Webinar: Pre-Disaster Recovery Planning. December 12, 2012 12Noon

Pre-Disaster Recovery Planning

Avoiding the Rush to Normalcy

December 12, 2012 -- 12:00 Noon Eastern
For our last program of 2012, EMForum.org is pleased to host a one hour presentation and interactive discussion Wednesday, December 12, 2012, beginning at 12:00 Noon Eastern time (please convert to your local time). Our topic will be the importance of developing a recovery and reconstruction plan well before a catastrophic disaster strikes, to incorporate efforts to mitigate against future hazard events and other improvements, and to resist community pressures to "return to normal" that frequently overwhelm a more planned approach. Our guest will be Carolyn J. Harshman, MPA, CEM®, President of Emergency Planning Consultants, and subject matter expert in the fields of hazard mitigation, risk assessment, and recovery planning.

Please make plans to join us, and see the Background Page for links to related resources and participant Instructions. On the day of the program, use the Webinar Login link not more than 30 minutes before the scheduled time. Please note: a password is no longer required for login.

As always, please feel free to extend this invitation to your colleagues. 

In partnership with Jacksonville State University, EIIP offers CEUs for attending EMForum.org Webinars.  See http://www.emforum.org/CEUs.htm for details.

Is your organization interested in becoming an EIIP Partner? Click here to review our Mission, Vision, and Guiding Principles and access the Memorandum of Partnership.

http://www.latimes.com/news/nation/nationnow/la-na-nn-congress-promotion-buffalo-soldier-20121205,0,4249164.story

Congress considers Buffalo Soldier for posthumous promotion

Sgt. Paschal Conley (Family photo)

By Richard Simon

December 5, 2012, 1:48 p.m.

WASHINGTON -- One-hundred-and-thirteen years after John J. Pershing recommended him for promotion, Sgt. Paschal Conley, a Buffalo Soldier, would posthumously be elevated to second lieutenant under a Senate-approved defense bill.

Sen. Jeff Sessions (R-Ala.) sought the few lines in the massive bill at the behest of Conley's descendants.

Conley was a member of the group of African American Army regiments, serving from 1879 until 1906 and fighting in the Spanish-American War, according to the Alabama Department of Veterans Affairs, which sought Sessions' help after the department's commissioner, W. Clyde Marsh, was contacted by the Conley family.

Then-1st Lt. Pershing, in an 1899 letter provided by Sessions' office, recommended Conley for promotion, calling it "a fitting recognition of long and honorable service."

But the recommendation was never acted on. 

Sessions asked the Army about "righting this wrong" and posthumously upgrading Conley's rank, according to a spokesman for the senator. He was advised that legislation was required.

Marsh said of Conley, "As a pioneer in the legendary Buffalo Soldiers 10th Cavalry, he was a unique role model and a sage leader. In fact, it appears he was ahead of his time as he came up through the ranks, apparently excelling, ultimately earning a field recommendation for promotion from noncommissioned officer to commissioned officer when there were no established routes for men of his race and ethnicity at that point in time."

And of Pershing, Marsh added, "If he recommended Sgt. Conley for a promotion, I am confident that it was well earned and warranted. It would appear that the proper paperwork was submitted but did not get through the system and processed. It is also apparent to me that we, the United States and our U.S. Army, have the ability to correct this mistake, which would be the right thing to do."

Congress has acted before to posthumously recognize long-deceased veterans. A provision of last year's defense authorization directs the Defense Department to determine whether Jewish recipients of the Distinguished Service Cross, Navy Cross or other military decorations for service during World War I should posthumously receive the Medal of Honor. It was added to the bill at the urging of an octogenarian daughter of a Jewish World War I veteran.

Prospects for this year's defense bill are uncertain. The measure passed the Senate, 98-0, but must be reconciled with a House version with time running out in the congressional session. The Senate version also has drawn a presidential veto threat because of a number of its provisions.  

NOBLE 2013 William R. Bracey CEO Symposium. Baltimore, MD February 21, 2013

NOBLE 2013 William R. Bracey CEO Symposium When Thursday February 21, 2013 at 9:00 AM EST -to- Saturday February 23, 2013 at 1:00 PM EST Add to Calendar Where Sheraton Inner Harbor Hotel 300 South Charles Street Baltimore, MD 21201 Driving Directions Dear Charles, Join us for the 2013 William R. Bracey Winter CEO Symposium with the theme, "What Happens When the Power goes Out: Post Hurricane Sandy." Join with federal, state and local officials to learn best practices as they relate to preparing your officers and their families for the impact of disasters. Hear from retired New Orleans Chief Warren Riley who was assistant chief during Hurricane Katrina and is now with FEMA. Discuss methods of engaging the community so they can be prepared to support themselves until help arrives, which in some cases may be days after the incident.  Don't miss this important symposium and your opportunity to contribute towards the resulting white paper.      Click on the link below to register or RSVP. Get more information Register Now! I can't make it SPONSORSHIP OPPORTUNITIES AVAILABLE! Please contact Valerie Shuford vshuford@noblenatl.org at the National Office 703-658-1529. Thank you for your support of NOBLE and we look forward to seeing you at the symposium. Sincerely, Joseph Akers Interim Executive Director National Organization of Black Law Enforcement Executives (NOBLE) 703-658-1529 Chapter Presidents will be emailed details for the Winter Chapter Presidents Meeting that is scheduled for Thursday, February 21st.  Chief William R. Bracey.

HSTODAY.COM: Authorities Seek More Integration Across Federal Screening and Credentialing Efforts

 

     

 

Authorities Seek More Integration Across Federal Screening and Credentialing Efforts

By: Mickey McCarter                 12/03/2012 ( 8:00am)

Federal agencies could do more to integrate screening and credentialing efforts throughout government to ease the process of vetting multiple individuals multiple times -- whether for the benefits of security clearances, restricted access, or trusted traveling, experts agreed during a panel Thursday.

"This is an area where no one really cares until you screw up or until you make people wait too long," commented Monte Hawkins, at deputy group chief at the National Counterterrorism Center (NCTC).

A few of the challenges facing enterprise screening and credentialing systems throughout the government include too many redundancies and multiple screenings of the same traveler or applicant, said Hawkins, speaking at a forum sponsored by the Center for Strategic and International Studies in Washington, DC.

The intelligence community (IC) also must improve the collection of information to build up more biographic details, he said. Agencies could accomplish this perhaps through collection of more detailed information on applicants also thereby easing recurring vetting for periodic renewal of the benefits for trusted travelers or cleared personnel.

Hawkins also called for more automation in processing information.

"We have processes that have been in place now for a while that have been very manual" and thus very time consuming, Hawkins said. "You have to rely on automation to do this triage for you."

Hawkins recommended a reexamination of the overall screening architecture across agencies, calling for a structure similar to the National Targeting Center at the Department of Homeland Security (DHS) except at a higher, national level.

IC communications also remain very pocketed and segmented despite dramatic improvement over the last 10 years, Hawkins observed. Opening those communications up a bit more between agencies would allow authorities to "connect the dots" faster. And more interconnected communications would make it easier for agencies that engage in a lower priority screening, such as for benefits eligibility, to make faster and easier determinations.

Still, screening and credentialing has evolved to a point where authorities quickly and systematically can make use of information from intelligence and law enforcement databases, said Victoria Newhouse, deputy assistant administrator for risk-based security at the Transportation Security Administration (TSA).

For example, TSA fully implemented Secure Flight in late 2010 to do just that, Newhouse said. TSA matches traveler information against intelligence and law enforcement databases to quickly determine if a traveler poses a danger to aviation security.

Still, TSA would like to improve the speed with which it can verify the identities of passengers presenting identification cards or even those who lose their identification while on vacation, Newhouse commented.

TSA PreCheck represents the direction TSA is embracing with regard to applying different applications of screening to travelers, depending upon the perceived level or risk represented by individual air passengers, she continued. PreCheck does not involve less screening but rather more screening is done upfront, of biographical data for example, to determine if individuals should receive more or less scrutiny at airport checkpoints.

Boosting information collection and cooperation among agencies will be key drivers to successfully implementing risk-based security measures, Newhouse said. DHS agencies require more integration with partners outside the department and more harmonization within the department.

Kelli Ann Walther, senior director of the DHS Screening Coordination Office, said the department maintains a flexible screening and credentialing framework to accommodate 40 individual programs within the DHS screening portfolio.

Some screening programs require a robust background check while some are lighter, Walther noted, and appropriately so depending on the benefits derived from the screening outcome.

"That demonstrates that there isn't one solution for all screening and credentialing programs but really there are not 100 solutions either -- that's not the solution," Walther remarked.

By applying standards across newer agencies like TSA and older agencies like the US Coast Guard, DHS seeks to harmonize different approaches and multiple credentialing efforts to reduce redundant vetting, Walther said.

The department sets objectives to set up credentials for multiple purposes instead of a single use, to standardize vetting procedures, and to share vetting results across programs, Walther said. Applicants also must have appropriate opportunities to seek redress.

IDENT, the DHS biometric storage and matching service, represents a good example of common applications across multiple credentialing programs, Walther said. TSA, Coast Guard, US Customs and Border Protection (CBP) and others can turn to the same enterprise service to verify biometrics like fingerprints from one uniform source.

