Tag: criticalinfrastructureprotection

TSA revises and reissues cybersecurity requirements for pipeline owners and operators

Agency News, Industry News, Transport sector

The Transportation Security Administration (TSA) announced the revision and reissuance of its Security Directive regarding oil and natural gas pipeline cybersecurity. This revised directive will continue the effort to build cybersecurity resiliency for the nation’s critical pipelines.

Developed with extensive input from industry stakeholders and federal partners, including the Department’s Cybersecurity and Infrastructure Security Agency (CISA), the reissued security directive for critical pipeline companies follows the directive announced in July 2021. The directive extends cybersecurity requirements for another year, and focuses on performance-based – rather than prescriptive – measures to achieve critical cybersecurity outcomes.

“TSA is committed to keeping the nation’s transportation systems safe from cyberattacks. This revised security directive follows significant collaboration between TSA and the oil and natural gas pipeline industry. The directive establishes a new model that accommodates variance in systems and operations to meet our security requirements,” said TSA Administrator David Pekoske. “We recognize that every company is different, and we have developed an approach that accommodates that fact, supported by continuous monitoring and auditing to assess achievement of the needed cybersecurity outcomes. We will continue working with our partners in the transportation sector to increase cybersecurity resilience throughout the system and acknowledge the significant work over the past year to protect this critical infrastructure.”

Following the May 2021 ransomware attack on a major pipeline, TSA issued several security directives mandating that critical pipeline owners and operators implement several urgently needed cybersecurity measures. In the fourteen months since this attack, the threat posed to this sector has evolved and intensified. Reducing this national security risk requires significant public and private collaboration.

Through this revised and reissued security directive, TSA continues to take steps that protect transportation infrastructure from evolving cybersecurity threats. TSA also intends to begin the formal rulemaking process, which will provide the opportunity for the submission and consideration of public comments.

The reissued security directive takes an innovative, performance-based approach to enhancing security, allowing industry to leverage new technologies and be more adaptive to changing environments. The security directive requires that TSA-specified owners and operators of pipeline and liquefied natural gas facilities take action to prevent disruption and degradation to their infrastructure to achieve the following security outcomes:

- Develop network segmentation policies and controls to ensure that the Operational Technology system can continue to safely operate in the event that an Information Technology system has been compromised and vice versa;
- Create access control measures to secure and prevent unauthorized access to critical cyber systems;
- Build continuous monitoring and detection policies and procedures to detect cybersecurity threats and correct anomalies that affect critical cyber system operations; and
- Reduce the risk of exploitation of unpatched systems through the application of security patches and updates for operating systems, applications, drivers and firmware on critical cyber systems in a timely manner using a risk-based methodology.

Pipeline owners and operators are required to:

- Establish and execute a TSA-approved Cybersecurity Implementation Plan that describes the specific cybersecurity measures the pipeline owners and operators are utilizing to achieve the security outcomes set forth in the security directive.
- Develop and maintain a Cybersecurity Incident Response Plan that includes measures the pipeline owners and operators will take in the event of operational disruption or significant business degradation caused by a cybersecurity incident.
- Establish a Cybersecurity Assessment Program to proactively test and regularly audit the effectiveness of cybersecurity measures and identify and resolve vulnerabilities within devices, networks, and systems.

These requirements are in addition to the previously established requirement to report significant cybersecurity incidents to CISA, establish a cybersecurity point of contact and conduct an annual cybersecurity vulnerability assessment.

Leave a comment , , ,

Australian Government Invites Feedback on Critical Technologies

Cyber Security CII sector, Health & Social Care, Industry News, Power/Energy/Oil & Gas sector, Space Sector, Telecomms sector, Transport sector

The Australian Federal Government will begin consulting businesses, researchers and the community at large to identify critical technologies of national importance.

The List of Critical Technologies in the National Interest will clarify technologies the government considers to be vital to present and future demands.

The 2022 List of Critical Technologies in the National Interest will build on the 2021 List, which featured 63 technologies across seven categories including:

- Advanced materials and manufacturing
- AI, computing and communications
- Biotechnology, gene technology and vaccines
- Energy and environment
- Quantum; Sensing, timing and navigation
- Transportation, robotics and space

The consultation will run until Friday 30 September.

Federal Minister for Industry and Science, Ed Husic, said it is vital for Australia’s continued and future prosperity that emerging and critical technologies are promoted and protected.

“We know the development of critical technologies present enormous potential opportunities as well as risks for Australians,” Mr Husic said.

“It is vital we understand and send a clear signal about what technologies we should be focusing on and where our strengths lie – and that is exactly what this consultation is all about.”

