[INFOCON] - News 12/04/02

[Wanja Eric Naef \(IWS\)]

_

  London, Wednesday, December 04, 2002  
_

INFOCON News
_

IWS - The Information Warfare Site
http://www.iwar.org.uk

_


-

To subscribe - send an email to [EMAIL PROTECTED] with subscribe
infocon in the body

To unsubscribe - send an email to [EMAIL PROTECTED] with
unsubscribe infocon in the body

-

_


  
  [News Index]
  

[1] Homeland defense commander stresses 'need to share' information
[2] Homeland agency charged with outreach
[3] PGP goes back to its roots
[4] Virus payloads bigger, nastier
[5] Barbarians at the Gate: An Introduction to Distributed Denial of
Service Attacks

[6] NetNames cock-up blamed for eBay detagging
[7] Iowa governor dismisses CIO
[8] OMB finds security leverage
[9] GSA's center of activity
[10] Cautionary tales

[11] Does Research Support Dumping Linux?
[12] E-government bill wins praise from tech officials
[13] Infiltrating agency ops
[14] New opportunities for NIST
[15] Traveler smart card poses security concerns

[16] Wennergren named Navy CIO
[17] ISS Goes Public With Vulnerability Disclosure Guidelines
[18] Firewalls face next challenge
[19] Vendors complete tougher ICSA 4.0 firewall tests

_

CURRENT THREAT LEVELS 
_

Electricity Sector Physical: Elevated (Yellow) 

Electricity Sector Cyber: Elevated (Yellow) 

Homeland Security Elevated (Yellow) 
DOE Security Condition: 3, modified  

NRC Security Level: III (Yellow) (3 of 5) 

_

News
_


[1] Homeland defense commander stresses 'need to share' information
By Molly M. Peterson, National Journal's Technology Daily 

Officials at the newly established U.S. Northern Command may have to
consider abandoning the military's traditional system for classifying
information as they build crucial lines of communication with federal,
state and local homeland security agencies, the Northern Command's chief
information officer said recently.

Speaking to reporters at a homeland security summit late last month,
Maj. Gen. Dale Meyerrose said inter-agency information sharing is a
blossoming requirement for the Northern Command, which is
headquartered at Peterson Air Force Base in Colorado Springs, Colo. The
command is charged with consolidating the military's homeland defense
and civil-support missions. 

The Defense Department's current classification system allows military
offices to share information on a need-to-know basis, and requires
security clearances and background checks for access to information with
such labels as top secret and classified. But Meyerrose said that
system could hinder the Northern Command's ability to share real-time
information with civilian agencies that classify their information
differently. 

http://www.govexec.com/dailyfed/1202/120302td1.htm

 

[2] Homeland agency charged with outreach
Security strategy at risk if coordination fails
BY Diane Frank, Megan Lisagor and Dibya Sarkar 
Dec. 2, 2002 

When President Bush signed the Homeland Security Department into law
last week, he triggered activity on two fronts.

Internally is the much-publicized effort to bring 170,000 employees from
nearly two dozen agencies into a single department, if only virtually.

Externally is the often overlooked effort to coordinate the department's
work with a multitude of organizations across state and local government
and the private sector. This second front, many observers say, is
equally vital - and equally at risk for failure.

http://www.fcw.com/fcw/articles/2002/1202/news-home-12-02-02.asp 

 

[3] PGP goes back to its roots
By ComputerWire
Posted: 04/12/2002 at 10:03 GMT
 
PGP Corp this week delivered its first set of product upgrades since the
company was spun out of Network Associates Inc this August, and
delivered on its promise to publish the source code to the pioneering
cryptography software, writes Kevin Murphy. 

