Space ISAC Announces Initial Operating Capability for Threat Information Sharing

Agency News, Industry News, Space Sector
The Space Information Sharing and Analysis Center (Space ISAC) has announced a significant milestone, declaring the organization has reached Initial Operating Capability (IOC) following the launch of Space ISAC’s member portal and threat intelligence sharing platform. This capability will serve as the first of its kind, enabling commercial industry and international space partners to share timely, actionable information about space-based threats.
This milestone event marks just over one year since Space ISAC’s board of directors and leaders from U.S. government agencies met to discuss the timeline to achieve initial operating capability.
“Achieving IOC for the Space ISAC is one of the most critical milestones toward protecting the space critical infrastructure for the global space community. This platform for information sharing will bring our community together and align our efforts to increase the security and reliability of space systems,” said Frank Backes, Senior Vice President, Kratos Federal Space and Chairman of the Board at Space ISAC.
Space ISAC has selected Cyware to host the Space ISAC portal and threat intelligence sharing platform. The platform allows Space ISAC members to share threat data securely with next-generation partnership capabilities that meet the needs of the space industry’s rapidly evolving threat environment.
“Our team at Cyware believes it is mission-critical to support and empower cybersecurity sharing communities with the tools and resources needed to collaborate and share intelligence to improve security operations and maintain resiliency,” said Anuj Goel, CEO and co-founder of Cyware. “We are impressed by Space ISAC’s dedication to improving the defense capabilities of their membership. They are consistently seeking out the best opportunities to enhance threat intelligence sharing in an integrated and collaborative manner, that reduces cyber risk across space and other key industries where intelligence is critical.”
“It’s incredibly exciting to see the introduction of such a platform where commercial industry and international space partners will soon be able to share timely information about space-based threats,” said William O. Ferguson, Cyber Security Operations Manager for founding board member SES.
Space ISAC consists of 24 members and counting from the global space community. Johns Hopkins Applied Physics Lab, a founding board member of Space ISAC, leads a Space ISAC team that vets all new members to ensure that Space ISAC maintains the highest levels of trust and integrity within its membership base.
“We are thrilled to reach this milestone, a giant step in making all of us together smarter and safer than any of us alone. I hope that many others will join us in ensuring the resilience of the global space enterprise,” said Michael Ryschkewitsch, Head, Space Sector at Johns Hopkins Applied Physics Laboratory.
Andre Adelsbach, vice president of Group Information and Cyber Security for SES, added, “At SES, we realize the importance of safeguarding current and emerging space service technology, and welcome efforts that can be developed across the industry.”
Additionally, Space ISAC’s IOC includes hosting member events and facilitating working groups and task forces. These initiatives have created opportunities for Space ISAC members and partners to develop the functions of the ISAC and raise the entire space sector’s security posture. This includes an information sharing work group, an analyst work group, and task forces dedicated to small satellites and Space Policy Directive-5.
“As an ISAC we are responsible to coordinate across the entire space sector and communicate critical information sharing far and wide and for global space to create sector-wide situational awareness,” said Erin Miller, Executive Director, Space ISAC.
Leave a comment , , ,

IAEA Develops New Benchmarks for Computational Methods for Utilization, Operation and Safety Analysis of Research Reactors

Industry News, Power/Energy/Oil & Gas sector
Under a recently completed IAEA project, experts have developed a benchmark database for computational methods and tools used for the utilization, operation and safety analysis of research reactors.
A benchmark in this context is an experiment conducted in a research reactor, including the measured data and sufficient details about the research reactor and the experimental facility.
“The benchmark allows modelling the experiment using a computer code,” said Frances Marshall, the lead officer of the four-year IAEA coordinated research project (CRP). “The results of the calculations are compared with the data to assess whether the code and the modelling done are adequate for the case under study.”
Benchmarking computational codes and methods against experimental data is key to assessing the validity of the codes’ application to the design, operation, utilization and safety analysis of research reactors.
The benchmarks can be used to:
- train new professionals in research reactors by allowing them to develop their modelling skills using well-documented cases (benchmarks);
- improve modelling requiring advanced code functions and user knowledge;
- conduct formal validation of codes, models or user qualifications.
The CRP benchmarked many of the most common research reactor codes used at international level, and demonstrated that the codes, methods and the nuclear data available yield results that, in the majority of cases, meet the operational requirements of research reactor facilities.
The collected data will be used to update the IAEA’s Research Reactor Benchmarking Database: Facility Specification and Experimental Data, which is a valuable resource for assisting the optimization of research reactor core management and experimental programmes, while maintaining safety.
The project was carried out by several research reactor operating organizations with ongoing irradiation and measurement activities in fuel burnup and material and target activation. The participants provided experimental data and research reactor facility specifications covering a broad range of research reactor types and power levels. The quality of the data was assessed by an independent review to confirm its use as benchmarks, leading to the establishment of 14 benchmark specifications using data from nine different research reactors. Calculations were then made by at least two participants for each of the benchmarks, using a wealth of codes, leading to a total of 53 analysis contributions.
The overall objective of the CRP was to encourage cooperation, foster the exchange of information and increase the knowledge and expertise in numerical analysis to improve the design, operation, utilization, safety and decommissioning of research reactors, in particular in fuel multicycle depletion analysis, and material and target activation calculations.
Leave a comment , ,

ENISA provide statement on Microsoft Exchange vulnerabilities

Agency News, Cyber Security CII sector, Industry News
The EU Agency for Cybersecurity (ENISA) has provided a statement with an assessment and advice on Microsoft Exchange vulnerabilities.
Microsoft released security updates for Microsoft (MS) Exchange server suite. Active exploitation has been observed on-premises running MS Exchange installations.
MS Exchange vulnerabilities once exploited may lead to network compromise, data exfiltration and ransomware attacks. Across the EU, an increasing number of MS Exchange installations have also been found to be the target of malicious attacks.
ENISA published a situation report which provides an assessment as well as advice and mitigation measures. It reports that threat has been assessed as severe and considers these types of attacks probable and of high risk.
The Agency calls on organisations using affected Microsoft Exchange versions to patch the flaws immediately and thoroughly investigate for potential signs of compromise.
At EU level, the EU CSIRTs Network and EU Cyber Crises Liaison Organisation Network (CyCLONe) are monitoring the situation and collecting information at both the technical and operational levels.
Microsoft is updating advisories and guidance while additional technical information and advice are provided by CERT-EU technical advisory.
Leave a comment , , ,

Latest issue of World Security Report has arrived

Association News
The Spring 2021 issue of World Security Report for the latest industry views and news, is now available to download.
In the Spring 2021 issue of World Security Report:
- Phenomena or Just a ‘Bad Karma’
- Towards 2021 – Upcoming Organisation Risk & Resiliency Trends
- Maritime Domain Awareness - An Essential Component of a Comprehensive Border Security Strategy
- Security and Criminology- Risk Investigation and AI
- Resilience and Social Unrest
- State Sponsored Terror
- IACIPP Association News
- Industry news
Download your copy today at www.cip-association.org/WSR
Leave a comment , , , , ,

IACIPP and Capitol Sign Agreement to Advance Worldwide Critical Infrastructure Awareness and Knowledge

Association News, Cyber Security CII sector, Telecomms sector, Transport sector, University/Research/Academia sector, Water sector
Capitol Technology University and the International Association of Critical Infrastructure Protection Professionals (IACIPP) signed a Memorandum of Understanding (MOU) to develop a partnership that will extend efforts to improve the training and education of Critical Infrastructure Students and professionals. Both parties recognize a high demand for worldwide cooperation to increase the effectiveness of research, education, and activities in the critical infrastructure field of study. This MOU will facilitate the development of joint seminars, conferences, and training courses.
“As an Association we aim to deliver discussion and innovation— on many of the serious infrastructure, protection, management, and security challenges—facing both industry and governments. The ever changing and evolving nature of threats, whether natural through climate change or man-made through terrorism activities, either physical or cyber, means there is a continual need to review and update policies, practices, training, and technologies to meet these growing and changing demands,” said John Donlon QPM, Chairman IACIPP. “This partnership with Capitol Technology University enables both parties to develop and enhance objectives through education and training.”
A nation’s critical infrastructure provides the essential services that underpin a society. Proactive and coordinated efforts are necessary to strengthen and maintain secure, functioning, and resilient critical infrastructure— including assets, networks, and systems—that are vital to public confidence and a nation’s safety, prosperity, and well-being.
Critical infrastructure must be secure and able to withstand and rapidly recover from all hazards. Achieving this will require integration with the national preparedness system across prevention, protection, mitigation, response, and recovery.
The International Association of Critical Infrastructure Protection Professionals (IACIPP) is an international association of practitioners and professionals involved in the security, resilience and safety of critical infrastructure, both physical and information infrastructure.
The IACIPP is open to critical infrastructure operators and government agencies, including site managers, security officers, government agency officials, policy makers, research & academia. The Association also aims to share ideas, information, experiences, technology and best practices to enhance these objectives.
Capitol Technology University, located in Laurel, Maryland, is an independent institution that has focused on STEM education since 1927. Capitol Tech, the national winner of the 2020 SC Media Award for Best Cybersecurity Higher Education Program, offers hands-on courses taught by industry experts that lead to undergraduate and graduate degrees in emerging fields such as Mechatronics Engineering and Artificial Intelligence.
Leave a comment , , ,

