Space Is Critical Infrastructure; Securing It Is a National Imperative

Industry News
The U.S. space enterprise is in the midst of a transformative policy era that will significantly shape the future of our society, the robustness of our economy, and America’s role within the global community. The public and private sectors are collaborating to conceptualize and invest in the development of a vibrant, near-future space economy and the engineering, manufacturing, and infrastructural commitments that will underpin it.
To ensure this economy achieves its full potential, we must commit and act to preserve its foundations amid a dynamic threat environment. We’ve recently witnessed at great cost how supply chain disruptions1 and cyberattacks on critical infrastructure like fuel pipelines2 can wreak havoc on the lifeblood of domestic communities and global trade alike. Such an attack on key technology in the space domain could have similarly devastating effects.’
As leaders in the White House and Congress discuss how to shore up our nation’s terrestrial infrastructure, they are also turning their eyes skyward to consider a specific, crucial, and feasible policy action for securing space. A bipartisan bill recently introduced in Congress would designate space systems as critical infrastructure in the national interest — a concept that has wide support within the space enterprise. Doing so is an imperative to ensure the resiliency of space assets and foster the continued development of our society and economy, both on Earth and in space….
Leave a comment

CISA Announces Renewal of the Information and Communications Technology (ICT) Supply Chain Risk Management Task Force

Agency News, Industry News, Telecomms sector
The Cybersecurity and Infrastructure Security Agency (CISA) announced the extension of the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force to July 31, 2023.
The Task Force, chaired by CISA and the Information Technology (IT) and Communications Sector Coordinating Councils, is a public-private partnership composed of a diverse range of representatives from large and small private sector organizations charged with identifying challenges and devising workable solutions and recommendations for managing risks to the global ICT supply chain.
In January, the Task Force was extended for six months, allowing for continued progress by its working groups (WGs) and the launch of three new WG efforts to develop products, tools, and analysis to enhance ICT supply chain resilience. As a result, the latest Threat Scenarios Report (Version 3) and newly created ICT Supply Chain Resource Library are now available for use.
Under the newly signed charter,  the Task Force will continue and conclude ongoing efforts such as the release of two additional products, which includes a report focused on liability protections for the private sector when sharing supply chain risk information, and a guide that will help small and medium-sized businesses better understand and manage their ICT SCRM needs to mitigate the effects in the event of a cyber incident. The Task Force will also continue to explore means for building partnerships, develop new resources, and collectively enhance ICT supply chain resilience.
“As recent events have shown, the need for safe and secure ICT supply chains is critical to our American way of life,” said Bob Kolasky, CISA Assistant Director and Task Force Co-Chair. “Securing our nation’s supply chains requires a team approach, with all of us playing an essential role in addressing its unique challenges. Renewing the charter for two years will ensure the Task Force has the support and flexibility needed to address critical supply chain issues and build a collective defense from future supply chain threats.”
“The COVID-19 pandemic exacerbated the already complex and pervasive threats to the global ICT supply chains, making the Task Force’s mission as essential as ever to U.S. economic and national security,” said John Miller, Senior Vice President of Policy and General Counsel at the Information Technology Industry Council and Co-Chair of the Task Force. “By leveraging premier public and private sector expertise, the Task Force has been able to advance actionable solutions on challenging issues to better mitigate supply chain risks. We are pleased the extension of the Task Force’s charter clears the way for its critical mission to move ahead, and we look forward to continuing to help lead this important partnership on behalf of the entire tech industry.”
“The global supply chain faces unprecedented threats strained by the pandemic and unceasing attacks by cyber criminals and nation-states. Government and private industry working separately on these challenges won’t be nearly as successful as a dedicated, integrated partnership that coordinates supply chain activity across the entire government and various industry sectors,” said Robert Mayer, Senior Vice President of Cybersecurity and Innovation at USTelecom, and Task Force Co-Chair. “That’s what the Task force is all about, and where our ability to rapidly convene and engage industry experts on COVID supply chain disruptions, White House Executive Orders, and mitigation from the Solar Winds hack has been so impactful. As we enter the third year, we’re committed to developing products and tools, including for small and medium-sized businesses in the ICT ecosystem, to build a stronger and more resilient supply chain.”
Leave a comment , ,

