Although the Department of Homeland Security (DHS) has taken actions to implement the public-private partnership called for by federal critical infrastructure protection policy, "it has not yet developed a plan that describes how it would carry out its information-sharing responsibilities and relationships." GAO auditors recommend that DHS describe the roles and responsibilities of DHS, information sharing and analysis centers (ISACs), and other stakeholders. The GAO also recommends that the DHS create policies and procedures for sharing information provided by ISACs amongst its departments.
Despite its bulk, the final report of the 9-11 Commission couldn't cover everything. Two topics, terrorist financing and travel, receive detailed treatment in a pair of monographs released by the commission. One document explains how the 9-11 plot was funded and assesses efforts to disrupt the flow of terrorist money. The other notes that "border inspectors today still do not have basic intelligence and operational training to aid them in detecting and preventing terrorist entry...." @ SM Online has the monographs.
Reaves said the Web site contains information gathered from the U.S. Department of Homeland Security, the Pennsylvania Office of Homeland Security, and other government agencies.
Despite increased attention, cargo security is still sorely lacking, according to cargo industry executives. A recent survey, shows that 62 percent of executives named background checks of workers and drivers as a very important measure, but only 14 percent said that industry performance in this arena was excellent. The disparity between importance and performance was vast for the other nine measures listed as well, such as cargo inspection (41 percent said it was very important, while only 4 percent gave the industry high marks on that measure) and improved operational procedures (50 percent versus 2 percent). More information on the survey of 103 executives, conducted by the U.S. Chamber of Commerce on behalf of Deloitte & Touche LLP, can be obtained by contacting Deloitte via SM Online.
No one is really sure how interoperable public safety wireless communications systems are with one another. The DHS intends to do a survey on the topic, with results available by next year. In the meantime, the GAO suggests that the federal government develop national requirements and a national architecture for such systems, create nationwide databases, and provide financial and technical support to states and localities to help them make their systems interoperable. For their part, states should establish bodies to develop interoperability improvement plans.
Nursing home fires in Hartford, Connecticut, and Nashville, Tennessee, last year killed 31 residents. As old facilities grandfathered from federal fire-safety standards on new facilities, neither had sprinkler systems. The GAO has called for the federal government to work with the National Fire Protection Association to strengthen fire-safety standards and to improve oversight of nursing home fire safety, such as by reviewing exemptions granted to facilities without sprinklers.
Many churches are still unaware of the risks they face, so while preachers and pastors deliver the spiritual message to churchgoers, Jeff Hanna is on the much more earthbound mission of raising security consciousness at churches. His firm, the GuideOne Center for Risk Management Church and School Division, which provides insurance for 50,000 churches across the United States, has declared October "Church Safety and Security Month." The company is making available security resources on its Web site.
The security certification industry gets increasingly competitive as organizations target subsectors of the industry. The Security & Loss Prevention Management Council of American Trucking Associations is taking the wraps off a new Certified Cargo Security Professional (CCSP) designation, which will require applicants to pass a multiple-choice exam and obtain continuing education credits. @ Link through SM Online for more information.
Nearly 80 percent of respondents to a recent survey conducted by the American Society of Safety Engineers reported that they don't have a written workplace violence policy. Another 19 percent failed to indicate whether they had such a policy. Only about a quarter of respondents said that they planned to develop such a policy. However, 90 percent indicated that their organizations have written policies on weapons in the workplace. @ A summary of the survey is on SM Online.
The National Institute for Occupational Safety and Health has released a DVD on preventing work-related homicides. Among other material, it contains a training program and OSHA guidelines. @ To download it or request a free hard copy go to SM Online.
A new secure Department of Homeland Security RFID has been touted as one of the most promising technologies for large-scale tracking and security of products. The Product Safety Task Force (PSTF), a coalition of businesses involved in the healthcare supply chain, now says that an RFID-based "electronic track-and-trace system" could be used to improve security in, and thwart counterfeiting of, pharmaceuticals. While bar codes might be used as an interim step, RFID transponders, or tags, would eventually be placed on all individual products, according to a PSTF white paper. "Serialized product 'license plates'" would uniquely identify items throughout the supply chain, allowing items to be traced from point of manufacture on, allowing the verification of a product's authenticity.
With some Muslim and Arab communities feeling under siege from U.S. security and law enforcement, the Police Executive Research Forum (PERF) has been hosting law enforcement and multicultural community leaders to discuss how to prevent terrorist attacks and threats while respecting the rights and dignity of individuals. In a recent report, PERF offered various recommendations for balancing the two objectives. For example, law enforcement must learn about cultural sensitivities, traditions, and religions of diverse communities to engender trust, the paper suggests. It should also be aware of, and possibly participate in, community rallies, religious gatherings, and unity celebrations to better understand these cultures and religions. In addition, law enforcement should identify people and places susceptible to hate crimes and assess environmental design and other security factors to prevent these crimes. Further, the paper recommends, campus police should enter into mutual-aid agreements with local, state, and federal law enforcement to share resources on hate crimes and to coordinate operations during a crisis. @ Protecting Your Community from Terrorism: Strategies for Local Law Enforcement, Volume 2: Working with Diverse Communities is on SM Online.
Besides the effect that drug abuse can have on family, business, and friends, prescription fraud bilks Medicaid and insurance companies out of rightful payments. When doctors and pharmacists are duped, it taints their reputation and may expose them to legal or professional sanctions. A recent addition to the Problem-Specific Guide Series of the Justice Department's Office of Community Oriented Policing Services (COPS) explains the problem of prescription fraud and identifies tactics, offenders, and abused drugs. It also helps communities deal with their local prescription-fraud problem.
A bipartisan group of Senators led by Sen. Joseph Lieberman (D-CT) and Sen. John McCain (R-AZ) has introduced legislation implementing the recommendations of the 9-11 Commission. The bill, unnamed at press time, essentially puts the 9-11 report recommendations into legislative language with one exception--the head of intelligence would not be in the White House, a change the commission concurred with based on concerns about the future politicization of intelligence.
A bill (S. 1053) that would make it illegal to discriminate against someone on the basis of genetic information has been approved by the Senate and has been referred to the House Committee on Education and the Workforce. However, the committee is unlikely to consider the bill because of the backlog of funding and appropriations measures that must be considered by the committee before year's end.
A bill (S. 2295) introduced by Sen. John McCain (R-AZ) that would establish a program for using advanced technology to meet border protection needs has been approved by the Senate Commerce, Science, and Transportation Committee. It must now be taken up by the full House of Representatives to move forward.
The House Judiciary Committee has approved a bill (S. 1301) that would make it illegal to surreptitiously videotape or photograph people in certain situations. Under the provision, which applies only in federal jurisdictions such as military bases, recording anyone naked or in a state of undress without that person's consent in situations where privacy can reasonably be expected would be illegal. The bill must now be approved by the full House of Representatives before it can be presented to the president for his approval.
A bill (S. 2635) introduced by Sen. Susan Collins (R-ME) would establish a federal grant program totaling $25 million to identify and develop new homeland security equipment, capabilities, technologies, and services. The money could also be used to further develop existing capabilities and conduct research into other options. For-profit businesses, academic institutions, and nonprofits would all be eligible to receive the grants. The bill would also require that the government conduct an assessment of federal, state, and local governments as well as first responders on all levels to establish their information, equipment, and technology needs.
Lawmakers on the Senate Banking, Housing, and Urban Affairs Committee have approved a bill (S. 2453) that would award grants to public transit agencies, including metro, rail, and bus services, to improve security. The bill must now be considered by the full Senate.
A bill (H.R. 4313) introduced by Rep. Jerrold Nadler (D-NY) would authorize $75 million in grants to be allocated to public schools to establish programs to stop harassment based on an individual's actual or perceived race, color, national origin, ethnicity, religion, disability, sexual orientation, gender, family composition, or economic circumstances.
A bill (H.R. 4265) introduced by Rep. Mark Green (R-WI) would grant immunity from litigation to companies that donate equipment to charities. Under the law, companies could not be held liable for any death or injury arising from use of the donated equipment. Exceptions are made for injuries or death resulting from gross negligence or the intentional misconduct of the donating .
