Subscribe to


Data on the loose

Thursday, May 21, 2009

Well, I'd hate to be the person charged with investigating this breach.

The National Archives lost a computer hard drive containing massive amounts of sensitive data from the Clinton administration, including Social Security numbers, addresses, and Secret Service and White House operating procedures, congressional officials said Tuesday. The drive is missing from the Archives facility in College Park, Md., a Washington suburb. The drive was lost between October 2008 and March 2009 and contained 1 terabyte of data — enough material to fill millions of books.

The aide, who was not authorized to be quoted by name, said the hard drive was left on a shelf and unused for an uncertain period of time. When the employee tried to resume work, the hard drive was missing.

Issa called for the Archives acting director, Adrienne Thomas, to appear before a committee panel Thursday to "explain how such an outrageous breach of security happened."

"This egregious breach raises significant questions regarding the effectiveness of the security protocols that are in place at the National Archives and Records Administration," he said.

Issa said the hard drive was moved from a "secure" storage area to a workspace while it was in use. The inspector general explained that at least 100 badge-holders had access to the area where the hard drive was left unsecured.

Wow. Nearly 1 TB of data lost somewhere in a six-month period and about 100 badge-holders had access to the 'unsecure' area where the hard drive was stored. I'm the first to admit that my office isn't the most clean but you can bet I'd notice if a hard drive was missing. A power cord, not so much.

I wonder if this is a case of lost and found?

Airport security gone wild

Tuesday, May 19, 2009

There has been increased criticism recently about the TSA's use of whole-body imaging machines that take, what critics call, a "naked" picture of air travelers. This isn't a new issue (I've blogged about it before) and there has been legislation introduced to try to ban it, but CNN reports in its cover article today that a national campaign has been launched demanding the U.S. Department of Homeland Security suspend use of the machines. The campaign is being led by a privacy advocate group called, Privacy Coalition, CNN reported.

Millimeter wave technology was first introduced at an airport in Phoenix, Ariz. in November 2007 and there are now 40 machines (at a cost $170,000 each) being tested and used in 19 airports, according to the article.

I guess I haven't been flying through the right airports, because I haven't had the 'pleasure' of trying out one of these machines. However, during Rhianna's tour of the Schiphol Airport in the Netherlands, she got a behind-the-scenes tour and saw for herself what the image actually looks like. Rhianna's no prude, but she admitted that it pretty much reveals everything (as in, you can definitely determine if someone is male or female), but the one thing you can't really see is the person's face. Personally, knowing that it's difficult to identify a person by their face makes me feel a little better about the technology, but I doubt that's enough evidence to make everyone feel better about baring it all in the name of security.

20 Under 40 nominations

Monday, May 18, 2009

Happy Monday to everyone. Today is the first day we are accepting nominations for this year's 20 Under 40. The deadline for submissions is June 5, 2009. Time is short so tell us now why your colleague or peer should be included in our second annual list of the top 20 up-and-coming security practitioners.

Nominations can be submitted here.

The revealing of a not-so secret move

Friday, May 15, 2009

Many insiders in the retail industry were buzzing about this news after last week's RILA conference and now here's the official release:

Retail Loss Prevention Expert Paul Jones Joins eBay Inc. as Global Director of Retail Partnerships

Washington, D.C. - eBay Inc. (NASDAQ:eBay) today announced that Paul Jones, former vice president of asset protection at the Retail Industry Leaders Association (RILA), has joined eBay as global director of retail partnerships. Jones will work with eBay's team of more than 2000 Trust and Safety professionals to bolster eBay's ongoing efforts to prevent the sale of stolen goods through vigilance and strategic partnerships with law enforcement and retailers.

"I look forward to working with eBay's outstanding team," said Jones, who will add his decade of experience managing loss prevention efforts for RILA, as well as such keystone retailers as Limited Brands and Sunglass Hut International to eBay's team of former law enforcement and retail professionals. "eBay has demonstrated real leadership with its robust work to confront challenges related to retail theft and the sale of stolen goods. It is clear to me that eBay is committed to working with both retailers and law enforcement to address this issue head on."

As Vice President of asset protection at RILA, Jones developed strategies for the associations' hundreds of member companies and worked closely with the Department of Homeland Security and Federal Bureau of Investigation to address emerging issues. Prior to his work with RILA, Jones managed loss prevention strategy at Limited Brands, recognized as one of the top five Loss Prevention Departments in the world, as well as Sunglass Hut International, where Jones was responsible for loss prevention efforts across the company's 3,400 stores. Jones is the current vice chairman of the Loss Prevention Foundation, president of the Loss Prevention Magazine Editorial Board and his successful efforts have been featured on ABC's Good Morning America, Fox News and in the Harvard Business Review.

Leaders from the retail industry who have worked with Jones also praised this addition to eBay's team. King Rogers, the former vice president of assets protection at Target Corporation, said, "The move of Paul Jones from RILA to eBay is the best news for both the retail industry and for eBay I have heard in the last eighteen months. I applaud eBay for its wisdom in taking this dramatic step forward. My respect for Paul has grown even greater for having the courage to tackle this challenge. And my counsel to the retail community is to now embrace this initiative, refrain from just being critical and work closely with Paul to ensure success for retailers and for eBay."
Tod Cohen, vice president and deputy general counsel for government relations of eBay Inc. said, "We are excited to welcome Paul to our team and know he will bolster eBay's existing efforts to combat the sale of stolen goods, including our special PROACT investigative unit dedicated to working directly with retail loss prevention personnel to investigate case referrals. His experience and deep roots in this field will further strengthen our anti-fraud capabilities while enhancing our valued relationships with retail and law enforcement partners."

Money matters

Wednesday, May 13, 2009

I tried to find a good blog post today that didn't have anything to do with budgets and billions of dollars, but once I get started on something I can't seem to get away from it.

I just received the transcript from Secretary Janet Napolitano's speech to the Senate Homeland Security and Governmental Affairs Committee presenting President Obama’s 2010 budget request for the Department of Homeland Security. This release is fairly overwhelming, but I thought I'd share a few security initiatives that caught my attention:

Explosives Detection Systems Procurement and Installation: An increase of $565.4 million to accelerate the Electronic Baggage Screening Program (EBSP) at the nation’s airports to ensure 100 percent of all checked baggage is screened with an in-line explosive detection capability system, or a suitable alternative. This funding will support facility modifications, recapitalization efforts, as well as procurement and deployment of electronic baggage screening technology systems.

Bomb Appraisal Officers: $9 million for an additional 109 Bomb Appraisal Officers (BAOs) to provide expertise in the recognition of and response to improvised explosive devices at airports to enhance aviation security. The request will provide BAO coverage at 50 percent more airports including all Category X, I, and II airports, and will provide a BAO in every hub-spoke airport system, and to airports that currently have only one BAO assigned.

Visible Intermodal Prevention and Response Teams: An increase of $50 million is requested to fund 15 Visible Intermodal Prevention and Response (VIPR) teams dedicated to guarding surface transportation. The VIPR teams contain multi-skilled resources, including Transportation Security Inspectors, canine teams, Transportation Security Officers, Bomb Detection Officers, and Federal Air Marshals.

Northern Border Technology: $20.0 million is requested to assist U.S. Customs and Border Protection (CBP) in providing improved situational awareness along the northern border through the design, deployment, and integration of surveillance, sensing platforms, detection technologies and tactical infrastructure. This technology will expand DHS capabilities, increase the effectiveness of our agents, and increase the ability to detect unlawful border activity successfully.

State and Local Fusion Centers: Full support and staffing by the end of FY 2011 are requested for the 70 identified State and Local Fusion Centers, facilities where information and intelligence is shared between federal, state, local and tribal authorities. Funding is dedicated to IT maintenance, support, and training.

Intermodal Security Coordination Office (ISCO)
: A $10 million increase is requested for the Intermodal Security Coordination Office within DHS Policy to support integrated planning between DHS and the Department of Transportation in the area of maritime transportation, as well as in other homeland security mission areas. The Intermodal Security Coordination Office will develop a strategic plan and metrics to guide development and modernization of intermodal freight infrastructure that links coastal and inland ports to highways and rail networks.

I realize there are a lot of unhappy associations out there who would like to see more money flowing into security, but what I gathered from this speech was the effort by DHS to put money into the coordination of various security entities. I included the section on fusion centers and the Intermodal Security Coordination Office because I think that demonstrates a real effort by Napolitano to bring these disparate organizations together and encourage communication on such a large scale, which I think we can largely agree on, is a crucial element to national security.

A new way of policing fake goods

Wednesday, May 13, 2009

I'm not a fan of Rick Ross or XXL Magazine (I can't imagine having that on my business card) but I am a fan of Louis Vuitton, so I had to click on the story. Apparently, Ross is a hip-hop artist who wore Louis Vuitton sunglasses on the cover of a recent issue of XXL. Well, LV wasn't too happy with the representation.

Dear Editor:

We were dismayed to see the cover of the May 2009 issue of XXL Magazine, which features a photo of Rick Ross wearing a pair of sunglasses prominently featuring counterfeit Louis Vuitton trademarks. Because the photo has generated considerable confusion among your readers and Louis Vuitton customers among others, we feel it is important to clarify several points.

The first is that the sunglasses Mr. Ross is wearing were not made by Louis Vuitton, and in fact, are counterfeit. Louis Vuitton did not grant permission to Mr. Ross or to whoever did make the sunglasses to use our trademarks. The second is that no affiliation, sponsorship or association exists between Rick Ross or XXL and Louis Vuitton. The third is that counterfeiting is illegal.

Thank you for giving us the opportunity to correct the confusion.
Michael D. Pantalony, Esq.
Louis Vuitton Malletier

Hey, it's one way to fight the counterfeiting problem.

Budget woes

Wednesday, May 13, 2009

More and more folks in the security industry continue to voice their disappointment with President Obama's 2010 budget. Following up from a previous blog, a story went out on our newswire today about port security not getting its full Congressional appropriations. As part of the SAFE Port Act of 2006, Congress approved $400 million for port security for five years (2007-2011), but in Obama's budget only $250 was allotted to port security. When I tried to argue that the $150 million from the economic stimulus package would bring the total up to $400 million, Aaron Ellis, the spokesperson for AAPA, held fast that the stimulus money was intended for job creation and therefore restricted port security directors in how they could spend the money to improve security.

And, ports aren't the only ones facing cuts in fiscal appropriations. I just received a press release from the Security Industry Association.

“President Obama is looking for cuts in all the wrong places,” SIA Director of Government Relations Don Erickson said. “We understand and support efforts to be fiscally responsible, but taking money away from programs that protect children in the classroom and the millions of Americans traveling on our mass transit systems or conducting business at our nations’ ports is not in any way responsible. It is a misguided step in the wrong direction.”

SIA also noted that the Transit Security Grant Program is facing similar reductions and was also only allotted $250 million, down from $388.6 from the current budget. Transit was authorized for $900 million by Congress for fiscal 2010, so they're facing much larger reductions. The cuts to transit particularly surprised me, considering the Secretary for Homeland Security, Janet Napolitano, pledged to invest in mass transit security.

SIA also stated that while Obama's budget would keep funding for the Secure Our Schools program at the current level of $16 million, that is still less than the $50 million authorized in the School Safety Enhancements Act passed in September by the House of Representatives.

It's quite the dilemma. While no one wants to see reductions in security initiatives, we're also facing such an economic crisis that my guess is no one's going to get the money they want or need. What do you think?

Lost and found

Tuesday, May 12, 2009

I don't know how many of you have seen Steve Hunt's video where he goes "dumpster diving" but this story has a similar slant. It's all about the potential loss of some coveted trade secrets.

At a St. Louis hotel, which was evidently a temporary home to actors working on the upcoming George Clooney movie, "Up in the Air", a local beauty shop owner accidentally happened upon one of the hottest Hollywood scripts — the pages from an upcoming "Twilight" sequel — in a trash bin at the hotel.

Casey Ray found two scripts, one for the vampire sequel "New Moon" and one for a different movie titled "Memoirs." She decided to return them to the studio making the films. In return, she was invited to attend the movies' premieres, her lawyer said.

Ray recently was waiting for her fiance to finish work when she spotted two scripts in a trash container. She was outside the hotel ... It's not clear how the scripts wound up in the bin.

OK, I don't know about you but I rarely spot anything that is in the trash — why was she looking in the trash or is that a random habit? Why wasn't she looking for what most women would be dying to see at that hotel — Clooney?

Anyway, how did the scripts end up in the trash and possibly reveal industry trade secrets to the world?

The Clooney movie includes actress Anna Kendrick, who is also in the "Twilight" vampire movie. A spokeswoman for Kendrick, Lisa Perkins, said the actress wouldn't have left scripts lying around.

It doesn't sound like she left them lying around. It sounds like she threw them away. Maybe the scripts were boring, not very good, maybe she couldn't handle reading her dialog one more time??

I actually didn't see the first movie, which grossed $350 million worldwide, but I bet those scripts are pretty important to some company. Possibly Summit Entertainment, the studio making the movies?

Catching up

Saturday, May 9, 2009

So after a long delay at Newark Airport last night, I finally arrived back in Portland. While Maine might not have the year-round sunshine like California, we certainly have a lot less traffic and natural disasters, which is a pretty fair trade off, in my opinion.

But, now it's back to work and as I sift through my 200 unopened emails, I've come across several interesting security-related stories that I thought I should share in an effort to get this blog back on track. (Sorry to those of you looking for my typical Friday fun blog, I've been having a little too much fun, lately).

An article yesterday in the Dallas News reports that President Obama has requested $2 billion more in funding for border security and law-enforcement on the Mexican border. The paper reports this will be an 8 percent increase for border and transportation security funding over this year and that a significant amount of the money will dedicated to technology and manpower to deal with illegal weapons and immigration.

There were several associations in the security industry who weren't too happy with Obama's 2010 budget.

The American Association of Port Authorities, for example, released a statement that it is disappointed, saying the administration has underfunded DHS's Port Security Grant Program.

The Administration's request calls for a 6.5 percent overall increase in DHS's budget for fiscal 2010, but recommends a significant decrease for port facility security funding over what Congress appropriated last year. In its proposed budget, the Obama Administration recommends the Port Security Grant Program-the only federal program that assists public ports to fund marine facility security improvements-receive $250 million in Congressional appropriations. While this is $40 million more than the fiscal 2009 budget request, Congress authorized $400 million for the program in the 2006 SAFE Port Act and approved a $400 million appropriation for port security grants in fiscal 2009.

Airports Council International, North America also released a statement expressing disappointment that funding for the Airport Improvement Program (AIP) was not increased, given the need for critical airport infrastructure for safe and efficient air transportation. However, they did acknowledge a $100 million increase in the Department of Homeland Security (DHS) budget for the procurement and installation of inline explosive detection systems, which it says is important for more efficient and effective screening of passenger checked baggage.

Surprise, surprise

Thursday, May 7, 2009

A article by the Associated Press reports that the FBI has been slow to update the national terror suspect list. The news service says this potentially compromises national security. You think?

This information comes from a report by the Justice Department's Inspector General, Glenn Fine, who found "that 12 terror suspects who were either not watchlisted or were slow to be added to the list may have traveled into or out of the United States during the period when they were not placed on the list."

Auditors also found significant delays in taking people off the list once they were no longer considered suspects. (How long does it take to delete someone from this list anyhow? I'd love to hear about the process although considering how tough it is to make things happen in any organization, I guess I can understand.)

Overall, auditors found the entire process was still too slow.
"We found that the FBI failed to nominate many subjects in the terrorism investigations that we sampled, did not nominate many others in a timely fashion, and did not update or remove watchlist records as required," the report found.

The FBI says it has improved its processes and taken the recommendations to ensure a more efficient, streamlined process. But how much do you want to bet that the Inspector General will be delivering a similar write-up in the next six months?

Currently, the watchlist, which is used to screen people entering the United States, contains more than 1.1 million names.