March 2009 Archives

Report information concerning suspicious or criminal activity to DHS and the FBI.  The DHS National Operations Center (NOC) can be reached by telephone at 202-282-9685 or by email at NOC:Fusion@dhs.gov.  For information affecting the private sector and critical infrastructure, contact the National Infrastructure Coordinating Center (NICC), a subelement of the NOC.  The NICC can be reached by telephone at 202-282-9201 or by email at NIC@dhs.gov.  The San Francisco FBI Division can be reached at 415-553-7400.  When available each report submitted should include the date, time, location, type of activity, number of people and type of equipment used for the activity, the name of the submitting company or organization and a designated point of contact.

Incidents involving cyber related activity or breaches, including loss of Personally Identifiable Information, should be reported to US-CERT at https://forms.us-cert.gov/report or emailed to soc@us-cert.gov.  For additional information on CONFICKER and other cyber related topics from the US-CERT National Cyber Alert System visis http://www.us-cert.gov.

US-CERT Current Activity Report

DHS Releases Conficker/Download Computer Worm Detection Tool - DHS press release

The researchers from the Munk Center for International Studies at the University of Toronto, were asked by the office of the Dalai Lama, the exiled Tibetan leader , to examine its computers for signs of malicious software, or malware.  The researchers uncovered a vast electronic spying operation that has infiltrated computers and has stolen documents from hundreds of government and private offices around the world, including those of the Dalai Lama.  READ MORE

Webcast of Monk Center Press Briefing

Report - Tracking GhostNet: Investigating a Cyber Espionage Network

Alex Pentland, an MIT computer professor, argued in a recent report by the World Economic Forum that the growing amount of "digital breadcrumbs" we all leave behind were of enormous social and scientific value.  Prof. Pentland further discussed how the owners of these data were increasingly exposed to misuse and violation of privacy as "reality mining" allows companies and governments to piece together ever more extensive data on behavior patterns and personal movements.  READ MORE

The White House Senior Director for Cyberspace for the National Security and Homeland Security Council, gave the House Cyber Security Caucus a briefing on March 26, 2008 on the status of the administration's 60 day interagency review of the federal cybersecurity mission.

"We were surprised and really pleased to hear Ms. Hathaway say that the administration was expanding their mission on cybersecurity to include the public, which has received short shrift in the past," said Congressman Langevin, co-chair of the House Cyber Security Caucus.  READ MORE

In recent testimony before the Senate Judiciary Committee, FBI Director Mueller discussed FBI mission priorities, changes and challenges. Director Mueller's Testimony

The Senate Homeland Security Committee is asking the DHS Secretary to explain why the National Cyber Security Center (NCSC), set up within the department last year, has seemingly been marginalized by the agency. READ MORE

For more on this topic see our March 12th post - Another DHS Cyber Chief Quits!

An article in the spring issue of IANewsletter, published by the Defense Information Assurance Technology Analysis Center, suggests the DoD establish a fourth military service to conduct cyberwarfare.  READ MORE

Senators Jay Rockefeller (D-W.V.) and Olympia Snowe (R-Maine) have proposed legislation would that would realign cybersecurity responsibilities from DHS and transfer them to the White House creating an Office of the National Cybersecurity Advisor, part of the Executive Office of the President.  READ MORE

The California Department of Water Resources has just released a study that concludes there is a 40 percent chance that a major earthquake will flood 27 delta islands between now and 2030, costing billions in repairs and knocking out the water source for 25 million Californians for more than a year.

Without intervention, it is estimated that about 140 levees of California's could fail in the next century due to storms or rising seas. An earthquake of magnitude 6.7 or greater could result in fatalities, flooding of islands and costs of $15 billion. In California levees have failed about 160 times in the past 109 years. READ MORE

California Department of Water Resources: Delta Risk Management Strategy - Final Phase 1 Report

The networks powering industrial control systems have been breached more than 125 times in the past decade, with one resulting in U.S. deaths, a control systems expert said in recent  testimony to the Senate Committee on Commerce, Science, and Transportation.  READ MORE

Senate Committee on Commerce, Science, and Transportation Hearing: Cybersecurity - Assessing Our Vulnerabilities and Developing An Effective Defense

Joe Weiss, a member of the San Francisco Bay Area InfraGard chapter, was quoted extensively in the referenced Computerworld.com article.  Dr. Weiss also testified at the Senate Committee on Commerce, Science, and Transportation Hearing.

RELATED

The "Smart Grid" may be vulnerable to hackers - The Smart Grid will use advanced sensors to improve electricity efficiency and reliability.  Experts are saying before we go rushing headstrong into a Smart Grid concept, we need to be sure we build with security in-mind from the start. READ MORE

There are two recent postings on the secure InfraGard site that are must reading for InfraGard Members.  Both documents can be found on the "Homepage" under the "InfraGard Items of Interest" section on the secure InfraGard.org site.

