Category: Organisation Types

Organisation Types for membership

Asia-Pacific implements radiocommunication updates

Agency News, Industry News, Telecomms sector

Countries across Asia and the Pacific need fair, transparent, and predictable spectrum policies to accelerate equitable digital transformation across the region, according to radiocommunication experts convened by the International Telecommunication Union (ITU) over the last two weeks.

Regulators, industry experts and academics met to discuss future Asia-Pacific radio-frequency spectrum requirements following Radio Regulations updates.

"Radiocommunication services profoundly transform the way we work, travel, do business and access public services, including education and health," said ITU Secretary-General Houlin Zhao. “The Regional Radiocommunication Seminars provide an excellent opportunity for our members to learn the practical application of the ITU Radio Regulations, so that people everywhere can take advantage of the social and economic opportunities brought about by the rapid growth of digital platforms."

The regional seminar, convened entirely online, covered the regulatory framework for both terrestrial and space services and the procedures for filing and recording frequency assignments in the Master International Frequency Register (MIFR).

Masanori Kondo, Secretary-General of the Asia-Pacific Telecommunity, welcomed the discussions as “an opportunity for regulators to widen and deepen their knowledge and insight in the field of spectrum management." He emphasized the need for Asia-Pacific countries to develop fair, predictable, and transparent spectrum management policies and regulations to keep their diverse and geographically extensive telecommunication sector functioning effectively.

ITU support and guidance
Participants discussed the current regulatory framework for international frequency management, ITU Radiocommunication (ITU-R) Recommendations, and best practices for spectrum use by both terrestrial and space services.

“Despite the challenges brought about by the COVID-19 pandemic, we continue to deliver high quality capacity building opportunities to our members, supporting them with all the information and tools they need to analyse and implement the Radio Regulations and promote efficient spectrum management," said Mario Maniewicz, Director of the ITU Radiocommunication Bureau.

RRS-21 Asia-Pacific also included basic training to prepare for technical examinations and gain familiarity with ITU tools to produce frequency notices.

Leave a comment , ,

Weather and climate extremes in Asia killed thousands, displaced millions and cost billions in 2020

Agency News, Industry News, Water sector

Extreme weather and climate change impacts across Asia in 2020 caused the loss of life of thousands of people, displaced millions of others and cost hundreds of billions of dollars, while wreaking a heavy toll on infrastructure and ecosystems. Sustainable development is threatened, with food and water insecurity, health risks and environmental degradation on the rise, according to a new multi-agency report coordinated by the World Meteorological Organization (WMO).

The State of the Climate in Asia 2020 provides an overview of land and ocean temperatures, precipitation, glacier retreat, shrinking sea ice, sea level rise and severe weather. It examines socio-economic impacts in a year when the region was also struggling with the COVID-19 pandemic, which in turn complicated disaster management.

The report shows how every part of Asia was affected, from Himalayan peaks to low-lying coastal areas, from densely populated cities to deserts and from the Arctic to the Arabian seas.

“Weather and climate hazards, especially floods, storms, and droughts, had significant impacts in many countries of the region, affecting agriculture and food security, contributing to increased displacement and vulnerability of migrants, refugees, and displaced people, worsening health risks, and exacerbating environmental issues and losses of natural ecosystems,” said WMO Secretary-General Prof. Petteri Taalas.

“Combined, these impacts take a significant toll on long term sustainable development, and progress toward the UN 2030 Agenda and Sustainable Development Goals in particular,” he said.

The report combines input from a wide range of partners including the United Nations Economic and Social Commission for Asia and the Pacific (ESCAP) and other UN agencies, national meteorological and hydrological services as well as leading scientists and climate centres.

Leave a comment , ,

NSA and CISA provide cybersecurity guidance for 5G cloud infrastructures

Agency News, Industry News, Telecomms sector

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published cybersecurity guidance to securely build and configure cloud infrastructures in support of 5G. Security Guidance for 5G Cloud Infrastructures: Prevent and Detect Lateral Movement is the first of a four-part series created by the Enduring Security Framework (ESF), a cross-sector, public-private working group which provides cybersecurity guidance that addresses high priority cyber-based threats to the nation’s critical infrastructure.

