National Infrastructure Protection Center NIPC Daily Open Source Report for 3 December 2002
Daily Overview . CNN reports a statement attributed to al-Qaeda claimed responsibility Monday for last week's terrorist attacks on Israeli targets in Kenya. (See item 13) . IDG.net reports President George W. Bush signed the Cyber Security Research and Development Act into law on Wednesday, providing $880 million to fund a variety of IT-security based programs. (See item 11) . CNN reports the Carnival cruise ship Fascination returned from a three-day sail Monday carrying more than seven dozen people who had contracted a gastrointestinal virus; this is possibly the third Norwalk-related cruise cancellation from a Florida port in recent weeks. (See item 14) . ABC news reports South Korean activists have attacked the White House computer server with electronic mail bombs to protest the acquittal of two U.S. soldiers accused of killing two schoolgirls in a road accident. (See item 12) NIPC Daily Report Fast Jump [click to jump to section of interest] Power Banking & Finance Transportation Gas & Oil Telecommunications Food Water Chemical Emergency Law Enforcement Government Operations Information Technology Cyber Threats and Vulnerabilities Internet Alert Dashboard General NIPC Information Power Sector 1. December 2, Platts Global Energy - Switzerland changes nuke liability regulation after 9/11. Switzerland has changed the country's nuclear energy liability regulations, and has increased the government's liability in case of terrorism attacks on nuclear power plants. Under the new regulation, the government is liable for SFr500-mil to SFr1-bil ($741-mil to $1.483-bil), the Swiss government said in a statement. After the events of Sep 11, 2001, private insurance companies have reduced their liability to SFr500-mil for attacks on nuclear power plants. To cover the cost, operators of nuclear power plants in Switzerland have to swallow a hike of 12.7% in their insurance premiums. Source: http://www.platts.com/archives/94036.html Current Electricity Sector Threat Alert Levels: Physical: ELEVATED, Cyber: ELEVATED Scale: Low, Guarded, Elevated, High, Severe [Source: ISAC for the Electricity Sector (ES-ISAC) - http://esisac.com] [return to top] Banking and Finance Sector Nothing to report. [return to top] Transportation Sector 2. December 2, U.S. Customs Service - U.S. Customs 24-hour rule begins Monday. U.S. Customs Commissioner Robert C. Bonner announced Monday that the new 24-hour rule requiring advance cargo manifests from sea carriers goes into effect on Monday, December 2. Under the new rule, Customs will grant sea carriers a 60-day grace period to fully implement the program. "Over the next two months we strongly encourage rapidly increasing compliance by all parties that are required to take action under the regulation. By quickly implementing the '24-hour rule,' we can together do a better job of protecting the American people and the global trading system as a whole," said Commissioner Bonner. "Customs will continue to provide many types of assistance at both the local (port) level and at the Headquarters level, to assist companies in the operational transition to the new procedures. Knowing the contents of a container before it is loaded onto a ship bound for the U.S. is a critical part of our efforts to guard against the terrorist threat." Source: http://www.customs.ustreas.gov/hot-new/pressrel/2002/1202-00.htm 3. December 2, Federal Computer Week - TSA preps smart ID pilot programs. The Transportation Security Administration (TSA) is ramping up its smart card-based programs designed to put identification into the hands of transportation workers nationwide and allow frequent travelers to get through airports quickly. TSA is preparing to launch two regional pilot projects for its Transportation Worker Identification Credential (TWIC) System that will provide workers at airports, ports, railways and other locations with secure access to buildings and systems. TWIC is "a system of information systems," said Elaine Charney, TSA's TWIC program manager. The goal is to produce an integrated system that can support one identification card, which then can be used across all transportation industries, she said. TSA officials will soon begin the three-month planning phase of the TWIC pilot project in the Philadelphia/Wilmington, Del., region, Charney said, and soon after will begin the planning phase for the Los Angeles/Long Beach, Calif., region pilot project. Source: http://www.fcw.com/fcw/articles/2002/1202/news-tsa-12-02-02.asp 4. December 1, Houston Chronicle (Texas) - Port security a concern despite recent upgrades. The Port of Houston's civilian and military