Doug Bedell — October 9, 2015, 11:34 am

Security Input: Knowing About Nuclear Materials

For calm and collected weekend reading, In Homeland Security provides a post on “Should We Fear that Russian Nuclear Materials are Being Smuggled to Terrorists?” Whether we fear such a situation or not, it’s important to be advised on the nature of the materials in question – on the difference, say, between the makings of a nuclear bomb and a “dirty” bomb.

Fun times these are, right? But staying calm, collected and well-informed is the way to negotiate them successfully. This post is toward that end.

Doug Bedell — October 7, 2015, 9:36 am

Alarming Counts on ISIS Threat to U.S. and Allies

October’s Terror Threat Snapshot, released by the U.S. House Homeland Security Committee, “outlines the increasing threat to the United States and its Western allies from ISIS and other Islamist terror groups.”

“First,” says the report, “efforts designed to prevent Americans and other nationals from leaving their home countries to join jihadist groups overseas have not succeeded and – in fact – the U.S. government has yet to formulate an effective strategy to prevent terrorist travel. McCaul’s terror threat snapshot reports that huge security shortfalls overseas are currently putting the United States in danger.”

Doug Bedell — October 5, 2015, 10:44 am

Bruce Schneier on Face Recognition Technology

Bruce Schneier provides a rundown on the evolution of face recognition technology. It’s getting kind of scary, in that our faces are being matched with personal information about us by firms the likes of Facebook, Google and Twitter, “and they know how valuable their archives are”.

“Other companies,” Schneier adds, “will spring up whose business models depend on capturing our images in public and selling them to whoever has use for them. If you think this is farfetched, consider a related technology that’s already far down that path: license-plate capture. Cameras mounted on cars and tow trucks capture license places along with date/time/location information, and companies use that data to find cars that are scheduled for repossession. One company, Vigilant Solutions, claims to collect 70 million scans in the US every month. The companies that engage in this business routinely share that data with the police, giving the police a steady stream of surveillance information on innocent people that they could not legally collect on their own. And the companies are already looking for other profit streams, selling that surveillance data to anyone else who thinks they have a need for it…”

Doug Bedell — October 2, 2015, 10:10 am

A Worrisome Tally: Firearms Being Found at Airports

As a Forbes writer on In Homeland Security puts it, the Transportation Security Administration (TSA) is “setting a dubious record, for the number of firearms discovered in carry-on baggage at airport security checkpoints.”

“As of August of this year,” IHS advises, “(TSA) officers had found 1,898 firearms in 2015 alone. TSA is still collecting data from September, but I counted 207 firearms reported so far on the TSA Blog, bringing the annual total to over 2,100. And we’ve still got another quarter of the year to go. Way to go, America?!?”

Doug Bedell — September 30, 2015, 9:14 am

DHS Reviews Its Employee Attitude Surveys

U.S. Department of Homeland Security Secretary Jeh C. Johnson reviews the results of the 2015 employee survey – the Federal Employee Viewpoint survey – for the 240,000 person department. (Yes, that’s right – DHS has 22 component agencies, including the Coast Guard.) The results don’t seem too bad, considering the department’s scope.

Secretary Johnson notes the units that had survey results better than or equal to the government-wide increase. They include “U.S. Citizenship and Immigration Services, our National Protection and Programs Directorate, our Management Directorate, the Office of Science and Technology, and the Office of the Secretary.” (This last one maybe was a special relief.)

Doug Bedell — September 28, 2015, 12:38 pm

Chinese–U.S. Vow to End Computer Spying; Spam Too?

The U.S. and China, via their presidents talking with each other, have agreed not to “conduct economic espionage in cyberspace,” In Homeland Security reports via The Washington Post. That was a welcome outcome of the meeting between President Obama and China’s President Xi Jinping last week in Washington.

On a lesser plane than espionage, though, don’t necessarily expect those spam messages from China to vanish immediately, if they do at all. It likely will take some time for the Chinese, if they so choose, to get the word out that spam is a relational bane, too. “The issues now,” said James A. Lewis, a cyber-expert at the Center for Strategic and International Studies, “are making sure we can verify it and that there are consequences if they don’t live up to it.” We’ll see, partly (maybe) in our spam counts.

Doug Bedell — September 25, 2015, 11:18 am

The Pope’s Raising ‘Security’ Issues

An interesting notion: Can Pope Francis’ message about “immigration, climate change, financial inequality” be interpreted in terms of their bearing on security, national security, that is? Arnold Bogis on Homeland Security Watch asks that question in all seriousness.

“I originally thought to ask to keep remarks focused on the security aspect of (the pope’s) trip,” Bogis writes. “But it occurred to me that many of the subjects he has or is expected to talk about (like those above) are homeland security issues…Can he move the needle regarding these subjects, or will everyone listen politely and then go back to their previous thoughts/beliefs/opinions as soon as he leaves?” Good questions.

Doug Bedell — September 23, 2015, 10:50 am

Even DHS Insiders Can Be Too Casual With Email

Paul Beckman, the U.S. Department of Homeland Security’s Chief Information Security Officer, has a method for keeping his staff alert to online fraudsters. Beckman, says ThreatPost, “periodically sends his own staff bogus-looking phishing emails to see who falls for them, and that a handful of higher ups, senior managers, and other VIPS, often do – repeatedly.”

“These are emails that look blatantly to be coming from outside of DHS – to any security practitioner, they’re blatant, but to these general users, you’d be surprised at how often I catch these guys,” Beckman told a cybersecurity conference audience.” Those who fail the test have to take a mandatory online security training class, “but Beckman is campaigning for chronic offenders to lose their top secret security clearance.”

Doug Bedell — September 21, 2015, 11:31 am

On the Rise, Computer Hacking Now Dubbed ‘Hacktivism’

Bruce Schneier provides a link to an article by Dorothy Denning on “The Rise of Hacktivism,” or computer hacking. Dr. Denning is Distinguished Professor of Defense Analysis at the Naval Postgraduate School.

“This blending of hacking with activism, known as ‘hacktivism,’ has become increasingly prevalent and is now commonplace,” she writes. “Hacktivism is challenging international affairs, not only because it transcends borders, but also because it has become an instrument of national power.”

Doug Bedell — September 18, 2015, 11:46 am

Workforce Technology Risks Concern Human Resources, Too

The Clearswift blog notes that computer security is becoming almost as much of a concern for human resource people as those in IT (information technology). That’s because research is showing that “71% of breaches globally come from people in the extended enterprise, which is comprised of 39% employees, 12% ex-employees and 22% contractors. Additionally, 73% of employees report that they would never trust their company again if their private information were leaked.”

“What might cause said leaks?,” Clearswift asks, answering: “The changing workforce is putting new stress on IT, as more workers need remote access to documents on the road, or while working from home. This creates opportunities for hackers to invade. The rise of cloud collaboration tools to promote this increasingly flexible work environment, BYOD, as well as email and communications across many other locations, all create more work for IT. But it doesn’t all fall on IT’s shoulders. This also puts incredible responsibility on employers to create a safe environment to both retain their current employees and continue attracting new ones, as a data breach could dash their hopes of recruiting top talent.”