Month: November 2019

Highlights From the EPA America Recycles Summit and Innovation Fair 2019

Last week the Environmental Protection Agency (EPA) held its second annual America Recycles Summit and inaugural Innovation Fair to highlight national efforts being taken to address major challenges facing the U.S. recycling system. The two-day event brought together industry heads, nonprofit organizations, local and regional leadership, and the federal government to network; show off their latest recycling projects, programs, and technology; and collectively commit to work towards the implementation of the EPA’s 2019 National Framework for Advancing the U.S. Recycling System.

This framework, officially released on America Recycles Day (November 15), details the work of four working groups created to address critical areas for action: promoting education and outreach, enhancing materials management infrastructure, strengthening secondary materials markets, and enhancing measurement. The framework document summarizes the activities and accomplishments of the workgroups in 2019 and lays out a path forward for the new year. Recommended 2020 workgroup actions under consideration include:

  • Develop and make available a set of common recycling messages and national public relations campaign to lay the foundation for this common messaging.
  • Conduct and compile research on successful infrastructure investments and continue to support programs like the “Materials Recovery for the Future” pilot project.
  • Explore economic models to create robust and sustainable domestic secondary markets and articulate a better business case for using recycled materials.
  • Develop a central compilation of data and metrics used to measure recycling or components of the recycling system.

These critical considerations were echoed in the America Recycles Summit, where speakers discussed how we can chart a path forwards towards a more resilient U.S. recycling system. Below are themes and takeaways from the event:

Education: A large portion of the event was devoted to the importance of using education as a strategy to address the nation’s recycling challenges. Helen Lowman, CEO and President of Keep America Beautiful, stressed the importance that consistent, ongoing messaging has on the public. Recycling dialogue needs to provide a positive image about the current state of recycling and explain why it is important to continue recycling.

Partnerships: The broad range of participants in the room demonstrated that no one entity is to blame for U.S. recycling shortfalls, nor can anyone solve this problem alone. No one solution exists to fix the American recycling system. It will require a collaborative effort, relying on partnerships built between the private sector, non-profit organizations, governing bodies at all levels, and the general public to carry the momentum forward.

Innovation: There was a general consensus that Americans want to recycle, yet so many communities do not have access to recycling centers or have systems in place to handle the management of recycled materials. This is especially the case for rural, remote, and hard-to-reach communities. Innovation needs to happen to improve the recycling infrastructure in all communities, whether that community is a coastal city or a rural, heartland town.

How can your organization can get involved with EPA’s recycling efforts? An action you can take today is to sign the America Recycles Pledge, an initiative resulting from the EPA’s first recycling summit. All U.S. based organizations can join NARC in signing the pledge, signifying that you are willing to commit to work towards a more resilient materials economy and build on existing efforts addressing the challenges facing the nation’s current recycling system.

What Regions Can Do to Protect Themselves from Cyber-Attacks

The National League of Cities (NLC) in partnership with the Public Technology Institute (PTI) has recently released a new guide: Protecting Our Cities: What Cities Should Know About Cybersecurity during cybersecurity month in October. This document was designed to help communities, regions, and local officials better prepare for cyber-attacks before they happen.

Despite popular belief, ransomware is not a new concept. The first ransomware attack happened 30 years ago involving floppy disks and mailed checks. Although technology has drastically changed, the intent to steal data and instill fear while costing taxpayers millions is the same. During a ransomware attack, a hacker will block access to a computer system or data and hold access hostage until the victim pays a fee or ransom. If the victim does not pay the fee, the hacker could destroy important data forever. The US Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) both recommend that no entity should comply with ransomware demands in order to stop the cycle of attacks as many victims who pay a ransom are vulnerable to repeat attacks.

Recent increases in cyber-attacks and ransomware campaigns can be linked to the rise of hard-to-track payment methods like bitcoin. Many consider the 2013 CryptoLocker malware incident with the Swansea Police Department in Massachusetts as the first modern day ransomware attack. Since then, there have been thousands of reported cyber and ransomware attacks. According to the Office of Management and Budget (OMB), there were more than 31,000 cyberwarfare incidents against federal agencies in 2018.

Cities and regions not only risk losing sensitive data in the event of an attack but also may face costs associated with returning their software to normal and loss of public trust. The cost for Atlanta to recover from its ransomware attack was estimated at $17 million. Similarly, the recent Baltimore ransomware attack was predicted to cost over $18 million. And it is not just big cities that are at risk. Lake City, Florida and Riviera Beach, Florida paid ransoms of $485,000 and $600,000 in bitcoin respectively to unfreeze their systems. Twenty-three Texas municipalities were affected by a ransomware attack this past summer caused by failure to take proper cybersecurity precautions. 

So what can you do to help prevent cybersecurity attacks before they happen, or to mitigate the risk in the case that they do occur?

General Recommendations for Local and Regional Leaders

The combined NLC and PTI guidebook, along with other national tools can help cities, regions, and local officials protect themselves against cybercrime.

Below are ten strategies and recommendations from the NLC guidebook for local leaders to strengthen their cybersecurity efforts:

  1. Identify one individual to be responsible for cybersecurity programs in that jurisdiction
  2. Make digital hygiene an institutional priority
  3. Educate the local workforce, elected leaders, and residents about cybersecurity
  4. Conduct an analysis of local government vulnerabilities
  5. Ensure your data is properly backed up
  6. Implement multi-factor authentication
  7. Create policies or plans to manage potential attacks
  8. Ensure public communication is part of your attack response plan
  9. Consider converting to a dot gov (.gov) domain
  10. Work with education partners to create a cybersecurity talent pool

Cybersecurity Strategic Planning

According to a survey of local government IT executives conducted by the Public Technology Institute, 75 percent of governments surveyed have a cybersecurity plan. However, only 43 percent of respondents felt their communities elected officials make cyber security an adequate budgetary priority. After the recent 23-municipality Texas attack, the state Chief Information Officer attributed their cyber incident response plan to the state’s ability to swiftly contain the damage of the attack.

The Department of Homeland Security’s new Cybersecurity and Infrastructure Security Agency (CISA) has also developed a National Cyber Incident Response Plan (NCIRP) to help localities develop their own plans. CISA also hosts webinars sessions to continue outreach efforts to stress the importance of local governments remaining proactive to prevent a cybersecurity breach.

Cybersecurity Insurance

Many government agencies and private companies recommend against paying ransomware, which leaves localities footing the bill. After the event of a cyber-attack, system restorations can become very expensive. Insurance can help mitigate some of these costs. Cybersecurity Insurance has been available for 15 years and is now becoming more widely available as the number of attacks has increased. Coverage is designed to mitigate losses from a variety of cyber incidents including data breaches, business interruption, and network damage.

Cybersecurity Avoidance

In the fight against cybercrime, it is also important for regions and localities to focus on ransomware avoidance. PTI identifies four key ways ransomware can cause damage to a system:

  • Exploitation of a software vulnerability
  • Employees opening malicious email attachments
  • Employees visiting hyperlinks (phishing exploits) sent in spam emails
  • Employees simply landing on contaminated websites

Making sure your employees are aware of the red flags associated phishing emails or fake websites can go a long way in keeping your data secure. Whether you are an intern, executive director, elected official serving on a board of directors, or anywhere in between, people on all levels of a regional council are responsible for the safety and security of critical data. As the digitalization of services and local management of sensitive material increases, cybersecurity efforts will only become more important.