Category: Industry News

Industry News

ACSC’s Critical Infrastructure Uplift Program (CI-UP) will help to protect Australia’s essential services from cyber threats

Agency News, Cyber Security CII sector, Industry News
The ACSC is calling for ACSC Partners to help pilot the Critical Infrastructure Uplift Program (CI-UP). CI-UP will help protect Australia’s essential services from cyber threats by raising the security levels of critical infrastructure organisations. CI-UP is part of the Australian Signals Directorate’s Cyber Enhanced Situational Awareness and Response (CESAR) package and compliments the Australian Government’s ongoing work to protect critical infrastructure security through proposed amendments to the Security of Critical Infrastructure Act 2018.
CI-UP will build knowledge and expertise for critical infrastructure providers to strengthen their cyber defences. CI-UP has been designed to:
- evaluate critical infrastructure cyber security maturity;
- deliver prioritised vulnerability and risk mitigation recommendations; and
- assist partners to implement the recommended risk mitigation strategies.
Critical infrastructure entities that are ACSC Partners can register their interest via the CI-UP form. Following the pilot, all organisations in the critical infrastructure and systems of national significance sectors, as defined in the Security of Critical Infrastructure Act 2018, can register to participate. If you are not currently an ACSC Partners, and wish to participate in the CI-UP, you will first need to register to become an ACSC Partner through the ACSC Partner Hub.
Leave a comment , ,

NCSC's Early Warning service

Agency News, Cyber Security CII sector, Industry News
Early Warning helps organisations investigate cyber attacks on their network by notifying them of malicious activity that has been detected in information feeds.
Early Warning is a free NCSC service designed to inform your organisation of potential cyber attacks on your network, as soon as possible. The service uses a variety of information feeds from the NCSC, trusted public, commercial and closed sources, which includes several privileged feeds which are not available elsewhere.
Early Warning filters millions of events that the NCSC receives every day and, using the IP and domain names you provide, correlates those which are relevant to your organisation into daily notifications for your nominated contacts via the Early Warning portal.
Organisations will receive the following high level types of alerts:
- Incident Notifications – This is activity that suggests an active compromise of your system.
For example: A host on your network has most likely been infected with a strain of malware.
- Network Abuse Events – This may be indicators that your assets have been associated with malicious or undesirable activity.
For example: A client on your network has been detected scanning the internet.
- Vulnerability and Open Port Alerts – These are indications of vulnerable services running on your network, or potentially undesired applications are exposed to the internet.
For example: You have a vulnerable application, or you have an exposed Elasticsearch service.
Cyber security researchers will often uncover malicious activity on the internet or discover weaknesses in organisations security controls, and release this information in information feeds. In addition, the NCSC or its partners may uncover information that is indicative of a cyber security compromise on a network. The NCSC will collate this information and use this data to alert your organisation about potential attacks on your network.
Full details at www.ncsc.gov.uk/information/early-warning-service
Leave a comment , , ,

Cyber attacks on operational technology increasing

Cyber Security CII sector, Industry News
Ransomware: What board members should know and what they should be asking their technical experts
A recent report by FireEye’s Mandiant looked at attacks on operational technology control processes. Once viewed as complex due to access requirements, there are now many more internet-facing endpoints offering a wider attack surface.
Mandiant noted that attackers are not necessarily sophisticated, nor do they know what they are targeting. Graphical user interfaces have been accessed allowing attackers to modify variables without understanding the process being controlled.
The recent attack on Colonial Pipeline disrupted supply lines causing shortages is just one of a number of attacks against critical infrastructure networks.
Last year, in joint work, the NCSC released information for Critical National Infrastructure (CNI) organisations on effective use of the Security design principles and CISA, in the US, issued a summary of best practices for the security of Industrial Control Systems (ICS).
Leave a comment , ,

UAE regulator puts digital transformation front and centre

Industry News, Telecomms sector
The UAE's Telecommunications and Digital Government Regulatory Authority (TDRA) has taken an important step in advancing the national digital vision.
Formerly the Telecommunications Regulatory Authority (TRA), we formally updated our identity in April 2021.
This means embracing artificial intelligence (AI), smart cities, and a knowledge-based society and economy.
The new logo reflects our new TDRA’s long-term future vision as a key national regulator. It symbolizes cutting-edge communication via the image of fibre-optic cables. At the same time, our regulator’s new name and identity reflects simplicity and aspiration to deliver customer happiness.
Enhancing innovation
As per a recent Global Innovation Institute report, the recently-renamed TDRA ranked among the top three innovative entities in the Middle East. The institute has accredited several innovations that our regulatory authority developed and implemented at the national and international level.
Leadership in the field of information and communication technology (ICT) depends on original ideas and creativity. These are critical elements of the UAE’s National Agenda 2021. Under that plan, the "United in Knowledge" pillar calls for building a diverse, competitive economy, driven by knowledgeable and innovative Emiratis, as the key to the UAE’s successful long-term development.
As a next step, in cooperation with Abu Dhabi Digital Authority (ADDA) and Smart Dubai, we recently issued national guidelines for 'API-first' business and services.
Application Programming Interface (API) is the best way to link multiple customer-service entities from everywhere at any time. The new guidelines will help government and private entities continually update and link their services and smart applications, with close coordination ensuring a better user experience overall.
ICT investment
Other ongoing TDRA initiatives include support for remote working, distance learning, e-commerce, and e-government services across the country. The UAE also aims to enhance the ICT sector and drive digital transformation in developing countries worldwide. The country – represented by TDRA – maintains close cooperation with the International Telecommunication Union (ITU), striving to extend logistical and technical support where needed, align digital strategies with sustainable development, lay the foundation for inclusive economic growth, and foster social happiness.
Digital government will be crucial going forward. Under the guidance of the UAE’s national leadership, TDRA intends to keep working closely with other government agencies and with partners across the ICT industry, aiming to envision, foster and cultivate a sustainable long-term digital transformation.
[Source: ITU]
Leave a comment , ,

What the security industry does now will be judged by the CBRN professionals, the health community and the public

Health & Social Care, Industry News

The CBRN (chemical, biological, radiological or nuclear warfare) sector are mostly made up of academics and professional practitioners that research and consider the above- mentioned threats.
For nature disasters, the governmental related body has their academics and manpower that takes full responsibility for servicing security, medical, the feeding and housing the population because they are paid for it through taxes.

For Biological Threats, the governments for specific reason use the military and police function on a macro level will be involved in managing specific protocols on the ground. However, it is the private security industry which is way larger than the military and police in some countries that will play its part on the ground.

Actually, the two bodies that play an important role is the health community that set protocols (infection testing, social interactions and hygiene) for biological threats and it is the security industry that rolls the health protocols out besides manages the implementation on the ground.

However, the security industry does more. The security industry adds security protocols to the mix because there are issues relating to tools (technology and equipment) that are used, the behaviour of the people and the crime related to the threats, being the threat itself and the outcome of the threat being the economic meltdown.

It is virtually impossible for the military and police to manage the health protocols, investigate the amount of crime and type of new crime in this scenario besides managing the numbers of people involved.

The CBRN community comprehend the fact that there are millions of private security practitioners on the ground that are actually doing the job of taking temperatures, managing the flow of people and ensuring hygiene criteria are met. Therefore, they realize that it is the private security industry (psi) is the largest force on the ground to limit the collateral damage, as it is, the psi that also has the equipment and skilled manpower to do such.

This current mutating biological threat has taught some lessons to some that bothered to be present and relevant, and the flip side, is that some in the security industry that do not realize that they are actually doing biological threat security.

Now based on the recent experiences, the private security industry has researched the issues related to this pandemic and thoroughly investigated specifics taking into consideration various issues.

When 911 happened, the security exhibitions grew huge in size because of two reasons. Firstly, at the same time the IP (Internet Protocol) technology began to display their wares and all technologies ran onto the market with their solutions, be it biometrics, IP access control and IP driven CCTV, etc., which was mostly geared towards counter terror.

When COVID-19 began, once again the manufacturers ran onto the market with thermal imaging technologies which some did not comply with the department of the health criteria. Yes, the health community have got protocols relating to taking the temperature of people and have also explored the criteria for using thermal imaging. Unfortunately, there are brands that do not confirm to the standards out of ignorance to the factual criteria and also there are some that provide misinformation about their capabilities.

But - it is the security industry that went through this scenario before during 911 which brought about laboratories to test brand performance of emerging technologies and equipment. This means that the protocols for managing a biological threat and using technology or equipment must confirm to the health department besides labs that check brand performance.

The health community has set protocols for social distancing but has not realized that the population are not sheep. The security industry knows that the behaviour of people can be extremely aggressive and volatile. Having said such there are security practitioners that themselves have not acknowledged that their team on the ground are on ground zero where the staff are more at risk than medical teams such as nurses or doctors.

