UNOCT launches five new thematic guides on Protecting Vulnerable Targets Against Terrorist Attacks

The United Nations Office of Counter-Terrorism (UNOCT) hosted a high-level virtual event to launch five new specialized guides (modules) dedicated to the protection of particularly vulnerable targets against terrorist attacks, on 6 September 2022. “Vulnerable targets” refers to public places (e.g. tourist venues, urban centers, religious sites) or critical infrastructure (e.g. public transportation systems, energy sector) which are easily accessible and relatively unprotected, and therefore vulnerable to terrorist attacks.

The online launch event was opened by the Under-Secretary-General of the United Nations Office of Counter-Terrorism (UNOCT), Mr. Vladimir Voronkov, along with the Permanent Representative of Qatar to the United Nations, H.E. Ambassador Alya Ahmed Saif Al-Thani; Acting Executive Director of the United Nations Counter-Terrorism Committee Executive Directorate (CTED), Mr. Weixiong Chen; Director of the United Nations Interregional Crime and Justice Institute (UNICRI) Ms. Antonia Marie De Meo; and Chief of Cabinet of the Under-Secretary-General of the United Nations Alliance of Civilizations (UNAOC), Ms. Nihal Saad.

The participants included decision-makers, practitioners and experts on vulnerable targets protection from Member States, international and regional organizations, the private sector, civil society and academia, including members of the United Nations Global Expert Network to Protect Vulnerable Targets against Terrorist Attacks.

The high-level opening was streamed live via UN WebTV. It will be followed by an expert session, during which Member States will share experiences, good practices and tools related to the themes of the five modules:

1. The protection of “soft" targets;
2. The protection of touristic sites;
3. The protection of religious sites and places of worship;
4. The protection of urban centres; and
5. Threats posed by unmanned aircraft systems (UAS) to vulnerable targets.

The 5 modules are published in Arabic, English, French and Russian and are presented by the United Nations Global Programme on Countering Terrorist Threats Against Vulnerable Targets, which is led by UNOCT and jointly implemented with CTED, UNICRI and UNAOC.

The new guides present the knowledge and resources and lessons learned identified during the three Expert Group Meetings held by UNOCT with partners CTED, UNAOC and UNICRI in 2021. They also complement the 2018 United Nations Compendium of Good Practices on the Protection of Critical Infrastructure (CIP) against Terrorist AttacksPDF by focusing on public places/"soft" targets as distinct types of sites worthy of a dedicated security approach. The guides feature specific case studies, good practices and recommended tools from around the world to support both the public and private sectors to further strengthen the safety and security of their public places, keeping them open and accessible and promoting shared responsibility.

Police Committee Initiates Process to Consider the Critical Infrastructure Protection Act Regulations

The Portfolio Committee on Police in South Africa has resolved to allow the Civilian Secretariat for Police Service (CSPS) to table part of the regulations of the Critical Infrastructure Protection Act (CIPA) 2019, which deals directly with the functions of the Critical Infrastructure Council to enable the council to start performing its functions immediately. The committee today met the Ministry of Police and representatives of the CSPS.

The committee has urged the CSPS to move with speed to table the regulations to ensure that Parliament completes the process of considering them. “We have raised a concern that the committee undertook an extensive process of interviews for the council in 2021 and to date, the Council has not been able to move and implement their mandate. This is the reason we will move with speed to consider the regulations and ensure the effectiveness of the Council,” said Ms Tina Joemat-Pettersson, the Chairperson of the committee.

Meanwhile, the committee deliberated on various issues affecting policing, including crime statistics, morale within the South African Police Service (SAPS), the increase in illegal mining, and challenges with gender-based violence. As a result, the committee agreed on the need for a two-day session, where the Minister of Police together with the National Commissioner and senior leadership of the SAPS outline strategies to remedy these concerns. The session’s intentions are to work together to find solutions to the crime challenge facing the country in order to create a safe environment that fosters socio-economic development.

Emergency telecommunications preparedness: Return on investments model

In a world increasingly characterized by uncertainty, emergency preparedness is a powerful way to improve the capacity of communities and countries to withstand disasters. Investment in emergency preparedness builds resilience, thereby limiting the loss of life and protecting infrastructure.

