Fortunately, there was no untoward result from this carelessness in procedure, but the story of former President George H.W. Bush’s broken broken burglar alarm highlights the point that it’s not just equipment, but adherence to procedures that sustain it, that makes for real security.
Water, power and financial systems are among the backbone facilities considered vulnerable to cyber attack these days. And Transition to Practice (TTP) is a mainstay of the Department of Homeland Security’s efforts “to keep pace with malicious actors who may seek to damage our critical infrastructure sectors”.
DHS announces that, in June, its Science and Technology Directorate (S&T) “will present all nine of its 2014 technologies at TIP Technology Demonstration Day for Investors, Integrators, and IT Companies – West, in Santa Clara, CA.” Evidently, that will be a good place to be keep current on cybersecurity technologies.
Security industry officials are aiming to standardize school security procedures, based on guidelines released at the ISC West conference in Las Vegas last week. Promoting school security best practices is the Partner Alliance for Safe Schools, or PASS. Government Security News reports that PASS is setting up “a tiered rating system to determine the security needs for the thousands of elementary and secondary schools across the country. The tiered system represents the first set of safety standards for U.S. schools.”
In addition to active shooter threats, PASS notes that school officials have to be concerned about such threats as “custody disputes, gang activity, drug dealing and proximity to local crime. Officials also need to take into account such criteria as their school’s location, size and available resources.”
Here’s a report on the 10th anniversary of a perhaps little known, but nonetheless vital, agency of the federal government – the Department of Homeland Security’s Domestic Nuclear Detection Office (DNDO). It was established in a 2005 presidential directive to prevent nuclear terrorism through nuclear detection.
Truly, it’s good to know that these DHS staffers are on the job. We wish them perpetual success.
Bruce Schneier explains why he thinks the metal detectors that have been installed at major league baseball parks this season are “pure security theater – they look good without doing anything to make us safer.”
“As a security measure,” Schneier writes, “the new devices are laughable. The ballpark metal detectors are much more lax than the ones at an airport checkpoint. They aren’t very sensitive – people with phones and keys in their pockets are sailing through – and there are no X-ray machines…”
First of all, security gear needs to be credible, Schneier says, then goes on to discuss other aspects of what he considers an ill-advised move.
The U.S. Federal Bureau of Investigation (FBI) has issued a public service announcement about how “a large number of websites (are) being exploited and compromised through WordPress plugin vulnerabilities.”
“Continuous Web site defacements,” the announcement says, “are being perpetrated by individuals sympathetic to the Islamic State in the Levant (ISIL) a.k.a. Islamic State of Iraq and al-Shams (ISIS). “Although, the announcement adds, “the defacements demonstrate low-level hacking sophistication, they are disruptive and often costly in terms of lost business revenue and expenditures on technical services to repair infected computer systems.”
It’s not only individuals, but employers, who need to be up on the nature of computer “phishing” attacks. Rohan Ramesh on IBM’s Security Intelligence blog advises that “Spear Phishing Attacks are growing in number and are getting more sophisticated in nature, targeting individuals and employees in various organizations to gain entry into the corporate network.
“They use,” he continues, “personal information such as name, job title and shopping preferences to craft the perfect phishing email unsuspecting victims will assume is legitimate. This information is becoming easier to obtain, since we give out our information willingly to many online and social mediums in order to get discounts on goods and connect with friends and colleagues…The question is no longer if you will be breached, but when.”
So be wary. Wikipedia defines “phishing” as “the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.” It derives from the idea of “using fake bait in an attempt to catch a victim.”
Bruce Schneier refers us to the Southern Poverty Law Center’s timely article about, as Schneier puts it, “the rise of lone-wolf terrorism.” “The long-term trend away from violence planned and committed by groups and toward lone wolf terrorism,” he observers, “is a worrying one.”
“Authorities,” Schneier adds, “have had far more success penetrating plots concocted by several people than individuals who act on their own.” Not that we should brush aside groups like Al Qaeda and the Islamic State, of course.
Counterfeiting’s an aspect of security we don’t often touch on. But it’s a big concern. Government Security News (GSN) notes that U.S. Customs and Border Protection (CBP) has tallied $1.2 billion in 23,000 seizures of fake products in fiscal 2014 by the U.S. Customs and Border Protection and U.S. Immigration and Customs Enforcement’s Homeland Security Investigations.
Among the top items faked were wearing apparel and accessories, consumer electronics and pharmaceuticals. “The People’s Republic of China,” says GSN, “remains the primary source economy for counterfeit and pirated goods seized with a total value of $772 million…Hong Kong ranks second with $310 million.”
A worthy exercise in San Diego: The Department Homeland Security advises that, during March in San Diego, CA, federal, state and local law enforcement agencies along with first responders participated in a drill involving detection of nuclear materials on small maritime vessels. They used “human portable handheld and backpack detection equipment.”
Capacity to detect possible nuclear materials needs to be a routine part of emergency planning and detection capabilities practically everywhere.