NIPC Daily Report 15 March 2002 The NIPC Watch and Warning Unit compiles this report to inform recipients of issues impacting the integrity and capability of the nation's critical infrastructures. CEOs plan network to link them in attack. Leaders of the nation's largest corporations are designing 'CEO Link', a network that would alert them to a terrorist attack and enable them to instantly talk with one another and government officials about how to respond. It would help private companies respond more quickly to disaster scenes and improve their chances of keeping the economy running after catastrophes. Had such a system been in place on 11 September, officials said, companies could have gotten equipment and supplies to the sites of the attacks in a quicker, more coordinated way. The initiative comes from the Business Roundtable, an organization of about 150 chief executives from companies that generate more than $3.5 trillion in annual revenue. AT&T is designing CEO Link at its own expense; it will include a wireless telephone network as well as a secure Web site. The communications network will be available all the time and should be in place within six weeks. Users would be pre-certified and require an authentication to participate in any of the conference calls. Still to be determined is how to tailor the system to include state and local governments across the US, and leaders of smaller companies. (Washington Post, 13 Mar) GovNet: what is it good for? Richard Clarke, special assistant to the president for cyberspace security proposed the GovNet project to President Bush in October 2001. GovNet would be a protected, ultra-reliable network through which government agencies could share information. Clarke's outline for GovNet called for a massive, completely private Intranet for government agencies and authorized users. The network would have voice and video capabilities; be completely protected from outages, hack attacks and viruses; and be able to carry classified data securely. Many security experts believe GovNet is a redundancy. Intelink, one of the government's existing secure networks, went online in late 1994, but the network didn't have many users until recently. Hundreds of users are now accessing Intelink and using the network to share intelligence news intended to combat terrorism. Work is underway to secure Intelink even further, and to develop new policies for its use. It still has not been established whether state and local agencies should be allowed to access the network and who will have complete or limited access to the information stored on Intelink. More than 170 proposals have been received from vendors who want to be involved in the creation of GovNet. Federal security experts will review the proposals and submit a report to Clarke's office. (Wired, 21 Jan) Note: The NIPC WWU carried a similar GovNet piece in its 24 Jan edition of the Daily Report. WWU Comment: The two communications networks outlined above are very similar. Both are designed to facilitate emergency communications and speed disaster response. The two networks are also intended to serve as an on-going vehicle to share 'best practices,' provide reliable communications, and link government with industry. The difference between the proposals is the potential speed of construction. The Business Roundtable certainly has the resources to devote to this network, and as a non-government entity, is not subject to any federal funding challenges. The redundancy argument (GovNet vs Intelink) won't be an issue for CEO Link, and the expertise is already assembled. Cybersecurity alliance gains momentum. The National Cyber Security Alliance is a cooperative effort between industry and government organizations to foster awareness of cybersecurity through educational outreach and public awareness. Its members are working to raise citizen awareness of the critical role computer security plays in protecting the nation's Internet infrastructure, and to encourage computer users to protect their home and small business systems. The www.staysafeonline.info Web site provides tips, alerts, safety checklists, protective measures and other information to promote safe and responsible computer use. (Washington Technology, 14 Mar) Schmidt lays out cyberprotection board agenda. Howard Schmidt, vice chairman of the president's Critical Infrastructure Protection Board, said a new national plan for information systems protection will be released this summer, superseding an earlier plan released by the Clinton administration in 2000. The new systems security plan will be based largely on input from private companies. National Security Council experts are poring through more than 127 questions and issues raised by private companies, which operate the bulk of the nation's critical infrastructure, including the telecommunications grid, power stations and banking and finance networks. The Bush administration is also working with G8 member countries to establish treaties to facilitate international cybercrime prosecutions. (ComputerWorld, 14 Mar) Federal security directors assigned to eight airports. Transportation Secretary Mineta named eight people with backgrounds in law enforcement to serve as the nation's first federal security directors assigned to specific airports. The directors will oversee cargo and passenger screening and have the authority to shut down any part of the airport where there is a security breach. The agency intends to hire 81 security directors for the nation's major airports. It likely will not hire a director for every airport, and some directors at large facilities will probably oversee smaller ones nearby. (Washington Post, 14 Mar) WWU