Public Health Emergencies: Data Management Challenges Impact National Response

Agency News, Cyber Security CII sector, Health & Social Care, Industry News

Public health emergencies evolve quickly, but public health entities lack the ability to share new data and potentially life-saving information in real-time—undermining the nation's ability to respond quickly.

To address this, the federal government must overcome three major challenges—specifically, the lack of:

- Common standards for collecting data (e.g., patient characteristics)
- "Interoperability" (meaning not all data systems work together)
- Public health IT infrastructure (the hardware, software, networks, and policies that would enable the reporting and sharing of data)

This snapshot discusses our related work and recommendations.

Public health emergencies evolve quickly, but public health entities lack the ability to share new data and potentially life-saving information in near real-time. To address this, the federal government must overcome 3 major challenges in how it manages public health data. GAO has made a number of recommendations to help address these challenges. However, many of these recommendations have not been implemented.
The Big Picture

Longstanding challenges in the federal government’s management of public health data undermine the nation’s ability to quickly respond to public health emergencies like COVID-19 and monkeypox. These challenges include the lack of:

- common data standards—requirements for public health entitles to collect certain data elements, such as patient characteristics (e.g., name, sex, and race) and clinical information (e.g., diagnosis and test results) in a specific way;
- interoperability—the ability of data collection systems to exchange information with and process information from other systems; and
- public health IT infrastructure—the computer software, hardware, networks, and policies that enable public health entities to report and retrieve data and information.

Over 15 years ago, federal law mandated that the Department of Health and Human Services (HHS) establish a national public health situational awareness network with a standardized data format. This network was intended to provide secure, near real-time information to facilitate early detection of and rapid response to infectious diseases.

However, the federal government still lacks this needed network and has not yet overcome the challenges identified in previous GAO reviews. Having near real-time access to these data could significantly improve our nation’s preparedness for public health emergencies and potentially save lives.

Without the network, federal, state, and local health departments, hospitals, and laboratories are left without the ability to easily share health information in real-time to respond effectively to diseases.

GAO’s prior work identified three broad challenges to public health data management and recommended actions for improvement.

1. Common Data Standards

To ensure that information can be consistently reported, compared, and analyzed across jurisdictions, public health entities need a standardized data format. Due to the lack of common data standards, information reported by states about COVID-19 case counts was inconsistent. This in turn complicated the ability of the Centers for Disease Control and Prevention (CDC) to make comparisons. Public health representatives also noted challenges in collecting complete demographic data. This made it difficult to identify trends in COVID-19 vaccinations and the number of doses administered. Although CDC had intended to implement data standards, its strategic plan did not articulate specific actions, roles, responsibilities, and time frames for doing so.

- Re recommended that HHS establish an expert committee for data collection and reporting standards by engaging with stakeholders (e.g., health care professionals from public and private sectors). This committee should review and inform the alignment of ongoing data collection and reporting standards related to key health indicators.
- Recommended that CDC define specific action steps and time frames for its data modernization efforts.

2. Interoperability among Public Health IT Systems

The inability to easily exchange information across data collection and other data systems creates barriers to data sharing and additional burdens on entities that collect and transmit data. During the early stages of COVID-19, the lack of IT system interoperability caused health officials and their key stakeholders (e.g., hospitals) to manually input data into multiple systems. In addition, some state health departments could not directly exchange information with CDC via an IT system. This led to longer time frames for CDC to receive the data they needed to make decisions on the COVID-19 response.

- Recommended that, as part of planning for the public health situational awareness network, HHS should ensure the plan includes how standards for interoperability will be used.

3. Lack of a Public Health IT Infrastructure

The timeliness and completeness of information that is shared during public health emergencies can be impeded by the absence of a public health IT infrastructure. During the early stages of COVID-19, some states had to manually collect, process, and transfer data from one place to another. For example, a state official described having to fax documents, make copies, and physically transport relevant documents. The official noted by establishing a public health IT infrastructure, such as the network HHS was mandated to create, errors would be reduced. To help mitigate challenges in data management for COVID-19, HHS launched the HHS Protect platform in April 2020. However, we reported that public health and state organizations raised questions about the completeness and accuracy of some of the data.

