Category: NCTC Resources

Source: US Department of Homeland Security

WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) publicly issued Emergency Directive 24-02 in response to a recent campaign by Russian state-sponsored cyber actor Midnight Blizzard targeting Microsoft corporate email accounts and potentially accessing correspondence with Federal Civilian Executive Branch (FCEB) agencies. The Directive was initially issued to federal agencies on April 2^nd based upon currently available threat information and limited applicability of relevant actions, which are predicated on notification of exposed credentials by Microsoft. This Directive requires agencies to analyze potentially affected emails, reset any compromised credentials, and take additional steps to secure privileged Microsoft Azure accounts.

Midnight Blizzard is using information initially exfiltrated from Microsoft corporate email systems, including authentication details shared between Microsoft customers and Microsoft by email, to gain, or attempt to gain, additional access to certain Microsoft customer systems. Microsoft and CISA have notified all federal agencies whose email correspondence with Microsoft was identified as exfiltrated by Midnight Blizzard.

“As America’s cyber defense agency and the operational lead for federal civilian cybersecurity, ensuring that federal civilian agencies are taking all necessary steps to secure their networks and systems is among our top priorities. This Emergency Directive requires immediate action by agencies to reduce risk to our federal systems,” said CISA Director Jen Easterly. “For several years, the U.S. government has documented malicious cyber activity as a standard part of the Russian playbook; this latest compromise of Microsoft adds to their long list. We will continue efforts in collaboration with our federal government and private sector partners to protect and defend our systems from such threat activity.”

As federal civilian agencies implement this mandate, CISA will assess and support agency adherence and provide additional resources as required. CISA is committed to using its cybersecurity authorities to gain greater visibility and drive timely risk reduction across federal civilian agencies.

While ED 24-02 requirements apply only to FCEB agencies, other organizations may also have been impacted by the exfiltration of Microsoft corporate accounts and are encouraged to contact their respective Microsoft account team for guidance. Regardless of direct impact, all organizations are strongly encouraged to apply stringent security measures, including strong passwords, multifactor authentication (MFA) and prohibited sharing of unprotected sensitive information via unsecure channels.

For more information on CISA Directives, visit Cybersecurity Directives.

About CISA 

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on Twitter, Facebook, LinkedIn, Instagram

Source: US Department of Homeland Security

Updated analysis system enhances scalability, streamlines workflow and empowers threat hunts 

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) announces today a new release of our malware analysis system, called Malware Next-Gen, which allows any organization to submit malware samples and other suspicious artifacts for analysis. Malware Next-Gen allows CISA to more effectively support our partners by automating analysis of newly identified malware and enhancing the cyber defense efforts.

Timely, actionable intelligence on malware, such as how it works and what it is designed to do, is crucial to network defenders conducting potential cyber incident response and/or threat hunts.  Malware Next-Gen provides advanced and reliable malware analysis on a scalable platform, capable of meeting the increasing demands of future workloads. The integrated system provides CISA analysts and operations community members with multilevel containment capabilities for the automatic analysis of potentially malicious files or uniform resource locators (URLs).

“Effective and efficient malware analysis helps security professionals detect and prevent malicious software from enabling adversary access to persistence within an organization. Malware Next-Gen is a significant leap forward in CISA’s commitment to enhancing national cybersecurity,” said CISA Executive Assistant Director for Cybersecurity Eric Goldstein. “Our new automated system enables CISA’s cybersecurity threat hunting analysts to better analyze, correlate, enrich data, and share cyber threat insights with partners. It facilitates and supports rapid and effective response to evolving cyber threats, ultimately safeguarding critical systems and infrastructure.”

Since November, Malware Next-Gen has been available to .gov and .mil organizations. Nearly 400 registered users have submitted more than 1,600 files resulting in the identification of approximately 200 suspicious or malicious files and URLs, which were quickly shared with partners. While members of the public may submit a malware sample; only authorized, registered users are able to receive analytical results from submissions.

All organizations, security researchers and individuals are encouraged to register and submit suspected malware into this new automated system for CISA analysis. For more information, visit: Malware Next-Generation Analysis.

About CISA 

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on Twitter, Facebook, LinkedIn, Instagram. 

