December 2008 Archives

The National Infrastructure Protection Plan (NIPP) Update is a stand-alone document that provides a brief overview of the most significant and relevant issues or changes to the NIPP since its release in June 2006. Because significant program changes were identified in late 2007 and realized in early 2008, a separate 2007 Update was not released. This document presents both 2007 and 2008 updates to the NIPP. DOWNLOAD

DHS & FEMA have also released a revised National Incident Management System (NIMS) - the national standard for incident management.  NIMS establishes standardized incident management processes, protocols, and procedures that all federal, state, tribal and local responders will use to coordinate and conduct response actions. 

The revisions expand on the original version released in March 2004 by clarifying existing NIMS concepts, better incorporating preparedness and planning and improving the overall readability of the document. The revised document also differentiates between the purposes of NIMS and the National Response Framework (NRF) by identifying how NIMS provides the action template for the management of incidents, while the NRF provides the policy structure and mechanisms for national-level policy for incident management.  DOWNLOAD

The North American Electric Reliability Corporation (NERC), Princeton, NJ, and its Cyber Security Standard Drafting Team, have announced the release of phase one of proposed revisions to eight Critical Infrastructure Protection reliability standards for industry comment and review.

NERC PRESS RELEASE

PROPOSED STANDARDS

The National Journal Magazine has a sobering article concerning a 2006 attack on computers and networks in Congress. READ MORE

You are also encouraged to read the supporting material with the article!

The Internet Security Alliance (ISAlliance) is proposing a new model for protecting and defending critical technology systems and information. "The Cyber Security Social Contract." policy recommendations are intended for the Obama Administration and the 111th Congress.

Deja Vu all over again ...

After completing a recent cybersecurity exercise government and industry experts conclude the United States is unprepared for a major hostile attack against vital computer networks. READ MORE

This year's report reveals that online and data security threats continue to increase in number and sophistication. They propagate faster and are more difficult to detect.

Key report findings include:

• Spam accounts for nearly 200 billion messages each day, which is approximately 90 percent of email sent worldwide
• The overall number of disclosed vulnerabilities grew by 11.5 percent over 2007
• Vulnerabilities in virtualization products tripled to 103 in 2008 from 35 in 2007, as more organizations embraced virtualization technologies to increase cost-efficiency and productivity
• Over the course of 2008, Cisco saw a 90 percent growth rate in threats originating from legitimate domains; nearly double what the company saw in 2007
• Spam due to email reputation hijacking from the top three webmail providers accounted for just under 1 percent of all spam worldwide, but constituted 7.6 percent of all these providers' mail

Fortunately, responses to these threats and trends are improving. Advances in attack response stem from the increased collaboration between vendors and security researchers to review, identify, and combat vulnerabilities.

Cisco 2008 Annual Security Report

Taking a holistic approach to secure a multi-tiered environment is an important and crucial component of an organization's cyber security strategy.  The presentation will focus on three critical areas on securing a multi-tiered environment:  (1) Internet (2) applications and (3) databases.  Topics of discussion will include the emergence of more sophisticated websites, application and database attacks, increasing prevalence of botnets, including a new generation of identity theft being powered by botnets, along with increasingly malicious spyware that can compromise devices on an organization's network.

This webcast presentation will also focus on best practices for implementing a secure multi-tiered environment and what steps to take to enhance security of networks and applications.

Wednesday, December 17, 2008
2:00pm - 3:00pm (Eastern)
MORE INFO

Silicon Valley ISSA Annual Holiday Luncheon
Tuesday / Dec 16th / 11:30AM
Frankie, Johnnie & Luigi's Too
Mountain View, CA
Registration

Trust for America's Health (TFAH) and the Robert Wood Johnson Foundation (RWJF) have issued the Ready or Not? Protecting the Public's Health from Diseases, Disasters, and Bioterrorism 2008 report.

This report, the sixth annual edition, finds that on some levels, significant progress has been made in the nation's preparedness. However, this year, TFAH found that cuts in federal funding for state and local preparedness since 2005, coupled with the cuts states are making to their budgets in response to the economic crisis, put that progress at risk.  READ MORE

DHS is required by the Congress in Section 804 of the 9/11 Commission Act, entitled the Federal Agency Data Mining Reporting Act, to summarize related activities and principles for implementing privacy protections in research projects conducted by the DHS Science and Technology Directorate (S&T), the Department's primary research and development arm.

The 2008 Report to Congress - Data Mining: Technology and Policy from the DHS Privacy Office is now available. DOWNLOAD REPORT

In July 2008 Terry Childs, a network engineer in San Francisco's city-county government, was arrested for seizing control of the fiber network, locking out co-workers and denying officials the passwords to get back in.  Although most of the dust has settled, San Francisco's Department of Information Technology still has a pile of digital debris that it is shifting through. Apparently disgruntled network administrator Terry Childs left a networking device hidden on the city FiberWAN network that, as of this writing, IT staff are still trying to locate -- months following Childs' arrest. 

The ability of Childs to single-handily hold the San Francisco system hostage raises many questions about how to manage operations in complex public and private systems. READ MORE

FBI report says copper thieves, sometimes acting as "organized groups," are threatening "critical" U.S. infrastructure, from electrical sub-stations, cellular towers, telephone land lines to railroads and crops. READ MORE

The Center for American Progress has released a report addressing the vulnerability to terrorist attack and accidents during day-to-day operations of the nation's 101 most dangerous chemical facilities.  READ MORE

Download the full report (pdf)

After a long planned shift in DoD roles, the U.S. military expects to have 20,000 uniformed troops inside the United States by 2011 trained to help state and local officials respond to a nuclear terrorist attack or other domestic catastrophe. MORE

In prepared remarks for the 115th International Association of Chiefs of Police conference , FBI Director, Robert S. Mueller III, highlighted the need for all levels of government to share intelligence to accomplish their law enforcement and counterterrorism missions. READ MORE

Copy of Director Mueller's speech from FBI web site ...