Tag: criticalinfrastructureprotection

NSA, CISA, and FBI detail Chinese State-Sponsored Actions, Mitigations

Agency News, Cyber Security CII sector, Industry News
The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) released a Cybersecurity Advisory, Chinese State-Sponsored Cyber Operations: Observed TTPs. This advisory describes over 50 tactics, techniques, and procedures (TTPs) Chinese state-sponsored cyber actors used when targeting U.S. and allied networks, and details mitigations.
Chinese state-sponsored cyber activity poses a major threat to U.S. and allied systems. These actors aggressively target political, economic, military, educational, and critical infrastructure personnel and organizations to access valuable, sensitive data. These cyber operations support China’s long-term economic and military objectives.
One significant tactic detailed in the advisory includes the exploitation of public vulnerabilities within days of their public disclosure, often in major applications, such as Pulse Secure, Apache, F5 Big-IP, and Microsoft products. This advisory provides specific mitigations for detailed tactics and techniques aligned to the recently released, NSA-funded MITRE D3FEND framework.
General mitigations outlined include: prompt patching; enhanced monitoring of network traffic, email, and endpoint systems; and the use of protection capabilities, such as an antivirus and strong authentication, to stop malicious activity.
Leave a comment , , , , ,

New ITU standards project to define a sustainability passport for digital products

Agency News, Cyber Security CII sector, Industry News
A new ITU standard is under development to describe the information that a sustainability passport for digital products should contain to support consumers, industry and government in applying the principles of circular economy.
The project is underway in ITU’s standardization expert group for ‘environment and circular economy’, ITU-T Study Group 5.
Circular economy can be described as extending a product’s lifespan over multiple lifecycles or increasing the value delivered by a product over its lifespan. Supporting the shift towards circular economy is a key priority for ITU-T Study Group 5, with e-waste now the world’s fastest-growing waste stream.
Experts see considerable potential for a sustainability passport to provide an instrument to help manage e-waste in a sustainable way, on a global scale – e-waste often crosses borders, and often to developing countries ill-equipped to manage a growing e-waste burden.
Our national passports describe our attributes at birth but also record where we have travelled. Should a sustainability passport for digital products be the same?
“Digital products have one set of attributes at manufacture, but these attributes can change over time as products are upgraded, recycled or resold,” highlights the standard’s Editor and Co-Rapporteur for the responsible working group (Q7/5), Leandro Navarro of Spain’s Colegio Oficial Ingenieros de Telecomunicación.
The new standard aims to define the requirements and semantics necessary to represent information relevant to circular product lifecycles. Its development will consider the inclusion of information available at the time of manufacture as well as dynamic information representing changes to product attributes over product lifecycles.
“We need verifiable data to support us in assessing the extent to which we are achieving principles of circular economy and our ambition to achieve net zero emissions,” explains Leandro. “There is currently no international agreement on the product information required to facilitate and achieve circularity in the digital technology industry.”
Clarifying the necessary information could help to put theory into practice, highlights Leandro, making an example of ITU L.1023, an international standard outlining an assessment method for circular scoring.
“Verifiable, machine-readable information could enable automatic comparisons of product attributes relevant to circularity,” says Leandro. "And with the required degree of interoperability, all stakeholders and systems could make use of this information."
Leave a comment , ,

Agencies Should Strengthen Collaborative Mechanisms and Processes to Address Potential Interference

