Department of Homeland Security Daily Open Source Infrastructure Report

Friday, December 4, 2009

Complete DHS Daily Report for December 4, 2009

Daily Report

Top Stories

 The Associated Press reports that the explosion at the Imperium Grays Harbor biodiesel plant near Aberdeen, Washington apparently started when a tank used to mix glycerin and sulfuric acid became overpressurized. About 500 gallons of sulfuric acid leaked out the tank, but state officials say air quality in nearby neighborhoods is safe. (See item 1)


1. December 3, Associated Press – (Washington) Biodiesel explosion blamed on overpressurized tank. The explosion at a Grays Harbor biodiesel plant apparently started when a tank used to mix glycerin and sulfuric acid became overpressurized. A spokesman for Imperium Grays Harbor near Aberdeen says he does not know why the tank was overpressurized and why it exploded Wednesday afternoon. He told the Daily World newspaper that glycerin is not an explosive substance and the sulfuric acid makes it less, not more, volatile. In the explosion, a large piece of the tank blew about 100 feet, crashing through a chain link security fence. No one was injured, and he says the biodiesel tank is intact. Officials estimate that about 500 gallons of sulfuric acid leaked out the tank at the time of the explosion. But state officials say air quality in nearby neighborhoods is safe. Source: http://seattletimes.nwsource.com/html/localnews/2010415085_apwabiodieselexplosion.html


 According to Reuters, the Department of Homeland Security’s U.S. Computer Emergency Readiness Team has identified flaws in equipment from four companies that hackers can exploit to break into corporate computer networks. The warning applies to certain networking products from Cisco Systems Inc, Juniper Networks Inc, SonicWall Inc, and SafeNet Inc. (See item 34 in the Information Technology Sector below)


Details

Banking and Finance Sector

Nothing to report


Information Technology


33. December 3, V3.co.uk – (International) Security worries continue to dog cloud vendors. Worries over security are severely hampering the adoption of cloud computing services, according a recent analyst report. Research firm Forrester said that a recent survey revealed that roughly half of all companies, from small businesses to large enterprises, cited security worries as the primary reason for not adopting cloud services. Security concerns have long been one of the biggest issues with cloud services. The enterprise and government sectors have both expressed concerns about putting corporate data in the hands of third parties and remotely-accessed systems, while security experts have made cloud security a hot topic. The cloud security sector itself has also grown as vendors seek to offer services and best practice guidelines to help improve data security on cloud platforms. The Forrester study was performed as part of the firm’s larger report on the state of emerging business hardware. Analysts noted that, while cloud adoption is being hampered, technologies such as virtualization and energy management are seeing healthy growth and giving hope for an economic rebound in the IT space as a whole in the coming year. Source: http://www.v3.co.uk/v3/news/2254357/security-worries-continue-dog


34. December 2, Reuters – (International) Cisco, Juniper gear vulnerable to hacking: U.S. govt. The U.S. government has identified flaws in equipment from four companies that hackers can exploit to break into corporate computer networks. The Department of Homeland Security’s U.S. Computer Emergency Readiness Team, US-CERT, said on its Web site on Wednesday that the warning applies to certain networking products from Cisco Systems Inc, Juniper Networks Inc, SonicWall Inc, and SafeNet Inc. The flaw applies to equipment with technology known as SSL VPN that companies use to set up secure communications systems for safely accessing internal computer systems over the Internet. Hackers who exploit the vulnerability could gain broad access to corporate networks, then steal confidential data, install malicious software, or turn PCs into spam servers. US-CERT’s posting said the manufacturers have yet to develop a remedy for the problem, which government officials brought to their attention on September 24. In the meantime, US-CERT researchers have developed three “workarounds” that they said minimize, but do not eliminate, the risk of an attack. Source: http://www.reuters.com/article/technologyNews/idUSTRE5B161X20091202


35. December 1, SearchSecurity.com – (National) Cybersecurity grant to fund research into critical infrastructure threats. A consortium of cybersecurity researchers from the country’s top academic institutions, coordinated by Northrop Grumman Corp.’s information systems sector, was announced on December 1 in Washington, D.C. The group’s stated goal is to collaborate on cybersecurity research and proactively address known and unknown threats to critical infrastructure, public safety and ecommerce. The group outlined 10 cybersecurity research projects they will conduct under a five-year grant from Los Angeles, California-based Northrop Grumman, one of the largest contractors to the defense and intelligence communities in the United States. The cybsersecurity funding totals in the millions of dollars annually, said Northrop Grumman’s chief technology officer. While some of the work will be funneled back into Northrop Grumman’s business, the technology officer added that each participating university — Purdue University, Carnegie Mellon University and Massachusetts Institute of Technology — would be able to patent any intellectual property it developed as part of the consortium; collaborative projects would be handled on a case by case basis. While the consortium members representing the universities acknowledge that the bulk of the cybersecurity research would not focus on building solutions to existing problems, it does not mean a particular application could not be accelerated to meet a current cybersecurity issue. Source: http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1375721,00.html

Communications Sector

36. December 3, CNET News – (National) FCC seeks comment on spectrum re-allocation. The Federal Communications Commission (FCC) opened a formal proceeding Wednesday to get feedback on whether it should reclaim some spectrum licenses held by TV broadcasters and auction them off to wireless broadband providers. The public comment notice issued by the FCC is the first step in a process that could pit TV broadcasters against the FCC and the wireless industry. The FCC Chairman said in a speech earlier in the week that he is interested in taking back some of these airwaves to re-auction them for use in building new wireless broadband services. Broadcasters oppose a plan under which they would give up any spectrum licenses, saying that it would harm some Americans’ access to free over-the-air TV programming. But some FCC officials, such as the one who is in charge of drafting a policy plan for national broadband, argue that some of this spectrum is not being used efficiently or effectively. The idea is that the spectrum could be better used for providing 4G wireless services. Source: http://news.cnet.com/8301-30686_3-10408512-266.html