| Black Friday Safer This Year Security Director News (11/28/12) Canfield, Amy According to National Retail Federation loss prevention Vice President Rich Mellor, this year's Black Friday was far more peaceful and orderly than the shopping holiday has been in past years. "Better planning and looping in the right people made this Black Friday go much better than previous ones," said Mellor. New crowd management policies and the increased presence of private security and police forces helped keep customers in line, but Mellor notes that customers in general were also much calmer this year. This was in part because of Thursday-night openings, which helped to dispel the frantic, door-buster mentality that has led to stampedes and injuries in previous years. Mellor says store openings were better managed, with people let in to stores in a slower, more orderly pace. The results were far fewer incidents of Black Friday violence, with Mellor saying he had yet to hear of incidents involving fire arms and other weapons. There was an incident involving a firearm at a Colorado Target on Black Friday, but store officials have said the incident was actually an attempted robbery, not the result of a dispute between shoppers or workers turning violent. Feds: Workplace Violence Caused Nearly 17 Percent of All Fatal U.S. Work Injuries in 2011 SecurityInfoWatch.com (11/27/12) According to the 2011 Census of Fatal Occupation Injuries, workplace violence was the cause of nearly 17 percent of workplace fatalities in the U.S. in 2011. At 4,609 incidents in 2011, fatal work injuries were down 21 percent compared to 2006 and by more than 25 percent compared to two decades ago. Of those 4,609 workplace fatalities, 780 were attributed to workplace violence, with 458 homicides and 242 suicides. Men where the victims of 680 of these incidents of workplace violence and women 100. Shootings were the cause of 78 percent of the homicides. Homicide was a more common cause of workplace fatalities for women, 21 percent, than for men, 9 percent. Current and former spouses or domestic partners were involved in 40 of the workplace killings of women, while relatives were the assailants in only two percent of workplace homicides where men were the victims. The largest numbers of workplace homicide victims worked as first-line sales, retail, and cashier supervisors, followed by law enforcement workers, managers, and protective agents. Workplace Drug Testing vs. Marijuana Legalization in Washington State and Colorado TestCountry.com (11/27/12) Butler, Lena Employers in Washington State and Colorado have raised questions about how the recent legalization of recreational marijuana in those states will impact their right to test workers for drugs. Some universities and other organizations have already issued statements saying that they have no intention of changing their drug testing policies. However, other organizations are consulting lawyers to determine how best to proceed. There is nothing in the new state laws preventing drug testing, and the Colorado law specifically states that it is not intended to "require an employer to permit or accommodate the use, consumption, possession, transfer, display, transportation, sale or growing of marijuana in the workplace or to affect the ability of employers to have policies restricting the use of marijuana by employees.” Legal experts say that a company's first concern under the new laws should be employee conduct. The new laws will not protect any employee who appears under the influence at work. Alabama Bill Would Allow Guns at Work Associated Press (11/26/12) Alabama state Sen. Roger Bedford is pushing a bill that would allow gun owners in the state to take their guns to work. The bill, versions of which have been put forward and failed twice before, would prevent employers from barring their workers from bringing and storing firearms at their workplaces. The bill would apply to all employers, save for schools and those where federal firearms bans are enforced. The bill has the support of the National Rifle Association, but is opposed by the Business Council of Alabama. Council President Bill Canary said that the bill amounted to "unnecessary legislation which erodes the constitutional property rights of businesses." Wary Hotels Put Staff Under Lens Times of India (11/26/12) Tembhekar, Chittaranjan After terrorists took over and held hostages in the Taj and Trident Hotels during the 2008 Mumbai terror attacks, rumors circulated throughout India that the terrorists had been helped by employees at the hotels, prompting Mumbai's hospitality industry to begin running detailed background checks on employees. "Post 26/11, it has become a norm for candidates to submit photographs, proofs of age and residence, references of people and contact numbers with the employment form," said Shashikant Shetty of Mumbai's Ahar restaurant and bar association. Former Federation of Hotels and Restaurants Associations of India president Kamlesh Barrot and current Hotels and Restaurants Association of Western India President Dinesh Advani say that the practice of conducting thorough background checks on new employees has spread beyond Mumbai to other major cities in Maharashtra, Goa, and Gujarat states. TOPS Security company representative Brigadier Jaisinghani says his company is one of many private security firms now conducting background checks almost full time. "We check an employee's passport, lease agreements, bank accounts, property details, previous employment records as well as permanent address," says Jaisinghani. These details are then passed on to other private security firms, police, and government security agencies for further verification. Senate Votes to Bar Indefinite Detention of US Citizens Suspected of Terrorism Associated Press (11/30/12) The U.S. Senate on Thursday took up several measures that addressed homeland security issues, including the detention of terrorist suspects. One such measure, which was approved but faces difficulty in overcoming opposition in the House and a veto threat from President Obama, prohibits the federal government from indefinitely detaining U.S. citizens or legal residents who are suspected of engaging in terrorism. The prohibition against detaining terrorist suspects who are U.S. citizens without charging them or bringing them to trial would apply even with an authorization to use force or a declaration of war. The federal government is currently allowed to indefinitely detain terrorist suspects who are U.S. citizens or legal residents, thanks to the authority that it was granted under the authorization to use military force that was passed in the wake of the Sept. 11 attacks. The Senate also approved a measure that would prohibit detainees being held at the Guantanamo Bay detention center from being transferred to the U.S. Supporters of that measure said that the terrorist suspects there should not be brought to the U.S., while opponents said it would reduce the president's flexibility in dealing with suspected terrorists. Officials: Syrian Rebels' Arsenal Includes Up to 40 Antiaircraft Missile Systems Washington Post (11/29/12) Warrick, Joby Intelligence officials in Western and Middle Eastern countries are expressing concern about some of the weapons that have been obtained by Syrian rebels. Those concerns were underscored on Tuesday when Syrian activists opposed to the regime of President Bashar al-Assad posted a video to a Web site showing a Syrian helicopter being shot down by what appeared to be a heat-seeking missile. Although President Obama has said that he opposes arming Syrian rebel groups with anti-aircraft missiles, Middle Eastern intelligence officials say that Qatar is supplying some of the weapons to the anti-government fighters. Experts say that the Syrian rebels could have 40 shoulder-fired missile systems, though there is a possibility they may have more. The effort to arm the Syrian rebel groups with anti-aircraft missiles like the one used to shoot down the Syrian helicopter earlier this week has sparked fears that the missiles could fall into the hands of terrorists if Assad is ultimately driven from power. If that happens, weapons experts and intelligence officials say, the missiles could be used to attack commercial jets. Homeland Security Counsel Defends Department's Progress Government Executive (11/28/12) Clark, Charles S. Department of Homeland Security Deputy General Counsel Seth Grossman defended the department's record over the last four years when he spoke during a panel conversation about DHS on Nov. 28. On the panel with Grossman were a number of DHS critics, including American Civil Liberties Union Senior Policy Consultant Michael German, who says that DHS' ambitions have exceeded its abilities, specifically calling out the department's network of fusion centers. The 77 DHS fusion centers were recently criticized as wasteful and ineffective in a congressional report. Jamil Jaffer, the senior counsel for the House Permanent Select Committee on Intelligence, criticized DHS' work on cyber security, expressing doubt about the department's ability to craft a national cyber security policy. Grossman responded by touting successful measures by member agencies, such as the Transportation Security Administration's PreCheck program and the prioritization of the caseload of immigration courts, while also noting that DHS remains a young organization still finding its footing. Gaza, Iran and the Coming Challenge to Homeland Security Homeland Security Today (11/12) Silverberg, David Homeland Security Today Editor David Silverberg warns that the recent confrontation between Israel and Hamas militants in Gaza presages increased threats to U.S. homeland security should Iran become the target of Israeli aggression in the coming year. The latest flare up between Hamas and Israel reached a tentative conclusion with an Egyptian-brokered cease-fire that went into effect on Nov. 21, but Silverberg sees the conflict mostly as a temporary distraction from the broader regional issues centered on Iran and its nuclear program. Silverberg posits that Iran, through its connections with Hamas, provoked the conflict in an effort to shift focus away from its nuclear program and continued involvement in the Syrian civil war. Silverberg says that, while the Israel/Gaza conflict was short-lived enough that it has not resulted in a major backlash against the U.S., an Israeli strike on Iranian nuclear facilities might. Such an attack could take place as early as next spring, Silverberg says. Silverberg cites the example of a foiled Iranian plot to assassinate a Saudi ambassador in Washington, D.C., last year. Other experts warn of further infiltration of the U.S. by Iran's al Quds force as signs of the danger posed by potential Iranian terror attacks. Drones and Disaster Response Security Management (11/15/12) Purvis, Carlton Unmanned aerial vehicles (UAVs) are being increasingly used in disaster response for reconnaissance purposes, often tasked with flying over areas nearly impossible to traverse on foot to deliver critical real-time information to first responders. UAVs have a host of benefits over other methods of reconnaissance, including having a faster information delivery time than satellites -- which often take at least 24 hours to deliver information about a disaster site -- and being more cost-efficient and safer than using manned vehicles like helicopters. Sending in a drone beforehand allows first responders to pinpoint areas of critical need and dispatch crews to those areas, rather than wasting time and resources by having fully geared crews do the searches on their own. UAVs are also highly customizable, allow for disaster response crews to outfit them with specialized equipment like infrared cameras and chemical, biological, and nuclear sensors to potentially discover threats in a disaster area that are hidden from plain sight. UAVs offer almost-nonstop surveillance and do not become fatigued like human crews do, meaning more time can be spent reconnoitering a disaster area. U.S. agencies wishing to use UAVs for disaster surveillance must first secure U.S. Federal Aviation Administration (FAA) approval, a process that will become much easier once UAV-related provisions integrated into the FAA Modernization and Reform Act of 2012 go into effect in the coming years. Nuclear Agency: Hackers Did Not Steal Sensitive