The Cybersecurity and Infrastructure Security Agency (CISA) has released an Insider Risk Mitigation Self-Assessment Tool, which assists public and private sector organizations in assessing their vulnerability to an insider threat. By answering a series of questions, users receive feedback they can use to gauge their risk posture. The tool will also help users further understand the nature of insider threats and take steps to create their own prevention and mitigation programs.
“While security efforts often focus on external threats, often the biggest threat can be found inside the organization,” said CISA Executive Assistant Director for Infrastructure Security David Mussington. “CISA urges all our partners, especially small and medium businesses who may have limited resources, to use this new tool to develop a plan to guard against insider threats. Taking some small steps today can make a big difference in preventing or mitigating the consequences of an insider threat in the future.”
Insider threats can pose serious risk to any organization because of the institutional knowledge and trust placed in the hands of the perpetrator. Insider threats can come from current or former employees, contractors, or others with inside knowledge, and the consequences can include compromised sensitive information, damaged organizational reputation, lost revenue, stolen intellectual property, reduced market share, and even physical harm to people. CISA has a number of tools, training, and information on an array of threats public and private sector organizations face, including insider threats.
More than a year and a half into the COVID-19 pandemic, amid relentless global demand for broadband services, the Broadband Commission for Sustainable Development has reaffirmed its call for digital cooperation, innovation with information and communication technologies (ICTs), and collaborative approaches to secure universal connectivity and access to digital skills.
The Commission's State of Broadband Report 2021, released during the meeting, outlines the impact of pandemic policies and calls for a concerted, people-centred push to close the world's persistent divide. In the world's least developed countries (LDCs), no more than a quarter of the population is online.
"Digital cooperation needs to go beyond access to broadband," said H.E. President Paul Kagame of Rwanda, Co-Chair of the Commission. “We also need to close the gap in the adoption and use of affordable devices and services, in accessible content, and in digital literacy."
More than 50 Commissioners and special guests, representing government leaders, heads of international organizations and private sector companies, civil society and academia, affirmed that people-centred solutions must be at the heart of building a sustainable path towards universal broadband.
Commission co-Chair Carlos Slim, Founder of Carlos Slim Foundation and Grupo Carso, added: “To achieve our universal connectivity goal, we need to work together. We need to build a digital future that is inclusive, affordable, safe, sustainable, meaningful and people centred. We need to support infrastructure and to deal with affordability and relevant content to ensure usage. For that to happen, it requires concerted efforts."
Connectivity for sustainable development
The Annual Fall Meeting, held in a virtual format, underscored the need to accelerate digital connectivity to fulfil the United Nations Agenda for 2030, centred on 17 Sustainable Development Goals.
“The absence of digital skills remains the largest barrier to Internet use," noted Audrey Azoulay, Director-General of the United Nations Educational, Scientific and Cultural Organization (UNESCO) and co-Vice Chair of the Commission. “Digital education must therefore be as much about gaining skills as about developing the ability to think critically in order to master the technical aspects and be able to distinguish between truth and falsehood."
“UNESCO's Media and Information Literacy curriculum, launched in Belgrade, Serbia, in April, provided a key tool to boost skills," she added.
A newly released Commission report on distance and hybrid learning cites the need to foster digital skills along with expanding broadband infrastructure.
A credential authentication technology (CAT) unit has been installed and is in use at the Transportation Security Administration checkpoint at Capital Region International Airport (LAN).
“The new credential authentication technology unit enhances our detection capabilities for identifying fraudulent ID documents and improves the passenger’s experience by increasing efficiency during the checkpoint experience,” said Michigan TSA Federal Security Director Steve Lorincz. “The CAT unit also reduces touchpoints at the checkpoint, which benefits both officers and travelers during this pandemic.”
Passengers will approach the travel document checking station at the checkpoint and listen to the instructions of the TSA officer, who will insert the personal identification into the scanner for authentication.
Passengers will not have to hand over their boarding pass (electronic or paper), thus reducing a touchpoint. Instead, they should have their boarding pass ready in the event that the TSA officer requests visual inspection. The CAT unit will verify that the traveler is prescreened to travel out of the airport for a flight that day; however, a boarding pass may be requested for travelers under the age of 18 and/or those without IDs or with damaged IDs.
