Share This

Thursday, 23 February 2023

World peace a top priority

 Core concepts and principles of the Global Security Initiative Concept Paper

Graphic: Deng Zijun/GT

China released "The Global Security Initiative Concept Paper" on Tue, elaborating ideas and principles, clarifying cooperation mechanisms and underscoring China's responsibilities and firm determination to safeguard world peace. 

 

 China issued a Global Security Initiative Concept Paper on Tuesday, elaborating on innovative core concept and principles, firmly supporting a UN-led governance structure and the UN's role in preventing war and forming peace: Chinese Foreign Minister Qin Gang

 China is ready to engage in bilateral and multilateral security cooperation with all countries, firmly upholding the consensus that "nuclear war cannot be won and must never fought" while rejecting an arms race and promoting the political settlement of hot spot issues: Qin 

 China will continue playing a constructive role in pushing forward dialogue and negotiation on the Ukraine crisis. We urge relevant countries to stop fanning the flames of war and provoking the claim that "today's Ukraine is tomorrow's Taiwan": Chinese Foreign Minister


BEIJING: China has issued a landmark document to explain in detail its proposed Global Security Initiative, a move diplomats and experts say will help the world better understand China’s approach to building world peace through coordinated efforts between countries.

“The Global Security Initiative Concept Paper” was released on Tuesday at a Lanting Forum event hosted by the Foreign Ministry in Beijing.

The initiative was proposed by President Xi Jinping in April last year. Currently, over 80 countries and regional organisations have endorsed or supported the initiative, Foreign Ministry spokesman Wang Wenbin said on Tuesday.

The paper elaborated on Beijing’s holistic thinking on the initiative’s background, core beliefs and principles and priorities for cooperation as well as platforms and mechanisms to serve such collaboration.

The paper called on nations to stay committed to the vision of “common, comprehensive, cooperative and sustainable security” and “take the legitimate security concerns of all countries seriously”.

Among detailed areas for greater coordinated work are preventing a nuclear war and “promoting political settlement of international and regional hotspot issues”.

China also vowed to hold high-level conferences on the initiative to strengthen policy communication and promote intergovernmental dialogue and cooperation.

Foreign Minister Qin Gang said while addressing the forum that “security should not be monopolised by certain countries”, as it is a legitimate right of all countries.

China has always been committed to promoting peace and dialogue, Qin said, adding that the paper demonstrates China’s sense of responsibility for safeguarding world peace and defending global security.He said outside attempts to suppress and coerce China have been stepped up, posing a serious threat to its sovereignty and security.

“China is a major country and its development will not be achieved without a secure international circumstance. Likewise, the world will not enjoy security without China’s security,” he said.

Siyabonga Cwele, South Africa’s ambassador to China, said what impressed him most in the paper was that China, as a big country, was still committed to not becoming hegemonic or bullying others.

“We hope all developed countries can follow that path of not using their economic or military strength to coerce others, but working with others for common prosperity for all,” he said. — China Daily/ANN 

Source link

Paper details way to achieve world peace - Chinadaily.com.cn

Paper details way to achieve world peace

By ZHANG YUNBI | chinadaily.com.cn | Updated: 2023-02-21 23:42
Foreign Minister Qin Gang addresses the Lanting Forum on Tuesday in Beijing. [Photo by Wang Zhuangfei/ China Daily]

Professor Richard Wolff: Dangerous Motives Behind US Aggression Toward Russia and China


 

 Professor Richard Wolff joins Julianna Forlano to discuss the danger to world peace posed by Biden's recent aggressive rhetoric toward Russia and China. He also unveils the true economic reasons for the attacks. Another must-watch interview. 

Professor Wolff is an American Economist, known for his work on economic methodology and class analysis. He is Professor Emeritus of Economics at the University of Massachusetts Amherst, and currently a Visiting Professor in the Graduate Program in International Affairs of the New School University in New York. Wolff has also taught economics at Yale University, City University of New York, University of Utah, University of Paris I (Sorbonne), and The Brecht Forum in New York City. 

For info on Richard Wolff go to: https://www.rdwolff.com/ 

And make sure to follow him on Twitter at: https://twitter.com/profwolff For more Julianna, follow her on Twitter at https://twitter.com

/juliannaforlano and @juliannaforlano on Instagram and Facebook!

 ——— 

act.tv is a progressive media company specializing in next generation live streaming and digital strategy. Our YouTube channel focuses on animated explainers, livestreams from protests around the country, and original political commentary. Main site: http://act.tv Facebook: http://facebook.com/actdottv Twitter: http://www.twitter.com/actdottv Instagram: http://www.instagram.com/actdottv YouTube:    / actdottv   Twitch: https://www.twitch.tv/actdottv @actdottv #DoMoreThanWatch

 

China urges Russia-Ukraine ceasefire, offers path to peace in position paper, shows sincerity in global governance

On the one-year anniversary of the Russia-Ukraine military conflict, China restated its calls for political settlement of the Ukraine crisis with more specific plans that accommodate the concerns of both Russia and Ukraine, in a neutral and consistent manner.

Absurdity behind ruthless wars

One year since the Ukraine crisis, it is worth looking into how the US kidnapped war with stories, used “hegemonic ...

 

 
Time will prove the enormous value of China's position paper: Global Times editorial

What this document shows is China's sincerity and goodwill in actively promoting peace talks.

