Category: Industry News

Industry News

ENISA 5G Threat Landscape Report Updated to Enhance 5G Security

Agency News, Cyber Security CII sector, Industry News
The European Union Agency for Cybersecurity (ENISA) published an updated version of its 5G threat assessment report to address advancements in the areas of fifth generation of mobile telecommunications networks (5G) and to contribute to the implementation of the EU 5G toolbox cybersecurity risk mitigating measures.
The new ENISA Threat Landscape for 5G Networks report is a major update of the previous edition as it captures recent developments in 5G standardisation. The publication includes a vulnerability analysis, which examines the exposure of 5G components. The analysis explores how cyber threats can exploit vulnerabilities and how technical security controls can help mitigate risks.
European Union Agency for Cybersecurity Executive Director Juhan Lepassaar explained: “By providing regular threat assessments, the EU Agency for Cybersecurity materialises its support to the EU cybersecurity ecosystem.  This work is part of our continuous contribution to securing 5G, a key infrastructure for the years to come.”
The New Threat Landscape includes:
- An updated system architecture of 5G, indicating introduced novelties and assessed security considerations;
- A detailed vulnerability analysis of all relevant 5G assets, including their exposure to threats;
- A mapping of related security controls aiming at the reduction of threat surface;
- An update of the relevant threats in accordance with their exploitation potential of the assessed vulnerabilities;
- The consideration of implementation options – migration paths from 4G to 5G infrastructures;
- The development of a process map showing the contribution of operational, life cycle and security assurance processes to the overall security of 5G infrastructures;
- A new inventory of critical components.
The information produced for this report is based on publicly available content published by 5G market players (operators, vendors, and national and international organisations), standardisation groups and bodies (for example: 3rd Generation Partnership Project (3GPP); International Telecommunications Union (ITU); European Telecommunications Standardisation Institute (ETSI); International Organisation for Standardisation (ISO); the Global System for Mobile Communications (GSMA)).
One comment , ,

Asia-Pacific resolves to move from crisis to resilience

Agency News, Industry News, Power/Energy/Oil & Gas sector, Transport sector, Water sector
In 2019, the United Nations Office for Disaster Risk Reduction’s (UNDRR) Global Assessment Report called on countries to abandon “hazard-by-hazard” risk management, in favour of a holistic approach that examines risk in the context of its impact in systems, including cascading impacts.
A year later, the COVID-19 pandemic presented the world with an unfortunate case study of how systemic risk, if left untreated, can snowball into a disaster and a global crisis.
However, the pandemic was not the only disaster of the year, as 2020 saw countries in Asia-Pacific deal with a perfect storm of dual and multiple disasters, including droughts, floods and typhoons.
For countries in the region to guard against future disasters and mitigate the compounded impact of disasters, a fundamental shift in risk governance at national and local levels is required.
The post-COVID recovery process is one avenue to embed this new approach in socio-economic development processes, to avoid the creation of new risks while risk-proofing development gains.
However, some preconditions need to be met to facilitate this transformation, including committed leadership, investments, engagement of all sectors and stakeholders, and an embrace of science-based multi-hazard risk reduction. All of these elements are in line with the commitments that countries made in the adoption of the Sendai Framework for Disaster Risk Reduction 2015-2030.
The 2021 Asia-Pacific Ministerial Conference for Disaster Risk Reduction (APMCDRR), as the first major UNDRR regional platform since the onset of COVID-19, offers countries and stakeholders an opportunity to determine how these conditions can be met to achieve a transformation in risk governance.
With that goal, UNDRR and Australian Government, as the convener and host of the APMCDRR respectively, completed this week a major step in the roadmap to the ministerial conference, the organizing of the Asia-Pacific Partnership for Disaster Risk Reduction (APP-DRR) Forum.
The APP-DRR was organized on 1-2 December as a virtual meeting with 175 participants from 30 Asia-Pacific governments, over 10 intergovernmental organisations, several UN and international organizations, and stakeholder groups.
The Forum was kicked off with a statement by Ms. Mami Mizutori, Special Representative of the UN Secretary-General for Disaster Risk Reduction, who exhorted the participants to “think big and out of the box”. Opening remarks were made by the Australian Government:
"This forum is an important opportunity to take stock of how we're progressing against our Sendai commitments and to work together to accelerate this process," said Ms. Rebecca Bryant, Assistant Secretary at the Australian Department of Foreign Affairs and Trade, adding:
"Australia is firmly committed to working with countries to further enhance our region's resilience to disasters and to learn from each other's experience."
Of importance to the APMCDRR is building the disaster resilience of small island developing states in the Pacific. These countries are often the most vulnerable countries to extreme weather events, and still have to mobilize resources to counter a global pandemic.
Speaking on both aspects, the Honorable Dr. Ifereimi Waqainabete, Minister of Health and Medical Services in Fiji, said:
“Our coordinates cannot change... we need to understand as a nation that we are prone to disasters. We are prone to cyclones, droughts and other extreme weather events, almost every year,” emphasizing that “as leaders in our own right, we must continue to make better decisions in building resilience to ensure that the devastating impacts of disasters are mitigated and reduced.”
To make the right decisions, countries need to strengthen their data collection systems and understanding of risk, which in turn contributes to the development of sound national and local disaster risk reduction strategies.
On that front, UNDRR noted that the region was making progress in reporting on several Sendai Framework indicators, as 67% of countries in Asia-Pacific have reported some data as of October 2020.
However, challenges remain around the collection of data that is disaggregated by sex, age and disability, which hinders the effectiveness of planning to ensure no one is left behind.
Moreover, countries continue to face challenges in adopting integrated approaches that combine climate change adaptation with disaster risk reduction and expanding their risk governance mechanisms to other sectors.
As the availability of funding is often a hindrance to the implementation of risk reduction strategies, UNDRR presented recommendations on how countries could finance risk prevention.
Green investment offers a particularly effective way to fund climate change adaptation and risk reduction measures, as is highlighted in a report that was launched by UNDRR at the APP-DRR, titled ‘Ecosystem-Based Disaster Risk Reduction: Implementing Nature-based Solutions for Resilience.’
However, as a result of the downturn in economic activity caused by the COVID-19 crisis, it might be necessary for governments to increase their support for green investments as part of their recovery efforts.
“Financially constrained firms have weaker environmental performance and COVID-19 could be detrimental to environmental investments. Going forward, there will be a need for some forms of public support to encourage green recovery,” said Dr. Hiroko Oura from the International Monetary Fund.
The APP-DRR was also an opportunity for countries and stakeholder groups to voice their priorities and concerns. These reflections were posted on the event page and will help inform planning for APMCDRR.
Leave a comment , , ,

