National

A new survey out Wednesday finds that the energy and utilities industries rank the lowest when it comes to computer and information security risk management.

The third biennial survey by the Carnegie Mellon University CyLab comes as Congress is considering legislation to mandate cybersecurity measures in critical industries.

The survey of 108 global companies also found that the financial sector had the best risk management practices.

Overall, the statistics are grim.

For instance, although 91 percent of the respondents — all executive board or senior executive officials — indicated that risk management was being actively addressed, only 29 percent said they were paying attention to information technology operations, 33 percent to computer and information security and only 13 percent to management of vendors who provide software and other crucial services, the study found.

The lack of attention paid to security risk management by the energy and utility sectors is disturbing given the degree to which operations and processes are controlled by information technology systems, the report said.

A member of the U.N. nuclear watchdog’s inspection team died and a second official was injured in a car crash as the two were carrying out inspections inside Iran on Tuesday, U.N. officials and diplomats said.

The two, veteran inspectors for the International Atomic Energy Agency, were traveling in Iran’s Khondab region when their vehicle skidded off the road, diplomats briefed on the incident said. The region is near the partly constructed Arak nuclear reactor, which is visited regularly by agency teams as part of Iran’s nuclear safeguards agreements.

The IAEA confirmed the incident in a statement, identifying the fatally injured man only as a South Korean national and his colleague as a Slovenian. No further details of the accident were given, and details about the victims were being withheld while the agency notified the men’s relatives.

“The Agency is in touch with the inspectors’ families and with the Iranian authorities,” the IAEA statement read.

A former colleague of the South Korean described him as a “good, reliable and experienced inspector and friend who we are missing.” He insisted on anonymity while the notification process was underway.

The crash occurred at a sensitive time in the agency’s relations with the Iran, which is scheduled to meet with the United States and five other world powers later this month for a second round of talks on curbs to Iran’s nuclear program. The IAEA has been prodding Iran to account for past nuclear research that agency officials say appears related to the design and testing of nuclear warheads. Iran contends that its nuclear program is entirely peaceful.

More national security coverage:

- House GOP wants more for Pentagon

- U.S. disrupts airline bomb plot

- Militants storm Yemen military base

- Read more national security news

Gen. Keith Alexander, the head of the nation’s largest spy agency and its cyberwarfare command, is urging adoption of legislation to require companies providing critical services such as power and transportation to fortify their computer networks against cyber attacks.

In this April 21, 2009 file photo, U.S. Army Gen. Keith Alexander, director of the National Security Agency, speaks at a security convention in San Francisco. (Jeff Chiu - AP)

Though he did not specify a particular bill, Alexander, commander of the U.S. Cyber Command and director of the National Security Agency, said in a letter Friday to Sen. John McCain (R-Ariz.) that “recent events have shown that a purely voluntary and market driven system is not sufficient” to protect such networks.

The words are likely to disappoint GOP opponents of government regulation and in particular of legislation pending in the Senate that would authorize the Department of Homeland Security to ensure certain critical networks meet minimum security requirements.

Iranian Supreme Leader Ayatollah Ali Khamenei, left, delivers a speech in Tehran. (Associated Press via Office of the Supreme Leader) In a speech three months ago, Iranian Supreme Leader Ayatollah Ali Khamenei repeated his religious edict against nuclear weapons, insisting that his country would never build them. But a newly published document suggests that Khamenei hasn’t always viewed the bomb as a “great sin.”

According to an internal U.N. document, Khamenei embraced the concept of an Iranian nuclear bomb during a meeting of the country’s top leadership more than two decades ago, saying nuclear weapons were essential for preserving Iran’s Islamic Revolution.

The 2009 document, prepared for the International Atomic Energy Agency, is a collection of statements made by Iranian leaders about nuclear weapons, as gleaned from the nuclear watchdog’s intelligence sources. It cites an April 1984 meeting in which Khamenei allegedly endorsed a decision by then-leader Ayatollah Ruhollah Khomeini to launch a secret nuclear weapons program.

“According to Ayatollah Khamenei, this was the only way to secure the very essence of the Islamic Revolution from the schemes of its enemies ... and to prepare it for the emergence of Imam Mahdi,” states the IAEA document, which was obtained by the Institute for Science and International Security, a Washington-based nonprofit group that analyzes nuclear weapons programs. In Shiite Islam, “Imam Mahdi” is the prophesied 12th Imam who will purge the world of evil in humanity’s last days.

As U.S. leaders grapple today with how to respond to North Korea’s failed rocket launch, they’ll have a vast array of calculations to consider. There are the strategic factors, the diplomatic factors (including how hard they can push China to pressure North Korea) and, in an election year, the political factors.

The Obama administration faces fairly limited options for how to respond. North Korea is already one of the most heavily sanctioned countries in the world. Even so, U.S. officials say they will seek some sign of condemnation from the United Nations.

A Security Council resolution, however, could be hard to obtain in the face of a possible veto from Russia and especially from China, which has been North Korea’s staunchest defender in the international arena.

More likely, the Security Council is likely to approve a presidential statement, which is easier to pass but traditionally carries less legal force than a resolution. Given the failure of the launch, a presidential statement may be perceived politically within the United States as a strong enough response.