Category: NCTC Resources

Source: US Department of Homeland Security

WASHINGTON – Today, the U.S. Department of Homeland Security (DHS) released the Cyber Safety Review Board’s (CSRB) findings and recommendations following its independent review of the Summer 2023 Microsoft Exchange Online intrusion. The review detailed operational and strategic decisions that led to the intrusion and recommended specific practices for industry and government to implement to ensure an intrusion of this magnitude does not happen again. Secretary of Homeland Security Alejandro N. Mayorkas received the CSRB report from the Board and delivered it to President Biden. This is the third review completed by the CSRB since the Board was announced in February 2022.

“Individuals and organizations across the country rely on cloud services every day, and the security of this technology has never been more important,” said Secretary Mayorkas. “Nation-state actors continue to grow more sophisticated in their ability to compromise cloud service systems. Public-private partnerships like the CSRB are critical in our efforts to mitigate the serious cyber threat these nation-state actors pose. The Department of Homeland Security appreciates the Board’s comprehensive review and report of the Storm-0558 incident. Implementation of the Board’s recommendations will enhance our cybersecurity for years to come.”

The CSRB provides a unique forum for leading government and industry experts to review significant cybersecurity events and provide independent, strategic, and actionable recommendations to the President, the Secretary, and the Director of the Cybersecurity and Infrastructure Security Agency (CISA) to better protect our nation. The Board is made up of cybersecurity leaders from the private sector and senior officials from DHS, CISA, the Defense Department, the National Security Agency, the Department of Justice, the Federal Bureau of Investigation, the Office of the National Cyber Director, and the Federal Chief Information Officer.

In August 2023, DHS announced that the CSRB would assess the recent Microsoft Exchange Online intrusion, initially reported in July 2023, and conduct a broader review of issues relating to cloud-based identity and authentication infrastructure affecting applicable cloud service providers (CSP) and their customers. The CSRB obtained data from and conducted interviews with 20 organizations and experts including cybersecurity companies, technology companies, law enforcement organizations, security researchers, academics, as well as several impacted organizations. 

The inclusive review process developed actionable findings and recommendations. As a result of the CSRB’s recommendations, CISA plans to convene major CSPs to develop cloud security practices aligned with the CSRB recommendations and a process for CSPs to regularly attest and demonstrate alignment.

“DHS is committed to efforts that meaningfully improve cybersecurity resilience and preparedness for our nation, and the work of the CSRB is reflective of our determination and dedication to this cause,” said CISA Director Jen Easterly. “I am confident that the findings and recommendations from the Board’s report will catalyze action to reduce risk to the critical infrastructure Americans rely on every day.”

The CSRB’s review found that the intrusion by Storm-0558, a hacking group assessed to be affiliated with the People’s Republic of China, was preventable. It identified a series of Microsoft operational and strategic decisions that collectively pointed to a corporate culture that deprioritized enterprise security investments and rigorous risk management, at odds with the company’s centrality in the technology ecosystem and the level of trust customers place in the company to protect their data and operations. The Board recommends that Microsoft develop and publicly share a plan with specific timelines to make fundamental, security-focused reforms across the company and its suite of products. Microsoft fully cooperated with the Board’s review.

“Cloud computing is some of the most critical infrastructure we have, as it hosts sensitive data and powers business operations across our economy,” said DHS Under Secretary of Policy and CSRB Chair Robert Silvers. “It is imperative that cloud service providers prioritize security and build it in by design. The Board has become the authoritative organization for conducting fact-finding and issuing recommendations in the wake of major cyber incidents, receiving extensive industry and expert input in each of its three reviews to date. We appreciate Microsoft’s full cooperation in the course of the Board’s seven-month, independent review. We also appreciate the input received from 19 additional companies, government agencies, and individual experts.”

“The threat actor responsible for this brazen intrusion has been tracked by industry for over two decades and has been linked to 2009 Operation Aurora and 2011 RSA SecureID compromises,” said CSRB Acting Deputy Chair Dmitri Alperovitch. “This People’s Republic of China affiliated group of hackers has the capability and intent to compromise identity systems to access sensitive data, including emails of individuals of interest to the Chinese government. Cloud service providers must urgently implement these recommendations to protect their customers against this and other persistent and pernicious threats from nation-state actors.”

The CSRB recommends specific actions to all cloud service providers and government partners to improve security and build resilience against the types of attacks conducted by Storm-0558 and associated groups. Select recommendations include:

• Cloud Service Provider Cybersecurity Practices: Cloud service providers should implement modern control mechanisms and baseline practices, informed by a rigorous threat model, across their digital identity and credential systems to substantially reduce the risk of system-level compromise.
   