Floods in Europe underline need for increased investment in Disaster Risk Management

Agency News, Industry News, Water sector
The UN Secretary-General’s Special Representative for Disaster Risk Reduction, Mami Mizutori, today extended her condolences to all those affected by the current severe floods across Europe and urged greater investment in disaster risk reduction against a natural hazard which, until the arrival of COVID-19, has typically affected more people annually than any other disaster type.
“I send my heartfelt condolences to the people and governments of Germany and Belgium where lives have been lost and my sympathy is also with the people of the Netherlands, France, Luxembourg and Switzerland on the disruption caused by these record rains. Lives, homes, and livelihoods have been lost in a flood event of such magnitude that people had difficulty in comprehending what action they could take to protect themselves from it.
“Europe has seen major flooding before but rarely on this scale and with such harrowing loss of life. This underlines the importance of getting to grips with measures to adapt cities, towns and rural areas to the shocks that arise to our weather systems in a warming world. We need to make our urban areas more resilient to floods and storms to mitigate the impacts of large volumes of water and the landslides that usually accompany such phenomena.
“I am particularly concerned about media reports that in at least one incident nine persons living with disabilities lost their lives. National and local strategies for disaster risk reduction must take full account of the needs of such persons as well as others who may have mobility issues including older persons, children, and pregnant women. It is essential that disability organizations are involved in the disaster management planning process.
“While linking one disaster event with climate change is complicated, it is undoubtedly the case that over the last twenty years of record-breaking temperatures there has been a concomitant rise in the number of extreme weather events across the globe. The challenge before us is not just to reduce greenhouse gas emissions but to invest in adaptation to save lives, reduce economic losses and protect critical infrastructure.
“Europe will meet later this year in Portugal to discuss progress on implementing the Sendai Framework for Disaster Risk Reduction, the global plan to reduce disaster losses. That discussion will be an opportunity to reflect on the lessons learned from the tragic events now unfolding across Europe due to record heavy rains and to see how we can better adapt to climate change, improve multi-hazard early warning systems and strengthen public understanding of disaster risk.”
Leave a comment , , ,

Alliance for National & Community Resilience Awards First Resilience Designation to Martinsville, Virginia

Health & Social Care, Industry News, Power/Energy/Oil & Gas sector
The Alliance for National & Community Resilience (ANCR) issued its first community resilience designation to Martinsville, Virginia, at a meeting of the City Council. Martinsville was selected as the initial pilot city for ANCR’s Community Resilience Benchmarks (CRB) for buildings and housing. The city was awarded an Essential designation for its building-related activities and an Enhanced designation for its housing-related initiatives.
“We were particularly impressed with the involvement of city staff and their transparency and thoroughness as we worked through the benchmarking process. Their commitment to the process will be invaluable in supporting improvements in the CRB process and help enhance the resilience of other communities,” said Evan Reis, ANCR Board Chair and Executive Director of the U.S. Resiliency Council.
The benchmarking process was led by Kris Bridges, Martinsville’s Building Official and Mark McCaskill, Martinsville’s Community Development Director. Jeremy Sigmon of Planet Sigmon served as the community’s ANCR Mentor, guiding them through the benchmarking process.
“The Martinsville City Council commends the work of our Inspections and Community Development Departments for their work with ANCR in improving the city’s resiliency and setting the standard for other communities to follow,” said Kathy Lawson, Mayor, Martinsville, Virginia. “The City of Martinsville is committed to the development of benchmarks such as the CRB as having the proper protocols in place will not only give us the needed information to maintain critical facilities and infrastructure during disaster events, but also allow us to reap the financial benefits, improve resiliency across our community and show our commitment to our community and citizens.”
Based on the feedback from Martinsville, ANCR will finalize its benchmarking process and begin work on developing additional benchmarks. The Buildings and Housing Benchmarks represent the first two benchmarks developed under the CRB. ANCR identified 19 community functions covering the social, organizational and infrastructural aspects of communities that influence their resilience and is developing benchmarks for each of them. The Water Benchmark was completed in 2020 and is currently being piloted along with the Buildings and Housing Benchmark in Oakland Park, Florida.
Leave a comment ,

Telcos strengthen India's disaster preparedness

Agency News, Industry News, Telecomms sector
When Cyclone Tauktae struck India’s western coastal areas several months ago, it brought mass destruction of property and disrupted daily life in five Indian states.
Despite the storm’s ‘extremely severe’ designation, the damage and loss of lives were less than expected. This was thanks in large part to national disaster preparation plans, underpinned by information and communication technologies (ICTs) and timely preparation by telecom operators.
Technology plays a pivotal role at each stage of disaster management, from early warning and mitigation to response, and then to post-disaster recovery and rehabilitation.
Collaborative action on the ground
To prepare for the upcoming disaster, the Indian government had already implemented standard operating procedures (SOPs), whereby telecom operators initiated inter-operator roaming services that let mobile phone users switch easily between networks based on availability.
Priority call routing enabled rescue and relief crews to coordinate with government officials, including in the vital restoration work in Tauktae’s aftermath.
On-site diesel and battery back-up were ready to mitigate any power cuts, while coordination was stepped up with the National Disaster Management Authority, the National Disaster Relief Force, and central, state and local governments.
Challenges for operators during disasters
Telecom and ICT operators form the backbone of connectivity across the world. But ICT services can be hard to maintain – let alone expand – during earthquakes, tsunamis or a pandemic.
Natural hazards often damage towers, power generators, cables and wires. At the same time, network congestion arises as people call family and friends, frequently hampering rescue and relief operations.
Amid the COVID-19 pandemic, telecom and Internet usage have surged everywhere.
Meanwhile, with shops closed, pre-paid mobile consumers could not recharge their credit.
Still, telecom operators maintained the continuity of services and facilitated online recharges for pre-paid users.
By the time of the May 2021 cyclone, lessons from both before and during the pandemic, had made India’s telecom networks more robust and resilient, with sufficient adaptability and scalability to handle demand spikes.
How operators can prepare
Access to robust and secure ICT infrastructure is critical. Putting resilient networks and disaster management tools in place well ahead of time helps to mitigate negative impacts.
Wherever feasible, telecom operators must upgrade to 4G or 5G, as well as educate staff and raise awareness among customers on how to withstand disaster situations, including recharging subscriptions online with mobile devices.
Inter-operator roaming agreements can ensure continuous service for all customers in a disaster-affected area, even if the infrastructure of one or two operators suffers damage. Along with temporary solutions like CoW, operators can turn to satellite-based plug-and-play networks to stand in for damaged terrestrial infrastructure.
Leave a comment , , ,

UK and allies publish advice to fix global cyber vulnerabilities

Agency News, Cyber Security CII sector, Industry News
Advice on countering the most publicly known—and often dated—software vulnerabilities has been published for private and public sector organisations worldwide.
The National Cyber Security Centre (NCSC), Cybersecurity and Infrastructure Security Agency (CISA), Australian Cyber Security Centre (ACSC), and Federal Bureau of Investigation (FBI) have published a joint advisory highlighting 30 vulnerabilities routinely exploited by cyber actors in 2020 and those being exploited in 2021.
In 2021, malicious cyber actors continued to target vulnerabilities in perimeter-type devices. Today’s advisory lists the vendors, products, and CVEs, and recommends that organisations prioritise patching those listed.
NCSC Director for Operations, Paul Chichester, said:
“We are committed to working with allies to raise awareness of global cyber weaknesses – and present easily actionable solutions to mitigate them.
“The advisory published today puts the power in every organisation’s hands to fix the most common vulnerabilities, such as unpatched VPN gateway devices.
“Working with our international partners, we will continue to raise awareness of the threats posed by those that seek to cause harm."
As well as alerting organisations to the threat, this advisory directs public and private sector partners to the support and resources available to mitigate and remediate these vulnerabilities.
Guidance for organisations on how to protect themselves in cyberspace can be found on the NCSC website. Our 10 Steps to Cyber Security collection provides a summary of advice for security and technical professionals.
On the mitigation of vulnerabilities, network defenders are encouraged to familiarise themselves with guidance on establishing an effective vulnerability management process. Elsewhere, the NCSC’s Early Warning Service also provides vulnerability and open port alerts.
CISA Executive Assistant Director for Cybersecurity, Eric Goldstein, said:
“Organisations that apply the best practices of cyber security, such as patching, can reduce their risk to cyber actors exploiting known vulnerabilities in their networks.
“Collaboration is a crucial part of CISA’s work and today we partnered with ACSC, NCSC and FBI to highlight cyber vulnerabilities that public and private organisations should prioritise for patching to minimise risk of being exploited by malicious actors.”
FBI Cyber Assistant Director, Bryan Vorndran, said:
“The FBI remains committed to sharing information with public and private organisations in an effort to prevent malicious cyber actors from exploiting vulnerabilities.
“We firmly believe that coordination and collaboration with our federal and private sector partners will ensure a safer cyber environment to decrease the opportunity for these actors to succeed.”
Head of the ACSC, Abigail Bradshaw CSC, said:
“This guidance will be valuable for enabling network defenders and organisations to lift collective defences against cyber threats.
“This advisory complements our advice available through cyber.gov.au and underscores the determination of the ACSC and our partner agencies to collaboratively combat malicious cyber activity.”
Leave a comment , , , , ,