Information Reuters (11/29/12) International Atomic Energy Agency (IAEA) Director General Yukiya Amano said Thursday that the agency deeply regretted a data breach involving the e-mail addresses of IAEA experts that was revealed on Tuesday. Earlier this week a group of hackers posted scores of e-mail addresses belonging to experts working with the U.N. agency and urged their owners to open an IAEA investigation into military activity at Israel's Dimona nuclear reactor. The hack, which Amano said occurred months ago and did not compromise information about IAEA safeguards or its investigation into Iran, is believed to have been carried out by Iranian hackers. The hackers identified themselves as Parastoo, which is a Farsi name for the swallow as well a female name. Their demand that the IAEA investigate Israel is a common refrain from Iran and its supporters, who accuse the IAEA of a double standard in their investigation of Iran's nuclear program, when Israel is widely believed to run a nuclear weapons program out of the Dimona site. Security Vulnerability Found in Samsung Printers SecurityInfoWatch.com (11/28/12) Rothman, Paul In a recently released vulnerability report, the U.S. Computer Emergency Readiness Team (US-CERT) warned of a backdoor vulnerability that could allow a hacker to take control of certain Samsung and Dell printers. The vulnerability, a hardcoded SNMP full read-write community string, amounts to a backdoor administrator account that could allow a hacker to remotely assume control of the printer, giving them access to documents printed using the device and allowing them to make changes to the device. The hacker could also use the account to carry out further cyber attacks by executing arbitrary code. Samsung and Dell have said that a patch for the vulnerability is in the works and that models built after Oct. 31 no longer have the vulnerability. US-CERT advises businesses to only allow connections to printers from trusted hosts and networks, which would make it more difficult to carry out the attack. Power Grid Hackers Are of Greater Concern Than Influential Report Indicates, DHS Official Says NextGov.com (11/27/12) Sternstein, Aliya A recently declassified 2007 National Academies report on power grid vulnerabilities concluded that cyberattacks, unlike natural disasters, probably could not cause lengthy blackouts. However, Department of Homeland Security officials say the risk of hackers severely disrupting electricity service has grown significantly since then, and point out that the Oct. 29 storm opened the public's eyes to the potential for societal disorder during prolonged service disruptions. The study's authors say the Academies pushed to declassify the report because the institution felt many of the findings have remained relevant. The report notes a terrorist attack on the power system by knowledgeable adversaries "could deny large regions of the country access to bulk system power for weeks or even months," leading to "turmoil, widespread public fear, and an image of helplessness that would play directly into the hands of the terrorists." Federal Communications Commission chairman Julius Genachowski announced that there will be a series of regional, post-Hurricane Sandy hearings to probe the resiliency challenges that communications networks are facing, including their dependency on electric power. Last May the Obama administration released the Electricity Subsector Cybersecurity Capability Maturity Model, a gauge that explains the levels of protection organizations should maintain and evaluates how they stack up against those benchmarks. Although cyberevaluations are not obligatory under the model, and utilities are not required to share their results with the government, experts note that sharing the results would more likely lead to success. Data-Annihilation Malware Still Alive Dark Reading (11/26/12) Higgins, Kelly Jackson Iran's Computer Emergency Response Team (CERT) has announced that the Narilam data-annihilation malware is expected to continue spreading. Narilam is at least two years old, according to CERT, which is already a long shelf-life for a data-annihilation worm. But CERT says that the malware is still affecting databases in specific Iranian financial software. Symantec confirmed these findings, saying that it had found samples of the worm still spreading on computers in the Middle East. "It's interesting because we don't see too many destructive-type threats around for a very long time" like Narilam, says Symantec Principal Security Response Manager Vikram Thakur. "We are still seeing new infections." Serious Gaps Remain Between Cyber Concerns, Investments Federal Computer Week (11/26/12) Corrin, Amber The introduction of new technologies into the workplace paves the way for innovation and productivity, but it also introduces new vulnerabilities. Tackling those challenges requires a forward-looking security stance that incorporates a range of measures, prioritizing what is most critical and accounting for evolving trends and developments, CompTIA wrote in its 10th annual Information Security Trends report. CompTIA surveyed more than 500 organizations and found that 57 percent said their organizations have implemented at least a moderate amount of change in their security strategy over the past two years, with another 10 percent reporting a significant amount of change. Survey respondents cited Internet-based applications, mobility, and social networking as top security concerns, but they continue to invest most heavily in more conventional areas of IT. CompTIA's Seth Robinson says a main theme is that the security changes are a response to the different ways organizations are using technology and the various tools and systems available to them. Yet despite these changes, security is not necessarily seeing commensurate upgrades, and Robinson draws attention to the disparity between top concerns and top investments. He also says both public and private organizations must be implementing more risk analysis functions, noting that robust and continuous staff security training is critical as well. Abstracts Copyright © 2012 Information, Inc. Bethesda, MD |
No comments:
Post a Comment