• Audit Logging Norms: Cloud service providers should adopt a minimum standard for default audit logging in cloud services to enable the detection, prevention, and investigation of intrusions as a baseline and routine service offering without additional charge.
   
• Digital Identity Standards and Guidance: Cloud service providers should implement emerging digital identity standards to secure cloud services against prevailing threat vectors. Relevant standards bodies should refine, update, and incorporate these standards to address digital identity risks commonly exploited in the modern threat landscape.
   
• Cloud Service Provider Transparency: Cloud service providers should adopt incident and vulnerability disclosure practices to maximize transparency across and between their customers, stakeholders, and the United States government.
   
• Victim Notification Processes: Cloud service providers should develop more effective victim notification and support mechanisms to drive information-sharing efforts and amplify pertinent information for investigating, remediating, and recovering from cybersecurity incidents.
   
• Security Standards and Compliance Frameworks: The United States government should update the Federal Risk Authorization Management Program and supporting frameworks and establish a process for conducting discretionary special reviews of the program’s authorized Cloud Service Offerings following especially high-impact situations. The National Institute of Standards and Technology should also incorporate feedback about observed threats and incidents related to cloud provider security.

As directed by President Biden through Executive Order 14028 Improving the Nation’s Cybersecurity, Secretary Mayorkas established the CSRB in February 2022.  The Board’s investigations are conducted independently, and its conclusions are independently reached. DHS and the CSRB are committed to transparency and will, whenever possible, release public versions of CSRB reports, consistent with applicable law and the need to protect sensitive information from disclosure.

To read the full report, visit Report on Microsoft Online Exchange Incident from Summer 2023.

###

Source: US Department of Homeland Security

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) announces a new dedicated High-Risk Communities webpage today with cybersecurity resources for civil society communities at heightened risk of facing digital security threats because of their work. Through the Joint Cyber Defense Collaborative (JCDC) and building on priorities advanced through the Administration’s Summit for Democracy, CISA developed this valuable resource in collaboration with civil society organizations, government, and private industry partners to support these communities with their cybersecurity.

This webpage offers digital security resources specifically for high-risk communities, including Project Upskill, a suite of guides designed to equip non-technical individuals affiliated with high-risk organizations with simple steps to meaningfully improve their cyber hygiene. Other resources on the webpage include information on local cyber volunteer programs, and a repository of free or discounted cybersecurity tools and services available to high-risk communities.

“With experts across government and the private sector, we collaborated extensively to identify and develop actionable and easy-to-use resources for high-risk communities. We will continue to solicit input and feedback from partners across civil society as we collectively work to safeguard those organizations advancing democracy and human rights against cyber threats,” said CISA Director Jen Easterly. “CISA is especially pleased in the public-private collaboration that led to development and publication of these resources, reflecting shared commitment across government, industry, and civil society.” 

The High-Risk Communities planning effort furthers JCDC priorities by bringing together government and the private sector to execute cyber defense plans that achieve specific risk reduction goals and enable more focused collaboration. To learn more about JCDC, visit CISA.gov/JCDC.

All civil society organizations are encouraged to visit the High-Risk Communities webpage intended to serve as a one-stop-shop for cybersecurity guidance. 

Read CISA’s blog for more details on the High-Risk Communities effort.

###

About CISA 

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on Twitter, Facebook, LinkedIn, Instagram. 

Source: US Department of Homeland Security

CISA Urges Partnerships So We Can All Be “Resilient Together”

WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) kicks off the third annual Emergency Communications Month to honor the nation’s emergency responders and communicators, emphasizing the importance of emergency communications and the need to work together in building resilient critical infrastructure.

CISA is focused on how the nation can be “Resilient Together,” highlighting the importance of secure, interoperable emergency communications and how CISA supports this effort in collaboration with its partners across the emergency communications ecosystem. CISA encourages critical infrastructure organizations, state, local, tribal, and territorial government, and others to significantly bolster communications resiliency and emergency preparedness by enrolling in free priority telecommunications services. These services, which include the Government Emergency Telecommunications Service (GETS) and Wireless Priority Service (WPS), enable essential personnel to communicate when networks are degraded or congested due to weather events, mass gatherings, cyber incidents, or events stemming from human error.