A California bill (S.B. 1834) would require businesses to notify patrons before using radio frequency identification technology (RFID) to track and collect information about customers. The bill would also require that all RFID tags be removed from merchandise before consumers leave the store. The bill has been approved by the California Senate and must now be taken up by the state assembly before moving forward.
A bill introduced by Vermont lawmakers that would criminalize identity theft has been signed into law by Governor Jim Douglas. Under the new law, identity theft will become a felony. It will also be illegal to display Social Security numbers in public places. For example, liquor licenses will have to be redesigned with the owner's Social Security number omitted. The law will also allow victims of identity theft to freeze their credit information, making it a crime for a credit reporting agency to release further information without the consumer's authorization.
The Connecticut Supreme Court has laid out the basis for accepting computer-generated information as evidence in a trial. The case involved a computer-enhanced bite mark on the victim's body and the bite mark of the accused murderer, which was accepted by the lower court as evidence. Attorneys for the defense had argued that the evidence should not have been admissible because a computer was used to alter the image, thus making it suspect. In ruling the image admissible, the court set out rules to guide future litigation. The court ruled that testimony must be given as to the computer used, the qualifications of the operators, the correct use of the equipment, and the clear identification of the enhancement process. (State v. Swinton, Connecticut Supreme Court, No. 16548, 2004)
A federal appeals court has ruled that a copyright infringement case based on a document that was created in France can be heard in the United States. The fact that the work was imported into the United States and was hosted on a U.S. Web site provided sufficient grounds for jurisdiction. (Palmer v. Braun, U.S. Court of Appeals for the Eleventh Circuit, No. 03-13963, 2004)
Last year's CAN-SPAM Act directed the FCC to create regulations to protect wireless users from spam, a task the FCC has accomplished in this new ruling. Michael Altschul, senior vice president and general counsel of wireless association CTIA, explains that CAN-SPAM treats wireless spam differently than its wired counterpart.
The Student and Exchange Visitor Information System (SEVIS), which was criticized when it was started by the Department of Homeland Security (DHS) in July 2002, is now showing signs of improvement, according to the GAO.
The Check Clearing for the 21st Century Act, known simply as Check 21, improves bank efficiency by allowing "substitute checks," including digital images of checks, to be used so that paper checks do not have to be moved from institution to institution. The bank on which the check was drawn then treats the check as a debit instrument, instantly charging the amount against the account. Customers will no longer receive cancelled checks; instead, they'll have to log into their bank accounts to see the image of the cancelled check. Unisys has released a list of top-10 risk mitigation techniques for Check 21 risks.
Looking for more in-depth information on Windows security? Need a primer on Trojan horses? Want to see how susceptible your e-mail system is to viruses? Then point your browser to www.windowsecurity.com, this month's Site to See.
The survey was conducted by The United States Conference of Mayors to determine the level of interoperability between jurisdictions and agencies, to identify obstacles that exist, and to gauge how much funding cities are receiving--or need to receive--to make interoperability ubiquitous.
Some phishing scams may involve a "well-orchestrated, systematic criminal organization," according to Anatomy of a Phish, part of a study by the Anti-Phishing Working Group. Analysts noted, for example, that in June "identical attack methods were used to exploit two different banks, even though the phishing attacks were hosted in different locations over time," from Plano, Texas, to Uruguay and South Korea. @ Phishing Attack Trends Report, which also analyzes phishing schemes and trends from the first half of 2004, is available through SM Online.
The Department of Homeland Security's (DHS's) Inspector General (IG) recently slammed the agency for not implementing "adequate security controls to protect data transmitted on wireless networks and devices." The IG's report called DHS's wireless policy incomplete and also pointed out that none of the wireless systems in use has been certified or accredited, though DHS security policy mandates this. @ The full report and a response from DHS Chief Information Officer Steven I. Cooper
The Federal Deposit Insurance Corporation (FDIC) has offered assistance to financial institutions to protect against instant messaging (IM) troubles. The Guidance on Instant Messaging provides risk-management considerations such as how to implement antivirus checks on IM and how to configure firewalls to prevent IM traffic. It also includes technical notes that describe different IM types, and points out that even if users are not allowed to download software, "IM can still be accessed by sending messages directly from a Web browser" such as Internet Explorer. @ More on the FDIC's IM guidance is at SM Online.
Powered by: Phase2 Technology