-----Original Message----- From: NIPC Watch To: daily Sent: 3/20/02 5:17 AM Subject: NIPC Daily Report for 20 March 2002 NIPC Daily Report 20 March 2002 The NIPC Watch and Warning Unit compiles this report to inform recipients of issues impacting the integrity and capability of the nation's critical infrastructures. Transportation mulls smart cards for security. The Transportation Security Administration (TSA) is accepting proposals for a smart-card system to authenticate transportation workers such as pilots and flight attendants. Travelers could choose to participate voluntarily, however there is a possibility that such a system might also be used to identify people who rent cars and trucks at airports. The smart cards would work in conjunction with biometric identifiers such as fingerprints, iris scans or encoded photographs and each worker would also have a personal identification number for extra security. Challenges to implementing such a system include integration with Justice and State Department systems and real-time updating. It must also be "somewhat crashproof," but if it stopped working, TSA would need contingency plans for manual searches or airport closings. (GCN, 19 Mar) Energy project slowdown may cause power shortages. California and other parts of the US may run short of electricity in the next few years because billions of dollars of power-plant projects have been canceled in recent months, the nation's top energy regulator said. Regulators are especially worried about possible shortages in California, where millions of residents during the first half of 2001 lost power over six days of blackouts. The California Energy Commission recently reduced its estimate of future generating capacity as a result of some canceled projects. Growth in generating capacity is slowing just as the US economy shows signs of ending a recession that began in March 2001. The US Energy Commission also is looking at the impact power-plant cancellations may have in the Midwest and other regions. (Bloomberg, 18 Mar) Ohio nuclear plant corrosion raises NRC concerns. The Nuclear Regulatory Commission ordered 69 nuclear plants to submit reactor safety information after finding unexpected corrosion at an Ohio plant owned by FirstEnergy Corp that raised broader concerns. FirstEnergy last month shut its Davis-Besse nuclear power plant in Oak Harbor, Ohio, due to corrosion inside the reactor chamber. The NRC wrote to 69 US plants with pressurized water reactors similar to Davis-Besse's seeking information on their structural integrity. The agency said it did not believe the problems at the Ohio plant could release radiation into the atmosphere, but that they could reduce its margin of safety. The other 34 reactors, which use boiling water reactors, were not required to take any action. There are 103 total operating nuclear power plants in the US, which generate about 20 percent of US electricity supplies. (Reuters, 19 Mar) Environmentalists sue over transmission lines From Mexico to US. Earthjustice and Wild Earth Advocates, representing Border Power Plant Working Group, filed a lawsuit against the US government today challenging permits granted to two companies planning to build electrical transmission lines from Baja, Mexico into California. The lines are being built to bring power from two electrical generation plants being built three miles inside Mexico to supply power to the US. One goal of the US National Energy Plan of May 2001, is "to expand and accelerate cross-border energy investment, oil and gas pipelines, and electricity grid connections by streamlining and expediting permitting procedures with Mexico and Canada." (National Energy Policy, May 2001) The lawsuit would establish a precedent applicable to future border power plants that may be built in Mexico or Canada to provide energy for US markets. (US Newswire, 19 Mar) RAND: Rockies oil, gas assessments fall short of real-world 'viability' test. A recent Rand study concludes that current oil and gas supply scenarios for the US Rocky Mountain region are "too narrow," because they focus mainly on availability of resources on federal lands. "Our research has shown that current oil and gas resource assessments are deficient for policy purposes," said Mark Bernstein, who directed the study. Traditionally, the goal of a resource assessment has been to "estimate the potential supply of natural gas and oil resources, which makes it possible to appraise the nation's long-range gas and oil supply," the RAND report stated. The study concluded that the western Rocky Mountain region's oil and gas reserve base as "substantial", however, the amount that is technically recoverable is greater than the amount that can be viably produced from the area. The viable resource is the fraction of the technically recoverable resource that is also economically feasible for production, sufficiently supported by infrastructure, and environmentally acceptable," RAND stated. (OGJ Online, 19 Mar) FCC outlines wireless outlook and regulation. The Federal Communications Commission will not impose regulation without careful study and forethought, and only after options for voluntary self-regulation have been examined and rejected, according to FCC Chairman Michael Powell. However, the 11 September terrorism attacks changed government priorities, he acknowledged. Public safety issues such as the E-911 mandate on cellular phone carriers to