officials consistently say Ship Channel security is tighter than any time since World War II. Still, each week, two or three intruders -- usually fishermen or port construction workers -- are intercepted in the five "safety zones" around the Houston area's industrial centers. The Houston port's industrial complex -- at least 150 plants valued at roughly $15 billion -- represents about half of the nation's petroleum-processing capacity. The world's sixth-largest port and second-largest center for processing petroleum, the complex last year handled more than 92 million tons of oil and oil products. Rice University chemistry professor John Margrave recently warned that "the public doesn't really appreciate the amount of energy that's stored in a big cylinder of fuel oil or the combustible materials and natural gas in the tank farms up and down the channel." Margrave, who recently participated in a Washington, D.C., security conference, noted that a ship loaded with combustible materials could explode with the force of an atomic bomb. Last week, port authority directors used $1.5 million of a federal security grant in awarding a contract for construction of a port security command center. When completed in 18 months, the facility will be a nerve center linking the Coast Guard, FBI, Houston police, and other key law enforcement and emergency agencies up and down the channel. The remaining $300,000 is being used for a port security plan due to be released this month. Source: http://www.chron.com/cs/CDA/ssistory.mpl/front/1682732 [return to top] Gas and Oil Sector 5. November 30, Reuters - Venezuela signs to develop LNG project. Venezuela signed an agreement on Saturday with an Anglo-Dutch company and another firm from Japan to start developing a $2.7 billion liquefied natural gas (LNG) project which aims to make the oil-rich nation a net gas exporter by 2007. The preliminary development accord for the Mariscal Sucre project in northeast Venezuela was initialed by state-run Petroleos de Venezuela (PDVSA), Royal Dutch/Shell and Japan's Mitsubishi Corp. It foresees the start of economic and technical feasibility studies for the project, designed to produce 4.7 million tons of LNG a year, most of which is expected to go to U.S. customers. Source: http://story.news.yahoo.com/news?tmpl=story&u=/nm/20021130/bs_nm/energy_ venezuela_gas_dc_1 6. November 30, Washington Post -Saudis move to increase oil market clout. Saudi Arabia has reclaimed its position as the number one foreign supplier of crude oil to the United States in recent months and offered to further increase sales in December, the Energy Department reported. The Saudis have boosted production by an estimated one million barrels a day above the quota set by the OPEC, according to a New York industry analyst. At the same time, the Saudi government has amassed a foreign exchange war chest in the range of $90 billion to $100 billion, enabling its economy to weather a prolonged period of low oil prices should Iraqi President Saddam Hussein be ousted in a U.S.-led military campaign, and Iraq's production surge thereafter. If U.S. military action in Iraq goes awry, leading to the hoarding of higher-priced oil, only Saudi Arabia has sufficient spare capacity to calm markets, U.S. officials acknowledge. Within 30 days, according to the Energy Department, it could flood the market with as much as 2 million barrels a day from wells it is not now using. Source: http://www.washingtonpost.com/wp-dyn/articles/A54986-2002Nov29.html [return to top] Telecommunications Sector 7. December 2, The Washington Times - Key parts left out of District's radio upgrade. The District's new public safety radio system, already delayed in being built, faces more delays because a money-saving move cut three key parts of the system from the contractor's bid, said city officials involved in the project. The contract change and likely delay could force the District to lose some of the $46 million it has received in federal homeland security funds to build new transmitters, antennas and other radio systems for the police and fire departments by Sept. 30. Meanwhile, firefighters continue to use a system riddled with dozens of dead spots and police officers use a different system that is so old that replacement parts are no longer available. The D.C. Office of Chief Technology Officer (OCTO), which has a $31 million budget to build the radio system, cut from its recently approved contract with Motorola Inc. three components that will be bid separately from the contract, said Linda Argo, chief of staff for the agency. Mrs. Argo said the components-about 1,200 portable radios for the Metropolitan Police Department, a backup microwave antenna