Category: Organisation Types

Organisation Types for membership

Broadband Commission calls for people-centred solutions to achieve universal connectivity

Agency News, Industry News, Telecomms sector

More than a year and a half into the COVID-19 pandemic, amid relentless global demand for broadband services, the Broadband Commission for Sustainable Development has reaffirmed its call for digital cooperation, innovation with information and communication technologies (ICTs), and collaborative approaches to secure universal connectivity and access to digital skills.

The Commission's State of Broadband Report 2021​, released during the meeting, outlines the impact of pandemic policies and calls for a concerted, people-centred push to close the world's persistent divide. In the world's least developed countries (LDCs), no more than a quarter of the population is online.

"Digital cooperation needs to go beyond access to broadband," said H.E. President Paul Kagame of Rwanda, Co-Chair of the Commission. “We also need to close the gap in the adoption and use of affordable devices and services, in accessible content, and in digital literacy."

More than 50 Commissioners and special guests, representing government leaders, heads of international organizations and private sector companies, civil society and academia, affirmed that people-centred solutions must be at the heart of building a sustainable path towards universal broadband.

Commission co-Chair Carlos Slim, Founder of Carlos Slim Foundation and Grupo Carso, added: “To achieve our universal connectivity goal, we need to work together. We need to build a digital future that is inclusive, affordable, safe, sustainable, meaningful and people centred. We need to support infrastructure and to deal with affordability and relevant content to ensure usage. For that to happen, it requires concerted efforts."

Connectivity for sustainable development
The Annual Fall Meeting, held in a virtual format, underscored the need to accelerate digital connectivity to fulfil the United Nations Agenda for 2030, centred on 17 Sustainable Development Goals.

“The absence of digital skills remains the largest barrier to Internet use," noted Audrey Azoulay, Director-General of the United Nations Educational, Scientific and Cultural Organization (UNESCO) and co-Vice Chair of the Commission. “Digital education must therefore be as much about gaining skills as about developing the ability to think critically in order to master the technical aspects and be able to distinguish between truth and falsehood."

“UNESCO's Media and Information Literacy curriculum, launched in Belgrade, Serbia, in April, provided a key tool to boost skills," she added.

A newly released Commission report on distance and hybrid learning cites the need to foster digital skills along with expanding broadband infrastructure.

[Source: ITU]
Leave a comment ,

TSA checkpoint at Capital Region International Airport gets new credential authentication technology unit

Agency News, Industry News, Transport sector

A credential authentication technology (CAT) unit has been installed and is in use at the Transportation Security Administration checkpoint at Capital Region International Airport (LAN).

“The new credential authentication technology unit enhances our detection capabilities for identifying fraudulent ID documents and improves the passenger’s experience by increasing efficiency during the checkpoint experience,” said Michigan TSA Federal Security Director Steve Lorincz. “The CAT unit also reduces touchpoints at the checkpoint, which benefits both officers and travelers during this pandemic.”

Passengers will approach the travel document checking station at the checkpoint and listen to the instructions of the TSA officer, who will insert the personal identification into the scanner for authentication.

Passengers will not have to hand over their boarding pass (electronic or paper), thus reducing a touchpoint. Instead, they should have their boarding pass ready in the event that the TSA officer requests visual inspection. The CAT unit will verify that the traveler is prescreened to travel out of the airport for a flight that day; however, a boarding pass may be requested for travelers under the age of 18 and/or those without IDs or with damaged IDs.

“We are pleased that TSA is taking steps to enhance the technology to ensure the safety and security of our travelers here at the Capital Region International Airport (LAN),” said Nicole Noll-Williams, president and CEO of the Capital Region Airport Authority.

Even with TSA’s use of CAT, travelers still need to check-in with their airline in advance and bring their boarding pass to their gate agent to show the airline representative before boarding their flight.

This technology will enhance detection capabilities for identifying fraudulent documents at the security checkpoint. CAT units authenticate several thousand types of IDs including passports, military common access cards, retired military ID cards, Department of Homeland Security Trusted Traveler ID cards, uniformed services ID cards, permanent resident cards, U.S. visas, and driver’s licenses and photo IDs issued by state motor vehicle departments.

Leave a comment , ,

Risky business or a leap of faith? A risk based approach to optimise cybersecurity certification

Agency News, Cyber Security CII sector, Industry News

The European Union Agency for Cybersecurity (ENISA) has launched a cybersecurity assessment methodology for cybersecurity certification of sectoral multistakeholder ICT systems.

The Methodology for a Sectoral Cybersecurity Assessment - (SCSA Methodology) was developed to enable the preparation of EU cybersecurity certification schemes for sectoral ICT infrastructures and ecosystems. SCSA aims at market acceptance of cybersecurity certification deployments and supports the requirements of market stakeholders and the EU Cybersecurity Act (CSA). In particular, SCSA endorses the identification of security and certification requirements based on risks associated with the “intended use” of the specific ICT products, services and processes.

The SCSA Methodology makes available to the ENISA stakeholders a comprehensive ICT security assessment instrument that includes all aspects pertinent to sectoral ICT systems and provides thorough content for the implementation of ICT security and cybersecurity certification.

While SCSA draws from widely accepted standards, in particular ISO/IEC 27000-series and ISO/IEC 15408-series, the proposed enhancements tackle multi-stakeholder systems and the specific security and assurance level requirements concerning ICT products, processes and cybersecurity certification schemes.

This is achieved by introducing the following features and capabilities:

- Business processes, roles of sectoral stakeholders and business objectives are documented at ecosystem level, overarching the ICT subsystems of the individual stakeholders. Stakeholders are invited to actively contribute to the identification and rating of ICT security risks that could affect their business objectives.
- A dedicated method associates the stakeholders’ ratings of risks with the security and assurance level requirements to dedicated ICT subsystems, components or processes of the sectoral ICT system.
- SCSA specifies a consistent approach to implement security and assurance levels across all parts of the sectoral ICT system and provides all information required by the sectoral cybersecurity certification schemes.

Benefits of the SCSA Methodology for stakeholders

The sectoral cybersecurity security assessment provides a comprehensive approach of the multi-faceted aspects presented by complex multi-stakeholder ICT systems and it features the following benefits:

- The security of a sectoral system requires synchronisation across all participating stakeholders. SCSA introduces comparability of security and assurance levels between different stakeholders’ systems and system components. SCSA enables building open multi-stakeholder ecosystems even among competitors to the benefit of suppliers and customers.
- The risk-based approach supports transparency and a sound balance between the cost for security and certification and the benefit of mitigating ICT-security-related business risks for each concerned stakeholder.
- Security measures can focus on the critical components, optimising the security architecture of the sectoral system, hence minimising cost of security.
- SCSA generates accurate and consistent information on security and certification level requirements for all relevant ICT subsystems, components or processes. On this basis, suppliers can match their products to their customers’ requirements.
- SCSA supports the integration of existing risk management tools and information security management systems (ISMS).
- Due to a consistent definition of assurance levels, the re-use of certificates from other cybersecurity certification schemes is supported.

Leave a comment , ,

CISA and FBI observe the increased use of Conti ransomware

Agency News, Cyber Security CII sector, Industry News

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have observed the increased use of Conti ransomware in more than 400 attacks on U.S. and international organizations. (See FBI Flash: Conti Ransomware Attacks Impact Healthcare and First Responder Networks.) In typical Conti ransomware attacks, malicious cyber actors steal files, encrypt servers and workstations, and demand a ransom payment.

To secure systems against Conti ransomware, CISA, FBI, and the National Security Agency (NSA) recommend implementing the mitigation measures described in this Advisory, which include requiring multi-factor authentication (MFA), implementing network segmentation, and keeping operating systems and software up to date.

