Monday, December 23, 2013

Short Takes 12-22-13

Just some more things that I did not get a chance to address during the week.

Another Parked Train Derailment

While the actual accident came on the 13th early this week brought the announcement that BNSF railroad was offering a reward of $100 Thousand for information about the apparent vandals that released the breaks on a parked train car in Tulsa, OK. The released cars (not a whole train) rolled back onto a mainline track and into an on coming train.

No chemicals (other than 100-gal of diesel fuel) were spilled in this accident and there was no fire. If someone were, however, interested in making a nasty chemical mess, this looks like it might be a way to accomplish the task with the proper selection of either the parked cars or the passing train. The rail community needs to take a close look at this incident and come up with a better way of dealing with parked train security.

TSA Security Solicitations

TSA recently published two interesting solicitations for security proposals; one for ID authentication and one for monitoring high-risk rail car movements.

In the first the TSA is looking for the development of a “Credential Authentication Technology (CAT) system” that would allow them to verify a wide variety of identity cards. Once TSA vets such technology, it would only be smart to move it security checkpoints at other critical infrastructure locations that have a wide variety of visitors.

In the second TSA is looking for a more timely method of tracking rail security sensitive materials than the current reporting method directed by 49 CFR 1580.103. A technology solution is being looked for instead the current phone reporting method.

DHS Morale – A GAO Report

The GAO published a report this week on efforts to improve employee morale at DHS. It updates earlier reports from February and September 2012. They note that DHS has put some improvement programs into place, but as we’ve come to expect from these GAO reports, complains that DHS has not included methods to measure and track changes in morale brought about by these efforts.

Illegal Trade in Cyber Weapons

An interesting, but brief article over at NextGov.com about a provision in NDA passed this week that requires the government to “suppress the trade in cyber tools and infrastructure that are or can be used for criminal, terrorist, or military activities while preserving the ability of governments and the private sector to use such tools for legitimate purposes of self-defense”. An interesting point is made about who will determine if something is a cyber weapon or a legitimate cyber tool. Another point made is if we cannot control physical arms trade which is easier to physically detect and track, how are we going to be able to track software trade?

Cybersecurity Follows Safety Culture Model

An interesting article over at Automation.com compares the current ICS cybersecurity situation to the early efforts to legislate chemical safety. While the author tries to make the case that early legislation led to a much improved safety culture, the current chemical safety program problems being addressed by the President’s EO points to problems with trying to legislate safety/security without putting a strong enforcement effort in place to ensure compliance.

Wiper Malware

A brief article over at SecureList.com looks at the use of Wiper Malware, programs that wipe data off of systems. The author describes a number of variants currently in the wild. While their recent use has been focused at IT systems, the author closes with a scary statement:

“We estimate that Wiper attacks will continue and may become even more popular in the near future, as means of attacking critical infrastructure at precise times, to cause widespread damage.”

The use of such malware against control systems or even just segments of control systems could have devastating effects, particularly if employed against chemical process systems. Even if catastrophic releases were not bad enough, the re-startup of these complex systems would be very difficult.

Gasoline Tanker as a Weapon

An article over at NewsDay.com describes a recent Long Island accident where a gasoline tanker drove into a car resulting in a massive fuel leak and fire. A witness described the scene this way:

“There was quite a huge fireball and a river of burning gasoline running down the street."

As I have mentioned a number of times in this blog, a hijacked gasoline tanker placed in the proper place and equipped with an appropriate charge could be quite an effective weapon.

CSB Report on California Refinery Fire


The Chemical Safety Board released a draft ‘Regulatory Report’ [Download Link] as part of its ongoing investigation of the 2012 Cheveron refinery fire in Contra Costa, CA. The Board is recommending that California change the way it regulates chemical safety at refineries (and presumably other high-risk chemical facilities). They are suggesting a change to the European Safety Case Model instead of the current compliance model used by OSHA. The draft was released to solicit public comments on the suggestion. This report is particularly important because of the OSHA RFI concerning potential changes to the Process Safety Management (PSM) program.

No comments:

 
/* Use this with templates/template-twocol.html */