system, and automatic diagnostic and alarm systems for failing transmitters and antennas-were cut from the contract to save money. Source. http://www.washingtontimes.com/metro/20021202-963847.htm [return to top] Food Sector Nothing to report. [return to top] Water Sector Nothing to report. [return to top] Chemical Sector Nothing to report. [return to top] Emergency Law Enforcement Sector 8. November 30, New York Times - Terror attacks on 'soft' targets complicate security. Disrupting terrorist attacks, already a daunting job, has been made tougher still because extremist groups are increasingly willing to attack vulnerable, "soft" targets like the Israeli-owned resort gutted this week in Kenya. The suicide bombings at a hotel, coming just six weeks after suspected operatives or affiliates of al-Qaeda killed more than 190 people at a resort in Bali, presented intelligence officials with yet another set of vexing problems. The challenge comes in deciding where to focus security and intelligence resources if the enemy appears able to strike almost anywhere. "Because this was such a soft target, it's impossible to guard against something like this," said Vincent M. Cannistraro, a former counterterrorism official at the Central Intelligence Agency. "There are targets all over the world, and tourists are totally defenseless." Source: http://www.nytimes.com/2002/11/30/international/africa/30ASSE.html [return to top] Government Operations Sector 9. December 2, Washington Post - Identifying a way to help Mexicans living in the U.S. The matricula is a Mexican government document that certifies the name and age of the bearer. It has been used, in various forms, for more than a century. But it caught on in a big way only this year, after Mexican President Vicente Fox's government redesigned the card and launched a campaign to win its acceptance as a valid form of ID in the United States. Over the past eight months, more than 80 cities, about 600 police departments and thousands of businesses have formally recognized the Mexican matricula for identification, according to the Mexican Foreign Ministry. Thirteen states have agreed to accept the card as sufficient ID for a driver's license application, without regard to the applicant's visa status. Source: http://www.washingtonpost.com/wp-dyn/articles/A61424-2002Dec1.html [return to top] Information Technology Sector 10. November 27, ZDNet News - Feds, firms unveil test for security pros. A new certification program for entry-level computer-security professionals will officially get up and running Monday, said representatives of the combined industry-government group behind the exam. The Security+ certification, brainchild of the Computing Technology Industry Association (CompTIA), could become a minimum requirement that would help companies and government agencies hire knowledgeable network administrators. CompTIA is made up of two dozen trade and government security experts. "This is going to be an entrance into the security profession, a validation of knowledge," said Kris Madura, Security+ program manager for CompTIA. CompTIA also includes members from the Secret Service and the National Institute of Standards and Technology, the organization that sets the hiring standards for nonmilitary government agencies. Security certification got a big boost last September, when the Bush Administration published a draft form of the National Strategy to Secure Cyberspace. Source. http://zdnet.com.com/2100-1106-975556.html [return to top] Cyber Threats and Vulnerabilities 11. December 2, IDG.net - President signs Cybersecurity bill into law. President George W. Bush on Wednesday signed the Cyber Security Research and Development Act into law, providing $880 million to fund a variety of IT-security based programs. Passed by the U.S. House of Representatives on Nov. 12 by voice vote, the Act is designed to fund research and workforce training in computer security. The bill had received a unanimous Senate vote Oct. 16. The Act will fund programs designed by the National Science Foundation and National Institute of Standards and Technology to create new cybersecurity research centers, offer grants and scholarships to students pursuing computer security studies, and encourage senior researchers to study the field. The $880 million would be spent over five years. Source: http://www.idg.net/ec?go=1&content_source_id=13&link_id=771271&referer=& sud=1 12. December 1, ABC News - South Koreans launch cyber attack on U.S. over schoolgirls' deaths. South Korean activists have attacked the White House computer server with electronic mail bombs to protest the acquittal of two U.S. soldiers accused of killing two schoolgirls in a road