Source: US Department of Homeland Security

DHS continues its commitment to facilitate efficient movement of goods by responsible companies

WASHINGTON – The Department of Homeland Security (DHS) is outlining an enhanced strategy to combat illicit trade and level the playing field for the American textile industry, which accounts for over 500,000 U.S. jobs and is critical for our national security. Two of DHS’s agencies, U.S. Customs and Border Protection (CBP) and Homeland Security Investigations (HSI), will further enhance their work together to protect the integrity of our markets, hold perpetrators accountable for customs violations, and safeguard the American textile industry. The plan will serve as the blueprint for future strengthened enforcement efforts through intensified targeting of small package shipments; joint trade special operations; increased customs audits and foreign verifications; and the expansion of the Uyghur Forced Labor Prevention Act (UFLPA) Entity List. 

The new enforcement plan focuses on the following actions:  

• Cracking down on small package shipments to prohibit illicit goods from U.S. markets by improving screening of packages claiming the Section 321 de minimis exemption for textile, UFLPA, and other violations, including expanded targeting, laboratory and isotopic testing, and focused enforcement operations.
• Conducting joint CBP-HSI trade special operations to ensure cargo compliance. This includes physical inspections; country-of-origin, isotopic, and composition testing; and in-depth reviews of documentation. CBP will issue civil penalties for violations of U.S. laws and coordinate with HSI to develop and conduct criminal investigations when warranted.
• Better assessing risk by expanding customs audits and increasing foreign verifications. DHS personnel will conduct comprehensive audits and textile production verification team visits to high-risk foreign facilities to ensure that textiles qualify under the U.S.-Mexico-Canada Agreement (USMCA) or the Central America-Dominican Republic Free Trade Agreement (CAFTA-DR). CBP recently visited 31 facilities in Mexico—the first such visits under USMCA—as well as 18 facilities in Honduras, and is on track to double the number of total foreign verification visits compared to last year.
• Building stakeholder awareness by engaging in an education campaign to ensure that importers and suppliers in the CAFTA-DR and USMCA region understand compliance requirements and are aware of CBP’s enforcement efforts.
• Leveraging U.S. and Central American industry partnerships to improve facilitation for legitimate trade.
• Expanding the UFLPA Entity List to identify malign suppliers for the trade community through review of additional entities in the high-priority textile sector for inclusion in the UFLPA Entity List.

“We are dedicated to ensuring a fair and level playing field for American businesses,” said Secretary Alejandro N. Mayorkas. “The textile industry, like others industries, suffers when competitors use forced labor, violate customs laws, and engage in other illegal practices to undercut U.S. businesses and drive prices unfairly low. Through strengthened enforcement measures, enhanced inspection and testing, and increased information sharing, this Administration is protecting thousands of American workers and the U.S. textile industry.”

DHS has already begun implementation of this plan, building on ongoing efforts to ensure compliance. Thus far in the Biden-Harris Administration, DHS has accomplished the following:

• Launched 15 Trade Special Operations (TSOs) that focus on physical inspection of small shipments and cargo as well as post-release reviews to determine eligibility for preferential treatment under free trade agreements.
• Examined textile imports, including 300 physical inspections, and reviewed documentation for additional shipments.
• Initiated trade audits on more than $10.5 billion in textile imports.
• Completed Textile Production Verification Team (TPVT) visits — as previously mentioned — to 44 factories and five raw material providers across Mexico and Honduras to ensure compliance of $800 million in textile imports claiming preferential duty treatment.
• Included 10 entities from the textile sector in the UFLPA Entity List, contributing to the stoppage of apparel, footwear and textile shipments.

In January, Secretary Mayorkas met with members of the National Council of Textile Organizations (NCTO) to discuss current challenges in the textile industry. NCTO explained the significant harm that the textile industry is suffering at the hands of unscrupulous individuals and entities who create an unfair market by circumventing the operation of our nation’s free trade agreements, violating the UFLPA, and exploiting the de minimis shipment exception that is established in law. Following the meeting, the Secretary directed the Department to provide him with a new comprehensive enforcement action plan to increase and expedite their work to combat illegal customs practices that harm the American textile industry.

The U.S. textile industry is a vital domestic industrial base for U.S. national and economic security, accounting for over 500,000 U.S. jobs. Domestic textile producers are an essential component of U.S. health care security, serving as the domestic supply chain for critical personal protective equipment and other health supplies, as well as defense, supplying more than 8,000 different products to the U.S. military. Without a domestic textile industry, the United States would be vulnerable to and reliant on non-U.S. producers to supply these essential products.

