| |
FAA Calls Out ‘Systemic’ Hazard at United
Wall Street Journal (04/10/15) Pasztor, Andy; Carey, Susan
In February, federal aviation inspectors stepped up their oversight of United Continental Holdings Inc., citing risks from repeated violations of mandatory pilot qualification and scheduling requirements. The letter, from a senior Federal Aviation Administration official, calls for a thorough overhaul of parts of United's crew qualification process. The FAA's letter follows a safety warning sent to United pilots in January that highlighted four recent and separate safety events and near misses. These included one near crash and an incident where a plane landed without less than the minimum required amount of fuel. The FAA letter does not reference specific events, but its wording hints that it is referencing issues such as aviators failing to undergo regular check rides with examiners or the airline failing to properly document such checks. The letter also cites problems with crew scheduling, which could include pilots flying longer than the FAA allows. That specific issue was one raised by the Airline Pilots Association union in a March 27 memo to United pilots. FAA officials say they have not taken official action against United since sending its February letter, suggesting that the agency is satisfied with whatever steps United is taking to correct its issues.
Wall St. Is Told to Tighten Digital Security of Partners
The New York Times (04/09/15) P. B7 Goldstein, Matthew
New York Department of Financial Services Superintendent Benjamin Lawsky revealed that a survey of 40 banks found that only about 33 percent require their outside vendors to notify them of any breach in their own networks that could compromise confidential information of the bank and its customers. Less than 50 percent of banks surveyed conduct regular on-site inspections to ensure vendors have adequate security measures in place, and only about half require vendors to provide a warranty that their products and data streams are secure and virus-free. Lawsky said that banks and other financial institutions clearly need to do more to improve their oversight of vendors and to improve their own cyber security. "Things are in a great state of flux in terms of the institutions and for regulators, too, but all of these things need to be tightened up in a very serious way," he noted. Lawsky's office continues to work on guidelines for banks and other financial firms to monitor and improve the security of outside vendors, and one recommendation could be that financial firms obtain guarantees from vendors about security quality through the contracting process. Another area of concern for financial firms is the security of large law firms that conduct regulatory work for banks and advise them on corporate transactions. Moreover, the bank survey found that U.S. financial firms tend to lag behind their European counterparts in terms of safeguarding information shared with third-party vendors. Lawsky's office also has sent a similar survey on vendor oversight to insurance companies. "The fight against cyberterrorism and cybercrime is one that is not going away. We need to start that fight with certain basic hygiene tests and that involves tightening your security with vendors and tightening your security with multifactor authentication," he said.
Zoo Tradition Continues on Easter Monday, With a Bit More Security
Washington Post (04/07/15) Williams, Clarence ; Lieberman, Mark
Tens of thousands visited the zoo the day after Easter for what has become a century-old tradition for black families. However, officials worked to prevent any violence between young people. Incidents have interrupted three celebrations in the past 15 years, including last year, when two teenagers were shot at the zoo's entrance at the end of the day's festivities. This year, all bags were checked by police officials, who also used metal-detector wands. D.C. police patrolled the park on foot and on bicycles while other officers worked along Connecticut Avenue. Most attendees said that the security measures were not an issue. One patron, Deria Hatton said, “I’m all for it. I don’t care how long the line is. I want my kids to be able to explore a D.C. tradition." The gunfire last year angered residents, but prompted a conversation about how the tradition could continue without violence. In order to counter violence, several dozen volunteers were on the lookout for violence between young people inside the zoo and at the Woodley Park Metro station, wearing yellow T-shirts from Project Safe Zoo. Activist Ron Moten, a central organizer of Project Safe Zoo, said its volunteers helped defuse three arguments, including one inside the zoo in which police took a young man into custody. By the end of the day, no serious incidents occurred, but D.C. police broke up some minor scuffles outside the zoo, said Cmdr. Melvin Gresham of the 2nd Police District.
