ASIS INTERNATIONAL HOUSTON CHAPTER

MEETING MINUTES: December 15, 2004

 

The luncheon meeting was held at Renaissance Hotel.  Chapter Chairman-elect Darin Dillon CPP presided. 55 members and guests attended.

 

Opening prayer: Chuck Hutchinson

Pledge: Darin Dillon

 

Committee Activities:

Newsletter:  Tom Hamilton CPP announced the newsletter was mailed and should arrive before the holidays.  About one-half of the advertising renewals have been paid and there is a waiting list if a sponsor chooses not to renew.  Tom also announced that our Sr. RVP, Lisa Smith, has a life-threatening illness and referred us to a fund set up to help defray her medical costs.

Treasurer: the report was distributed.  The invoices for local membership dues were mailed.  The web-page advertising invoices have also been mailed.  Prompt payment will be appreciated. 

Golf Tournament: committee activity will begin early in 2005.  Please call Darin or Bob If you have a suggestion for a new course or would like to be on the committee.

Certifications: Steve Bourg CPP stated the new 4 week review format was successful.  Four people are scheduled to take the test in January.  Our local review classes will resume in either February or March.  Roger Piper CPP will be helping Steve this year.

Houses of Worship: The committee designed a brochure to promote the program.  Copies are posted on the web page.

Roundtable: Charles Hutchinson stated 30 corporate security directors attended the TPSB Board meeting on 12/8 in Austin to express their concerns and hopefully negotiate an amendment to HB 1769. 

L.E. Award: Bill Hart introduced HPD Officer Matthew Richard.  Officer Richard has been with the department over 10 years.  Officer Richard was accompanied by his supervisor, Captain Debra Watkins, a 23 year veteran of HPD.

 

On June 9, 2004, officers from the South Central Division’s Warrant Execution Team had, after two weeks, obtained information regarding the location of a felony suspect in possession of a firearm.  The officers arrived at a small residence and took up positions.  Sgt. Kevin Gallier and Officer Richard went to the front door and knocked several times while announcing “Police” in a loud voice.  The suspect peeked from behind the curtains and then disappeared.  When no one came to the door, Sgt Gallier and Officer Richard attempted to enter the residence.  Peeking through the doorway, Officer Richard could see the suspect wielding a firearm and yelled “Gun!”  The officers immediately retreated to cover behind vehicles parked near the front of the residence.

 

Officer Richard, with weapon drawn and behind cover, gave verbal commands to one of the other two men in the house.  As the first man followed the commands and was being searched, Officer Richard was giving verbal commands to the second man who stood near the door.  From within the residence, the suspect then fired a single shot through a window.  As officers scrambled for cover, the suspect ran outside and behind the same vehicle where Officer Richard was hidden.  Upon seeing the officer, the suspect fired his weapon striking the officer multiple times.  Officer Richard, though severely wounded, stood and returned fire at the fleeing suspect before collapsing to the ground.

 

Officer Richard had been struck in the upper left torso, the left buttocks and in both calves.  The wounded officer was transported to the hospital where he underwent surgery and a long recovery.  Because of his keen observation, quick actions and determined efforts to stop a dangerous felon, he had prevented further injuries or possible fatalities to his fellow officers.  Officer Richard received the Meritorious Service Medal and the Blue Heart from his department.  In addition, he accepted a plaque from the Houston ASIS International Chapter in appreciation for his outstanding commitment and sacrifice to the safety of our community.

 

Special Award:  A plaque was presented to Sheree Poe, Securitas, for her outstanding job to the Chapter.  Sheree works for our treasurer, Bob Cascino, and provides limitless administrative support.

Election:  The 2005 Executive Committee was installed by ARVP Tom Hamilton CPP; Chairman: Darin Dillon CPP; Vice-Chair: John Brady, Treasurer: Bob Cascino; Secretary: Pamela Duncan,

 

Speaker:  Paul Williams, President and CTO of Gray Hat Research Corporation.

Mr. Williams is regarded as one of the foremost experts on architectural design-level security in the U.S. today.  His Houston-based firm specializes in advanced technology in the areas of computer security, artificial intelligence algorithms, high speed databases, communications and defense related solutions.  His firm does not sell hardware or software; they sell “information” to seek solutions.

 

“Why Hack Me?”

• Because “they can” (40%)
• Sending spam e-mail (25%)
• To use your IP address to launch zombie attacks
• Trading porno or pirated software
• They don’t like a particular vendor (AOL etc)
• Blackmail or extortion (3%)
• A “contest”
• Corporate espionage (2%)
• Military espionage
• Cyber terrorism

 

Mr. Williams walked us through a case example of a fictional cyber terrorism attack on Electronic Grid Security.  Transmission Control Stations are discrete and well-protected. 

Disabling a regional electric grid will be very damaging; but it takes three components: physical knowledge, cyber knowledge and social engineering. 

 

Information needed can be successfully obtained through social engineering.  It takes several components to be a good “social engineer”:

• Computer knowledge
• Reading related materials
• Acting and dressing professionally
• Being calm and bold
• Authoritative
• Being a woman
• Having fake names, business cards, I.D.
• Acting like you need “help”
• Working in a team

 

Surveillance helps determine the “weak points” at any facility.  Is there end-user phone training? Is there a computerized badge system?  Are guests escorted? Is trash cross-shredded?  Is digital media wiped clean?  How cluttered are the offices?  Once the surveillance is accomplished, it becomes very easy to plant Trojan spy ware.  The Trojan is used via remote control from anywhere in the world.

 

In a real-world case, Mr. Williams described how the check processing software at 80 banks stopped simultaneously.  A software developer for a software company embedded a logic bomb in the original shrink-wrapped software.  The developer left the original company with the source code and destroyed the backup version because he had been offered a position at a rival company. How could this happen?

• Inadequate source-ware controls
• Software vendor errors
• Poor separation of duties
• No policies and procedures
• No 3^rd party auditing
• No peer review
• Poor CD image security
• Misplaced trust for the vendor by the banks
• No service-level agreements

 

Typical anti-virus software misses 40% of all Trojans.  Wireless security has the weakest link: the remote user.  MIS Managers fail to adequately teach end-users using real screen images of Trojan or span virus-infested e-mail.  Visual education is the best method for preventing corrupted documents from being opened.  Another lack of education is failure to show the CEO/CFO the true risk assessment costs versus the amount of information that will be protected so that they can see the potential damage overshadows the cost of protection.

 

Mr. Williams accepted a plaque in appreciation of his time and presentation.

 

The next luncheon meeting is January 26, 2005.  Our speaker is HPD Chief Hurtt.