Category: Organisation Types

Organisation Types for membership

Digital solutions enhance seafarer safety

Agency News, Industry News, Transport sector
From time immemorial, seafarers and ships have provided vital links to keep the world connected.
Even today, as digital transformation brings far-flung communities together amid the COVID-19 pandemic, maritime trade and transport remain central elements in global connectivity.
Seafarers and their demanding missions, meanwhile, are changing with the times.
Connecting mariners to the rest of the world and providing them with the best technologies and services to keep them safe at sea is of utmost importance.
Connected seafarers
More and more connected ships mean increasingly huge amounts of data. Most importantly, we must ensure that nobody is left behind. In the maritime sector, this means helping seafarers understand the latest information and communication technologies (ICTs) well enough to extract real value from the resulting data.
Gathering and analyzing data in intelligent ways makes all of us in the maritime business more effective in our missions. I have seen firsthand how ICT adoption can help to build a safer and fairer work environment for seafarers, address global environmental concerns including warming oceans, biodiversity loss and rising sea levels, and, of course, optimize maritime fleet performance.
To take one example, key shipboard data can be transmitted securely thanks to emerging technologies like distributed ledgers.
At the same time, access to satellite data while at sea has never been easier. Seafarers can capture deep insights through a new-generation interface with their equipment. Ultimately, satellite-based meteorology has vastly improved our knowledge of the seas.
For those in peril
Safety has always been priority number one for seafarers. Yet the perils of the harsh maritime working environment are never far away. ICT uptake and standardization have greatly improved seafarer safety in recent years, with the International Telecommunication Union (ITU) making vital contributions in this regard.
Take, for example, the Global Maritime Distress and Safety System (GMDSS), the internationally agreed set of safety procedures, frequencies, types of equipment, and communication protocols developed by ITU and the International Maritime Organization (IMO). GMDSS has been saving lives for over 30 years now. It came as an especially welcome innovation back in 1988.
Today, ITU’s Maritime Manual, List IV (List of Coast Stations and Special Service Stations) and List V (List of Ship Stations and Maritime Mobile Service Identity Assignments) remain highly reliable sources of industry information. They equip our seafaring colleagues to anticipate navigational concerns and ultimately help bring ships and crews home safe and sound.
After many years of travelling the oceans, I appreciate the value of practical tech of seaborne users. My wish to leverage digital solutions and design user-first services is what led me to the next stage of my career. Now, at Opsealog, my mission is to provide crews and shore staff with dedicated tools and accurate advice for the best use of resources.
Evolving technologies, meanwhile, keep unlocking new possibilities. I can’t wait to help create the next generation digital tools for our beautiful maritime industry.
[source: ITU]
Leave a comment ,

New StopRansomware.gov website launched

Agency News, Cyber Security CII sector, Industry News
The U.S. Government launched a new website to help public and private organizations defend against the rise in ransomware cases. StopRansomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. We encourage organizations to use this new website to understand the threat of ransomware, mitigate risk, and in the event of an attack, know what steps to take next.
The StopRansomware.gov webpage is an interagency resource that provides our partners and stakeholders with ransomware protection, detection, and response guidance that they can use on a single website. This includes ransomware alerts, reports, and resources from CISA, the FBI, and other federal partners.
Leave a comment , , ,