Agency News, Industry News, Telecomms sector
In the U.S., the FCC and the National Telecommunications and Information Administration regulate radio-frequency spectrum use to ensure enough is available for 5G networks, satellites, etc. when there could be interference, FCC and NTIA coordinate with other federal agencies via interagency agreements and groups.
To address potential interference among proposed uses of spectrum, these agencies employ various coordination mechanisms. For domestic matters, the agencies coordinate through an NTIA-led committee that provides input to FCC’s spectrum proceedings. For U.S. participation in the International Telecommunication Union’s (ITU) World Radiocommunication Conferences (WRC), agencies coordinate via a preparatory committee that provides input used to develop U.S. positions that the Department of State submits to a regional body or directly to the WRC.
These mechanisms reflect some key collaboration practices but do not fully reflect others. For example, while the documents that guide coordination between FCC and NTIA and the preparatory committee emphasize reaching consensus whenever possible, there are no clearly defined and agreed-upon processes for resolving matters when agencies cannot do so. Additionally, neither document has been updated in almost 20 years, though agency officials said conditions regarding spectrum management activities have changed in that time. GAO’s review of U.S. participation in ITU’s 2019 WRC shows that these issues affected collaboration. For example, disputes among the agencies and the inability to reach agreement on U.S. technical contributions challenged the U.S.’s ability to present an agreed-upon basis for decisions or a unified position.
NOAA and NASA conduct and FCC and NTIA review technical interference studies on a case-by-case basis. When originating from ITU activities, the agencies conduct or review technical interference studies through participation in international technical meetings and the preparatory committee process. However, the lack of consensus on study design and, within the U.S. process, specific procedures to guide the design of these types of studies, hampered U.S. efforts to prepare for the 2019 WRC. For example, the U.S. did not submit its studies on certain key issues to the final technical meeting, resulting in some stakeholders questioning whether the corresponding U.S. positions were technically rooted. Agreed-upon procedures could help guide U.S. efforts to design these studies and consider tradeoffs between what is desirable versus practical, to mitigate the possibility of protracted disagreements in the future.
Leave a comment , , , , , ,

Summer of extremes: floods, heat and fire

Industry News, Water sector
Heavy rainfall has triggered devastating flooding causing dozens of casualties in Western Europe. Parts of Scandinavia are enduring a lasting heatwave, and smoke plumes from Siberia have affected air quality across the international dateline in Alaska. The unprecedented heat in Western North America has also triggered devastating wildfires.
"Whilst rapid attribution studies have shown the clear link between human-induced climate change for the unprecedented heatwave episodes recorded in the Western United States and Canada, weather patterns over the whole northern Hemisphere have shown an unusual planetary wavy patterns in this summer. This has brought unprecedented heat, droughts, cold and wet conditions in various places. The connection of this large-scale disturbance of summer season with the warming of Arctic and the heat accumulation in the ocean needs to be investigated," said Dr Omar Baddour, head of WMO Climate Monitoring and Policy Division.
European Floods
Some parts of Western Europe received up to 2 months worth of rainfall in 2 days on soils that were already near saturation. The top 1 meter of soil was completely saturated or well above field capacity after the intense rain in the most affected regions of Belgium, Netherlands, Luxembourg and Germany.
In terms of the human toll, Germany and Belgium were the worst hit countries by the floods in Europe. Authorities reported at least one hundred people were killed, with many more missing as people were trapped or swept away by waters. Images of collapsed houses and landlides showed the force of the waters.
Heatwaves
While Central Europe suffered deadly floods, Northern Europe has been gripped by an extended heatwave
Finland had its warmest June on record, according to FMI. And the heat has extended into July. Kouvola Anjala, which is in southern Finland, has seen 27 consecutive days with temperatures above 25°C. This is the longest heatwave in Finland since at least 1961.
Western USA and Canada has also been gripped by heat, with many records broken in the most recent heatwave last weekend in SW USA. eg Las Vegas tied its all-time record of 117°F (47.2°C), as did Utah.
Death Valley, California had reported temperature of 130°F (54.4°C) 9 July, according to the US National Weather Service in Las Vegas. WMO is ready to verify new extreme temperatures We are currently evaluating 130°F reading in Aug 2020 at Death Valley, which holds world highest temperature record.
The megadrought conditions, very dry fuels and heatwaves are fuelling the occurrence of extreme wildfires this year in west USA, as well as western and central Canada.
Climate Change attribution
Climate change is already increasing the frequency of extreme weather events, and many single events have been shown to have been made worse by global warming.
The record-breaking heatwave in parts of the US and Canada at the end of June would have been virtually impossible without the influence of human-caused climate change, according to a rapid attribution analysis by an international team of leading climate scientists. Climate change, caused by greenhouse gas emissions, made the heatwave at least 150 times more likely to happen.
As the atmosphere gets warmer it holds more moisture which means it will rain more during storms, increasing the risk of floods.
The study, published in the journal Climatic Change, found that the higher the level of global warming, the projected increase in frequency or severity or both will be stronger for hot weather, droughts and flooding in the UK. These high-impact weather events can cause significant disruption across the UK affecting sectors such as health, transport, agriculture and energy.
IPCC Special Report Global Warming of 1.5°C mentions that human-induced global warming has already caused multiple observed changes in the climate system. Trends in intensity and frequency of some climate and weather extremes have been detected over time spans during which about 0.5°C of global warming occurred. Changes include increases in both land and ocean temperatures, as well as more frequent heatwaves in most land regions. Further, there is substantial evidence that human-induced global warming has led to an increase in the frequency, intensity and/or amount of heavy precipitation events at the global scale.
Several regional changes in climate are assessed to occur even with global warming up to 1.5°C as compared to pre-industrial levels, including warming of extreme temperatures in many regions, increases in frequency, intensity and/or amount of heavy precipitation in several regions.
Leave a comment , ,

