ETSI releases three specifications for cloud-based digital signatures

Sophia Antipolis, 2 April 2019

The ETSI technical committee on Electronic Signature Infrastructure (TC ESI) has just released a set of three Technical Specifications for cloud-based digital signatures supporting mobile devices: ETSI TS 119 431-1, ETSI TS 119 431-2 and ETSI TS 119 432. This new set of standards supports the creation of digital signatures in the cloud, facilitating digital signature deployment by avoiding the need for specialized user software and secure devices.

Read More...

COAI and ETSI sign MoU to foster a closer co-operation on Telecom Standardization

New Delhi & Sophia Antipolis, 13 May 2019

Acknowledging the role of standards, especially in the context of emerging technologies and technologies of the future and the need to collaborate and work in partnership with different types of organizations around the world, COAI, the apex industry association representing leading Telecom, Internet, Technology and Digital Services companies and ETSI, a leading standardization organization for Information and Communication Technology (ICT) standards fulfilling European and global market needs announced to come together once again to work and collaborate on areas of mutual interest.

Read More...

ETSI NFV Release 4 empowers orchestration and cloud enabled deployments

Offers increased support for automation

Sophia Antipolis, 8 October 2019

The ETSI Industry Specification Group (ISG) for Network Functions Virtualisation (NFV) has started working on its next specification release, known as Release 4. While NFV-based deployments are expanding worldwide and show the benefits of network function virtualization, new technologies are expected to be leveraged and features are being added in support of 5G and novel fixed access network deployments that are emerging in many countries. The release 4 work programme will provide the right setting to further enhance the NFV framework by considering recent technological advances, as well as ways to simplify its usage, that are aligned with the current trends in the industry towards network transformation.

Read More...

ETSI Open Source MANO unveils Release SEVEN, enables more than 20,000 cloud-native applications for NFV environments

Sophia Antipolis, 12 December 2019

Today, the ETSI Open Source MANO group is pleased to unveil its latest release, OSM Release SEVEN. This release brings cloud-native applications to NFV deployments, enabling OSM to on-board over 20,000 pre-existing production-ready Kubernetes applications, with no need of any translation or repackaging. OSM release SEVEN allows you to combine within the same Network Service the flexibility of cloud-native applications with the predictability of traditional virtual and physical network functions (VNFs and PNFs) and all the required advanced networking required to build complex end to end telecom services.

Read More...

Second ETSI C-V2X interoperability test event, remote, to connect vehicles in Europe and in the rest of the world

Register now for this remote event!

Sophia Antipolis, 5 May 2020

ETSI, in partnership with the 5GAA, is organizing the second “Cellular-Vehicle-to-Everything” (C-V2X) Plugtests^TM event. It will be held remotely, from 20 to 31 July 2020. ETSI has recently setup a remote lab for all participants, it leverages the ETSI Hub for Interoperability and Validation (HIVE) to interconnect participants’ labs and allow for multi-party interoperability testing.

Read More...

ETSI Unveils First Cloud-Native VNF Management Specifications

Sophia Antipolis, 17 November 2020

The ETSI group on Network Functions Virtualization (ETSI Industry Specification Group NFV) is pleased to unveil its first specification enabling containerized VNFs to be managed in an NFV framework. The ETSI GS NFV-IFA 040 specifies requirements for service interfaces and an object model for OS (Operating System) container management and orchestration.

Read More...

Draft of ETSI Coordinated vulnerability disclosure guide available for public comments

Sophia Antipolis, 24 August 2021

ETSI will soon release a Guide to Coordinated Vulnerability Disclosure. Before publication, it made the draft publicly available for comments. Please send your feedback by 15 September to the technical committee CYBER at cybersupport@etsi.org 

Read More...

Listen to ETSI webinar: “IPv6 Enhanced Innovation: the IPv6-only Future in the 5G, IoT & Cloud Era"

Sophia Antipolis, 17 September 2021

ETSI has successfully held two webinars on ‘IPv6 Enhanced Innovation: the IPv6-Only Future in the 5G, IoT & Cloud Era’ on 13 September. They are available at the following locations:

Part 1: https://www.brighttalk.com/webcast/12761/497800;

Part 2: https://www.brighttalk.com/webcast/12761/497809

Ten experts from government institutions, operators, manufacturers and research institutes, shared their vision and the progress made to date within ETSI ISG (Industry Specification Group) IPE (IPv6 Enhanced innovation).