Storms and Record Rainfall in Western Europe Disrupts CI

Industry News, Power/Energy/Oil & Gas sector, Water sector
Record rainfall has caused swollen rivers to burst their banks and wash away homes and other buildings in western Europe – leading to more than 190 fatalities and over 1000 people missing. The floods have affected several river basins, first in the United Kingdom and later across northern and central Europe including Austria, Belgium, Germany, Luxembourg, the Netherlands, Switzerland and Italy.
The German states of Rhineland-Palatinate and North Rhine-Westphalia were among the worst hit by the torrential rainfall, with water levels rising in the Rhine River, as well as the Walloon Region in Belgium. The storms and high waters have also battered neighbouring Switzerland, the Netherlands and Luxembourg.
Data from the Copernicus Sentinel-1 mission are being used to map flooded areas to help relief efforts. The mission has been supplying imagery through the Copernicus Emergency Mapping Service to aid relief efforts. The devastating floods has triggered four activations in the Copernicus Emergency Mapping Service, in Western Germany, Belgium, Switzerland and the Netherlands.
The service uses observations from multiple satellites to provide on-demand mapping to help civil protection authorities and the international humanitarian community in the face of major emergencies.
Westnetz, Germany's biggest power distribution grid, stated that 200,000 properties in the North Rhine-Westphalia and Rhineland-Palatinate regions were without power and that it would be impossible to repair substations until roads were cleared.
Leave a comment , ,

CISA’s CSET Tool Sets Sights on Ransomware Threat

Agency News, Cyber Security CII sector, Industry News

CISA has released a new module in its Cyber Security Evaluation Tool (CSET): the Ransomware Readiness Assessment (RRA). CSET is a desktop software tool that guides network defenders through a step-by-step process to evaluate their cybersecurity practices on their networks. CSET—applicable to both information technology (IT) and industrial control system (ICS) networks—enables users to perform a comprehensive evaluation of their cybersecurity posture using many recognized government and industry standards and recommendations.

The RRA is a self-assessment based on a tiered set of practices to help organizations better assess how well they are equipped to defend and recover from a ransomware incident. CISA has tailored the RRA to varying levels of ransomware threat readiness to make it useful to all organizations regardless of their current cybersecurity maturity. The RRA:

  • Helps organizations evaluate their cybersecurity posture, with respect to ransomware, against recognized standards and best practice recommendations in a systematic, disciplined, and repeatable manner.
  • Guides asset owners and operators through a systematic process to evaluate their operational technology (OT) and information technology (IT) network security practices against the ransomware threat.
  • Provides an analysis dashboard with graphs and tables that present the assessment results in both summary and detailed form.

CISA strongly encourages all organizations to take the CSET Ransomware Readiness Assessment

Leave a comment , , ,

Coordinated action cuts off access to VPN service used by ransomware groups

Agency News, Cyber Security CII sector, Industry News
Law enforcement and judicial authorities in Europe, the US and Canada have seized the web domains and server infrastructure of DoubleVPN. This is a virtual private network (VPN) service which provided a safe haven for cybercriminals to attack their victims.
This coordinated takedown, led by the Dutch National Police (Politie), under jurisdiction of the National Public Prosecutor’s Office (Landelijk Parket), with international activity coordinated by Europol and Eurojust, has now ended the availability of this service.
VPN service ransomware
Servers were seized across the world where DoubleVPN had hosted content, and the web domains were replaced with a law enforcement splash page. This coordinated takedown was carried out in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT).
DoubleVPN was heavily advertised on both Russian- and English-speaking underground cybercrime forums as a means to mask the location and identities of ransomware operators and phishing fraudsters. The service claimed to provide a high level of anonymity by offering single, double, triple and even quadruple VPN connections to its clients.
DoubleVPN was being used to compromise networks all around the world. Its cheapest VPN connection cost as little as EUR 22 ($25).
International coordination
International cooperation was central to the success of this investigation as the critical infrastructure was scattered across the world.
Europol’s European Cybercrime Centre (EC3) supported the investigation from the onset, bringing together all the involved countries to establish a joint strategy. Its cybercrime specialists organised over 30 coordination meetings and four workshops to prepare for the final phase of the takedown, alongside providing analytical and crypto-tracing support. A virtual command post was set up by Europol on the action day to ensure seamless coordination between all the authorities involved in the takedown.
Eurojust facilitated the judicial cross-border cooperation and coordination, to ensure an adequate response in order to take down the network. For this purpose, and since October last year, six dedicated coordination meetings took place, organised by Eurojust, and set up a coordination centre during the action day, during which the operation was rolled on the ground by the various national authorities involved.
Leave a comment

