Category: Industry News

Industry News

Compromise of U.S. Water Treatment Facility

Agency News, Cyber Security CII sector, Industry News, Water sector
On February 5, 2021, unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment facility. The unidentified actors used the SCADA system’s software to increase the amount of sodium hydroxide, also known as lye, a caustic chemical, as part of the water treatment process. Water treatment plant personnel immediately noticed the change in dosing amounts and corrected the issue before the SCADA system’s software detected the manipulation and alarmed due to the unauthorized change. As a result, the water treatment process remained unaffected and continued to operate as normal. The cyber actors likely accessed the system by exploiting cybersecurity weaknesses, including poor password security, and an outdated operating system. Early information indicates it is possible that a desktop sharing software, such as TeamViewer, may have been used to gain unauthorized access to the system, although this cannot be confirmed at present date. Onsite response to the incident included Pinellas County Sheriff Office (PCSO), U.S. Secret Service (USSS), and the Federal Bureau of Investigation (FBI).
The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the Environmental Protection Agency (EPA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have observed cyber criminals targeting and exploiting desktop sharing software and computer networks running operating systems with end of life status to gain unauthorized access to systems. Desktop sharing software, which has multiple legitimate uses—such as enabling telework, remote technical support, and file transfers—can also be exploited through malicious actors’ use of social engineering tactics and other illicit measures. Windows 7 will become more susceptible to exploitation due to lack of security updates and the discovery of new vulnerabilities. Microsoft and other industry professionals strongly recommend upgrading computer systems to an actively supported operating system. Continuing to use any operating system within an enterprise beyond the end of life status may provide cyber criminals access into computer systems.
Click here for a PDF version of this report.
Technical Details
Desktop Sharing Software
The FBI, CISA, EPA, and MS-ISAC have observed corrupt insiders and outside cyber actors using desktop sharing software to victimize targets in a range of organizations, including those in the critical infrastructure sectors. In addition to adjusting system operations, cyber actors also use the following techniques:
- Use access granted by desktop sharing software to perform fraudulent wire transfers.
- Inject malicious code that allows the cyber actors to
 - Hide desktop sharing software windows,
 - Protect malicious files from being detected, and
 - Control desktop sharing software startup parameters to obfuscate their activity.
- Move laterally across a network to increase the scope of activity.
TeamViewer, a desktop sharing software, is a legitimate popular tool that has been exploited by cyber actors engaged in targeted social engineering attacks, as well as large scale, indiscriminate phishing campaigns. Desktop sharing software can also be used by employees with vindictive and/or larcenous motivations against employers.
Beyond its legitimate uses, when proper security measures aren’t followed, remote access tools may be used to exercise remote control over computer systems and drop files onto victim computers, making it functionally similar to Remote Access Trojans (RATs). TeamViewer’s legitimate use, however, makes anomalous activity less suspicious to end users and system administrators compared to RATs.
Windows 7 End of Life
On January 14, 2020, Microsoft ended support for the Windows 7 operating system, which includes security updates and technical support unless certain customers purchased an Extended Security Update (ESU) plan. The ESU plan is paid per-device and available for Windows 7 Professional and Enterprise versions, with an increasing price the longer a customer continues use. Microsoft will only offer the ESU plan until January 2023. Continued use of Windows 7 increases the risk of cyber actor exploitation of a computer system.
Cyber actors continue to find entry points into legacy Windows operating systems and leverage Remote Desktop Protocol (RDP) exploits. Microsoft released an emergency patch for its older operating systems, including Windows 7, after an information security researcher discovered an RDP vulnerability in May 2019. Since the end of July 2019, malicious RDP activity has increased with the development of a working commercial exploit for the vulnerability. Cyber actors often use misconfigured or improperly secured RDP access controls to conduct cyberattacks. The xDedic Marketplace, taken down by law enforcement in 2019, flourished by compromising RDP vulnerabilities around the world.
Mitigations
General Recommendations
The following cyber hygiene measures may help protect against the aforementioned scheme:
- Update to the latest version of the operating system (e.g., Windows 10).
- Use multiple-factor authentication.
- Use strong passwords to protect Remote Desktop Protocol (RDP) credentials.
- Ensure anti-virus, spam filters, and firewalls are up to date, properly configured, and secure.
- Audit network configurations and isolate computer systems that cannot be updated.
- Audit your network for systems using RDP, closing unused RDP ports, applying multiple-factor authentication wherever possible, and logging RDP login attempts.
- Audit logs for all remote connection protocols.
- Train users to identify and report attempts at social engineering.
- Identify and suspend access of users exhibiting unusual activity.
Water and Wastewater Systems Security Recommendations
The following physical security measures serve as additional protective measures:
- Install independent cyber-physical safety systems. These are systems that physically prevent dangerous conditions from occurring if the control system is compromised by a threat actor.
- Examples of cyber-physical safety system controls include:
 - Size of the chemical pump
 - Size of the chemical reservoir
 - Gearing on valves
 - Pressure switches, etc.
The benefit of these types of controls in the water sector is that smaller systems, with limited cybersecurity capability, can assess their system from a worst-case scenario. The operators can take physical steps to limit the damage. If, for example, cyber actors gain control of a sodium hydroxide pump, they will be unable to raise the pH to dangerous levels.
Remote Control Software Recommendations
For a more secured implementation of TeamViewer software:
- Do not use unattended access features, such as “Start TeamViewer with Windows” and “Grant easy access.”
- Configure TeamViewer service to “manual start,” so that the application and associated background services are stopped when not in use.
- Set random passwords to generate 10-character alphanumeric passwords.
- If using personal passwords, utilize complex rotating passwords of varying lengths. Note: TeamViewer allows users to change connection passwords for each new session. If an end user chooses this option, never save connection passwords as an option as they can be leveraged for persistence.
- When configuring access control for a host, utilize custom settings to tier the access a remote party may attempt to acquire.
- Require remote party to receive confirmation from the host to gain any access other than “view only.” Doing so will ensure that, if an unauthorized party is able to connect via TeamViewer, they will only see a locked screen and will not have keyboard control.
- Utilize the ‘Block and Allow’ list which enables a user to control which other organizational users of TeamViewer may request access to the system. This list can also be used to block users suspected of unauthorized access.
Leave a comment , , ,

