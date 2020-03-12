Featured
Clock ticking as pre-paid meters run out of time
All prepaid electricity meters will stop accepting credit tokens from November 2024, unless they participate in a rollover programme.
Between seven and eight million prepaid electricity meters in South Africa need to be reset before November 2024, as the mechanism used to manage, control and prevent credit token reuse will run out of numbers.
This means all existing prepaid meters will stop accepting credit tokens from November 2024, unless they participate in a token identifier (TID) rollover programme.
“Utilities have very little time left,” says Lance Hawkins-Dady, research and development manager at metering company Conlog and chairperson of the Standard Transfer Specification Association (STSA), the South African metering standards industry body. “There is a lot of planning that goes into ensuring a TID Rollover programme is successfully executed and the date of 24/11/2024 is fast approaching.”
The STSA has embarked on an awareness programme to inform utilities about the programme.
Says Hawkins-Dady: “Currently all tokens contain a Token Identifier (TID) that is calculated on a base date of 1993. The TID is used to uniquely identify each token so that tokens cannot be used more than once. The TID will reach its maximum value in 2024.
“When this event happens, all tokens will be considered as old and will no longer be accepted by the prepaid meters. The only way to prevent tokens being rejected post 24/11/2024 is for users of the STS technology to have successfully completed the TID Rollover programme.
“There is a lot of work that needs to be done and the time to get this done is decreasing every day. I encourage all utilities that have not yet started their TID Rollover programme or who are unsure of how to begin, to contact Conlog for assistance.”
It is estimated that there about 7-million meters currently in South Africa alone and this is expected to reach 8-million by 2024.
“It is difficult to predict how many meters are installed globally,” says Hawkins-Dady. “However we estimate this figure to be anywhere between 60- and 70-million. As more electricity meters are rolled out and with both gas and water utilities adopting the STS specification, the number of STS prepayment meters will increase rapidly.”
Hawkins-Dady will lead a live webinar on energy journal ESI Africa’s portal on 12 March on the “Risks of the STS TID Rollover”. Registration is free.
“We felt that it was imperative for us to bring an elevated awareness and understanding to all users of STS with regards to the impact of the TID rollover,” he says. “By all users I am referring to utilities, municipalities and sub-vendors. For some, especially those with a large installed base, the process may seem daunting.
“We have developed a framework that can be tailored to suit each utility’s specific needs and challenges and we encourage all utilities that are facing the enormity of this challenge, to reach out to us for support and guidance. We want to ensure that no customer is impacted by the TID Rollover in 2024.”
The latest advances and challenges in the metering and smart energy industry, including the TID rollover, will also be discussed in the strategic conference of the 20th edition of the upcoming African Utility Week and POWERGEN Africa in Cape Town from 12 to 14 May 2020.
Coronavirus malware multiplies
Forewarned is forearmed, says Kaspersky as its researchers track massive growth in coronavirus scams for users and businesses
Kaspersky reports that its researchers have found multiple COVID-19-related malicious e-mail campaigns and hundreds of downloadable files that attempt to infect users’ devices with threats.
While news on the coronavirus spread continues to appear and dominate the headlines, attackers are also looking for opportunities to use this topic for malicious purposes. This is a very dangerous practice, says Kaspersky, as it exploits people’s concerns for their health and safety of their beloved ones in attempt to pressure them into falling for a trick.
The researchers have detected malicious files that were masked under the guise of pdf, mp4 and docx files about the coronavirus. The names of files imply that they contain video instructions on how to protect yourself from the virus, updates on the threat and even virus detection procedures, which is not actually the case. In fact, these files contained threats to users’ devices.
“The coronavirus, which is being widely discussed as a major news story, has already been used as bait by cybercriminals,” says Anton Ivanov, malware analyst at Kaspersky. “Now, the number of users whose devices have had malicious files named after the coronavirus on them has risen to 403 in 2020, with a total of 2,673 detections and 513 unique files distributed. While the numbers rose significantly compared to the initial statistics we have shared, this threat is still rather minimal.”
Some malicious files are spread via email. For example, an Excel file distributed via email under the guise of a list of coronavirus victims allegedly sent from the World Health Organization (WHO) was in fact a Trojan-Downloader, which secretly downloads and installs another malicious file. This second file was a Trojan-Spy designed to gather various data, including passwords, from the infected device and send it to the attacker.
Security researcher at Kaspersky, Tatyana Scherbakova, has elaborated on the mechanics of such scams: “We were detecting emails offering products such as masks leading to phishing websites or fake offerings of vaccines, since the COVID-16 epidemic started. Yet lately we saw more elaborate spam campaigns that mimic the World Health Organization (WHO). Cybercriminals recognise the important role WHO has in providing trustworthy information about the coronavirus. Users receive emails allegedly from WHO, which supposedly offer information about safety measures to be taken to avoid infection. Once a user clicks on the link embedded in the email, they are redirected to a phishing website and prompted to share personal information, which ends up in the hands of cybercriminals. This scam looks more realistic than other examples we have seen lately”.
In the meantime, governments and businesses across the world are increasingly encouraging home working in a bid to slow the spread of COVID-19/coronavirus. It is likely that, where feasible, companies will allow more people than ever before to work remotely, so now is a good time for organisations to re-examine security around remote access to corporate systems. Once devices are taken outside of a company’s network infrastructure and are connected to new networks and Wi-Fi, the risks to corporate information increase.
“We would encourage companies to be particularly vigilant at this time, and ensure employees who are working at home exercise caution,” says David Emm, principal security researcher, Kaspersky. “Businesses should communicate clearly with workers to ensure they are aware of the risks, and do everything they can to secure remote access for those self-isolating or working from home. In addition to the increase in remote working, we have also seen cybercriminals trying to piggyback on the virus, hiding malicious files in documents purporting to relate to the disease. So, with this opportunistic approach by criminals, coupled with changes to working habits, it’s wise for businesses to be extra vigilant at this time.”
There are a number of simple steps that can be taken to reduce the cyber-risks associated with coronavirus.
If you are an individual, Kaspersky advises the following:
- In order to stay safe, we advise users to carefully study the content of the emails they receive and only trust reliable sources. If you are promised a vaccine for the virus or some magic protective measures, or content of the email is making you worried, it has most likely come from cybercriminals.
- When downloading files, pay attention to the file extension. Even if you download TV show episodes from a source you consider trusted and legitimate, the file should have an .avi, .mkv or mp4 extension. Do not download the file if it is an .exe.
- Use reliable security solution for comprehensive protection from a wide range of threats, such as Kaspersky Security Cloud.
If you are a business, consider taking the following steps:
- Provide a VPN for staff to connect securely to the corporate network.
- All corporate devices – including mobiles and laptops – should be protected with appropriate security software (e.g. allowing data to be wiped from devices that are reported lost or stolen, segregating personal and work data, along with restricting which apps can be installed).
- Always implement the latest updates to operating systems and apps.
- Restrict the access rights of people connecting to the corporate network.
- Ensure that staff are aware of the dangers of responding to unsolicited messages.
Why 4IR needs CSI
By VINO GOVENDER, executive for Strategy, Mergers and Acquisitions, and Innovation for DFA
With enormous potential to better human lives, the dawn of the connected technological age has placed telecommunications companies at the foreground of advancement of society. The onus is on companies within the 4IR value chain to take the lead in ensuring that the economic benefits are shared among all South Africans. One of the ways in which they can achieve this is corporate social investment. Indeed, corporate social investment (CSI) has become increasingly integral to business strategy; however, only robust, well-designed programmes are likely to bring us closer to achieving the increased economic equality that 4IR potentially holds.
One of the key intended outcomes of CSI in South Africa is securing the economic benefits for previously disadvantaged sections of our population. It achieves this through a mix of non-voluntary or compliance-driven activities, such as those needed for B-BBEE, and voluntary CSI programmes initiated by the organizations themselves. Because of the legislation around B-BBEE, activities in these areas are usually regarded as an attempt to fulfil requirements to be able to do business. Depending on the level of compliance, it can have either legal implications or implications in terms of being excluded from economic opportunities where potential partners can decline to do business because they perceive that there is a lack of commitment to transformation.
On the other end of the spectrum we have voluntary CSI with its own set of benefits. Unfortunately, there is no real way to measure how well the industry is doing this. A number of CSI reports have aimed to quantify the benefit in real money terms. For example, a report from IO Sustainability and Babson College’s Lewis Institute for Social Innovation determined that CSI activities could increase a company’s market value by 4%–6% and reduce staff turnover by as much as 50%.
Whether the motivation is purely philanthropic or just aimed at enhancing reputation or gaining acceptance in communities and societies, the potential benefits to business have pushed it far beyond being a perfunctory exercise. The amount of money that has been directed into CSI by South Africa’s corporates was in excess of R10 billion in 2019, according to the Trialogue CSI Handbook. But what impact are these investments making?
A McKinsey report on CSI found that, to a great extent, companies tended to formulate their CSI efforts based on their own superficial research, raising the concern that it is unlikely that these activities would be sufficient to tackle real challenges. Identifying the need is, therefore, an important first step in designing a programme that will best serve the intended beneficiaries and be more sustainable.
One of the key benefits of voluntary CSI remains the fact that companies are able to focus on sector-related issues when identifying the societal interventions that will feature in its CSI strategy.
For the telecommunications industry this has tended to include issues such as the low meaningful participation of women in the sector, the use of technology to address challenges in education and health, and ICT skills development.
Of these, arguably the most critical is skills development for a number of reasons.
Shortage of ICT skills has been one of the factors behind continued exclusion of women and previously disadvantaged groups from opportunities in the R229-billion local ICT industry. These are opportunities that require a high level of specialized technical knowledge. The limited availability of these skills hamper technological progress, putting South Africa far behind other countries in exploiting the many benefits that the era of 4IR promises.
According to the Wits University’s JCSE Skills Survey of 2019, the areas where skills are scarcest are particularly those required for advanced technologies, such as programming or coding, automation, and artificial Intelligence. The report highlighted what it described as an ‘alarming trend’ where a growing number of employers have been forced to recruit talent from outside the country in an attempt to meet their skills requirements. This at a time where South Africa unemployment rate is at its highest in over 16 years.
This is of concern to both the private and public sectors, and the South African government has placed closing the ever-widening ICT-skills gap very high on the national agenda, with a number of corrective measures that, in many cases, see it joining efforts with the private sector.
As they roll out their CSI initiatives, companies across the industry have come up with programmes to address the shortage. These range from simply funding existing initiatives to fully fledged programmes aimed at tackling the issue at the root through initiatives that cover deficiencies in STEM education for women in particular.
Some have even gone as far establishing training institutions either fully run by the company or in partnership with specialist training providers. While some would argue that the motive behind CSI activities isn’t important as long as there are beneficiaries, it can influence the impact and substantiality of CSI initiatives.
In addressing the challenges as an industry through our various CSI efforts, we should reach a point of convergence where both beneficiaries and benefactors gain considerably. This should keep us focused on the common objective and ensure that we are in it for the long run. I have no doubt that the sum of our efforts will take us that much closer to closing the gap and realising both the known and hidden benefits of the new era.