyans who had helped secure the compound, emergency evacuation protocols, and information about U.S. weapon collection efforts in the locked but unguarded building.
U.S. is Tracking Killers in Attack on Libya Mission
New York Times (10/03/12) Schmitt, Eric; Kirkpatrick, David D.
The U.S. Joint Special Operations Command is working to identify the militants involved in the attack on the American consulate in Benghazi, Libya, on Sept. 11 so that they can be either captured or killed. The effort to identify those responsible for the attack is based on pre-existing lists of suspects that are constantly updated by the Joint Special Operations Command and the CIA, as well as information from Libyan authorities about possible suspects. In addition, the Pentagon has been performing more unmanned drone flights over eastern Libya, the region where Benghazi is located, in order to collect electronic intercepts, take pictures, and gather other information that would be helpful in developing a list of targets. Taken together, this information will help the U.S. determine where the suspects live, who their family members are, who they associate with, and the patterns of their lives, an American official said. Once detailed information about the suspects is collected, President Obama could take retaliatory action against the assailants that may include drone strikes, Special Operations raids, and joint missions with Libyan authorities. However, Libyan Prime Minister Mustafa Abu Shagur has ruled out the possibility of any unilateral American military action on Libya's soil, saying that such a move would infringe on his nation's sovereignty. No targets have yet to be identified for possible retaliatory actions, but American counterterrorism officials believe that the Libyan militant group Ansar al-Shariah was responsible for the attack on the consulate.
DHS 'Fusion Centers' Portrayed as Pools of Ineptitude, Civil Liberties Intrusions
Washington Post (10/03/12) O'Harrow Jr., Robert
A new 141-page report from a Senate Homeland Security and Governmental Affairs subcommittee has characterized the Department of Homeland Security's network of 77 intelligence "fusion centers" as wasteful, intrusive, and unproductive, and calls for the department to exercise tighter control over the centers. The fusion center program grew out of the need for better intelligence sharing among local, state, and federal law enforcement and intelligence agencies following the 9/11 terror attacks. The centers are largely funded and operated by state and local authorities, but report to DHS and receive significant funding from the department. However, the Senate report found extremely poor accounting of this DHS funding, with estimates of total DHS spending on fusion centers ranging from $289 million to as much as $1.4 billion. There is also little control over what this money is used for, with the report citing numerous instances of what it characterized as wasteful spending on unnecessary equipment and unopened facilities. The report also raises concerns that, due to a lack of training and oversight, a large percentage of the reports coming out of fusion centers contain no useful intelligence, are clearly drawn from media reports, or involve potentially illegal surveillance of citizens, with very few producing any useful leads on terrorist activity. DHS has defended the program and criticized the report for relying on out-of-date information and failing to appreciate the larger goal of the centers, which it says are not meant to focus exclusively on terrorism.
Militant Link to Libya Attack
Wall Street Journal (10/02/12) Gorman, Siobhan; Bradley, Matt
Although U.S. officials are holding out hope that last year's Arab Spring protests will lead to the installation of governments more friendly to Washington, they now say that the fallout from the democracy movement could lead to security threats to American interests overseas. American officials believe that U.S. interests abroad could be threatened because militants such as Muhammad Jamal Abu Ahmad, the former operational head of the Egyptian Islamic Jihad who is now creating his own terror network, was freed from prison during the chaos that ensued from the protests. According to unidentified U.S. officials, Ahmad could pose a threat to American interests overseas, though they say he does not appear to represent a threat to domestic targets. Barak Barfi of the Washington, D.C.-based think tank the New American Foundation, who recently interviewed a number of Ahmad's associates in Egypt, said that Ahmad as talked about carrying out attacks on U.S. targets in countries where the American military is present. Ahmad is already believed to have been involved in the attack on the U.S. consulate in Benghazi, Libya, on Sept. 11. In addition, some of the other individuals who were involved in that attack trained at Ahmad's training camps in the Libyan desert, according to intelligence reports. Ahmad is not the only militant who is believed to have been released from prison following the Arab Spring protests. Western officials say that other militants who have been released are trying to take advantage of the shaky governments that have formed in countries that experienced pro-democracy movements last year and are trying to develop the ability to carry out attacks that are worse than the recent protests that have taken place at U.S. embassies in North Africa and around the world.
Iranian Internet Disrupted by Cyber Attacks
SlashGear (10/04/12) McGlaun, Shane
The Iranian High Council of Cyberspace reports that cyber attacks that were carried out on Wednesday targeted the country's communications and infrastructure. According to the council, the "organized" attacks focused on the Iranian nuclear, oil, and information networks and slowed down Internet access across the country. The attacks follow Iran's launch of its new national information network, which has blocked access to major sites including YouTube and Google search. Iranian officials also admitted to accidentally blocking access to Google Gmail. This is not the first time that Iran has been targeted by cyber attacks. Reports indicate that a Stuxnet computer virus, which some believe was designed by the United States and Israel, targeted its nuclear development program, potentially causing serious setbacks and damage.
