Want to live the Australian dream?
Mother's Touch International Academy is the pioneer in bringing Australian Early Childhood Education courses to Sri Lanka!
Our education partner is TRED College (Australia)
- CHC30113 Certificate lll in Early Childhood Education and Care
- CHC50113 Diploma in Early Childhood Education and Care
Pathways to study or work in Australia after completion!
Registrations now open for our July 2018 intake!
For more detail please call us on:
0776377497 / 0112805047
Study in Australia - Information Session at AEMC Colombo Office. 09th June at 10 AM - 5PM
Get all information about study in Australia + Scholarships
Charles Sturt University
La Trobe University
Western Sydney University
Venue: AEMC, Level 3, Liberty Arcade, 282 Duplication Rd, Col 03.
Call us on 0117201439, 0779043669
#studyinaustralia #melbourne #charlessturtuniversity #csustudycentre #aemcconsultant
Registrations are now open for the February 2018 Intake. Enroll now and claim the early bird discount. Become a Professional in Mental health/ Child/ Educational/ Counseling Psychology and Graduate from a Top 12 British University, studying in Sri Lanka. Call 0112 50 70 71 for more information.
Every home owners worst nightmare, but adorable all the same. Here’s the magnificent Asian palm civet, Paradoxurus hermaphroditus.
#urbanfishingcatproject #palmcivet #civet #asianpalmcivet #srilanka #trailcam #urbanwetland #urbanwildlife
Maradana College of Technology
Established : 1893
Province : Western
District : Colombo
Zone No : 01
Located : Olcott Mawatha,Colombo 10
College of Technology, P.O.Box:557 Olcotte Mawatha, Colombo 10.
***Today We Have****
Building Trade Workshop
Wood Machinery Workshop
Lathe Machine Workshop
General Science Lab
The genetic contribution to depressive disorders is estimated to be approximately 30 to 40 %.(8) While a variety of environmental characteristics have been identified as risk factors for depression, early life stressors, such as childhood physical or sexual abuse, parental neglect, and loss of a parent, have been shown to significantly increase the probability of developing depression later in life.(9) The effects of early life stressors are influenced by a variety of genes, and the 5-HTTLPR gene, involved in serotonin transporter functioning, has received significant attention. Caspi et al. (2003) found that the short version of the gene, which is associated with a reduction in serotonin transporter function, increased the risk of developing depressive symptoms and suicidality following exposure to stressful life events and maltreatment during childhood.(10) However, results from studies of the 5-HTTLPR gene have not been consistent, and Heim et al. (2012) suggest that such variation occurs because different genetic backgrounds may alter the nature of the 5-HTTLPR gene by environmental interaction. Furthermore, a variety of other genes may influence this interaction, as a number of gene-environment interactions have been reported in recent studies of the 5-HTTLPR gene.(11)
AAT Passed Finalists/Members required more avenues to pursue their career progression
It was experienced personally as a Passed Finalist in 1996 and it becomes my long term vision when actively joining with AAT Sri Lanka’s activities since 2005
Degree proposal has been presented to the many forums chaired by different personalities since 2011 but didn’t worked out
Decided to contest Governing Council election 2014/15 to implement this proposal and knocked-out
Contested second time in 2016/17 and got selected
Degree proposal has been approved by the Governing Council and MOU with Open University of Sri Lanka (OUSL) reached on January 2017 for next 06 years
There are many who have contributed to the successful ending of this journey ………….
Hats off every one …………..
I’m expecting a day in which AAT student graduating with a PhD followed this route ………….
Grid: Locked — Managing the Risks of Hacking the Electric Grid
by Hilary Tuttle | October 2, 2017 at 6:09 am
On Dec. 17, 2016, hackers successfully targeted an electric transmission substation outside of Kiev, Ukraine, leaving part of the city without power for about an hour. Widely thought to be attributable to the Russian government, the incident was the second attack to cause a power outage in Ukraine in as many years. The incident was far from catastrophic—indeed, the attack the year before cut off power to more people and for a longer period. But cybersecurity researchers now believe the 2016 attack was merely a dry run, testing out the most advanced malware ever deployed to target a grid—an adaptable, scalable tool purpose-built to disrupt critical infrastructure.
Supporting the theory that it was more a proof of concept, this attack did not even make use of all the functionality and modules built into the malware, dubbed “CrashOverride” by industrial control systems cybersecurity firm Dragos or “Industroyer” by Slovakian anti-virus firm ESET, the two companies that identified and analyzed it. The malware has two backdoors (a backup in case the first is discovered), a port-scanner that automatically maps out the network to identify target equipment, a wiper to cover its tracks after an attack, and the ability to record and report network logs so that attackers can better learn how the control systems function over time.
