CRIME NIPC Report 10 June 2002

From: George Heuston (GeorgeH@private)
Date: Mon Jun 10 2002 - 07:18:22 PDT

  • Next message: George Heuston: "CRIME Meeting - Tomorrow @ 10AM @ Verizon Airtouch"

    Who protects the nation's infrastructure?  Regardless of how the next
    major terrorist attack may come, what worries US security strategists is
    the economic shock that could result from an attack on a "critical
    infrastructure," such as a transportation, telecommunication or an
    energy facility. By striking such targets, which military experts regard
    as highly vulnerable, an enemy could inflict far more economic damage
    than the attack on the World Trade Center.  Who should pay the huge
    costs of protecting such facilities? Should the government order the
    private sector to provide backup capacity to cushion the shock to the
    rest of the country if disaster strikes? That's an especially knotty
    dilemma considering corporate America has spent much of the last decade
    eliminating extraneous cost and capacity at the same time federal and
    state governments are faced with severe budget squeezes. The current
    position of the Bush Administration is to leave these issues to the
    private sector and prod them to boost security through various kinds of
    market incentives. Should a major terrorist attack hit vital
    infrastructure, however, the debate over the roles of the private and
    public sectors would be joined quickly.  ( Business Week Online, 7 June)
    
    Terror fears spark Asian port checks. The threat of a terrorist bomb
    loaded from ship container to truck then exploding in the heart of an
    American city is driving moves by US Customs officials to inspect
    containers in Asian ports.  Washington does not expect to be able to
    inspect all US-bound containers, but to work with 20 "mega-ports" to
    better target which containers need inspection.  US Customs officials
    said they have developed an automated system to weed out suspicious
    packages that deserve a closer look using background of shippers and
    other tools to identify suspicious cargo.  (CNN.com, 6 June)
    
    EPA awards first water security grants. US Environmental Protection
    Agency (EPA) Administrator Christie Whitman announced the first round of
    water security grants, part of $53 million to help large drinking water
    utilities across the nation assess their vulnerabilities.  EPA also will
    work with states, tribes and appropriate organizations to further
    develop and disseminate tools and support security efforts at small and
    medium drinking water and wastewater systems.  EPA worked with Sandia
    National Labs to develop training materials for water companies so they
    can conduct thorough assessments of vulnerabilities and determine how
    best to minimize said vulnerabilities. (Watertech Online, 7 June)
    
    Plants told to assess safety.  The US Environmental Protection Agency
    (EPA) plans to order thousands of chemical plants, refineries, sewer and
    water treatment facilities to assess and reduce their vulnerability to
    terrorist attack. The plan, under review by several federal agencies, is
    patterned after measures developed by the chemical industry and would
    require analyses of plant security and consideration of safer chemical
    processes. While the chemistry council's plan affects only its members,
    the federal requirement would involve about 15,000 plants, the EPA
    official said.  The plan would affect about 35 sites in Contra Costa
    County, which has one of the highest concentrations of chemical and
    petroleum plants on the West Coast. About half of those plants are near
    enough to population centers to make them attractive terrorist targets.
    (Contra Costa Times, 8 June)
    
    Air marshals train to tackle terrorism. "It's clear in my mind, when I
    weigh all of the pros and cons, pilots should not have firearms in the
    cockpit," Transportation Security Administration Director John Magaw
    told the Senate Commerce Committee on 21 May. "If something does happen
    on that plane, they really need to be in control of that aircraft,
    whether it's getting it on the ground, [or] whether it's maneuvering it
    so it knocks people off balance that are causing the problem."  One
    shortcoming of the Air Marshall program is their small numbers.  Growing
    from fewer than 50 before 11 September to a reported 2,000 (the
    Transportation Department maintains that the actual number is
    classified), they still sit on just a fraction of the nation's 35,000
    daily flights. But air marshal officials contend that their numbers are
    much higher than most people think, and while they aren't on board every
    flight, the threat of their presence is a deterrent.   The Air Line
    Pilots Association, which supports arming pilots, notes that armed
    pilots can do one thing that air marshals cannot: defend the aircraft
    from inside the cockpit. (GovExec.com, 4 June)
    
    Homeland security plan on technology. Homeland Security Department would
    take over "key cyber security activities" performed by the Department of
    Commerce's Critical Infrastructure Assurance Office (CIAO) and the FBI
    's National Infrastructure Protection Center (NIPC). It would coordinate
    with the General Services Administration's Federal Computer Incident
    Response Center and assume the functions and assets of the Defense
    Department's National Communications System to coordinate emergency
    preparedness for the telecommunications sector. President Bush's plan
    hints that there will be some information technology shuffling. The plan
    does call for "development of a single enterprise architecture" designed
    to eliminate "sub-optimized, duplicative and poorly coordinated"
    systems.  "There would be rational prioritization of projects necessary
    to fund homeland security missions based on an overall assessment of
    requirements rather than a tendency to fund all good ideas beneficial to
    a separate unit's individual needs" the plan states.  (CNET News, 7
    June)
    