“We are pleased that TSA is taking steps to enhance the technology to ensure the safety and security of our travelers here at the Capital Region International Airport (LAN),” said Nicole Noll-Williams, president and CEO of the Capital Region Airport Authority.
Even with TSA’s use of CAT, travelers still need to check-in with their airline in advance and bring their boarding pass to their gate agent to show the airline representative before boarding their flight.
This technology will enhance detection capabilities for identifying fraudulent documents at the security checkpoint. CAT units authenticate several thousand types of IDs including passports, military common access cards, retired military ID cards, Department of Homeland Security Trusted Traveler ID cards, uniformed services ID cards, permanent resident cards, U.S. visas, and driver’s licenses and photo IDs issued by state motor vehicle departments.
The European Union Agency for Cybersecurity (ENISA) has launched a cybersecurity assessment methodology for cybersecurity certification of sectoral multistakeholder ICT systems.
The Methodology for a Sectoral Cybersecurity Assessment - (SCSA Methodology) was developed to enable the preparation of EU cybersecurity certification schemes for sectoral ICT infrastructures and ecosystems. SCSA aims at market acceptance of cybersecurity certification deployments and supports the requirements of market stakeholders and the EU Cybersecurity Act (CSA). In particular, SCSA endorses the identification of security and certification requirements based on risks associated with the “intended use” of the specific ICT products, services and processes.
The SCSA Methodology makes available to the ENISA stakeholders a comprehensive ICT security assessment instrument that includes all aspects pertinent to sectoral ICT systems and provides thorough content for the implementation of ICT security and cybersecurity certification.
While SCSA draws from widely accepted standards, in particular ISO/IEC 27000-series and ISO/IEC 15408-series, the proposed enhancements tackle multi-stakeholder systems and the specific security and assurance level requirements concerning ICT products, processes and cybersecurity certification schemes.
This is achieved by introducing the following features and capabilities:
- Business processes, roles of sectoral stakeholders and business objectives are documented at ecosystem level, overarching the ICT subsystems of the individual stakeholders. Stakeholders are invited to actively contribute to the identification and rating of ICT security risks that could affect their business objectives.
- A dedicated method associates the stakeholders’ ratings of risks with the security and assurance level requirements to dedicated ICT subsystems, components or processes of the sectoral ICT system.
- SCSA specifies a consistent approach to implement security and assurance levels across all parts of the sectoral ICT system and provides all information required by the sectoral cybersecurity certification schemes.
Benefits of the SCSA Methodology for stakeholders
The sectoral cybersecurity security assessment provides a comprehensive approach of the multi-faceted aspects presented by complex multi-stakeholder ICT systems and it features the following benefits:
- The security of a sectoral system requires synchronisation across all participating stakeholders. SCSA introduces comparability of security and assurance levels between different stakeholders’ systems and system components. SCSA enables building open multi-stakeholder ecosystems even among competitors to the benefit of suppliers and customers.
- The risk-based approach supports transparency and a sound balance between the cost for security and certification and the benefit of mitigating ICT-security-related business risks for each concerned stakeholder.
- Security measures can focus on the critical components, optimising the security architecture of the sectoral system, hence minimising cost of security.
- SCSA generates accurate and consistent information on security and certification level requirements for all relevant ICT subsystems, components or processes. On this basis, suppliers can match their products to their customers’ requirements.
- SCSA supports the integration of existing risk management tools and information security management systems (ISMS).
- Due to a consistent definition of assurance levels, the re-use of certificates from other cybersecurity certification schemes is supported.
When COVID began to infiltrate the Caribbean, the World Food Programme (WFP) quickly contacted governments to find how to best help funnel cash to people left struggling to feed their families as jobs began to melt away.
For Dominica, helping rapidly digitalize the country's largely paper-based data collection and payment systems was the speediest and most effective solution, says Regis Chapman, head of office for WFP in Barbados.
Within weeks, WFP helped Dominica implement systems to more efficiently collect and analyze the data needed to determine who was eligible for payments to help ride out the pandemic.
By printing scannable QR codes on payment envelopes and asking people to sign digitally to confirm receipt, Dominica quickly created a visualization dashboard to show where and when funds were distributed.
“We're now looking at developing an information management system to better manage data on all their social protection programs, not just the public assistance program," says Chapman.
“The socio-economic aspect of COVID has been devastating. The lowest income groups are the people who are most affected and we’ve seen huge spikes in food insecurity.”
WFP’s shock responsive social protection program is one of the many in the Caribbean supported by the European Commission Humanitarian Aid Office (ECHO) which has provided $183 million in aid to the region - excluding Haiti - since 1994.
Through its DIPECHO disaster preparedness program, $50 million of those funds have targeted disaster risk reduction and community resilience programs.
Now as middle-income Caribbean countries compete with other parts of the world for increasingly tight donor funding, it is more important than ever to show how projects support communities and protect lives and livelihoods, say experts.
Presenting evidence of successful schemes also helps create templates that can be used in other parts of the world, says Saskia Carusi, external relations officer for the United Nations Office for Disaster Risk Reduction, Regional Office for the Americas and the Caribbean (UNDRR).
“It’s important to show how successful projects are from an accountability point of view," says Panama-based Carusi.
"But for ECHO, it’s important to show evidence that projects save lives and make a difference, and that there are still needs in the region."
The best evidence should be a combination of quantitative data showing how losses are reduced by disaster risk reduction projects, alongside qualitative examples of how schemes work on the ground, says Carusi.
Evidence should also examine whether localized, pilot projects can be rolled out in neighboring communities or even scaled up to a national level, she says.
With EU funding, UNDRR has created the dipecholac.net platform where organizations can highlight their Caribbean projects and show how they relate to the Sendai Framework for Disaster Risk Reduction 2015-2030.
It now wants organizations to upload videos, documents and infographics to the site that show how Caribbean projects have been adapted to make a difference during the pandemic and other emergencies.
For the International Federation of Red Cross and Red Crescent Societies (IFRC), the pandemic has underscored the importance of preparing Caribbean communities to deal with multiple hazards, says Marisa Clarke-Marshall, IFRC coordinator, partnerships and planning.
During the crisis, Community Disaster Response Teams (CDRTs) trained by the Red Cross with ECHO funding to deal with hazards such as hurricanes, have rapidly adapted to help communities cope with COVID, she says.
Trained primarily to conduct initial damage assessments, give first aid and coordinate immediate response, CDRTs have helped identify those most in need in their communities, and deliver cash vouchers and hygiene kits.
The CDRT project has attracted attention from major donors keen to set up similar teams elsewhere, while an ECHO-funded tool to assess risk and vulnerabilities is now used globally, she says.
Events such as November’s UNDRR co-organized VII Regional Platform for Disaster Risk Reduction in the Americas and the Caribbean provide an opportunity for both governments, multilaterals and non-profits to show which projects best helped tackle COVID while continuing to ramp up preparedness.
For UNDRR, its projects to boost Caribbean business resilience reaped dividends during the pandemic as companies adapted their continuity plans that were primarily designed to tackle climate-related crises, says Carusi.
Its EU-funded project to increase preparedness and disaster risk reduction through the Caribbean Safe Schools Initiative is now generating interest from other countries in Latin America, says Carusi.
"UNDRR’s work on policy and advocacy in the long run has a higher impact," says Carusi.
For WFP, EU funding is supporting its work with the Caribbean Disaster Emergency Agency (CDEMA) to pre-position generators, prefabricated units and other gear to help countries better prepare, save lives and reduce losses.
"A lot of what we're looking at is how do we help government systems to become more resilient," says Chapman.
"One of the region's prime ministers recently said, everybody says the Caribbean is so resilient, it's that we have to be. You have to stand up when you're knocked down and start all over again because what other choice do you have."
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have observed the increased use of Conti ransomware in more than 400 attacks on U.S. and international organizations. (See FBI Flash: Conti Ransomware Attacks Impact Healthcare and First Responder Networks.) In typical Conti ransomware attacks, malicious cyber actors steal files, encrypt servers and workstations, and demand a ransom payment.
To secure systems against Conti ransomware, CISA, FBI, and the National Security Agency (NSA) recommend implementing the mitigation measures described in this Advisory, which include requiring multi-factor authentication (MFA), implementing network segmentation, and keeping operating systems and software up to date.