Technical Details

While Conti is considered a ransomware-as-a-service (RaaS) model ransomware variant, there is variation in its structure that differentiates it from a typical affiliate model. It is likely that Conti developers pay the deployers of the ransomware a wage rather than a percentage of the proceeds used by affiliate cyber actors and receives a share of the proceeds from a successful attack.

Conti actors often gain initial access to networks through:

- Spearphishing campaigns using tailored emails that contain malicious attachments or malicious links;
- Malicious Word attachments often contain embedded scripts that can be used to download or drop other malware—such as TrickBot and IcedID, and/or Cobalt Strike—to assist with lateral movement and later stages of the attack life cycle with the eventual goal of deploying Conti ransomware.
- Stolen or weak Remote Desktop Protocol (RDP) credentials
- Phone calls;
- Fake software promoted via search engine optimization;
- Common vulnerabilities in external assets.

In the execution phase, actors run a getuid payload before using a more aggressive payload to reduce the risk of triggering antivirus engines. CISA and FBI have observed Conti actors using Router Scan, a penetration testing tool, to maliciously scan for and brute force routers, cameras, and network-attached storage devices with web interfaces. Additionally, actors use Kerberos attacks to attempt to get the Admin hash to conduct brute force attacks.

Conti actors are known to exploit legitimate remote monitoring and management software and remote desktop software as backdoors to maintain persistence on victim networks. The actors use tools already available on the victim network—and, as needed, add additional tools, such as Windows Sysinternals and Mimikatz—to obtain users’ hashes and clear-text credentials, which enable the actors to escalate privileges within a domain and perform other post-exploitation and lateral movement tasks. In some cases, the actors also use TrickBot malware to carry out post-exploitation tasks.

According to a recently leaked threat actor “playbook,” Conti actors also exploit vulnerabilities in unpatched assets, such as the following, to escalate privileges and move laterally across a victim’s network.

Leave a comment , , , ,

UK and US cyber security leaders meet to discuss shared threats and opportunities

Agency News, Cyber Security CII sector, Industry News

National Cyber Security Centre CEO and Director of the US Cybersecurity and Infrastructure Security Agency met in London.

Top cyber security officials from the UK and US affirmed their commitment to tackling ransomware in their first official face-to-face engagement.

Lindy Cameron, CEO of the National Cyber Security Centre – a part of GCHQ – met with Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency to discuss their organisations’ priorities, including combatting ransomware.

During their bi-lateral meeting in London they reflected on the impact of ransomware attacks this year and the need for industry collaboration to complement government’s operational efforts against ransomware.

NCSC Chief Executive Lindy Cameron said:

“It was a pleasure to host Director Easterly for our first in-person bi-lateral meeting to discuss the critical issues in cyber security today.

“Ransomware is a serious and growing security threat that cuts across borders, and it is important for us to maintain a continuing dialogue with our closest ally to tackle it.”

The issue of gender diversity was also on the agenda, with both agreeing that more needed to be done to remove barriers to entry into the profession for women and girls.

They discussed the NCSC’s CyberFirst Girls Competition, which aims to get more girls interested in cyber through fun but challenging team events for teenagers, and CISA’s ongoing commitment to expanding opportunities for young women and girls to pursue careers in cyber security and technology and closing the gender gap that exists in these fields.

The two leaders also discussed government collaboration with industry, including the NCSC’s Industry 100 scheme and CISA’s Joint Cyber Defense Collaborative.

The Industry 100 scheme has integrated public and private sector talent in the UK to pool their knowledge to tackle key cyber security issues. The Joint Cyber Defense Collaborative has similarly bought American public and private sector entities together to unify crisis action planning and defend against threats to U.S. critical infrastructure.

Leave a comment , , , ,

Electricity Grid Resilience

Agency News, Power/Energy/Oil & Gas sector

The nation’s grid delivers electricity that is essential for modern life. However, the grid faces risks from events that can damage electrical infrastructure (such as power lines) and communications systems, resulting in power outages. These outages can threaten the nation’s economic and national security.

They can also disproportionately affect low-income groups, in part because such groups have fewer resources to invest in backup generators and other measures to minimize the impact of outages.Even though most of the electricity grid is owned and operated by private industry, the federal government plays a key role in enhancing grid resilience.
• The Department of Homeland Security (DHS) is responsible for coordinating the overall federal effort to promote the security and resilience of the nation’s critical infrastructure sectors.
• The Department of Energy (DOE) leads federal efforts to support electricity grid resilience, including research and technology development by national laboratories.
• The Federal Energy Regulatory Commission (FERC) reviews and approves standards developed by the North American Electric Reliability Corporation, the federally designated U.S. electric reliability organization.

Key Issues
The electricity grid faces multiple risks that can cause widespread power outages.
Risks:
- Extreme weather and climate change
- Cyber- and physical attacks
- Electromagnetic events

In addition to the risks described in the prior page, the electric utility industry faces complex challenges and transformations, including:
• aging infrastructure;
• adoption of new technologies, such as information and communication systems
to improve the grid’s efficiency; and
• a changing mix of power generation. The traditional model of large, centralized power generators is evolving as retiring generators are replaced with variable wind and solar generators, smaller and more flexible natural gas generators, and nontraditional resources. Such resources include demand-response activities which encourage consumers to reduce their demand for electricity when the cost to generate electricity are high, and various technologies (e.g., solar panels) that generate electricity at or near where it will be used—known as “distributed generation.”

Key Opportunities
Agencies have implemented several of GAO’s recommendations for improving electricity grid resilience. For example, in March 2016, we recommended that DHS designate roles and responsibilities within the department for addressing electromagnetic risks, which DHS did in 2017. However, as of September 2021, agencies had not yet implemented a number of GAO recommendations that represent key opportunities to mitigate risks in the following areas:

- Extreme weather and climate change - Prioritize efforts and target resources effectively. Enhance grid resilience efforts. Better manage climate-related risks
- Cyberattacks - Assess all cybersecurity risks. Address risks to distribution systems Consider changes to current standards. Evaluate potential risks of a coordinated attack

Leave a comment , , ,

Panama City, FL Strengthens Critical Infrastructure for Future Disasters

Agency News, Industry News, Power/Energy/Oil & Gas sector

FEMA has approved grants of more than $4.7 million for two hazard mitigation projects for the city of Panama City to reduce its risk of critical facility failure during future disasters. Funding from FEMA’s Hazard Mitigation Grant Program (HMGP) was approved in response to a proposal by the city after Hurricane Michael in 2018.

Millville Wastewater Treatment Plant: $2,653,956 for the purchase and installation of twin permanent generators to support the critical operations of the plant. They will be connected to the main electrical transfer system by a switchgear and an underground duct bank, which provide a protected pathway for electrical transmission and allow the city to provide continued service to the community during future power outages.

Sanitary Sewer Lift Stations: $2,052,265 for Phase One in a proposed project to provide flood protection and improvements to 13 sanitary sewer lift stations within the city, including surveying, engineering, design, plan preparation, permitting and the bidding for Phase Two approval. If approved, the project proposes different mitigation actions depending on the needs and assessment of each of the 13 sites to include relocation, elevation or strengthening against storm surge and wave-action hazards.

The HMGP provides funding to help communities eliminate or reduce disaster-related damage. Following a major disaster, a percentage of a state’s total federal recovery grants is calculated to help develop more resilient communities. Florida has an Enhanced Hazard Mitigation Plan that allows more funding to be available for post-disaster resilience projects. States with the enhanced plan receive HMGP funds based on 20% of their total estimated eligible federal disaster assistance.

Leave a comment , ,

Early warning systems saving lives during Nepal’s monsoon

Agency News, Industry News, Water sector

For days leading up to the disaster, Mr. Harisaran Shrestha had been listening to warnings about floods in the Melamchi, a river that flows through the foothills of the Himalayas in central Nepal. At least one local FM radio was repeatedly broadcasting notices about the possible release of water from the reservoir of a nearby drinking-water project and urging the public to avoid river banks and to refrain from activities like fishing, sand mining, and gravel collecting.

The local police and representatives were also issuing similar warnings around the town via microphones and loudspeakers.

Owing to these forewarnings, when the flood eventually hit his hometown, Melamchi Bazar, northeast of Kathmandu in Sindhupalchowk district, in June 2021, Mr. Shrestha was better prepared to react to the deluge. “As soon as it became apparent that the flood was going to sweep the entire town, I used my bus to ferry women, children, and disabled people in the neighbourhood to a safer location,” said Mr. Shrestha.

On June 15, just an hour after the final warning from the radio and police announcement on loudspeaker, massive floods near the confluence of the Melachmi River and the Indrawati River swept through the settlements near Shrestha’s hometown, killing at least five people and destroying property worth millions of rupees. At least a dozen people remain missing more than two months after one of the worst disasters in the town's history.

Despite saving many lives, Mr. Shrestha could not save his belongings because he had underestimated the scale of the disaster. “Our home was at a considerable distance from the river. It never occurred to me that the swollen river’s waters would reach this far,” Mr. Shrestha recalled in an interview.

Now displaced by the flood, Mr. Shrestha, 38, has been living with a family of six in a temporary shelter. The river, which has changed its course, now runs through his home and farmland.

“The river took everything. Thankfully, all of us are safe,” said Mr. Shrestha.

Mr. Dev Raj Subedi, the manager of Radio Melamchi, which issued the flood warnings, said that the alerts had proved effective in saving hundreds of lives, although only a few households managed to save some of their possessions--those they could carry with them. Radio Melamchi has been ritually providing flood-related warnings to the municipality’s estimated 50,000 inhabitants for the last few years, especially after the Melamchi Drinking Water Project gathered momentum in the 2010s.

“We issued the warning as soon as a government official informed us about the flood upstream. The warning proved especially helpful in the town area, whose inhabitants had the means to access the warning. That was one of the reasons there were no deaths in the town area,” shared Mr. Subedi.

Melamchi’s case is the latest example of how the growing use of mass media and early warning systems through data collected from meteorological and hydrological stations and rainfall-runoff model is proving effective in saving lives in Nepal, which is highly susceptible to disasters, owing to its topography and its hundreds of big and small rivers.

Every year, floods and landslides wreak havoc in Nepal, leading to huge numbers of casualties and untold destruction of property. Hill settlements are particularly vulnerable to landslides and flash floods, while riverine floods routinely deluge the lowland areas bordering India.

Every year during the rainy season, hundreds of families lose their house, agricultural yield, and means of livelihood, pushing them further into poverty.

Between 13 April to 16 October in 2020, floods and landslides killed at least 337 Nepalis, wiped out thousands of houses, and destroyed property worth billions of rupees, according to an estimate by Nepal’s Ministry of Home Affairs. More than 100 people remain missing on account of those floods.

Numerous factors including the 2015 earthquake, infrastructural projects and climate change have contributed to increasing disasters, according to experts. For instance, Sindhupalchowk district, the epicenter of the 7.8 magnitude earthquake that rattled Nepal in 2015, has seen a marked increase in landslides and floods following the tragedy that killed over 9,000 people.

Mr. Bikram Shrestha Zoowa, a senior Divisional Hydrologist at the Department of Hydrology and Meteorology, in Kathmandu, said that climate-induced hazards and unplanned development are emerging as challenges in recent decades.

Examples include recent disasters such as the Setigandaki flood in Kaski, Jure landslide-Sindhupalchowk in 2014, a Glacial Lake Outburst Flood (GLOF) in Tibet immediately above the Bhotekoshi River in Sindhupalchowk in 2016; a dry landslide in the Kaligandaki Corridor after the 2015 earthquake, another GLOF in Barun valley obstructing the flow of Arun River in 2017, and numerous climate-induced landslides during the 2020 monsoon and this year, said Mr. Shrestha Zoowa.

“Human interventions such as road construction in hill slopes without considering geological studies are certainly the causes of the region’s geological fragility, which results in small and big landslides in hilly regions. This is the man-made effect in addition to earthquakes responsible for hazards.”

According to the latest Intergovernmental Panel on Climate Change report, global temperature is expected to reach or exceed 1.5 degrees Celsius of warming averaged over the next 20 years. In 2019, a landmark report

by the International Centre for Integrated Mountain Development, an intergovernmental center based in Nepal, warned that a two-degree temperature rise could melt half of the glaciers in the Hindu Kush Himalaya region, destabilising Asia’s rivers.

In recent years, to minimise loss of life and property, an increasing number of communities vulnerable to disasters have begun to integrate social media platforms--such as Facebook and Twitter--and other technologies to provide early warnings. And as with Radio Melamchi, more than 500 FM radio stations across Nepal are being used to disseminate news and timely warnings. Many other local bodies are integrating SMS text messages to provide real-time alerts for people living in disaster-prone zones.

In Kailali, a western Nepal district bordering India’s Uttar Pradesh, flood warnings through SMS alerts and phone calls have proven effective in saving lives in settlements spread along the Karnali River Basin.

“When massive floods hit our village in 2016, most of the villagers with mobile phones had received SMS alerts three hours before the disaster. Those three hours gave us ample time to save not just our lives, but also our livestock and essentials like some grains and documents,” said Ms. Sajita Tharu of Laxmipur village in Kailali district. “Thankfully, we have not faced that kind of flood in recent years but we continue to receive alerts if water rises above the danger level. That allows us to remain mentally prepared and save essentials in case the flood hits us.”

As part of the community-based early warning approach, residents living in catchment areas constantly pass on information about the water level in their area to residents of villages downstream. The community groups also get constant flood alerts from the Department of Hydrology’s regional station. The alerts--including text messages, phone calls, and information from weatherboards--are widely circulated by the members of the Community Disaster Management Committees, which were formed by programs designed to enhance the communities’ flood resilience. Most members of these user committees are women, as many working-age men migrate to India or other countries in search of jobs.

Ms. Manakala Kumari Chaudhari, the deputy mayor of Rajapur Municipality in far-western Nepal, said that the timely early warning system in his area has been instrumental in saving lives and properties. As soon as the water level rises above the danger level upstream, several people who own mobile phones in his municipality--a delta created by the Karnali River--receive warnings.

“Save for some exceptions, most locals respond to warnings and take the required safety measures. The timely alerts also provide ample time for all stakeholders to make the necessary preparations for disasters,” said Ms. Chaudhari.

Such timely warnings are critical because they provide enough time to save lives. The area is susceptible to constant floods from big rivers like the Karnali and Babai and from small streams, which are usually dry in other seasons.

In preparation for the seasonal floods, communities in western Nepal have also built community shelters, animal sheds to shelter their livestock and grain-storage facilities to save grains.

Since Nepal adopted federalism in 2015, there have been efforts at all three levels of government to embrace disaster-resilience policies. The central government, the provincial government, as well as many local governments have adopted policies related to disaster risk reduction. Recently, under the Home Ministry, the National Disaster Risk Reduction and Management Authority prepared the National Monsoon Early Preparedness and Response Work Plan

2021. However, questions remain around the implementation of these policies and the authorities’ ability to handle large-scale disasters, especially owing to their lack of resources. Moreover, growing landslides along newly constructed highways, hydropower projects and other infrastructures-- many of which were cleared after proper Environment Impact Assessment--- have reinforced the need for better policies to promote resilient infrastructure.