Regulating for resilience: Reigniting ICT markets and economies post-COVID-19

Agency News, Cyber Security CII sector, Industry News
As the COVID-19 pandemic continues its relentless spread, governments, regulators, academics, and the global information and communication technology (ICT) community keep rethinking policy and regulatory frameworks to mitigate the effects of the crisis and chart a way out of it.
The 7th Economic Experts Roundtable convened by ITU provided a platform to generate ideas and solutions to render ICT markets an even more important contributor to social and economic resilience in the face of COVID-19.
The current crisis has brought new challenges to the ICT sector. Regulatory frameworks need to be adjusted to stimulate investment while maintaining a moderate level of competition. Markets and consumer benefits are now examined by decision-makers through the lens of financial adversity and uncertain outlooks.
Amid disruption, policy-makers and regulators need evidence-based guidance that provides a solid ground for their reforms.
A new study released at the Roundtable provides fresh insights backed by authoritative data on the evolution of ICT regulation since 2007, the ICT Regulatory Tracker, and a global dataset on ICT markets economics.
The study shows that ICT regulation has had a measurable impact on the growth of global ICT markets over the past decade.
The analysis uses econometric modelling to pinpoint the impact of the regulatory and institutional frameworks on the performance of the ICT sector and its contribution to national economies.
It provides policy-makers and regulators with evidence to advance regulatory reform and address the challenges and gaps in current regulatory frameworks for digital services and applications.
Upgrading regulatory frameworks: What matters?
The new analysis points to regulatory features that can have a multiplier effect on ICT markets and consumer benefits.
• ICT regulation is positively linked with increases in telecommunication investment. An improvement of 10 per cent in the maturity of national ICT regulatory frameworks is associated with an increase of fixed and mobile investment of over 7 per cent. For this to happen, a country needs a separate, autonomous ICT regulator with a broad mandate, promoting competition and adopting best regulatory practices in ICT licencing, service quality monitoring, and spectrum sharing.
• Tax cuts are associated with a significant boost in capital investment, as they increase available financial resources for network deployment. Reducing profit tax by half leads to an increase of fixed and mobile investment of nearly 14 per cent.
• Streamlining government administrative processes is linked to a significant increase in capital investment, highlighting the importance of minimizing time to obtain network deployment permits, handling municipal network construction requirements, and reducing red tape costs. Slashing administrative processing times by half is linked to an increase in fixed and mobile investment of 17 per cent.
A regulatory power boost for mobile
For the mobile sector, open and collaborative regulatory policies appear to have a strong positive impact on investment. In turn, more investment triggers coverage gains and lower consumer prices, boosts ICT adoption and generates growth in national economies around two years after policy adoption.
• A digital agenda is crucial to accelerating innovation and boosting investment. The introduction of a national broadband plan with a strong implementation framework and leadership increases mobile investment and network coverage by some 15 per cent.
• Converged licensing frameworks maximize the financial returns of investments as they provide a flexible policy approach adapted to technological advances. Such frameworks are associated with a 10 per cent increase in mobile investment and network coverage.
• Allowing voluntary spectrum sharing agreements, thereby helping operators to maximize the opportunities to make investments profitable, creates strong incentives for network deployment. Such collaborative regulatory regimes see an 18 per cent increase in mobile investment and network coverage, and price reduction by close to 10 per cent compared to countries where this is not allowed.
• Openness to foreign operators increases access to capital for network development and modernization and enables technology and know-how transfer. An open mobile market can stimulate capital investment with increases of 14 per cent along with network coverage.
Policy-makers are encouraged to use this report as an evidence base underpinned by a deeper understanding of the linkages between regulatory and institutional contexts and ICT market outcomes, and of which policies can lead markets, consumers, and economies out of the current crisis.
[Source: ITU]
Leave a comment , ,

GCHQ and NSA Celebrate 75 Years of Partnership

Agency News, Cyber Security CII sector, Industry News
The United Kingdom Government Communications Headquarters (GCHQ) and the United States National Security Agency (NSA) commemorate their partnership to share intelligence. These intelligence agencies have worked together for nearly a century to strengthen national security. March 5, 2021 marks the 75th anniversary of the formalized agreement to share information between the two agencies as much as possible, with minimal restrictions.
The British USA (BRUSA) Communications Intelligence (COMINT) Agreement, signed on March 5, 1946, was the original document that formalized the relationship. The agreement emerged from U.K. and U.S. specialists recognizing the beneficial results of intelligence sharing during World War II. The BRUSA Agreement was updated and expanded to become the UKUSA Agreement in 1955. This groundbreaking document created the policies and procedures for U.K. and U.S. intelligence professionals for sharing communication, translation, analysis, and code breaking information.
GCHQ and NSA personnel have worked together to address threats across all domains. The diversity of our experts provides better outcomes in analysis and innovative approaches to form solutions.
The UKUSA Agreement became the foundation for our intelligence alliances with Australia, Canada, and New Zealand. When the challenge is global, working with partners around the world is essential. This extraordinary trust and collaboration brings a strategic advantage in our nations’ safety.
The 75th anniversary of the UKUSA Agreement marks the passage of a historic and lasting relationship which enhances the resilience of our nations’ defenses and security of our future.
Leave a comment , ,

