Asia-Pacific needs to tackle overlapping crises

The Asia-Pacific region needs to step up efforts to prepare for and tackle complex, overlapping crises in order to increase the resilience of its people as well as its economies, with climate change threatening to dwarf the challenges of COVID-19 pandemic, a key meeting of the UN Economic and Social Commission for Asia and the Pacific has heard.

“Notwithstanding the progress made by many countries in devising more robust systems of early warning and responsive protection - with far fewer people dying as a result of natural disasters - the COVID-19 pandemic has demonstrated that almost without exception, countries around the world are still ill-prepared to deal with multiple overlapping crises, which often cascade,” said Armida Salsiah Alisjahbana, UN Under-Secretary-General and Executive Secretary of ESCAP.

“Tropical cyclones, for example, can lead to floods, which lead to disease, which exacerbates poverty,” she told the ESCAP Committee on Disaster Risk Reduction.

Since the start of the pandemic, the region has been hit by multiple natural and biological disasters. At the same time, climate change has continued to warm the world, exacerbating the impacts of many of these disasters. The Asia-Pacific Disaster Report 2021, which was launched during ESCAP’s Disaster Reslience Week, shows that the pandemic, combined with the persistent reality of climate change, has reshaped and expanded the disaster “riskscape” in Asia and the Pacific.

Resilience in Asia-PacificThe triple threat of disease, disaster and climate change is causing not only considerable human hardship but also significant economic losses. Currently, the annual average disaster-related losses are $780 billion. This could nearly double, to around $1.4 trillion, in a worst-case climate scenario. Choosing a proactive strategy of adapting to natural and other biological hazards would be far more cost-effective at an annual cost of $270 billion, said the report.

WMO Secretary-General Prof. Petteri Taalas urged great ambition to reduce greenhouse gas emissions and to accelerate climate change adaptation.

“If we fail with the climate change mitigation, the impact is going to be felt for centuries or even millennia, so the scale of the problem we are talking about when it comes to climate change, the scale is much bigger,” Prof. Taalas told ESCAP’s Committee on Disaster Risk Reduction.

The new report from the Intergovernmental Panel on Climate Change (IPCC) has highlighted the increasing severity of the physical impacts of climate change because of record concentrations of greenhouse gases. This includes long-term melting of glaciers, snow and ice cover, sea level rise and ocean acidification, which will last for centuries or even thousands of years, Prof. Taalas said in a video address.

“Heatwaves, drought, forest fires, flooding, landslides and tropical storms are becoming more intense, as a result. Last year was the warmest year on record in Asia and we have also seen record breaking flooding, especially in East Asia” Prof. Taalas said.

The ESCAP Committee on Disaster Risk Reduction is charged with addressing the following issues: (a) emergence of cascading risks and extension of the disaster risk-scape; (b) scaling-up multisectoral cooperation frameworks to manage cascading risks; and (c) status of regional co-operation efforts.

WMO was represented in several expert group meetings, panel discussions and side events. WMO and ESCAP have a Memorandum of Understanding to work together to build resilience to climate and disaster risks and the promotion of impact-based early warning services and systems. The two organizations have a long history of cooperation by jointly establishing the Typhoon Committee.

Prof. Taalas stressed the importance of building capacity in Least Developed Countries and Small Island Developing States to adapt to climate change and build resilience, in particular through investments in early warning services.

However, major gaps in observing systems in many parts of the world, including islands and least developed countries in the Asia-Pacific region, have a negative impact on the quality of early warning services. WMO’s new initiative, the Systematic Observations Financing Facility (SOFF) seeks to close these gaps and leverage sustainable financing.

T-Mobile confirmed latest data breach affecting millions of customers

US telecom giant T-Mobile has confirmed their latest data breach affecting nearly 8 million customers was accessed by a hacker, totaling five breaches in the last four years.

Their preliminary analysis showed that almost 8 million current postpaid customers and 40 million records of former or prospective customers, who had at one point applied for credit with the company, were taken in a 'highly sophisticated cyberattack.'

The latest in the series of hacks on the company's customers' data comes on the heels of two attacks in 2020, one in 2019, and another in 2018. This most recent breach is by far the largest.

News broke that a hacker was trying to sell T-Mobile customer data online, data they claimed to have gotten via compromised T-Mobile servers. They claimed the data contained names, addresses, social security numbers (SSN), driver license information, phone numbers and unique IMEI numbers.