accident. Meanwhile, four people have been arrested breaking into a U.S. army base and riot police have stopped 300 protesters from marching on the American embassy in Seoul. South Korean hackers and Internet users launched the bombs at the server at 0300 GMT. However, an activist says the cyber attack is "largely ineffective due to an advanced filtering system at the White House". The activist says a second attack will be launched. Some 25 million people, more than half of the South Korean population, have access to the Internet and regularly use email. The attack was led by a coalition of 130 civic groups, which have organized protests since two 14-year-old girls were crushed to death by a 50-tonne military vehicle on their way to a birthday party in June. Source. http://abc.net.au/news/newsitems/s738547.htm Internet Alert Dashboard Current Alert Levels Internet Security Systems AlertCon: 1 out of 4 https://gtoc.iss.net/ Security Focus ThreatCon: 1 out of 4 http://analyzer.securityfocus.com Last Changed: 26 November 2002 Last Changed: 23 November 2002 Current Virus and Port Attacks Virus: #1 Virus in USA: PE FUNLOVE.4099 Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 137(netbios-ns); 80(http); 1433(ms-sql-s); 21(ftp); 4662(???); 25(smtp); 139(netbios-ssn); 445(microsoft-ds); 443(https) Source: http://isc.incidents.org/top10.html; Internet Storm Center [return to top] General Information 13. December 2, CNN - Al-Qaeda claims "credit" for Kenya attacks. A statement attributed to al-Qaeda claimed responsibility Monday for last week's terrorist attacks on Israeli targets in Kenya. Last week's suicide bombing at an Israeli-owned resort hotel in Mombasa killed 10 Kenyans and three Israelis. A missile attack on an Israeli charter jet leaving Mombasa the same day was unsuccessful. No one aboard was hurt and the plane landed safely in Tel Aviv. Paul Eedle, a London-based computer expert who monitors Web sites linked to the terrorist organization, said the statement appeared on sites that regularly carry al-Qaeda pronouncements. U.S. officials said Monday the shoulder-fired missiles used to target the charter jet apparently came from the same batch as one used in a failed attempt to shoot down a U.S. military plane near the Prince Sultan Air Base in Saudi Arabia last May. Serial numbers on the two weapons were close, according to sources. That "strongly suggests" a link to al-Qaeda, said a U.S. official, who stopped short of calling the evidence conclusive. U.S. intelligence officials said they believe they know where and when al-Qaeda operatives obtained the Soviet era SA-7s, which have an effective range of 10,000 to 12,000 feet. Source: http://www.cnn.com/2002/WORLD/africa/12/02/kenya.probe/index.html 14. December 2, CNN - Another sick ship returns to port. The Fascination has apparently also been struck by a gastrointestinal virus. The Carnival cruise ship returned from a three-day sail Monday carrying more than seven dozen people who had contracted a gastrointestinal virus, health and police officials said. The Fascination, an 855-foot ship that carries as many as 2,052 passengers and 920 crew members, returned to the Port of Miami waters shortly before 5 a.m. after a voyage to the Bahamas. Florida's Department of Health alerted police officials Sunday that the ship would return to port with numerous sick passengers, although Carnival spokesman Tim Gallagher refused to confirm if anyone aboard was ill. It could not be immediately determined if the illness is the same Norwalk-type virus that has plagued other cruise ships in recent weeks, including Holland America's ship Amsterdam and the Disney ship Magic. Holland America Line Inc. is owned by the Miami-based Carnival Corp. The Amsterdam, which was held at Port Everglades in Fort Lauderdale for 10 days while being thoroughly decontaminated after nearly 1,000 people fell ill on its last four trips, departed on 10-day Caribbean cruise Sunday with 1,261 passengers aboard. Should the Fascination's departure be scrubbed, it would be the third Norwalk-related cruise cancellation from a Florida port in recent weeks. Source: http://www.cnn.com/2002/TRAVEL/12/02/sick.cruise.carnival.ap/index.html 15. December 2, Portsmouth Herald (Portsmouth, NH) - Agricultural security gets priority. Last month, the New Hampshire Department of Agriculture received approximately $121,000 in federal homeland security funds to hire an entomologist and laboratory assistant. Their jobs will be to monitor and find ways to eradicate some of the non-native insects that are already causing concerns in the state. They will also be responsible for making sure that the state's plants and animals remain safe from the introduction