The Federal Government has promised to invest $1 billion into critical technologies through its National Reconstruction Fund and will aim to reach 1.2 million tech industry jobs by 2030.

“This work is also part of our goal to reach 1.2 million tech jobs by 2030, as well as securing our supply chains and promoting Australia as a secure destination of excellence for investment, development and adoption of critical technologies,” Mr Husic said.

“The Government is also investing $1 billion in critical technologies as part of the National Reconstruction Fund, to build our strategic capability and power the economic growth we need to create jobs.”

Leave a comment ,

China loses hydropower As drought dries up Yangtze River

Industry News, Power/Energy/Oil & Gas sector

No rain and a 70-day heat wave spur crop failures, power cuts, and dangerously-low reservoirs across parts of China.

A historic drought in the southwest of China is drying up rivers, intensifying forest fires, damaging crops, and severely curtailing electricity in a region highly dependent on hydropower.

The Yangtze River, the third largest in the world, has dropped to half its average water levels, affecting shipping routes, limiting drinking water supplies, causing rolling blackouts, and even exposing long-submerged Buddhist statues. Some 66 rivers across 34 counties in Chongqing were dried up. The province of Sichuan, which gets more than 80 percent of its energy from hydropower, cut or limited electricity to thousands of factories in an effort to “leave power for the people.” Poyang Lake, the largest freshwater lake in China, is just a quarter of its normal size for this time of year.

China issued its first national drought alert in nine years. Rainfall in the Yangtze River Basin is down 45 percent from last July, the lowest it has been since 1961.

Sichuan is a major manufacturing hub and the curbing of electricity to factories has had global impacts, affecting suppliers of Toyota, Volkswagen, Tesla, Intel and Apple, as well as pesticide and solar panel manufacturers. Companies have been asked to continue rationing electricity. Toyota has slowly resumed operations using a generator; Tesla asked the government of Shanghai to ensure that its suppliers received enough power, saying it faced shortages of components as plants scaled back production. Other areas that source power from Sichuan have also made cuts, including Shanghai, China’s largest city, which turned off decorative lighting as a symbolic gesture.

Drought’s impact on the agriculture sector has also been severe, with thousands of acres of crops damaged in Sichuan and the neighboring Hubei province. In response, the Chinese government discharged water from several large upstream reservoirs, and the Ministry of Agriculture said it will try to artificially increase rainfall through cloud seeding, as well as spray crops with a water-retaining agent.

[Source: UNDRR]
Leave a comment , , ,

Cyber Attack on Greece’s Gas Operator

Industry News, Power/Energy/Oil & Gas sector

A group of cyber extortionists called Ragnar Locker claimed responsibility for the recent cyber-attack against the National Gas System Operator (DESFA) in Greece.

DESFA announced that it had suffered a cyber-attack on part of its IT infrastructure, which resulted in a “confirmed impact on the availability of certain systems and the possible leakage of a number of files and data.”

DESFA is responsible for the operation, management, exploitation, and development of the National Natural Gas System and its interconnections.

The statement said that IT services were proactively deactivated to limit any potential spillage and to investigate the incident while ensuring the adequate operation of the national gas supply system at all entry and exit points of the country without any complications.

The FBI has linked the Ragnar Locker group to attacks on at least fifty-two organizations and companies related to critical infrastructure in the US over the last two years.

Leave a comment , , ,

DOE Announces $45 Million for Power Grid Cyber Resilience

Agency News, Industry News, Power/Energy/Oil & Gas sector

The U.S. Department of Energy (DOE) has announced $45 million to create, accelerate, and test technology that will protect the electric grid from cyber attacks.

Cyber threats to American energy systems can shut down critical energy infrastructure and disrupt energy supply, the economy, and the health of American consumers. Cybersecurity remains a priority as clean energy technologies deployed on the grid become highly automated.

Earlier this year, Supervisory Special Agent Ted P. Delacourt, a federal civilian working in the Mission Critical Engagement Unit of the Cyber Division at the Federal Bureau of Investigation, wrote that a cyber attack on one critical infrastructure sector may initiate a failure in another or cascade to the entire interconnected critical infrastructure network.

“The ubiquitous nature of these critical infrastructure sectors and the distribution of their physical and networked assets across a wide geographical area, often spanning the entire country, make them attractive targets,” Delacourt wrote for HSToday. “State, non-state, and criminal actors continually seek victims of opportunity across all critical infrastructure sectors for monetary and strategic gain.”

