CRIME NIPC Daily Report 9 Apr 02

From: George Heuston (GeorgeH@private)
Date: Tue Apr 09 2002 - 08:19:03 PDT

  • Next message: Barry Shulak: "CRIME Perspective on Criticisms leveled at Microsoft"

    The NIPC Watch and Warning Unit compiles this report to inform 
    recipients of issues impacting the integrity and capability of the 
    nation's critical infrastructures.
    
    NRC opens centralized nuclear security office.  Nuclear Regulatory 
    Commission (NRC) officials created an office to centralize NRC security 
    planning for the nation's 103 nuclear power plants.  The NRC has issued 
    orders requiring nuclear power plant operators to improve security, 
    acting after FBI warnings that the al Qaeda terrorist organization has 
    targeted nuclear facilities for possible attack.  The director of the 
    office will oversee security and emergency planning efforts and serve as
    
    the NRC's primary link to Homeland Security Director Tom Ridge. 
    (Washington Post, 6 Apr)
    
    Surveillance cameras set to keep watch in airliners.  Last week, JetBlue
    
    became the first airline to install tiny cameras in a passenger cabin. 
    The other airlines are expected to follow in short order.  The hidden 
    cameras will allow pilots to watch passengers on two cockpit screens. 
    Putting cameras on board aircraft was a recommendation of a committee of
    
    airline industry executives and government officials after the terrorist
    
    attack on 11 September.  (New York Times, 6 Apr)
    
    WWU Comment: Security cameras certainly won't degrade airline safety, 
    though pilots may have limited time to monitor passenger activities. 
    The use of these cameras to monitor aircraft while being serviced is 
    another potential use.  Effective monitoring requires a skilled and 
    vigilant staff and aircraft service personnel that pose no insider risk 
    or threat.
    
    FMCSA plans safety audits for new entrants.  New US trucking companies 
    will face tougher certification procedures under new regulations planned
    
    by the Federal Motor Carrier Safety Administration (FMCSA).  The agency 
    for the first time will require new US trucking firms, including some 
    owner-operators, to undergo safety audits within 18 months of starting 
    operations. Currently, would-be US carriers must fill out applications 
    for authority to operate, and could be subject to FMCSA compliance 
    reviews.  (Transport Topics, 8 Apr)
    
    Crews clean up Louisiana oil spill.  Environmental clean up crews worked
    
    to contain an 84,000-gallon oil spill that threatened a section of the 
    Louisiana coast south of New Orleans.  The black oil washed into 
    marshland along a shallow body of water known as Little Lake, but was 
    being held in place by 24,000 feet of containment booms.  The oil 
    spilled from a ruptured British Petroleum pipeline and the cause of the 
    break remains unknown.  The flow of oil into the line was halted when BP
    
    workers, monitoring the facility, noticed a drop in pressure.  (Reuters,
    
    7 Apr)
    
    Nigerian villagers free American.  Villagers freed 10 oil workers who 
    were held hostage two days after being captured while servicing an 
    offshore drilling rig.  The kidnappers demanded employment, oil 
    contracts and other help from Shell Oil in return for the workers' safe 
    release.  Activists and criminals frequently attack oil installations 
    and kidnap employees, saying they act in protest of the region's 
    desperate poverty and of environmental damage caused by drilling. 
    Nigeria is the world's sixth-largest oil exporter.  Nigeria's Supreme 
    Court has ruled that the federal government has full claim to the 
    country's vast offshore oil and gas reserves.  (Associated Press, 5 Apr)
    
    WWU Comment: This article illustrates the event's potential effect on 
    the Oil and Gas Supply and Distribution infrastructure.  A majority of 
    US petroleum comes from foreign sources and political or economic 
    instability in supplier countries could impact our production
    capability.
    
    Electronic 'tongue' to taste pollution.  Researchers at Cardiff 
    University, UK , attempting to develop a pollution detection device that
    
    may be mass-produced at low cost, have managed to miniaturize 
    conventional detection technology to devise an electronic "tongue" 
    capable of "tasting" pollution in rivers. The tongue uses a technique 
    for separating mixtures known as chromatography, a process generally 
    accomplished using detectors that require a large surface area.  (BBC, 6
    
    Apr)
    
    WWU Comment: The application for this technology could range from water 
    quality monitoring to first response sensors to detect potential 
    chemical, biological, or radiological contamination.
    
    Theft of data, viruses rank high in cyber security.  Government agencies
    
    and US companies report losing more money from theft of proprietary 
    information than any other type of attack on their computer system. 
    Viruses remain the most common type of cyber attack.  (Reuters, 7 Apr)
    
    Microsoft issues two patches.  "Unchecked Buffer in the Multiple UNC 
    Provider Could Enable Code Execution" affects Microsoft Windows 
    NT/2000/XP, and could allow local privilege elevation or run code of the
    
    attacker's choice.  "Opening Group Policy Files for Exclusive Read 
    Blocks Policy Application" affects Windows 2000 domain controllers and 
    could allow an attacker to block the application of Group Policy, 
    enabling system administrators to regulate user settings throughout the 
    network.  Microsoft recommends applying the patches to domain 
    controllers.  (Security Wire Digest, 8 Apr)
    
    ISS ranks Net vulnerabilities.  According to Internet Security Systems, 
    Inc., advanced worms or hybrid and blended threats like Nimda and Code 
    Red continue to pose the greatest online risk.  The company rates 
    multiple vulnerabilities uncovered in the SNMP v.1 Simple Network 
    Management Protocol as "the largest multi-vendor security flaw ever 
    discovered to date." (ComputerWire, 8 Apr)
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:39:45 PDT