Get Where+When delivered to your inbox every Monday and Thursday.

Unattended suitcase was harmless, not connected to the Boston bombings, spokesperson says. By Shane Harris

An unattended suitcase was found in a bathroom at Howard University Hospital Friday morning, prompting hospital officials to call DC police, according to a hospital spokesperson. No one was permitted to enter the hospital while authorities examined the suitcase, which was found to be harmless. No patients were evacuated. 

News of a lockdown or possible evacuation at Howard spread through social media on a day when an unprecedented manhunt in Boston has Washington residents on heightened alert. The Howard spokesman, Ron Harris, said there was no connection between the suspicious package found in the hospital and the events unfolding in Boston. 

The unattended suitcase was spotted around 10 AM Friday morning by the head of hospital security, Harris said. The all-clear was given at 12:55 PM. 

Posted at 03:53 PM/ET, 04/19/2013 | Permalink | Comments ()

I moderated a panel last week at Georgetown Law School on "Ethical and Legal Implications of Autonomous Weapons." The conversation was mostly about drones, and whether the military would ever deploy robotic airplanes that would track, identify, and fire on people without any control or orders from a human being  (I've said that I think this is going to happen; military officers, current and former, strongly disagree with me on that point.) 

But the talk wasn't all about lethal flying drones. Missy Cummings of MIT, a former Naval aviator who is one of the most thoughtful experts on robotic technology I've ever talked to, wondered whether automated "snipers" might be deployed in cities where suicide bombers threatened the population. This led to a fascinating and provocative exchange with the other panelists, Tom Malinowski of Human Rights Watch, and Ben Wittes of Brookings, who runs Lawfare. 

The discussion begins around 59:00 minutes on this recording. (Video quality isn't great, but audio is fine.)  "What if you had like on light posts, little sniper guns. And as soon as somebody pulls of that vest, the sniper gun could tag that guy?" Cummings asks. 

Undoubtedly, she says, a robot sniper would act faster than a human. That's because of something in the human body called the neuromuscular lag. It takes us about half a second to recognize that someone is wearing a suicide vest, and another half second to fire at him. It would take an automated robot sniper, however, "on the order of microseconds" to complete this sequence of actions. 

"In that scenario, there's no question that the automation would be better than a human," Cummings says. The trick is building a sensor that actually can identify the bomb correctly. 

"If we could kill one suicide bomber a month" this way, "and we killed accidentally let's say one person every three years or five years, how would we feel about that?" 

 The other panelists weigh in on that question. And I think the discussion is more relevant than the hypothetical nature of Cummings' scenario might suggest. We are going to have drones flying over US cities for law enforcement and commercial purposes within the next two to four years, I'd say. The FAA has to integrated remote aircraft into the airspace by 2013, and after that, you're going to see a whole new market for flying robots take off. Why wouldn't law enforcement agencies at least consider the kinds of public safety applications Cummings is imagining? Putting aside that we dont' have a suicide bomber population in the US. What about robot drones protecting schools from mass shooters? We can certainly envision that scenario, whether we agree we should ever go there or not. 

Posted at 12:40 PM/ET, 04/11/2013 | Permalink | Comments ()
File under: "ain't gonna happen" By Shane Harris

A non-partisan group of former military officers wants the filmmakers behind Zero Dark Thirty to use any media appearances or acceptance speeches at the Oscars this weekend to call on the Senate Intelligence Committee to release a classified, 6,000-page report on the CIA's so-called enhanced interrogation techniques, which feature prominently in the film. 

The group has written to Kathryn Bigelow, Mark Boal, Megan Ellison and others associated with the movie urging them to use their turn in the spotlight and "make the case for transparency on this issue..." 

Right. Because antagonizing the Senate intel committee is exactly what the ZDT crew wants to do right now. Said committee is investigating whether the CIA gave the filmmakers "inappropriate" access to classified information. And the senators will also look at whether CIA officials made the case that torturing terrorist suspects provided useful intelligence--a case that some observers (this one included) think that the film makes, even though its creators have argued, awkwardly, that it doesn't. 

Boal, the screenwriter, and Bigelow, the director, got extraordinary access to CIA and other administration officials during the making of their Oscar-nominated film about the hunt for Osama bin Laden, far more than has been afforded to journalists. The Hollywood backlash has been palpable, and perhaps most evidenced by the fact that Bigelow, a previous Oscar winner for her Iraq War film Hurtlocker, was passed over this time for a Best Director nomination. 

When I saw the DC screening of Zero Dark Thirty earlier this year, I thought Bigelow and Boal were notably cautious in their remarks about the controversy their film has also generated in Washington. Bigelow, who knew she was under intense official scrutiny, seemed genuinely nervous to be in a room full of politicos, feds, and journalists.  And Boal looked as if he was biting his tongue, wanting to rebut his critics but careful not to stir the hornets' nest. 

I doubt the writer or the director intend to make themselves public martyrs for government transparency. The harder they push on the Senate Intelligence Committee to say what it knows about torture, the more they open themselves up to questions about what special access the CIA gave the filmmakers. And that is not a conversation they want to have. 

Posted at 03:52 PM/ET, 02/21/2013 | Permalink | Comments ()
Is the President making way for a new underground command center? By Shane Harris
President Obama in the Oval Office in May 2011. Sources speculate that a new emergency bunker may be built underneath the White House. Official photo by Pete Souza.

As part of a major, two-year overhaul of the West Wing, President Obama will move into a replica of the Oval Office, which will be located in the Eisenhower Executive Office Building, adjacent to the White House. 

Real Clear Politics' Alexis Simendinger has the scoop this morning. She reports that the "new" Oval Office will be ready by August, if the President is ready to move and "if design challenges are resolved." 

"This week, fresh lumber and rebar are visible as walls rise out of the ground at 17th and State streets NW, at the southwest corner of the executive office building that began as home to the U.S. War Department in 1888. The small construction site, which is shrouded from view by tall chain-link fences and forest-green tarps, signals one of the preparatory phases for the eventual West Wing overhaul, according to sources familiar with the plans." 

My colleague Carol Joynt first reported last year that the President would be relocating sometime in 2013.  

More intriguing still is why exactly the President is being relocated at all. For months now, the speculation among some of my sources has been that the White House is building a secure command and control facility underneath the existing structure. These people used to work in the White House in national security positions, and their informed speculation is that the President is going to get a state-of-the-art bunker from which he would be able to issue commands in a time of emergency, such as a terrorist attack on Washington. (Current White House officials have been tight-lipped, and the official line is that all the underground construction is for "infrastructure" repair.) 

The existing White House "bunker," the Presidential Emergency Operations Center (PEOC), is not up to the task, my sources say. Many will remember what a difficult time Vice President Dick Cheney had on September 11, 2001, when, while holed up in the PEOC, he had trouble keeping in constant communication with President Bush, who was hopping around the country aboard Air Force One. The PEOC is a Cold War relic, outfitted with some sleeping quarters and provisions for the President and a small number of staff. But it's not capable of serving as a modern command post. 

The White House Situation Room, which was renovated in 2007, would suffice as a presidential command center, but only if there is no surrounding threat to the President's safety, sources say. If the White House were physically damaged in an attack, or if the air outside were filled with chemicals, biological agents, or radioactive material, the President would have to shelter in place, perhaps for an extended period.   

In this regard, the physical location of the mysterious new structure is telling. Construction began in a deep pit in front of the West Wing. It encompassed West Executive Avenue, which separates the White House from the adjacent executive office building. This proximity to the Oval Office suggests that the facility is designed for the President to be able to get there quickly.  

Presumably, if the White House were affected by an attack that made the outside air dangerous to breathe, the Secret Service would not want to evacuate the President by taking him outside. (There is direct access to the Colonnade and the Rose Garden from the Oval.) Some speculate that since the Oval Office itself is being so significantly renovated--work could last for more than a year--the plan might be to install direct access from the Oval to the new underground structure bunker, a sort of emergency exit or "trap door." I'm told by one former White House official that there is a crawl space beneath the existing Oval Office, but that there's not, as yet, any way to evacuate the President without taking him out of the office itself, whether outside or through the West Wing. That could change.

Posted at 11:11 AM/ET, 02/01/2013 | Permalink | Comments ()
The paper of record says that it was the victim of an espionage “campaign” by China. It’s not the only target. By Shane Harris

There's news out of the New York Times this morning--about the New York Times. A long article details how hackers, whom the paper's bosses believe are in China, stole the passwords of Times employees, accessed the e-mail accounts of some reporters, and rooted around the Times networks for four months. The intruders appeared to be looking for the names of people who might have given information to a Times reporter working on a major expose of a top Chinese government official.

From the paper:  

"The timing of the attacks coincided with the reporting for a Times investigation, published online on Oct. 25, that found that the relatives of Wen Jiabao, China's prime minister, had accumulated a fortune worth several billion dollars through business dealings.

"Security experts hired by The Times to detect and block the computer attacks gathered digital evidence that Chinese hackers, using methods that some consultants have associated with the Chinese military in the past, breached The Times's network. They broke into the e-mail accounts of its Shanghai bureau chief, David Barboza, who wrote the reports on Mr. Wen's relatives, and Jim Yardley, The Times's South Asia bureau chief in India, who previously worked as bureau chief in Beijing."

As a journalist--that is, someone who goes to considerable lengths to protect the information I collect and the identities of people I talk to--this is a chilling revelation. Deeply unsettling. And sadly, not at all surprising. 

Foreign intelligence services have been targeting US corporations, members of Congress and their staff, think tanks and law firms, and defense contractors for years. In every instance, the spies are after secret, proprietary information, with an eye towards getting strategic advantage over US companies and the government. News reporters, particularly those in regular contact with foreign and US sources in governments and the private sector, would be prime targets for any credible intelligence service. I reported in 2011 that spies may have tried to impersonate a well-known Washington journalist, Bruce Stokes, in order to spy on the State Department. We journalists are low-hanging fruit.

"Security experts found evidence that the hackers stole the corporate passwords for every Times employee and used those to gain access to the personal computers of 53 employees, most of them outside The Times's newsroom."


Presumably, any reporter working in China is exercising some strong operational security. Hopefully, he's not keeping notes on a computer, not exchanging e-mails with sources, and limiting electronic communications. But it sounds like once the spies got into the network, via spear phishing, they had freedom to roam and gather information about many reporters.

"Computer security experts found no evidence that sensitive e-mails or files from the reporting of our articles about the Wen family were accessed, downloaded or copied," said Jill Abramson, the Times's executive editor. That's somewhat surprising, considering how long the intruders were inside the network. 

Note, though, Abrams says no "sensitive" e-mails were accessed. That doesn't mean other, non-sensitive emails weren't read. And the Times article doesn't say--nor could experts know--whether the spies were able to glean any insights about a reporter's sources by examining the names of people sending e-mails, which one could see just by looking at the inbox, without having to open the e-mail or copy it.

It could be that the paper's security consultant, Mandiant, was able to prevent any massive exfiltration of sensitive information. Or maybe the spies just managed to find what they were looking for and didn't need to siphon off files. The Times article gives a pretty broad description of the cat and mouse game between the spies and the security experts. 

"To get rid of the hackers, The Times blocked the compromised outside computers, removed every back door into its network, changed every employee password and wrapped additional security around its systems." 

It seems that reporters weren't alerted to the ongoing investigation, which makes sense if Mandiant didn't want to tip anyone off to the investigation. (These are reporters, after all.) One Times scribe I know only found out about the past months events after reading the paper this morning.

Reporters' passwords were reset, apparently to the frustration of some.

"I would like to apologize to the NYT computer support folks I snapped at after they reset my password without warning," national reporter John Schwartz wrote in a tweet.

In reply, national security reporter Charlie Savage, tweeted, "Explains a lot of bustling yet somewhat inexplicably furtive activity by the IT support staff in recent months."

"[Y]es, and a lot of yelling by writers on deadline!" wrote Schwartz.

It would seem, based on the Times account, that the intruders were only interested in reporting about the Wen family. Mandiant found "no evidence" that those stolen passwords were used to seek any other kind of information. That suggests that this intrusion was targeted and disciplined.

However, the Times called the intrusion "part of a broader computer espionage campaign against American news media companies that have reported on Chinese leaders and corporations."

"Last year, Bloomberg News was targeted by Chinese hackers, and some employees' computers were infected, according to a person with knowledge of the company's internal investigation, after Bloomberg published an article on June 29 about the wealth accumulated by relatives of Xi Jinping, China's vice president at the time. Mr. Xi became general secretary of the Communist Party in November and is expected to become president in March. Ty Trippet, a spokesman for Bloomberg, confirmed that hackers had made attempts but said that 'no computer systems or computers were compromised.'"

No customer data was stolen from the Times, security experts said.

If the Times's reporting is accurate, we should presume that the attacks on it and Bloomberg are the tip of the proverbial iceberg. I'd imagine news rooms across town and across the country today are going to search their networks for any suspicious activity. For its part, the Times became suspicious after learning of warnings from Chinese government officials that the investigation of Wen would "have consequences." On October 24, 2012, executives at the paper asked AT&T, which monitors the Times's networks, "to watch for unusual activity."

At least one security expert is sounding a skeptical note on all this, saying the Times has no basis for pointing the finger at China. Jeffrey Carr wrote on his blog: 

"This article appears to be nothing more than an acknowledgment by the New York Times that they found hackers in their network (that's not really news); that China was to blame (that's Mandiant's go-to culprit), and that no customer data was lost (i.e., the Times isn't liable for a lawsuit).

"I think that Mandiant does good incident response work . . . however their China-centric view of the hacker world isn't always justified in my opinion."  

Carr goes on to dissect the article and explain why he thinks other countries would have a motive to spy on the Times.

In his confirmation hearing this morning, Defense Secretary nominee Chuck Hagel was asked about cyber threats against the United States, although the question tended towards threats to physical infrastructure rather than espionage.

"Cyber, I believe represents as big a threat to this country as any one specific threat," Hagel said, promising that he'd put "high priority" on the issue if confirmed. "It's an insidious, quiet kind of a threat threat we've never quite seen before. It can paralyze a nation a second."

Hagel said that the current Congress has to pick up cyber legislation that failed to pass last year. "You must, and you know that." 

Posted at 10:42 AM/ET, 01/31/2013 | Permalink | Comments ()
An inspector general report leaves unaddressed whether hiring prostitutes is common within the agency. By Shane Harris

After Secret Service agents were alleged to have solicited prostitutes while on a presidential visit to Colombia last year, questions arose as to whether officials had followed proper procedures when they investigated nearly a dozen of their own members in one of the most embarrassing incidents in the history of the storied agency. 

The answer is yes, according to an official report set to be released next week by the Homeland Security Department's Inspector General. Secret Service leaders "responded expeditiously and thoroughly to the allegations" that some men had brought women, including prostitutes, back to their hotel rooms, and that one agent had refused to pay for sexual services. 

But the 20-page report, a copy of which was obtained by The Washingtonian, does not address lingering questions about whether hiring prostitutes is  "widespread" within the Secret Service. For months since the Colombia affair was revealed, current and former employees have said that hiring women for sex is a common occurrence on foreign trips, and something that is implicitly, if not officially, condoned. They have said the practice is not limited to single men, and that "Wheels up, rings off" is a common refrain on overseas missions. 

The Secret Service Director, Mark Sullivan, has testified to Congress that hiring prostitutes is not a common practice, and he and has characterized the behavior of the employees in Colombia as aberrant and not in keeping with the agency's traditions or standards.  

The report noted that prostitution is not illegal in Cartagena, and that "prostitution is not specifically addressed in [Secret Service] standards of conduct..." However, the report added, "[Secret Service] officials asserted that solicitation of prostitutes violated standards, which state that 'employees shall not engage in criminal, infamous, dishonest, immoral or notoriously disgraceful conduct or other conduct prejudicial to the [United States] government.'" 

At least one establishment that Secret Service personnel visited was considered to be a "reputable" establishment, the report found. It also noted that the agency acknowledged investigating allegations of solicitation on another trip, in El Salvador. That suggests that Secret Service leaders are aware that the events in Colombia were not unique. 

In the latest report, the IG limited his findings solely to the integrity of the Secret Service's investigation, which began on April 12, 2012, the morning that agency managers were alerted that one of their agents had refused to pay a prostitute he met the night before at a nightclub in Cartagena. President Obama was on his way to attend the Summit of the Americas. Owing to his imminent arrival, the IG determined that Secret Service managers followed proper procedures when they relieved eleven employees implicated in the events of their duties, sent them out of the country, and suspended their security clearances, which effectively disqualified them from any sensitive work, including protecting the President.  

The report also found that the Secret Service determined the security of President Obama was not jeopardized when the men brought foreign nationals back to their hotel rooms, and that no sensitive information was in danger of being discovered. The Secret Service employees had not been briefed on the details of the security plan for the President's visit, and consequently possessed no information that could have put him in danger, the report found. 

The report passes no judgement as to whether the punishment meted out against the employees involved was fair or appropriate. Nine of the employees were eventually forced out of the agency or allowed to resign. At least one is appealing his termination and asking to be reinstated. 

The Inspector General's report will do little to settle questions about Secret Service culture, and whether there is an attitude of permissiveness or a tendency to overlook indiscretions by some employees more than others. Another IG report, released in February 2001 by the Treasury Department, which used to oversee the agency, found that discipline was not administered evenly, and that decisions on whether to refer misconduct for investigation was left to the discretion of employees' managers. A subsequent investigation in 2002 by U.S. News & World Report found that employees were more likely to evade punishment for sexual harassment, drunk driving, and other offenses if they had good relationships with their bosses and could count on their protection. 

The report sheds little new light on the facts surrounding the evening of April 11, 2012, and it doesn't alter the official version of events that has been conveyed in news reports and congressional testimony. 

In its investigation of the Colombia affair, the Secret Service interviewed 232 subjects and witnesses, sent four inspectors to Colombia, reviewed "thousands of e-mail messages," and administered 14 polygraph examinations, according to the report. There is no mention of the fact that Inspector General investigators have been unable to conduct their own interviews in Colombia with the women involved or knowledgeable hotel staff, because the Justice Department has reportedly not granted the IG that authority.

The report was reviewed by the Secret Service Director, who wrote in a formal reply, "We are pleased to note that the OIG's review of our investigation found that the [Secret Service] acted expeditiously, appropriately, and professionally" in the investigation of its employees. 

Posted at 05:46 PM/ET, 01/25/2013 | Permalink | Comments ()
The top national security official at the Justice Department, Monaco has also been rumored as a candidate for FBI Director. By Shane Harris

President Obama has selected Lisa Monaco as his next homeland security and counterterrorism adviser, replacing John Brennan, who has been nominated as CIA Director. 

Monaco currently serves as the Assistant Attorney General in charge of the National Security Division at the Justice Department. She is a seasoned attorney who began her career as a federal prosecutor in Washington, DC, and rose to the senior ranks of Justice and the FBI. In 2009, Monaco became Eric Holder's principal associate deputy attorney general. Prior to that, she was the longest-serving chief of staff to FBI Director Robert Mueller, a testament to her skill, stamina, and Mueller's confidence in her abilities, according to those who know her. 

Monaco, who was confirmed by the Senate for her current position at Justice, has been on the rumored short list to replace Mueller, whose term ends this summer. It's not immediately clear what today's new appointment does to her chances. On the one hand, she will presumably be working closely with Obama on matters of the highest national security priority and sensitivity. The two do not have a long history of working together day to day, as Obama did with Brennan, who was also a campaign adviser in 2008. Proximity to the Oval Office would give Monaco the ultimate stage on which to audition for the directorship of the FBI.  

On the other hand, it could prove difficult to find a replacement for Monaco less than a year from now, as Mueller is stepping down. Brennan has been indispensable to Obama's program of targeted killings and other national security priorities. It's hard to see the position of counterterrorism adviser being a temporary stop over on the way to something bigger. 

Those who know Monaco describe her as non-partisan, tireless, and a skilled attorney. She worked for Janet Reno in the 1990s and later served on the Justice Department's Enron Task Force, overseeing the prosecution of executives from the failed energy company. For that work, she received the Attorney General's Award for Exceptional Service, the Justice Department's highest award.

"Lisa is a terrific choice. She has demonstrated herself to be the consummate public servant," said Fran Townsend, who was counterterrorism adviser to President George W. Bush. "She has served in both national security legal and policy roles. She has proven she has both the experience and judgment to provide the President with wise counsel." 

David Kris, who preceded Monaco has head of the NSD, says, "She has got the experience and the skills to take on this very challenging job and do it very well." 

The targeted killing program, and the attendant use of drones in countries where the United States is not at war, has become a central component of the counterterrorism adviser's portfolio. It is tempting to view the appointment of a career federal attorney as an attempt by the White House to signal some new deference for stronger legal guidelines on the use of drones. 

However, those who know Brennan have described him as a staunch proponent of "intelligence under law," and he has reportedly been instrumental in crafting clearer guidelines about the use of lethal force. So appointing Monaco perhaps should not be seen as a rebuke of Brennan, or as a stronger embrace of the law than administration officials believe they have already shown.

Monaco's appointment is unlikely to satisfy critics of targeted killings. Yesterday, the United Nations announced an investigation into the use of drones by the U.S. 

Monaco has been in charge of the NSD since July 2011. She is a graduate of Harvard University and earned her law degree from the University of Chicago, where Obama was once a professor. 

Posted at 12:33 PM/ET, 01/25/2013 | Permalink | Comments ()
Police and security agencies tossed a little bit of everything into Downtown Washington last night: Concrete barriers and metal rails; security guards of many stripes; screening stations made of chain link fences and tents. By Shane Harris

The Secret Service had announced traffic restrictions would take effect inside Washington at 9 AM on Sunday morning, the day before the 57th Presidential Inauguration. And they meant it. On my way to an event on the Mall Sunday evening, I made it in a cab as far as 9th and F Streets NW before traffic came to a halt. All southbound streets were closed, and heavy trucks started moving in to install concrete barriers. The truck drivers had to do double duty directing mystified drivers to turn around and go the other way. 

Two DC police officers casually meandered about a busy intersection. When my cab driver asked, "Is there any way to go south?" the cop chuckled. I set out on foot for the last mile to my destination. 

The beginning of the Inaugural security zone was clearly marked by this screening station. 

"Please open your outer garments," a sign advised Inauguration attendees. I shuddered a bit and buttoned up my coat. (Temperatures this morning were around freezing.) 

Elsewhere, city buses would be turned into bomb barricades as security agencies prepared for the morning crowd, which city officials estimate will be at least 500,000-people strong. 

Near Pennsylvania Avenue, the parade route, some of the most valuable facilities were being installed. 

You won't find many places to take relief along the parade route. Pennsylvania Avenue may be the most protected, and restricted, stretch of road in the world on Monday morning. 

But last night, Downtown Washington was mostly free of pedestrians and was transformed by the absence of vehicular traffic. I stood in the middle of Pennsylvania Ave., usually bustling with cars, and stared at the brightly lit Capitol draped in American flags. Downtown felt like some open-air museum, a gallery of buildings and national landmarks. I felt like a visitor let in after closing time. 

Partygoers and tourists posed for photographs in front of the facade of the National Gallery of Art and tried to snap shots of the gleaming white Capitol in the distance. The police officers idling in cruisers at every intersection along America's Main Street didn't seem to regard anyone as a particular threat. 

The Mall itself was eerily quiet. On a broad expense next to the Air and Space Museum, a lone security guard in a bright yellow jacket ambled slowly, his hands in his pockets. Tomorrow, tens of thousands of onlookers would fight for a good spot. Tonight, it was just the guard and his charge--a huge video screen waiting to be set up for the next day's events.  

Getting out of downtown wasn't much easier than getting in. Police motorcycles and cruisers blocked most entrances to the areas main arteries, Independence and Constitution Avenues, which were restricted to outbound traffic only.  The skies above seemed mostly quiet, though by tomorrow they'd be buzzing with Coast Guard helicopters and Air Force jets. For one evening, though, despite the bewildering array of barriers and blockades, there was a rare moment of quiet in the nation's capital, before a very big storm. 

Read More

Posted at 09:40 AM/ET, 01/21/2013 | Permalink | Comments ()
How to prepare for a weekend inside fortress Washington. By Shane Harris

Starting tomorrow, a good part of downtown Washington will start falling under a security blanket of sorts. The Presidential Inauguration is designated as a National Special Security Event, which means a slew of protective measure and protocols are put in place, and the Homeland Security Department, Secret Service, and DC police kick into high gear. 

Official inauguration events begin on Sunday, with an eye toward Monday's main event on the Mall. But with balls and celebrations beginning around town Saturday night, you'll see a heightened security presence on and under DC streets, in the skies, and on the water. We've got a list of helpful tips for anyone venturing out in the cold on Monday. And here's an idea of where you're likely to see beefed up security over the next few days. 

For starters, you're going to see a lot of armed men and women in uniform on the street. The Secret Service has the lead on security for the Inauguration, but if 2009 is any guide, there will be tens of thousands of law enforcement officers from dozens of government agencies on duty. 

Road closures and restrictions will start taking effect Sunday morning at 7am. This map shows you where. NOTE: If you are parked inside the security perimeter, you may not be able to get out until Tuesday at 7am, when the closures are lifted. And if you're parked in a garage along the parade route, you may not be able to remove your vehicle. More info on roads and traffic is here

The Secret Service has keys to buildings along the parade route, and sharpshooters will be stationed on rooftops. 

There will be security screenings for anyone attending the public swearing-in ceremony. That goes for the general public as well as ticketed guests. If you plan to enter the parade route, you're going to get screened in some way. So plan ahead, and leave anything forbidden at home. 

Also, be prepared to remove your own trash, because all garbage bins will be removed or sealed shut. Same goes for mailboxes.  

If you look up, you're going to see a lot more aircraft in the skies than usual. The Coast Guard will patrol the waterways, and Air Force jets will circle above the city. Unless you're planning on flying in your own plane this weekend, you probably dont need to worry. Nevertheless, expect lots of helicopters buzzing along the rivers and over the secured zone. More information is on the FAA's Web site.   

There will also be enhanced security on Washington waterways. Direct any questions to the U.S. Coast Guard via marine band radio VHF channel 16, or to the Metropolitan Police Department Harbor Patrol at 202-727-4582. 

Posted at 11:36 AM/ET, 01/18/2013 | Permalink | Comments ()

Maybe we should dub 2012 "The Year of the Pipeline Hack."

According to the Homeland Security Department, more than 40 percent of cyber "attacks" reported in fiscal 2012 were aimed at the energy sector, and a good chunk of those were targeting oil and natural gas companies that operate pipelines. 

The energy sector, broadly, was the subject of an intense cyber campaign in the past year apparently aimed at gaining control to the computers that physically control mechanical systems at utility sites. To put this campaign in some perspective, the DHS group that monitors threats to infrastructure owners and industry groups responded to 198 "cyber incidents" in fiscal 2012 (October 1, 2011-September 30, 2012). 

To say these incidents are now commonplace is an understatement. But how severe are they?    

Incident is a pretty broad term, and DHS helpfully sheds some light on it. The department's Industrial Control Systems Cyber Emergency Response Team, the folks who will go out to a targeted site and figure out what happened, assisted 23 oil and natural gas sector organizations that were targeted in a spear-phishing campaign. In those cases, "information pertaining to the ICS/SCADA environment, including data that could facilitate remote unauthorized operations, was exfiltrated." Put another way, the hackers made off with information that they could use to disrupt, disable, or commandeer the infrastructure (read: gas pipeline, oil refinery, whatever the "organization" in question is). 

One DHS team visited an unnamed power generation facility and discovered "common and sophisticated malware" in "the industrial control environment," viruses and malware on systems that control power plants. The source of the problem was an infected USB drive. (DHS offered no further details about how it became infected.) 

Also, in October 2012, a power company reported "a virus infection in a turbine control system," DHS says. It turned out "a third-party technician used a USB-drive to upload software updates during a scheduled outage for equipment upgrades. Unknown to the technician, the USB-drive was infected with crimeware [a type of malicious code specifically designed for criminal activity, like fraud or theft.]"   

I suppose what's most frustrating about these incidents is that they are, to varying degrees, preventable. At the very least, there are steps owners can take to lessen the risk that their machinery will be compromised. At the most basic level, DHS advises that they not connect control system devices to the Internet. Seems obvious enough, but according to research published last fall, there are more than 7,000 control systems connected to the Internet in the United States. Want to see where they are?  

Apparently, DHS is tired of reminding energy companies and public utilities not to use "password" as the password for control systems. So, the department's computer emergency response team has joined up with the Energy Department and is conducting both secret and non-classified briefings for infrastructure owners across the country. Officials are sharing information about the incidents reported in the past year, as well as "essential information regarding mitigation strategies, best practices, and emerging trends." (There have been two in the Washington region, according to DHS.) 

This seems like a smart move on DHS' part. But it also puts the onus on government to keep industry up to date on the operational details of what they're seeing. Where are these hacks coming from? Who's behind them? What can companies do beyond using stronger passwords and putting up firewalls to protect themselves? And perhaps most importnat, what is the government going to do to actively fend off these intrusions? I haven't sat in on one of these briefings but I imagine that last question is being asked by more than a few exasperated company executives, who now find their companies in the crosshairs. 

Posted at 02:57 PM/ET, 01/15/2013 | Permalink | Comments ()