Improved Performance Planning Could Strengthen Technology Transfer

Agency News, Industry News, Power/Energy/Oil & Gas sector, Transport sector
A Department of Energy national lab developed a battery that now powers some hybrid and electric cars. But how do new energy technologies get from the lab to the market?
Transferring technologies from the DOE to private companies isn't always easy. Barriers such as the "valley of death"—a gap between the end of public funding and the start of private funding—can stop a transfer.
The Department of Energy (DOE) and its national labs have taken several steps to address potential barriers to technology transfer—the process of providing DOE technologies, knowledge, or expertise to other entities. GAO characterized these barriers as (1) gaps in funding, (2) legal and administrative barriers, and (3) lack of alignment between DOE research and industry needs. For example, the “valley of death” is a gap between the end of public funding and start of private-sector funding. DOE partly addresses this gap with its Technology Commercialization Fund, which provides grants of $100,000 to $1.5 million to DOE researchers to advance promising technologies with private-sector partners. Further, DOE's Energy I-Corps program trains researchers to commercialize new technologies and to identify industry needs and potential customers. However, DOE has not assessed how many and which types of researchers would benefit from such training. Without doing so, DOE will not have the information needed to ensure its training resources target the researchers who would benefit most.
DOE plans and tracks the performance of its technology transfer activities by setting strategic goals and objectives and annually collecting department-wide technology transfer measures, such as the number of patented inventions and licenses. However, the department does not have objective and measurable performance goals to assess progress toward the broader strategic goals and objectives it developed. For example, without a performance goal for the number of DOE researchers involved in technology transfer activities and a measure of such involvement, DOE cannot assess the extent to which it has met its objective to encourage national laboratory personnel to pursue technology transfer activities. Internal control standards for government agencies call for management to define objectives in measurable terms, either qualitative or quantitative, so that performance toward those objectives can be assessed. Moreover, DOE has not aligned the 79 existing measures that it collects with its goals and objectives, nor has it prioritized them. Some lab stakeholders said that collecting and reporting these measures is burdensome. Prior GAO work has found that having a large number of performance measures may risk creating a confusing excess of data that will obscure rather than clarify performance issues.
Leave a comment , , ,

NYU Tandon’s Index of Cyber Security sees rapid rise in nation-state concerns

Cyber Security CII sector, Industry News
The recent Solar Winds attack confirms fears from cybersecurity experts that threats from nation-states are on the rise.
Cybersecurity experts across the world reported a 5% rise in nation-state and targeted counterparty hacking concerns in December, according to an index issued by a research team from the NYU Center for Cybersecurity (CCS) at the New York University Tandon School of Engineering. This rise appears to correlate closely with the recent “sunburst” attack on national and business infrastructure via SolarWinds’ Orion business software updates.
The Index of Cyber Security, which is updated monthly at the NYU CCS website, collects sentiment estimates via direct polling of practicing security experts around the world on cybersecurity threat-related issues. The index has operated since 2008, with CCS curating and hosting the research project for two years.
“When we saw this rise, we immediately connected it to the recent massive third-party software attack involving SolarWinds,” said NYU Tandon Distinguished Research Professor Edward Amoroso, who leads the ICS research team. “The experts who provide data for our index clearly saw this threat as increasing in intensity.”
An additional risk indicator that rose during the month was a shift toward cyberattacks being specifically aimed at counterparties. “This increased targeting of designated counterparties, versus devices, systems, or other non-human actors, is consistent with the motivation inherent in most nation-state campaigns,” said Amoroso.
The sentiment index is based on observational factors such as unpatched servers, unsatisfactory audit findings, and average time to respond to an incident. Amoroso’s academic research group at NYU Tandon’s Department of Computer Science and Engineering collaborates with TAG Cyber LLC, which supports information technology functions.
Leave a comment , ,

