NIPC Daily Report 31 May 2002 The NIPC Watch and Warning Unit compiles this report to inform recipients of issues impacting the integrity and capability of the nation's critical infrastructures.
Debate over exposing chemical risks. The chemical industry in recent months has successfully lobbied the government to limit access to previously public data about chemical accidents, arguing that it would give terrorists a blueprint to launch an attack. The US chemical industry also has won growing support in law-enforcement circles to fight the terrorist threat with voluntary security improvements - and secrecy. Environmentalists, however, are determined to keep exposing the information, arguing that chemical companies are engaged in far riskier behavior by not adopting safer manufacturing methods. Although environmentalists concede that what they're doing could make it easier for terrorists to pick targets, they contend that an industrial accident could be as devastating as a planned assault. The question of which side might be taking greater chances with American lives remains unanswered. (The Wall Street Journal, 30 May) WWU Comment: Although this article refers to the chemical industry, it underscores the issue facing many industries trying to balance issues of the public's 'right to know' about hazardous conditions and properly securing sensitive data. Several concerns converge when considering the disclosure of information regarding security, materials, processes, and physical locations. Costs and other constraints associated with security and process upgrades can make them infeasible or at least improbable in the short-term. FBI warns of shoulder-fired missile threat. Although it has had no specific warnings, the FBI is alerting law enforcement agencies to be on the lookout for any signs of terrorist plans to use shoulder-fired missiles against US targets, especially commercial airliners. "The FBI possesses no information indicating that al Qaeda is planning to use 'Stinger' missiles or any type of MANPAD [portable anti-aircraft] weapons system against commercial aircraft in the United States," the warning said. "However, given al Qaeda's demonstrated objective to target the US airline industry, its access to US and Russian-made MANPAD systems, and recent apparent targeting of US-led military forces in Saudi Arabia, law enforcement agencies in the United States should remain alert to potential use of MANPADs against US aircraft." (CNN, 30 May) Klez infection persists. The "Klez" worm and its variants, including Klez.E and Klez.H, continue to spread at a dizzying rate, according to anti-virus experts. The Klez rampage has gotten so serious, recent media reports dubbed it the No. 1 virus of all time. Klez.A was first spotted Oct. 25, 2001, but didn't do much damage. Klez.E, which first appeared Jan. 17, was the first Klez variant that produced significant activity. The latest variant, known as Klez.H, was first seen April 17, 2002. Symantec has received 130,000 different submissions of the Klez worm since Klez.E's mid-January debut. This month alone, Symantec has received 70,000 total Klez submissions. By comparison, the worm known as W95.Hybris is the second most submitted as of May 2002, with a mere 3,600. Representatives from Norton Anti-virus stated that not every user of the company's Anti-Virus protection chooses to send samples for analysis, "so the total number of infections is likely potentially much greater". (Newsbytes, 29 May) Security researchers warn about worm of the future. In a paper, How to Own the Internet in Your Spare Time, Stuart Stanford of Silicon Defense, Vern Paxson of ICSI Center for Internet Research, and Nicholas Weaver of University of California Berkeley, argue that internet worms, used as attack tools, will continue to pose a significant threat to systems and infrastructures. Based largely on analysis of the spread the Code Red and Nimda worms, they suggest that in the future, worms that are better engineered and more advanced will be able to spread in tens of seconds rather than hours, and be modified on the fly to circumvent anti-virus efforts. The paper also discusses the threat of a surreptitious worm that would move more slowly, but be much harder to detect and could arguably subvert upwards of 10,000,000 Internet hosts. The authors suggest that by using worms to gain control of millions of hosts on the Internet, the attacker could inflict several types of damage. First, the attacker could launch a diffuse distributed denial of service attack that could bring down e-commerce sites, news outlets, or command and control infrastructures. Second, the attacker could potentially access and exploit sensitive information on any of the millions of infected systems, such as passwords or archived e-mail. Finally, if the attacker can control the information on infected systems, he could corrupt or disrupt the information in order to sow confusion. (The Register 27, May) Russian firm to sell crude oil to US. Yukos, Russia's No. 2 oil producer will send its first tankers to the US this summer as part of a Russian effort to offer US consumers an alternative to Persian Gulf oil. Russia currently supplies a tiny percentage of oil to the US; however, US officials have expressed interest in increasing Russia's share of the market. Oil is Russia's chief export and oil export taxes are a big part of the national budget. (Associated Press, 30 May) Congressional panel issues information security report to Congress . The Joint Economic Committee on 29 May issued a compilation of essays titled "Security in the Information Age" heavily focusing on cyber security and critical infrastructure protection. The objective, according to Chairman James Saxon, is to increase awareness of vulnerabilities, and to develop viable strategies to detect, deter, and counter both physical and cyber-based threats to the American citizens, and the Nation's critical infrastructures. The report is designed to foster creative thinking regarding national security. (Govexec.com, 28 May) IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk