-----Original Message----- From: NIPC Watch To: daily Sent: 11/16/01 9:35 AM Subject: NIPC Daily Report 16 November 2001 NOTE: Please understand that this is for informational purposes only and does not constitute any verification of the information contained in the report nor does this constitute endorsement by the NIPC or the FBI. Significant Changes and Assessment - No significant changes. Private Sector - NTR Military - According to the officer who spearheads the Navy's efforts to assess network security, some Navy networks have virtually no protection from cyberattacks. Such vulnerabilities have resulted in 40 instances of root access to Navy systems this year, including some that took days to detect, said Capt. Jim Newman, who leads the Navy's "Red Team," the group of 20 sailors and civilian personnel who attempt to break network defenses. Newman said the Navy Marine Corps Intranet has proven to be much more secure and offers some inherent security advantages. So far this year, the Navy has tracked some 16,000 incidents where somebody attempted to enter a Navy system. Of those, about 400 were considered significant attempts to obtain root access the level at which someone can access the network's functions. Of those attempts, about 40 succeeded in gaining root access. (Source: Federal Computer Weekly, 16 November) International - A Chinese court has ordered local firms to stop using Internet domain names linked to 11 international brands as part of a crackdown on intellectual property rights, state press said. The court said two Chinese firms had "maliciously registered" site names belonging to firms including KFC, Subway, Boss and Olay, the China Daily newspaper said. They had to stop using the sites within 10 days and pay compensation to the firms, the Beijing No. 2 Intermediate People's Court ordered. Sites involved included "www.kfc.com.cn" and "www.boss.com.cn," the report said, adding authorities were particularly clamping down on brand name abuse because of China's imminent entry to the World Trade Organization (WTO). (Source: Agence France Press, 16 November) According to a British media report, confidential information is leaking out of offices throughout London as companies make use of new technology that enables computers to be connected up to wireless networks. As well as opening themselves up to hackers, major city firms could be in breach of data protection rules if they allow personal data to be intercepted. Earlier this month a team of security experts, using a laptop and a mobile device costing just £130, walked the streets of the capital to try to pick up data being carried over wireless local area networks (WLANS). The technology allows computers and other devices within a 60-200 meter radius from a transmitter to be connected to a company's network and is increasingly being used by firms with mobile workforces and 'hot-desking' policies. With proper security in place the information is secure, but the team discovered that two-thirds of the 124 WLANS located in and around the city had no security protection at all. (Source: Guardian, UK, 16 November) Government: NTR U.S. SECTOR INFORMATION: Gas and Oil Storage Distribution - Major gas transmission companies have agreed to reconstitute a partnership to carry natural gas from Alaska to markets in Canada and the lower 48 US states, Alaska's Sen. Frank Murkowski announced on 15 November. Murkowski said 10 energy companies have agreed to return to the Alaskan gas transportation partnership, and will immediately begin working on a pipeline proposal to present to Alaskan natural gas producers by the end of this year. "While this does not guarantee construction of an Alaska North Slope delivery system, it is a big set in the right direction," Murkowski said. The pipeline would stretch over 1700 miles, from the North Slope of Alaska to northwest Alberta, Canada. The gas would then be transported from northwest Alberta to markets throughout Canada and the United States. (Source: Reuters, 15 November) Telecommunications - Congress and the GAO will scrutinize agency IT and telecommunications disaster recovery plans next year to see whether they could ensure continuity after a cyber-attack or other terrorist damage. Rep. Tom Davis (R-Va.), chairman of the House Government Reform subcommittee on Technology and Procurement Policy, said this week that GAO is collecting information about the recovery plans for review by the subcommittee over the next few months. (Source: Government Computer Week, 15 November) Transportation - Congress is poised to overwhelmingly pass legislation to permanently strengthen airport and airline security and give a holiday lift to an aviation industry devastated by the terrorist attacks. President Bush lauded the compromise plan forged after weeks of difficult negotiations, saying that by putting the federal government in charge of aviation security Congress was "making airline travel safer for the American people." In addition to putting airport screening under federal control with a federal work force, the legislation moves toward inspection of all checked bags, requires fortified cockpit doors, increases the use of air marshals on flights and law enforcement in all areas of airports, and increases coordination between DoT and law enforcement agencies to cross-check passengers. (Source: Associated Press, 16 November) Electrical Power - Electric utilities are on 24-hour watch for cyberterrorist activity amid warnings from experts that networks connecting providers have left the nation's power grid more vulnerable than ever. To that end, 10 energy companies recently launched an operations center to monitor and report on the risks of physical and online threats. The Energy Information Sharing and Analysis Center (Energy/ISAC) collects threat and vulnerability information from worldwide law enforcement agencies, energy companies, security watch groups and major technology vendors. The group then examines the size and scope of the threats and reports the results to ISAC members, each of which pays $7,500 a year for access to a secure informational Web site. ISAC members not only are alerted to potential threats, but are also instructed on how to respond, by Predictive Systems which operates the command center in Reston, Virginia. (Source: InternetWeek 16 November) Banking and Finance - NTR Emergency Services - NTR Government Services - NTR Water Supply - NTR
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:31:29 PDT