Category: Power/Energy/Oil & Gas sector

Power/Energy/Oil & Gas sector

CISA Developed Cross-Sector Recommendations to Help Organizations Prioritize Cybersecurity Investments

Agency News, Cyber Security CII sector, Industry News, Power/Energy/Oil & Gas sector

The Department of Homeland Security released the Cybersecurity Performance Goals (CPGs), voluntary practices that outline the highest-priority baseline measures businesses and critical infrastructure owners of all sizes can take to protect themselves against cyber threats. The CPGs were developed by DHS, through the Cybersecurity and Infrastructure Security Agency (CISA), at the direction of the White House. Over the past year, CISA worked with hundreds of public and private sector partners and analyzed years of data to identify the key challenges that leave our nation at unacceptable risk. By clearly outlining measurable goals based on easily understandable criteria such as cost, complexity, and impact, the CPGs were designed to be applicable to organizations of all sizes. This effort is part of the Biden-Harris Administration’s ongoing work to ensure the security of the critical infrastructure and reduce our escalating national cyber risk.

“Organizations across the country increasingly understand that cybersecurity risk is not only a fundamental business challenge but also presents a threat to our national security and economic prosperity,” said Secretary of Homeland Security Alejandro N. Mayorkas. “The new Cybersecurity Performance Goals will help organizations decide how to leverage their cybersecurity investments with confidence that the measures they take will make a material impact on protecting their business and safeguarding our country.”

CISA developed the CPGs in close partnership with the National Institute for Standards and Technology (NIST). The resulting CPGs are intended to be implemented in concert with the NIST Cybersecurity Framework. Every organization should use the NIST Cybersecurity Framework to develop a rigorous, comprehensive cybersecurity program. The CPGs prescribe an abridged subset of actions – a kind of “QuickStart guide” – for the NIST CSF to help organizations prioritize their security investments.

“To reduce risk to the infrastructure and supply chains that Americans rely on every day, we must have a set of baseline cybersecurity goals that are consistent across all critical infrastructure sectors,” said CISA Director Jen Easterly. “CISA has created such a set of cybersecurity performance goals to address medium-to-high impact cybersecurity risks to our critical infrastructure. For months, we’ve been gathering input from our partners across the public and private sectors to put together a set of concrete actions that critical infrastructure owners can take to drive down risk to their systems, networks and data. We look forward to seeing these goals implemented over the coming years and to receiving additional feedback on how we can improve future versions to most effectively reduce cybersecurity risk to our country.”

“The Biden-Harris Administration has relentlessly focused on securing our Nation’s critical infrastructure since day one,” said Deputy National Security Advisor for Cyber and Emerging Technologies Anne Neuberger. “CISA has demonstrated tremendous leadership in strengthening our critical infrastructure’s cyber resilience over the last year. The Cyber Performance Goals build on these efforts, by setting a higher cybersecurity standard for sectors to meet.”

“Given the myriad serious cybersecurity risks our nation faces, NIST looks forward to continuing to work with industry and government organizations to help them achieve these performance goals,” said Under Secretary of Commerce for Standards and Technology and NIST Director Laurie E. Locascio. “Our priority remains bringing together the right stakeholders to further develop standards, guidelines and practices to help manage and reduce cybersecurity risk.”

In the months ahead, CISA will actively seek feedback on the CPGs from partners across the critical infrastructure community and has established a Discussions webpage to receive this input. CISA will also begin working directly with individual critical infrastructure sectors as it builds out sector-specific CPGs in the coming months.

To access these new CPGs visit CISA.gov/cpgs.

Leave a comment , , , , ,

Study uses AI to predict fragility of power grid networks - double trouble when 2 disasters strike electrical transmission infrastructure

Industry News, Power/Energy/Oil & Gas sector

One disaster can knock out electric service to millions. A new study suggests that back-to-back disasters could cause catastrophic damage, but the research also identifies new ways to monitor and maintain power grids.

Researchers at The Ohio State University have developed a machine learning model for predicting how susceptible overhead transmission lines are to damage when natural hazards like hurricanes or earthquakes happen in quick succession.

An essential facet of modern infrastructure, steel transmission towers help send electricity across long distances by keeping overhead power lines far off the ground. After severe damage, failures in these systems can disrupt networks across affected communities, taking anywhere from a few weeks to months to fix.

The study, published in the journal Earthquake Engineering and Structural Dynamics, uses simulations to analyze what effect prior damage has on the performance of these towers once a second hazard strikes. Their findings suggest that previous damage has a considerable impact on the fragility and reliability of these networks if it can’t be repaired before the second hazard hits, said Abdollah Shafieezadeh, co-author of the study and an associate professor of civil, environmental and geodetic engineering.

“Our work aims to answer if it’s possible to design and manage systems in a way that not only minimizes their initial damage but enables them to recover faster,” said Shafieezadeh.

The machine learning model not only found that a combination of an earthquake and hurricane could be particularly devastating to the electrical grid, but that the order of the disasters may make a difference. The researchers found that the probability of a tower collapse is much higher in the event of an earthquake followed by a hurricane than the probability of failure when the hurricane comes first and is followed by an earthquake.

That means while communities would certainly suffer some setbacks in the event that a hurricane precedes an earthquake, a situation wherein an earthquake precedes a hurricane could devastate a region’s power grid. Such conclusions are why Shafieezadeh’s research has large implications for disaster recovery efforts.

“When large-scale power grid systems are spread over large geographic areas, it’s not possible to carefully inspect every inch of them very carefully,” said Shafieezadeh. ”Predictive models can help engineers or organizations see which towers have the greatest probability of failure and quickly move to improve those issues in the field.”

After training the model for numerous scenarios, the team created “fragility models” that tested how the structures would hold up under different characteristics and intensities of natural threats. With the help of these simulations, researchers concluded that tower failures due to a single hazardous event were vastly different from the pattern of failures caused by multi-hazard events. The study noted that many of these failings occurred in the leg elements of the structure, a segment of the tower that helps bolt the structure to the ground and prevents collapse.

Overall, Shafieezadeh said his research shows a need to focus on re-evaluating the entire design philosophy of these networks. Yet to accomplish such a task, much more support from utilities and government agencies is needed.

“Our work would be greatly beneficial in creating new infrastructure regulations in the field,” Shafieezadeh said. “This along with our other research shows that we can substantially improve the entire system’s performance with the same amount of resources that we spend today, just by optimizing their allocation.”

This work was supported by the Korea Institute of Energy Technology Evaluation and Planning (KETEP) and the Ministry of Trade, Industry & Energy of the Republic of Korea (MOTIE).

Leave a comment , , ,

WMO issues guidelines on coastal flooding early warning systems

Industry News, Power/Energy/Oil & Gas sector, Water sector

New WMO Guidelines on the Implementation of a Coastal Inundation Forecasting Early Warning System offer solid and practical advice for countries, donors and experts seeking to set up early warning systems against an increasing hazard.

The guidelines are a contribution to the UN Early Warnings for All initiative and reflect the high priority needs of small island developing States (SIDS) and Least Developed Countries that are particularly vulnerable to these coastal hazards.

“The severity of the impacts of disasters, especially on coastal communities, is well known and documented. A contributing factor is the increasing intensity and frequency of meteorological and oceanographical hazards caused by climate change, including sea-level rise, which can seriously affect SIDS and other coastal nations,” state the guidelines.

“It is critical to recognize that coastal inundation can result from single or multiple hazards, and that it is being exacerbated by the impacts of climate change, especially associated with sea-level rise."

“Coastal inundation events are an increasing threat to the lives and livelihoods of people living in low-lying, populated coastal areas. Furthermore, the issues for most countries that have vulnerable coastlines are the increasing level of development for fishing, tourism and infrastructure, and the sustainability of their communities,” it says.