CISA Publish Ransomware Guidance and Resources

Agency News, Cyber Security CII sector, Industry News
Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid. In recent years, ransomware incidents have become increasingly prevalent among the Nation’s state, local, tribal, and territorial (SLTT) government entities and critical infrastructure organizations.
Malicious actors continue to adjust and evolve their ransomware tactics over time, and CISA analysts remain vigilant in maintaining awareness of ransomware attacks and associated tactics, techniques, and procedures across the country and around the world: See CISA's Awareness Briefings on Combating Ransomware, Joint Ransomware Statement, and CISA Insights – Ransomware Outbreak.
Looking to learn more about this growing cyber threat? The NEW Ransomware Guide is a great place to start. The Guide, released in September 2020, represents a joint effort between CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC). The joint Ransomware Guide includes industry best practices and a response checklist that can serve as a ransomware-specific addendum to organization cyber incident response plans.
In January 2021, CISA unveiled the Reduce the Risk of Ransomware Campaign to raise awareness and instigate actions to combat this ongoing and evolving threat. The campaign is a focused, coordinated and sustained effort to encourage public and private sector organizations to implement best practices, tools and resources that can help them mitigate ransomware risk.
Leave a comment , , , ,

UNISDR Report: Words into Action guideline: Man-made/technological hazards

Agency News, Industry News, Power/Energy/Oil & Gas sector, Water sector
The UNISDR has issues a report that takes a practical approach in addressing man-made and technological hazards, and builds upon previous analyses and recommendations relating to such hazards in the context of DRR.
The number and magnitude of man-made disasters worldwide have risen since the 1970s and continue to grow in both frequency and impact on human wellbeing and economies, particularly in low and middle-income countries.
Several major technological accidents and the increased number of new hazardous substances and materials have highlighted the need to tackle these hazards within the overall frame of inclusive disaster risk management. Paragraph 15 of the Sendai Framework for Disaster Risk Reduction 2015-2030 leaves no doubt about the need to address hazards comprehensively as it applies to the risk of small-scale and large-scale, frequent and infrequent, sudden and slow-onset disasters, caused by both natural and man-made hazards as well as related environmental, technological and biological hazards and risks. It aims to guide the management of disaster risk at all levels as well as within and across all sectors.
The United Nations Office for Disaster Risk Reduction (UNISDR) is the focal point of the United Nations system for disaster risk reduction and the custodian of the Sendai Framework, supporting countries and societies in its implementation, monitoring and review of progress.
In accordance with the Sendai Framework, this guide seeks to address man-made hazards by strengthening national and local disaster management plans to include these hazards and by raising awareness of their risks and impacts. Furthermore, it will be a valuable tool to support training and capacity building.
This guide provides a set of evidence-based, practical activities for implementation for chemical, industrial and transport accidents, and nuclear and radiological hazards under the Sendai Framework’s four priorities for action. The guide highlights the existing diversity of thematic frameworks, institutional and legal mechanisms at global and regional levels that are related to and used for addressing man-made hazards. It also draws attention to existing collaborations within the disaster risk reduction community and key partners.
The Guide builds on the outcomes of the Open-ended Intergovernmental Expert Working Group on Indicators and Terminology for the Sendai Framework, and the work on hazard classification and terminology related to man-made hazards.
Full guide is available here >>
Leave a comment , , ,

GAO Report: Opportunities Exist for DOE to Better Support Utilities in Improving Resilience to Hurricanes

