National Infrastructure Protection Center NIPC Daily Open Source Report for 4 December 2002
Daily Overview . The Washington Post reports the nature of identity theft has changed and today is more likely to come from insiders going after a massive amount of information rather than a thief stealing an individual's wallet. (See item 2) . NEPA News reports that Carnegie Mellon University and the University of Pittsburgh are freely providing software to health organizations to assist in the early warning of a bioterrorist attack. (See item 16) . The Land & Livestock Post reports that Texas A&M University has published an internet website to assist meat and poultry processors quickly find information on food safety. (See item 7) NIPC Daily Report Fast Jump [click to jump to section of interest] Power Banking & Finance Transportation Gas & Oil Telecommunications Food Water Chemical Emergency Law Enforcement Government Operations Information Technology Cyber Threats and Vulnerabilities Internet Alert Dashboard General NIPC Information Power Sector 1. December 3, Platts Global Energy - Outage cuts UK-France flows by 500MW until Dec 10. A problem with a transformer is likely to cut capacity transfer on the UK-France power link by 500MW in both directions until Dec 10 at the earliest, a spokesman for UK transmission system operator National Grid said Tuesday. The problem with the transformer at Sellindge converter station in Kent, on the UK side of the link, occurred in the early hours of Monday morning, he said. The "best guess" of link operators National Grid and French transmission system operator RTE was that it will return to its full capacity transfer level of 2,000MW on or around Dec 10, he said. The grid operators were investigating the problem with the transformer, he said. Source: www.platts.com/stories/electricpower3.html Current Electricity Sector Threat Alert Levels: Physical: ELEVATED, Cyber: ELEVATED Scale: Low, Guarded, Elevated, High, Severe [Source: ISAC for the Electricity Sector (ES-ISAC) - http://esisac.com] [return to top] Banking and Finance Sector 2. December 3, Washington Post - Identity theft more often an inside job. The nature of identity theft has changed and the threat today is more likely than ever to come from insiders - employees with access to large financial databases who can loot personal accounts - than from a thief stealing a wallet or pilfering your mail. Banks, companies that take credit cards and credit-rating bureaus themselves don't do enough to protect consumers, critics say. Law enforcement experts now estimate that half of all such cases come from thefts of business databanks as more and more information is stored in computers that aren't properly safeguarded. "There is a shift by identity thieves from going after single individuals to going after a mass amount of information," said Joanna Crane, identity-fraud program manager at the Federal Trade Commission. "There's an awful lot of bribery of insiders going on." Source: http://www.washingtonpost.com/wp-dyn/articles/A1026-2002Dec2.html [return to top] Transportation Sector 3. December 3, U.S. Customs Service - Customs announces CSI deployment at Le Havre. U.S. Customs Commissioner Robert C. Bonner announced Tuesday the deployment of four U.S. Customs officers to the French port of Le Havre, marking the latest step in the agency's Container Security Initiative (CSI). CSI is designed to prevent terrorists from infiltrating the world's sea cargo environment by improving security at key seaports worldwide. To date, nine countries have agreed to participate with U.S. Customs under CSI. These agreements cover 15 ports, all among the top 20 ports that handle shipments bound for the United States. Source: http://www.customs.ustreas.gov/hot-new/pressrel/2002/1203-00.htm 4. December 1, Dallas Morning News - International shipping vehicles vulnerable to terrorist attacks. With al-Qaeda stepping up its sporadic attacks on western targets, there is a consensus among terrorism experts that international shipping is increasingly vulnerable to extreme tactics. The risk extends beyond the big, obvious targets to the thousands of ferryboats that move cars, cargo and commuters from port to port, often with minimal security, in the United States and Europe. Steven Flynn, a former U.S. Coast Guard commander who is now a senior fellow with the Council on Foreign Relations, contends that one serious incident involving containers brought into the United States by ship would prompt the public to demand the entire system be shut down, crippling global commerce. The impact of a shipping shutdown would be disastrous for the U.S. economy, Flynn said. While U.S. counter-terrorism officials grapple with this potential hazard, their European counterparts have imposed high security alerts in recent months because of intelligence indicating that terrorists plan to target one of the many car ferries that link Britain to the European mainland. The ferries are perceived as vulnerable because they are designed to transport large trucks filled with retail