Author: Neil Walker

Critical Infrastructure Protection and Resilience North America announce Preliminary Conference Programme for October

Agency News, Association News, Industry News

Download your Preliminary Conference Program guide today at www.ciprna-expo.com/PSG

As the recent Ransomware attacks on Colonial Pipeline, JBS, Dassault Falcon Jet Corp, CNA Financial, and others has demonstrated, as well as the on-going threats from natural hazards/disasters, terrorist attacks and man-made disasters, it is becoming increasingly important for policies and procedures to be implemented to protect our critical infrastructure for a more secure nation.

It gives us great pleasure to invite you to join us at Critical Infrastructure Protection and Resilience North America in New Orleans, Louisiana, for what will be 3 days of exciting and informative discussions on securing North America’s critical infrastructure.

With a leading line up of international expert speakers, sharing their knowledge, expertise and experiences, we know you will find this a most rewarding and enjoyable event and look forward to seeing you in New Orleans, for the next in-person meeting on October 19th-21st, 2021, where we will ensure a safe and Covid compliant environment for discussing how to secure North America's critical infrastructure.

Download your Preliminary Conference Program guide today at www.ciprna-expo.com/PSG and discover more on this premier conference program, expert speakers and showcase exhibiting companies.

Register today and save $$$ on your conference delegate pass with the early bird.
You can register online today at www.ciprna-expo.com/onlinereg

#criticalinfrastructureprotection #resilience #cybersecurity #disasterprevention #riskmanagement #businesscontinuity #government #emergencymanagement #security #infrastructure

Leave a comment , , ,

TSA Could Better Monitor Its Efforts to Reduce Infectious Disease Spread at Checkpoints

Agency News, Industry News, Transport sector
Within TSA, approximately 46,000 TSOs stationed across the nation's commercial airports perform screening and other activities that often require close interaction with passengers. As a result, both passengers and TSOs may be at an increased risk of infection during pandemics such as COVID-19.
The CARES Act included a provision for GAO to conduct monitoring and oversight of the federal government's response to the COVID-19 pandemic. This report identifies 1) what steps TSA has taken to reduce the spread of COVID-19 at passenger screening checkpoints; and 2) how TSA is monitoring TSOs' implementation of amended safety and screening procedures, among other objectives.
GAO analyzed TSA data on TSOs' use of paid leave, reviewed documentation on policies and procedures, and interviewed TSA officials at headquarters and eight U.S. airports. We selected these airports to reflect diversity in the number of COVID-19 cases among TSOs, airport size, and geographic region. In addition, for six of these airports, GAO reviewed closed circuit television footage to observe how TSOs were implementing COVID-19 procedural changes.
To reduce the spread of COVID-19 at passenger checkpoints, Transportation Security Administration (TSA) officials issued amended safety measures to require that Transportation Security Officers (TSOs) use surgical masks and face shields, change gloves after pat-downs, and physically distance themselves from coworkers and passengers as practicable. TSA also adjusted some screening procedures, such as asking passengers to remove more items from carry-on baggage to reduce the potential for alarms that require bag searches. In addition, TSA modified the use of certain checkpoint screening technologies, and granted TSOs additional paid leave. In January 2021, TSA began an employee vaccination program, and is in the process of vaccinating TSA employees, including TSOs.
TSA's monitoring and analysis of its measures to reduce the spread of COVID-19 is limited. For example, supervisors' operational checklists do not specifically include the revised COVID-19 procedures, and the data that TSO monitors collect (e.g., on whether TSOs are properly wearing masks or changing gloves) reflect implementation at a point in time rather than throughout a shift. Conducting more complete monitoring would help TSA ensure that its TSOs are properly implementing COVID-19 procedures. In addition, TSA field leadership analyzes available monitoring data for different subsets of airports to understand how COVID-19 procedures are being implemented. However, TSA headquarters officials said they had no plans at the time of our review to analyze this data across all airports nationwide to identify common implementation problems, such as incorrectly wearing face shields and challenges with maintaining physical distance. Analyzing monitoring data across all airports would help TSA identify and address any system-wide deficiencies in implementing COVID-19 procedures, so that it may better protect its workforce and the traveling public.
Leave a comment ,

