| This week's sponsor is Panasonic. |  | Panasonic empowers people whose jobs depend on reliable technology. The company delivers collaboration, information-sharing and decision-support solutions for customers in Homeland Security to help achieve a competitive advantage and improve outcomes. Learn more. |  Today's Top Stories 1. Podonsky: NNSA security fixes often just temporary 2. Fusion centers pose privacy and civil liberties risks, says The Constitution Project 3. Threshold for FEMA public assistance grants hasn't kept up with inflation 4. Garza defends BioWatch after report of false alarms 5. Piling up spent nuclear fuel presents future disposal challenge Editor's Corner: Justice must plug its fusion center civil liberties regulation loophole Also Noted: FBI: Operation tracking Chicago teen took months; Fast pace continues on deferred action for young illegal immigrants; and much more... Follow @fiercegov on Twitter More News From the FierceGovernment Network: 1. Chinese telecom officials say spying would undermine business 2. House approves 5-year FISA Amendments Act reauthorization 3. DoD Joint Information Environment taking cues from EUCOM, AFRICOM  | Federal IT Reform Survey Please take a moment to participate in our brief 15 question "Federal IT Reform Survey" where we will take a look at security policies, compliance concerns and budget management issues. All participants will receive a free summary report and we will donate $5 to Fisher House in support of military families for each of the first 100 completed surveys. CLICK HERE to get started. | |  Justice must plug its fusion center civil liberties regulation loophole The risks posed to civil liberties and privacy by the nation's 77 fusion centers cannot be ignored any longer. Those risks have been discussed in the public for some time now--for example in The Washington Post's 2010 investigative series "Top Secret America" and most recently in a Constitution Project report calling for greater safeguards. Suspicious activity reports--the bread and butter of fusion centers, reports from law enforcement about possibly out-of-the-ordinary behavior that could have nefarious motivation--fall through a regulatory loophole that allows the fusion centers to amass information about Americans who most often merely happened to catch the attention of highly suspicious law enforcement. Ordinarily, federal regulations prohibit state law enforcement agencies that receive federal funding from maintaining personally identifiable information in criminal intelligence databases unless there exists reasonable suspicion that the individual is involved in criminal conduct or that the information is relevant to criminal conduct. But the Justice Department interprets regulations to exclude from those conditions the data gleaned from suspicious activity reports on the ground that SARs are "tips and lead data" and not criminal intelligence information. Since SARs are meant to cast a wide net, the outcome is that fusion centers are building up a database populated mainly with the information of Americans who are neither criminal nor terrorists. -->READ THE FULL EDITOR'S CORNER | | Today's Top News 1. Podonsky: NNSA security fixes often just temporary A security breach at the Y-12 National Security Complex could have been prevented if security weaknesses found in 2008 had been fixed and maintained, said Glenn Podonsky, chief health, safety and security officer at the Energy Department. Podonsky spoke at a Sept. 12 hearing of the House Energy and Commerce subcommittee on oversight and investigations. The hearing concerned the July incident where three people including an 82-year-old nun infiltrated the Y-12 grounds in Tennessee. The security failures that allowed the breach included broken security cameras and contractors' lack of response to alarms. In 2008, DOE did a comprehensive security inspection at Y-12 that looked at "the entire kaleidoscope of security subjects" and turned up serious problems, Podonsky said. The National Nuclear Security Administration took corrective action, and had it sustained those changes, the July incident might have been prevented, he said. Mark Gaffigan of the Government Accountability Office also said NNSA's failures tend to lie in sustaining changes. Gaffigan, the managing director of GAO's natural resources and environment team, said NNSA does in fact come up with good corrective action plans. But its inability to make changes permanent "seems to be the problem over and over again," a problem GAO has found since at least the early 2000s, he said. Several members of the subcommittee questioned why such a sensitive security task is entrusted to contractors instead of federal security officers, or even the military. Gregory Friedman, DOE's inspector general, said the department should reconsider federalizing the workforce. But he noted that the issue is complicated and has long been debated. Energy deputy secretary Daniel Poneman also said the debate is long-standing, but added that the department expects contractors to have the same level of dedication as federal employees. Ponemon also testified about the Y-12 incident on Sept. 13 before the House Armed Services subcommittee on strategic forces, but after opening statements, the rest of the hearing took place in a closed setting. For more: - go to the hearing webpage (prepared testimonies and webcast available) Related Articles: Multiple failures permitted trespassers to penetrate Y-12 