-----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Wednesday, October 03, 2001 8:37 AM To: daily Subject: NIPC Daily Report, .03 October 2001 NIPC Daily Report 3 October 2001 NOTE: Please understand that this is for informational purposes only and does not constitute any verification of the information contained in the report nor does this constitute endorsement by the NIPC or the FBI. Significant Changes and Assessment - NTR Private Sector - After a nearly two-month rampage across the Internet, the Code Red II worm has entered a period of self-inflicted euthanasia as of midnight 30 September. For reasons unknown, the worm's unidentified author programmed the worm to stop attempting to spread to other vulnerable Microsoft systems running Internet Information Server (IIS) software once the month of October arrived. However, according to Ryan Russell, incident analyst for SecurityFocus.com and other experts, a malicious person could easily modify the date-related instructions in Code Red II and release a new version of the worm without the October shutdown. (Source: Newsbytes, 2 October) The biggest computer security threat isn't a vicious virus or a skilled and malicious hacker. The real danger, according to dozens of experts, is easy-to-install software and software vendors who focus too heavily on adding convenient features instead of solid security solutions into their applications. The default software installations performed by most operating systems and applications top the SANS (System Administration, Networking, and Security) Institute and the National Infrastructure Protection Center's new Top 20 security threats list. The Top 20 list does not focus on the specific viruses or worms that may be active at any given time, but instead concentrates on the root problems: the system and software holes that all viral and hack attacks exploit. "Software vendors" philosophy is that it is better to enable functions that are not needed than to make the user install additional functions when they are needed," according to documentation of the top threats provided by SANS. (Source: Wired News, 2 October) The National Institute of Standards and Technology (NIST) said on 2 October, it has awarded $5 million in funding for research to enhance the security of electrical grids, air traffic control systems and other infrastructure. The Critical Infrastructure Protection Grants Program grants are aimed at speeding efforts to secure computer and telecommunications systems that support essential services. Program officials said the security efforts are needed because many critical infrastructures are increasingly automated and interdependent. NIST awarded nine grants to five companies, three universities and two commercial/academic partnerships. Richard A. Clarke, national coordinator for security, critical infrastructure and counter-terrorism at the National Security Council, described the grants in a statement as an important down payment toward addressing existing cyber challenges. (Source: Washington Post, 3 October) To help managers and employees improve the protection of critical information, the Human Firewall Council, which represents a melting pot of public, private and nonprofit organizations, announced on 1 October, the launch of an international educational campaign to raise the awareness of information security. "The Human Firewall" campaign was developed to help people recognize how important human and policy issues are to successfully defending information assets from unauthorized use or abuse, Doug Erwin, chief executive officer of PentaSafe Security Technologies and acting chairman for the council, said in a release. As part of the educational campaign, the group launched a Web site (www.humanfirewall.org), which features a manifesto that visitors are encouraged to read and sign to show their commitment to raising security awareness in their organizations. Members of the council will give a keynote presentation at the Computer Security Institute's annual conference on 31 October, where they will present a blueprint to help organizations take the first steps in creating a successful awareness program. (Source: InfoSec News, 2 October) Government - Federal Trade Commission (FTC) chairman Timothy J. Muris announced that his agency will not seek stronger consumer privacy laws. His position is a reversal of the Clinton-era policy that said consumer privacy laws were needed to protect personal data on the Internet. The decision carries more weight after the 11 September terrorist attacks. Since then, many companies have been sharing their consumer data with law enforcement agencies in an attempt to look for suspicious coincidences. He will increase the staff working on privacy issues by 50 percent and he plans to target mass e-mail, also known as spam, sources said. (Source: Associated Press, 2 October) International - NTR Military- NTR U.S. SECTOR INFORMATION: Nuclear Power - The Nuclear Management Co., which manages six nuclear plants in the Midwest, said on 1 October that heightened security measures have ended public tours at the facilities "for the foreseeable future." Nuclear plants continue to operate at the highest level of security following the 11 September terrorist attacks in New York City and Washington DC. Immediately after the attacks, the Nuclear Regulatory Commission (NRC) advised nuclear power plants to go to the highest level of security, and has since advised licensees to maintain heightened security. The agency said it continues to monitor the situation, and is prepared to make any adjustments to security measures deemed appropriate. If the NRC determines existing security procedures warrant revision, it said such changes would occur through a public rule making. NRC is coordinating with the FBI, other intelligence and law enforcement agencies, NRC licensees, and military, state, and local authorities. The NRC said it has also established communications with nuclear regulators in Canada and Mexico. (Source: Oil & Gas Journal, 2 October) Transportation - Airline employees who have been ordered to search aircraft cabins for weapons before takeoffs need better training, and the job should be eventually taken over by a new federal security agency, according to a report delivered to Transportation Secretary Norman Mineta on 2 October. The new agency would be a part of the Department of Transportation and would be a law enforcement arm for commercial aviation. It could be responsible for a range of security issues that are currently divided up among airlines, airports, and the Federal Aviation Administration. (Source: Newsday, 3 October) Each day, 700,000 tanker trucks of hazardous materials line the nation's roads. And in a society that prides itself on low barriers, the licenses to operate them are only a short class away. About 2.5 million drivers are licensed to transport toxic and explosive materials. The discovery that several people on the FBI's watch list are among them has spawned fear that, like airplanes, these trucks are essentially ready-made bombs, needing only the wrong hands at the helm to create a disaster. Of the 3.8 million tons of hazardous materials making their way daily across America's roads, some can be relatively benign, like low-grade medical waste. But shipments also include things like hydrogen cyanide. But even run-of-the-mill materials - like gasoline for filling stations - can be used for massive explosions. (Source: Christian Science Monitor, 3 October) Gas and Oil Storage Distribution - NTR Electrical Power - NTR Emergency Services - NTR Water Supply - NTR Government Services - NTR Banking and Finance - NTR Telecommunications - NTR
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:26:51 PDT