Category: Homeland Security

Source: US Department of Homeland Security

DHS continues to provide unprecedented resources to support border & interior communities while calling on Congress to act

WASHINGTON – Today, the Department of Homeland Security (DHS), through the Federal Emergency Management Agency (FEMA) and U.S. Customs and Border Protection (CBP), announced $300 million in grants through the Shelter and Services Program (SSP), which was authorized by Congress to support communities that are providing services to migrants. $275 million will be distributed in the first allocation, and the remaining $25 million will be allocated later in the year to accommodate evolving operational requirements. The initial funding will be available to 55 grant recipients for temporary shelter and other eligible costs associated with migrants awaiting the outcome of their immigration proceedings. Additionally, the Department is announcing $340.9 million through the Shelter and Services Program-Competitive grant program to be allocated before the end of this Fiscal Year.   

Today’s announcement responds to feedback from recipients in terms of providing additional flexibilities and an opportunity for new recipients through the competitive program, while continuing to require budget submissions and review prior to releasing funds, which is standard practice at FEMA.  It also builds on the support being provided to communities on the border and in the interior.  Last year, more than $780 million awarded through SSP and the Emergency Food and Shelter Program – Humanitarian Awards (EFSP-H) funding in Fiscal Year 2023 which went to organizations and cities across the country.  DHS also works to streamline and improve access to work permits for eligible noncitizens, including through the announcement last week of a temporary final rule to increase the automatic extension period for certain employment authorization documents to prevent a lapse for work-authorized individuals to be in the workforce, supporting local economies. 

DHS efforts to manage and secure our borders in a safe, orderly, and humane way include support for communities, as well as strengthened consequences for those without a lawful basis to remain and an expansion of lawful pathways that have helped reduce the number of encounters from specific populations. From May 12, 2023 to April 3, 2024, DHS has removed or returned over 660,000 individuals, the vast majority of whom crossed the Southwest Border, including more than 102,000 individual family members. The majority of all individuals encountered at the southwest border over the past three years have been removed, returned, or expelled. Total removals and returns since mid-May exceed removals and returns in every full fiscal year since 2011.  

Due to the substantial demand that exceeds the limited SSP program funding authorized by Congress, not all requests can be fulfilled. DHS continues to call on Congress to pass the bipartisan border security agreement, which would in part provide an additional $1.4 billion in SSP funds, and provide additional needed tools and resources to respond to historic global migration.

For more information on the Shelter and Services Program, visit www.fema.gov/grants/preparedness/shelter-services-program.  

###

Source: US Department of Homeland Security

Redesignation Allows Additional Eligible Ethiopian Nationals to Apply for TPS and Employment Authorization Documents

WASHINGTON – Secretary of Homeland Security Alejandro N. Mayorkas today announced the extension and redesignation of Ethiopia for Temporary Protected Status (TPS) for 18 months, from June 13, 2024, to December 12, 2025, due to ongoing armed conflict and extraordinary and temporary conditions in Ethiopia that prevent individuals from safely returning. The corresponding Federal Register notice provides information about registering as a new first-time applicant or current beneficiary for TPS under Ethiopia’s extension and redesignation.

After consultation with interagency partners, Secretary Mayorkas determined that an 18-month extension and redesignation of TPS is warranted because conditions that support Ethiopia’s designation are ongoing. Ethiopia continues to face armed conflict and violence in multiple regions of the country. Human rights abuses are prevalent, and civilians are facing indiscriminate attacks. Droughts, floods, and disease outbreaks have put millions of lives at risk. These overlapping humanitarian crises have resulted in ongoing urgent humanitarian needs.

Accompanying this announcement is a Special Student Relief notice for F-1 nonimmigrant students whose country of citizenship is Ethiopia so that eligible students may request employment authorization, work an increased number of hours while school is in session, and reduce their course load while continuing to maintain F-1 status through the TPS designation period.

“Temporary Protected Status provides individuals already present in the United States with protection from removal when conditions in their home country prevent their safe return,” said Secretary Mayorkas. “That is the situation facing Ethiopians who arrived here on or before April 11 of this year. We are granting them protection through this temporary form of humanitarian relief that the law provides.”

