World Standards Day 2020: STANDARDS ARE ESSENTIAL TO PROTECT THE PLANET

On 14 October 2020, CEN, CENELEC and ETSI, the three official European Standardization Organizations, join the international standardization community in celebrating World Standards Day. By focusing on the environment, this year’s edition aims to raise awareness on the potential of standards to help tackle the climate crisis.

Read More...

ETSI releases the first Group Report on Encrypted Traffic Integration, protecting end users from malicious attacks

Sophia Antipolis, 1 September 2021

ETSI’s Industry Specification Group on Encrypted Traffic Integration (ISG ETI) has concluded the early part of its work, by identifying problems arising from pervasive encrypted traffic in communications networks.

Read More...

Sophia Antipolis, 27 April 2023

ETSI has just released a Protection Profile (PP) for the security evaluation of quantum key distribution (QKD) modules, ETSI GS QKD 016. This Protection Profile is a first and anticipates the need for quantum safe cryptography. The ETSI specification will help manufacturers to submit pairs of QKD modules for evaluation under a security certification process.

Read More...

Sophia Antipolis, 12 January 2024

In a significant step highlighting the critical importance of security for mobile device users, the French National Cybersecurity Agency (ANSSI) has certified ETSI's Consumer Mobile Device Protection Profile under the Common Criteria global certification framework. This represents the first certification by a national administration of a comprehensive suite of specifications for assessing the security of smartphones.

Read More...

As organizations create and store more data in the cloud, security teams must ensure the data is protected from cyberthreats. Learn more about what causes data breaches and about the best practices you can adopt to secure data stored in the cloud.

With the explosion of data being generated and stored in the cloud, hackers are creating new and innovative attack techniques to gain access to cloud environments and steal data. A review of recent major data breaches shows us that data thieves are using social engineering, hunting for exposed credentials, looking for unpatched vulnerabilities and misconfigurations and employing other sophisticated techniques to breach cloud environments.

A look at recent cloud data-breach trends

Here are some takeaways from major data breaches that have occurred this year:

• Managing the risk from your third-parties – partners, service providers, vendors – has always been critical. It’s even more so when these trusted organizations have access to your cloud environment and cloud data. You must make sure that your third-parties are using proper cloud-security protections to safeguard their access to your cloud data and to your cloud environment.
• Secure your identities. We’ve seen major data breaches this year tracked down to simple missteps like failing to protect highly-privileged admin accounts and services with multi-factor authentication (MFA). 
• Adopt best practices to prevent ransomware attacks, and to mitigate them if you get hit by one. Ransomware gangs know that a surefire way to pressure victims into paying ransoms is to hijack their systems and threaten to expose their sensitive data. 

So, how can you strengthen your data security posture against these types of attacks?

1. Implement a "zero trust" security framework that requires all users, whether inside or outside the organization, to be authenticated, authorized and continuously validated before being granted or maintaining access to data. This framework should allow only time-limited access and be based on the principle of least privilege, which limits access and usage to the minimum amount of data required to perform the job.
2. Use a cloud data security posture management (DSPM) solution to enforce the security framework through continuous monitoring, automation, prioritization and visibility. DSPM solutions can help organizations identify and prioritize data security risks based on their severity, allowing them to focus their resources on the most critical issues.
3. Regularly conduct risk assessments to detect and remediate security risks before they can be exploited by hackers. This can help prevent data breaches and minimize the impact of any security incidents that do occur.
4. Train employees on security best practices, including how to create strong passwords, how to identify risks and how to report suspicious activity.

By following these recommendations, organizations can significantly reduce their risk of a data breach and improve handling sensitive data belonging to their organization. As more and more data moves to the cloud and hackers become more sophisticated, it's essential to prioritize security and take proactive measures to protect against data risks. 