Wednesday, 22 February 2023

Heavily corrupt Washington cannot produce resonating anti-graft dramas: The Knockout 狂飙; Muhyiddin's right hand man arrested

 

 

 最近《狂飙》很火,大家都看了吗?这部剧主要从2000年、2006年、2021年三个时期展开,讲述了高启强从下岗工人到黑社会老大的故事,为什么是这三个时间点?剧中有很多情节突兀的地方又该如何解释?结合原著小说和当时的社会状况来看,这些问题就清晰多了

 《狂飙》这部剧确实是难得一见的好,怎么说呢,它完全让我感受到了那种国产老剧的细致、认真与有格调! ✨ 主要内容 ✨ 00:34 剧情介绍 01:37 细节1-3 03:00 细节4-6 04:25 细节7-9 06:32 细节10-12

 


The Knockout Photo: VCG The Knockout Photo: VCG

No matter how some US media outlets use malicious labels to describe Chinese anti-corruption dramas, one thing is indisputable: The US, under the current corrupt political system and toxic political environment, will never be able to produce a similar drama that can resonate strongly with the public.

A February 18 article in Foreign Policy, entitled "China's Newest Action TV Show Is a Propaganda Hit," laid its eyes on the recent hit Chinese TV series The Knockout. It argues that "at base, The Knockout is a tribute to Chinese leader Xi Jinping's anti-corruption campaign," adding that the TV drama is "part of a broader campaign to popularize propaganda in Chinese film and TV."

The Knockout is among a number of Chinese dramas under the theme of anti-corruption that have received positive reviews and high ratings in China in recent years. The popularity of these series reflects the Chinese public's particular interest in the country's campaign against corruption.

Chinese officials often play a pioneering role in society. As China has a massive officialdom system, how these people behave is closely linked to the ethos of the whole country. It can even be said that, to a large extent, the fight against corruption in China determines the future of the Chinese system.

The Chinese anti-corruption hit dramas are a projection of the country's anti-corruption achievements under the leadership of the Communist Party of China (CPC) in the cultural field. It also demonstrates that China's anti-corruption efforts have been well-acknowledged by the Chinese people.

The success of China's anti-corruption campaign has purified the country's political system, making the society healthier and more vibrant. It has earned more prestige among the people for the Chinese government and the CPC, enhancing the cohesion of the society.

Yet, based on ideological judgments, some Western media have labeled China's anti-corruption dramas as "propaganda." They obviously view China's political environment through tinted glasses as usual and nitpick China's achievements. This only exposes their extreme strategic selfishness and dark mind.

If we take a look at the popular US series that focus on their politics, such as House of Cards, what we will see is the exchange of political interests and the struggle for power in the US. This mirrors the dirty, dark and degenerate side of the US game for power. However, unlike the celebration of anti-corruption achievements in Chinese dramas, these series give viewers only a strong sense of powerlessness.

Fan Peng, a research fellow at the Institute of Political Sciences of the Chinese Academy of Social Sciences, told the Global Times that the relationship between individual officials and the official system is like the one between trees and forests. The one who fights corruption is exactly the "owner" of the forest, the CPC. Aiming at the whole forest, it tries to eliminate all the rotten trees. Such a dynamic force is the core of China's anti-corruption effort.

But that's not the case in the US, a country plagued by systemic corruption. Their ideology leaves no space for self-correction or self-revolution, Fan noted. This makes it impossible for Washington and its politicians to handle corruption the way Beijing has been doing.

Showing no hope of change or improvement, series like House of Cards can only strengthen the US public's perception that their government and politicians are terrible in nature, continuing to lower their trust in Washington and US politics.

Just look at how US politicians reacted in several recent series in the US. In the dispute over a "wandering balloon" with China, some of these people displayed extreme hysteria and unreasonableness. In the Ohio train derailment, some were either indifferent to the health and safety of the people, while some started their playacting only after the incident had made headlines, acting as if they valued the public's interest. Which type of these politicians cannot be found in House of Cards? How can Americans believe in the US system in light of this?

Fan says that another major premise for China to produce anti-corruption dramas is that the literary and art circles in China create cultural products from a position of righteousness. The US can celebrate individuality and rights, but no one dares to challenge corruption from a social justice perspective.

"The US is so torn up that all of its narratives come from only parts of its society. There is always otherness in such a narrow perspective. Therefore, one should not expect the US to produce a drama like The Knockout," Fan noted. 

Source link 

 

RELATED ARTICLES
 

 

Muhyiddin's right hand man arrested - The True Net

The True Net

https://www.thetruenet.com/


How The Ex-PM Solicited RM4.5 Billion Bribes In RM92.5 Billion Covid-19 Stimulus Scandal..


https://www.thetruenet.com/opinion/perspective/muhyiddins-right-hand-man-arrested/


Why was Muhyiddin Yassin so power-crazy that he willingly betrayed friends and allies in Pakatan Harapan, leading to the collapse of the democratically-elected government after j……

How The Ex-PM Solicited RM4.5 Billion Bribes In RM92.5 Billion Covid-19 Stimulus Scandal..

Why was Muhyiddin Yassin so power-crazy that he willingly betrayed friends and allies in Pakatan Harapan, leading to the collapse of the democratically-elected government after just 22 months? Why was he so obsessed with power that he didn’t mind being laughed as the first backdoor prime minister? Why was he so daringly ignored multiple royal decrees, just to cling to power during his 17-month regime?

