Tag: criticalinfrastructureprotection

UK joins international cyber agency partners to release supply chain guidance

Agency News, Cyber Security CII sector, Industry News

THE UK and its international partners have today (Wednesday) issued advice to IT service providers and their customers as part of wider efforts to protect organisations in the wake of Russia’s invasion of Ukraine.

The joint advisory from the National Cyber Security Centre (NCSC) – a part of GCHQ – and its partners sets out a series of practical steps for managed service providers (MSPs) and their customers.

The advisory has been issued alongside the US’s Cybersecurity and Infrastructure Security Agency (CISA), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NZ NCSC), National Security Agency (NSA), and Federal Bureau of Investigation (FBI).

It is being released on the second day of the NCSC’s CYBERUK conference in Wales, which a number of these partners are attending.

MSPs provide IT support to their customers in various ways, for example through software or cyber security services, and in order to do so they are granted privileged access to a customer’s network.

This can create opportunities for attackers, who can gain access to an organisation’s network by compromising their MSPs.

One of the most significant examples of these supply chain attacks was that carried out in 2020 against US software company Solarwinds, which impacted customers throughout the world.

Organisations are being encouraged to consider the advisory, Protecting Against Cyber Threats to Managed Service Providers and their Customers, in conjunction with guidance from the NCSC and others in relation to the heightened tensions as a result of events in Ukraine.

NCSC CEO Lindy Cameron said:

“We are committed to further strengthening the UK’s resilience, and our work with international partners is a vital part of that.

“Our joint advisory with international partners is aimed at raising organisations’ awareness of the growing threat of supply chain attacks and the steps they can take to reduce their risk.”

CISA Director Jen Easterly said:

“I strongly encourage both managed service providers and their customers to follow this and our wider guidance – ultimately this will help protect not only them but organisations globally.

“As this advisory makes clear, malicious cyber actors continue to target managed service providers, which is why it’s critical that MSPs and their customers take recommended actions to protect their networks.

“We know that MSPs that are vulnerable to exploitation significantly increases downstream risks to the businesses and organisations they support. Securing MSPs are critical to our collective cyber defense, and CISA and our interagency and international partners are committed to hardening their security and improving the resilience of our global supply chain.”

Abigail Bradshaw CSC, Head of the Australian Cyber Security Centre, said:

“Managed Service Providers are vital to many businesses and as a result, a major target for malicious cyber actors.

“These actors use them as launch pads to breach their customers’ networks, which we see are often compromised through ransomware attacks, business email compromises and other methods. Effective steps can be taken to harden their own networks and to protect their client information. We encourage all MSPs to review their cyber security practices and implement the mitigation strategies outlined in this Advisory.”

Sami Khoury, Head, Canadian Centre for Cyber Security, said:

“We’ve seen the damage and impact cyber compromises can have on supply chains, managed service providers, and their customers.

“These compromises can result in costly mitigation activities and lengthy downtime for clients. We strongly encourage organizations to read this advisory and implement these guidelines as appropriate.”

Lisa Fong, Director of NZ NCSC, said:

“Supply chain vulnerabilities are amongst the most significant cyber threats facing organisations today.

“As organisations strengthen their own cyber security, their exposure to cyber threats in their supply chain increasingly becomes their weakest point. Organisations need to ensure they are implementing effective controls to mitigate the risk of cyber security vulnerabilities being introduced to their systems via technology suppliers such as managed service providers. They also need to be prepared to effectively respond to when issues arise.”

Rob Joyce, Director NSA, said:

“This joint guidance will help MSPs and customers engage in meaningful discussions on the responsibilities of securing networks and data.

“Our recommendations cover actions such as preventing initial compromises and managing account authentication and authorization.”

Bryan Vorndran, Cyber Division Assistant Director FBI, said:

“Through this joint advisory, the FBI, together with our federal and international partners, aims to encourage action by MSPs and their customers, as malicious cyber actors continue to target this vector for entry to threaten networks, businesses, and organisations globally.

“These measures and controls should be implemented to ensure hardening of security and minimise potential harm to victims.”

A range of steps are set out for MSPs and their customers in the latest advisory, including:

Organisations should store their most important logs for at least six months, given incidents can take months to detect.
MSPs should recommend the adoption of multi-factor authentication (MFA) across all customer services and products, while customers should ensure that their contractual arrangements mandate the use of MFA on the services and products they receive.
Organisations should update software, including operating systems, applications, and firmware, and prioritise the patching of known exploited vulnerabilities.

The advisory makes clear that organisations should implement these guidelines as appropriate to their unique environments, in accordance with their specific security needs, and in compliance with applicable regulations.

Leave a comment , ,

NSA Issues Recommendations to Protect VSAT Communications

Agency News, Cyber Security CII sector, Industry News

The National Security Agency (NSA) updated its Cybersecurity Advisory (CSA) today for securing very small aperture terminal (VSAT) networks, “Protecting VSAT Communications.” The advisory aims to help organizations understand how communications may be at risk of compromise and how they can act to reduce risk.

The recent U.S. and European Union public statements noted the Russian military launched cyber attacks against commercial satellite communications to disrupt Ukrainian command and control in February 2022. This cyber activity against Ukraine further underscores the risk to VSAT communications for both espionage and disruption.

A number of U.S. government missions use VSAT networks for remote communications when other options are not feasible. However, VSAT communication links were not built with security in mind — often resulting in traffic being sent unencrypted.

NSA recommends government VSAT networks, such as those designated as National Security Systems (NSS) and ones used by Defense Industrial Base (DIB) organizations, enable all available transmission security protections on VSAT networks. NSA also recommends encrypting all communications prior to transmitting across VSAT links, keeping hardware and firmware updated, and changing any default credentials before use.

Leave a comment , ,

Disaster Resilience: Opportunities to Improve National Preparedness

Agency News, Industry News, Water sector

Each year, disasters such as hurricanes and wildfires affect hundreds of American communities. The federal government provides billions of dollars to individuals and communities that have suffered damages. According to the U.S. Global Change Research Program, extreme weather events are projected to become more frequent and intense in parts of the U.S. as a result of changes in the climate. Investments in disaster resilience can reduce the overall impact of future disasters and costs.

This testimony discusses GAO reports issued from 2015 through 2021 on disaster preparedness and resilience. This includes FEMA's National Preparedness System and associated grants; hazard mitigation grant programs; and GAO's Disaster Resilience Framework for identifying opportunities to enhance resilience. The statement also describes actions taken to address GAO's prior recommendations through March 2022.

GAO has evaluated federal efforts to strengthen national preparedness and resilience and identified opportunities for improvement in several key areas:

FEMA Efforts to Strengthen National Preparedness. The Federal Emergency Management Agency (FEMA)—the lead agency for disaster preparedness, response, and recovery—assesses the nation's emergency management capabilities and provides grants to help state, local, tribal, and territorial governments address capability gaps. In May 2020, GAO found that FEMA and jurisdictions have identified emergency management capability gaps in key areas such and recovery and mitigation. GAO recommended that FEMA determine steps needed to address these capability gaps. FEMA agreed and plans to develop an investment strategy that aligns resources with capability gaps.

FEMA's Hazard Mitigation Grant Programs. In February 2021, GAO found that state and local officials faced challenges with FEMA's hazard mitigation grant programs. Specifically, officials GAO interviewed from 10 of 12 selected jurisdictions said grant application processes were complex and lengthy. This could discourage investment in projects that would enhance disaster resilience. FEMA officials said they intended to identify opportunities to streamline, but did not have a plan for doing so. GAO recommended that FEMA develop such a plan. FEMA agreed and is in the process of doing so.

Identifying Opportunities to Enhance Disaster Resilience. In October 2019, GAO issued a framework to guide analysis of federal actions to promote resilience to natural disasters and changes in the climate. For example, the framework can help identify options to address government-wide challenges that are of a scale and scope not addressed by existing programs.

