CISA and FBI observe the increased use of Conti ransomware

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have observed the increased use of Conti ransomware in more than 400 attacks on U.S. and international organizations. (See FBI Flash: Conti Ransomware Attacks Impact Healthcare and First Responder Networks.) In typical Conti ransomware attacks, malicious cyber actors steal files, encrypt servers and workstations, and demand a ransom payment.

To secure systems against Conti ransomware, CISA, FBI, and the National Security Agency (NSA) recommend implementing the mitigation measures described in this Advisory, which include requiring multi-factor authentication (MFA), implementing network segmentation, and keeping operating systems and software up to date.

Technical Details

While Conti is considered a ransomware-as-a-service (RaaS) model ransomware variant, there is variation in its structure that differentiates it from a typical affiliate model. It is likely that Conti developers pay the deployers of the ransomware a wage rather than a percentage of the proceeds used by affiliate cyber actors and receives a share of the proceeds from a successful attack.

Conti actors often gain initial access to networks through:

- Spearphishing campaigns using tailored emails that contain malicious attachments or malicious links;
- Malicious Word attachments often contain embedded scripts that can be used to download or drop other malware—such as TrickBot and IcedID, and/or Cobalt Strike—to assist with lateral movement and later stages of the attack life cycle with the eventual goal of deploying Conti ransomware.
- Stolen or weak Remote Desktop Protocol (RDP) credentials
- Phone calls;
- Fake software promoted via search engine optimization;
- Common vulnerabilities in external assets.

In the execution phase, actors run a getuid payload before using a more aggressive payload to reduce the risk of triggering antivirus engines. CISA and FBI have observed Conti actors using Router Scan, a penetration testing tool, to maliciously scan for and brute force routers, cameras, and network-attached storage devices with web interfaces. Additionally, actors use Kerberos attacks to attempt to get the Admin hash to conduct brute force attacks.

Conti actors are known to exploit legitimate remote monitoring and management software and remote desktop software as backdoors to maintain persistence on victim networks. The actors use tools already available on the victim network—and, as needed, add additional tools, such as Windows Sysinternals and Mimikatz—to obtain users’ hashes and clear-text credentials, which enable the actors to escalate privileges within a domain and perform other post-exploitation and lateral movement tasks. In some cases, the actors also use TrickBot malware to carry out post-exploitation tasks.

According to a recently leaked threat actor “playbook,” Conti actors also exploit vulnerabilities in unpatched assets, such as the following, to escalate privileges and move laterally across a victim’s network.

UK and US cyber security leaders meet to discuss shared threats and opportunities

National Cyber Security Centre CEO and Director of the US Cybersecurity and Infrastructure Security Agency met in London.

Top cyber security officials from the UK and US affirmed their commitment to tackling ransomware in their first official face-to-face engagement.

Lindy Cameron, CEO of the National Cyber Security Centre – a part of GCHQ – met with Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency to discuss their organisations’ priorities, including combatting ransomware.

During their bi-lateral meeting in London they reflected on the impact of ransomware attacks this year and the need for industry collaboration to complement government’s operational efforts against ransomware.

NCSC Chief Executive Lindy Cameron said:

“It was a pleasure to host Director Easterly for our first in-person bi-lateral meeting to discuss the critical issues in cyber security today.

“Ransomware is a serious and growing security threat that cuts across borders, and it is important for us to maintain a continuing dialogue with our closest ally to tackle it.”

The issue of gender diversity was also on the agenda, with both agreeing that more needed to be done to remove barriers to entry into the profession for women and girls.

They discussed the NCSC’s CyberFirst Girls Competition, which aims to get more girls interested in cyber through fun but challenging team events for teenagers, and CISA’s ongoing commitment to expanding opportunities for young women and girls to pursue careers in cyber security and technology and closing the gender gap that exists in these fields.

The two leaders also discussed government collaboration with industry, including the NCSC’s Industry 100 scheme and CISA’s Joint Cyber Defense Collaborative.

The Industry 100 scheme has integrated public and private sector talent in the UK to pool their knowledge to tackle key cyber security issues. The Joint Cyber Defense Collaborative has similarly bought American public and private sector entities together to unify crisis action planning and defend against threats to U.S. critical infrastructure.

