Government
This is a archive for Government.
Wednesday, February 22, 2012 @ 05:02 PM gHale
Up to 800 gallons of nitric acid may have leaked Nuclear Fuel Services (NFS) Erwin, TN, facility Jan. 9 Tennessee Department of Environment & Conservation (TDEC) officials said.
The initial report on the accident was “that approximately 800 gallons spilled. However, there was also water in the containment area, so we cannot determine exactly how much,” said TDEC spokeswoman Meg Lockhart.
RELATED STORIES
Refinery Upsets Rage for Second Day
Another Release at ‘Raccoon’ Refinery
Raccoon Tests Refinery Safety System
EPA: Leak Breaches Water Standards
The Nuclear Regulatory Commission (NRC) report said that NFS reported “approximately 300 gallons of nitric acid had spilled.”
Around noon Jan. 9, a nitric acid leak occurred in an outdoor chemical storage area at NFS. The nitric acid ended up contained by a dike designed for such a purpose, officials said.
Following the incident, facility operations went into a “safe shutdown,” in which operations in certain areas temporarily halted and everyone followed NFS procedure to ensure these areas were in stable condition.
As a precaution, NFS employees working in areas near the leak went to another NFS facility, and two employee went to NFS medical staff due to possible exposure to nitric acid vapor. They ended up released.
No injuries were reported as a result of the incident.
Wednesday, February 22, 2012 @ 04:02 PM gHale
Anaheim, CA-based Bridgford Foods Corp. is facing $174,500 in fines for six serious and two repeat safety violations at one of its food manufacturing facilities in Dallas, said Occupational Safety and Health Administration (OSHA) officials.
An investigation started Aug. 23, at the company’s Chancellor Row location as part of OSHA’s Severe Violators Enforcement Program, which mandates follow-up inspections of recalcitrant employers that endangered workers by committing willful, repeat, or failure-to-abate violations.
RELATED STORIES
Barge Maker Faces OSHA Safety Fines
Biodiesel Maker Faces Safety Fines
Safety Alert: Manufacturers Fined for Violations
Manufacturer Faces Safety Fines
“Bridgford Foods has a history of putting its employees at risk of serious injury,” said John Hermanson, OSHA’s regional administrator in Dallas. “The company needs to adhere to OSHA’s standards for controlling hazardous energy and machine guarding to prevent the loss of limb and life.”
The serious violations include failing to provide required machine guarding to prevent workers from coming into contact with rotating parts on drill presses, implement energy control procedures for machinery with more than one energy source, ensure that employees have training on the use of energy control procedures, and prevent slip and “struck-by” hazards by ensuring walkways are kept clean and dry.
The repeat violations involve failing to ensure lockout/tagout procedures of energy sources occurred by an authorized employee and the authorized employee affixed a personal lock or tag to the group lockout device. OSHA cited the company for similar violations in February 2008 with penalties of $8,000, in September 2008 with penalties of $33,900, and in January 2010 with penalties of $106,000.
Additionally, OSHA cited the company’s facility on South Good Latimer Expressway in Dallas in October 2011 for 27 safety and health violations with penalties totaling $422,600.
Bridgford Foods manufactures frozen bread dough, biscuits, cinnamon roll doughs, sandwiches, beef jerky, and snack and deli foods.
Tuesday, February 21, 2012 @ 05:02 PM gHale
A flaw in calculating the potential heat from nuclear fuel in the event of an accident has the U.S. Nuclear Regulatory Commission (NRC) seeking information from energy companies running 11 reactors.
This was not something that presents an immediate safety concern so there was no reason to shut any of the plants, the NRC said.
RELATED STORIES
Security Lapse at Prairie Island Nuke
Palisades Nuke Safety Downgrade
Errors at Turkey Point Nuke
New Nuke Designs Need Security
“But we do want them to come back to us to show they are meeting our regulations,” said NRC spokesman Scott Burnell.
The 11 reactors are located at FirstEnergy’s Beaver Valley in Pennsylvania, Exelon’s Byron in Illinois, Duke Energy’s Catawba in South Carolina and McGuire in North Carolina, American Electric Power’s Cook, and Dominion’s Kewaunee in Wisconsin.
A computer program Westinghouse Electric used has a fundamental flaw in determining how the fuel loses the ability to conduct heat, Burnell said.
This phenomenon is “thermal conductivity degradation.”
Because of that error there is a possibility that plants could underestimate how hot their fuel could get in an accident, Burnell said.
Westinghouse is majority-owned by Japan’s Toshiba Corp.
Tuesday, February 21, 2012 @ 05:02 PM gHale
There was a security lapse at the Prairie Island nuclear station near Red Wing, MN, and Xcel Energy will feel the wrath of federal regulators.
Xcel received a letter from the Nuclear Regulatory Commission (NRC) about the violation discovered in an October inspection. Details of the incident ended up redacted from the letter.
RELATED STORIES
Palisades Nuke Safety Downgrade
Errors at Turkey Point Nuke
MN Nuke Leaks Tritium
New Nuke Designs Need Security
Nuke Alert: Human Error in Leak
The public’s safety was not an issue with the security problem, said NRC spokeswoman Viktoria Mitlyn. But no details, including its level of significance, will end up released so the plant can avoid publicizing a security vulnerability, she said.