Through its emergency communications mission, CISA conducts extensive outreach across the nation. These efforts are aimed at bolstering the capacity of emergency response providers and government officials to communicate effectively during crises such as natural disasters, cyber incidents or other hazards that impact landline and wireless communications. CISA’s programs and services coordinate emergency communications planning, preparation, and evaluation to ensure safer, better-prepared communities nationwide. Moreover, CISA offers essential guidance on establishing protocols for identifying and promptly reporting significant cyber incidents to relevant personnel, local law enforcement, and the agency. CISA serves as a vital resource, collaborating with both government and industry partners to strengthen and enhance emergency communication capabilities, thereby reinforcing our nation’s resilience.

“As the nation’s cyber defense agency and the national coordinator for infrastructure security, CISA’s mission continues to prioritize ensuring interoperable, secure, and resilient emergency communications for our nation,” remarked CISA Director Jen Easterly. “In this third Emergency Communications Month, we not only honor our invaluable emergency communications partners nationwide but also urge them to enroll in our priority telecommunications services. By emphasizing the ‘Resilient Together’ theme, we aim to unite efforts towards integrating the next generation of emergency communications systems, thereby enhancing the safety and security of our nation and its critical infrastructure.”

On April 30, CISA will host an informational webinar to provide overviews of the GETS and WPS services. Organizations can begin the enrollment process here: www.cisa.gov/apply-pts. CISA’s Priority Telecommunications Service Center assists with the enrollment process and can be reached by phone at 866-627-2255 or by email at support@gwids.cisa.gov.

To learn more about Emergency Communications Month and how to amplify our resources, visit https://www.cisa.gov/emergency-communications-month.

About CISA 

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on Twitter, Facebook, LinkedIn, Instagram. 

Source: US Department of Homeland Security

WASHINGTON – Today, the Federal Register posted for public inspection the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Notice of Proposed Rulemaking (NPRM), which CISA was required to develop by the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). This marks a major step in bolstering America’s cybersecurity. 

Implementation of CIRCIA will improve CISA’s ability to use cybersecurity incident and ransomware payment information reported to the agency to identify patterns in real-time, fill critical information gaps, rapidly deploy resources to help entities that are suffering from cyber attacks, and inform others who would be potentially affected. When information about cyber incidents is shared quickly, CISA can use this information to render assistance and provide warning to prevent other organizations from falling victim to a similar incident. This information is also critical to identifying trends that can help efforts to protect the homeland. The NPRM will soon formally publish in the Federal Register, following which the public will have 60 days to submit written comments to inform the direction and substance of the Final Rule. 

“Cyber incident reports submitted to us through CIRCIA will enable us to better protect our nation’s critical infrastructure,” said Secretary of Homeland Security Alejandro N. Mayorkas.  “CIRCIA enhances our ability to spot trends, render assistance to victims of cyber incidents, and quickly share information with other potential victims, driving cyber risk reduction across all critical infrastructure sectors. The proposed rule is the result of collaboration with public and private stakeholders, and DHS welcomes feedback during the public comment period on the direction and substance of the final rule.”

“CIRCIA is a game changer for the whole cybersecurity community, including everyone invested in protecting our nation’s critical infrastructure,” said CISA Director Jen Easterly. “It will allow us to better understand the threats we face, spot adversary campaigns earlier, and take more coordinated action with our public and private sector partners in response to cyber threats. We look forward to additional feedback from the critical infrastructure community as we move towards developing the Final Rule.”

Since September 2022, CISA has solicited input from public and private sector stakeholders, including the critical infrastructure community, as the agency developed the NPRM, and this open comment period is another opportunity for stakeholders to submit written comments on the NPRM. The NPRM contains proposed regulations for cyber incident and ransom payment reporting, as well as other aspects of the CIRCIA regulatory program. Implementation of CIRCIA enables CISA to develop insight into the cyber threat landscape to drive cyber risk reduction across the nation and to provide early warning to entities who may be at risk of targeting. The comments CISA received through the Request for Information (RFI) and listening sessions over the past year helped shape this NPRM. In turn, robust input on the NPRM will support our ability to implement CIRCIA to drive national cyber risk reduction.

Visit cisa.gov/CIRCIA to learn more.

About CISA 

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on Twitter, Facebook, LinkedIn, Instagram. 

Source: US Department of Homeland Security

WASHINGTON, DC – The Cybersecurity and Infrastructure Security Agency (CISA),  DC Homeland Security Emergency Management Agency (HSEMA) the Metropolitan Washington Council of Governments (COG), hosted a water system tabletop exercise (TTX) yesterday in the National Capital Region (NCR). The exercise focused on incident information sharing procedures and emergency response and recovery operations related to a hypothetical incident around local water systems as well as mechanisms to help keep the public’s drinking water safe.  

