Category: News

Larry Clinton, president of the Internet Security Alliance, told senators that public apathy and ignorance played as much a role in the current state of cyber security as the unwillingness of corporate entities to take responsibility for securing the public’s data. “Many consumers have a false sense of security due to their belief that most of the financial impact resulting from the loss of personal data will be fully covered by corporate entities like the banks,” he said.

As for corporate and government entities that collect and store the public data, they “do not understand themselves to be responsible for the defense of the data,” said Clinton, whose group represents banks, telecoms, defense and technology companies and other industries that rely on the internet. “The marketing department has data, the finance department has data, etc, but they think the security of the data is the responsibility of the IT guys at the end of the hall.”

A 2009 Price Waterhouse Cooper study on global information security found that 47 percent of companies are reducing or deferring their information security budgets, despite the growing dangers of cyber incursions.

To improve cyber security, the public sector would have to institute sufficient market incentives to motivate companies to protect the public’s interests. Philip Reitinger, director of the National Cyber Security Center at the Department of Homeland Security, said that end users also need to be made aware of the simple things they can do to protect themselves — such as keeping software and anti-virus up to date.

“We need to, as a nation and as an IT echo system, continue to make it more simple for people to institute protections to determine if they’ve been compromised and to make sure they stay secure,” said Reitinger, a former Microsoft executive.

Civil liberties were also a concern of the panelists as they discussed privacy issues around the government’s implementation of Einstein 1 and 2 — programs designed to help monitor and protect government civilian networks — and Einstein 3, which the National Security Agency is currently developing for the same purpose. Reitinger said that DHS provides privacy and civil liberties training for those with the U.S. Computer Emergency Readiness Team who are responsible for implementing Einstein. He also said that the DHS’s Office of Cybersecurity and Communications has an oversight officer whose job is to ensure compliance with the rules.

One panelist, Larry Wortzel a retired army intelligence officer, made the case for the NSA to take the lead on the government’s cyber security initiatives, despite the agency’s public stance that it has no interest in assuming the position. “If, in fact, the NSA has technical capabilities beyond those of the providers, why should you be relying on the providers in areas where the NSA actually has greater capability?”

http://www.wired.com/threatlevel/2009/11/cyber-attacks-preventable/

“We’re saying, partner with the private sector and we can push technology forward and innovate.”

Several projects explored the use of maps, including one group that built a widget that allows a user to click on a point in a map to have the coordinates automatically inserted into a message that can then be posted to multiple social networks at once via the HelloTXT service.

The first-place prize went to a group primarily from NASA that worked on a mobile notification app that can be used when regular cellular networks are so bogged down people can’t make phone calls. Using the “I’m OK” app, people can easily notify friends and family members that they are safe via SMS by clicking one button.

http://news.cnet.com/8301-27080_3-10398073-245.html

“My project is the first Web application honeypot with a working vulnerability emulator able to respond properly to attacker requests,” says Lukas Rist, who created Glastopf.

Unlike other Web honeypots that use templates posing as real Web apps, Glastopf basically adapts to the attack and can automatically detect and allow an unknown attack. The project uses a central database to gather the Web attack data from the Glastopf honeypot sensors installed by participants who want to share their data with the database.

“The project will contribute real-world data and statistics about attacks against Web apps — an area where we do not have good collection tools yet,” says Thorsten Holz, Rist’s mentor on the project. “They can, for example, find compromised servers in their space that host PHP bots, or other data related to remote file inclusion vulnerabilities,” he says.

http://darkreading.com/database_security/security/app-security/showArticle.jhtml?articleID=221300001

The New Lenox district is among the first in the south suburbs to adopt this technology, following in the steps of Homewood-Flossmoor High School, which launched the system last year. The system stores the license information so returning volunteers only have to provide their name – which is rerun through the database – to get a new ID badge. “You may not be a sex offender today but may be tomorrow,” said Jason Livezey, District 122’s director of technology.

“It’s important we do this to make sure we ID people who are coming into our schools… But it’s only done when students are in the building, not during after-school events such as basketball games, he said.

If a parent is on the list, board policy states the parent only is allowed to attend parent-teacher conferences and may be supervised.

“No technology will be a magic bullet.” And the technology “is only as good as the adults working in the environment where the equipment is operational,” said school security expert Kenneth S. Trump, president of Cleveland-based National School Safety and Security Services. “The first and best line of defense is a well-trained, highly alert staff and student body,” Trump said via e-mail.

Video cameras and buzzers have become standard procedure, regardless of school size. Tinley Park District 146 is installing a video intercom system requiring all visitors to push a button, which feeds their picture to the school office, where once admitted, they must present a driver’s license. Orland School District 135 installed GPS units on all its buses and will purchase digital radios to improve staff communications. “They are trying to protect kids from falling meteors.”

http://www.fortmilltimes.com/124/story/869690.html

In California, we are confronting the challenges in a coordinated and efficient fashion that will increase protections for the citizens and businesses of this state,” said Weatherford, in a statement announcing the plan.

A California First Weatherford’s new statewide information security plan is the first ever developed for California state government, and it represents a significant milestone for the CISO, given the sprawling nature of California state government and the size and independence of its state agencies.

In an interview with Government Technology earlier this year, Weatherford said California state agency CIOs needed an enterprise security strategy to help guide their efforts.

http://www.govtech.com/gt/733337?topic=117671

Picketing Issues
Other than a strike and picket action by a group of employees against an employer to gain some wage increase or to gain or retain some benefit, we must consider that other demonstrations may take place that could affect a business enterprise. Groups or crowds that may assemble to demonstrate or to picket a company because of some business practice that they feel offends them or others should be handled in the same way as a strike incident. An example of such activity could include issues such as offensive hiring practices, sexual or age discrimination or harassment practices, animal rights (retail stores that sell furs or animal products), or conduct considered abhorrent to certain religious groups (e.g., abortion clinics). If management cannot resolve the situation, the police should be requested.

If the occurrence causes a business disruption or if their presence is illegal, picketers can be removed. Caution and discretion in tactics must be considered if the company hopes to avoid bad press and publicity.

Under various federal laws and sanctions, when a labor violation does in fact occur, a business may seek monetary damages, criminal sanctions, injunctive relief (judgment of unfair labor practices), and disciplinary actions against individuals or the union as a group. However, concerning a demonstration other than a labor issue, a citizen has the right to peaceful assembly under the First Amendment of the U.S. Constitution. This amendment protects the right to picket, no matter whether the purpose is a labor dispute, civil rights, or other demonstrations. Generally, picketing is protected when it is for a lawful purpose, conducted in an orderly manner, and publicizes a grievance of some kind.

The following are the generally accepted rules that control and regulate walkouts and strike actions throughout the country.

Pickets (strikers) have the right to picket, demonstrate, and hold meetings as long as such activity does not violate local, state, or federal law.
Pickets need not be employees of the company.
They may be other union members acting in sympathy with the striking union, or friends and family members of the strikers.
However, they are subject to the same restrictionsand laws governing the striking union members.
Pickets have the right to picket as long as it does not cause a disruption of any of the functions or objectives of the business; they may not interfere with business operations.
Picketing is legal as long as it does not limit or deny access of employees, customers, visitors, vehicles, deliveries, etc., to the business and any of its components.
Blocking anyone or any vehicle from entering or leaving the business property, physically or by threatening behavior, is illegal.
Strikers causing damage to any vehicle crossing the picket line while attempting to enter the property of the facility commit the crime of criminal mischief, reckless or criminal damage to property, or criminal tampering with intent to cause damage or substantial inconvenience.
In addition, strikers causing harm to other employees or persons wishing to enter the striking premises may commit the crime of assault.
If an implement is used and causes damage or injury, the criminal charge will be elevated to a higher degree.
The police have the authority to impose conditions and the number of pickets where they believe large groups of people are likely to cause disruptive or criminal acts.

Upon determining that there will be some type of picketing movement against the company for any reason, company management should notify the local police precinct.

The police will determine whether permits are required for assembly and/or picketing, control the size of the picket action, and regulate their conduct according to law.

Corporate management or security agents (this would include private investigators and security officers) may videotape any picketing action for the purpose of identifying any violent or unlawful act by individuals or groups (strike leaders, organizers, or strikers).

Videotaping for any other reason cannot be justified and may be illegal.

Once the pickets or the organizer of the picketing action are advised and notified by business management that the picketing group, acting individually or in concert, is not to enter upon the property of the business for any reason, such intruder may be arrested for trespassing by company security personnel and turned over to the police for adjudication.

What a Business Can Do Regarding any violation by the pickets or the organizers of the picketing action that affects the business operation, causes adverse publicity, or has an effect on the goodwill of the corporation, management may seek an injunction in court requiring picketers to cease and desist.

Pickets may not block access to the business facility, its parking fields, or its property.

The business may reserve the right to park vehicles to employees, customers, visitors, and other persons who wish to conduct legitimate business.

http://www.csoonline.com/article/506310/How_Security_Should_Handle_Pickets_and_Strikes