Talk about a security lapse. This item indicates how resourceful enemies can strike almost anywhere they aim. There’s no reason, ever, to let up on security awareness - even on the high seas:

Somali pirates have hijacked an oil supertanker off the coast of Kenya, probably the largest ship yet pirated. Of Arabian registry, the tanker Sirius Star can carry more than a quarter of Saudia Arabia’s daily oil production and is three times the size of an aircraft carrier. How the pirates succeeded in their most audacious attack yet isn’t yet known. But the tanker and its crew are in their hands, and a stunning security lapse is out there to be countered and learned from.

An interesting question, this one: “Will Barack Obama’s election reduce demand for security products?”

It’s asked by Access Control & Security Systems and the answer it provides is, “Yes,” quoting a report by IP Video Market Info:

Here”s IP Video Market’s premlinary forecast: 

• Expect many, if not most, US government projects in development to be put on hold until February 2009 (after the inauguration).

• Expect 2009 US spending on government related security technology to drop by 10 percent–20 percent relative to 2008. This includes direct military spending as well as homeland security and municipal projects funded by government grants.

• Expect overall US security demand to drop by 4 percent to 8 percent (given the large impact government has on overall security spending).

• Expect some reductions in global demand as other countries reduce their perceived need for anti-terrorism security measures.

All this because Obama is expected both to reduce defense spending and reduce tensions leading to hostility overseas.  

“The security bubble is burst,” says IP Video Market Info. “With the election of Obama, U.S. demand for security products will drop significantly as subsidies for security technology are reduced and global tensions are eased. This will place significant pressure on businesses to justify the real ROI of security trechnology and it will contribute to falling industry growth.”

Trouble is, such an analysis, from what we’ve seen of it, doesn’t necessarily take account of actions, still feared, by terrorists who either don’t care about our election results or may choose to respond to them in their own way.

Older parking garages are among the hardest buildings to secure in a time of enhanced concern for protection. October’s Security Technology & Design had informative article on parking garage security, including “The Top 10 Errors” in designing and operating parking facilities:

1. Having essentially unattended facilities, except for the ticket taker.

2. Numerous hiding spaces.

3. Lack of electronic security for surveillance and access control.

4. Structural interference in viewing between parking bays.

5. Foot or vehicle circulation signage lacking, creating confusion.

6, Dirty and under-maintained.

7. Exclusively designed as a “stable for vehicles,” with no other people functions.

8. Perimeter access unsupervised.

9. Pedestrian access points without natural surveillance.

10. Same access protocol allowed 24 hours a day.

The keys in your pocket may not be as secure as you think, even if they don’t get lost.

Computer scientists at the University of California San Diego have created a software program that can duplicate keys without having the keys. All that’s needed is a photograph of the key. And not a brilliantly resolved one, either. 

“In one demonstration of the new software system, the computer scientists took pictures of common residential house keys with a cell phone camera, fed the image into their software which then produced the information needed to create identical copies. In another example, they used a five inch telephoto lens to capture images from the roof of a campus building and duplicate keys sitting on a café table more than 200 feet away.”

Indeed, keys can be copied from photos on Flickr.

Security-minded folks have to start treating their keys as securely as their credit cards. You simply can’t leave keys laying around – or hanging around – where cell phone cameras may pass by. 

We’re indebted to Bruce Schneier for tipping us to this key story.

Here’s an ambitious report on how well the information that underpins government and private security priorities is flowing these days. New Information and Intelligence Needs in the 21st Century Threat Environment, issued by the Henry L. Stimson Center in Washington, looks at information troves in three areas: terrorism, infectious disease and natural hazards. “Each has its own culture that affects how information is used and shared,” says a report on the study in Nextgov. 

The study asks:

• How do decision-makers in homeland/societal security positions get the information they need?

• In an all-hazards environment, is information on topics as diverse as health, natural hazards and terrorism readily available and reliable?

• Do decision-makers differentiate between information and intelligence?

• Is the US experience unique or are there useful comparisons to Europe’s experience?

The report’s primary author, Julie Fischer, a senior associate at the Stimson Center, says there’s been  ”a dramatic increase in the amount of information publicly available, coupled with a rise in the number of stakeholders, many of whom are not public officials,” all of which complicates information sharing.

A challenging environment indeed.

We wrote the other day about Twitter, the microblog, serving as a message board for security officers who join the “Security Twits” list. But here’s another use of Twitter with broader application for continuity of operations and public safety.