NSA, CISA release Kubernetes Hardening Guidance

Agency News, Cyber Security CII sector, Industry News
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Technical Report, “Kubernetes Hardening Guidance,”. This report details threats to Kubernetes environments and provides configuration guidance to minimize risk.
Kubernetes is an open source system that automates the deployment, scaling, and management of applications run in containers. Kubernetes clusters are often hosted in a cloud environment, and provide increased flexibility from traditional software platforms.
Kubernetes is commonly targeted for three reasons: data theft, computational power theft, or denial of service. Data theft is traditionally the primary motivation; however, cyber actors may attempt to use Kubernetes to harness a network’s underlying infrastructure for computational power for purposes such as cryptocurrency mining.
The report details recommendations to harden Kubernetes systems. Primary actions include the scanning of containers and Pods for vulnerabilities or misconfigurations, running containers and Pods with the least privileges possible, and using network separation, firewalls, strong authentication, and log auditing.
To ensure the security of applications, system administrators should follow the guidance in the Cybersecurity Technical Report and keep up to date with patches, updates, and upgrades to minimize risk. NSA and CISA also recommend periodic reviews of Kubernetes settings and vulnerability scans to ensure appropriate risks are accounted for and security patches are applied.
NSA and CISA’s guidance focuses on security challenges and recommends system administrators harden their environments where possible. NSA is releasing this guidance as part of our mission to support the Department of Defense, the Defense Industrial Base, and National Security Systems.
Leave a comment , , ,

Water-related hazards dominate disasters in the past 50 years

Agency News, Industry News, Water sector
Water-related hazards dominate the list of disasters in terms of both the human and economic toll over the past 50 years, according to a comprehensive analysis by the World Meteorological Organization (WMO).
Of the top 10 disasters, the hazards that led to the largest human losses during the period have been droughts (650 000 deaths), storms (577 232 deaths), floods (58 700 deaths) and extreme temperature (55 736 deaths), according to the forthcoming WMO Atlas of Mortality and Economic Losses from Weather, Climate and Water Extremes (1970-2019).
With regard to economic losses, the top 10 events include storms (US$ 521 billion) and floods (US$ 115 billion), according to an excerpt from the Atlas, which will be published in September.
Floods and storms inflicted the largest economic losses in the past 50 years in Europe, at a cost of US$ 377.5 billion. The 2002 flood in Germany caused US$ 16.48 billion in losses and was the costliest event in Europe between 1970 and 2019. However, heatwaves had the highest human toll.
The data show that over the 50-year period, weather, climate and water hazards accounted for 50% of all disasters (including technological hazards), 45% of all reported deaths and 74% of all reported economic losses at global level.
Climate Change
“Weather, climate and water-related hazards are increasing in frequency and intensity as a result of climate change. The human and economic toll was highlighted with tragic effect by the torrential rainfall and devastating flooding and loss of life in central Europe and China in the past week, said WMO Secretary-General Prof. Petteri Taalas.
“Recent record-breaking heatwaves in North America are clearly linked to global warming,” said Prof. Taalas, citing a rapid attribution analysis that climate change, caused by greenhouse gas emissions, made the heatwave at least 150 times more likely to happen.
“But, increasingly, heavy rainfall episodes also bear the footprint of climate change. As the atmosphere gets warmer it holds more moisture which means it will rain more during storms, increasing the risk of floods,” said Prof. Taalas.
“No country – developed or developing – is immune. Climate change is here and now. It is imperative to invest more in climate change adaptation, and one way of doing this is to strengthen multi-hazard early warning systems.”
Water is the primary vehicle through which we feel the impacts of climate change. To effectively address both water and climate challenges, we must bring climate change and water to the same table – into the same conversation: Tackling them as one. This is why WMO is spearheading a new Water and Climate Coalition, a community of multi-sectoral actors, guided by high-level leadership and focused on integrated water and climate action, said Prof. Taalas.
Extreme rainfall events
The German national meteorological service, DWD, said up to two months worth of rainfall fell in 2 days (14 and 15 July) on soils that were already near saturation in the most affected regions of Germany, Belgium, Netherlands, and Luxembourg. Switzerland and Austria were also hit by severe flooding.
According to DWD, about 100 to 150 mm of precipitation occurred in 24 hours between 14 and 15 July. The DWD weather station of Wipperfuerth-Gardeweg (North Rhine-Westphalia) recorded 162 mm followed by Cologne-Stammheim (North Rhine-Westphalia) with 160 mm, Kall-Sistig (North Rhine-Westphalia) with 152 mm and Wuppertal-Buchenhofen (North Rhine-Westphalia) with 151 mm. DWD issued timely and accurate early warnings.
Some parts of the central Chinese province of Henan received more accumulated rainfall between 17-21 July than the annual average. The national meteorological observation station in Zhengzhou reached 720 mm – compared to its annual average of 641 mm.
Zhengzhou, the capital of Henan, received the equivalent of half its annual rainfall in the space of six hours. The 6-hour rainfall was 382mm and from 16:00-17:00 on 20 July, the 1-hour rainfall in Zhengzhou exceeded 200mm.
More than 600 stations recorded precipitation over 250mm. The maximum precipitation was 728mm. The Henan Meteorological Service initiated the highest level emergency response to deal with the flooding.
An increasing number of studies are finding human influence on extreme rainfall events. One example is the extreme rainfall in eastern China in June and July 2016, where found that human influence significantly increased the probability of the event, with the signal less clear in a third peer review study published in the annual supplement to the Bulletin of the American Meteorological Society.
European trends
Despite the ongoing tragedy, the death toll from extreme weather is generally falling because of improved early warnings and better disaster management. A high death toll from heatwaves in Europe in 2003 and 2010 ushered in new heat-health action plans and early warnings which have been credited with saving many lives in the most recent decade.
In Europe in total, 1 672 recorded disasters cumulated 159 438 deaths and US$ 476.5 billion in economic damages from 1970–2019. Although floods (38%) and storms (32%) were the most prevalent cause in the recorded disasters, extreme temperatures accounted for the highest number of deaths (93%), with 148 109 lives lost over the 50 years.
The two extreme heatwaves of 2003 and 2010 accounted for the highest number of deaths (80%), with 127 946 lives lost in the two events. These two events skew the statistics on the number of deaths in Europe. The 2003 heatwave was responsible for half of the deaths in Europe (45%) with a total of 72 210 deaths within the 15 affected countries, according to one of the chapters in the forthcoming Atlas.
Within Europe, the distribution of disasters by related hazard shows that riverine floods (22%), general storms (14%) and general floods (10%) were most prevalent hazards in Europe.
The WMO Atlas of Mortality and Economic Losses from Weather, Climate and Water Extremes (1970-2019) (hereafter called Atlas), which will be published ahead of the United Nations General Assembly in September. The Atlas is based on the Centre for Research on the Epidemiology of Disasters’ (CRED) Emergency Events Database (EM-DAT).
It is one of a series of WMO initiatives to provide decision-makers with scientifically-based information about the weather and climate extreme and the state of the global climate.
Leave a comment ,

DHS announces new cybersecurity requirements for critical pipeline owners and operators