The Biden-Harris Administration prioritizes fostering economic growth in northern Central America aimed to tackle the underlying causes for hemispheric migration. In February 2023, Vice President Harris joined forces with the Partnership for Central America to initiate Central America Forward, which has garnered over $4.2 billion in commitments for Guatemala, El Salvador, and Honduras. Last month, Vice President Harris also announced a new initiative between the U.S. and Guatemala to advance secure trade in textiles and apparel by encouraging engagement, including with existing government-to-industry stakeholder partnerships such as CBP’s Customs Trade Partnership Against Terrorism Program and the Superintendence of Tax Administration of Guatemala’s Authorized Economic Operator Program. DHS continues to work with our partners in Central America and Mexico to ensure that bad actors do not sap the vitality of this critical industrial corridor and impede the flow of legitimate goods.

“DHS is committed to expanding the UFLPA Entity List and sending a strong message to the importing community that the United States has zero tolerance for forced labor in our supply chains,” said Robert Silvers, Under Secretary for Policy and Chair of the Forced Labor Enforcement Task Force. “Enforcing our forced labor laws protects human rights and businesses and workers who play by the rules and should not be undercut by predatory and abusive labor practice.”

“We are pulling out all the stops to stay one step ahead of the bad actors that try to threaten this essential industry,” said Troy Miller, Senior Official Performing the Duties of the Commissioner for CBP. “Trade cheats undercut American manufacturers as well as legitimate U.S. importers and trusted suppliers from our FTA partners who work hard to play by the rules. This plan ensures we are holding them accountable: violators will not qualify for preferential duty treatment under USMCA, CAFTA-DR, or other trade agreements, and will be subject to payment of duties owed, penalties, seizures, and criminal investigations.”

Textiles enforcement has been a longstanding priority trade issue for DHS. CBP and HSI will continually learn from enforcement results and consider additional actions as necessary. In fiscal year 2023, CBP made 5,016 textile-related seizures with a domestic value exceeding $129 million, including smuggled wearing apparel already tagged for retail sale and counterfeit clothing. The agency also protected and recovered $266.6 million on misclassified, undervalued, or unsubstantiated free trade agreement claims. CBP issued 1,859 penalties and liquidated damages against violators and detained and reviewed over 780 shipments related to forced labor with an estimated value of over $40 million, denying the entry of more than half of those shipments. In spite of these efforts, the Department recognizes there is more work to be done.

Source: US Department of Homeland Security

WASHINGTON – Today, the U.S. Department of Homeland Security (DHS) released the Cyber Safety Review Board’s (CSRB) findings and recommendations following its independent review of the Summer 2023 Microsoft Exchange Online intrusion. The review detailed operational and strategic decisions that led to the intrusion and recommended specific practices for industry and government to implement to ensure an intrusion of this magnitude does not happen again. Secretary of Homeland Security Alejandro N. Mayorkas received the CSRB report from the Board and delivered it to President Biden. This is the third review completed by the CSRB since the Board was announced in February 2022.

“Individuals and organizations across the country rely on cloud services every day, and the security of this technology has never been more important,” said Secretary Mayorkas. “Nation-state actors continue to grow more sophisticated in their ability to compromise cloud service systems. Public-private partnerships like the CSRB are critical in our efforts to mitigate the serious cyber threat these nation-state actors pose. The Department of Homeland Security appreciates the Board’s comprehensive review and report of the Storm-0558 incident. Implementation of the Board’s recommendations will enhance our cybersecurity for years to come.”

The CSRB provides a unique forum for leading government and industry experts to review significant cybersecurity events and provide independent, strategic, and actionable recommendations to the President, the Secretary, and the Director of the Cybersecurity and Infrastructure Security Agency (CISA) to better protect our nation. The Board is made up of cybersecurity leaders from the private sector and senior officials from DHS, CISA, the Defense Department, the National Security Agency, the Department of Justice, the Federal Bureau of Investigation, the Office of the National Cyber Director, and the Federal Chief Information Officer.

In August 2023, DHS announced that the CSRB would assess the recent Microsoft Exchange Online intrusion, initially reported in July 2023, and conduct a broader review of issues relating to cloud-based identity and authentication infrastructure affecting applicable cloud service providers (CSP) and their customers. The CSRB obtained data from and conducted interviews with 20 organizations and experts including cybersecurity companies, technology companies, law enforcement organizations, security researchers, academics, as well as several impacted organizations. 

The inclusive review process developed actionable findings and recommendations. As a result of the CSRB’s recommendations, CISA plans to convene major CSPs to develop cloud security practices aligned with the CSRB recommendations and a process for CSPs to regularly attest and demonstrate alignment.

