Tag: criticalinfrastructureprotection

Information Technologies for Managing Federal Use

Agency News, Industry News, Transport sector

Radio-frequency spectrum is a scarce natural resource vital to many commercial and government activities, including weather observation, air traffic control, and national defense. NTIA and government agencies have a responsibility to manage their spectrum use wisely. To do so, agencies rely on different spectrum-related IT, but NTIA has recently highlighted that existing IT is out-of-date and hinders spectrum management.

Federal officials said modernization of spectrum-related federal IT could provide benefits such as greater sharing of the limited spectrum and improved efficiency. For example, the current process for assigning spectrum relies on manual reviews of frequency requests and manual input of data. Automation could reduce errors and speed the process.

The FY21 NDAA contains a provision for GAO to review the current spectrum-related IT of covered agencies. This report describes (1) the existing spectrum-related IT that covered agencies employ to manage their spectrum use, and (2) the opportunities covered agencies and NTIA identified for improving spectrum management through IT modernization. The FY21 NDAA also contains a provision for GAO to conduct oversight of the implementation of agencies' spectrum-related IT modernization plans. This topic will be the subject of future GAO work.

Federal agencies use a variety of information technologies (IT) to manage their use of radio-frequency spectrum. The William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021 (FY21 NDAA) required the National Telecommunications and Information Administration (NTIA) and covered agencies to develop plans to modernize their spectrum-related IT (i.e., the software, databases, and other tools that comprise their spectrum infrastructure).

Currently, the NTIA provides agencies with some spectrum-related IT systems, such as software, databases, and engineering tools, so that they can participate in NTIA's spectrum management processes. These processes include assigning frequencies for agencies to use and certifying spectrum-dependent equipment. GAO found that all 20 agencies covered by the FY21 NDAA modernization requirement rely at least in part on NTIA-provided IT to manage their spectrum use. Additionally, most of these agencies—DOD and the Federal Aviation Administration, in particular—augment NTIA-provided IT with additional spectrum-related IT that meets their unique mission needs.

Many of the officials GAO interviewed broadly agreed that modernizing spectrum-related IT could provide opportunities to improve spectrum management, mostly related to the following: (1) improving current spectrum management processes by addressing some limitations in existing spectrum-related IT and (2) facilitating the potential for greater spectrum sharing (i.e., enabling more than one spectrum user to use the same frequency band without interfering with each another). As NTIA and the covered agencies advance their modernization efforts in 2022, it is not yet clear if their plans will target these opportunities.

 

Leave a comment , ,

Critical Infrastructure Protection: Agencies Need to Assess Adoption of Cybersecurity Guidance

Agency News, Cyber Security CII sector, Health & Social Care, Industry News, Power/Energy/Oil & Gas sector, Space Sector, Telecomms sector, Transport sector, Water sector

Federal agencies with a lead role to assist and protect one or more of the nation's 16 critical infrastructures are referred to as sector risk management agencies (SRMAs). The SRMAs for three of the 16 have determined the extent of their sector's adoption of the National Institute of Standards and Technology's (NIST) Framework for Improving Critical Infrastructure Cybersecurity (framework). In doing so, lead agencies took actions such as developing sector surveys and conducting technical assessments mapped to framework elements. SRMAs for four sectors have taken initial steps to determine adoption (see figure). However, lead agencies for nine sectors have not taken steps to determine framework adoption.

Status of Framework Adoption by Critical Infrastructure Sector

Regarding improvements resulting from sector-wide use, five of the 16 critical infrastructure sectors' SRMAs have identified or taken steps to identify sector-wide improvements from framework use, as GAO previously recommended. For example, the Environmental Protection Agency identified an approximately 32 percent overall increase in the use of framework-recommended cybersecurity controls among the 146 water utilities that requested and received voluntary technical assessments. In addition, SRMAs for the government facilities sector identified improvements in cybersecurity performance metrics and information standardization resulting from federal agencies' use of the framework. However, SRMAs for the remaining 11 sectors did not identify improvements and were not able to describe potential successes from their sectors' use of the framework.

