Category: NCTC Resources

Source: US Department of Homeland Security

WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) is pleased to launch We Can Secure Our World, the second PSA in its Secure Our World cybersecurity public awareness program. The PSA will be promoted widely across the U.S. on television, radio, digital ads, retail centers, social media platforms, and billboards throughout 2024. We Can Secure Our World builds on the success of CISA’s first ever public service announcement (PSA) which launched in September 2023.

A Pew Research Center survey conducted last year shows that 95% of American adults use the internet, 90% have a smartphone and 80% subscribe to high-speed internet at home. Additionally, the survey also reported nearly 70% of children and adolescents have been exposed to at least one cyber risk in the past year. With cyber threats increasing among Americans of all ages, CISA is working to empower all Americans to protect themselves from hackers getting into their devices through easy steps that anyone can do anywhere and anytime.

The Secure Our World cybersecurity public awareness program, initially launched in September 2023, with its first PSA receiving nearly 20,000 views on YouTube, and educational materials including “How to” videos and tip sheets, were downloaded approximately 50,000 times. CISA also had a video that aired at the NFL Experience in the week leading up to the Super Bowl. CISA had a Super Bowl-related social media campaign that garnered more than 200,000 views and reached audiences spanning America’s diverse population.

The Secure Our World program is designed to educate and empower individuals to take proactive steps in safeguarding their digital lives. Tapping into the nostalgia of beloved musical cartoon series from the 1970s and 1980s, the new PSA features lovable character Max from the first PSA and introduces “Joan the Phone” who teaches us how to stay safe online. Through engaging messaging encouraging simple steps to protect ourselves online, the program aims to raise awareness about the importance of cybersecurity and empower individuals to adopt best practices to mitigate online risks.

“Basic cyber hygiene prevents 98% of cyber attacks—why we’re on a mission to make cyber hygiene as common as brushing our teeth and washing our hands. BUT(!) “cyber” anything can seem overly technical and complicated to the vast majority of Americans from K through Gray—why we’re also on a mission to make such information more accessible,” said CISA Director Jen Easterly. “As someone who grew up with Saturday morning cartoons, I am super excited about what we’ve done with our new Secure Our World PSA to leverage a recognizable educational medium to promote cybersecurity best practices. We’re really excited to take public awareness of cyber safety to a whole new level of creativity.”

We encourage organizations large and small to join forces with CISA today to bolster cybersecurity awareness, empower individuals to take action, and drive adoption of critical behaviors, Together, let’s champion the cybersecurity basics: encourage the use of strong passwords and multi-factor authentication, recognize and report phishing attempts, and prioritize software updates. Our collaboration can have a far-reaching effect to protect individuals, businesses and critical infrastructure from cyber threats, promoting trust, resilience and security in the digital realm.

View the We Can Secure Our World PSA on CISA.gov.

Source: US Department of Homeland Security

WASHINGTON – Today, the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) announced changes to the Cyber Safety Review Board (CSRB) membership. With deep gratitude, four current members of the CSRB will depart and four new members will join the board. 

Departing members include:

• Katie Moussouris, Founder and CEO, Luta Security
• Chris Novak, Co-Founder and Managing Director, Verizon Threat Research Advisory Center
• Tony Sager, Senior Vice President and Chief Evangelist, Center for Internet Security, and
• Wendi Whitmore, Senior Vice President, Unit 42, Palo Alto Networks

Joining the CSRB:

• Jamil Jaffer, Venture Partner Paladin Capital Group and Founder and Executive Director, National Security Institute, George Mason University Scalia Law School
• David Luber, Director, Cybersecurity Directorate, NSA
• Katie Nickels, Senior Director of Intelligence Operations, Red Canary
• Chris Krebs, Chief Intelligence and Public Policy Officer, Sentinel One

David Luber will serve as the Federal CSRB representative from the NSA, replacing Rob Joyce upon his retirement. Joyce has been asked to continue to serve on the board as a private sector member.

“I can’t thank Katie, Chris, Tony, and Wendi enough for the outstanding contributions they’ve made as CSRB members. I am truly grateful for their service on the Board,” said CISA Director Jen Easterly.  “I am also very pleased to welcome Jamil, Dave, Katie, and Chris to the Board. I know their cybersecurity expertise and experience will be instrumental in the continuing evolution of the CSRB as a catalyst for positive change in the cybersecurity ecosystem.”

Robert Silvers, DHS Under Secretary for Policy, and Heather Adkins, Vice President for Security Engineering at Google, have been re-appointed as the Chair and Deputy Chair respectively for a second term by Easterly. 

“I send my sincere thanks to the departing members and welcome those who are beginning their service,” said Under Secretary Silvers. “The Cyber Safety Review Board will continue in its charge to conduct fact finding and develop lessons learned from the most serious cyber incidents.”

