Entities as diverse as the American Chemistry Council, the U.S. Department of Agriculture, the International Standards Organization, and the Biometric Consortium have proposed or issued security standards, best practices, or guidelines. Most recently, for example, ASTM International announced that it would develop standards for high-rise evacuation equipment to be used when primary routes to a safe zone are cut off. Links to the standards/guidelines efforts of ASIS,
Privacy advocates are fighting a losing battle when it comes to the practice of private companies collecting personal information about customers. That's because technology makes it cheap and easy and marketing makes it profitable. And the terrorist threat makes that information valuable to the government as well. A report by the Department of Defense's Technology and Privacy Advisory Committee, which addresses privacy in the age of terrorism, can be reached via SM Online.
Upon kidnapping a group of people, execute any security forces immediately. "This prevents others from showing resistance." That chilling comment is contained in al Qaeda training manuals on kidnapping, recovered by Western forces and translated by the Search for International Terrorist Entities Institute (SITE Institute). The SITE Institute has posted these translated documents.
Even after the October 2002 Bali, Indonesia, bombings resulted in more than 200 deaths, counterterrorism cooperation among Southeast Asian governments remains "patchy," according to a briefing by John Chipman, director of the International Institute for Strategic Studies (IISS). Chipman noted that Southeast Asian intelligence and law enforcement bodies are often "lacking in specific counterterrorism capacity...." The IISS briefing can be reached through SM Online.
In January, the Department of Homeland Security (DHS) implemented phase one of the United States Visitor and Immigrant Status Indicator Technology, or US-VISIT, a program to collect, maintain, and share information on foreign nationals.
Britain's largest companies have become considerably more concerned about terrorism in the last year, according to a recent survey conducted by RAND Europe and Janusian Security Risk Management in conjunction with the Financial Times.
The cost of 9-11 was staggering, but it was far less than a worst-case scenario in terms of life-insurance and injury related claims. That's according to Risk Management Solutions (RMS,a company that helps insurers gauge and manage risk. In a recent report, RMS estimates losses for several segments of the insurance industry--workers' compensation, individual and group life insurance, accidental death and dismemberment, and health insurance--in seven hypothetical scenarios that it models.
In plain English, this means that via a Homeland Security Presidential Directive, the FBI will oversee a new multiagency Terrorist Screening Center.SM Online brings you the report.
In a recent In a recent decision by the Ontario Superior Court of Justice, a United Nations (UN) official has been allowed to sue The Washington Post for libel even though the case does not involve any Canadian interests. (Bangoura v. The Washington Post, Ontario Superior Court of Justice, No. 03-CV-247461CM1, 2004)
In a recent The U.S. Department of Health and Human Services has announced a $498 million grant program to help hospitals in various states and four metropolitan areas--New York City, Chicago, Los Angeles, and Washington, D.C.--respond to bioterrorism attacks, infectious disease, and natural disasters.
The Transportation Security Administration (TSA) has issued an interim final rule that is intended to help maritime professionals protect the privacy of their vessel's security plans.
A recent report by the General Accounting Office (GAO) on the use of biometrics in aviation security found that while the technology is available to meet the needs of airports, decision-makers should focus on the best equipment for the job regardless of whether it incorporates biometrics.
In a recent Federal employees and applicants for certain jobs in the government may be asked to provide sweat, saliva, and hair for drug testing. A new rule proposed by the Substance Abuse and Mental Health Services Administration would allow testing of sweat, saliva, and hair for signs of drug use. The rule has been proposed, according to the agency, to allow for more accurate testing, because urine tests can be circumvented.
A bill (S. 2273) introduced by Sen. John McCain (R-AZ) that would improve security on U.S. railroads has been approved by the Senate Commerce, Science, and Transportation Committee. The bill would authorize more than $1 billion in rail security improvements. Of that sum, $670 million would be allotted to help Amtrak complete security and safety upgrades to tunnels along the Eastern Seaboard. The Department of Homeland Security would be required to conduct a security assessment of rail systems in the United States.
