The security week that was: 04/10/09

Power grid security
Are the claims of an anonymous government official worth taking seriously?

There hasn’t been a great deal of validation on this story about hackers trying to take over controls of the nation’s power grid since the story primarily sourced a “former government official” and because the source was presented anonymously. The suggestion in the story was that this was state-sponsored hacking by enemies of the U.S. It’s not an unbelievable claim. State-sponsored hacking or at least state-affiliated hacking does take place; just consider this story from Wired magazine about Russian hackers attacking Estonia in 2007.

Despite the overall lack of information, it’s hard to discount the story altogether, especially having seen design weaknesses in power grid systems which have led to blackouts (consider the power grid failure of August 2003 that affected the Northeast U.S.). But when you consider commentary, like this essay in 2003 by security researcher Bruce Schneier, who said that the Blaster worm was likely to blame for the 2003 outage, the claims of this anonymous former government official start to seem a bit questionable. Consider also that you’ve had quite a few current, non-anonymous government officials and power companies (including Oncor, a power distribution firm serving North Texas) say this is the first they’ve heard of any organized cyber-attack on the power grid. Schneier, I think, takes a good perspective on this threat when he says that there really isn’t enough info yet to believe these threats either way.

Cargo theft numbers
LoJack SCI report gives insights on domestic cargo theft

Like most Americans, we know the name LoJack from the technology the company offers to aid in finding stolen vehicles. The company also has made in-roads into computer theft recoveries (via a tie-in with Absolute Software) and now the LoJack-branded SCI InTransit cargo security system. SCI recently issued a press release about a small study it did regarding supply chain security using members of the company’s Supply Chain-Information Sharing and Analysis Center. The research focused on domestic cargo shipping operations (think 18 wheelers) and combed through data to find some general trends that SIW thinks are useful for any security and supply chain manager.

The first of the findings were that trucks get broken into at the place you’re most likely to find trucks – at truck stops. The second most common locations were at parking lots and drop yards. What these locations seem to have in common is that they are privately run and difficult to secure due to designs that allow vehicles to come and go. Secondly, seven of the top 10 states for cargo theft incidents were in the southern United States, including Texas, Georgia, Tennessee, Florida, Arkansas, Alabama and North Carolina. LoJack SCI also has some more statistics that security managers should consider when reviewing their cargo security and asset protection operations – read their report here.

Finding the bad apples
New legislation could help ensure alarm techs aren’t criminals

Security installing dealers, take note – this legislation could help you weed out your bad employees. HR 1939, the Electronic Life Safety and Security System Federal Background Check Act of 2009, proposes to allow security and life safety installing firms access to the federal criminal database known as the National Crime Information Center for pre-employment background checks. Expect more buzz on this bill as the NBFAA heads to D.C. for its annual Day on Capitol Hill event.

In Other News…
Central station monitoring notes, plus lots of biometrics news

On the central station side of our business, we’ve learned that Mace Security is planning to acquire California-based monitoring company Central Station Security Services Inc. … We also heard from ioimage on how video analytics are being implemented into central stations and remote monitoring operations. … Brivo’s Steve Van Till writes in to explain how access control can be tied into parking management systems. … Sagem Securite has launched MorphoTrak in the biometrics world; it combines Sagem Morpho and Printrak. …. Also in the area of biometrics, Gemalto and Precise Biometrics have partnered for a smart-card-based match-on-card solution. … Speaking of match-on-card, Evermedia and Nations ID have partnered for a match-on-card biometrics solution. … And finally (I promise, this is the last biometrics story for this week), CoreStreet has teamed with MaxID for a mobile card and biometric reader that uses CoreStreet’s PIVMAN solution.