Leave a comment , ,

Defense Cybersecurity: Protecting Controlled Unclassified Information Systems

Agency News, Cyber Security CII sector, Industry News

DOD computer systems contain vast amounts of sensitive data, including CUI that can be vulnerable to cyber incidents. In 2015, a phishing attack on the Joint Chiefs of Staff unclassified email servers resulted in an 11-day shutdown while cyber experts rebuilt the network. This affected the work of roughly 4,000 military and civilian personnel.

In response to Section 1742 of the William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021, in June 2021 DOD submitted a report to the Congress on cybersecurity of CUI. The report discussed the extent to which DOD had implemented selected cybersecurity requirements across the department. The act included a provision for GAO to review DOD's report, and GAO has continued to monitor the department's subsequent progress.

This report describes 1) the status of DOD components' implementation of selected CUI cybersecurity requirements; and 2) actions taken by DOD CIO to address the security of CUI systems.

GAO's review focused on the department's approximately 2,900 CUI systems. GAO examined relevant CUI cybersecurity requirements and data from DOD information technology tools. Also, GAO analyzed documentation such as relevant DOD cybersecurity policies and guidance on monitoring the implementation of cybersecurity requirements, and interviewed DOD officials.

The Department of Defense (DOD) has reported implementing more than 70 percent of four selected cybersecurity requirements for controlled unclassified information (CUI) systems, based on GAO's analysis of DOD reports (including a June 2021 report to Congress) and data from DOD's risk management tools. These selected requirements include (1) categorizing the impact of loss of confidentiality, integrity, and availability of individual systems as low, moderate, or high; (2) implementing specific controls based in part on the level of system impact; and (3) authorizing these systems to operate. As of January 2022, the extent of implementation varied for each of the four requirement areas. For example, implementation ranged from 70 to 79 percent for the cybersecurity maturity model certification program DOD established in 2020, whereas it was over 90 percent for authorization of systems to operate.

DOD is not required to implement all 266 security controls. In some cases, a specific security control may not be applicable to a particular system due to its function. Also, there are some systems for which the authorizing officials may need to implement security controls that are in addition to the 266 identified as moderate-impact for confidentiality because of the type of information that is stored or transmitted in that system.

As the official responsible for department-wide cybersecurity of CUI systems, the DOD Office of the Chief Information Officer (CIO) has taken recent action to address this area. Specifically, in October 2021 the CIO issued a memorandum on implementing controls for CUI systems. The memo identified or reiterated requirements that CUI systems must meet. These included requiring additional supply chain security controls and reiterating that all CUI systems have valid authorizations to operate. In addition, the CIO reminded system owners of the March 2022 deadline for all DOD CUI systems to implement necessary controls and other requirements. The Office of the CIO has been monitoring DOD components' progress in meeting this deadline.

Leave a comment , ,

CISA Call with Critical Infrastructure Partners on Potential Russian Cyberattacks Against the US

Agency News, Cyber Security CII sector, Industry News

The Cybersecurity and Infrastructure Security Agency convened a three-hour call with over 13,000 industry stakeholders to provide an update on the potential for Russian cyberattacks against the U.S. homeland and answer questions from a range of stakeholders across the nation.

As President Biden noted, evolving intelligence indicates that the Russian Government is exploring options to conduct potential cyberattacks against the United States. CISA echoed the President’s warning on the call and reinforced the urgent need for all organizations, large and small, to act now to protect themselves against malicious cyber activity.

On the three-hour call, CISA Director Jen Easterly, Deputy Executive Assistant Director for Cybersecurity Matt Hartman, and Tonya Ugoretz, Deputy Assistant Director for the FBI’s cyber division, encouraged organizations of all sizes to have their Shields Up to cyber threats and take proactive measures now to mitigate risk to their networks. They encouraged those on the line to visit CISA.gov/Shields-Up to take action to protect their organizations and themselves and urged all critical infrastructure providers to implement the mitigation guidelines enumerated on CISA.gov/Shields-Up, including:

- Mandate the use of multi-factor authentication on your systems to make it harder for attackers to get onto your system;
- Update the software on your computers and devices to continuously look for and mitigate threats;
- Back up your data and ensure you have offline backups beyond the reach of malicious actors;
- Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack;
- Encrypt your data;
- Sign up for CISA’s free cyber hygiene services; and
- Educate your employees to common tactics that attackers will use over email or through websites, and encourage them to report if their computers or phones have shown unusual behavior, such as unusual crashes or operating very slowly.

Director Easterly urged all organizations, regardless of size, to contact CISA immediately if they believe they may have been impacted by a cyber incident. When cyber incidents are reported quickly, CISA can use the information to render assistance and help prevent other organizations and entities from falling victim to a similar attack.

The event built on a series of briefings that CISA has been convening since late 2021 with U.S. Government and private sector stakeholders at both classified and unclassified levels. This outreach was provided to Federal Civilian Executive Branch Agencies, Sector Risk Management Agencies, private sector partners, state, local, tribal, and territorial (SLTT) governments, and international partners. To date, CISA has hosted or participated in more than 90 engagements reaching tens of thousands of partners.

Leave a comment , , ,

Security Industry world-wide preparing and bracing for the expected crime wave that may occur because of the Russian and Ukrainian affair

Cyber Security CII sector, Industry News

The pandemic resulted in an economic meltdown with crime related issues. The Russian and Ukrainian saga is a global threat because it impacts globally on the energy security. Oil and natural gas are the foundation to all costs for living. Besides such, Ukraine exports grains to many countries which will add and impact the cost of food such as cooking oil, bread and beer.

A second economic meltdown after the pandemic that initially lip-slapped the economy would be a massive blow to all financial sectors and industries.

Statement
Kunwar Singh, Chairman of CAPSI | Central Association for Private Security Industry states ‘’ the private security industry is larger than any military force in the world. The private security has the skills to manage the behaviour of the population. Furthermore, the industry has the skills, technology and equipment to find the crime and stop it more effectively. Simply put the security industry is providing more eyes on the ground therefore supporting the police in locating and catching criminals. The security industry must be acknowledged as a vital partner by the regulators’’.

CAPSI [Central Association for Private Security Industry], ISIO[International Security Industry Organization] and SASA (representing 9.15 million practitioners) call upon all security regulars world-wide to take certain steps to ensure a wider market for the legitimate traders. The regulators must protect the industry against illegitimate security companies and practitioners besides criminal elements that could attempt to penetrate the industry.

Learning from History
The economic meltdowns of the past recorded long lines of unemployed people and hungry people. The recent and current statistics related to the meltdown due to the pandemic affirm once again that many are jobless. Every country could be the same or their unique issues relating to the associated crime. One could deduce that whatever the stats were regardless of location, the levels of crime escalated. An example of recent demonstration and riots. These occurred in certain countries that experienced massive mobs against vaccinations.

In specific locations there were mass groups looting under the guise of a politically induced narrative. There were small mob attacks directed towards migrant owned small business besides increased number of pro-nationalist demonstrations on businesses that employ migrants under the banner ‘give the jobs to the citizens. The practitioner should consult their own crime statistics in their location and may be surprised at the escalation overall but pay attention to specific crime.

Possibilities of crime in this economic meltdown
The biggest threat on the ground would be the logistics. Gangs of people hijacking and theft of tankers carrying petrol, food and for that matter anything. These are soft targets on wheels carrying high value goods already without effective security systems. Any interruption in the logistic chain could cause chaos.

Each location and field of interest more than likely experience bribery and corruption of any kind for jobs. Consider expanding your crime research for such when considering the vulnerability landscape because this crime could lead to major reputational damage that obviously effects revenues.

Tony Botes of SASA |South African Security Association says, ’when a country has major job losses then desperate people can do anything. It is vital to protect the entire logistic chain from warehouses stocking all goods, the vehicles as well as the route because empty burnt trucks could shut the road for days causing high anxiety for the population.’

Profit Protect Clients and Security Companies
Clients should avoid reputational damage and lawsuits by using unlicensed security practitioners.
• When using an unlicensed security company then consider that there is no oversight and governance besides their staff being vetted. This could lead to organized or gang crime using the assets of the business for their needs or the staff adding to the loss of profits in some way or the other.

Avoid reputational damage by using professional companies
• When security companies cut rates to clients by cutting costs then they may not be training their staff properly or managing the site professionally. People carry phones that can record bad behaviour and social media could destroy reputations which could be costly.

False Alarms: Attending to false alarms costs money. AI (artificial intelligence) saves the client money because the technology is able to read and distinguish between a false and positive alarm.

Also, AI can
• notify appropriate people to respond thus not wasting money on irrelevant people that also cost money in transportation besides for their time.
• some perpetrators could be stopped before the crime is fully realized or caught quickly saving money and anxiety.
• reducing the percentage of budget for loss prevention
• AI could identify an individual perpetrator or mob formation and could activate counter measures to reduce the collateral damage and related costs.
• Using AI provides the opportunity to increase the number of security investigators that are focused on looking for crime or handling aggressive and violent behaviour and stopping it.
Avoid chaos: There are some sites that could experience specific issues because of the desperation of people. There are sites that could have a high probability of issues related that could demand for strategic security. Chaos can be expensive when the collateral damage is related to staff being hospitalized, assets destroyed or stolen besides the time needed to repair all besides the loss of revenue.
• The professional security company would ensure that the workforce at the entrance control is layered by specific skillsets to reduce the probability of aggressive and violent behaviour.
The economic meltdown can deliver a larger number of criminals and a wide scope of criminal methods on the stage and into the spotlight. This calls for heightened security measures. Criminals may attempt to penetrate buildings for nefarious reasons such as home invasions, burglary, rape, murder or kidnapping. It is costly dearly to emotionally repair people or replace assets.
• AI can assist using applications such as allowing entry to only recognized approved people on their own or escorting others. Obviously. all entry and exit points need to be covered.
• Stop tailgating entry by opportunistic perpetrators

Protect specific assets: The theft of company secrets could tremendously cost a company with loss of market share (money) without them knowing so.

Juan Kirsten of ISIO | International Security Industry Organization remarks that ‘’the security industry has had years of experience in using all types of security technology for example cctv and alarm systems. It is coincidental that AI has matured to the degree that it must be considered as vital tools to use for this threat on the ground. The vulnerability landscape can change speedily and dramatically that calls for devices such as drones, IoT, or software that can improve comprehending the situation and reacting accordingly and timeously’’

Leave a comment ,

Tackling Security Challenges in 5G Networks

Agency News, Cyber Security CII sector, Industry News, Telecomms sector

The EU Agency for Cybersecurity (ENISA) proposes good practices for the secure deployment of Network Function Virtualisation (NFV) in 5G networks.

Network Function Virtualisation is a new technology in 5G networks, which offers benefits for telecom operators in terms of flexibility, scalability, costs, and network management. However, this technology also introduces new security challenges.

The report released today supports national authorities with the implementation of the 5G toolbox, and in particular the recommendation for EU Member States to ensure that Mobile Network Operators follow security good practices for NFV. It explores the relevant challenges, vulnerabilities and attacks pertaining to NFV within the 5G network. It analyses the relevant security controls and recommends best practices to address these challenges and solutions, taking into account the particularities of this highly complex, heterogeneous and volatile environment.

How does it work?

Traditionally, mobile network functions have been implemented using dedicated hardware and networking equipment, built especially for telecom operators and their networks. Network Function Virtualisation is a new technology used in 5G networks to implement networking functions using software, therefore running virtually on top of standard server hardware or standard cloud platforms.

Applying network function virtualisation will therefore reduce the number of operations and maintenance costs.

60 security challenges were identified in the report and classified under 7 categories:

- Virtualisation or containerisation;
- Orchestration and management;
- Administration and access control;
- New and legacy technologies;
- Adoption of open source or COTS;
- Supply chain;
- Lawful interception (LI).

How do we address the security challenges

The report explores vulnerabilities, attack scenarios and their impact on the 5G NFV assets. The work includes a total of 55 best practices classified under Technical, Policy and Organisational categories.

