Category: Organisation Types

Organisation Types for membership

Forest fires: €170 million to reinforce rescEU fleet

Agency News, Health & Social Care, Industry News, Power/Energy/Oil & Gas sector, Telecomms sector, Transport sector, Water sector

Following a record-breaking forest fire season in Europe, the Commission is proposing today €170 million from the EU budget to reinforce its rescEU ground and aerial assets  starting from the summer of 2023. The rescEU transitional fleet would therefore have a total of 22 planes, 4 helicopters as well as more pre-positioned ground teams. As from 2025, the fleet would be further reinforced through an accelerated procurement of airplanes and helicopters.

Commissioner for Crisis Management Janez Lenarčič said: "Due to climate change the number of regions affected by wildfires is increasing, going beyond the traditionally affected Mediterranean countries. The last summers have clearly shown that more firefighting assets are needed at EU-level. By building up our fleet of aerial means and ground forces, the EU will be able to ensure a prompt, flexible response, including in situations where fires are burning in multiple Member States at the same time.”

Commissioner for Budget and Administration, Johannes Hahn said: “While the record-breaking forest fires this summer may have been overshadowed by other crises, today's proposal to reinforce rescEU shows that the EU budget will continue to support those in need. European solidarity across EU Member States remains strong and we are ready to support this solidarity with financial means.”

Wildfires in the EU are increasing in scope, frequency, and intensity. By 1 October, the data for 2022 reveal a 30% increase in the burnt area over the previous worst year recorded (2017) and a more than 170% increase over the average burnt area since EU-level recording started in 2006.

This season, the Emergency Response Coordination Centre  received 11 requests for assistance for forest fires. 33 planes and 8 helicopters were deployed across Europe via the EU Civil Protection Mechanism, which were joined by over 350 firefighters on the ground. In addition, the EU's emergency Copernicus satellite provided damage assessment maps of the affected areas.

Leave a comment , , ,

CISA Directs Federal Agencies to Improve Cybersecurity Asset Visibility and Vulnerability Detection

Agency News, Cyber Security CII sector, Industry News, Power/Energy/Oil & Gas sector, Telecomms sector, Transport sector

The Cybersecurity and Infrastructure Security Agency (CISA) issued a Binding Operational Directive (BOD) 23-01, Improving Asset Visibility and Vulnerability Detection on Federal Networks, that directs federal civilian agencies to better account for what resides on their networks.

Over the past several years, CISA has been working urgently to gain greater visibility into risks facing federal civilian networks, a gap made clear by the intrusion campaign targeting SolarWinds devices. The Biden-Harris Administration and Congress have supported significant progress by providing key authorities and resources. This Directive takes the next step by establishing baseline requirements for all Federal Civilian Executive Branch (FCEB) agencies to identify assets and vulnerabilities on their networks and provide data to CISA on defined intervals.

“Threat actors continue to target our nation’s critical infrastructure and government networks to exploit weaknesses within unknown, unprotected, or under-protected assets,” said CISA Director Jen Easterly. “Knowing what’s on your network is the first step for any organization to reduce risk. While this Directive applies to federal civilian agencies, we urge all organizations to adopt the guidance in this directive to gain a complete understanding of vulnerabilities that may exist on their networks. We all have a role to play in building a more cyber resilient nation.”

CISA is committed to using its cybersecurity authorities to gain greater visibility and drive timely risk reduction across federal civilian agencies. Implementation of this Directive will significantly increase visibility into assets and vulnerabilities across the federal government, in turn improving capabilities by both CISA and each agency to detect, prevent, and respond to cybersecurity incidents and better understand trends in cybersecurity risk.

This Directive is a mandate for federal civilian agencies. However, CISA recommends that private businesses and state, local, tribal and territorial (SLTT) governments review it and prioritize implementation of rigorous asset and vulnerability management programs.

The new Directive can be found at Binding Operational Directive (BOD) 23-01.

Leave a comment ,

Public Health Emergencies: Data Management Challenges Impact National Response

Agency News, Cyber Security CII sector, Health & Social Care, Industry News

Public health emergencies evolve quickly, but public health entities lack the ability to share new data and potentially life-saving information in real-time—undermining the nation's ability to respond quickly.