It is the first time “in the recent past” the NRC cited Xcel for a security-related problem at its two nuclear stations in Minnesota.
The NRC ranks violations on a four-color scale, with red the highest — representing an unacceptable safety loss — and green the lowest significance. The NRC only said the Prairie Island violation was “greater than green.”
In a preliminary letter to Xcel in December, the NRC offered a hint the problem related to “human performance.” The letter said Xcel “failed to conduct an effectiveness review of safety significant decisions to verify the validity of the underlying assumptions, and identify possible unintended consequences.”
The Minneapolis-based utility must correct the root cause of the problem, and will be subject to a follow-up inspection. It also has 30 days to appeal the finding.
In a statement, Xcel said it hadn’t decided whether to appeal but that “Security and safety at our nuclear plants are our highest priorities.”
Tuesday, February 21, 2012 @ 01:02 PM gHale
By Nicholas Sheble
The hacking group Anonymous may be capable of causing a limited power outage through cyber attack soon, is the feeling of security officials with the U.S. Government.
The director of the National Security Agency (NSA) warned Anonymous could have the ability within the next year or two to bring about such an act, according to a report in the Tuesday issue of The Wall Street Journal.
RELATED STORIES
Schoolboys Behind Greek Hack
Tear Gas Maker Hacked
Hacking Victims Still Remain Silent
Hidden Secret: VeriSign Hacked
General Keith Alexander, NSA’s director, provided his assessment in meetings at the White House and in other private sessions. While he hasn’t publicly expressed his concerns about the potential for Anonymous to disrupt power supplies, he has warned publicly about an emerging ability by cyber attackers to disable or even damage computer networks.
Anonymous has never listed a power blackout as a goal, but some U.S. officials believe it seeks a more disruptive direction. An attack on a network would be consistent with recent public claims and threats by the group. As example, last week Anonymous announced a plan to shut down the Internet on March 31 in a move they are calling Operation Global Blackout.
The electric grid has many backup systems that allow utilities to restore power quickly if there is a blackout from a cyber attack or hardware malfunction.
Attacks by Anonymous
- December 2010: Attacks groups and individuals that tangled with WikiLeaks and its founder, Julian Assange.
- February 2011: Followers break into computer systems of California Internet-security company HBGary Federal; release tens of thousands of internal emails online. Company chief executive resigns.
- Aug. 14, 2011: Hacks a Bay Area Rapid Transit website to protest the rail system’s move to temporarily shut down cell phone service.
- Jan. 19, 2012: Attacks Justice Department website and apparently knocks it offline to retaliate against shutdown of a media-downloading site.
- Feb. 12, 2012: Announces a plan to shut down the Internet on March 31.
- Feb. 17, 2012: Attacks two sites of the Federal Trade Commission.
Source: WSJ research
The NSA believes that, for now, the cyber threat to the power grid is limited. The countries that could most quickly develop and use cyber means to destroy part of the grid, like China and Russia, have little incentive to do so. Those with more incentive, like Iran or North Korea, don’t yet have the capability.
Nicholas Sheble (nsheble@isssource.com) is an engineering writer and technical editor in Raleigh, NC.
Monday, February 20, 2012 @ 06:02 PM gHale
Natural-gas drillers should inspect their wells after hydraulic fracturing on public land to ensure the safety of drinking-water supplies, Interior Secretary Ken Salazar said. New rules to that effect will soon be coming down the pike.
The agency in coming weeks will propose standards under which companies must disclose the chemicals in the mixture injected underground to free trapped gas, demonstrate the well isn’t leaking and check the work after fracking, Salazar said in a speech to the City Club of Cleveland.
RELATED STORIES
Fracking Halted after Valve Failure
PA Fines Gas Driller
Fracking: Foreign Firms Fund Pacts
States Focus on Fracking Chemical Disclosure
“To me, those rules are common sense,” Salazar said. “You have some people say that this will kill the natural gas-industry — that’s very far from the truth.”
Republicans in Congress and energy trade groups such as the American Petroleum Institute oppose the agency’s rules, saying compliance will increase production costs and slow the development of the resources.
Interior also will require that drilling on federal land meet guidelines for handling fracking water so it returns to the surface after injection into the rock to make sure streams do not suffer from contamination. Fracking opponents say the process leads to tainted water and may cause cancer among people living near the wells.
In fracking, companies blast shale-rock formations with water, sand and chemicals under high pressure thousands of feet underground to break up shale-rock formations and release trapped gas. The process sees use in more than 90 percent of natural-gas wells drilled on federal land, Salazar said.
Monday, February 20, 2012 @ 03:02 PM gHale
Cyber security legislation that would update laws that govern how the federal government secures its information systems as well as help safeguard vital private networks that American society depends on hit the Senate last week.
Five years in development, the Cybersecurity Act of 2012 is ready to go as threats against government and private IT systems intensify.