Industry News
In response to the ongoing cybersecurity threat to pipeline systems, DHS’s Transportation Security Administration (TSA) announced the issuance of a second Security Directive that requires owners and operators of TSA-designated critical pipelines that transport hazardous liquids and natural gas to implement a number of urgently needed protections against cyber intrusions.
“The lives and livelihoods of the American people depend on our collective ability to protect our Nation’s critical infrastructure from evolving threats,” said Secretary of Homeland Security Alejandro N. Mayorkas.  “Through this Security Directive, DHS can better ensure the pipeline sector takes the steps necessary to safeguard their operations from rising cyber threats, and better protect our national and economic security. Public-private partnerships are critical to the security of every community across our country and DHS will continue working closely with our private sector partners to support their operations and increase their cybersecurity resilience.”
The Department’s Cybersecurity and Infrastructure Security Agency (CISA) advised TSA on cybersecurity threats to the pipeline industry, as well as technical countermeasures to prevent those threats, during the development of this second Security Directive.  This Security Directive requires owners and operators of TSA-designated critical pipelines to implement specific mitigation measures to protect against ransomware attacks and other known threats to information technology and operational technology systems, develop and implement a cybersecurity contingency and recovery plan, and conduct a cybersecurity architecture design review.
This is the second Security Directive that TSA has issued to the pipeline sector this year, building upon an initial Security Directive that TSA issued in May 2021 following the ransomware attack on a major petroleum pipeline.  The May 2021 Security Directive requires critical pipeline owners and operators to (1) report confirmed and potential cybersecurity incidents to CISA; (2) designate a Cybersecurity Coordinator to be available 24 hours a day, seven days a week; (3) review current practices; and, (4) identify any gaps and related remediation measures to address cyber-related risks and report the results to TSA and CISA within 30 days.
Since 2001, TSA has worked closely with pipeline owners and operators, as well as its partners across the federal government, to enhance the physical security preparedness of U.S. hazardous liquid and natural gas pipeline systems.  TSA works closely with CISA, the nation’s lead agency for protecting critical infrastructure against cybersecurity threats, to execute this mission.
Leave a comment

Remote working putting organisations at risk of ransomware

Agency News, Cyber Security CII sector, Industry News
CERT NZ says the majority of ransomware attacks occur through poorly configured remote access systems, which businesses use to allow staff to access systems from outside the office.
While there are a range of these in use, one of the most commonly used is Remote Desktop Protocol (RDP), with over 2,500 identified in New Zealand. RDP has a number of weaknesses, which means when it is used over the internet it can be exploited by attackers, and is a leading contributor to the ransomware incidents that CERT NZ receives.
“It’s essential that organisations urgently review their remote access systems, and make sure these systems are as secure as they can be. You may need to talk to your IT team or service provider about how to do this,” says Michael Shearer, Principal Advisor – Threats and Vulnerabilities at CERT NZ.
CERT NZ is partnering with internet service providers to contact organisations that use internet-exposed RDP to provide advice on how they can make remote working more secure.
“Regardless of what technology organisations use to enable remote working, it’s important to keep your system up to date and enable two-factor authentication for logins.”
As RDP is often exploited by attackers to gain access to an organisation’s network, CERT NZ recommends organisations consider other options to enable remote working, such as a virtual private network (VPN). Good VPN solutions support two-factor authentication, which adds an extra layer of security, and are designed to be used over the internet.
More broadly, CERT NZ is concerned about the growing impact ransomware attacks are having on New Zealand.
“Recent events have brought to light the devastating effects a ransomware attack can have on an organisation. There’s been an increasing trend of these types of attacks globally over the past 18 months, and they’re only going to continue.”
CERT NZ has seen an increase in ransomware reports in the second quarter of 2021 (April to June), compared to the first quarter of the year. Reaching a total of 30 reports, this is the highest number of ransomware reports made to CERT NZ within one quarter.
“These figures do not paint a complete picture of the extent of ransom attacks in New Zealand. These numbers only reflect what has been reported to us, however conversations with our industry partners indicate there are a lot more attacks happening.”
CERT NZ will soon be releasing more guidance for organisations about how to protect themselves against ransomware.
Leave a comment , ,
1 31 32 33 34 35 61