Some of the key findings the report include:

- Resource virtualisation:
The virtualisation layer provides unified computing resources based on generalised hardware to the layers above and is the basis of all cloud-native and virtualised network functions and service software. If the virtualisation layer is breached, all network functions come under direct attack with disastrous consequences.

- Resource sharing:
A single physical server may run several different tenants' virtual resources (e.g. virtual machines (VMs) or containers), and a single tenant's virtual resource might be distributed across several physical servers. Multi-tenancy resource sharing and the breaking of physical boundaries introduce the risks of data leaks, data residue and attacks.

- Use of open source:
There will be increasing use of open-source software. This introduces a new set of security challenges in terms of keeping a consistent and coherent approach to security-by-design and prevention of deliberate security flaws.

- Multi-vendor environment:
In such environment, it remains difficult to coordinate security policies and determine responsibility for security problems and more effective network security monitoring capabilities are required.

NFV is an important technology in 5G and its security is critical for the overall security of the 5G networks, especially because 5G networks are underpinning critical infrastructures.

Leave a comment , , ,

Building cyber secure Railway Infrastructure

Agency News, Cyber Security CII sector, Industry News, Transport sector

The European Union Agency for Cybersecurity (ENISA) delivers a joint report with the European Rail Information Sharing and Analysis Center (ISAC) to support the sectorial implementation of the NIS Directive.

The report released is designed to give guidance on building cybersecurity zones and conduits for a railway system.

The approach taken is based on the recently published CENELEC Technical Specification 50701 and is complemented with a guidance to help railway operators with the practical implementation of the zoning process.

The work gathers the experience of the European Rail ISAC and of their members such as European infrastructure managers and railway undertakings, which are Operators of Essential Services (OES) as defined in the Security of Network and Information Systems (NIS) directive and is designed to help them implement the cybersecurity measures needed in the zoning and conduits processes.

A number of requirements are set, such as:

- Identification of all assets and of basic process demands;
- Identification of global corporate risks;
- Performing zoning;
- Checking threats.

A risk assessment process is developed based on standards for the identification of assets and the system considered, and for the partitioning of zones and conduits. The report also addresses the cybersecurity requirements in terms of documentation and suggests a step-by-step approach to follow.

The report is released on the occasion of the General Assembly meeting of the European Rail ISAC which is taking place today.

The EU Agency for Cybersecurity engages closely with the European Rail Agency (ERA) to support the railway sector and is to host a joint event with ERA later this year.

Leave a comment , ,

CREWS commits additional funding to strengthen Early Warning Systems in the Caribbean

Agency News, Industry News, Power/Energy/Oil & Gas sector, Water sector

Different and multiple hazards, such as severe weather conditions in land and at sea, droughts, hurricanes, floods, and earthquakes, pose a serious threat to the Caribbean, which is one of the most disaster-prone regions in the world. Combined, geological and hydro-meteorological hazards have affected more than 100 million people in the region, causing significant economic losses and casualties.

The development of Early Warning Systems has been identified by the Sendai Framework for Disaster Risk Reduction 2015–2030, the 2030 Agenda for Sustainable Development, and the Paris Agreement as a key pathway to prevent disasters and reduce the negative impacts of multiple hazards.

As defined by the UNDRR, Multi-hazard Early Warning Systems are "an integrated system of hazard monitoring, forecasting and prediction, disaster risk assessment, communication and preparedness activities systems and processes that enables individuals, communities, governments, businesses and others to take timely action to reduce disaster risks in advance of hazardous events".

The Climate Risk and Early Warning Systems Initiative (CREWS) is a mechanism that provides financial support to Least Developed Countries (LDCs) and Small Island Developing States (SIDS) to establish risk-informed early warning services, implemented by three partners, based on clear operational procedures. CREWS has recently donated an additional $1 million to support the project Strengthening Hydro-Meteorological and Early Warning Services in the Caribbean , which will be implemented by UNDRR in 2022.

The project aims to strengthen Early Warning Services (EWS) in the Caribbean and to articulate the response capacity of individuals, institutions, and communities through the development of a regional strategy to strengthen and streamline early warning and hydro-meteorological services. This includes developing appropriate approaches to risk-informed decision-making for EWS, identifying gaps in risk assessment at regional and national levels, and evaluating the resilience of already existing infrastructure such as forecasting centres, shelters, and National Meteorological and Hydrological Services. The project will also examine opportunities for building partnerships with the private sector and assess socio-economic benefits to ensure the sustainability of investments and activities.

This project aligns with the Sendai Framework and focuses on the implementation of target G, which aims to “substantially increase the availability of and access to multi-hazard early warning systems and disaster risk information and assessments to people by 2030”. The Sendai 7 campaign of the 2022 International Day for Disaster Risk Reduction will be focusing on this same target. Ensuring access to Multi -hazard Early Warning Systems in the Caribbean is regarded as a tool that enables individuals, communities, governments, businesses, and other stakeholders to take timely action to reduce disaster risk in advance of hazardous events.

This is also a matter of urgency, as disclosed in the Regional Assessment Report on Disaster Risk in Latin America and the Caribbean (RAR21), published last year: “In the short and medium term the occurrence of new mega-disasters in the region is almost inevitable given the extreme risk embedded there. It is therefore urgent to strengthen corrective and reactive management capabilities, especially early warning systems, preparedness and response.”

Leave a comment , , ,

Landmark IPCC report must be wake-up call for greater investment in disaster risk reduction

Agency News, Organisation Types, Transport sector, Water sector

Following the release of the IPCC Working Group II Report on Impacts, Adaptation and Vulnerability, Mami Mizutori, Special Representative of the UN Secretary-General for Disaster Risk Reduction, issued the following statement:

The findings of the latest IPCC report are dire. Communities around the world are being affected by climate change at a magnitude worse than expected. The devastating impacts of climate disasters are affecting every part of the world.

As the UN Secretary-General António Guterres said today “The IPCC report is an atlas of human suffering and a damning indictment of failed climate leadership.”

Many of the changes are at risk of becoming irreversible. On our current trajectory, the world is set to breach the 1.5 °C safe global temperature limit by the early 2030s, spiralling to dangerous levels of disaster risk. Almost half the human population is already in the danger zone

It is incomprehensible that we knowingly continue to sow the seeds of our own destruction, despite the science and evidence that we are turning our only home into an uninhabitable hell for millions of people.

Based on current trends, a record increase in medium and large-scale disasters is expected with droughts doubling, and extreme temperature events almost tripling to 2030. Overall, disaster events have doubled in the last 20 years compared to the previous 20 years. If countries and governments do not manage it properly and respond to the climate emergency with urgency, there’s a very real chance that we’ll see them double again.

Yet the world also has an opportunity to meet these challenges. At the Global Platform for Disaster Risk Reduction in Bali, Indonesia this May, organised by the UN and hosted by Indonesia, leaders will gather to discuss how to accelerate action for reducing these risks.

The IPCC report points to many solutions on improving regional and local information, providing sound data and knowledge for decision makers. This does work. Countries have succeeded in saving many lives through improved early warning systems and preparedness.

But climate disasters will undoubtedly worsen. There are very low levels of investments in disaster prevention and disaster risk reduction for the world’s most vulnerable countries on the front lines of impacts. We need to ramp up investment in disaster prevention if we are to cope with the exponential rise of disaster events in recent decades.

A crucial recommendation in the report today is the need for climate-resilient development – inclusive governance that embeds finance and actions across governance levels, sectors and timeframes.

Furthermore, all countries are impacted by climate change, but not in the same way. The most vulnerable communities and nations are the hardest hit, and need greater support on climate finance to adaptation and to avert, minimize and address losses and damages. This means increasing financing for climate change adaptation from tens to hundreds of million dollars.

We need to ensure that regulations and funding take into account disaster risk and that climate risk in financial markets is disclosed. Governments need to make disaster resilience a priority through dedicated funding to prevention.

Leave a comment , , ,
1 12 13 14 15 16 30