A bill (S. 113) has been included as an amendment to the Intelligence Authorization Act for 2005. The provision amends existing law to extend government surveillance of terrorist activity to include terrorists working alone without affiliation to any group or foreign state. Under the Foreign Intelligence Surveillance Act of 1978 (FISA), the intelligence community can only conduct surveillance of terrorists who are "agents of a foreign power." Under FISA, these terrorists, who are not U.S. citizens, are defined as individuals who engage in international terrorism on behalf of a group or foreign state. The amendment allows the government to extend FISA to cover so-called lone-wolf terrorists.
A bill (H.R. 3261) that would allow database owners to sue those who make the information in their database commercially available without permission has been rejected by the House Energy and Commerce Committee. The bill contains exceptions for independently gathered information; reasonable use by nonprofit educational, scientific, or research institutions; and for the primary purpose of news reporting. Exceptions are also made for government and federally mandated databases. The bill does allow Web site owners to link to such databases.
A bill (H.R. 4340) introduced by Rep. John Sweeney (R-NY) would require that colleges and universities implement plans for investigating violent felonies or missing students. The provision would require that institutions develop and implement a plan within one year that would provide for the coordination of efforts with law enforcement
In considering 2005 funding for the Department of Homeland Security, Sen. Patty Murray (D-WA) introduced an amendment to substantially increase port security grants from the $6 million requested by the government to $500 million. These funds would go to federally mandated security tasks.
Sen. Joseph Biden (D-DE) has introduced a bill (S. 2227) that would make it illegal to traffic in "illicit authentication features." Authentication features help companies determine that an item is not counterfeit; illicit authentication features would be intended to facilitate illegal copying of movies, music, or computer programs. Such a feature would also be a genuine authentication feature that has been distributed without authorization from the copyright owner. A copyright owner could file a civil lawsuit against the perpetrator.
A new bill (S.B. 1279) proposed in the California Legislature would increase corporate responsibility in cases where the personal information of customers was compromised. The bill expands on a law passed last year that requires companies to notify customers when their computerized information is accessed by an unauthorized party. The new bill would extend consumer protections to other data types such as stored voice mail messages. Pennsylvania
A bill (H.B. 1350) pending in the Pennsylvania General Assembly would require that innkeepers conduct criminal record checks on applicants who would have access to room keys.
A federal appeals court has ruled that a man who started his own business did not violate his noncompete agreement with his former employer when he solicited business within the employer's target sales area. The court ruled that merely soliciting business does not violate the agreement. To do so, the man's business must be physically located within the target sales area. (United Rentals v. Keizer, U.S. Court of Appeals for the Sixth Circuit, No. 02-1580, 2004)
A Colorado appeals court has ruled that a business owner, Donald Keller, can be held liable for the negligent supervision of an employee, Firat Uzan, who sexually assaulted a family friend on the premises. Uzan, who had been asked to work alone at the store on weekends, brought the 12-year-old girl to the store and molested her. The court found that Keller should have known that Uzan was dangerous after three former employees, all of them teenaged girls, informed Keller that Uzan had sexually harassed or assaulted them on the premises. (Koca v. Keller, Colorado Court of Appeals, No. 02CA2498, 2004)
A federal appeals court has ordered that the sentencing of Brandon Lifshitz, who was convicted of transmitting child pornography, be evaluated for potential abuses of privacy. Under the sentencing, Lifshitz's computer must be equipped with computer monitoring and filtering software to ensure that Lifshitz does not access child pornography on his home computer during his probation. The court ordered the review to evaluate the sentence's possible violation of the Fourth Amendment. (U.S. v. Lifshitz, U.S. Court of Appeals for the Second Circuit, No. 03-1221, 2004)
With broadband Internet connections able to handle steadily increasing amounts of traffic, the notion of using the same lines to transmit telephone communications via the computer sounds like the perfect moneysaver. But the technology still has security problems that must be worked out before it can become the standard way that businesses make calls, according to technology experts. Link to the NIST report on VoIP and other VoIP reports .
By now, everyone knows what a bad password is: your name, your child's name, your pet's name, your birthday. But what does a good password--which must be both hard to break and easily remembered--look like? A group of scientists from Cambridge University Computer Laboratory say it might be this: MsPi24yo. While that's a hard-to-break combination of numbers and upper- and lower-case letters, it is actually quite simple to recall because it is a mnemonic phrase that stands for "My sister Pam is 24 years old." That use of mnemonic phraseology is the key to good codes, according to The Memorability and Security of Passwords--Some Empirical Results.