ADPC and UNDRR Sign a Statement of Cooperation to Promote Climate and Disaster Resilience

The Asian Disaster Preparedness Center (ADPC) and the United Nations Office for Disaster Risk Reduction (UNDRR) have signed a Statement of Cooperation to strengthen the implementation of the Sendai Framework for Disaster Risk Reduction 2015-2030 (Sendai Framework), promote climate and disaster resilience, encourage knowledge sharing for informed decision-making, and improve risk governance across Asia and the Pacific.

ADPC and UNDRR reaffirmed their commitment to promote climate and disaster resilience as core components of risk-informed sustainable development. Both organizations will work together to enhance the dissemination of regional knowledge on disaster risk, address disaster damage and loss data challenges, and strengthen the analytical and evidence base for regional cooperation to implement the Sendai Framework and the 2030 Agenda for Sustainable Development.

They will collaborate in scaling up the support to countries for the development and implementation of national and local disaster risk reduction strategies in line with national climate change adaptation and national development plans.

The Statement of Cooperation will also strengthen existing collaboration between ADPC and UNDRR in many areas, such as developing online courses on Sendai Framework Monitor, devising a COVID-19 Small Business Continuity and Recovery Planning Toolkit, and the development of disaster risk reduction status reports of countries in Asia and the Pacific.

Promoting transboundary disaster risk management is one of the key points of this Statement of Cooperation, thus both organizations will leverage their existing networks to promote transboundary risk management and fortify collaboration with other regional organizations.

The collaboration will in turn strengthen the implementation of the four Sendai Framework priorities for action and enhance the science-policy-practice interface in disaster risk reduction and climate resilience in Asia-Pacific and beyond.

New IAEA Guidance in Emergency Preparedness and Response

How do you create a national strategy to protect people in a nuclear or radiological emergency based on lessons learned, scientific evidence and good practices? A new IAEA publication, Considerations in the Development of a Protection Strategy for a Nuclear or Radiological Emergency provides the concepts and practical considerations needed to build that protection strategy.
“The publication is universally adaptable and addresses the different aspects of an emergency from the direct radiological consequences to protecting against non-radiological aspects, which are decisive for an effective response,” said Svetlana Nestoroska Madjunarova, former counsellor in monitoring and emergency at the North Macedonian Radiation Safety Directorate and author of the publication.
Five main topics are covered in the publication: the concept of a protection strategy for a nuclear or radiological emergency, the basis and process for the development of a protection strategy, processes for justifying and optimizing protection and safety and consultation with interested parties. These five topics provide guidance to those planning a protection strategy, the underlying concepts and they also provide practical guidance on implementation in alignment with the IAEA safety standards and the goals of emergency response as defined in General Safety Requirement Part 7.
The publication also provides an outline for national protection strategies to support national efforts to develop justified and optimised plans to protect health and minimize danger to life and property during and following a nuclear or radiological emergency, as well as specific guidance for the effective, optimal implementation of the strategy in emergency response.
Protection measures should be based on scientifically justified methods and applied only when observations in the field indicate action is necessary. In this manner, maximum protection can be provided with minimum social and economic disruption. Justification in emergency response means taking diverse factors into account to achieve more good than harm. Optimization is a process that applies the resources at hand in the most effective manner to provide the best protection during an emergency.
Core objective
The guidance addresses both the early stages of the emergency response and the subsequent return to normality in the affected areas, while also touching on environmental, economic and other consequences. These considerations, previously addressed in separate publications, are now gathered for the first time in this unified volume.
“Effective emergency response planning requires a holistic approach that addresses all the issues arising during and following an emergency, not solely the initial consequences of the nuclear or radiological emergency,” said David Owen, expert from the United Kingdom on the publication drafting group.
The publication reflects the latest safety requirements and recommendations in emergency preparedness and response and supports their implementation.
“The eventual return to normality following an emergency is an important consideration in the protection strategy,” Madjunarova said. “Countries may expect that in this post-emergency period there is enough time to acquire the relevant social, economic and radiological information needed to make optimal decisions. Lessons learned show that a comprehensive strategy is essential in making and implementing those decisions in a timely manner.”
The publication also offers practical advice on the possible transboundary consequences of a nuclear or radiological emergency to identify potential hazards to aid cooperation with all countries that may be affected by such events to ensure effective and consistent protection of the affected populations and the environment across borders.