Most concerning, CrashOverride does not exploit a system vulnerability. Rather, it takes the knowledge gleaned from previous attacks and abuses the system’s functionality, sending messages directly to grid equipment to switch the flow of power on and off. “There’s no defense against the attack itself,” explained Robert Lee, CEO of Dragos. “There’s defense against [hackers] putting it in place, stopping the attack before it occurs. But once it is in, it just works because that’s how the electric grid works. As a result, there’s no technical limit to scalability, and the limitation of getting it placed is just a limitation of the humans.”
CrashOverride has a swappable component design, making the threat less about the specific malware and more its role as a framework that can be customized for different targets, either in other regions or, potentially, other industries. The precise protocols targeted in the current iteration of this malware are used in electric power control systems outside of the United States—it would work in all of Europe and most of the Middle East and Asia. The modifications required to make it work on grids in North America, Australia and New Zealand would take “less than a day,” according to Lee, who noted the issue is purely one of desired target. “We have not seen, in any way, an adversary with the intent to adapt it to work on the American power grid, but if they wanted to, it would be a very trivial thing to accomplish technically,” he added.
Based on the research from Dragos and ESET, the Department of Homeland Security’s United States Computer Emergency Readiness Team (US-CERT) issued an official alert, reporting that the tactics, techniques and procedures (TTP) used in CrashOverride could be modified to target U.S.-based entities, and could also be adapted for industrial control system (ICS) settings beyond electric power. Thus, the department urged, “all critical infrastructure organizations should be evaluating their systems to susceptibilities in the TTPs outlined.”
Lee is most concerned, however, by the aggressive escalation this malware represents. Over the past five years, hacks of critical infrastructure have evolved from identifying sites to stealing information to shutting down a nation’s electric grid. Even in the past two years, attackers demonstrated consistent advancement: The 2015 attack on Ukraine’s grid left about 230,000 people in the dark, but that feat required a team of about 20 people penetrating utilities’ networks and manually switching off power to electrical substations. The 2016 attack was fully automated, programmed to work directly on grid equipment to control the flow of power without requiring human intervention or management. As a result, blackout attacks could be performed more quickly, with less effort and fewer people.
From Defensible to Defended
Experts assure that there is no need for panic, however. Hackers are not going to cut power to a whole country in the near future. ESET and Dragos estimate that a reasonably sized adversary operations team could impact 12 to 15 sites in a coordinated attack, resulting in hours or even a couple of days of interruption. These stations could be selected to cut off power in a specific region, cause limited interruption in multiple cities, or target a specific industry. But at the end of the day, CrashOverride is not capable of bringing down an entire nation’s grid.
Indeed, even thinking of it as the power grid is a bit misleading—there are many grids that make up power infrastructure, and that complexity builds in some robustness. Lee was quick to say the electric grid is in a relatively good position in terms of overall defensibility. While that does not necessarily mean it is fully secure, the existing resilience helps ensure that most scenarios of long, widespread blackouts are extremely improbable.
Experts have varied opinions on the threat of hacking critical infrastructure, but much of the disagreement focuses less on the possibility than on timeline, scale of attack, and magnitude of damage or disruption.
Targeting civilian infrastructure marks a notable escalation in the aggressiveness of nation-state actors. What’s more, Lee pointed out that the incident marks a break with the historical worldwide understanding that public infrastructure was, to some extent, off limits, at least without drawing international ramifications like sanctions. Indeed, electric grid compromise scenarios have mainly been confined to active conflict zones and limited in scope. However, the increases in technical sophistication, the automation of what has historically required considerable manual effort, and the rate at which attacks and technical advancement have occurred all mean the risks posed by such systemic cyberattacks should be on the radar for utilities, businesses and individuals.
“Our adversaries are getting much more aggressive, so that defensible position we have now is a nice upper hand, but we need to take advantage and do something about it,” he said. “There’s a way to move from defensible to defended.”
Preparing for the Inevitable
In a survey of top information security professionals gathered for this year’s Black Hat conference, 60% of respondents believed that a successful cyberattack on U.S. critical infrastructure will occur in the next two years. Only 26% are confident that U.S. government and defense forces are currently equipped and trained to respond appropriately.
Hacking critical infrastructure requires skill and resources that are primarily limited to nation-state attackers, otherwise known as advanced persistent threats. Battling such highly sophisticated and determined actors makes the risk utilities face fundamentally different from the threats to other sectors. Few retailers, for example, will ever draw the full force of a well-funded nation-state. From possible damage to the expensive equipment in industrial environments to business interruption for the many enterprises that rely on an electric entity, there are many operational risks, but the headline risk can be far more dangerous and is hard to truly control.
