Morning Security Brief: Vulnerability Demo Canceled, NYC gets DHS Funding, Failure to Encrypt, Hotel Security

♦ A security researcher, Dillon Beresford, canceled a demonstration of the vulnerabilities in Siemens industrial control systems on Wednesday after Siemens and the U.S. Department of Homeland Security (DHS) worried that if the information was made public before the vulnerabilities were patched, destruction by hackers would quickly follow. Beresford, who works for NSS Labs in Austin, Texas, said that he decided to cancel the demonstration "after realizing the full ramifications of the information he planned to reveal," says Wired. "DHS in no way tried to censor the presentation." Beresford came to his discoveries by purchasing several Siemens SCADA systems, which control many critical infrastructures and other business operations worldwide. Beresford said that he quickly found multiple vulnerabilities.

♦ New York City has beaten out other smaller cities to receive a large chunk of the funding provided by DHS to protect at-risk urban areas from terrorism. The number of cities to receive funding was lowered this year from 64 to 32, and funds available were reduced by 20 percent. New York City struck a deal with DHS to receive the same funding as in 2010--$151.57 million--because of its continuing predominant position as a terrorist target.

♦ Approximately 4,000 employees of the U.S. Securities and Exchange Commission have been told that their Social Security numbers and other payroll information were sent out in an unencrypted e-mail. According to the Los Angeles Times, "The May 4 e-mail was sent by a contractor at the department's National Business Center, which manages payroll, human resources and financial reporting for dozens of federal agencies. Interior Department policies require that sensitive personnel information be encrypted when e-mailed. But the contractor neglected to encrypt the e-mail, and the software in place to catch such errors did not work properly." Employees whose information was included in the e-mail have been offered a period of free credit monitoring.

♦ According to USA Today, "The arrest of the International Monetary Fund's Dominique Strauss-Kahn for allegedly trying to rape a housekeeper in a New York City luxury hotel suite is putting the spotlight on hotel security --especially for housekeepers." These women are often afraid to report sexual assaults because of standard hotel policy that the guest is always right. They also worry that if they do report abuse, they will be fired. In this case, the Sofitel waited for an hour before calling police.