UNOCT launches five new thematic guides on Protecting Vulnerable Targets Against Terrorist Attacks

The United Nations Office of Counter-Terrorism (UNOCT) hosted a high-level virtual event to launch five new specialized guides (modules) dedicated to the protection of particularly vulnerable targets against terrorist attacks, on 6 September 2022. “Vulnerable targets” refers to public places (e.g. tourist venues, urban centers, religious sites) or critical infrastructure (e.g. public transportation systems, energy sector) which are easily accessible and relatively unprotected, and therefore vulnerable to terrorist attacks.

The online launch event was opened by the Under-Secretary-General of the United Nations Office of Counter-Terrorism (UNOCT), Mr. Vladimir Voronkov, along with the Permanent Representative of Qatar to the United Nations, H.E. Ambassador Alya Ahmed Saif Al-Thani; Acting Executive Director of the United Nations Counter-Terrorism Committee Executive Directorate (CTED), Mr. Weixiong Chen; Director of the United Nations Interregional Crime and Justice Institute (UNICRI) Ms. Antonia Marie De Meo; and Chief of Cabinet of the Under-Secretary-General of the United Nations Alliance of Civilizations (UNAOC), Ms. Nihal Saad.

The participants included decision-makers, practitioners and experts on vulnerable targets protection from Member States, international and regional organizations, the private sector, civil society and academia, including members of the United Nations Global Expert Network to Protect Vulnerable Targets against Terrorist Attacks.

The high-level opening was streamed live via UN WebTV. It will be followed by an expert session, during which Member States will share experiences, good practices and tools related to the themes of the five modules:

1. The protection of “soft" targets;
2. The protection of touristic sites;
3. The protection of religious sites and places of worship;
4. The protection of urban centres; and
5. Threats posed by unmanned aircraft systems (UAS) to vulnerable targets.

The 5 modules are published in Arabic, English, French and Russian and are presented by the United Nations Global Programme on Countering Terrorist Threats Against Vulnerable Targets, which is led by UNOCT and jointly implemented with CTED, UNICRI and UNAOC.

The new guides present the knowledge and resources and lessons learned identified during the three Expert Group Meetings held by UNOCT with partners CTED, UNAOC and UNICRI in 2021. They also complement the 2018 United Nations Compendium of Good Practices on the Protection of Critical Infrastructure (CIP) against Terrorist AttacksPDF by focusing on public places/"soft" targets as distinct types of sites worthy of a dedicated security approach. The guides feature specific case studies, good practices and recommended tools from around the world to support both the public and private sectors to further strengthen the safety and security of their public places, keeping them open and accessible and promoting shared responsibility.

New IAEA Safety Guide on Emergency Preparedness and Response for the Transport of Radioactive Material

Historically, emergencies during the transport of radioactive material have had none or very limited radiological consequences, which have been resolved quickly. However, no matter how safe packages for the transport of radioactive material are, emergencies can still occur during transit, for which prompt action is required to ensure that the public and the environment are protected effectively. A newly released IAEA Safety Guide — Specific Safety Guide on Preparedness and Response for a Nuclear or Radiological Emergency Involving the Transport of Radioactive Material — addresses a wide range of possible emergencies, including those associated with very low probability events which might have significant radiological consequences.

"The field of transportation of radioactive material is one where radioactive material is intentionally moved across the public domain. Hence, transport activities involving radioactive material should be carried out in accordance with safety requirements and security guidance,” said Farid Abdelmounim, Senior Engineer at the Centre National de Radioprotection, Ministry of Health, Morocco. “This new guide addresses important emergency preparedness and response (EPR) concepts such as the protection strategy, the concept of operations and the interface with nuclear security. “

This publication, co-sponsored with the International Civil Aviation Organization and the International Maritime Organization, provides recommendations on preparedness and response for a nuclear or radiological emergency involving the transport of radioactive material.
Preparedness and response for transport emergencies

The recommendations in this guide are aimed at countries; “consignors”, who prepare shipments for transport, carriers, who transport them; “consignees”, who receive them; regulatory bodies; and, response organizations.