Learn more

• Webinar: Know Your Exposure: Is Your Cloud Data Secure in the Age of AI?
• Data Sheet: Data Security Posture Management (DSPM) Integrated into Tenable Cloud Security
• Data Sheet: Securing AI Resources and Data in the Cloud with Tenable Cloud Security
• Infographic: When CNAPP Met DSPM
• Video: Demo Video: Data Security Posture Management and AI Security Posture Management

PSNP is largest public works program in Africa • Started in 2005 in four main highland regions • Approximately 8 million participants • We examine the effect of PSNP on both high-intensity and low-intensity conflict • Using Govt. of Ethiopia administrative PSNP records and geocoded data on conflict events (Armed Conflict Location & Event Data […] Source: IFPRI Ethiopia: Ethiopia Strategy Support Program

Many data protection regulations, such as PCI DSS and HIPAA, levy heavy fines for data breaches of sensitive information. Effective data protection controls are necessary to avoid breaches of regulatory, statutory, or contractual obligations related to sensitive data.

Organizations that handle sensitive data, such as healthcare and credit card information, are required to audit data protection controls on an annual basis. Leveraging Tenable reports enables organizations to protect data in accordance with business risk posture for Confidentiality, Integrity and Availability (CIA).

The National Institute of Standards (NIST) Special Publication 800-53 provides comprehensive guidance for a secure infrastructure, including guidance on data protection and encryption. The information provided in Tenable dashboards and reports enables Risk Managers and Chief Privacy Officers to demonstrate to third parties and regulatory bodies that sensitive data is protected in accordance with Data Loss Prevention requirements.

The NIST Cybersecurity Framework (CSF) is a control framework, which has high level controls that align with
ISO 27001, NIST SP 800-53, and others. The Cybersecurity Framework’s prioritized, flexible, and cost-effective approach helps to promote the protection and resilience of critical infrastructure and other sectors important to the economy and national security. Many regulating bodies accept evidence documentation of compliance with the NIST CSF as assurance that the organization has effective controls in place to meet their security requirements. The HIPAA Security Rule Crosswalk to NIST Cybersecurity Framework is an example of a regulation aligning with NIST.

The report is available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The report is located in the Tenable.sc Feed under the category Threat Detection & Vulnerability Assessments.

The report requirements are:

Tenable.sc 5.9.0
Nessus 10.2.0

Leveraging Tenable reports enables operations teams to verify that appropriate protections are in place for data at rest, data in transit, and removable media. Security leaders need to SEE everything, PREDICT what matters most and ACT to address cyber risk and effectively align cybersecurity initiatives with business objectives.

Chapters

Executive Summary: This chapter provides a summary view on the state of protections controls relating to Certificates, Encryption, and Confidentiality and Protected Information.

Data Protection Details – This chapter provides details on the state of protection controls in the environment for Certificates, Encryption, and Confidentiality and Protected Information, which are described below.

• Certificates – This section displays findings for hosts with expired certificates, certificates that are expiring soon, untrusted certificates and self-signed certificates.  Expired certificates and other certificate problems cause a denial of service, man-in-the-middle, and trust-related concerns for organizations.  
• SSL/TLS Vulnerability Summary – This section provides an overview of systems and vulnerabilities related to SSL/TLS.  The SSL/TLS Vulnerabilities by Type element displays a count of systems and vulnerabilities related to SSLv2 and SSLv3 in the first two rows. From the third row down, information is provided on all the systems running any version of TLSv1 and higher.
• Encryption – This section provides an overview of systems and vulnerabilities related to SSL/TLS and Encryption/Cryptographic Compliance. Information presented in this section highlights issues such as weak hashing algorithms and keys as well as the use of insecure encryption ciphers. Many of these issues are the result of misconfigurations or use of outdated encryption methods. This detailed information also highlights vulnerabilities that can be exploited by attackers. Tenable recommends that security teams review the data to determine the risk to the organization.
• Confidentiality of Protected Information – This section provides an overview of systems and vulnerabilities related to Security Requirement 3.13.16 in the NIST Special Publication 800-171. Revision 2 provides guidance to protect the confidentiality of Controlled Unclassified Information (CUI) at rest and maps to Security Control SC-28 of NIST Special Publication 800-53.  
• File Content Audit Results – The following section displays File Content Audit Results. The first two rows of the File Contents Audit Results Compliance Checks provide the total count of Passed checks, Failed checks, and checks requiring a manual review. The first row, ‘Check Count’, provides a count of the current checks per check status. The second row, ‘Check Ratio’, provides a ratio view of check status. The three columns together total 100%. The last two rows provide a system count analysis. The third row, ‘System Count’, provides the number of systems with at least one audit check in the applicable state. The last row, ‘System Ratio’, provides a percentage of systems with at least one audit check in the applicable state.

The Genco Picardy is not an American ship. It doesn't pay U.S. taxes, none of its crew are U.S. nationals, and when it sailed through the Red Sea last month, it wasn't carrying cargo to or from an American port.

But when the Houthis, a tribal militant group from Yemen, attacked the ship, the crew called the U.S. Navy. That same day, the Navy fired missiles at Houthi sites.

On today's show: How did protecting the safe passage of other countries' ships in the Red Sea become a job for the U.S. military? It goes back to an idea called Freedom of the Seas, an idea that started out as an abstract pipe dream when it was coined in the early 1600s – but has become a pillar of the global economy.

This episode was hosted by Alex Mayyasi and Nick Fountain. It was produced by Sam Yellowhorse Kesler, edited by Molly Messick, fact-checked by Sierra Juarez, and engineered by Valentina Rodríguez Sánchez, with help from Maggie Luthar. Alex Goldmark is Planet Money's executive producer.

Help support Planet Money and get bonus episodes by subscribing to Planet Money+ in Apple Podcasts or at plus.npr.org/planetmoney.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

Toronto, ON — Professor Anita Anand, a corporate law and governance expert, is the new J. R. Kimber Chair in Investor Protection and Corporate Governance at the University of Toronto Faculty of Law—the first research chair for investor rights in North America—thanks to a generous gift from well-known philanthropist, the Hon. Hal Jackman, LLB 1956, […]

In this hour, stories of heroes, mentors, and our greatest supporters. A Coast Guard rescue swimmer considers his career, a lawyer learns the meaning of justice, and a songstress pens lyrics for her loved one. Hosted by The Moth's Senior Director, Meg Bowles. The Moth Radio Hour is produced by The Moth and Jay Allison of Atlantic Public Media.

Hosted by: Meg Bowles

Storytellers:

Rob Simpson takes us behind the scenes of life as a Coast Guard Rescue Swimmer.

Sheila Calloway searches for fairness and empathy in the justice system.

Beth Nielsen Chapman finds magic in the writing of a song.

The cost and lead times for Germanium optical components have skyrocketed.

IAQ has become a very important topic as the COVID-19 global pandemic has continued to evolve.

Even though the circulated refrigerant is the working fluid required for cooling, lubricant or oil is needed for lubrication of the compressor’s moving mechanical parts.

As extreme heat becomes more common, more of a spotlight is being put on worker safety, and a new app may be able to help.

It goes without saying that HVAC work shifts with the seasons. But did you know that the same mentality can apply to your company vehicles?

As temperatures continue to rise, California workers, worker protection groups, and state regulators are making progress on implementing heat regulations.

Instead of Project 2025's white supremacist vision for voting rights, Progress 2025 envisions universal early voting, a national federal holiday and more.

In this excerpt from “That Librarian,” Amanda Jones offers a blueprint to battle book censorship in public libraries.

At a time of extreme heat, a new proposed OSHA rule could protect millions of American workers from heat-related stresses and even fatalities.

Can organized labor continue its recent momentum into the next presidential administration?

In the months prior to Vice President Kamala Harris’ nomination to the Democratic presidential ticket, I felt a lingering fear in my body about what it would mean for Black

Birth workers serving Black pregnant people maintain the holistic methods—and data privacy—that distinguish doula care from the medical-industrial complex.

Communication systems of electric utilities have become increasingly critical to electric system protection, operation, and maintenance. For fast tripping and clearing of system faults, communication-aided relaying has become a common protection scheme, particularly in line protection. Control centers depend on... Read more

The post Schematics and docs needed for communication systems of substation protective relaying system appeared first on EEP - Electrical Engineering Portal.

To be honest, a circuit breaker is fairly simple device. However, the process of specifying circuit protection is often complicated and unclear, leading many engineers to either include insufficient or excessive protection in their equipment designs. Insufficiently protected circuits expose... Read more

The post Twelve ultimate mistakes when selecting circuit protection for low-voltage equipment appeared first on EEP - Electrical Engineering Portal.

This technical article discusses criteria and requirements for designing protection systems for busbars in HV/EHV networks. One of the most critical requirements is reliable busbar relay protection to assure power system integrity during fault conditions. This requirement is further emphasized because... Read more

The post Design issues in HV busbar protection systems (substation topology and DC power supply) appeared first on EEP - Electrical Engineering Portal.

This technical article discusses the essentials of transformer differential protection and restricted earth fault protection schemes, contrasting the two and elaborating on why the latter is necessary. Furthermore, it reveals the outcomes of stability tests performed on a 502 MVA... Read more

The post Mastering stability test of power transformer: Differential and Restricted Earth Fault (REF) protection appeared first on EEP - Electrical Engineering Portal.

The protection of enclosures against ingress of dirt or against the ingress of water is defined in IEC529 (BSEN60529:1991). Conversely, an enclosure which protects equipment against ingress of particles will also protect a person from potential hazards within that enclosure,... Read more

The post IP Protection Degree (IEC 60529) Explained appeared first on EEP - Electrical Engineering Portal.

In the design of electrical power systems, the ANSI Standard Device Numbers denote what features a protective device supports (such as a relay or circuit breaker). These types of devices protect electrical systems and components from damage when an unwanted... Read more

The post Protection Relay – ANSI Standards appeared first on EEP - Electrical Engineering Portal.

The purpose of a capacitor bank’s protective control is to remove the bank from service before any units or any of the elements that make up a capacitor unit are exposed to more than 110% of their voltage rating. When... Read more

The post How to control and protect capacitor banks before something goes wrong appeared first on EEP - Electrical Engineering Portal.

The Substation Automation Systems, often known as SASs, are responsible for a tremendous variety of tasks. These include some extremely important actions, such as clearing faults in a timely manner in order to maintain the physical condition of power system... Read more

The post The true art of control, monitoring and protection provided by Substation Automation Systems appeared first on EEP - Electrical Engineering Portal.

As you should already know, current transformers are used for metering and relay protection purposes. When we are talking about current transformers used for metering, their performance is of interest during normal loading conditions. Metering transformers may have very significant... Read more

The post Four special connections of current transformers in relay protection applications appeared first on EEP - Electrical Engineering Portal.

Most modern electronic equipment uses switched mode power supplies (SMPS) which draw pulses of current from the mains supply rather than a continuous sinusoidal current. The fast rise time edges of the current waveform contain high frequencies that can cause serious radio frequency... Read more

The post Few advice for improving integrity of protective conductor appeared first on EEP - Electrical Engineering Portal.

Prevention is better than cure, we all know this, and this is true not only for people, but also for the health of your electrical and electronic components and equipment. Smart and cost-effective strategies demand an investment in surge protection.... Read more

The post How to handle overvoltages before any damage is done? Surge protection in a nutshell. appeared first on EEP - Electrical Engineering Portal.

There are at least two safety requirements that medium-voltage switchgear MUST fulfil: an interlocking system and an arc protection system. Yes, these two systems are crucial in terms of safety because they protect not only the operator and other substation... Read more

The post Switchgear interlocking system and arc protection that you MUST consider in the design appeared first on EEP - Electrical Engineering Portal.

In 2004, I embarked on an intensive nine-month training program in protection and instrumentation. This experience laid the foundation for my deep understanding of substation protection systems, combining both theoretical knowledge and practical application. The first protection scheme we delved... Read more

The post Mastering Distance Protection and Calculations Part 1: Advice and Serious Warnings appeared first on EEP - Electrical Engineering Portal.

The first part of this article series delved into the fundamentals of overcurrent protection, exploring the intricacies of relay coordination, the impact of source impedance, and the application of distance protection. These foundational concepts laid the groundwork for understanding how... Read more

The post Mastering Distance Protection and Calculations Part 2: Never Mess Up Protection Accuracy appeared first on EEP - Electrical Engineering Portal.

Generator field winding is an integral part of the generator set which is responsible for generating the magnetic field that induces the stator emf when the rotor rotates. Regulation of current in this winding with the help of an AVR... Read more

The post Failures, Testing and Protections Associated with Field Winding of a Generator appeared first on EEP - Electrical Engineering Portal.

Let’s discuss capacitor banks, but this time, not the basics. Let’s study the double-star capacitor bank configuration and protective techniques used in the substations. How important is to choose the right current transformer ratio, calculate rated and maximum overload currents,... Read more

The post Capacitor banks in substations: Schemes, relay settings, and protective measures appeared first on EEP - Electrical Engineering Portal.

Personal protection against effects of hot weather and sun exposure.

Use these techniques to minimize risk at jobsites and prevent the bringing home of hazardous materials.

This week for our weekly How-To’s powered by KnowHow, we learn how to lay hard-surface floor protection.

The rise of new technologies is changing the way companies raise funds. Along with increased popularity of crowdfunding in recent years, a new form of funding has emerged – that is, the use of Initial Coin Offerings, or ICOs. In 2017, companies in the United States raised over $4 billion through ICOs; in 2018, more than $21 billion has been raised. ICOs generate many challenges for securities regulators, and also give rise to other issues including corporate governance, data protection, anti-money laundering and insolvency. Assistant Professor Aurelio Gurrea-Martínez from the SMU School of Law has conducted legal research on financial regulation. In this podcast, he shares his recent comparative and interdisciplinary study which addresses the issue of ICOs and makes recommendations to regulators and policy makers in a way that aims to promote innovation and firms’ access to finance without harming investor protection, market integrity and the stability of the financial system.

Data has emerged as the most important driver for modern economic development. New industries have arisen from the use of data with personal information as the core asset, while many traditional models of business are ‘disrupted’ or drastically transformed. Artificial Intelligence (A.I.) has also become an integral tool for the management and processing of data, including personal data, as it provides greater accuracy and capability. How should the use of A.I. in data management be regulated and should it be treated any differently under the data protection regime? What role can A.I. play in regulating the use of personal data and as a cybersecurity tool? Is creating a form of propertisation of personal data and ‘data ownership’ useful? These are just some of the lingering questions that regulators and organisations are currently grappling with. Central to the issue is how A.I. can best serve and safeguard humanity’s interests. Warren Chik is Associate Professor of Law at SMU School of Law, and concurrently Deputy Director at SMU’s Centre for AI and Data Governance. In this podcast, he shares his recent research into Artificial Intelligence and Data Protection in Singapore, which takes a deeper look into consumers’ trust, organisational security and government regulation.

At its Booth W-19027, the company will showcase Vial Protect Pack II, a robust, multilayer vial protection/labeling solution for high-value or high-potency drug applications whose container breakage rates must be near-zero.

Custom packaging can help offset rising freight costs by optimizing packaging size and weight, reducing damage, streamlining logistics, and enhancing brand recognition.

While the growth in online purchasing drives changes from product design, to package changes, picking, fulfilling and shipping, product protection stands alone as the main issue, according to the E-Commerce: Think Inside the Box report by PMMI, The Association for Packaging and Processing Technologies.

It is now well accepted that virtually all brands, from the utmost recognized to the newly eager, face an unprecedented onslaught of counterfeiting and gray market trading. In emerging countries, this menace is bold and audacious, with outright fakes appearing in the open marketplace. In developed countries, the problem is equally insidious due to online propagation of counterfeit products through e-commerce platforms.

HexcelPack’s Mini Packing Station can be used to dispense the company’s sustainable HexcelWrap cushioning paper.