The new guidelines were presented during a side event during WMO’s Commission for Weather, Climate, Water and Related Environmental Services and Applications (SERCOM), attended by more than 140 participants from all over the globe, including the South Pacific, the Caribbean, and Africa.

WMO is grateful to the Climate Risk and Early Warning Systems Initiative and the Korean Meteorological Administration for financial support.

These guidelines are based on the successful implementation of demonstration systems in four countries between 2009 and 2019 through the Coastal Inundation Forecasting Demonstration Project, which included a special focus on Pacific islands. They also incorporate key principles of WMO's Flash Flood Guidance System (FFGS) and the Severe Weather Forecast Programme.

The aim is to be a “one-stop” shop that countries can follow to prepare and implement their own coastal inundation forecasting early warning system. It provides a straightforward 10 step process with templates featuring policy, management and technical processes that countries or regions can use to build their own early warning system, from vision through to “go-live” implementation. As such information is not always readily available in many countries, these guidelines have concentrated on these features in developing and building a system, including necessary information for sponsors and advice on the resources necessary for success.

The Guidelines are also a registered activity of the United Nations Decade of Ocean Science for Sustainable Development.

Leave a comment , , , ,

Burying short sections of power lines could drastically reduce hurricanes' impact on coastal residents

Industry News, Power/Energy/Oil & Gas sector

Princeton researchers funded by the U.S. National Science Foundation investigated the risk of this compound hazard occurring in the future under a business-as-usual climate scenario, using Harris County, Texas, as one example. They estimated that the risk of a hurricane-blackout-heat wave lasting more than five days in a 20-year span would increase 23 times by the end of the century.

But there is good news: Strategically burying just 5% of power lines — specifically those near main distribution points — would almost halve the number of affected residents.

"The results of this work, part of NSF's Coastlines and People Megalopolitan Coastal Transformation Hub, show the value of convergence science approaches for developing actionable solutions to society's major challenges, such as the increasing frequency of storm events," says Rita Teutonico, director of NSF's CoPe program.

Heat waves are among the deadliest types of weather events and can become even more dangerous when regions that rely on air conditioning lose power. Historically, a heat wave following a hurricane has been rare because the risk of extreme heat usually passes before the peak of the Atlantic hurricane season in late summer. As global temperatures rise, however, heat waves are expected to occur more often and hurricanes are likely to become more common and more severe, increasing the odds of hurricane-blackout-heat wave events.

"Hurricane Laura in 2020 and Hurricane Ida in 2021 both had heat waves following them after they destroyed the power distribution network," said Ning Lin, a civil and environmental engineer who led the study. "For this compound hazard, the risk has been increasing, and it is now happening."

In a new study, published in Nature Communications, Lin and co-authors looked at the risks associated with the compound hazard and how infrastructure changes could mitigate the potentially deadly effects. They combined projections of how often and when hurricanes and heat waves would strike in the future with estimates of how quickly power could be restored in areas with outages after a major storm.

The team chose Harris County — the home of Houston — as their model county because it has the highest population density of any city on the Gulf Coast. Hurricanes Harvey and Ike both walloped Houston, causing an estimated 10% of residents to lose power.

The team also considered power grid improvements that would reduce the impact of a hurricane-blackout-heat wave for residents. Burying 5% of wires near the roots of the distribution network would reduce the expected percentage of residents without power from 18.2% to 11.3%.

"Mostly, our current practice is randomly burying lines," Lin said. "By burying lines more strategically, we can be more efficient and more effective at reducing the risk."

Leave a comment , , ,

Forest fires: €170 million to reinforce rescEU fleet

Agency News, Health & Social Care, Industry News, Power/Energy/Oil & Gas sector, Telecomms sector, Transport sector, Water sector

Following a record-breaking forest fire season in Europe, the Commission is proposing today €170 million from the EU budget to reinforce its rescEU ground and aerial assets  starting from the summer of 2023. The rescEU transitional fleet would therefore have a total of 22 planes, 4 helicopters as well as more pre-positioned ground teams. As from 2025, the fleet would be further reinforced through an accelerated procurement of airplanes and helicopters.

Commissioner for Crisis Management Janez Lenarčič said: "Due to climate change the number of regions affected by wildfires is increasing, going beyond the traditionally affected Mediterranean countries. The last summers have clearly shown that more firefighting assets are needed at EU-level. By building up our fleet of aerial means and ground forces, the EU will be able to ensure a prompt, flexible response, including in situations where fires are burning in multiple Member States at the same time.”

Commissioner for Budget and Administration, Johannes Hahn said: “While the record-breaking forest fires this summer may have been overshadowed by other crises, today's proposal to reinforce rescEU shows that the EU budget will continue to support those in need. European solidarity across EU Member States remains strong and we are ready to support this solidarity with financial means.”

Wildfires in the EU are increasing in scope, frequency, and intensity. By 1 October, the data for 2022 reveal a 30% increase in the burnt area over the previous worst year recorded (2017) and a more than 170% increase over the average burnt area since EU-level recording started in 2006.

This season, the Emergency Response Coordination Centre  received 11 requests for assistance for forest fires. 33 planes and 8 helicopters were deployed across Europe via the EU Civil Protection Mechanism, which were joined by over 350 firefighters on the ground. In addition, the EU's emergency Copernicus satellite provided damage assessment maps of the affected areas.

Leave a comment , , ,

CISA Directs Federal Agencies to Improve Cybersecurity Asset Visibility and Vulnerability Detection

Agency News, Cyber Security CII sector, Industry News, Power/Energy/Oil & Gas sector, Telecomms sector, Transport sector

The Cybersecurity and Infrastructure Security Agency (CISA) issued a Binding Operational Directive (BOD) 23-01, Improving Asset Visibility and Vulnerability Detection on Federal Networks, that directs federal civilian agencies to better account for what resides on their networks.

Over the past several years, CISA has been working urgently to gain greater visibility into risks facing federal civilian networks, a gap made clear by the intrusion campaign targeting SolarWinds devices. The Biden-Harris Administration and Congress have supported significant progress by providing key authorities and resources. This Directive takes the next step by establishing baseline requirements for all Federal Civilian Executive Branch (FCEB) agencies to identify assets and vulnerabilities on their networks and provide data to CISA on defined intervals.

“Threat actors continue to target our nation’s critical infrastructure and government networks to exploit weaknesses within unknown, unprotected, or under-protected assets,” said CISA Director Jen Easterly. “Knowing what’s on your network is the first step for any organization to reduce risk. While this Directive applies to federal civilian agencies, we urge all organizations to adopt the guidance in this directive to gain a complete understanding of vulnerabilities that may exist on their networks. We all have a role to play in building a more cyber resilient nation.”

CISA is committed to using its cybersecurity authorities to gain greater visibility and drive timely risk reduction across federal civilian agencies. Implementation of this Directive will significantly increase visibility into assets and vulnerabilities across the federal government, in turn improving capabilities by both CISA and each agency to detect, prevent, and respond to cybersecurity incidents and better understand trends in cybersecurity risk.

This Directive is a mandate for federal civilian agencies. However, CISA recommends that private businesses and state, local, tribal and territorial (SLTT) governments review it and prioritize implementation of rigorous asset and vulnerability management programs.

The new Directive can be found at Binding Operational Directive (BOD) 23-01.

Leave a comment ,

NSA, CISA: How Cyber Actors Compromise OT/ICS and How to Defend Against It

Agency News, Cyber Security CII sector, Industry News, Power/Energy/Oil & Gas sector, Telecomms sector

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) published a Cybersecurity Advisory that highlights the steps malicious actors have commonly followed to compromise operational technology (OT)/industrial control system (ICS) assets and provides recommendations on how to defend against them.

