Protecting Critical Infrastructure in an Apathetic Environment
Following the 9/11 attacks in the United States, the country implemented a broad range of security measures at seaports, airports and along the US border in order to strengthen the security of the country. Now almost ten years later without another attack, some security professionals worry that business and political leaders and the public at large are growing apathetic about the threat of terrorism.
Marshall Keith James of SoBran, Inc. wrote an interesting article for security managers who are working against the grain in this environment. http://homelandsecuritynewswire.com/facing-challenge-protecting-critical-infrastructure-apathetic-environment-m-k-james-sobran-inc?page=0,0
Some of his advice to security managers is as follows:
- Articulate the threats to your operation without exaggeration
- Understand and test your security plan
- Identify potential targets and specific threats
- Avoid pre-packaged solutions which are "hazard centric"
- Counter apathy with enthusiasm
- Develop advisory relationships with security professionals experienced in plan development and implementation
Reliant Security provides professional security services and consulting to business and government clients throughout the Western United States.
Sincerely, Matthew Cooper, CPP VP Reliant Security
House Passes Cybersecurity Enhancement Act
On Thursday the US House of Representatives overwhelmingly passed the bipartisan Cybersecurity Enhancement Act.
See the AFP article here: http://www.google.com/hostednews/afp/article/ALeqM5jRMjda7dUrbt8_XlVUWSB4Dmr01w
The bill increases funding for cybersecurity research and a public awareness campaign. The bill allocates 400 million dollars for security related grants through the National Science Foundation and seeks to increase cooperation between research universities and government agencies charged with protecting networks that are critical to the nation.
As businesses and government agencies become more dependent on the internet to conduct business, the risks of hacking, data theft and network disruptions are growing.
Following passage of the bill, Oregon Democratic Representative, David Wu, said that, "Securing cyberspace is vitally important to both our safety and our national economy. We cannot stand by and let the most powerful tool for connecting Americans with each other and the world remain the Wild West of technology."
Reliant Security provides the latest security solutions for clients throughout the western United States.
Sincerely, Matthew Cooper, CPP VP Reliant Security
Cybercrooks Targeting Small Businesses That Bank Online
The FBI and the American Bankers Association recently warned small businesses about the potential perils of online banking. According to an article in USA Today, "Cybergangs have inundated the Internet with 'banking Trojans' — malicious programs that enable them to surreptitiously access and manipulate online accounts." Read the full article here: http://www.usatoday.com/money/industries/technology/2009-12-30-cybercrime-small-business-online-banking_N.htm
Due to the proliferation of banking Trojans on the internet, experts recommend that small businesses dedicate a pc exclusively for Internet banking which does not otherwise access the internet or email.
The risks for business are particularly acute as they do not enjoy the same banking protections as consumers. Depending on how a fradulent transfer was initiated and when it was detected, businesses may not be able to recover all of their losses and banks may not be obligated to make them whole.
Security managers must constantly update their electronic defenses and continually educate their users to stay one step ahead of the thieves and avoid becoming the next corporate victim of online bank fraud.
Reliant Security provides current security solutions for clients throughout the western United States. Sincerely, Matthew Cooper, CPP VP Reliant Security
Common Passwords Make Internet Accounts Vulnerable
The New York Times recently published an interesting article in the wake of the release of 32 million passwords that a hacker posted online after stealing them from software company RockYou. See the article here showing the 32 most common passwords: http://www.nytimes.com/2010/01/21/technology/21password.html
Some of the most common passwords found were, "12345, 123456, iloveyou, and the word "password." In the age of automated hacking tools that can "guess" thousands of passwords per minute, these common simple passwords leave you accounts at risk. Once your account has been compromised not only can hackers access your private data but they can use your ID for phishing campaigns against everyone in your contact list which can be very embarrassing and damaging to your reputation and that of your company.
Some best practices for passwords are:
1) Use multiple passwords
2) Don't use common identifiers like your initials and date of birth
3) Make your passwords longer
4) Use a mix of letters and numbers upper and lowercase
It is a hassle to remember multiple passwords but it is an even bigger hassle to explain to all your contacts that your email was hacked and that you didn't really intent to send them that email about how much money they can make from Google by posting links from home and taking online surveys.
Sincerely, Matthew Cooper, CPP VP Reliant Security
Outdoor Video Security: Success Factors
Sightlogix recently produced an interesting white paper on outdoor video security: http://www.sightlogix.com/pdfs/WP_Automated_Outdoor_Video_SightLogix.pdf
Although the white paper is primarily a marketing piece for Sightlogix, it highlights some common problems that security departments experience when managing outdoor video cameras, and proposes some interesting technological fixes.
Overall the paper presents some very good information for purchasers to consider when attempting to evaluate competing technologies on factors other than simply price.
The problems with outdoor video cameras:
1) False alarms - poorly deployed cameras and motion detection systems have a tendency to issue false alarms based on windy conditions, traffic vibrations and weather.
2) Camera malfunctions - cameras break and need repairs due to temperature fluctuations, humidity, dust & sand
3) Missed events - this can be due to poor placement, poor image quality, poor lighting, etc.
4) Lack of information - due to limited camera information, first responders may not be able to detect the cause of the initial alerts
5) High costs - repeated false alarms and constant maintenance are an inefficent use of security resources
The (sightlogix) solutions:
1) Eliminate False Alarms - Filters reduce the number of false alarms caused by weather conditions and moving foliage. Cameras self-adjust to changing light conditions and set rules for reporting based on object movement and speed.
2) Provide a clear picture to operators - Cameras provide a highly detailed view to allow operators to quickly and easily recognize object images.
3) Accurately report target locations - Cameras report GPS coordinates and display the intruders' location on a topology map.
4) Contain costs - superior environmental design allows for lower maintenance and a greater sensor range allows for the deployment of fewer cameras.
Reliant Security works with our systems integration partners to design, deploy and operate the most current and cost effective security solutions in the industry.
Sincerely, Matthew Cooper, CPP VP Reliant Security
Security Requires More than Security Guards
As details emerge from the failed airplane bombing on Christmas Day, a variety of security screening policies and procedures will be introduced or updated. President Obama is asking his national security team for answers as to how this happened and how we can prevent it from happening again.
One article written by Philip Elliot for Associated Press on the event aftermath can be seen here: http://www.philly.com/philly/news/homepage/80460127.html
While this near tragedy will likely result in some security improvements, especially regarding inter-agency intelligence sharing, the bottom line is that it will be virtually impossible to stop every terrorist attack every time if we are to maintain some semblance of the "free society" that we currently enjoy in the United States. The good news in this story is that yet again another heroic citizen intervened to help stop this disaster.
The intervention of the alert citizen highlights a key security concept that is often overlooked: real security requires security awareness and a proactive approach by every citizen.
This concept is called "domain awareness" in Maritime Security. Domain Awareness "is defined as the effective understanding of anything associated with the... domain that could impact the security, safety, economy, or environment." http://en.wikipedia.org/wiki/Maritime_Domain_Awareness Maritime Security protocols require some level of domain awareness training for all employees who work at waterfront facilities.
The threat of international terrorism requires an alert and engaged citizenry. The threat of theft and crime at a business requires alert and engaged employees. The latter can be achieved through security preparedness planning and on-going training.
Security Guards and police will provide the front line defense but there will never be enough of them to secure every area at every time. These first responders need to be altered to suspicious persons and behavior by citizens and employees who are aware of their surroundings and taking responsibility for their collective security.
Reliant Security provides professional security services and training to clients in the Western United States.
Sincerely, Matthew Cooper, CPP VP Reliant Security
Washington State Continues to Issue Licenses to Illegal Immigrants
The recent decision by the Department of Homeland Security to delay the compliance date for Real ID Act to May 2011 (http://www.govtech.com/gt/735010?topic=117688) has highlighted the fact that Washington State does not require proof of legal residency when issue driver's licenses. KNDO News reports that Washington is one of only four states that does not require proof of legal status.
See the report here: http://www.kndo.com/Global/story.asp?S=11720475
The Washington State policy underscores the need for security contractors and all employers in Washington State to conduct thorough background investigations on all potential employees to make sure that they are legally qualified to work in the US.
