Canada is known as one of the world's most peaceful countries, but it is not immune to the peregrinations of terrorists. With this realization in mind, the Canadian government recently created its first ever national security policy, a 50-plus-page document that addresses intelligence, emergency planning, public health, transport security, border security, and international security.
A recent government-sponsored workshop explored storage and processor cards, focusing on standards and capabilities. The National Institute of Standards and Technology (NIST) pulled together findings from the workshop and related interviews and questionnaires and has released them in report form.
The State Department's annual review of terrorist incidents and trends has come under fire for understating the extent of international terrorism in 2003. Specifically, Patterns of Global Terrorism, 2003 states that attacks dropped 45 percent from 2001 to 2003 and that the 2003 total "represents the lowest annual total of international terrorist attacks since 1969." . The revised report, containing country analyses, information on terrorist groups, and policy initiatives, will be available on SM Online.
Building owners and managers can always make their facilities safer, but at what cost? Three years after the United States learned how vulnerable its landmark facilities were, a new software tool is being released that can help building owners and managers calculate and compare life-cycle costs of various methods used to reduce terrorist risk at buildings. Due out in beta version in September, with version 1.0 promised for March 2005 and a final version a year after that, the software "will allow building owners and managers to make comparisons among several alternative risk mitigation measures under different user-defined disaster scenarios," according to a recent report by the National Institute of Standards and Technology (NIST). Read "Cost-Effective Responses to Terrorist Risks in Constructed Facilities"
Safety regulations. Small businesses often struggle with understanding them. Now they can get free on-site health and safety consultations from state governments. Participant companies' names are kept anonymous. In addition, any unsafe conditions found during a consultation will not automatically be reported. The program may even exempt businesses from general scheduled OSHA inspections for one year. @ Go to SM Online to learn more about this free service.
The Securities and Exchange Commission is now requiring members of the NASD and NYSE to develop business continuity plans and disclose to their customers a summary of those plans. Plans must cover data backup and recovery, backup communications systems, and customer access to funds, among other key areas. @ Link to the rules at SM Online.
A primer from the American College of Radiology offers radiological and other medical professionals a quick reference in the event of a radiation disaster. Topics covered include handling contaminated patients, gauging the health effects of radiation exposure, and counseling patients. Responders are provided with specific questions to ask about the patient and the incident. @ SM Online takes you to the report.
A recent workshop on that topic, sponsored by the National Research Council (NRC), discussed specific ways in which math experts could help the cause of deterring attacks. "Mathematics, operations research statistics, and computer science provide the fundamental tools for extracting relevant information from the flood of data of all types that our senses receive," Peter Bickel, chair of the NRC's Board on Mathematical Sciences and Applications, told the attendees
In a recent report on cargo security, the General Accounting Office (GAO) noted that while U.S. Customs and Border Protection (CBP) has taken steps to increase the security of cargo containers, it has failed to address the potential tampering of such containers. It has also failed to analyze various forms of cargo to assess specific risk factors.
The House Select Committee on Homeland Security's Subcommittee on Infrastructure and Border Security and Subcommittee on Cybersecurity, Science, Research, and Development held a joint hearing to discuss the relationship between the Department of Homeland Security (DHS) and various private groups responsible for critical infrastructure. Witnesses at the hearing noted that information sharing plans are ongoing but are still in need of refinement. Complete witness testimony is available at SM Online.
At a hearing held by the House Transportation and Infrastructure Committee's Subcommittee on Aviation, lawmakers heard testimony regarding the pilot program established by the government to evaluate private airport screening programs.
The House Judiciary Committee's Subcommittee on Courts, the Internet, and Intellectual Property has approved H.R. 4077, introduced by Rep. Lamar Smith (R-TX). The bill would authorize a $15 million campaign to educate the public about the legal issues involved in duplicating copyrighted content. The bill would also lower the legal standards that prosecutors must meet to prove that computer users have violated copyright laws.
A bill (H.R. 1678) introduced by Sen. Lamar Smith (R-TX) that would make it a federal crime to fool people into believing that an act of terrorism had taken place has been approved by the House Judiciary Committee's Subcommittee on Crime, Terrorism, and Homeland Security. The bill would also require anyone convicted under the measure to reimburse law enforcement for any costs of investigating the hoax.
Two identical bills (H.R. 4008 and S. 1608), introduced by Rep. Christopher Shays (R-CT) and Sen. Jeff Sessions (R-AL), respectively, would increase the penalties for terrorism against mass transit systems. Anyone guilty of the crime could be imprisoned for up to 20 years. For aggravated offenses--which would include any that involve high-level radioactive materials or those that result in the death of a person--the punishment could range from a prison term of not less than 30 years to the death penalty.
A bill (S. 153) that would establish the crime of aggravated identity theft has been approved by the Senate and has been referred to the House Judiciary Committee's Subcommittee on Crime, Terrorism, and Homeland Security.
