UNOCT launches five new thematic guides on Protecting Vulnerable Targets Against Terrorist Attacks

The United Nations Office of Counter-Terrorism (UNOCT) hosted a high-level virtual event to launch five new specialized guides (modules) dedicated to the protection of particularly vulnerable targets against terrorist attacks, on 6 September 2022. “Vulnerable targets” refers to public places (e.g. tourist venues, urban centers, religious sites) or critical infrastructure (e.g. public transportation systems, energy sector) which are easily accessible and relatively unprotected, and therefore vulnerable to terrorist attacks.

The online launch event was opened by the Under-Secretary-General of the United Nations Office of Counter-Terrorism (UNOCT), Mr. Vladimir Voronkov, along with the Permanent Representative of Qatar to the United Nations, H.E. Ambassador Alya Ahmed Saif Al-Thani; Acting Executive Director of the United Nations Counter-Terrorism Committee Executive Directorate (CTED), Mr. Weixiong Chen; Director of the United Nations Interregional Crime and Justice Institute (UNICRI) Ms. Antonia Marie De Meo; and Chief of Cabinet of the Under-Secretary-General of the United Nations Alliance of Civilizations (UNAOC), Ms. Nihal Saad.

The participants included decision-makers, practitioners and experts on vulnerable targets protection from Member States, international and regional organizations, the private sector, civil society and academia, including members of the United Nations Global Expert Network to Protect Vulnerable Targets against Terrorist Attacks.

The high-level opening was streamed live via UN WebTV. It will be followed by an expert session, during which Member States will share experiences, good practices and tools related to the themes of the five modules:

1. The protection of “soft" targets;
2. The protection of touristic sites;
3. The protection of religious sites and places of worship;
4. The protection of urban centres; and
5. Threats posed by unmanned aircraft systems (UAS) to vulnerable targets.

The 5 modules are published in Arabic, English, French and Russian and are presented by the United Nations Global Programme on Countering Terrorist Threats Against Vulnerable Targets, which is led by UNOCT and jointly implemented with CTED, UNICRI and UNAOC.

The new guides present the knowledge and resources and lessons learned identified during the three Expert Group Meetings held by UNOCT with partners CTED, UNAOC and UNICRI in 2021. They also complement the 2018 United Nations Compendium of Good Practices on the Protection of Critical Infrastructure (CIP) against Terrorist AttacksPDF by focusing on public places/"soft" targets as distinct types of sites worthy of a dedicated security approach. The guides feature specific case studies, good practices and recommended tools from around the world to support both the public and private sectors to further strengthen the safety and security of their public places, keeping them open and accessible and promoting shared responsibility.

CISA Releases New Insight on Preparing Critical Infrastructure for the Transition to Post-Quantum Cryptography

The Cybersecurity and Infrastructure Security Agency (CISA) released a new CISA Insight, Preparing Critical Infrastructure for Post-Quantum Cryptography, which provides critical infrastructure and government network owners and operators an overview of the potential impacts from quantum computing to National Critical Functions (NCFs) and the recommended actions they should take now to begin preparing for the transition.

While quantum computing promises greater computing speed and power, it also poses new risks to critical infrastructure systems across the 55 NCFs. This CISA Insight incorporates findings from an assessment conducted on quantum vulnerabilities to the NCFs to understand the urgent vulnerabilities and NCFs that are most important to address first and the three NCF areas to prioritize for public-private engagement and collaboration.

“While post-quantum computing is expected to produce significant benefits, we must take action now to manage potential risks, including the ability to break public key encryption that U.S. networks rely on to secure sensitive information,” said Mona Harrington, acting Assistant Director National Risk Management Center, CISA. “Critical infrastructure and government leaders must be proactive and begin preparing for the transition to post-quantum cryptography now.”

In March 2021, Secretary of Homeland Security Alejandro N. Mayorkas outlined his vision for cybersecurity resilience and identified the transition to post-quantum encryption as a priority.

To ensure a smooth and efficient transition, CISA encourages all critical infrastructure owners to follow the Post-Quantum Cryptography Roadmap along with the guidance in this CISA Insight. The roadmap includes actionable steps organizations should take, such as conducting an inventory of their current cryptographic technologies, creating acquisition policies regarding post-quantum cryptography, and educating their organization’s workforce about the upcoming transition.