CISA Announces Renewal of the Information and Communications Technology (ICT) Supply Chain Risk Management Task Force

The Cybersecurity and Infrastructure Security Agency (CISA) announced the extension of the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force to July 31, 2023.
The Task Force, chaired by CISA and the Information Technology (IT) and Communications Sector Coordinating Councils, is a public-private partnership composed of a diverse range of representatives from large and small private sector organizations charged with identifying challenges and devising workable solutions and recommendations for managing risks to the global ICT supply chain.
In January, the Task Force was extended for six months, allowing for continued progress by its working groups (WGs) and the launch of three new WG efforts to develop products, tools, and analysis to enhance ICT supply chain resilience. As a result, the latest Threat Scenarios Report (Version 3) and newly created ICT Supply Chain Resource Library are now available for use.
Under the newly signed charter,  the Task Force will continue and conclude ongoing efforts such as the release of two additional products, which includes a report focused on liability protections for the private sector when sharing supply chain risk information, and a guide that will help small and medium-sized businesses better understand and manage their ICT SCRM needs to mitigate the effects in the event of a cyber incident. The Task Force will also continue to explore means for building partnerships, develop new resources, and collectively enhance ICT supply chain resilience.
“As recent events have shown, the need for safe and secure ICT supply chains is critical to our American way of life,” said Bob Kolasky, CISA Assistant Director and Task Force Co-Chair. “Securing our nation’s supply chains requires a team approach, with all of us playing an essential role in addressing its unique challenges. Renewing the charter for two years will ensure the Task Force has the support and flexibility needed to address critical supply chain issues and build a collective defense from future supply chain threats.”
“The COVID-19 pandemic exacerbated the already complex and pervasive threats to the global ICT supply chains, making the Task Force’s mission as essential as ever to U.S. economic and national security,” said John Miller, Senior Vice President of Policy and General Counsel at the Information Technology Industry Council and Co-Chair of the Task Force. “By leveraging premier public and private sector expertise, the Task Force has been able to advance actionable solutions on challenging issues to better mitigate supply chain risks. We are pleased the extension of the Task Force’s charter clears the way for its critical mission to move ahead, and we look forward to continuing to help lead this important partnership on behalf of the entire tech industry.”
“The global supply chain faces unprecedented threats strained by the pandemic and unceasing attacks by cyber criminals and nation-states. Government and private industry working separately on these challenges won’t be nearly as successful as a dedicated, integrated partnership that coordinates supply chain activity across the entire government and various industry sectors,” said Robert Mayer, Senior Vice President of Cybersecurity and Innovation at USTelecom, and Task Force Co-Chair. “That’s what the Task force is all about, and where our ability to rapidly convene and engage industry experts on COVID supply chain disruptions, White House Executive Orders, and mitigation from the Solar Winds hack has been so impactful. As we enter the third year, we’re committed to developing products and tools, including for small and medium-sized businesses in the ICT ecosystem, to build a stronger and more resilient supply chain.”

Floods in Europe underline need for increased investment in Disaster Risk Management

The UN Secretary-General’s Special Representative for Disaster Risk Reduction, Mami Mizutori, today extended her condolences to all those affected by the current severe floods across Europe and urged greater investment in disaster risk reduction against a natural hazard which, until the arrival of COVID-19, has typically affected more people annually than any other disaster type.
“I send my heartfelt condolences to the people and governments of Germany and Belgium where lives have been lost and my sympathy is also with the people of the Netherlands, France, Luxembourg and Switzerland on the disruption caused by these record rains. Lives, homes, and livelihoods have been lost in a flood event of such magnitude that people had difficulty in comprehending what action they could take to protect themselves from it.
“Europe has seen major flooding before but rarely on this scale and with such harrowing loss of life. This underlines the importance of getting to grips with measures to adapt cities, towns and rural areas to the shocks that arise to our weather systems in a warming world. We need to make our urban areas more resilient to floods and storms to mitigate the impacts of large volumes of water and the landslides that usually accompany such phenomena.
“I am particularly concerned about media reports that in at least one incident nine persons living with disabilities lost their lives. National and local strategies for disaster risk reduction must take full account of the needs of such persons as well as others who may have mobility issues including older persons, children, and pregnant women. It is essential that disability organizations are involved in the disaster management planning process.
“While linking one disaster event with climate change is complicated, it is undoubtedly the case that over the last twenty years of record-breaking temperatures there has been a concomitant rise in the number of extreme weather events across the globe. The challenge before us is not just to reduce greenhouse gas emissions but to invest in adaptation to save lives, reduce economic losses and protect critical infrastructure.
“Europe will meet later this year in Portugal to discuss progress on implementing the Sendai Framework for Disaster Risk Reduction, the global plan to reduce disaster losses. That discussion will be an opportunity to reflect on the lessons learned from the tragic events now unfolding across Europe due to record heavy rains and to see how we can better adapt to climate change, improve multi-hazard early warning systems and strengthen public understanding of disaster risk.”