Electricity Grid Resilience

The nation’s grid delivers electricity that is essential for modern life. However, the grid faces risks from events that can damage electrical infrastructure (such as power lines) and communications systems, resulting in power outages. These outages can threaten the nation’s economic and national security.

They can also disproportionately affect low-income groups, in part because such groups have fewer resources to invest in backup generators and other measures to minimize the impact of outages.Even though most of the electricity grid is owned and operated by private industry, the federal government plays a key role in enhancing grid resilience.
• The Department of Homeland Security (DHS) is responsible for coordinating the overall federal effort to promote the security and resilience of the nation’s critical infrastructure sectors.
• The Department of Energy (DOE) leads federal efforts to support electricity grid resilience, including research and technology development by national laboratories.
• The Federal Energy Regulatory Commission (FERC) reviews and approves standards developed by the North American Electric Reliability Corporation, the federally designated U.S. electric reliability organization.

Key Issues
The electricity grid faces multiple risks that can cause widespread power outages.
Risks:
- Extreme weather and climate change
- Cyber- and physical attacks
- Electromagnetic events

In addition to the risks described in the prior page, the electric utility industry faces complex challenges and transformations, including:
• aging infrastructure;
• adoption of new technologies, such as information and communication systems
to improve the grid’s efficiency; and
• a changing mix of power generation. The traditional model of large, centralized power generators is evolving as retiring generators are replaced with variable wind and solar generators, smaller and more flexible natural gas generators, and nontraditional resources. Such resources include demand-response activities which encourage consumers to reduce their demand for electricity when the cost to generate electricity are high, and various technologies (e.g., solar panels) that generate electricity at or near where it will be used—known as “distributed generation.”

Key Opportunities
Agencies have implemented several of GAO’s recommendations for improving electricity grid resilience. For example, in March 2016, we recommended that DHS designate roles and responsibilities within the department for addressing electromagnetic risks, which DHS did in 2017. However, as of September 2021, agencies had not yet implemented a number of GAO recommendations that represent key opportunities to mitigate risks in the following areas:

- Extreme weather and climate change - Prioritize efforts and target resources effectively. Enhance grid resilience efforts. Better manage climate-related risks
- Cyberattacks - Assess all cybersecurity risks. Address risks to distribution systems Consider changes to current standards. Evaluate potential risks of a coordinated attack

Panama City, FL Strengthens Critical Infrastructure for Future Disasters

FEMA has approved grants of more than $4.7 million for two hazard mitigation projects for the city of Panama City to reduce its risk of critical facility failure during future disasters. Funding from FEMA’s Hazard Mitigation Grant Program (HMGP) was approved in response to a proposal by the city after Hurricane Michael in 2018.

Millville Wastewater Treatment Plant: $2,653,956 for the purchase and installation of twin permanent generators to support the critical operations of the plant. They will be connected to the main electrical transfer system by a switchgear and an underground duct bank, which provide a protected pathway for electrical transmission and allow the city to provide continued service to the community during future power outages.

Sanitary Sewer Lift Stations: $2,052,265 for Phase One in a proposed project to provide flood protection and improvements to 13 sanitary sewer lift stations within the city, including surveying, engineering, design, plan preparation, permitting and the bidding for Phase Two approval. If approved, the project proposes different mitigation actions depending on the needs and assessment of each of the 13 sites to include relocation, elevation or strengthening against storm surge and wave-action hazards.

The HMGP provides funding to help communities eliminate or reduce disaster-related damage. Following a major disaster, a percentage of a state’s total federal recovery grants is calculated to help develop more resilient communities. Florida has an Enhanced Hazard Mitigation Plan that allows more funding to be available for post-disaster resilience projects. States with the enhanced plan receive HMGP funds based on 20% of their total estimated eligible federal disaster assistance.

Early warning systems saving lives during Nepal’s monsoon

For days leading up to the disaster, Mr. Harisaran Shrestha had been listening to warnings about floods in the Melamchi, a river that flows through the foothills of the Himalayas in central Nepal. At least one local FM radio was repeatedly broadcasting notices about the possible release of water from the reservoir of a nearby drinking-water project and urging the public to avoid river banks and to refrain from activities like fishing, sand mining, and gravel collecting.