To address this, the federal government must overcome three major challenges—specifically, the lack of:

- Common standards for collecting data (e.g., patient characteristics)
- "Interoperability" (meaning not all data systems work together)
- Public health IT infrastructure (the hardware, software, networks, and policies that would enable the reporting and sharing of data)

This snapshot discusses our related work and recommendations.

Public health emergencies evolve quickly, but public health entities lack the ability to share new data and potentially life-saving information in near real-time. To address this, the federal government must overcome 3 major challenges in how it manages public health data. GAO has made a number of recommendations to help address these challenges. However, many of these recommendations have not been implemented.
The Big Picture

Longstanding challenges in the federal government’s management of public health data undermine the nation’s ability to quickly respond to public health emergencies like COVID-19 and monkeypox. These challenges include the lack of:

- common data standards—requirements for public health entitles to collect certain data elements, such as patient characteristics (e.g., name, sex, and race) and clinical information (e.g., diagnosis and test results) in a specific way;
- interoperability—the ability of data collection systems to exchange information with and process information from other systems; and
- public health IT infrastructure—the computer software, hardware, networks, and policies that enable public health entities to report and retrieve data and information.

Over 15 years ago, federal law mandated that the Department of Health and Human Services (HHS) establish a national public health situational awareness network with a standardized data format. This network was intended to provide secure, near real-time information to facilitate early detection of and rapid response to infectious diseases.

However, the federal government still lacks this needed network and has not yet overcome the challenges identified in previous GAO reviews. Having near real-time access to these data could significantly improve our nation’s preparedness for public health emergencies and potentially save lives.

Without the network, federal, state, and local health departments, hospitals, and laboratories are left without the ability to easily share health information in real-time to respond effectively to diseases.

GAO’s prior work identified three broad challenges to public health data management and recommended actions for improvement.

1. Common Data Standards

To ensure that information can be consistently reported, compared, and analyzed across jurisdictions, public health entities need a standardized data format. Due to the lack of common data standards, information reported by states about COVID-19 case counts was inconsistent. This in turn complicated the ability of the Centers for Disease Control and Prevention (CDC) to make comparisons. Public health representatives also noted challenges in collecting complete demographic data. This made it difficult to identify trends in COVID-19 vaccinations and the number of doses administered. Although CDC had intended to implement data standards, its strategic plan did not articulate specific actions, roles, responsibilities, and time frames for doing so.

- Re recommended that HHS establish an expert committee for data collection and reporting standards by engaging with stakeholders (e.g., health care professionals from public and private sectors). This committee should review and inform the alignment of ongoing data collection and reporting standards related to key health indicators.
- Recommended that CDC define specific action steps and time frames for its data modernization efforts.

2. Interoperability among Public Health IT Systems

The inability to easily exchange information across data collection and other data systems creates barriers to data sharing and additional burdens on entities that collect and transmit data. During the early stages of COVID-19, the lack of IT system interoperability caused health officials and their key stakeholders (e.g., hospitals) to manually input data into multiple systems. In addition, some state health departments could not directly exchange information with CDC via an IT system. This led to longer time frames for CDC to receive the data they needed to make decisions on the COVID-19 response.

- Recommended that, as part of planning for the public health situational awareness network, HHS should ensure the plan includes how standards for interoperability will be used.

3. Lack of a Public Health IT Infrastructure

The timeliness and completeness of information that is shared during public health emergencies can be impeded by the absence of a public health IT infrastructure. During the early stages of COVID-19, some states had to manually collect, process, and transfer data from one place to another. For example, a state official described having to fax documents, make copies, and physically transport relevant documents. The official noted by establishing a public health IT infrastructure, such as the network HHS was mandated to create, errors would be reduced. To help mitigate challenges in data management for COVID-19, HHS launched the HHS Protect platform in April 2020. However, we reported that public health and state organizations raised questions about the completeness and accuracy of some of the data.

- Recommended that HHS prioritize the development of the network by, in part, establishing specific near-term and long-term actions that can be completed to show progress.
- Recommended that HHS identify an office to oversee the development of the network.
- Recommended that HHS identify and document information-sharing challenges and lessons learned from the COVID-19 pandemic.

