Hybrid threats: Council paves the way for deploying Hybrid Rapid Response Teams

The European Council has approved the guiding framework for the practical establishment of the EU Hybrid Rapid Response Teams. This paves the way for such teams to be deployed upon request, to prepare against and counter hybrid threats and campaigns.
Hybrid Rapid Response Teams are one of the key instruments to support EU member states and partner countries in countering hybrid threats as part of the EU Hybrid Toolbox. As one of the key deliverables of the Strategic Compass, they will provide tailored and targeted short-term assistance to member states, Common Security and Defence Policy missions and operations, and partner countries in countering hybrid threats and campaigns.
In a deteriorating security environment, with increasing disinformation, cyber-attacks, attacks on critical infrastructure, instrumentalised migration, and election interference by malign actors, the Hybrid Rapid Response Teams will be an important new capability of the EU to counter new and emerging threats.

National Security Memorandum on Critical Infrastructure Security and Resilience

On April 30, 2024, the White House National Security Council (NSC) published the National Security Memorandum (NSM) on Critical Infrastructure Security and Resilience. This memo builds on the important work that the Cybersecurity and Infrastructure Security Agency (CISA) and agencies across the federal government have been undertaking in partnership with America’s critical infrastructure communities for more than a decade. It also replaces Presidential Policy Directive 21 (PPD-21) on Critical Infrastructure Security and Resilience, which was issued more than a decade ago to establish national policy on critical infrastructure security and resilience.
Why Now?
Image of infrastructure-related icons over glowing, streaks of blue and white  lights
The threat environment has significantly changed since PPD-21 was issued, shifting from counterterrorism to strategic competition, advances in technology like Artificial Intelligence, malicious cyber activity from nation-state actors, and the need for increased international coordination. This change in the threat landscape, along with increased federal investment in U.S. critical infrastructure, prompted the need to update PPD-21 and issue the new memo.
The NSM will help ensure U.S. critical infrastructure can provide the nation a strong and innovative economy, protect American families, and enhance our collective resilience to disasters before they happen, strengthening the nation for generations to come. This NSM specifically:
- Empowers the Department of Homeland Security to lead a whole-of-government effort to secure U.S. critical infrastructure, with CISA acting as the National Coordinator for the Security and Resilience of U.S. Critical Infrastructure. The Secretary of Homeland Security will be required to submit to the President a biennial National Risk Management Plan that summarizes U.S. government efforts to mitigate risk to the nation’s critical infrastructure.
- Reaffirms the designation of 16 critical infrastructure sectors and establishes a federal department or agency responsible for managing risk within each of these sectors.
- Elevates the importance of minimum security and resilience requirements within and across critical infrastructure sectors, consistent with the National Cyber Strategy, which recognizes the limits of a voluntary approach to risk management in the current threat environment.
PPD-21 pre-dates the establishment of CISA. CISA actively engaged in updating the framework established by PPD-21 to detail how the U.S. government secures and protects critical infrastructure from cyber and physical threats.
CISA has already been working toward the goals of the NSM. We have already re-established the Federal Senior Leadership Council, which has made impressive strides through the FSLC’s robust collaboration model toward meeting our shared goals. When the FSLC was re-chartered, the group not only took on new authorities, but a heavy lift to inform how we define, modernize, and protect our critical infrastructure sectors.

Download latest Preliminary Conference Programme Guide for CIPRE

As someone responsible in your organisations for critical assets and/or infrastructure, Critical Infrastructure Protection and Resilience Europe is the leading conference that will keep you abreast of the changes in legislation, current threats and latest developments.

Download the Preliminary Conference Programme Guide at www.cipre-expo.com/guide.

What is the new directive on the Resilience of Critical Entities...

The Directive on the Resilience of Critical Entities entered into force on 16 January 2023. Member States have until 17 October 2024 to adopt national legislation to transpose the Directive.

The Directive aims to strengthen the resilience of critical entities against a range of threats, including natural hazards, terrorist attacks, insider threats, or sabotage, as well as public health emergencies.

Are you up to date on this legislation, and do you know what you need to do to be compliant?

Get updated on the NIS2 Directive and what it means to you...

An important discussion will centre around the EU cybersecurity rules introduced in 2016 and updated by the NIS2 Directive that came into force in 2023. It modernised the existing legal framework to keep up with increased digitisation and an evolving cybersecurity threat landscape.