In the future, DHS will look for more efficiencies and more opportunities to leverage such enterprise services, Walther said.

http://www.hstoday.us/industry-news/general/single-article/authorities-seek-more-integration-across-federal-screening-and-credentialing-efforts/176433bf25ae81c79bdf2c85ed451a82.html

HSToday.US: Plagues of Federal Cybersecurity

 

     

 

The Basics Still Plague Federal Cybersecurity

By: Dan Verton    12/05/2012 ( 7:30am)  

The federal government faces a cybersecurity threat that is more capable and relentless than at any time in recent history. And yet, agencies responsible for operating high-security networks and data centers continue to struggle with passwords, physical security, access control and a host of other relatively basic security precautions.

Greg Wilshusen, director of Information Security Issues at the Government Accountability Office (GAO), the investigative arm of Congress, told a gathering of federal and industry security officials on Dec. 3 that the number of security incidents reported to the US Computer Emergency Readiness Team (US-CERT) is on course to surpass 48,000 in 2012 – a 782 percent increase since 2006.

And that could spell real trouble this year for federal network security, especially because of the basic security weaknesses identified by GAO during multiple agency audits last year. For example, Wilshusen, who spoke at the Government Technology Research Alliance (GTRA) forum on government security, said every one of the top 24 federal agencies had weaknesses in basic access controls.

“This is the area where we find most of the computer system vulnerabilities,” said Wilshusen. “These are controls that relate to protecting an organization’s boundaries, [and] also include those procedures that agencies have to identify and authenticate the identity of their users and the devices that connect to their systems, use of encryption and physical security to control physical access to the data facilities and information resources.”

In addition, GAO last year regularly uncovered significant problems with other basic security precautions, such as passwords, physical security control and outdated user accounts that had not been deleted.

Passwords used by agency employees were often found to be “relatively easy to crack,” Wilshusen stressed. And, surprisingly, those employees found to have the least secure passwords were often the system administrators, he added. More troubling, however, was the large number of old user accounts and default accounts that remained accessible.

“Agencies also often do not change or delete vendor supplied passwords and IDs,” Wilshusen said, referring to the default accounts that often ship with new computers and operating systems. Likewise, GAO investigators often found “hundreds and sometimes thousands” of instances where training accounts or accounts belonging to former employees had not been deleted.

But even the users who had legitimate access to systems often had too much access, said Wilshusen. Referring to the so-called “principle of least privilege,” where users are given only the access they require to do their jobs effectively, Wilshusen said GAO investigators “often find instances, particularly in databases, where users are given access to all of the data to either write, read or update the data when generally they don’t need that level of access.”

Other weaknesses in basic security procedures that GAO encountered regularly last year include:

• Insufficient access controls for firewalls, switches, and routers;
• Agencies are slow to deploy the infrastructure to support logical access control devices, such as Common Access Cards and the Personal Identity Verification (PIV) card;
• Monitoring system configurations and the assets on the network still is not being done on a regular basis; and
• Inadequate physical security at highly-secure data centers (e.g. doors propped open with chairs so employees can take smoke breaks, and guards who did not check credentials properly).

But Ron Ross, a senior computer scientist and fellow at the National Institute of Standards and Technology (NIST), pointed to other basic precautions and policies that have been stymied by a combination of cultural impediments and the vast, complex federal IT architecture.

“There’s a new saying that the offense should be informing the defense,” said Ross. “But yet we find out that a lot of our CISOs and CIOs don’t even have [top secret compartmented] security clearances. So, how can you be informed of what the threat can do if you can’t even get the information that allows you to understand what that threat looks like? It’s a very serious problem.”

In January, NIST will release revision 4 of its Special Publication 800-53, Recommended Security Controls for Federal Information Systems and Organizations. “And there’s going to be a lot of gnashing of teeth when you see the number of controls and enhancements being added,” said Ross. The new version adds about 250 new controls, moving the total number from 600 to 850.

One such new control that will be added is firmware integrity. “The adversary is down at the firmware level now and probably even the hardware in some cases,” warned Ross. “Firmware integrity is critical. The adversary has demonstrated the capability to get into that firmware.”

But while hackers have demonstrated the ability to attack federal networks in more complex and sophisticated ways, federal security professionals have been unable to keep up with the challenges posed by complexity, said Ross. Because of the complexity of federal network architectures, “we ask our CISOs and CIOs to defend systems that are largely indefensible,” he explained.

Complexity, he said, “is ground zero of our problems today.”

http://www.hstoday.us/single-article/the-basics-still-plague-federal-cybersecurity/2f17908245131f5a8ebcdd761e94c111.html