The local police and representatives were also issuing similar warnings around the town via microphones and loudspeakers.

Owing to these forewarnings, when the flood eventually hit his hometown, Melamchi Bazar, northeast of Kathmandu in Sindhupalchowk district, in June 2021, Mr. Shrestha was better prepared to react to the deluge. “As soon as it became apparent that the flood was going to sweep the entire town, I used my bus to ferry women, children, and disabled people in the neighbourhood to a safer location,” said Mr. Shrestha.

On June 15, just an hour after the final warning from the radio and police announcement on loudspeaker, massive floods near the confluence of the Melachmi River and the Indrawati River swept through the settlements near Shrestha’s hometown, killing at least five people and destroying property worth millions of rupees. At least a dozen people remain missing more than two months after one of the worst disasters in the town's history.

Despite saving many lives, Mr. Shrestha could not save his belongings because he had underestimated the scale of the disaster. “Our home was at a considerable distance from the river. It never occurred to me that the swollen river’s waters would reach this far,” Mr. Shrestha recalled in an interview.

Now displaced by the flood, Mr. Shrestha, 38, has been living with a family of six in a temporary shelter. The river, which has changed its course, now runs through his home and farmland.

“The river took everything. Thankfully, all of us are safe,” said Mr. Shrestha.

Mr. Dev Raj Subedi, the manager of Radio Melamchi, which issued the flood warnings, said that the alerts had proved effective in saving hundreds of lives, although only a few households managed to save some of their possessions--those they could carry with them. Radio Melamchi has been ritually providing flood-related warnings to the municipality’s estimated 50,000 inhabitants for the last few years, especially after the Melamchi Drinking Water Project gathered momentum in the 2010s.

“We issued the warning as soon as a government official informed us about the flood upstream. The warning proved especially helpful in the town area, whose inhabitants had the means to access the warning. That was one of the reasons there were no deaths in the town area,” shared Mr. Subedi.

Melamchi’s case is the latest example of how the growing use of mass media and early warning systems through data collected from meteorological and hydrological stations and rainfall-runoff model is proving effective in saving lives in Nepal, which is highly susceptible to disasters, owing to its topography and its hundreds of big and small rivers.

Every year, floods and landslides wreak havoc in Nepal, leading to huge numbers of casualties and untold destruction of property. Hill settlements are particularly vulnerable to landslides and flash floods, while riverine floods routinely deluge the lowland areas bordering India.

Every year during the rainy season, hundreds of families lose their house, agricultural yield, and means of livelihood, pushing them further into poverty.

Between 13 April to 16 October in 2020, floods and landslides killed at least 337 Nepalis, wiped out thousands of houses, and destroyed property worth billions of rupees, according to an estimate by Nepal’s Ministry of Home Affairs. More than 100 people remain missing on account of those floods.

Numerous factors including the 2015 earthquake, infrastructural projects and climate change have contributed to increasing disasters, according to experts. For instance, Sindhupalchowk district, the epicenter of the 7.8 magnitude earthquake that rattled Nepal in 2015, has seen a marked increase in landslides and floods following the tragedy that killed over 9,000 people.

Mr. Bikram Shrestha Zoowa, a senior Divisional Hydrologist at the Department of Hydrology and Meteorology, in Kathmandu, said that climate-induced hazards and unplanned development are emerging as challenges in recent decades.

Examples include recent disasters such as the Setigandaki flood in Kaski, Jure landslide-Sindhupalchowk in 2014, a Glacial Lake Outburst Flood (GLOF) in Tibet immediately above the Bhotekoshi River in Sindhupalchowk in 2016; a dry landslide in the Kaligandaki Corridor after the 2015 earthquake, another GLOF in Barun valley obstructing the flow of Arun River in 2017, and numerous climate-induced landslides during the 2020 monsoon and this year, said Mr. Shrestha Zoowa.

“Human interventions such as road construction in hill slopes without considering geological studies are certainly the causes of the region’s geological fragility, which results in small and big landslides in hilly regions. This is the man-made effect in addition to earthquakes responsible for hazards.”