INTERPOL report charts top cyberthreats in Southeast Asia

Agency News, Cyber Security CII sector, Industry News
An INTERPOL report has highlighted the key cybercrime trends and threats confronting the Association of Southeast Asian Nations (ASEAN) region.
INTERPOL’s ASEAN Cyberthreat Assessment 2021 report outlines how cybercrime’s upward trend is set to rise exponentially, with highly organized cybercriminals sharing resources and expertise to their advantage.
It provides strategies for tackling cyberthreats against the context of the pandemic which has seen more people going online using mostly unprotected mobile devices, creating a surge in cybercriminal activities profiting from the theft of personal information and credentials.
The report further describes the essential collaboration on intelligence sharing and expertise between law enforcement agencies and the private sector, facilitated by INTERPOL’s global network.
The INTERPOL’s ASEAN Cybercrime Operations Desk (ASEAN Desk) with the support from law enforcement agencies in the region and INTERPOL’s private sector cybersecurity partners identify the region’s top cyberthreats:
- Business E-mail Compromise campaigns continue to top the chart with businesses suffering major losses, as it is a high-return investment with low cost and risk.
- Phishing. Cybercriminals are exploiting the widespread use of global communications on information related to COVID-19 to deceive unsuspecting victims.
- Ransomware. Cybercrime targeting hospitals, medical centers and public institutions for ransomware attacks has increased rapidly as cybercriminals believe they have a higher chance of success given the medical crisis in many countries.
- E-commerce data interception poses an emerging and imminent threat to online shoppers, undermining trust in online payment systems.
- Crimeware-as-a-Service puts cybercriminal tools and services in the hands of a wider range of threat actors – even non-technical ones, to the extent that anyone can become a cybercriminal with minimal ‘investment’.
- Cyber Scams. With the increase of online transactions and more people working from home, cybercriminals have revised their online scams and phishing schemes, even impersonating government and health authorities to lure victims into providing their personal information and downloading malicious content.
- Cryptojacking continues to be on the radar of cybercriminals as the value of cryptocurrencies increases.
“Cybercrime is constantly evolving. The COVID-19 pandemic has accelerated digital transformation, which has opened new opportunities for cybercriminals,” said Craig Jones, INTERPOL’s Director of Cybercrime.
“Through this report, INTERPOL strives to support member countries in the ASEAN region to take a targeted response against ever-evolving cybercrime threats to protect their digital economies and communities,” added Mr Jones.
Under the mandate of reducing the global impact of cybercrime and protecting communities, the INTERPOL Regional Cybercrime Strategy for ASEAN sets out INTERPOL’s key priorities and principles against cybercrime in the region.
Delivered through INTERPOL’s ASEAN Desk and ASEAN Cyber Capacity Development Project, the strategy is underpinned by four pillars: enhancing cybercrime intelligence for effective responses to cybercrime; strengthening cooperation for joint operations against cybercrime; developing regional capacity and capabilities to combat cybercrime; and promoting good cyber hygiene for a safer cyberspace.
Leave a comment , , ,

Digital transformation in Europe: 3 key regulatory priorities for 2021

Cyber Security CII sector, Industry News
“Europe's mix of enabling regulatory environments, robust connectivity infrastructure and the lively ecosystem of digital technology providers is fuelling the Region's transformation and has proven critical in the resilience during the COVID 19 pandemic,” remarked Doreen Bogdan-Martin, Director of the Telecommunication Development Bureau at ITU, as she welcomed participants of the ITU Regional Regulatory Forum for Europe on Regulation supporting digital transformation.
Held virtually in 2020, the Regional Regulatory Forum (RRF) is one of several milestones of the ITU Regional Initiative for Europe on Broadband infrastructure, broadcasting and spectrum management.
Organized with the support of the Agency for Electronic Communications and Postal Services (EKIP) of Montenegro, the Forum was opened by Vladan Djukanovic, EKIP Board Member, who highlighted the dependency which all sectors of economies now have on information and communication technology (ICT) infrastructure and services, exacerbated by the COVID-19 pandemic. This dependency requires a strategic approach to connectivity.
3 key priorities for 2021
Beyond recognizing the work of the ITU on the REG4COVID platform and other activities related to policy and regulation, representatives attending the RRF agreed on the following three key strategic priorities for 2021:
- carrying out an assessment of regulatory measures undertaken in the context of COVID-19, including the capacity of internal networks and interconnection with other regions,
- accelerating broadband development to bridge the digital divide, especially in terms of coverage, and
- strengthening international cooperation in the field of regulation.
Sofie Maddens, Head of the BDT’s Regulatory and Market Environment Division, shared an insightful reminder of the changing role of regulation and the need for authorities to adapt their toolbox to ensure actions are fit for purpose and following ITU’s gold standard on “collaborative regulation”, the benchmark of fifth generation (G5) regulation.
Unlocking investment in connectivity
The role of data in supporting the deployment of broadband is a fundamental aspect of digital transformation and regulation. By informing more accurate ‘snapshots’ of markets, data facilitates the design and creation of the regulatory incentives needed to deploy networks efficiently.
During the Forum, ITU, the European Commission, BEREC, the European Investment Bank, the World Bank and UNICEF all presented data-driven approaches to smart decision making to create an enabling environment that unlocks the private investments needed to attain connectivity targets, such as the EU Gigabit Society targets of delivering 100 Mbps to all households by 2025.
Member States also shared their experiences in broadband mapping as a tool to accelerate broadband deployment using infrastructure, service and investment data gathered from network operators. National Regulatory Authorities (NRAs) from Poland, Portugal, Slovenia, Germany, and Lithuania, which have relatively advanced systems encompassing thousands of operators, other network operators (such as utilities), building companies, local and regional administrations, demonstrated how these platforms can enhance collaboration among various stakeholders and support the allocation of public funding leading to fruitful results.
NRAs from non-EU countries such as Albania, Georgia, Montenegro, North Macedonia, and Serbia also presented their systems, and outlined their efforts towards unlocking investment whilst protecting competition. Given that the potential for improvements in broadband deployment is greater here than in EU countries, the need to allocate additional resources into mapping systems as fundamental enablers was noted.
Despite the recent progress in many non-EU countries taking steps towards harmonization with EU standards, many challenges remain, ranging from the high fixed and operational costs of setting up mapping systems to human capacity building within administrations, but also across operators.
Realizing untapped potential
While the EU regulatory framework for broadband mapping will undergo considerable revisions in 2021, non-EU countries, particularly in South Eastern Europe, have the potential monitor this process closely and leapfrog, establishing state of the art systems.
The background paper Broadband Mapping Systems in Europe and Regional Harmonization Initiatives focuses on the regulation underpinning broadband mapping systems, which are now essential tools for NRAs to allocate public funding efficiently and fostering cross-sector collaboration and investment whilst protecting competition. The paper traces the development of the European Union’s regulatory framework, its most recent and future developments, the actions undertaken by the European Commission and Member States in the field and, finally, looks at eight countries in South Eastern Europe.
I invite all stakeholders to join ITU’s workstreams dedicated to broadband development and regulation and to learn more from the Regional Regulatory Forum’s draft Outcome Report. I also invite you to engage with us on this topic and keep an eye on related activities for 2021 until we can hopefully meet again in person next September in Budva, Montenegro, as it is tradition for ITU Regulatory Forums for Europe.
[Source: ITU]
Leave a comment , ,