Soubaghya Parija, the New York Power Authority’s chief risk officer, considers an attack that causes outage inevitable, and reports the NYPA is currently preparing for such an incident to happen at any time. “The risk scenarios are highly probable,” he said. “We’ll be directly impacted. That’s not a question.”
Operating from the assumption that an attack cannot be prevented, the power authority is focused on how to best respond when one eventually strikes. “Our goal is to contain disruption of the most critical systems and processes to the minimum period possible,” Parija said. “We’ve defined the maximum tolerable time that the system could go out and still function, so then it is a matter of identifying the most critical systems and processes and setting controls around them.”
Managing the risk of being hacked thus comes down to preparedness and response, not prevention. The closest any entity in the utility space can get to a vulnerability management program, he believes, is refining the best business continuity, crisis management, and communications plans to address both customers and industry or government partners.
Monitoring the network for abnormal traffic can help raise a red flag when CrashOverride is sending messages to switch breakers, but network visibility or threat intelligence are not enough to ensure the security of critical infrastructure. Some of the impediments to mitigate the risk of hacking the electric grid are systemic.
Systemic Challenges, Strategic Investments
Generic IT best practices are insufficient to secure ICS—these systems really require specialized education in what security means in that environment. But as in many other sectors, utilities face the challenges of a talent gap and an aging workforce. With retirements, turnover, and increasing reliance on short-term contractors, fewer employees have the institutional knowledge that comes with experience in these unique industrial settings. According to Parija, a significant number of NYPA workers have been there less than five years.
To strengthen existing talent, Parija said the power authority is dedicating significant attention to the risks posed by careless insiders, educating staff on best practices by, for example, conducting phishing tests and issuing reminders not to leave passwords on desktop notes. He recognizes, however, that these only mitigate risks from within.
“The problem that we and other utilities face is that, yes, we can put the foundational protections and all that in place, but we will never technologically match a state-sponsored cyberterrorist outfit because that is all they do,” he said. “All day long, teams of people, they are not after money, they are focused on creating headline news, trying to disrupt our critical industry.”
A cyberrisk profile like the NYPA’s requires different approaches to management—and different definitions of success. “Typically, the way we do risk management is to understand the risks and put mitigation strategies in place against that risk. With cyber, the threat scenarios are constantly changing, and it is very difficult to put something in place for or manage the unknown,” Parija said. “With so many unknowns, we cannot prepare for these risks appropriately. Instead, what we are doing is spending more resources on discovery and resilience as opposed to reducing the threat of the vulnerability.”
Lee agrees that the right focuses for any electrical entity are how early, how fast, and how confidently you can detect an intrusion and how well your plans actually mitigate the risk and reduce the recovery time required in practice. In a presentation on CrashOverride at this year’s Black Hat conference, he urged utilities to study the incident not to guard against the malware itself, but as a specific scenario for robust crisis-response planning. Ideally, entities should be running a tabletop exercise to examine what CrashOverride—and any other incidents in future—would mean in their facility, then developing a detailed playbook of emergency procedures to ensure a faster, more effective, more reliable response and restoration of operations. Key questions Lee suggested include: Do you have the right coordination between the teams that need to be involved? Do you have the right buy-in from leadership to be able to respond effectively? Do you know how you are going to respond from both a technical and an operational perspective? How will employees in the field who are tasked with restoring power work with the security team identifying the problem to determine if an event is the result of an attack or just a random outage?
Training and education must also be a greater focus—indeed, Lee believes that education is the only real long-term solution. However, he said, this cannot be basic IT training or phishing tests. As the management of cyberrisk is significantly different in ICS settings than at the enterprise level, utilities should consider investing in their workforce by taking what he called a “trade-school approach,” teaching employees about the threats and mitigation strategies specific to industrial environments. In doing so, this approach should also improve cooperation and communication between security and operations teams.
The Cavalry Is Not Coming
As in other industries, there have been strides in developing threat-sharing initiatives among utility companies and relevant government bodies. Parija noted the NYPA’s chief information security officer has the highest level of security clearance and engages regularly in threat briefings at the state and federal levels, and he believes that sharing intelligence among sister agencies and industry partners has been beneficial.
When Dragos and ESET publicly released detailed reports on CrashOverride/Industroyer, government entities like US-CERT issued industry alerts, amplifying the warnings of risk to critical infrastructure sectors and disseminating information about indicators of compromise and recommendations to mitigate risks to ICS. Currently, these entities play a significant role in spreading the security industry’s research and recommendations for industries like utilities. Existing federal, state and local government grants are also available to help fund investments in better security, and Lee suggested the government could use regulation and tax credits in the future to incentivize further improvements.