“DHS is committed to efforts that meaningfully improve cybersecurity resilience and preparedness for our nation, and the work of the CSRB is reflective of our determination and dedication to this cause,” said CISA Director Jen Easterly. “I am confident that the findings and recommendations from the Board’s report will catalyze action to reduce risk to the critical infrastructure Americans rely on every day.”

The CSRB’s review found that the intrusion by Storm-0558, a hacking group assessed to be affiliated with the People’s Republic of China, was preventable. It identified a series of Microsoft operational and strategic decisions that collectively pointed to a corporate culture that deprioritized enterprise security investments and rigorous risk management, at odds with the company’s centrality in the technology ecosystem and the level of trust customers place in the company to protect their data and operations. The Board recommends that Microsoft develop and publicly share a plan with specific timelines to make fundamental, security-focused reforms across the company and its suite of products. Microsoft fully cooperated with the Board’s review.

“Cloud computing is some of the most critical infrastructure we have, as it hosts sensitive data and powers business operations across our economy,” said DHS Under Secretary of Policy and CSRB Chair Robert Silvers. “It is imperative that cloud service providers prioritize security and build it in by design. The Board has become the authoritative organization for conducting fact-finding and issuing recommendations in the wake of major cyber incidents, receiving extensive industry and expert input in each of its three reviews to date. We appreciate Microsoft’s full cooperation in the course of the Board’s seven-month, independent review. We also appreciate the input received from 19 additional companies, government agencies, and individual experts.”

“The threat actor responsible for this brazen intrusion has been tracked by industry for over two decades and has been linked to 2009 Operation Aurora and 2011 RSA SecureID compromises,” said CSRB Acting Deputy Chair Dmitri Alperovitch. “This People’s Republic of China affiliated group of hackers has the capability and intent to compromise identity systems to access sensitive data, including emails of individuals of interest to the Chinese government. Cloud service providers must urgently implement these recommendations to protect their customers against this and other persistent and pernicious threats from nation-state actors.”

The CSRB recommends specific actions to all cloud service providers and government partners to improve security and build resilience against the types of attacks conducted by Storm-0558 and associated groups. Select recommendations include:

• Cloud Service Provider Cybersecurity Practices: Cloud service providers should implement modern control mechanisms and baseline practices, informed by a rigorous threat model, across their digital identity and credential systems to substantially reduce the risk of system-level compromise.
   
• Audit Logging Norms: Cloud service providers should adopt a minimum standard for default audit logging in cloud services to enable the detection, prevention, and investigation of intrusions as a baseline and routine service offering without additional charge.
   
• Digital Identity Standards and Guidance: Cloud service providers should implement emerging digital identity standards to secure cloud services against prevailing threat vectors. Relevant standards bodies should refine, update, and incorporate these standards to address digital identity risks commonly exploited in the modern threat landscape.
   
• Cloud Service Provider Transparency: Cloud service providers should adopt incident and vulnerability disclosure practices to maximize transparency across and between their customers, stakeholders, and the United States government.
   
• Victim Notification Processes: Cloud service providers should develop more effective victim notification and support mechanisms to drive information-sharing efforts and amplify pertinent information for investigating, remediating, and recovering from cybersecurity incidents.
   
• Security Standards and Compliance Frameworks: The United States government should update the Federal Risk Authorization Management Program and supporting frameworks and establish a process for conducting discretionary special reviews of the program’s authorized Cloud Service Offerings following especially high-impact situations. The National Institute of Standards and Technology should also incorporate feedback about observed threats and incidents related to cloud provider security.

As directed by President Biden through Executive Order 14028 Improving the Nation’s Cybersecurity, Secretary Mayorkas established the CSRB in February 2022.  The Board’s investigations are conducted independently, and its conclusions are independently reached. DHS and the CSRB are committed to transparency and will, whenever possible, release public versions of CSRB reports, consistent with applicable law and the need to protect sensitive information from disclosure.

To read the full report, visit Report on Microsoft Online Exchange Incident from Summer 2023.

###

Source: US Department of Homeland Security

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) announces a new dedicated High-Risk Communities webpage today with cybersecurity resources for civil society communities at heightened risk of facing digital security threats because of their work. Through the Joint Cyber Defense Collaborative (JCDC) and building on priorities advanced through the Administration’s Summit for Democracy, CISA developed this valuable resource in collaboration with civil society organizations, government, and private industry partners to support these communities with their cybersecurity.