A bill (H.R. 3754) has been approved by the House Judiciary Committee's Subcommittee on Courts, the Internet, and Intellectual Property. H.R. 3754 has been forwarded to the House Judiciary Committee. The bill would make it illegal to knowingly provide material and misleading false contact information in making, maintaining, or renewing registration of an Internet site domain name The bill would also add seven years to the felony conviction sentence for such a crime.
The Legislature of West Virginia has approved a bill (H.B. 4101) that will make it a felony to create more than 14 fake bar code labels with the intent of stealing from retailers. Perpetrators face a sentence of up to two years in prison.
Lawmakers in Utah have approved a bill (H.B. 341) that will prohibit libraries from receiving state funds unless they install Internet filters on library computers. The Utah bill is the first state bill to be modeled on the federal Children's Internet Protection Act of 2001. The Utah bill will only affect computers used by the public; computers used only by staff are exempt from the bill.
A federal appellate court has ruled that a Virginia state law is unconstitutional under the First Amendment. The law would make it illegal to disseminate information over the Internet that might be harmful to minors. The decision affirmed a U.S. district court ruling. (PSINet v. Chapman, U.S. Court of Appeals for the Fourth Circuit, No. 01-2352, 2004)
For all the malicious code that has attacked computers in recent years, no widespread worm has actually targeted security software--until now. The Witty Worm, which struck in March, targeted a vulnerability in firewall products from Internet Security Systems (ISS). Link to The Spread of the Witty Worm, along with animations of the spread of the worm across the USA and the world.
The history and basics of computer forensics are laid out in "Computer Forensics: Characteristics and Preservation of Digital Evidence," an article by FBI computer forensic examiner Loren D. Mercer in a recent issue of the FBI Law Enforcement Bulletin.
The search engine Google has achieved such ubiquity that it's already become a verb. Who hasn't googled an old friend, high-school flame, or job applicant? But its success has a dark side: It has become a chief source of information for hackers and virus writers who have learned how to use the search engine to dig up information that Web sites did not intend to make public. Johnny Long, a security expert and ethical hacker with Computer Sciences Corporation, recently released The Google Hacker's Guide: Understanding and Defending Against the Google Hacker to instruct the security community in the ways that Google is being used as a hacking tool. A paper by security company Imperva titled Web Application Worms: Myth or Reality? gives this practice another name: war searching.
A man suffers chest pains after a game of tennis, and his relatives call 9-1-1. The dispatch center notifies an ambulance and digitally sends to it the patient's name and address, which are displayed on a monitor in the ambulance along with a map to the house and an on-board signaling system that adjusts the traffic-light sequence to enable the ambulance to arrive faster. That system also automatically interrogates local transportation systems to make sure there are no road closures or slow traffic conditions on the way.
A new bill introduced by California State Senator Debra Bowen (D-Redondo Beach) would restrict the use of information collected by radio frequency identification (RFID) tags. The measure, SB 1834, which passed the Senate at the end of April and was scheduled to be considered by the full Assembly by July, sets out four conditions that would have to be met before RFID tags and readers could be used to collect personal information. The full text of SB 1834 and the letter opposing it are at SM Online.
Security is only as strong as the weakest link in the chain, so even organizations with the most well-thought-out security programs can be jeopardized if their partners' security practices are lax. This is true of the Department of Defense as well its Defense Security Service, which monitors the information-security programs of more than 11,000 contractors, "cannot identify systemic vulnerabilities and make corrective changes to reduce the risk of information compromise" from contractors. The GAO report, which includes Haave's response, is at SM Online
The growing popularity of attacks against Web-browser software is evident in new research conducted by CompTIA, the Computing Technology Industry Association. The survey found that 36.8 percent of the nearly 900 organizations interviewed had seen browser-based attacks jump 25 percent from the previous year. Browser-based attacks are those that take place when a Web page contains malicious code that can compromise a Web browser. @ More information on the CompTIA survey is at SM Online.
The CAN-SPAM Act, intended to choke off the onslaught of junk e-mail, has generated copious commentary, criticism, congressional statements, and controversy. Now all that has been collected into one place: the CAN-SPAM Library at GigaLaw.com, a site created by attorney Douglas M. Isenberg to serve as a compendium of legal information related to the Internet. The library includes the text of the law and its legislative history, as well as links to relevant litigation, Federal Trade Commission regulations, and research reports. @ Link to the CAN-SPAM Library through SM Online.
Claims that open-source operating systems such as Linux are inherently more secure than Windows took a beating recently when Zone-H.org, an online group that collects attack information, released graphic representations of the Web-server intrusions against various operating systems between January 2003 and January 2004. In most months under review, Linux operating systems were successfully attacked far more often than Windows. @ More information on the Zone-H.org data is available via SM Online.
Powered by: Phase2 Technology