National Infrastructure Protection Center
NIPC Daily Open Source Report for 3 December 2002

Daily Overview

.       CNN reports a statement attributed to al-Qaeda claimed
responsibility Monday for last week's terrorist attacks on Israeli
targets in Kenya.  (See item 13)

. reports President George W. Bush signed the Cyber
Security Research and Development Act into law on Wednesday, providing
$880 million to fund a variety of IT-security based programs.  (See item

.       CNN reports the Carnival cruise ship Fascination returned from a
three-day sail Monday carrying more than seven dozen people who had
contracted a gastrointestinal virus; this is possibly the third
Norwalk-related cruise cancellation from a Florida port in recent weeks.
(See item 14)

.       ABC news reports South Korean activists have attacked the White
House computer server with electronic mail bombs to protest the
acquittal of two U.S. soldiers accused of killing two schoolgirls in a
road accident.  (See item 12)

NIPC Daily Report Fast Jump [click to jump to section of interest]
Banking & Finance

Gas & Oil

Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
NIPC Information

Power Sector

1.      December 2, Platts Global Energy - Switzerland changes nuke
liability regulation after 9/11.  Switzerland has changed the country's
nuclear energy liability regulations, and has increased the government's
liability in case of terrorism attacks on nuclear power plants.  Under
the new regulation, the government is liable for SFr500-mil to SFr1-bil
($741-mil to $1.483-bil), the Swiss government said in a statement.
After the events of Sep 11, 2001, private insurance companies have
reduced their liability to SFr500-mil for attacks on nuclear power
plants.  To cover the cost, operators of nuclear power plants in
Switzerland have to swallow a hike of 12.7% in their insurance premiums.

Current Electricity Sector Threat Alert Levels:  Physical: ELEVATED,
Scale:  Low, Guarded, Elevated, High, Severe   [Source: ISAC for the
Electricity Sector (ES-ISAC) -]

[return to top]

Banking and Finance Sector

Nothing to report.

[return to top]

Transportation Sector

2.      December 2, U.S. Customs Service - U.S. Customs 24-hour rule
begins Monday.  U.S. Customs Commissioner Robert C. Bonner announced
Monday that the new 24-hour rule requiring advance cargo manifests from
sea carriers goes into effect on Monday, December 2.  Under the new
rule, Customs will grant sea carriers a 60-day grace period to fully
implement the program.  "Over the next two months we strongly encourage
rapidly increasing compliance by all parties that are required to take
action under the regulation.  By quickly implementing the '24-hour
rule,' we can together do a better job of protecting the American people
and the global trading system as a whole," said Commissioner Bonner.
"Customs will continue to provide many types of assistance at both the
local (port) level and at the Headquarters level, to assist companies in
the operational transition to the new procedures.  Knowing the contents
of a container before it is loaded onto a ship bound for the U.S. is a
critical part of our efforts to guard against the terrorist threat."

3.      December 2, Federal Computer Week - TSA preps smart ID pilot
programs.  The Transportation Security Administration (TSA) is ramping
up its smart card-based programs designed to put identification into the
hands of transportation workers nationwide and allow frequent travelers
to get through airports quickly.  TSA is preparing to launch two
regional pilot projects for its Transportation Worker Identification
Credential (TWIC) System that will provide workers at airports, ports,
railways and other locations with secure access to buildings and
systems.  TWIC is "a system of information systems," said Elaine
Charney, TSA's TWIC program manager.  The goal is to produce an
integrated system that can support one identification card, which then
can be used across all transportation industries, she said.  TSA
officials will soon begin the three-month planning phase of the TWIC
pilot project in the Philadelphia/Wilmington, Del., region, Charney
said, and soon after will begin the planning phase for the Los
Angeles/Long Beach, Calif., region pilot project.   Source: 