This webpage offers digital security resources specifically for high-risk communities, including Project Upskill, a suite of guides designed to equip non-technical individuals affiliated with high-risk organizations with simple steps to meaningfully improve their cyber hygiene. Other resources on the webpage include information on local cyber volunteer programs, and a repository of free or discounted cybersecurity tools and services available to high-risk communities.

“With experts across government and the private sector, we collaborated extensively to identify and develop actionable and easy-to-use resources for high-risk communities. We will continue to solicit input and feedback from partners across civil society as we collectively work to safeguard those organizations advancing democracy and human rights against cyber threats,” said CISA Director Jen Easterly. “CISA is especially pleased in the public-private collaboration that led to development and publication of these resources, reflecting shared commitment across government, industry, and civil society.” 

The High-Risk Communities planning effort furthers JCDC priorities by bringing together government and the private sector to execute cyber defense plans that achieve specific risk reduction goals and enable more focused collaboration. To learn more about JCDC, visit CISA.gov/JCDC.

All civil society organizations are encouraged to visit the High-Risk Communities webpage intended to serve as a one-stop-shop for cybersecurity guidance. 

Read CISA’s blog for more details on the High-Risk Communities effort.

###

About CISA 

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on Twitter, Facebook, LinkedIn, Instagram. 

Source: US Department of Homeland Security

CISA Urges Partnerships So We Can All Be “Resilient Together”

WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) kicks off the third annual Emergency Communications Month to honor the nation’s emergency responders and communicators, emphasizing the importance of emergency communications and the need to work together in building resilient critical infrastructure.

CISA is focused on how the nation can be “Resilient Together,” highlighting the importance of secure, interoperable emergency communications and how CISA supports this effort in collaboration with its partners across the emergency communications ecosystem. CISA encourages critical infrastructure organizations, state, local, tribal, and territorial government, and others to significantly bolster communications resiliency and emergency preparedness by enrolling in free priority telecommunications services. These services, which include the Government Emergency Telecommunications Service (GETS) and Wireless Priority Service (WPS), enable essential personnel to communicate when networks are degraded or congested due to weather events, mass gatherings, cyber incidents, or events stemming from human error.

Through its emergency communications mission, CISA conducts extensive outreach across the nation. These efforts are aimed at bolstering the capacity of emergency response providers and government officials to communicate effectively during crises such as natural disasters, cyber incidents or other hazards that impact landline and wireless communications. CISA’s programs and services coordinate emergency communications planning, preparation, and evaluation to ensure safer, better-prepared communities nationwide. Moreover, CISA offers essential guidance on establishing protocols for identifying and promptly reporting significant cyber incidents to relevant personnel, local law enforcement, and the agency. CISA serves as a vital resource, collaborating with both government and industry partners to strengthen and enhance emergency communication capabilities, thereby reinforcing our nation’s resilience.

“As the nation’s cyber defense agency and the national coordinator for infrastructure security, CISA’s mission continues to prioritize ensuring interoperable, secure, and resilient emergency communications for our nation,” remarked CISA Director Jen Easterly. “In this third Emergency Communications Month, we not only honor our invaluable emergency communications partners nationwide but also urge them to enroll in our priority telecommunications services. By emphasizing the ‘Resilient Together’ theme, we aim to unite efforts towards integrating the next generation of emergency communications systems, thereby enhancing the safety and security of our nation and its critical infrastructure.”

On April 30, CISA will host an informational webinar to provide overviews of the GETS and WPS services. Organizations can begin the enrollment process here: www.cisa.gov/apply-pts. CISA’s Priority Telecommunications Service Center assists with the enrollment process and can be reached by phone at 866-627-2255 or by email at support@gwids.cisa.gov.

To learn more about Emergency Communications Month and how to amplify our resources, visit https://www.cisa.gov/emergency-communications-month.

About CISA 

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on Twitter, Facebook, LinkedIn, Instagram. 

Source: US Department of Homeland Security

WASHINGTON – Today, the Federal Register posted for public inspection the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Notice of Proposed Rulemaking (NPRM), which CISA was required to develop by the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). This marks a major step in bolstering America’s cybersecurity. 

Implementation of CIRCIA will improve CISA’s ability to use cybersecurity incident and ransomware payment information reported to the agency to identify patterns in real-time, fill critical information gaps, rapidly deploy resources to help entities that are suffering from cyber attacks, and inform others who would be potentially affected. When information about cyber incidents is shared quickly, CISA can use this information to render assistance and provide warning to prevent other organizations from falling victim to a similar incident. This information is also critical to identifying trends that can help efforts to protect the homeland. The NPRM will soon formally publish in the Federal Register, following which the public will have 60 days to submit written comments to inform the direction and substance of the Final Rule. 

