NIPC Daily Report       8 April 2002

The NIPC Watch and Warning Unit compiles this report to inform 
recipients of issues impacting the integrity and capability of the 
nation's critical infrastructures.

Hacking up, disclosure down, FBI survey says.  An FBI survey of 503 US 
corporations, government agencies, financial and medical institutions 
and universities reveals that only 34% of detected computer security 
breaches were reported to authorities.  Many respondents cited fear of 
bad publicity as their reason for not reporting.  The government is 
using partnership groups, such as the FBI's InfraGard program in each 
field office, to persuade companies to report attacks directly to FBI 
agents without public disclosure.  Overall, there were more computer 
crimes than in last year's survey, but fewer victims reported crimes to 
police than in 2001, reversing a trend from earlier surveys. 
(Nandotimes, 7 Apr)

Nuclear fuel rods misplaced.  Despite losing two nuclear fuel rods from 
its closed Millstone 1 nuclear plant, Millstone Power Station operators 
are ready to safely store more nuclear waste at its Millstone 3 unit, 
company attorneys and federal regulators said at a hearing on 2 April. 
At issue is whether Dominion Nuclear Connecticut, owner and operator of 
the Millstone station in Waterford, should be given a license amendment 
to increase by 2 1/2 times the amount of spent nuclear fuel it can place 
in the Millstone 3 storage pool.  The licensing board agreed to reopen 
the proceedings to hear arguments as to whether the mistakes at 
Millstone 1 mean station operators are not prepared to handle more spent 
fuel at Millstone 3.  (The Day, 3 Apr)

CT declares drought advisory.  Connecticut officials issued a statewide 
drought advisory, asking residents and state agencies to voluntarily 
conserve water.  A similar water shortage is affecting many areas in the 
US and Canada. Last week, New York City Mayor Michael Bloomberg declared 
a drought emergency - the first in the city since 1989 - and ordered 
mandatory restrictions on water use by businesses and residents.  (Water 
Tech Online, 4 Apr)

Cities seeking 311 phone systems after attacks. The Federal 
Communications Commission set aside 311 as a phone number for 
non-emergency needs in 1997. Since 11 September, cities that have been 
flooded with calls about anthrax and terrorism have sought to implement 
311 as a crisis backup for 911.  (Scripps Howard News Service, 3 Apr)

AG John Ashcroft names Vance Hitch as DOJ CIO.  One of Mr. Hitch's 
responsibilities will be to oversee major systems upgrades at the 
Immigration and Naturalization Service, where clashing databases have 
contributed to problems controlling the nation's borders.  Ashcroft 
called for development of an IT strategy when he reorganized the 
department for wartime operations last November; Hitch is to oversee 
development of that plan.  (Government Computing News, 26 Mar)

Expanded police powers.  The Justice Department has drafted a legal 
opinion that would give state and local police agencies the power to 
enforce immigration laws; potentially broadening an activity long 
handled by federal agents.  The draft opinion, by Justice's Office of 
Legal Counsel, says states and municipalities have the "inherent 
authority" to enforce immigration laws.  Except for small pilot programs 
in Florida and South Carolina, state and local police departments 
generally have steered clear of immigration issues. They sometimes help 
Immigration and Naturalization Service agents with security or 
transportation during INS raids, but they do not make arrests on civil 
immigration violations.  (Washington Post, 4 Apr)

Senator proposes bio terrorism legislation.  Senator Max Cleland 
proposes to bolster the clout and funding of the Center for Disease 
Control and Prevention as the CDC prepares against the possibility of a 
bio terrorism attack.  Cleland's proposed center would put the CDC in 
charge of training response teams, developing local contingency plans, 
implementing disease-surveillance systems and tracking dangerous 
biological agents and toxins.  (Associated Press, 4 Apr)

Signs of 'trustworthy computing' NEC Computing International has 
announced a trial program in which Packard Bell PCs will be equipped 
with keyboards that include secure smart-card readers.  The keyboards 
are designed to hold credit card numbers, PINs and other personal 
information in encrypted form, without leaking them into the PC where 
they could be stolen.  But developers of secure systems say the plan 
will go nowhere without new hardware that addresses fundamental security 
problems in the PC's aging architecture.  Security experts agree that 
the basic design of the PC is flawed: It allows data to travel around 
inside unencrypted, which means information can be stolen or faked by a 
program installed on the desktop. (Wired News, 4 Apr)

Cellular carriers, DOD debate spectrum needs.  The DoD would consider 
sharing its portion of the radio frequency spectrum with commercial 
wireless operators if those companies will assume liability for any 
problems that result, including the possibility of a test missile going 
astray because of interference.  Voicestream and other cellular carriers 
have eyed portions of the spectrum used by the DOD for years, and have 
lobbied either to share bandwidth or acquire portions of it in an 
outright auction. An auction of the DOD spectrum would require Defense 
officials to move complex systems to new frequencies, which in turn 
would require new wireless communications systems costing hundreds of 
millions of dollars.  Commercial carriers aren't the only ones seeking 
more spectrum space.  Electric, gas and water utilities use their own 
slice of the spectrum band to dispatch repair crews, and to monitor and 
control cross-country power networks, gas pipelines, and water systems. 
(ComputerWorld, 4 Apr)

White House: Vendors must improve on security protections.  Federal 
technology vendors must do a better job of building privacy and security 
protections into their software, two top-ranking White House officials 
said on 4 April.  Privacy and security must be key components of the 
"enterprise architecture" blueprints that are guiding agencies' efforts 
to integrate their systems, reduce paperwork, and accomplish tasks in 
"minutes or hours, rather than weeks or months."  As that transformation 
occurs, federal agencies must take steps to ensure the accuracy of 
shared information, and prevent its misuse.  (National Journal's 
Technology Daily, 4 Apr)

Sept. 11's impact on data security is limited.  Despite the focus on 
corporate data security after September 11, big companies haven't 
significantly changed their thinking about their approach to data 
security.  "If you're a hacker who's looking to become famous, you're 
not going to go after a site no one has ever heard of," said In-Stat/MDR 
analyst Jaclynn Bumback.  The events of 11 September have frequently 
been cited as a motivator that pushed companies to re-evaluate and even 
bolster their security infrastructures. Yet the In-Stat/MDR data suggest 
that companies haven't significantly changed their perspective, or their 
spending, when it comes to security.  (Internet Week, 4 Apr)

New report says Dept of Transportation should develop security plan 
before installing explosive detection machines. The National Research 
Council said Friday that the Transportation Department is moving too 
slowly in developing a comprehensive plan to provide layers of security 
at airports.  Consequently, bomb-detection machines are being installed 
at airports even though it is uncertain how they will fit into the 
overall security plan.  The advisory board's report was issued as the 
new Transportation Security Administration tries to meet a year-end 
congressional deadline for installing enough explosive detection 
machines to inspect all checked baggage. The report said the 
Transportation Department needs to develop an overall security plan, 
from deciding which passengers should undergo extra scrutiny to which 
bags should get additional checks. (DigitalMass, 5 Mar)

IWS INFOCON Mailing List
@ IWS - The Information Warfare Site

Reply via email to