Why effective disaster management needs responsible AI

Cyber Security CII sector, Industry News, Telecomms sector
The use of artificial intelligence holds promise in helping avert, mitigate and manage disasters by analyzing swaths of data, but more efforts are required to ensure that technologies are deployed in a responsible, equitable manner.
According to UNDDR, about 1.2 million lives have been lost worldwide and more than 4 billion people affected in disasters that took place between 2000 and 2019.
Faster data labelling
Cameron Birge, Senior Program Manager Humanitarian Partnerships at Microsoft, says their work in using AI for humanitarian missions has been human-centric. "Our approach has been about helping the humans, the humans stay in the loop, do their jobs better, faster and more efficiently," he noted.
One of their projects in India uses roofing as a proxy indicator of households with lower incomes who are likely to be more vulnerable to extreme events like typhoons. Satellite imagery analysis of roofs are used to inform disaster response and resilience-building plans. A simple yet rewarding avenue of using AI has been around data labelling to train AI models to assist disaster management.
One challenge, he noted, has been around "unbiased, good, clean, trusted data". He also encouraged humanitarian organizations to understand their responsibilities when making use of AI models to support decision-making. "You have to ensure you sustain, train and monitor these models," he advised. Microsoft also wants to promote more sharing of data with its 'Open Data' campaign.
Precise decision support
AI is becoming increasingly important to the work of the World Meteorological Organization (WMO). Supercomputers crunch petabytes of data to forecast weather around the world. The WMO also coordinates a global programme of surface-based and satellite observations. Their models merge data from more than 30 satellite sensors, weather stations and ocean-observing platforms all over the planet, explained Anthony Rea, Director of the Infrastructure Department at WMO.
AI can help interpret resulting data and help with decision support for forecasters who receive an overwhelming amount of data, said Rea. "We can use AI to recognize where there might be a severe event or a risk of it happening, and use that in a decision support mechanism to make the forecaster more efficient and maybe allow them to pick up things that couldn't otherwise be picked up."
Understanding the potential impact of extreme weather events on an individual or a community and assessing their vulnerability requires extra information on the built environment, population, and health.
"We need to understand where AI and machine learning can help and where we are better off taking the approach of a physical model. There are many examples of that case as well. Data curation is really important," he added.
WMO also sets the standards for international weather data exchange, including factors such as identifying the data, formats, and ontologies. While advocating for the availability of data, Rea also highlighted the need to be mindful of privacy and ethical considerations when dealing with personal data. WMO is revising its own data policies ahead of its Congress later this year, committing to free and open exchange of data beyond the meteorological community.
'Not a magic bullet'
Rea believes that AI cannot replace the models built on physical understanding and decades of research into interactions between the atmosphere and oceans. "One of the things we need to guard against in the use of AI is to think of it as a magic bullet," he cautioned.
Instead of vertically integrating a specific dataset and using AI to generate forecasts, Rea sees a lot of promise in bringing together different datasets in a physical model to generate forecast information. "We use machine learning and AI in situations where maybe we don't understand the underlying relationships. There are plenty of places in our area of science and service delivery where that is possible."
Rakesh Bharania, Director of Humanitarian Impact Data at Salesforce.org, also sees the potential of artificial or augmented intelligence in decision support and areas where a lot of contextual knowledge is not required. "If you have a lot of data about a particular problem, then AI is certainly arguably much better than having humans going through that same mountain of data. AI can do very well in answering questions where there is a clear, right answer," he said.
One challenge in the humanitarian field, Bharania noted, is scaling a solution from a proof of concept to something mature, usable, and relevant. He also cautioned that data used for prediction is not objective and can impact results.
"It's going to be a collaboration between the private sector who typically are the technology experts and the humanitarians who have the mission to come together and actually focus on determining what the right applications are, and to do so in an ethical and effective and impactful manner," he said. Networks such as NetHope and Impactcloud are trying to build that space of cross-sectoral collaboration, he added.
Towards 'white box AI’
Yasunori Mochizuki, NEC Fellow at NEC Corporation, recalled how local governments in Japan relied on social networks and crowd-behaviour analyses for real-time decision-making in the aftermath of 2011’s Great East Japan Earthquake and resulting tsunami.
Their solution analyzed tweets to extract information and identify areas with heavy damage and need for immediate rescue, and integrated it with information provided by public agencies. "Tweets are challenging for computers to understand as the context is heavily compressed and expression varies from one user to another. It is for this reason that the most advanced class of natural language processing AI in the disaster domain was developed," Mochizuki explained.
Mochizuki sees the need for AI solutions in disaster risk reduction to provide management-oriented support, such as optimizing logistics and recovery tasks. This requires “white box AI” he said, also known as ‘explainable AI’. "While typical deep learning technology doesn't tell us why a certain result was obtained, white box AI gives not only the prediction and recommendation, but also the set of quantitative reasons why AI reached the given conclusion," he said.
Webinar host and moderator Muralee Thummarukudy, Operations Manager, Crisis Management Branch at the United Nations Environment Programme (UNEP), also acknowledged the value of explainable AI. "It will be increasingly important that AI is able to explain the decisions transparently so that those who use or are subject to the outcome of these black box technologies would know why those decisions were taken," he said.
[Source: ITU]
Leave a comment , ,