“Cyber incident reports submitted to us through CIRCIA will enable us to better protect our nation’s critical infrastructure,” said Secretary of Homeland Security Alejandro N. Mayorkas.  “CIRCIA enhances our ability to spot trends, render assistance to victims of cyber incidents, and quickly share information with other potential victims, driving cyber risk reduction across all critical infrastructure sectors. The proposed rule is the result of collaboration with public and private stakeholders, and DHS welcomes feedback during the public comment period on the direction and substance of the final rule.”

“CIRCIA is a game changer for the whole cybersecurity community, including everyone invested in protecting our nation’s critical infrastructure,” said CISA Director Jen Easterly. “It will allow us to better understand the threats we face, spot adversary campaigns earlier, and take more coordinated action with our public and private sector partners in response to cyber threats. We look forward to additional feedback from the critical infrastructure community as we move towards developing the Final Rule.”

Since September 2022, CISA has solicited input from public and private sector stakeholders, including the critical infrastructure community, as the agency developed the NPRM, and this open comment period is another opportunity for stakeholders to submit written comments on the NPRM. The NPRM contains proposed regulations for cyber incident and ransom payment reporting, as well as other aspects of the CIRCIA regulatory program. Implementation of CIRCIA enables CISA to develop insight into the cyber threat landscape to drive cyber risk reduction across the nation and to provide early warning to entities who may be at risk of targeting. The comments CISA received through the Request for Information (RFI) and listening sessions over the past year helped shape this NPRM. In turn, robust input on the NPRM will support our ability to implement CIRCIA to drive national cyber risk reduction.

Visit cisa.gov/CIRCIA to learn more.

About CISA 

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on Twitter, Facebook, LinkedIn, Instagram. 

Source: US Department of Homeland Security

WASHINGTON, DC – The Cybersecurity and Infrastructure Security Agency (CISA),  DC Homeland Security Emergency Management Agency (HSEMA) the Metropolitan Washington Council of Governments (COG), hosted a water system tabletop exercise (TTX) yesterday in the National Capital Region (NCR). The exercise focused on incident information sharing procedures and emergency response and recovery operations related to a hypothetical incident around local water systems as well as mechanisms to help keep the public’s drinking water safe.  

The exercise was not in response to any specific threat and there have been no significant security incidents or changes to the threat or the risk environment impacting the NCR water systems. Rather, this exercise supported the long-standing regional efforts, led by COG, the Interstate Commission on the Potomac River Basin (ICPRB), local emergency management agencies, major water providers, and other water and wastewater utilities to periodically review and improve the preparedness and resilience of the region’s water service systems. The Environmental Protection Agency (EPA), the Sector Risk Management Agency for the Water and Wastewater Sector, supported the exercise. Overall, the exercise contributed to federal goals that strengthen water system resilience locally, regionally, and nationally.

“Drinking water and wastewater systems are an essential community lifeline. A large portion of Water Sector functions are based in the digital world as well as deeply rooted in critical physical infrastructure. It is important to protect these systems from any form of attack to maintain their vital operations,” said Regional Director Bill Ryan, CISA Region 3. “Opportunities to train and exercise emergency plans as a team with our state and local partners allow us to collectively identify ways to keep the public safe, become more resilient and harden our capabilities through proactive multi-agency collaboration, coordination and strategic resource management before an incident happens.”

The exercise provided invaluable feedback to more than a dozen agencies regarding a variety of complex scenarios relevant to their roles and responsibilities. Specifically, the NCR Water TTX tested responses to water system threats focusing on the interconnectedness of water utilities, incident response, continuity plans, customer support, water distribution, and public messaging.

“Planning and preparing for incidents that have significant impacts on public health and safety are only one part of ensuring readiness to respond efficiently. Exercises are the other crucial aspect of testing our plans to improve our ability to successfully address and mitigate the impacts of water system incidents,” said Clint Osborn, Interim Director of HSEMA. “We are collaborating with our local, state, and federal partners so we can hit the ground running when we are faced with incidents that threaten our critical infrastructure.”

