NIPC Daily Report 25 March 2002 The NIPC Watch and Warning Unit compiles this report to inform recipients of issues impacting the integrity and capability of the nation's critical infrastructures. Presidential board asks for feedback on cybersecurity. The President's Critical Infrastructure Protection Board is soliciting public advice on how national cybersecurity can be improved. One of the board's primary functions is to draft a national strategy to protect cyber space. It has put together a 53-question survey that offers a preview of what the national strategy will look like. The questionnaire shows that the board is looking at the cybersecurity concerns of home users, small businesses, large corporate enterprises, federal agencies and international governments. The board is also investigating how to enhance the security of the nation's transportation, communications, finance, power and water systems. (Government Executive Magazine, 22 Mar) US turns focus to sea, land security. The US Coast Guard officer who directed the water evacuation of half a million people from New York after the 11 September attacks was named on 21 March to oversee surface transportation security. Retired Coast Guard Rear Admiral Richard Bennis was appointed the new associate undersecretary for maritime and land security at the Transportation Security Agency, or TSA, which was set up after the September attacks. Bennis will design a national security plan based on risk assessment for surface transportation. He will name deputies for trucking, shipping and railroads. (Reuters, 21 Mar) IBM to link government computers in powerful grid. IBM said on 22 March, it will work with the US Department of Energy National Energy Research Scientific Computing Center to develop software to connect the lab's supercomputers and data storage machines to other computers in various locations. The National Energy Research Scientific Computing Center said its goal is to enable scientists to connect supercomputers and storage machines to off-site scientific instruments like telescopes, making it easier to do research or analyze data stored in diverse, far-flung locations. (Reuters, 22 Mar) Lieberman quizzes Ridge on federal IT security. In a letter to Tom Ridge, Senator Joseph I. Lieberman (D-Conn.) has asked the director of the homeland security office to explain how his office is protecting the country's critical infrastructure and the security of federal information systems. The letter follows 12 hearings since Sept. 11 on the government's response to bioterrorism, aviation, port and rail security, the local role in homeland security, and the protection of the nation's critical infrastructure. Last October, Senator Lieberman introduced a bill to create a Department of Homeland Security (S 1534), a cabinet-level agency. The bill was referred to Lieberman's committee but has not moved. (GCN, 12 Mar) Security software companies embrace standards. Three companies that make Internet security software announced they have submitted their products for certification against user-established standards and benchmarks for security readiness at the operational level. Although government and private-sector organizations ordinarily have their own internal practices and requirements for testing and configuring hardware and software, there is a lack of consensus among organizations about the configuration settings, said Clint Kreitner, president and chief executive officer of the Center for Internet Security. Internet security software examines operating systems for settings and tries to identify vulnerabilities. The certified tools will help end users define and achieve measurable goals for improvement in their information security practices. They will create a new framework for accountability for use by governing bodies, auditors, security managers, security professionals systems administrators, consultants and software vendors. (Washington Technology, 22 Mar) Security flaw. Online registration for the world's biggest computer trade shows exposed the personal data of some users. The system registers attendees online for Comdex, NetWorld+Interop, Seybold Seminars, and JavaOne. The breach affected a few thousand people who registered using a legacy system. By changing digits in the login name and using the default password, it was possible to log into other users' accounts and see their profiles, such as name, title, address, phone, email, and company information. (Newsbytes , 22 Mar) My Life B Virus. According to Tokyo-based Trend Micro Inc., the virus called ''My Life B'' carries a message saying no virus was found. To give the impression that the message is clean, it ends with ''McAfee.com Corp.,'' the name of an anti-virus service company. The "My Life B" messages urge recipients to open a photo titled ''bill caricature'' by downloading an attachment dubbed ''cari.scr.'' Once the attachment has been downloaded, the virus copies itself into the recipient's computer. The virus is apparently designed to destroy a computer's hard disk, but is incapable of doing so completely. The virus sends itself to all e-mail addresses stored in the e-mail software of the infected computer. (Kyodo, 22 Mar) Computer crackers attempted to access Air Force base. On 22 March, hackers operating outside the US made 125,000 attempts to enter the computer network at Wright-Patterson Air Force Base, officials said. Public affairs director Lt. Col. Ed Worley called it "a concerted and directed attack, and one of the most orchestrated we've seen in about the last six months, and by 'we' I mean the Air Force." The base, located east of Dayton, Ohio, is home to the Air Force Materiel Command headquarters, the National Air Intelligence Center, research laboratories, and the program management offices for major weapon systems. The base also houses one of the government's biggest supercomputer centers, the Major Shared Resource Center. (Associated Press, 23 Mar)
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:39:32 PDT