“It has been an honor to serve on the CSRB and I am looking forward to seeing the Board continue to evolve its important role in the cybersecurity ecosystem as we increase the security of the nation,” said Deputy Chair Adkins.  

Other returning members include:

• Dmitri Alperovitch, Co-Founder and Chairman, Silverado Policy Accelerator and Co-Founder and former CTO of CrowdStrike, Inc.
• Harry Coker, Jr., National Cyber Director, Office of the National Cyber Director
• Jerry Davis, Founder, Gryphon X
• Chris DeRusha, Federal Chief Information Security Officer, Office of Management and Budget
• Eric Goldstein, Executive Assistant Director for Cybersecurity, Cybersecurity and Infrastructure Security Agency
• Marshall Miller, Principal Associate Deputy Attorney General, Department of Justice
• John Sherman, Chief Information Officer, Department of Defense
• Bryan Vorndran, Assistant Director, Cyber Division, Federal Bureau of Investigation

The CSRB conducts fact-finding and issues recommendations in the wake of major cyber incidents. The Board is made up of cybersecurity luminaries from the private sector and senior officials from DHS, CISA, the Department of Defense, the National Security Agency, the Department of Justice, the Federal Bureau of Investigation, the Office of the National Cyber Director, and the Office of Management and Budget.

As directed by President Biden through Executive Order 14028 Improving the Nation’s Cybersecurity, Secretary Mayorkas established the CSRB in February 2022. The Board is administered by CISA on behalf of the Secretary. The Board’s reviews are conducted independently, and its conclusions are independently reached. DHS and the CSRB are committed to transparency and will, whenever possible, release public versions of CSRB reports, consistent with applicable law and the need to protect sensitive information from disclosure.  

The Board’s reviews and other information about the CSRB can be found on the CSRB website.

###

Source: US Department of Homeland Security

WASHINGTON – Secretary of Homeland Security Alejandro N. Mayorkas issued the following statement on Microsoft’s announcement of security updates following recommendations from the Department of Homeland Security’s Cyber Security Review Board:

“We applaud Microsoft for its commitment to strengthen its security by embracing and acting upon the recommendations of the Cyber Safety Review Board and further advancing the company’s Secure Future Initiative. Microsoft’s full cooperation with the Board’s review helped create the tangible recommendations that will benefit not only Microsoft’s customers, but also the public at large that depends on the security of cloud services.  We look forward to continuing our work with Microsoft and other partners to strengthen the security of the cyber ecosystem on which we all depend.” 

###

Source: US Department of Homeland Security

View CSAF

1. EXECUTIVE SUMMARY

• CVSS v4 8.5
• ATTENTION: Low attack complexity
• Vendor: Delta Electronics
• Equipment: CNCSoft-G2 DOPSoft
• Vulnerability: Stack-based Buffer Overflow

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Delta Electronics CNCSoft-G2, a Human-Machine Interface (HMI) software, are affected:

• CNCSoft-G2: Versions 2.0.0.5 (with DOPSoft v5.0.0.93) and prior

3.2 Vulnerability Overview

3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2024-4192 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H ).

A CVSS v4 score has also been calculated for CVE-2024-4192. A base score of 8.5 has been calculated; the CVSS vector string is (CVSS4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

• CRITICAL INFRASTRUCTURE SECTORS: Energy, Critical Manufacturing
• COUNTRIES/AREAS DEPLOYED: Worldwide
• COMPANY HEADQUARTERS LOCATION: Taiwan

3.4 RESEARCHER

Natnael Samson working with Trend Micro Zero Day Initiative reported this vulnerability to CISA.

4. MITIGATIONS

Delta Electronics recommends users update to CNCSoft-G2 v2.1.0.4 or later.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

• Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
• Locate control system networks and remote devices behind firewalls and isolating them from business networks.
• When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

5. UPDATE HISTORY

• April 30, 2024: Initial Publication

Source: US Department of Homeland Security

WASHINGTON – Secretary of Homeland Security Alejandro N. Mayorkas issued the following statement on the National Security Memorandum (NSM) to secure and enhance the resilience of U.S. critical infrastructure, signed today by President Biden:

“Our nation’s critical infrastructure consists of the systems and services upon which Americans rely in their daily lives. From the banking system to the electric grid, from healthcare to our nation’s water systems and more, we depend on the safety and defense of our critical infrastructure as a matter of homeland and national security. President Biden’s new National Security Memorandum empowers the Department of Homeland Security to lead our government’s efforts, alongside our Administration partners, to better confront the increasingly complex and frequent threats facing our critical infrastructure.  Together, we will ensure America remains vigilant, secure, and resilient.”

###

Source: US Department of Homeland Security

WASHINGTON, DC – Today, the Department of Homeland Security (DHS) received a grade of “A+,” the highest grade possible on the Small Business Administration’s Fiscal Year (FY) 2023 Small Business Procurement Scorecard and was the largest federal agency to exceed all ten of the Scorecard’s small business prime and subcontracting goals. The Scorecard is an assessment tool that measures how well federal agencies meet their small business and socioeconomic prime contracting and subcontracting goals. This is the fifteenth consecutive fiscal year DHS has earned a grade of “A” or higher, starting in FY 2009.

“America’s small businesses are essential partners in equipping the Department’s workforce with the tools to fulfill our mission of protecting the homeland,” said the Senior Official Performing the Duties of the Deputy Secretary Kristie Canegallo. “We are proud of DHS’s 15 year record and are committed to ensure that it continues. This year’s “A+” rating achievement is the result of modernizing and streamlining our processes to meet our contracting goals.”

In FY 2023, DHS obligated $9.9 billion, the highest amount in the Department’s history, to small businesses. Over $4.7 billion was awarded to small, disadvantaged businesses– a result of the Department’s increased targeted small business outreach efforts, which include a focus on undeserved vendor communities. Notably, DHS awarded 38.21% of its total eligible contracting dollars to small businesses, greatly exceeding the government-wide prime goal of 23%.

“Our achievements are the result of collaboration between DHS leadership and the acquisition workforce,” said E. Darlene Bullock, DHS Executive Director, Office of Small and Disadvantaged Business Utilization. “DHS will continue to implement various programs and policies to support small business participation.”

For the second time in the Department’s history, DHS exceeded all ten small business prime and subcontracting goals, making it the largest federal agency with this record of achievement. “DHS’s sustained accomplishments on the SBA scorecard for the past 15 years truly highlight the Department’s efforts to partner with small businesses. We are proud of our efforts and look forward to continued excellence in this area,” said Paul Courtney, DHS Chief Procurement Officer.

Small businesses play an instrumental role in strengthening the capabilities of the Department and helping us protect our homeland. DHS is committed to maximizing opportunities for small businesses and will continue to partner with industry to increase diversity in our contractor community.

For more information about the Department’s small business program, visit Office of Small and Disadvantaged Business Utilization | Homeland Security (dhs.gov).

Source: US Department of Homeland Security

Announcements Follow Six Months of Progress to Leverage AI Responsibly Across the Homeland Security Enterprise and Recent Establishment of AI Safety and Security Board

The Department, in Coordination with CISA and CWMD, Releases New Guidelines to Protect Against AI Risks to Critical Infrastructure; Submits Report on Chemical, Biological, Radiological, and Nuclear Threats

WASHINGTON – Today, the Department of Homeland Security (DHS) marked the 180-day mark of President Biden’s Executive Order (EO) 14110, “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (AI)” by unveiling new resources to address threats posed by AI: (1) guidelines to mitigate AI risks to critical infrastructure and (2) a report on AI misuse in the development and production of chemical, biological, radiological, and nuclear (CBRN).

These resources build upon the Department’s broader efforts to protect the nations’ critical infrastructure and help stakeholders leverage AI, which include the recent establishment of the Artificial Intelligence Safety and Security Board. This new Board, announced last week, assembles technology and critical infrastructure executives, civil rights leaders, academics, state and local government leaders, and policymakers to advance responsible development and deployment of AI.

“AI can present transformative solutions for U.S. critical infrastructure, and it also carries the risk of making those systems vulnerable in new ways to critical failures, physical attacks, and cyber attacks. Our Department is taking steps to identify and mitigate those threats,” said Secretary of Homeland Security Alejandro N. Mayorkas. “When President Biden tasked DHS as a leader in the safe, secure, and reliable development of AI, our Department accelerated our previous efforts to lead on AI. In the 180 days since the Biden-Harris Administration’s landmark EO on AI, DHS has established a new AI Corps, developed AI pilot programs across the Department, unveiled an AI roadmap detailing DHS’s current use of AI and its plans for the future, and much more. DHS is more committed than ever to advancing the responsible use of AI for homeland security missions and promoting nationwide AI safety and security, building on the unprecedented progress made by this Administration. We will continue embracing AI’s potential while guarding against its harms.”

Guidelines to Mitigate AI Risks to Critical Infrastructure

DHS, in coordination with its Cybersecurity and Infrastructure Security Agency (CISA), released new safety and security guidelines to address cross-sector AI risks impacting the safety and security of U.S. critical infrastructure systems. The guidelines organize its analysis around three overarching categories of system-level risk:

• Attacks Using AI:  The use of AI to enhance, plan, or scale physical attacks on, or cyber compromises of, critical infrastructure.
• Attacks Targeting AI Systems: Targeted attacks on AI systems supporting critical infrastructure.
• Failures in AI Design and Implementation: Deficiencies or inadequacies in the planning, structure, implementation, or execution of an AI tool or system leading to malfunctions or other unintended consequences that affect critical infrastructure operations.