Reliant Security monitors the latest industry trends and changes in the legal environment in order to provide our customers with the information needed to adhere to current best practices.
Sincerely, Matthew Cooper, CPP VP Reliant Security
The Future of Access Control?
Daniel Gelinas writing for Security Systems News, announced the arrival of the SafeRise security solution to the US Market.
See the article here: http://www.securitysystemsnews.com/p=article&id=ss200912Oku0rm
SafeRise was created by Tel Aviv based FST21 (http://www.fst21.com) and is described in their literature as a comprehensive "intelligent" access control system that utilizes "2nd generation biometrics, video & voice analytics."
The SafeRise system does not use any keys, proximity cards or RFID but rather, "combines facial recognition, video analytics, speaker recognition (the system recognizes a speaker’s specific voiceprint), speech recognition (the system recognizes spoken commands), and license plate recognition to completely secure a building and allow access only to those pre-vetted to be there."
Unlike biometric fingerprint and retinal scanners, which can be perceived as inconvenient or intrusive by requiring users to touch or look into a reader, the SafeRise system purports to identify persons and vehicles as they approach the building entrance without requiring any specific interaction from the user. An authorized person can simply walk up and open a secured door without any conscious interaction with the access control system.
If the SafeRise system works reliably as advertised, it has the potential to make proximity card based access control systems seem relatively insecure and out of date in the very near future.
Reliant Security monitors current security trends and technologies in order to provide the latest and most relevant solutions to our customers.
Sincerely, Matthew Cooper, CPP VP Reliant Security
Survey Finds More Employees are Willing to Steal Company Information
Tim Wilson writing in DarkReading.com presented some alarming findings taken from recent surveys about financial industry employee attitudes towards security and proprietary company data.See the article here: http://www.darkreading.com/insiderthreat/security/management/showArticle.jhtml?articleID=221900815
Almost half of the respondents said that they would be willing to illegally take company information for personal use or use with another employer. A quarter of those surveyed said that, "the recession has made them feel less loyal toward their employers." Disgruntled and laid-off employees were perceived as representing the greatest risk to companies.
Although the survey was specifically focused on data security, one can safely assume that these employee attitudes towards theft are held more broadly among workers. Companies that utilize dedicated security personnel can train their guards to be aware not only of risks from outside the company, but also to watch for signs of internal theft as well. A combination of dedicated security officers as well as up-to-date electronic monitoring lets employees know that the company has a well-crafted, sophisticated approach to security. In addition, when companies provide security awareness training to all employees, those employees will help senior managers to be aware of potential risks and security weaknesses within their organizations.
Reliant Security provides a full range of security services as well as security training to companies throughout the Western United States.
Sincerely, Matthew Cooper, CPP VP Reliant Security
Stickups and Burglaries are on the Rise at Work
Some blame the poor economy and others point to the fact that traditional targets have hardened their security in a post 9/11 environment, but whatever the reasons burglaries in office buildings are on the rise according to the Wall Street Journal (WSJ) as reported by Sarah Needleman.
See the article here: http://online.wsj.com/article/SB10001424052748704431804574539754148537802.html
The Journal reports that robberies in 2008 are up over ten percent and that burglaries are up over three and a half percent over 2004 levels. Multiple anecdotes are related in the article. One public relations firm in Washington D.C. that was robbed three different times reported that, "All of these people had on ties and were wearing dress pants."
Several businesses that were targeted suffered from poor security practices such as leaving ground floor doors unlocked and poorly trained employees who failed to challenge unknown persons seen in the office. Some employees involved in these incidents suffered from sever emotional trauma and feelings of insecurity for weeks afterward.
If a people ever finds themselves the victims of a robbery or burglary they are advised to cooperate, avoid eye contact and maintain as much distance as possible from the perpetrator.
Reliant Security provides security guards to companies and banks often after they have been robbed or burglarized in order to prevent future occurrences and re-assure their employees that their workplace is safe. Reliant Security is able to provide security audits and training for employees on "domain security awareness" in order for companies to increase the security at their workplace.
Sincerely, Matt Cooper VP Reliant Security