SRMAs reported various challenges to determining framework adoption and identifying sector-wide improvements. For example, they noted limitations in knowledge and skills to implement the framework, the voluntary nature of the framework, other priorities that may take precedence over framework adoption, and the difficulty of developing precise measurements of improvement were challenges to measuring adoption and improvements. To help address challenges, NIST launched an information security measurement program in September 2020 and the Department of Homeland Security has an information network that enables sectors to share best practices. Implementing GAO's prior recommendations on framework adoption and improvements are key factors that can lead to sectors pursuing further protection against cybersecurity threats.

The U.S. has 16 critical infrastructure sectors that provide clean water, gas, banking, and other essential services. To help protect them, in 2014 the National Institute of Standards and Technology developed cybersecurity standards and procedures that organizations within these sectors may voluntarily use. Federal agencies are charged with leading efforts to improve sector security.

The GAO have found agencies have measured the adoption of these standards and procedures for 3 of 16 sectors and have identified improvements across 2 sectors. For example, the EPA found a 32% increase in the use of recommended cybersecurity controls at 146 water utilities.

Leave a comment , ,

2021 Trends Show Increased Globalized Threat of Ransomware

Agency News, Cyber Security CII sector, Industry News

In 2021, cybersecurity authorities in the United States, Australia, and the United Kingdom observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally. The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) observed incidents involving ransomware against 14 of the 16 U.S. critical infrastructure sectors, including the Defense Industrial Base, Emergency Services, Food and Agriculture, Government Facilities, and Information Technology Sectors. The Australian Cyber Security Centre (ACSC) observed continued ransomware targeting of Australian critical infrastructure entities, including in the Healthcare and Medical, Financial Services and Markets, Higher Education and Research, and Energy Sectors. The United Kingdom’s National Cyber Security Centre (NCSC-UK) recognizes ransomware as the biggest cyber threat facing the United Kingdom. Education is one of the top UK sectors targeted by ransomware actors, but the NCSC-UK has also seen attacks targeting businesses, charities, the legal profession, and public services in the Local Government and Health Sectors.

Ransomware tactics and techniques continued to evolve in 2021, which demonstrates ransomware threat actors’ growing technological sophistication and an increased ransomware threat to organizations globally.

This joint Cybersecurity Advisory—authored by cybersecurity authorities in the United States, Australia, and the United Kingdom—provides observed behaviors and trends as well as mitigation recommendations to help network defenders reduce their risk of compromise by ransomware.

Full report can be downloaded here >>

Leave a comment , ,

FEMA Resources for Climate Resilience

Agency News, Industry News, Power/Energy/Oil & Gas sector, Telecomms sector, Transport sector, Water sector

As climate change increases disaster risks across the country, emergency managers and government officials are beginning to implement strategies to build community resilience. FEMA Resources for Climate Resilience provides a roadmap of Federal Emergency Management Agency (FEMA) programs and initiatives that advance community climate resilience. FEMA Resources for Climate Resilience assists FEMA’s state, local, tribal, and territorial (SLTT) partners in navigating the FEMA resources that are available to support communities in mitigating impacts of climate change.

Building resilience is a long-term, ongoing cycle that requires multiple steps to accomplish. Each section of the FEMA Resources for Climate Resilience corresponds with a step in that cycle and provides information about FEMA services, programs, and grants available to SLTT partners. Each SLTT partner has a unique experience with FEMA and has participated in different elements of the resilience cycle. SLTT partners with limited FEMA experience may choose to start from the beginning of FEMA Resources for Climate Resilience, while other SLTT partners may navigate directly to their program of choice.

Each section of FEMA Resources for Climate Resilience provides a brief description of the program, service, or grant, an overview of who can apply, examples of the FEMA programs in action, and helpful tools and resources for learning more about the program, service, or grant. In addition, where applicable, FEMA Resources for Climate Resilience also points out areas where equity can be prioritized. FEMA Resources for Climate Resilience explains how existing tools, such as the National Risk Index (Risk Index), can assist SLTT governments and their communities, right now, in making informed planning decisions including considerations of impacts from future weather conditions.