CISA Publish Rising Ransomware Threat to Operational Technology Assets Fact Sheet

Agency News, Cyber Security CII sector
CISA has published Rising Ransomware Threat to Operational Technology Assets, a fact sheet for critical infrastructure owners and operators detailing the rising threat of ransomware to operational technology (OT) assets and control systems. The document includes several recommended actions and resources that critical infrastructure entities should implement to reduce the risk of this threat.
The guidance:
- Provides steps to prepare for, mitigate against, and respond to attacks;
- Details how the dependencies between an entity’s IT and OT systems can provide a path for attackers; and
- explains how to reduce the risk of severe business degradation if affected by ransomware
Given the importance of critical infrastructure to national security and America’s way of life, CISA published this fact sheet to help organizations build effective resilience.
Leave a comment , , ,

Italy announced the creation of the national cybersecurity agency

Agency News, Cyber Security CII sector, Industry News
The Italian government has announced the creation of a new agency focused on cybersecurity. Prime Minister Mario Draghi provided its strong commitment to the creation of the agency that is tasked to protect the country and its critical national infrastructure from cyber threats.
The creation of the agency follows warnings by Prime Minister Mario Draghi that Europe needed to protect itself from Russian "interference". The announcements comes after a slew of ransomware attacks in recent months, with recent high profile examples including Colonial Pipeline and JBS.
It will need to "protect national interests and the resilience of services and essential functions of the State from cyber threats," a government statement said. Speaking in Brussels, following a European Union summit, Draghi said urgent action was needed.
"We need to strengthen ourselves a lot, especially in terms of cybersecurity, all of us, at national level and at EU level... because the level of [Russian] interference both with spies and with manipulation of the web has become truly alarming," he said.
The new Italian cybersecurity agency will develop and implement cyber strategies to prevent, monitor, detect and mitigate cyber attacks, and increase the level of cyber security of the country’ infrastructures.
Leave a comment , , ,

ACSC’s Critical Infrastructure Uplift Program (CI-UP) will help to protect Australia’s essential services from cyber threats

Agency News, Cyber Security CII sector, Industry News
The ACSC is calling for ACSC Partners to help pilot the Critical Infrastructure Uplift Program (CI-UP). CI-UP will help protect Australia’s essential services from cyber threats by raising the security levels of critical infrastructure organisations. CI-UP is part of the Australian Signals Directorate’s Cyber Enhanced Situational Awareness and Response (CESAR) package and compliments the Australian Government’s ongoing work to protect critical infrastructure security through proposed amendments to the Security of Critical Infrastructure Act 2018.
CI-UP will build knowledge and expertise for critical infrastructure providers to strengthen their cyber defences. CI-UP has been designed to:
- evaluate critical infrastructure cyber security maturity;
- deliver prioritised vulnerability and risk mitigation recommendations; and
- assist partners to implement the recommended risk mitigation strategies.
Critical infrastructure entities that are ACSC Partners can register their interest via the CI-UP form. Following the pilot, all organisations in the critical infrastructure and systems of national significance sectors, as defined in the Security of Critical Infrastructure Act 2018, can register to participate. If you are not currently an ACSC Partners, and wish to participate in the CI-UP, you will first need to register to become an ACSC Partner through the ACSC Partner Hub.
Leave a comment , ,

