National Infrastructure Protection Center NIPC Daily Open Source Report for 2 January 2003
Daily Overview . The Stars and Stripes reports the enrollment and claim files of 550,000 beneficiaries of the military's managed-care medical network were stolen on December 14. (See item 8) . CNN reports the nation's larger airline carriers are resolving to trim costs in 2003 and are looking to smaller competitors for cost saving ideas. (See item 3) . ZDNet reports a new variant of the Yaha virus that appeared just before Christmas has proven contagious, infecting thousands of computers worldwide; Symantec has raised the threat from a Category 2 to a Category 3. (See item 10) Editor's Note: Beginning January 6, 2003, the NIPC Daily Open Source Report will be aligned to cover the critical infrastructure sectors as identified in the National Strategy for Homeland Security. Currently covered sectors, which were set forth in Presidential Decision Directive 63, are included in the new format. The new Sector alignment will be as follows: Agriculture, Food, Water, Public Health, Emergency Services, Government, Defense Industrial Base, Information and Telecommunications, Energy (to include Electric Power, and Oil and Gas), Transportation, Banking and Finance, Chemical Industry and Postal and Shipping. NIPC Daily Report Fast Jump [click to jump to section of interest] Power Banking & Finance Transportation Gas & Oil Telecommunications Food Water Chemical Emergency Law Enforcement Government Operations Information Technology Cyber Threats and Vulnerabilities Internet Alert Dashboard General NIPC Information Power Sector 1. December 31, Platts Energy News - Bulgaria' Kozloduy nuke set to shut units. Bulgarian authorities said the second reactor at Bulgaria's Kozloduy nuclear power plant was permanently shut at midnight local time Monday, after 27 years of operation. Its twin, unit one, is scheduled to shut at 4 pm Tuesday after 28 years. Both Kozloduy units, first -generation 440MW reactors, are being shut to satisfy European Union requirements for Bulgaria's bid to join the EU in 2007. The EU considered the reactors unsafe. Iordan Kostadinov, director of the Kozloduy plant, said the two units were Bulgaria's cheapest electricity producers and their closure would mean a loss of $200 million per year. Decommissioning of the two units is backed by the European Bank for Reconstruction and Development. Source: http://www.platts.com/archives/94941.html 2. December 30, Albuquerque Journal - Nine utilities plan transmission company. Xcel Energy, along with eight other electric utilities, has filed for regulatory approval in New Mexico to form a transmission-only company, Translink Transmission Co. This would be a for-profit company controlling the movement of electricity in parts of eight states. In addition to New Mexico, filings were made in Iowa, Minnesota, Texas and Wisconsin. Filings are also planned in Colorado, Illinois and North Dakota. Xcel Energy, formerly Southwestern Public Service Co., is New Mexico's second largest regulated utility. The company has 1,400 miles of power lines and 106,000 customers in eastern New Mexico. Minneapolis-based Xcel joined seven other utilities to form Translink in response to a 1999 Federal Energy Commission (FERC) order. The FERC order requires utilities to hand over control of transmission to independent companies. Competing utilities and wholesale power marketers will thus have equal opportunity to move power across the country, FERC said. The other utilities participating in Translink are Alliant Energy of Madison, Wis.; Corn Belt Power Cooperative of Humboldt, Iowa; Dairyland Power Cooperative of La Crosse, Wis.; Great River Energy of Elk River, Minn.; MidAmerican Energy Co. of Des Moines, Iowa; Nebraska Public Power District of Columbus, Neb.; Omaha Public Power District of Omaha, Neb.; and Southern Minnesota Municipal Power Agency of Rochester, Minn. Translink executives expect to get regulatory approval and begin operations next fall. Source: http://www.energycentral.com/sections/newsroom/nr_article.cfm?id=3542941 Current Electricity Sector Threat Alert Levels: Physical: ELEVATED, Cyber: ELEVATED Scale: Low, Guarded, Elevated, High, Severe [Source: ISAC for the Electricity Sector (ES-ISAC) - http://esisac.com] [return to top] Banking and Finance Sector Nothing to report. [return to top] Transportation Sector 3. December 31, CNN - Airlines resolve to trim costs in 2003. The nation's larger carriers, like American Airlines, are looking to smaller competitors like Southwest for cost saving ideas. After years of positive returns, the nation's biggest airlines experienced a serious about-turn in 2002. With industry-wide losses approaching $9 billion for the year, carriers such as American, United and Delta shed employees and excess planes, eliminated travel agents' commissions and levied new fees on everything from extra baggage to alcoholic beverages. The biggest airlines sought inspiration from Southwest Airlines, the soundest major carrier around and the only one to consistently report quarterly profits during the industry's worst downturn ever. For example, American overhauled flight schedules at its hubs to use planes and employees more efficiently, reduced the number of different jets it flies to cut maintenance costs and tested a new fare structure to offer lower prices for business travelers -- each a nod to the Southwest way. The Fort Worth-based carrier also asked employees to forgo raises next year and said it wants to change work rules to cut annual expenses by more than $3 billion annually. Source: http://www.cnn.com/2002/TRAVEL/12/31/airlines.reform.ap/index.html 4. December 30, Government Executive Magazine - TSA meets baggage screening deadlines. With a day to spare, the head of the Transportation Security Administration said Monday the agency will meet its final congressional mandate on time by screening all checked airline baggage for explosives by Dec. 31. At a news briefing Monday, TSA Administrator James Loy said that 90 percent of the nation's 429 airports have explosive detection equipment in place to scan bags. At a small number of airports TSA security personnel will use a variety of manual methods to inspect luggage. These methods will include hand searches, the use of bomb-sniffing dogs, and matching checked bags with airline passengers. Originally, the 2001 Aviation and Transportation Security Act mandated that all bags be scanned electronically with explosive detection equipment. When it became clear earlier this year that such a directive was virtually impossible to meet by Dec. 31, lawmakers expanded the definition to include the manual methods. For instance, prior to the Sept. 11 attacks, barely 5 percent of checked bags were screened for explosives. Additionally, the agency has deployed more than 50,000 employees to screen both baggage and passengers. Source: http://www.govexec.com/dailyfed/1202/123002w1.htm [return to top] Gas and Oil Sector 5. December 31, Reuters - Oil prices backed further away from two-year highs on Tuesday, as promises of extra OPEC supply drained strength from a rally which added 50 percent to the cost of oil in 2002. Mounting fears of war in Iraq and a prolonged export halt in Venezuela continued to underpin the recent surge in futures prices, which have lifted pump prices in the West and dented a fragile world economic recovery. U.S. crude oil futures fell heavily for the second straight session, dropping over $1 to a low of $30.05 a barrel, down more than $3.50 or 10 percent from two-year highs struck early on Monday. Prices have gone into retreat since an OPEC delegate on Monday said the cartel was ready to raise output to ease supply concerns sparked by Venezuela's 30-day oil strike and the growing threat of war in Iraq. Source: http://story.news.yahoo.com/news?tmpl=story&u=/nm/20021231/bs_nm/markets _oil_dc_12 [return to top] Telecommunications Sector Nothing to report. [return to top] Food Sector 6. December 31, Associated Press - California orders one million infected chickens destroyed. California officials have ordered the destruction of one million chickens infected with Newcastle disease and expanded the quarantine to a total of five Southern California counties. The exotic Newcastle virus, which is harmless to humans but contagious and fatal among poultry, threatens the state's $3 billion poultry industry. It was found in 1 million hens at an egg farm in western San Bernardino County, CA and they were ordered destroyed. San Bernardino already was under quarantine, along with Riverside and Los Angeles counties. State officials expanded the quarantine area to include San Diego County after the virus was found in a commercial flock of 75,000 birds there. Orange County was added to the quarantine list, even though it has no commercial poultry operations, to prevent the potential transport of infected birds. Source: http://www.cnn.com/2002/US/West/12/31/poultry.disease.ap/ [return to top] Water Sector 7. January 1, New York Times - Calif. water users miss deadline on sharing pact. Efforts by water officials in Southern California failed to reach a deal on water usage from the Colorado River before a December 31 deadline. As a result, the Bush administration said it would cut flows from the river to the state's cities and farms beginning in January, making it the first time the federal government has imposed such a penalty. Even as the board of one water agency, the Imperial Irrigation District, voted here to approve a revamped proposal, other water officials said they had given up on making the deadline. The officials said that differences among them remained too great and that the Imperial proposal was unacceptable. The deadline was part of an agreement reached two years ago among seven Western states, including California, which was meant to end fighting over water supplies from the Colorado River. Under that agreement, the Imperial Irrigation District was to transfer 200,000 acre-feet of water it has been receiving each year from its farms to the San Diego County Water Authority. Currently, agricultural districts get most of the water that comes from the Colorado River, an imbalance that most water experts agree must change to address the state's chronic water shortages. Source: http://www.nytimes.com/2003/01/01/national/01WATE.html [return to top] Chemical Sector Nothing to report. [return to top] Emergency Law Enforcement Sector 8. December 31, Washington Post - Five men sought by FBI for illegal entry linked to passport smuggling. Five foreign nationals who are being sought by the FBI for questioning, and who may have entered the United States illegally from Canada, are connected to a passport smuggling operation with possible ties to terrorists, U.S. and Canadian officials said yesterday. One source familiar with the ongoing investigation said the five men were part of a group of 19 individuals who had sought fake documents in order to enter the United States. The original information about the five men, along with their pictures, came from Canadian authorities who sent the data to the FBI last week, U.S. officials said. Although the FBI immediately transmitted the information to the Immigration and Naturalization Service, the Customs Service and the Transportation Security Administration, the men were already believed to have entered the United States on or about Christmas Eve, officials said. No direct links have been found between the five men and terrorist activities, officials said. But one U.S. official said the men had ties to others with suspected terrorist credentials, including those involved in the smuggling operation. Source: http://www.washingtonpost.com/wp-dyn/articles/A56802-2002Dec30.html [return to top] Government Operations Sector Nothing to report. [return to top] Information Technology Sector 9. December 31, Stars and Stripes - Files stolen from military health contractor. Enrollment and claim files of 550,000 Tricare beneficiaries across the sixteen-state Central Region of the military's managed-care network were stolen on December 14. Missing are computer hard drives with names, addresses, phone numbers, Social Security numbers, claims data and other information on every service member, family member and retiree enrolled in Tricare through TriWest Healthcare Alliance Corporation, a managed-care support contractor based in Phoenix, Arizona. The Central Region comprises Arizona, Colorado, Idaho, Iowa, Kansas, Minnesota, Missouri, Montana, Nebraska, Nevada, New Mexico, North Dakota, South Dakota, Utah, Wyoming and western Texas. The threat of financial mischief through credit card applications, access to e-mail, rerouting government checks and false identifications is clear. But the stolen data also would seem to create risks to national security and to personal safety, in light of the war on terror. The total impact of the theft is still being assessed and the case is being investigated by the Defense Criminal Investigative Service, FBI and other law enforcement agencies. Source. http://www.estripes.com/article.asp?section=104&article=11756&archive=tr ue [return to top] Cyber Threats and Vulnerabilities 10. December 31, ZDNet - Yaha virus infection worsens. A new variant of the Yaha virus that appeared just before Christmas has proven contagious, infecting thousands of computers worldwide. The virus has seen its numbers increase dramatically, with over 7,000 being stopped by MessageLabs, a managed service provider, on Monday. So far more than 17,000 copies of the virus have been detected by MessageLabs, leaping it to the fifth most common virus sent through the system since records began. In response to the increase in occurrence, Symantec, an Internet security technology company, has raised the threat from a Category 2 to a Category 3. The worm arrives in the form of an .exe or .scr attachment to an e-mail with a variety of subjects and messages, and contains its own e-mail client to mail itself out, forging the from address. It also attempts to close down a number of firewalls and antivirus programs. Source. http://www.zdnet.com.au/newstech/security/story/0,2000024985,20270925,00 .htm Internet Alert Dashboard Current Alert Levels Internet Security Systems AlertCon: 1 out of 4 https://gtoc.iss.net/ Security Focus ThreatCon: 1 out of 4 http://analyzer.securityfocus.com Last Changed: 26 December 2002 Last Changed: 21 December 2002 Current Virus and Port Attacks Virus: #1 Virus in USA: WORM KLEZ.H Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 137(netbios-ns); 80 (http); 1433(ms-sql-s); 445(microsoft-ds); 53(domain); 21(ftp); 139(netbios-ssn); 4662; 25(smtp); 27374(asp) Source: http://isc.incidents.org/top10.html; Internet