Read More...

ETSI NFV Release 5 kicks off with increased support for cloud-enabled deployments

Sophia Antipolis, 9 November 2021

The ETSI Industry Specification Group (ISG) for Network Functions Virtualization (NFV) has started working on its next specification release, known as "Release 5”, officially kicking off the new Release technical work after their September meeting.

The Release 5 work program is expected to drive ETSI NFV’s work into two main directions: consolidating the NFV framework and expanding its applicability and functionality set. On the one hand, some aspects of the NFV concepts and functionalities that have been addressed in previous Releases, but need additional work, will be further developed in Release 5. For instance, based on development, deployment experience and feedback collected during testing events such as the “NFV/MEC Plugtests”, additional work on VNF configuration was deemed necessary. Another example is the more detailed specification work related to fault management modelling which aims at further defining faults and alarms information to improve interoperability during network operations, in particular for root cause analysis and fault resolution in multi-vendor environments.

Read More...

ETSI releases Report on Coordinated Vulnerability Disclosure - Helping organizations fix security vulnerabilities

Sophia Antipolis, 17 February 2022

ETSI has released on 27 January a Guide to Coordinated Vulnerability Disclosure. The Technical Report ETSI TR 103 838 will help companies and organizations of all sizes to implement a vulnerability disclosure process and fix vulnerability issues before they’re publicly disclosed.

Read More...

ETSI OSM launches Release THIRTEEN with a new scalable architecture for massive closed-loop operations

Sophia Antipolis, 15 December 2022

The ETSI Open Source MANO community is proud to announce OSM Release THIRTEEN, meeting the already established cadence of two releases per year, alternating between Long Term Support (LTS) releases such as Release TWELVE (2 years’ support) and Standard releases (6 months support).

Read More...

Sophia Antipolis, 26 January 2023

The ETSI Industry Specification Group for Network Functions Virtualization (ISG NFV) has just published its next drop of specifications around new enhancements of the NFV architecture that will support cloud-native network functions.

Read More...

Sophia Antipolis, 2 February 2023

ETSI Open Source Group TeraFlowSDN has just announced the 2nd release of TeraFlowSDN controller, an innovative and robust SDN orchestrator and controller.

Read More...

Sophia Antipolis, 30 April 2024

The ETSI TeraFlowSDN community is proud to announce the third release of TeraFlowSDN, an innovative and robust SDN orchestrator and controller, delivering a fully featured Network Automation Platform. In this latest release, TeraFlowSDN enhances its capabilities with the integration of an Optical SDN controller, expanding device support to include gNMI and OpenConfig protocols. It also features enriched network integrations for end-to-end orchestration like IP over DWDM, L3VPN, MEC, and network topology exposure. The management of network topologies is improved with the addition of a new BGP-LS speaker able to discover the topologies, and a new Forecaster component is introduced, providing predictive insights for network management. These additions substantially augment the versatility and management capabilities of the TeraFlowSDN platform.

Read More...

Sophia Antipolis, 29 July 2024

We are thrilled to announce our latest official release of OpenSlice, proudly brought to you by ETSI Software Development Group OpenSlice (SDG OSL). This marks our first release under the ETSI umbrella, reflecting our commitment to excellence and innovation in the field of open-source Operations Support System (OSS) solutions.

We want to keep the community’s interest on par with our highest passion and expectation to revolutionize the way Network as a Service (NaaS) is delivered, and our latest release is a testament to our dedication! With this new release, we introduce significant changes aimed at enhancing user engagement and addressing the contemporary needs of both research and industry sectors on the matter.

"The latest OpenSlice 2024Q2 version is a manifest to our commitment to pave the way for modern telco-cloud requirements, seamless integration and reference implementations for 6G" - Christos Tranoris, Senior Research at UPATRAS and Chair of ETSI SDG OSL.

Read More...

Sophia Antipolis, 4 September 2024

The ETSI Open Source MANO community is proud to announce OSM Release SIXTEEN, a Long-Term-Support (LTS) release of ETSI OSM, which becomes the most innovative and feature-packed release shipped by OSM to date.