These government efforts are far different from active threat intelligence and emergency response services, however, and some in the power industry may have unrealistic expectations about what aid will come, even with their critical infrastructure status. As a result, some utilities may not be monitoring sufficiently for current vulnerabilities, identifying emerging threats, or planning appropriately for the challenges they will face when a cybersecurity crisis strikes.
Thus, Lee cautions against relying fully on government intelligence-sharing or emergency intervention. “Politically, threat-sharing sounds really good, but in truth, all that data has been horrible,” he said. “The government doesn’t have the data, it isn’t responding to ICS incident response cases out in the field, and it does not have the resources to do so.”
Rather, it is incumbent upon utilities and private industry to assess and prepare for these threats on their own. This can and should take the form of detailed tabletop exercises, business continuity planning, assessing whether internal resources are sufficient to boost enterprise security, and if supplemental work is needed from private firms, making those improvements as soon as possible.
“Whatever the answer is, there can’t just be some bullet in a playbook saying ‘call the government,’ because the cavalry’s not coming,” Lee warned.
Cybersecurity Is Everyone’s Business
A broader concern for utilities is that the costs that would come with best securing their operations were never factored into utility pricing models. Now, when it comes to financing robust risk mitigation, most simply do not have the money.
“Local power companies were never charging customers based on the fact that they’re going to have to defend themselves against Russian, Iranian and Chinese nation-state attacks,” Lee said. “The big energy companies are making those investments regardless, but the real impact is going to be at the level of local municipalities and co-ops. Since those are the ones communities rely on most, we should realize that times are changing and we might need to see increases in rate prices.”
Parija noted this challenge as well, suggesting it put something of a cap on the amount of money and resources an electric entity can really dedicate to cyberrisk. “At the end of the day, this is not our core business—our core business is to produce power and supply and distribute power,” he said.
While Lee agrees, he does not believe that can be the final word. “Ultimately, there needs to be a change in understanding that cybersecurity is part of everyone’s business now, especially in utilities, and they need to figure out ways to make that effective,” he said. “It might be partnership with the government in terms of tax credits, it might be rate increases to offset the cost, but regardless of the solution to funding, cybersecurity is core to everyone now.”
That change in perspective is not just confined to enterprises in the utility sector. “This idea that there is non-critical infrastructure is kind of silly,” Lee said. “It’s all interconnected, so in a way, these threats to large swathes of our infrastructure are impactful to everybody, period. The trickle-down effect is increased risk to everyone, and we need to appreciate the fact that investments in infrastructure benefit everybody.”
Ultimately, the impact of hacking the electric grid is not about the traditional measures of a “successful” attack, namely actual disruption or damage. The United States is not going to go dark from coast to coast, but it does not have to for hackers to have a massive impact and undermine public confidence in the security of core institutions.
“A couple things go into this that get problematic and potentially alarming,” Lee explained. “1. It doesn’t need to be an attack on critical infrastructure to be critical to local communities. People could take advantage of local events or take advantage of hitting multiple industries at the same time, and be very impactful. 2. There’s a very large psychological impact. Even if it was only six hours of outages, if somebody hit D.C., New York, San Francisco, Miami and Houston at the same time, that would cause a difference in the way people think, the way they vote—it’s going to have political impact. It has huge psychological implications for the United States or any country.”
About the Author
While we are preparing to mark the Centenary of the Great Russian October Revolution in Colombo together with the National Celebration Committee in Sri Lanka and Sri Lankan Guitar Association, here is the link to get closer to the events of those days and the influence the Revolution had on the world history https://1917.rt.com/
Mr.T P L Raj has over 30 years of teaching experience in ACCA education and a subject specialist for Taxation .Many thousand have graduated under his guidance, now corporate leaders in the corporate sector of Sri Lanka. He has produced Sri Lankan and World Prize winners with his dedicated and innovative methods of teaching.
enrol for his class now.
For more information please contact us at
Email: [email protected]
This Proof is used in string theory... Proved by Sir Ramanujan..........
In practical sense, series is divergent so potentially calculation is not correct as per modern Calculus... However it has been proved by Sir Ramanujan and adopted on string theory so there would have been some deeper thought on this and obviously he is legend...one important point needs to be considered here... He used value of r=-1; but we cant use the value of r=-1 in geometric series......
it should be in this range -1
" You can teach a student a lesson for a day; but if you can teach him to learn by creating curiosity, he will continue the learning process as long as he lives."
KDU Radiography students at newly established X-ray skill lab and Medical image observation area, Department of Radiography and Radiotherapy - KDU