National Infrastructure Protection Center
NIPC Daily Open Source Report for 2 January 2003

Daily Overview

.       The Stars and Stripes reports the enrollment and claim files of
550,000 beneficiaries of the military's managed-care medical network
were stolen on December 14.  (See item 8)

.       CNN reports the nation's larger airline carriers are resolving
to trim costs in 2003 and are looking to smaller competitors for cost
saving ideas.  (See item 3)

.       ZDNet reports a new variant of the Yaha virus that appeared just
before Christmas has proven contagious, infecting thousands of computers
worldwide; Symantec has raised the threat from a Category 2 to a
Category 3.  (See item 10)

Editor's Note: Beginning January 6, 2003, the NIPC Daily Open Source
Report will be aligned to cover the critical infrastructure sectors as
identified in the National Strategy for Homeland Security.  Currently
covered sectors, which were set forth in Presidential Decision Directive
63, are included in the new format.  The new Sector alignment will be as
follows: Agriculture, Food, Water, Public Health, Emergency Services,
Government, Defense Industrial Base, Information and Telecommunications,
Energy (to include Electric Power, and Oil and Gas), Transportation,
Banking and Finance, Chemical Industry and Postal and Shipping.  

NIPC Daily Report Fast Jump [click to jump to section of interest]
Banking & Finance

Gas & Oil

Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
NIPC Information

Power Sector

1.      December 31, Platts Energy News - Bulgaria' Kozloduy nuke set to
shut units.  Bulgarian authorities said the second reactor at Bulgaria's
Kozloduy nuclear power plant was permanently shut at midnight local time
Monday, after 27 years of operation.  Its twin, unit one, is scheduled
to shut at 4 pm Tuesday after 28 years.  Both Kozloduy units, first
-generation 440MW reactors, are being shut to satisfy European Union
requirements for Bulgaria's bid to join the EU in 2007.  The EU
considered the reactors unsafe.  Iordan Kostadinov, director of the
Kozloduy plant, said the two units were Bulgaria's cheapest electricity
producers and their closure would mean a loss of $200 million per year.
Decommissioning of the two units is backed by the European Bank for
Reconstruction and Development.  Source: 

2.      December 30, Albuquerque Journal - Nine utilities plan
transmission company.  Xcel Energy, along with eight other electric
utilities, has filed for regulatory approval in New Mexico to form a
transmission-only company, Translink Transmission Co.  This would be a
for-profit company controlling the movement of electricity in parts of
eight states.  In addition to New Mexico, filings were made in Iowa,
Minnesota, Texas and Wisconsin. Filings are also planned in Colorado,
Illinois and North Dakota.  Xcel Energy, formerly Southwestern Public
Service Co., is New Mexico's second largest regulated utility.  The
company has 1,400 miles of power lines and 106,000 customers in eastern
New Mexico.  Minneapolis-based Xcel joined seven other utilities to form
Translink in response to a 1999 Federal Energy Commission (FERC) order.
The FERC order requires utilities to hand over control of transmission
to independent companies.  Competing utilities and wholesale power
marketers will thus have equal opportunity to move power across the
country, FERC said.  The other utilities participating in Translink are
Alliant Energy of Madison, Wis.; Corn Belt Power Cooperative of
Humboldt, Iowa; Dairyland Power Cooperative of La Crosse, Wis.; Great
River Energy of Elk River, Minn.; MidAmerican Energy Co. of Des Moines,
Iowa; Nebraska Public Power District of Columbus, Neb.; Omaha Public
Power District of Omaha, Neb.; and Southern Minnesota Municipal Power
Agency of Rochester, Minn.  Translink executives expect to get
regulatory approval and begin operations next fall.  Source:

Current Electricity Sector Threat Alert Levels:  Physical: ELEVATED,
Scale:  Low, Guarded, Elevated, High, Severe   [Source: ISAC for the
Electricity Sector (ES-ISAC) -]

[return to top]

Banking and Finance Sector

Nothing to report.