Digital solutions enhance seafarer safety

Agency News, Industry News, Transport sector
From time immemorial, seafarers and ships have provided vital links to keep the world connected.
Even today, as digital transformation brings far-flung communities together amid the COVID-19 pandemic, maritime trade and transport remain central elements in global connectivity.
Seafarers and their demanding missions, meanwhile, are changing with the times.
Connecting mariners to the rest of the world and providing them with the best technologies and services to keep them safe at sea is of utmost importance.
Connected seafarers
More and more connected ships mean increasingly huge amounts of data. Most importantly, we must ensure that nobody is left behind. In the maritime sector, this means helping seafarers understand the latest information and communication technologies (ICTs) well enough to extract real value from the resulting data.
Gathering and analyzing data in intelligent ways makes all of us in the maritime business more effective in our missions. I have seen firsthand how ICT adoption can help to build a safer and fairer work environment for seafarers, address global environmental concerns including warming oceans, biodiversity loss and rising sea levels, and, of course, optimize maritime fleet performance.
To take one example, key shipboard data can be transmitted securely thanks to emerging technologies like distributed ledgers.
At the same time, access to satellite data while at sea has never been easier. Seafarers can capture deep insights through a new-generation interface with their equipment. Ultimately, satellite-based meteorology has vastly improved our knowledge of the seas.
For those in peril
Safety has always been priority number one for seafarers. Yet the perils of the harsh maritime working environment are never far away. ICT uptake and standardization have greatly improved seafarer safety in recent years, with the International Telecommunication Union (ITU) making vital contributions in this regard.
Take, for example, the Global Maritime Distress and Safety System (GMDSS), the internationally agreed set of safety procedures, frequencies, types of equipment, and communication protocols developed by ITU and the International Maritime Organization (IMO). GMDSS has been saving lives for over 30 years now. It came as an especially welcome innovation back in 1988.
Today, ITU’s Maritime Manual, List IV (List of Coast Stations and Special Service Stations) and List V (List of Ship Stations and Maritime Mobile Service Identity Assignments) remain highly reliable sources of industry information. They equip our seafaring colleagues to anticipate navigational concerns and ultimately help bring ships and crews home safe and sound.
After many years of travelling the oceans, I appreciate the value of practical tech of seaborne users. My wish to leverage digital solutions and design user-first services is what led me to the next stage of my career. Now, at Opsealog, my mission is to provide crews and shore staff with dedicated tools and accurate advice for the best use of resources.
Evolving technologies, meanwhile, keep unlocking new possibilities. I can’t wait to help create the next generation digital tools for our beautiful maritime industry.
[source: ITU]
Leave a comment ,

New StopRansomware.gov website launched

Agency News, Cyber Security CII sector, Industry News
The U.S. Government launched a new website to help public and private organizations defend against the rise in ransomware cases. StopRansomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. We encourage organizations to use this new website to understand the threat of ransomware, mitigate risk, and in the event of an attack, know what steps to take next.
The StopRansomware.gov webpage is an interagency resource that provides our partners and stakeholders with ransomware protection, detection, and response guidance that they can use on a single website. This includes ransomware alerts, reports, and resources from CISA, the FBI, and other federal partners.
Leave a comment , , ,