By expanding the scope of the cybersecurity rules to new sectors and entities, it further improves the resilience and incident response capacities of public and private entities, competent authorities and the EU as a whole.

Businesses identified by the Member States as operators of essential services in the above sectors will have to take appropriate security measures and notify relevant national authorities of serious incidents. Key digital service providers, such as search engines, cloud computing services and online marketplaces, will have to comply with the security and notification requirements under the Directive.

What will this mean for you and how can you meet the Directives goals?

Critical Infrastructure Protection and Resilience Europe is Europe's leading discussion that brings together leading stakeholders from industry, operators, agencies and governments to collaborate on securing Europe's critical infrastructures.
The conferences top quality programme looks at these developing themes and help create better understanding of the issues and the threats, to help facilitate the work to develop frameworks, good risk management, strategic planning and implementation.

The packed event themes include:

- Interdependencies and Cascading Effects
- Emerging Threats against CI
- Crisis Management, Coordination & Communication
- Power & Energy Sector Symposium
- Government, Defence & Space Sector Symposium
- Communications Sector Symposium
- Information Technology (CIIP) Sector Symposium
- Transport Sector Symposium
- CBRNE Sector Symposium
- Technologies to Detect and Protect
- Risk Mitigation and Management
- The Insider Threat
- Business Continuity Management
- EU Horizon Projects Overviews

You are invited to be a part of this program, where you can meet, network and learn from the experiences of over 40 expert international speakers, as well as industry colleagues who share the same challenges and goals.

Please join us and the CI industry in the beautiful city of Prague, on 3rd-5th October, for a great programme of discussions that can help you to deliver enhanced security and resilience for your organisation.

Visit www.cipre-expo.com for further details

 

Space for Maritime Task Force Launched

The “Space for Maritime Task Force” was recently launched by the European Space Agency (ESA) together with maritime stakeholders at the Italian Coast Guard Headquarters in Rome. The initiative acts on ESA’s vision to boost digital and green solutions, reducing emissions and enabling sustainable innovation.

In recent years, ESA Space Solutions has been cooperating with key stakeholders in the maritime sector via the Business Applications and Space Solutions (BASS) programme. These include a wide range of user communities and classes such as fisheries, coast guards, port authorities, military bodies, shipping companies, commercial operators, and international, national and European institutions. Through this cooperation, ESA has built strategic partnerships and supported several initiatives addressing domains such as maritime sustainability, ship tracking via satellite-based automatic identification systems (AIS), smart routing, autonomous vessels, water quality monitoring, the reduction of marine pollution and the green transition of ports’ eco-systems.

The Italian General Command of the Port Authority Corps - Coast Guard has, for some months, been working on a collaboration with ESA to foresee and enhance the use of space applications aimed at promoting sustainable innovation and transport in the maritime ecosystem. This collaboration has resulted in the creation of a standing committee, called the Space for Maritime Task Force (SMTF).

The Task Force aims to contribute to sustainability and maritime safety by increasing the use of innovative integrated solutions that exploit digital and space technologies, such as communications, navigation, and earth observation. This initiative will leverage active involvement of national institutions, Industry and research entities in the digital transformation of port and maritime services (e-Navigation), with a view to enhancing the sustainability of maritime transport. It will foster the innovative use of space technologies for supporting the shipping sector, for example in its transition to uncrewed shipping, as well as the implementation of a safe integration of uncrewed vessels within maritime transport provision, the monitoring of coastal areas and infrastructures, and maritime surveillance activity (in the domains of safety, security, fishing and the environment). The work will be divided into sub-topics of interest, which for the moment include "maritime sustainability", "green and smart ports" and "safety at sea and maritime security".

The results from the Task Force will be presented to international (International Maritime Organization - IMO) and European bodies, in order to contribute to the development and standardisation of requirements and innovative technologies aimed at improving maritime services. This will allow sustainable economic growth for all players involved. Rita Rinaldo, Head of the Projects & Studies Implementation Division at ESA Space Solutions commented “Collaboration with maritime stakeholders is key for ESA to support innovative solutions that exploit digital and space technologies, and to enable European space and downstream companies to contribute to sustainability and maritime safety.”