“Control System Defense: Know the Opponent” notes the increasing threats to OT and ICS assets that operate, control, and monitor day-to-day critical infrastructure and industrial processes. OT/ICS designs are publicly available, as are a wealth of tools to exploit IT and OT systems.

Cyber actors, including advanced persistent threat (APT) groups, have targeted OT/ICS systems in recent years to achieve political gains, economic advantages, and possibly to execute destructive effects. Recently, they’ve developed tools for scanning, compromising, and controlling targeted OT devices.

“Owners and operators of these systems need to fully understand the threats coming from state-sponsored actors and cybercriminals to best defend against them,” said Michael Dransfield, NSA Control Systems Defense Expert. “We’re exposing the malicious actors’ playbook so that we can harden our systems and prevent their next attempt.”

This joint Cybersecurity Advisory builds on previous NSA and CISA guidance to stop malicious ICS activity and reduce OT exposure. Noting that traditional approaches to securing OT/ICS do not adequately address threats to these systems, NSA and CISA examine the tactics, techniques, and procedures cyber actors employ so that owners and operators can prioritize hardening actions for OT/ICS.

Defenders should employ the mitigations listed in this advisory to limit unauthorized access, lock down tools and data flows, and deny malicious actors from achieving their desired effects.

Leave a comment , , ,

Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization

Agency News, Cyber Security CII sector, Industry News, Power/Energy/Oil & Gas sector

CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA), Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization, highlighting advanced persistent threat (APT) activity observed on a Defense Industrial Base (DIB) Sector organization’s enterprise network. ATP actors used the open-source toolkit, Impacket, to gain a foothold within the environment and data exfiltration tool, CovalentStealer, to steal the victim’s sensitive data.

Joint Cybersecurity Advisory AA22-277A provides the APT actors tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs). CISA, FBI, and NSA recommend DIB sector and other critical infrastructure organizations implement the mitigations in this CSA to ensure they are managing and reducing the impact of APT cyber threats to their networks.

Leave a comment ,

EPA’s proposed changes to chemical disaster prevention rule don’t do enough to keep communities safe

Industry News, Power/Energy/Oil & Gas sector

Coming Clean and the Environmental Justice Health Alliance for Chemical Policy Reform released a report that profiles three chemical incidents that occurred within two weeks this January, and recommends specific safety measures that the Environmental Protection Agency (EPA) should require in order to prevent future chemical disasters.

On August 31, 2022, the EPA published proposed revisions to the Risk Management Program (RMP), which regulates approximately 12,000 high-risk facilities in the U.S. that use or store certain highly hazardous chemicals. EPA was specifically directed by Congress to use this program to prevent disasters, yet more than 140 harmful chemical incidents occur on average every year.

Three such incidents in January, 2022 that are the focus of the report include: a fire at the Winston Weaver Fertilizer plant in North Carolina that caused 6,500 people to evacuate and nearly triggered a deadly ammonium nitrate explosion; an explosion at the Westlake Chemical South plant that caused 7,000 students to shelter in place in the Lake Charles area in Louisiana; and a massive fire that spread to the Qualco chemical plant in Passaic, New Jersey and came dangerously close to igniting an estimated 3 million pounds of hazardous chemicals.

Preventing Disaster offers actionable recommendations the EPA should include in its final rule that could prevent similar incidents from happening in the future, including:

- Requiring all RMP facilities to consider, document, and implement safer chemicals and technologies;
- Expanding the Risk Management Program to cover ammonium nitrate and other hazardous chemicals which remain excluded in the proposed rule;
- Requiring RMP facilities to not only consider the risks posed by natural hazards, as proposed in the draft rule, but to take meaningful steps to prepare for those risks, such as implementing backup power for chemical production and storage processes.