- Recommended that HHS prioritize the development of the network by, in part, establishing specific near-term and long-term actions that can be completed to show progress.
- Recommended that HHS identify an office to oversee the development of the network.
- Recommended that HHS identify and document information-sharing challenges and lessons learned from the COVID-19 pandemic.

Leave a comment , , ,

The fastest-growing port in Texas just got even safer

Industry News, Transport sector

Mariners sailing in and around Port Freeport — the fastest-growing port in Texas — have something to celebrate.

The seaport, located outside of Houston, is now fitted with a NOAA system that improves safe and efficient marine navigation. The technology is part of a nationwide network called Physical Oceanographic Real-Time System, or PORTSⓇ.

Freeport PORTS is the 38th system in this network of precision marine navigation sensors. The integrated series of sensors track oceanographic and meteorological conditions as they unfold around the port. This will greatly increase the navigation safety of vessels entering and exiting Port Freeport.

“Precision navigation is critical to our nation’s data-driven blue economy and helps our environment,” said NOAA Administrator Rick Spinrad, Ph.D. “The real-time information tracked by NOAA allows ships to move safely within U.S. waterways to make operations more efficient and lower fuel consumption, which also lowers carbon emissions.”

More than 30 million tons of cargo moved through Port Freeport in 2019, which supported more than 279,000 jobs nationwide, for a total economic impact of $149 billion. The new system will allow all mariners to have access to real-time water level, currents and meteorological information, helping them to better plan vessel transits and prevent accidents.

Studies prove that the NOAA PORTS program reduces shipping collisions, groundings, injuries and property damage. When a new PORTS is designed, local stakeholders determine the sensor types and location requirements to support their safety and efficiency decisions.

“This new system, and the others like them around the country, reduce ship accidents by more than 50%, and allow for larger ships to get in and out of seaports and reduce traffic delays,” said Nicole LeBoeuf, director of NOAA’s National Ocean Service. “PORTS can also provide real-time data as conditions rapidly change, giving our coastal communities time to prepare and respond.”

Newly installed current meters collect and transmit real-time current observations in waterways where those conditions can change quickly and over small distances. One current meter that is mounted on a buoy is installed along the port entrance channel to capture critical cross currents data outside of the Surfside Jetty. A second current meter is installed on a pier in the intercoastal waterway near the Surfside Bridge to collect data that will indicate the strength of currents near an important turning point for vessels coming in and out of Freeport Harbor.

The new system also integrates real-time water level and meteorological information from the NOAA Freeport Harbor National Water Level Observation Network station. That equipment is installed on a specialized single platform structure which is common in the Gulf of Mexico. Wind speed and directional data will help users plan for safe pilot boarding and ship passages during adverse weather.

Leave a comment , , ,

Makati City becomes the second Resilience Hub in Asia-Pacific

Agency News, Health & Social Care, Industry News, Water sector

The City of Makati in the Philippines is named as the second Resilience Hub of Making Cities Resilient 2030 (MCR2030) in the Asia-Pacific region on 27 September 2022.

Makati has already been recognized as a Role Model City of the MCR 2010-2020 initiative by sharing know-how and experiences for reducing disaster risk, building urban resilience with other cities and participating in regional forums.

Under the leadership of Mayor Mar-len Abigail S. Binay, the city has adopted the principle of “Resilience is everybody’s business” at all sectors of society to manage disasters and build urban resilience in the country.

“We’re committed to continuing the journey of advocating resilience as a way of life through a Resilience Hub by collaborating with our constituents, partners and other local government units,” said Ms. Binay.

The Chief of the Regional Office for Asia and the Pacific at the United Nations Office for Disaster Risk Reduction (UNDRR), Mr. Marco Toscano-Rivalta, congratulated the Mayor, the City of Makati and its people for their vision and determination to continue strengthening disaster resilience and supporting other cities along the resilience pathway.

“Disaster risk is local, and it is at the local level where leadership, partnerships and solutions make a difference. MCR2030 is a catalyst for local action, a platform for collaboration and sharing of knowledge to localize disaster risk management and the implementation of the Sendai Framework for Disaster Risk Reduction,” said Mr. Toscano-Rivalta.

Makati, also known as a financial hub of the country, has developed a three-year plan of the Resilience Hub, which focuses on creating and building an online knowledge portal. The portal’s objective is to enhance peer-to-peer support, and disseminate risk data, information and expertise by conducting workshops, seminars and events related to strengthening urban resilience towards disaster risk reduction.

The plan also aims to improve city-to-city cooperation by working with other local governments in the Asia Pacific Region and beyond, promote synergies between cities to learn from each other and other disaster risk reduction activities, including capacity building, disaster preparedness, response and prevention.

The city is also in the process of developing the Makati Disaster Risk Reduction and Management Academy to learn from its best practices, using case studies and knowledge bases from other cities, leveraging experiences from an international group of practitioners who already participated in the initiative.

Notably, the city has continually mainstreamed and institutionalized disaster risk reduction management across all levels of the city since signing up to the MCR campaign in 2010.

As one of the pilot cities applying MCR tools, Makati held multi-sectoral annual workshops, reviewed and reassessed the city’s progress in implementing the Ten Essentials for MCR2030 through the Local Government Self-Assessment Tool.

The city was one of the first municipalities to utilize the Disaster Resilience Scorecard for Cities, which was developed through then UNISDR’s collaboration with global technology companies such as IBM and AECOM.

In 2017, the city established a resilience roadmap called the Makati Disaster Risk Reduction and Management Plan, using the now adapted Disaster Resilience Scorecard. Makati used Disaster Resilience Scorecard for Cities - Public Health System Resilience Addendum to enhance the city’s disaster risk reduction management.

Leave a comment , , ,

UK and allies expose Iranian state agency for exploiting cyber vulnerabilities for ransomware operations

Agency News, Cyber Security CII sector, Industry News

The UK and international allies have issued a joint cyber security advisory highlighting that cyber actors affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC) are exploiting vulnerabilities to launch ransomware operations against multiple sectors.

Iranian-state APT actors have been observed actively targeting known vulnerabilities on unprotected networks, including in critical national infrastructure (CNI) organisations.

The advisory, published by the National Cyber Security Centre (NCSC) − a part of GCHQ − alongside agencies from the US, Australia and Canada, sets out tactics and techniques used by the actors, as well as steps for organisations to take to mitigate the risk of compromise.

It updates an advisory issued in November 2021 which provided information about Iranian APT actors exploiting known Fortinet and Microsoft Exchange vulnerabilities.

They are now assessed to be affiliated to the IRGC and are continuing to exploit these vulnerabilities, as well as the Log4j vulnerabilities, to provide them with initial access, leading to further malicious activity including data extortion and disk encryption.

Paul Chichester, NCSC Director of Operations, said:

"This malicious activity by actors affiliated with Iran’s IRGC poses an ongoing threat and we are united with our international partners in calling it out.

“We urge UK organisations to take this threat seriously and follow the advisory’s recommendations to mitigate the risk of compromise.”

The NCSC urges organisations to follow the mitigation set out in the advisory, including:

- Keeping systems and software updated and prioritising remediating known exploited vulnerabilities
- Enforcing multi-factor authentication
- Making offline backups of your data

This advisory has been issued by the NCSC, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), US Cyber Command (USCC), Department of the Treasury (DoT), the Australian Cyber Security Centre (ACSC) and the Canadian Centre for Cybersecurity (CCCS).

Leave a comment , , , ,

NSA, CISA: How Cyber Actors Compromise OT/ICS and How to Defend Against It

Agency News, Cyber Security CII sector, Industry News, Power/Energy/Oil & Gas sector, Telecomms sector

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) published a Cybersecurity Advisory that highlights the steps malicious actors have commonly followed to compromise operational technology (OT)/industrial control system (ICS) assets and provides recommendations on how to defend against them.

“Control System Defense: Know the Opponent” notes the increasing threats to OT and ICS assets that operate, control, and monitor day-to-day critical infrastructure and industrial processes. OT/ICS designs are publicly available, as are a wealth of tools to exploit IT and OT systems.