[return to top]

Transportation Sector

3.      December 31, CNN - Airlines resolve to trim costs in 2003.  The
nation's larger carriers, like American Airlines, are looking to smaller
competitors like Southwest for cost saving ideas.  After years of
positive returns, the nation's biggest airlines experienced a serious
about-turn in 2002.  With industry-wide losses approaching $9 billion
for the year, carriers such as American, United and Delta shed employees
and excess planes, eliminated travel agents' commissions and levied new
fees on everything from extra baggage to alcoholic beverages.  The
biggest airlines sought inspiration from Southwest Airlines, the
soundest major carrier around and the only one to consistently report
quarterly profits during the industry's worst downturn ever.  For
example, American overhauled flight schedules at its hubs to use planes
and employees more efficiently, reduced the number of different jets it
flies to cut maintenance costs and tested a new fare structure to offer
lower prices for business travelers -- each a nod to the Southwest way.
The Fort Worth-based carrier also asked employees to forgo raises next
year and said it wants to change work rules to cut annual expenses by
more than $3 billion annually.  Source:

4.      December 30, Government Executive Magazine - TSA meets baggage
screening deadlines. With a day to spare, the head of the Transportation
Security Administration said Monday the agency will meet its final
congressional mandate on time by screening all checked airline baggage
for explosives by Dec. 31.  At a news briefing Monday, TSA Administrator
James Loy said that 90 percent of the nation's 429 airports have
explosive detection equipment in place to scan bags.  At a small number
of airports TSA security personnel will use a variety of manual methods
to inspect luggage.  These methods will include hand searches, the use
of bomb-sniffing dogs, and matching checked bags with airline
passengers.  Originally, the 2001 Aviation and Transportation Security
Act mandated that all bags be scanned electronically with explosive
detection equipment.  When it became clear earlier this year that such a
directive was virtually impossible to meet by Dec. 31, lawmakers
expanded the definition to include the manual methods.  For instance,
prior to the Sept. 11 attacks, barely 5 percent of checked bags were
screened for explosives.  Additionally, the agency has deployed more
than 50,000 employees to screen both baggage and passengers.  Source: 

[return to top]

Gas and Oil Sector

5.      December 31, Reuters - Oil prices backed further away from
two-year highs on Tuesday, as promises of extra OPEC supply drained
strength from a rally which added 50 percent to the cost of oil in 2002.
Mounting fears of war in Iraq and a prolonged export halt in Venezuela
continued to underpin the recent surge in futures prices, which have
lifted pump prices in the West and dented a fragile world economic
recovery.  U.S. crude oil futures fell heavily for the second straight
session, dropping over $1 to a low of $30.05 a barrel, down more than
$3.50 or 10 percent from two-year highs struck early on Monday.  Prices
have gone into retreat since an OPEC delegate on Monday said the cartel
was ready to raise output to ease supply concerns sparked by Venezuela's
30-day oil strike and the growing threat of war in Iraq.  Source:

[return to top]

Telecommunications Sector

Nothing to report.

[return to top]

Food Sector

6.      December 31, Associated Press - California orders one million
infected chickens destroyed.  California officials have ordered the
destruction of one million chickens infected with Newcastle disease and
expanded the quarantine to a total of five Southern California counties.
The exotic Newcastle virus, which is harmless to humans but contagious
and fatal among poultry, threatens the state's $3 billion poultry
industry.  It was found in 1 million hens at an egg farm in western San
Bernardino County, CA and they were ordered destroyed.  San Bernardino
already was under quarantine, along with Riverside and Los Angeles
counties.  State officials expanded the quarantine area to include San
Diego County after the virus was found in a commercial flock of 75,000
birds there.  Orange County was added to the quarantine list, even
though it has no commercial poultry operations, to prevent the potential
transport of infected birds.  Source: 

[return to top]

Water Sector

7.      January 1, New York Times - Calif. water users miss deadline on
sharing pact.  Efforts by water officials in Southern California failed
to reach a deal on water usage from the Colorado River before a December
31 deadline.  As a result, the Bush administration said it would cut
flows from the river to the state's cities and farms beginning in
January, making it the first time the federal government has imposed
such a penalty.  Even as the board of one water agency, the Imperial
Irrigation District, voted here to approve a revamped proposal, other
water officials said they had given up on making the deadline.  The
officials said that differences among them remained too great and that
the Imperial proposal was unacceptable.  The deadline was part of an
agreement reached two years ago among seven Western states, including
California, which was meant to end fighting over water supplies from the
Colorado River.  Under that agreement, the Imperial Irrigation District
was to transfer 200,000 acre-feet of water it has been receiving each
year from its farms to the San Diego County Water Authority.  Currently,
agricultural districts get most of the water that comes from the
Colorado River, an imbalance that most water experts agree must change
to address the state's chronic water shortages.  Source:

[return to top]

Chemical Sector

Nothing to report.