Delacourt warned that cyber attacks on critical infrastructure will continue to grow in number and frequency and continue to escalate in severity.

Combined with the additional grid upgrades funded in the Bipartisan Infrastructure Law and the Inflation Reduction Act, the latest DOE announcement means the United States will have an opportunity to build greater cyber defenses into its energy sector. The $45 million funding announced on August 17 will support up to 15 research, development, and demonstration (RD&D) projects that will focus on developing new cybersecurity tools and technologies designed to reduce cyber risks for energy delivery infrastructure. Building strong and secure energy infrastructure across the country is a key component of reaching President Biden’s goal of a net-zero carbon economy by 2050.

“As DOE builds out America’s clean energy infrastructure, this funding will provide the tools for a strong, resilient, and secure electricity grid that can withstand modern cyberthreats and deliver energy to every pocket of America,” said U.S. Secretary of Energy Jennifer M. Granholm. “DOE will use this investment to continue delivering on the Biden Administration’s commitment to making energy cheaper, cleaner, and more reliable.”

DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) will fund up to 15 research projects that will establish or strengthen existing research partnerships with energy sector utilities, vendors, universities, national laboratories, and service providers working toward resilient energy delivery systems. The effort will lead to the creation of next-generation tools and technologies designed to reduce cyber incident disruption to energy delivery. Researchers will aim to develop tools and technologies that enable energy systems to autonomously recognize a cyber attack, attempt to prevent it, and automatically isolate and eradicate it with no disruption to energy delivery.

There are six proposed topic areas for the projects, which include:

- Automated Cyber Attack Prevention and Mitigation: This topic area will focus on tools and technologies that enable energy systems to autonomously recognize and prevent cyber attacks from disrupting energy.
- Security and Resiliency by Design: This topic area will focus on tools and technologies that build cybersecurity and resilience features into technologies through a cybersecurity-by-design approach.
- Authentication Mechanisms for Energy Delivery Systems: This topic area will focus on tools and technologies that strengthen energy sector authentication.
- Automated Methods to Discover and Mitigate Vulnerabilities: This topic area will focus on tools and technologies that address vulnerabilities in energy delivery control system applications.
- Cybersecurity through Advanced Software Solutions: This topic area will focus on developing software tools and technologies that can be tested in a holistic testing environment that includes a development feedback cycle.
- Integration of New Concepts and Technologies with Existing Infrastructure: This topic area will require applicants to partner with energy asset owners and operators to validate and demonstrate cutting-edge cybersecurity technology that can be retrofitted into existing infrastructure.

[source: HS Today]
Leave a comment , , ,

UNODC improves Port Security in Rodrigues Island, Mauritius in the Indian Ocean

Agency News, Transport sector

Rodrigues is an autonomous outer island of the Republic of Mauritius, located in the Indian Ocean between the African and Asian continents with an estimated population of 43,538 people.

In line with the United Nation’s Office on Drugs and Security (UNODC) Strategic Vision for Africa 2030, under investment area 3 ‘Protecting Africa’s Resources and Livelihoods’ UNODC conducted a 10 - day extensive training on Port Security with officials from Mauritius Port Security.

The training equipped participants with relevant skills and modern techniques to combat Maritime Crimes and improve port security. Overall, this will also contribute to attainment of the United Nation’s Sustainable Development Goal 14 on Life Below Water, targeting Sustainable Management and Protection of Marine and Coastal Ecosystems.

“It’s not a secret to anybody that transnational organized maritime crime poses a significant threat to the national security with implication on public safety and economic activities. Now all those crimes are increasingly committed using more sophisticated means whereby offenders are constantly exploring all means to improve their crime. We are in the urgency to get ourselves prepared to face the challenges. This training comes at the right moment” says Raphael Jean Maxcy, Police Sergeant and Assistant Officer in Charge of National Coast Guard, Rodrigues.

Leung Kei, Administrative officer at Port Associated Portage Operations, Lighterage and Cargo Services (PAPOL & C.S) quips, “The training will help me a lot in my daily work mainly in port security. It has opened our eyes so that in the future we know how to deal with all security matters at the port. Although we do not have big cases of insecurity, at the depot where clients come to pick their delivery, we must be very vigilant now as drug trafficking is becoming popular in Rodrigues, little by little”.

Leave a comment , ,

Southeast Asia Flash Flood Guidance System Launched

Agency News, Water sector

The Southeast Asia Flash Flood Guidance System (SeAFFGS) has been officially launched, ushering in the prospect of improved early warnings for a major natural hazard, which accounts for a significant portion of the lives lost and property damages due to flooding in the region.