Why was the former premier so afraid of sharing power with Pakatan Harapan leader Anwar Ibrahim despite a royal decree by the King to form a unity government following the 15th General Election that produced a hung Parliament? More importantly, why is Muhyiddin’s Perikatan Nasional still desperately and shamelessly wants to snatch power through backdoor again?

All the answer can be found after the Malaysian Anti-Corruption Commission (MACC) arrested a chief executive officer of a private company on Thursday (Jan 5) night. The 42-year-old man was detained over his role as “middleman” in brokering government projects related to Covid-19 stimulus packages worth RM92.5 billion (US$21 billion) in exchange for bribes.

The suspect – Adam Radlan Adam Muhammad – turns out to be Muhyiddin’s right-hand man. A former chief executive of Maju Assets Sdn Bhd, Adam is also Segambut divisional leader of Muhyiddin’s political party – Bersatu (Malaysian United Indigenous Party). The best part is Adam is the cousin of Muhyiddin’s son-in-law, Muhamad Adlan Berhan, who in turn was involved in several scandals.

Adlan married to Muhyiddin’s daughter, Nabilah, who is a shareholder of Agathistwo Jia Sdn Bhd, a company involved in the scandalous RM1.2 billion NIIS (National Integrated Immigration System) concession. The NIIS was hatched by Muhyiddin (then-Home Minister under the Pakatan Harapan government) after cancelling its predecessor Sistem Kawalan Imigresen Nasional (SKIN).

Muhamad Adlan was also linked to 1BestariNet, a 15-year project worth RM4.47 billion introduced by then-Education Minister Muhyiddin in March 2011 to provide 4G broadband connectivity and virtual learning environment (VLE) to 10,000 government schools nationwide. However, the “failed project”, awarded to YTL Communications, has been plagued with slow internet access and problematic Frog VLE, which could easily be replaced with Google Classroom.

Adam Radlan’s involvement in Muhyiddin’s web of cronyism, nepotism and corruption was exposed after Muhyiddin-led Perikatan Nasional coalition failed to form a government post 15th General Election. And this is precisely why the former backdoor prime minister desperately wanted to return to power by hook or by crook – to “cover up” the skeleton in the closet.

So, how did Mr Mahiaddin (Muhyiddin) become billionaire during his 17-month short stint as 8th Prime Minister? From the beginning, he saw the golden opportunity to make tons of money from the Covid-19 pandemic. Unlike his former boss Najib Razak, he did not need a complicated project like 1MDB to steal and plunder the national coffers. He just needed to rule with absolute power under a State of Emergency.

It was Muhyiddin himself who bragged in April 2021 that the Perikatan Nasional backdoor government under his leadership has splashed more than RM600 billion (RM340 billion in economic stimulus packages and RM322.5 billion for the 2021 Budget to fight the Covid-19 pandemic). The scam was to boastfully create a narrative that massive of funds were used to help people and rescue the economy.

But when opposition Pakatan Harapan return to power after the Nov 2022 national election, all his lies and corruptions are exposed. Newly crowned PM Anwar revealed at a media conference on Dec 5 last year that the Finance Ministry had informed that there had been several breaches involving the Covid-19 funds. Panicked, Muhyiddin screamed that he did not steal any money.

Suddenly, Muhyiddin admits there was no such thing as RM600 billion, contradicting his previous claims. He said it was only RM530 billion. Even then, he played down the numbers. Spilling the beans, he said his administration had only spent RM83 billion in fiscal injections. This means Muhyiddin’s government did not actually help the people to the tune of RM530 billion as shamelessly trumpeted.

However, the Malaysian Anti-Corruption Commission (MACC) has confirmed it will now focus its investigation on the RM92.5 billion directly funded by the Muhyiddin regime after it was established that RM437.5 billion was not from the government. Still, the difference between MACC’s RM92.5 billion and Muhyiddin’s RM83 billion means about RM10 billion might have gone “missing”.

But there are already problems with the dubious spending of RM92.5 billion funds. Unlike Najib’s 1Malaysia Development Bhd (1MDB) scandal, Muhyiddin used traditional low-tech tactic to enrich himself and his families. Adam Radlan was sent out as his representative to connect contractors with high-ranking government officials before projects were distributed.

After the MACC raided 8 government agencies and 9 companies in December 2022 as part of its investigation into the suspected misappropriation of RM92.5 billion by the Perikatan Nasional government during its 33-month rule, it was found that at least 5 middlemen of several companies were involved in obtaining projects worth between RM50 million and RM500 million through direct negotiations.

Contractors who have been questioned by the anti-graft agency admitted that they agreed to pay a commission of 3% to 5% to secure projects from those middlemen. But the fact that only Adam was arrested so far suggests that the Muhyiddin’s proxy could be the key man on top of the food chain. It would be interesting to see if other middlemen would turn witness against the corrupt ex-PM.

The commission means more than RM4.5 billion had been paid to Adam and his band of middlemen, who clearly collected the bribes on behalf of Muhyiddin between 2020 and 2022. But get your popcorn because the fun has just begun. About 90% of the projects obtained via direct negotiations had not been executed as no acceptance letters (P.O. or Purchase Order) were issued. What does this mean?

This means about RM4 billion had already been paid by contractors to Muhyiddin and his gang of crooks, but all the 90% projects cannot take off. The dirty money had been deposited into the account of a political party, believed to be Bersatu. Hence, Muhyiddin is in deep shit as the furious contractors might turn witness, not to mention the money trail leading to his party.