Alliance for National & Community Resilience Awards First Resilience Designation to Martinsville, Virginia

The Alliance for National & Community Resilience (ANCR) issued its first community resilience designation to Martinsville, Virginia, at a meeting of the City Council. Martinsville was selected as the initial pilot city for ANCR’s Community Resilience Benchmarks (CRB) for buildings and housing. The city was awarded an Essential designation for its building-related activities and an Enhanced designation for its housing-related initiatives.
“We were particularly impressed with the involvement of city staff and their transparency and thoroughness as we worked through the benchmarking process. Their commitment to the process will be invaluable in supporting improvements in the CRB process and help enhance the resilience of other communities,” said Evan Reis, ANCR Board Chair and Executive Director of the U.S. Resiliency Council.
The benchmarking process was led by Kris Bridges, Martinsville’s Building Official and Mark McCaskill, Martinsville’s Community Development Director. Jeremy Sigmon of Planet Sigmon served as the community’s ANCR Mentor, guiding them through the benchmarking process.
“The Martinsville City Council commends the work of our Inspections and Community Development Departments for their work with ANCR in improving the city’s resiliency and setting the standard for other communities to follow,” said Kathy Lawson, Mayor, Martinsville, Virginia. “The City of Martinsville is committed to the development of benchmarks such as the CRB as having the proper protocols in place will not only give us the needed information to maintain critical facilities and infrastructure during disaster events, but also allow us to reap the financial benefits, improve resiliency across our community and show our commitment to our community and citizens.”
Based on the feedback from Martinsville, ANCR will finalize its benchmarking process and begin work on developing additional benchmarks. The Buildings and Housing Benchmarks represent the first two benchmarks developed under the CRB. ANCR identified 19 community functions covering the social, organizational and infrastructural aspects of communities that influence their resilience and is developing benchmarks for each of them. The Water Benchmark was completed in 2020 and is currently being piloted along with the Buildings and Housing Benchmark in Oakland Park, Florida.

Telcos strengthen India's disaster preparedness

When Cyclone Tauktae struck India’s western coastal areas several months ago, it brought mass destruction of property and disrupted daily life in five Indian states.
Despite the storm’s ‘extremely severe’ designation, the damage and loss of lives were less than expected. This was thanks in large part to national disaster preparation plans, underpinned by information and communication technologies (ICTs) and timely preparation by telecom operators.
Technology plays a pivotal role at each stage of disaster management, from early warning and mitigation to response, and then to post-disaster recovery and rehabilitation.
Collaborative action on the ground
To prepare for the upcoming disaster, the Indian government had already implemented standard operating procedures (SOPs), whereby telecom operators initiated inter-operator roaming services that let mobile phone users switch easily between networks based on availability.
Priority call routing enabled rescue and relief crews to coordinate with government officials, including in the vital restoration work in Tauktae’s aftermath.
On-site diesel and battery back-up were ready to mitigate any power cuts, while coordination was stepped up with the National Disaster Management Authority, the National Disaster Relief Force, and central, state and local governments.
Challenges for operators during disasters
Telecom and ICT operators form the backbone of connectivity across the world. But ICT services can be hard to maintain – let alone expand – during earthquakes, tsunamis or a pandemic.
Natural hazards often damage towers, power generators, cables and wires. At the same time, network congestion arises as people call family and friends, frequently hampering rescue and relief operations.
Amid the COVID-19 pandemic, telecom and Internet usage have surged everywhere.
Meanwhile, with shops closed, pre-paid mobile consumers could not recharge their credit.
Still, telecom operators maintained the continuity of services and facilitated online recharges for pre-paid users.
By the time of the May 2021 cyclone, lessons from both before and during the pandemic, had made India’s telecom networks more robust and resilient, with sufficient adaptability and scalability to handle demand spikes.
How operators can prepare
Access to robust and secure ICT infrastructure is critical. Putting resilient networks and disaster management tools in place well ahead of time helps to mitigate negative impacts.
Wherever feasible, telecom operators must upgrade to 4G or 5G, as well as educate staff and raise awareness among customers on how to withstand disaster situations, including recharging subscriptions online with mobile devices.
Inter-operator roaming agreements can ensure continuous service for all customers in a disaster-affected area, even if the infrastructure of one or two operators suffers damage. Along with temporary solutions like CoW, operators can turn to satellite-based plug-and-play networks to stand in for damaged terrestrial infrastructure.