NCSC's Early Warning service

Agency News, Cyber Security CII sector, Industry News
Early Warning helps organisations investigate cyber attacks on their network by notifying them of malicious activity that has been detected in information feeds.
Early Warning is a free NCSC service designed to inform your organisation of potential cyber attacks on your network, as soon as possible. The service uses a variety of information feeds from the NCSC, trusted public, commercial and closed sources, which includes several privileged feeds which are not available elsewhere.
Early Warning filters millions of events that the NCSC receives every day and, using the IP and domain names you provide, correlates those which are relevant to your organisation into daily notifications for your nominated contacts via the Early Warning portal.
Organisations will receive the following high level types of alerts:
- Incident Notifications – This is activity that suggests an active compromise of your system.
For example: A host on your network has most likely been infected with a strain of malware.
- Network Abuse Events – This may be indicators that your assets have been associated with malicious or undesirable activity.
For example: A client on your network has been detected scanning the internet.
- Vulnerability and Open Port Alerts – These are indications of vulnerable services running on your network, or potentially undesired applications are exposed to the internet.
For example: You have a vulnerable application, or you have an exposed Elasticsearch service.
Cyber security researchers will often uncover malicious activity on the internet or discover weaknesses in organisations security controls, and release this information in information feeds. In addition, the NCSC or its partners may uncover information that is indicative of a cyber security compromise on a network. The NCSC will collate this information and use this data to alert your organisation about potential attacks on your network.
Full details at www.ncsc.gov.uk/information/early-warning-service
Leave a comment , , ,

Cyber attacks on operational technology increasing

Cyber Security CII sector, Industry News
Ransomware: What board members should know and what they should be asking their technical experts
A recent report by FireEye’s Mandiant looked at attacks on operational technology control processes. Once viewed as complex due to access requirements, there are now many more internet-facing endpoints offering a wider attack surface.
Mandiant noted that attackers are not necessarily sophisticated, nor do they know what they are targeting. Graphical user interfaces have been accessed allowing attackers to modify variables without understanding the process being controlled.
The recent attack on Colonial Pipeline disrupted supply lines causing shortages is just one of a number of attacks against critical infrastructure networks.
Last year, in joint work, the NCSC released information for Critical National Infrastructure (CNI) organisations on effective use of the Security design principles and CISA, in the US, issued a summary of best practices for the security of Industrial Control Systems (ICS).
Leave a comment , ,

New ITU tools to foster digital development

Telecomms sector
Data is critical to our goal of connecting the world. It tells us where we were, where we are, what works and what doesn’t. It is a key ingredient of empirical research for establishing correlation, determining causality, identifying good practices, and formulating policy recommendations.
Since the advent of the Internet, data volumes have grown exponentially. And yet, reliable and meaningful data remain surprisingly scant, because producing such data is often complex, costly, and time-consuming.
To enhance its offerings, ITU has released three new tools: an online training course; a new edition of ICT price trends; and the Digital Development Dashboard.
Developing statistical capacity
ITU is responsible for setting the international statistical standards for ICT indicators. The Manual for measuring ICT access and use by households and individuals and the Handbook for the collection of administrative data on telecommunications/ICT describe approximately the 200 or so standards maintained by ITU.
These publications are complemented by capacity development activities on the ground. To reach a broader audience, ITU is also creating several online training courses on ICT statistics. The first, Measuring digital development: Telecommunication/ICT Indicators, is now available for free on the ITU Academy platform.
Tracking the cost of connectivity
The cost of connecting to the Internet partly is one of the key reasons why some 3.7 billion people are still offline and prevents many of the 4 billion who are connected from harnessing the potential of the Internet.
The 2020 edition of ICT price trends provides analyses and compares prices of key ICT services for more than 200 economies, providing unique insights on the status of ICT affordability.
Number of economies achieving the Broadband Commission target with data-only mobile-broadband services. Includes 188 economies for which data is available from 2020 data collection. Source: ICT Price trends 2020, ITU
The report takes stock of progress towards the UN Broadband Commission’s affordability target for 2025, according to which entry-level broadband services – i.e., the cheapest data-only broadband mobile or fixed subscription available – should amount to less than two per cent of monthly gross national income (GNI) per capita.
The report features new measures of affordability that reveal vast disparities within countries: even where the target has been met at country level, services often remain unaffordable for the 40 per cent poorest.
As a complement to the report, a new ICT price app enables users to compare prices of various ICT services across countries and regions and visualise trends going back 10 years.
ICT price trends follow a massive data collection effort by ITU, its Member States, and the Alliance for Affordable Internet (A4AI).
Making data more accessible
Hidden data cannot create impact.
The newly launched Digital Development Dashboard provides a user-friendly overview of digital development for 196 economies.
The Dashboard features 37 indicators related to infrastructure and access, Internet use, and enablers and barriers. It presents 10-year trends and comparisons with regional peers. A ‘light’ version is available for mobile and low-resolution devices, while two-page country profiles can be downloaded as PDFs. The underlying data can also be downloaded in Excel format.
Leave a comment , ,