Perikatan Nasional, comprising mainly Bersatu and PAS Islamist party, had bet the wrong horse. It thought at worst case scenario, the same Malay-centric political parties – UMNO, Bersatu and PAS – would form a government again after election, the same way they did in March 2020 (Muhyiddin became the 8th Prime Minister) and in August 2021 (Ismail Sabri elevated as the 9th Prime Minister).

The contractors similarly had bet the wrong horse that Perikatan Nasional would be part of the federal government. Now, not only they won’t get the projects, the money they had paid disguised as “political funding” to Muhyiddin to fund his lavish election campaign, including buying Malay votes at RM350 per pop, have gone up in smoke. Muhyiddin has already pocketed RM4 billion – in offshore accounts.

While 3%-5% commission was solicited for Muhyiddin, the middlemen and government officials demanded at least RM200,000 for themselves just to grant a meeting with every contractor – “without guarantee” that they will get projects linked to the RM92.5 billion stimulus programmes. This is how everyone benefited from the gravy train during the backdoor regime.

A good example that leakages occurred was the RM7 billion contracts approved under the RM15 billion flood mitigation project that were awarded through direct negotiations (in exchange for kickbacks) to dubious companies like Mangkubumi Sdn Bhd. Exactly how could Mangkubumi won the deal when it has been involved in a court case for illegal money laundering as much as RM139 million?

Adam Radlan, who has since disabled his Instagram, is also a council member of the Tan Sri Muhyiddin Charity Golf Foundation. Without Muhyiddin’s protection, he was dressed in the MACC’s iconic orange suit and will be charged under Section 16(a) of the MACC Act 2009, which provides imprisonment for up to 20 years and a fine of up to 5 times the amount of the bribe, or RM10,000, whichever is higher, upon conviction.

When Muhyiddin claimed that he was not afraid to be investigated, he lied. He was incredibly terrified, but as usual, trying to play poker with the new premier. Thinking PM Anwar was bluffing, he has even challenged the prime minister to prove it. The PM warned Muhyiddin not to challenge him as he has all the files and evidence. A month later, Muhyiddin son-in-law’s cousin has been nabbed.

The new unity government has not even started exposing how Muhyiddin obtained proceeds from gambling companies to help finance the 15th General Election campaign. Under Muhyiddin government, special lottery draws were increased from 8 to 22, despite the anti-gambling stance of Islamist party Parti Islam SeMalaysia (PAS), which is part of the ruling Perikatan Nasional coalition.

The special draws, designed to boost the government’s revenue, contributed RM80 million in extra revenue for the government in 1999 (the year it was first introduced during the premiership of Mahathir). Revenue reached as high as RM238 million in 2017, and averaged RM200 million a year in recent years – money that enabled Bersatu and PAS spent lavishly.

Another dumb person who kept shooting his own foot is former finance minister Tengku Zafrul Aziz. Trying to protect his former boss, he said there was nothing suspicious in the Perikatan Nasional-led government’s management of funds when it was in power. The clueless and incompetent Zafrul might have signed some documents that could come back to haunt him. 

Source link 

Don’t click that link, check before clinking link, victims can call 997, the National Scam Response Centre (NSRC) for help

Beware links asking for banking details, it's likely a scam, say cops.

With online businesses on the rise, the scammers are getting more sophisticated. All it takes is for a user to click a link, and thousands could be stolen in the blink of an eye. Malaysians have already lost almost Rm40mil since October last year.

Clicking on one link cost one man RM10,000.

In December last year, Michael (not his real name) received a notification on his phone telling him to change his banking account password.

Thinking it was a good idea to keep his account secure, Michael clicked on the accompanying link and filled in his banking details, including a new password.

But the notification was fake and the link exposed Michael’s account to scammers.

“Nothing seemed out of the ordinary as the message looked authentic. Clicking the link redirected me to [what seemed to be] the bank’s site and I went on without suspecting anything amiss.

“Several hours later, I noticed the money was gone and knew I had been scammed,” he said, adding that he has since lodged a report with the bank.

While the Macau scam famously has crooks posing as government officers and telling victims that money needs to be urgently transferred to avoid legal action, this technique fools people with fake links and apps, say cybersecurity experts.

The tactic is to offer lucrative deals on high-demand products with one condition: the buyer has to conduct the transaction through an app or link sent by the scammer to the victim’s device; this then allows scammers to obtain personal banking details.

Known as a phishing attack, the technique goes back to the 1990s and the early days of the Internet.

In January, a 55-year-old vocational training officer in Pahang was cheated of RM23,514.70 by a scammer impersonating an NFC (near-field communication) card sales agent.

NFC cards allow wireless transactions and are becoming very popular, especially for toll payments.

Exploiting the surge in demand for such cards, one syndicate advertised on Facebook offering “Nfccapable enhanced cards” in a family package of four cards for just RM32, and the training officer fell for the “too good to be true” deal.

With cashless transactions increasing by the minute and becoming more prevalent, banks are issuing scam alerts on their websites, through newsletters and even text messages, advising customers to be extra cautious when conducting such business as they leave themselves open to phishing attempts.

Phishing is a process where scamsters trick users into divulging personal information such as passwords or credit card details to gain access to users’ online banking accounts.

The message from banks is crystal clear: never trust phone calls or messages requesting personal details, and never click email links to fill up forms.