FEMA Resources for Climate Resilience also provides a quick glance at FEMA funding sources, such as the Building Resilient Infrastructure and Communities (BRIC) program, designed to support communities in building capability and capacity to mitigate the increasing impacts of climate change.

FEMA Resources for Climate Resilience is available to download at https://www.fema.gov/sites/default/files/documents/fema_resources-climate-resilience.pdf

Leave a comment , ,

DHS Issues National Terrorism Advisory System (NTAS) Bulletin

Agency News, Industry News, Power/Energy/Oil & Gas sector, Telecomms sector, Transport sector

The Secretary of Homeland Security Alejandro N. Mayorkas has issued a National Terrorism Advisory System (NTAS) Bulletin regarding the continued heightened threat environment across the United States. This is the fifth NTAS Bulletin issued by the Department of Homeland Security since January 2021.

“DHS remains committed to proactively sharing timely information and intelligence about the evolving threat environment with the American public,” said Secretary Alejandro N. Mayorkas. “We also remain committed to working with our partners across every level of government and in the private sector to prevent all forms of terrorism and targeted violence, and to support law enforcement efforts to keep our communities safe. This NTAS Bulletin outlines the key factors that have increased the volatility, unpredictability, and complexity of the current threat environment, and highlights resources for individuals and communities to stay safe.”

The United States remains in a heightened threat environment fueled by several factors, including an online environment filled with false or misleading narratives and conspiracy theories, and other forms of mis- dis- and mal-information (MDM) introduced and/or amplified by foreign and domestic threat actors. These threat actors seek to exacerbate societal friction to sow discord and undermine public trust in government institutions to encourage unrest, which could potentially inspire acts of violence. Mass casualty attacks and other acts of targeted violence conducted by lone offenders and small groups acting in furtherance of ideological beliefs and/or personal grievances pose an ongoing threat to the nation.

While the conditions underlying the heightened threat landscape have not significantly changed over the last year, the convergence of the following factors has increased the volatility, unpredictability, and complexity of the threat environment: (1) the proliferation of false or misleading narratives, which sow discord or undermine public trust in U.S. government institutions; (2) continued calls for violence directed at U.S. critical infrastructure; soft targets and mass gatherings; faith-based institutions, such as churches, synagogues, and mosques; institutions of higher education; racial and religious minorities; government facilities and personnel, including law enforcement and the military; the media; and perceived ideological opponents; and (3) calls by foreign terrorist organizations for attacks on the United States based on recent events.

DHS and the Federal Bureau of Investigation (FBI) continue to share timely and actionable information and intelligence with the broadest audience possible. This includes sharing information and intelligence with our partners across every level of government and in the private sector. Under the Biden-Harris Administration, DHS is prioritizing combating all forms of terrorism and targeted violence, including through its efforts to support the first-ever National Strategy for Countering Domestic Terrorism. Since January 2021, DHS has taken several steps in this regard, including:

  • established a new domestic terrorism branch within DHS’s Office of Intelligence and Analysis dedicated to producing sound, timely intelligence needed to counter domestic terrorism-related threats;
  • launched the Center for Prevention Programs and Partnerships (CP3) to provide communities with resources and tools to help prevent individuals from radicalizing to violence;
  • designated domestic violent extremism as a “National Priority Area” within DHS’s Homeland Security Grant Program for the first time, resulting in at least $77 million being spent on preventing, preparing for, protecting against, and responding to related threats nationwide;
  • provided $180 million in funding to support target hardening and other physical security enhancements to non-profit organizations at high risk of terrorist attack through DHS’s Nonprofit Security Grant Program (NSGP);
  • increased efforts to identify and evaluate MDM, including false or misleading narratives and conspiracy theories spread on social media and other online platforms, that endorse violence; and,
  • enhanced collaboration with public and private sector partners – including U.S. critical infrastructure owners and operators – to better protect our cyber and physical infrastructure and increase the Nation’s cybersecurity through the Department’s Cybersecurity and Infrastructure Security Agency (CISA).

DHS also has renewed its commitment to ensure that all efforts to combat domestic violent extremism are conducted in ways consistent with privacy protections, civil rights and civil liberties, and all applicable laws.