    Cyberspace seen as a 'great threat and great danger'.  US Space Command
    expects an increase this year in the number of attempts by hackers to
    break into Defense Department computer networks, according to Lt. Gen.
    Ed Anderson, Deputy Commander in Chief.  One of the command's
    responsibilities is to meet all of the department's current and future
    cyber threats and requirements, and Anderson said the importance of the
    task couldn't be overemphasized.  "As a matter of fact," he said on 5
    June at a Chamber of Commerce luncheon, "I will tell you that if there's
    anything that keeps me awake at night, more than the other things we
    address, it's cyberspace. That truly is an area of great threat and
    great danger."  From 1998 to 1999, he said, "there was a five-fold
    increase in the number of events that we detected in terms of hackers
    trying to get into our unclassified" networks. Since then, "there has
    been a steady increase in the number of events that have been detected
    ... and I can assure you that the number for 2002 will be greater than
    the number for 2001". Last year, Anderson said, "close to 30,000 events
    were detected, and we expect over 40,000 events this year." (Aerospace
    Daily , 7 June)
    
    Al-Qai'da uses Web as communications network.  One day last October, an
    intelligence-community analyst noticed something strange about a radical
    Islamic Web site she had been monitoring for several months. A
    previously open, innocuous part of the site was suddenly blocked. She
    checked her notes, found the old address for the link and typed it in-to
    find an otherwise empty page commanding in Arabic, MISSIONARIES ATTACK!
    Other "hidden" pages on the site included seemingly nonsensical phrases
    and quotations from the Qur'an-coded instructions for Al-Qai'da
    operatives and their supporters. U.S. intelligence discovered Al-Qai'da
    uses the Web as a communications network. Analysts believe Al-Qai'da
    uses prearranged phrases and symbols to direct its agents. An icon of an
    AK-47 can appear next to a photo of Osama bin Laden facing one direction
    one day and facing another direction the next. Colors of icons can
    change as well. Messages can be hidden on pages inside sites with no
    links to them, or placed openly in chat rooms. The messages and patterns
    of symbols are given to analysts at the CIA and National Security Agency
    to decipher.  ( Newsweek, 7 June)
    
    Monkeypox could be used as bio-weapon. According to scientists and
    former UN weapons inspectors, the Russians worked with the monkeypox
    virus, a close cousin to smallpox, in their bioweapons program and it is
    possible terrorists could use it in a biological attack against the US.
    Monkeypox is not as contagious as smallpox, but whether it could be or
    has been modified to be more virulent is unknown. The CDC, which holds a
    stockpile of the smallpox vaccine, is currently reconsidering its
    vaccination strategy and whether to vaccinate everyone or wait until
    there is an outbreak and try to vaccinate only those exposed. There are
    concerns that Russia's smallpox may have been leaked to terrorists, and
    whether something similar happened with monkeypox is uncertain.  Iraq is
    one of the rogue states that may have obtained access to monkeypox. UN
    weapons inspectors have not been in Iraq since 1998, therefore it is
    difficult to know for certain whether they ever worked with monkeypox.
    The good news is that monkeypox does not appear to be transmittable from
    person to person and the smallpox vaccine protects against it.  (United
    Press International, 9 June)
    
    Gunn says he's optimistic Amtrak will avoid shutdown.  Amtrak President
    and CEO David L. Gunn said he is optimistic that the railroad could land
    a $205 million loan and avert a shutdown in July.  But he made it clear
    that any shutdown would involve the entire system, not just certain
    routes such as long-distance trains. Gunn told employees that the
    railroad would run out of cash by July if it could not obtain a loan to
    tide the railroad over to the beginning of the fiscal year in October.
    If Amtrak shuts down, the effects would extend far beyond the lack of
    inter-city rail transportation.  Amtrak maintains and dispatches trains
    along the Northeast Corridor, which is used by thousands of commuters
    daily to travel between cities reaching from Washington, D.C. to Boston.
    Any shutdown plan would have to address a transition that would allow
    commuter operations to continue. Most observers do not expect Amtrak
    will be forced to shut down.  (Washington Post, 9 June)
    
    WWU Comment: While the risk of shutdown exists as early as July,
    skeptics claim that Amtrak will be bailed out by Congress or at least be
    given financial support to carry them through the end of the FY.  If
    not, privatization is a possibility.
    
    Feds seek better Microsoft security.  Tired of security holes in
    Microsoft's products, government technology officials are discussing
    whether to use their collective purchasing power to force changes in the
    way the Microsoft does business.  Their efforts received a boost when
    consumer activist Ralph Nader joined the cause.  In a letter to the
    White House, Nader indicated that changes in purchasing policy might be
    more effective and palatable to the administration than antitrust
    sanctions. The letter suggests the government should place limits on the
    number of Microsoft products it buys, dividing federal money among
    Microsoft, Apple, IBM and other companies. It also suggests that the
    government could push Microsoft to make changes. Many of the changes,
    such as more technical disclosure and making its products available on
    competing operating systems, mirror those suggested during the antitrust
    case and championed by the nine states still suing Microsoft.
    (Associated Press, 9 June)
    



    This archive was generated by hypermail 2b30 : Mon Jun 10 2002 - 08:19:53 PDT