Cyber actors, including advanced persistent threat (APT) groups, have targeted OT/ICS systems in recent years to achieve political gains, economic advantages, and possibly to execute destructive effects. Recently, they’ve developed tools for scanning, compromising, and controlling targeted OT devices.

“Owners and operators of these systems need to fully understand the threats coming from state-sponsored actors and cybercriminals to best defend against them,” said Michael Dransfield, NSA Control Systems Defense Expert. “We’re exposing the malicious actors’ playbook so that we can harden our systems and prevent their next attempt.”

This joint Cybersecurity Advisory builds on previous NSA and CISA guidance to stop malicious ICS activity and reduce OT exposure. Noting that traditional approaches to securing OT/ICS do not adequately address threats to these systems, NSA and CISA examine the tactics, techniques, and procedures cyber actors employ so that owners and operators can prioritize hardening actions for OT/ICS.

Defenders should employ the mitigations listed in this advisory to limit unauthorized access, lock down tools and data flows, and deny malicious actors from achieving their desired effects.

Leave a comment , , ,

Large Constellations of Satellites: Mitigating Environmental and Other Effects

Agency News, Industry News, Space Sector

There are almost 5,500 active satellites in orbit as of spring 2022, and one estimate predicts the launch of an additional 58,000 by 2030. Large constellations of satellites in low Earth orbit are the primary drivers of the increase. Satellites provide important services, but there are potential environmental and other effects that this trend could produce (see figure).

Potential effects from the launch, operation, and disposal of satellites

For decades, satellites have been used for GPS, communications, and remote sensing. The number of satellites has recently increased, as thousands more have been launched to provide internet access.

But this increase may be disruptive. For example, it could lead to more space debris, which can damage existing satellites used for commerce or national security. We reviewed technologies and other tools to lessen potential effects. We also looked at mitigation challenges, like unclear rules and immature technology. To help address the challenges, we developed policy options, which may help policymakers achieve a variety of goals.

GAO assessed technologies and approaches to evaluate and mitigate the following potential effects:

- Increase in orbital debris. Debris in space can damage or destroy satellites, affecting commercial services, scientific observation, and national security. Better characterizing debris, increasing adherence to operational guidelines, and removing debris are among the possible mitigations, but achieving these is challenging.
- Emissions into the upper atmosphere. Rocket launches and satellite reentries produce particles and gases that can affect atmospheric temperatures and deplete the ozone layer. Limiting use of rocket engines that produce certain harmful emissions could mitigate the effects. However, the size and significance of these effects are poorly understood due to a lack of observational data, and it is not yet clear if mitigation is warranted.
- Disruption of astronomy. Satellites can reflect sunlight and transmit radio signals that obstruct observations of natural phenomena. Satellite operators and astronomers are beginning to explore ways of mitigating these effects with technologies to darken satellites, and with tools to help astronomers avoid or filter out light reflections or radio transmissions. However, the efficacy of these techniques remains in question, and astronomers need more data about the satellites to improve mitigations.

GAO developed the following policy options to help address challenges with evaluating and mitigating the effects of large constellations of satellites. GAO developed the options by reviewing literature and documents, conducting interviews, and convening a 2-day meeting with 15 experts from government, industry, and academia. These policy options are not recommendations. GAO presents them to help policymakers consider and choose options appropriate to the goals they hope to achieve. Policymakers may include legislative bodies, government agencies, standards-setting organizations, industry, and other groups.

Policymakers may be better positioned to take action on this complex issue if they consider interrelationships among these policy options. For example, implementing the fourth option (improving organization and leadership) may improve policymakers’ ability to implement the first and second options (building knowledge, developing technologies, and improving data sharing). Similarly, implementing the first option may help with the third option (establishing standards, regulations, and agreements). More generally, trade-offs between mitigations may emerge, the ongoing increase in new constellations may introduce unexpected changes, and a large and diverse set of interests from the global community may shift over time, all of which present persistent uncertainties. To address these complexities and uncertainties, the full report presents the policy options in a framework, which may help policymakers strategically choose options to both realize the benefits and mitigate the potential effects of large constellations of satellites.