This NTAS Bulletin will expire on June 7, 2022. This NTAS Bulletin provides the public with information about the threat landscape facing the United States, how to stay safe, and resources and tools to help prevent an individual’s radicalization to violence. The public should report any suspicious activity or threats of violence to local law enforcement, FBI Field Offices, or a local Fusion Center.

Leave a comment , ,

TXOne Networks Publishes In-Depth Analysis of Vulnerabilities Affecting Industrial Control Systems

Cyber Security CII sector, Industry News

TXOne Networks, a global leader in OT zero trust and Industrial IoT (IIoT) security, has published its 2021 Cybersecurity Report which focuses on the vulnerabilities that can affect ICS environments. TXOne Networks' threat researchers conducted in-depth analysis of ICS-affecting vulnerabilities using the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) for ICS, a globally-accessible knowledge base of adversary tactics and techniques found in cyber attacks on ICS environments. The results of this Cybersecurity Report enable TXOne Networks to show cyber threat and research trends from 2021 and previous years that will affect the industrial control system (ICS) environment in 2022. One important observation from the report is that cyber attacks on critical infrastructure can be resisted and made significantly easier to repel by applying the OT zero trust methodology, which includes device inspection, preserving critical applications and services, network segmentation, and virtual patching.

The focus of TXOne Networks' Cybersecurity Report lies especially on the analysis of so-called Common Vulnerabilities and Exposures (CVEs) that can affect ICS environments. These industry-critical vulnerabilities are identified each year by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). The MITRE ATT&CK for ICS matrix used by TXOne Networks gives an overview of "tactics" (malicious actors' goals during an attack) as well as the specific "techniques" malicious actors will use to accomplish their goals.

2021's ICS-CERT advisories

ICS-CERT advisories are published when an ICS vulnerability is released that attackers could use to cause harm. According to the Cybersecurity Report, the number of advisories dramatically increased in 2021. There were 389 advisories published, which, compared with 2020's number of 249, shows the largest year-to-year growth in the history of the ICS-CERT program. The ever-increasing number of CVEs affecting ICS environments highlights the near-impossibility of comprehensively addressing each specific vulnerability.

2021 also saw fundamental changes in the methods favored by cyber attackers, as well as more advanced and destructive supply chain attacks than ever before. Known recently-active ransomware groups include Maze, Lockbit, REvil, and DarkSide, though their activity levels can vary.

CVEs affecting ICS environments

By taking a closer look at vulnerabilities in ICS-CERT advisories from 2017 to 2021 classified by affected sector, a huge spike in vulnerabilities affecting Critical Manufacturing clearly stands out - 59.8% of CVEs identified in 2021 advisories are considered critical or high-risk.

While Critical Manufacturing is obviously in the lead, the Cybersecurity Report also shows a spike in CVEs which can be used to affect multiple sectors. Both attackers and researchers are likely to take more interest in these kinds of vulnerabilities in 2022 and 2023, because attackers can potentially exploit the same vulnerability across different kinds of operational environments.

"Our analysis of the 613 CVEs identified in advisories in 2021 that are likely to affect Critical Manufacturing environments shows that 88.8% of them might be leveraged by attackers to create an impact and cause varying degrees of disruption to ICS equipment and the environment," said Dr. Terence Liu, CEO of TXOne Networks. "For ICS environments, impact is a critical concern that includes damage or disruption to finances, safety, human lives, the environment, and equipment."

Supply Chain and Work Site Security

According to the Cybersecurity Report, while ICS-CERT shows information about CVEs that is immediately useful and necessary, it might be missing some information that can streamline the process of addressing them. More complete information provided by the National Vulnerability Database (NVD) can be critical in the creation of Software Bills of Materials (SBOMs) and the prevention of supply chain attacks, but almost 25% of CVEs take more than 3 months to reach this stage of documentation.

This underscores some crucial points. First, from a security point of view, no organization can depend on one source for cybersecurity information. In other words, ICS cybersecurity is a group effort that can't be effectively accomplished without comparing multiple sources of information. Second, due to an extended timeline for information availability, organizations can't rely on vendor patches or even released research to secure operations.

Leave a comment , ,

Germany Broadens Definition of ‘Critical Infrastructures’

Cyber Security CII sector, Industry News, Power/Energy/Oil & Gas sector, Telecomms sector, Transport sector

The second amendment of the Ordinance on the Designation of Critical Infrastructures under the BSI Act entered into effect on January 1, 2022. Such amendment broadens the definition of “critical infrastructures,” which are of particular relevance for Germany’s foreign direct investment screening regime.

This amendment follows the latest update (the 17th amendment) to the Foreign Trade and Payments Ordinance (Außenwirtschaftsverordnung, AWV) which entered into effect on May 1, 2021. Such amendment materially expanded the catalogue of sectors of particular relevance to Germany’s order and security[1] and introduced more differentiated thresholds.

In addition, since May 28, 2021, a mandatory foreign direct investment (FDI) filing is triggered if the German target business develops or manufactures certain IT components which are used in critical infrastructures (so-called critical components).

The second amendment of the Ordinance on the Designation of Critical Infrastructures under the BSI Act (BSI-KritisV or Law) comprehensively revises the definitions and thresholds required to designate critical infrastructures (energy, water, nutrition, IT and telecommunication, health, finance and insurance, and transport and traffic). The following amendments of the Law will likely have the most significant impact on German FDI screening, further increasing the number of notifications to the German Ministry of Economics and Climate Action:

Definition of a “Facility”: The concept of a “facility” is generally an essential prerequisite for the assumption of a critical infrastructure under the BSI-KritisV. In addition to premises and other fixed installations, machinery, equipment, and other mobile installations, the updated “facility” definition now also explicitly includes software and IT services necessary for the provision of a critical service for the operation of a critical infrastructure. Relevant software and IT services do not need to be specially developed for the operation of critical infrastructures to fall in the scope of the updated “facility” definition. This may result in third-party IT and software service providers being designated as operators of a critical infrastructure.
Energy Sector: The thresholds for power plants to be considered a critical infrastructure were lowered from 420 megawatts to 104 megawatts. Further, the updated BSI-KritisV introduces new categories of facilities (trading systems and facilities relevant for the trade of gas or petroleum) and also lowers the existing threshold for trading systems and facilities relevant for the trade of electricity from 200 terawatt-hours to 3.7 terawatt-hours per year.
IT and Telecommunication Sector: The Law reduces the existing thresholds for internet exchange points (IXPs)—number of connected autonomous systems (annual average)—from 300 to 100, as well as the thresholds for computer centers/housing—contractually agreed installed power in megawatts—from 5 megawatts to 3.5 megawatts.
Health Sector: The Law introduces a new facility category, the so-called “laboratory information network”. A laboratory information network is a network of facilities or systems that provide IT services for diagnosis and therapy control in human medicine for at least one laboratory.
Finance and Insurance Sector: The Law introduces new facility categories related to the trading in securities and derivatives. These concern systems for generating orders for trading securities and derivatives and forwarding them to a trading venue exceeding 6,750,000 transactions per year; trading systems (as defined in Article 4 number 24 of Directive 2014/65/EU) exceeding 850,000 transactions per year; and other depository management systems exceeding 6,750,000 transactions per year.
Transport Sector: The Law introduces new facility categories—for instance, air and port traffic control centers, port information systems, and others.

The amendment of the Law will increase the number of businesses designated to be operators of a critical infrastructure. The Federal Ministry of Interior and Community estimated in this respect that the number of operators of critical infrastructures will increase from a total of approximately 1,600 to a total of approximately 1,870.

Operators of critical infrastructures are primarily subject to the obligations of the BSI-KritisV, in particular, notification of IT security breaches. In addition, the broadened definition of critical infrastructures may increase the number of mandatory notifiable transactions under the German FDI provisions. Foreign investors should therefore factor this into their diligence efforts when considering the acquisition of voting rights in German domiciled companies.

[Source: Morgan Lewis]
Leave a comment ,

How is the Federal Government Approaching Climate Resilience?

Agency News, Industry News, Transport sector

Extreme weather events—like wildfires, hurricanes, and some winter storms—threaten the stability of critical infrastructure that we rely on every day. This includes systems like roads, electric grids, supply chains, as well as how this infrastructure is used for military operations. The projected impact of climate change on these critical infrastructures is a key source of federal fiscal exposure because of the size of the federal government’s investment and states’ increasing reliance on the federal government for disaster assistance.

This past year may go on record as one of the most active and costly years for extreme weather events. As of Oct. 8, there have been 18 such events, each with losses exceeding $1 billion, according to the National Centers for Environmental Information. Disaster costs are projected to increase as certain extreme weather events become more frequent and intense due to climate change—as observed and projected by the U.S. Global Change Research Program and the National Academies of Sciences, Engineering, and Medicine.

One way to reduce long-term risk to people and property from natural hazards is to enhance climate resilience. Enhancing climate resilience means taking actions to reduce potential future losses by planning and preparing for potential climate hazards, such as extreme rainfall, sea level rise, and drought. The Administration is taking some actions through various climate-related Executive Orders, and we are monitoring implementation of these emerging efforts.

As our climate continues to change, experts say this trend of larger, more costly weather events will also continue. Today’s WatchBlog post looks at some of our work on federal climate-resilience activities.

Climate-resilient public infrastructure

Every year, the federal government spends billions of dollars to maintain buildings, levees, and roads. This cost could grow as certain weather-related events that cause damage increase in frequency and intensity.

For instance, if roads are flooded from dangerous amounts of rainfall or hurricanes, routes used for emergency evacuations can become unsafe and require costly repairs. Road damage due to climate-related changes may even cost up to $20 billion annually by the end of the century, according to the 2018 Fourth National Climate Assessment.

Over the last decade, the Federal Highway Administration (FHWA), which is part of the Department of Transportation (DOT), has developed policies, provided technical assistance, and funded climate-resilience research as part of its efforts to address climate change's impacts on roadways.

In our September report we found that some states were planning, or already made, changes to their infrastructure using FHWA resources. For example, in Maryland authorities raised a bridge by two feet in anticipation of rising sea levels. While some improvements have been made, more can be done to enhance the climate resiliency of federally funded roads. We identified 10 options for DOT to consider. For example, DOT could provide information to states on best practices and how to include climate projections into road planning and design.

DOT agreed to consider our options when prioritizing climate-resilience actions.

Climate-resilient electricity grid

Severe weather is also expected to impact nearly every aspect of the electricity grid—including the generation, transmission, distribution, and demand for electricity. Extreme-weather events could cost billions—from power outages to infrastructure damage—and leave people without access to electricity.

In February 2021, dangerously cold weather spread into Texas causing increased demand for electricity, and about 4.5 million people lost power.

In August 2021, Hurricane Ida resulted in at least a million people, across three states, without electricity and left seven people dead.

How can we better protect the electricity grid?

Although private companies own much of the electricity grid, the federal government is a key player in promoting its resiliency. Since 2014 the Department of Energy (DOE) and the Federal Energy Regulatory Commission (FERC) have taken steps to improve grid resilience, such as partnering with utilities and collecting information on weather-related risks to grid operations. However, DOE still doesn’t have an overall strategy to guide its climate-resiliency efforts despite recognizing the risks. Additionally, FERC hasn’t identified or assessed weather-related risks to the grid.

In a March 2021 report, we recommended that DOE develop a department-wide strategy to enhance grid resilience, and FERC identify and asses risks to the grid and plan a response.

[Source: GAO]
Leave a comment ,

Recommendations for the Implementation of an EU Strategy on Technology Infrastructures

Agency News, Cyber Security CII sector, Industry News

As technology infrastructures (TIs) are critical enablers for the European research, development and innovation ecosystems, the European Commission’s Joint Research Centre (JRC) and the European Association of Research and Technology Organisations (EARTO) recommend a pan-European, agile and sustainable environment for their development, accessibility and governance, within the framework of a dedicated EU strategy.

The key role of TIs in RD&I Ecosystems

TIs are (physical or virtual) facilities and equipment, such as demonstrators, testbeds, piloting facilities and living labs, capable of building bridges between science and the market.

They are mostly created, managed, maintained and upgraded by not-for-profit Research Performing Organisations (mainly Research and Technology Organisations – RTOs, and Technical Universities – TUs), which require dedicated and significant resources and competences.

TIs are open to a wide range of public and private users, large and small, collaborating with TI managers to jointly develop and integrate innovative technologies into new products, processes, and services.

Examples  of  technology  infrastructures  include  facilities  to  develop  electrolyser stacks,  biogas  plants,  clean-room  facilities  for  chip  production,  test  areas  for automated shipping or road traffic safety solutions, wind tunnels, testbeds for multi-functional nano-composites, multi-material 3D printing, thermo-plastics and industrial robotics.

Technology Infrastructures are major building blocks for Europe to deliver on its ambitions of making successful transitions to a sustainable, digital and resilient industry and society.

Industry’s innovation capacity, productivity and international competitiveness heavily depend on possibilities to develop, test, validate and upscale new technological solutions at an ever-faster pace.

Towards an EU strategy for technology infrastructures

A European Commission Staff Working Document on TIs published in 2019 recommended the development of an EU Strategy for Technology Infrastructures building on the experience and the framework of the European Strategy for Research Infrastructures (ESFRI) with its own specificities.

In this context, the JRC and EARTO launched a joint project on TIs to gather evidence and highlight the common specificities of TIs across Europe, assess the challenges they face over their whole lifecycle, and identify how their capacity could be further leveraged.

The JRC and EARTO have just published an analysis of the main strategic elements that would ensure an effective and sustainable management of an integrated landscape for TIs at the European level:

  • Combining and completing the existing repositories and mappings of TIs at EU level, covering both TIs’ locations and the services and facilities they offer, could be used to enable a better understanding of the TIs’ landscape by policymakers and users, foster accessibility to TIs, and create connections between complementary TIs.
  • Roadmapping of future needs for capital expenditure (CAPEX) investments in TIs should be organised with a sectorial value-chain and bottom-up approach, with the involvement of TIs’ stakeholders, by identifying the future needs for TIs in existing roadmaps linked to current EU instruments and actions (e.g. European Partnerships, European Research Area (ERA) Industrial Technology Roadmaps).
  • Setting up a mechanism to draw from sectorial roadmaps and prioritise investments in TIs at European level and/or to coordinate and synchronise national/regional TIs’ roadmaps in strategic sectors would be valuable to maximise the use of public funds.
  • Creating an agile Advisory Board will be necessary to operationalise the prioritisation of investments and the coordination of national/regional TIs’ roadmaps. The board should be composed of Member States experts responsible for TIs within national ministries, as well as relevant stakeholders including RTOs, technical universities, and industry (large and small).
  • TIs need to be developed and upgraded at the same fast pace as the technologies and the products that are developed and tested. A strengthened and clearer pathway of grant-based public support for CAPEX investments for the creation and upgrade of TIs, as well as creating synergies for more structural support at European, national, and regional levels would be essential, as the current funding landscape is very scattered. The support for the creation of new TIs should be designed in complementarity with the support for the upgrade of existing ones, taking a balanced approach between the two.
  • Pan-European accessibility to TIs should be facilitated by fostering the use of TIs in competitively funded projects at EU level, defining harmonised principles for access to TIs, and adopting a one-stop-shop approach in specific value-chains.
  • Creating thematic networks of TIs with a value-chain approach would enable to better integrate and structure the European landscape for TIs, foster capacity building across regions, and spread excellence and expertise to overcome the European innovation divide. Dedicated support and funding for network orchestration activities is needed to explore the full potential of TIs’ networks.
Leave a comment , ,

Pipeline Safety: Manufacturing Defects in Pipeline Components Rarely Contribute to Accidents

Agency News, Industry News, Power/Energy/Oil & Gas sector

Almost 350,000 miles of interstate gas and hazardous liquid transmission pipelines transport products across the U.S. The quality of individual components used in constructing these pipelines is critical to protect life, property, and the environment.

The GAO reviewed data on the quality of fittings, flanges, and valves on interstate transmission pipelines, and found that manufacturing defects rarely contribute to accidents. For instance, such defects contributed to less than 2% of all accidents between 2016-2020. They caused zero deaths or hospitalizations, and spilled fewer gallons of hazardous liquid (on average) than other types of accidents.

Manufacturing defects involving certain pipelines components—specifically fittings, flanges, and valves—accounted for less than 2 percent (23 of 1,529) of all accidents on gas and hazardous liquid interstate transmission pipelines from 2016 through 2020, according to GAO's analysis of Pipeline and Hazardous Materials Safety Administration (PHMSA) data. During this period, none of the reported 10 fatalities or 24 injuries requiring in-patient hospitalizations were related to accidents involving such defects. The amount of product released was also lower than average for all accidents that GAO reviewed. For example, accidents involving manufacturing defects in these pipeline components resulted in the spillage of 69 barrels of hazardous liquid on average, compared to an average release of 242 barrels for all accidents. Many selected stakeholders GAO interviewed also said that manufacturing defects in pipeline components rarely contribute to accidents.

All selected operators GAO interviewed described taking a number of steps to design, inspect, and test pipeline components to ensure quality prior to placing the components into service. Many of these selected operators described taking steps above PHMSA's minimum safety standards. For example, some operators described conducting inspections of manufacturers' processes or requiring manufacturers to maintain voluntary management and design certifications. According to these selected operators, these actions help ensure that manufacturers have the skills and expertise to construct high-quality pipeline components. While selected operators generally did not describe additional testing steps, many of these operators and other stakeholders agreed that defects are often identified during the testing of components. Specifically, PHMSA generally requires that operators conduct a hydrostatic test—whereby the pipeline is pressurized to a level above the normal operating pressure—to ensure the integrity of the pipe and components prior to the pipeline being placed in service.

The U.S. pipeline network includes almost 350,000 miles of interstate gas and hazardous liquid transmission pipelines that operate at high pressures and transport products across the country. The integrity of individual components used in constructing these pipelines is critical to protect life, property, and the environment. These components include fittings to accommodate changes in terrain or direction of the pipe; flanges to connect pipes and other equipment together; and valves to help control the flow and pressure of product in the pipe.

Within the U.S. Department of Transportation, PHMSA sets and enforces the federal minimum pipeline safety standards for pipelines and pipeline facilities, including for the design and manufacture of components. The minimum safety standards apply to owners and operators of pipeline facilities rather than the manufacturers of components.

Due to potential concerns about the manufacturing process for pipeline components, GAO was asked to review the quality of fittings, flanges, and valves on interstate transmission pipelines. This report describes: (1) the extent to which manufacturing defects in pipeline components have contributed to accidents from 2016 through 2020, and (2) the actions selected pipeline operators have taken to ensure the quality of components manufactured for their pipelines.

GAO analyzed PHMSA's accident data on interstate transmission pipelines for gas and hazardous liquid—including number, item involved, cause, related fatalities and injuries, and amount of product released—from 2016 through 2020, the most recent 5-year period for which data were available. GAO assessed the reliability of the data by reviewing PHMSA reports and interviewing PHMSA officials, among other things, and found the data to be sufficiently reliable to describe the frequency in which manufacturing defects contributed to reportable pipeline accidents.

GAO also reviewed relevant pipeline safety statutes and regulations, including those addressing the safety of pipeline components. GAO interviewed officials from PHMSA and the National Transportation Safety Board, as well as representatives from 10 pipeline operators, six industry associations, four pipeline manufacturers, three standards-setting organizations, and one safety group. GAO selected operators that manage interstate transmission pipelines, but vary in size (number of pipeline miles managed); commodities transported (i.e., natural gas and hazardous liquids); accident history; and geographic location. GAO selected the remaining stakeholders based on, among other things, inclusion in prior GAO reports, recommendations from stakeholders, or references in PHMSA's regulations.

Leave a comment , ,
1 13 14 15 16 17 30