In a hospital the medical teams know who is sick and who is not. They then have protocols to dress according to the threat and apply the 'dress-code' using specific protocols. They have been trained in such. On the ground, the security practitioners have no idea of who is sick and who is not sick. They handle people that are shouting and perhaps pushing others around without out any form of medical grade protection or the full complement of protection gear that is used by ICU wards.

The protocols for the managing people in security is by layering specific staff with certain character traits or skillsets to ensure a safe environment for the public and themselves. Security companies that are not using protocols place their client's customers at risk besides their own staff. When customers avoid going to a site, then the client loses revenue. This is not about loss prevention but more so profit protection. Furthermore, new crime and increased numbers of criminals erodes the profits of a site, besides impacting once again the profits of a site.

There is also crime related to the threat that causes issues, such as, theft of oxygen bottles or the reselling of oxygen using old bottles (organized crime, gang crime or entrepreneurial street venders) that could contain black fungus in the tubes or valves that is responsible for a 50 percent mortality rate. Never-the-less the lack of oxygen simply causes ciaos which could increase infection rates because of people fighting over oxygen or mass 'hysterical' riots when people fear that they will not obtain oxygen. The private security industry is involved in all aspects as one can fathom from the above, and the list of high-risk targets and motivations that drive issues are far too numbersome to list in this article.

The CBRN teams may suggest in the future certain steps to take but at the end of the day - it will be the private security industry that will roll it out and manage it on the ground.

If the Security Industry does not stand together and use the same protocols that fit standards and compliance criteria - then it will not be able to limit the level of collateral damage as it should with a mutating biological threat.

When the security industry does take action then it will earn the trust and respect from the CBRN community, the Health Community and the Public at Large.

ISIO |International Security Industry Organization & CAPSI (Central Association of Private Security Industry) representing +7 million practitioners) call on all stakeholders to participate alongside on mission.

Leave a comment , ,

Ransomware: What board members should know and what they should be asking their technical experts

Agency News, Cyber Security CII sector, Industry News
Ransomware is the subject of this spotlight topic for board members, building on the guidance given in the Cyber Security Toolkit for Boards.
The impact of a ransomware attack on an organisation can be devastating. So what should board members be doing to ensure that their organisation is prepared for such a ransomware attack, and in the best possible place to respond quickly ?
This blog, part of the Cyber Security Toolkit for Boards, explains the basics of ransomware, and suggests relevant questions that board members might want to ask their technical experts to help drive greater cyber resilience against these types of attack.
Why should board members concern themselves with ransomware?
Cyber security is a board-level responsibility, and board members should be specifically asking about ransomware as these attacks are becoming both more frequent[1] and more sophisticated.
Ransomware attacks can be massively disruptive to organisations, with victims requiring a significant amount of recovery time to re-enable critical services. These events can also be high profile in nature, with wide public and media interest.
What do board members need to know about ransomware?
Board members don’t need to be able to distinguish their Trickbots and their Ryuks, but knowing the basics of how ransomware works will mean they can have constructive conversations with their technical experts on the subject.
So what do you need to know about ransomware?
- Ransomware is a type of malware that prevents you from accessing your computer (or the data stored on it). Typically, the data is encrypted (so that you can’t use it), but it may also be stolen, or released online.
- Most ransomware we see now is ‘enterprise-wide’. This means it’s not just one user or one machine that is affected but often the whole network. Once they’ve accessed your systems, attackers typically take some time moving around, working out where critical data is saved and how backups are made and stored. Armed with this knowledge the attacker can encrypt the entire network at the most critical moment.
- The attacker will then usually make contact with the victim using an untraceable email address (or an anonymous web page), and demand payment to unlock your computer and/or access your data. Payment is invariably demanded in a cryptocurrency such as Bitcoin and may involve negotiation with the humans behind the ransomware (who have spent time in your organisation’s networks assessing how much you might be willing or able to pay).
- However, even if you do pay the ransom, there is no guarantee that you will get access to your computer, or your files.
- We have also seen cyber criminals threaten to release sensitive data stolen from the network during the attack if the ransom is not paid.
- The government strongly advises against paying ransoms to criminals, including when targeted by ransomware. There are practical reasons for this (see question 4) and also concern that paying ransoms likely encourages cyber criminals to continue such attacks.
Full details at https://www.ncsc.gov.uk/blog-post/what-board-members-should-know-about-ransomware
Leave a comment , , ,

Cybersecurity for U.S. critical infrastructure a ‘national-security imperative'

