The NIPC Watch and Warning Unit compiles this report to inform recipients of issues impacting the integrity and capability of the nations critical infrastructures.
A Growing Body of Biometric Tech. In the wake of 11 September, the use of biometric technology as a security mechanism has been viewed by some as a plausible defensive weapon in the battle against terrorism. Others, however, continue their stance against using this technology for a few reasons: The current generation of biometrics is by no means foolproof and privacy advocates rail against the threat to individuals of having everyone's finger, face, and voiceprints on record. Such drawbacks notwithstanding, momentum is building toward security systems based on biometrics. The Aviation Security Act, passed in October 2001, mandates the use of fingerprint biometrics for airport-employee background checks. The Transportation Security Agency is currently soliciting proposals for a Transportation Workers Identification Card, which would be issued to 11 million workers from truckers to airport baggage handlers. Further, the Enhanced Border Security Act, signed into law by President Bush on 14 May, requires that all passports and visas be upgraded to include biometrics by April 2003, and that biometric readers be installed at every land, sea, and air border crossing. (Business Week Online, 02 Jul) WWU Comment: Many government agencies (i.e. Department of Defense) have recently contracted with private corporations to install new biometric technologies replacing the old key card magnetic systems with new voice recognition access control measures. This is a rapidly expanding trend, allowing for positive identification and reducing the margin for error. Screeners miss even obvious items. Recent Transportation Security Administration (TSA) test results revealed checkpoint screeners at 32 of the largest airports in the US missed almost a quarter of potential weapons, and 30% of simulated bombs, when the items were tossed into a suitcase like a passenger packs a pair of socks. TSA officials say the undercover tests, done in June by its agents, weren't intended to simulate how a terrorist might try to bring a bomb aboard. Rather, they were designed only to provide a baseline measure for how well today's screeners, almost all hired and trained by private security companies, recognize basic weapons. TSA is in the process of hiring 45,000 screeners by the end of the year for placement in the nation's airports. (USA Today, 1 Jul) American anti-terror inspections will begin at three European ports. As part of its effort against terrorism, the US has secured permission to station specially trained American customs officials in three large European ports in the coming weeks. The aim is to learn more about cargo heading for the US and to screen sea containers for possible weapons of mass destruction, a US Customs Service spokesman said. The agreement will first involve the ports of Rotterdam in the Netherlands, Antwerp in Belgium, and Le Havre in France. Talks are under way with five other European ports in Germany, Italy and Spain. A similar arrangement is already in place in Canada with the ports of Halifax, Montreal and Vancouver. Eventually, customs officials hope to extend the system to the 20 ports around the world that send the largest volume of cargo to the US. Those 20 ports jointly account for almost 70 percent of the 5.7 million containers shipped by sea to the US each year. Security experts say the American inspection campaign, however broad-based it may become, is only a small step in the very large effort to prevent terrorism. (NY Times, 28 Jun) Security analysts dismiss fears of terrorist hackers. Despite growing government concern that Al Qa'ida and its allies may try to use computers to disrupt electrical power grids, transportation systems and emergency communication networks, many experts on terrorism and computer security are skeptical about the overall menace of cyber-terrorism. According to David Wagner a computer science professor at UC Berkeley specializing in information security, "There are some crucial vulnerabilities, but if you want to rank how serious those vulnerabilities are, they are less serious than what you can do with explosives and much less serious than what you could do with chemical or biological agents. John Pike, a weapons systems analyst and director of Globalsecurity.org, a defense policy organization in Washington, D.C., stressed that terrorists use simple, direct methods for operations because they are less likely to fail. He said cyber-attack scenarios are too complex and too likely to fail to have much appeal for terrorist groups. (San Francisco Chronicle, 30 Jun) WWU Comment: The article above references a March 2002 article in CIO Magazine that asserts attacks against vulnerable critical computer networks would be designed to destroy critical data rather than cause catastrophic death and destruction. Historically, terrorists have tended toward physical means of attack. Because of this, the threat of cyber-terrorism is most plausible as a supplement to a larger terrorist attack used to amplify the damage and terror caused by a physical attack. Early warnings for bioterror threats. A limitation of current bio-detection technology is the inability to quickly identify detected bio-agents, a gap that would pinpoint the bacteria sprayed over a crowd only after the fans have gone home - and infected friends and neighbors. A next-generation device from Lawrence Livermore National Laboratory not only collects air samples but also tests them on the spot in an automated mini-lab that can produce results in two minutes. The lab is planning its first field trials this fall, after which the detector may be deployed in sports arenas and buildings. Recently, researchers at Sandia National Laboratories have developed a portable device that can spot biological contamination at a distance, while researchers at Los Alamos National Laboratory have created a prototype hand-held detector that could analyze water, saliva, or dissolved powder in minutes. Major advances are also being made in the field of screening mail. Previously secret technology to instantly determine if envelopes and packages contain anthrax and other bio-agents is already being tested in a pilot program. Concerns with these devices are high costs for purchase and maintenance, likely making use sporadic, and concern that many portable detectors might not be powerful enough. Additionally, most of the systems now in labs are unable to detect genetically engineered viruses, although scientists at Massachusetts Institute of Technology and other researchers are working on a device that should detect such unusual killers. (Business Week Online, 2 Jul) IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk
