News

The Notre-Dame Fire – A perfect storm of events resulted in a 30 minute delay in discovering the fire

According to an article in the NY Times, the security employee monitoring the smoke alarm panel had only been on the job for three days. When the alarm came in the employee contacted a guard in the main church area and sent them to check the alarm. The guard responded back to the security employee that there was no indication of a fire. Unfortunately, it took approximately 30 minutes before they realized that the security employee had sent the guard to the wrong building – the fire alarm sensor was located in the attic area, above the main church. To get there the guard climbed 300 narrow steps but by then the fire was beyond controlling with a fire extinguisher. At that point the guard radioed the security employee to call the fire department.

Some interesting facts contained in the article: The “ponderous response plan” underestimated the speed with which the fire would spread in the attic area; To preserve the architecture, no sprinklers or fire walls had been installed; The security employee had not been replaced at the end of his eight-hour shift so was required to work a second shift; The control panel displayed a complicated string of letters and numbers – ZDA-110-3-15-1, that was code for a specific smoke detector among more than 160 individual detectors and manual alarms in the church.

Given the type and quantity of combustible materials in the upper portions of the church, the lack of sprinklers and fire walls, and the need for a person to physically respond in order to validate the alarm, any proper risk assessment should have concluded that the threat from fire was a high probability, high consequence event. The article did not indicate if or when the response plan was ever tested. Based on the events described in the article, my assumption is that it was not.

Cellphone Storage Options

Many of my corporate and government clients work with classified information. The areas in which this work is accomplished prohibits the introduction of electronic items such as cellphones, laptops and smart watches. The question is how to store these items until they could be picked up by their owners upon leaving these secure areas. The most frequent solution was to install first-come/first-serve wall mounted lockers with key-operated locks. For larger facilities this could take up a significant amount of real estate. There are also several drawbacks to using this type of storage system. Individuals would lose their keys. Unfortunately, most of these locker installations were not master-keyed so someone from the security department would need to take time to pull a back-up key, assuming the individual could remember which locker they had stored their item in. There was also the need to make another backup copy of the key to replace the one that was lost. An additional problem that was encountered was that assigned personnel would simply keep the locker key so they would be assured of place to lock up their device when they arrived at work.

Yesterday I met with a client who appeared to have found a more suitable solution to this storage problem. They’re using a Robocrib TX750 industrial vending machine that works with their access control cards. You simply hold your access control badge up to the proximity reader on the front of the machine to initiate the process. You will be stepped through the process via a display screen at the front of the unit. It will prompt you to select the size of the device you want to store. After a moment the door will release and the sliders will open to reveal a space to insert your phone, laptop, etc. To retrieve the device simply hold your badge up to the reader. After a few seconds the door will release, the sliders will open and you can take your device.

Mitigating the threat of vehicle ramming attacks

This DHS video provides information to assist with mitigating the evolving threat corresponding to vehicle ramming incidents with insightful technical analysis from public and private sector subject matter experts. It leverages real-world events, and provides recommendations aimed at protecting organizations as well as individuals against a potential vehicle ramming incident.

Is that intellectual property really a trade secret, maybe not!

On 21 November 2019, Haitao Xiang, previously employed by Monsanto and its subsidiary, The Climate Corporation, was indicted by a federal grand jury on charges of economic espionage and theft of trade secrets. One thing that the prosecution will need to prove at trial is that Monsanto and Climate Corporation employed reasonable precautionary measures to secure their trade secrets. Just marking it as a trade secret/proprietary information doesn’t make it so.

In a similar case, the United States v. Hanjuan Jin (2012), involving the theft of trade secrets from Motorola, the judge evaluated the physical security (access controls, alarms, security cameras and on-site security guards), network and computer measures (passwords, firewalls, and logon reminders), and administrative procedures (document markings, training programs, and confidentiality agreements) employed by Motorola to protect their trade secrets and determined that they met the threshold for reasonable precautionary measures. The implication is that if Motorola and The Climate Corporation had not enacted these “precautionary measures”, it may have been difficult for them to justify the claim that the material was indeed sensitive and that it’s loss caused significant damage.

Spy used AI-generated face to connect with targets on LinkedIn

Article by Raphael Satter, United Press, 12 June 2019

LONDON (AP) — Katie Jones sure seemed plugged into the Washington’s political scene. The 30-something redhead boasted a job at a top think tank and a who’s-who network of pundits and experts, from the centrist Brookings Institution to the right-wing Heritage Foundation. She was connected to a deputy assistant secretary of state, a senior aide to a senator and the economist Paul Winfree, who is being considered for a seat on the Federal Reserve.

But Katie Jones doesn’t exist, The Associated Press has determined. Instead, the persona was part of a vast army of phantom profiles lurking on the professional networking site LinkedIn. [Go to article]