Cyber Security CII sector, Industry News
Protecting U.S. critical infrastructure from the often-debilitating impacts of cyberattacks is a “national imperative” that will require cooperation between the government and private sector, according to Brian Scott, director of critical-infrastructure cybersecurity for the National Security Council (NSC).
Scott said variety of sources—nation-states, state-sponsored actors and cybercriminals—are responsible for the cyberattacks, and many of the impacts have been significant, as recent events have reinforced. Indeed, more than 18,000 entities were deemed vulnerable during the SolarWinds attacks first announced in December, and a ransomware attack on Colonial Pipeline resulted in the shutdown of more than 11,000 gas stations in the southeast U.S., he said.
“Public and private entities are increasingly under constant, sophisticated, malicious and often-unseen probing and attacks from nation-state adversaries and criminals,” Scott said last week during the “Cyber Defenders” online event hosted by Nextgov. “Today more than ever, cybersecurity is a national-security imperative.
“Adversaries and malicious cyber actors see U.S. government and U.S. commercial networks as particularly rich targets and are aggressively working to compromise them.”
Beyond the SolarWinds and Colonial Pipeline incidents, Scott cited compromises to Microsoft Exchange Servers and Pulse Secure VPNs as examples of the challenges facing public and private U.S. entities in an increasingly treacherous cyber environment.
Meanwhile, ransomware attacks last year generated average demands of more than $100,00, with the top ransom demands exceeding $10 million, Scott. And a 2019 study estimated that data breaches cost the company experiencing one an average of $13 million, as well as significant intellectual-property losses.
Full story: https://urgentcomm.com/2021/06/01/cybersecurity-for-u-s-critical-infrastructure-a-national-security-imperative-nsc-official-says/
Leave a comment , ,

IAEA Tool for Self-Assessment of National Nuclear and Radiation Safety Infrastructure Now Available Online

Agency News, Industry News, Power/Energy/Oil & Gas sector

The IAEA has launched a web-based version of its self-assessment tool — eSARIS — with additional features and advanced functionalities to support Member States in assessing their nuclear and radiation safety framework, to either strengthen the national regulatory infrastructure or in preparation for an IAEA Integrated Regulatory Review Service (IRRS) mission.

“eSARIS allows multiple users across different organizations in a Member State to work together more effectively, as they can view and edit information simultaneously,” said Teodros Hailu, IAEA Radiation Safety Specialist and eSARIS technical officer. “Users can also use charts to monitor their self-assessment progress and the new tool provides the opportunity of tracking changes made to information provided.”

eSARIS is a new version of the IAEA Self-Assessment of Regulatory Infrastructure for Safety (SARIS). SARIS was originally launched in 2013 and is regularly updated in line with the development of IAEA safety requirements. eSARIS now provides users with easy and secure online access, and acts as a shared online platform for all users within a country.

The SARIS methodology, used by staff of regulatory bodies, technical services provider organizations, facilities using radiation sources and government entities, is based on a structure of questions that promotes the objective evaluation of current safety framework, processes and related activities, and enables Member States to devise a continuous improvement plan for their national safety infrastructure.

Conducting self-assessment using SARIS is a preparatory requirement for IAEA Integrated Regulatory Review Service (IRRS) missions, a peer review service of regulatory framework for Member States to strengthen and enhance the effectiveness of their regulatory infrastructure.

User-friendly features

The new eSARIS was developed in response to feedback from Member States and allows regulatory bodies to modify the scope of their self-assessment. Since it is accessed via the IAEA Nucleus system, existing Nucleus account holders will benefit from single sign-on, while eSARIS also guarantees users a high level of restricted access and security.

Isabel Villanueva Delgado, Head of the General Secretary’s Cabinet at the Spanish Nuclear Safety Council (CSN), who was involved in the development stage of the tool, said: “eSARIS systematically guides on how to implement the self-assessment plan; organize roles and responsibilities; develop an action plan for improvement in line with updated IAEA safety standards; and create a repository of information and evidence, which could prove beneficial in the short and long term.”

Richard Ndi Samba, Director of Regulation and Regulatory Control at the National Radiation Protection Agency (NRPA) in Cameroon and also involved in the development process, added that “the updated tool provides an easy interface to communicate with IAEA technical officers, which allows country counterparts to quickly identify areas of performance improvement.”

eSARIS also includes other components, such as the Integrated Review of Infrastructure for Safety (IRIS) tool, which provides for a comprehensive and targeted self-assessment in line with the IAEA Specific Safety Guide SSG-16 (Rev. 1) on the establishment of a national safety infrastructure for a nuclear power programme.