The extension of TPS for Ethiopia allows approximately 2,300 current beneficiaries to retain TPS through December 12, 2025, if they re-register and continue to meet TPS eligibility requirements.

The redesignation of Ethiopia for TPS allows an estimated 12,800 additional Ethiopian nationals (or individuals having no nationality who last habitually resided in Ethiopia) to file initial applications to obtain TPS, if they are otherwise eligible and they established residence in the United States on or before April 11, 2024, and have continued to reside in the United States since then (“continuous residence”). Ethiopian nationals (and those without nationality who last habitually resided in Ethiopia) who arrive in the United States after April 11, 2024 are not eligible for TPS.

Re-registration is limited to individuals who previously registered for and were granted TPS under Ethiopia’s initial designation. Current beneficiaries under TPS for Ethiopia must re-register in a timely manner during the 60-day re-registration period from April 15, 2024, through June 14, 2024, to ensure they keep their TPS and employment authorization.

DHS recognizes that not all re-registrants may receive a new Employment Authorization Document (EAD) before their current EAD expires and is automatically extending through June 12, 2025, the validity of EADs previously issued under Ethiopia’s initial TPS designation.

U.S. Citizenship and Immigration Services (USCIS) will continue to process pending applications filed under previous TPS designation for Ethiopia. Individuals with a pending Form I-821, Application for Temporary Protected Status, or a related Form I-765, Application for Employment Authorization, as of April 15, 2024 do not need to file either application again. If USCIS approves a pending Form I-821 or Form I-765 filed under the previous designation of TPS for Ethiopia, USCIS will grant the individual TPS through December 12, 2025, and issue an EAD valid through the same date.

Under the redesignation of Ethiopia, eligible individuals who do not have TPS may submit an initial Form I-821, Application for Temporary Protected Status, during the initial registration period that runs from April 15, 2024 through December 12, 2025. Applicants also may apply for TPS-related EADs and for travel authorization. Applicants can request an EAD by submitting a completed Form I-765, Application for Employment Authorization, with their Form I-821, or separately later.

The Federal Register notice explains eligibility criteria, timelines, and procedures necessary for current beneficiaries to re-register and renew EADs, and for new applicants to submit an initial application under the redesignation and apply for an EAD. 

Source: US Department of Homeland Security

WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) publicly issued Emergency Directive 24-02 in response to a recent campaign by Russian state-sponsored cyber actor Midnight Blizzard targeting Microsoft corporate email accounts and potentially accessing correspondence with Federal Civilian Executive Branch (FCEB) agencies. The Directive was initially issued to federal agencies on April 2^nd based upon currently available threat information and limited applicability of relevant actions, which are predicated on notification of exposed credentials by Microsoft. This Directive requires agencies to analyze potentially affected emails, reset any compromised credentials, and take additional steps to secure privileged Microsoft Azure accounts.

Midnight Blizzard is using information initially exfiltrated from Microsoft corporate email systems, including authentication details shared between Microsoft customers and Microsoft by email, to gain, or attempt to gain, additional access to certain Microsoft customer systems. Microsoft and CISA have notified all federal agencies whose email correspondence with Microsoft was identified as exfiltrated by Midnight Blizzard.

“As America’s cyber defense agency and the operational lead for federal civilian cybersecurity, ensuring that federal civilian agencies are taking all necessary steps to secure their networks and systems is among our top priorities. This Emergency Directive requires immediate action by agencies to reduce risk to our federal systems,” said CISA Director Jen Easterly. “For several years, the U.S. government has documented malicious cyber activity as a standard part of the Russian playbook; this latest compromise of Microsoft adds to their long list. We will continue efforts in collaboration with our federal government and private sector partners to protect and defend our systems from such threat activity.”

As federal civilian agencies implement this mandate, CISA will assess and support agency adherence and provide additional resources as required. CISA is committed to using its cybersecurity authorities to gain greater visibility and drive timely risk reduction across federal civilian agencies.

While ED 24-02 requirements apply only to FCEB agencies, other organizations may also have been impacted by the exfiltration of Microsoft corporate accounts and are encouraged to contact their respective Microsoft account team for guidance. Regardless of direct impact, all organizations are strongly encouraged to apply stringent security measures, including strong passwords, multifactor authentication (MFA) and prohibited sharing of unprotected sensitive information via unsecure channels.

