Category: Agency News

Europe deploys 7Shield - cybersecurity from space?

Agency News, Cyber Security CII sector, Industry News
SHIELD – Safety and Security Standards of Space Systems, ground Segments and Satellite data assets, via prevention, detection, response and mitigation of physical and cyber threats.
The project gives an innovative boost to the protection of earth segments and satellite data resources. Protecting critical infrastructures from cyber threats. From IoT to machine learning, here are the advanced technologies integrated into the framework.
The overall concept of 7SHIELD is to provide to the European Ground Segment facilities a holistic framework enable to confront complex cyber and physical threats by covering all the macrostages of crisis management, namely pre-crisis, crisis and post-crises phases.
The Copernicus era has created a new market with the massive amounts of satellite data that the ground segments of space systems receive serve to the market and governmental bodies.
A physical/cyber-attack to their installations or communication networks, respectively, would cause debilitating impact on public safety and security of EU citizens and public authorities. A physical attack on a space ground segment makes the distribution of satellite data problematic and, on the other hand, a cyber-attack in its data storage, access and exchange affects not only the reliability of space data, but also their FAIR standards: findability, accessibility, interoperability and reusability. Current approaches do not fully exploit the recent advances in surveillance mechanisms with robotic technologies and AI.
Given the above, the Center for Security Studies (KEMEA), has successfully submitted as member of a wider consortium, 7SHIELD proposal under the topic “SU-INFRA01-2019: Prevention, detection, response and mitigation of combined physical and cyber threats to critical infrastructure in Europe” of H2020. 7SHIELD has officially started on September 2020 and will have a duration of 24 months, coordinated by ENGINEERING (Italy).
7SHIELD will be an integrated yet flexible and adaptable framework enabling the deployment of innovative services for cyber-physical protection of ground segments, such as e-fences, passive radars and laser technologies, multimedia AI technologies, that enhance their protection capabilities, while integrating or interoperating with existing protection solutions already deployed at their installations. The framework will integrate advanced technologies for data integration, processing, and analytics, machine learning and recommendation systems, data visualization and dashboards, data security and cyber threat protection. The technological solution is co-designed with first responders’ teams and contributes to policy making, standardisation and new guidelines for contingency planning and service continuity. The project will be evaluated and demonstrated in five installations of ground segments of space systems.
KEMEA will be a task leader both in identifying security requirements in relation to the technology systems in use and the integration of the 7SHIELD solution and in defining the model of the Emergency Response Plan, by following the guidelines as described in international Standards such as ISO22320:2018 Security and resilience -- Emergency management -- Guidelines for incident management. KEMEA will also have a crucial role in pilot implementation, evaluation and training and an overall contribution to the whole development of the program.
Leave a comment , ,

ENISA publish report for cyberecurity measures in Railway Transport Sector

Agency News, Industry News, Transport sector
Representing 472 billion passenger-kilometres, 216,000 km of active railways3 and 430 billion tonne-kilometres for freight transport, the railway sector plays an important and fast-growing role. Railway infrastructure and systems are key assets, crucial to developing and protecting the European Union.
The railway sector enables goods and passengers to be transported within countries and across borders, and is key to the development of the European Union. The main players within this sector are the railway undertakings (RU), in charge of providing services for the transport of goods and/or passengers by rail; and the infrastructure managers (IM), in charge of establishing, managing and maintaining railway infrastructure and fixed installation, including traffic management, control-command and signalling, but also station operation and train power supply. Both are in the scope of the NIS Directive, and their identification as operator of essential service (OES) respects the transposition of laws to the majority of member states.
Challenges
The study also identifies the main challenges faced by the sector to enforce the NIS Directive:
- Railway stakeholders must strike a balance between operational requirements, business competitiveness and cybersecurity, while the sector is undergoing digital transformation which increases the need for cybersecurity.
- Railway stakeholders depend on suppliers with disparate technical standards and cybersecurity capabilities, especially for operational technology.
- OT systems for railways have been based on systems that were at a point in time secure according to the state-of-the art but due to the long lifetime of systems they eventually become outdated or obsolete. This makes it difficult to keep them up-to-date with current cybersecurity requirements. Furthermore, these systems are usually spread across the network (stations, track, etc.), making it difficult to comprehensively control cybersecurity.
- Railway operators report issues of low cybersecurity awareness and differences in culture, especially among safety and operations personnel.
- Existing rail specific regulation doesn’t include cybersecurity provisions. OES often have to comply with non-harmonized cybersecurity requirements deriving from different regulations.
ERTMS is also covered in this study as a separate infrastructure due to its special requirements and its cross-European nature.
Leave a comment , , ,

NCSC defends UK from more than 700 cyber attacks while supporting national pandemic response

