The clouds of digital war: will the next terrorist attack be delivered via cyberspace? US investigators have discovered there have been numerous anonymous probes over the Internet for information regarding the nation's emergency phone system, water-distribution networks, and power grid, all critical parts of the US infrastructure. Officials also confirmed that some of these "probes" were focused on "digital switches" - devices designed to allow authorized personnel to monitor and control various aspects of a complex network of machines. While most control systems aren't connected directly to the Internet or accessible through a simple Web page, they are connected to other computer systems that typically are available online. (ABCNEWS.com , 8 Jul) Study says Israel and Hong Kong are hotbed for cyberattacks. Among the most highly wired economies, more cyber attacks originate from Israel and Hong Kong on a per-Internet-user basis than anywhere else, while Kuwait and Iran top the list of the category of countries with fewer Internet users, according to a study released on 8 July. Overall, the United States generates by far the most cyber attacks, followed by Germany, South Korea, China and France, according to The Internet Security Threat Report, Volume II, from Riptech Inc., a managed security service provider based in Alexandria, Virginia. The most likely corporate targets were power and energy companies, the study said. Political analysts have expressed concern hackers target such companies to try to maximize the impact of any attack. The Riptech study was based on a miniscule sample compared to the number of companies connected to the Internet, but because it was based on computer logs of attacks, which are not widely tracked or aggregated, it provides useful insight into global trends, industry analysts said. (Reuters, 8 Jul) Agency chiefs support homeland consolidation, see flaws in dividing duties. Law enforcement officials and the Coast Guard chief told Congress yesterday that it would be a mistake to split their agencies, urging instead that lawmakers move them whole into the new Homeland Security Department. Officials from the Customs Service, the Coast Guard, the Secret Service, and the just-created Transportation Security Administration told members of a House Judiciary subcommittee that all of their duties are intertwined and some could suffer if not transferred intact to the new agency, as President Bush proposed. Trade and security are "inter-linked," said Customs Service Commissioner Robert Bonner, who added that homeland security must not cripple trade. Admiral Thomas Collins, Commandant of the Coast Guard, said dividing the agency's responsibilities between Homeland Security and the Transportation Department would threaten its ability to do any job properly since the same cutters, boats, aircraft, and people are involved in all Coast Guard's tasks. Representatives expressed concern for the health of non-security functions within agencies, and asked whether they would wane under the homeland-security umbrella. They say an agency like the Coast Guard, which performs such tasks as marine search-and-rescue and fisheries management, might make security such a high priority that the other jobs lose emphasis. (Associated Press , 10 Jul; Govexec.com, 9 Jul) Customs set to begin phase 2 of Customs-Trade Partnership Against Terrorism . US Customs Service Commissioner Robert C. Bonner today announced that they will begin taking applications in July 2002, from the global transportation community for membership in the agency's Customs-Trade Partnership Against Terrorism (C-TPAT) program. C-TPAT is an initiative between business and government to protect global commerce from terrorism. The program calls upon importing businesses to establish policies to enhance their own security practices and those of business partners involved in the supply chain. Once these policies are in effect, imports by these businesses would be given expedited processing at ports of entry. Unveiled in April 2002, the program initially sought membership from major importers of goods into the US. To date, just over 230 importers have agreed to participate. "This marks the next step in our plan to join forces with the private sector and keep the avenues of the world economy free of terrorist infiltration," said Bonner. (US Customs Service, 9 Jul) Coast Guard begins makeover with mammoth contract. The US Coast Guard is poised to begin an across-the-board upgrade of ships, aircraft, and command-and-control systems funded by a recently signed $11-billion, 20-year contract. The rejuvenation aims to acquire up to 91 ships, 35-fixed-wing aircraft, 34 helicopters and 76 unmanned surveillance aircraft. Additionally, it will procure systems for command, control, communications, computers, intelligence, surveillance and reconnaissance (C4ISR). In the nearer term are upgrades to 49 existing cutters and 93 helicopters. (Aviation Week & Space Technology, 1 Jul) TSA begins federalization process at more airports. The Transportation Security Administration (TSA) will send assessment teams to conduct initial studies for the federalization of passenger security screening and/or baggage screening checkpoints at 111 airports. The federalization process consists of three steps: a site survey to determine the best design of the checkpoints and baggage screening areas; checkpoint and baggage screening reconfiguration to best facilitate security and safety of the flying public; and the deployment of a general screening workforce. The timeframe between arrival of the site assessment team and full deployment of a federal screening workforce depends on the size of the airport and other factors. The recruitment, assessment, training and deployment of screeners at a given airport will take five weeks or longer. (US DOT, 8 Jul) Air cargo remains hole in security system, experts say. The cargo that airlines carry on passenger jets doesn't get the same close scrutiny as travelers or luggage, a security problem that government officials say they're working to correct. Transportation Security Administration officials say they are committed to keeping bombs out of cargo shipments, just as they strive to meet congressional deadlines for screening passengers and their baggage. ''We're concerned about anything that flies on passenger planes,'' said Bill Wilkening, the TSA's manager of dangerous goods and cargo security. ''Everything is the same priority in terms of addressing vulnerabilities.'' The problem is that air cargo isn't screened for explosives or weapons, the people handling the package may not be known to the airline and safeguards can be circumvented, said a government report and critics of the system. ''It's definitely a hole,'' said Capt. Steve Luckey, chairman of the Airline Pilots Association's national security committee. ''The layers of security that surround the passenger-carrying system aren't there to protect the cargo operation." (Associated Press, 9 Jul) Nicaragua to let US companies explore potential oil, gas fields. Nicaragua said it would allow U.S. drilling companies to explore its Caribbean and Pacific coasts and central lowlands for deposits of oil and natural gas. The measure also opens up swaths of swamp and marshland on the Pacific and Caribbean coasts, farmland outside the capitol of Managua, and jungle regions in southern Rivas province up to oil exploration. According to Nicaragua's Energy Institute, the three areas are capable of producing oil and natural gas at considerable levels for more than 100 years. (Associated Press , 9 Jul) Blue Cascades critical-infrastructure protection exercise. Understanding the threats posed by cyberattacks against the nation's critical telecommunications, energy and emergency infrastructures has given way to learning how failures in one industry segment can affect other sectors. That was the conclusion of the Blue Cascades critical-infrastructure protection exercise that was held June 12 in Portland, Oregon. A detailed action plan based on the results of Blue Cascades should be completed this week. The exercise was the second such regional critical-infrastructure protection exercise sponsored by the Pacific Northwest Economic Region, a public/private partnership created by five U.S. states and three Canadian provinces. The first exercise, code-named Black Ice and held in Salt Lake City in November 2000, demonstrated how the effects of a major terrorist attack or natural disaster could be made significantly worse by a simultaneous cyberattack. (Computerworld, 8 Jul)
This archive was generated by hypermail 2b30 : Thu Jul 11 2002 - 10:53:34 PDT