NIS Directive has Positive Effect, though Study Finds Gaps in Cybersecurity Investment Exist

Agency News, Cyber Security CII sector, Industry News
The European Union Agency for Cybersecurity (ENISA) released a new report on information security spending for network and information services (NIS) under the NIS Directive, the first EU-wide legislation on cybersecurity. The NIS Investments report is based on a survey of 251 organisations of operators of essential services (OES) and digital service providers (DSP) from France, Germany, Italy, Spain and Poland. Eighty-two percent of those surveyed reported the NIS Directive had a positive effect on their information security.
The new ENISA study examining cybersecurity spending states that 82% of Operators of Essential Services and Digital Services Providers find that the NIS Directive has a positive effect. However, gaps in investment still exist. When comparing organisations from the EU to those from the United States, data shows that EU organisations allocate on average 41% less to cybersecurity than their US counterparts.
NIS Directive Implementation
The report provides input to the European Commission’s review of the NIS Directive on the 16th of December, four years after the Directive entered into force and two years after the transposition into national law.
Challenges remain after the implementation of the Directive -- the lack of clarity of the NIS Directive expectations after transposition into national law was a common issue. More than 35% of organisations surveyed believe the NIS Directive expectations are unclear. Twenty-two percent of respondents listed limited support from national authorities as one of their top challenges when implementing the Directive.
Cybersecurity Investments: EU vs. US
When comparing organisations from the EU to organisations from the United States, the study shows that EU organisations allocate on average 41% less to information security than their US counterparts.
Key findings about the NIS Directive implementation in the NIS Investment report
- The average budget for NIS Directive implementation projects is approximately €175k, with 42.7% of affected organisations allocating between €100k and €250k. Slightly less than 50% of surveyed organisations had to hire additional security matter experts.
- Surveyed organisations prioritised the following security domains: Governance, Risk & Compliance and Network Security.
- When implementing the NIS Directive, 64% of surveyed organisations procured security incident & event log collection solutions, as well as security awareness & training services.
- “Unclear expectations” (35%)  and “Limited support from the national authority” (22%) are among the top challenges faced by surveyed organisations when implementing the NIS Directive.
- 81% of the surveyed organisations have established a mechanism to report information security incidents to their national authority.
- 43% of surveyed organisations experienced information security incidents with a direct financial impact to up to €500k, while 15% experienced incidents with over half a million euro.
Leave a comment ,

CISA Issue Emergency Directive to Mitigate Compromise of Solarwinds Orion Network Management Products