The Emergency Telecommunications Cluster (ETC) has developed a model to assess the benefits of investment in emergency telecommunications preparedness. This will build a pool of evidence to promote preparedness, ultimately encouraging stakeholders to build disaster-resilient telecommunications in high-risk countries across the globe.

The new Return on Investment (ROI) model aims to quantify and qualify the benefits of investments in emergency telecommunications preparedness. It can be used by all humanitarian partners engaged in emergency telecommunications preparedness. It is built on the practical emergency preparedness expertise and experiences of the ETC in different countries.

Australian Government Invites Feedback on Critical Technologies

The Australian Federal Government will begin consulting businesses, researchers and the community at large to identify critical technologies of national importance.

The List of Critical Technologies in the National Interest will clarify technologies the government considers to be vital to present and future demands.

The 2022 List of Critical Technologies in the National Interest will build on the 2021 List, which featured 63 technologies across seven categories including:

- Advanced materials and manufacturing
- AI, computing and communications
- Biotechnology, gene technology and vaccines
- Energy and environment
- Quantum; Sensing, timing and navigation
- Transportation, robotics and space

The consultation will run until Friday 30 September.

Federal Minister for Industry and Science, Ed Husic, said it is vital for Australia’s continued and future prosperity that emerging and critical technologies are promoted and protected.

“We know the development of critical technologies present enormous potential opportunities as well as risks for Australians,” Mr Husic said.

“It is vital we understand and send a clear signal about what technologies we should be focusing on and where our strengths lie – and that is exactly what this consultation is all about.”

The Federal Government has promised to invest $1 billion into critical technologies through its National Reconstruction Fund and will aim to reach 1.2 million tech industry jobs by 2030.

“This work is also part of our goal to reach 1.2 million tech jobs by 2030, as well as securing our supply chains and promoting Australia as a secure destination of excellence for investment, development and adoption of critical technologies,” Mr Husic said.

“The Government is also investing $1 billion in critical technologies as part of the National Reconstruction Fund, to build our strategic capability and power the economic growth we need to create jobs.”

Political agreement on new rules to enhance the resilience of critical entities

As a key part of the EU's work to build a Security Union, the new rules will strengthen the resilience of critical infrastructure to a range of threats, including natural hazards, terrorist attacks, insider threats, or sabotage, as well as public health emergencies like the recent COVID-19 pandemic.

Against an ever more complex risk landscape, the new Directive replaces the European Critical Infrastructure Directive of 2008. A wider sectoral scope will allow Member States and critical entities to better address interdependencies and potential cascading effects of an incident. Eleven sectors will be covered: energy, transport, banking, financial market infrastructures, health, drinking water, wastewater, digital infrastructure, public administration, space, and food.

Vice-President for Promoting our European Way of Life, Margaritis Schinas, said: “It is essential to shield our economy and our society against physical threats that could disrupt services that are vital for people's daily lives and for the functioning of our internal market. With today's agreement, we are delivering on our commitment to enhance the resilience of critical infrastructure in the EU, complementing the recently strengthened cybersecurity legislation. Together, these new rules form a coherent and robust system to protect our infrastructure online and off”.

Commissioner for Home Affairs, Ylva Johansson, said: “In the light of the current geopolitical situation in Europe, enhancing our resilience is of key importance. The CER Directive will make us better prepared against disruptions that impact the security of our citizens and the prosperity of the internal market, following the lessons learnt from the pandemic and long-term challenges like climate change. The new Directive will ensure the provision of essential services such as energy, transport, water and healthcare while minimising the impact of natural and man-made incidents”.

The proposal introduces new rules to strengthen the resilience of critical entities:

- Member States will need to adopt a national strategy and carry out regular risk assessments to identify entities that are considered critical or vital for the society and the economy.
- Critical entities will need to carry out risk assessments of their own, take technical and organisational measures to enhance their resilience and notify incidents. They will also be able to request background checks on personnel holding sensitive roles.
- Critical entities in the EU, from the sectors covered, providing essential services in six Member States or more, will benefit from extra advice on how best to meet their obligations to assess risks and take resilience-enhancing measures.
- A Critical Entities Resilience Group will facilitate cooperation among Member States and the exchange of information and good practices.
- An enforcement mechanism will help ensure that the rules are followed: Member States will need to ensure that national authorities have the powers and means to conduct on-site inspections of critical entities. Member States will also introduce penalties in case of non-compliance.
- Member States will need to provide support to critical entities in enhancing their resilience with, for instance, guidance material. The Commission will provide complementary support to Member States and critical entities, by developing a Union-level overview of cross-border and cross-sectoral risks, best practices, methodologies, cross-border training activities and exercises to test the resilience of critical entities, among others.