But overall, the early warning systems seem to be reducing the impacts of floods in many parts of Nepal. Mr. Shrestha Zoowa, the hydrologist, said that early warning systems have proven effective in saving hundreds of lives every year, especially in vulnerable settlements along big rivers such as the Karnali, Babai, Narayani, and Koshi. The data gathered from weather stations, rainfall-runoff models are disseminated in form of daily bulletins through various media platforms, while the weather forecast relies on the Weather Research and Forecasting model, an advanced numerical weather prediction framework designed for operational forecasting and atmospheric research needs.

In recent years, the Department of Hydrology and Meteorology has been working with various non-governmental organizations in developing disaster information management systems and online databases to provide real-time information to augment its early warning systems.

The Disaster Risk Reduction Portal and Nepal Government GeoPortal, among other platforms, provide information gathered from various hydro-meteorological stations in Rasuwa, Solukhumbu, Kaski, Dolpa, Humla, Dolakha, Jumla, Sankhuwasabha and Manang districts.

“For most flood events, we have effective plans, technologies, and historical information to issue timely and reliable warnings to vulnerable settlements. But we lack an effective early warning system for flash floods in the hills and for settlements along small rivers, which are highly unpredictable,” said Mr. Shrestha Zoowa.

Nepal also needs to do more to ensure that people respond to early warnings. Although many local communities are making good use of weather forecasts and flood alerts, some are unable to take advantage of the information, often because they lack the economic means and/or technical knowledge to know what to do. Often the warning messages come with technical jargon and they may not effectively relay the impact information of the disaster relevant to people’s day to day life and experience. “The early warning systems have become much better over the years but there is still a lot to be done,” said Mr. Shrestha Zoowa.

Leave a comment , , ,

The basis for safer digital finance

Cyber Security CII sector, Industry News

The transformations we are seeing in numerous fields – from energy and mobility to health care, agriculture, and financial services – all hinge on digital technologies, along with an array of associated business ecosystems. All these technologies and systems must be reliable, secure and deserving of our trust.

The Financial Inclusion Global Initiative (FIGI) is an open framework for collaboration led by the International Telecommunication Union (ITU), the World Bank Group, and the Committee on Payments and Market Infrastructures (CPMI).

Our partnership brings together the expertise to accelerate digital financial inclusion. With the support of the Bill & Melinda Gates Foundation, we have brought together the full range of stakeholders set to benefit from this expertise.

The World Bank Group and CPMI have helped to build a strong understanding of the policy considerations surrounding digital identity and incentivizing the use of electronic of payments.

ITU’s work has focused on security, infrastructure and trust – secure financial applications and services, reliable digital infrastructure, and the resulting consumer trust that our money and digital identities are safe.
No more secrets

Considering the prevalence of data breaches, the need for strong authentication is clear, with discussions in the industry often noting that “there are no secrets anymore.”

New ITU standards for a universal authenticator framework (X.1277) and client-to-authenticator protocol (X.1278) are helping overcome the security limitations of the "shared secret" approach, the basis for the widely familiar username-password model of authentication.

Users can now authenticate locally to their device using biometrics, with the device then authenticating the user online with public key cryptography. With the new standards, users are asked to authenticate locally to their device only once, and their biometric data never leaves the device. This model avoids susceptibility to phishing, man-in-the-middle attacks, or other forms of attack targeting user credentials.

FIGI engagement helped to usher these specifications, first developed by the FIDO (Fast Identity Online) Alliance, into the ITU standardization process to stimulate their adoption globally. Authentication options consistent with X.1277 and X.1278 are now supported by most devices and browsers on the market.
Fortifying a walled garden

In developing countries, digital financial services are often provided over Signalling System No.7 (SS7), a legacy network protocol standardized by ITU in the late 1970s. SS7 enables all network operators to interconnect and looks sure to remain in use for years to come.

But security was not considered in its design. SS7 was designed as a walled garden. Entry to the SS7 network was intended to be highly regulated, with only trusted network operators being granted access. But malicious actors have since found various ways to get hold of the keys, especially since some of the initial design and deployment assumptions were no longer valid with the introduction of deregulation, voice over IP, and mobile networks.