Agency News, Industry News, Power/Energy/Oil & Gas sector
Hurricanes are a leading cause of major power outages in the U.S., impacting millions of customers in recent years. Utilities in hurricane-affected states have invested in ways to better equip their grids to withstand and rapidly recover from hurricanes. For example, some utilities have elevated equipment to protect grid infrastructure from flooding.
The Department of Energy and its National Laboratories are developing planning tools, such as metrics to track grid resilience. However, we recommended that DOE create a plan to better guide these efforts and to better inform utilities about available resources at its National Labs.
Since 2012, utilities have taken steps to improve grid resilience to severe hurricanes, such as (1) implementing storm hardening measures to enable the grid to better withstand the effects of hurricanes; (2) adopting technologies to enhance operational capacity and help quickly restore service following disruptions; and (3) participating in mutual aid programs with other utilities and training and planning exercises. For example, utilities have implemented storm hardening measures that include elevating facilities and constructing flood walls to protect against storm surges. Utilities have also adopted technologies that enhance communication capabilities and monitor systems to detect, locate, and repair sources of disruptions. However, these utilities reported challenges justifying grid resilience investments to obtain regulatory approval, and some utilities have limited resources to pursue such enhancements.
Various federal agencies can provide funding for efforts to enhance grid resilience to hurricanes, including the Department of Agriculture (USDA) and the Federal Emergency Management Agency (FEMA). However, eligibility for most federal funding for grid resilience, including some USDA and FEMA funding, is limited to publicly owned utilities and state, tribal, and local governments. The Department of Energy (DOE) does not provide direct funding for grid resilience improvements, but it has efforts under way, including through its National Laboratories, to provide technical assistance and promote research and collaboration with utilities. DOE has also initiated preliminary efforts to develop tools for resilience planning, including resilience metrics and other tools such as a framework for planning, but DOE does not have a plan to guide these efforts. Without a plan to guide DOE efforts to develop tools for resilience planning, utilities may continue to face challenges justifying resilience investments. In addition, DOE lacks a formal mechanism to inform utilities about the efforts of its National Laboratories. Such a mechanism would help utilities leverage existing resources for improving grid resilience to hurricanes.
Hurricanes pose significant threats to the electricity grid in some U.S. coastal areas and territories and are a leading cause of major power outages. In recent years, hurricanes have impacted millions of customers in these areas. Adoption of technologies and other measures could improve the resilience of the grid so that it is better able to withstand and rapidly recover from severe weather; this could help mitigate the effects of hurricanes.
This report examines (1) measures utilities in selected states have adopted to enhance grid resilience following major hurricanes since 2012 and any challenges utilities face funding such measures; and (2) federal efforts to support the adoption of measures to enhance grid resilience to hurricanes and any opportunities that exist to improve these efforts. For this report, GAO assessed agency and industry actions; reviewed relevant reports, policies, and documents; and interviewed federal, industry, and local officials.
GAO recommends that DOE (1) establish a plan to guide its efforts to develop tools for resilience planning, and (2) develop a mechanism to better inform utilities about grid resilience efforts at the National Laboratories. DOE agreed in principle with these recommendations, but its proposed actions do not fully address GAO's concerns.
Full report can be found here >>
Leave a comment , , , ,

Climate Change Is Expected to Have Far-reaching Effects and DOE and FERC Should Take Actions

