-----Original Message----- From: NIPC Watch To: Daily Distribution Sent: 3/4/02 5:04 AM Subject: NIPC DAILY REPORT FOR 4 MARCH 2002 NIPC Daily Report 04 March 2002 The NIPC Watch and Warning Unit compiles this report to inform recipients of issues impacting the integrity and capability of the nation's critical infrastructures. Shadow government is at work in secret. President Bush has dispatched a shadow government of about 100 senior civilian managers to live and work secretly outside Washington, activating for the first time long-standing plans to ensure survival of federal rule after catastrophic attack on the nation's capital. Execution of the classified "Continuity of Operations Plan" resulted from heightened fears that the al Qaeda terrorist network might obtain a portable nuclear weapon. US intelligence has no specific knowledge of such a weapon, but the risk is thought great enough to justify the shadow government's disruption and expense. Only the executive branch is represented in the full-time shadow administration. The other branches of constitutional government, Congress and the judiciary, have separate continuity plans but do not maintain a 24-hour presence in fortified facilities. (Washington Post, 1 Mar) Electric power system called vulnerable. Computers that control electric power systems around the country have been probed from the Middle East, and terrorists may have inspected physical equipment, say experts at a conference on electric systems security. Government experts identified nuclear power plants as perhaps the most attractive targets, but said dams, gas pipelines and oil refineries were not far behind. Federal officials urged companies that generate, transmit and distribute electricity to take steps to increase security. (New York Times, 28 Feb) Digital signature technology wins agency seal of approval. Energy Secretary Spencer Abraham sent President Bush his formal recommendation to use Yucca Mountain as a nuclear-waste storage site, using digital signature technology, the equivalent of a fingerprint that authenticates the owner of an online document. Sending the 9,500-page document electronically saved the department nearly $1 million in copying costs. The Electronic Signatures in Global and National Commerce Act, signed into law in July 2002, is a federal mandate for online contracts and signatures. (Washington Post, 1 Mar) University lab security checked. Federal investigators from the Department of Health and Human Services are examining university labs across the country for vulnerabilities to hackers or thieves who are looking for potential bioterrorist weapons. The inspections were prompted by concern that poor security at one or more biological laboratories may have contributed to the still-unsolved anthrax attacks. The inspections focus on physical security, such as the potential for unauthorized people to obtain hazardous material, as well as information technology, including information stored on computers and whether it's accessible from the university's main systems. (Associated Press, 1 March) Travelers support ID cards, sharing info. The US public seems prepared to embrace even more extreme measures to ensure safety. Travelocity.com polled 3,400 members who had traveled since 11 September, 76 percent of frequent travelers reported that they would support the implementation of a "Trusted Traveler" identification card that stores information such as their photo, fingerprints, personal history, facial and retinal scans and travel history. Seventy percent of the frequent travelers polled said that they strongly support granting federal law enforcement officials access to all their travel reservations booked through agencies and other suppliers. (IDG News, 28 Feb) Flaw weakens Linux security software. Programmers have found a flaw in a component of Netfilter firewall software that could grant malicious users access to protected networks. The vulnerability affects versions 2.4.14 through 2.4.18pre-9 of the Linux kernal. The flawed component is involved when two computer users chat directly with each other using the Internet Relay Chat (IRC) system. The flawed software isn't installed by default on Red Hat versions 7.1 and 7.2. Red Hat has issued a patch that corrects the problem. (CNET News, 28 Feb) Bill gives government greater access to e-mail. If a bill approved by the House Judiciary Committee becomes law, any government entity--not just law enforcement agencies--will be able to receive e-mail and other electronic communications without a court order, so long as a service provider believes an emergency requires its disclosure without delay. The measure is part of a larger initiative aimed at reducing computer-related crime. (eWeek, 28 Feb) Agency raises the bar on tech security. The Center for Internet Security, a non-profit computer-security think-tank, has released free software that finds network vulnerabilities and common security holes. The center also makes available a tool designed to bring an operating system in compliance with established security benchmarks. (USA TODAY, 28 Feb) Cyber Security Enhancement Act to be re-written. Citing the possibility of terrorists wreaking havoc electronically, the House Judiciary subcommittee on crime voted 8-0 to expand the types of hacking crimes that would be punished by life imprisonment. (Wired News, 28 Feb) Vendors meet roadblocks in the war on terrorism. Vendors claim they have solutions that can help with homeland security, but the lack of a government-wide decision authority prohibits their implementation. The federal government doesn't have a CIO that is empowered to make government-wide decisions on IT strategies, and the one agency charged with homeland security doesn't have the authority to make budget decisions. (InformationWeek, 28 Feb)
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:39:08 PDT