FIGI has worked to raise awareness about SS7’s security vulnerabilities and associated mitigation techniques. As the need to mitigate these vulnerabilities increases, network operators can look to ITU’s new Q.3057 standard outlining signalling requirements and architecture for interconnection between trustable network entities. This is another standard rooted in FIGI discussions.
Reliable, widely available connectivity

Trust in digital financial services is also acutely affected by the reliability and availability of connectivity. Network downtime and transaction failures resulting from dropped connections can erode the trust of consumers and merchants in digital financial services.

Investment in digital infrastructure must continue, with the industry adopting meaningful, widely accepted benchmarks for service quality. ITU standards specify the route towards reliable, interoperable network infrastructure, and they provide a wide range of tools to assess the performance and quality of the services running over this infrastructure.

FIGI highlighted the demand for service quality indicators specific to digital financial services. With the expertise on hand at ITU, we have delivered new standards describing key quality considerations for digital financial services (ITU G.1033) and a methodology to assess the quality of user experience (ITU P.1052).
Security across the value chain
Every industry player involved in providing digital financial services has to be concerned about security risks. Security is only as strong as its weakest link, and innovation in digital finance continues to extend the length and increase the complexity of the underlying value chain.

Secure digital finance calls for coordinated defences that are attuned to evolving security threats. A key FIGI report outlines the security assurance framework needed to achieve this for each actor in the digital finance value chain.

The best practices suggested by the framework could form the basis for a safer business ecosystem. They reflect the needs of everyone involved, from customers to network operators and digital finance providers, right through to third-party providers interfacing with the financial system.

[Source: ITU]
Leave a comment , , ,

ICC and RESNET to Develop Standard on Remote Virtual Inspections for Energy and Water Performance in Buildings

Industry News, Water sector

The International Code Council, the leading global source of model codes and standards and building safety solutions, and RESNET, a national standards-making body for energy efficiency ratings and certification systems, will continue their long history of collaboration by developing a new American National Standards Institute (ANSI) candidate standard on remote virtual inspections (RVI) for the energy and water use performance of buildings. Previously, the two organizations have worked together to develop a new certification designation, the International Energy Conservation Code (IECC)/Home Energy Rating System (HERS) Compliance Specialist, and four other ANSI standards. Most recently, they advocated and received recognition of the Home Energy Rating System (HERS®) Index within California.

The new standard will provide guidance for implementing RVI for energy code compliance and for energy and water efficiency performance. Performance raters will be provided criteria to check all aspects of permitted construction for compliance with energy codes and other energy-related applicable laws and regulations. As a next step, a new Standard Development Committee will be formed to develop and maintain the standard with the Code Council and RESNET appointing representatives – both separately and jointly.

“Building construction is rapidly evolving and jurisdictions are being challenged to adapt,” said Mark Johnson, Executive Vice President & Director of Business Development, International Code Council. “The need for new inspection methods has been building for a while as the inspector workforce has shrunk and jurisdictions’ resources have come under financial pressure. The pandemic also increased the pressure to evolve, and quickly.”

RVI is a tool to address these problems and organizations such as the Code Council have developed guidance documents to assist code enforcement entities.

“As more code enforcement departments begin their digital transformation and adopt technologies like RVI, there needs to be standardized criteria for how it is implemented,” said Steve Baden, Executive Director, RESNET. “A national consensus standard for RVI as it applies to energy- and water-use efficiency inspections and ratings will both provide code enforcement authorities with assurance that the ratings they adopt for code compliance are reliable, as well as advance the efficiency and efficacy potentials of these new approaches to determining code compliance.”

The standard would be co-sponsored by the Code Council and RESNET and developed using RESNET’s ANSI accredited procedures as an American National Standard by ANSI. For more information on RVI, the Code Council released a whitepaper, Recommended Practices for Remote Virtual Inspections (RVI), which will be the foundation for the development of the new consensus standard.

Leave a comment , , ,
1 28 29 30 31 32 55