Leave a comment ,

Recommendations for measures to prevent hospital fires

Health & Social Care, Industry News

The European Commission’s Joint Research Centre (JRC) issued a series of recommendations to help prevent the hospital fires associated with medical oxygen needed for Covid-19 severely ill patients, from electrical maintenance to administrative measures and largely spread training and guidance on prevention and risk management strategies for oxygen hazards.

Since the outbreak of the pandemic in March 2020, at least 36 incidents of hospital fires associated with intense oxygen use have been found to have occurred in various countries around the world, causing the deaths of over 200 people and injuring many more.

The majority of the dead and injured were patients extremely ill with the novel Coronavirus and others were their health care providers. Most deaths resulted directly from the fire but there were also several deaths from patients deprived of oxygen because of the event.

In comparison, up until 2020, the media shows an average of just over one such event per year since 2011.

According to the JRC recommendations, the strategies to prevent and mitigate the fire risk in intensive care units should evolve around three main elements:

• Guidance on oxygen therapy for Covid-19 and other diseases needs to identify specific prevention measures that can reduce the risk of oxygen-enriched environments in these settings;

• All hospitals should establish a risk management strategy for oxygen hazards led by hospital management, involving all staff, including healthcare workers, maintenance, housekeeping and administration;

• As part of this policy, all hospitals should track the number of patients having medical gas treatment and, when elevated, an appropriate fire risk management policy should be applied.

The hospitals should use as examples strategies developed for chemical process safety to manage flammable and explosive atmospheres. The management procedures should involve medical and non-medical staff, and prevention and emergency preparedness should take into account potential intensive care unit fires.

Leave a comment , , , ,

FS-ISAC Report Finds Cybercriminals and Nation-State Actors Converging, Increasing Cross-Border and Supply Chain Attacks

Cyber Security CII sector, Industry News
FS-ISAC, the only global cyber intelligence sharing community solely focused on financial services, announced today the findings of its latest report, which found that wittingly or otherwise, nation-states and cyber criminals are leveraging each other’s tools and tactics, leading to an increase in cross-border attacks targeting financial services suppliers.
The pandemic has accelerated digitization, connectivity, and the sector’s interdependence, as demonstrated by recent supply chain incidents. Increasingly, the financial sector needs a trusted conduit of real-time cyber information between institutions and third-parties.
"FS-ISAC was the logical host for us to brief the financial services sector to reach a critical mass of institutions around the world all at once," said Jonathan Yaron, CEO of Accellion. "This way, we could ensure that the industry received critical and correct information via a trusted source, enabling it to act quickly to mitigate the impact of the incident."
“Organizations properly practicing defense-in-depth with multi-layered controls are still vulnerable to large-scale and even systemic issues through third party suppliers,” said J.R. Manes, Global Head of Cyber Intelligence at HSBC. “The FS-ISAC community provides its members the visibility into emerging threats that could impact customers and business, even when they are not directly exposed. Ensuring and encouraging the sharing of cyber threat intelligence is a vital part of the defense of not only the financial sector, but the whole business ecosystem that runs on top of the Internet.”
FS-ISAC’s report outlines today’s top threats:
- Convergence of nation-states and cyber criminals: Nation-state actors are leveraging the skills and tools of cyber criminals, either knowingly or not, to enhance their own capabilities.
- Third-party risk on an upward trend: Suppliers to financial firms will continue to be lucrative targets for threat actors, as shown by three highly visible incidents in the last two quarters.
- Cross-border attacks will increase: Cyber criminals test their attack in one country before hitting multiple continents and sub-verticals, as shown by a DDoS extortion campaign targeting ~100 financial institutions in months.
“Trying to outpace evolving cyber threats diverts resources from a financial firm’s core business,” said Steve Silberstein, FS-ISAC CEO. “As the global fincyber utility, FS-ISAC enables industry-wide cross-border sharing to pool resources, expertise, and capabilities to manage cyber risks and incident response.”
Report Methodology
The Navigating Cyber 2021 report is derived from FS-ISAC’s rigorous threat intelligence monitoring maintained by its intelligence operations team. The intelligence is sourced from FS-ISAC's thousands of member financial firms in more than 70 countries and further augmented by analysis by the Global Intelligence Office. Multiple streams of intelligence were leveraged for the curation of the round-up, which examined data across a one year period from January 2020 to January 2021.
Leave a comment , , ,
1 26 27 28 29 30 50