Storm Center [return to top] General Information 11. December 31, Reuters - World ratchets up security as it rings in New Year. Cities across the world tightened security for New Year's Eve celebrations, with the Indonesian capital deploying 200,000 police and Sydney taking Olympics-style precautions for a party that attracted hundreds of thousands. On the other side of the world, an extra 1,000 policemen will be deployed in Paris to oversee celebrations, bringing the total to around 5,500. In Russia, 250,000 policemen were due to patrol the streets to prevent violence and unrest among tens of thousands of revelers expected to party outside despite the extreme cold. In Berlin, host to Germany's largest new year's celebration, a police spokesman said security had not been increased this year but added overall measures remain high. Source: http://story.news.yahoo.com/news?tmpl=story&u=/nm/20021231/wl_nm/newyear _dc_5 12. December 30, Associated Press - Polio: counting every vial. The federal government is taking an inventory of polio strains in labs around the country as part of an effort to prevent the virus from accidentally escaping and causing outbreaks once the disease is eradicated. All 31,000 institutions that have polio virus stocks have until Tuesday to submit a report to the U.S. Centers for Disease Control and Prevention (CDC). The CDC is also asking labs that no longer need to work with the virus to destroy any stocks they have. Federal officials have said polio could be eradicated worldwide within two years. Health officials learned a lesson from what happened with the smallpox virus. Smallpox was eradicated in 1977, but less than a year after eradication two smallpox cases emerged from a lab in the United Kingdom. "When polio is eradicated, every effort must be made to ensure that wild polio virus is not similarly transmitted from the laboratory," the CDC said. Source: http://www.cbsnews.com/stories/2002/12/30/health/main534755.shtml 13. December 30, Associated Press - Red Cross failed to follow safety rules. The American Red Cross received reports that 134 people, including one who died, got hepatitis B after blood transfusions, but the organization did not investigate them because of internal policies that violate government safety rules, federal regulators say. The U.S. Food and Drug Administration (FDA) cited the hepatitis discovery as one of more than 200 violations of federal safety rules it found during its latest inspection of Red Cross headquarters. The FDA also alleges that some Red Cross employees were instructed to skip required safety steps, and others altered records to allow release of blood that had failed safety testing. In addition, the FDA charged the Red Cross failed to screen out some people who weren't supposed to give blood, and couldn't account for what happened to the resulting donations. Source: http://www.cbsnews.com/stories/2002/12/30/health/main534783.shtml [return to top] NIPC Products & Contact Information The National Infrastructure Protection Center (NIPC) serves as a national critical infrastructure threat assessment, warning, vulnerability, and law enforcement investigation and response entity. The NIPC provides timely warnings of international threats, comprehensive analysis and law enforcement investigation and response. The NIPC provides a range of bulletins and advisories of interest to information system security and professionals and those involved in protecting public and private infrastructures. By visiting the NIPC web-site (http://www.nipc.gov), one can quickly access any of the following NIPC products: 2002 NIPC Advisories - Advisories address significant threat or incident information that suggests a change in readiness posture, protective options and/or response. 2002 NIPC Alerts - Alerts address major threat or incident information addressing imminent or in-progress attacks targeting specific national networks or critical infrastructures. 2002 NIPC Information Bulletins - Information Bulletins communicate issues that pertain to the critical national infrastructure and are for informational purposes only. 2002 NIPC CyberNotes - CyberNotes is published to support security and information system professionals with timely information on cyber vulnerabilities, malicious scripts, information security trends, virus information, and other critical infrastructure-related best practices. 2002 NIPC Highlights - The NIPC Highlights are published on a monthly basis to inform policy and/or decision makers of current events, incidents, developments, and trends related to Critical Infrastructure Protection (CIP). Highlights seeks to provide policy and/or decision makers with value-added insight by synthesizing all source information to provide the most detailed, accurate, and timely reporting on potentially actionable CIP matters. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk