NIPC Daily Report 04 April 2002
The NIPC Watch and Warning Unit compiles this report to inform recipients of issues impacting the integrity and capability of the nation's critical infrastructures. New options in assault on smallpox. The disclosure that a large cache of smallpox vaccine is available to control a bioterrorist attack has put an unusual focus on the vaccine. Vaccinating every American would immediately eliminate the threat of a bioterrorist smallpox attack. But the vaccine can be hazardous, and the available supply of 77 million doses is insufficient to cover 285 million Americans. One reason the vaccine poses risks is that it is crude by today's standards. The newly disclosed cache to be donated by the drug company Aventis Pasteur dates from 1958 when the vaccine was made the traditional way. Whether the cache could be diluted to provide as many 450 million emergency doses will depend on tests that will be performed in the next two months. (New York Times, 02 Apr) With vaccine available, smallpox debate shifts. In the aftermath of last fall's anthrax assaults, the federal government has worked to expand its stockpile of vaccine against the possibility that terrorists might get hold of one of the remaining stocks of live virus and mount a biological attack. The disclosure that the drug company Aventis Pasteur had tens of millions of doses that could potentially be diluted to vaccinate everybody shifted the debate sharply. The 1976 flu vaccine program showed how easily a tide could turn. Soon after the immunizations began, the news media began a national body count of those that had had the vaccine and died. Large studies had shown that the flu vaccine was not particularly dangerous and that the few reactions it caused tended to be mild, like soreness in the arms. (New York Times, 30 Mar) WWU Comment: The two previous articles reveal two hurdles for a national vaccination plan. The first issue is how to manufacture and distribute enough of the proper vaccine. The second and most difficult issue is figuring out how to handle the public's perception of the vaccine. Tech revs up ambulance services. More than 100 ambulance services in South Dakota - most of them volunteer organizations - have been outfitted by the state with new computers and software that government officials hope will significantly boost the services' ability to react during major disasters and emergencies. The new systems will bring all of the ambulance services onto the Internet, many of them for the first time, allowing state officials to quickly reach them via e-mail in the event of an emergency. The systems also will help streamline ambulance service bureaucracy, enabling them to file required trip reports electronically rather than using error-prone scanning of paper forms (Scanning produced error rates of 15-25 percent). Electronic filing will enable ambulance services to build local databases to analyze what emergencies they respond to and when. They'll then be able to schedule such things as extra training where it is needed. (Federal Computer Week, 02 Apr) WWU Comment: Despite security concerns about wireless data transmission, this is a major step forward in improving emergency response. Streamlined data processing is the most tangible benefit of this type of automated system. The more important benefit will be increased dispatching efficiency and correspondingly faster response times. Study: Emergency rooms handling more. A study by emergency room physicians has found that hospitals are handling more urgent cases than they did a decade ago, and those more extensive treatments are tying up beds and exacerbating overcrowding. Dr. Brent Asplin, a St. Paul, Minn., emergency physician and member of the ACEP task force on emergency room overcrowding, said the new study demonstrates that even if hospitals could empty their waiting rooms of non-urgent care patients, overcrowding would persist. "It's the sickest patients who are holding up the monitored beds,'' Asplin said, "And when those beds are filled, ambulances must be diverted to other hospitals, sometimes delaying care for extremely ill patients." Nationwide, there is a shortage of nurses and a declining number of hospital beds, which means emergency room patients admitted to hospitals can face lengthy waits for beds. (Associated Press, 28 Mar) WWU Comment: As communities continue to grow medical resources likely will be spread even thinner. Medical and emergency services should have equal footing with security concerns and other front-line services, or run the risk of being ill prepared during a disaster. This issue will be rapidly and severely magnified in the event of a mass-casualty disaster. Who's defending the homeland? Several congressional committees are debating how to spend billions in homeland defense dollars. State and local governments are going ahead with security plans, waiting for federal funds to flow, and haggling over who should have the ultimate say over how communities protect themselves from terror. The terror threat has altered the relevance of national security for officials on the state and local level in the area of national security. Communities have different levels of readiness, unequal financial resources, varying emergency services systems that may not easily work together in a major disaster, and unique assets that require protection. Major cities like Los Angeles or New York require a different security approach than safeguarding a weapons stockpile in the rural Midwest. (ABC News, 02 Apr) WWU Comment: The nature of coordinated disaster recovery, while greatly assisted by federal resources, continues to be focused at the state and local level where efforts can best benefit their specific citizens and community needs. The homeland security issue will undoubtedly intensify the debate over operational control of federal funds, especially given the sense of urgency expressed in the localities. High-technology firms vie to fight terrorism. Federal offices at all levels have been inundated in recent months with phone calls and visits from company executives, scientists and private citizens whose messages can be summarized as, "We have the security answer for you." Suddenly, government has become the most important potential customer and financier; one that is being courted with aggressiveness seldom matched. Many companies are forming homeland-defense task forces or shifting resources to their government service units, where their approach is to utilize existing technologies for analysis of currently collected data. (Washington Post, 31 Mar) WWU Comment: By applying existing software tools to data already being collected, these high-technology firms should be able to provide the government with sufficiently accurate results with minimal costs. Both Industry and academia must continue to work with government, as well as with one another, in R&D efforts to further the multitude of homeland defense efforts. Arizona test-drives PKI. Arizona's Motor Vehicle Division (MVD) is testing the use of public key infrastructure (PKI) to secure online transactions with commercial firms, potentially setting the stage for broader use, including, one day, smart driver's licenses, a state official said. PKI technology allows users to securely and privately conduct transactions with companies or government agencies through a browser. Transactions are encrypted, providing the decryption key only when a user's identify has been authenticated with a digital certificate. (Federal Computer Week, 01 Apr) WWU Comment: Expanded government use of existing technologies is a step forward in improved government efficiency. Streamlining government services will enhance the quality and the speed of service provided to its citizens. Idea of combining food safety agencies gains momentum. Food and Drug Administration (FDA) Deputy Commissioner Lester Crawford said the split of responsibility between the Department of Agriculture and the FDA is a "curious division" and that he considers recent calls for a single food safety agency to be serious. In March, Homeland Security Director Tom Ridge told an industry sponsored food safety summit that the Bush administration continues to consider supporting the creation of a single food safety agency. (Govexec.com, 03 April) Are web sites as secure as they seem? A recent survey of Web server usage conducted by Netcraft found that up to 18 percent of servers using Secure Socket Layer (SSL) encryption technology for Web site encryption are potentially vulnerable to hackers. SSL, a common protocol for managing the security of message transmission on the Internet, is most secure with a key of at least 1024 bits. Currently, approximately 60 percent of all Web sites that use SSL are based in the US, where 15 percent of those sites are using short keys. Further, sites that rely on Transport Layer Security (TLS) protocol, the successor to SSL, are also susceptible to the same vulnerabilities. Ian Peacock, security consultant at Netcraft explained, "For both SSL and TLS, there has been talk in the developer community to build browsers that indicate how strong the security connection is and it doesn't seem that would be too difficult to achieve." (IDG News Service, 03 Apr) Experts watch IE for anticipated malicious code activity. Believing hackers have pieced together several serious exploits, researchers at TruSecure Corp. issued a "watch" to their customers, saying a fresh wave of Microsoft Internet Explorer (IE) attacks could hit the Internet in the next one to four weeks. TruSecure learned that hackers had completed a lengthy analysis of several IE vulnerabilities and compiled exploits for inserting and executing malicious code. (Security Wire Digest, 01 Apr) WWU Comment: Cooperation in developing malicious software code is a trend that is growing at an alarming rate. Analytical collaboration is a major step beyond simple sharing of exploits and vulnerabilities. 'Combined exploits' is a developing trend that poses a very serious threat. Malware's destructive appetite grows. 'Friday the 13th' and 'Form' took two to three years to go from birth to being No. 1 [in reported attacks]. The macro virus 'Concept' took two to three months, and 'Nimda' took 22 minutes to go to No. 1. Although the number of new viruses introduced each year is declining, 'malware' is getting far more destructive, spreading by multiple vectors and launching multiple attacks. 'Nimda' propagated in five ways and carried multiple payloads - not just data destruction but also creating vulnerabilities and exploiting them. (ComputerWorld, 01 Apr) My life worm mutating into new forms. Four mutations of the destructive MyLife.a (w32.mylife.a@mm) virus were released at the end of March. All four new variants of MyLife share the same mass-mailing characteristics of the original, and email themselves itself to all addresses in the Microsoft Outlook address book and the MSN Messenger contact list. (ZDNet, 02 Apr) WWU Comment: The two previous articles clearly illustrate the severity of collaborative programming and combined exploits. The increasing speed of propagation and the subtlety of some malware will continue to challenge system administrators and security professionals. XML security risks. eXtensible Markup Language (XML) is a universal standard for document and data exchange that describes the logical structure of a document and creates tags that contain and define data. Increasingly, data is being stored in databases using the XML format because XML eliminates the overhead common to relational databases and creates complex schemas for multiple tables that can work across products and platforms. The security risk is created when data definitions and data are packaged together and transmitted across the Internet, providing anyone that can access the data the keys to the content as well as the context. (PC Magazine, 02 Apr) Cisco security flaw could lead to DoS. Cisco Systems issued an advisory the week of 25 March saying that its Call Manager versions 3.0 and 3.1 call-processing application has a security flaw that could leave the product open to a denial of service (DoS) attack. The authentication failure problem is most common in systems that have been recently integrated with customer directories. Customers should contact Cisco, their reseller, or other normal channels to obtain a security fix for the vulnerability. More information about the vulnerability is available in Cisco's advisory, posted on line at http://www.cisco.com/warp/public/707/callmanager-ctifw-leak-pub.shtml. (Info World, 02 Apr) IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk
