18 August 2004. Add photos to A's comment on the cable ladder.

16 August 2004

A. writes:

I noticed that you have updated the RNC (in)Security page, and I would like to draw your attention to a major vulnerability that is at the site right now that you may not be aware of.

On the north side of the building a large amount of scaffolding is going up, essentially it is a 9-story cable ladder that goes from the media vans that will be on the street during the convention, runs parallel but above the sidewalk, and then up the outside of the building, then onto the roof, and down into the media booths in the sky-boxes.

The structure currently has extremely weak security, and someone could presently and easily gain access to the roof by these means and plant someone on or in the building prior to the security lock down by DHS two days before the convention starts. The ladder/stairwell can be accessed by scaling the ground level scaffolding that covers the sidewalk to the top of the sidewalk tent, then walk over the temporary cable ladder.

16 August 2004

Cryptome looked again yesterday at the landfall of NYC's prinicipal natural gas pipeline, reported here on August 7, and nothing has been done for security despite dozens of accesses of the report by federal, state and local agencies, as well as several accesses by the owner of the pipeline and Consolidated Edison.

Provided below are photos of a sagging beam near Madison Square Garden, reported here on July 29. This report was also heavily accessed by federal, state and local agencies.

Before and after: A sagging beam supporting a temporary walkway between Madison Square Garden and the James Farley Post Office where the press will be housed. The red covering has been added in the past week, but the sag remains uncorrected.


Provided below are photos taken yesterday of two prominent NYC facilities, Lincoln Center and the new Time Warner/AOL building, possible diversionary targets from the RNC -- New York Police Department has warned of this.

Rear of Lincoln Center, showing entrances to parking garages below.

Lobby of Time Warner/AOL building

With reference to the New York Times report below, it is likely that corporations are lax on security not only to save money but also because the Terrorism Insurance Law enacted after 9/11 generously underwrites losses due to terrorism. Las Vegas is not alone in wanting to avoid liability by remaining ignorant of terrorist threats and failing to institute protective measures.

There is a very big gap between what is being promised for domestic security and what is actually being done. The intent appears to be like that before 9/11: issue regular warnings, fake security, wait for a disaster to shock the public into even greater funding for false security -- a legacy of the Cold War resurrected by the governments worldwide for an endless war on terrorism. Ho hum, business is saying, not our problem, only an opportunity to offload costs and collateral damage to the unwitting, frightened, tax-whacked public.


Recent New York Times reports on poor security:

http://cryptome.org/nyt-red-team.htm
http://cryptome.org/nyt-athens.htm

New York Times, August 16, 2004

Many Offices Holding the Line on Post-9/11 Security Outlays

[Image] A sidewalk at 1251 Avenue of the Americas, at 50th Street in Midtown Manhattan. Flower beds serve as a security device for some buildings.

By BENJAMIN WEISER and CLAUDIA H. DEUTSCH

Thomas E. Cavanagh, a researcher who has spent three years studying how corporations responded to the Sept. 11 terror attacks, set out last spring to answer a basic question: were executives of midsize companies - including potentially vulnerable industries like transportation, financial services, utilities and telecommunications - spending more on security than they did before the disaster?

The results were not without surprises: almost half the roughly 100 companies on which he gained information had not increased annual spending on security at all after Sept. 11. Indeed, nearly 40 percent of the executives said security was an expense that should be minimized. And, in a different sort of measure of the commitment to heightened security, a quarter of the companies said their chief executives had not met in the last year with their security chiefs.

"What we are seeing is an evolution instead of a revolution in corporate security," said Mr. Cavanagh, who works for the Conference Board and whose study was sponsored by the Department of Homeland Security. "For a lot of companies, the sense of urgency isn't there. There may be a sense of complacency that has sunk in because there hasn't been a serious incident since 9/11."

Indeed, interviews with experts and company officials, conducted since the news earlier this month that Al Qaeda had identified financial institutions in New York, Newark and Washington as possible terror targets, show that there have been in many cases only incremental changes in corporate security since 9/11.

The experts say the reasons for the faltering revolution - 9/11, it was once thought, would provoke profound and lasting changes for businesses of all sizes across the country - are varied, ranging from a concern about costs to simply a lack of sustained focus and vigilance.

"There were even some companies that buried their heads in the sand," said William Daly, a former F.B.I. counterintelligence investigator who runs the New York office of Control Risks Group. "Security is kind of incident-driven, and continues to be that way."

Without question, many companies after 9/11 took serious steps, some quite ambitious and costly, to protect their employees and their assets. Gregg A. Popkin, senior managing director of CB Richard Ellis Inc., which manages about 115 commercial buildings in the metropolitan area, says landlords in those buildings have spent a combined $50 million on scanners, turnstiles and other measures in the past three years.

William D. Zollars, chairman of Yellow Roadway Corporation, the country's largest trucking company, figures security has added $50 million a year to his operating costs since 9/11.