This release brings a revolution in OSM’s functionality, positioning OSM as a generalized cloud-native orchestrator for infrastructure, platforms and services, which extends significantly its former scope. Full cloud-native management of Kubernetes clusters in public clouds, together with the applications or software units running on them, is now possible with Release SIXTEEN. Every operation related to the cluster management (creation, upgrading, scaling, deletion) or the applications running on them is reflected in Git repositories, following the GitOps model. This has been possible thanks to a major change in the internal architecture of OSM.

Read More...

Starts: Sat, 23 Nov 2024 16:30:00 -0500
11/23/2024 02:30:00PM
Location: Ottawa, Canada

This document is only available in PDF format.

This document is only available in PDF format.

Frequently asked questions about a zero-day vulnerability in Fortinet’s FortiManager that has reportedly been exploited in the wild.

Background

The Tenable Security Response Team (SRT) has compiled this blog to answer Frequently Asked Questions (FAQ) regarding a zero-day vulnerability in Fortinet’s FortiManager.

FAQ

What is FortiJump?

FortiJump is a name given to a zero-day vulnerability in the FortiGate-FortiManager (FGFM) protocol in Fortinet’s FortiManager and FortiManager Cloud. It was named by security researcher Kevin Beaumont in a blog post on October 22. Beaumont also created a logo for FortiJump.

What are the vulnerabilities associated with FortiJump?

On October 23, Fortinet published an advisory (FG-IR-24-423) for FortiJump, assigning a CVE identifier for the flaw.

What is CVE-2024-47575?

CVE-2024-47575 is a missing authentication vulnerability in the FortiGate to FortiManager (FGFM) daemon (fgfmsd) in FortiManager and FortiManager Cloud.

How severe is CVE-2024-47575?

Exploitation of FortiJump could allow an unauthenticated, remote attacker using a valid FortiGate certificate to register unauthorized devices in FortiManager. Successful exploitation would grant the attacker the ability to view and modify files, such as configuration files, to obtain sensitive information, as well as the ability to manage other devices.

Obtaining a certificate from a FortiGate device is relatively easy:

Comment
by from discussion
infortinet

According to results from Shodan, there are nearly 60,000 FortiManager devices that are internet-facing, including over 13,000 in the United States, over 5,800 in China, nearly 3,000 in Brazil and 2,300 in India:

When was FortiJump first disclosed?

There were reports on Reddit that Fortinet proactively notified customers using FortiManager about the flaw ahead of the release of patches, though some customers say they never received any notifications. Beaumont posted a warning to Mastodon on October 13:

Post by @GossiTheDog@cyberplace.social

View on Mastodon

Was this exploited as a zero-day?

Yes, according to both Beaumont and Fortinet, FortiJump has been exploited in the wild as a zero-day. Additionally, Google Mandiant published a blog post on October 23 highlighting its collaborative investigation with Fortinet into the “mass exploitation” of this zero-day vulnerability. According to Google Mandiant, they’ve discovered over 50 plus “potentially compromised FortiManager devices in various industries.”

Which threat actors are exploiting FortiJump?

Google Mandiant attributed exploitation activity to a new threat cluster called UNC5820, adding that the cluster has been observed exploiting the flaw since “as early as June 27, 2024.”

Is there a proof-of-concept (PoC) available for this vulnerability/these vulnerabilities?

As of October 23, there are no public proof-of-concept exploits available for FortiJump.

Are patches or mitigations available for FortiJump?

The following table contains a list of affected products, versions and fixed versions.

Fortinet’s advisory provides workarounds for specific impacted versions if patching is not feasible. These include blocking unknown devices from attempting to register to FortiManager, creating IP allow lists of approved FortiGate devices that can connect to FortiManager and the creation of custom certificates. Generally speaking, it is advised to ensure FGFM is not internet-facing.

Has Tenable released any product coverage for these vulnerabilities?

A list of Tenable plugins for this vulnerability can be found on the individual CVE page for CVE-2024-47575 as they’re released. This link will display all available plugins for this vulnerability, including upcoming plugins in our Plugins Pipeline.

Get more information

• Burning Zero Days: FortiJump FortiManager vulnerability used by nation state in espionage via MSPs
• FortiGuard Labs PSIRT FG-IR-24-423 Advisory

Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

As organizations create and store more data in the cloud, security teams must ensure the data is protected from cyberthreats. Learn more about what causes data breaches and about the best practices you can adopt to secure data stored in the cloud.