Exercises like this one are part of CISA’s continual outreach with public and private sector partners. CISA conducts dozens of exercises per year and actively engages with entities including but not limited to municipalities, sports leagues, critical infrastructure partners, schools, and other organizations around the country to develop and exercise response plans for all potential threats in today’s complex security environment. Individually, CISA and HSEMA participate in various exercises throughout the year on multiple levels and scales. From a national perspective, CISA has staff strategically positioned throughout the U.S. to advise on ways to enhance security and resilience. Every citizen is encouraged to speak up if they see something suspicious. If you see something, say something. Additional resources and tools are available on the agency’s website through its Hometown Security initiative.

About CISA 

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on Twitter, Facebook, LinkedIn, Instagram. 

Source: US Department of Homeland Security

WASHINGTON – Secretary of Homeland Security Alejandro N. Mayorkas today announced the extension and redesignation of Burma for Temporary Protected Status for 18 months, from May 26, 2024, to November 25, 2025, due to extraordinary and temporary conditions in Burma that prevent individuals from safely returning. The corresponding Federal Register notice provides information about how to register as a new first-time applicant or current beneficiary for TPS under Burma’s extension and redesignation.

After consultation with interagency partners, Secretary Mayorkas determined that an 18-month TPS extension and redesignation are warranted because conditions that support Burma’s TPS designation are ongoing. Burma’s democratically elected civilian government was overthrown in a military coup on February 1, 2021, giving rise to further widespread violence that continues to put individuals in Burma at significant risk. Burma also continues to face challenges in the provision of food, access to health care, and economic stability. 

Accompanying this announcement is a Special Student Relief notice for F-1 nonimmigrant students whose country of citizenship is Burma so that eligible students may request employment authorization, work an increased number of hours while school is in session, and reduce their course load while continuing to maintain F-1 status through the TPS designation period.

The extension of TPS for Burma allows approximately 2,300 current beneficiaries to retain TPS through November 25, 2025, if they continue to meet TPS eligibility requirements. The redesignation of Burma for TPS allows an estimated 7,300 additional nationals of Burma (or individuals having no nationality who last habitually resided in Burma) to file initial applications to obtain TPS, if they are otherwise eligible and if they established residence in the United States on or before March 21, 2024, and have continued to reside in the United States since then.

Re-registration is limited to individuals who previously registered for and were granted TPS under Burma’s prior designation. Current beneficiaries under TPS for Burma must re-register in a timely manner during the 60-day re-registration period from March 25, 2024, through May 24, 2024, to ensure they keep their TPS and employment authorization.

The Department of Homeland Security recognizes that not all re-registrants may receive a new Employment Authorization Document (EAD) before their current EAD expires and is automatically extending through May 25, 2025, the validity of EADs previously issued under Burma’s TPS designation. When the registration period for TPS for Burma opens on March 25, 2024, new registrants who are granted TPS and who filed an approved Form I-765, Application for Employment Authorization, under this announcement for extension and redesignation will be issued an EAD for 18 months that will be valid through November 25, 2025.

U.S. Citizenship and Immigration Services will continue to process pending applications filed under previous TPS designations for Burma. Individuals with a pending Form I-821, Application for Temporary Protected Status, or a related Form I-765, Application for Employment Authorization, as of March 25, 2024 do not need to file either application again. If USCIS approves a pending Form I-821 or Form I-765 filed under the previous designation of TPS for Burma, USCIS will grant the individual TPS through November 25, 2025, and issue an EAD valid through the same date.

Under the redesignation of Burma, eligible individuals who do not have TPS may submit an initial Form I-821, Application for Temporary Protected Status, during the initial registration period that runs from March 25, 2024, through November 25, 2025. Applicants also may apply for TPS-related EADs and for travel authorization. Applicants can request an EAD by submitting a completed Form I-765, Application for Employment Authorization, with their Form I-821, or separately later. 

The Federal Register notice explains eligibility criteria, timelines, and procedures necessary for current beneficiaries to re-register and renew EADs, and for new applicants to submit an initial application under the redesignation and apply for an EAD. 

Source: US Department of Homeland Security

The first step in this focused initiative includes an analysis of similarities and differences between the recommendations of the DHS Report on Harmonization of Cyber Incident Reporting to the Federal Government, and the cybersecurity incident reporting framework under the NIS 2 Directive in the EU

WASHINGTON – Today, the US Department of Homeland Security (DHS) and European Commission’s Directorate General for Communications, Networks, Content, and Technology (DG CONNECT) announced an initiative to compare cyber incident reporting elements that will inform cyber incident reporting requirements by the US, and European Union (EU) under the NIS 2 Directive. This transatlantic collaboration between the US and EU builds on their efforts to secure their people, critical infrastructure, and businesses against detrimental cyber activities.