Surprising Number of Cyber Attacks Aim to Destroy, Not Steal
Reuters (04/07/15) Menn, Joseph
Hacking attacks that destroy rather than steal data or that manipulate equipment are far more prevalent than widely believed, according to a survey of critical infrastructure organizations throughout North and South America. The poll by the Organization of American States, to be released on Tuesday, found that 40 percent of respondents had battled attempts to shut down their computer networks, 44 percent had dealt with bids to delete files and 54 percent had encountered “attempts to manipulate” their equipment through a control system. Those figures, provided exclusively to Reuters ahead of the official release, are all the more remarkable because only 60 percent of the 575 respondents said they had detected any attempts to steal data, long considered the predominant hacking goal. Destruction of data presents little technical challenge compared with penetrating a network, so the infrequency of publicized incidents has often been ascribed to a lack of motive for attackers. Now that hacking tools are being spread more widely, however, more criminals, activists, spies and business rivals are experimenting with such methods.
Search Continues for Petróleos Mexicanos Workers Still Missing
Wall Street Journal (04/06/15) Harrup, Anthony
Mexican state oil company Petróleos Mexicanos said a search was continuing Sunday for three workers who have been missing since an explosion and fire last week damaged an offshore platform, killing four workers and injuring 16 others. The fire Wednesday at the Abkatun oil- and gas- processing complex in the southern Gulf of Mexico, led Pemex to shut in 220,000 barrels a day of crude oil production, of which around 170,000 barrels a day was being restored Sunday. Much of the oil affected is light crude that is mixed with heavier crudes for export, and the overall impact on production and exports in the near term will be minimal. The majority of Pemex’s crude-oil production comes from offshore deposits in the southern gulf. The offshore regions accounted for 1.78 million barrels a day of the company’s 2.29 million barrels a day of crude oil output in the first two months of this year. The fire led to the evacuation of just over 300 workers from the platform, one of several that makes up the processing complex, which lies about 50 miles offshore. Experts at the government’s industrial-safety agency are still working to determine the cause of the fire.
Obama to Decide Soon on Removing Cuba From Terrorism List
Wall Street Journal (04/10/15) Lee, Carol E.
President Barack Obama is expected to remove Cuba from a list of governments that sponsor terrorism, which may lead to normalized relations between the United States and Cuba. Obama must submit a report to Congress 45 days before a change in terrorism designation would take effect, and if Congress takes no action in those 45 days, then the designation may be removed. Although the policy shift on Cuba has been praised in much of Latin America, the change may be challenged in the United States. Obama has been criticized by anti-Castro lawmakers and groups that support the ongoing embargo. Obama may announce a final decision during the two-day Summit of the Americas, which begins Friday evening in Panama, but the timing is still uncertain. Cuba is attending the Summit of the Americas for the first time, which was agreed on by Obama and Cuban President Raúl Castro as part of the normalization effort. Removing Cuba from the terrorism list would help eliminate a major point of contention as the United States and Cuba try to move forward to restore ties, including the opening of embassies in Washington and Havana.
Dzhokhar Tsarnaev Is Guilty on All 30 Counts in Boston Marathon Bombing
New York Times (04/09/15) P. A1 Seelye, Katharine Q.
A federal jury has found Dzhokhar Tsarnaev guilty on each of 30 main counts related to the 2013 bombings at the Boston Marathon. In a second phase of the trial, the same jury must decide whether to sentence 21-year-old Tsarnaev to life in prison or the death penalty. Massachusetts abolished capital punishment in 1984, but Tsarnaev still faces the death penalty because he was convicted of federal crimes. The prosecution is expected to argue for death, saying that Tsarnaev was cruel, had betrayed the United States after becoming a citizen, and has shown no remorse. Defense lawyers will emphasize what could be mitigating circumstances, such as his being 19 at the time, with no criminal record, and under the influence of his older brother, Tamerlan. While there was little question that the jury would find Tsarnaev guilty of most charges, since even his lawyers admitted that he had been involved in the bombing, it was also believed that he might be acquitted on some lesser counts.
