Morning Security Brief: NIST Report on Joplin Tornado, U.S.-Afghan Pact Still Not Signed, 2014 Cybersecurity Forecast, and More
NIST releases a comprehensive report on the deadliest and costliest tornado on record--the one that struck Joplin, Missouri in 2011; a U.S. official warns that security in Afghanistan could be threatened if the U.S-Afghan security pact is not signed quickly; risk management firm Kroll releases a 2014 cybersecurity forecast; and more.
► The National Institute of Standards and Technology (NIST) has released a 492-page report on the 2011 tornado in Joplin, Missouri, complete with findings and recommendations for future scenarios. According to Government Security News, “NIST sent four engineers to Joplin from May 25-28, 2011 to conduct a preliminary reconnaissance of building performance and emergency communications during the tornado. Based on the analysis of the data collected and other criteria required by regulation, NIST Director Pat Gallagher established a research team to proceed with a more comprehensive study of the impacts of the disaster.” NIST's findings include that the town of Joplin, where 161 people were killed and over 1,000 injured, was wholly unprepared for what ended up being the costliest and deadliest single tornado on record. “NIST found that Joplin residents had limited access to underground or tornado–resistant shelters,” according to the report, which also noted, “There were no community shelters or safe rooms in the City of Joplin or Jasper County at the time of the May 22, 2011, Joplin tornado.” The report adds that technology was insufficient to predict the strength of the impending weather disaster. “NIST recommends that a capacity be developed and deployed that can measure and characterize actual near–surface tornadic wind fields for use in the engineering design of buildings and infrastructure.”
► Mounting international frustrations over Afghan president Hamid Karzai’s refusal to sign the U.S.-Afghan security pact may threaten security in the region down the road. Reuters reports that “After an assembly of Afghan elders, called a Loya Jirga, endorsed the pact last month, Karzai surprised the international community when he said he might not sign the deal until after elections in April.” The pact would establish guidelines for the remainder of some U.S. troops after most international forces have withdrawn from Afghanistan by the end of 2014. The United States has been in talks with the Middle Eastern nation over the issue, and U.S. special envoy James Dobbins arrived in Kabul today “for talks with the government.” One U.S. official who spoke anonymously to Reuters said that the international community would not tolerate Karzai’s stalling very long. “The longer this goes on, the more that international support will erode,” the official said. "It is quite clear to us that the delay in signing this agreement is adding tremendous uncertainty to an already uncertain environment in Afghanistan."
►Global risk management firm Kroll has released its third annual Cybersecurity Forecast, predicting what major issues companies will face on the cyberfront in 2014. “The latest forecast highlights seven trends identified by Kroll and suggests that a changing tide in cyber standards, both social and legal, will require organizations to take stronger actions and safeguards to protect against reputational, financial and legal risks,” according to the official press release. One prediction is that frameworks from the National Institute of Standards and Technology (NIST) and others “will become the de facto standards of best practices for all companies…. Whether compulsory or unstated, these standards will drive organizational decision-making with regard to cyber security. Organizations that don’t follow suit may find themselves subject to shareholder lawsuits, actions by regulators, and other legal implications.” Other trends include that the malicious insider threat will “become more visible,” and that as BYOD and cloud technologies continue to proliferate, “more accountability will be required for implementing policies and managing technologies.”
►TechCrunch reports that security blogger Brian Krebs has discovered a credit card skimmer , a machine that steals your credit card number when you swipe it, that looks just like a POS (point of sale) terminal. “It is virtually indistinguishable from the actual POS card reader and can be slipped on and off without the retailer's knowledge...” according to the news report.