According to the latest Intergovernmental Panel on Climate Change report, global temperature is expected to reach or exceed 1.5 degrees Celsius of warming averaged over the next 20 years. In 2019, a landmark report

by the International Centre for Integrated Mountain Development, an intergovernmental center based in Nepal, warned that a two-degree temperature rise could melt half of the glaciers in the Hindu Kush Himalaya region, destabilising Asia’s rivers.

In recent years, to minimise loss of life and property, an increasing number of communities vulnerable to disasters have begun to integrate social media platforms--such as Facebook and Twitter--and other technologies to provide early warnings. And as with Radio Melamchi, more than 500 FM radio stations across Nepal are being used to disseminate news and timely warnings. Many other local bodies are integrating SMS text messages to provide real-time alerts for people living in disaster-prone zones.

In Kailali, a western Nepal district bordering India’s Uttar Pradesh, flood warnings through SMS alerts and phone calls have proven effective in saving lives in settlements spread along the Karnali River Basin.

“When massive floods hit our village in 2016, most of the villagers with mobile phones had received SMS alerts three hours before the disaster. Those three hours gave us ample time to save not just our lives, but also our livestock and essentials like some grains and documents,” said Ms. Sajita Tharu of Laxmipur village in Kailali district. “Thankfully, we have not faced that kind of flood in recent years but we continue to receive alerts if water rises above the danger level. That allows us to remain mentally prepared and save essentials in case the flood hits us.”

As part of the community-based early warning approach, residents living in catchment areas constantly pass on information about the water level in their area to residents of villages downstream. The community groups also get constant flood alerts from the Department of Hydrology’s regional station. The alerts--including text messages, phone calls, and information from weatherboards--are widely circulated by the members of the Community Disaster Management Committees, which were formed by programs designed to enhance the communities’ flood resilience. Most members of these user committees are women, as many working-age men migrate to India or other countries in search of jobs.

Ms. Manakala Kumari Chaudhari, the deputy mayor of Rajapur Municipality in far-western Nepal, said that the timely early warning system in his area has been instrumental in saving lives and properties. As soon as the water level rises above the danger level upstream, several people who own mobile phones in his municipality--a delta created by the Karnali River--receive warnings.

“Save for some exceptions, most locals respond to warnings and take the required safety measures. The timely alerts also provide ample time for all stakeholders to make the necessary preparations for disasters,” said Ms. Chaudhari.

Such timely warnings are critical because they provide enough time to save lives. The area is susceptible to constant floods from big rivers like the Karnali and Babai and from small streams, which are usually dry in other seasons.

In preparation for the seasonal floods, communities in western Nepal have also built community shelters, animal sheds to shelter their livestock and grain-storage facilities to save grains.

Since Nepal adopted federalism in 2015, there have been efforts at all three levels of government to embrace disaster-resilience policies. The central government, the provincial government, as well as many local governments have adopted policies related to disaster risk reduction. Recently, under the Home Ministry, the National Disaster Risk Reduction and Management Authority prepared the National Monsoon Early Preparedness and Response Work Plan

2021. However, questions remain around the implementation of these policies and the authorities’ ability to handle large-scale disasters, especially owing to their lack of resources. Moreover, growing landslides along newly constructed highways, hydropower projects and other infrastructures-- many of which were cleared after proper Environment Impact Assessment--- have reinforced the need for better policies to promote resilient infrastructure.

But overall, the early warning systems seem to be reducing the impacts of floods in many parts of Nepal. Mr. Shrestha Zoowa, the hydrologist, said that early warning systems have proven effective in saving hundreds of lives every year, especially in vulnerable settlements along big rivers such as the Karnali, Babai, Narayani, and Koshi. The data gathered from weather stations, rainfall-runoff models are disseminated in form of daily bulletins through various media platforms, while the weather forecast relies on the Weather Research and Forecasting model, an advanced numerical weather prediction framework designed for operational forecasting and atmospheric research needs.

In recent years, the Department of Hydrology and Meteorology has been working with various non-governmental organizations in developing disaster information management systems and online databases to provide real-time information to augment its early warning systems.

The Disaster Risk Reduction Portal and Nepal Government GeoPortal, among other platforms, provide information gathered from various hydro-meteorological stations in Rasuwa, Solukhumbu, Kaski, Dolpa, Humla, Dolakha, Jumla, Sankhuwasabha and Manang districts.