Next steps

The political agreement reached by the European Parliament and the Council is now subject to formal approval by the co-legislators. Once published in the Official Journal, the Directive will enter into force 20 days after publication. Member States will then need to transpose the elements of the Directive into national law within 21 months.

EC adopts Contingency Plan for Transport

The European Commission adopted a Contingency Plan for Transport to strengthen the resilience of EU transport in times of crisis. The plan draws lessons from the COVID-19 pandemic as well as taking into account the challenges the EU transport sector has been facing since the beginning of Russia's military aggression against Ukraine. Both crises have severely affected the transport of goods and people, but the resilience of this sector and the improved coordination between member states were key to the EU's response to these challenges.

Commissioner for Transport Adina Vălean said: “These challenging and difficult times remind us of the importance of our EU transport sector and the need to work on our preparedness and resilience. The COVID-19 pandemic was not the first crisis with consequences for the transport sector, and Russia's illegal invasion of Ukraine shows us that it will definitely not be the last. This is why we need to be ready. Today's Contingency Plan, notably based on lessons learnt and initiatives taken during the COVID-19 pandemic, creates a strong framework for a crisis-proof and resilient EU transport sector. I firmly believe that this plan will be a key driver for transport resilience since many of its tools have already proven essential when supporting Ukraine – including the EU-Ukraine Solidarity Lanes, which are now helping Ukraine export its grain.”

10 actions to draw lessons from recent crises

The plan proposes a toolbox of 10 actions to guide the EU and its Member States when introducing such emergency crisis-response measures. Among other actions, it highlights the importance of ensuring minimum connectivity and passenger protection, building resilience to cyberattacks, and resilience testing. It also stresses the relevance of the Green Lanes principles, which ensure that land freight can cross borders in less than 15 minutes, and reinforces the role of the Network of Contact Points in national transport authoritiesBoth have proved crucial during the COVID-19 pandemic, as well as in the current crisis caused by Russian aggression against Ukraine.

The 10 areas of action are:

1 Making EU transport laws fit for crisis situations
2 Ensuring adequate support for the transport sector
3 Ensuring free movement of goods, services and people
4 Managing refugee flows and repatriating stranded passengers and transport workers
5 Ensuring minimum connectivity and passenger protection
6 Sharing transport information
7 Strengthening transport policy coordination
8 Strengthening cybersecurity
9 Testing transport contingency
10 Cooperation with international partners

One key lesson from the pandemic is the importance of coordinating crisis response measures – to avoid, for example, situations where lorries, their drivers and essential goods are stuck at borders, as observed during the early days of the pandemic. The Contingency Plan for Transport introduces guiding principles that ensure crisis response measures are proportionate, transparent, non-discriminatory, in line with the EU Treaties, and able to ensure the Single Market continues to function as it should.

Next steps

The Commission and the Member States will use this Contingency Plan to respond to current challenges affecting the transport sector. The Commission will support Member States and steer the process of building crisis preparedness in cooperation with the EU agencies, by coordinating the Network of National Transport Contact Points and maintaining regular discussions with international partners and stakeholders. To respond to immediate challenges and ensure Ukraine can export grain, but also import the goods it needs, from humanitarian aid, to animal feed and fertilisers, the Commission will coordinate the Solidarity Lanes contact points network and the Solidarity Lanes matchmaking platform.

Investing in resilient infrastructure for a better future

Day-to-day life depends on infrastructure and its services, this includes supply-chains, electricity, water and sanitation, and information networks. But in the face of the COVID-19 pandemic and increasing extreme weather events, these systems are under increasing threat.