4.      December 1, Houston Chronicle (Texas) - Port security a concern
despite recent upgrades.  The Port of Houston's civilian and military
officials consistently say Ship Channel security is tighter than any
time since World War II.  Still, each week, two or three intruders --
usually fishermen or port construction workers -- are intercepted in the
five "safety zones" around the Houston area's industrial centers.  The
Houston port's industrial complex -- at least 150 plants valued at
roughly $15 billion -- represents about half of the nation's
petroleum-processing capacity.  The world's sixth-largest port and
second-largest center for processing petroleum, the complex last year
handled more than 92 million tons of oil and oil products.  Rice
University chemistry professor John Margrave recently warned that "the
public doesn't really appreciate the amount of energy that's stored in a
big cylinder of fuel oil or the combustible materials and natural gas in
the tank farms up and down the channel."  Margrave, who recently
participated in a Washington, D.C., security conference, noted that a
ship loaded with combustible materials could explode with the force of
an atomic bomb.  Last week, port authority directors used $1.5 million
of a federal security grant in awarding a contract for construction of a
port security command center.  When completed in 18 months, the facility
will be a nerve center linking the Coast Guard, FBI, Houston police, and
other key law enforcement and emergency agencies up and down the
channel.  The remaining $300,000 is being used for a port security plan
due to be released this month.  Source: 

[return to top]

Gas and Oil Sector

5.      November 30, Reuters - Venezuela signs to develop LNG project.
Venezuela signed an agreement on Saturday with an Anglo-Dutch company
and another firm from Japan to start developing a $2.7 billion liquefied
natural gas (LNG) project which aims to make the oil-rich nation a net
gas exporter by 2007.  The preliminary development accord for the
Mariscal Sucre project in northeast Venezuela was initialed by state-run
Petroleos de Venezuela (PDVSA), Royal Dutch/Shell and Japan's Mitsubishi
Corp.  It foresees the start of economic and technical feasibility
studies for the project, designed to produce 4.7 million tons of LNG a
year, most of which is expected to go to U.S. customers.  Source:

6.      November 30, Washington Post -Saudis move to increase oil market
clout.  Saudi Arabia has reclaimed its position as the number one
foreign supplier of crude oil to the United States in recent months and
offered to further increase sales in December, the Energy Department
reported.  The Saudis have boosted production by an estimated one
million barrels a day above the quota set by the OPEC, according to a
New York industry analyst.  At the same time, the Saudi government has
amassed a foreign exchange war chest in the range of $90 billion to $100
billion, enabling its economy to weather a prolonged period of low oil
prices should Iraqi President Saddam Hussein be ousted in a U.S.-led
military campaign, and Iraq's production surge thereafter.  If U.S.
military action in Iraq goes awry, leading to the hoarding of
higher-priced oil, only Saudi Arabia has sufficient spare capacity to
calm markets, U.S. officials acknowledge.  Within 30 days, according to
the Energy Department, it could flood the market with as much as 2
million barrels a day from wells it is not now using.  Source: 

[return to top]

Telecommunications Sector

7.      December 2, The Washington Times - Key parts left out of
District's radio upgrade.  The District's new public safety radio
system, already delayed in being built, faces more delays because a
money-saving move cut three key parts of the system from the
contractor's bid, said city officials involved in the project.  The
contract change and likely delay could force the District to lose some
of the $46 million it has received in federal homeland security funds to
build new transmitters, antennas and other radio systems for the police
and fire departments by Sept. 30. Meanwhile, firefighters continue to
use a system riddled with dozens of dead spots and police officers use a
different system that is so old that replacement parts are no longer
available.  The D.C. Office of Chief Technology Officer (OCTO), which
has a $31 million budget to build the radio system, cut from its
recently approved contract with Motorola Inc. three components that will
be bid separately from the contract, said Linda Argo, chief of staff for
the agency.  Mrs. Argo said the components-about 1,200 portable radios
for the Metropolitan Police Department, a backup microwave antenna
system, and automatic diagnostic and alarm systems for failing
transmitters and antennas-were cut from the contract to save money.