  
“CISA was pleased to lead the development of ‘Mitigating AI Risk: Safety and Security Guidelines for Critical Infrastructure Owners and Operators on behalf of DHS,” said CISA Director Jen Easterly. “Based on CISA’s expertise as National Coordinator for critical infrastructure security and resilience, DHS’ Guidelines are the agency’s first-of-its-kind cross-sector analysis of AI-specific risks to critical infrastructure sectors and will serve as a key tool to help owners and operators mitigate AI risk.”

To address these risks, DHS outlines a four-part mitigation strategy, building upon the National Institute of Standards and Technology’s (NIST) AI Risk Management Framework (RMF), that critical infrastructure owners and users can consider when approaching contextual and unique AI risk situations:

• Govern: Establish an organizational culture of AI risk management – Prioritize and take ownership of safety and security outcomes, embrace radical transparency, and build organizational structures that make security a top business priority.
• Map: Understand your individual AI use context and risk profile – Establish and understand the foundational context from which AI risks can be evaluated and mitigated.
• Measure: Develop systems to assess, analyze, and track AI risks – Identify repeatable methods and metrics for measuring and monitoring AI risks and impacts.
• Manage: Prioritize and act upon AI risks to safety and security – Implement and maintain identified risk management controls to maximize the benefits of AI systems while decreasing the likelihood of harmful safety and security impacts.

Countering Chemical, Biological, Radiological, and Nuclear Threats

The Department worked with its Countering Weapons of Mass Destruction Office (CWMD) to analyze the risk of AI being misused to assist in the development or production of CBRN threats, and analyze and provide recommended steps to mitigate potential threats to the homeland. This report, developed through extensive collaboration across the United States Government, academia, and industry, furthers long-term objectives around how to ensure the safe, secure, and trustworthy development and use of artificial intelligence, and guides potential interagency follow-on policy and implementation efforts.

“The responsible use of AI holds great promise for advancing science, solving urgent and future challenges, and improving our national security, but AI also requires that we be prepared to rapidly mitigate the misuse of AI in the development of chemical and biological threats,” said Assistant Secretary for CWMD Mary Ellen Callahan. “This report highlights the emerging nature of AI technologies, their interplay with chemical and biological research and the associated risks, and provides longer-term objectives around how to ensure safe, secure, and trustworthy development and use of AI.  I am incredibly proud of our team at CMWD for this vital work which builds upon the Biden-Harris Administration’s forward-leaning Executive Order.”

A Department-Wide Effort to Address AI Risks and Opportunities

In the 180 days since President Biden issued his landmark EO on AI, Secretary Mayorkas has led a sustained effort to expand DHS’s leadership on AI and made progress on a number of initiatives geared towards protecting critical infrastructure and ensuring the safe implementation of AI technology.  Most recently, the Secretary established the Artificial Intelligence Safety and Security Board (AISSB) to advise DHS, the critical infrastructure community, private sector stakeholders, and the broader public on the safe and secure development and deployment of AI in our nation’s critical infrastructure. This diverse range of leaders on the Board will provide recommendations to help critical infrastructure stakeholders more responsibly leverage AI and protect against its dangers.

In March, DHS unveiled a detailed AI roadmap for using AI technologies to deliver meaningful benefits to the American public and advance homeland security while protecting individuals’ privacy, civil rights, and civil liberties. Within the roadmap, the Department announced three innovative pilot projects that deploy AI in specific mission areas, including pilots housed in Homeland Security Investigations (HSI), the Federal Emergency Management Agency (FEMA), and United States Citizenship and Immigration Services (USCIS). CISA completed an operational pilot of AI cybersecurity systems to aid in the detection and remediation of vulnerabilities in critical United States Government software, systems, and networks, pursuant to the EO.

In February, DHS launched the DHS AI Corps, an accelerated hiring initiative to better leverage AI responsibly across strategic areas of the homeland security enterprise. DHS immediately saw a strong response and received thousands of applicants interested in AI technology experts looking to further the Department’s AI work across strategic areas of the homeland security enterprise.  

To read the DHS safety and security guidelines for critical infrastructure owners and operators, please visit: Safety and Security Guidelines for Critical Infrastructure Owners and Operators | Homeland Security (dhs.gov).

To read the DHS report on Chemical, Biological, Radiological, and Nuclear (CBRN) threats, please visit: FACT SHEET: DHS Advances Efforts to Reduce the Risks at the Intersection of Artificial Intelligence and Chemical, Biological, Radiological, and Nuclear (CBRN) Threats | Homeland Security.