goods, including electronics, furniture and agricultural items. An extensive search of loading points in Europe was conducted several weeks ago after information about a specific truck bomb was provided to authorities. No bomb was found, but the entire ferry system remains on high alert, said Magnus Ranstorp, director of the Center for the Study of Terrorism and Political Violence at the University of St. Andrews in Scotland. Source: http://www.ledger-enquirer.com/mld/ledgerenquirer/news/world/4644284.htm [return to top] Gas and Oil Sector 5. December 3, Dow Jones Newswires - Citgo: west shore pipeline shut north of Des Plaines, Ill. West Shore Pipeline Company's 16 inch refined products pipeline was shut around 11:00 a.m. EST (1600 GMT) Monday after a leak was discovered about three miles south of Bristol, Ill, according to Kent Young, spokesman for Citgo Petroleum Co. , operator of the West Shore Pipeline. There's been no immediate impact on product supply, Young said, as the company typically maintains three to four days supply in terminals. There is no estimate on the extent of the repair work needed, and, therefore, there's no restart estimate. The West Shore Pipeline originates in the Chicago area and transports refined products - gasoline, fuel oil and turbine fuel - north to Green Bay, Wisconsin and west and then north to Madison, Wisconsin. Source: http://biz.yahoo.com/djus/021203/1258000584_1.html 6. December 3, BBC News - Europe names its 'fleet of shame'. A blacklist of 66 ships deemed too dangerous for European waters has been published by the European Commission. The ships have been "named and shamed" amid concerns over safety standards in the wake of the Prestige tanker disaster. The commission said the 66 ships on its blacklist had been detained on several occasions in European ports for failing to comply with safety rules. Most are bulk carriers, although 16 are oil and chemical tankers and one is a passenger vessel. Twenty-six of the vessels sail under a Turkish flag. Twelve are flagged to the Caribbean nation of St Vincent and Grenadines, and nine to Cambodia. A total of 13 flags are represented. Source: http://news.bbc.co.uk/1/hi/world/europe/2538987.stm [return to top] Telecommunications Sector Nothing to report. [return to top] Food Sector 7. December 1, Land & Livestock Post (Texas) - Database provides information on food safety. A scientific article database has been designed at Texas A&M University to help meat processors and others who develop their Hazard Analysis Critical Control Point programs (HACCP). HACCP is a food safety process control system regulated by the U.S. Department of Agriculture to make sure meat and poultry products are safe. The database "can be used by the industry to support its decisions," said Dr. Kerri Harris, executive director of the International HACCP Alliance, which is headquartered at Texas A&M. "Because there is a government requirement for companies to defend their decisions and be able to support how they created their food safety programs, this is a tool that gives them the information without having to make multiple phone calls, contact multiple people, and do multiple searches," Harris said. The database can be accessed at http://haccpalliance.org/sciencelibrary.html. Source: http://www.landandlivestockpost.com/technology/120102database.htm [return to top] Water Sector 8. December 3, Detroit News (Michigan) - Faster E. coli test in works. A consortium of professors at Wayne State University in Michigan is within a year of developing a rapid-fire monitoring system that would give instant readings of E. coli bacteria contamination in lakes and rivers and immediately detect deadly chemicals in drinking water, scientists say. The new system would give instant results for drinking water. Tests now take 24 hours. "It's in the prototype stage right now, but we can start with some preliminary testing," said Greg Auner, a Wayne State professor who heads the team creating the system. Wayne State's work will dovetail with research that will soon start under a $3.5 million grant awarded last week to the U.S. Army Tank-automotive and Armaments Command (TACOM) in Warren, MI, under a Congressional spending bill. The grant will be used "to develop water monitoring for detection of chemical and biological warfare agents," said Jay Dusenbury, a science and technology team leader at TACOM. The primary focus of the TACOM grant is to protect the drinking water of American troops, but the same technology could be used to protect drinking water at municipal water intakes. Source: http://www.detnews.com/2002/metro/0212/03/d01-26157.htm 9. December 2, San Antonio Express News (Texas) - Simulated terror attack test preparedness. In a computer simulation last summer, Texas state, federal, and Mexican officials tested their response to a terrorist attack in which tons of cancer-causing chemicals were dumped into the Rio Grande at Laredo, TX. The exercise required the officials to divert the poisoned waters before they reached Falcon Lake 80 miles south. David Eaton, an LBJ School of Public Affairs professor, said the exercise, held in June in Bastrop, TX, showed how communities on both sides of the U.S.