“For most flood events, we have effective plans, technologies, and historical information to issue timely and reliable warnings to vulnerable settlements. But we lack an effective early warning system for flash floods in the hills and for settlements along small rivers, which are highly unpredictable,” said Mr. Shrestha Zoowa.

Nepal also needs to do more to ensure that people respond to early warnings. Although many local communities are making good use of weather forecasts and flood alerts, some are unable to take advantage of the information, often because they lack the economic means and/or technical knowledge to know what to do. Often the warning messages come with technical jargon and they may not effectively relay the impact information of the disaster relevant to people’s day to day life and experience. “The early warning systems have become much better over the years but there is still a lot to be done,” said Mr. Shrestha Zoowa.

The basis for safer digital finance

The transformations we are seeing in numerous fields – from energy and mobility to health care, agriculture, and financial services – all hinge on digital technologies, along with an array of associated business ecosystems. All these technologies and systems must be reliable, secure and deserving of our trust.

The Financial Inclusion Global Initiative (FIGI) is an open framework for collaboration led by the International Telecommunication Union (ITU), the World Bank Group, and the Committee on Payments and Market Infrastructures (CPMI).

Our partnership brings together the expertise to accelerate digital financial inclusion. With the support of the Bill & Melinda Gates Foundation, we have brought together the full range of stakeholders set to benefit from this expertise.

The World Bank Group and CPMI have helped to build a strong understanding of the policy considerations surrounding digital identity and incentivizing the use of electronic of payments.

ITU’s work has focused on security, infrastructure and trust – secure financial applications and services, reliable digital infrastructure, and the resulting consumer trust that our money and digital identities are safe.
No more secrets

Considering the prevalence of data breaches, the need for strong authentication is clear, with discussions in the industry often noting that “there are no secrets anymore.”

New ITU standards for a universal authenticator framework (X.1277) and client-to-authenticator protocol (X.1278) are helping overcome the security limitations of the "shared secret" approach, the basis for the widely familiar username-password model of authentication.

Users can now authenticate locally to their device using biometrics, with the device then authenticating the user online with public key cryptography. With the new standards, users are asked to authenticate locally to their device only once, and their biometric data never leaves the device. This model avoids susceptibility to phishing, man-in-the-middle attacks, or other forms of attack targeting user credentials.

FIGI engagement helped to usher these specifications, first developed by the FIDO (Fast Identity Online) Alliance, into the ITU standardization process to stimulate their adoption globally. Authentication options consistent with X.1277 and X.1278 are now supported by most devices and browsers on the market.
Fortifying a walled garden

In developing countries, digital financial services are often provided over Signalling System No.7 (SS7), a legacy network protocol standardized by ITU in the late 1970s. SS7 enables all network operators to interconnect and looks sure to remain in use for years to come.

But security was not considered in its design. SS7 was designed as a walled garden. Entry to the SS7 network was intended to be highly regulated, with only trusted network operators being granted access. But malicious actors have since found various ways to get hold of the keys, especially since some of the initial design and deployment assumptions were no longer valid with the introduction of deregulation, voice over IP, and mobile networks.

FIGI has worked to raise awareness about SS7’s security vulnerabilities and associated mitigation techniques. As the need to mitigate these vulnerabilities increases, network operators can look to ITU’s new Q.3057 standard outlining signalling requirements and architecture for interconnection between trustable network entities. This is another standard rooted in FIGI discussions.
Reliable, widely available connectivity

Trust in digital financial services is also acutely affected by the reliability and availability of connectivity. Network downtime and transaction failures resulting from dropped connections can erode the trust of consumers and merchants in digital financial services.

Investment in digital infrastructure must continue, with the industry adopting meaningful, widely accepted benchmarks for service quality. ITU standards specify the route towards reliable, interoperable network infrastructure, and they provide a wide range of tools to assess the performance and quality of the services running over this infrastructure.

FIGI highlighted the demand for service quality indicators specific to digital financial services. With the expertise on hand at ITU, we have delivered new standards describing key quality considerations for digital financial services (ITU G.1033) and a methodology to assess the quality of user experience (ITU P.1052).
Security across the value chain
Every industry player involved in providing digital financial services has to be concerned about security risks. Security is only as strong as its weakest link, and innovation in digital finance continues to extend the length and increase the complexity of the underlying value chain.