Agency News, Cyber Security CII sector, Industry News
THE National Cyber Security Centre defended the UK from an average of 60 attacks per month during a year which saw its resources proactively focused on the coronavirus response, the organisation’s latest Annual Review revealed today.
The NCSC, which is a part of GCHQ, handled 723 incidents between 1 September 2019 and 31 August 2020, with around 200 related to coronavirus. In the previous three years since launching, they supported an average of 602 incidents annually (590 in 2017, 557 in 2018 and 658 in 2019).
The growth this year reflects ongoing NCSC efforts to proactively identify and mitigate threats, tips the organisation receives from its extensive network of partners and reports from victims themselves.
In a year heavily influenced by the pandemic, the review highlights the NCSC’s support for the healthcare sector, such as scanning more than 1 million NHS IP addresses for vulnerabilities leading to the detection of 51,000 indicators of compromise, and working with international allies to raise awareness of the threat of vaccine research targeting.
With cyber criminals looking to exploit public fear over the pandemic with coronavirus-related online scams, the NCSC and the City of London Police also launched the Suspicious Email Reporting Service, which received 2.3 million reports from the public in its first four months – resulting in thousands of malicious websites being taken down.
The NCSC also provided the technical assurances during the creation of the Virtual Parliament, as well as producing a wide range of advice for businesses and individuals switching to home working as a result of the pandemic.
A new remote working scenario was added to the NCSC’s ‘Exercise in a Box’ programme. The initiative, which allows people to test their cyber defences against realistic scenarios was used by people in 125 countries this year.
Leave a comment , ,

Call to action on international standards

Agency News, Industry News
The Riyadh International Standards Summit concluded with the call to action for “each country to recognize, support, and adopt international standards to accelerate digital transformation in all sectors of the economy to help overcome global crises, such as COVID-19, and contribute towards the achievement of the United Nations Sustainable Development Goals (SDGs)”.
The Call to Action emphasizes international standards’ important role in the implementation of the United Nations’ Global Agenda aimed at achieving all 17 SDGs by 2030. “Today’s global health crisis has highlighted the need to continue investing in our digital future, through investments to drive infrastructure development, connect the unconnected, and build confidence and trust in digital technologies: elements which are all crucial to the achievement of the SDGs.”
Reflecting on the issues addressed, ISO Secretary-General Sergio Mujica saw a strong common spirit shared by all participants. “This recognition raises the bar on supporting international standards and illustrates the critical role each country can play in overcoming our common challenges and boosting synergies for all. We look forward to the international community answering the call to recognize, support and adopt international standards as a key instrument for economic and social development.”
The Summit enabled an integrated, introspected and exhaustive look at international standards developed by IEC, ISO and ITU, and their role in global trade as well as in social and economic development. Key stakeholders and decision makers were able to exchange experiences and perspectives on the importance of international standards in addressing shared fears and aspirations for the future.
“The call to action sends a real message in support of consensus-based international standards developed by IEC, ISO and ITU. It shows that, in these challenging moments of COVID-19, we are interdependent. Mutually beneficial global solutions can be found to our common global challenges,” said IEC General Secretary Philippe Metzger.
Digital technologies used to strengthen and accelerate the collective response to the COVID-19 pandemic, as well as to enhance the ability to prevent and mitigate future crises, have been a frequent topic of this year’s G20. The call to action reinforces the need for countries to leverage international standards to deliver solutions to such global challenges.
“This pandemic calls for a robust international response. International standards developed by IEC, ISO and ITU go beyond national borders by connecting countries to global markets. They encompass global approaches that enable all countries to grow, thrive and support development for years to come,” concluded Chaesub Lee, Director of the ITU Telecommunication Standardization Bureau.
Leave a comment ,

Building a solid foundation for measuring the impact of cybercrime

Agency News, Cyber Security CII sector, Industry News
INTERPOL and the Council of Europe, in the framework of the GLACY+ Project, cooperate in publishing the Guide for Criminal Justice Statistics on Cybercrime and Electronic Evidence.
While many governments recognize the need to take action against cybercrime, they face difficulties in defining the problem at hand.
To effectively tackle the multifaceted and imperceptible nature of cybercrime, criminal justice authorities need a good understanding of the scale, types and impact of the crime. For this reason, the Council of Europe and INTERPOL have jointly developed the Guide for Criminal Justice Statistics on Cybercrime and Electronic Evidence to support countries develop a clearer vision of the global problem.
The key goal of this joint effort is to help criminal justice authorities worldwide acquire the statistics on cybercrime and electronic evidence by providing good practices and recommendations. Statistics enable the authorities to shape effective policies and operational responses. This guide lays out the agenda for compiling criminal justice statistics with key steps for data collection, analysis and cooperation among multiple stakeholders.
“Well-defined statistics produced in collaboration with criminal justice authorities will not only provide valuable insights into the changing environment, but also strategic indicators for measuring the effectiveness of policies and activities,” said Alexander Seger, Head of the Cybercrime Division of the Council of Europe.
“How countries approach cybercrime and electronic evidence at the national level has a real impact on available options on global cooperation. It also serves as the cornerstone for developing tailored operational responses to reduce the global impact of cybercrime,” said Craig Jones, INTERPOL’s Director of Cybercrime.
INTERPOL and the Council of Europe will continue to cooperate to enhance the ability of criminal justice authorities worldwide to tackle cybercrime and encourage international cooperation in collecting and analyzing electronic evidence.
Leave a comment ,

IoT Security: ENISA Publishes Guidelines on Securing the IoT Supply Chain

Agency News, Industry News
The European Union Agency for Cybersecurity (ENISA) is releasing its Guidelines for Securing the IoT – Secure Supply Chain for IoT, which covers the entire Internet of Things (IoT) supply chain – hardware, software and services – and builds on the 2019 Good Practices for Security of IoT - Secure Software Development Lifecycle publication by focusing on the actual processes of the supply chain used to develop IoT products. This report complements the Agency’s seminal study on Baseline Security Recommendations for IoT, a highly cited and referenced work that aims to serve as a reference point for IoT security.
Supply chains are currently facing a broad range of threats, from physical threats to cybersecurity threats. Organisations are becoming more dependent than ever before on third parties. As organisations cannot always control the security measures of their supply chain partners, IoT supply chains have become a weak link for cybersecurity. Today, organisations have less visibility and understanding of how the technology they acquire is developed, integrated and deployed than ever before.
In the context of the development of the Guidelines for Securing the IoT – Secure Supply Chain for IoT, the EU Agency for Cybersecurity has conducted a survey that identifies the existence of untrusted third-party components and vendors, and the vulnerability management of third-party components as the two main threats to the IoT supply chain. The publication analyses the different stages of the development process, explores the most important security considerations, identifies good practices to be taken into account at each stage, and offers readers additional resources from other initiatives, standards and guidelines.
As in most cases pre-prepared products are used to build up an IoT solution, introducing the concept of security by design and security by default is a fundamental building block to protect this emerging technology. The Agency has worked with IoT experts to create specific security guidelines for the whole lifespan of IoT devices. These guidelines to help tackle the complexity of IoT focus on bringing together the key actors in the supply chain to adopt a comprehensive approach to security, leverage existing standards and implement security by design principles.
Leave a comment , ,

UK and partners condemn GRU cyber attacks against Olympic and Paralympic Games

Agency News, Cyber Security CII sector, Industry News
The UK exposed malicious cyber activity from Russia’s GRU military intelligence service against organisations involved in the 2020 Olympic and Paralympic Games before they were postponed.
The activity involved cyber reconnaissance by the GRU targeting officials and organisations involved in the Games, which had been due to take place in Tokyo during the summer.
The incidents were the latest in a campaign of Russian malicious activity against the Olympic and Paralympic Games, with the UK also today revealing details of GRU targeting of the 2018 Winter Olympic and Paralympic Games in Pyeongchang, Republic of Korea.
The National Cyber Security Centre (NCSC), a part of GCHQ, assesses with high confidence that these attacks were carried out by the GRU’s Main Centre for Specialist Technologies (GTsST), also known as Sandworm and VoodooBear.
Details were released after the US Department of Justice announced criminal charges against Russian military intelligence officers working for the GRU’s cyber unit for conducting cyber attacks against the 2018 Winter Games and other cyber attacks.
The Foreign Secretary Dominic Raab has issued a statement making clear that the Russian government cannot act with impunity.
Paul Chichester, the NCSC’s Director of Operations, said:
“We condemn these attacks carried out by the GRU and fully support the criminal charges announced today by the US Department of Justice.
“These attacks have had very real consequences around the world – both to national economies and the everyday lives of people.
“We will continue to work with our allies to ensure that we are the hardest possible target for those that seek to cause disruption and harm in cyberspace.”
In the attacks on the 2018 Games, the GRU’s cyber unit attempted to disguise itself as North Korean and Chinese hackers when it targeted the opening ceremony. It went on to target broadcasters, a ski resort, Olympic officials and sponsors of the games.
The GRU deployed data-deletion malware against the Winter Games IT systems and targeted devices across the Republic of Korea using VPNFilter.
The NCSC assesses that the incident was intended to sabotage the running of the Winter Olympic and Paralympic Games, as the malware was designed to wipe data from and disable computers and networks. Administrators worked to isolate the malware and replace the affected computers, preventing potential disruption.
Leave a comment

EU Agency for Cybersecurity launches ISAC in a BOX Toolkit

Agency News, Cyber Security CII sector, Industry News
The EU Agency for Cybersecurity launched an ISAC in a BOX an comprehensive online toolkit to support the establishment, development and evaluation of Information Sharing and Analysis Centres (ISACs).
European legislation, such as the Cybersecurity Act and the NIS Directive (NISD), promotes the creation of European and National Information Sharing and Analysis Centres (ISACs). ISACs are private public partnerships (PPPs) between stakeholders exposed to similar cybersecurity vulnerabilities and threats and they are usually formed by private sector initiative, in particular operators of essential services of the critical sectors. ISACs collect, analyse and disseminate actionable threat information to their members and provide them with tools to mitigate risks and enhance resilience.
ENISA’s task is to support the creation and development of ISACs and advise them to strengthen their cooperation, build trust and exchange information using tools and mechanisms that are beneficial for all parties. ENISA participates and offers advice and expertise in several European initiatives regarding the development of ISACs through:
- Connecting Europe Facilities (CEF) call for ISACs as a technical advisor;
- Inter-EU ISAC platform as a facilitator;
- European Energy (EE) ISAC as a member;
- European Financial (FI) ISAC as secretariat;
- European Maritime (EM) ISAC as a member;
- European Rail (ER) ISAC as a member.
Objective and description of the toolkit
ENISA developed this comprehensive toolkit, following studies on the ISAC concept, to address the need to facilitate community building and collaboration across ISACs. The toolkit aims at providing practical guidance and the means to empower industry to create new ISACs and to further develop already existing ones.
The main success factors for ISACs are Trust and Sharing. If there is trust, information will be shared and added value will be created - ISAC in a BOX follows the same approach. It is divided in four phases and contains all activities, documents and tools needed to start, develop and evaluate an ISAC. Each phase includes the basic elements that need to be fulfilled to go to the next phase.
- Build phase: It’s all about setting the goals, participants and purpose for the ISAC; agreeing on the budget and the right cooperation mechanisms.
- Run phase: Governance is key to share information through meetings and develop trust and building capacities among the ISAC participants.
- Evaluation phase: Evaluation is an essential part of the ISAC lifecycle which helps to keep it on track, measure its impact and assess its momentum in order to bring it to the next phase.
- Develop phase: Time for action! This phase focuses on enhancing ISAC’s sophistication, its further development and outreach strategies.
Leave a comment

SAFECOM and NCSWIC Address Communications Dependencies on Non-Agency Infrastructure

Agency News, Industry News, Power/Energy/Oil & Gas sector, Telecomms sector, Transport sector
The world of emergency communications can be astoundingly complex, especially as additional capabilities and services become necessary to successfully deploy, maintain, and protect communications systems. Many agencies rely on multiple third-party entities to provide these capabilities, including provisioning of critical system infrastructure, cybersecurity, and other services. For example, agencies readily rely on commercial vendors for subscriber units or on commercial utilities for power supply. An agency and its contracted non-agency entities alike are vulnerable to events that threaten the uptime, continuity of services, operations, or resiliency of communications. Regardless of how unpredictable these events may be, agencies can take steps to be prepared when those disruptive events occur.
Using the depth of experience among their members, SAFECOM and the National Council of Statewide Interoperability Coordinators (NCSWIC) have published a white paper―Public Safety Communications Dependencies on Non-Agency Infrastructure and Services—outlining several techniques to prepare throughout the communications system lifecycle for challenges associated with such dependencies, as shown in the graphic.
Given the potential for disruptive events impacting non-agency partners, public safety stakeholders—including system administrators, public administration officials and decision makers, and other communications personnel—might benefit from understanding the potential complications or obstacles they may face when depending on outside sources for infrastructure or services.
To learn more about this document and other helpful resources, visit cisa.gov/safecom/technology
Author: Ted Lawson, Cybersecurity and Infrastructure Security Agency (CISA), Joint SAFECOM and NCSWIC Technology Policy Committee Federal Lead
Leave a comment

Ransomware Activity Targeting the Healthcare and Public Health Sector

Agency News, Cyber Security CII sector, Industry News

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.

CISA, FBI, and HHS have released AA20-302A Ransomware Activity Targeting the Healthcare and Public Health Sector that details both the threat and practices that healthcare organizations should continuously engage in to help manage the risk posed by ransomware and other cyber threats. The advisory references the joint CISA MS-ISAC Ransomware Guide that provides a ransomware response checklist that can serve as a ransomware-specific addendum to organization cyber incident response plans.

CISA, FBI, and HHS are sharing this information in order to provide a warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats. CISA encourages users and administrators to review CISA’s Ransomware webpage for additional information.

Leave a comment
1 31 32 33 34 35 37