|
"Report Faults Air Cargo Security"
The Aviation Security Advisory Committee, which includes aviation groups in the air cargo and airline industries, reported that pilots, flight attendants, terrorism victims' families, and others believe that the government has failed to adequately install preventative and security measures in the air cargo industry. The report issued by the committee pointed to a need for better identification processes for shippers, but also recommended that cargo from unknown shippers be allowed on passenger planes only if it is screened. Other groups argued that the report fails to address the true problem in air cargo security, the lack of package screening before aircraft are loaded. Groups are adamant that the government develop screening processes similar to those used in airports to screen passengers and their baggage. Airlines, on the other hand, are already struggling financially with the screening burdens in the nation's airports and are concerned that similar screening methods for packages would only further deplete their minimal resources. According to the Air Transport Association, airlines currently make 5 percent of their revenue from air cargo, but those revenues are volatile, and any additional screening could easily transform those profits into losses. InVision Technologies Inc. notes that 75 percent of the air cargo now shipped could be screened with existing equipment, but the remainder of the packages are too large, requiring shippers and vendors to create additional means of screening. www.washingtonpost.com xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx "Researchers Look for Ways to Protect Privacy of Electronic Information" Lawyers, technologists, policy proponents, and domain specialists will collaborate in a National Science Foundation (NSF) initiative whose goal is to build an infrastructure that allows sensitive personal data to be mined by organizations while upholding individuals' privacy rights, according to principal investigator Dan Boneh of Stanford University. Yale University's Joan Feigenbaum observes that government and business want to access more information, while individuals desire the benefits of data collection and analysis but not the drawbacks, such as privacy infringement. "Use of transaction data and surveillance data need to be consistent with basic U.S. constitutional structure and with basic social and business norms," she explains. The project collaborators will meet professionally and convene in workshops twice a year, and also consult with students and postdoctoral researchers and work together on publications. Areas of concentration for researchers include the development of tools that can manage sensitive data in peer-to-peer networks, database policy enforcement methodology, and next-generation technology designed to deter identity theft, which Boneh characterizes as "the fastest growing crime in the U.S. and in the world." The NSF will allocate $12.5 million over five years to project participants Stanford, Yale, New York University, the University of New Mexico, and the Stevens Institute of Technology as part of the foundation's Information Technology Research program. Also affiliated with the project are the Secret Service, the Census Bureau, IBM, Microsoft, the Department of Health and Human Services, Citigroup, Hewlett-Packard, the Center for Democracy and Technology, and the Electronic Privacy Information Center. news-service.stanford.edu xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
"Issues in Critical Infrastructure Protection" The U.S. telecommunications infrastructure has been strengthened in order to make the country's communications backbone more resilient and secure against natural, accidental, and deliberate disruptions, but many formidable challenges remain. There is no consistent interconnection between systems and networks, while many infrastructures boast only partial linkage; major organizations--especially first responders--suffer from a paucity of technology integration; emergency response and recovery traits for developing network architectures have yet to take root; and demands for bandwidth, interoperability, and compliance with many technical specifications in order to support multimedia communications are stressing existing infrastructures. From a homeland security viewpoint, the telecommunications infrastructure must be shielded from cyberterrorism and unauthorized access, and bolstered through speedy threat evaluation, punctual distribution of relevant data to first responders, cross-agency communication, and quick implementation of response and recovery plans. The country has several well-entrenched initiatives to respond to natural disasters, man-made accidents, individual terrorist and sabotage acts, and general acts of war, but additional efforts must be made to contend with new threats, such as electromagnetic pulses. The Telecommunications Service Priority system set up by the FCC in 1988 supplies a regulatory, administrative, and operational architecture to support priority restoration and provisioning of national security and emergency preparedness (NS/EP) telecommunications services, while the Wireless Priority Service was introduced this past January to provide similar NS/EP priorities for the wireless domain. The Homeland Security Department has embarked on several projects to shore up the telecommunications infrastructure, including the delineation of a proper security threshold, mapping out the national infrastructure to find more areas where resilience can be added, infrastructure vulnerability and risk assessment through collaboration with public and private sector representatives, and the leveraging of combined infrastructure assets via coordination with America's trading partners. www.contingencyplanning.com xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
"Johns Hopkins APL Creates System to Detect Digital Video Tampering" A Johns Hopkins University Applied Physics Laboratory (APL) project for the U.S. Postal Inspection Service has yielded a system that can detect attempts to doctor digital video, a breakthrough that could help allow reliable digital video to be introduced as evidence in court cases. "Being able to present a certifiable digital recording in court in support of our investigative efforts will minimize court challenges over the admissibility of such evidence," states Dennis Jones of the Postal Inspection Service's Forensic & Technical Services Division. Lead project engineer Nick Beser says his team will build a working prototype of the Digital Video Authenticator that can be plugged into a commercial camcorder. The digital video captured by the camcorder is concurrently written to digital tape and fed into the authenticator, where it is split into individual frames with three digital signatures--for video, audio, and camcorder/DVA control data--for each frame at the camcorder frame rate. Distinct signatures