[return to top]

Food Sector

Nothing to report.

[return to top]

Water Sector

Nothing to report.

[return to top]

Chemical Sector

Nothing to report.

[return to top]

Emergency Law Enforcement Sector

8.      November 30, New York Times - Terror attacks on 'soft' targets
complicate security.  Disrupting terrorist attacks, already a daunting
job, has been made tougher still because extremist groups are
increasingly willing to attack vulnerable, "soft" targets like the
Israeli-owned resort gutted this week in Kenya.  The suicide bombings at
a hotel, coming just six weeks after suspected operatives or affiliates
of al-Qaeda killed more than 190 people at a resort in Bali, presented
intelligence officials with yet another set of vexing problems.  The
challenge comes in deciding where to focus security and intelligence
resources if the enemy appears able to strike almost anywhere.  "Because
this was such a soft target, it's impossible to guard against something
like this," said Vincent M. Cannistraro, a former counterterrorism
official at the Central Intelligence Agency.  "There are targets all
over the world, and tourists are totally defenseless."  Source: 

[return to top]

Government Operations Sector

9.      December 2, Washington Post - Identifying a way to help Mexicans
living in the U.S.  The matricula is a Mexican government document that
certifies the name and age of the bearer. It has been used, in various
forms, for more than a century.  But it caught on in a big way only this
year, after Mexican President Vicente Fox's government redesigned the
card and launched a campaign to win its acceptance as a valid form of ID
in the United States.  Over the past eight months, more than 80 cities,
about 600 police departments and thousands of businesses have formally
recognized the Mexican matricula for identification, according to the
Mexican Foreign Ministry.  Thirteen states have agreed to accept the
card as sufficient ID for a driver's license application, without regard
to the applicant's visa status.  Source: 

[return to top]

Information Technology Sector

10.     November 27, ZDNet News - Feds, firms unveil test for security
pros.  A new certification program for entry-level computer-security
professionals will officially get up and running Monday, said
representatives of the combined industry-government group behind the
exam.  The Security+ certification, brainchild of the Computing
Technology Industry Association (CompTIA), could become a minimum
requirement that would help companies and government agencies hire
knowledgeable network administrators.  CompTIA is made up of two dozen
trade and government security experts. "This is going to be an entrance
into the security profession, a validation of knowledge," said Kris
Madura, Security+ program manager for CompTIA.  CompTIA also includes
members from the Secret Service and the National Institute of Standards
and Technology, the organization that sets the hiring standards for
nonmilitary government agencies.  Security certification got a big boost
last September, when the Bush Administration published a draft form of
the National Strategy to Secure Cyberspace.  Source.

[return to top]

Cyber Threats and Vulnerabilities

11.     December 2, - President signs Cybersecurity bill into
law.  President George W. Bush on Wednesday signed the Cyber Security
Research and Development Act into law, providing $880 million to fund a
variety of IT-security based programs.  Passed by the U.S. House of
Representatives on Nov. 12 by voice vote, the Act is designed to fund
research and workforce training in computer security.  The bill had
received a unanimous Senate vote Oct. 16.  The Act will fund programs
designed by the National Science Foundation and National Institute of
Standards and Technology to create new cybersecurity research centers,
offer grants and scholarships to students pursuing computer security
studies, and encourage senior researchers to study the field.  The $880
million would be spent over five years.  Source:;

12.     December 1, ABC News - South Koreans launch cyber attack on U.S.
over schoolgirls' deaths.  South Korean activists have attacked the
White House computer server with electronic mail bombs to protest the
acquittal of two U.S. soldiers accused of killing two schoolgirls in a
road accident.  Meanwhile, four people have been arrested breaking into
a U.S. army base and riot police have stopped 300 protesters from
marching on the American embassy in Seoul.  South Korean hackers and
Internet users launched the bombs at the server at 0300 GMT.  However,
an activist says the cyber attack is "largely ineffective due to an
advanced filtering system at the White House".  The activist says a
second attack will be launched.  Some 25 million people, more than half
of the South Korean population, have access to the Internet and
regularly use email.  The attack was led by a coalition of 130 civic
groups, which have organized protests since two 14-year-old girls were
crushed to death by a 50-tonne military vehicle on their way to a
birthday party in June.  Source.

