NDM Article - Security Beat

Sponsors

ARTICLE

February 2003

Security Beat

by Elizabeth Book

Navy School Offers Homeland Defense Degree
The Naval Postgraduate School (NPS) in Monterey, Calif., will offer a master’s degree in homeland security. Lt. Cmdr. Joe Navratil, an NPS spokesman, said the courses will be primarily taught through distance learning, via electronic classroom.

So far this year, 14 students from various federal, state and local government agencies related to Homeland Security have started the program.

Tom Ridge, the nominee to head the U.S. Department of Homeland Security, was invited as the keynote speaker at a kick-off ceremony in Monterey.

Clarke: Attack on the Internet ‘Worrisome’
Despite efforts by the Defense Advanced Research Projects Agency to develop information security technologies, vulnerabilities remain, said Richard Clarke, special advisor to the president for cyberspace security and chairman of the president’s Critical Infrastructure Protection Board.

“Denial-of-service attacks are up,” said Clarke during a roundtable with defense reporters.

Clarke cited a November denial-of-service attack designed to bring down the Internet. “This was the first time we saw a really major attack on the Internet itself, which frankly is more worrisome than an attack on an individual enterprise. It means that hackers are beginning to think about taking down the system rather than taking down a part of it,” he said.

Clarke said it was unclear why the hacker stopped before he or she brought down the Internet. “You can guess that it was reconnaissance. You can guess that they were trying to determine the volume of attack needed for knocking off particular nodes on the Internet. … One guess is as good as another. It is very, very easy to hide your tracks in cyberspace,” Clarke said.

Funding Up for Cyber Security Research
Before the winter recess, Congress passed the Cyber Security Research Act of 2002, which authorizes $900 million for cyber security research at universities.

The funds are an addition to existing Defense Department and National Security Agency programs, said Richard Clarke, special advisor to the president for cyberspace security.

Clarke said that the funding for cyberspace security research has been on the rise. “In Fiscal Year 2002, the entire federal government spent $2.7 billion securing its networks. In Fiscal Year 2003, it will be 64 percent higher than that,” he said. The president’s request, which looks likely to be granted, is for $4.5 billion.

Homeland Security Money Flows in ‘Rivulets’
Government contractors hoping to do business with the new Department of Homeland Security should “hold onto your hat,” advised John H. Horne, co-chair of a new homeland security practice group at the law firm of Powell, Goldstein, Frazer & Murphy.

As the new agency takes shape, the acquisition process should become clearer to potential contractors, Horne said.

While money will be made in the homeland security field, it won’t come easily, warned Bruce Shirk, the group’s co-chair. “Money is going to start flowing, but it’s going to come out in little rivulets,” he said.

“This is just another government procurement opportunity, and just like any other government procurement, those who are alert will get the business,” said Shirk. He recommended that contractors keep an eye not only on actions planned by the federal government, but “those contemplated by state and local governments as well.”

Many businesses are not developing new products or services, but recasting existing ones to meet homeland security needs, said David Hammond, a partner at the firm. As an example, he cited an off-the-shelf software program designed originally to keep track of inventory and now is being sold as a security information system to track military assets. One hospital, for instance, is getting funding for a long-planned expansion of its emergency room by billing itself as a “first responder” in cases of terrorist attacks.

Quest: 45,000 Federal Passenger Screeners
As the Transportation Security Administration prepares to become part of the new Department of Homeland Security, it is congratulating itself for successfully completing the largest peacetime mobilization in the nation’s history.

Congress created TSA in the aftermath of 9/11 and ordered it to establish, train and deploy a federal security force in all of the nation’s 429 commercial airports by Nov. 19, 2002. In March, TSA awarded a $103.4 million contract to NCS Pearson, a Minnesota-based education, testing and data-management firm, to help the agency meet that deadline. It was a “Herculean task,” said Mac Curtis, president of NCS Pearson’s Government Solutions subsidiary, of Arlington, Va.

During the intervening months, he said, NCS Pearson responded to more than 5.9 million job inquiries over the Internet, processing more than 1.4 million job applications. It held more than 89 job fairs in 56 cities. The firm assessed more than 430,000 prospective applicants in more than 150 assessment centers located all over the United States and its territories. More than 125,000 were found to be qualified, and of those, 45,000 were hired as federal passenger screeners.

Ports, Roads, Rails Pose ‘Daunting’ Challenges
The United States needs to improve security for other modes of transportation besides aviation, warned Richard Bennis, the Transportation Department’s associate undersecretary for maritime and land security.

While much has been done to make airline travel safer since 9/11, the challenges in protecting U.S. seaports, shorelines and land transportation “are daunting,” the retired Coast Guard admiral told a congressional hearing. He noted that the United States has:

3.9 million miles of public roads.
120,000 miles of major rail lines.
2.2 million miles of pipelines, carrying gasoline, natural gas and crude oil.
25,000 miles of commercial, navigable waterways.
Public transportation systems—including buses, subways, light rails, commuter rails and ferries—that make more than 9 billion commuter trips per year.
350 ports visited at which 7,500 foreign-flagged vessels make 51,000 visits each year, importing more than six containers.

The containers—and the shipping industry overall—“are major facets of the U.S. economy, and disruption of that supply chain would be devastating,” he said.

As part of its 2002 supplemental appropriations, Bennis explained, Congress boosted spending for port security by $125 million. This money would go as grants to ports for security assessments, enhancements and training.

The Transportation Security Administration, which Bennis helps oversee, also is considering establishment of a cargo-locking policy for the trucking industry. If implemented, he said, “this will help prevent terrorists from hijacking trucks or cargo.” Also, he noted, it will help reduce ordinary cargo theft.

Defense Department Will Inoculate Against Smallpox
The Department of Defense said it plans to prepare against smallpox attacks aimed at U.S. service members.

“Like civilian communities, the Defense Department will ensure preparedness by immunizing personnel based on their occupational responsibilities,” said a Pentagon statement. Smallpox response teams and hospital and clinic workers will be among the first to be inoculated.

The Defense Department will proceed to vaccinate other designated personnel. Like other vaccinations ordered for service members by the Defense Department, “this will be mandated for designated personnel unless they are medically exempted,” the release said.

Routine vaccination in the United States against smallpox ended in 1972. In 1980, the World Health Organization declared the global eradication of smallpox as a naturally occurring disease and recommended that all countries cease vaccination. Military smallpox vaccination programs continued longer. In 1984, routine military vaccinations were limited to recruits entering basic training, but the practice was discontinued in 1990.

Medical Journal Endorses Smallpox Vaccines
The New England Journal of Medicine has issued a report on the need for smallpox vaccinations. “The possibility of biological warfare has entered the national psyche,” wrote Terry Schraeder and Edward Campion, both medical doctors.

The report says that since no statistical model can predict the thoughts of a terrorist, decisions must be made to administer the smallpox vaccine not just to health care professionals, but also to patients.

“The complications of the smallpox vaccine will be both real and random. Fortunately, they will also be rare. Even for those of us who decades ago received vaccinia, there is now more concern about decisions to use this vaccine, with greater awareness of the risks, and less trust in recommendations about vaccines in general,” they said. “We must give informed guidance to our patients, peers and policymakers. And if necessary, we must also roll up our sleeves and get vaccinated.”

Company Introduces ‘Hack-Free’ Server
A computer scientist claims to have developed an “invulnerable” Internet server. Eric Uner, co-founder of Barrington, Ill.-based Bodacion Technolgies, applies chaos theory principles to software engineering.

His work with biomorphic mathematics—formulas that mimic the unpredictable growth of living things—served as the foundation for the “impenetrable” security features of Hydra, Bodacion’s new Internet server.

Before co-founding Bodacion Technologies’ parent company, Virtual Media, in 1995, Uner worked on embedded systems design and digital communications infrastructure for Motorola Corp.

According to a company release, Hydra was created in response to an increasing number of security problems on the Internet. “A quick search of www.cert.org, a federally-funded site that serves as the major reporting center for Internet security issues, revealed nearly 300 known vulnerabilities in the current version of Windows,” the release said.

“The actual solution … is to remove the operating system that is causing the problems to begin with. … An embedded system can be small and simple while still maintaining—and even extending—the features, capacity and performance of an enterprise-scale computer,” the release said.