Monday, December 31, 2007

Daily Report

• The Vail Daily reported that a train carrying quicklime, a chemical used in fertilizer, derailed and spilled its load in a remote part of Eagle County, Colorado. When mixed with water, quicklime turns to a vapor that can irritate skin and eyes. There were no reports of injuries and the spill will not harm the water supply. (See items 3)

• According to Reuters, U.S. regulators have issued a public health alert for about 14,800 pounds of missing ground beef products that may be contaminated with the potentially deadly E. coli bacteria. The USDA issued the alert after a trailer containing the ground beef was reported stolen by Texas American Food Service Corporation. (See item 14)

Information Technology

20. December 28, Security Products Online – (National) ITRC reports on ID theft in ‘07, predictions for ‘08. At the end of each year, the Identity Theft Resource Center reviews identity theft trends and patterns throughout the year. It examines the new directions this crime appears to be taking. The basis of this information includes: victims and their experiences, ITRC’s expertise, and data from law enforcement on the ways criminals are stealing and using personal identifying information and financial records. Among the issues the ITRC found in reviewing 2007: check schemes are increasing as credit issuers make it more difficult to get credit without authentication, identity thieves continue to exploit Web sites that promote online auctions and want ads, job hunting, dating and social networking to find victims, and the failure to believe someone could steal your identity generates apathy, therefore, individuals fail to take proactive steps to minimize risk. The ITRC also predicted that in 2008 identity theft will continue to grow more international in scope. Scams will become more sophisticated and will be harder to detect, as thieves become more industrious and skilled at designing viruses, Trojans, and ways to trick you into divulging personal identifying information. On the positive side, ITRC believes that businesses will develop and implement better ways to authenticate the identity of applicants including Internet and telephone applications, and that there will be a higher recognition of identity theft as a crime by law enforcement.

21. December 27, SC Magazine U.S. – (National) NIST may urge federal agencies to conduct penetration attacks. In the final draft of its upcoming security guidelines for protecting federal information systems, the National Institute of Standards and Technology (NIST) is recommending that federal agencies conduct regular penetration tests to determine whether their networks can be breached. The NIST draft guidelines, which will be published next March, suggest that federal agencies “should consider adding controlled penetration testing to their arsenal of tools and techniques used to assess the security controls” in their information systems. NIST recommends that government agencies train selected personnel in penetration testing tools and techniques, which should be updated on a regular basis to address newly-discovered exploitable vulnerabilities. The guidelines also express a preference for the use of automated penetration tools and say that special consideration should be given to penetration tests on newly developed information systems before it is authorized for operation, on any legacy system undergoing a major upgrade, or “when a new type of attack is discovered that may impact the system,” according to the draft of the NIST guidelines. The guidelines, which will be finalized at the end of January and published in March 2008 as the Guide for Assessing Security Controls in Federal Information Systems, detail comprehensive security control assessment procedures federal agencies should follow to protect their information systems. The draft was produced at the Computer Security Division of NIST’s Information Technology Laboratory.

22. December 27, San Jose Mercury News – (National) Experts fail government on cybersecurity. Since the outbreak of a cybercrime epidemic that has cost the American economy billions of dollars, the federal government has failed to respond with enough resources, attention, and determination to combat the cyberthreat, a San Jose Mercury News investigation reveals. “The U.S. government has not devoted the leadership and energy that this issue needs,” said a former administration homeland and cybersecurity adviser. Even as the White House asked in November for $154 million toward a new cybersecurity initiative expected to reach billions of dollars over the next several years, security experts complain the administration remains too focused on the risks of online espionage and information warfare, overlooking international criminals who are stealing a fortune through the Internet. The difficulties are systemic and widespread, and include limited resources, fractured responsibility, and an unfamiliar threat.

Communications Sector

23. December 27, Boston Globe – (Massachusetts) Tunnels ready for cellphones. Passengers riding the T in tunnels underneath downtown Boston will now be able to chat on their cellphones, text-message their friends, or use hand-held devices to e-mail their bosses from platforms and underground tunnels in and around four of the MBTA’s busiest stations. Yesterday, AT&T became the third cellphone provider to offer a signal underground. T-Mobile and Verizon both connected their networks earlier this month, but without any announcement from the T, many customers were not aware they could use their phones. The service is currently being offered in Downtown Crossing, Government Center, State, and Park Street stations, and all the tunnels in between. Expansion to other stations and tunnels is expected as cellphone service providers see demand and are willing to pay for the connection. The nation’s subways have been slow to introduce cellphone service, in large part because carriers have not wanted to spend the money to wire tunnels. The Massachusetts Bay Transportation Authority has tried to get cellphone service into the system for most of this decade; an earlier deal fell through when companies balked at the high cost of wiring the entire T.