Enabled by declines in the costs of satellites and rocket launches, commercial enterprises are deploying large constellations of satellites into low Earth orbit. Satellites provide important data and services, such as communications, internet access, Earth observation, and technologies like GPS that provide positioning, navigation, and timing. However, the launch, operation, and disposal of an increasing number of satellites could cause or increase several potential effects.

This report discusses (1) the potential environmental or other effects of large constellations of satellites; (2) the current or emerging technologies and approaches to evaluate or mitigate these effects, along with challenges to developing or implementing these technologies and approaches; and (3) policy options that might help address these challenges.

To conduct this technology assessment, GAO reviewed technical studies, agency documents, and other key reports; interviewed government officials, industry representatives, and researchers; and convened a 2-day meeting of 15 experts from government, industry, academia, and a federally funded research and development center. GAO is identifying policy options in this report.

Leave a comment ,

Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization

Agency News, Cyber Security CII sector, Industry News, Power/Energy/Oil & Gas sector

CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA), Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization, highlighting advanced persistent threat (APT) activity observed on a Defense Industrial Base (DIB) Sector organization’s enterprise network. ATP actors used the open-source toolkit, Impacket, to gain a foothold within the environment and data exfiltration tool, CovalentStealer, to steal the victim’s sensitive data.

Joint Cybersecurity Advisory AA22-277A provides the APT actors tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs). CISA, FBI, and NSA recommend DIB sector and other critical infrastructure organizations implement the mitigations in this CSA to ensure they are managing and reducing the impact of APT cyber threats to their networks.

Leave a comment ,

EPA’s proposed changes to chemical disaster prevention rule don’t do enough to keep communities safe

Industry News, Power/Energy/Oil & Gas sector

Coming Clean and the Environmental Justice Health Alliance for Chemical Policy Reform released a report that profiles three chemical incidents that occurred within two weeks this January, and recommends specific safety measures that the Environmental Protection Agency (EPA) should require in order to prevent future chemical disasters.

On August 31, 2022, the EPA published proposed revisions to the Risk Management Program (RMP), which regulates approximately 12,000 high-risk facilities in the U.S. that use or store certain highly hazardous chemicals. EPA was specifically directed by Congress to use this program to prevent disasters, yet more than 140 harmful chemical incidents occur on average every year.

Three such incidents in January, 2022 that are the focus of the report include: a fire at the Winston Weaver Fertilizer plant in North Carolina that caused 6,500 people to evacuate and nearly triggered a deadly ammonium nitrate explosion; an explosion at the Westlake Chemical South plant that caused 7,000 students to shelter in place in the Lake Charles area in Louisiana; and a massive fire that spread to the Qualco chemical plant in Passaic, New Jersey and came dangerously close to igniting an estimated 3 million pounds of hazardous chemicals.

Preventing Disaster offers actionable recommendations the EPA should include in its final rule that could prevent similar incidents from happening in the future, including:

- Requiring all RMP facilities to consider, document, and implement safer chemicals and technologies;
- Expanding the Risk Management Program to cover ammonium nitrate and other hazardous chemicals which remain excluded in the proposed rule;
- Requiring RMP facilities to not only consider the risks posed by natural hazards, as proposed in the draft rule, but to take meaningful steps to prepare for those risks, such as implementing backup power for chemical production and storage processes.

“Overall,” the report concludes, “EPA’s draft rule, rather than adopting common-sense prevention requirements, continues to rely on voluntary actions by high-risk facilities. This approach has failed to prevent many chemical disasters over the last 25 years. If the draft rule is not strengthened, facility workers and neighbors across the country will continue to bear the human, environmental, and financial costs of more preventable disasters.”

“The EPA still has time to get this rule right,” said Steve Taylor, Program Director for Coming Clean, who contributed to the report. “Communities at the fenceline of these hazardous facilities, and the workers inside them, are sick of industry stonewalling and EPA excuses. A stronger rule is needed to ensure that hazards are removed, or we will continue to see more chemical disasters.”