Storms and Record Rainfall in Western Europe Disrupts CI

Industry News, Power/Energy/Oil & Gas sector, Water sector
Record rainfall has caused swollen rivers to burst their banks and wash away homes and other buildings in western Europe – leading to more than 190 fatalities and over 1000 people missing. The floods have affected several river basins, first in the United Kingdom and later across northern and central Europe including Austria, Belgium, Germany, Luxembourg, the Netherlands, Switzerland and Italy.
The German states of Rhineland-Palatinate and North Rhine-Westphalia were among the worst hit by the torrential rainfall, with water levels rising in the Rhine River, as well as the Walloon Region in Belgium. The storms and high waters have also battered neighbouring Switzerland, the Netherlands and Luxembourg.
Data from the Copernicus Sentinel-1 mission are being used to map flooded areas to help relief efforts. The mission has been supplying imagery through the Copernicus Emergency Mapping Service to aid relief efforts. The devastating floods has triggered four activations in the Copernicus Emergency Mapping Service, in Western Germany, Belgium, Switzerland and the Netherlands.
The service uses observations from multiple satellites to provide on-demand mapping to help civil protection authorities and the international humanitarian community in the face of major emergencies.
Westnetz, Germany's biggest power distribution grid, stated that 200,000 properties in the North Rhine-Westphalia and Rhineland-Palatinate regions were without power and that it would be impossible to repair substations until roads were cleared.
Leave a comment , ,

CISA’s CSET Tool Sets Sights on Ransomware Threat

Agency News, Cyber Security CII sector, Industry News

CISA has released a new module in its Cyber Security Evaluation Tool (CSET): the Ransomware Readiness Assessment (RRA). CSET is a desktop software tool that guides network defenders through a step-by-step process to evaluate their cybersecurity practices on their networks. CSET—applicable to both information technology (IT) and industrial control system (ICS) networks—enables users to perform a comprehensive evaluation of their cybersecurity posture using many recognized government and industry standards and recommendations.

The RRA is a self-assessment based on a tiered set of practices to help organizations better assess how well they are equipped to defend and recover from a ransomware incident. CISA has tailored the RRA to varying levels of ransomware threat readiness to make it useful to all organizations regardless of their current cybersecurity maturity. The RRA:

  • Helps organizations evaluate their cybersecurity posture, with respect to ransomware, against recognized standards and best practice recommendations in a systematic, disciplined, and repeatable manner.
  • Guides asset owners and operators through a systematic process to evaluate their operational technology (OT) and information technology (IT) network security practices against the ransomware threat.
  • Provides an analysis dashboard with graphs and tables that present the assessment results in both summary and detailed form.

CISA strongly encourages all organizations to take the CSET Ransomware Readiness Assessment

Leave a comment , , ,

CISA and FBI Launch Operation Flashpoint to Raise Awareness about How to Prevent Bomb Making

Agency News, Industry News, Power/Energy/Oil & Gas sector, Telecomms sector, Transport sector
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Justice’s Federal Bureau of Investigation (FBI) announced a new pilot program called “Operation Flashpoint” to build awareness in communities across the U.S. about how to prevent bomb attacks.
At the pilot’s launch today at Revell Ace Hardware in Clinton, Miss., CISA and FBI officials highlighted the threat posed by domestic violent extremists and others who can build improvised explosive devices (IEDs) from common household items found at retail stores across the country. Approximately 250,000 businesses in the U.S. sell, use or distribute materials that can be used to build bombs.
IEDs pose a significant threat in the U.S. In 2020 alone, there were 2,061 total bomb threat, suspicious package and device-related incidents across the nation, according to CISA’s Office for Bombing Prevention TRIPwire report. Major bombings can cause mass casualty events and cost hundreds of millions of dollars or more.
The 90-day Operation Flashpoint pilot, which will include events in other cities including Columbia, S.C.; Louisville, Ky.; and Orlando/Tampa, Fla., encourages businesses and the public to voluntarily report suspicious activities, such as buying large amounts of chemicals and materials (or a combination of these) that can be used to build bombs.
“Operation Flashpoint is a major milestone in implementing U.S. policy to thwart bomb threats,” said Dr. David Mussington, Executive Assistant Director for CISA’s Infrastructure Security Division. “It shows the strong unity in the federal government, between the Department of Justice and the Department of Homeland Security, to safeguard citizens and critical infrastructure.”
Leave a comment , , ,