Under a new agreement, the SeAFFGS will be operated by the Viet Nam Meteorological and Hydrological Administration (VNMHA), which is providing effective flash flood guidance and forecasts within Viet Nam and will act as the regional center covering Cambodia, Lao PDR, and Thailand, providing forecast products, data, and training.

The new regional centre will strengthen the World Meteorological Organization’s global Flash Flood Guidance System network, which now covers 67 countries and is a key plank in WMO’s campaign to ensure that Early Warning services reach everyone in the world in the next five years.

Flash floods claim the lives of thousands of people every year and have big social, economic and environmental impacts. Southeast Asia has a tropical monsoon climate and is one of the regions heavily affected by hydrological disasters such as flood, flash floods and landslides. It has long been recognized that the development and implementation of a flash flood forecasting system would greatly enhance public safety.

Accurate and timely warning of flash floods enables the mandated national authorities to undertake appropriate measures, thereby supporting them to protect the population at risk from their disastrous effects.A Memorandum of Understanding was signed at a ceremony at WMO headquarters on 8 August, formally designating VNMHA as the SeAFFGS Regional Centre and underlining mutual commitment to improve hydrological activities and early warnings across Southeast Asia.

“After 5 years of hard works and remarkable efforts, a flash flood guidance system in South East Asia was officially established which I believe will save a lot of lives and reduce significant damage cost for the region. The MOU signing ceremony today marks a very important milestone for the Southeast Asia community in general and for Vietnam in particular to enhance resilience to disasters,” said Professor Tran Hong Thai, VNMHA Administrator.

Dr Wenjian Zhang, Assistant Secretary-General of WMO said the Regional Centre would play a critical role in the overall functioning of the SeAFFGS project, strengthening collaboration and increasing the capacity of participating National Meteorological and Hydrological Services to provide timely and accurate forecasts and warnings of hydrometeorological hazards. He spoke on behalf of WMO Secretary-General Prof. Petteri Taalas.

The SeAFFGS has been developed under the project “Building Resilience to High-Impact Hydrometeorological Events through Strengthening Multi-Hazard Early Warning Systems (MHEWS) in Small Island Developing States (SIDS) and Southeast Asia (SEA)”, which is funded by the Government of Canada (Environment and Climate Change Canada – ECCC), and implemented by the World Meteorological Organization and the Hydrologic Research Center (HRC), while National Oceanic and Atmospheric Administration (NOAA) is a satellite data provider into the System.
Flash flood guidance system for Southeast Asia

Following the signing of the MoU, the Regional Centre now carries the responsibility of, maintaining the server used for SeAFFGS and securing File Transfer Server to exchange data and information, provision of capacity-building initiatives and to facilitate effective coordination among members involved in SeAFFGS.

Flash floods differ from river floods in their short time scales and occurrence on small spatial scales, which makes flash flood forecasting a different challenge from large-river flood forecasting. In flash floods forecasting, we are concerned foremost with the forecast of occurrence, and herein focus on two causative events: 1) intense rainfall; and 2) rainfall on saturated soils. Flash floods occur throughout the world, and the development times vary across regions from minutes to several hours depending on the land surface, geomorphological and hydrometeorological characteristics of the region. However, for the majority of these areas, there exists no formal process or capacity for developing flash flood warnings.

Leave a comment , ,

Revised Regulation for Trans-European Energy Infrastructure

Agency News, Industry News, Power/Energy/Oil & Gas sector

The Union’s energy infrastructure should be upgraded in order to prevent technical failure and to increase its resilience against such failure, natural or man-made disasters, adverse effects of climate change and threats to its security.

The Union’s energy infrastructure should be resilient to the unavoidable impacts that climate change is expected to create in Europe in spite of the mitigation efforts. Hence, strengthening the efforts on climate adaptation and mitigation, resilience building, disaster prevention and preparedness is crucial.

The development of trans-European energy infrastructure should take into account, where technically possible and most efficient, the possibility of repurposing existing infrastructure and equipment.

The nine priority corridors cover different geographic regions in the field of electricity, gas and oil infrastructure. EU support for development in these corridors will connect regions currently isolated from European energy markets, strengthen existing cross-border interconnections, and help integrate renewable energy.

The EU Strategy for Energy System Integration also underlined the need for integrated energy infrastructure planning across energy carriers, infrastructures, and consumption sectors. Such system integration starts from the point of departure of applying the energy efficiency first principle and taking a holistic approach in policy and beyond individual sectors.