The Washington State Department of Transportation (WSDOT) already updates its Twitter feed with traffic alerts and route changes for ferries. But the department is anticipating using the Web messaging service as a readily available source of information when its website is overtaxed or not available (”crashed” possibly).

  ”One of the things that we’re considering if we get into an emergency situation like that, we can update  Twitter and our blog with our handheld BlackBerry or  iPhone or whatever we have. It’s a continuity of operations opportunity for us,” says a WSDOT spokesperson.

“On July 31, three major traffic incidents nearly brought the website down – it’s a very popular site for getting traffic information,” he added. “Our Web guru started ‘tweeting’ on the situation, and suddenly the number of people who were following us went from 20 to 160.” Ever since, WSDOT has been spreading the word about its Twitter feed.

The message here is that new social media tools, like Twitter, are available, but they take enterprise and promotion to bring into targeted, or broader, use by public safety or security agencies.

Whether it was terrorism or some other form of statement – the Mounties call it “an isolated criminal act - the bombing of a natural gas pipeline in British Columbia shows the difficulty of protecting far-flung facilities like pipelines from attack.

Whoever placed the apparent bomb was for real. It produced a crater six feet across and four feet deep but, very fortunately, only dented the pipeline. A moosehunter who discovered the crater said it wasn’t there the day before. And the location is at a point where the pipeline emerges from underground.

A Royal Canadian Mounted Police spokesperson said the apparent blast occurred the day after a letter was received by a media outlet warning oil and a gas companies to stop production and leave the area around Dawson Creek, B.C.

We keep planning to deter – and at the same time hope against – such attacks. But, sadly, they occur. Stay vigilant.

Don’t know quite where to take this in security terms, but it’s interesting that “homeland security concerns and commuting conditions are creating strong incentives to work away from the office,” says a report on nextgov.com. 

Concerns are growing in strategic centers, like Washington, that having employees centralized in a “secure” facility could be counterproductive in the case of a terrorist attack or traffic jam in the neighborhood. Hence, more employees are doing at least some amount of work from home or other dispersed locations. 

“‘We think of [telework] as adapt and overcome,’ said Capt. Kenneth Barrett, program manager for the Navy’s Task Force Work Life Initiative. ‘From the standpoint of where the Navy is going, the change in tempo, the new missions we’re being asked to undertake, we have to keep looking for innovations for our next, best way to do business. We’re looking for a results-oriented work environment.’”

Results can be gotten on a dispersed as well as a centralized basis.  So the “rhythms” of security may be changing. Work needs to be accomplished securely wherever it is done. Yet a security planner’s job may be extending beyond the front gate. This has been true right along for computer network security. Now dispersion may have implications for preserving security of function as well. An organization may be better able to keep “breathing” if it’s dispersed, not centralized. A mind-bender, possibly, but definitely worth considering. That includes figuring out how collaboration can best be accomplished over distances. For, as much as security,  collaboration remains at the heart of organizations.

The U.S. Department of Homeland Security has been wrestling with national security challenges since it was created in November, 2002. By the measure of further terrorist attacks on the homeland – none – it has been doing a decent job.Yet much remains to be understood and organized in a never-ending discipline. Homeland Security Secretary Michael Chertoff has been concerned about passing a coherent set of priorities on to the next President. Last June he asked the Homeland Security Advisory Council, chaired by Judge William Webster, to come up with a list of the “ten most pressing strategic-level challenges that will confront the next Secretary of Homeland Security.”

The list was delivered to Secretary Chertoff on September 11, 2008. The 10 items aren’t presented in “any particular priority order,” Judge Webster said, because “these key issues are interdependent and equal in importance.”  They are thoughtful and include matters both internal and external to DHS. You can find them listed here.

For those of you who don’t know it, check out Security Twits, a running conversation on security needs on Twitter, the microblogging service. 

Zach Lanier, who maintains Security Twits, says it has over 230 members from the security field who need to opt-in to join the conversation – that is, they have to want to be there. Requests and solutions are shared online – anything, almost, that can be fit into Twitter’s message limit of 140 characters. There’s a fun-to-learn discipline in thinking cogently in such short bursts. That’s what’s helped to make Twitter itself such a successful web service.

Want to know about experience with Product X, or the names of consultants for a given security need? The Security Twits brotherhood/sisterhood can likely produce an answer in minutes, if not sooner. There’s a podcast interview with Zach Lanier at www.SecurityRoundtable.com.  Security Twits is a good example of social networking in the security field.