Each of these roles are vital in emergency preparedness and response and their responsibilities include the following:

governments, for example, should ensure that the responsibilities of national and local government for a transport emergency are clearly defined, and that the national coordinating mechanism for nuclear and radiological emergencies includes the authorities responsible for transport safety and security;

consignors and carriers have the primary responsibility to ensure that adequate emergency arrangements are in place for a given shipment, and that those arrangements follow the national emergency arrangements of all the States relevant to the shipment; and,

carriers should ensure that emergency instructions and information applicable to the consignment are carried with the consignment on the conveyance (road vehicle, train, aircraft or sea vessel) at all times, and that this information is readily available to response organizations in the event of an emergency.

“The main objectives of the publication, and the associated training, are to bring together the emergency preparedness and response community and the transport community, to exchange ideas and experiences including on how best to coordinate and integrate emergency arrangements with safety and security measures in protecting the public and the environment from harmful effects of exposure to ionizing radiation,” said Svetlana Nestoroska Madjunarova, Emergency Preparedness Coordinator at the IAEA’s Incident and Emergency Centre.
Bridging the transport and emergency preparedness and response (EPR) communities

Radioactive material has a wide range of applications, and as a result, millions of packages containing radioactive material are transported every year by rail, road, sea, air or inland waterway. This includes the movement of containers (casks) carrying spent nuclear fuel from operating and decommissioning nuclear reactors and sealed radioactive sources, which are used widely in medicine, industry, and agriculture.

Effective preparedness and response for transport emergencies involving radioactive material is thus a topic that has broad relevance for all countries, irrespective of whether they have a nuclear power programme.

To heighten awareness of this topic, two trainings on the new guide were carried out last year, with at least two more planned for 2022.

“A transport emergency is different than an emergency in a fixed facility. A transport emergency can take place anywhere, in the middle of a busy city, or in a remote location where first responders may be hours away,” said Luis Portugal, Head of the Emergency Preparedness and Response Unit of the Portuguese Environment Agency, who contributed to the development of the training in conjunction with the IAEA. “When we designed the training, we wanted to raise awareness in the emergency preparedness and response community, and the transport safety community, of the particularities of an emergency occurring during the transport of radioactive materials and how these can impact the planning for, and response to, any event,” he added.

“The transport safety regulatory requirements set out in the IAEA Safety Standard Series — SSR-6 (Rev.1) — have benefitted from continuous review and development since they were first introduced in 1961. Complemented by the IAEA safety requirements in the IAEA General Safety Requirements Part 7, they help in effective regulation of transport safety and establishment of effective emergency arrangements during the transport of radioactive material,” said Stephen Whittingham, former Head of the Transport Safety Unit in the Division of Radiation, Transport and Waste Safety. “With this Safety Guide and associated training material supporting the implementation of these two sets of safety requirements, we contribute further to their practical implementation in countries to protect the public and the environment effectively from the harmful effects of ionizing radiation.”

USDA invests more than $698,000 in critical infrastructure to combat climate change

The U.S. Department of Agriculture announced this week that USDA Rural Development will invest more than $698,000 in critical infrastructure to combat climate change across rural Missouri.

Among the funded projects is Macon Coca-Cola Bottling Company's installation of a 46.98 kilowatt solar array system. The company will use a $20,000 Rural Energy for America Program grant to replace 71,831 killowatt hours (100% of the company's energy use) per year, saving the company more than $6,000.

The investments reflect the goals of President Biden’s Inflation Reduction Act, which addresses immediate economic needs and includes the largest ever federal investment in clean energy for the future, the USDA said.

For example, the Act includes $14 billion in funding for USDA programs that support the expansion of biofuels and help rural businesses and electric cooperatives transition to renewable energy and zero-emission systems.

USDA is making these investments through Community Facilities Disaster Grants, Rural Energy for America Program Renewable Energy Systems & Energy Efficiency Improvement Guaranteed Loans & Grants, and Rural Energy for America Program Energy Audits and Renewable Energy Development Grants.

CISA Releases New Insight on Preparing Critical Infrastructure for the Transition to Post-Quantum Cryptography

The Cybersecurity and Infrastructure Security Agency (CISA) released a new CISA Insight, Preparing Critical Infrastructure for Post-Quantum Cryptography, which provides critical infrastructure and government network owners and operators an overview of the potential impacts from quantum computing to National Critical Functions (NCFs) and the recommended actions they should take now to begin preparing for the transition.

