Tuesday, December 11, 2007

Daily Report

• The Baltimore Sun reports that the National Transportation Safety Board is investigating a near collision at the Baltimore-Washington International Thurgood Marshall Airport. The incident is being investigated as “an action by an air traffic controller that results in less than the required minimum separation between two aircraft,” documents show. (See item 13)

• According to Gannett News Service, theft of personal data grew more than three times in 2007. Names, birth dates, account numbers, and Social Security numbers have increased in value in the cybercrime underground. Meanwhile, organizations expose rich veins of such data as they convert paper documents into digital records. (See item 29)

Information Technology

27. December 10, Computer Weekly – (National) Information security strategies fail to meet corporate needs. Information security remains isolated from executive management and business strategy, according to the Ernst & Young Global Information Security Survey. The survey of executives at around 1,300 firms worldwide, says companies are still failing to implement a holistic approach towards information security, as the security function remains too isolated from executive management and the strategic decision-making process. The survey reveals that a third of information security personnel never meet with company board or audit committee members, and over a quarter of information security personnel do not report to business leaders on information security compliance or incidents.

28. December 10, Computer Weekly – (National) 2007: A year of sophisticated web threats. This year has seen even more sophisticated and targeted web attacks come of age, says the MessageLabs Intelligence 2007 Annual Security Report. The web security firm says 2007 has been a year of diversity, because of the vast number of new tactics, techniques, and trojans entering the security market during the last 12 months. As the year progressed, so did the variety in file attachments being used as well as the transition to using malicious links, which are able to travel under the radar of signature based antivirus technology and provoking less suspicion from the e-mail recipients. At the beginning of the year, only three percent of e-mail-borne viruses contained malicious links, said MessageLabs. However, by December, 25 percent of e-mails had a vicious link. This trend demonstrates how virus writers are becoming increasingly sophisticated in the malware they create in order to avoid detection and increase their chances of penetrating a vulnerable system, said MessageLabs. This year also saw the emergence of threats targeting the fast-growing and vulnerable area of social networking. Web sites such as Facebook, Linked-In, and Plaxo present rich-pickings to cyber criminals looking to gather personal information for use in identity theft or targeted attacks, says the report.

29. December 10, Gannett News Service – (National) Theft of personal data in '07 grows more than 3 times. More than 162 million personal records have been reported lost or stolen in 2007; triple the 49.7 million that went missing in 2006, according to USA Today’s analysis of data losses reported over the past two years. This year, news stories have been written about data losses disclosed by 98 companies, 85 schools, 80 government agencies, and 39 hospitals and clinics, according to a database at tech security Web site Attrition.org; arrests or prosecutions have been reported in just 19 cases. Names, birth dates, account numbers, and Social Security numbers have increased in value in the cybercrime underground. Meanwhile, organizations expose rich veins of such data as they convert paper documents into digital records. Business data worldwide are expected to swell to 988 billion gigabytes by 2010, up from 161 billion gigabytes in 2006, says researcher IDC. As they “cram more and more data into a single place,” companies and agencies present thieves with more opportunities for a big score, says said the vice president of technology at Cryptography Research.

30. December 9, International Herald tribune – (National) Cyber attack on U.S. nuclear arms lab linked to China. A cyber attack reported last week by one of the federal government’s nuclear weapons laboratories may have originated in China, according to a confidential memorandum distributed to public and private security officials by the Department of Homeland Security. Security researchers said the memorandum, which was obtained by The New York Times from an executive at a private company, included a list of Web and Internet addresses that were linked to locations in China. However, they noted that such links did not prove that the Chinese government or Chinese citizens were involved in the attacks. In the past, intruders have compromised computers in China and then used them to disguise their true location. Officials at the laboratory, Oak Ridge National Laboratory in Tennessee, said the attacks did not compromise classified information, though they acknowledged that they were still working to understand the full extent of the intrusion.

Communications Sector

31. December 7, Associated Press – (New York) NY governor stumps for cheap statewide broadband in NY. New York’s governor on Thursday announced his plan to provide broadband Internet service to even the most remote areas of the state. The affordable high-speed Internet service plan was part of what he said will be a transformation and expansion of New York’s economy. Under his plan, a state Council for Universal Broadband, whose members include top information technology officials, representatives from local governments, and experts from academia, will distribute $5 million in grants to research, design and provide broadband Internet. The plan is aimed at providing a tool to help the long stagnant economy in upstate counties. The initiative includes a plan to help New Yorkers learn how to get the most out of broadband service including job searches, school and college work, and establishing home businesses. More than 350 state government services and transactions are available on the Internet. He said the effort will take several years and evolve into an effort to provide wireless service statewide. The effort comes after legislative proposals have languished.