complex Weapons-grade nuclear material at risk of theft, says NTI Minimal fallout in U.S. from Fukushima, USGS confirms Read more about: Tennessee, NNSA back to top | 2. Fusion centers pose privacy and civil liberties risks, says The Constitution Project  The nation's 77 state and regional fusion centers can pose serious risks to civil liberties, finds a new report from The Constitution Project, which makes a number of recommendations about how the centers should collect and store data. Among the report's (.pdf) findings is that the threshold for entry of a person's personally identifiable information into a fusion center database--where it could be accessed by other fusion centers--is too low. Ordinarily, federal regulations prohibit state law enforcement agencies that receive federal funding from maintaining personally identifiable information in criminal intelligence databases unless there exists reasonable suspicion that the individual is involved in criminal conduct or that the information is relevant to criminal conduct. But the Justice Department interprets regulations to exclude from those conditions the data gleaned from suspicious activity reports on the ground that SARs are "tips and lead data" and not criminal intelligence information. State and federal standards for activities that can cause local law enforcement to file an SAR are broad, the report notes, encompassing behavior such as using binoculars or taking notes. The report doesn't suggest stricter SAR thresholds, stating that such behavior might warrant an initial inquiry, but does say that reports on individuals should not be retained in government databases unless reasonable suspicion can be established. The center also urges greater federal oversight of fusion centers, recommending that the departments of Homeland Security and Justice should periodically audit fusion centers to ensure compliance with privacy and civil liberties rules. "One of the most pressing concerns regarding fusion centers is accountability," report authors say, adding that fusion centers should also allow individuals to correct inaccurate information about them in fusion center databases. Some state fusion centers have adopted policies that allow individuals to access their records although with some restrictions, but they don't have a clear process for individuals who seek correction of mistaken information. Report authors also recommend immutable audit logs for any database accessed by fusion center personnel, whether the database is an outside one hosted by other government agencies or the commercial information reseller databases that many fusion centers subscribe to. For more: - download the report, "Recommendations For Fusion Centers: Preserving Privacy And Civil Liberties While Protecting Against Crime And Terrorism" (.pdf) Related Articles: Backgrounder: Privacy and Civil Liberties Oversight Board HSPI: Fusion centers too oriented toward law enforcement All fusion centers should be 'all hazards,' says DHS OIG Read more about: fusion center, DOJ back to top | 3. Threshold for FEMA public assistance grants hasn't kept up with inflation The monetary damage metric the Federal Emergency Management Agency uses to assess state requests for presidential declarations of major disasters hasn't kept up with inflation or income growth--and in any case doesn't really assess whether a state is overwhelmed by disaster costs, says the Government Accountability Office. In a report (.pdf) dated Sept. 12, auditors say that had FEMA adjusted its damage estimate indicator to keep up with inflation since establishing it in 1986, 44 percent of the 508 declarations of major disasters from fiscals 2004 through 2011 would not have met the damage cost threshold. In addition, had the indicator kept up with rises in per capita personal income, 25 percent of those disasters would not have met the cost threshold. FEMA primarily relies on a formula that multiplies $1.35 by state population to determine whether or not to recommend public assistance grants to states that have requested federal help in the form of a presidential declaration of major disaster. Public assistance grants are meant to repair or replace damaged property and are awarded to state and local governments, as well as sometimes to nonprofit organizations. FEMA set the formula at $1 per resident in 1986. FEMA officials today were unable to explain to auditors why the threshold was set at that amount. Documentation from that time simply states that agency officials thought it reasonable that a state would be capable of supplying a dollar for each state resident to cover damage costs. The official rule establishing the $1 threshold did allow for inflation adjustment, but had it been adjusted starting when FEMA began using it in 1986, it would now be $2.07, auditors say. Were it to be adjusted for increases in per capita personal income since 1986, it would be $3.57 (in 2011 dollars, the most recent year available). But the damage estimate indicator in any case isn't a good measure of a jurisdiction's capability to recover from a disaster without federal assistance, auditors add. It excludes business income even though that income is potentially subject to local taxation. Auditors say a Treasury Department-crafted metric known as Total Taxable Resources would provide a more comprehensive measure of a jurisdiction's fiscal capacity, although they also say that measuring state personal income or gross state product are also possible metrics. FEMA, in its official response to the audit, said it agrees that "a review of the criteria" is warranted. For more: - download the report, GAO-12-838 (.pdf) Related Articles: Many FEMA disaster assistance employees haven't applied for a reservist position Strained finances cause local jurisdictions to eschew hazard mitigation grants Public Assistance Preliminary Damage Assessment inaccurate, says OIG Read more about: FEMA, GAO report back to top | 4. Garza defends BioWatch after report of false alarms Every time the BioWatch biosurveillance system has detected a targeted organism, it has been a true positive, Alexander Garza, the Homeland Security Department's assistant secretary for health affairs, told a Sept. 13 House panel. Garza defended BioWatch at a joint hearing of two House Homeland Security subcommittees, saying a July Los Angeles Times report of false alarms in the system has caused confusion. When BioWatch detects genetic material from an organism of concern, a laboratory official declares a BioWatch Actionable Result. But that is not meant as a declaration that bioterrorism has occurred, Garza said. People, not machines, then decide if the organism has resulted from an act of bioterrorism, he said. Rep. Dan Lungren (R-Calif.) expressed skepticism about the lack of false positives, saying, "I'm always a little worried when I hear that they're all perfect." Lungren chairs the House Homeland Security subcommittee on cybersecurity, infrastructure protection, and security technologies, which held the joint hearing with the subcommittee on emergency preparedness, response and communications. Garza agreed with Lungren that no test is perfect, but reiterated that officials have yet to encounter an instance where a BioWatch Actionable Result, or BAR, was a false positive. Rather, positive test results have sometimes occurred for close relatives of targeted organisms, which the BioWatch technology alone can't always differentiate from dangerous organisms. Garza said those results are not false positives, and that it's a misconception that BioWatch has incorrectly alerted officials to acts of bioterrorism. The LA Times article described a Colorado emergency preparedness official's nerve-wracking experience when BioWatch produced a BAR from a sample at the site of the 2008 Democratic National Convention. To reduce BARs that detect harmless organisms, DHS has partnered with the Defense Department to build more specific detection capability. DHS plans to roll out the updated technology this fall, Garza said. For more: - go to the hearing webpage (prepared testimonies and webcast available) Related Articles: BioWatch Gen-3 slips further behind schedule Feds urge state and local stockpiling of anti-anthrax antibiotics Up to $48M of expired anthrax vaccine thrown out annually, says DHS official Read more about: bioterrorism, Alexander Garza back to top | 5. Piling up spent nuclear fuel presents future disposal challenge  Even were the Energy Department to resume this year licensing efforts for Yucca Mountain as a permanent nuclear power waste disposal facility, it would still be 15 years before the site could start accepting spent fuel, says the Government Accountability Office. By then, about 50,000 metric tons of spent fuel stored roughly equally in wet and dry storage will have accumulated, assuming that no new nuclear power plants open in the interim, according to Nuclear Energy Institute estimates cited by the GAO in an Aug. 15 report (.pdf) not posted online until Sept. 14. The Yucca Mountain facility in Nevada was to have accepted its first delivery of spent fuel in 1998, but the Energy Department instead announced in 2009 it planned to terminate licensing work. Last year, Nuclear Regulatory Commission commissioners directed the licensing board to suspend work by Sept. 30, 2011. "Currently, it remains uncertain whether NRC will have to resume its license review efforts and whether a repository at Yucca Mountain will be built," auditors say. Licensing an alternate disposal facility would likely take about 40 years, the GAO estimates--by when close to 140,000 metric tons of spent nuclear fuel will have accumulated. Nuclear power plant operators have increasingly turned to dry cask storage to store spent fuel rods as pools for the wet storage of spent fuel rods have become more crowded. Spent fuel rods must stay inside pools of water for at least 5 years in order to cool down sufficiently to be stored in a dry cask, where passive air flow is sufficient to keep the spent fuel from heating to dangerous level. Delays in a centralized nuclear waste disposal facility mean that reactor operators face uncertainty in selecting the type of metal canister spent fuel rods should be placed in for dry cask storage, auditors say. The Energy Department did publish canister specifications for waste destined for Yucca Mountain, but the canister never went into production. They also warn that in the decades it will take to open a disposal facility--or even an interim centralized storage facility where spent fuel could be consolidated--spent fuel will pile up onsite at nuclear power plants. Most American reactors will reach the final end of their license by about 2030 and will siphon off the pools by about 2040. Once those pools are drained, auditors say, it will become difficult to repackage spent fuel in dry cask storage into new canisters should whatever final disposal site that comes online require a certain canister for disposal or should transportation of spent fuel come under a requirement for a specific canister. Some of the canisters used today are meant to act as a storage container and withstand the rigors of transportation, but NRC transportation requirements for heat and radioactivity might mean that operators would have to repackage the spent fuel, or place it in more robust transportation casks--or let it stay for a longer time in place until it further cools. Canisters might also need to be repackaged due to their degradation. Experts consulted by the GAO say that dry cask storage is likely safe for up to about 100 years. In addition, auditors note that nuclear power plant operators are selecting a variety of dry casks. The variety don't raise safety issues, they say, but they could complicate their transfer to a centralized facility because different types of casks have diverse handling requirements, such as specific grappling hooks. For more: - download the report, GAO-12-797 (.pdf) Related Articles: Insisting on Yucca Mountain won't fix nuclear waste problem, says Hamilton GAO stops short of endorsing probabilistic risk assessments for nuclear plants NRC: Nuclear plants must assess risk using new seismic model Read more about: NRC, nuclear power back to top | Also Noted > FBI: Operation tracking Chicago teen took months. Article (AP via Google) > Fast pace continues on deferred action for young illegal immigrants. Article (NYT) > New FEMA Corps graduates inaugural class. Article (GovSecNews) > Mexico hackers hit official websites in cyber protest. Article (BBC News) > Cybersecurity should be more active, official says. Article (WaPo) And Finally... Drought in Poland reveals 400-year-old sunken treasures. Article (Reuters) > Unisys Federal Systems Hiring Event - September 19th - Springfield, VA 2pm - 8pm Unisys Federal Systems currently has immediate opportunities for experienced professionals. Opportunities exist for both security-cleared and non-cleared professionals. DHS Clearance is Preferred. Please submit your resume to www.UnisysExpo.com > TECHEXPO Top Secret Career Fair - September 20th - Baltimore, MD 10am - 3pm Join the nations leading Defense, Government & Technology employers and interview for 100’s of jobs in Cyber Security, IT, Engineering, Aerospace, Telecom, Intelligence, Operations, Homeland Security & more! Active Security Clearance Required. For more information on attending or exhibiting at TECHEXPO’s hiring events visit: www.TechExpoUSA.com > TECHEXPO Top Secret Career Fair - September 20th - Baltimore, MD 10am - 3pm Join the nations leading Defense, Government & Technology employers and interview for 100’s of jobs in Cyber Security, IT, Engineering, Aerospace, Telecom, Intelligence, Operations, Homeland Security & more! Active Security Clearance Required. For more information on attending or exhibiting at TECHEXPO’s hiring events visit: www.TechExpoUSA.com > ACCENTURE Open House Hiring Event - September 25th - Baltimore, MD 10am -3pm ACCENTURE currently has immediate opportunities for experienced professionals! For a full list of open positions, event information, and to pre-register for this event please visit www.ACCENTUREexpo.com. All candidates must have a minimum TS/SCI Security Clearance to Attend. > CYBERSECURITY SUMMIT - September 27 - Washington, D.C. - FierceMarkets Subscribers - 15% Discount to Attend! Cybersecurity in critical infrastructure is of grave concern to Federal contractors and Federal IT officials. Register today using the discount code "Fierce1" to receive a 15% discount to hear nearly 30 confirmed cybersecurity expert speakers including Chris Inglis, Deputy Director, NSA; Lt. Gen. Ronnie Hawkins, Director, DISA; the President of Estonia; the CEO of Kaspersky Lab; and two Deputy CIOs at DoD for the 3rd Annual Billington Cybersecurity Summit, Sept. 27, Nat. Press Club, Wash. DC. www.billingtoncybersecurity.com/2012summit/. > Industry Advisory Council?s 2012 Executive Leadership Conference - October 28-30 - Williamsburg, Va | > Whitepaper: Red Hat Enterprise Linux: The Ideal Platform for Running your Oracle Database Today, x86 servers have dramatically increased in performance and availability, making them a more cost-effective platform than ever for running Oracle databases. This paper highlights the benefits of using Red Hat Enterprise Linux as the server platform for your Oracle database implementation by displaying its scalability, availability, reliability, and manageability. Download this whitepaper now. > Whitepaper: LTE Improves Public Safety for First Responders! Public Safety LTE a How-to Guide - FirstNet Edition, produced by Alcatel-Lucent, takes a look at new capabilities for public safety, what LTE is, what it does and how state and local governments can prepare for the FirstNet LTE network. Download today. | ©2012 FierceMarkets This email was sent to ignoble.experiment@arconati.us as part of the FierceHomelandSecurity email list which is administered by FierceMarkets, 1900 L Street NW, Suite 400, Washington, DC 20036, (202) 628-8778. Refer FierceHomelandSecurity to a Colleague Contact Us Editor: David Perera VP Sales & Business Development: Jack Fordi Publisher: Ron Lichtinger Advertise Advertising Information: contact Jack Fordi. Request a media kit. Email Management Manage your subscription Change your email address Unsubscribe from FierceHomelandSecurity Explore our network of publications: |
No comments:
Post a Comment
Keep a civil tongue.