Secure digital finance calls for coordinated defences that are attuned to evolving security threats. A key FIGI report outlines the security assurance framework needed to achieve this for each actor in the digital finance value chain.

The best practices suggested by the framework could form the basis for a safer business ecosystem. They reflect the needs of everyone involved, from customers to network operators and digital finance providers, right through to third-party providers interfacing with the financial system.

[Source: ITU]

ICC and RESNET to Develop Standard on Remote Virtual Inspections for Energy and Water Performance in Buildings

The International Code Council, the leading global source of model codes and standards and building safety solutions, and RESNET, a national standards-making body for energy efficiency ratings and certification systems, will continue their long history of collaboration by developing a new American National Standards Institute (ANSI) candidate standard on remote virtual inspections (RVI) for the energy and water use performance of buildings. Previously, the two organizations have worked together to develop a new certification designation, the International Energy Conservation Code (IECC)/Home Energy Rating System (HERS) Compliance Specialist, and four other ANSI standards. Most recently, they advocated and received recognition of the Home Energy Rating System (HERS®) Index within California.

The new standard will provide guidance for implementing RVI for energy code compliance and for energy and water efficiency performance. Performance raters will be provided criteria to check all aspects of permitted construction for compliance with energy codes and other energy-related applicable laws and regulations. As a next step, a new Standard Development Committee will be formed to develop and maintain the standard with the Code Council and RESNET appointing representatives – both separately and jointly.

“Building construction is rapidly evolving and jurisdictions are being challenged to adapt,” said Mark Johnson, Executive Vice President & Director of Business Development, International Code Council. “The need for new inspection methods has been building for a while as the inspector workforce has shrunk and jurisdictions’ resources have come under financial pressure. The pandemic also increased the pressure to evolve, and quickly.”

RVI is a tool to address these problems and organizations such as the Code Council have developed guidance documents to assist code enforcement entities.

“As more code enforcement departments begin their digital transformation and adopt technologies like RVI, there needs to be standardized criteria for how it is implemented,” said Steve Baden, Executive Director, RESNET. “A national consensus standard for RVI as it applies to energy- and water-use efficiency inspections and ratings will both provide code enforcement authorities with assurance that the ratings they adopt for code compliance are reliable, as well as advance the efficiency and efficacy potentials of these new approaches to determining code compliance.”

The standard would be co-sponsored by the Code Council and RESNET and developed using RESNET’s ANSI accredited procedures as an American National Standard by ANSI. For more information on RVI, the Code Council released a whitepaper, Recommended Practices for Remote Virtual Inspections (RVI), which will be the foundation for the development of the new consensus standard.

Digital is the future of urban energy

Cities already account for two-thirds of energy consumption and produce more than 70 per cent of carbon emissions globally every year.

With more than half of all people in the world living in cities, smart urban energy systems are needed to bring climate-damaging emissions down to net-zero in the next few decades.

Digital solutions can help cities reduce emissions and make the transition to clean energy systems, according to the latest report from the International Energy Agency (IEA).

By 2050, when almost 70 per cent of the world’s population will be city dwellers, energy will be in even higher demand.

To provide it sustainably, cities will need smart grids and innovative storage that integrate renewable power generation, electrified transport, and efficient heating and cooling, along with climate-safe bioenergy and waste-to-energy solutions.

Bringing all these together will depend on top-to-bottom digitalization of urban energy systems and related services. The IEA report, 'Empowering Cities for a Net Zero Future', based on consultations with over 125 experts, advises pioneering cities on how to ensure a sustainable energy future based on digital technologies.
Building smart grids

Flexible energy systems enable agile responses to real-time situations, balancing demand and supply throughout the day. Smart grids with real-time monitoring and predictive analytics can offer reduced peak loads, better integrate renewables at lower costs and minimize pressure on aging grid infrastructure.

Smart grids will be crucial to address global warming by reducing carbon-dioxide (CO2) emissions. Direct access to data, meanwhile, empowers consumers to manage their energy consumption and costs.