“This series provides key cybersecurity guidance to configure 5G cloud infrastructure,” said Natalie Pittore, Chief of ESF in NSA’s Cybersecurity Collaboration Center. “Our team examined priority risks so that we could provide useful guidance, disseminated in an actionable way to help implementers protect their infrastructure.”

The series builds on the ESF Potential Threat Vectors to 5G Infrastructure analysis paper released in May 2021, which focused specifically on threats, vulnerabilities, and mitigations that apply to the deployment of 5G infrastructures. Based on preliminary analysis and threat assessment, the top 5G cloud infrastructure security challenges were identified by ESF and a four-part series of instructional documents covering those challenges will be released over the next few weeks. Topics include securely isolating network resources; protecting data in transit, in use, and at rest; and ensuring integrity of the network infrastructure.

Part I focuses on detecting malicious cyber actor activity in 5G clouds to prevent the malicious cyberattack of a single cloud resource from compromising the entire network. The guidance provides recommendations for mitigating lateral movement attempts by malicious cyber actors who have successfully exploited a vulnerability to gain initial access into a 5G cloud system.
“This series exemplifies the national security benefits resulting from the joint efforts of ESF experts from CISA, NSA, and industry,” said Rob Joyce, NSA Cybersecurity Director. “Service providers and system integrators that build and configure 5G cloud infrastructures who apply this guidance will do their part to improve cybersecurity for our nation.”

“Strong and vibrant partnerships are critical to the overall effort to reduce cyber risk. Along with our public and private partners in the ESF, CISA is proud to partner with NSA to present the Security Guidance series for 5G Infrastructure,” said Alaina Clark, Assistant Director for Stakeholder Engagement. “Protecting 5G cloud infrastructure is a shared responsibility and we encourage 5G providers, operators and customers to review the new guidance.”

5G cloud providers, integrators, and network operators share the responsibility to detect and mitigate lateral movement attempts within their 5G cloud infrastructure. This document provides best practices to secure the 5G cloud from specific cyber threats of lateral movement that could compromise a network.

Leave a comment , , ,

ESA and the City of Essen collaborate to protect urban and suburban areas with the power of space-applications

Industry News, Space Sector

The City of Essen and the European Space Agency (ESA) are cooperating to promote the development of space-applications in support of the development and the protection of urban environments in a sustainable manner. As a priority within the sustainable urban development, the focus will be on the natural green protection in urban and suburban areas, climate change challenges, biodiversity protection, sustainable urban mobility, circular economy, and support of growth of a sustainable green and digital economy by leveraging satellite and terrestrial networks.

The first joint initiative that has been launched through this cooperation is an Invitation To Tender for companies to propose space-based applications which can contribute to whether and to what extent green spaces can be effectively integrated into smart city planning and urban green management, be monitored regarding their status and their impact on the surroundings and preserved as natural capital to maximise benefits for all citizens. The City of Essen has been crucial for the definition of the key application areas.

The Lord Mayor of the City of Essen, Thomas Kufen, is looking forward to the cooperation and the opportunities it entails: “Urban green infrastructure improves water management during extreme precipitation events, has a positive impact on air quality, mitigates extreme summer temperatures, and provides recreational spaces. In times of climate change it is more important than ever in context of urban development, which must be rethought in a global context. The services developed with ESA will help us to observe, understand and sustainably adapt our local environment and its interdependencies.“

Rita Rinaldo, Head of the Partner/Thematic led Initiative of Space Solutions Programme in ESA, added: “working with the City of Essen gives us the opportunity to foster the development of space applications with the aim of making our cities greener, while boosting sustainability and infrastructure, protecting the environment and creating shared value for citizens. We are confident that this cooperation will showcase the potential of space to deliver green value thanks to innovative space-based solutions with environmental and socio-economic benefits at scale.”

Leave a comment , ,

WMO State of Climate in 2021: Extreme events and major impacts

Industry News, Water sector

The past seven years are on track to be the seven warmest on record, according to the provisional WMO State of the Global Climate 2021 report, based on data for the first nine months of 2021. A temporary cooling “La Niña” event early in the year means that 2021 is expected to be “only” the fifth to seventh warmest year on record. But this does not negate or reverse the long-term trend of rising temperatures.The report combines input from multiple United Nations agencies, national meteorological and hydrological services and scientific experts. It highlights impacts on food security and population displacement, harming crucial ecosystems and undermining progress towards the Sustainable Development Goals. It was released at a press conference on the opening day of COP26.