Fong Choong Fook, executive chairman of cybersecurity testing firm LGMS Bhd, said scammers now capitalise on “market demand” and advertise everything from maid cleaning services and food products to the latest tech gadget, among others.

“The type of product or service offered also changes depending on market demand. These products or services are usually sold in bulk as it allows the scammer to make more money,” he said.

Fong said the scammers ask the interested party to either install an app or click the link sent to make payments.

“This acts as a trojan horse to capture the consumer’s banking details, which is where the nightmare begins.

“The best way a person can avoid being scammed like this is to not download any apps or click any links sent directly from non-trusted sources,” he said.

He added that reclaiming money from scams is very difficult as it would usually be transferred very quickly through multiple accounts with scammers on standby to withdraw the sum at ATMS.

“Today, however, the government has set up a countermeasure through the National Scam Response Centre (NSRC) which serves as the last line of defence for victims.

The task force behind the hotline can also take the necessary actions to help victims,” he said.

The NSRC’S emergency response number is 997.

Cybersecurity expert Assoc Prof Dr Selvakumar Manickam from Universiti Sains Malaysia said cashless transaction scams have increased as adoption of such payment methods increased amid the Covid-19 pandemic that began in 2020.

Scammers can easily create fraudulent websites that look identical to authentic banking sites to dupe unsuspecting victims.

“The interface will look authentic and request users to insert their credentials to log in, as done on authentic sites,” he said.

He advised consumers to never click on links sent to their devices regardless of whether they are sent from authentic sources.

“Always access the site either through your browser or official app to ensure your security,” he said.

He also advised users to refrain from connecting to infrastructure such as public Wifi or computers as it could lead to hacking as well.

“If you’re constantly performing transactions through these banking sites, make it a habit to change your password every six months as a precautionary measure,” said Selvakumar.

A financial crime investigator at a public listed bank who spoke anonymously said scammers are extremely coordinated.

“Large amounts of even up to RM100,000 can disappear within minutes as the money is diverted through several intermediary accounts, making the trail difficult to trace.

“Scammers will also change your banking details such as passwords, transaction limits and linked-handphone numbers, leaving the victim unaware of what is happening.

“They also usually work in large groups with everyone on standby once a victim is identified,” he said.

He added that the obvious signs of such scams are that banks or officers would never call from mobile lines, adding that they would also never transfer the line to “law enforcement officers”.

“It’s best to just hang up on the call, and report it to the banks or NSRC if you encounter such situations,” he said. 

 by GERARD GIMINO and MAHADHIR MONIHULDIN 

 

  Related posts:


How to manage your cyber risks   Minimising the chances of attacks Cyber threats are evolving and escalating at an alarming rate for asset-i...
 
  NINE out of 10 learn­ing and devel­op­ment (L&D) pro­fes­sion­als in this region believe that pro­act­ively build­ing employee skills...
 
 
Related:
 
 
 

 #Windows10 #InternetSafety #OnlineSafety

The Internet can be a bad place, and not all websites are safe. Things may not always be what they seem, and it is, therefore, imperative that you take some basic precautions before you click on any hyperlink or URL. This beginner’s guide talks of the basic precautions one should take before clicking on web links, URLs or hyperlinks.

If you have noticed, when you are reading a web page, you will often see links as, for instance – TheWindowsClub or simply as www.thewindowsclub.com. Most of you may click on such links without a second thought. In either of these two cases, you will be taken to the genuine URL or website which is  https://www.thewindowsclub.com.

But you need to be careful as the displayed text or the hyperlink can be misleading. To give you an example, if you were to click on TheWindowsClub.com now, you could be taken to another link – in this case our own sub-domain. Or you could click on a different displayed link text like say Windows 10 and still be taken to www.thewindowsclub.com. Then again, you may see news.thewindowsclub.com but be taken to www.thewindowsclub.com.

The point that I am trying to make is that don’t take things at face value.

So to confirm that a link is safe or not, what you need to do, is move your mouse pointer and hover it over the link.

Read more on https://www.thewindowsclub.com/precau.

#OnlineSafety #InternetSafety #Windows10

How to prepare for cyber risks


Minimising the chances of attacks Cyber threats are evolving and escalating at an alarming rate for asset-intensive industries such as the energy sector.

ARE organisations only concerned with undertaking the right measures to mitigate cyber risk after they have been cyberattacked?

This may be the case in most situations but the more important question to ask is – what are the cybersecurity controls that should be considered by organisations?

The answer is straightforward – the controls that have the biggest impact on reducing the likelihood or the impact of a successful cyberattack.

Cyber risk is generally defined as the threat to the system, the system’s vulnerability and the resulting consequences. 

Therefore, to successfully protect information technology (IT) and operational technology (OT) systems, companies must understand the tactics, techniques and procedures (TTPS), which threat actors use to achieve their desired objective.

Here are several examples of well documented cyberattacks on critical national infrastructure over the past two decades:

In 2010, arguably, the most sophisticated cyberattack was executed on an Iranian uranium enrichment facility that exposed the weakness of cybersecurity controls and vulnerability of OT environments.

The STUXNET worm was designed specifically to target these environments which allowed the threat actor to exploit and disrupt production operations causing downtime and business impact.

STUXNET was the eureka moment for the energy and manufacturing industries that OT environments can be breached and what impact it can have on their business, human lives, environment and economies.

Unfortunately, it was also an eureka moment for threat actors too. OT cyberattacks surged rapidly and suddenly the attack techniques from threat actors, in terms of creativity and smartness of achieving their malicious objectives, evolved since then.

In 2015, Ukraine was hit by another massive cyberattack that shut off power at 30 substations and left millions of people without electricity for up to six hours. SCADA equipment was rendered inoperable and power restoration had to be completed manually, which further delayed restoration efforts.

So how was this achieved – must have been very sophisticated? Actually, not.

Spear phishing was used to introduce the Blackenergy malware that exploited the macros in excel-based documents on computer systems at the plants. Meaning that the threat actors did nothing different than using known TTPS for cyberattacks on IT environments.

The same exploitation tools were used to find user credentials to escalate their privileges to move laterally in the network or to send malicious commands to disrupt plant operations.

The 2015 cyberattack seemed like an experiment as barely a year later the Ukraine Power Grid was attacked again and this time the capital city Kiev went dark, breakers tripped in a large number of substations.

However, this time the threat actors also jammed the utility’s call centres to prevent customers from reporting the outage by launching Telephone Denial of Service (TDOS) attack.

The approach was more sophisticated as the threat actors directly manipulated the SCADA systems using CRASHOVERRIDE – the first known malware specifically designed to target the power grids directly around the globe with the ability to wipe or delete files, disable processes like malware protection and even the software from OT vendors.

This was another eureka moment – national power grids are not safe from threat actors either.

One of the most concerning cyberattacks was in 2017 where the TRITON malware targeted the specific safety critical Programable Logic Controller’s (PLCS) in the Middle East. The function of these PLCS is to protect plants and people from disasters caused by mechanical failure.

In 2018, advanced persistent threat attacks on industrial environments continued to rise, and industrial espionage increased.

After 2019, there was a drastic increase in ransomware activities in OT environments including the manufacturing, water treatment and pipeline industries.

Recently, Cybersecurity and Infrastructure Security Agency launched the Cross-sector Cybersecurity Performance Goals as a prioritised subset of IT and OT cybersecurity practices, aimed at meaningfully reducing risks to critical national infrastructures and the community it supports.

These cybersecurity controls are not meant to be the only considerations for organisations. The purpose is to form the foundation to protect IT and OT infrastructures against cyberattacks as part of the defence-in-depth cybersecurity strategy.

These are some of the logical first steps to consider:

User account security

User accounts are generally one of the first gateways for threat actors to gain access to the network to establish a foothold and move laterally. On the surface, this may seem simple but maintaining user account security hygiene has been a long-standing challenge for many organisations.

Here are the suggested foundational controls that should be considered:

> enable the detection of unsuccessful user login attempts

> change all default passwords and implement multi-factor authentication

> update the minimum password strength > separate user and privilege accounts > enforce unique user credentials (not just email addresses as commonly used)

> revoke the credentials of departing employees.

Device security

Device security are measures taken to secure computing devices (hardware and software) from cyber threats but also to maintain service continuity.

Here are the suggested foundational controls that should be considered:

> approval process for new hardware and software deployment

> the disablement of macros by default > maintaining an up-to-date asset inventory

> prohibiting the connection of unauthorised devices

> documenting device configurations.

Data security

The purpose is to protect sensitive and confidential data from unauthorised access, theft, loss and destruction.

Here are the suggested foundational controls that should be considered:

> strong and agile encryption

> enable log collection

> secure storage of the said logs.

Governance and training

A strong governance structure is a key success factor for any cybersecurity strategy and operations to manage cyber risks effectively and to ensure adequate protection of data and systems.

Here are the suggested foundational controls that should be considered:

> appointment and empowerment of a single leader to be accountable for cybersecurity

> a single leader to be responsible for Ot-specific cybersecurity

> basic cybersecurity training for all employees and third parties

> OT specific cybersecurity training for OT managers and operators

> establish an effective relationship between IT and OT cybersecurity to improve the response effectiveness for OT cyber incidents.

Vulnerability management

To reduce the likelihood of threat actors exploiting known vulnerabilities in IT and OT systems, the following foundational controls should be considered:

> mitigate known vulnerabilities

> gather vulnerability intelligence by security researchers and enable the researchers to submit discovered weaknesses or vulnerabilities faster

> blacklisting of exploitable services on the Internet

> limit OT connections to public Internet > conduct third-party validation of control effectiveness.

Supply chain/third party

To ensure the integrity and reliability of supplier products and services the following foundational controls should be considered:

> establish supplier cybersecurity requirements

> immediate disclosure of known cybersecurity incidents and vulnerabilities to enable rapid response.

Detection, response and recovery

Here are the suggested foundational controls that should be considered:

> capability to detect relevant threats and TTPS

> a comprehensive response and recovery plan (including appropriate back-ups) in place helps organisations be prepared for the inevitable security incidents that will occur and ensures that they have the processes and resources in place to minimise the impact and recover effectively.

Network segmentation

Network segmentation reduces the likelihood of threat actors accessing the OT network after compromising the IT network and vice versa.

Here are the suggested foundational controls that should be considered:

> segment IT and OT networks

> segment safety critical systems form other systems

> segmentation of temporarily connected devices

> segmentation of wireless communications

> segmentation of devices connected via untrusted networks/internet.

Email security

By implementing effective email security measures, organisations can reduce the risks from common email-based threats and ensure the confidentiality and integrity of email communications.

Here are the suggested foundational controls that should be considered:

> Email encryption

> Email account authentication

> and email filtering.