With the explosion of data being generated and stored in the cloud, hackers are creating new and innovative attack techniques to gain access to cloud environments and steal data. A review of recent major data breaches shows us that data thieves are using social engineering, hunting for exposed credentials, looking for unpatched vulnerabilities and misconfigurations and employing other sophisticated techniques to breach cloud environments.

A look at recent cloud data-breach trends

Here are some takeaways from major data breaches that have occurred this year:

• Managing the risk from your third-parties – partners, service providers, vendors – has always been critical. It’s even more so when these trusted organizations have access to your cloud environment and cloud data. You must make sure that your third-parties are using proper cloud-security protections to safeguard their access to your cloud data and to your cloud environment.
• Secure your identities. We’ve seen major data breaches this year tracked down to simple missteps like failing to protect highly-privileged admin accounts and services with multi-factor authentication (MFA). 
• Adopt best practices to prevent ransomware attacks, and to mitigate them if you get hit by one. Ransomware gangs know that a surefire way to pressure victims into paying ransoms is to hijack their systems and threaten to expose their sensitive data. 

So, how can you strengthen your data security posture against these types of attacks?

1. Implement a "zero trust" security framework that requires all users, whether inside or outside the organization, to be authenticated, authorized and continuously validated before being granted or maintaining access to data. This framework should allow only time-limited access and be based on the principle of least privilege, which limits access and usage to the minimum amount of data required to perform the job.
2. Use a cloud data security posture management (DSPM) solution to enforce the security framework through continuous monitoring, automation, prioritization and visibility. DSPM solutions can help organizations identify and prioritize data security risks based on their severity, allowing them to focus their resources on the most critical issues.
3. Regularly conduct risk assessments to detect and remediate security risks before they can be exploited by hackers. This can help prevent data breaches and minimize the impact of any security incidents that do occur.
4. Train employees on security best practices, including how to create strong passwords, how to identify risks and how to report suspicious activity.

By following these recommendations, organizations can significantly reduce their risk of a data breach and improve handling sensitive data belonging to their organization. As more and more data moves to the cloud and hackers become more sophisticated, it's essential to prioritize security and take proactive measures to protect against data risks. 

Learn more

• Webinar: Know Your Exposure: Is Your Cloud Data Secure in the Age of AI?
• Data Sheet: Data Security Posture Management (DSPM) Integrated into Tenable Cloud Security
• Data Sheet: Securing AI Resources and Data in the Cloud with Tenable Cloud Security
• Infographic: When CNAPP Met DSPM
• Video: Demo Video: Data Security Posture Management and AI Security Posture Management

Preventing data loss, complying with regulations, automating workflows and managing access are four key challenges facing financial institutions. Learn how Tenable can help.

Imagine a bustling bank, made not of bricks and mortar, but of a swirling mass of data in the cloud. Account numbers, transaction histories and personally identifiable information (PII) zip across servers, powering the financial world. Holding all this sensitive data requires tremendous care. Therefore, securing this sensitive information is paramount.

This is where Tenable Cloud Security steps in, offering a data security shield specifically designed for the unique needs of financial institutions.

The challenge: A data deluge demands vigilance

Financial institutions generate massive volumes of data daily. While the public cloud offers unparalleled capacity to store such data, along with agility and scalability, the cloud also expands the attack surface. Legacy cybersecurity solutions are often unable to manage — let alone secure — the sheer volume of data and the variety of ways it is accessed, leaving organizations exposed to malicious actors. At the same time, financial institutions must keep up with new and evolving compliance standards and regulations set forth by governing bodies. Financial institutions need a security platform that helps them protect their data and maintain compliance.

Tenable Cloud Security’s advantage: Seeing beyond the walls

Tenable Cloud Security actively scrutinizes every corner of the cloud data vault, continuously and automatically.

"Without [Tenable Cloud Security], we would've been virtually blind to risks and threats impacting our sensitive data. [Tenable Cloud Security] allows us to preempt any issues and meet the requirements we're receiving from our business partners, with minimal effort.

— VP Security at a leading Fintech platform

Here's how Tenable empowers financial institutions:

• Protecting sensitive data: Tenable doesn't just guard the door; it knows what's inside and how to best protect it. It identifies and labels all data, like financial records and social security numbers, understanding its sensitivity and prioritizing its protection.
• Continuous monitoring: Imagine guards constantly scanning every inch of the vault. Tenable does the same digitally, using advanced technology to constantly search for suspicious activity and potential breaches. Any unusual movement of the data, either exfiltration or copying to a different and inaccessible location, triggers an alarm, allowing for immediate intervention.
• Policy enforcement: Just like a vault needs clear access protocols, so does your data. Tenable automates setting and enforcing cybersecurity policies across the entire cloud, ensuring everyone plays by the book and no unauthorized hands touch the valuables.
• Following mandated regulations: Financial institutions juggle a complex set of regulations and industry standards like the Payment Card Industry Data Security Standard (PCI-DSS). Tenable simplifies compliance with a host of international regulations by providing timely reports and audit trails.

Beyond traditional security: More than just a lock

Modern technology stacks for data storage require a modern cybersecurity stack. Traditional security solutions are unable to address the unique risks associated with storing data in cloud technologies. Financial organizations that leverage Tenable’s data security platform are able to meet existing and future challenges, including:

• Preventing data loss: Early detection and prevention of unauthorized data access can help organizations minimize financial losses and reputational damage, keeping valuable assets safe from even the most cunning thieves.
• Complying with regulations: Automated reports and adherence to the most stringent regulations and industry standards ensure compliance, saving time and resources.
• Automating workflows: Tenable automates tasks and provides deeper insights into how data behaves, enabling organizations to free up their valuable resources for other endeavors and make their security teams more efficient.
• Managing access: Just like knowing who has access to the vault is crucial. Tenable tracks who and what has access to data, ensuring only authorized parties can handle the data.

The future of financial security is data-centric

Tenable Cloud Security's data-centric approach positions it as a valuable partner, not just for guarding the perimeter but for understanding the inner workings of the vault and the most sensitive data within it. By leveraging Tenable’s capabilities, financial institutions can confidently embrace the cloud while ensuring the highest level of security for their most valuable assets — their data.

To learn more about how you can secure your data

• Webinar: Know Your Exposure: Is Your Cloud Data Secure in the Age of AI?
• Data Sheet: Data Security in a Unified Cloud Security Solution
• Infographic: When CNAPP met DSPM
• Demo Video

TORONTO - The Canadian Securities Administrators (CSA) today published its biennial

"A desperate call for help interrupts holiday celebrations at the Bureau of Balance, and sends Taako, Magnus and Merle on a high-stakes mission to find and reclaim a fourth deadly relic: a powerful transmutation stone, hidden somewhere in the depths of a floating arcane laboratory that's home to the Doctors Maureen and Lucas Miller. An unknown menace has seized control of the stone, and is using it to transform the lab into a virulent pink crystal that spreads to everything it touches. It's only a matter of time before this sparkling disaster crash-lands, but in order to find the stone and save the whole planet from being King Midased, our heroes will have to fight their way through a gauntlet of rowdy robots and crystal golems, decide whether they can trust the evasive Lucas Miller, and solve the mystery of what— or who— has put them all in peril, before there's no world left to save." -- Provided by publisher

气候变化对全球食物系统构成的威胁日益严重，对食物和营养安全、生计及全人类整体福祉，尤其是对世界各地的贫困人口和弱势群体造成了严峻影响。我们迫切需要对气候变化采取紧急行动，既要实现限制全球变暖所需的大幅度减排，又要提高适应和应对气候变化的能力，这一点正引起全球的广泛关注。《2022全球食物政策报告》提出了一系列加快行动的机会，这些机会应在制定适应、减缓和应对气候变化的政策与投资决策时加以考虑。

#1 New York Times bestselling author Sandra Brown weaves a tale of murder, passion, and intrigue in the pristine corridors of the White House. Barrie Travis is not famous: she's just a damn good reporter stuck at a low-budget television station. Then, her old friend and now First Lady calls her to investigate the supposed SIDS death of her baby. Stunned by grief after the loss of her infant son, the President's wife hints that her child may have murdered. Blind to everything but finding the truth, Barrie delves into the private lives of the president and his wife and uncovers dark and terrible secrets that will test her ethics, her patriotism, and her courage. With the help of Gray Bondurant, a mysterious former presidential aide, this story could topple the presidency and change the course of history. In this fast-moving political thriller, Barrie must fight powerful forces that want nothing more than to see the scandalous past-and a certain young reporter-dead and buried.

#1 New York Times bestselling author Iris Johansen offers readers a classic tale of a love that seems impossible-and a hunger that is undeniable. Jenny Cashman longs to escape the refined, rarified air of her exclusive Swiss education. At nineteen, she's desperate for independence-and to once again see the man she loves. So she sells her belongings, leaves Europe, and heads to Las Vegas. The sight of Steve Jason's newest palatial hotel and casino thrills Jenny-but not as much as the sight of the man himself. Steve came to her rescue after her father died, paying for her years of expensive schooling. Now, she must convince him that she's old enough to make her own decisions . . . including about her passion for him. Steve Jason is a powerful mogul, a man who came from nothing and made a name for himself in the industry before he was thirty years old. He takes great care to keep all emotional involvement with others to a bare minimum-with only one exception. Jenny has always been incredibly important to him. But how can he keep her safe when she seems oblivious to her own stunning beauty and the reactions she gets from other men? It will take all of Steve's resolve to protect her-especially from his own desires.

TORONTO – The Canadian Securities Administrators (CSA), the Canadian Investment Regulatory Organization (CIRO), and the Ombudsman for Banking Services and Investments (OBSI) remind investors that they all offer investors services related to claims or complaints free of charge.

https://www.youtube.com/watch?v=UHhFYrwJjow

https://www.youtube.com/watch?v=Ata12_CZy4A

IFPRI is pleased to participate in the 29th UN Climate Change Conference of the Parties (COP29) being held in Baku, Azerbaijan from November 11 to November 22, 2024. COP29 is a pivotal opportunity to accelerate action to tackle the climate crisis. With... Source: IFPRI Malawi: Malawi Strategy Support Program

"It's been a year since the horrific events at Freddy Fazbear's Pizza, and Charlie is just trying to move on. Even with the excitement of a new school and a fresh start, she's still haunted by nightmares of a masked murderer and four gruesome animatronic puppets. Charlie thinks her ordeal is over, but when a series of bodies are discovered near her school bearing wounds that are disturbingly familiar she finds herself drawn back into the world of her father's frightening creations. Something twisted is hunting Charlie, and this time if it finds her, it's not letting her go." -- Publisher's description.

This document is available as PDF only. The following links go to sections in the PDF. 

IntroductionThe members of the Canadian Securities Administrators (the CSA or we) are publishing for comment proposed amendments to National Instrument 94-101 Mandatory Central Counterparty Clearing of Derivatives (National Instrument 94

Growing consensus in the scientific community indicates that higher temperatures and changing precipitation levels resulting from climate change will depress crop yields in many countries over the coming decades. This is particularly true in low-income countries, where adaptive capacity is low. Many African countries are particularly vulnerable to climate change because their economies largely depend on climate-sensitive agricultural production.

"Ethiopia's agricultural sector, which is dominated by smallscale, mixed-crop, and livestock farming, is the mainstay of the country's economy. It constitutes more than half of the country's gross domestic product, generates more than 85 percent of foreign exchange earnings, and employs about 80 percent of the population. Unfortunately, Ethiopia's dependence on agriculture makes the country particularly vulnerable to the adverse impactsof climate change on crop and livestock production.

Agricultural production remains the main source of livelihood for rural communities in Sub-Saharan Africa, providing employment to more than 60 percent of the population and contributing about 30 percent of gross domestic product. With likely long-term changes in rainfall patterns and shifting temperature zones, climate change is expected to significantly affect agricultural production, which could be detrimental to the region’s food security and economic growth.

The potential adverse effects of climate change on Ethiopia’s agricultural sector are a major concern, particularly given the country’s dependence on agricultural production. Securing Ethiopia’s economic and social well-being in the face of climate change requires that policymakers and stakeholders work together to integrate climate change adaptation into the country’s development process.

Numerous studies indicate that agricultural production is sensitive to climate variability, and lack of infrastructure in developing countries increases vulnerability to extreme climate events. In Ethiopia, the historical climate record indicates frequent droughts and floods, which can devastate agricultural production and existing infrastructure. Too much precipitation can flood crops, rot or suffocate roots, and wash out roads, creating similar economic conditions to those resulting from drought.

Ethiopia possesses abundant water resources and hydropower potential, yet less than 5 percent of irrigable land in the Blue Nile basin has been developed for food production, and more than 80 percent of Ethiopians lack access to electricity. Consequently, the Ethiopian government is pursuing plans to develop hydropower and irrigation along the Blue Nile River in an effort to tap into this underused potential.