Internet Alert Dashboard
Current Alert Levels

Internet Security Systems 
AlertCon: 1 out of 4
Security Focus ThreatCon: 1 out of 4

Last Changed: 26 November 2002  Last Changed: 23 November 2002
Current Virus and Port Attacks
Virus:  #1 Virus in USA:  PE FUNLOVE.4099
Source:, Trend World Micro Virus
Tracking Center [Infected Computers, North America, Past 24 hours, #1 in
United States]
Top 10 Target Ports     137(netbios-ns); 80(http); 1433(ms-sql-s);
21(ftp); 4662(???); 25(smtp); 139(netbios-ssn); 445(microsoft-ds);
Source:; Internet Storm Center

[return to top]

General Information

13.     December 2, CNN - Al-Qaeda claims "credit" for Kenya attacks.  A
statement attributed to al-Qaeda claimed responsibility Monday for last
week's terrorist attacks on Israeli targets in Kenya.  Last week's
suicide bombing at an Israeli-owned resort hotel in Mombasa killed 10
Kenyans and three Israelis.  A missile attack on an Israeli charter jet
leaving Mombasa the same day was unsuccessful.  No one aboard was hurt
and the plane landed safely in Tel Aviv.  Paul Eedle, a London-based
computer expert who monitors Web sites linked to the terrorist
organization, said the statement appeared on sites that regularly carry
al-Qaeda pronouncements.  U.S. officials said Monday the shoulder-fired
missiles used to target the charter jet apparently came from the same
batch as one used in a failed attempt to shoot down a U.S. military
plane near the Prince Sultan Air Base in Saudi Arabia last May.  Serial
numbers on the two weapons were close, according to sources.  That
"strongly suggests" a link to al-Qaeda, said a U.S. official, who
stopped short of calling the evidence conclusive.  U.S. intelligence
officials said they believe they know where and when al-Qaeda operatives
obtained the Soviet era SA-7s, which have an effective range of 10,000
to 12,000 feet.  Source: 

14.     December 2, CNN - Another sick ship returns to port.  The
Fascination has apparently also been struck by a gastrointestinal virus.
The Carnival cruise ship returned from a three-day sail Monday carrying
more than seven dozen people who had contracted a gastrointestinal
virus, health and police officials said.  The Fascination, an 855-foot
ship that carries as many as 2,052 passengers and 920 crew members,
returned to the Port of Miami waters shortly before 5 a.m. after a
voyage to the Bahamas.  Florida's Department of Health alerted police
officials Sunday that the ship would return to port with numerous sick
passengers, although Carnival spokesman Tim Gallagher refused to confirm
if anyone aboard was ill.  It could not be immediately determined if the
illness is the same Norwalk-type virus that has plagued other cruise
ships in recent weeks, including Holland America's ship Amsterdam and
the Disney ship Magic.  Holland America Line Inc. is owned by the
Miami-based Carnival Corp.  The Amsterdam, which was held at Port
Everglades in Fort Lauderdale for 10 days while being thoroughly
decontaminated after nearly 1,000 people fell ill on its last four
trips, departed on 10-day Caribbean cruise Sunday with 1,261 passengers
aboard.  Should the Fascination's departure be scrubbed, it would be the
third Norwalk-related cruise cancellation from a Florida port in recent
weeks.  Source:

15.     December 2, Portsmouth Herald (Portsmouth, NH) - Agricultural
security gets priority.  Last month, the New Hampshire Department of
Agriculture received approximately $121,000 in federal homeland security
funds to hire an entomologist and laboratory assistant.  Their jobs will
be to monitor and find ways to eradicate some of the non-native insects
that are already causing concerns in the state.  They will also be
responsible for making sure that the state's plants and animals remain
safe from the introduction of other species or diseases that could
threaten local food supplies, said state agricultural commissioner Steve
Taylor.  "Homeland security deals with any kind of pest that could
disrupt the food supply or our economic structure by destroying our
lumber industry," Taylor said.  The department currently deals with
invasive species and diseases, but its funding has been limited, which
in turn limits its scope of work to going after only those that are the
most damaging, the commissioner said.  Source:  

16.     December 2, Associated Press - New York City develops plan to
deal with potential smallpox outbreak.  The draft, put together by the
New York City Department of Health and Mental Hygiene, was to be
submitted to the federal Centers for Disease Control and Prevention on
Monday, said department spokeswoman Sandra Mullin.   No specific details
on the city's strategy were being released since the plan was only a
draft.  Mullin said among the issues considered were diversity in the
city of 8 million residents and how to get information out to people who
speak a range of languages and hold a variety of beliefs about
vaccinations.  Mullin said other concerns included looking at different
scenarios based on where a case came into the city's health system and
educating hospitals about the disease, which hasn't been diagnosed in
the United States in decades.  Another draft plan, detailing a strategy
for vaccinating medical workers before any possible outbreak, is
scheduled to be submitted next week.  The federal government has set a
Dec. 9 deadline for states and some large cities to submit plans for
dealing with smallpox outbreaks.  Source:

17.     November 30, Associated Press - Union ends three-month strike at
government lab.  Maintenance workers at a highly sensitive government
laboratory on Plum Island ratified a contract Saturday, ending a
three-month-old strike, union officials said.  The 76 workers are
expected to go back to work sometime this week, said Marty Glennon, a
lawyer for Local 30 of the International Union of Operating Engineers.
They walked out on Aug. 13 in a dispute over wages, benefits and
retroactive pay.  The Plum Island Animal Disease Center, located on an
850-acre island off the eastern tip of Long Island, studies highly
contagious animal viruses such as foot-and-mouth disease.  The strike by
the lab's maintenance workers raised security concerns after LB&B
Associates Inc. of Baltimore, the subcontractor that provides the
maintenance services, brought in replacement workers.  Source:

[return to top]

NIPC Products & Contact Information

The National Infrastructure Protection Center (NIPC) serves as a
national critical infrastructure threat assessment, warning,
vulnerability, and law enforcement investigation and response entity.
The NIPC provides timely warnings of international threats,
comprehensive analysis and law enforcement investigation and response.
The NIPC provides a range of bulletins and advisories of interest to
information system security and professionals and those involved in
protecting public and private infrastructures.  By visiting the NIPC
web-site (, one can quickly access any of the
following NIPC products:

2002 NIPC Advisories - Advisories address significant threat or incident
information that suggests a change in readiness posture, protective
options and/or response.

2002 NIPC Alerts - Alerts address major threat or incident information
addressing imminent or in-progress attacks targeting specific national
networks or critical infrastructures.

2002 NIPC Information Bulletins - Information Bulletins communicate
issues that pertain to the critical national infrastructure and are for
informational purposes only.

2002 NIPC CyberNotes - CyberNotes is published to support security and
information system professionals with timely information on cyber
vulnerabilities, malicious scripts, information security trends, virus
information, and other critical infrastructure-related best practices. 

2002 NIPC Highlights - The NIPC Highlights are published on a monthly
basis to inform policy and/or decision makers of current events,
incidents, developments, and trends related to Critical Infrastructure
Protection (CIP).  Highlights seeks to provide policy and/or decision
makers with value-added insight by synthesizing all source information
to provide the most detailed, accurate, and timely reporting on
potentially actionable CIP matters.

IWS INFOCON Mailing List
@ IWS - The Information Warfare Site

Reply via email to