A single event in December 2020, Cyclone Yasa, caused around USD 1.4 billion in damage to health facilities, homes, schools and other critical infrastructure in the Pacific island nation of Fiji. Beyond the economic toll, there was immeasurable disruption to people’s lives as a result of downed systems, extending the duration of the disaster beyond the passing of the cyclone.
Vital services for people and communities

Measuring the resilience of infrastructure is a challenge: There is no common understanding of what “resilient infrastructure” means, nor agreed benchmarks against which to gauge infrastructure resilience. Infrastructure is commonly understood as comprising assets and buildings; this needs to shift to include the vital services they provide.

“Social resilience touches on the capacity for a community to adapt, a resilient community is able to respond to changes, post-stress, in a positive way,” said Esther Anyakun Davinia, Uganda’s Minister of State for Relief, Disaster Preparedness and Refugees, speaking at a 7th Global Platform for Disaster Risk Reduction session titled, ‘Building a better future: Investing in resilient infrastructure for all’.

Moving towards net resilience gain

The Principles for Resilient Infrastructure – developed by the United Nations Office for Disaster Risk Reduction (UNDRR) to support the implementation of the Sendai Framework and the Sustainable Development Goals (SDGs) – describe a set of principles, key actions, and guidelines to create national-scale net resilience gain, and improve the continuity of critical services.

“We need a framework – such as we have for net zero," said panellist Rob Wesseling, CEO of The Co-operators Group, a Canadian insurance company. “There were no net-zero alliances not too long ago. There is already an excess of $130 trillion committed to various aspects of net zero which can be used to improve resiliency.”

Investing in sound infrastructure, Wesseling argued, would pay out in resilience dividends.

The net resilience gain approach requires that infrastructure investments enhance resilience and not create any additional risks.

The six interconnected Principles are designed to guide infrastructure stakeholders and leaders in building infrastructure resilience, calling for a process that is continuously learning, proactively protected, environmentally integrated, socially engaged, adaptively transforming, and based on shared responsibility.

The implementation process itself will give users a better understanding of their existing infrastructure systems: their performance, exposure, regulatory environment, challenges and barriers, as well as offering entry points for better risk-informed decision making and investments.

“Short cuts lead to greater costs, so maintenance needs to be integrated,” said Dena Assaf, United Nations Resident Coordinator for the United Arab Emirates. “How the infrastructure systems are maintained and integrated must be informed by the Principles for Resilient Infrastructure.”
A stress test to measure policy impacts on infrastructure resilience
“Infrastructure stress testing helps governments and stakeholders to base policy decisions and investments on factual and up-to-date information on the status of the resilience of infrastructure systems."
- Beata Janowczyk

Regulations that govern critical infrastructure also need strengthening. Governments must revisit their mechanisms and practices to evaluate whether they can cope with increasing requirements brought about by climate change, shifting demographic and development patterns, and other stresses.

Understanding the risk landscape – and its potential impacts on public finances – provides a good basis for realistic assessments of the costs and benefits of financing and policy options.

UNDRR’s recently developed Resilient Infrastructure Stress Test helps policymakers to see how policy changes could impact critical infrastructure, exposing major gaps to be prioritized. The stress test measures infrastructure performance against various stressors, and offers an assessment to provide specific policy recommendations.

“Infrastructure stress testing helps governments and stakeholders to base policy decisions and investments on factual and up-to-date information on the status of the resilience of infrastructure systems,” said Beata Janowczyk, head of the Risk Assessment and Emergency Planning Unit in Poland’s Centre for Security.

With significant recovery funding investments being made in new infrastructure, risk reduction and resilience must be central considerations shaping how and where these resources are spent.

Breaking silos to build resilience – Multi-hazard, multi-sectoral approaches to managing disaster risks

Disasters unfold across national boundaries, involving a range of interrelated hazards and complex dynamics. To tackle disaster risks and build resilience in the face of increasing climate-related disasters, it will require a united effort to move beyond working in silos.

“Member states, the UN system, governments – whether national, local or community-level governments – will need to learn more and more how to work in an interdisciplinary manner,” said David Smith, coordinator of the Institute for Sustainable Development at the University of the West Indies, and moderator of the session Breaking the Silos – Towards multi-hazard, multi-sectoral approaches to managing risks at the 7th Global Platform for Disaster Risk Reduction.