While quantum computing promises greater computing speed and power, it also poses new risks to critical infrastructure systems across the 55 NCFs. This CISA Insight incorporates findings from an assessment conducted on quantum vulnerabilities to the NCFs to understand the urgent vulnerabilities and NCFs that are most important to address first and the three NCF areas to prioritize for public-private engagement and collaboration.

“While post-quantum computing is expected to produce significant benefits, we must take action now to manage potential risks, including the ability to break public key encryption that U.S. networks rely on to secure sensitive information,” said Mona Harrington, acting Assistant Director National Risk Management Center, CISA. “Critical infrastructure and government leaders must be proactive and begin preparing for the transition to post-quantum cryptography now.”

In March 2021, Secretary of Homeland Security Alejandro N. Mayorkas outlined his vision for cybersecurity resilience and identified the transition to post-quantum encryption as a priority.

To ensure a smooth and efficient transition, CISA encourages all critical infrastructure owners to follow the Post-Quantum Cryptography Roadmap along with the guidance in this CISA Insight. The roadmap includes actionable steps organizations should take, such as conducting an inventory of their current cryptographic technologies, creating acquisition policies regarding post-quantum cryptography, and educating their organization’s workforce about the upcoming transition.

Emergency telecommunications preparedness: Return on investments model

In a world increasingly characterized by uncertainty, emergency preparedness is a powerful way to improve the capacity of communities and countries to withstand disasters. Investment in emergency preparedness builds resilience, thereby limiting the loss of life and protecting infrastructure.

The Emergency Telecommunications Cluster (ETC) has developed a model to assess the benefits of investment in emergency telecommunications preparedness. This will build a pool of evidence to promote preparedness, ultimately encouraging stakeholders to build disaster-resilient telecommunications in high-risk countries across the globe.

The new Return on Investment (ROI) model aims to quantify and qualify the benefits of investments in emergency telecommunications preparedness. It can be used by all humanitarian partners engaged in emergency telecommunications preparedness. It is built on the practical emergency preparedness expertise and experiences of the ETC in different countries.

IOM supports Palau to build community resilience and preparedness to natural hazards

The Republic of Palau is exposed to natural hazards such as storm surges, typhoons, earthquakes, and tsunamis that can result in localized and national emergencies as well as population displacement.

The International Organization for Migration (IOM), in partnership with the National Emergency Management Office (NEMO), has been working closely with the Government of the Republic of Palau (Palau) and community members to prepare for, and respond in a timely manner to, lifesaving needs during natural hazards and shocks.

IOM, under the Palau Emergency Preparedness and Enhanced Resilience project, funded by the United States Agency for International Development’s Bureau of Humanitarian Assistance, engaged the Government of the Republic of Palau, NEMO, Palau Red Cross Society, Ministry of Education, and community members in tabletop exercises to test emergency response plans and procedures and address operational gaps by working closely with relevant authorities.

"Employing a comprehensive approach to disaster risk management requires the contribution and engagement of various government actors as well as community group representatives at all stages of the preparedness, response and recovery process," says Salvatore Sortino, Chief of Mission to IOM Federated States of Micronesia, Republic of the Marshall Islands, and Republic of Palau.

"Tabletop exercises like these are key to ensuring comprehensive understanding and full ownership of respective roles and responsibilities. We are extremely grateful to NEMO for their leadership in these exercises," Sortino added.

IOM together with key government and non-government representatives reviewed Early Warning Processes to improve early warning systems, underlining roles and responsibilities of stakeholders in the event of a natural hazard.

In Melekeok State, where tsunami preparedness systems need strengthening, IOM conducted a tabletop exercise to simulate hazard events and enable coordination on effective use of emergency communication channels, emergency evacuation routes, and school evacuation procedures among other critical aspects of tsunami response.

These tabletop exercises complement ongoing efforts to address critical needs by improving evacuation shelters and their management to minimize injury and loss of life, as well as testing government response structures and pre-positioning relief items.