Leave a comment , , ,

The fastest-growing port in Texas just got even safer

Industry News, Transport sector

Mariners sailing in and around Port Freeport — the fastest-growing port in Texas — have something to celebrate.

The seaport, located outside of Houston, is now fitted with a NOAA system that improves safe and efficient marine navigation. The technology is part of a nationwide network called Physical Oceanographic Real-Time System, or PORTSⓇ.

Freeport PORTS is the 38th system in this network of precision marine navigation sensors. The integrated series of sensors track oceanographic and meteorological conditions as they unfold around the port. This will greatly increase the navigation safety of vessels entering and exiting Port Freeport.

“Precision navigation is critical to our nation’s data-driven blue economy and helps our environment,” said NOAA Administrator Rick Spinrad, Ph.D. “The real-time information tracked by NOAA allows ships to move safely within U.S. waterways to make operations more efficient and lower fuel consumption, which also lowers carbon emissions.”

More than 30 million tons of cargo moved through Port Freeport in 2019, which supported more than 279,000 jobs nationwide, for a total economic impact of $149 billion. The new system will allow all mariners to have access to real-time water level, currents and meteorological information, helping them to better plan vessel transits and prevent accidents.

Studies prove that the NOAA PORTS program reduces shipping collisions, groundings, injuries and property damage. When a new PORTS is designed, local stakeholders determine the sensor types and location requirements to support their safety and efficiency decisions.

“This new system, and the others like them around the country, reduce ship accidents by more than 50%, and allow for larger ships to get in and out of seaports and reduce traffic delays,” said Nicole LeBoeuf, director of NOAA’s National Ocean Service. “PORTS can also provide real-time data as conditions rapidly change, giving our coastal communities time to prepare and respond.”

Newly installed current meters collect and transmit real-time current observations in waterways where those conditions can change quickly and over small distances. One current meter that is mounted on a buoy is installed along the port entrance channel to capture critical cross currents data outside of the Surfside Jetty. A second current meter is installed on a pier in the intercoastal waterway near the Surfside Bridge to collect data that will indicate the strength of currents near an important turning point for vessels coming in and out of Freeport Harbor.

The new system also integrates real-time water level and meteorological information from the NOAA Freeport Harbor National Water Level Observation Network station. That equipment is installed on a specialized single platform structure which is common in the Gulf of Mexico. Wind speed and directional data will help users plan for safe pilot boarding and ship passages during adverse weather.

Leave a comment , , ,

Makati City becomes the second Resilience Hub in Asia-Pacific

Agency News, Health & Social Care, Industry News, Water sector

The City of Makati in the Philippines is named as the second Resilience Hub of Making Cities Resilient 2030 (MCR2030) in the Asia-Pacific region on 27 September 2022.

Makati has already been recognized as a Role Model City of the MCR 2010-2020 initiative by sharing know-how and experiences for reducing disaster risk, building urban resilience with other cities and participating in regional forums.

Under the leadership of Mayor Mar-len Abigail S. Binay, the city has adopted the principle of “Resilience is everybody’s business” at all sectors of society to manage disasters and build urban resilience in the country.

“We’re committed to continuing the journey of advocating resilience as a way of life through a Resilience Hub by collaborating with our constituents, partners and other local government units,” said Ms. Binay.

The Chief of the Regional Office for Asia and the Pacific at the United Nations Office for Disaster Risk Reduction (UNDRR), Mr. Marco Toscano-Rivalta, congratulated the Mayor, the City of Makati and its people for their vision and determination to continue strengthening disaster resilience and supporting other cities along the resilience pathway.

“Disaster risk is local, and it is at the local level where leadership, partnerships and solutions make a difference. MCR2030 is a catalyst for local action, a platform for collaboration and sharing of knowledge to localize disaster risk management and the implementation of the Sendai Framework for Disaster Risk Reduction,” said Mr. Toscano-Rivalta.

Makati, also known as a financial hub of the country, has developed a three-year plan of the Resilience Hub, which focuses on creating and building an online knowledge portal. The portal’s objective is to enhance peer-to-peer support, and disseminate risk data, information and expertise by conducting workshops, seminars and events related to strengthening urban resilience towards disaster risk reduction.