install technology for pinpointing an emergency caller, or giving emergency workers priority access to telecommunication resources, has taken on a new importance. The government needs spectrum management policies that allow for the flexible use of wireless spectrum in the marketplace, Powell said. Wireless service providers have been pushing for more radio spectrum in order to expand their services using third-generation (3G) high-speed wireless data technology. (IDG News Service, Reuters, 19 Mar) NSA certifies vendors to help agencies test security. The National Security Agency has cleared seven companies to take part in a program to help agencies and private industry evaluate their information security. The Infosec Assessment Training and Rating Program (IATRP) validates companies qualified to assess information security. IATRP is intended to help agencies comply with Presidential Decision Directive 63 and other regulations that call for agencies to conduct vulnerability assessments on information systems. Participating companies can provide training in the Infosec Assessment Methodology and are rated so customers can decide whether a provider meets its needs. The participating companies are Backbone Security.com Inc. of East Stroudsburg, Pa.; Booz, Allen & Hamilton Inc. of McLean, Va.; Computer Sciences Corp.; Electronic Data Systems Corp.; Lucent Technologies Inc. of Murray Hill, N.J.; SRA International Inc. of Arlington, Va.; and TrustWave Corp. of Annapolis, Md. (Government Computing News, 18 Mar) US diplomatic, military installations at high risk of al-Qaeda attack. CIA director George Tenet in testimony before the Senate Armed Services said that US diplomatic and military installations overseas remain at high risk of attack by al-Qaeda fighters. He said the threat is especially high in East Africa, Israel, Saudi Arabia, Turkey, Pakistan and Afghanistan, and that operations could be launched by al-Qaeda cells already in place in major European cities and the Middle East. In laying out the US intelligence community's assessment of the threats facing the US around the world, Tenet said a top US concern was al-Qaeda's stated readiness to launch unconventional attacks, and he predicted that cyber attacks on critical infrastructure will become "an increasingly viable option" for terrorists. (Agence France Presse, 20 Mar) Servers in S Korea and China most commonly used in Internet attacks. According to a study done by an infrastructure-consulting firm, servers based in South Korea and China are the most commonly used in attacks on the Internet. Analyzing more than 12 million probes and attacks, the consultants found that 49 percent of all attacks took advantage of servers in the US. The significance of the study isn't the suggestion of which nations have the most hackers. Rather, the study highlights that unsecured infrastructure are often co-opted by attackers in other countries and poses a significant risk to others connected to the Internet. (ZdNet News, 18 Mar) Software glitch blocks Yahoo access. On 19 March, a software glitch blocked access to some areas of Web portal Yahoo for approximately 45 minutes. The problem affected Yahoo Mail and My Yahoo. A Yahoo representative said they identified the issue and corrected it. Yahoo is instituting new processes to protect against similar incidents happening again. This outage comes just two weeks after Yahoo fixed a glitch that shut down communication lines for millions of members using the portal's Yahoo Groups e-mail list service. (CNET News, 20 Mar) Software on tap to ease cell congestion. New software meant to help wireless carriers create room on their networks for more calls will get its first US test by AT&T Wireless. The software, known as AMR, will be used to help find paths for voice calls through areas of overworked spectrum. It will be installed on the new network that AT&T Wireless began building last year, which uses the cell phone standard known as GSM (Global System for Mobile Communications). AMR is part of a small family of software that tries to help carriers address capacity problems. It has also gotten some positive feedback from some industry analysts, with Gartner's Bryan Prohm calling it "a big deal." If a network is crowded with calls, like it was in the hours after the 11 September terrorist attacks, it literally comes to a standstill with no calls going through. Other techniques such as "compression," which shrinks the size of a file to help speed its route, and "frequency hopping," which varies the paths that signals take on their way to a cell phone, are being used to battle network congestion. (CNET News, 18 Mar) Flooding affects Detroit 911 emergency system. On 18 March, a construction contractor swung a forklift truck into a water pipe, causing water to flood the basement at Detroit Police Headquarters. The flood drenched wires linked to the building's phone system and 911 computer system, which affected the city's 911 emergency response system and forced its operators to relocate. The 911 operators were able to receive calls, but not dispatch any emergency personnel. Forty minutes after the system went down the operators were relocated to a backup site. Police acknowledged that the communications breakdown slowed police and fire response time and could have posed a threat to residents. (Detroit Free Press, 19 Mar)
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:39:27 PDT