Partners in the Task Force include: the General Command of the Port Authority Corps - Coast Guard; European Space Agency (ESA); Italian Space Agency (ASI); National Inter-University Consortium for Telecommunications (CNIT); and the Directorate General for the Supervision of Port System Authorities, Maritime Transport and Inland Waterways.

Your latest issue of Critical Infrastructure Protection & Resilience News has arrived

Please find here your downloadable copy of the Winter 2022-23 issue of Critical Infrastructure Protection & Resilience News for the latest views and news at www.cip-association.org/CIPRNews.

- A Standard to help protect Critical Infrastructure
- Government and Industry Cooperation: More Important Than Ever for Cybersecurity Awareness
- Help2Protect: an eLearning program to counter Insider Threats
- Testing Environments Help S&T and CISA Secure Transportation Infrastructure
- Can responsible AI guidelines keep up with the technology?
- Infrastructure Resilience Planning Framework (IRPF)
- An Interview with Port of New Orleans
- Critical Infrastructure Protection & Resilience North America Preview
- Industry and Agency Reports and News

Download your Critical Infrastructure Protection & Resilience News at www.cip-association.org/CIPRNews

Critical Infrastructure Protection and Resilience News is the official magazine of the International Association of Critical Infrastructure Protection Professionals (IACIPP), a non-profit organisation that provides a platform for sharing good practices, innovation and insights from Industry leaders and operators alongside academia and government and law enforcement agencies.

#CriticalInfrastructureProtection #CriticalInfrastructure #cybersecurity #help2protect #cisa #ciprna #resilience #cooperation

CIPRNA Update Conference Agenda

Critical Infrastructure Protection and Resilience North America will be held in Baton Rouge on 7th-9th March 2023, supported by IACIPP and Infragard Louisiana.

A fanstastic conference agenda addressing some of the big challenges facing CI operator/owners, government, agencies and the broader CI community.

A range of Workshops and Mini-Symposiums help drill deeper into specific sector challenges.

Download the latest CIPRNA agenda at www.ciprna-expo.com/PSG.

Register online at www.ciprna-expo.com/onlinereg

#criticalinfrastructure #criticalinfrastructureprotection #emergencymanagement #cisa #fema #tsa #emergencyresponse #disasterriskreduction #transportsecurity #energysecurity #telecomssecurity #cbrne #cybersecurity #security

Large Constellations of Satellites: Mitigating Environmental and Other Effects

There are almost 5,500 active satellites in orbit as of spring 2022, and one estimate predicts the launch of an additional 58,000 by 2030. Large constellations of satellites in low Earth orbit are the primary drivers of the increase. Satellites provide important services, but there are potential environmental and other effects that this trend could produce (see figure).

Potential effects from the launch, operation, and disposal of satellites

For decades, satellites have been used for GPS, communications, and remote sensing. The number of satellites has recently increased, as thousands more have been launched to provide internet access.

But this increase may be disruptive. For example, it could lead to more space debris, which can damage existing satellites used for commerce or national security. We reviewed technologies and other tools to lessen potential effects. We also looked at mitigation challenges, like unclear rules and immature technology. To help address the challenges, we developed policy options, which may help policymakers achieve a variety of goals.

GAO assessed technologies and approaches to evaluate and mitigate the following potential effects:

- Increase in orbital debris. Debris in space can damage or destroy satellites, affecting commercial services, scientific observation, and national security. Better characterizing debris, increasing adherence to operational guidelines, and removing debris are among the possible mitigations, but achieving these is challenging.
- Emissions into the upper atmosphere. Rocket launches and satellite reentries produce particles and gases that can affect atmospheric temperatures and deplete the ozone layer. Limiting use of rocket engines that produce certain harmful emissions could mitigate the effects. However, the size and significance of these effects are poorly understood due to a lack of observational data, and it is not yet clear if mitigation is warranted.
- Disruption of astronomy. Satellites can reflect sunlight and transmit radio signals that obstruct observations of natural phenomena. Satellite operators and astronomers are beginning to explore ways of mitigating these effects with technologies to darken satellites, and with tools to help astronomers avoid or filter out light reflections or radio transmissions. However, the efficacy of these techniques remains in question, and astronomers need more data about the satellites to improve mitigations.

GAO developed the following policy options to help address challenges with evaluating and mitigating the effects of large constellations of satellites. GAO developed the options by reviewing literature and documents, conducting interviews, and convening a 2-day meeting with 15 experts from government, industry, and academia. These policy options are not recommendations. GAO presents them to help policymakers consider and choose options appropriate to the goals they hope to achieve. Policymakers may include legislative bodies, government agencies, standards-setting organizations, industry, and other groups.

Policymakers may be better positioned to take action on this complex issue if they consider interrelationships among these policy options. For example, implementing the fourth option (improving organization and leadership) may improve policymakers’ ability to implement the first and second options (building knowledge, developing technologies, and improving data sharing). Similarly, implementing the first option may help with the third option (establishing standards, regulations, and agreements). More generally, trade-offs between mitigations may emerge, the ongoing increase in new constellations may introduce unexpected changes, and a large and diverse set of interests from the global community may shift over time, all of which present persistent uncertainties. To address these complexities and uncertainties, the full report presents the policy options in a framework, which may help policymakers strategically choose options to both realize the benefits and mitigate the potential effects of large constellations of satellites.

Enabled by declines in the costs of satellites and rocket launches, commercial enterprises are deploying large constellations of satellites into low Earth orbit. Satellites provide important data and services, such as communications, internet access, Earth observation, and technologies like GPS that provide positioning, navigation, and timing. However, the launch, operation, and disposal of an increasing number of satellites could cause or increase several potential effects.

This report discusses (1) the potential environmental or other effects of large constellations of satellites; (2) the current or emerging technologies and approaches to evaluate or mitigate these effects, along with challenges to developing or implementing these technologies and approaches; and (3) policy options that might help address these challenges.

To conduct this technology assessment, GAO reviewed technical studies, agency documents, and other key reports; interviewed government officials, industry representatives, and researchers; and convened a 2-day meeting of 15 experts from government, industry, academia, and a federally funded research and development center. GAO is identifying policy options in this report.

Australian Government Invites Feedback on Critical Technologies

The Australian Federal Government will begin consulting businesses, researchers and the community at large to identify critical technologies of national importance.

The List of Critical Technologies in the National Interest will clarify technologies the government considers to be vital to present and future demands.

The 2022 List of Critical Technologies in the National Interest will build on the 2021 List, which featured 63 technologies across seven categories including:

- Advanced materials and manufacturing
- AI, computing and communications
- Biotechnology, gene technology and vaccines
- Energy and environment
- Quantum; Sensing, timing and navigation
- Transportation, robotics and space

The consultation will run until Friday 30 September.

Federal Minister for Industry and Science, Ed Husic, said it is vital for Australia’s continued and future prosperity that emerging and critical technologies are promoted and protected.

“We know the development of critical technologies present enormous potential opportunities as well as risks for Australians,” Mr Husic said.

“It is vital we understand and send a clear signal about what technologies we should be focusing on and where our strengths lie – and that is exactly what this consultation is all about.”

The Federal Government has promised to invest $1 billion into critical technologies through its National Reconstruction Fund and will aim to reach 1.2 million tech industry jobs by 2030.

“This work is also part of our goal to reach 1.2 million tech jobs by 2030, as well as securing our supply chains and promoting Australia as a secure destination of excellence for investment, development and adoption of critical technologies,” Mr Husic said.

“The Government is also investing $1 billion in critical technologies as part of the National Reconstruction Fund, to build our strategic capability and power the economic growth we need to create jobs.”

ESA-backed project supports oil and gas safety by keeping an eye on the ground

Oil and gas supplies are dependent on multiple factors, including the stability of the ground wherever oil or gas is being stored or transported. In March 2021, LiveEO started assessment and development of an end-to-end solution for monitoring ground deformation for the entire value chain of the industry, based on interferometric synthetic aperture radar (InSAR) satellite data combined with artificial intelligence (AI). The aim was to help the industry ensure safety across its assets by providing an early warning system that could inform maintenance or safety actions.
Providing actionable insights

Founded in 2017, LiveEO has a background in using Earth observation (EO) data to provide a range of services to operators of large-scale infrastructure, such as railways, electricity grids and pipelines. It combines data analysis with risk analysis to create actionable insights on aspects such as vegetation management, detection of construction activity and ground deformation monitoring — all of which present challenges for reasons that include climate change and environmental factors.

With this Kick-Start activity, co-funded by ESA, LiveEO’s team used its experience in servicing pipeline customers to explore the feasibility of a holistic, end-to-end solution for ground deformation monitoring. The investigation included risk models that quantify the risk to specific assets resulting from ground deformation and how the insights could be delivered to customers and integrated into their processes to create automatic triggers.