Forests with diverse tree sizes and small clearings hinder wildland fire growth

Industry News, Power/Energy/Oil & Gas sector
Novel 3D computational study links observable forest characteristics with fire behavior and reveals how forest structure propagates fire
A new 3D analysis shows that wildland fires flare up in forests populated by similar-sized trees or checkerboarded by large clearings and slow down where trees are more varied. The research can help fire managers better understand the physics and dynamics of fire to improve fire-behavior forecasts.
“We knew fuel arrangement affected fire but we didn’t know how,” said Adam Atchley, lead author on a Los Alamos National Laboratory-led study published today in the International Journal of Wildland Fire. “Traditional models that represent simplified fuel structures can’t account for complex wind and varied fire response to actual forest conditions. Our study incorporated a varied, 3D forest and wind behavior. Adding diverse tree sizes and shapes slowed fire quite a bit, as did adding small gaps between trees. By examining the physics of fire-fuel behavior, we are able to see fundamentally how forest structure affects behavior.”
The study for the first time links generalized forest characteristics that can be easily observed by remote sensing and modeled by machine learning to provide insight into fire behavior, even in large forested areas.
Understanding how wildland fire behaves is necessary to curb its spread, and also to plan safe, effective prescribed burns. However, data is limited, and most studies are too simplistic to accurately predict fire behavior. To predict how fire will move through a forest, it is necessary to first paint an accurate picture of a typical forest’s diversity with varying density, shapes, and sizes of trees. But this is computationally expensive, so most studies target homogenous forests that rarely occur in nature.
Using its award-winning model, FIRETEC, on high-performance computers at Los Alamos, the team ran 101 simulations with U.S. Forest Service data for Arizona pine forests to realistically represent the variability of forests. The simulations coupled fire and atmospheric factors—such as wind moving through trees—at fine scales to provide a 3D view of how fire, wind, and vegetation interact.
To understand how the forest structure affects fire behavior, Atchley and colleagues repeated simulations with minor changes in the forest structure, which they made by moving trees and randomizing tree shapes. Small changes had monumental impact in fire behavior. However, despite highly variable fire behavior, observable forest characteristics, such as tree diversity and the size of a stand of trees or a clearing, also substantially control how fire spreads.
Results show that the more detailed and varied simulated forest decreases the forward spread of fire spread due to a combination of fuel discontinuities and increases fine-scale turbulent wind structures. On the other hand, large clearings can increase fire spread.
Leave a comment , ,

DHS S&T Announces $36.5M Funding Opportunity for New Center of Excellence

Agency News, Cyber Security CII sector, Industry News
The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) announced a $36.5 million funding opportunity for a new DHS Center of Excellence (COE), Engineering Secure Environments from Targeted Attacks (ESE).
“Partnering with universities, S&T delivers practical results by developing multidisciplinary, customer-driven solutions while training the next generation of homeland security experts,” said William Bryan, Acting Under Secretary for Science and Technology. “The challenges we face as a nation are complex. In collaboration with our academic partners, DHS is excited to launch a new COE focused on mitigating long-term threats against our nation’s surface transportation and built environments with novel engineering solutions.”
DHS plans to fund the new COE through a cooperative agreement for 10 years for a total of approximately $36.5 million.
The ESE COE will research and develop solutions to support DHS counterterrorism and violent extremism operations. The COE will help DHS continue fostering a culture of “security by design” by providing intentional and flexible architecture solutions to thwart an adaptive adversary. ESE will also advance a skilled workforce of scientists, technologists, engineers and mathematicians who focus on homeland security-related issues.
Technological advancements and their applications are increasingly complex and integrated into everyday processes. As cities grow larger and density increases across people, buildings, and infrastructure, a potential increase in the frequency or severity of targeted attacks from foreign and domestic terrorism is a legitimate concern. ESE will provide academic-led innovation that supports safer, more resilient transportation systems and communities.
DHS is soliciting proposals from multidisciplinary research and education teams, that will work closely with DHS and other subject-matter experts to develop approaches to strengthen the security of crowded spaces and transportation modalities. The teams will need various combinations of academic disciplines, including engineering, data analytics, and mathematics.
The DHS COEs work closely with DHS operating components to research, develop, and transition mission-relevant science and technology, and educate the next generation of homeland security technical experts. ESE will be required to engage with DHS operational components and fully understand the operational environment to help better identify technical and training gaps. Each DHS COE is led by a U.S. college or university and partners with other federally funded research and development centers, academic institutions, the commercial industry, and other federal, state, and local agencies.
Leave a comment , , ,
1 33 34 35 36 37 50