“One ASEAN, one response”

Southeast Asia and the Pacific region are especially affected by natural hazards, and in recent years has been the site of numerous disasters – cyclones, floods, tsunami and seismic events, compounded by the COVID-19 pandemic. Susana Juangco, Director of the Philippines Office of Civil Defense, explained how ASEAN, the Association of Southeast Asian Nations, has taken steps towards better coordination in its disaster risk reduction (DRR) strategies.

“The disaster risk landscape is becoming more complex and challenging,” she said. “There is a need to strengthen and broaden cooperation, not only within the ASEAN region but also externally, including with non-traditional partners.”

One example is the ASEAN Joint Taskforce on Humanitarian Assistance, which draws in expertise from many sectors – political, defence, health, social welfare and development.

“Disaster management should be everyone’s business,” she said, “Instead of working in silos, inter-operativeness and coordination should be the essence of all our DRR initiatives.”
Understanding risk from community viewpoints

Bijay Kumar, Executive Director of the Global Network of Civil Society Organisations for Disaster Reduction (GNDR) described how an inclusive, community-based approach can strengthen DRR and resilience building by drawing on local perspectives.

“As a global network… we are trying to see how risks are understood from the perspective of the people experiencing them.”

A GNDR programme has examined how communities have been included in various governance systems, and how this inclusion has changed over a ten-year period, drawing on the experiences of representative samples of communities across 48 countries worldwide.

In Indonesia, for example, the study found that a consultative process helped to activate a penta-helix approach involving local governments, civil society, academia and the media in developing plans which were then taken up at a national level.

“It is possible to bring a comprehensive analysis to inform a sustainable way of building resilience,” he noted.

Finding the right tools for the job

Scientists have a range of tools at their disposal for assessing disaster risk. There are well-established methods for assessing primary impacts from external shocks, but in many of the places that experience disasters, data is often in short supply. However, when it comes to assessing systemic risks and the complex dynamics that cause wider impacts, there are fewer options.

Olaf Neußner, an independent expert for the German Committee for Disaster Reduction (DKKV) believes that recent global events – the pandemic and the war in Ukraine – could help to break down silos between different avenues of research, and create new opportunities for risk analysis.

“There is a lot of information available, and researchers can look into this and see what the cascading effects actually are,” he said.

In order to process the enormous volume of data, risk assessments could draw on machine learning and artificial intelligence to better understand causal relationships and connections between hazards and impacts.

Economic models could also be useful in understanding the socio-economic impacts of disasters – this requires that the two silos of economic and DRR analysis are bridged.
“Breaking silos takes time and energy, but it is worth it.”

Peter Binder, Director-General of MeteoSwiss and the Swiss Permanent Representative to the World Meteorological Organisation (WMO), offered examples of how DRR initiatives in Switzerland have deliberately set up structures to break down silos.

This entailed establishing the Steering Committee on Intervention in Natural Hazards, which brings together government and academic institutes dealing with weather, fire, civil protection, seismic events, avalanches and topography. The Committee operates on three hierarchical levels, each involving all of the parties.

A similar collaborative approach is applied by the National Centre for Climate Services, bringing together seven federal offices with academic institutions.

“Breaking silos takes time and energy, but it is worth it,” he said.

An earth system approach

At an international level, Binder noted that the WMO – with responsibility for weather, water and climate – provides another example of breaking silos.

“The three disciplines are intimately linked in nature and, therefore, should also be in our scientific and operational treatment,” he said. “This is the earth system approach, indispensable for managing multi-hazard risk.”

Switzerland is promoting an initiative to take this further, to bolster global preparedness for natural hazards.

Under the WMO Coordination Mechanism, “all available authoritative information on meteorological and hydrological threats from WMO members should be directed into the information channels of the pertinent UN and humanitarian aid organisations. This constitutes a multi-organizational and multinational effort to mitigate risk related to meteorological, hydrological and climate hazards,” he said.

[Source: UNDRR]

Tackling Security Challenges in 5G Networks

The EU Agency for Cybersecurity (ENISA) proposes good practices for the secure deployment of Network Function Virtualisation (NFV) in 5G networks.

