November is CIPR Month in US

Cyber Security CII sector, Health & Social Care, Industry News, Power/Energy/Oil & Gas sector, Telecomms sector, Transport sector, University/Research/Academia sector, Water sector
Under leadership from the U.S. Department of Homeland Security's National Protection & Programs Directorate (NPPD) and partnership with InfraGardNCR, November is designated as National Critical Infrastructure Security and Resilience Month.
NCISRM builds awareness and appreciation of the importance of critical infrastructure and reaffirms the nationwide commitment to keep our critical infrastructure and our communities safe and secure. Securing the nation's infrastructure, which includes both the physical facilities that supply our communities with goods and services, like water, transportation, and fuel, and the communication and cyber technology that connects people and supports the critical infrastructure systems we rely on daily, is a national priority that requires planning and coordination across the whole community.​
In November, NCISRM efforts will focus on bringing stakeholders together to foster trusted relationships, providing timely and relevant resources to mitigate vulnerabilities, and raise awareness around the role of our supply chain in protecting critical infrastructure.
Leave a comment

Brian Harrell Welcomed as Strategic Advisor to the International Association of Critical Infrastructure Protection Professionals

Association News

The International Association of Critical Infrastructure Protection Professionals (IACIPP) is delighted to announce the appointment of Brian Harrell as Strategic Advisor to the Board.

In 2018 Brian was appointed by the President of the United States to serve as the sixth Assistant Secretary for Infrastructure Protection, at the Department of Homeland Security. He also served as the first Assistant Director for Infrastructure Security at the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

Brian currently serves as the Vice President and Chief Security Officer (CSO) at AVANGRID, an energy company with assets and operations in 24 states. He is responsible for the companies physical and cybersecurity, security compliance, enterprise risk governance, and fire protection units.

His breadth of experience spanning both the private sector and his involvement at the highest levels of governmental/policy positions will no doubt add great value to our Association.

Brian is nationally recognized for his efforts on critical infrastructure protection, continuity of operations, and enterprise risk management. Advising corporations throughout North America, Brian has worked to increase physical and cybersecurity mitigation measures designed to deter, detect, and defend critical systems.

Brian is also a Senior Fellow at Auburn University, McCrary Institute For Cyber and Critical Infrastructure Security where he serves as an advisor on infrastructure protection and cybersecurity policy initiatives.

Brian has spent time during his career in the US Marine Corps and various private sector agencies with the goal of protecting the United States from security threats.

John Donlon QPM, Chairman of the IACIPP said, “I am delighted that Brian has accepted the position as Strategic Advisor with us. He has a wealth of experience both as a security practitioner and in an oversight capacity, so will be a tremendous asset to the and the global CNI community. “

“The IACIPP continues to welcome new members who share the desire to engage with likeminded individuals seeking to enhance the protection and resilience of infrastructure across the globe.” Concluded Mr Donlon.

Membership is open to government agencies and operators, so if you would like to become a part of our organisation, you can register at: http://www.cipre-expo.com/iacipp-registration

Leave a comment

Critical Infrastructure Protection and Resilience Europe Call for Papers - Deadline 30th November 2020

Industry News
The Conference Advisory Committee is currently inviting abstracts for consideration for the 2021 conference programme.
Critical Infrastructure Protection and Resilience Europe 2021 will take place in Bucharest, Romania on 11th-13th May 2021, supported by The National Institute for Research & Development in Informatics (ICI Bucharest), under the coordination of the Ministry of Communications and Information Society and brings together leading stakeholders from industry, operators, agencies and governments to debate and collaborate on securing Europe’s critical infrastructure.
The unique two-track conference programme delivered a leading line up of international experts to discuss securing Europe’s critical infrastructure and major venues, from both physical and cyber perspectives.
Critical Infrastructure Protection
With much focus on convergence, the CIP track of the programme delivers discussions to review the potential threats to critical infrastructure, smart construction and building in security resilience, and a focus on ‘Transport, Energy & Telecomms Infrastructure’, three key elements of a countries economic activity.
Critical Information Infrastructure Protection / Cyber Security
With the ever increasing threat from cyber attacks on critical infrastructure, the information and data stored and used by CNI systems and operators can be more crucial than the system itself. CIIP is becoming ever more important as part of the cyber security strategy of an organisation or CNI operator.
With a unique conference programme set-up, providing enhanced opportunities for discussions between the physical infrastructure and cyber security, who need to work together to mitigate threats and attacks in our combined plenary sessions, as well as focussed discussions within each discipline in the individual CIP and CIIP tracks.
The Conference Advisory Committee is now accepting abstracts for consideration for inclusion in the 2021 conference programme. If you are interested in presenting at Critical Infrastructure Protection & Resilience Europe and have an interesting paper within the topic guidelines below, you are invited to submit your abstract for consideration by the conference committee by submitting an abstract of approx 250 words.
For fuerther details visit www.cipre-expo.com/
Leave a comment