But there is much that has not changed all that dramatically. Plans that were drawn up were shelved, security machines put in place have been taken out, and computer security remains far from perfect.

James R. Bucknam, executive vice president for operations at the security consulting firm Kroll Inc., said that the recent terror alert has sparked interest in reviving plans and installing things like concrete barriers." On the whole, the plans were pretty good, but too many of them had gathered dust," he said.

John Santora, who handles security for the firm Cushman & Wakefield, which manages 200 buildings in the New York metropolitan area, recalls that after Sept. 11 tenants rushed to install package scanners in their lobbies and to inspect visitors' belongings, briefcases and even purses. But, as time passed without another attack, some of those scanners were used only to check deliveries or were relegated to back rooms.

"I don't know why some buildings put them away," he said.

Lawrence Loesch, vice president and general manager for the New York City region of Allied Security, which supplies private security guards, said money had been a factor for many corporations, particularly given the tough economy since 9/11.

"Probably if we didn't have the most recent threat, a lot of things would be on hold," he said. But he underscored that focus and spending are directly affected by the kinds of alerts like the one earlier this month. In the first week or so after the alert, he said, his firm received orders in New York for 6,000 more hours of guard services, or about 5 percent above normal.

Steve Vitale, canine director for GSS Security Services in Manhattan, which provides bomb-sniffing dogs, agreed that commitment to increased security had fallen off since 9/11: "People were cognizant of security right after 9/11, and I guess that went on for a couple of years. But now they're more cognizant of the dollars it is costing."

Some experts, though, suggested that a true improvement in security had taken place among the country's largest companies and corporations. A security official with one financial services company in Lower Manhattan, who asked not to be identified because the company wants to keep a low profile on such matters, said steps included stopping cars outside buildings before they reach the garage, and putting ventilation systems under tighter control. "The picture now is totally different," he said.

He and other officials also cited improved cooperation among companies themselves and with law enforcement. The F.B.I.'s New York office, for example, recently began sending an e-mail newsletter to hundreds of corporate security directors, offering information related to terrorism and other criminal activity.

The survey of midsized companies, done by Mr. Cavanagh for the Conference Board, an international business research organization based in New York, found that 40 percent of larger firms, with 1,000 or more employees, had established off-site emergency operations centers, while only 21 percent of smaller ones had. "Given the vital role that smaller midmarket companies play in the economy," the report noted, "the economic impact could be quite severe indeed should another terrorist episode of the scale of 9/11 unfold in a heavily populated area."

The Board surveyed top executives of firms with annual revenues of $20 million to $1 billion, of which about one-third were in the so-called critical industries.

Alfonso Martinez-Fonts Jr., director of the private sector office of the Department of Homeland Security, said that the survey showed that there was more work to be done, but that much has been accomplished. He cited, for example, a finding that 61 percent of the executives saw security as a good investment. As for the quarter of top executives who had not met with security chiefs in the past year, he said there needs to be "more outreach to them." The other three quarters "get it," he said.

Security also remains a question in corporate computer networks, said Edward M. Stroz, a retired F.B.I. agent who formed and supervised the computer crimes squad in the bureau's New York office, and now runs his own consulting firm.

While some companies have been properly concerned about obtaining bodyguards, gates, alarms and cameras, he said, some nonetheless have failed to recognize that their Web site can make them vulnerable to physical attack. "It was really very hard to get this point through to people," Mr. Stroz said.

He explained: "If I want to blow up this building or I want to introduce anthrax or sarin into the building, I want to know how it's ventilated; I want to know where people work; I want to know what kind of heating or cooling systems you have, how people get in and out. If your Web site takes me on a virtual tour of your facilities - and we've had clients who do this - it's a wonderful thing for your friends. It's really dangerous to give to your enemies."

Companies can also lose control where "systems are being run and operated by nonemployees," or where functions are out-sourced overseas, he said.

The recent heightened alert came at a time when corporations have been trying to be more vigilant with the Republican National Convention just two weeks away. Companies and building managers have been putting together alternate routes for employees to enter and leave the city, for example. And several firms that were planning to add extra guards during the convention did so a few weeks early.

Moreover, many companies that installed electronic card readers and hired more guards after 9/11 have kept them. A few building managers say that if there is an actual attack, they will take draconian measures like shutting down stores in their buildings, or closing off access from subway stations.

"We're taking the latest threat very seriously, but you have to have levels of response other than shutting down the economy of a building every time there's a threat," said Mr. Popkin of CB Richard Ellis.

In addition to the $50 million spent since 9/11 by his firm's clients on scanners, turnstiles and other measures, he said, he figures operating expenses - bomb-sniffing dogs, extra and better trained guards and such - have doubled.

"Tenants and landlords who once would hire a guard who was on off-hours from McDonald's now want a full-time professional who understands the building," Mr. Popkin said. His firm is spot-checking security records of cleaning workers and others who work for contractors. "In the old days we worried about what employees were taking out of the building," he said. "Nowadays you worry what they're bringing in."