Police Committee Initiates Process to Consider the Critical Infrastructure Protection Act Regulations

The Portfolio Committee on Police in South Africa has resolved to allow the Civilian Secretariat for Police Service (CSPS) to table part of the regulations of the Critical Infrastructure Protection Act (CIPA) 2019, which deals directly with the functions of the Critical Infrastructure Council to enable the council to start performing its functions immediately. The committee today met the Ministry of Police and representatives of the CSPS.

The committee has urged the CSPS to move with speed to table the regulations to ensure that Parliament completes the process of considering them. “We have raised a concern that the committee undertook an extensive process of interviews for the council in 2021 and to date, the Council has not been able to move and implement their mandate. This is the reason we will move with speed to consider the regulations and ensure the effectiveness of the Council,” said Ms Tina Joemat-Pettersson, the Chairperson of the committee.

Meanwhile, the committee deliberated on various issues affecting policing, including crime statistics, morale within the South African Police Service (SAPS), the increase in illegal mining, and challenges with gender-based violence. As a result, the committee agreed on the need for a two-day session, where the Minister of Police together with the National Commissioner and senior leadership of the SAPS outline strategies to remedy these concerns. The session’s intentions are to work together to find solutions to the crime challenge facing the country in order to create a safe environment that fosters socio-economic development.

Australian Government Invites Feedback on Critical Technologies

The Australian Federal Government will begin consulting businesses, researchers and the community at large to identify critical technologies of national importance.

The List of Critical Technologies in the National Interest will clarify technologies the government considers to be vital to present and future demands.

The 2022 List of Critical Technologies in the National Interest will build on the 2021 List, which featured 63 technologies across seven categories including:

- Advanced materials and manufacturing
- AI, computing and communications
- Biotechnology, gene technology and vaccines
- Energy and environment
- Quantum; Sensing, timing and navigation
- Transportation, robotics and space

The consultation will run until Friday 30 September.

Federal Minister for Industry and Science, Ed Husic, said it is vital for Australia’s continued and future prosperity that emerging and critical technologies are promoted and protected.

“We know the development of critical technologies present enormous potential opportunities as well as risks for Australians,” Mr Husic said.

“It is vital we understand and send a clear signal about what technologies we should be focusing on and where our strengths lie – and that is exactly what this consultation is all about.”

The Federal Government has promised to invest $1 billion into critical technologies through its National Reconstruction Fund and will aim to reach 1.2 million tech industry jobs by 2030.

“This work is also part of our goal to reach 1.2 million tech jobs by 2030, as well as securing our supply chains and promoting Australia as a secure destination of excellence for investment, development and adoption of critical technologies,” Mr Husic said.

“The Government is also investing $1 billion in critical technologies as part of the National Reconstruction Fund, to build our strategic capability and power the economic growth we need to create jobs.”

Australia releases Critical Infrastructure Protection Act 2022

The Security Legislation Amendment (Critical Infrastructure Protection) Act 2022 (SLACIP Act) came into effect on 2 April 2022.

The SLACIP Act amends the Security of Critical Infrastructure Act 2018 (SOCI Act) to introduce the following key measures

- A new obligation for responsible entities to create and maintain a critical infrastructure risk management program, and
- A new framework for enhanced cyber security obligations required for operators of systems of national significance (Australia’s most important critical infrastructure assets – SoNS)

The reforms in the SLACIP Act seek to make risk management, preparedness, prevention and resilience, business as usual for the owners and operators of critical infrastructure assets and to improve information exchange between industry and government to build a more comprehensive understanding of threats. These reforms will give Australians reassurance that our essential services are resilient and protected.

The Department recognises that engagement and education will be crucial to the success of these reforms and is committed to working with entities to ensure these reforms are understood and can be practically implemented.

 

US to Strengthen Public and Private Sector Cybersecurity

Package Includes His Bipartisan Bills to Protect Critical Infrastructure and Federal Networks, and Ensure Government Can Safely Adopt Cloud Technology

U.S. Senator Gary Peters (MI), Chairman of the Senate Homeland Security and Governmental Affairs Committee, introduced a landmark legislative package that would significantly enhance our nation’s ability to combat ongoing cybersecurity threats against our critical infrastructure and the federal government – particularly in the face of potential cyber-attacks sponsored by the Russian government in retaliation for U.S. support in Ukraine. The legislation combines language from three bills Peters authored and advanced out of his committee – the Cyber Incident Reporting Act, the Federal Information Security Modernization Act of 2021, and the Federal Secure Cloud Improvement and Jobs Act. The combined bill, known as the Strengthening American Cybersecurity Act, would require critical infrastructure owners and operators and civilian federal agencies to report to the Cybersecurity and Infrastructure Security Agency (CISA) if they experience a substantial cyber-attack. It would also require critical infrastructure owners and operators to report ransomware payments to CISA, modernize the government’s cybersecurity posture, and authorize the Federal Risk and Authorization Management Program (FedRAMP) to ensure federal agencies can quickly and securely adopt cloud-based technologies that improve government operations and efficiency.