Comment: This measure fails to address an inherent problem: reciprocal security. A passenger passing through security at one airport is automatically cleared at a connecting airport. Security at any airport begins with local countermeasures, yet is vulnerable to the extent of any other weakness at any other airport. Energy transmission rules revamped. The US Senate on 14 March voted to give regional electricity groups primary authority to police against blackouts and other disruptions on the US power grid, rejecting an effort to shift more authority to federal regulators. Electric reliability has become a high-profile issue since last year's blackouts that wreaked havoc on the economy of California, the most populous US state. Electricity now travels over a patchwork quilt of transmission lines owned by generators and utilities. The Senate approved a plan that keeps authority centered with an existing regional board -- the North American Electric Reliability Council (NERC). Supporters say it would increase reliability and encourage competition, bringing prices down, and provide standards that will help ensure that power flows efficiently from region to region. But public utilities and some members of Congress contend it is another form of energy deregulation that could lead to electricity price spikes like the West Coast power crisis of 2000-01. The Federal Energy Regulatory Commission (FERC) envisions regional grid-running organizations covering the entire nation that will operate various short- and medium-term markets in which electricity can be bought and sold, eliminating "congestion" points that impede the flow of electricity and raise wholesale prices. The thorny issues of Regional Transmission Organization (RTO) governance and size were not addressed and FERC must still rule on the ultimate number of active US RTOs. (Multiple Sources, 14 Mar) California gas shortage seen if 2003 MTBE ban proceeds. Governor Gray Davis is expected to decide by next month whether to delay a ban on methyl tertiary butyl ether (MTBE), currently due to take effect on 1 January 03. The planned MTBE phaseout would create a 50,000 to 100,000 barrel per day (bpd) short fall, or five to 10 percent of the state's gasoline supply according to a study commissioned by the California Energy Commission and prepared by the consultant group Stillwater Associates. Since plans by California and at least a dozen other states to ban MTBE have been enacted, the spotlight has shifted to ethanol, the other major oxygenate. Whether the US currently has the infrastructure to ship the required amounts of ethanol into California gasoline by next year, is a contentious issue. Any ethanol shortfall could also be made up by clean gasoline components called alkylates, but analysts say competition from the chemical industry would make it unlikely that enough of those expensive blendstocks would reach the California fuel supply. (Reuters, 14 Mar) OS diversity reduces viruses' effectiveness. If you are sick of security holes in Windows machines, the solution is in your hands. Move to another platform. The dominance of Windows results in a constant stream of "crackers" trying to find kinks in its security armor. Any weakness, no matter how obscure, eventually will be found. It may be like looking for a needle in a haystack, but there are enough crackers to examine each straw in the stack. (OS Opinion, 14 Mar) Bush security chief lays out cyber security agenda. Howard Schmidt, the recently appointed vice chair of the President's Critical Infrastructure Board, says the federal government should work with industry, academia, government agencies and other nations to come up with a means of protecting critical infrastructures and punishing those who commit cyber crimes. The board, created in the wake of the 11 September attacks, reports to the National Security Advisor and the Director of Homeland Security. This summer, it will present a plan for protecting critical infrastructures from cyber attack. The plan will include some form of early warning system where the center would track security threats such as virus outbreaks in an attempt to predict when a problem is starting to occur. (E-Security Planet, 14 Mar) Microsoft's borrowed code may pose risk. A security flaw in open-source software used by Linux and Unix systems for compression may affect some Microsoft products that also use the code. On 14 March, researchers reported that at least nine of Microsoft's major applications--including Microsoft Office, Internet Explorer, DirectX, Messenger and Front Page--appear to incorporate borrowed code from the compression library and could be vulnerable to a similar attack. (News.com, 14 Mar) W32/Fbound.B. This worm mass-mails itself to all email addresses listed in the infected user's Windows Address Book. It arrives in an email with a subject that it randomly selects from a group of 17 Japanese language phrases if the email address of the recipient ends with .jp. Otherwise, the subject is "Important." The name of the attachment it arrives with is PATCH.EXE. (Trend Mircro , 14 Mar) Anti-US hackers hit OS X site. OS X FAQ, A Mac OS X support site, was hacked by Chinese Mac users. The hackers posted a statement on the site's forum page, condemning Americans and making statements littered with expletives against Windows users, the US government, and US spy-plane pilots. The site's editor-in-chief, Scott Sheppard, labelled the act as "childish vandalism". He continued: "We hope to have the forums back online soon. Meanwhile, the rest of the site continues to function as usual." (mackworld.co.uk, 14 Mar)
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:39:24 PDT