For more information on CISA Directives, visit Cybersecurity Directives.

About CISA 

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on Twitter, Facebook, LinkedIn, Instagram

Source: US Department of Homeland Security

Updated analysis system enhances scalability, streamlines workflow and empowers threat hunts 

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) announces today a new release of our malware analysis system, called Malware Next-Gen, which allows any organization to submit malware samples and other suspicious artifacts for analysis. Malware Next-Gen allows CISA to more effectively support our partners by automating analysis of newly identified malware and enhancing the cyber defense efforts.

Timely, actionable intelligence on malware, such as how it works and what it is designed to do, is crucial to network defenders conducting potential cyber incident response and/or threat hunts.  Malware Next-Gen provides advanced and reliable malware analysis on a scalable platform, capable of meeting the increasing demands of future workloads. The integrated system provides CISA analysts and operations community members with multilevel containment capabilities for the automatic analysis of potentially malicious files or uniform resource locators (URLs).

“Effective and efficient malware analysis helps security professionals detect and prevent malicious software from enabling adversary access to persistence within an organization. Malware Next-Gen is a significant leap forward in CISA’s commitment to enhancing national cybersecurity,” said CISA Executive Assistant Director for Cybersecurity Eric Goldstein. “Our new automated system enables CISA’s cybersecurity threat hunting analysts to better analyze, correlate, enrich data, and share cyber threat insights with partners. It facilitates and supports rapid and effective response to evolving cyber threats, ultimately safeguarding critical systems and infrastructure.”

Since November, Malware Next-Gen has been available to .gov and .mil organizations. Nearly 400 registered users have submitted more than 1,600 files resulting in the identification of approximately 200 suspicious or malicious files and URLs, which were quickly shared with partners. While members of the public may submit a malware sample; only authorized, registered users are able to receive analytical results from submissions.

All organizations, security researchers and individuals are encouraged to register and submit suspected malware into this new automated system for CISA analysis. For more information, visit: Malware Next-Generation Analysis.

About CISA 

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on Twitter, Facebook, LinkedIn, Instagram. 

Source: US Department of Homeland Security

DHS continues its commitment to facilitate efficient movement of goods by responsible companies

WASHINGTON – The Department of Homeland Security (DHS) is outlining an enhanced strategy to combat illicit trade and level the playing field for the American textile industry, which accounts for over 500,000 U.S. jobs and is critical for our national security. Two of DHS’s agencies, U.S. Customs and Border Protection (CBP) and Homeland Security Investigations (HSI), will further enhance their work together to protect the integrity of our markets, hold perpetrators accountable for customs violations, and safeguard the American textile industry. The plan will serve as the blueprint for future strengthened enforcement efforts through intensified targeting of small package shipments; joint trade special operations; increased customs audits and foreign verifications; and the expansion of the Uyghur Forced Labor Prevention Act (UFLPA) Entity List. 

The new enforcement plan focuses on the following actions:  

• Cracking down on small package shipments to prohibit illicit goods from U.S. markets by improving screening of packages claiming the Section 321 de minimis exemption for textile, UFLPA, and other violations, including expanded targeting, laboratory and isotopic testing, and focused enforcement operations.
• Conducting joint CBP-HSI trade special operations to ensure cargo compliance. This includes physical inspections; country-of-origin, isotopic, and composition testing; and in-depth reviews of documentation. CBP will issue civil penalties for violations of U.S. laws and coordinate with HSI to develop and conduct criminal investigations when warranted.
• Better assessing risk by expanding customs audits and increasing foreign verifications. DHS personnel will conduct comprehensive audits and textile production verification team visits to high-risk foreign facilities to ensure that textiles qualify under the U.S.-Mexico-Canada Agreement (USMCA) or the Central America-Dominican Republic Free Trade Agreement (CAFTA-DR). CBP recently visited 31 facilities in Mexico—the first such visits under USMCA—as well as 18 facilities in Honduras, and is on track to double the number of total foreign verification visits compared to last year.
• Building stakeholder awareness by engaging in an education campaign to ensure that importers and suppliers in the CAFTA-DR and USMCA region understand compliance requirements and are aware of CBP’s enforcement efforts.
• Leveraging U.S. and Central American industry partnerships to improve facilitation for legitimate trade.
• Expanding the UFLPA Entity List to identify malign suppliers for the trade community through review of additional entities in the high-priority textile sector for inclusion in the UFLPA Entity List.