Leave a comment ,

Political agreement on new rules to enhance the resilience of critical entities

Agency News, Industry News, Power/Energy/Oil & Gas sector, Telecomms sector, Transport sector

As a key part of the EU's work to build a Security Union, the new rules will strengthen the resilience of critical infrastructure to a range of threats, including natural hazards, terrorist attacks, insider threats, or sabotage, as well as public health emergencies like the recent COVID-19 pandemic.

Against an ever more complex risk landscape, the new Directive replaces the European Critical Infrastructure Directive of 2008. A wider sectoral scope will allow Member States and critical entities to better address interdependencies and potential cascading effects of an incident. Eleven sectors will be covered: energy, transport, banking, financial market infrastructures, health, drinking water, wastewater, digital infrastructure, public administration, space, and food.

Vice-President for Promoting our European Way of Life, Margaritis Schinas, said: “It is essential to shield our economy and our society against physical threats that could disrupt services that are vital for people's daily lives and for the functioning of our internal market. With today's agreement, we are delivering on our commitment to enhance the resilience of critical infrastructure in the EU, complementing the recently strengthened cybersecurity legislation. Together, these new rules form a coherent and robust system to protect our infrastructure online and off”.

Commissioner for Home Affairs, Ylva Johansson, said: “In the light of the current geopolitical situation in Europe, enhancing our resilience is of key importance. The CER Directive will make us better prepared against disruptions that impact the security of our citizens and the prosperity of the internal market, following the lessons learnt from the pandemic and long-term challenges like climate change. The new Directive will ensure the provision of essential services such as energy, transport, water and healthcare while minimising the impact of natural and man-made incidents”.

The proposal introduces new rules to strengthen the resilience of critical entities:

- Member States will need to adopt a national strategy and carry out regular risk assessments to identify entities that are considered critical or vital for the society and the economy.
- Critical entities will need to carry out risk assessments of their own, take technical and organisational measures to enhance their resilience and notify incidents. They will also be able to request background checks on personnel holding sensitive roles.
- Critical entities in the EU, from the sectors covered, providing essential services in six Member States or more, will benefit from extra advice on how best to meet their obligations to assess risks and take resilience-enhancing measures.
- A Critical Entities Resilience Group will facilitate cooperation among Member States and the exchange of information and good practices.
- An enforcement mechanism will help ensure that the rules are followed: Member States will need to ensure that national authorities have the powers and means to conduct on-site inspections of critical entities. Member States will also introduce penalties in case of non-compliance.
- Member States will need to provide support to critical entities in enhancing their resilience with, for instance, guidance material. The Commission will provide complementary support to Member States and critical entities, by developing a Union-level overview of cross-border and cross-sectoral risks, best practices, methodologies, cross-border training activities and exercises to test the resilience of critical entities, among others.

Next steps

The political agreement reached by the European Parliament and the Council is now subject to formal approval by the co-legislators. Once published in the Official Journal, the Directive will enter into force 20 days after publication. Member States will then need to transpose the elements of the Directive into national law within 21 months.

Leave a comment , , , ,

New EU Regulation on Gas Storage

Agency News, Power/Energy/Oil & Gas sector

New storage legislation adopted will strengthen the EU's security of gas supply in view of the upcoming and next winters. Faced with the threat of supply disruptions by Russia, the EU Gas Storage Regulation requires that Europe's gas reserves are refilled before the winter, and their management protected from outside interference. In particular, the new rules will require the EU Member States to fill storage facilities to 80% of capacity by November this year – and to 90% in the years after.

The rules were adopted in record time thanks to the Parliament and Council's readiness to examine the legislative proposal as a matter of urgency, against the backdrop of Russia's war against Ukraine.

Welcoming the adoption at the Energy Council in Luxembourg, Commissioner for Energy, Kadri Simson, said: I would like to pay tribute to the positive and constructive approach that the Parliament and Council have shown on this proposal. This is an important statement of EU unity, determination and speed of action in the face of the Kremlin's moves to weaponise their gas exports. It is now crucial that we press on with meeting the new storage targets and step up our preparedness in case the situation further deteriorates.”

Under the new legislation, the 18 Member States with underground gas storage facilities are required to fill 80% of their storage capacity by 1 November – and are encouraged to aim for 85%. In the coming years, the target will be 90%. Member States without storage infrastructure are required to agree bilateral arrangements for sufficient quantities to be stored for their use in neighbouring countries, in a spirit of solidarity. Gas storage facilities will now be considered critical infrastructure and all storage operators in the EU will have to go through a new certification process to reduce the risks of outside interference.

Leave a comment , ,
1 8 9 10 11 12 30