Digital regulators need to collaborate to “build forward better” after COVID

Agency News, Industry News, Telecomms sector
​​​​​​​​Bold regulatory approaches are needed to guide ground-breaking technology uptake, foster collaboration, and drive digital transformation in the post-COVID world, according to participants at the latest Global Symposium for Regulators (GSR-21) organized by the International Telecommunication Union (ITU).
The meetings brought together regulators from around the world to tackle the persistent, growing, global digital divide. In part, this involved adopting new guidelines for inclusive information and communication technology (ICT) regulation to “build forward better" and drive post-COVID recovery.
“Following the global social and economic disruption brought about by the COVID-19 pandemic, regulators have a unique opportunity to rethink and reshape policy principles and regulatory best practices to build ubiquitous, open and resilient digital infrastructure," said ITU Secretary-General Houlin Zhao.
Focus on holistic digital transformation
COVID-19 has prompted countries to seek more holistic, future-ready agendas for digital transformation. Accordingly, regulators discussed the need for collaborative leadership to ensure trust in the digital space; sufficient connectivity and regulatory enablers; financing to ensure affordable connectivity, meaningful access, and widespread use; safe digital inclusion; and partnerships for digital transformation.
“Effective regulation matters not just in times of crisis," said Doreen Bogdan-Martin, Director of ITU's Telecommunication Development Bureau. “To build forward better in the post-COVID digital world, we need agile and ground-breaking approaches and tools for digital regulation to accelerate the sustainable and inclusive growth of ICTs. Connectivity, access and use are ultimately at the heart of the digital transformation. Along with fit-for-purpose regulatory approaches, these are the predominant enablers of competitiveness and key to the future prosperity of people, communities, countries and regions everywhere."
New GSR-21 Best Practice Guidelines
Innovative tools and approaches are outlined in the newly released GSR-21 Best Practice Guidelines: Regulatory uplift for financing digital infrastructure, access and use. ​
Approaches to ICT regulation need to be globally consistent yet flexible, allowing each national framework to be tailored to meet local needs, regulators taking part in GSR-21 agreed.
Mercy Wanjau, Acting Director-General of the Communications Authority of Kenya and Chair of GSR-21, said: “The regulatory Best Practice Guidelines crafted and adopted by regulators and policy makers at GSR have been guiding all of us through challenges and new endeavours. I call upon regulators everywhere to leverage the GSR-21 Guidelines in adopting and implementing globally agreeable approaches that are relevant to their national circumstances and leverage collaboration across the board."
The guidelines emphasise the need for a collaborative, whole-of-government approach to regulation, focusing particularly on the role of effective and agile financing, prototyping regulatory patterns and approaches, and transformational leadership, to drive faster and more inclusive connectivity and ensure safe digital inclusion for all in the wake of the pandemic.
Key recommendations include:
- Alternative mechanisms for funding and financing digital infrastructures across economic sectors. Regulators should encourage investment and help to create competitive markets for future-proof broadband and digital services. Investment is also needed in non-commercial areas to make digital services available and affordable for all, while ensuring that basic regulatory needs are met.
- Promotion of local innovation ecosystems that enable the development of emerging technologies and business models. Regulators must create a safe space for digital innovation and experimentation. New approaches to regulation should protect consumers while encouraging market growth and ensuring resilience in future networks and services.
- Spectrum innovation and efficient use. New approaches may be needed to enhance regulatory foresight, harness data to target interventions, and create space for regulators and industry to experiment together. Spectrum innovation is just one such example.
- Ambitious yet executable regulatory roadmaps. The proposed best practices from GSR 21, if widely adopted, could help countries leapfrog ahead in economic development, maximize the benefits of ICT uptake, and ensure that these immense opportunities reach everyone.
In addition to the GSR-21 Best Practice Guidelines, GSR-21 saw the release of several new publications and platforms​:  Financing Universal Access to Digital Technologies and Services, Econometric Modelling in the context of COVID-19, collaborative case studies, and ICT Regulatory Tracker 2020​.
Leave a comment , , ,
1 20 21 22 23 24 30