UAE regulator puts digital transformation front and centre

Industry News, Telecomms sector
The UAE's Telecommunications and Digital Government Regulatory Authority (TDRA) has taken an important step in advancing the national digital vision.
Formerly the Telecommunications Regulatory Authority (TRA), we formally updated our identity in April 2021.
This means embracing artificial intelligence (AI), smart cities, and a knowledge-based society and economy.
The new logo reflects our new TDRA’s long-term future vision as a key national regulator. It symbolizes cutting-edge communication via the image of fibre-optic cables. At the same time, our regulator’s new name and identity reflects simplicity and aspiration to deliver customer happiness.
Enhancing innovation
As per a recent Global Innovation Institute report, the recently-renamed TDRA ranked among the top three innovative entities in the Middle East. The institute has accredited several innovations that our regulatory authority developed and implemented at the national and international level.
Leadership in the field of information and communication technology (ICT) depends on original ideas and creativity. These are critical elements of the UAE’s National Agenda 2021. Under that plan, the "United in Knowledge" pillar calls for building a diverse, competitive economy, driven by knowledgeable and innovative Emiratis, as the key to the UAE’s successful long-term development.
As a next step, in cooperation with Abu Dhabi Digital Authority (ADDA) and Smart Dubai, we recently issued national guidelines for 'API-first' business and services.
Application Programming Interface (API) is the best way to link multiple customer-service entities from everywhere at any time. The new guidelines will help government and private entities continually update and link their services and smart applications, with close coordination ensuring a better user experience overall.
ICT investment
Other ongoing TDRA initiatives include support for remote working, distance learning, e-commerce, and e-government services across the country. The UAE also aims to enhance the ICT sector and drive digital transformation in developing countries worldwide. The country – represented by TDRA – maintains close cooperation with the International Telecommunication Union (ITU), striving to extend logistical and technical support where needed, align digital strategies with sustainable development, lay the foundation for inclusive economic growth, and foster social happiness.
Digital government will be crucial going forward. Under the guidance of the UAE’s national leadership, TDRA intends to keep working closely with other government agencies and with partners across the ICT industry, aiming to envision, foster and cultivate a sustainable long-term digital transformation.
[Source: ITU]
Leave a comment , ,

What the security industry does now will be judged by the CBRN professionals, the health community and the public

Health & Social Care, Industry News

The CBRN (chemical, biological, radiological or nuclear warfare) sector are mostly made up of academics and professional practitioners that research and consider the above- mentioned threats.
For nature disasters, the governmental related body has their academics and manpower that takes full responsibility for servicing security, medical, the feeding and housing the population because they are paid for it through taxes.

For Biological Threats, the governments for specific reason use the military and police function on a macro level will be involved in managing specific protocols on the ground. However, it is the private security industry which is way larger than the military and police in some countries that will play its part on the ground.

Actually, the two bodies that play an important role is the health community that set protocols (infection testing, social interactions and hygiene) for biological threats and it is the security industry that rolls the health protocols out besides manages the implementation on the ground.

However, the security industry does more. The security industry adds security protocols to the mix because there are issues relating to tools (technology and equipment) that are used, the behaviour of the people and the crime related to the threats, being the threat itself and the outcome of the threat being the economic meltdown.