Global sea level rise accelerated since 2013 to a new high n 2021, with continued ocean warming and ocean acidification.

The report combines input from multiple United Nations agencies, national meteorological and hydrological services and scientific experts. It highlights impacts on food security and population displacement, harming crucial ecosystems and undermining progress towards the Sustainable Development Goals.

The provisional State of the Climate 2021 report was released at the start of the UN Climate Change negotiations, COP26, in Glasgow. It provides a snapshot of climate indicators such as greenhouse gas concentrations, temperatures, extreme weather, sea level, ocean warming and ocean acidification, glacier retreat and ice melt, as well as socio-economic impacts.

It is one of the flagship scientific reports which will inform negotiations and which will be showcased at the Science pavilion hosted by WMO, the Intergovernmental Panel on Climate Change and the UK Met Office. During COP26, WMO will launch the Water and Climate Coalition to coordinate water and climate action, and the Systematic Observations Financing Facility to improve weather and climate observations and forecasts which are vital to climate change adaptation.

Leave a comment , ,

Broadband Commission calls for people-centred solutions to achieve universal connectivity

Agency News, Industry News, Telecomms sector

More than a year and a half into the COVID-19 pandemic, amid relentless global demand for broadband services, the Broadband Commission for Sustainable Development has reaffirmed its call for digital cooperation, innovation with information and communication technologies (ICTs), and collaborative approaches to secure universal connectivity and access to digital skills.

The Commission's State of Broadband Report 2021​, released during the meeting, outlines the impact of pandemic policies and calls for a concerted, people-centred push to close the world's persistent divide. In the world's least developed countries (LDCs), no more than a quarter of the population is online.

"Digital cooperation needs to go beyond access to broadband," said H.E. President Paul Kagame of Rwanda, Co-Chair of the Commission. “We also need to close the gap in the adoption and use of affordable devices and services, in accessible content, and in digital literacy."

More than 50 Commissioners and special guests, representing government leaders, heads of international organizations and private sector companies, civil society and academia, affirmed that people-centred solutions must be at the heart of building a sustainable path towards universal broadband.

Commission co-Chair Carlos Slim, Founder of Carlos Slim Foundation and Grupo Carso, added: “To achieve our universal connectivity goal, we need to work together. We need to build a digital future that is inclusive, affordable, safe, sustainable, meaningful and people centred. We need to support infrastructure and to deal with affordability and relevant content to ensure usage. For that to happen, it requires concerted efforts."

Connectivity for sustainable development
The Annual Fall Meeting, held in a virtual format, underscored the need to accelerate digital connectivity to fulfil the United Nations Agenda for 2030, centred on 17 Sustainable Development Goals.

“The absence of digital skills remains the largest barrier to Internet use," noted Audrey Azoulay, Director-General of the United Nations Educational, Scientific and Cultural Organization (UNESCO) and co-Vice Chair of the Commission. “Digital education must therefore be as much about gaining skills as about developing the ability to think critically in order to master the technical aspects and be able to distinguish between truth and falsehood."

“UNESCO's Media and Information Literacy curriculum, launched in Belgrade, Serbia, in April, provided a key tool to boost skills," she added.

A newly released Commission report on distance and hybrid learning cites the need to foster digital skills along with expanding broadband infrastructure.

[Source: ITU]
Leave a comment ,

TSA checkpoint at Capital Region International Airport gets new credential authentication technology unit

Agency News, Industry News, Transport sector

A credential authentication technology (CAT) unit has been installed and is in use at the Transportation Security Administration checkpoint at Capital Region International Airport (LAN).

“The new credential authentication technology unit enhances our detection capabilities for identifying fraudulent ID documents and improves the passenger’s experience by increasing efficiency during the checkpoint experience,” said Michigan TSA Federal Security Director Steve Lorincz. “The CAT unit also reduces touchpoints at the checkpoint, which benefits both officers and travelers during this pandemic.”

Passengers will approach the travel document checking station at the checkpoint and listen to the instructions of the TSA officer, who will insert the personal identification into the scanner for authentication.

Passengers will not have to hand over their boarding pass (electronic or paper), thus reducing a touchpoint. Instead, they should have their boarding pass ready in the event that the TSA officer requests visual inspection. The CAT unit will verify that the traveler is prescreened to travel out of the airport for a flight that day; however, a boarding pass may be requested for travelers under the age of 18 and/or those without IDs or with damaged IDs.

“We are pleased that TSA is taking steps to enhance the technology to ensure the safety and security of our travelers here at the Capital Region International Airport (LAN),” said Nicole Noll-Williams, president and CEO of the Capital Region Airport Authority.

Even with TSA’s use of CAT, travelers still need to check-in with their airline in advance and bring their boarding pass to their gate agent to show the airline representative before boarding their flight.

This technology will enhance detection capabilities for identifying fraudulent documents at the security checkpoint. CAT units authenticate several thousand types of IDs including passports, military common access cards, retired military ID cards, Department of Homeland Security Trusted Traveler ID cards, uniformed services ID cards, permanent resident cards, U.S. visas, and driver’s licenses and photo IDs issued by state motor vehicle departments.

Leave a comment , ,

Risky business or a leap of faith? A risk based approach to optimise cybersecurity certification

Agency News, Cyber Security CII sector, Industry News

The European Union Agency for Cybersecurity (ENISA) has launched a cybersecurity assessment methodology for cybersecurity certification of sectoral multistakeholder ICT systems.

The Methodology for a Sectoral Cybersecurity Assessment - (SCSA Methodology) was developed to enable the preparation of EU cybersecurity certification schemes for sectoral ICT infrastructures and ecosystems. SCSA aims at market acceptance of cybersecurity certification deployments and supports the requirements of market stakeholders and the EU Cybersecurity Act (CSA). In particular, SCSA endorses the identification of security and certification requirements based on risks associated with the “intended use” of the specific ICT products, services and processes.

The SCSA Methodology makes available to the ENISA stakeholders a comprehensive ICT security assessment instrument that includes all aspects pertinent to sectoral ICT systems and provides thorough content for the implementation of ICT security and cybersecurity certification.

While SCSA draws from widely accepted standards, in particular ISO/IEC 27000-series and ISO/IEC 15408-series, the proposed enhancements tackle multi-stakeholder systems and the specific security and assurance level requirements concerning ICT products, processes and cybersecurity certification schemes.

This is achieved by introducing the following features and capabilities:

- Business processes, roles of sectoral stakeholders and business objectives are documented at ecosystem level, overarching the ICT subsystems of the individual stakeholders. Stakeholders are invited to actively contribute to the identification and rating of ICT security risks that could affect their business objectives.
- A dedicated method associates the stakeholders’ ratings of risks with the security and assurance level requirements to dedicated ICT subsystems, components or processes of the sectoral ICT system.
- SCSA specifies a consistent approach to implement security and assurance levels across all parts of the sectoral ICT system and provides all information required by the sectoral cybersecurity certification schemes.

Benefits of the SCSA Methodology for stakeholders

The sectoral cybersecurity security assessment provides a comprehensive approach of the multi-faceted aspects presented by complex multi-stakeholder ICT systems and it features the following benefits:

- The security of a sectoral system requires synchronisation across all participating stakeholders. SCSA introduces comparability of security and assurance levels between different stakeholders’ systems and system components. SCSA enables building open multi-stakeholder ecosystems even among competitors to the benefit of suppliers and customers.
- The risk-based approach supports transparency and a sound balance between the cost for security and certification and the benefit of mitigating ICT-security-related business risks for each concerned stakeholder.
- Security measures can focus on the critical components, optimising the security architecture of the sectoral system, hence minimising cost of security.
- SCSA generates accurate and consistent information on security and certification level requirements for all relevant ICT subsystems, components or processes. On this basis, suppliers can match their products to their customers’ requirements.
- SCSA supports the integration of existing risk management tools and information security management systems (ISMS).
- Due to a consistent definition of assurance levels, the re-use of certificates from other cybersecurity certification schemes is supported.