Agency News, Cyber Security CII sector, Industry News
The Cybersecurity and Infrastructure Security Agency (CISA) has issued Emergency Directive 21-01, in response to a known compromise involving SolarWinds Orion products that are currently being exploited by malicious actors. This Emergency Directive calls on all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.
“The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” said CISA Acting Director Brandon Wales. “This directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks against any exploitation.”
This is the fifth Emergency Directive issued by CISA under the authorities granted by Congress in the Cybersecurity Act of 2015. All agencies operating SolarWinds products should provide a completion report to CISA.
Leave a comment ,

ITU Forum addresses opportunities and challenges of 5G implementation in Europe

Industry News, Telecomms sector
“Just as 4G deployment was carried out across Europe with a strong focus on leaving no one behind, it is now our duty to ensure that an enabling regulatory environment sustains the deployment of 5G in a way that connectivity is leveraged by all and for all,” said Doreen Bogdan-Martin, Director of the Telecommunication Development Bureau at the ITU, as she welcomed participants of the ITU Regional Forum for Europe on 5G strategies, policies, and implementation.
The event was one of several milestones of the ITU Regional Initiative for Europe on broadband infrastructure, broadcasting and spectrum management.
Organized with the support of the Chancellery of The Prime Minister (KPRM) of the Republic of Poland, the Forum was opened by H.E. Mr. Marek Zagórski, Poland’s Secretary of State Government Plenipotentiary for Cybersecurity, who called for “connecting the unconnected” and “bridge the digital divide” as priorities in the context of Sustainable Development Goal (SDG) 10 on reducing inequality. Mr. Zagórski went on to highlight Poland’s achievements in the provision of high-quality connectivity towards an Internet Society by 2025, and called for the urgent need to address misinformation around 5G in Europe and beyond.
5G strategies and implementation dynamics
More than 50 speakers provided participants with a comprehensive overview of the status of 5G rollout, focusing on regional and national strategies and policies as well as other ongoing implementation challenges relevant to stakeholders in the Europe region.
The first day of proceedings saw context-setting interventions from the ITU Telecommunication Standardization Bureau (TSB) and the ITU Radiocommunication Bureau (BR), both of whom recognized excellent ITU cross-sectoral collaboration. Regional organizations and industry associations followed by discussing key priorities for the region, including the importance of international cooperation, industry collaboration, and regulation creating the necessary incentives for 5G deployment to deliver social and economic impact as well as the challenge of radiofrequency electromagnetic fields (RF-EMF).
Sessions 2 and 3 offered a detailed picture of the status of 5G implementation both in EU and non-EU countries. Administrations and National Regulatory Authorities recognized the importance of the transition to 5G converging towards the notion of “connecting everyone and everything” and reiterated how international cooperation must ensure a consistent deployment of 5G across the region, especially in context of the post-COVID economic recovery.
In his second day keynote, 2020 BEREC Vice-chair Jeremy Godfrey highlighted the importance of sustainability and resilience in the post-COVID-19 world.
From the 5G commercialization and market development perspective, industry representatives from satellite, mobile and equipment providers noted in Session 4 that efforts and expectations should be placed in the business-to-business (B2B) rather than in the business-to-customer (B2C) segment, and should focus on innovation-driven public-private partnerships as well as on the industrial IoT environment enabling emergence of 5G applications and ecosystems.
During the Forum’s final session on the challenge of increasing public concern about RF-EMF, it was widely agreed that the focus should shift from the scientific evidence, which is already there, to elaborating new strategies for 5G and EMF risk communication, as some countries have already undertaken.
New publications, upcoming priorities and next steps
In the context of the Forum, and to prioritize topics for future consideration at the regional level, the ITU Office for Europe announced the publication of two background papers.
One includes a series of country profiles on 5G implementation dynamics in 18 non-EU countries in the Region, featuring the implementation of 5G strategies, frequency allocation, EMF regulation as well as private sector trials and commercialization at the country level. The country profiles are designed to act as a reference for decision-makers and as a platform to monitor progress in reducing intra-regional gaps.
The other background paper on 5G and electromagnetic fields (EMFs) responds to concerns of administrations observed across Europe by referencing scientific evidence and recommendations as well as outlining key challenges and open questions, including misinformation and the social and economic cost for societies resulting from holding back 5G. The paper aims to support administrations in their efforts to elaborate communications on 5G at the national level.
The virtual meeting also hosted representatives of international and regional organizations such as the World Health Organization (WHO), International Commission on Non-Ionizing Radiation Protection (ICNIRP), the European Broadcasting Union (EBU), the Nordic Council of Ministers, Eastern Partnership Electronic Communications Regulators Network (EaPeReg), the Body of European Regulators for Electronic Communications (BEREC) and a number of National Regulatory Authorities and ICT Ministries from both EU and non-EU countries as well as important industry associations such as the European Telecommunication Network Operators’ Association (ETNO), the EMEA Satellite Operators Association (ESOA), the European Competitive Telecommunications Association (ECTA), DIGITALEUROPE, and GSMA.
3 comments , ,

New community benchmark on water infrastructure resilience released

Industry News, Water sector
The Alliance for National and Community Resilience (ANCR) released the third of its Community Resilience Benchmarks—the water benchmark, which addresses resilience of drinking water, wastewater and stormwater systems.
ANCR’s Community Resilience Benchmarks (CRBs) support communities in assessing their resilience and developing strategies for improvement. These benchmarks take a coordinated, holistic look at the people, services and processes that make communities work.
The water benchmark was developed by a committee of subject matter experts co-chaired by Andy Kricun, Managing Director at Moonshot Missions and Senior Fellow at the U.S. Water Alliance, and Jennifer Adams, an emergency management consultant. Committee members included representatives from the American Chemistry Council, American Water Works Association, Codes and Standards International, Denver Water, Ductile Iron Pipe Research Association, Dupont Water Solutions, McWane, New York City Department of Environmental Protection, North Carolina Department of Environmental Quality, and the U.S. Environmental Protection Agency.
“Water is such an essential aspect of communities. We’re grateful for the contributions made by committee members to help capture the policies and practices that support resilience in this sector,” said Evan Reis, Executive Director of the U.S. Resiliency Council and Chair of the ANCR Board of Directors.
“We look forward to working with communities to integrate the Community Resilience Benchmarks into their current resilience initiatives,” commented ANCR Executive Director Ryan Colker. “Not only does the Water Benchmark provide an excellent enhancement to the provisions contained the Buildings and Housing Benchmarks, but it also helps communities determine how their water systems and utilities contribute to their resilience goals to inform future investments that help protect residents and businesses from disaster.”
Communities are encouraged to pilot the benchmark and provide feedback to ANCR to support updates. For communities interested in piloting the water benchmark.
ANCR is a joint initiative of the International Code Council and the U.S. Resiliency Council that brings together representatives from the public and private sectors to advance a holistic approach to community resilience.
Leave a comment , ,

CISA Highlights Theft of FireEye Red Team Tools

Agency News, Cyber Security CII sector, Industry News

The Cybersecurity & Infrastructure Security Agency (CISA) has advised FireEye has released a blog addressing unauthorized access to their Red Team’s tools by a highly sophisticated threat actor. Red Team tools are often used by cybersecurity organizations to evaluate the security posture of enterprise systems. Although the Cybersecurity and Infrastructure Security Agency (CISA) has not received reporting of these tools being maliciously used to date, unauthorized third-party users could abuse these tools to take control of targeted systems. The exposed tools do not contain zero-day exploits.

CISA recommends cybersecurity practitioners review FireEye’s two blog posts for more information and FireEye’s GitHub repository for detection countermeasures:

Leave a comment ,

Focus on National Cybersecurity Capabilities: New Self-Assessment Framework to Empower EU Member States

Agency News, Cyber Security CII sector, Industry News
The EU Agency for Cybersecurity issues a National Capabilities Assessment Framework (NCAF) to help EU Member States self-measure the level of maturity of their national cybersecurity capabilities.
Developed with the support of 19 EU Member States, this framework was designed following an extensive exchange of ideas and good practices. The strategic objectives of the national cybersecurity strategies served as a basis of the study.
The framework was developed as part of the mandate of ENISA, as defined in the Cybersecurity Act. It falls under the provision to support EU Member States in building capacities in the area of national cybersecurity strategies through the exchange of good practices.
The key features
The self-assessment framework is composed of 17 objectives structured around 4 clusters. Each of these clusters is associated to a key thematic area for building cybersecurity capacity. Different objectives are also associated to each cluster. Based on 5 levels of maturity, specific questions were devised for each objective.
The clusters are as follows:
(I) Cybersecurity governance and standards - This dimension considers aspects of planning to prepare the Member State against cyber-attacks as well standards to protect Member States and digital identity
(II) Capacity-building and awareness - This cluster assesses the capacity of the Member States to raise awareness on cybersecurity risks and threats and on how to tackle them. Additionally, this dimension gauges the ability of the country to continuously build cybersecurity capabilities, increase knowledge and skills in the cybersecurity domain.
(III) Legal and regulatory - This cluster measures the capacity of the Member States to put in place the necessary legal and regulatory instruments to address cybercrime and also address legal requirements such as incident reporting, privacy matters, CIIP.
(IV) Cooperation - This cluster evaluates the cooperation and information sharing between different stakeholder groups at the national and international level.
Target Audience
The report issued is intended for policymakers as well as experts and officials responsible for, or involved in the design, implementation and evaluation of a national cybersecurity strategy and/or of national cybersecurity capabilities.
Why a capability assessment framework?
Cybersecurity capabilities are the main tools used by EU Member States to achieve the objectives of their National Cybersecurity Strategies. The purpose of the framework is to help Member States build and enhance cybersecurity capabilities by assessing their level of maturity.
The framework will allow EU Member States to:
- Perform the evaluation of their national cybersecurity capabilities.
- Increase the maturity level of awareness;
- Identify areas for improvement;
- Build new cybersecurity capabilities.
Leave a comment ,

Supporting cities in advancing a holistic and systemic approach to resilience in Central Asia

Agency News, Health & Social Care, Industry News, Water sector
The United Nations Office for Disaster Risk Reduction (UNDRR), within its project “Strengthening disaster resilience and accelerating implementation of Sendai Framework for Disaster Risk Reduction in Central Asia”, engages with the capital cities of Central Asia with the aim to support local governments to reduce risks and advance a holistic and systemic approach to urban resilience. The initiative is funded by the European Commission.
A network of focal points at the city administrations and interagency technical working groups are being established, including representatives of various departments of local and national governments, as well as risk analysis institutions, public councils and private sector. UNDRR will support assessments of Local Resilience Strategies and Action Plans of the five capital cities in Central Asian.
The initiative will contribute directly to the achievement of the Sustainable Development Goal 11 (SDG11) and other global frameworks, including the Sendai Framework for Disaster Risk Reduction, the Paris Agreement and the New Urban Agenda in the region. The importance of engagement with local governments is emphasized by the fact, according to the UNECE estimates, 65% of the total SDG targets globally need to be delivered by local authorities and actors.
Increasing climate and disaster resilience is a priority for the Governments of Central Asia. The region is highly vulnerability to climate change and exposed to a range of natural and technological hazards.
UNDRR will also provide support to the capital cities of Central Asia through its Making Cities Resilient 2030 (MCR2030) launched in October 2020. Building upon the MCR Campaign success and lessons learned, it represents a new and unique multi-stakeholder initiative for improving local resilience. It lays out a broader offer of support to the cities than the MCR Campaign and enhances local resilience through advocacy, sharing knowledge and experiences, reinforcing city-to-city learning networks, injecting technical expertise, connecting multiple layers of government, and building partnerships.
Leave a comment , ,

Public launch of MIDAS: the models behind EU policies

Agency News, Industry News
The European Commission opens the MIDAS inventory to the public, providing a user-friendly platform to explore the models used to support evidence-informed policymaking in the EU.
The new public version of MIDAS, the Modelling Inventory and Knowledge Management System, helps anyone explore any of the 35 models used for impact assessments since 2017.
The information available on the platform can help everyone to better understand the evidence used by the Commission when designing and evaluating policies that address today’s big challenges.
As well as providing useful documents and references, MIDAS explains how each model supported the analysis carried out for each impact assessment - indicating the leading Commission department, who runs the model, and which impacts it has helped to assess.
For each model, MIDAS also gives information on:
- Structure : details on the modelling approach, data inputs and outputs, spatial and temporal extent and resolution;
- Transparency: The extent to which underlying data, model results, code and documentation are available and accessible;
- Quality : if and how uncertainties are quantified and accounted for, if sensitivity analysis has been done, if the model has been peer reviewed or validated, if results are published in peer reviewed journals.
The Commission makes extensive use of models to support policymaking, from their initial design to evaluating their environmental, economic and social impacts. Models are used in many policy areas, such as agriculture, the environment, transport, economics and fisheries.
For example, the Commission recently used modelling to assess the feasibility of committing to EU climate neutrality by 2050, and of the 2030 Climate Target Plan, which raises the EU's ambition on reducing greenhouse gas emissions to at least 55% below 1990 levels by 2030.
By clearly presenting information on models that supported Commission impact assessments and making that information easy for the public to navigate, MIDAS encourages scrutiny of the quality of evidence provided by modelling and the exchange of good practices in model use.
The aim is to give everyone - whether it’s research bodies, decision makers or the general public - confidence in the contribution that these models make to better policy design and evaluation.
Leave a comment ,
1 36 37 38 39 40 50