for every frame are generated through public-key cryptography, and APL project manager Tom Duerr explains that "The keys, signature, and original data are mathematically related in such a way that if any one of the three is modified, the fact that a change took place will be revealed in the verification process." The system can detect added frames by their lack of a signature, and altered original frames by discontinuities between the signature and the new data. The signatures are created with a private key that is deleted once the recording is finished, while a public key is used for confirmation and accountability is added via a second set of keys that identify the postal inspector who made the recording and are incorporated into a token that the inspector uses to start taping; after the recording, the signatures and signed public key are moved to a removable repository and secured along with the original tape. The authenticator can trigger an alert even if a single bit of a 120,000-byte video frame is altered. www.jhuapl.edu xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
"U.S. Readies Program to Track Visas" The Homeland Security Department in November intends to release plans for the U.S. Visitor and Status Indication Technology (U.S. VISIT) project, a system that seeks to keep track of every foreign visa-holder in the United States. The program, which analysts estimate will cost $3 billion to $10 billion, is designed to prevent criminals and terrorists from securing visas, and three firms--Accenture, Computer Sciences, and Lockheed Martin--will each organize a team of companies to bid on the U.S. VISIT contract. U.S. VISIT will involve American consular officials fingerprinting and photographing visa applicants in their home countries, and then checking to see if they correlate with terrorist watch lists and criminal databases; agents at border crossings will electronically scan travelers' index fingers to verify their purported identities, and a huge travel and visa database will automatically warn the government of visa expirations. The system will scan only one out of five foreign travelers to the United States, and most foreign visitors do not require visas because they come from 27 nations determined not to be a security risk. Experts warn that the system will be unable to stop people who sneak past borders or individuals sent by malevolent organizations with clean histories. Other factors that may impede the deployment of U.S. VISIT include difficulties in sharing information across 19 separate networks, and unwillingness on the part of other governments to share their visitor files. "I think it's safe to say for non-[Defense Department] programs this is one of the largest efforts to integrate databases together," notes Lockheed Martin's Dick Fogel. Civil rights proponents are concerned that the system could be used to monitor other groups besides foreign visitors and infringe on Americans' privacy. www.washingtonpost.com xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
"Hartford Survey Finds Most Businesses Prepared for Emergencies"A recent Hartford Financial Services Group Inc. survey revealed that 97 percent of small and medium-sized businesses have created one emergency plan, if not more, to protect themselves in the event of a disaster. Plans cover national disasters, workplace violence, terrorism, suspicious mail and packages, trespassing, and other emergencies. Emergency plans will help these companies remain in operation during disasters, while at the same time protecting the company's assets and personnel. The most common step in many of the plans is backing up data and other resources, copying them to disks and tapes, while other companies emailed documents to other locations or printed out paper copies. However, fewer firms have plans in place to report or address workplace violence (61 percent), trespassing (53 percent), or natural disasters (44 percent). Only 26 percent of those surveyed actually perform emergency drills; 24 percent have crisis management teams; and 12 percent have plans to mitigate terrorism risks. Hartford officials have advised businesses to assign leadership duties regarding emergency responses to one individual, who will create a crisis team and conduct emergency drills of contingency plans periodically, and firms should create emergency contact lists and keep them updated, as well as investing in a first aid kit. Once disasters occur, companies should identify and locate all employees, assess the damages sustained, check facilities for safety hazards, photograph and document damages, and begin restoring order to the firm. www.standardpublishingcorp.com xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx "Pentagon Spy Office to Close" A joint congressional panel has elected to shutter the Information Awareness Office of the Defense Advanced Research Projects Agency (DARPA), which was developing the controversial Terrorism Information Awareness (TIA) program. TIA was a data-mining project designed to sift through individuals' computerized transaction records to uncover patterns that may indicate terrorist activity, and critics such as Sen. Ron Wyden (D-Ore.) called the congressional decision a wise move. But although TIA itself may be dead, the software tools under development could still be used by other government agencies for the purpose of gathering intelligence from foreigners both inside and outside the United States, or from Americans stationed abroad. The House and Senate negotiators also prohibited DARPA from engaging in other TIA projects, including the identification of people at a distance through the use of radar or video images of their facial features or their walk. TIA initiatives that DARPA is still permitted to pursue include a project to accelerate bioterror attack detection, the development of software that can automatically translate foreign documents and broadcasts, and the creation of wargaming software that can model terrorist attacks and response strategies. www.wired.com xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx "Hand-Scan Security Devices Draw Applause During Debut" The Toledo Express Airport in Toledo, Ohio, has installed a new hand-scanning security technology that restricts access to 27 doors throughout the passenger terminal. People can enter the doors only if a biometric hand-scanning machine determines that their hand corresponds to a list of hands approved for entry. The security devices, produced by Ingersoll-Rand, have the ability to measure numerous intricacies of a hand, including the length and thickness of a hand, the hand's shape, and the breadth of fingers. That information is turned into an algorithm that is then compared with stored security data, says Rick White, director of transportation security at Ingersoll-Rand. Some 270 airport employees and officials have various levels of clearance to enter the doors. Anyone who unsuccessfully attempts to use the hand scanner three times sounds an alarm that alerts airport police. San Francisco International Airport was the first airport to use a hand-scanner security system; Toledo Express is the second. www.toledoblade.com xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
"Want PC Security? Diversify" Seven computer security company executives, writers, and academics presented a report at a Computer & Communications Industry Association (CCIA) meeting on Sept. 24 arguing that network instability has been worsened by Microsoft's monopolization of the PC sector with the overwhelming presence and usage of the Windows operating system. The authors added that as code used in Windows-integrated applications becomes more sophisticated, the risk of security flaws climbs. "It is essential that society become less dependent on a single operating system from a single vendor if our critical infrastructure is not to be disrupted in a single blow," they declared. CCIA public policy director Will Rodger compared the current PC security plight to agricultural conditions that led to the Irish potato famine and American cotton blight, in that both disasters could have been significantly lessened had farmers diversified their cultivation, in much the same way that networks would suffer less damage from viruses and worms if more people used different operating systems. The report's authors proffered several solutions to the operating-system monoculture problem, including government mandates that no OS account for more than 50 percent of the installed base in a critical industry, and a requirement that Microsoft support some of its most widely used applications on Linux and other rival platforms. Sean Sundhall of Microsoft claimed the report ignored the benefits of an operating-system monoculture, such as ease of patching. The Computer Technology Industry Association (CompTIA) accused the authors of "myopically looking to technology" as the root cause of network security problems, when in fact human error is usually the culprit. CompTIA policy counsel Mike Wendy added that computer security could be bolstered by educating home PC users about the problem and accelerating security training for IT professionals. www.wired.com xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Open Security Exchange Initiates Project With The Security Industry Association To Create New Standards The Open Security Exchange (OSE), a program of IEEE Industry Standards and Technology Organization (ISTO) promoting the integration between disparate components of security infrastructure, today announced that it has submitted a New Project Proposal to the Security Industry Association's (SIA) Standards Committee for the purpose of defining testing criteria for OSE's interoperability specifications for physical and cyber security technologies. SIA, the world-leading trade association for manufacturers and service providers of physical security technologies and applications, has accepted as a working document, the OSE's Physical Security Bridge to IT Security Specification (PHYSBITS) to promote organizational and technical integration between physical and IT systems. Additionally, OSE announced new members, the expansion of its management board, and the creation of new workgroups. Comprised of more than 600 member companies, SIA is an ANSI (American National Standards Institute) accredited standards development organization. SIA's Open Systems Integration and Performance Standards Initiative (OSIPS) will produce a series of American National Standards for Security Systems Integration and Security Equipment Performance standards. SIA's OSIPS program is the result of the joint efforts between SIA and the Department of State and the Department of Defense controlled Counter Terrorism Technical Support Office's Technical Support Working Group (TSWG). It is anticipated that the standards proposed by OSE will become a part of SIA's strategic plan for OSIPS. The PHYSBITS workgroup, chaired by Piers McMahon, chair of OSE's technical committee, will support SIA's OSIPS effort by initially creating testing criteria for physical and IT security systems communications. home.businesswire.com xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Agency turf battles persist in counterterrorism race Senior government officials on Monday sought to detail efforts in the race to develop new counterterrorism technologies. But in their testimony before a House subcommittee, the officials revealed that efforts to develop the technologies remain complicated by the creation of the Homeland Security Department. Homeland Security was designed with a research and development arm that follows a Defense Department model. Concern was raised in a Monday subcommittee hearing that the new agency created overlap and duplication since the federal government already had an interagency process for handling new technologies across government. The interagency Technical Support Working Group (TSWG) involves more than 80 offices and agencies across the federal government. It is run out of State Department, is funded by the State and Defense departments and has about 70 employees. www.govexec.com xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
EU Eyes Biometric Passport Plan
The future is a step closer now that the European Commission has adopted a proposal to compel EU member states to compile biometric information of their citizens and those wishing to enter their countries. In time, this data could appear in the form of fingerprints and electronic facial signatures on passports and visas, and provide further identification information via retinal eye scans at airports and borders.The passport proposal, agreed by the Commission last week, has now been passed to the European Council and European Parliament where further discussions and decisions will be made on whether to make it compulsory for all member states to store fingerprint data and digital facial images of nationals and immigrants who apply for visas or residence permits. www.dw-world.de xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Univ. replaces cards for security Starting today students, faculty and staff can replace their UGACard with a new, more secure version. Students whose UGA Cards still use Social Security numbers as identifiers are required to replace their cards with ones using 16-digit identifiers, said Jerry Anthony, business manager for Student Activities. The replacement was initiated to step away from using the Social Security number as an identifier, Anthony said. Updating the UGACard is part of a plan "that will move the ID card in a whole new phase," he added. In the future, students will be able to put money on their cards and will be able to use them at off-campus locations, he said. Under the old UGACard, he said, stores accessing the account also could access the student's Social Security number, presenting a security issue. www.redandblack.com
|
|