Tag Archive for: scheme

A PLI scheme to defend power grids from Chinese cyber attacks

/in


NEW DELHI : The Union government is looking to introduce a production-linked incentive (PLI) scheme for power transmission and distribution equipment, two officials aware of the plans said, as part of India’s push for greater self-reliance in strategic sectors.

This comes against the backdrop of India trying to curb the use of Chinese power equipment, given the cyberattacks on its grid, including from Red Echo, a Chinese state-sponsored group.

While these attempts were thwarted, if successful, such attempts may lead to blackouts, impacting services such as water supply, telecom infrastructure, hospitals, airports and metro rail networks.

The government has already enforced prior permission requirements for imports from countries with which it has a conflict.

“The PLI scheme for power transmission and distribution equipment is in the works,” one of the two officials cited above said, requesting anonymity.

You might also like

Walmart will boost Flipkart with $3bn to challenge rivals

Why Reliance investors remain unimpressed

After Sep quarter show, ITC’s stock is still lit 

India has rolled out PLI schemes for 14 sectors with a total outlay of 2 trillion. This includes a 24,000 crore…

Source…

Singapore extends cyber security labelling scheme to medical devices

/in


The Cyber Security Agency of Singapore (CSA) is extending the Cybersecurity Labelling Scheme (CLS) to medical devices used by hospitals in a bid to shore up the security of internet of things (IoT) devices used in healthcare settings.

Noting that devices are now increasingly connected to hospital and home networks, providing benefits such as real-time monitoring of health status, the CSA said the growing connectivity could increase security risks and compromise patients’ personal information, clinical data or treatment protocols, ultimately affecting patient health outcomes.

Under the CLS for medical devices (CLS MD), which was developed together with the Ministry of Health, Health Sciences Authority (HSA) and Integrated Health Information Systems, medical devices are rated based on four levels of cyber security provisions.

Each level corresponds to the level of testing and assessment that the product has undergone. For a start, all HSA-registered medical devices in Singapore are deemed to be compliant with CLS (MD) Level 1, as the registration requirements by the HSA have already incorporated the baseline cyber security requirements defined in Level 1.

For the higher levels in the scheme, a formal consultation with the medical device industry and associations will be held in the coming month to seek feedback on their proposed requirements, including the timeline for implementation. More details on the industry consultation and CLS (MD) registration will be announced later.

Through the new scheme, CSA hopes to incentivise manufacturers to adopt a security-by-design approach to develop more secure products for the medical device industry. The scheme will also enable consumers and healthcare providers to make informed decisions about the use of devices, as they can identify products according to their cyber security provisions.

The CLS was first launched in 2020 to provide different levels of cyber security ratings to help users make informed choices about the security features of the smart devices they purchase. As of October 2022, more than 200 products – ranging from routers to smart lighting to smart cameras – have been awarded the CLS label.

Separately, Singapore…

Source…

Singapore rolls out cyber security certification scheme

/in


Singapore’s Cyber Security Agency (CSA) has launched a new cyber security certification scheme to recognise organisations with good cyber security practices.

Comprising two cyber security marks, Cyber Essentials and Cyber Trust, the scheme was developed in consultation with certification practitioners, technology providers and trade associations, taking into consideration the organisational profiles and operational needs of enterprises in Singapore.

Cyber Essentials is aimed at helping small and medium-sized enterprises (SMEs), which tend to have limited cyber security resources, adopt cyber security measures to protect their systems, such as data backups, access controls and incident response.

For larger firms, Cyber Trust will provide a risk-based approach to help them understand their risk profiles and identify relevant cyber security preparedness areas required to mitigate security risks.

This is done through five cyber security preparedness tiers that correspond to an organisation’s risk profile, with each tier comprising 10 to 22 domains such as governance, cyber education, information asset protection and cyber security resilience, among others.

Led by CSA and the Singapore Standards Council (SSC) with support from the Infocomm Media Development Authority, the preparedness tiers are part of a Technical Reference (TR) on cyber security standards which is expected to be published in the second quarter of 2022.

CSA said the new two cyber security marks do not certify the cyber security of specific products or services. Rather, they certify the cyber security measures adopted by an organisation.

In rolling out the certification programme, CSA has appointed eight independent certification bodies for enterprises applying for either Cyber Essentials or Cyber Trust. While the security marks are not mandatory, CSA said it will work with industry partners, such as trade associations and business groups to encourage adoption.

David Koh, chief executive of CSA, said the security certification scheme is timely and that companies could be required to demonstrate their cyber security to provide greater assurance to their customers. “Having the certification reflects the…

Source…

U.S. Law Enforcement Charges Russian Nationals In Global Energy Hacking Scheme

/in


The Department of Justice unsealed charges brought against four Russian nationals who are accused of working for the Russian government while simultaneously attempting to hack into the online infrastructure of the global energy sector.

In two indictments, the defendants are accused of hacking thousands of computers across hundreds of companies and firms in 135 individual countries participating within the energy industry.

“Russian state-sponsored hackers pose a serious and persistent threat to critical infrastructure both in the United States and around the world,” said Deputy Attorney General Lisa O. Monaco. “Although the criminal charges unsealed today reflect past activity, they make crystal clear the urgent ongoing need for American businesses to harden their defenses and remain vigilant.”

The prosecutors allege that three officers of Russia’s Federal Security Service and other co-conspirators targeted software systems in the global energy sector to give the Russian government the ability to compromise the overall industry.

One indictment alleges that Pavel Aleksandrovich Akulov, 36, Mikhail Mikhailovich Gavrilov, 42, and Marat Valeryevich Tyukov, 39, of engaging in a two-part hacking attempt to further the Russian state agenda, targeting international oil and gas companies between 2012 and 2017. They allegedly targeted hardware and software devices that control power generation equipment. 

The hacking infected legitimate software updates with malware to provide a “backdoor” entrance for hackers to access infected networks. 

The second phase involved targeting individuals and engineers with spearphishing attacks—some of which were successful—and infecting sites commonly visited by energy sector engineers with malware.

The defendants are charged with conspiracy to cause damage to the property of an energy facility and commit computer fraud and abuse, and conspiracy to commit wire fraud. Akulov and Gavrilov are also charged with multiple counts of wire fraud and illegally obtaining information stored on computer networks. Akulov and Gavrilov also face three counts of aggravated identity theft.

In the second indictment, Evgeny Viktorovich Gladkikh, 36, is accused of…

Source…