White House Says It Thwarted Cyberattack
Associated Press (10/01/12) Kuhnhenn, Jim
The White House has said that it was recently able to block an attempt to hack into its computer system, though it said that no classified networks were compromised. Officials say that the White House has mitigation measures in place that were able to identify and isolate the attack before it could spread or remove any data. They also said that the attack was against an unclassified network, which is kept separate from the classified network. The attempted attack was described as "spear-phishing," in which a fraudulent e-mail was used to attempt to trick White House staff members into turning over sensitive information. Similar attacks against the Google e-mail accounts of senior U.S. government personnel had been linked back to China, but officials did not say whether a similar connection was found in this attack.
Cyberattack Could Leave States in the Dark
Governing (10/12) Hatch, David
With the failure of comprehensive cybersecurity legislation in Congress this August, the status quo for state-level information security professionals remains an inconsistent patchwork of state and federal cybersecurity laws, although some states are increasingly taking the lead in establishing new standards. NASCIO notes that states are increasingly drafting and passing their own data protection and cybersecurity standards, but the quality of such guidelines varies and is rarely matched by increased budgetary resources. States such as California and Michigan have become leaders in cybersecurity legislation, with California's 2004 data protection law serving as a model for similar legislation and Michigan developing the first state-level cyberrange for training its security professionals. On the other hand, NASCIO reports that state spending on cybersecurity has remained flat, perhaps even fallen in the last two years, with NASCIO executive director Doug Robinson noting that at 1 percent to 2 percent of overall state IT budgets, cybersecurity spending is "half or less than what it should be." Tight state budgets are partially to blame, causing the state of Florida to eliminate the position of state CIO in June. Many wish the federal government would step in to help establish consistent nationwide standards or guidance, but there remains disagreement over what form such legislation should take and how to adequately fund and enforce it.
Can a Computer Game Help Practices Keep Data Secure?
American Medical News (10/01/12) Dolan, Pamela Lewis
Many small practices have not succeeded in creating a culture of security and data protection, says the Health and Human Services Dept. Office of the National Coordinator (ONC) for Health Information Technology. This failing is often due to insufficient staffing or budget limitations. In response, the ONC created a free, Web-based game that seeks to help practices understand the Health Insurance Portability and Accountability Act (HIPAA) and the importance of using data security measures and appropriate data protection policies. The ONC hoped to address the experiences and issues that many practice staff were facing when adopting health information technology, such as electronic health records, said Laura Rosas, MPH, privacy and security professional for the ONC’s Office of the Chief Privacy Officer. Many small practices have had trouble implementing effective training for this technology, as many lack the time or resources for proper training materials. Rather than having to read a variety of manuals on HIPAA compliance, practice employees can play a 30-minute game to learn best practices in keeping a password secure, protecting patient data, controlling access to that data, securing and encrypting mobile devices, and using virus protection software. Practice administrators can view results of employees' games to see where there are knowledge gaps and a need for review. The game, called “Cybersecure: Your Medical Practice,” looks similar to the virtual reality game “The Sims.” The player experiences different scenarios that involve HIPAA privacy and security rules. Players experience the game as an avatar physician practice worker and answer questions based on each scenario. Right or wrong answers can cause the player to add or lose exam rooms, office equipment, and points. At the end of each of the game's three levels, players receive feedback on their answers, including explanations of why their answers were right or wrong. A certain score is required to advance to the next level. The game also includes tips and a glossary for understanding certain terms. Seventy percent of large employers use interactive software and games for employee training, according to a 2008 survey by the Entertainment Software Association. Although games provide interactive, contextual, effective training, experts say that they should not be a practice's only method for training.
Into the Breach
Modern Healthcare (09/29/12) Conn, Joseph
Beginning in 2009, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) began receiving and publicly reporting security breach incidents throughout the healthcare field. About 499 major security breaches of medical records, affecting more than 500 individuals have been recorded since then. The larger 499 breaches exposed the records of 21.2 million people, including 80 breaches that occurred in 2012 affecting 1.8 million individual records. Of the larger breaches 117 or 23 percent involved paper records of approximately 709,000 individuals. One of the most common causes of security breaches is the loss or theft of laptops with unencrypted data on them. OCR pegs hacking related breaches at about 8 percent, including those from inside an organization and those not related to identity theft. OCR continues to pick up its enforcement of privacy violations, especially with the passage of the American Recovery and Reinvestment Act in 2009 that gave state attorneys general the power to prosecute violators and require HHS to conduct compliance audits.
Abstracts Copyright © 2012 Information, Inc. Bethesda, MD |
No comments:
Post a Comment