-Mexico border could deal with terror attacks before they get out of hand. In the computer simulation, held at a Lower Colorado River Authority facility, two days were compressed into less than six hours of decision-making. Officials identified the chemical and then enlisted the Army Corps of Engineers to build a temporary dam, diverting the river's flow onto land on the U.S. side and sparing Falcon Lake, which supplies water to the Lower Rio Grande Valley. Eaton's research team is among about 20 funded by the Army that have been probing bioterror topics at the University of Texas at Austin, UT-San Antonio, and other universities and medical schools since 1998. Major goals are to enable troops to continue fighting in the face of biological or chemical agents and to improve domestic responsiveness partly by ensuring more efficient communications systems. Source: http://news.mysanantonio.com/story.cfm?xla=saen&xlb=180&xlc=882904 [return to top] Chemical Sector 10. December 2, Tribune-Review (Pittsburgh) - Lawmakers to weigh chemical security options. There are various approaches to chemical safety being considered for 2003. One contender is the Chemical Security Act, passed by the Senate's Environmental and Public Works Committee last July. The bill would give the U.S. Environmental Protection Agency the mandate to police chemical sites. There is also expected to be a White House proposal to federalize security at more than 13,000 sites nationwide. And, in Pennsylvania, a law drafted by state Rep. Mike Veon, a Beaver Falls Democrat, could supersede all other plans. Probes by the Pittsburgh Tribune-Review found security so lax at 62 facilities making, storing and shipping hazardous chemicals that a reporter easily could reach tanks holding some of the world's deadliest toxins. The investigations focused on plants near some of America's largest cities, including Baltimore, Chicago, Houston and Pittsburgh. A bill written by state Rep. Veon mandates tougher security for Pennsylvania's chemical plants. The Veon plan calls for a Cabinet anti-terrorism position and National Guard protection of Pennsylvania's nuclear plants. He vows to "close the loopholes" in federal laws allowing catastrophic amounts of chemicals to be made, stored and shipped near cities. The bill died in the Legislature's recently ended session, but Veon, the House Democratic whip, vows to reintroduce the measure next year. Source: http://www.pittsburghlive.com/x/s_105513.html [return to top] Emergency Law Enforcement Sector 11. December 3, USA Today - U.S. anti-terror training camps booked solid. Potential scenarios of domestic terrorism unfolded last month at training centers for police, firefighters, emergency medical specialists and other rescue workers who would be the first to respond to terrorist attacks in the U.S. Public-safety experts say that such exercises, using sophisticated mock-ups of real life, can help equip "first responders" in ways that classroom instruction and scripted run-throughs can't. The rank-and-file seem to agree: Tens of thousands have gone through hands-on training since the 2001 terrorist attacks. The National Domestic Preparedness Consortium, a partnership of federal agencies and public universities, hopes to train 100,000 police, fire, rescue and emergency health workers a year. With an estimated 7.5 million first responders and 4 million health care workers in America, demand far exceeds openings in courses, which can include drills to combat biochemical terrorism, weapons of mass destruction, hostage-takers, explosives and other threats. Source: http://www.usatoday.com/news/nation/2002-12-02-terror-training-usat_x.ht m [return to top] Government Operations Sector 12. December 3, Associated Press - USPS workers to get potassium iodide. The United States Postal Service (USPS) said Monday it was buying nearly 1.6 million pills from Tampa-based Anbex, Inc. for distribution to workers who want to have the tablets if a radiological emergency occurs. The pills are generally kept on hand in areas where there is a threat of a nuclear accident, but in recent years concerns have also increased that an enemy might include a form of iodine in a nuclear weapon. The Food and Drug Administration-approved tablets will be available for all 750,000 postal workers nationwide. Source: http://www.washingtonpost.com/wp-dyn/articles/A2918-2002Dec3.html [return to top] Information Technology Sector Nothing to report. [return to top] Cyber Threats and Vulnerabilities Nothing to report. Internet Alert Dashboard Current Alert Levels Internet Security Systems AlertCon: 1 out of 4 https://gtoc.iss.net/ Security Focus ThreatCon: 1 out of 4 http://analyzer.securityfocus.com Last Changed: 26 November 2002 Last Changed: 23 November 2002 Current Virus and Port Attacks Virus: #1 Virus in USA: PE_FUNLOVE.4099 Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 137(netbios-ns); 80(http); 1433(ms-sql-s); 21(ftp); 4662; 25(smtp); 