[return to top]

Emergency Law Enforcement Sector

8.      December 31, Washington Post - Five men sought by FBI for
illegal entry linked to passport smuggling.  Five foreign nationals who
are being sought by the FBI for questioning, and who may have entered
the United States illegally from Canada, are connected to a passport
smuggling operation with possible ties to terrorists, U.S. and Canadian
officials said yesterday.  One source familiar with the ongoing
investigation said the five men were part of a group of 19 individuals
who had sought fake documents in order to enter the United States.  The
original information about the five men, along with their pictures, came
from Canadian authorities who sent the data to the FBI last week, U.S.
officials said.  Although the FBI immediately transmitted the
information to the Immigration and Naturalization Service, the Customs
Service and the Transportation Security Administration, the men were
already believed to have entered the United States on or about Christmas
Eve, officials said.  No direct links have been found between the five
men and terrorist activities, officials said.  But one U.S. official
said the men had ties to others with suspected terrorist credentials,
including those involved in the smuggling operation.  Source:

[return to top]

Government Operations Sector

Nothing to report.

[return to top]

Information Technology Sector

9.      December 31, Stars and Stripes - Files stolen from military
health contractor.  Enrollment and claim files of 550,000 Tricare
beneficiaries across the sixteen-state Central Region of the military's
managed-care network were stolen on December 14.  Missing are computer
hard drives with names, addresses, phone numbers, Social Security
numbers, claims data and other information on every service member,
family member and retiree enrolled in Tricare through TriWest Healthcare
Alliance Corporation, a managed-care support contractor based in
Phoenix, Arizona.  The Central Region comprises Arizona, Colorado,
Idaho, Iowa, Kansas, Minnesota, Missouri, Montana, Nebraska, Nevada, New
Mexico, North Dakota, South Dakota, Utah, Wyoming and western Texas.
The threat of financial mischief through credit card applications,
access to e-mail, rerouting government checks and false identifications
is clear.  But the stolen data also would seem to create risks to
national security and to personal safety, in light of the war on terror.
The total impact of the theft is still being assessed and the case is
being investigated by the Defense Criminal Investigative Service, FBI
and other law enforcement agencies.  Source.

[return to top]

Cyber Threats and Vulnerabilities

10.     December 31, ZDNet - Yaha virus infection worsens.  A new
variant of the Yaha virus that appeared just before Christmas has proven
contagious, infecting thousands of computers worldwide.  The virus has
seen its numbers increase dramatically, with over 7,000 being stopped by
MessageLabs, a managed service provider, on Monday.  So far more than
17,000 copies of the virus have been detected by MessageLabs, leaping it
to the fifth most common virus sent through the system since records
began.  In response to the increase in occurrence, Symantec, an Internet
security technology company, has raised the threat from a Category 2 to
a Category 3.  The worm arrives in the form of an .exe or .scr
attachment to an e-mail with a variety of subjects and messages, and
contains its own e-mail client to mail itself out, forging the from
address. It also attempts to close down a number of firewalls and
antivirus programs.  Source.,2000024985,20270925,00

Internet Alert Dashboard
Current Alert Levels

Internet Security Systems 
AlertCon: 1 out of 4
Security Focus ThreatCon: 1 out of 4

Last Changed:  26 December 2002 Last Changed: 21 December 2002
Current Virus and Port Attacks
Virus:  #1 Virus in USA:   WORM KLEZ.H
Source:, Trend World Micro Virus
Tracking Center [Infected Computers, North America, Past 24 hours, #1 in
United States]
Top 10 Target Ports     137(netbios-ns); 80 (http); 1433(ms-sql-s);
445(microsoft-ds); 53(domain); 21(ftp); 139(netbios-ssn); 4662;
25(smtp); 27374(asp)
Source:; Internet Storm Center

[return to top]

General Information

11.     December 31, Reuters - World ratchets up security as it rings in
New Year.  Cities across the world tightened security for New Year's Eve
celebrations, with the Indonesian capital deploying 200,000 police and
Sydney taking Olympics-style precautions for a party that attracted
hundreds of thousands.  On the other side of the world, an extra 1,000
policemen will be deployed in Paris to oversee celebrations, bringing
the total to around 5,500.  In Russia, 250,000 policemen were due to
patrol the streets to prevent violence and unrest among tens of
thousands of revelers expected to party outside despite the extreme
cold.  In Berlin, host to Germany's largest new year's celebration, a
police spokesman said security had not been increased this year but
added overall measures remain high.  Source:

12.     December 30, Associated Press - Polio: counting every vial.  The
federal government is taking an inventory of polio strains in labs
around the country as part of an effort to prevent the virus from
accidentally escaping and causing outbreaks once the disease is
eradicated.  All 31,000 institutions that have polio virus stocks have
until Tuesday to submit a report to the U.S. Centers for Disease Control
and Prevention (CDC).  The CDC is also asking labs that no longer need
to work with the virus to destroy any stocks they have.  Federal
officials have said polio could be eradicated worldwide within two
years.  Health officials learned a lesson from what happened with the
smallpox virus.  Smallpox was eradicated in 1977, but less than a year
after eradication two smallpox cases emerged from a lab in the United
Kingdom.  "When polio is eradicated, every effort must be made to ensure
that wild polio virus is not similarly transmitted from the laboratory,"
the CDC said.  Source: 

13.     December 30, Associated Press - Red Cross failed to follow
safety rules.  The American Red Cross received reports that 134 people,
including one who died, got hepatitis B after blood transfusions, but
the organization did not investigate them because of internal policies
that violate government safety rules, federal regulators say.  The U.S.
Food and Drug Administration (FDA) cited the hepatitis discovery as one
of more than 200 violations of federal safety rules it found during its
latest inspection of Red Cross headquarters.  The FDA also alleges that
some Red Cross employees were instructed to skip required safety steps,
and others altered records to allow release of blood that had failed
safety testing.  In addition, the FDA charged the Red Cross failed to
screen out some people who weren't supposed to give blood, and couldn't
account for what happened to the resulting donations.  Source:

[return to top]

NIPC Products & Contact Information

The National Infrastructure Protection Center (NIPC) serves as a
national critical infrastructure threat assessment, warning,
vulnerability, and law enforcement investigation and response entity.
The NIPC provides timely warnings of international threats,
comprehensive analysis and law enforcement investigation and response.
The NIPC provides a range of bulletins and advisories of interest to
information system security and professionals and those involved in
protecting public and private infrastructures.  By visiting the NIPC
web-site (, one can quickly access any of the
following NIPC products:

2002 NIPC Advisories - Advisories address significant threat or incident
information that suggests a change in readiness posture, protective
options and/or response.

2002 NIPC Alerts - Alerts address major threat or incident information
addressing imminent or in-progress attacks targeting specific national
networks or critical infrastructures.

2002 NIPC Information Bulletins - Information Bulletins communicate
issues that pertain to the critical national infrastructure and are for
informational purposes only.

2002 NIPC CyberNotes - CyberNotes is published to support security and
information system professionals with timely information on cyber
vulnerabilities, malicious scripts, information security trends, virus
information, and other critical infrastructure-related best practices. 

2002 NIPC Highlights - The NIPC Highlights are published on a monthly
basis to inform policy and/or decision makers of current events,
incidents, developments, and trends related to Critical Infrastructure
Protection (CIP).  Highlights seeks to provide policy and/or decision
makers with value-added insight by synthesizing all source information
to provide the most detailed, accurate, and timely reporting on
potentially actionable CIP matters.

IWS INFOCON Mailing List
@ IWS - The Information Warfare Site

Reply via email to