In the United Arab Emirates, the Dubai Electricity and Water Authority (DEWA) says it has installed a local smart grid that enables "automated decision-making and interoperability across the entire electricity and water network."

By 2050, digitalization and smart controls can reduce CO2 emissions from buildings by 350 million tonnes, the IEA estimates.

Heating, air conditioning, motion sensors, ventilation and other data can encourage more efficient energy use. For instance, appliances can be operated when solar and wind power are active.

Electric vehicles (EVs) can be charged overnight, when electricity demand is lower, or when solar photovoltaic (PV) production exceeds other demand. Crucially, plugged-in EVs can also add energy storage capacity to the whole system.
Connected mobility

Electrification of transport and widespread EV use will help to scale up renewable energy sources through smart charging and vehicle-to-grid (V2G) systems that adapt charging rates to power availability and sometimes even return power to the grid.

People who hesitate to adopt EVs could be reassured by real-time data on costs and the availability of charging points.

Smart mobility applications can help residents pick modes of transport, including public transit and shared schemes, with more awareness about lowering emissions.

In Lathi, Finland, a mobile app shows the different transport options available and their respective carbon emissions. Virtual credits awarded for a low footprint can then be used to purchase city services and products.
Standards for climate-safe cities

Harmonized international standards can enable the interoperability of smart energy solutions as well as ensure data privacy, grid stability and cybersecurity, the IEA report affirms.

The International Telecommunication Union (ITU), the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) already work together closely on standards development through their joint smart city task force.

Innovators aiming for system-level harmonization can look to smart city standards like ITU Y.4459, “Digital entity architecture framework for Internet of Things interoperability”, developed by ITU-T Study Group 20 (Internet of Things and smart cities and communities).

Key Performance Indicators for Smart Sustainable Cities – prepared by the United for Smart Sustainable Cities Initiative based on an ITU standard aligned with UN Sustainable Development Goals (ITU Y.4903/L.1603) – have set a benchmark for best practices and provide a practical framework to assess each city’s progress towards net-zero emissions and digital transformation.

A key standard developed by ITU-T Study Group 5 (Environment, climate change and circular economy) and released last year (ITU L.1470) details the emission-reduction trajectories needed to cut greenhouse gas emissions in the information and communication technology (ICT) sector by 45 per cent between 2020 and 2030.

This is the rate required to meet a key climate goal – limiting global warming to 1.5 degrees Celsius during this century, compared to pre-industrial levels, in line with the Paris Agreement and the United Nations Framework Convention on Climate Change (UNFCCC).

[Source: ITU]

Keystone Accidents Investigated by GOA

The Department of Transportation's Pipeline and Hazardous Materials Safety Administration (PHMSA) required TC Energy to take additional safety measures specified in a special permit as conditions of allowing certain portions of the Keystone Pipeline (Keystone) to operate at a higher stress level than allowed by regulation. PHMSA reviewed technical information and drew on its experience granting similar permits to natural gas pipelines to develop 51 conditions with which TC Energy must comply. Most pipeline safety and technical stakeholders GAO interviewed agreed the conditions offset the risks of operating at a higher stress level. However, PHMSA did not allow TC Energy to fully operate Keystone at this higher stress level until 2017, after TC Energy replaced pipe affected by industry-wide pipeline quality issues.

Keystone's accident history has been similar to other crude oil pipelines since 2010, but the severity of spills has worsened in recent years. Similar to crude oil pipelines nationwide, most of Keystone's 22 accidents from 2010 through 2020 released fewer than 50 barrels of oil and were contained on operator-controlled property such as a pump station. The two largest spills in Keystone's history in 2017 and 2019 were among the six accidents that met PHMSA's criteria for accidents “impacting people or the environment.” According to PHMSA's measures for these more severe types of accidents, from 2010 to 2020 TC Energy performed better than nationwide averages, but worse in the past five years due to the 2017 and 2019 spills.

The Keystone Pipeline has transported over 3 billion barrels of crude oil from Canada to U.S. refineries since 2010. Keystone's accident history is similar to other pipelines, but the severity of its spills has worsened in recent years due to 2 large spills in 2017 and 2019.

The Department of Transportation required Keystone operator TC Energy to investigate and address the root causes of the 4 largest spills. DOT has also issued enforcement actions and civil penalties for problems like inadequate corrosion prevention. Based on Keystone "lessons learned," DOT has increased inspection resources for other pipelines during construction.