“Cyber-attacks against federal networks and critical infrastructure companies – including oil pipelines, meatpacking centers, and wastewater treatment plants – have disrupted lives and livelihoods across the country. That is why, for months, I have been leading efforts to fight back against cybercriminals and foreign adversaries who launch these incessant attacks,” said Senator Peters. “It is clear that, as our nation continues to counter cyber threats and support Ukraine, we need to pass this legislation to provide additional tools to address possible cyber-attacks from adversaries, including the Russian government. This landmark, bipartisan legislative package will provide our lead cybersecurity agency, CISA, with the information and tools needed to warn of potential cybersecurity threats to critical infrastructure, prepare for widespread impacts, coordinate the government’s efforts, and help victims respond to and recover from online breaches. Our efforts will significantly bolster and modernize federal cybersecurity as new, serious software vulnerabilities continue to be discovered, such as the one in log4j. This combined bill will also ensure that agencies can procure cloud-based technology quickly, while ensuring these systems, and the information they store, are secure.”

Last year, hackers breached the network of a major oil pipeline forcing the company to shut down over 5,500 miles of pipeline – leading to increased prices and gas shortages for communities across the East Coast. Last summer, the world’s largest beef supplier was hit by a cyber-attack, prompting shutdowns at company plants and threatening meat supplies all across the nation. As these kinds of attacks continue to rise, Peters’ legislation would help ensure critical infrastructure entities such as banks, electric grids, water networks, and transportation systems are able to quickly recover and provide essential services to the American people in the event of network breaches.

The Strengthening American Cybersecurity Act would require critical infrastructure owners and operators to report to CISA within 72 hours if they are experiencing a substantial cyber-attack, and within 24 hours if they make a ransomware payment. Additionally, the package would update current federal government cybersecurity laws to improve coordination between federal agencies, require the government to take a risk-based approach to cybersecurity, as well as require all civilian agencies to report all cyber-attacks to CISA, and update the threshold for agencies to report cyber incidents to Congress. It also provides additional authorities to CISA to ensure they are the lead federal agency in charge of responding to cybersecurity incidents on federal civilian networks. Finally, the package would authorize FedRAMP for five years to ensure federal agencies are able to quickly and securely adopt cloud-based technologies that improve government efficiency and save taxpayer dollars.

CISA, FBI and Treasury Release Advisory on North Korean State-Sponsored Cyber Actors Use of Maui Ransomware

Healthcare and Other Sectors Provided with Proactive Steps to Detect and Reduce Risk

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of the Treasury (Treasury) today released a joint Cybersecurity Advisory (CSA) that provides information on Maui ransomware, which has been used by North Korean state-sponsored cyber actors since at least May 2021 to target Healthcare and Public Health (HPH) Sector organizations.

The CSA titled, “North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector,” provides technical details and indicators of compromise (IOC) observed during multiple FBI incident response activities over a period of more than a year and obtained from industry analysis of Maui samples. North Korean state-sponsored actors were observed using Maui ransomware to encrypt HPH servers responsible for providing healthcare services. In some cases, the malicious activity disrupted the services provided by the victim for prolonged periods.

“As the nation’s cyber defense agency, our team works tirelessly in collaboration with partners to publish timely information that can help organizations prevent and build resilience against all cyber threats,” said CISA's Executive Assistant Director for Cybersecurity, Eric Goldstein. “Today’s advisory comes out of our strong partnership with the FBI and Treasury. This malicious activity by North Korean state-sponsored cyber actors against the healthcare and public health sector poses a significant risk to organizations of all sizes.”

"The FBI, along with our federal partners, remains vigilant in the fight against North Korea's malicious cyber threats to our healthcare sector," said FBI Cyber Division Assistant Director Bryan Vorndran. "We are committed to sharing information and mitigation tactics with our private sector partners to assist them in shoring up their defenses and protecting their systems."

“Ransomware victimizes people and businesses, large and small, across America. Treasury has worked closely with CISA and FBI to counter ransomware and protect financial sector critical infrastructure,” said Rahul Prabhakar, Treasury Deputy Assistant Secretary for Cybersecurity and Critical Infrastructure Protection. “This joint advisory on Maui ransomware provides guidance that organizations of all sizes across the country can use to help defend themselves. We will continue to work closely with our partners to push out actionable information on ransomware and other malicious activity as quickly as possible to help individuals and businesses guard against ever-evolving cyber threats.”

The HPH Sector, as well as other critical infrastructure organizations, are urged to review this joint CSA and apply the recommended mitigations to reduce the likelihood of compromise from ransomware operations. The FBI, CISA, and Treasury assess that North Korean state-sponsored actors are likely to continue targeting HPH Sector organizations, because of the assumption that these organizations are willing to pay ransoms to avoid disruption of the critical life and health services they provide. For more information on state-sponsored North Korean malicious cyber activity, see CISA’s North Korea Cyber Threat Overview and Advisories webpage.

The FBI, CISA, and Treasury strongly discourage paying ransoms as doing so does not guarantee files and records will be recovered and may pose sanctions risks. In September 2021, Treasury issued an advisory highlighting the sanctions risk associated with ransomware payments and providing steps that can be taken by companies to mitigate the risk of being a victim of ransomware.

CISA Releases Second Version of Guidance for Secure Migration to the Cloud

The Cybersecurity and Infrastructure Security Agency (CISA) published the second version of “Cloud Security Technical Reference Architecture (TRA)” today, which strengthens guidance to fulfill a key mandate under President Biden’s Executive Order (EO) 14028 - "Improving the Nation's Cybersecurity." The Cloud Services TRA is designed to guide agencies’ secure migration to the cloud by defining and clarifying considerations for shared services, cloud migration, and cloud security posture management.

As the Federal Government, along with organizations across sectors, continues to migrate to the cloud, it is paramount that agencies implement measures to protect it. The Cloud Security TRA, co-authored by CISA, the United States Digital Service (USDS), and the Federal Risk and Authorization Management Program (FedRAMP), provides foundational guidance for organization to use public cloud more security and improve the ability of the federal government to identify, detect, protect, respond, and recover from cyber incidents.

“As the nation’s cyber defense agency, CISA works collaboratively with our interagency partners to implement improvements that make our federal civilian agencies more resilient to cyber threats,” said Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA. “The updated Cloud Security TRA is a key step forward for each agency’s transition to the cloud environment. CISA and our partners will continue to provide expert, coherent, and timely guidance to help agencies modernize their networks with sound cybersecurity and resilience to protect against evolving cyber adversaries. While the TRA was developed for federal agencies, all organizations using or migrating to cloud environments should review this document and adopt the practices therein as applicable to most effectively manage organizational risk.”

In consultation with the Office of Management and Budget, the three agencies adjudicated more than 300 public comments received in September 2021. This feedback helped to further strengthen the Cloud Security TRA and fully address a host of considerations for secure cloud migration. A summary of the feedback received, as well as a Response to Comments (RTC), is available in the Response to Comments for Cloud Security Technical Reference Architecture.

How to map the Cybersecurity Threat Landscape? Follow the ENISA 6-step Methodology

The cybersecurity threat landscape methodology developed by the European Union Agency for Cybersecurity (ENISA) aims at promoting consistent and transparent threat intelligence sharing across the European Union.

With a cyber threat landscape in constant evolution, the need for updated and accurate information on the current situation is growing and this a key element for assessing relevant risks.

This is why ENISA releases today an open and transparent framework to support the development of threat landscapes.

The ENISA methodology aims to provide a baseline for the transparent and systematic delivery of horizontal, thematic and sectorial cybersecurity threat landscapes (CTL) thanks to a systematic and transparent process for data collection and analysis.

Who can benefit from this new methodology?

This new methodology is made available to ENISA’s stakeholders and to other interested parties who wish to generate their own cyber threat landscapes. Adopting and/or adapting the proposed new CTL framework will enhance their ability to build situational awareness, to monitor and to tackle existing and potential threats.

ENISA will also be using this new methodology to deliver an enhanced annual ENISA Threat Landscape (ETL). It will also be used to generate technical or sectorial threat landscapes.

How does the methodology work?

The framework is based on the different elements considered in the performance of the cybersecurity threat landscape analysis. It therefore includes the identification and definition of the process, methods and tools used as well as the stakeholders involved.

Building on the existing modus operandi, this methodology provides directions on the following:

- defining components and contents of each of the different types of CTL;
- assessing the target audience for each type of CTL to be performed;
- how data sources are collected;
- how data is analysed;
- how data is to be disseminated;
- how feedback is to be collected and analysed.

The ENISA methodology consists of six main steps with feedback foreseen and associated to each of these steps:

1. Direction;
2. Collection;
3. Processing;
4. Analysis and production;
5. Dissemination;
6. Feedback

This CTL methodology has been validated by the ENISA ad-hoc working group on the Cybersecurity Threat Landscape (CTL WG). The group consists of European and international experts from both public and private sector entities.

Cyber Insurance: Action Needed to Assess Potential Federal Response to Catastrophic Attacks

U.S. critical infrastructure (such as utilities, financial services, and pipelines) faces increasing cybersecurity risks. Understanding these risks and associated vulnerabilities, threats, and impacts is essential to protecting critical infrastructure.

Cybersecurity Vulnerabilities, Threats, and Impacts

Vulnerabilities. Critical infrastructure has become more vulnerable to cyberattacks for reasons that include greater use of interconnected electronic systems.

Threats. Threat actors—such as nation-states, criminal groups, and terrorists—have become increasingly capable of carrying out cyberattacks on critical infrastructure.

Impacts. Federal and industry data indicate that cyberattacks—including those affecting critical infrastructure—generally have increased in frequency and cost.

Source: Prior GAO reports and GAO analysis of agency and industry documentation.

The effects of cyber incidents can spill over from the initial target to economically linked firms—magnifying damage to the economy. For example, in May 2021 the Colonial Pipeline Company learned that it was the victim of a cyberattack that led to short-lived gasoline shortages.

Cyber insurance and the Terrorism Risk Insurance Program (TRIP)—the government backstop for losses from terrorism—are both limited in their ability to cover potentially catastrophic losses from systemic cyberattacks. Cyber insurance can offset costs from some of the most common cyber risks, such as data breaches and ransomware. However, private insurers have been taking steps to limit their potential losses from systemic cyber events. For example, insurers are excluding coverage for losses from cyber warfare and infrastructure outages. TRIP covers losses from cyberattacks if they are considered terrorism, among other requirements. However, cyberattacks may not meet the program's criteria to be certified as terrorism, even if they resulted in catastrophic losses. For example, attacks must be violent or coercive in nature to be certified.

The Department of the Treasury's Federal Insurance Office (FIO) and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) both have taken steps to understand the financial implications of growing cybersecurity risks. However, they have not assessed the extent to which risks to critical infrastructure from catastrophic cyber incidents and potential financial exposures warrant a federal insurance response. CISA is the primary risk advisor on critical infrastructure and FIO the federal monitor of the insurance sector. Accordingly, they are well-positioned to jointly perform such an assessment. Doing so and reporting the results to Congress can inform deliberations on whether a federal insurance response is warranted.

If such a response were deemed necessary, GAO's framework for providing federal assistance to private market participants (GAO-10-719) could help inform its design. The framework notes the need to define the problem, mitigate moral hazard (that the existence of a federal backstop could result in entities taking greater risks), and protect taxpayer interests. Consistent with these elements, any federal insurance response should include clear criteria for coverage, specific cybersecurity requirements, and a dedicated funding mechanism with concessions from all market participants.

Cyber threats to critical infrastructure represent a significant economic challenge. Although cyber incident costs are paid in part by the private cyber insurance market, growing cyber threats have created uncertainty in this evolving market.

The Further Consolidated Appropriations Act, 2020, includes a provision for GAO to study cyber risks to U.S. critical infrastructure and available insurance for these risks. This report examines the extent to which (1) cyber risks for critical infrastructure exist; (2) private insurance covers catastrophic cyber losses and TRIP provides a backstop for such losses; and (3) cognizant federal agencies have assessed a potential federal response for cyberattacks.

GAO reviewed cyber insurance coverage literature and reports on cyber risk and the insurance market. GAO interviewed CISA and FIO officials and industry stakeholders (e.g., critical infrastructure owners, insurers, and brokers) that were selected based on factors such as expertise and market share.

Cyber insurance can help offset costs of some common cyber risks, like data breaches or ransomware. But cyber risks are growing, and cyberattacks targeting critical infrastructure—like utilities or financial services—could affect entire systems and result in catastrophic financial loss.

Insurers and the government's terrorism risk insurance may not be able to cover such losses. For example, the government's insurance may only cover cyberattacks if they can be considered "terrorism" under its defined criteria.

CISA and FIO should jointly assess the extent to which risks to critical infrastructure from catastrophic cyber incidents and potential financial exposures warrant a federal insurance response, and inform Congress of the results of their assessment. Both agencies agreed with the recommendations.

1 2 3 19