Indonesia rolls out JRC-designed system to enhance Tsunami Early Warning

Indonesia has announced plans to roll out a tsunami early warning system based on the Inexpensive Device for Sea Level Monitoring (IDSL).

The system was developed by the European Commission’s Joint Research Centre with support from the Commission’s department for European Civil Protection and Humanitarian Aid Operations (DG ECHO).

The new plan for IDSL installation foresees the acquisition of 100 new units before the end of 2020 and a more ambitious implementation of an additional 530 units over the coming years, for fisheries, ports and conservation areas across Indonesia.

The IDSL is already installed in 7 locations in Indonesia (Sebesi Island, Marina Jambu, Pandangaran, Sadeng Port and Pelabuhan Ratu on Java Island and Bungus Port on Sumatra Island). It is also being installed in Mentawai Island.

The initiative is part of a collaboration between the JRC, DG ECHO and the Ministry of Maritime and Fisheries, initiated in 2019 when the JRC provided Indonesia with 8 IDSL devices to quickly implement a new Tsunami Warning System in the aftermath of the Anuk Krakatau volcano explosion on 22 Dec 2018. The event triggered a severe Tsunami, killing more than 400 people in the Sunda Strait.

The JRC began developing the IDSL in 2014. It has been installed in 35 locations in the Mediterranean Sea to enhance the monitoring capability of the Tsunami Warning Centres, in collaboration with local institutions and the UNESCO International Oceanographic Commission.

The characteristics of this innovative device are:

its low cost (2.5 k Euro vs 25-30 k Euro of similar devices);
the quick response and transmission (latency less than 5s from measurement to data publication);
the easy installation (less than 2h);
the presence of a software onboard able to detect Tsunami waves or other large sea level variations and send email and SMS to a prescribed list of recipients.
The name of IDSL has been modified to ‘PUMMA’ in the Indonesian language, or Perangkat Ukur Murah untuk Muka Air (Low cost Device for Sea Level Measurement).

It has the same meaning but is easier for Indonesians to recognise and understand its functioning.

Announcing the plans, Indonesian Maritime and Fisheries Minister Edhy Prabowo referred to the geographical position of Indonesia and indicated: “This situation prompts the Indonesian government to formulate a practical tsunami mitigation regime because a large number of coastal communities and villages could be left vulnerable and devastated when a tsunami strikes. In addition, vast coastlines and a large number of coastal communities means that Indonesia needs tsunami early warning systems to be installed in many tsunami prone areas. In this situation, the government needs to develop a tsunami mitigation program that includes the participation of the communities to develop their preparedness and make them more resilient to tsunami."

The new devices will be built with the collaboration of the European Commission and the involvement of local small scale companies and universities.

They will be integrated with the overall monitoring network in Indonesia provided by BIG (Sea Level Monitoring Institution) and BMKG (Tsunami Service Provider).

The IDSL (or PUMMA) will be implemented not only for tsunami early warning, but also for monitoring of fisheries port activities, marine tourisms, marine ecosystem and sea level rise.

Policy brief: technologies for averting, minimizing and addressing loss and damage in coastal zones

Coastal zones are home to about 40 per cent of the world’s population, living within 100 km of the coastline.

The most recent technology needs assessment indicates that one-third of developing countries placed infrastructure, including in coastal zones, as a prioritized sector, and most of the prioritized technologies in this regard were related to coastal protection, including both hard and soft measures.

Today more than 600 million people live in coastal zones that are less than 10 meters above sea level, and approximately 60 per cent of the world’s metropolises whose populations exceed 5 million people are located within 100 kilometers of a coastline. Coastal zones are a critical component of national economies, including shipping, aquaculture, tourism and other coastal services and industries.

Furthermore, entire economic activities in those of small islands developing states and low-lying delta countries, belong to their coasts. And yet coastal areas stand at risk from rising sea level and extreme weather intensity caused by climate change.

Recently as evidenced in many coastal areas, the impacts of these climate change phenomena, including the losses and damages, are increasingly becoming disruptive.

The report aims to inform policy-makers and practitioners on technological solutions to assess and manage climate-related risks comprehensively in coastal zones. It also identifies recovery and rehabilitation measures to address the impacts from tropical cyclones, storm surges, sea level rise, ocean acidification and other climate-change-related impacts.

Download Report from UNFCCC

Source - United Nations Framework Convention on Climate Change

New ACSC report details cyber threats across Australia

The inaugural ACSC Annual Cyber Threat Report outlines key cyber threats and statistics over the period 1 July 2019 to 30 June 2020. Over this period, the ACSC responded to 2,266 cyber security incidents and received 59,806 cybercrime reports at an average of 164 cybercrime reports per day, or one report every 10 minutes.

Key cyber threats highlighted include:

Malicious cyber activity against Australia’s national and economic interests is increasing in frequency, scale, and sophistication. Phishing and spearphishing remain the most common methods used by cyber adversaries to harvest personal information or user credentials to gain access to networks, or to distribute malicious content.

Over the past 12 months the ACSC has observed real-world impacts of ransomware incidents, which have typically originated from a user executing a file received as part of a spearphishing campaign. Ransomware has become one of the most significant threats given the potential impact on the operations of businesses and governments.

The 5G network and IoT devices have the potential to be revolutionary, but they require new thinking about how best to adopt them securely. Insecure or misconfigured systems make it very easy for hackers looking to compromise networks, cause harm and steal information.

Cybercrime is one of the most pervasive threats facing Australia, and the most significant threat in terms of overall volume and impact to businesses and individuals. The Australian Competition and Consumer Commission’s (ACCC) Targeting Scams 2019 report, identified Australians lost over $634 million to scams in 2019.

The ACSC Annual Cyber Threat Report has been developed with law enforcement partners, the Australian Federal Police and the Australian Criminal Intelligence Commission, to provide important information about emerging cyber threats impacting the Australian economy.

Full report avaioable at https://www.cyber.gov.au/sites/default/files/2020-09/ACSC-Annual-Cyber-Threat-Report-2019-20.pdf

FEMA Awards $17.8 Million for Hurricane Irma Recovery in Florida

EMA has awarded grants totaling $17,820,727 for the State of Florida to reimburse applicants for eligible costs of emergency response and repairs to public facilities following Hurricane Irma.

FEMA’s Public Assistance program provides grants to state, tribal, and local governments, and certain types of private nonprofit organizations, including some houses of worship, so that communities can quickly respond to and recover from major disasters or emergencies. The Florida Division of Emergency Management works with FEMA during all phases of the program and conducts final reviews of FEMA-approved projects.

The federal share for projects is not less than 75 percent of the eligible cost. The state determines how the nonfederal share of the cost of a project (up to 25 percent) is split with the subrecipients like local and county governments.

CISA Issues Final Vulnerability Disclosure Policy Directive for Federal Agencies

The Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive 20-01, which requires individual federal civilian executive branch (FCEB) agencies to develop and publish a vulnerability disclosure policy (VDP) for their internet-accessible systems and services, and maintain processes to support their VDP. This BOD is part of CISA’s agency-wide priority to make 2020 the “year of vulnerability management,” with a particular focus on making vulnerability disclosure to the civilian executive branch easier for the public.

“Cybersecurity is strongest when the public is given the ability to contribute, and a key component to receiving cybersecurity help from the public is to establish a formal policy that describes how to find and report vulnerabilities legally,” said Bryan Ware, Assistant Director for Cybersecurity, CISA.

Vulnerability disclosure policies enhance the resiliency of the government’s online services by encouraging meaningful collaboration between federal agencies and the public. They make it easier for the public to know where to send a report, what types of testing are authorized for which systems, and what communication to expect.

When agencies integrate vulnerability reporting into their existing cybersecurity risk management activities, they can weigh and address a wider array of concerns. This helps safeguard the information the public has entrusted to the government and gives federal cybersecurity teams more information to protect their agencies. Additionally, ensuring consistent policies across the Executive Branch offers those who report vulnerabilities equivalent protection and a more uniform experience.

UN aims to help prevent another Beirut disaster

The devastation caused by the Beirut explosions on 4 August has focused attention on the risks involved in the transportation and storage of dangerous goods around the world. The UN is at the forefront of international efforts to reduce these risks and save lives.

Many offices and agencies of the UN have been mobilized to respond to the aftermath of the disaster, provide emergency aid, and coordinate the international community’s response.

The cost of reconstruction is estimated to be in the range of several billion dollars and, on August 10, Mark Lowcock, the UN’s Emergency Relief Coordinator, called for donors to “come together and put their shoulder to the wheel” for the benefit of the Lebanese people.

Exposure to risk
Three days later, a group of independent UN human rights experts released a statement decrying the “level of irresponsibility and impunity surrounding human and environmental devastation” in the city, and called for an independent investigation that clarifies responsibility for the man-made disaster, and leads to justice and accountability.

In their statement, the experts also maintained the right of the Lebanese people to clear and accurate information about the health and environmental risks to which they are exposed.

The explosions have led to much soul-searching in Lebanon, but it is far from the only country whose citizens are at risk from sites containing dangerous materials: according to the Small Arms Survey, a research organization based in Geneva, Switzerland, tens of thousands of people have been killed by unplanned explosions at arms depots over the past four decades.

Follow the rules
However, several internationally agreed rules and regulations concerning the transportation of dangerous cargo have been in circulation for several years. From the International Maritime Dangerous Goods Code, published by the UN International Maritime Organization (IMO), to the International Labour Organisation (ILO) code of practice on safety and health in ports.

But, as Alfredo Parroquín-Ohlson, the head of Cargoes and Technical Cooperation Coordination at the IMO, explained to UN News, whilst the UN can convene countries to thrash out these rules and guidelines, the states themselves are responsible for making sure they are followed.

“Monitoring falls to shipping companies, and it is the responsibility of each country to verify that regulations are applied and implemented properly. If procedures are not followed, then there will, of course, be gaps. This clearly happened in the case of Beirut”, he said.

“We can only hope that this kind of catastrophe raises the general awareness of the risks involved”, added the UN official, “and we are sure that many ports are taking a closer look at the kind of dangerous materials they have on their hands, and are now revising their procedures.”

Framing the problem
The responsibility of governments around the world to identify risks, is included in the Sendai Framework for Disaster Risk Reduction, the first of the 2030 Agenda global agreements, adopted in 2015, which sets out how Member States can reduce risk. It calls for Member States to finalize their strategies for disaster risk reduction by the end of this year.

Mami Mizutori is the head of the UN Office for Disaster Risk Reduction (UNDRR), the UN’s lead agency for risk and resilience, charged with overseeing implementation of the Sendai Framework.

She told UN News that, whilst the current UN response in Beirut is necessarily focusing on the immediate needs of the affected citizens, it is also important to discuss how to reduce the likelihood of a similar incident hitting the city in the future.

Will it happen again?
“The essence of the Sendai Framework is about shifting attention from responding to disasters, to changing behaviour, so that we can mitigate risks from disasters before they hit and, in doing so, reducing deaths and economic loss, and make it more likely that we will achieve sustainable development”, she said. “In short, it’s about prevention and building resilience for the future.”

“Ports are critical infrastructure, and essential services, and they need to be built in a way that takes all kinds of risk into consideration, including the kinds of goods that are being brought into the port”, added Ms. Mizutori.

“We have robust international rules and regulations regarding the operation of ports, and the ways that substances are stored, but often we see that regulations are not implemented. Governments need to invest in the right people and the right infrastructure. If this doesn’t happen, we will see more technological hazards turning into disasters, whether it’s at a port, a mine, big industrial facilities, or at nuclear power plants.

“When we don’t have enough risk governance, the likelihood of a catastrophic event grows”, she said. “Beirut is a stark reminder that disasters don’t wait in turn to strike us.”

Prevention pays
The message from these UN officials is that fresh rules and regulations are not necessarily needed. What is more important, is a change in our behaviour and the way we factor risk into the way we live, whether at a personal level, or at a national level.

Mr. Parroquín-Ohlson notes that personnel working at ports should not necessarily shoulder the blame, when disaster strikes.

“Staff need to be supported by their institutions, who have robust rules and regulations available to them. In some examples we have seen, staff were not well trained, but, in others, we saw that there was a lack of internal procedures within the administration as a whole”, he said. “For example, there needs to be a clear policy, stating who is responsible for the storage of such cargo, up to the point that it leaves on a ship.”

For Ms. Mizutori, part of the answer is for countries to put disaster risk reduction at the heart of government: “The countries need to put money behind this, and establish national disaster management agencies, which are connected to all the other ministries, working directly under the Head of State, or the Cabinet Office, to ensure that they can take charge of putting prevention at heart of policy-making.

The difficulty, of course, is convincing people that it is worth putting money into something that might happen only happen every 30, or even 100 years. Our job is to help explain why investing in prevention pays.”

[Source: UN]

CISA Release 5G Strategy for Secure and Resilient Critical Infrastructure

The Cybersecurity and Infrastructure Security Agency (CISA) has released its strategy to ensure the security and resilience of fifth generation (5G) technology in our nation.

As the Nation’s risk advisor, CISA serves the unique role as a trusted information broker across a diverse set of public and private stakeholders. In this role, CISA fosters increased information sharing to help these stakeholders make more informed decisions when identifying and addressing future 5G technology priorities.

CISA’s 5G Strategy seeks to advance the development and deployment of a secure and resilient 5G infrastructure, one that promotes national security, data integrity, technological innovation, and economic opportunity for the United States and its allied partners. The strategy establishes five strategic initiatives that align to the Lines of Effort defined in the National Strategy to Secure 5G. Guided by the core competencies of risk management, stakeholder engagement, and technical assistance, CISA’s 5G activities will help ensure there are policy, legal, security, and safety frameworks in place to fully leverage 5G technology while managing its significant risks.

“The promise of 5G is undeniable, but with 5G technology posed to underpin a wide range of critical infrastructure functions, it’s vital that we manage these risks adequately and promote a trusted ecosystem of 5G componentry,” said CISA Director Christopher Krebs. “CISA is committed to working with partners to build a resilient 5G infrastructure, and this strategy identifies a roadmap of how we will bring stakeholders together to achieve this.”

In addition to the Strategy, CISA has released a 5G Basics Infographic to educate stakeholders on challenges and risks associated with 5G. Working in close collaboration with the critical infrastructure community, the Agency plans to publish sector-specific 5G risk profiles in the coming months.

To learn more about CISA’s role in 5G and to view the strategy, visit www.cisa.gov/5G.

Australian Government launch consultation on protection of critical infrastructures

The Australian Government is committed to protecting the essential services all Australians rely on by uplifting the security and resilience of critical infrastructure.

The Government’s commitment to the continued prosperity of its economy and businesses is unwavering. The impacts of recent events only reinforce the need for collaboration between and across critical infrastructure sectors and Government to protect our economy, security and sovereignty.

At the same time, Government recognises the additional economic challenges facing many sectors and entities in the wake of the COVID-19 pandemic. The outcome it seek is clear - they want to work in partnership to develop proportionate requirements that strike a balance between uplifting security, and ensuring businesses remain viable and services remain sustainable, accessible and affordable. An uplift in security and resilience across critical infrastructure sectors will mean that all businesses will benefit from strengthened protections to the networks, systems and services we all depend on.

An enhanced critical infrastructure framework

The primary objective of the proposed enhanced framework is to protect Australia’s critical infrastructure from all hazards, including the dynamic and potentially catastrophic cascading threats enabled by cyber attacks.

The enhanced framework outlines a need for an uplift in security and resilience in all critical infrastructure sectors, combined with better identification and sharing of threats in order to make Australia’s critical infrastructure – whether industry or government owned and operated – more resilient and secure. This approach will prioritise acting ahead of an incident wherever possible.

Government has agreed that the proposed enhanced framework will apply to an expanded set of critical infrastructure sectors, comprising of three key elements:

  1. Positive Security Obligation, including:
    a. set and enforced baseline protections against all hazards for critical infrastructure and systems, implemented through sector-specific standards proportionate to risk.
  2. Enhanced cyber security obligations that establish:
    a. the ability for Government to request information to contribute to a near real-time national threat picture;
    b. owner and operator participation in preparatory activities with Government; and
    c. the co-development of a scenario based ‘playbook’ that sets out response arrangements.
  3. Government assistance for entities that are the target or victim of a cyber attack, through the establishment of a Government capability and authorities to disrupt and respond to threats in an emergency.

These three initiatives will be underpinned by an enhanced Government-industry partnership across all hazards.

The Government intends to consult with stakeholders during and after receiving submissions. This will also allow us to assess the impact of proposed reforms and refine the development of the enhanced framework.

Further details can be viewed at https://www.homeaffairs.gov.au/reports-and-pubs/files/protecting-critical-infrastructure-systems-consultation-paper.pdf

INTERPOL report shows shift in cyber attacks from individuals to governments and critical health infrastructure

An INTERPOL assessment of the impact of COVID-19 on cybercrime has shown a significant target shift from individuals and small businesses to major corporations, governments and critical infrastructure.

With organizations and businesses rapidly deploying remote systems and networks to support staff working from home, criminals are also taking advantage of increased security vulnerabilities to steal data, generate profits and cause disruption.

In one four-month period (January to April) some 907,000 spam messages, 737 incidents related to malware and 48,000 malicious URLs – all related to COVID-19 – were detected by one of INTERPOL’s private sector partners.

“The increased online dependency for people around the world, is also creating new opportunities, with many businesses and individuals not ensuring their cyber defences are up to date.

“The report’s findings again underline the need for closer public-private sector cooperation if we are to effectively tackle the threat COVID-19 also poses to our cyber health,” concluded the INTERPOL Chief.

Key findings highlighted by the INTERPOL assessment of the cybercrime landscape in relation to the COVID-19 pandemic include:

Online Scams and PhishingThreat actors have revised their usual online scams and phishing schemes. By deploying COVID-19 themed phishing emails, often impersonating government and health authorities, cybercriminals entice victims into providing their personal data and downloading malicious content.Around two-thirds of member countries which responded to the global cybercrime survey reported a significant use of COVID-19 themes for phishing and online fraud since the outbreak.

Disruptive Malware (Ransomware and DDoS)Cybercriminals are increasingly using disruptive malware against critical infrastructure and healthcare institutions, due to the potential for high impact and financial benefit.In the first two weeks of April 2020, there was a spike in ransomware attacks by multiple threat groups which had been relatively dormant for the past few months.Law enforcement investigations show the majority of attackers estimated quite accurately the maximum amount of ransom they could demand from targeted organizations.

Data Harvesting MalwareThe deployment of data harvesting malware such as Remote Access Trojan, info stealers, spyware and banking Trojans by cybercriminals is on the rise. Using COVID-19 related information as a lure, threat actors infiltrate systems to compromise networks, steal data, divert money and build botnets.

Malicious DomainsTaking advantage of the increased demand for medical supplies and information on COVID-19, there has been a significant increase of cybercriminals registering domain names containing keywords, such as “coronavirus” or “COVID”. These fraudulent websites underpin a wide variety of malicious activities including C2 servers, malware deployment and phishing.From February to March 2020, a 569 per cent growth in malicious registrations, including malware and phishing and a 788 per cent growth in high-risk registrations were detected and reported to INTERPOL by a private sector partner.

Misinformationn increasing amount of misinformation and fake news is spreading rapidly among the public. Unverified information, inadequately understood threats, and conspiracy theories have contributed to anxiety in communities and in some cases facilitated the execution of cyberattacks.Nearly 30 per cent of countries which responded to the global cybercrime survey confirmed the circulation of false information related to COVID-19. Within a one-month period, one country reported 290 postings with the majority containing concealed malware. There are also reports of misinformation being linked to the illegal trade of fraudulent medical commodities.Other cases of misinformation involved scams via mobile text-messages containing 'too good to be true' offers such as free food, special benefits, or large discounts in supermarkets.

Future primary areas of concern highlighted by the INTERPOL report include.

  • A further increase in cybercrime is highly likely in the near future. Vulnerabilities related to working from home and the potential for increased financial benefit will see cybercriminals continue to ramp up their activities and develop more advanced and sophisticated modi operandi.
  • Threat actors are likely to continue proliferating coronavirus-themed online scams and phishing campaigns to leverage public concern about the pandemic.
  • Business Email Compromise schemes will also likely surge due to the economic downturn and shift in the business landscape, generating new opportunities for criminal activities.
  • When a COVID-19 vaccination is available, it is highly probable that there will be another spike in phishing related to these medical products as well as network intrusion and cyberattacks to steal data.

Protect Operational Technologies and Control Systems Against Cyber Attacks

Cyber actors have demonstrated their willingness to conduct cyber attacks against critical infrastructure by exploiting Internet-accessible Operational Technology (OT) assets. Due to the increase in adversary capabilities and activities, the criticality to U.S. national security and way of life, and the vulnerability of OT systems, civilian infrastructure makes attractive targets for foreign powers attempting to harm to US interests or retaliate for perceived US aggressive.

Today, the National Security Agency and Cybersecurity and Infrastructure Security Agency released an advisory for critical infrastructure OT and control systems assets to be aware of current threats we observe, prioritize assessing their cybersecurity defenses and take appropriate action to secure their systems.

“Operational technology assets are pervasive and underpin many essential national security functions, as well as the Defense Industrial Base,” Anne Neuberger, Director of NSA's Cybersecurity Directorate noted. “We encourage all stakeholders to apply our joint recommendations with DHS CISA.”

“As we’ve said many times, our adversaries are capable, imaginative and aim to disrupt essential services, so it is important that we make sure we are staying ahead of them." Bryan Ware, Assistant Director for Cybersecurity, CISA. “Our goal at CISA is to lead and encourage a proactive ‘whole community’ assessment and response to significant threats and ensure we provide the right tools and services at the right time.”

NSA and CISA continue to collaborate on cybersecurity issues and share information about how to best secure National Security Systems, Department of Defense systems, and the Defense Industrial Base as well as other critical infrastructure, against foreign threats, ultimately keeping America and our allies safe.

1 2 3