RELATED STORIES
White House: Congress Must Pass Cyber Laws
Cyber Crime Grows More Complex
Cyber Report: Life on Technology Edge
Cyber Security Month: DHS Eval Tool
White House Invests in Smart Grid, Security
“Our nation’s vulnerabilities have already been demonstrated by the daily attempts by nation-states, cybercriminals and hackers to penetrate our systems,” Sen. Susan Collins, R-ME, one of the bill’s sponsors, said in a Senate speech. “The threat is not just to our national security, but also to our economic well-being.”
Collins, ranking member of the Senate Homeland Security and Governmental Affairs Committee joined Committee Chairman Joseph Lieberman, ID-CT; Senate Commerce Committee Chairman Jay Rockefeller, D-WV; and Intelligence Committee Chairwoman Diane Feinstein, D-CA, as chief sponsors of the bill.
The legislation would codify some of the authority the Obama administration has granted the Department of Homeland Security over federal civilian agency IT security and create the National Center for Cybersecurity and Communications within DHS, headed by a Senate-confirmed director, to coordinate federal efforts to battle cyber security threats facing the government and the nation’s critical information infrastructure, the mostly privately owned networks that control the flow of money, energy, food, transportation and other vital resources that the economy needs to function.
The bill would amend the Federal Information Security Management Act to require the government to develop a comprehensive acquisition risk management strategy, moving away from a culture of compliance to one of security by giving DHS the authority to streamline agency reporting requirements and reduce paperwork through continuous monitoring and risk assessment.
Penetration testing through red-team exercises would be an emphasis under the bill’s provisions as well as operational testing of systems to ensure agencies are aware of network vulnerabilities. The bill’s sponsors said the legislation would also ensure agencies make informed decisions when purchasing IT products and services by directing the Office of Management and Budget to develop security requirements and best practices for federal IT contracts.
One of the more contentious parts of the bill is one that would establish a mechanism in which the owners of the national information infrastructure would help develop cyber security standards that they would need to follow.
DHS would assess the risk and vulnerabilities of critical infrastructure systems that threaten the nation’s well-being to determine which networks must meet a set of risk-based security standards. Operators of these systems who believe their systems do not enjoy the proper designation could appeal DHS’s determination.
The bill calls for developing risk-based performance requirements, looking first to existing standards or industry practices. If a sector is sufficiently secure, there would be no need to develop new performance requirements. Under the bill, the owners of a covered system would determine how best to meet the performance requirements and then verify that it was meeting them. A third-party assessor could also verify compliance, or an owner could choose to self-certify compliance. Current industry regulators such as the Securities and Exchange Commission for the banking industry would continue their oversight.
Monday, February 20, 2012 @ 03:02 PM gHale
In a different use of application whitelisting, military computers soon will undergo configuration to execute only administrator-approved software applications in certain areas of a computer, Pentagon officials said.
Whitelisting is a recommended best practice, but DoD and industry have lagged in adoption because of the staffing involved in adding and removing applications from the list, National Security Agency (NSA) officials said.
RELATED STORIES
New Software Cuts Costs, Risk
Struggle to Secure Mobile Devices
All Mobile Devices Victimized
Trojan Acts like Carrier IQ Tool
The Defense Department’s (DoD) version of “application whitelisting” focuses on where downloads can launch in a system. Officials think that will end up being an inexpensive protection against downloads that antivirus programs fail to flag as threats.
“You can download it, but you can’t install it,” said Paul Bartock, a technical director for the Information Assurance Directorate at NSA, who helped develop the technique.
One weakness with even the best antivirus programs is they blacklist software only after determining it is malicious. Unknown worms do not get blocked. And hackers continuously tweak their code so it remains unknown.
However, NSA’s approach blocks every application from executing until a network administrator has approved, or whitelisted, it.
To save time, NSA created a way to grant applications access based on where they are trying to open in a system — for example, certain disk drives or directories. With typical whitelisting, an administrator has to change the list every time a developer releases a new patch or program update. Under NSA’s approach, administrators are able to focus their attention on fewer potential entry points for viruses, thus reducing the time involved in installing new applications.
Now, NSA is arranging for the baseline configurations of all new Defense computers to employ the tactic, said Eric Chudow, who works in the Information Assurance Directorate at NSA.
This method already has thwarted one type of worm that antivirus programs failed to catch.
“An email tried to install malware,” Chudow said. “On the newer baseline computers, the administrators could see this was malware,” but on the older models, “the antivirus wasn’t able to protect against it yet. Two weeks later, the antivirus vendors issued a signature for that particular piece of malware.”
Commercial whitelisting software can cost hundreds of thousands of dollars and require three full-time employees to change the list for every patch and upgrade. NSA officials were able to do the job without licensing special software. They used software-restriction features that come with most operating systems, along with an existing intrusion detection system, and then wrote some special permissions, officials said.
The project required monitoring the agency’s network about 20 hours a week for three months to make sure the new configuration was not obstructing important applications, officials added. For ongoing upkeep, they only needed an hour of attention per week.
Almost anyone, including home computer users and health technicians, can try the technique as this white paper shows.