Network Function Virtualisation is a new technology in 5G networks, which offers benefits for telecom operators in terms of flexibility, scalability, costs, and network management. However, this technology also introduces new security challenges.

The report released today supports national authorities with the implementation of the 5G toolbox, and in particular the recommendation for EU Member States to ensure that Mobile Network Operators follow security good practices for NFV. It explores the relevant challenges, vulnerabilities and attacks pertaining to NFV within the 5G network. It analyses the relevant security controls and recommends best practices to address these challenges and solutions, taking into account the particularities of this highly complex, heterogeneous and volatile environment.

How does it work?

Traditionally, mobile network functions have been implemented using dedicated hardware and networking equipment, built especially for telecom operators and their networks. Network Function Virtualisation is a new technology used in 5G networks to implement networking functions using software, therefore running virtually on top of standard server hardware or standard cloud platforms.

Applying network function virtualisation will therefore reduce the number of operations and maintenance costs.

60 security challenges were identified in the report and classified under 7 categories:

- Virtualisation or containerisation;
- Orchestration and management;
- Administration and access control;
- New and legacy technologies;
- Adoption of open source or COTS;
- Supply chain;
- Lawful interception (LI).

How do we address the security challenges

The report explores vulnerabilities, attack scenarios and their impact on the 5G NFV assets. The work includes a total of 55 best practices classified under Technical, Policy and Organisational categories.

Some of the key findings the report include:

- Resource virtualisation:
The virtualisation layer provides unified computing resources based on generalised hardware to the layers above and is the basis of all cloud-native and virtualised network functions and service software. If the virtualisation layer is breached, all network functions come under direct attack with disastrous consequences.

- Resource sharing:
A single physical server may run several different tenants' virtual resources (e.g. virtual machines (VMs) or containers), and a single tenant's virtual resource might be distributed across several physical servers. Multi-tenancy resource sharing and the breaking of physical boundaries introduce the risks of data leaks, data residue and attacks.

- Use of open source:
There will be increasing use of open-source software. This introduces a new set of security challenges in terms of keeping a consistent and coherent approach to security-by-design and prevention of deliberate security flaws.

- Multi-vendor environment:
In such environment, it remains difficult to coordinate security policies and determine responsibility for security problems and more effective network security monitoring capabilities are required.

NFV is an important technology in 5G and its security is critical for the overall security of the 5G networks, especially because 5G networks are underpinning critical infrastructures.

Fourth radio interface technology added to 5G standards

Members of the International Telecommunication Union (ITU) today approved a fourth technology as part of ongoing standards development for 5G mobile services.

Known as “DECT 5G-SRIT", the new technology supports a range of uses, from wireless telephony and audio streaming to industrial Internet of Things (IoT) applications, particularly in smart cities.

It was added in the first revision to ITU's key recommendation IMT-2020, which broadly encompasses fifth-generation, or 5G, networks, services, and devices.

This ITU Radiocommunication Sector (ITU-R) Recommendation – providing a set of global technical 5G standards – reflects continual consultation and discussion among governments, companies, regulators, and other stakeholders dealing with radiocommunication worldwide.

Along with fostering connectivity across borders, ITU promotes the global rollout of 5G as a key driver to achieve the UN's 17 Sustainable Development Goals.​

“New and emerging technologies like 5G will be essential to build an inclusive, sustainable future for all people, communities and countries," said ITU's Secretary-General, Houlin Zhao. “Under the ongoing International Mobile Telecommunications or IMT programme, our diverse global membership continues its long-standing contribution to advance broadband mobile communications, furthering our mission to leave no one behind in connecting the world."

A new radio interface technology

ITU – the United Nations agency entrusted with coordinating radio-frequency spectrum worldwide - published the specifications for the new technology as Recommendation ITU-R M.2150-1.

The technology is designed to provide a slim but strong technical foundation for wireless applications deployed in a range of use cases, from cordless telephony to audio streaming, and from professional audio applications to the industrial Internet of Things (IoT) applications, such as building automation and monitoring.

The European Telecommunications Standards Institute (ETSI) laid the essential groundwork jointly with the DECT Forum, a worldwide association of the digital enhanced cordless telecommunications (DECT) or wireless technology industry.

1 2 3 6