Passengers will no longer be able to pack loose lithium batteries in checked luggage beginning January 1, 2008 as new federal safety rules take effect. The new regulation, designed to reduce the risk of lithium battery fires, will continue to allow lithium batteries in checked baggage if they are installed in electronic devices, or in carry-on baggage if stored in plastic bags.

Common consumer electronics such as travel cameras, cell phones, and most laptop computers are still allowed in carry-on and checked luggage.  However, the rule limits individuals to bringing only two extended-life spare rechargeable lithium batteries, such as laptop and professional audio/video/camera equipment lithium batteries in carry-on baggage

The following quantity limits apply to both your spare and installed batteries. The limits are expressed in grams of “equivalent lithium content.” 8 grams of equivalent lithium content is approximately 100 watt-hours. 25 grams is approximately 300 watt-hours:

• Under the new rules, you can bring batteries with up to 8-gram equivalent lithium content. All lithium ion batteries in cell phones are below 8 gram equivalent lithium content. Nearly all laptop computers also are below this quantity threshold.

• You can also bring up to two spare batteries with an aggregate equivalent lithium content of up to 25 grams, in addition to any batteries that fall below the 8-gram threshold. Examples of two types of lithium ion batteries with equivalent lithium content over 8 grams but below 25 are shown below.
• For a lithium metal battery, whether installed in a device or carried as a spare, the limit on lithium content is 2 grams of lithium metal per battery.
• Almost all consumer-type lithium metal batteries are below 2 grams of lithium metal. But if you are unsure, contact the manufacturer!

Indeed this regulation will first be applicable on US registered aircrafts but as usual we may see this new regulation applicable on all International flights. 

Usually all electrical devices, including batteries, are subject to safety certification so either their are considered to be safe or manufacturer has to review quality and safety of its products. 

I really wonder on which basis these new rules are made from. Did anyone saw any incident statistics, reports etc.. (apart Sony made laptop batteries) or is it just one additional constraints air travel passengers will have to deal with.

After lighters and matches in 06, liquids in 07, 08 will add batteries to the restriction list.

All details are here as well as the complete list of items with air travel restrictions

The attacks on Swiss financial institutes with the aim of unjustified enrichment and the threat of the targeted industrial espionage via the internet are the main topics of the fifth semi-annual report of the Reporting and Analysis Centre for Information Assurance.

The report assesses the situation of the first half of the year 2007 in Switzerland and is now available online and clearly shows that the human factor remains the weakest point of ICT security.

Focus areas of issue 2007/I

• Attacks on Swiss financial services
  "Classic" phishing attacks by e-mail with password requests have decreased substantially in Switzerland. Moreover, all such attacks have been unsuccessful. On the other hand, successful attacks with malware have increased. Two-factor authentication systems (e.g. transaction authentication numbers, SecurID, etc.) do not afford protection against such attacks and must be viewed as insecure once the computer of the customer has been infected with malware.

• Industrial espionage and data theft
  The threat posed by targeted state or private industrial espionage continues. Not only the operators of critical infrastructures, the armament industry, or public authorities are threatened. Medium-sized industrial companies as well as manufacturers of luxury articles and fashion are also being targeted. The attacks are carried out by sending targeted e-mails to individual employees which contain malware in their attachments or links to bogus websites.
• Attacks on web servers:
  malware distribution, phishing, data theft Compromising of web servers has increased. The purpose is to use web servers to distribute malware, such as by drive-by infection, to steal data (especially on commercially used servers), to carry out (interim) storage of data (e.g. in connection with phishing), or to distribute messages that are generally political in nature.
• Malware / attack vectors
  Malware is still usually distributed through e-mail attachments or e-mails with links to bogus websites. Using clever social engineering techniques, the victim is deceived into opening the attachment or clicking on the link. Websites installing malware on the computer without any action by the user (drive-by infections) have heavily increased as an infection vector. Vulnerabilities in the operating system, the browser, or other applications are exploited. For a long time now, this no longer only happens on dubious sites, but also on (compromised) serious and well-known sites. Rates of recognition of malware by anti-virus software remain low.

The complete report is available on Melani website in italian, german, french and english.

A complete and useful list of all Internet risks and related protection measures is also available.

The Gartner Group launched during the IT Security Summit, a book written by Richard Hunter (Gartner vice-president) entitled IT Risk: "Turning Business Threats into Competitive".

The Register published an article highlighting some of Hunter's statement. Extracts:

• IT systems have become so integral to businesses that their failure can have disastrous consequences for an organization.

• IT risk is too important to be left to IT departments
• IT risk is related to IT value. It would be short-sighted not to recognize either value or risk

The complete article in available on The Register site.

More interesting than the article itself are indeed the comments which clearly show how wide is the gap between the theory (or the analysis) and the reality.

Best of :

• So the Bean counters and all the people who have no clue about it should have control? BAD IDEA.
• …This is the reason why an I.T director needs to sit on the board. Not however just some one who did a MBA but barely knows how to turn on their PC.
• …much of the problem can be resolved with a bit of education and common sense – and some money of course
• Ignorance, from middle management to board level, of even simple issues relating to IT risks that can be seriously detrimental to the business as a whole.
• Management, up to board level, simply not listening to IT managers who DO know what they are talking about
• In my experience IT risk auditors are finance types who don't understand IT and thus cannot adequately assess the risk
• Yes, let's take away IT disaster management and network security from the people that have a clue.

All comments are here.

I recognize in most comments highly experienced, realistic and well grounded IT guys. About the, so called, IT Analysts… same consideration than for the Burton Group.

As expressed, common sense would be to have IT director on the board, and the management to wake up and become IT skilled.

What's your opinion ?