In conclusion, cyber threats are evolving and escalating at an alarming rate for asset-intensive industries such as the energy sector.

Strengthening the cybersecurity foundations are imperative to build a defence-indepth model that would reduce the chances of cyberattacks and safeguard IT and OT environments.

By JACO BENADIE Jaco Benadie is partner, Ernst & Young Consulting Sdn Bhd. The views expressed here are the writer’s own. 

Source link

 

Related:

 

Exclusive: Hacker group with members from Europe, North America found to have launched cyberattacks against China

Chinese cybersecurity experts have exposed a hacker group, with its core members coming from Europe and North America, which has been launching sustained cyberattacks against China as its primary target, posing a serious threat to the country's cybersecurity and data security, the Global Times learned from a Beijing-based cybersecurity lab on Sunday. 

 

 

Related posts:

 

THE FIGHT AGAINST CYBERCRIME IN FINANCIAL SERVICES

China captures powerful US NSA cyberspy tool

 

Sunday, 19 February 2023

Know your fit­ness lingo

To nav­ig­ate the fit­ness world, it helps to have know­ledge of cer­tain terms and acronyms.

When it comes to strength train­ing, using your body­weight to per­form the exer­cise is adequate for begin­ners. — Pho­tos: 123rf.com 

On your act­ive recov­ery day, gentle stretch­ing is a good way to relax the body. 

 

 

 Little jumps that can raise your heart rate count as car­dio activ­ity.

GYM-GOERS and some per­sonal train­ers like to throw jar­gon and acronyms around, even if they may not fully under­stand what the terms mean.

A few months ago, I met a col­lege-going chap who had just star­ted lift­ing weights and I quer­ied him on his workout regime.

Most of his know­ledge was taken off the inter­net – he was work­ing out his arms and legs on altern­ate days six days a week, and look­ing tired, but good.

“I’m set­ting a PR every day,” he proudly told me.

PR? I was puzzled (I’m old school) and asked what that was because I only knew of PB (per­sonal best).

The PR that I’m famil­iar with is the abbre­vi­ation for pub­lic rela­tions – after all, as media prac­ti­tion­ers, we fre­quently deal with PR pro­fes­sion­als.

“Per­sonal record, aunty!” he said, smil­ing while won­der­ing which era I came from.

“Oh, that’s pos­sible to do on a daily basis, huh?” I com­men­ted, intrigued.

Try­ing to keep up with the young­ster, I then ques­tioned: “Are you doing super­sets or tris­ets?

“And don’t you suf­fer from DOMS, espe­cially if you’re lift­ing so fre­quently?”

He gave me a blank stare because the terms threw him off.

Never assume middle-aged souls with mini muscles don’t know much!

So, I patiently explained them to him.

This encounter is not quite reflect­ive of the gen­er­a­tional gap, but is bound to hap­pen to any­one as the fit­ness world has its own lingo and it’s tough to keep up with all the abbre­vi­ations and acronyms, espe­cially the newly-cre­ated ones.

And it can be daunt­ing for the begin­ner who enters the gym or has a con­ver­sa­tion about fit­ness.

Upon check­ing with my per­sonal trainer friends, I dis­covered that PR (the fit­ness acronym) is gym lingo that can be used for any kind of fit­ness activ­ity.

It is, however, nor­mally asso­ci­ated with the heav­iest weight you’ve lif­ted for a par­tic­u­lar exer­cise, or the max­imum num­ber of repe­ti­tions you per­formed using a cer­tain weight.

People usu­ally toss around this acronym when speak­ing about big lifts.

There are no hard and fast rules over using PR, but some people sub­sti­tute it for PB.

They also use it to refer to other isol­a­tion exer­cises such as biceps curls, jump height, sprints, or even the length of time it takes to run a cer­tain dis­tance.

Here are a few com­mon fit­ness terms you might want to know – and use – when neces­sary.

Car­dio

Car­dio, or car­di­ovas­cu­lar or aer­obic exer­cise, is any rhythmic activ­ity that makes your heart beat faster and increases your breath­ing.

This is as you would require more oxy­gen to keep up with the pace of move­ment.

Examples of car­dio activ­it­ies are run­ning, brisk walk­ing, cyc­ling, march­ing in place, etc.

Get­ting your heart pump­ing at a faster rate on a reg­u­lar basis keeps it in shape and healthy, thus redu­cing the risk of heart dis­ease.

The role of car­dio exer­cises is to help burn cal­or­ies so that you can shed weight.

Strength/res­ist­ance train­ing

This form of exer­cise is inten­ded to increase mus­cu­lar strength and endur­ance.

It involves exer­cising muscles using some form of res­ist­ance, i.e. weights, bands, or even your own body­weight work­ing against grav­ity.

To lose weight faster, com­bine your car­dio with strength train­ing, and watch how your body trans­forms.

Your bones can bene­fit from res­ist­ance train­ing too.

Stud­ies have shown that doing res­ist­ance train­ing con­sist­ently can main­tain or increase bone mass and dens­ity.

This is something most doc­tors are ask­ing their older patients to do as it also helps improve bal­ance and sta­bil­ity.

Hyper­trophy

This refers to an increase or growth in muscle size achieved through strength-train­ing exer­cises.

This style of train­ing is pop­u­lar within the body­build­ing com­munity, where there is often a focus on the growth of cer­tain muscles, e.g. thighs, calves, biceps or arms, to achieve an ideal physique.

Achiev­ing this hap­pens via mod­er­ate weight-lift­ing and mod­er­ate repe­ti­tions.

On the oppos­ite end, muscle atrophy is the decrease in size and wast­ing of muscle tis­sue.

Rep/set

Rep is the short form for repe­ti­tion, i.e. how many times you do the exer­cise.

One rep means one time, two reps mean two times, and so on.

The term “set” tells you how many times you are to repeat a par­tic­u­lar num­ber of repe­ti­tions of a given exer­cise.

For example, if you are doing squats, say­ing three sets of 15 reps means you’ll be doing 15 squats three times in total, with a rest (for an allot­ted time, per­haps 30 seconds or a minute) in between sets.

Super­sets/tris­ets/giant sets

Super­sets are doing two exer­cises back to back with no break.

Giant sets are doing four or more exer­cises back to back with no break.

Dur­ing these sets, you can either pair exer­cises that are non-com­pet­ing, i.e. oppos­ing muscle groups, or you can tar­get the same muscle.

For example, you may do one set of 12 reps of chest presses, fol­lowed by another set of 12 reps of push-ups.

This is a super­set exer­cising the same muscle group.

Or you may do one set of 12 reps of push-ups, fol­lowed by another set of 12 reps of squats, then another set of 12 reps of calf raises.

This is a triset exer­cising dif­fer­ent muscle groups.

DOMS

All of us exper­i­ence DOMS, or delayed onset muscle sore­ness, at some point from doing any activ­ity that is either new, done for a longer dur­a­tion, and/or at a harder intens­ity.

It’s caused by inflamed muscle and con­nect­ive tis­sues.

Symp­toms range from muscle ten­der­ness or sore­ness, to severe debil­it­at­ing pain.

The tem­por­ary dis­com­fort starts a day or two after a workout, and eases off by day three or four.

The sore­ness is a sign that your muscles have been worked and your fit­ness is pro­gress­ing, but you shouldn’t be get­ting DOMS after every workout unless you’re exer­cising only once a month!

HIIT

High intens­ity inter­val train­ing (HIIT) is a form of car­dio exer­cise char­ac­ter­ised by short peri­ods of all-out exer­cise, inter­spersed with rest or act­ive recov­ery ses­sions.

It com­bines both car­dio and strength train­ing, with the inten­tion to max­im­ise ath­letic per­form­ance.

It incor­por­ates sev­eral rounds that altern­ate between sev­eral minutes of high intens­ity move­ments to sig­ni­fic­antly increase the heart rate to at least 80% of one’s max­imum heart rate, fol­lowed by short peri­ods of lower intens­ity move­ments.

There is a ratio that is fol­lowed, i.e. the amount of time spent work­ing versus the amount of time spent recov­er­ing – also known as the work-to-recov­ery ratio.

For example, when you per­form 60 seconds of work, fol­lowed by 60 seconds of recov­ery, your HIIT ratio is one-to-one.

Tabata

This is another form of HIIT con­sist­ing of short workout blocks.

Tabata train­ing breaks a workout down into clearly defined inter­vals – typ­ic­ally, 20 seconds of a push-it-to-the-limit exer­cise, fol­lowed by 10 seconds of rest.

One cycle is repeated eight times for a total of four minutes.

You can mix two exer­cises in a cycle, e.g. 20 seconds jump­ing jacks, 10 seconds rest, 20 seconds crunches, 10 seconds rest, then repeat.

The recom­mend­a­tion is to do four to five cycles for a 16-20 minutes’ workout – you’ll be sweat­ing buck­ets by then!

Tabata, foun­ded by Japan­ese sci­ent­ist Izumi Tabata, is a highly effect­ive train­ing style for build­ing power and car­di­ovas­cu­lar fit­ness.

However, bear in mind that Tabata is gruelling and you’ll need to be fit enough to meet its phys­ical demands without get­ting injured.

Also note that Tabatha is HIIT, but not all HIIT is Tabata.

Act­ive rest or recov­ery

This is usu­ally one day in a set time period when you give your body a “break” and do some sort of move­ment that is less intense than your reg­u­lar workout days.

But this does not mean you can lounge on the couch or scroll through social media throughout the day.

Instead, act­ive rest means schedul­ing a low-intens­ity activ­ity like a leis­urely stroll, foam-rolling or gentle yoga to help with cir­cu­la­tion. 

You can even opt for a mas­sage. Your body needs time to recover (just like the mind needs to recharge) so that the muscles can rebuild stronger.      

By Revathi Mur­ugap­pan, a cer­ti­fied fit­ness trainer who tries to battle grav­ity and con­tin­ues to dance to express her­self artist­ic­ally and nour­ish her soul. For more inform­a­tion, email star­health@the­star.com. my. The inform­a­tion con­tained in this column is for gen­eral edu­ca­tional pur­poses only. Neither The Star nor the author gives any war­ranty on accur­acy, com­plete­ness, func­tion­al­ity, use­ful­ness or other assur­ances as to such inform­a­tion. The Star and the author dis­claim all respons­ib­il­ity for any losses, dam­age to prop­erty or per­sonal injury suffered dir­ectly or indir­ectly from reli­ance on such inform­a­tion.

Related posts:

Science on high intensity interval training: HIIT, or SHIIT?


Weights and protein: Are protein supplements really the whey to go?

 

 

 

Happy and healthy, not hunky