Item #1 is "InfraGard Briefing Book" - this document is the InfraGard program's status report as of March 2009.

Item #2 is a copy of the March 2009 Memorandum Of Understanding Between FHS and FBI Regarding Development of Joint Critical Infrastructure Protection Initiatives

On March 12, 1989 Tim Berners-Lee was working as a consultant at CERN where he wrote a proposal to help solve the problem of lost data and information.  In this proposal Berners-Lee developed the concept of "hyper-text". READ MORE

"Happy 20th Birthday, World Wide Web", Scientific American Article

CERN did not transfer the rights to the concepts developed by Berners-Lee to the public domain until April 30, 1993. 

More History...

The DHS Control Systems Security Program (CSSP) has created the Industrial Control Systems Joint Working Group (ICSJWG) to allow the federal government to better work with vendors and state and local agencies to address high-tech issues in their operations. READ MORE

Five witnesses, including representatives from the Government Accountability Office (GAO), Microsoft Corp. and the Center for Strategic and International Studies (CSIS), presented a sobering picture of the current state of national cybersecurity initiatives and highlighted a variety of issues that they said need to be addressed on a high-priority at a March 10th hearing of the Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology of the U.S. House Committee on Homeland Security.  READ MORE

Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology of the U.S. House Committee on Homeland Security web site, includes a video of this hearing.

The U.S. government has spent more than $50 billion since the 2001 anthrax attacks to beef up U.S. defenses against biological attacks; there has not been another attack so far, but the cost of hoaxes and false alarms is rising steeply. READ MORE

Rod Beckström, the Department of Homeland Security's latest cyber-security chief, has suddenly resigned ( Letter of Resignation ) amid allegations of power grabs and bureaucratic infighting.  READ MORE

RELATED:

NSA Dominance of Cybersecurity Would Lead to 'Grave Peril', Ex-Cyber Chief Tells Congress - Amit Yoran, a past cyber security chief, said in  testimony to a House subcommittee that although the Department of Homeland Security, which currently oversees the government's cybersecurity efforts, has demonstrated "inefficiency and leadership failure" in those efforts, moving the cyber mission to the National Security Agency "would be ill-advised" due to the agency's lack of transparency. READ MORE

RELATED:

DHS Secretary says US cyberdefense policy is in flux - Switching U.S. cyberdefenses to the DoD/NSA and away from the Department of Homeland Security remains only an idea, says DHS Secretary Napolitano. READ MORE

Comment ... The US cyberdefense strategy has been in flux as long as InfraGard has been around ...

In a new Government Accountability Office (GAO) report, Influenza Pandemic: Sustaining Focus on the Nation's Planning and Preparedness Efforts, Congress' investigative arm warned that even though "national priorities are shifting as a pandemic has yet to occur, and the nation's financial crisis and other national issues have become more immediate and pressing ... an influenza pandemic [nevertheless] remains a real threat to our nation and to the world."  READ MORE

Download the GAO report...

RELATED:

Scientists at the National Emergency Management Summit say pandemic is certain - expert panel tells emergency managers it's just a matter of when the avian flu will spark a pandemic. READ MORE

RELATED:

5 Myths About Pandemic Panic. READ MORE

Legislation (SB 20) that would require companies doing business in the the state to provide more information in their breach notification letters to consumers, and to send simultaneous notices to state authorities has been introduced into the California Senate. READ MORE

At a recent conference of the Institute for Defense and Government Advancement, Dr. Joel Brenner the the National Counterintelligence Executive, discussed the vulnerability of our ever expanding array of electronic communications devices and the growth in the number and types of groups exploiting them.  READ MORE

Download Dr. Brenner's speech...

Toffler Associates recently completed a paper entitled "Guarding our Future", a report on protecting the future of the nation's infrastructure. The report examines the current and emerging conditions that will shape the future of infrastructure and infrastructure protection. DOWNLOAD REPORT

All it takes is one thumb drive or other external data device plugged into a USB port to jeopardize the security of the network.  A recent article in GovernmentExecutive.com discussed the vulnerability of federal networks but as we all know this is a pervasive problem.  READ MORE

A look inside the FBI cyber division's IC.  The FBI has produced an Infomercial and tour of the Internet Crime Complaint Center (IC3) and some of its inner workings. The FBI operates the IC3 in partnership with the nonprofit National White Collar Crime Center. According to the video's narrator, agents and analysts at the IC3 wade through about 20,000 complaints a month "to find patterns and trends, and then go after the scammers by sending the investigative leads to law enforcement agencies or FBI field offices."

VIEW THE INFOMERCIAL

Visit the Internet Crime Complaint Center (IC3)

The Center for Infrastructure Protection at George Mason University's School of Law has released the February 2009 edition of the Critical Infrastructure Protection Report.  Featured in the current issue are Supervisory Control and Data Acquisition (SCADA) systems.

DOWNLOAD (.pdf)