While Conti is considered a ransomware-as-a-service (RaaS) model ransomware variant, there is variation in its structure that differentiates it from a typical affiliate model. It is likely that Conti developers pay the deployers of the ransomware a wage rather than a percentage of the proceeds used by affiliate cyber actors and receives a share of the proceeds from a successful attack.
Conti actors often gain initial access to networks through:
- Spearphishing campaigns using tailored emails that contain malicious attachments or malicious links;
- Malicious Word attachments often contain embedded scripts that can be used to download or drop other malware—such as TrickBot and IcedID, and/or Cobalt Strike—to assist with lateral movement and later stages of the attack life cycle with the eventual goal of deploying Conti ransomware.
- Stolen or weak Remote Desktop Protocol (RDP) credentials
- Phone calls;
- Fake software promoted via search engine optimization;
- Common vulnerabilities in external assets.
In the execution phase, actors run a getuid payload before using a more aggressive payload to reduce the risk of triggering antivirus engines. CISA and FBI have observed Conti actors using Router Scan, a penetration testing tool, to maliciously scan for and brute force routers, cameras, and network-attached storage devices with web interfaces. Additionally, actors use Kerberos attacks to attempt to get the Admin hash to conduct brute force attacks.
Conti actors are known to exploit legitimate remote monitoring and management software and remote desktop software as backdoors to maintain persistence on victim networks. The actors use tools already available on the victim network—and, as needed, add additional tools, such as Windows Sysinternals and Mimikatz—to obtain users’ hashes and clear-text credentials, which enable the actors to escalate privileges within a domain and perform other post-exploitation and lateral movement tasks. In some cases, the actors also use TrickBot malware to carry out post-exploitation tasks.
According to a recently leaked threat actor “playbook,” Conti actors also exploit vulnerabilities in unpatched assets, such as the following, to escalate privileges and move laterally across a victim’s network.
National Cyber Security Centre CEO and Director of the US Cybersecurity and Infrastructure Security Agency met in London.
Top cyber security officials from the UK and US affirmed their commitment to tackling ransomware in their first official face-to-face engagement.
Lindy Cameron, CEO of the National Cyber Security Centre – a part of GCHQ – met with Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency to discuss their organisations’ priorities, including combatting ransomware.
During their bi-lateral meeting in London they reflected on the impact of ransomware attacks this year and the need for industry collaboration to complement government’s operational efforts against ransomware.
NCSC Chief Executive Lindy Cameron said:
“It was a pleasure to host Director Easterly for our first in-person bi-lateral meeting to discuss the critical issues in cyber security today.
“Ransomware is a serious and growing security threat that cuts across borders, and it is important for us to maintain a continuing dialogue with our closest ally to tackle it.”
The issue of gender diversity was also on the agenda, with both agreeing that more needed to be done to remove barriers to entry into the profession for women and girls.
They discussed the NCSC’s CyberFirst Girls Competition, which aims to get more girls interested in cyber through fun but challenging team events for teenagers, and CISA’s ongoing commitment to expanding opportunities for young women and girls to pursue careers in cyber security and technology and closing the gender gap that exists in these fields.
The two leaders also discussed government collaboration with industry, including the NCSC’s Industry 100 scheme and CISA’s Joint Cyber Defense Collaborative.
The Industry 100 scheme has integrated public and private sector talent in the UK to pool their knowledge to tackle key cyber security issues. The Joint Cyber Defense Collaborative has similarly bought American public and private sector entities together to unify crisis action planning and defend against threats to U.S. critical infrastructure.
The nation’s grid delivers electricity that is essential for modern life. However, the grid faces risks from events that can damage electrical infrastructure (such as power lines) and communications systems, resulting in power outages. These outages can threaten the nation’s economic and national security.
They can also disproportionately affect low-income groups, in part because such groups have fewer resources to invest in backup generators and other measures to minimize the impact of outages.Even though most of the electricity grid is owned and operated by private industry, the federal government plays a key role in enhancing grid resilience.
• The Department of Homeland Security (DHS) is responsible for coordinating the overall federal effort to promote the security and resilience of the nation’s critical infrastructure sectors.
• The Department of Energy (DOE) leads federal efforts to support electricity grid resilience, including research and technology development by national laboratories.
• The Federal Energy Regulatory Commission (FERC) reviews and approves standards developed by the North American Electric Reliability Corporation, the federally designated U.S. electric reliability organization.
The electricity grid faces multiple risks that can cause widespread power outages.
- Extreme weather and climate change
- Cyber- and physical attacks
- Electromagnetic events
In addition to the risks described in the prior page, the electric utility industry faces complex challenges and transformations, including:
• aging infrastructure;
• adoption of new technologies, such as information and communication systems
to improve the grid’s efficiency; and
• a changing mix of power generation. The traditional model of large, centralized power generators is evolving as retiring generators are replaced with variable wind and solar generators, smaller and more flexible natural gas generators, and nontraditional resources. Such resources include demand-response activities which encourage consumers to reduce their demand for electricity when the cost to generate electricity are high, and various technologies (e.g., solar panels) that generate electricity at or near where it will be used—known as “distributed generation.”
Agencies have implemented several of GAO’s recommendations for improving electricity grid resilience. For example, in March 2016, we recommended that DHS designate roles and responsibilities within the department for addressing electromagnetic risks, which DHS did in 2017. However, as of September 2021, agencies had not yet implemented a number of GAO recommendations that represent key opportunities to mitigate risks in the following areas:
- Extreme weather and climate change - Prioritize efforts and target resources effectively. Enhance grid resilience efforts. Better manage climate-related risks
- Cyberattacks - Assess all cybersecurity risks. Address risks to distribution systems Consider changes to current standards. Evaluate potential risks of a coordinated attack
FEMA has approved grants of more than $4.7 million for two hazard mitigation projects for the city of Panama City to reduce its risk of critical facility failure during future disasters. Funding from FEMA’s Hazard Mitigation Grant Program (HMGP) was approved in response to a proposal by the city after Hurricane Michael in 2018.
Millville Wastewater Treatment Plant: $2,653,956 for the purchase and installation of twin permanent generators to support the critical operations of the plant. They will be connected to the main electrical transfer system by a switchgear and an underground duct bank, which provide a protected pathway for electrical transmission and allow the city to provide continued service to the community during future power outages.
Sanitary Sewer Lift Stations: $2,052,265 for Phase One in a proposed project to provide flood protection and improvements to 13 sanitary sewer lift stations within the city, including surveying, engineering, design, plan preparation, permitting and the bidding for Phase Two approval. If approved, the project proposes different mitigation actions depending on the needs and assessment of each of the 13 sites to include relocation, elevation or strengthening against storm surge and wave-action hazards.
The HMGP provides funding to help communities eliminate or reduce disaster-related damage. Following a major disaster, a percentage of a state’s total federal recovery grants is calculated to help develop more resilient communities. Florida has an Enhanced Hazard Mitigation Plan that allows more funding to be available for post-disaster resilience projects. States with the enhanced plan receive HMGP funds based on 20% of their total estimated eligible federal disaster assistance.
For days leading up to the disaster, Mr. Harisaran Shrestha had been listening to warnings about floods in the Melamchi, a river that flows through the foothills of the Himalayas in central Nepal. At least one local FM radio was repeatedly broadcasting notices about the possible release of water from the reservoir of a nearby drinking-water project and urging the public to avoid river banks and to refrain from activities like fishing, sand mining, and gravel collecting.
The local police and representatives were also issuing similar warnings around the town via microphones and loudspeakers.
Owing to these forewarnings, when the flood eventually hit his hometown, Melamchi Bazar, northeast of Kathmandu in Sindhupalchowk district, in June 2021, Mr. Shrestha was better prepared to react to the deluge. “As soon as it became apparent that the flood was going to sweep the entire town, I used my bus to ferry women, children, and disabled people in the neighbourhood to a safer location,” said Mr. Shrestha.
On June 15, just an hour after the final warning from the radio and police announcement on loudspeaker, massive floods near the confluence of the Melachmi River and the Indrawati River swept through the settlements near Shrestha’s hometown, killing at least five people and destroying property worth millions of rupees. At least a dozen people remain missing more than two months after one of the worst disasters in the town's history.
Despite saving many lives, Mr. Shrestha could not save his belongings because he had underestimated the scale of the disaster. “Our home was at a considerable distance from the river. It never occurred to me that the swollen river’s waters would reach this far,” Mr. Shrestha recalled in an interview.
Now displaced by the flood, Mr. Shrestha, 38, has been living with a family of six in a temporary shelter. The river, which has changed its course, now runs through his home and farmland.
“The river took everything. Thankfully, all of us are safe,” said Mr. Shrestha.
Mr. Dev Raj Subedi, the manager of Radio Melamchi, which issued the flood warnings, said that the alerts had proved effective in saving hundreds of lives, although only a few households managed to save some of their possessions--those they could carry with them. Radio Melamchi has been ritually providing flood-related warnings to the municipality’s estimated 50,000 inhabitants for the last few years, especially after the Melamchi Drinking Water Project gathered momentum in the 2010s.
“We issued the warning as soon as a government official informed us about the flood upstream. The warning proved especially helpful in the town area, whose inhabitants had the means to access the warning. That was one of the reasons there were no deaths in the town area,” shared Mr. Subedi.
Melamchi’s case is the latest example of how the growing use of mass media and early warning systems through data collected from meteorological and hydrological stations and rainfall-runoff model is proving effective in saving lives in Nepal, which is highly susceptible to disasters, owing to its topography and its hundreds of big and small rivers.
Every year, floods and landslides wreak havoc in Nepal, leading to huge numbers of casualties and untold destruction of property. Hill settlements are particularly vulnerable to landslides and flash floods, while riverine floods routinely deluge the lowland areas bordering India.
Every year during the rainy season, hundreds of families lose their house, agricultural yield, and means of livelihood, pushing them further into poverty.
Between 13 April to 16 October in 2020, floods and landslides killed at least 337 Nepalis, wiped out thousands of houses, and destroyed property worth billions of rupees, according to an estimate by Nepal’s Ministry of Home Affairs. More than 100 people remain missing on account of those floods.
Numerous factors including the 2015 earthquake, infrastructural projects and climate change have contributed to increasing disasters, according to experts. For instance, Sindhupalchowk district, the epicenter of the 7.8 magnitude earthquake that rattled Nepal in 2015, has seen a marked increase in landslides and floods following the tragedy that killed over 9,000 people.
Mr. Bikram Shrestha Zoowa, a senior Divisional Hydrologist at the Department of Hydrology and Meteorology, in Kathmandu, said that climate-induced hazards and unplanned development are emerging as challenges in recent decades.
Examples include recent disasters such as the Setigandaki flood in Kaski, Jure landslide-Sindhupalchowk in 2014, a Glacial Lake Outburst Flood (GLOF) in Tibet immediately above the Bhotekoshi River in Sindhupalchowk in 2016; a dry landslide in the Kaligandaki Corridor after the 2015 earthquake, another GLOF in Barun valley obstructing the flow of Arun River in 2017, and numerous climate-induced landslides during the 2020 monsoon and this year, said Mr. Shrestha Zoowa.
“Human interventions such as road construction in hill slopes without considering geological studies are certainly the causes of the region’s geological fragility, which results in small and big landslides in hilly regions. This is the man-made effect in addition to earthquakes responsible for hazards.”
According to the latest Intergovernmental Panel on Climate Change report, global temperature is expected to reach or exceed 1.5 degrees Celsius of warming averaged over the next 20 years. In 2019, a landmark report
by the International Centre for Integrated Mountain Development, an intergovernmental center based in Nepal, warned that a two-degree temperature rise could melt half of the glaciers in the Hindu Kush Himalaya region, destabilising Asia’s rivers.
In recent years, to minimise loss of life and property, an increasing number of communities vulnerable to disasters have begun to integrate social media platforms--such as Facebook and Twitter--and other technologies to provide early warnings. And as with Radio Melamchi, more than 500 FM radio stations across Nepal are being used to disseminate news and timely warnings. Many other local bodies are integrating SMS text messages to provide real-time alerts for people living in disaster-prone zones.
In Kailali, a western Nepal district bordering India’s Uttar Pradesh, flood warnings through SMS alerts and phone calls have proven effective in saving lives in settlements spread along the Karnali River Basin.
“When massive floods hit our village in 2016, most of the villagers with mobile phones had received SMS alerts three hours before the disaster. Those three hours gave us ample time to save not just our lives, but also our livestock and essentials like some grains and documents,” said Ms. Sajita Tharu of Laxmipur village in Kailali district. “Thankfully, we have not faced that kind of flood in recent years but we continue to receive alerts if water rises above the danger level. That allows us to remain mentally prepared and save essentials in case the flood hits us.”
As part of the community-based early warning approach, residents living in catchment areas constantly pass on information about the water level in their area to residents of villages downstream. The community groups also get constant flood alerts from the Department of Hydrology’s regional station. The alerts--including text messages, phone calls, and information from weatherboards--are widely circulated by the members of the Community Disaster Management Committees, which were formed by programs designed to enhance the communities’ flood resilience. Most members of these user committees are women, as many working-age men migrate to India or other countries in search of jobs.
Ms. Manakala Kumari Chaudhari, the deputy mayor of Rajapur Municipality in far-western Nepal, said that the timely early warning system in his area has been instrumental in saving lives and properties. As soon as the water level rises above the danger level upstream, several people who own mobile phones in his municipality--a delta created by the Karnali River--receive warnings.
“Save for some exceptions, most locals respond to warnings and take the required safety measures. The timely alerts also provide ample time for all stakeholders to make the necessary preparations for disasters,” said Ms. Chaudhari.
Such timely warnings are critical because they provide enough time to save lives. The area is susceptible to constant floods from big rivers like the Karnali and Babai and from small streams, which are usually dry in other seasons.
In preparation for the seasonal floods, communities in western Nepal have also built community shelters, animal sheds to shelter their livestock and grain-storage facilities to save grains.
Since Nepal adopted federalism in 2015, there have been efforts at all three levels of government to embrace disaster-resilience policies. The central government, the provincial government, as well as many local governments have adopted policies related to disaster risk reduction. Recently, under the Home Ministry, the National Disaster Risk Reduction and Management Authority prepared the National Monsoon Early Preparedness and Response Work Plan
2021. However, questions remain around the implementation of these policies and the authorities’ ability to handle large-scale disasters, especially owing to their lack of resources. Moreover, growing landslides along newly constructed highways, hydropower projects and other infrastructures-- many of which were cleared after proper Environment Impact Assessment--- have reinforced the need for better policies to promote resilient infrastructure.
But overall, the early warning systems seem to be reducing the impacts of floods in many parts of Nepal. Mr. Shrestha Zoowa, the hydrologist, said that early warning systems have proven effective in saving hundreds of lives every year, especially in vulnerable settlements along big rivers such as the Karnali, Babai, Narayani, and Koshi. The data gathered from weather stations, rainfall-runoff models are disseminated in form of daily bulletins through various media platforms, while the weather forecast relies on the Weather Research and Forecasting model, an advanced numerical weather prediction framework designed for operational forecasting and atmospheric research needs.
In recent years, the Department of Hydrology and Meteorology has been working with various non-governmental organizations in developing disaster information management systems and online databases to provide real-time information to augment its early warning systems.
The Disaster Risk Reduction Portal and Nepal Government GeoPortal, among other platforms, provide information gathered from various hydro-meteorological stations in Rasuwa, Solukhumbu, Kaski, Dolpa, Humla, Dolakha, Jumla, Sankhuwasabha and Manang districts.
“For most flood events, we have effective plans, technologies, and historical information to issue timely and reliable warnings to vulnerable settlements. But we lack an effective early warning system for flash floods in the hills and for settlements along small rivers, which are highly unpredictable,” said Mr. Shrestha Zoowa.
Nepal also needs to do more to ensure that people respond to early warnings. Although many local communities are making good use of weather forecasts and flood alerts, some are unable to take advantage of the information, often because they lack the economic means and/or technical knowledge to know what to do. Often the warning messages come with technical jargon and they may not effectively relay the impact information of the disaster relevant to people’s day to day life and experience. “The early warning systems have become much better over the years but there is still a lot to be done,” said Mr. Shrestha Zoowa.