139(netbios-ssn); 445(microsoft-ds); 443(https); 53(domain) Source: http://isc.incidents.org/top10.html; Internet Storm Center [return to top] General Information 13. December 3, Associated Press - WHO fund to probe disease outbreaks. The World Health Organization (WHO) has a new $500,000 rapid response fund to investigate infectious disease outbreaks, whether caused by nature or terrorism. The money will allow the WHO to send teams to the field without first raising money to support the investigations. "Crucial hours lost in the early days of a disease outbreak can mean the difference between a handful of cases and a major epidemic," Dr. Gro Harlem Brundtland, WHO's director-general, said in a statement Monday. The fund will be called the WHO-NTI Emergency Outbreak Response Fund. Officials at NTI and WHO said the fund will need donations from others, and they hope it will be replenished by "traditional humanitarian donors" and member nations. WHO spends anywhere from a couple of million dollars to $10 million per year investigating outbreaks. Each investigation can cost anywhere from $50,000 to $500,000. Source: http://www.washingtonpost.com/wp-dyn/articles/A2385-2002Dec3.html 14. December 3, New York Times - Three-month old strike continues at animal disease center. The government contractor who employs nearly half the work force at the Plum Island Animal Disease Center has rejected a vote by union workers that could have ended a strike that has lasted over three months, according to letters from the company and union officials. On Saturday, union members voted unanimously to accept a contract that was the same as the one they went on strike to protest. Workers said they were willing to give up their previous demands based on the understanding that all the striking workers would be allowed to return to the job. They said that on Nov. 14, the contractor, LB&B, made a proposal that included permanent provisions for 45 replacement workers. The contractor said that the union was mistaken in believing that the proposal did not include replacement workers. In a letter to the union dated Nov. 30, Benjamin N. Thompson, a lawyer for LB&B, wrote: "LB&B consistently maintained throughout the post-strike negotiations that replacement workers hired to replace the strikers were permanent replacements. Source: http://www.nytimes.com/2002/12/03/nyregion/03PLUM.html 15. December 2, NEPA News (Pennsylvania) - Universities give away bioterror-detection software. Software that could provide an early warning of a bioterrorist attack is being given to health organizations for free, Carnegie Mellon University and the University of Pittsburgh announced Monday. The Real-time Outbreak Disease Surveillance software was created several years ago by the BioMedical Security Institute, which the schools jointly operate, and is available on the Internet. Health professionals using the surveillance software enter patients' symptoms, their ZIP codes, and dates of their visits. The system can alert medical and emergency officials of any spike in symptoms that could be related to a biological attack. A year before the terrorist attacks, scientists at the universities began a project to track patterns of influenza, E. coli infections and illness caused by common biological agents reported in Pittsburgh area hospitals. The goal is to have all health systems in Pennsylvania using the software in three years. Eventually, the system could be used nationwide. Source: http://www.zwire.com/site/news.cfm?newsid=6251686&BRD=2212&PAG=461&dept_ id=465812&rfi=6 [return to top] NIPC Products & Contact Information The National Infrastructure Protection Center (NIPC) serves as a national critical infrastructure threat assessment, warning, vulnerability, and law enforcement investigation and response entity. The NIPC provides timely warnings of international threats, comprehensive analysis and law enforcement investigation and response. The NIPC provides a range of bulletins and advisories of interest to information system security and professionals and those involved in protecting public and private infrastructures. By visiting the NIPC web-site (http://www.nipc.gov), one can quickly access any of the following NIPC products: 2002 NIPC Advisories - Advisories address significant threat or incident information that suggests a change in readiness posture, protective options and/or response. 2002 NIPC Alerts - Alerts address major threat or incident information addressing imminent or in-progress attacks targeting specific national networks or critical infrastructures. 2002 NIPC Information Bulletins - Information Bulletins communicate issues that pertain to the critical national infrastructure and are for informational purposes only. 2002 NIPC CyberNotes - CyberNotes is published to support security and information system professionals with timely information on cyber vulnerabilities, malicious scripts, information security trends, virus information, and other critical infrastructure-related best practices. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk
