Category: Industry News

Industry News

Australian Government Invites Feedback on Critical Technologies

Cyber Security CII sector, Health & Social Care, Industry News, Power/Energy/Oil & Gas sector, Space Sector, Telecomms sector, Transport sector

The Australian Federal Government will begin consulting businesses, researchers and the community at large to identify critical technologies of national importance.

The List of Critical Technologies in the National Interest will clarify technologies the government considers to be vital to present and future demands.

The 2022 List of Critical Technologies in the National Interest will build on the 2021 List, which featured 63 technologies across seven categories including:

- Advanced materials and manufacturing
- AI, computing and communications
- Biotechnology, gene technology and vaccines
- Energy and environment
- Quantum; Sensing, timing and navigation
- Transportation, robotics and space

The consultation will run until Friday 30 September.

Federal Minister for Industry and Science, Ed Husic, said it is vital for Australia’s continued and future prosperity that emerging and critical technologies are promoted and protected.

“We know the development of critical technologies present enormous potential opportunities as well as risks for Australians,” Mr Husic said.

“It is vital we understand and send a clear signal about what technologies we should be focusing on and where our strengths lie – and that is exactly what this consultation is all about.”

The Federal Government has promised to invest $1 billion into critical technologies through its National Reconstruction Fund and will aim to reach 1.2 million tech industry jobs by 2030.

“This work is also part of our goal to reach 1.2 million tech jobs by 2030, as well as securing our supply chains and promoting Australia as a secure destination of excellence for investment, development and adoption of critical technologies,” Mr Husic said.

“The Government is also investing $1 billion in critical technologies as part of the National Reconstruction Fund, to build our strategic capability and power the economic growth we need to create jobs.”

Leave a comment ,

China loses hydropower As drought dries up Yangtze River

Industry News, Power/Energy/Oil & Gas sector

No rain and a 70-day heat wave spur crop failures, power cuts, and dangerously-low reservoirs across parts of China.

A historic drought in the southwest of China is drying up rivers, intensifying forest fires, damaging crops, and severely curtailing electricity in a region highly dependent on hydropower.

The Yangtze River, the third largest in the world, has dropped to half its average water levels, affecting shipping routes, limiting drinking water supplies, causing rolling blackouts, and even exposing long-submerged Buddhist statues. Some 66 rivers across 34 counties in Chongqing were dried up. The province of Sichuan, which gets more than 80 percent of its energy from hydropower, cut or limited electricity to thousands of factories in an effort to “leave power for the people.” Poyang Lake, the largest freshwater lake in China, is just a quarter of its normal size for this time of year.

China issued its first national drought alert in nine years. Rainfall in the Yangtze River Basin is down 45 percent from last July, the lowest it has been since 1961.

Sichuan is a major manufacturing hub and the curbing of electricity to factories has had global impacts, affecting suppliers of Toyota, Volkswagen, Tesla, Intel and Apple, as well as pesticide and solar panel manufacturers. Companies have been asked to continue rationing electricity. Toyota has slowly resumed operations using a generator; Tesla asked the government of Shanghai to ensure that its suppliers received enough power, saying it faced shortages of components as plants scaled back production. Other areas that source power from Sichuan have also made cuts, including Shanghai, China’s largest city, which turned off decorative lighting as a symbolic gesture.

Drought’s impact on the agriculture sector has also been severe, with thousands of acres of crops damaged in Sichuan and the neighboring Hubei province. In response, the Chinese government discharged water from several large upstream reservoirs, and the Ministry of Agriculture said it will try to artificially increase rainfall through cloud seeding, as well as spray crops with a water-retaining agent.

[Source: UNDRR]
Leave a comment , , ,

Cyber Attack on Greece’s Gas Operator

Industry News, Power/Energy/Oil & Gas sector

A group of cyber extortionists called Ragnar Locker claimed responsibility for the recent cyber-attack against the National Gas System Operator (DESFA) in Greece.

DESFA announced that it had suffered a cyber-attack on part of its IT infrastructure, which resulted in a “confirmed impact on the availability of certain systems and the possible leakage of a number of files and data.”

DESFA is responsible for the operation, management, exploitation, and development of the National Natural Gas System and its interconnections.

The statement said that IT services were proactively deactivated to limit any potential spillage and to investigate the incident while ensuring the adequate operation of the national gas supply system at all entry and exit points of the country without any complications.

The FBI has linked the Ragnar Locker group to attacks on at least fifty-two organizations and companies related to critical infrastructure in the US over the last two years.

Leave a comment , , ,

DOE Announces $45 Million for Power Grid Cyber Resilience

Agency News, Industry News, Power/Energy/Oil & Gas sector

The U.S. Department of Energy (DOE) has announced $45 million to create, accelerate, and test technology that will protect the electric grid from cyber attacks.

Cyber threats to American energy systems can shut down critical energy infrastructure and disrupt energy supply, the economy, and the health of American consumers. Cybersecurity remains a priority as clean energy technologies deployed on the grid become highly automated.

Earlier this year, Supervisory Special Agent Ted P. Delacourt, a federal civilian working in the Mission Critical Engagement Unit of the Cyber Division at the Federal Bureau of Investigation, wrote that a cyber attack on one critical infrastructure sector may initiate a failure in another or cascade to the entire interconnected critical infrastructure network.

“The ubiquitous nature of these critical infrastructure sectors and the distribution of their physical and networked assets across a wide geographical area, often spanning the entire country, make them attractive targets,” Delacourt wrote for HSToday. “State, non-state, and criminal actors continually seek victims of opportunity across all critical infrastructure sectors for monetary and strategic gain.”

Delacourt warned that cyber attacks on critical infrastructure will continue to grow in number and frequency and continue to escalate in severity.

Combined with the additional grid upgrades funded in the Bipartisan Infrastructure Law and the Inflation Reduction Act, the latest DOE announcement means the United States will have an opportunity to build greater cyber defenses into its energy sector. The $45 million funding announced on August 17 will support up to 15 research, development, and demonstration (RD&D) projects that will focus on developing new cybersecurity tools and technologies designed to reduce cyber risks for energy delivery infrastructure. Building strong and secure energy infrastructure across the country is a key component of reaching President Biden’s goal of a net-zero carbon economy by 2050.

“As DOE builds out America’s clean energy infrastructure, this funding will provide the tools for a strong, resilient, and secure electricity grid that can withstand modern cyberthreats and deliver energy to every pocket of America,” said U.S. Secretary of Energy Jennifer M. Granholm. “DOE will use this investment to continue delivering on the Biden Administration’s commitment to making energy cheaper, cleaner, and more reliable.”

DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) will fund up to 15 research projects that will establish or strengthen existing research partnerships with energy sector utilities, vendors, universities, national laboratories, and service providers working toward resilient energy delivery systems. The effort will lead to the creation of next-generation tools and technologies designed to reduce cyber incident disruption to energy delivery. Researchers will aim to develop tools and technologies that enable energy systems to autonomously recognize a cyber attack, attempt to prevent it, and automatically isolate and eradicate it with no disruption to energy delivery.

There are six proposed topic areas for the projects, which include:

- Automated Cyber Attack Prevention and Mitigation: This topic area will focus on tools and technologies that enable energy systems to autonomously recognize and prevent cyber attacks from disrupting energy.
- Security and Resiliency by Design: This topic area will focus on tools and technologies that build cybersecurity and resilience features into technologies through a cybersecurity-by-design approach.
- Authentication Mechanisms for Energy Delivery Systems: This topic area will focus on tools and technologies that strengthen energy sector authentication.
- Automated Methods to Discover and Mitigate Vulnerabilities: This topic area will focus on tools and technologies that address vulnerabilities in energy delivery control system applications.
- Cybersecurity through Advanced Software Solutions: This topic area will focus on developing software tools and technologies that can be tested in a holistic testing environment that includes a development feedback cycle.
- Integration of New Concepts and Technologies with Existing Infrastructure: This topic area will require applicants to partner with energy asset owners and operators to validate and demonstrate cutting-edge cybersecurity technology that can be retrofitted into existing infrastructure.

[source: HS Today]
Leave a comment , , ,

Revised Regulation for Trans-European Energy Infrastructure

Agency News, Industry News, Power/Energy/Oil & Gas sector

The Union’s energy infrastructure should be upgraded in order to prevent technical failure and to increase its resilience against such failure, natural or man-made disasters, adverse effects of climate change and threats to its security.

The Union’s energy infrastructure should be resilient to the unavoidable impacts that climate change is expected to create in Europe in spite of the mitigation efforts. Hence, strengthening the efforts on climate adaptation and mitigation, resilience building, disaster prevention and preparedness is crucial.

The development of trans-European energy infrastructure should take into account, where technically possible and most efficient, the possibility of repurposing existing infrastructure and equipment.

The nine priority corridors cover different geographic regions in the field of electricity, gas and oil infrastructure. EU support for development in these corridors will connect regions currently isolated from European energy markets, strengthen existing cross-border interconnections, and help integrate renewable energy.

The EU Strategy for Energy System Integration also underlined the need for integrated energy infrastructure planning across energy carriers, infrastructures, and consumption sectors. Such system integration starts from the point of departure of applying the energy efficiency first principle and taking a holistic approach in policy and beyond individual sectors.

Leave a comment ,

Political agreement on new rules to enhance the resilience of critical entities

Agency News, Industry News, Power/Energy/Oil & Gas sector, Telecomms sector, Transport sector

As a key part of the EU's work to build a Security Union, the new rules will strengthen the resilience of critical infrastructure to a range of threats, including natural hazards, terrorist attacks, insider threats, or sabotage, as well as public health emergencies like the recent COVID-19 pandemic.

Against an ever more complex risk landscape, the new Directive replaces the European Critical Infrastructure Directive of 2008. A wider sectoral scope will allow Member States and critical entities to better address interdependencies and potential cascading effects of an incident. Eleven sectors will be covered: energy, transport, banking, financial market infrastructures, health, drinking water, wastewater, digital infrastructure, public administration, space, and food.

Vice-President for Promoting our European Way of Life, Margaritis Schinas, said: “It is essential to shield our economy and our society against physical threats that could disrupt services that are vital for people's daily lives and for the functioning of our internal market. With today's agreement, we are delivering on our commitment to enhance the resilience of critical infrastructure in the EU, complementing the recently strengthened cybersecurity legislation. Together, these new rules form a coherent and robust system to protect our infrastructure online and off”.

Commissioner for Home Affairs, Ylva Johansson, said: “In the light of the current geopolitical situation in Europe, enhancing our resilience is of key importance. The CER Directive will make us better prepared against disruptions that impact the security of our citizens and the prosperity of the internal market, following the lessons learnt from the pandemic and long-term challenges like climate change. The new Directive will ensure the provision of essential services such as energy, transport, water and healthcare while minimising the impact of natural and man-made incidents”.

The proposal introduces new rules to strengthen the resilience of critical entities:

- Member States will need to adopt a national strategy and carry out regular risk assessments to identify entities that are considered critical or vital for the society and the economy.
- Critical entities will need to carry out risk assessments of their own, take technical and organisational measures to enhance their resilience and notify incidents. They will also be able to request background checks on personnel holding sensitive roles.
- Critical entities in the EU, from the sectors covered, providing essential services in six Member States or more, will benefit from extra advice on how best to meet their obligations to assess risks and take resilience-enhancing measures.
- A Critical Entities Resilience Group will facilitate cooperation among Member States and the exchange of information and good practices.
- An enforcement mechanism will help ensure that the rules are followed: Member States will need to ensure that national authorities have the powers and means to conduct on-site inspections of critical entities. Member States will also introduce penalties in case of non-compliance.
- Member States will need to provide support to critical entities in enhancing their resilience with, for instance, guidance material. The Commission will provide complementary support to Member States and critical entities, by developing a Union-level overview of cross-border and cross-sectoral risks, best practices, methodologies, cross-border training activities and exercises to test the resilience of critical entities, among others.

Next steps

The political agreement reached by the European Parliament and the Council is now subject to formal approval by the co-legislators. Once published in the Official Journal, the Directive will enter into force 20 days after publication. Member States will then need to transpose the elements of the Directive into national law within 21 months.

Leave a comment , , , ,

How to map the Cybersecurity Threat Landscape? Follow the ENISA 6-step Methodology

Agency News, Cyber Security CII sector, Industry News

The cybersecurity threat landscape methodology developed by the European Union Agency for Cybersecurity (ENISA) aims at promoting consistent and transparent threat intelligence sharing across the European Union.

With a cyber threat landscape in constant evolution, the need for updated and accurate information on the current situation is growing and this a key element for assessing relevant risks.

This is why ENISA releases today an open and transparent framework to support the development of threat landscapes.

The ENISA methodology aims to provide a baseline for the transparent and systematic delivery of horizontal, thematic and sectorial cybersecurity threat landscapes (CTL) thanks to a systematic and transparent process for data collection and analysis.

Who can benefit from this new methodology?

This new methodology is made available to ENISA’s stakeholders and to other interested parties who wish to generate their own cyber threat landscapes. Adopting and/or adapting the proposed new CTL framework will enhance their ability to build situational awareness, to monitor and to tackle existing and potential threats.

ENISA will also be using this new methodology to deliver an enhanced annual ENISA Threat Landscape (ETL). It will also be used to generate technical or sectorial threat landscapes.

How does the methodology work?

The framework is based on the different elements considered in the performance of the cybersecurity threat landscape analysis. It therefore includes the identification and definition of the process, methods and tools used as well as the stakeholders involved.

Building on the existing modus operandi, this methodology provides directions on the following:

- defining components and contents of each of the different types of CTL;
- assessing the target audience for each type of CTL to be performed;
- how data sources are collected;
- how data is analysed;
- how data is to be disseminated;
- how feedback is to be collected and analysed.

The ENISA methodology consists of six main steps with feedback foreseen and associated to each of these steps:

1. Direction;
2. Collection;
3. Processing;
4. Analysis and production;
5. Dissemination;
6. Feedback

This CTL methodology has been validated by the ENISA ad-hoc working group on the Cybersecurity Threat Landscape (CTL WG). The group consists of European and international experts from both public and private sector entities.

Leave a comment , , , ,

Defense Industrial Base: DOD Should Take Actions to Strengthen Its Risk Mitigation Approach

Agency News, Industry News

A healthy defense industrial base that provides the capacity and capability to produce advanced weapon systems is critical to maintaining U.S. national security objectives. The U.S. industrial base currently consists of over 200,000 companies. Mitigating risks—such as reliance on foreign and single-source suppliers—is essential for DOD to avoid supply disruptions and ensure that the industrial base can meet current and future needs.

Since 2017, the White House has issued executive orders directing DOD and other agencies to assess risks to the defense industrial base and high priority supply chains such as semiconductors.

Congress also directed DOD to develop an analytical framework for mitigating risks and included a provision for GAO to review DOD's efforts. This report assesses (1) DOD's strategy for mitigating industrial base risks, and (2) the extent to which DOD is monitoring and reporting on its progress in mitigating risks. GAO analyzed DOD policies and reports and interviewed DOD officials.

More than 200,000 companies provide supplies, parts, and manufacturing for DOD's weapon systems. Risks to this defense industrial base include materials shortages, reliance on foreign suppliers, and more.

Various DOD offices and the military services monitor such risks and work to mitigate them. However, DOD doesn't have a robust strategy to mitigate risks or track progress department-wide.

Visibility over its department-wide efforts could help DOD determine whether the billions of dollars being spent are paying off. We recommended developing a robust strategy and measuring and reporting on DOD-wide industrial base risk mitigation efforts.

The Department of Defense's (DOD) Industrial Base Policy office does not yet have a consolidated and comprehensive strategy to mitigate risks to the industrial base—the companies that develop and manufacture technologies and weapon systems for DOD. The office is using a combination of four previously issued reports that were created for other requirements because it devoted its resources to completing other priorities. Collectively, the reports do not include several elements GAO has previously identified that would help DOD achieve results, evaluate progress, and ensure accountability.

DOD must update its industrial base strategy following the submission of the next National Security Strategy Report, which is expected to be issued later in 2022. By including all elements in a consolidated strategy, DOD could better ensure that all appropriate organizations are working toward the same priorities, promoting supply chain resiliency, and supporting national security objectives.

DOD is carrying out numerous efforts to mitigate risks to the industrial base. This includes more than $1 billion in reported efforts under Navy submarine and destroyer programs and $125 million to sustain a domestic microelectronics manufacturer. However, DOD has limited insight into the effectiveness of these efforts and how much progress it has made addressing risks. For example:

- The Industrial Base Policy office and military services have not established enterprise-wide performance measures to monitor the aggregate effectiveness of DOD's mitigation efforts.
- DOD's annual Industrial Capabilities Reports do not include information about the progress the department has made in mitigating risks.

GAO's prior work on enterprise risk management establishes that agencies should monitor and report on the status and effectiveness of their risk mitigation efforts. Without key monitoring and reporting information, DOD and Congress do not have sufficient information to help determine whether industrial base risks have been mitigated and what additional resources or actions may be needed.

GAO is making six recommendations, including that DOD develop a consolidated and comprehensive strategy to mitigate industrial base risks; develop and use enterprise-wide performance measures to monitor the aggregate effectiveness of its efforts; and report on its progress in mitigating risks. DOD generally concurred with the recommendations and identified some actions to address them.

Leave a comment , , ,

Coastal Navigation: Authorized Purposes of Marine Structures Can Impact Corps' Maintenance and Repair

Agency News, Industry News, Transport sector, Water sector

The movement of commerce involves the ability of the Corps to provide safe, reliable, efficient, and environmentally sustainable waterborne transportation systems. The agency is tasked with maintaining and repairing coastal navigation structures that are part of harbors and ports. The Corps' activities, including the type and scope of coastal navigation structures that the Corps may construct and maintain, are authorized by Congress. The authorization usually refers to the document or report recommending the project to Congress, which Congress then references in the legislation authorizing the project.

A number of the coastal navigation structures maintained by the Corps were built over a century ago and may no longer be sufficient to meet current conditions and changes in the climate. For example, increased wave and storm intensity in coastal areas threaten the integrity of jetties that shelter harbor basins and entrances from waves. This potentially jeopardizes lives and communities, disrupts commercial navigation traffic, and increases the frequency and cost of needed repairs.

A report accompanying the 2020 Energy and Water Development and Related Agencies Appropriations Bill includes a provision for GAO to review how to increase the Corps' capacity to repair and maintain existing projects before they deteriorate to the point of failure. This report describes what factors, if any, affect the Corps' ability to consider impacts not directly related to navigation when determining which existing coastal navigation structures to maintain and repair.

To address this objective, GAO selected coastal navigation structures at four projects for use as illustrative examples based on input from Corps officials. GAO reviewed legislation and Corps documents to verify statements about the Corps' oversight of the structures, as appropriate. GAO interviewed officials from Corps headquarters, all eight divisions based in the United States, and at least one district from each division (16 districts total). GAO also interviewed nonfederal partners, such as officials from state and local government and organizations representing the navigation industry.

The authorized purpose of coastal navigation structures can impact the U.S. Army Corps of Engineers' (Corps) maintenance and repair decisions. According to Corps officials in headquarters, divisions, and selected districts, the authorizing language for coastal navigation structures in some instances (1) designates navigation as the structures' authorized purpose and (2) can restrict flexibility or adaptive management.

Specifically, the authorizing language directs the Corps to consider navigation benefits and impacts for coastal navigation structures when making repair decisions. Corps officials said that because there is not enough funding to cover all the maintenance and repair needs for these structures in a given year, the agency prioritizes the structures based on navigation-focused criteria—primarily the amount of commercial tonnage. Yet some structures provide economic value even though they may not have the highest commercial tonnage, according to Corps officials. These officials said that they cannot incorporate nonnavigation benefits of structures, such as protection of coastal areas, when making decisions, absent a change to the authorizing language or an additional authorization.

The authorizing language can also restrict the Corps' ability to adapt structures to current conditions. The language can include or reference structure specifications—specific length or height—that do not allow the Corps to make updates to the structures that could better address current or changing conditions, according to Corps officials. The officials told GAO that although the authorizing language for structures varies in terms of the levels of specificity, the language for some structures requires the Corps to use original design specifications that can date back decades when repairing damaged structures when the authorizing language is restrictive. The Corps views repairs that do not adhere to the original specifications as unauthorized. However, these specifications may not reflect current design standards or changes in the conditions affecting the structures since the structures were built. For example, the structures' designs may not be able to address more frequent severe storms and wave action and sea level rise. Flexibility in making decisions on how to maintain and repair coastal navigation structures could better position the Corps to address these changing conditions, according to Corps officials.

Leave a comment , ,

EU-funded project supports stress testing of Tajikistan’s disaster risk management system

Agency News, Health & Social Care, Industry News, Water sector

Experts from the National Platform for Disaster Risk Reduction of Tajikistan, international and local organizations, and representatives of business and academia participated in a stress testing workshop of Tajikistan’s disaster risk management (DRM) system against the most impactful disaster scenarios in the country. The workshop was funded by the European Union (EU) and organized by the United Nations Office for Disaster Risk Reduction (UNDRR) within the joint project on disaster risk reduction in Central Asia.

Tajikistan’s Committee of Emergency Situations & Civil Defense and UNDRR concluded a comprehensive DRM system capacity assessment and planning exercise, which revealed major needs and challenges in the system and suggested a targeted plan of action to strengthen the disaster risk reduction (DRR) policy implementation in the country.

As the next step of the process, the EU-UNDRR project supported the National Platform to conduct a stress test analysis - a scenario-based multi-stakeholder assessment process to evaluate the state of national capabilities to reduce, absorb and transfer disaster risk and develop a targeted action plan to further support the strengthening of the DRM system. During the meeting, participants developed disaster scenarios for Tajikistan based on relevant sources, and prioritized required DRM system capacities against the disaster scenarios.

Over the past years, Tajikistan has made significant progress in increasing its capacity in DRM and in the implementation of the Sendai Framework for Disaster Risk Reduction 2015-2030. As part of the work towards reducing disaster risks, Tajikistan has developed and adopted the National Strategy for Disaster Risk Reduction in 2019, its implementation is guided by the National Platform for DRR. However, the increasing challenges posed by climate change and the rapid change of the global hazard trends may create strong stress for the DRM system of the country.

Leave a comment , ,
1 19 20 21 22 23 57