Agency News, Industry News, Power/Energy/Oil & Gas sector
Climate change is expected to affect every aspect of the electricity grid—from generation, transmission, and distribution, to demand for electricity. For example, more frequent droughts and changing rainfall patterns may diminish hydroelectricity in some areas, and increasing wildfires may damage transmission lines.
We testified about how the Department of Energy and the Federal Energy Regulatory Commission could enhance grid resilience. We recommended that DOE develop a strategy for doing so and coordinate efforts within the department, and that FERC assess grid risks and plan how to promote resilience.
Climate change is expected to have far-reaching effects on the electricity grid that could cost billions and could affect every aspect of the grid from generation, transmission, and distribution to demand for electricity, according to several reports GAO reviewed. The type and extent of these effects on the grid will vary by geographic location and other factors. For example, reports GAO reviewed stated that more frequent droughts and changing rainfall patterns may adversely affect hydroelectricity generation in Alaska and the Northwest and Southwest regions of the United States. Further, transmission capacity may be reduced or distribution lines damaged during increasing wildfire activity in some regions due to warmer temperatures and drier conditions. Moreover, climate change effects on the grid could cost utilities and customers billions, including the costs of power outages and infrastructure damage.
Since 2014, the Department of Energy (DOE) and the Federal Energy Regulatory Commission (FERC) have taken actions to enhance the resilience of the grid. For example, in 2015, DOE established a partnership with 18 utilities to plan for climate change. In 2018, FERC collected information from grid operators on grid resilience and their risks to hazards such as extreme weather. Nevertheless, opportunities exist for DOE and FERC to take additional actions to enhance grid resilience to climate change. For example, DOE identified climate change as a risk to energy infrastructure, including the grid, but it does not have an overall strategy to guide its efforts. GAO's Disaster Resilience Framework states that federal efforts can focus on risk reduction by creating resilience goals and linking those goals to an overarching strategy. Developing and implementing a department-wide strategy that defines goals and measures progress could help prioritize DOE's climate resilience efforts to ensure that resources are targeted effectively. Regarding FERC, it has not taken steps to identify or assess climate change risks to the grid and, therefore, is not well positioned to determine the actions needed to enhance resilience. Risk management involves identifying and assessing risks to understand the likelihood of impacts and their associated consequences. By doing so, FERC could then plan and implement appropriate actions to respond to the risks and achieve its objective of promoting resilience.
According to the U.S. Global Change Research Program, changes in the earth's climate are under way and expected to increase, posing risks to the electricity grid that may affect the nation's economic and national security. Annual costs of weather-related power outages total billions of dollars and may increase with climate change, although resilience investments could help address potential effects, according to the research program. Private companies own most of the electricity grid, but the federal government plays a significant role in promoting grid resilience—the ability to adapt to changing conditions; withstand potentially disruptive events; and, if disrupted, to rapidly recover. DOE, the lead agency for grid resilience efforts, conducts research and provides information and technical assistance to industry. FERC reviews mandatory grid reliability standards.
This testimony summarizes GAO's report on grid resilience to climate change. Specifically, the testimony discusses (1) potential climate change effects on the electricity grid; and (2) actions DOE and FERC have taken since 2014 to enhance electricity grid resilience to climate change effects, and additional actions these agencies could take. GAO reviewed reports and interviewed agency officials and 55 relevant stakeholders.
Leave a comment , , ,

Ensuring the Safety of Nuclear Installations: Lessons Learned from Fukushima

Industry News, Power/Energy/Oil & Gas sector
The Fukushima Daiichi nuclear accident reinforced the importance of having adequate national and international safety standards and  guidelines in place so that nuclear power and technology remain safe and continue to provide reliable low carbon energy globally.
By recognizing the lessons learned from the 2011 accident, the IAEA has been revising its global safety standards to ensure that Member States continue to receive up-to-date guidance of high quality.
“The Fukushima Daiichi accident has left a very large footprint on nuclear safety thinking, which manifested itself in a distinct shift from the prevention of design basis accidents to the prevention of severe accidents and, should an accident occur, the practical elimination of its consequences,” said Greg Rzentkowski, Director of the IAEA’s Division of Nuclear Installation Safety.
Following the accident, through a review of relevant standards, including the IAEA safety standard on design safety, experts found that a higher level of safety could be incorporated into existing nuclear power plants by adhering to more demanding requirements for protection against external natural hazards and by enhancing the independence of safety levels so that, even if one layer fails, another layer is unimpacted and stops an accident from happening.
While requirements for protection against natural hazards have always been included in the design of nuclear reactors, these have been strengthened since the accident. In general, the design requirements now take into account natural hazards of an estimated frequency above 1 in 10 000 years, as opposed to 1 in 1000 years used previously.
Incorporating these new safety standards into the design of existing reactors was subsequently tested through comprehensive safety assessments and inspections. The assessments took into account the design features of installations, safety upgrades and provisions for the use of non-permanent equipment to demonstrate that the probability of conditions that may lead to early or large releases is practically eliminated.
“New power plants are designed to account for the possibility of severe accidents,” said Javier Yllera, a senior Nuclear Safety Officer at the IAEA. “Different safety improvements have been implemented at existing power plants, together with accident management measures.”
Safety assessments or ‘stress tests’ implemented in the European Union following the Fukushima Daiichi nuclear accident focused on the assessment of natural hazards such as earthquakes and flooding, and on the behaviour of power plants in cases of extreme natural events and severe accidents. The overall objective was to analyse the robustness of reactors to such events and, if necessary, increase it. The margins of the safety of reactors were analysed and possible improvements were identified. The implementation of those stress tests remained the responsibility of Member States, and resulted in many design and operation enhancements in Europe.
[Source: IAEA]
Leave a comment , ,
1 33 34 35 36 37 54