Three Killed in Milan Courthouse Shooting
Wall Street Journal (04/10/15) Sylvers, Eric; Mesco, Manuela
A defendant in a bankruptcy case killed three people and wounded several others in a Milan, Italy courthouse on Thursday. According to Edmondo Bruti Liberati, Milan's head prosecutor, Italian businessman Claudio Giardiello started his rampage in a third-floor room of the courthouse, shooting a lawyer and his co-defendant, before escaping to a lower floor where he found and shot to death one of the judges in the case. He managed to wound another person involved in the case while roaming the courthouse. He was then somehow able to escape the courthouse, but was later apprehended in the nearby town of Vimercate, where Bruti Liberati says Giardiello had gone with the intention of killing another person. Gun violence is rare in Italy, and Prime Minister Matteo Renzi has promised an investigation into how Giardiello was able to get into the courthouse with a gun. Visitors and defendants are required to pass through a metal detector when entering courthouses, while lawyers and judges can enter freely. Bruti Liberati says Giardiello most likely entered with a fake pass identifying him as a lawyer. Investigators are also likely to look into how the shooter was able to escape the building when it was being locked down.
Kenya Strikes al-Shabaab Positions in Somalia After College Attack
Wall Street Journal (04/07/15) Vogt, Heidi
Kenyan fighter jets bombed two al-Shabaab bases in Somalia on Monday and police in Uganda have stepped up patrols at college campuses since a Thursday attack on Garissa University College in Kenya killed at least 148 students and staff. According to Col. David Obonyo, a spokesman for the Kenyan military, Monday’s operation was based on intelligence reports and planned before the attack in Garissa. The Garissa attack comes after al-Shabaab has staged a series of assaults in Muslim areas along Kenya's coast, as well as a 2013 attack on a shopping mall in Nairobi that killed 67 people. Uganda also has been targeted by the militant Islamist group in recent years. Al-Shabaab says it targets Kenya and Uganda because the two nations are contributing to African Union peacekeepers in Somalia. Some Kenyan officials are calling for a troop pullback from Somalia, hoping that it would reduce attacks at home, but President Uhuru Kenyatta says that the military needs to keep striking at al-Shabaab in Somalia.
Fighting in Yemen Is Creating a Humanitarian Crisis
Washington Post (04/07/15) Naylor, Hugh
Experts are warning that the chaos in Yemen is threatening to tip an already precarious situation over the edge into a humanitarian crisis unlike anything the already war-weary Middle East has seen. Fighting on the ground between Houthi rebels from the north of the country, loyalists of Yemen's ousted president, al-Qaida in the Arabian Peninsula, and the local militias springing up across the country is being compounded by airstrikes and blockades set up by a Saudi-led regional coalition opposed to the Houthis. The fighting has disrupted fuel supplies, knocking out electricity and, in many cities including the capital, the pumps that provide drinking water to millions of Yemenis. Yemen also imports the vast majority of its food, but the fighting has cut off the shipments. International aid organizations have found it impossible to bring medical supplies into the country in recent weeks. The fighting has also driven out foreign businesses and cut the country's residents off from the foreign aid and remittances many of them rely on to make ends meet. Thousands of Yemenis have already been displaced by the fighting, some fleeing across the Gulf of Aden to Somalia. Observers warn that should the conflict persist it will create a refugee crisis worse than that in Syria, where nearly 10 million people have been internally and externally displaced by the ongoing civil war.
Destructive Hacking Attempts Target Critical Infrastructure in Americas: Survey
Reuters (04/07/15) Menn, Joseph
A new survey of critical infrastructure organizations in North and South American carried out by Trend Micro for the Organization of American States (OAS), finds that a surprisingly high percentage have faced hacking attacks designed to destroy data or manipulate equipment. The survey polled 575 companies and agencies in charge of a variety of critical systems and services i the communications, security, finance, and other sectors. Forty percent of the respondents said that they had faced malicious attacks that sought to shut down their computer networks. Forty-four percent had dealt with attacks that attempted to delete files and 54 percent had encountered attacks that attempted to manipulate equipment through control systems. Only a slightly higher percentage, 60 percent, reported encountering attacks that attempted to steal data. One example of a destructive attempt involved a financial institution where attackers stole funds from accounts and then deleted records to make it harder to reconstruct which customers had been affected and how. In another case, thieves were able to manipulate an oil company's equipment to divert resources to themselves. Adam Blackwell, secretary of multidimensional security at the OAS, warned that similar attacks could result in blackouts if serious enough.
Expert: Drug Pumps Vulnerable to Dangerous Online Tampering
The Hill (04/09/15) Viebeck, Elise
A security researcher discovered that computerized drug-infusion pumps can be hacked, which makes it easier to deliver a deadly dose to a patient. Experts say device manufacturers are beginning to respond to the security threats. Billy Rios, founder of security firm Laconicly, discovered that hackers or people within a hospital's network could break into the computerized drug pumps in a way that changes the upper and lower boundaries for dosages. By raising the upper limit, a hacker could pave the way for someone to set the pump to deliver a high dosage, either intentionally or accidentally. Rios discovered the flaw in the LifeCare PCA drug pump manufactured by Hospira and alerted the Department of Homeland Security. Hospira attempted to patch the vulnerability in a new software update, by Rios said the patched version does not fully fix the problem. Researchers have also found security vulnerabilities in other medical equipment, including pacemakers, X-rays, drug storage refrigerators, and more.
Air Force Rolls Out Cybersecurity Task Force; Lt. Gen. Bill Bender Comments
ExecutiveGov (04/06/15) Clemens, Jay
The U.S. Air Force has formed a cybersecurity task force. Pete Kim, acting director of cyberspace operations and warfighting integration, will manage the task force's operations and provide direction to the Air Force's cyberspace stakeholders. Lt. Gen. Bill Bender, secretary of the Air Force chief of information dominance and chief information officer, said the task force would evaluate cyber threats and vulnerabilities that affect the services missions. Additionally, the group would develop a risk management plan, he said. The task force will help the Air Force inform its future strategic plans and programs beginning in fiscal year 2017.
French Broadcaster TV5 Monde Recovers After Hacking
New York Times (04/10/15) P. A4 Breeden, Aurelien; Rubin, Alissa J.
The French television broadcaster TV5 Monde resumed normal broadcasting on Thursday evening after hackers claiming to support Islamic State staged a cyberattack against the network. Hackers who called themselves the CyberCaliphate took responsibility for the attack, using the same name as those who hijacked the social media accounts of the United States Central Command Newsweek’s Twitter feed. The claim of responsibility has not been confirmed, but the French government has called for media outlets to remain vigilant against such attacks. Network Director Yves Bigot said that the cyberattack started at 10 p.m. Wednesday, and included the broadcaster's website and social-media accounts. The French Network and Information Security Agency said it had sent computer security experts to assist the network, and it is now studying the attack. French culture and interior ministers met with the heads of the nation's broadcasters to discuss the prevention of future attacks.
Insurance Industry Says Cyber Threat Database Needed
Insurance Journal (04/06/15) Hollmer, Mark
Last month, cyber experts from different parts of the industry testified about what is at stake, and what insurers need, before the U.S. Senate Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security. Among the biggest concerns they raised: the ever-changing nature of cyber security risk, and the need to find a way for both government and insurers to share data in an effort to boost their chances in the fight. Catherine Mulligan, senior vice president of Zurich North America’s management solutions group, told the committee that “scope of the exposures is too broad to be solved by the private sector alone.” She said, for example, that a public company that faces a cyber security breach could face a shareholder derivative suit or many other liabilities, because “one event can lead to multiple claims for many insureds” within one company. Mulligan said there is need for a national database that collects cyber threat information to help the insurance industry catch up with the fast-evolving situation. At the same time, the practical issues of who would “own” the data, what kind of information goes into the database, and how to make it anonymous, yet available, have yet to be determined after some early government/industry committee meetings, she pointed out.
Abstracts Copyright © 2015 Information, Inc. Bethesda, MD |
No comments:
Post a Comment