of other species or diseases that could threaten local food supplies, said state agricultural commissioner Steve Taylor. "Homeland security deals with any kind of pest that could disrupt the food supply or our economic structure by destroying our lumber industry," Taylor said. The department currently deals with invasive species and diseases, but its funding has been limited, which in turn limits its scope of work to going after only those that are the most damaging, the commissioner said. Source: http://www.seacoastonline.com/news/12022002/news/1140.htm 16. December 2, Associated Press - New York City develops plan to deal with potential smallpox outbreak. The draft, put together by the New York City Department of Health and Mental Hygiene, was to be submitted to the federal Centers for Disease Control and Prevention on Monday, said department spokeswoman Sandra Mullin. No specific details on the city's strategy were being released since the plan was only a draft. Mullin said among the issues considered were diversity in the city of 8 million residents and how to get information out to people who speak a range of languages and hold a variety of beliefs about vaccinations. Mullin said other concerns included looking at different scenarios based on where a case came into the city's health system and educating hospitals about the disease, which hasn't been diagnosed in the United States in decades. Another draft plan, detailing a strategy for vaccinating medical workers before any possible outbreak, is scheduled to be submitted next week. The federal government has set a Dec. 9 deadline for states and some large cities to submit plans for dealing with smallpox outbreaks. Source: http://www.newsday.com/news/local/wire/ny-bc-ny--smallpox-vaccine1202dec 02,0,19721.story?coll=ny-ap-regional-wire 17. November 30, Associated Press - Union ends three-month strike at government lab. Maintenance workers at a highly sensitive government laboratory on Plum Island ratified a contract Saturday, ending a three-month-old strike, union officials said. The 76 workers are expected to go back to work sometime this week, said Marty Glennon, a lawyer for Local 30 of the International Union of Operating Engineers. They walked out on Aug. 13 in a dispute over wages, benefits and retroactive pay. The Plum Island Animal Disease Center, located on an 850-acre island off the eastern tip of Long Island, studies highly contagious animal viruses such as foot-and-mouth disease. The strike by the lab's maintenance workers raised security concerns after LB&B Associates Inc. of Baltimore, the subcontractor that provides the maintenance services, brought in replacement workers. Source: http://www.washingtonpost.com/wp-dyn/articles/A57890-2002Nov30.html. [return to top] NIPC Products & Contact Information The National Infrastructure Protection Center (NIPC) serves as a national critical infrastructure threat assessment, warning, vulnerability, and law enforcement investigation and response entity. The NIPC provides timely warnings of international threats, comprehensive analysis and law enforcement investigation and response. The NIPC provides a range of bulletins and advisories of interest to information system security and professionals and those involved in protecting public and private infrastructures. By visiting the NIPC web-site (http://www.nipc.gov), one can quickly access any of the following NIPC products: 2002 NIPC Advisories - Advisories address significant threat or incident information that suggests a change in readiness posture, protective options and/or response. 2002 NIPC Alerts - Alerts address major threat or incident information addressing imminent or in-progress attacks targeting specific national networks or critical infrastructures. 2002 NIPC Information Bulletins - Information Bulletins communicate issues that pertain to the critical national infrastructure and are for informational purposes only. 2002 NIPC CyberNotes - CyberNotes is published to support security and information system professionals with timely information on cyber vulnerabilities, malicious scripts, information security trends, virus information, and other critical infrastructure-related best practices. 2002 NIPC Highlights - The NIPC Highlights are published on a monthly basis to inform policy and/or decision makers of current events, incidents, developments, and trends related to Critical Infrastructure Protection (CIP). Highlights seeks to provide policy and/or decision makers with value-added insight by synthesizing all source information to provide the most detailed, accurate, and timely reporting on potentially actionable CIP matters. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk