Solution enables commercial mobile device compatibility with classified networks
BY JOEL GRIFFIN, ASSISTANT EDITOR
SecurityInfoWatch.com
Updated: 07-25-2011 8:25 am
Users of classified U.S. military or government agency networks will soon be able to use commercial mobile devices on those networks through Aruba Networks' MOVE (Mobile Virtual Enterprise) for Government architecture.
The solution, which was formally announced by the company on Monday, supports Suite B cryptography, which was developed by the National Security Agency to allow for transmission of sensitive government information over commercial communications products.
According to Dave Logan, vice president of government solutions for Aruba, users of these classified networks have traditionally utilized secure mobile communication solutions for specific applications, but there has been a shift recently towards more general purpose mobility within larger portions of the government end-user community.
"We're seeing a significant uptick in the need for iPads, iPhones and Blackberries," Logan explained. "Aruba Networks has developed enabling technology to ensure that these mobile devices, as they are brought into the government workplace, can be attached to the network and users can access network resources in a policy compliant manner."
Providing this support for classified environments is significant, according to Logan, because many government agencies need their workers to be able to access both classified and unclassified networks.
"The challenge that the Army and the other DoD and classified operating agencies have is their existing network paradigms for building classified access networks are unfortunately fairly limiting," Logan said. "They either focus on physical security involving locking up wires and conduits, creating enclaves of users and systems behind facilities called skiffs or they involve the utilization of government sponsored proprietary technology that's expensive and relatively limiting in terms of mobility that doesn't support commercial mobile devices. There is a disconnect between what is actually required and what has been available to them. "
Logan said this issue was addressed by the NSA through its development of Suite B cryptography, which is a set of standards-based algorithms that serve as a foundation for securing both unclassified and classified networks.
Travis Howerton, chief technology officer for the National Nuclear Security Administration, says that Suite B, in conjunction with Aruba's MOVE architecture, will help his agency meet its goal of consolidating networks.
"We have too many networks, too many data centers, too many redundant applications, you name it we've got a lot of things that we've got too many of," he said. "The exciting thing about Suite B for me, and it's very prominent in our planning and road mapping, is that it's going to allow us to build out our next generation mobile infrastructure. We have a great need for the mobile worker in an unclassified environment, but in the classified environment, we need to be able to have wireless as well for things like sensors to be able to take data from an unattended sensor instead of having people in rounds doing it. It could potentially save us tens of millions of dollars."
In addition to MOVE for Government, Aruba has also announced that its' Virtual Intranet Agent (VIA) client solution, which is available with the company's mobility controllers and is used to authenticate mobile devices on a network, would also support Suite B.
According to Logan, the MOVE architecture is currently being tested is several active pilots.
"The real value here is being able to increase the number of personnel that can actually get a connection into the network for their particular mission purpose," Logan explained. "There is a significant number of personnel that have authorization to connect up to the classified systems, but because of the expense and limited mobility characteristics that have existed in the past, these users just fundamentally aren't connected. This is really going to be transformational from a mobility perspective for the government."
Security2LP The Negligent Detention of Shoplifters
Author: Curtis Baillie - (about) Date: Jul 25 2011 - 10:26am
I’d like to share a case of Negligent Detention by a major retailer of two “suspected shoplifters” that took place over two years ago. Of course, I’m not naming the subjects or retailer involved, but can tell you this case was settled, in favor of the plaintiffs, for a very sizeable sum of money and could have been avoided if the retailer’s agents and management staff had use an ounce of common sense. I’ve written extensively on the topic of Litigation Avoidance and this case points directly to what went wrong and how it could have been avoided.
First off, every state has what is called a “Merchant Detention” or Shopkeeper’s Liability” statute. The state in which this detention occurred has a particularly strong statute that allows a retailer to stop and question suspected shoplifters biased on “probable cause.” Probable cause, as defined by most states, is the retailer has reasonable suspicion to believe the suspect has taken merchandise belonging to the retailer. That is a very simplified definition and readers should determine what constitutes probable cause in their respective state.
Some of the facts surrounding this case are:
1. This occurred on a busy weekend just before school was to open.
2. The retailer had three Loss Prevention Officers on duty at the time of occurrence.
3. The retailer had a detailed Loss Prevention Manual that contained very specific actions to be taken when apprehending a suspected shoplifter, and
4. The Loss Prevention Officers had all received training, which was documented in their personnel folders.
The “suspects” are family members who traveled to the store (about 25 miles from their home) to shop, as the retailers did not have a store in their immediate shopping area. After spending approximately, one hour shopping in the store the suspects presented their selections to a cashier who proceeded to ring the merchandise and remove the Electronic Security Tags from the merchandise. The shoppers paid for the merchandise and proceeded to exit the store through the EAS system. The system was activated and the suspects were asked to return so the Loss Prevention Officer (LPO) could check their purchases. The LPO determined that one article still had the EAS tag on it and they were directed to a register where the tag was removed. While passing through the EAS detector the system again triggered an alarm. Once again the shoppers returned to the LPO and it was determined that another article had an EAS devise on it. Once again, the scenario was repeated and again as they passed through the detector the alarm went off.