The LiveEO team analysed the opportunities through surveys of more than 50 companies and countries, including existing clients in the pipeline industry, as well as researching the broader landscape. Initial data came from Sentinel-1 synthetic aperture radar (SAR) imagery, which will be enriched by higher resolution StripMap and SpotLight SAR imagery from Capella Space or ICEYE satellites to investigate any anomalies that have been detected.

Sven Przywarra, the Co-CEO and co-founder of LiveEO said: “The Kick-Start activity enabled LiveEO to validate a business case in a unique setting, and also created an environment that allowed our business development team to take the right steps from a business idea to product development. The combination of guidance, support and clear goal setting from ESA was greatly appreciated, because it gave us the entrepreneurial freedom necessary for the exploration of new ideas paired with acquiring a depth of knowledge similar to a classic research project."
The increasing need for ground deformation insights

The requirement for such insights results from an increasing number of oil wells, pipelines, storage facilities and other oil and gas related infrastructure exceeding their original lifespans. This is leading to more complex maintenance for operators and increased risks that impact both the industry itself and the surrounding environment and communities. One of the major sources of risk is ground deformation due to industrial operations or natural seismic activity. Where infrastructure and assets span large areas, these risks can be very difficult to measure and dangerous trends can go undetected.

Traditional monitoring methods, such as land surveying or sensors and drones, can only give a partial picture. Satellites enable monitoring of deformation trends across entire countries with weekly update intervals — something that would be prohibitively expensive or even impossible via other means. InSAR data delivers deformation values at individual pixel levels, allowing the identification of trends over long periods of time; this can be supplemented with historical data.

The company is currently developing the AI side of the project, with the aim of completing development by the end of 2022. The plan is then to undertake a demonstration project and have a marketable subscription service ready by the end of the following year.

Critical Infrastructure Protection: Agencies Need to Assess Adoption of Cybersecurity Guidance

Federal agencies with a lead role to assist and protect one or more of the nation's 16 critical infrastructures are referred to as sector risk management agencies (SRMAs). The SRMAs for three of the 16 have determined the extent of their sector's adoption of the National Institute of Standards and Technology's (NIST) Framework for Improving Critical Infrastructure Cybersecurity (framework). In doing so, lead agencies took actions such as developing sector surveys and conducting technical assessments mapped to framework elements. SRMAs for four sectors have taken initial steps to determine adoption (see figure). However, lead agencies for nine sectors have not taken steps to determine framework adoption.

Status of Framework Adoption by Critical Infrastructure Sector

Regarding improvements resulting from sector-wide use, five of the 16 critical infrastructure sectors' SRMAs have identified or taken steps to identify sector-wide improvements from framework use, as GAO previously recommended. For example, the Environmental Protection Agency identified an approximately 32 percent overall increase in the use of framework-recommended cybersecurity controls among the 146 water utilities that requested and received voluntary technical assessments. In addition, SRMAs for the government facilities sector identified improvements in cybersecurity performance metrics and information standardization resulting from federal agencies' use of the framework. However, SRMAs for the remaining 11 sectors did not identify improvements and were not able to describe potential successes from their sectors' use of the framework.

SRMAs reported various challenges to determining framework adoption and identifying sector-wide improvements. For example, they noted limitations in knowledge and skills to implement the framework, the voluntary nature of the framework, other priorities that may take precedence over framework adoption, and the difficulty of developing precise measurements of improvement were challenges to measuring adoption and improvements. To help address challenges, NIST launched an information security measurement program in September 2020 and the Department of Homeland Security has an information network that enables sectors to share best practices. Implementing GAO's prior recommendations on framework adoption and improvements are key factors that can lead to sectors pursuing further protection against cybersecurity threats.

The U.S. has 16 critical infrastructure sectors that provide clean water, gas, banking, and other essential services. To help protect them, in 2014 the National Institute of Standards and Technology developed cybersecurity standards and procedures that organizations within these sectors may voluntarily use. Federal agencies are charged with leading efforts to improve sector security.

The GAO have found agencies have measured the adoption of these standards and procedures for 3 of 16 sectors and have identified improvements across 2 sectors. For example, the EPA found a 32% increase in the use of recommended cybersecurity controls at 146 water utilities.

1 2