NCSC CNI Hub goes live

Agency News, Cyber Security CII sector, Industry News
Deborah Petterson, Deputy Director of the National Cyber Security Centre in the UK, has introduced a dedicated resource for UK Critical National Infrastructure.
Sometimes, Critical National Infrastructure (CNI) is taken for granted. The feeling seems to be that essential services, like telecoms, water, or energy 'just happen'. That's fine, but this isn't the way it works. It takes a huge effort to keep the water, electricity and information flowing.
The current pandemic has brought national infrastructure into focus.
The industry has been discussing supply chains, transport infrastructure, critical dependencies, and the unwanted attention from our adversaries, on the industries supporting our response to the COVID-19 pandemic.
The NCSC's new CNI Hub, will help support service providers in raising their resilience and defending against cyber attacks.
The new CNI Hub will provide several new features which will be of direct and immediate benefit to those involved with UK CNI:
- highlighted advice and guidance that is particularly relevant to the CNI
- events that will be of interest to CNI
- a new home for the NCSC’s Cyber Assessment Framework, which is a key tool for many UK CNI cyber security regulators
- a new way to view the NCSC’s assured products and services to support regulatory approaches
Leave a comment

North Korean Malicious Cyber Activity

Agency News, Cyber Security CII sector, Industry News
The Cybersecurity and Infrastructure Security Agency (CISA),  the Federal Bureau of Investigation (FBI), and the U.S. Cyber Command Cyber National Mission Force (CNMF) identified tactics, techniques, and procedures (TTPs) used by North Korean advanced persistent threat (APT) group Kimsuky to gain intelligence on various topics of interest to the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.
Kimsuky is engaged in ongoing cyber operations against worldwide targets to gain intelligence for North Korea, specifically on foreign policy and national security issues related to the Korean peninsula, nuclear policy, and sanctions. CISA, FBI, and CNMF recommend individuals and organizations within commercial sector businesses increase their defenses and adopt a heightened state of awareness.
The information contained in the alerts and MARs listed below is the result of analytic efforts between the U.S. Department of Homeland Security, the U.S. Department of Defense, and the Federal Bureau of Investigation to provide technical details on the tools and infrastructure used by cyber actors of the North Korean government. Each MAR includes malware descriptions, suggested response actions, and recommended mitigation techniques.
Users or administrators should flag activity associated with the malware and report the activity to the Cybersecurity and Infrastructure Security Agency (CISA) or the FBI Cyber Watch (CyWatch), and give the activity the highest priority for enhanced mitigation. The U.S. Government refers to the malicious cyber activity by the North Korean government as HIDDEN COBRA.
Leave a comment

Hurricane Zeta makes landfall on Louisiana Coast

Industry News, Power/Energy/Oil & Gas sector, Telecomms sector, Transport sector, Water sector
Hurricane Zeta made landfall in southeastern Louisiana as a Category 2 storm, tearing into coastal communities with heavy rain and wind, and leaving hundreds of thousands without power, and threatening other critical infrastructure systems.
Almost 350,000 homes and businesses in Louisiana are already without power, with some coastal roads under water.
The number of people being left in the dark due to Zeta's strong winds continues to climb. More than 1.3 million customers are without power across Louisiana, Mississippi, Alabama and Georgia, according to PowerOutage.us. These numbers are likely to continue to climb as Zeta charges northeastward at a staggering 39 mph.
The most dangerous storm surge is expected to the east of New Orleans, with 6 to 9 feet (1.8 to 2.7 meters) of surge likely between the Pearl River on the Louisiana-Mississippi border and Dauphin Island, Alabama. The storm surge around New Orleans itself is forecast only 1 to 2 feet lower, and is still very dangerous. At least 1 to 3 feet (30 to 90 centimeters) of surge is likely across a region stretching from the central Louisiana coast to Yankeetown, Florida.
Zeta is expected to move fast across the U.S., bringing damaging wind, dumping rain and triggering floods across Mississippi, Alabama, northern Georgia, the Carolinas and southeastern Virginia. Powerful wind is likely across the southern Appalachians, the NHC wrote.
It's not yet November and Zeta is already the 27th Atlantic tropical cyclone of 2020, nearing the record of 28 set in 2005.
Leave a comment