“Overall,” the report concludes, “EPA’s draft rule, rather than adopting common-sense prevention requirements, continues to rely on voluntary actions by high-risk facilities. This approach has failed to prevent many chemical disasters over the last 25 years. If the draft rule is not strengthened, facility workers and neighbors across the country will continue to bear the human, environmental, and financial costs of more preventable disasters.”

“The EPA still has time to get this rule right,” said Steve Taylor, Program Director for Coming Clean, who contributed to the report. “Communities at the fenceline of these hazardous facilities, and the workers inside them, are sick of industry stonewalling and EPA excuses. A stronger rule is needed to ensure that hazards are removed, or we will continue to see more chemical disasters.”

“We’re glad that EPA recognizes the need to reconsider the RMP rule; preventing disasters is a longstanding priority for EJHA. Unfortunately the draft rule is full of more voluntary measures, which decades of incidents have proven do not work.” said Michele Roberts, National Co-Coordinator of the Environmental Justice Health Alliance for Chemical Policy Reform. “We are depending on EPA to have the moral and political courage to keep the promises President Biden has made to our communities— that means a final rule that requires the transition to safer chemicals and processes wherever possible. Removing hazards before disasters can occur is the best way to protect workers and communities.”

View Repor at www.preventionweb.net/publication/preventing-disaster-three-chemical-incidents-within-two-weeks-show-urgent-need-stronger

Leave a comment , , , ,

Building resilience in Palau through early warning systems

Health & Social Care, Industry News, Power/Energy/Oil & Gas sector, Water sector

The residents of Palau have benefitted from effective and low-cost, low-tech early warning systems, installed through the World Meteorological Organisation (WMO) Climate Risk and Early Warning Systems (CREWS) Pilot Project.

Palau initially received sirens which were installed as part of their early warning systems. However, the residents soon realised that these technologies also came with a myriad of challenges, including the sirens breaking down, difficulties in finding back ups or replacement parts, and the cost of maintenance.

These challenges were especially hard on the outlying islands, which did not have regular access to the necessary tools and resources needed to support and maintain the warning sirens.

The CREWS Pacific SIDS Pilot Project introduced the use of low-cost, low-tech early warning systems as a solution. These consisted mainly of bells that were strategically placed around the three initial areas of Ngaraard, Ngiwal and Kayangel.

The Palau National Weather Service took the lead in the implementation of the pilot project, in partnership with the National Emergency Management Office and the Palau Red Cross Society, which was already well established in the community through their Red Cross Disaster Action teams scattered throughout all 16 states of Palau.

Executive Director of the Palau Red Cross Society, Ms Maireng Sengebau, said they had to work with the community and build their capacity to understand what early warning systems are.

“We had to get them to accept these systems and show their support by providing us with a piece of land on which the bells would be installed,” she said.

Once the bells were installed, the Palau Meteorological Service, working in partnership with the Palau Red Cross Society, would meet with various communities and conduct table-top exercises and drills to familiarise them with the early warning systems and to demonstrate how and when they should be used.

"These activities empowered the people in communities. As a result of these meetings, they are now aware of what early warning systems are and why they are important, and also what to do when there is a disaster coming. They have now taken ownership the system and are the ones who operate it and they report to the state government if it needs maintenance.”

These simple early warning systems have contributed greatly to the resilience of the people of Palau.

“I joined the Palau Red Cross in 2017, and growing up, if there was a typhoon we would just buckle down in our houses and pray. Once the typhoon passes, we would wake up the next morning and just wait for government officials to come and bring help,” said Ms Sengebau.

“That is no longer the case. Now, before the typhoon even hits, families know when and how to act. If your house is not strong enough, they need to move to the evacuation shelter. If your house is strong, make sure that your family has a disaster kit.

“There are now things they can do to minimise the damage. Instead of waiting, we can now take action even before a disaster occurs. This is made possible through these early warning systems, and how they have empowered people in communities to act during natural disasters.”

Leave a comment , , ,
1 2 3 4 5 10