IOM revamped five emergency evacuation shelters (EES) including the installation of typhoon shutters, and provision of water tanks, generators, and solar lights.

Additionally, through the project, more than 80 community representatives in five states have been trained on EES management, and five water quality management teams have been established and trained.

TSA revises and reissues cybersecurity requirements for pipeline owners and operators

The Transportation Security Administration (TSA) announced the revision and reissuance of its Security Directive regarding oil and natural gas pipeline cybersecurity. This revised directive will continue the effort to build cybersecurity resiliency for the nation’s critical pipelines.

Developed with extensive input from industry stakeholders and federal partners, including the Department’s Cybersecurity and Infrastructure Security Agency (CISA), the reissued security directive for critical pipeline companies follows the directive announced in July 2021. The directive extends cybersecurity requirements for another year, and focuses on performance-based – rather than prescriptive – measures to achieve critical cybersecurity outcomes.

“TSA is committed to keeping the nation’s transportation systems safe from cyberattacks. This revised security directive follows significant collaboration between TSA and the oil and natural gas pipeline industry. The directive establishes a new model that accommodates variance in systems and operations to meet our security requirements,” said TSA Administrator David Pekoske. “We recognize that every company is different, and we have developed an approach that accommodates that fact, supported by continuous monitoring and auditing to assess achievement of the needed cybersecurity outcomes. We will continue working with our partners in the transportation sector to increase cybersecurity resilience throughout the system and acknowledge the significant work over the past year to protect this critical infrastructure.”

Following the May 2021 ransomware attack on a major pipeline, TSA issued several security directives mandating that critical pipeline owners and operators implement several urgently needed cybersecurity measures. In the fourteen months since this attack, the threat posed to this sector has evolved and intensified. Reducing this national security risk requires significant public and private collaboration.

Through this revised and reissued security directive, TSA continues to take steps that protect transportation infrastructure from evolving cybersecurity threats. TSA also intends to begin the formal rulemaking process, which will provide the opportunity for the submission and consideration of public comments.

The reissued security directive takes an innovative, performance-based approach to enhancing security, allowing industry to leverage new technologies and be more adaptive to changing environments. The security directive requires that TSA-specified owners and operators of pipeline and liquefied natural gas facilities take action to prevent disruption and degradation to their infrastructure to achieve the following security outcomes:

- Develop network segmentation policies and controls to ensure that the Operational Technology system can continue to safely operate in the event that an Information Technology system has been compromised and vice versa;
- Create access control measures to secure and prevent unauthorized access to critical cyber systems;
- Build continuous monitoring and detection policies and procedures to detect cybersecurity threats and correct anomalies that affect critical cyber system operations; and
- Reduce the risk of exploitation of unpatched systems through the application of security patches and updates for operating systems, applications, drivers and firmware on critical cyber systems in a timely manner using a risk-based methodology.

Pipeline owners and operators are required to:

- Establish and execute a TSA-approved Cybersecurity Implementation Plan that describes the specific cybersecurity measures the pipeline owners and operators are utilizing to achieve the security outcomes set forth in the security directive.
- Develop and maintain a Cybersecurity Incident Response Plan that includes measures the pipeline owners and operators will take in the event of operational disruption or significant business degradation caused by a cybersecurity incident.
- Establish a Cybersecurity Assessment Program to proactively test and regularly audit the effectiveness of cybersecurity measures and identify and resolve vulnerabilities within devices, networks, and systems.

These requirements are in addition to the previously established requirement to report significant cybersecurity incidents to CISA, establish a cybersecurity point of contact and conduct an annual cybersecurity vulnerability assessment.

DOE Announces $45 Million for Power Grid Cyber Resilience

The U.S. Department of Energy (DOE) has announced $45 million to create, accelerate, and test technology that will protect the electric grid from cyber attacks.

Cyber threats to American energy systems can shut down critical energy infrastructure and disrupt energy supply, the economy, and the health of American consumers. Cybersecurity remains a priority as clean energy technologies deployed on the grid become highly automated.