NSA Secures 5G Through Partnerships

Agency News, Industry News, Telecomms sector
NSA’s Cybersecurity mission includes working to secure future technologies. As imminently emerging technology, 5G will change the way both military and National Security Systems operate, and NSA is partnering across industry and government, along with standards bodies, to support the construction of a secure network.
5G, or fifth generation network, promises to be a major upgrade from previous generations. New 5G technologies will support many new and exciting use cases. The increase in speed will enable a new generation of innovation and business to flourish.
NSA has partnered with fellow government agencies to support the security of 5G. The Enduring Security Framework (ESF) team has been working with partners at the Department of Homeland Security, the Office of the Director of National Intelligence, the National Security Council, and more. They are partnering with industry to deep dive into threats, standards, cloud, and analytics. Each of these areas will have a dedicated public-private partnership effort to examine the risks associated with their subject matter and pursue technical solutions. The cumulative goal is to jointly improve the ability of the 5G infrastructure to identify and build threat models, detect threats in networks, recover from attacks, and securely leverage the benefits of virtualization.
To secure the full scope of 5G use cases, it is critical that strong cybersecurity practices are incorporated. The recently launched Center for Cybersecurity Standards (CCSS) looks at 5G from a viewpoint of securing NSS and contributing to working groups within standards bodies to secure 5G mobile infrastructure. Through engagements with 3GPP, ATIS, IETF and IEEE, CCSS is raising the bar for security in the 5G ecosystem and making sure secure options exist for use on NSS. As subject matter experts, NSA leverages our legacy in secure cryptography and network security to ensure 5G standards will protect NSS data by working with the carriers to ensure that they are requiring optional security settings.
The impact of 5G technologies will be felt well beyond NSS to include numerous IoT devices transforming our personal and professional lives. These devices are smarter and will use 5G to provide new edge computing capabilities, greatly impacting many parts of our society, including manufacturing (through its impact on robotics and Smart Warehouses), transportation (such as smart cars and the smart infrastructure they rely on), and healthcare (through impacts on tele-health and even remote surgery).
The full evolution to 5G will take time – time to develop the supporting standards, produce the technology, and upgrade the infrastructure across the U.S. and around the world to support the full extent of this technology. Since customers will be using 5G, strengthening U.S. infrastructure is vital to maintaining a military and economic edge.
Leave a comment

Report on Recovery Plan for the Communications and Information Technology Sector After Hurricanes Irma and Maria

Industry News
After the devastating 2017 hurricane season, the U.S. Homeland Security Operational Analysis Center supported the congressionally mandated economic and disaster recovery plan, Transformation and Innovation in the Wake of Devastation: An Economic and Disaster Recovery Plan for Puerto Rico. This report contributes to the overall plan with a focus on the communications and information technology (IT) sector.
Laying the Foundation for the Digital Transformation of Puerto Rico
Researchers provide an introduction to the sector (brief history, key assets, prestorm conditions and challenges, and governance); assess damage and needs of the sector; and present 33 courses of action (COAs) for the recovery, rebuilding, and enhancement of the sector with an emphasis on developing and sustaining a resilient, state-of-the-art communications network and furthering the vision for the digital transformation of Puerto Rico.
Developed in consultation with a wide variety of stakeholders, including governmental entities, commercial providers, citizens, and municipalities, the COAs address many different (and sometimes competing) needs and also support and benefit COAs in other critical sectors, such as health and social services. The relationships among the communications and IT COAs are outlined. The estimated cost for these COAs is $3.2 billion. Potential sources of funding are also included in the report.
Key Findings
Puerto Rico must develop and implement a state-of-the art, survivable, resilient communications infrastructure
This infrastructure is essential for continuity of essential government functions and the provision of public safety services and must be well maintained and fully resourced.
It must provide commercial telecommunication services, including voice and data services, to residents and the private sector and support affordable access to broadband internet service and emerging technologies throughout Puerto Rico.
It is crucial for furthering the economic and social vitality of Puerto Rico and should thus host applications and web services that foster government and private-sector innovation, increase economic opportunity, and improve the quality of life for the residents of Puerto Rico.
Recommendation
This report details 33 specific COAs addressing the needs for recovery of the Communications/IT sector in ways that are sustainable and resilient; describes how they build on and support one another; and explains how COAs will further the economic development of Puerto Rico and the wellbeing of its residents.
Download full report at https://www.rand.org/pubs/research_reports/RR2599.html
Leave a comment