In response to each of Keystone's four largest spills, PHMSA issued Corrective Action Orders requiring TC Energy to investigate the accidents' root causes and take necessary corrective actions. These investigations found that the four accidents were caused by issues related to the original design, manufacturing of the pipe, or construction of the pipeline. PHMSA also issued other enforcement actions and assessed civil penalties to TC Energy for deficiencies found during inspections, such as inadequate corrosion prevention and missing pipeline markers. Based in part on its experience overseeing Keystone, PHMSA officials said they have increased resources to conduct inspections during construction of other pipelines and are establishing a more formal process to document and track the compliance of all special permits, including Keystone's permit.

How ITU provides emergency telecommunications in a pandemic

“We have to prepare everything in advance so that when a disaster strikes, the only thing that we have to do is pack the equipment and take it to where it is needed,” explained Jake Spinnler from ITU’s Emergency Telecommunications Division.

Spinnler is part of the ITU Emergency Telecommunications team and currently coordinating ITU’s Emergency Telecommunications Roster (ETR), a voluntary group of ITU staff from across the organization on stand-by to deploy the services on short notice.

“In the last few months, we have been checking and testing the satellite phones and Broadband Global Area Network (BGAN) terminals to see if the equipment is complete, if it works correctly or we need to buy spare parts,” added Spinnler, who has been trained to use emergency telecommunications equipment, helping to ensure vital communication networks are maintained during relief efforts.
The year of disasters

Disasters don’t stop during a pandemic. In 2020, 389 disasters impacted 98.4 million people globally.

Additionally, according to the recently released Intergovernmental Panel on Climate Change (IPCC) report, Climate Change 2021: The Physical Science Basis, extreme weather events that we are facing today – from cyclones in India to devastating floods in China, widespread wildfires in North America and enduring droughts across Africa – are set to continue and worsen in the decades to come.

Telecommunication networks are critical to coordinating relief efforts, but are often destroyed when disaster strikes.

At the request of Member States, in the aftermath of a disaster, ITU deploys temporary information and communication technology (ICT) solutions to help restore telecommunication links needed for response efforts. The ITU ETR is a new addition to this service.

“I have visited nearly all countries in the world, taking this equipment to help them to use it for response coordination efforts and assist in recovery from disasters,” said Maritza Delgado, ITU’s Emergency Telecommunications Programme Officer.

“Sometimes these are the only phones that are available in the disaster zones, and the only channel for organizations to coordinate with different stakeholders in charge of overall disaster management.”

Direct impact on the ground

Although training was largely conducted online during the COVID pandemic – from using the equipment to personal safety training – some aspects still need to be done in person.

To ensure life-saving equipment is in full working order, the ETR team needs to test it regularly. This equipment includes BGAN terminals, Iridium satellite phones and other terminals.

“As a Radiocommunication Engineer, working with these satellite devices is a great opportunity for hands-on experience,” said Veronique Glaude, Senior Radiocommunication Engineer in ITU-R. “This equipment is vital to assist first responders for timely communication and enable them respond to the humanitarian needs of the affected individuals and communities. It is a real honour for me to be part of that process.”

For many ITU staff, being part of the ETR has had a positive impact on their work at ITU.

“One of my roles in ITU is Acting Advisor to ITU-T Study Group 2, which plays a leading role in ITU standards development for disaster relief, early warning, network resilience and recovery. The ETR provides a direct connection between theory and practice,” said Rob Clark, Study Group Project Coordinator in ITU-T.

“Being part of the ETR has enlightened me on the role that ITU is playing alongside its partners in the field of emergency telecoms and disaster relief. It also reminds me of the direct impact of ITU’s work on the ground. This is a useful perspective to incorporate into my ‘day job’ supporting ITU members’ development of international telecommunication standards,” he said.

During the COVID-19 pandemic, with in-person deployments suspended due to travel restrictions, ITU strengthened partnerships with satellite providers to provide the necessary connectivity and equipment.

These partnerships ensured that ITU could continue to support countries in the aftermath of disasters.

[Source: ITU]
1 26 27 28 29 30 53