The joint report developed by DHS and DG CONNECT, with support from their respective cybersecurity agencies, the Cybersecurity and Infrastructure Security Agency (CISA) and the European Agency for Cybersecurity (ENISA), provides a comparative assessment and factual overview of recommendations from the U.S. Cyber Incident Reporting Council and the 2023 DHS report on Harmonization of Cyber Incident Reporting to the Federal Government and EU’s Directive 2022/2555 on measures for high level of cybersecurity across the Union (i.e., NIS 2 Directive) by identifying the main similarities and divergences. The findings in this report will help inform DHS and DG CONNECT’s approach to evaluating cyber incident reporting processes in the future. The report identifies six main areas for comparative analysis between the DHS’s report and the EU’s Directive, including: (i) definitions and reporting thresholds, (ii) timelines, triggers and types of cyber incident reporting, (iii) contents of cyber incident reports, (iv) reporting mechanisms, (v) aggregation of incident data, and (vi) public disclosure of cyber incident information.

“Cyber incidents do not recognize borders and multinational companies are often required to report incidents across numerous jurisdictions. We are committed to harmonizing incident reporting rules domestically and with like-minded partners like the European Union whenever feasible. Our approach will allow governmental authorities to get the information they need to provide cyber defense while streamlining the process for victim organizations,” said Robert Silvers, DHS Under Secretary for Policy and Chair of the Cyber Incident Reporting Council.

“With the new NIS 2 Directive we created streamlined and future- proof European baseline cybersecurity rules, including on incident reporting, to the benefit of all stakeholders. Across the Atlantic, we seek to work together to compare relevant reporting requirements, including the form or format of information requested seeking ways to minimize the administrative burden on reporting entities,” said Roberto Viola, EC Director-General for Communications Networks, Content and Technology.

This initiative – which aligns with the 2024 Joint Statement between Secretary of Homeland Security Alejandro N. Mayorkas and European Commissioner for Internal Market Thierry Breton –marks the beginning of a process to align transatlantic cyber incident reporting where feasible. DHS & DG CONNECT invite industry from both the US and EU to share their input and reactions to our joint collaboration and approach to evaluating cyber incident reporting processes.

“This domain is critical as relevant government authorities must have access to information about cyber incidents that impact their citizens or otherwise raise safety and security concerns. Moreover, we recognize that over the next months, both the United States and the European Union will continue the work to put mandatory reporting regimes into effect, including by implementing more precise provisions on the process for incident reporting, content of the reports and timelines. It is important to stay connected on these issues and align where possible,” added Lorena Boix Alonso, EC Director for Digital Society, Trust and Cybersecurity.

“Over the next year our teams plan to continue our cooperation on a more technical level, including by mapping elements such as cybersecurity incident taxonomies, reporting templates, and the content of reports and formats. We will conduct an in-depth crosswalk of the DHS-developed Model Reporting Form against the NIS 2 required contents of reports to identify where there is overlap and disparities in the types of data being requested. As we continue these efforts moving forward, we must remain agile and adapt to the quickly evolving cyber threat landscape as nothing remains static in our digital world for long,” said Iranga Kahangama, DHS Assistant Secretary for Cyber, Infrastructure, Risk and Resilience.

The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), signed into law by President Biden in 2022, established the Cyber Incident Reporting Council (CIRC), led by DHS to “coordinate, deconflict, and harmonize Federal incident reporting requirements, including those issued through regulations.” The CIRC, which is chaired by DHS and includes representation from more than 30 agencies, outlined a series of actionable recommendations on how the U.S. Government can streamline and harmonize the reporting of cyber incidents to better protect the nation’s critical infrastructure. In 2023, DHS provided a report to Congress including recommendations of the Council entitled Harmonization of Cyber Incident Reporting to the Federal Government.

In January 2023, the NIS 2 Directive entered into force, giving EU Member States 21 months to transpose it into national law. The NIS 2 Directive builds on the requirements of its predecessor, Directive (EU) 2016/1148, concerning measures for a high common level of security of network and information systems across the Union (the NIS Directive), in force since 2016, but it raises the EU common level of ambition on cyber-security, through a wider scope, clearer rules and stronger supervision tools. The NIS 2 Directive harmonizes, strengthens, and streamlines security and incident reporting requirements for a larger number of entities, which are critical for the European economy and society.

The full report is available on DHS.gov.

###