“We’re glad that EPA recognizes the need to reconsider the RMP rule; preventing disasters is a longstanding priority for EJHA. Unfortunately the draft rule is full of more voluntary measures, which decades of incidents have proven do not work.” said Michele Roberts, National Co-Coordinator of the Environmental Justice Health Alliance for Chemical Policy Reform. “We are depending on EPA to have the moral and political courage to keep the promises President Biden has made to our communities— that means a final rule that requires the transition to safer chemicals and processes wherever possible. Removing hazards before disasters can occur is the best way to protect workers and communities.”

View Repor at www.preventionweb.net/publication/preventing-disaster-three-chemical-incidents-within-two-weeks-show-urgent-need-stronger

Leave a comment , , , ,

Effective communication of disaster warnings saving lives in Fiji

Industry News, Telecomms sector

Communication is key – especially when you are in the business of saving lives.

During their Ignite session on the second day of the Asia-Pacific Ministerial Conference on Disaster Risk Reduction in Brisbane, Australia, the FMS presented on disaster risk communication and effective information sharing, in order to give people a better understanding of the importance of effective communication of warnings and understanding user needs.

FMS Medial Liaison Manager, Ms Ana Sovaraki, said the Fiji Meteorological Service, as well as being a Regional Meteorological Centres in the world, has always tried to ensure the effective and timely dissemination of warnings before and during disasters.

“Following the events of Severe Tropical Cyclone Winston in 2018, the Met Service realised, amongst other things, the need to improve and enhance communication and dissemination systems” she said.

It was then that the FMS decided to create a communications role within the department to develop communications strategies to ensure warning messages are reaching the users on time. They were the first Met Service in the region to do so.

The FMS has since worked on genuinely integrating communications into their forecasts and ensuring users of information understand the warnings which in turn helps communities prepare for natural disasters in Fiji.

One of the ways in which they have done this is through impact-based early warnings communicated effectively to prompt actions. The warning bulletins now include potential or expected impacts which they have found to be more relatable to people than just forecast warnings.

“For example, if there is a tropical cyclone and the forecast says to anticipate 50km/h winds, this information alone may not be understood by a layman,” Ms Sovaraki said.

“However, if we integrate the anticipated or possible impact by saying that this wind strength is capable of ripping off roofs and uprooting trees, it can be more relatable to people and they can then take action based on that information. Impact-based communications ensures that the information is understandable, relatable, and reaches the last mile.

Another key aspect of effectively communicating forecasts and warnings is to understand the needs of users and developing user-specific products and information to meet those needs.

“We can have the best warning and forecasts, and our Communications people can give us the best key messages but if does not meet the needs of the users, then those warnings and messages do not serve a purpose,” said Director of the Fiji Met Services, Mr Terry Atalifo.

“The Met Service is moving towards trying to understand the needs of people, how vulnerable they are to disasters, and the risks these people face during disasters. This will place us in a better position to ensure that the service they provide meets these needs and requirements.”

The FMS does this by continuing to engage with stakeholders, which is a key component of their work.

“We have meetings and national forums every year to make sure that we understand the needs of these stakeholders.”

Mr Atalifo thanked all their Pacific partners and those in Australia and New Zealand who provide the support to FMS to ensure that they are able to better understand the needs of people.

Leave a comment , , ,

A Resilient World? Understanding vulnerability in a changing climate

Industry News, Water sector

A recent report is the second report about the 2021 World Risk Poll findings and it shows how financial insecurity undermines resilience in the face of climate change-related disasters. Communities across the world are feeling the impact of natural and human-made hazards, whether that’s severe weather and its link with climate change, or the result of industrial, social, or environmental impacts. Revealing how people worldwide feel their country’s infrastructure and government can cope in the face of disasters, the report provides global insights into how prepared and resilient individuals believe their communities, countries, and institutions are in dealing with hazards. The findings can be used by governments, development agencies, businesses, and researchers to help them identify vulnerabilities and take action to make people safer.

Key findings of the report include:

- Over a third (34%) of people across the world said they could only cover their basic needs for less than a month if they lost all their income.
- People from lower income countries also have less confidence in their ability to protect themselves from a disaster.
- Results from the World Risk Poll global Resilience Index reveals which countries are most resilient to climate change-related and other disasters.
- 125,000 people in 121 countries were polled as part of the study.

Leave a comment ,
1 18 19 20 21 22 61