CISA and FBI Launch Operation Flashpoint to Raise Awareness about How to Prevent Bomb Making

Agency News, Industry News, Power/Energy/Oil & Gas sector, Telecomms sector, Transport sector
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Justice’s Federal Bureau of Investigation (FBI) announced a new pilot program called “Operation Flashpoint” to build awareness in communities across the U.S. about how to prevent bomb attacks.
At the pilot’s launch today at Revell Ace Hardware in Clinton, Miss., CISA and FBI officials highlighted the threat posed by domestic violent extremists and others who can build improvised explosive devices (IEDs) from common household items found at retail stores across the country. Approximately 250,000 businesses in the U.S. sell, use or distribute materials that can be used to build bombs.
IEDs pose a significant threat in the U.S. In 2020 alone, there were 2,061 total bomb threat, suspicious package and device-related incidents across the nation, according to CISA’s Office for Bombing Prevention TRIPwire report. Major bombings can cause mass casualty events and cost hundreds of millions of dollars or more.
The 90-day Operation Flashpoint pilot, which will include events in other cities including Columbia, S.C.; Louisville, Ky.; and Orlando/Tampa, Fla., encourages businesses and the public to voluntarily report suspicious activities, such as buying large amounts of chemicals and materials (or a combination of these) that can be used to build bombs.
“Operation Flashpoint is a major milestone in implementing U.S. policy to thwart bomb threats,” said Dr. David Mussington, Executive Assistant Director for CISA’s Infrastructure Security Division. “It shows the strong unity in the federal government, between the Department of Justice and the Department of Homeland Security, to safeguard citizens and critical infrastructure.”
Leave a comment , , ,

Digital regulators need to collaborate to “build forward better” after COVID

Agency News, Industry News, Telecomms sector
​​​​​​​​Bold regulatory approaches are needed to guide ground-breaking technology uptake, foster collaboration, and drive digital transformation in the post-COVID world, according to participants at the latest Global Symposium for Regulators (GSR-21) organized by the International Telecommunication Union (ITU).
The meetings brought together regulators from around the world to tackle the persistent, growing, global digital divide. In part, this involved adopting new guidelines for inclusive information and communication technology (ICT) regulation to “build forward better" and drive post-COVID recovery.
“Following the global social and economic disruption brought about by the COVID-19 pandemic, regulators have a unique opportunity to rethink and reshape policy principles and regulatory best practices to build ubiquitous, open and resilient digital infrastructure," said ITU Secretary-General Houlin Zhao.
Focus on holistic digital transformation
COVID-19 has prompted countries to seek more holistic, future-ready agendas for digital transformation. Accordingly, regulators discussed the need for collaborative leadership to ensure trust in the digital space; sufficient connectivity and regulatory enablers; financing to ensure affordable connectivity, meaningful access, and widespread use; safe digital inclusion; and partnerships for digital transformation.
“Effective regulation matters not just in times of crisis," said Doreen Bogdan-Martin, Director of ITU's Telecommunication Development Bureau. “To build forward better in the post-COVID digital world, we need agile and ground-breaking approaches and tools for digital regulation to accelerate the sustainable and inclusive growth of ICTs. Connectivity, access and use are ultimately at the heart of the digital transformation. Along with fit-for-purpose regulatory approaches, these are the predominant enablers of competitiveness and key to the future prosperity of people, communities, countries and regions everywhere."
New GSR-21 Best Practice Guidelines
Innovative tools and approaches are outlined in the newly released GSR-21 Best Practice Guidelines: Regulatory uplift for financing digital infrastructure, access and use. ​
Approaches to ICT regulation need to be globally consistent yet flexible, allowing each national framework to be tailored to meet local needs, regulators taking part in GSR-21 agreed.
Mercy Wanjau, Acting Director-General of the Communications Authority of Kenya and Chair of GSR-21, said: “The regulatory Best Practice Guidelines crafted and adopted by regulators and policy makers at GSR have been guiding all of us through challenges and new endeavours. I call upon regulators everywhere to leverage the GSR-21 Guidelines in adopting and implementing globally agreeable approaches that are relevant to their national circumstances and leverage collaboration across the board."
The guidelines emphasise the need for a collaborative, whole-of-government approach to regulation, focusing particularly on the role of effective and agile financing, prototyping regulatory patterns and approaches, and transformational leadership, to drive faster and more inclusive connectivity and ensure safe digital inclusion for all in the wake of the pandemic.
Key recommendations include:
- Alternative mechanisms for funding and financing digital infrastructures across economic sectors. Regulators should encourage investment and help to create competitive markets for future-proof broadband and digital services. Investment is also needed in non-commercial areas to make digital services available and affordable for all, while ensuring that basic regulatory needs are met.
- Promotion of local innovation ecosystems that enable the development of emerging technologies and business models. Regulators must create a safe space for digital innovation and experimentation. New approaches to regulation should protect consumers while encouraging market growth and ensuring resilience in future networks and services.
- Spectrum innovation and efficient use. New approaches may be needed to enhance regulatory foresight, harness data to target interventions, and create space for regulators and industry to experiment together. Spectrum innovation is just one such example.
- Ambitious yet executable regulatory roadmaps. The proposed best practices from GSR 21, if widely adopted, could help countries leapfrog ahead in economic development, maximize the benefits of ICT uptake, and ensure that these immense opportunities reach everyone.
In addition to the GSR-21 Best Practice Guidelines, GSR-21 saw the release of several new publications and platforms​:  Financing Universal Access to Digital Technologies and Services, Econometric Modelling in the context of COVID-19, collaborative case studies, and ICT Regulatory Tracker 2020​.
Leave a comment , , ,

Coordinated Action Cuts Off Access to VPN Service Used by Ransomware Groups

Agency News, Cyber Security CII sector, Industry News
Law enforcement and judicial authorities in Europe, the US and Canada have seized the web domains and server infrastructure of DoubleVPN. This is a virtual private network (VPN) service which provided a safe haven for cybercriminals to attack their victims.
This coordinated takedown, led by the Dutch National Police (Politie), under jurisdiction of the National Public Prosecutor’s Office (Landelijk Parket), with international activity coordinated by Europol and Eurojust, has now ended the availability of this service.
Servers were seized across the world where DoubleVPN had hosted content, and the web domains were replaced with a law enforcement splash page. This coordinated takedown was carried out in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT).
DoubleVPN was heavily advertised on both Russian and English-speaking underground cybercrime forums as a means to mask the location and identities of ransomware operators and phishing fraudsters. The service claimed to provide a high level of anonymity by offering single, double, triple and even quadruple VPN-connections to its clients.
DoubleVPN was being used to compromise networks all around the world. Its cheapest VPN-connection cost as little as €22 ($25).
INTERNATIONAL COORDINATION
International cooperation was central to the success of this investigation as the critical infrastructure was scattered across the world.
- Europol’s European Cybercrime Centre (EC3) supported the investigation from the onset, bringing together all the involved countries to establish a joint strategy. Its cybercrime specialists organised over 30 coordination meetings and four workshops to prepare for the final phase of the takedown, alongside providing analytical and crypto-tracing support. A virtual command post was set up by Europol on the action day to ensure seamless coordination between all the authorities involved in the takedown.
- Eurojust facilitated the judicial cross-border cooperation and coordination, to ensure an adequate response in order to take down the network. For this purpose, and since October last year, six dedicated coordination meetings took place, organised by Eurojust, and set up a coordination centre during the action day, during which the operation was rolled on the ground by the various national authorities involved.
Leave a comment , , ,

Countries ramp up cybersecurity strategies

Agency News, Cyber Security CII sector, Industry News
ITU releases fourth edition of the Global Cybersecurity Index; key 2020 data points to increased commitment
​​​​The latest Global Cybersecurity Index (GCI) from the International Telecommunication Union (ITU) shows a growing commitment around the world to tackle and reduce cybersecurity threats.
Countries are working to improve their cyber safety despite the challenges of COVID-19 and the rapid shift of everyday activities and socio-economic services into the digital sphere, the newly released 2020 index confirms.
According to GCI 2020, around half of countries globally say they have formed a national computer incident response team (CIRT), indicating an 11 per cent increase since 2018. Rapid uptake of information and communication technologies (ICTs) during the COVID-19 pandemic has put cybersecurity at the forefront.
“In these challenging times, the unprecedented reliance on ICTs to drive society, economy and industry, makes it more important than ever before to secure cyberspace and build confidence among users," affirmed ITU Secretary General Houlin Zhao. “Governments and industry need to work together to make ICTs consistently safe and trustworthy for all. The Global Cybersecurity Index is a key element, offering a snapshot of the opportunities and gaps that can be addressed to strengthen every country's digital ecosystem."
Some 64 per cent of countries had adopted a national cybersecurity strategy (NCS) by year-end, while more than 70 per cent conducted cybersecurity awareness campaigns in 2020, compared to 58 per cent and 66 per cent, respectively, in 2018.
Addressing the cyber gap
Many countries and regions lag in key areas. These include:
- ​Cybersecurity skills training, which must be tailored to the needs of citizens, micro-, small-, and medium-sized enterprises (MSMEs);
Finance, healthcare, energy, and other key sectors, which require dedicated measures to close cybersecurity gaps;
- Critical infrastructure protection, which requires enhancement to meet new and evolving cyber threats;
- Individual data protection, which requires continual reinforcement as online activity expands.
Growing reliance on digital solutions necessitates ever stronger, yet also accessible and user-friendly, data protection measures.
Leave a comment , , ,

NSA Releases Guidance on Securing Unified Communications and Voice and Video over IP Systems

Agency News, Cyber Security CII sector, Industry News
NSA released a Cybersecurity Technical Report that provides best practices and mitigations for securing Unified Communications (UC) and Voice and Video over IP (VVoIP) call-processing systems. The comprehensive report, “Deploying Secure Unified Communications/Voice and Video over IP Systems,” also describes potential risks to UC/VVoIP systems that aren’t properly secured.
To complement the larger report, NSA published an abridged Cybersecurity Information Sheet to capture key takeways and introduce the steps organizations should take when securing their UC/VVoIP systems.
UC and VVoIP are workplace call-processing systems that provide a variety of collaboration tools as well as the flexibility to communicate using voice, video conferencing and instant messaging. The access to advanced call-processing features and centralization of management have made UC and VVoIP popular in enterprise environments, including National Security System, Department of Defense and Defense Industrial Base networks.
The IP infrastructure that enables UC/VVoIP systems also presents risks that were less prevalent in the prior generation of call centers. If UC/VVoIP systems are not properly secured, they are susceptible to the same malicious activity targeting existing IP systems through spyware, viruses, software vulnerabilities or other malicious means. Malicious actors could penetrate the IP networks to eavesdrop on conversations, impersonate users, commit toll fraud and perpetrate denial of service attacks. High-definition room audio and video could also be covertly collected.
To securely deploy UC/VVOIP systems, NSA provides best practices to use when preparing networks, establishing network perimeters, using enterprise session controllers and adding endpoints to deploy a UC/VVOIP system.
Methods to minimize the risk to UC/VVOIP systems include segmenting the networks to limit access to a common set of devices, ensuring timely patching, authentication and encryption of all signaling and media traffic, and verifying the security of devices before adding them to a network.
Leave a comment , , ,
1 25 26 27 28 29 49