UK and allies publish advice to fix global cyber vulnerabilities

Advice on countering the most publicly known—and often dated—software vulnerabilities has been published for private and public sector organisations worldwide.
The National Cyber Security Centre (NCSC), Cybersecurity and Infrastructure Security Agency (CISA), Australian Cyber Security Centre (ACSC), and Federal Bureau of Investigation (FBI) have published a joint advisory highlighting 30 vulnerabilities routinely exploited by cyber actors in 2020 and those being exploited in 2021.
In 2021, malicious cyber actors continued to target vulnerabilities in perimeter-type devices. Today’s advisory lists the vendors, products, and CVEs, and recommends that organisations prioritise patching those listed.
NCSC Director for Operations, Paul Chichester, said:
“We are committed to working with allies to raise awareness of global cyber weaknesses – and present easily actionable solutions to mitigate them.
“The advisory published today puts the power in every organisation’s hands to fix the most common vulnerabilities, such as unpatched VPN gateway devices.
“Working with our international partners, we will continue to raise awareness of the threats posed by those that seek to cause harm."
As well as alerting organisations to the threat, this advisory directs public and private sector partners to the support and resources available to mitigate and remediate these vulnerabilities.
Guidance for organisations on how to protect themselves in cyberspace can be found on the NCSC website. Our 10 Steps to Cyber Security collection provides a summary of advice for security and technical professionals.
On the mitigation of vulnerabilities, network defenders are encouraged to familiarise themselves with guidance on establishing an effective vulnerability management process. Elsewhere, the NCSC’s Early Warning Service also provides vulnerability and open port alerts.
CISA Executive Assistant Director for Cybersecurity, Eric Goldstein, said:
“Organisations that apply the best practices of cyber security, such as patching, can reduce their risk to cyber actors exploiting known vulnerabilities in their networks.
“Collaboration is a crucial part of CISA’s work and today we partnered with ACSC, NCSC and FBI to highlight cyber vulnerabilities that public and private organisations should prioritise for patching to minimise risk of being exploited by malicious actors.”
FBI Cyber Assistant Director, Bryan Vorndran, said:
“The FBI remains committed to sharing information with public and private organisations in an effort to prevent malicious cyber actors from exploiting vulnerabilities.
“We firmly believe that coordination and collaboration with our federal and private sector partners will ensure a safer cyber environment to decrease the opportunity for these actors to succeed.”
Head of the ACSC, Abigail Bradshaw CSC, said:
“This guidance will be valuable for enabling network defenders and organisations to lift collective defences against cyber threats.
“This advisory complements our advice available through cyber.gov.au and underscores the determination of the ACSC and our partner agencies to collaboratively combat malicious cyber activity.”

NSA, CISA release Kubernetes Hardening Guidance

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Technical Report, “Kubernetes Hardening Guidance,”. This report details threats to Kubernetes environments and provides configuration guidance to minimize risk.
Kubernetes is an open source system that automates the deployment, scaling, and management of applications run in containers. Kubernetes clusters are often hosted in a cloud environment, and provide increased flexibility from traditional software platforms.
Kubernetes is commonly targeted for three reasons: data theft, computational power theft, or denial of service. Data theft is traditionally the primary motivation; however, cyber actors may attempt to use Kubernetes to harness a network’s underlying infrastructure for computational power for purposes such as cryptocurrency mining.
The report details recommendations to harden Kubernetes systems. Primary actions include the scanning of containers and Pods for vulnerabilities or misconfigurations, running containers and Pods with the least privileges possible, and using network separation, firewalls, strong authentication, and log auditing.
To ensure the security of applications, system administrators should follow the guidance in the Cybersecurity Technical Report and keep up to date with patches, updates, and upgrades to minimize risk. NSA and CISA also recommend periodic reviews of Kubernetes settings and vulnerability scans to ensure appropriate risks are accounted for and security patches are applied.
NSA and CISA’s guidance focuses on security challenges and recommends system administrators harden their environments where possible. NSA is releasing this guidance as part of our mission to support the Department of Defense, the Defense Industrial Base, and National Security Systems.
1 27 28 29 30 31 53