Earlier this year, Supervisory Special Agent Ted P. Delacourt, a federal civilian working in the Mission Critical Engagement Unit of the Cyber Division at the Federal Bureau of Investigation, wrote that a cyber attack on one critical infrastructure sector may initiate a failure in another or cascade to the entire interconnected critical infrastructure network.

“The ubiquitous nature of these critical infrastructure sectors and the distribution of their physical and networked assets across a wide geographical area, often spanning the entire country, make them attractive targets,” Delacourt wrote for HSToday. “State, non-state, and criminal actors continually seek victims of opportunity across all critical infrastructure sectors for monetary and strategic gain.”

Delacourt warned that cyber attacks on critical infrastructure will continue to grow in number and frequency and continue to escalate in severity.

Combined with the additional grid upgrades funded in the Bipartisan Infrastructure Law and the Inflation Reduction Act, the latest DOE announcement means the United States will have an opportunity to build greater cyber defenses into its energy sector. The $45 million funding announced on August 17 will support up to 15 research, development, and demonstration (RD&D) projects that will focus on developing new cybersecurity tools and technologies designed to reduce cyber risks for energy delivery infrastructure. Building strong and secure energy infrastructure across the country is a key component of reaching President Biden’s goal of a net-zero carbon economy by 2050.

“As DOE builds out America’s clean energy infrastructure, this funding will provide the tools for a strong, resilient, and secure electricity grid that can withstand modern cyberthreats and deliver energy to every pocket of America,” said U.S. Secretary of Energy Jennifer M. Granholm. “DOE will use this investment to continue delivering on the Biden Administration’s commitment to making energy cheaper, cleaner, and more reliable.”

DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) will fund up to 15 research projects that will establish or strengthen existing research partnerships with energy sector utilities, vendors, universities, national laboratories, and service providers working toward resilient energy delivery systems. The effort will lead to the creation of next-generation tools and technologies designed to reduce cyber incident disruption to energy delivery. Researchers will aim to develop tools and technologies that enable energy systems to autonomously recognize a cyber attack, attempt to prevent it, and automatically isolate and eradicate it with no disruption to energy delivery.

There are six proposed topic areas for the projects, which include:

- Automated Cyber Attack Prevention and Mitigation: This topic area will focus on tools and technologies that enable energy systems to autonomously recognize and prevent cyber attacks from disrupting energy.
- Security and Resiliency by Design: This topic area will focus on tools and technologies that build cybersecurity and resilience features into technologies through a cybersecurity-by-design approach.
- Authentication Mechanisms for Energy Delivery Systems: This topic area will focus on tools and technologies that strengthen energy sector authentication.
- Automated Methods to Discover and Mitigate Vulnerabilities: This topic area will focus on tools and technologies that address vulnerabilities in energy delivery control system applications.
- Cybersecurity through Advanced Software Solutions: This topic area will focus on developing software tools and technologies that can be tested in a holistic testing environment that includes a development feedback cycle.
- Integration of New Concepts and Technologies with Existing Infrastructure: This topic area will require applicants to partner with energy asset owners and operators to validate and demonstrate cutting-edge cybersecurity technology that can be retrofitted into existing infrastructure.

[source: HS Today]

UNODC improves Port Security in Rodrigues Island, Mauritius in the Indian Ocean

Rodrigues is an autonomous outer island of the Republic of Mauritius, located in the Indian Ocean between the African and Asian continents with an estimated population of 43,538 people.

In line with the United Nation’s Office on Drugs and Security (UNODC) Strategic Vision for Africa 2030, under investment area 3 ‘Protecting Africa’s Resources and Livelihoods’ UNODC conducted a 10 - day extensive training on Port Security with officials from Mauritius Port Security.

The training equipped participants with relevant skills and modern techniques to combat Maritime Crimes and improve port security. Overall, this will also contribute to attainment of the United Nation’s Sustainable Development Goal 14 on Life Below Water, targeting Sustainable Management and Protection of Marine and Coastal Ecosystems.

“It’s not a secret to anybody that transnational organized maritime crime poses a significant threat to the national security with implication on public safety and economic activities. Now all those crimes are increasingly committed using more sophisticated means whereby offenders are constantly exploring all means to improve their crime. We are in the urgency to get ourselves prepared to face the challenges. This training comes at the right moment” says Raphael Jean Maxcy, Police Sergeant and Assistant Officer in Charge of National Coast Guard, Rodrigues.

Leung Kei, Administrative officer at Port Associated Portage Operations, Lighterage and Cargo Services (PAPOL & C.S) quips, “The training will help me a lot in my daily work mainly in port security. It has opened our eyes so that in the future we know how to deal with all security matters at the port. Although we do not have big cases of insecurity, at the depot where clients come to pick their delivery, we must be very vigilant now as drug trafficking is becoming popular in Rodrigues, little by little”.

Southeast Asia Flash Flood Guidance System Launched

The Southeast Asia Flash Flood Guidance System (SeAFFGS) has been officially launched, ushering in the prospect of improved early warnings for a major natural hazard, which accounts for a significant portion of the lives lost and property damages due to flooding in the region.

Under a new agreement, the SeAFFGS will be operated by the Viet Nam Meteorological and Hydrological Administration (VNMHA), which is providing effective flash flood guidance and forecasts within Viet Nam and will act as the regional center covering Cambodia, Lao PDR, and Thailand, providing forecast products, data, and training.

The new regional centre will strengthen the World Meteorological Organization’s global Flash Flood Guidance System network, which now covers 67 countries and is a key plank in WMO’s campaign to ensure that Early Warning services reach everyone in the world in the next five years.

Flash floods claim the lives of thousands of people every year and have big social, economic and environmental impacts. Southeast Asia has a tropical monsoon climate and is one of the regions heavily affected by hydrological disasters such as flood, flash floods and landslides. It has long been recognized that the development and implementation of a flash flood forecasting system would greatly enhance public safety.

Accurate and timely warning of flash floods enables the mandated national authorities to undertake appropriate measures, thereby supporting them to protect the population at risk from their disastrous effects.A Memorandum of Understanding was signed at a ceremony at WMO headquarters on 8 August, formally designating VNMHA as the SeAFFGS Regional Centre and underlining mutual commitment to improve hydrological activities and early warnings across Southeast Asia.

“After 5 years of hard works and remarkable efforts, a flash flood guidance system in South East Asia was officially established which I believe will save a lot of lives and reduce significant damage cost for the region. The MOU signing ceremony today marks a very important milestone for the Southeast Asia community in general and for Vietnam in particular to enhance resilience to disasters,” said Professor Tran Hong Thai, VNMHA Administrator.

Dr Wenjian Zhang, Assistant Secretary-General of WMO said the Regional Centre would play a critical role in the overall functioning of the SeAFFGS project, strengthening collaboration and increasing the capacity of participating National Meteorological and Hydrological Services to provide timely and accurate forecasts and warnings of hydrometeorological hazards. He spoke on behalf of WMO Secretary-General Prof. Petteri Taalas.

The SeAFFGS has been developed under the project “Building Resilience to High-Impact Hydrometeorological Events through Strengthening Multi-Hazard Early Warning Systems (MHEWS) in Small Island Developing States (SIDS) and Southeast Asia (SEA)”, which is funded by the Government of Canada (Environment and Climate Change Canada – ECCC), and implemented by the World Meteorological Organization and the Hydrologic Research Center (HRC), while National Oceanic and Atmospheric Administration (NOAA) is a satellite data provider into the System.
Flash flood guidance system for Southeast Asia

Following the signing of the MoU, the Regional Centre now carries the responsibility of, maintaining the server used for SeAFFGS and securing File Transfer Server to exchange data and information, provision of capacity-building initiatives and to facilitate effective coordination among members involved in SeAFFGS.

Flash floods differ from river floods in their short time scales and occurrence on small spatial scales, which makes flash flood forecasting a different challenge from large-river flood forecasting. In flash floods forecasting, we are concerned foremost with the forecast of occurrence, and herein focus on two causative events: 1) intense rainfall; and 2) rainfall on saturated soils. Flash floods occur throughout the world, and the development times vary across regions from minutes to several hours depending on the land surface, geomorphological and hydrometeorological characteristics of the region. However, for the majority of these areas, there exists no formal process or capacity for developing flash flood warnings.

1 2 3 27