Just some more things that I did not get a chance to address
during the week.
Another Parked Train
Derailment
While the actual
accident came on the 13th early this week brought the
announcement that BNSF railroad was offering a reward of $100 Thousand for
information about the apparent vandals that released the breaks on a parked
train car in Tulsa, OK. The released cars (not a whole train) rolled back onto
a mainline track and into an on coming train.
No chemicals (other than 100-gal of diesel fuel) were
spilled in this accident and there was no fire. If someone were, however,
interested in making a nasty chemical mess, this looks like it might be a way
to accomplish the task with the proper selection of either the parked cars or
the passing train. The rail community needs to take a close look at this
incident and come up with a better way of dealing with parked train security.
TSA Security
Solicitations
TSA recently published two interesting solicitations for
security proposals; one for ID authentication and one for monitoring high-risk
rail car movements.
In the first the TSA
is looking for the development of a “Credential Authentication Technology
(CAT) system” that would allow them to verify a wide variety of identity cards.
Once TSA vets such technology, it would only be smart to move it security
checkpoints at other critical infrastructure locations that have a wide variety
of visitors.
In the second TSA
is looking for a more timely method of tracking rail security sensitive
materials than the current reporting method directed by 49
CFR 1580.103. A technology solution is being looked for instead the current
phone reporting method.
DHS Morale – A GAO
Report
The GAO published
a report this week on efforts to improve employee morale at DHS. It updates
earlier reports from February and September 2012. They note that DHS has put
some improvement programs into place, but as we’ve come to expect from these
GAO reports, complains that DHS has not included methods to measure and track
changes in morale brought about by these efforts.
Illegal Trade in
Cyber Weapons
An interesting,
but brief article over at NextGov.com about a provision in NDA passed this
week that requires the government to “suppress the trade in cyber
tools and infrastructure that are or can be used for criminal, terrorist,
or military activities while preserving the ability of governments and the
private sector to use such tools for legitimate purposes of self-defense”.
An interesting point is made about who will determine if something is a cyber
weapon or a legitimate cyber tool. Another point made is if we cannot control
physical arms trade which is easier to physically detect and track, how are we
going to be able to track software trade?
Cybersecurity Follows
Safety Culture Model
An interesting
article over at Automation.com compares the current ICS cybersecurity
situation to the early efforts to legislate chemical safety. While the author
tries to make the case that early legislation led to a much improved safety
culture, the current chemical safety program problems being addressed by the
President’s EO points to problems with trying to legislate safety/security
without putting a strong enforcement effort in place to ensure compliance.
Wiper Malware
A brief article
over at SecureList.com looks at the use of Wiper Malware, programs that wipe
data off of systems. The author describes a number of variants currently in the
wild. While their recent use has been focused at IT systems, the author closes
with a scary statement:
“We estimate that Wiper attacks
will continue and may become even more popular in the near future, as means of
attacking critical infrastructure at precise times, to cause widespread damage.”
The use of such malware against control systems or even just
segments of control systems could have devastating effects, particularly if
employed against chemical process systems. Even if catastrophic releases were
not bad enough, the re-startup of these complex systems would be very
difficult.
Gasoline Tanker as a
Weapon
An
article over at NewsDay.com describes a recent Long Island accident where a
gasoline tanker drove into a car resulting in a massive fuel leak and fire. A
witness described the scene this way:
“There was quite a huge fireball
and a river of burning gasoline running down the street."
As I have mentioned a number of times in this blog, a
hijacked gasoline tanker placed in the proper place and equipped with an
appropriate charge could be quite an effective weapon.
CSB Report on
California Refinery Fire
The Chemical Safety Board released a draft ‘Regulatory Report’
[Download Link] as part of its ongoing investigation of the 2012 Cheveron
refinery fire in Contra Costa, CA. The Board is recommending that California
change the way it regulates chemical safety at refineries (and presumably other
high-risk chemical facilities). They are suggesting a change to the European
Safety Case Model instead of the current compliance model used by OSHA. The
draft was released to solicit public comments on the suggestion. This report is
particularly important because of the OSHA
RFI concerning potential changes to the Process Safety Management (PSM)
program.
Posts
No comments:
Post a Comment