To learn more about how DHS uses AI technologies to protect the homeland, visit Artificial Intelligence at DHS.

Source: US Department of Homeland Security

Group Chaired by Secretary Mayorkas Will Consider Ways to Promote Safe and Secure Use of AI in our Nation’s Critical Infrastructure 

WASHINGTON, D.C. – Today, the Department of Homeland Security announced the establishment of the Artificial Intelligence Safety and Security Board (the Board). The Board will advise the Secretary, the critical infrastructure community, other private sector stakeholders, and the broader public on the safe and secure development and deployment of AI technology in our nation’s critical infrastructure. The Board will develop recommendations to help critical infrastructure stakeholders, such as transportation service providers, pipeline and power grid operators, and internet service providers, more responsibly leverage AI technologies. It will also develop recommendations to prevent and prepare for AI-related disruptions to critical services that impact national or economic security, public health, or safety.  

President Biden directed Secretary Alejandro N. Mayorkas to establish the Board, which includes 22 representatives from a range of sectors, including software and hardware companies, critical infrastructure operators, public officials, the civil rights community, and academia.  The inaugural members of the Board are:  

• Sam Altman, CEO, OpenAI; 
• Dario Amodei, CEO and Co-Founder, Anthropic; 
• Ed Bastian, CEO, Delta Air Lines; 
• Rumman Chowdhury, Ph.D., CEO, Humane Intelligence; 
• Alexandra Reeve Givens, President and CEO, Center for Democracy and Technology  
• Bruce Harrell, Mayor of Seattle, Washington; Chair, Technology and Innovation Committee, United States Conference of Mayors; 
• Damon Hewitt, President and Executive Director, Lawyers’ Committee for Civil Rights Under Law; 
• Vicki Hollub, President and CEO, Occidental Petroleum; 
• Jensen Huang, President and CEO, NVIDIA; 
• Arvind Krishna, Chairman and CEO, IBM; 
• Fei-Fei Li, Ph.D., Co-Director, Stanford Human-centered Artificial Intelligence Institute;  
• Wes Moore, Governor of Maryland; 
• Satya Nadella, Chairman and CEO, Microsoft; 
• Shantanu Narayen, Chair and CEO, Adobe; 
• Sundar Pichai, CEO, Alphabet;  
• Arati Prabhakar, Ph.D., Assistant to the President for Science and Technology; Director, the White House Office of Science and Technology Policy; 
• Chuck Robbins, Chair and CEO, Cisco; Chair, Business Roundtable; 
• Adam Selipsky, CEO, Amazon Web Services; 
• Dr. Lisa Su, Chair and CEO, Advanced Micro Devices (AMD); 
• Nicol Turner Lee, Ph.D., Senior Fellow and Director of the Center for Technology Innovation, Brookings Institution;  
• Kathy Warden, Chair, CEO and President, Northrop Grumman; and 
• Maya Wiley, President and CEO, The Leadership Conference on Civil and Human Rights. 

DHS is responsible for the overall security and resilience of the nation’s critical infrastructure, which hundreds of millions of Americans rely on every day to light their homes, conduct business, exchange information, and put food on the table. Critical infrastructure encompasses sixteen sectors of American industry, including our defense, energy, agriculture, transportation, and internet technology sectors. The Board will advise DHS on ensuring the safe and responsible deployment of AI technology in these sectors in the years to come, and it will look to address threats posed by this technology to these vital services.

“Artificial Intelligence is a transformative technology that can advance our national interests in unprecedented ways. At the same time, it presents real risks— risks that we can mitigate by adopting best practices and taking other studied, concrete actions,” said Secretary Mayorkas.  “I am grateful that such accomplished leaders are dedicating their time and expertise to the Board to help ensure our nation’s critical infrastructure—the vital services upon which Americans rely every day—effectively guards against the risks and realizes the enormous potential of this transformative technology.” 

Secretary Mayorkas selected these experts to develop multifaceted, cross-sector approaches to pressing issues surrounding the benefits and risks of this emerging technology. It will convene for the first time in Early May with subsequent meetings planned quarterly. At the outset, the Board will: 1) provide the Secretary and the critical infrastructure community with actionable recommendations to ensure the safe adoption of AI technology in the essential services Americans depend upon every day, and 2) create a forum for DHS, the critical infrastructure community, and AI leaders to share information on the security risks presented by AI. 

The Board will help DHS stay ahead of evolving threats posed by hostile nation-state actors and reinforce our national security by helping to deter and prevent those threats. The DHS Homeland Threat Assessment of 2024 warns the public of the threat AI-assisted tools pose to our economic security and critical infrastructure, including how these technologies “have the potential to enable larger scale, faster, efficient, and more evasive cyber attacks—against targets, including pipelines, railways, and other US critical infrastructure.” It also concludes that nation states, including the People’s Republic of China, are developing “other AI technologies that could undermine U.S. cyber defenses, including generative AI programs that support malicious activity such as malware attacks.” 

Shantanu Narayen, Chair & CEO, Adobe: “Adobe is honored to be a part of the Artificial Intelligence Safety and Security Board to share learnings and recommendations with Secretary Mayorkas and key stakeholders across the public and private sectors. This Board holds enormous potential to advance AI technology, establishing guidelines that will help AI enhance and secure our nation’s critical infrastructure while mitigating any risks it could pose.” 

Dr. Lisa Su, Chair and CEO, Advanced Micro Devices: “The widespread use of AI has the potential to improve every aspect of our daily lives. It is critical that we work across the public and private sectors to adopt a collaborative and responsible approach that will ensure we harness the incredible power of AI for good.  I am honored to work alongside such an esteemed group of colleagues on this important issue.” 

Adam Selipsky, CEO, Amazon Web Services: “As one of the world’s leading developers and deployers of AI tools and services, AWS supports fostering the safe, secure, and responsible development of AI technology. We appreciate the opportunity to serve as an inaugural member of the Artificial Intelligence Safety and Security Board, and we are committed to continued collaboration with policymakers, industry, researchers, critical infrastructure providers, and the AI community to advance the responsible and secure use of AI.” 

Dario Amodei, CEO and Co-Founder, Anthropic: “AI technology is capable of offering immense benefits to society if deployed responsibly, which is why we’ve advocated for efforts to test the safety of frontier AI systems to mitigate potential risks. We’re proud to contribute to studying the implications of AI on protecting critical infrastructure with other leaders in the public and private sectors. Safe AI deployment is paramount to securing infrastructure that powers American society, and we believe the formation of this board is a positive step forward in strengthening U.S. national security.”  

Chuck Robbins, Chair and CEO, Cisco; Chair, Business Roundtable: “AI must be as safe, secure, and responsible as it is revolutionary. This collective effort underscores the importance of deploying AI innovations in a manner that safeguards our nation’s critical infrastructure. I look forward to working with Secretary Mayorkas and other members of the Board to strengthen American resilience in today’s rapidly evolving threat landscape.” 

Ed Bastian, CEO, Delta Air Lines: “By driving innovative tools like crew resourcing and turbulence prediction, AI is already making significant contributions to the reliability of our nation’s air travel system, and it promises to further transform the travel experience in the years ahead. I’m honored to serve on this board, which will help ensure that this technology is developed and deployed safely and securely without disrupting vital transportation infrastructure or millions of critical transportation jobs nationwide.” 

Rumman Chowdhury, Ph.D., CEO, Humane Intelligence: “Grappling with the implications of Artificial intelligence on critical infrastructure is necessary to ensure equitable and tangible benefits of this technology to all Americans. Humane Intelligence is looking forward to engaging on these timely issues.” 

Arvind Krishna, Chairman and CEO, IBM: “Artificial intelligence is a game-changing technology that is making businesses smarter, stronger, and safer. AI’s ability to analyze threat information at scale can help protect the nation’s critical infrastructure from cyberattacks, an imperative that I look forward to advancing as a member of the AI Safety and Security Board.” 

Maya Wiley, President and CEO, The Leadership Conference on Civil and Human Rights: “It is critical to have a civil rights perspective on any board with the mission to responsibly deploy artificial intelligence in our nation’s infrastructure. Critical infrastructure plays a key role ensuring everyone has equal access to information, goods, and services. It also poses great threats, including the spread of bias and hate speech online, stoking fear, distrust, and hate in our communities of color. I am looking forward to joining my colleagues as we discuss the ethical deployment of AI across our critical infrastructure to promote and protect the civil and human rights of every person in the United States.” 

Satya Nadella, Chairman and CEO, Microsoft: “Artificial Intelligence is the most transformative technology of our time, and we must ensure it is deployed safely and responsibly. Microsoft is honored to participate in this important effort and looks forward to sharing both our learnings to date, and our plans going forward. We thank Secretary Mayorkas for including us in this important endeavor and look forward to the continued partnership.” 

Fei-Fei Li, Ph.D., Co-Director, Stanford Human-centered Artificial Intelligence Institute: “I’m honored to join this group of interdisciplinary leaders to steward this world-changing technology responsibly and in a human-centered way. Ultimately AI is a tool, a potent tool, and it must be developed and applied with an understanding of how it will impact the individual, community, and society at large.” 