“We are dedicated to ensuring a fair and level playing field for American businesses,” said Secretary Alejandro N. Mayorkas. “The textile industry, like others industries, suffers when competitors use forced labor, violate customs laws, and engage in other illegal practices to undercut U.S. businesses and drive prices unfairly low. Through strengthened enforcement measures, enhanced inspection and testing, and increased information sharing, this Administration is protecting thousands of American workers and the U.S. textile industry.”

DHS has already begun implementation of this plan, building on ongoing efforts to ensure compliance. Thus far in the Biden-Harris Administration, DHS has accomplished the following:

• Launched 15 Trade Special Operations (TSOs) that focus on physical inspection of small shipments and cargo as well as post-release reviews to determine eligibility for preferential treatment under free trade agreements.
• Examined textile imports, including 300 physical inspections, and reviewed documentation for additional shipments.
• Initiated trade audits on more than $10.5 billion in textile imports.
• Completed Textile Production Verification Team (TPVT) visits — as previously mentioned — to 44 factories and five raw material providers across Mexico and Honduras to ensure compliance of $800 million in textile imports claiming preferential duty treatment.
• Included 10 entities from the textile sector in the UFLPA Entity List, contributing to the stoppage of apparel, footwear and textile shipments.

In January, Secretary Mayorkas met with members of the National Council of Textile Organizations (NCTO) to discuss current challenges in the textile industry. NCTO explained the significant harm that the textile industry is suffering at the hands of unscrupulous individuals and entities who create an unfair market by circumventing the operation of our nation’s free trade agreements, violating the UFLPA, and exploiting the de minimis shipment exception that is established in law. Following the meeting, the Secretary directed the Department to provide him with a new comprehensive enforcement action plan to increase and expedite their work to combat illegal customs practices that harm the American textile industry.

The U.S. textile industry is a vital domestic industrial base for U.S. national and economic security, accounting for over 500,000 U.S. jobs. Domestic textile producers are an essential component of U.S. health care security, serving as the domestic supply chain for critical personal protective equipment and other health supplies, as well as defense, supplying more than 8,000 different products to the U.S. military. Without a domestic textile industry, the United States would be vulnerable to and reliant on non-U.S. producers to supply these essential products.

The Biden-Harris Administration prioritizes fostering economic growth in northern Central America aimed to tackle the underlying causes for hemispheric migration. In February 2023, Vice President Harris joined forces with the Partnership for Central America to initiate Central America Forward, which has garnered over $4.2 billion in commitments for Guatemala, El Salvador, and Honduras. Last month, Vice President Harris also announced a new initiative between the U.S. and Guatemala to advance secure trade in textiles and apparel by encouraging engagement, including with existing government-to-industry stakeholder partnerships such as CBP’s Customs Trade Partnership Against Terrorism Program and the Superintendence of Tax Administration of Guatemala’s Authorized Economic Operator Program. DHS continues to work with our partners in Central America and Mexico to ensure that bad actors do not sap the vitality of this critical industrial corridor and impede the flow of legitimate goods.

“DHS is committed to expanding the UFLPA Entity List and sending a strong message to the importing community that the United States has zero tolerance for forced labor in our supply chains,” said Robert Silvers, Under Secretary for Policy and Chair of the Forced Labor Enforcement Task Force. “Enforcing our forced labor laws protects human rights and businesses and workers who play by the rules and should not be undercut by predatory and abusive labor practice.”

“We are pulling out all the stops to stay one step ahead of the bad actors that try to threaten this essential industry,” said Troy Miller, Senior Official Performing the Duties of the Commissioner for CBP. “Trade cheats undercut American manufacturers as well as legitimate U.S. importers and trusted suppliers from our FTA partners who work hard to play by the rules. This plan ensures we are holding them accountable: violators will not qualify for preferential duty treatment under USMCA, CAFTA-DR, or other trade agreements, and will be subject to payment of duties owed, penalties, seizures, and criminal investigations.”

Textiles enforcement has been a longstanding priority trade issue for DHS. CBP and HSI will continually learn from enforcement results and consider additional actions as necessary. In fiscal year 2023, CBP made 5,016 textile-related seizures with a domestic value exceeding $129 million, including smuggled wearing apparel already tagged for retail sale and counterfeit clothing. The agency also protected and recovered $266.6 million on misclassified, undervalued, or unsubstantiated free trade agreement claims. CBP issued 1,859 penalties and liquidated damages against violators and detained and reviewed over 780 shipments related to forced labor with an estimated value of over $40 million, denying the entry of more than half of those shipments. In spite of these efforts, the Department recognizes there is more work to be done.

Source: US Department of Homeland Security

WASHINGTON – Today, the U.S. Department of Homeland Security (DHS) released the Cyber Safety Review Board’s (CSRB) findings and recommendations following its independent review of the Summer 2023 Microsoft Exchange Online intrusion. The review detailed operational and strategic decisions that led to the intrusion and recommended specific practices for industry and government to implement to ensure an intrusion of this magnitude does not happen again. Secretary of Homeland Security Alejandro N. Mayorkas received the CSRB report from the Board and delivered it to President Biden. This is the third review completed by the CSRB since the Board was announced in February 2022.

“Individuals and organizations across the country rely on cloud services every day, and the security of this technology has never been more important,” said Secretary Mayorkas. “Nation-state actors continue to grow more sophisticated in their ability to compromise cloud service systems. Public-private partnerships like the CSRB are critical in our efforts to mitigate the serious cyber threat these nation-state actors pose. The Department of Homeland Security appreciates the Board’s comprehensive review and report of the Storm-0558 incident. Implementation of the Board’s recommendations will enhance our cybersecurity for years to come.”

The CSRB provides a unique forum for leading government and industry experts to review significant cybersecurity events and provide independent, strategic, and actionable recommendations to the President, the Secretary, and the Director of the Cybersecurity and Infrastructure Security Agency (CISA) to better protect our nation. The Board is made up of cybersecurity leaders from the private sector and senior officials from DHS, CISA, the Defense Department, the National Security Agency, the Department of Justice, the Federal Bureau of Investigation, the Office of the National Cyber Director, and the Federal Chief Information Officer.

In August 2023, DHS announced that the CSRB would assess the recent Microsoft Exchange Online intrusion, initially reported in July 2023, and conduct a broader review of issues relating to cloud-based identity and authentication infrastructure affecting applicable cloud service providers (CSP) and their customers. The CSRB obtained data from and conducted interviews with 20 organizations and experts including cybersecurity companies, technology companies, law enforcement organizations, security researchers, academics, as well as several impacted organizations. 

The inclusive review process developed actionable findings and recommendations. As a result of the CSRB’s recommendations, CISA plans to convene major CSPs to develop cloud security practices aligned with the CSRB recommendations and a process for CSPs to regularly attest and demonstrate alignment.

“DHS is committed to efforts that meaningfully improve cybersecurity resilience and preparedness for our nation, and the work of the CSRB is reflective of our determination and dedication to this cause,” said CISA Director Jen Easterly. “I am confident that the findings and recommendations from the Board’s report will catalyze action to reduce risk to the critical infrastructure Americans rely on every day.”

The CSRB’s review found that the intrusion by Storm-0558, a hacking group assessed to be affiliated with the People’s Republic of China, was preventable. It identified a series of Microsoft operational and strategic decisions that collectively pointed to a corporate culture that deprioritized enterprise security investments and rigorous risk management, at odds with the company’s centrality in the technology ecosystem and the level of trust customers place in the company to protect their data and operations. The Board recommends that Microsoft develop and publicly share a plan with specific timelines to make fundamental, security-focused reforms across the company and its suite of products. Microsoft fully cooperated with the Board’s review.

“Cloud computing is some of the most critical infrastructure we have, as it hosts sensitive data and powers business operations across our economy,” said DHS Under Secretary of Policy and CSRB Chair Robert Silvers. “It is imperative that cloud service providers prioritize security and build it in by design. The Board has become the authoritative organization for conducting fact-finding and issuing recommendations in the wake of major cyber incidents, receiving extensive industry and expert input in each of its three reviews to date. We appreciate Microsoft’s full cooperation in the course of the Board’s seven-month, independent review. We also appreciate the input received from 19 additional companies, government agencies, and individual experts.”

“The threat actor responsible for this brazen intrusion has been tracked by industry for over two decades and has been linked to 2009 Operation Aurora and 2011 RSA SecureID compromises,” said CSRB Acting Deputy Chair Dmitri Alperovitch. “This People’s Republic of China affiliated group of hackers has the capability and intent to compromise identity systems to access sensitive data, including emails of individuals of interest to the Chinese government. Cloud service providers must urgently implement these recommendations to protect their customers against this and other persistent and pernicious threats from nation-state actors.”

The CSRB recommends specific actions to all cloud service providers and government partners to improve security and build resilience against the types of attacks conducted by Storm-0558 and associated groups. Select recommendations include:

• Cloud Service Provider Cybersecurity Practices: Cloud service providers should implement modern control mechanisms and baseline practices, informed by a rigorous threat model, across their digital identity and credential systems to substantially reduce the risk of system-level compromise.
   
• Audit Logging Norms: Cloud service providers should adopt a minimum standard for default audit logging in cloud services to enable the detection, prevention, and investigation of intrusions as a baseline and routine service offering without additional charge.
   
• Digital Identity Standards and Guidance: Cloud service providers should implement emerging digital identity standards to secure cloud services against prevailing threat vectors. Relevant standards bodies should refine, update, and incorporate these standards to address digital identity risks commonly exploited in the modern threat landscape.
   
• Cloud Service Provider Transparency: Cloud service providers should adopt incident and vulnerability disclosure practices to maximize transparency across and between their customers, stakeholders, and the United States government.
   
• Victim Notification Processes: Cloud service providers should develop more effective victim notification and support mechanisms to drive information-sharing efforts and amplify pertinent information for investigating, remediating, and recovering from cybersecurity incidents.
   
• Security Standards and Compliance Frameworks: The United States government should update the Federal Risk Authorization Management Program and supporting frameworks and establish a process for conducting discretionary special reviews of the program’s authorized Cloud Service Offerings following especially high-impact situations. The National Institute of Standards and Technology should also incorporate feedback about observed threats and incidents related to cloud provider security.

As directed by President Biden through Executive Order 14028 Improving the Nation’s Cybersecurity, Secretary Mayorkas established the CSRB in February 2022.  The Board’s investigations are conducted independently, and its conclusions are independently reached. DHS and the CSRB are committed to transparency and will, whenever possible, release public versions of CSRB reports, consistent with applicable law and the need to protect sensitive information from disclosure.

To read the full report, visit Report on Microsoft Online Exchange Incident from Summer 2023.

###

Source: US Department of Homeland Security

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) announces a new dedicated High-Risk Communities webpage today with cybersecurity resources for civil society communities at heightened risk of facing digital security threats because of their work. Through the Joint Cyber Defense Collaborative (JCDC) and building on priorities advanced through the Administration’s Summit for Democracy, CISA developed this valuable resource in collaboration with civil society organizations, government, and private industry partners to support these communities with their cybersecurity.

This webpage offers digital security resources specifically for high-risk communities, including Project Upskill, a suite of guides designed to equip non-technical individuals affiliated with high-risk organizations with simple steps to meaningfully improve their cyber hygiene. Other resources on the webpage include information on local cyber volunteer programs, and a repository of free or discounted cybersecurity tools and services available to high-risk communities.

“With experts across government and the private sector, we collaborated extensively to identify and develop actionable and easy-to-use resources for high-risk communities. We will continue to solicit input and feedback from partners across civil society as we collectively work to safeguard those organizations advancing democracy and human rights against cyber threats,” said CISA Director Jen Easterly. “CISA is especially pleased in the public-private collaboration that led to development and publication of these resources, reflecting shared commitment across government, industry, and civil society.” 

The High-Risk Communities planning effort furthers JCDC priorities by bringing together government and the private sector to execute cyber defense plans that achieve specific risk reduction goals and enable more focused collaboration. To learn more about JCDC, visit CISA.gov/JCDC.

All civil society organizations are encouraged to visit the High-Risk Communities webpage intended to serve as a one-stop-shop for cybersecurity guidance. 

Read CISA’s blog for more details on the High-Risk Communities effort.

###

About CISA 

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on Twitter, Facebook, LinkedIn, Instagram. 

Source: US Department of Homeland Security

CISA Urges Partnerships So We Can All Be “Resilient Together”

WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) kicks off the third annual Emergency Communications Month to honor the nation’s emergency responders and communicators, emphasizing the importance of emergency communications and the need to work together in building resilient critical infrastructure.

CISA is focused on how the nation can be “Resilient Together,” highlighting the importance of secure, interoperable emergency communications and how CISA supports this effort in collaboration with its partners across the emergency communications ecosystem. CISA encourages critical infrastructure organizations, state, local, tribal, and territorial government, and others to significantly bolster communications resiliency and emergency preparedness by enrolling in free priority telecommunications services. These services, which include the Government Emergency Telecommunications Service (GETS) and Wireless Priority Service (WPS), enable essential personnel to communicate when networks are degraded or congested due to weather events, mass gatherings, cyber incidents, or events stemming from human error.

Through its emergency communications mission, CISA conducts extensive outreach across the nation. These efforts are aimed at bolstering the capacity of emergency response providers and government officials to communicate effectively during crises such as natural disasters, cyber incidents or other hazards that impact landline and wireless communications. CISA’s programs and services coordinate emergency communications planning, preparation, and evaluation to ensure safer, better-prepared communities nationwide. Moreover, CISA offers essential guidance on establishing protocols for identifying and promptly reporting significant cyber incidents to relevant personnel, local law enforcement, and the agency. CISA serves as a vital resource, collaborating with both government and industry partners to strengthen and enhance emergency communication capabilities, thereby reinforcing our nation’s resilience.

“As the nation’s cyber defense agency and the national coordinator for infrastructure security, CISA’s mission continues to prioritize ensuring interoperable, secure, and resilient emergency communications for our nation,” remarked CISA Director Jen Easterly. “In this third Emergency Communications Month, we not only honor our invaluable emergency communications partners nationwide but also urge them to enroll in our priority telecommunications services. By emphasizing the ‘Resilient Together’ theme, we aim to unite efforts towards integrating the next generation of emergency communications systems, thereby enhancing the safety and security of our nation and its critical infrastructure.”

On April 30, CISA will host an informational webinar to provide overviews of the GETS and WPS services. Organizations can begin the enrollment process here: www.cisa.gov/apply-pts. CISA’s Priority Telecommunications Service Center assists with the enrollment process and can be reached by phone at 866-627-2255 or by email at support@gwids.cisa.gov.

To learn more about Emergency Communications Month and how to amplify our resources, visit https://www.cisa.gov/emergency-communications-month.

About CISA 

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on Twitter, Facebook, LinkedIn, Instagram. 

Source: US Department of Homeland Security

WASHINGTON – Today, the Federal Register posted for public inspection the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Notice of Proposed Rulemaking (NPRM), which CISA was required to develop by the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). This marks a major step in bolstering America’s cybersecurity. 

Implementation of CIRCIA will improve CISA’s ability to use cybersecurity incident and ransomware payment information reported to the agency to identify patterns in real-time, fill critical information gaps, rapidly deploy resources to help entities that are suffering from cyber attacks, and inform others who would be potentially affected. When information about cyber incidents is shared quickly, CISA can use this information to render assistance and provide warning to prevent other organizations from falling victim to a similar incident. This information is also critical to identifying trends that can help efforts to protect the homeland. The NPRM will soon formally publish in the Federal Register, following which the public will have 60 days to submit written comments to inform the direction and substance of the Final Rule. 

“Cyber incident reports submitted to us through CIRCIA will enable us to better protect our nation’s critical infrastructure,” said Secretary of Homeland Security Alejandro N. Mayorkas.  “CIRCIA enhances our ability to spot trends, render assistance to victims of cyber incidents, and quickly share information with other potential victims, driving cyber risk reduction across all critical infrastructure sectors. The proposed rule is the result of collaboration with public and private stakeholders, and DHS welcomes feedback during the public comment period on the direction and substance of the final rule.”

“CIRCIA is a game changer for the whole cybersecurity community, including everyone invested in protecting our nation’s critical infrastructure,” said CISA Director Jen Easterly. “It will allow us to better understand the threats we face, spot adversary campaigns earlier, and take more coordinated action with our public and private sector partners in response to cyber threats. We look forward to additional feedback from the critical infrastructure community as we move towards developing the Final Rule.”

Since September 2022, CISA has solicited input from public and private sector stakeholders, including the critical infrastructure community, as the agency developed the NPRM, and this open comment period is another opportunity for stakeholders to submit written comments on the NPRM. The NPRM contains proposed regulations for cyber incident and ransom payment reporting, as well as other aspects of the CIRCIA regulatory program. Implementation of CIRCIA enables CISA to develop insight into the cyber threat landscape to drive cyber risk reduction across the nation and to provide early warning to entities who may be at risk of targeting. The comments CISA received through the Request for Information (RFI) and listening sessions over the past year helped shape this NPRM. In turn, robust input on the NPRM will support our ability to implement CIRCIA to drive national cyber risk reduction.

Visit cisa.gov/CIRCIA to learn more.

About CISA 

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on Twitter, Facebook, LinkedIn, Instagram. 

Source: US Department of Homeland Security

WASHINGTON, DC – The Cybersecurity and Infrastructure Security Agency (CISA),  DC Homeland Security Emergency Management Agency (HSEMA) the Metropolitan Washington Council of Governments (COG), hosted a water system tabletop exercise (TTX) yesterday in the National Capital Region (NCR). The exercise focused on incident information sharing procedures and emergency response and recovery operations related to a hypothetical incident around local water systems as well as mechanisms to help keep the public’s drinking water safe.  

The exercise was not in response to any specific threat and there have been no significant security incidents or changes to the threat or the risk environment impacting the NCR water systems. Rather, this exercise supported the long-standing regional efforts, led by COG, the Interstate Commission on the Potomac River Basin (ICPRB), local emergency management agencies, major water providers, and other water and wastewater utilities to periodically review and improve the preparedness and resilience of the region’s water service systems. The Environmental Protection Agency (EPA), the Sector Risk Management Agency for the Water and Wastewater Sector, supported the exercise. Overall, the exercise contributed to federal goals that strengthen water system resilience locally, regionally, and nationally.

“Drinking water and wastewater systems are an essential community lifeline. A large portion of Water Sector functions are based in the digital world as well as deeply rooted in critical physical infrastructure. It is important to protect these systems from any form of attack to maintain their vital operations,” said Regional Director Bill Ryan, CISA Region 3. “Opportunities to train and exercise emergency plans as a team with our state and local partners allow us to collectively identify ways to keep the public safe, become more resilient and harden our capabilities through proactive multi-agency collaboration, coordination and strategic resource management before an incident happens.”

The exercise provided invaluable feedback to more than a dozen agencies regarding a variety of complex scenarios relevant to their roles and responsibilities. Specifically, the NCR Water TTX tested responses to water system threats focusing on the interconnectedness of water utilities, incident response, continuity plans, customer support, water distribution, and public messaging.

“Planning and preparing for incidents that have significant impacts on public health and safety are only one part of ensuring readiness to respond efficiently. Exercises are the other crucial aspect of testing our plans to improve our ability to successfully address and mitigate the impacts of water system incidents,” said Clint Osborn, Interim Director of HSEMA. “We are collaborating with our local, state, and federal partners so we can hit the ground running when we are faced with incidents that threaten our critical infrastructure.”

Exercises like this one are part of CISA’s continual outreach with public and private sector partners. CISA conducts dozens of exercises per year and actively engages with entities including but not limited to municipalities, sports leagues, critical infrastructure partners, schools, and other organizations around the country to develop and exercise response plans for all potential threats in today’s complex security environment. Individually, CISA and HSEMA participate in various exercises throughout the year on multiple levels and scales. From a national perspective, CISA has staff strategically positioned throughout the U.S. to advise on ways to enhance security and resilience. Every citizen is encouraged to speak up if they see something suspicious. If you see something, say something. Additional resources and tools are available on the agency’s website through its Hometown Security initiative.

About CISA 

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on Twitter, Facebook, LinkedIn, Instagram.