It is virtually impossible for the military and police to manage the health protocols, investigate the amount of crime and type of new crime in this scenario besides managing the numbers of people involved.

The CBRN community comprehend the fact that there are millions of private security practitioners on the ground that are actually doing the job of taking temperatures, managing the flow of people and ensuring hygiene criteria are met. Therefore, they realize that it is the private security industry (psi) is the largest force on the ground to limit the collateral damage, as it is, the psi that also has the equipment and skilled manpower to do such.

This current mutating biological threat has taught some lessons to some that bothered to be present and relevant, and the flip side, is that some in the security industry that do not realize that they are actually doing biological threat security.

Now based on the recent experiences, the private security industry has researched the issues related to this pandemic and thoroughly investigated specifics taking into consideration various issues.

When 911 happened, the security exhibitions grew huge in size because of two reasons. Firstly, at the same time the IP (Internet Protocol) technology began to display their wares and all technologies ran onto the market with their solutions, be it biometrics, IP access control and IP driven CCTV, etc., which was mostly geared towards counter terror.

When COVID-19 began, once again the manufacturers ran onto the market with thermal imaging technologies which some did not comply with the department of the health criteria. Yes, the health community have got protocols relating to taking the temperature of people and have also explored the criteria for using thermal imaging. Unfortunately, there are brands that do not confirm to the standards out of ignorance to the factual criteria and also there are some that provide misinformation about their capabilities.

But - it is the security industry that went through this scenario before during 911 which brought about laboratories to test brand performance of emerging technologies and equipment. This means that the protocols for managing a biological threat and using technology or equipment must confirm to the health department besides labs that check brand performance.

The health community has set protocols for social distancing but has not realized that the population are not sheep. The security industry knows that the behaviour of people can be extremely aggressive and volatile. Having said such there are security practitioners that themselves have not acknowledged that their team on the ground are on ground zero where the staff are more at risk than medical teams such as nurses or doctors.

In a hospital the medical teams know who is sick and who is not. They then have protocols to dress according to the threat and apply the 'dress-code' using specific protocols. They have been trained in such. On the ground, the security practitioners have no idea of who is sick and who is not sick. They handle people that are shouting and perhaps pushing others around without out any form of medical grade protection or the full complement of protection gear that is used by ICU wards.

The protocols for the managing people in security is by layering specific staff with certain character traits or skillsets to ensure a safe environment for the public and themselves. Security companies that are not using protocols place their client's customers at risk besides their own staff. When customers avoid going to a site, then the client loses revenue. This is not about loss prevention but more so profit protection. Furthermore, new crime and increased numbers of criminals erodes the profits of a site, besides impacting once again the profits of a site.

There is also crime related to the threat that causes issues, such as, theft of oxygen bottles or the reselling of oxygen using old bottles (organized crime, gang crime or entrepreneurial street venders) that could contain black fungus in the tubes or valves that is responsible for a 50 percent mortality rate. Never-the-less the lack of oxygen simply causes ciaos which could increase infection rates because of people fighting over oxygen or mass 'hysterical' riots when people fear that they will not obtain oxygen. The private security industry is involved in all aspects as one can fathom from the above, and the list of high-risk targets and motivations that drive issues are far too numbersome to list in this article.

The CBRN teams may suggest in the future certain steps to take but at the end of the day - it will be the private security industry that will roll it out and manage it on the ground.

If the Security Industry does not stand together and use the same protocols that fit standards and compliance criteria - then it will not be able to limit the level of collateral damage as it should with a mutating biological threat.

When the security industry does take action then it will earn the trust and respect from the CBRN community, the Health Community and the Public at Large.

ISIO |International Security Industry Organization & CAPSI (Central Association of Private Security Industry) representing +7 million practitioners) call on all stakeholders to participate alongside on mission.

Leave a comment , ,
1 28 29 30 31 32 54