OSCE and UN partners train practitioners from Central Asia on effective investigations of cybercrimes and terrorist use of Internet

Agency News, Cyber Security CII sector, Industry News
A three-day online training course for over 70 practitioners from the five Central Asian states on the effective investigation of crimes committed in cyberspace and with the use of digital technologies recently concluded. The event was organized by the OSCE Secretariat’s Transnational Threats Department jointly with the UN Office of Counter-Terrorism - UN Centre for Counter-Terrorism (UNCCT- UNOCT), and the UN Regional Centre for Preventive Diplomacy in Central Asia (UNRCCA) with the support of the OSCE field operations in Central Asia.
The practitioners from Kazakhstan, Kyrgyzstan, Tajikistan, Turkmenistan and Uzbekistan work in investigating crimes committed in cyberspace and with the use of digital technologies, as well as requesting, processing and handling digital evidence, in their respective countries.
“Terrorist and violent extremist actors have learned how to harness new technologies to great effect and we have witnessed the expansion of their activities in cyberspace,” said Oguljeren Niyazberdiyeva, Chief of the Office of the Under-Secretary-General for Counter-Terrorism. “The ongoing COVID-19 environment has exacerbated vulnerabilities and conditions conducive to terrorism as the whole world increasingly lives their lives in the virtual space generating ever increasing opportunities for terrorism-related cyber-crimes.”
Ambassador Alena Kupchyna, OSCE Co-ordinator to address Transnational Threats, said: “Issues related to improving the effectiveness of the investigation of cybercrimes and cyber-enabled terrorist offences are of increasing relevance in many countries. This emphasizes the need to develop the capacity of national criminal justice systems to investigate these types of crimes while ensuring respect for the rule of law and respect for human rights and fundamental freedoms.”
Philipp Saprykin, Deputy Head of UNRCCA said: “Together with our partners, UNRCCA continues to provide capacity-building assistance to Central Asian countries in priority areas identified through our regular consultations with Member States.”
The training was conducted by representatives and experts of the OSCE, the UNCCT-UNOCT, UNRCCA, the Counter-Terrorism Committee Executive Directorate (CTED) and the UN Office on Drugs and Crime. They familiarized participants with best international practices and case studies in cybercrime investigations, as well as countering the use of the Internet for terrorist purposes, based on respect for human rights and fundamental freedoms.
Leave a comment

ENISA Threat Landscape 2020 highlights top cyber threats for January 2019-April 2020

Agency News, Cyber Security CII sector, Industry News
The European Union Agency for Cybersecurity (ENISA), with the support of the European Commission, EU Member States and the CTI Stakeholders Group, has published the 8th annual ENISA Threat Landscape (ETL) report, identifying and evaluating the top cyber threats for the period January 2019-April 2020.
This publication is divided into 22 different reports, available in pdf form and ebook form. The combined report lists the major change from the 2018 threat landscape as the COVID-19-led transformation of the digital environment. During the pandemic, cyber criminals have been seen advancing their capabilities, adapting quickly and targeting relevant victim groups more effectively Infographic - Threat Landscape Mapping during COVID-19.
The ETL report is part strategic and part technical, with information relevant to both technical and non-technical readers. The following table describes the type of audience and content for each ETL report. You can navigate through the entire collection by using the links available in each report in the section "Related". For a better understanding on how the ETL is structured, we recommend the initial reading of "The Year in Review" report. Previous, ENISA Threat Landscape reports are available on the webpage - ETL though the years and Tematic Landscapes.
The full report is available at ENISA >>
Leave a comment
1 42 43 44 45 46 54