Bruce Harrell, Mayor of Seattle, Washington and Chair, Technology and Innovation Committee, United States Conference of Mayors: “Advancement in artificial intelligence and machine learning technologies offer significant opportunities to transform our society and world. Civic, business, academic, and philanthropic partners have a responsibility to foster this innovation in a way that ensures the development, deployment, and use of these technologies is safe, secure, and ethical. I am honored to serve alongside leaders who share a commitment to leverage technological advancements to address our greatest challenges and capitalize on our greatest opportunities. Together, this Board will advance critical work to safeguard critical infrastructure from real threats and to meet the dynamic needs of today and the future.” 

Arati Prabhakar, Assistant to the President for Science and Technology; Director, the White House Office of Science and Technology Policy: “AI is one of the most powerful technologies of our time. President Biden has made clear that we must manage AI’s risks so that we can seize its benefits. Thanks to Secretary Mayorkas for taking action to protect America’s critical infrastructure—our energy system, banking, health care, and communications—from AI risks and harms.” 

The launch of the Board is a keystone of wide-ranging efforts within DHS to respond to the rapid emergence of AI technology. In March 2024, DHS debuted its first “Artificial Intelligence Roadmap,” which details the Department’s 2024 plans to responsibly leverage AI to advance homeland security missions while protecting individuals’ privacy, civil rights, and civil liberties; promote nationwide AI safety and security; and, continue to lead in AI through strong cohesive partnership. 

The Department’s latest efforts follow President Biden’s Executive Order (EO), “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence,” signed in October 2023. In the EO, the President directed Secretary Mayorkas to establish the AI Safety and Security Board to support the responsible development of AI. The President also directed DHS to promote the adoption of AI safety standards globally, protect U.S. networks and critical infrastructure, reduce the risks that AI can be used to create weapons of mass destruction, combat AI-related intellectual property theft, and help the United States attract and retain skilled talent, among other missions. 

To accelerate the deployment of AI and machine learning technologies throughout the Department, Secretary Mayorkas announced in February the Department’s first-ever hiring sprint to recruit 50 experts to better leverage these technologies across strategic areas of the homeland security enterprise. These include efforts to counter fentanyl, combat child sexual exploitation and abuse, deliver immigration services, secure travel, fortify our critical infrastructure, and enhance our cybersecurity. DHS has received over 4,000 applications to date and is in the process of reviewing and hiring AI technologists to support mission-enhancing initiatives.  

The Department continues to accept applications at https://www.dhs.gov/ai/join. 

In April 2023, DHS established the Department’s first AI Task Force and named Eric Hysen its first Chief AI Officer. The Task Force’s focus is on DHS’s entire mission space. For example, it is working to enhance the integrity of our supply chains and the broader trade environment by helping deploy AI to improve cargo screening, the identification of imported goods produced with forced labor, and risk management. Secretary Mayorkas also charged the Task Force with using AI to better detect fentanyl shipments, identify and interdict the flow of precursor chemicals around the world, and disrupt key nodes in criminal networks. 

To learn more about how DHS uses AI technologies to protect the homeland, visit Artificial Intelligence at DHS at https://www.dhs.gov/ai.  

###

Source: US Department of Homeland Security

Competition Crowdsources, Engages Citizen Inventors Directly to Find Promising Clean Energy Storage Solutions

WASHINGTON – As the Biden-Harris Administration celebrates Earth Day, the Department of Homeland Security (DHS) announced the five winners of the Clean Power for Hours Challenge, awarding a total of $835,000 to recipients for their innovative clean energy solutions to keep essential services functioning during power outages. Developed by DHS’s Science and Technology Directorate (S&T) and Cybersecurity and Infrastructure Security Agency (CISA), the purpose of this Challenge, one in a series of DHS prize competitions, is to strengthen resilience to extreme weather events worsened by climate change and encourage the development of groundbreaking solutions for environmental hazards facing communities across the country.

Extreme weather has increased the frequency of power outages, with the average duration of electricity interruption exceeding five hours. Critical facilities that provide services and functions essential to a community during and after a disaster often rely solely on electricity for power. These include hospitals, water and wastewater treatment facilities, police and security services, and places of refuge. While critical facilities have backup generators onsite to supply electricity in the case of a grid failure, they typically rely on a finite supply of diesel fuel onsite. Affordable, easy-to-use, and environmentally friendly solutions supported by the Clean Power for Hours Challenge will improve energy reliability and enhance the resilience of National Critical Functions (NCF)—government and private-sector functions so vital that their disruption would debilitate security, the economy, public health, or safety.

“When disaster strikes, restoring electric power can quickly become a matter of life or death. It is required to keep utilities like water treatment plants running, emergency rooms operational, first responders in communication with each other, and much more,” said Secretary of Homeland Security Alejandro N. Mayorkas. “The Clean Power for Hours Challenge empowers some of our most creative citizen innovators to help strengthen the resilience of our critical infrastructure and support communities in their moment of need – all while moving our country towards a clean energy future.”

“As S&T contributes to the global response to climate change, we recognize the winners of the Clean Power for Hours Challenge and the next-generation technologies they are developing,” said Dr. Dimitri Kusnezov, DHS Under Secretary for Science and Technology. “The Challenge winners offer ready-to-field energy storage solutions with the potential to advance the DHS mission to strengthen national climate resilience and address supply chain challenges in sourcing minerals and materials for energy technologies.”

“CISA is proud to support the Clean Power for Hours Challenge. By its very nature, climate resilience is infrastructure resilience,” said CISA Director Jen Easterly. “Ensuring that lifeline critical infrastructure facilities have sustainable, robust back-up power solutions is paramount to maintaining the resilience of our nation’s infrastructure. This Challenge not only promotes the adoption of innovative, environmentally friendly energy solutions, but it also reinforces the importance of protecting the essential services that underpin emergency response, public health, and national security. We look forward to seeing these solutions in action.”

The Clean Power for Hours Challenge builds on federal government-wide efforts to stimulate innovation and partnership and expand the American public’s participation in science. A panel of judges who are experts in climate change, resilience, and energy storage selected the winners using specific selection criteria and hypothetical use to identify solutions that can provide backup power to small-scale facilities or utility assets as a substitute for fossil fuel-powered generators.

The Challenge had two stages.  During Stage 1, DHS awarded nine finalists $15,000 each for a written or video submission describing how their solution meets the judging criteria. Those finalists progressed to Stage 2, where they conducted live demonstrations of their technology solutions at facilities or customer sites for judges to assess.

The Grand Prize winner awarded $400,000:

• Urban Electric Power, Inc. (Pearl River, NY), for its Rechargeable Zinc-Manganese Dioxide Battery Energy Storage System. The technology uses the chemistry found in alkaline batteries to make a rechargeable battery system for stationary energy storage applications. This solution is easy to use and safer for critical infrastructure in most need of protection than lithium batteries and cleaner than fossil fuels.

The Runner-up awarded $200,000:

•  Dr. Hari Dharan, Omnes Energy (Woodland, CA), for his Long Duration Power Delivery for Critical Infrastructure, a nonlithium technology that uses an electromagnetically suspended steel rotor (flywheel) coupled with a motor/generator.  The flywheel generates back-up power and is easy to run and fix during an emergency.

The “Innovator” Honorable Mention awarded $50,000:

• The startup company ElectricFish (Fremont, CA) for its 350squared technology — a containerized battery storage device which operates as a microgrid for local critical loads, distributed energy resource for the grid, and electric vehicle fast charger.

Other Honorable Mentions awarded $25,000 each:

• New Use Energy Solutions, Inc. (Phoenix, AZ) for the SunKit, an expandable battery+solar generator system and ONYX POWER LLC (Long Beach, CA) for its rugged, mobile, modular nanogrid that can recharge from the grid or solar.

DHS, S&T, CISA, and their government partners will continue working with the winners and provide for future opportunities, including assistance meeting mentors, establishing connections to technology accelerators, and finding opportunities to speak at conferences with broader security audiences.

To stay up to date with DHS S&T and prize competitions, visit the DHS Prize Competitions website and follow DHS S&T on LinkedIn, Twitter, Facebook, and Instagram.

Source: US Department of Homeland Security

WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) released the Physical Security Checklist for Polling Locations, a new tool designed to bolster security preparedness for the frontline of U.S. elections.

The checklist, part of CISA’s suite of election security resources, is tailored to empower election workers with actionable and accessible security measures for locations serving as temporary election facilities.

“Protecting against physical threats to election locations like polling places where Americans cast their vote is one of the most significant responsibilities election officials bear. CISA is committed to doing anything we can to support this mission,” said CISA Senior Advisor Cait Conley. “The people who run elections and those who volunteer to work at polling places are heroes, and CISA is proud to support them, including with critical threat awareness and planning tools such as this checklist. While no measure can eliminate all risk, these resources empower officials to understand, mitigate, and address security challenges proactively.”

The resource is designed for simplicity, requiring no prior security expertise for implementation. It covers pre-planning and Election Day procedures and is adaptable to individual facility needs and resources. Through a series of yes or no questions, election workers and volunteers can assess potential security threats and incidents, aiding in the establishment and improvement of physical security measures.

The Physical Security Checklist for Polling Locations is one of a collection of resources CISA has developed to support the physical security of election infrastructure.  The agency has Protective Security Advisors serving all 50 states, District of Columbia, and territories who support state and local election officials through sharing information, conducting physical security assessments of election facilities, and offering no-cost services and trainings on areas like de-escalation techniques, responding to active shooter situations, and other physical threat specific offerings to address the evolving threats facing election officials.

For more information, or to access the checklist, visit Physical Security Checklist for Polling Locations.