Leave a comment , ,

CISA and FBI observe the increased use of Conti ransomware

Agency News, Cyber Security CII sector, Industry News

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have observed the increased use of Conti ransomware in more than 400 attacks on U.S. and international organizations. (See FBI Flash: Conti Ransomware Attacks Impact Healthcare and First Responder Networks.) In typical Conti ransomware attacks, malicious cyber actors steal files, encrypt servers and workstations, and demand a ransom payment.

To secure systems against Conti ransomware, CISA, FBI, and the National Security Agency (NSA) recommend implementing the mitigation measures described in this Advisory, which include requiring multi-factor authentication (MFA), implementing network segmentation, and keeping operating systems and software up to date.

Technical Details

While Conti is considered a ransomware-as-a-service (RaaS) model ransomware variant, there is variation in its structure that differentiates it from a typical affiliate model. It is likely that Conti developers pay the deployers of the ransomware a wage rather than a percentage of the proceeds used by affiliate cyber actors and receives a share of the proceeds from a successful attack.

Conti actors often gain initial access to networks through:

- Spearphishing campaigns using tailored emails that contain malicious attachments or malicious links;
- Malicious Word attachments often contain embedded scripts that can be used to download or drop other malware—such as TrickBot and IcedID, and/or Cobalt Strike—to assist with lateral movement and later stages of the attack life cycle with the eventual goal of deploying Conti ransomware.
- Stolen or weak Remote Desktop Protocol (RDP) credentials
- Phone calls;
- Fake software promoted via search engine optimization;
- Common vulnerabilities in external assets.

In the execution phase, actors run a getuid payload before using a more aggressive payload to reduce the risk of triggering antivirus engines. CISA and FBI have observed Conti actors using Router Scan, a penetration testing tool, to maliciously scan for and brute force routers, cameras, and network-attached storage devices with web interfaces. Additionally, actors use Kerberos attacks to attempt to get the Admin hash to conduct brute force attacks.

Conti actors are known to exploit legitimate remote monitoring and management software and remote desktop software as backdoors to maintain persistence on victim networks. The actors use tools already available on the victim network—and, as needed, add additional tools, such as Windows Sysinternals and Mimikatz—to obtain users’ hashes and clear-text credentials, which enable the actors to escalate privileges within a domain and perform other post-exploitation and lateral movement tasks. In some cases, the actors also use TrickBot malware to carry out post-exploitation tasks.

According to a recently leaked threat actor “playbook,” Conti actors also exploit vulnerabilities in unpatched assets, such as the following, to escalate privileges and move laterally across a victim’s network.

Leave a comment , , , ,

UK and US cyber security leaders meet to discuss shared threats and opportunities

Agency News, Cyber Security CII sector, Industry News

National Cyber Security Centre CEO and Director of the US Cybersecurity and Infrastructure Security Agency met in London.

Top cyber security officials from the UK and US affirmed their commitment to tackling ransomware in their first official face-to-face engagement.

Lindy Cameron, CEO of the National Cyber Security Centre – a part of GCHQ – met with Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency to discuss their organisations’ priorities, including combatting ransomware.

During their bi-lateral meeting in London they reflected on the impact of ransomware attacks this year and the need for industry collaboration to complement government’s operational efforts against ransomware.

NCSC Chief Executive Lindy Cameron said:

“It was a pleasure to host Director Easterly for our first in-person bi-lateral meeting to discuss the critical issues in cyber security today.

“Ransomware is a serious and growing security threat that cuts across borders, and it is important for us to maintain a continuing dialogue with our closest ally to tackle it.”

The issue of gender diversity was also on the agenda, with both agreeing that more needed to be done to remove barriers to entry into the profession for women and girls.

They discussed the NCSC’s CyberFirst Girls Competition, which aims to get more girls interested in cyber through fun but challenging team events for teenagers, and CISA’s ongoing commitment to expanding opportunities for young women and girls to pursue careers in cyber security and technology and closing the gender gap that exists in these fields.

The two leaders also discussed government collaboration with industry, including the NCSC’s Industry 100 scheme and CISA’s Joint Cyber Defense Collaborative.

The Industry 100 scheme has integrated public and private sector talent in the UK to pool their knowledge to tackle key cyber security issues. The Joint Cyber Defense Collaborative has similarly bought American public and private sector entities together to unify crisis action planning and defend against threats to U.S. critical infrastructure.

Leave a comment , , , ,
1 26 27 28 29 30 54