PGP sees 8.0 

[INFOCON] - NIPC Daily Open Source Report for 4 December 2002

[Wanja Eric Naef \(IWS\)]

National Infrastructure Protection Center
NIPC Daily Open Source Report for 4 December 2002

Daily Overview

.   The Washington Post reports the nature of identity theft has
changed and today is more likely to come from insiders going after a
massive amount of information rather than a thief stealing an
individual's wallet.  (See item 2)

.   NEPA News reports that Carnegie Mellon University and the
University of Pittsburgh are freely providing software to health
organizations to assist in the early warning of a bioterrorist attack.
(See item 16)

.   The Land  Livestock Post reports that Texas AM University has
published an internet website to assist meat and poultry processors
quickly find information on food safety.  (See item 7)

NIPC Daily Report Fast Jump [click to jump to section of interest]
Power
Banking  Finance
Transportation

Gas  Oil
Telecommunications
Food

Water
Chemical
Emergency Law Enforcement

Government Operations
Information Technology
Cyber Threats and Vulnerabilities

Internet Alert Dashboard
General
NIPC Information


Power Sector

1.  December 3, Platts Global Energy - Outage cuts UK-France flows
by 500MW until Dec 10.  A problem with a transformer is likely to cut
capacity transfer on the UK-France power link by 500MW in both
directions until Dec 10 at the earliest, a spokesman for UK transmission
system operator National Grid said Tuesday.  The problem with the
transformer at Sellindge converter station in Kent, on the UK side of
the link, occurred in the early hours of Monday morning, he said.  The
best guess of link operators National Grid and French transmission
system operator RTE was that it will return to its full capacity
transfer level of 2,000MW on or around Dec 10, he said.  The grid
operators were investigating the problem with the transformer, he said.
Source: www.platts.com/stories/electricpower3.html 

Current Electricity Sector Threat Alert Levels:  Physical: ELEVATED,
Cyber: ELEVATED
Scale:  Low, Guarded, Elevated, High, Severe   [Source: ISAC for the
Electricity Sector (ES-ISAC) -  http://esisac.com]

[return to top]

Banking and Finance Sector

2.  December 3, Washington Post - Identity theft more often an
inside job.  The nature of identity theft has changed and the threat
today is more likely than ever to come from insiders - employees with
access to large financial databases who can loot personal accounts -
than from a thief stealing a wallet or pilfering your mail.  Banks,
companies that take credit cards and credit-rating bureaus themselves
don't do enough to protect consumers, critics say.  Law enforcement
experts now estimate that half of all such cases come from thefts of
business databanks as more and more information is stored in computers
that aren't properly safeguarded.  There is a shift by identity thieves
from going after single individuals to going after a mass amount of
information, said Joanna Crane, identity-fraud program manager at the
Federal Trade Commission. There's an awful lot of bribery of insiders
going on.  Source:
http://www.washingtonpost.com/wp-dyn/articles/A1026-2002Dec2.html 

[return to top]

Transportation Sector

3.  December 3, U.S. Customs Service - Customs announces CSI
deployment at Le Havre.  U.S. Customs Commissioner Robert C. Bonner
announced Tuesday the deployment of four U.S. Customs officers to the
French port of Le Havre, marking the latest step in the agency's
Container Security Initiative (CSI).  CSI is designed to prevent
terrorists from infiltrating the world's sea cargo environment by
improving security at key seaports worldwide.  To date, nine countries
have agreed to participate with U.S. Customs under CSI.  These
agreements cover 15 ports, all among the top 20 ports that handle
shipments bound for the United States.  Source:
http://www.customs.ustreas.gov/hot-new/pressrel/2002/1203-00.htm 

4.  December 1, Dallas Morning News - International shipping
vehicles vulnerable to terrorist attacks.  With al-Qaeda stepping up its
sporadic attacks on western targets, there is a consensus among
terrorism experts that international shipping is increasingly vulnerable
to extreme tactics.  The risk extends beyond the big, obvious targets to
the thousands of ferryboats that move cars, cargo and commuters from
port to port, often with minimal security, in the United States and
Europe.  Steven Flynn, a former U.S. Coast Guard commander who is now a
senior fellow with the Council on Foreign Relations, contends that one
serious incident involving containers brought into the United States by
ship would prompt the public to demand the entire system be shut down,
crippling global commerce.  The impact of a shipping shutdown would be
disastrous for the U.S. economy, Flynn said.  While U.S.
counter-terrorism officials grapple with this potential hazard, their
European counterparts have imposed high security alerts in recent months
because of intelligence indicating that terrorists plan to target one of