Morning Security Brief: Information Sharing, Utilities Vulnerabilities, Supply Chain Resilience, and More
Information sharing still isn't happening like it should be. A security researcher locates more than 10,000 industrial control systems connected to the public Internet. DHS plans to unveil a strategy to protect the U.S. supply chain. And more.
►Lack of information sharing was billed as a mistake that led to the 9-11 attacks. Subsequent investigations found that critical information about what the attackers were planning had not been pieced together because local, state, and federal agencies frequently failed to communicate with one another. The U.S has created or beefed up command centers and fusion centers in order to promote information sharing, but even 10 years later, federal auditors find that networks are often unaware of what the others are doing. California Watch’s G.W. Schulz writes about a new DHS inspector general report that says law enforcement entities and emergency management centers still aren’t effectively communicating.
►A security researcher was able to locate more than 10,000 industrial control systems that were connected to the public Internet , including water plants and other utilities. “Eireann Leverett, a computer science doctoral student at Cambridge University, has developed a tool that matches information about ICSes that are connected to the internet with information about known vulnerabilities to show how easy it could be for an attacker to locate and target an industrial control system,” Wired reported on Tuesday. Leverett found 10,358 devices connected to the Internet and only 17 percent of them asked for authorization to connect. Leverett passed his research to the Department of Homeland Security last September.
► DHS secretary Janet Napolitano will reveal a new U.S. strategy to protect the U.S. supply chain during her visit to Switzerland this week, the Associated Press is reporting. The AP has obtained a copy of the document, called the National Strategy for Global Supply Chain Security , and says it outlines a plan to protect U.S. goods from “terrorists, criminals, and natural disasters.”
►In other news, Department of Justice inspector general Cynthia A. Schnedar says an investigation into the progress made toward implementing an Integrated Wireless Network for emergency personnel found that the program was never funded "at a level to adequately attain the goals of the program.” ♦ A controversial column from Investor’s Business Daily says college campuses are failing to vet Muslim chaplains who aim to radicalize students . ♦ And Charlotte adopts new ordinances created to enhance security at the 2012 Democratic National Convention.