After the third activation, the shoppers asked that all of the merchandise in the bags be checked against their sales receipt. When the retailer did this, they determined there were three items in the bag that had not been rung up by the cashier and several items still had EAS devices on them. The senior LPO was called to the check stands and after being apprised of what had happened, asked the shoppers (now suspects) to follow them to an office. Once in the office the suspects were told to sit down and were immediately asked what was their relationship with the casher who rang-up their merchandise. They both replied that they did not know the cashier and this was their first time in the store. The LPOs (now there were two in the office with one guarding the door) again (repeatedly) demanded to know how the suspects knew the cashier. This tactic when on for about one-hour and fifteen minutes. Threats of prosecution were made by the store security and when one of the suspects protested, store security threatened to handcuff him, a fifteen-year-old minor. The LPO continually “played” with the handcuffs while the suspects were in the office. The adult suspect asked for their phone so they could call the police and store security repeatedly denied the request. The suspect asked security to call the police and that request was also denied.
The suspects also repeatedly asked for security or a manager to question the cashier to determine if there was a connection with them. The senior LPO finally left the office and questioned the cashier whose response was she didn’t know the suspects. While at the register, the Head Cashier told the LPO that this was the cashier’s first day on the registers where she was allowed to ring customers without supervision and she had caught the cashier ringing merchandise without removing the EAS tags and in fact had failed to ring some of the customers’ merchandise.
At this point, the suspects had been detained in the office about two hours and you would think they would have been immediately released, their purchase properly recorded, apologized to by the Store Manager and given some sort of minor compensation (gift certificate) for their inconvenience – but that was not the case. The LPO took the cashier to another office, questioned her further and took the time to write up a violation notice, all while the suspects were detained and guarded in another office.
Only after this were the suspects released. They were never apologized to and when they asked for the name of the senior LPO and the store manager they were told, “it’s none of your business” and were asked to immediately leave the store. They still wanted the merchandise and the Head Cashier properly rang the sale, removed all of the remaining EAS tags, and then summarily escorted out of the store.
Other interesting facts about this case include, 1) During the discovery it was determined, through the stores records, 2) the cashier was a new hire and had only completed a few days of the retailer's mandatory five-week cashier training program and, 3) the senior LPO had been disciplined before by another retailer for a like situation. The retailer, in this case, knew this when the LPO was hired.
I share this case as it points out that by using a little commonsense this entire situation could have been avoided. The Plaintiff’s attorney hired me in this case and when I talked with the Plaintiff she repeatedly told me all she wanted at the time this occurred was an apology from the manager, but he refused to talk to her at the time. Let’s see here….. an sincere apology or a major 6-figure settlement what would you have done?
76 killed in Norway attacks
Majority were killed in shooting spree at political party's youth group retreat, eight killed in government building blast
BY IAN MACDOUGALL AND LOUISE NORDSTROM
Associated Press
Updated: 07-25-2011 11:48 am
OSLO, Norway -- Police announced Monday that they had dramatically overcounted the number of people slain in a shooting spree at a political youth group's island retreat and were lowering the confirmed death toll from 86 to 68.
The overall toll in the attack now stands at 76 instead of 93 - still one of the worst modern mass murders in peacetime.
Police spokesman Oystein Maeland said that higher, erroneous figure emerged as police and rescuers were focusing on helping survivors and securing the area, but he did not immediately explain more about how the overcounting occurred.
Police also raised the toll from a bombing outside the government's headquarters in Oslo before the shooting spree, from seven to eight.
Anders Behring Breivik has confessed to both assaults but denied crminial responsibility for them and pleaded not guilty at his first hearing. He told the court he wanted to save Europe from Muslim immigration and warned that there are two other cells of his terror network.
The court ordered him held for eight weeks while prosecutors investigate, four of which will be in isolation, saying Breivik could tamper with evidence if released. Typically, the accused is brought to court every four weeks while prosecutors prepare their case, so a judge can approve his continued detention. Longer periods are not unusual in serious cases.
Breivik made clear in an Internet manifesto that he planned to turn his court appearance into theater, preparing a speech for his appearance in court even before launching the attacks, then requesting an open hearing in which he would wear a uniform. Both of those requests were denied.
The suspect has said staged the bombing and youth camp rampage as "marketing" for his manifesto calling for a revolution that would rid Europe of Muslims.
"The operation was not to kill as many people as possible but to give a strong signal that could not be misunderstood that as long as the Labor Party keeps driving its ideological lie and keeps deconstructing Norwegian culture and mass importing Muslims then they must assume responsibility for this treason," according to the English translation of Heger's ruling that was read out after the hearing.
Breivik alluded to two other "cells" of his network - which he imagines as a new Knights Templar, the medieval cabal of crusaders who protected Christian pilgrims in the Holy Land. At one point, his manifesto briefly referred to an intention to contact two other cells, but no details were given.
European security officials said they were aware of increased Internet chatter from individuals claiming they belonged to the Knights Templar group and were investigating claims that Breivik, and other far-right individuals, attended a London meeting of the group in 2002.
Reporters and locals thronged the courthouse on Monday ahead of the hearing for their first glimpse of Breivik since the assault. When one car drove through the crowd, people hit its windows and one person shouted an expletive, believing Breivik was inside.
0 comments:
Post a Comment