The CAN-SPAM law was a flaccid defense against unwanted e-mail, according to antispam company Commtouch, which analyzed hundreds of millions of spam messages in the first half of this year. The statistics show that less than 10 percent of all unsolicited messages complied with that law, which requires each message to have a functioning return address, a postal address, a way for recipients to unsubscribe to future solicitations, a nondeceptive subject line, and a clear indication that the message is an advertisement or solicitation. The MOU is at SM Online.
Data mining--the process of poring through various databases looking for hidden patterns and relationships--is alive and well, despite controversy raised by projects such as the Defense Advanced Research Projects Agency's (DARPA's) Terrorism Information Awareness (TIA) program. fact, 52 government agencies are using or are planning to use data mining for projects ranging from detecting criminal activities to improving service, according to a study by the General Accounting Office (GAO). Read "Safeguarding Privacy in the Fight Against Terrorism"
A Dartmouth College think tank, the Institute for Security Technology Studies (ISTS), released the third of three reports that analyze and prioritize the technology needs of cyberattack investigators. Read the full report.
For almost two years, Zachary Keith Hill collected dozens of credit card and bank account numbers, which he milked for more than $47,000. After a joint investigation by the Department of Justice and the Federal Trade Commission, Hill agreed this spring to plead guilty to the phishing scam in which he sent e-mails to AOL customers purporting to be from an "AOL Billing Specialist." The messages directed customers to a realistic Web site where unwary visitors were asked for credit card, bank account, and password information. Hill is now awaiting sentencing, which could include as much as 15 years of jail time.
While today's microprocessors are vastly more powerful than those of even a few years ago, there are some computing challenges that make even the fastest computer seem like the 1950s' Univac. Many of these challenges are related to national security issues such as weapon system simulations and processing of satellite images. The government's reliance on clusters of commercial-off-the-shelf components falls far short of solving these security issues. A new plan from the High-End Computing Revitalization Task Force (HECRTF), a group chartered by the National Science and Technology Council (an executive-branch group that coordinates science, space, and technology research and development), lays out its vision for ensuring U.S. leadership in high-end computing.
Another shot has been fired in the ongoing battle over whether Microsoft's near monopoly on desktop operating systems makes it easier for worms and viruses to cause "cascading failures" that threaten the nation's infrastructure (see "Bullying the Monopoly," Tech Talk, December 2003, for more on this debate). Link to Is Microsoft a Threat to National Security? The Effect of Technology Monocultures on Critical Infrastructure via SM Online.
A new CD-based training tool, Securing Law Enforcement Computer Systems, is now available from the National White Collar Crime Center (NW3C). The CD is available at the NW3C's Web site, www.nw3c.org.
The security rules from the Health Insurance Portability and Accountability Act (HIPAA) go into effect in April 2005 for most organizations (a year later for healthcare organizations and other covered entities that do below a certain threshold level of business), giving institutions less than a year to get ready. An Introductory Resource Guide for Implementing the HIPAA Security Rule, a new draft paper from the National Institute of Standards and Technology (NIST), can help those responsible for implementing the security rule to understand the rule's concepts while pointing them to standards and other references and explaining key terms and acronyms. @ Link to the NIST paper by visiting SM Online.
The FBI's efforts to modernize its IT program--an effort known as Trilogy--"is not currently on a path to success." That assessment comes from a new book by the National Research Council of the National Academies, which concludes in part that the FBI has no contingency plan in case its new Virtual Case File application fails. The book also says that a gap remains between "IT and a coherent view of the bureau's mission and operational needs," which can only be closed with close involvement by the FBI's senior leadership. @ A Review of the FBI's Trilogy Information Technology Modernization Plan is available in PDF format.
Airport IT security budgets are taking off, and airports worldwide are expected to invest some $2 billion in IT and telecommunications projects annually. That's according to the Airport IT Trends Survey conducted by the Airports Council International, Airline Business magazine, and SITA, a European IT company. The study showed that IT infrastructure projects were the top investment priority, followed by security-related solutions and passenger and baggage processing. More than 96 percent of airports will face additional IT-security challenges as they roll out wireless services by 2006 and implement e-commerce and other Web services. @ The full survey costs $245 and is available at the Airline Business Web site.
Powered by: Phase2 Technology