The plan also aims to improve city-to-city cooperation by working with other local governments in the Asia Pacific Region and beyond, promote synergies between cities to learn from each other and other disaster risk reduction activities, including capacity building, disaster preparedness, response and prevention.

The city is also in the process of developing the Makati Disaster Risk Reduction and Management Academy to learn from its best practices, using case studies and knowledge bases from other cities, leveraging experiences from an international group of practitioners who already participated in the initiative.

Notably, the city has continually mainstreamed and institutionalized disaster risk reduction management across all levels of the city since signing up to the MCR campaign in 2010.

As one of the pilot cities applying MCR tools, Makati held multi-sectoral annual workshops, reviewed and reassessed the city’s progress in implementing the Ten Essentials for MCR2030 through the Local Government Self-Assessment Tool.

The city was one of the first municipalities to utilize the Disaster Resilience Scorecard for Cities, which was developed through then UNISDR’s collaboration with global technology companies such as IBM and AECOM.

In 2017, the city established a resilience roadmap called the Makati Disaster Risk Reduction and Management Plan, using the now adapted Disaster Resilience Scorecard. Makati used Disaster Resilience Scorecard for Cities - Public Health System Resilience Addendum to enhance the city’s disaster risk reduction management.

Leave a comment , , ,

UK and allies expose Iranian state agency for exploiting cyber vulnerabilities for ransomware operations

Agency News, Cyber Security CII sector, Industry News

The UK and international allies have issued a joint cyber security advisory highlighting that cyber actors affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC) are exploiting vulnerabilities to launch ransomware operations against multiple sectors.

Iranian-state APT actors have been observed actively targeting known vulnerabilities on unprotected networks, including in critical national infrastructure (CNI) organisations.

The advisory, published by the National Cyber Security Centre (NCSC) − a part of GCHQ − alongside agencies from the US, Australia and Canada, sets out tactics and techniques used by the actors, as well as steps for organisations to take to mitigate the risk of compromise.

It updates an advisory issued in November 2021 which provided information about Iranian APT actors exploiting known Fortinet and Microsoft Exchange vulnerabilities.

They are now assessed to be affiliated to the IRGC and are continuing to exploit these vulnerabilities, as well as the Log4j vulnerabilities, to provide them with initial access, leading to further malicious activity including data extortion and disk encryption.

Paul Chichester, NCSC Director of Operations, said:

"This malicious activity by actors affiliated with Iran’s IRGC poses an ongoing threat and we are united with our international partners in calling it out.

“We urge UK organisations to take this threat seriously and follow the advisory’s recommendations to mitigate the risk of compromise.”

The NCSC urges organisations to follow the mitigation set out in the advisory, including:

- Keeping systems and software updated and prioritising remediating known exploited vulnerabilities
- Enforcing multi-factor authentication
- Making offline backups of your data

This advisory has been issued by the NCSC, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), US Cyber Command (USCC), Department of the Treasury (DoT), the Australian Cyber Security Centre (ACSC) and the Canadian Centre for Cybersecurity (CCCS).

Leave a comment , , , ,

NSA, CISA: How Cyber Actors Compromise OT/ICS and How to Defend Against It

Agency News, Cyber Security CII sector, Industry News, Power/Energy/Oil & Gas sector, Telecomms sector

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) published a Cybersecurity Advisory that highlights the steps malicious actors have commonly followed to compromise operational technology (OT)/industrial control system (ICS) assets and provides recommendations on how to defend against them.

“Control System Defense: Know the Opponent” notes the increasing threats to OT and ICS assets that operate, control, and monitor day-to-day critical infrastructure and industrial processes. OT/ICS designs are publicly available, as are a wealth of tools to exploit IT and OT systems.

Cyber actors, including advanced persistent threat (APT) groups, have targeted OT/ICS systems in recent years to achieve political gains, economic advantages, and possibly to execute destructive effects. Recently, they’ve developed tools for scanning, compromising, and controlling targeted OT devices.

“Owners and operators of these systems need to fully understand the threats coming from state-sponsored actors and cybercriminals to best defend against them,” said Michael Dransfield, NSA Control Systems Defense Expert. “We’re exposing the malicious actors’ playbook so that we can harden our systems and prevent their next attempt.”

This joint Cybersecurity Advisory builds on previous NSA and CISA guidance to stop malicious ICS activity and reduce OT exposure. Noting that traditional approaches to securing OT/ICS do not adequately address threats to these systems, NSA and CISA examine the tactics, techniques, and procedures cyber actors employ so that owners and operators can prioritize hardening actions for OT/ICS.

Defenders should employ the mitigations listed in this advisory to limit unauthorized access, lock down tools and data flows, and deny malicious actors from achieving their desired effects.

Leave a comment , , ,

Large Constellations of Satellites: Mitigating Environmental and Other Effects

Agency News, Industry News, Space Sector

There are almost 5,500 active satellites in orbit as of spring 2022, and one estimate predicts the launch of an additional 58,000 by 2030. Large constellations of satellites in low Earth orbit are the primary drivers of the increase. Satellites provide important services, but there are potential environmental and other effects that this trend could produce (see figure).

Potential effects from the launch, operation, and disposal of satellites

For decades, satellites have been used for GPS, communications, and remote sensing. The number of satellites has recently increased, as thousands more have been launched to provide internet access.

But this increase may be disruptive. For example, it could lead to more space debris, which can damage existing satellites used for commerce or national security. We reviewed technologies and other tools to lessen potential effects. We also looked at mitigation challenges, like unclear rules and immature technology. To help address the challenges, we developed policy options, which may help policymakers achieve a variety of goals.

GAO assessed technologies and approaches to evaluate and mitigate the following potential effects:

- Increase in orbital debris. Debris in space can damage or destroy satellites, affecting commercial services, scientific observation, and national security. Better characterizing debris, increasing adherence to operational guidelines, and removing debris are among the possible mitigations, but achieving these is challenging.
- Emissions into the upper atmosphere. Rocket launches and satellite reentries produce particles and gases that can affect atmospheric temperatures and deplete the ozone layer. Limiting use of rocket engines that produce certain harmful emissions could mitigate the effects. However, the size and significance of these effects are poorly understood due to a lack of observational data, and it is not yet clear if mitigation is warranted.
- Disruption of astronomy. Satellites can reflect sunlight and transmit radio signals that obstruct observations of natural phenomena. Satellite operators and astronomers are beginning to explore ways of mitigating these effects with technologies to darken satellites, and with tools to help astronomers avoid or filter out light reflections or radio transmissions. However, the efficacy of these techniques remains in question, and astronomers need more data about the satellites to improve mitigations.

GAO developed the following policy options to help address challenges with evaluating and mitigating the effects of large constellations of satellites. GAO developed the options by reviewing literature and documents, conducting interviews, and convening a 2-day meeting with 15 experts from government, industry, and academia. These policy options are not recommendations. GAO presents them to help policymakers consider and choose options appropriate to the goals they hope to achieve. Policymakers may include legislative bodies, government agencies, standards-setting organizations, industry, and other groups.

Policymakers may be better positioned to take action on this complex issue if they consider interrelationships among these policy options. For example, implementing the fourth option (improving organization and leadership) may improve policymakers’ ability to implement the first and second options (building knowledge, developing technologies, and improving data sharing). Similarly, implementing the first option may help with the third option (establishing standards, regulations, and agreements). More generally, trade-offs between mitigations may emerge, the ongoing increase in new constellations may introduce unexpected changes, and a large and diverse set of interests from the global community may shift over time, all of which present persistent uncertainties. To address these complexities and uncertainties, the full report presents the policy options in a framework, which may help policymakers strategically choose options to both realize the benefits and mitigate the potential effects of large constellations of satellites.

Enabled by declines in the costs of satellites and rocket launches, commercial enterprises are deploying large constellations of satellites into low Earth orbit. Satellites provide important data and services, such as communications, internet access, Earth observation, and technologies like GPS that provide positioning, navigation, and timing. However, the launch, operation, and disposal of an increasing number of satellites could cause or increase several potential effects.

This report discusses (1) the potential environmental or other effects of large constellations of satellites; (2) the current or emerging technologies and approaches to evaluate or mitigate these effects, along with challenges to developing or implementing these technologies and approaches; and (3) policy options that might help address these challenges.

To conduct this technology assessment, GAO reviewed technical studies, agency documents, and other key reports; interviewed government officials, industry representatives, and researchers; and convened a 2-day meeting of 15 experts from government, industry, academia, and a federally funded research and development center. GAO is identifying policy options in this report.

Leave a comment ,

Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization

Agency News, Cyber Security CII sector, Industry News, Power/Energy/Oil & Gas sector

CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA), Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization, highlighting advanced persistent threat (APT) activity observed on a Defense Industrial Base (DIB) Sector organization’s enterprise network. ATP actors used the open-source toolkit, Impacket, to gain a foothold within the environment and data exfiltration tool, CovalentStealer, to steal the victim’s sensitive data.

Joint Cybersecurity Advisory AA22-277A provides the APT actors tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs). CISA, FBI, and NSA recommend DIB sector and other critical infrastructure organizations implement the mitigations in this CSA to ensure they are managing and reducing the impact of APT cyber threats to their networks.

Leave a comment ,

EPA’s proposed changes to chemical disaster prevention rule don’t do enough to keep communities safe

Industry News, Power/Energy/Oil & Gas sector

Coming Clean and the Environmental Justice Health Alliance for Chemical Policy Reform released a report that profiles three chemical incidents that occurred within two weeks this January, and recommends specific safety measures that the Environmental Protection Agency (EPA) should require in order to prevent future chemical disasters.

On August 31, 2022, the EPA published proposed revisions to the Risk Management Program (RMP), which regulates approximately 12,000 high-risk facilities in the U.S. that use or store certain highly hazardous chemicals. EPA was specifically directed by Congress to use this program to prevent disasters, yet more than 140 harmful chemical incidents occur on average every year.

Three such incidents in January, 2022 that are the focus of the report include: a fire at the Winston Weaver Fertilizer plant in North Carolina that caused 6,500 people to evacuate and nearly triggered a deadly ammonium nitrate explosion; an explosion at the Westlake Chemical South plant that caused 7,000 students to shelter in place in the Lake Charles area in Louisiana; and a massive fire that spread to the Qualco chemical plant in Passaic, New Jersey and came dangerously close to igniting an estimated 3 million pounds of hazardous chemicals.

Preventing Disaster offers actionable recommendations the EPA should include in its final rule that could prevent similar incidents from happening in the future, including:

- Requiring all RMP facilities to consider, document, and implement safer chemicals and technologies;
- Expanding the Risk Management Program to cover ammonium nitrate and other hazardous chemicals which remain excluded in the proposed rule;
- Requiring RMP facilities to not only consider the risks posed by natural hazards, as proposed in the draft rule, but to take meaningful steps to prepare for those risks, such as implementing backup power for chemical production and storage processes.

“Overall,” the report concludes, “EPA’s draft rule, rather than adopting common-sense prevention requirements, continues to rely on voluntary actions by high-risk facilities. This approach has failed to prevent many chemical disasters over the last 25 years. If the draft rule is not strengthened, facility workers and neighbors across the country will continue to bear the human, environmental, and financial costs of more preventable disasters.”

“The EPA still has time to get this rule right,” said Steve Taylor, Program Director for Coming Clean, who contributed to the report. “Communities at the fenceline of these hazardous facilities, and the workers inside them, are sick of industry stonewalling and EPA excuses. A stronger rule is needed to ensure that hazards are removed, or we will continue to see more chemical disasters.”

“We’re glad that EPA recognizes the need to reconsider the RMP rule; preventing disasters is a longstanding priority for EJHA. Unfortunately the draft rule is full of more voluntary measures, which decades of incidents have proven do not work.” said Michele Roberts, National Co-Coordinator of the Environmental Justice Health Alliance for Chemical Policy Reform. “We are depending on EPA to have the moral and political courage to keep the promises President Biden has made to our communities— that means a final rule that requires the transition to safer chemicals and processes wherever possible. Removing hazards before disasters can occur is the best way to protect workers and communities.”

View Repor at www.preventionweb.net/publication/preventing-disaster-three-chemical-incidents-within-two-weeks-show-urgent-need-stronger

Leave a comment , , , ,
1 15 16 17 18 19 53