The exercise was not in response to any specific threat and there have been no significant security incidents or changes to the threat or the risk environment impacting the NCR water systems. Rather, this exercise supported the long-standing regional efforts, led by COG, the Interstate Commission on the Potomac River Basin (ICPRB), local emergency management agencies, major water providers, and other water and wastewater utilities to periodically review and improve the preparedness and resilience of the region’s water service systems. The Environmental Protection Agency (EPA), the Sector Risk Management Agency for the Water and Wastewater Sector, supported the exercise. Overall, the exercise contributed to federal goals that strengthen water system resilience locally, regionally, and nationally.

“Drinking water and wastewater systems are an essential community lifeline. A large portion of Water Sector functions are based in the digital world as well as deeply rooted in critical physical infrastructure. It is important to protect these systems from any form of attack to maintain their vital operations,” said Regional Director Bill Ryan, CISA Region 3. “Opportunities to train and exercise emergency plans as a team with our state and local partners allow us to collectively identify ways to keep the public safe, become more resilient and harden our capabilities through proactive multi-agency collaboration, coordination and strategic resource management before an incident happens.”

The exercise provided invaluable feedback to more than a dozen agencies regarding a variety of complex scenarios relevant to their roles and responsibilities. Specifically, the NCR Water TTX tested responses to water system threats focusing on the interconnectedness of water utilities, incident response, continuity plans, customer support, water distribution, and public messaging.

“Planning and preparing for incidents that have significant impacts on public health and safety are only one part of ensuring readiness to respond efficiently. Exercises are the other crucial aspect of testing our plans to improve our ability to successfully address and mitigate the impacts of water system incidents,” said Clint Osborn, Interim Director of HSEMA. “We are collaborating with our local, state, and federal partners so we can hit the ground running when we are faced with incidents that threaten our critical infrastructure.”

Exercises like this one are part of CISA’s continual outreach with public and private sector partners. CISA conducts dozens of exercises per year and actively engages with entities including but not limited to municipalities, sports leagues, critical infrastructure partners, schools, and other organizations around the country to develop and exercise response plans for all potential threats in today’s complex security environment. Individually, CISA and HSEMA participate in various exercises throughout the year on multiple levels and scales. From a national perspective, CISA has staff strategically positioned throughout the U.S. to advise on ways to enhance security and resilience. Every citizen is encouraged to speak up if they see something suspicious. If you see something, say something. Additional resources and tools are available on the agency’s website through its Hometown Security initiative.

About CISA 

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on Twitter, Facebook, LinkedIn, Instagram. 

Source: US Department of Homeland Security

WASHINGTON – Secretary of Homeland Security Alejandro N. Mayorkas today announced the extension and redesignation of Burma for Temporary Protected Status for 18 months, from May 26, 2024, to November 25, 2025, due to extraordinary and temporary conditions in Burma that prevent individuals from safely returning. The corresponding Federal Register notice provides information about how to register as a new first-time applicant or current beneficiary for TPS under Burma’s extension and redesignation.

After consultation with interagency partners, Secretary Mayorkas determined that an 18-month TPS extension and redesignation are warranted because conditions that support Burma’s TPS designation are ongoing. Burma’s democratically elected civilian government was overthrown in a military coup on February 1, 2021, giving rise to further widespread violence that continues to put individuals in Burma at significant risk. Burma also continues to face challenges in the provision of food, access to health care, and economic stability. 

Accompanying this announcement is a Special Student Relief notice for F-1 nonimmigrant students whose country of citizenship is Burma so that eligible students may request employment authorization, work an increased number of hours while school is in session, and reduce their course load while continuing to maintain F-1 status through the TPS designation period.

The extension of TPS for Burma allows approximately 2,300 current beneficiaries to retain TPS through November 25, 2025, if they continue to meet TPS eligibility requirements. The redesignation of Burma for TPS allows an estimated 7,300 additional nationals of Burma (or individuals having no nationality who last habitually resided in Burma) to file initial applications to obtain TPS, if they are otherwise eligible and if they established residence in the United States on or before March 21, 2024, and have continued to reside in the United States since then.

Re-registration is limited to individuals who previously registered for and were granted TPS under Burma’s prior designation. Current beneficiaries under TPS for Burma must re-register in a timely manner during the 60-day re-registration period from March 25, 2024, through May 24, 2024, to ensure they keep their TPS and employment authorization.

The Department of Homeland Security recognizes that not all re-registrants may receive a new Employment Authorization Document (EAD) before their current EAD expires and is automatically extending through May 25, 2025, the validity of EADs previously issued under Burma’s TPS designation. When the registration period for TPS for Burma opens on March 25, 2024, new registrants who are granted TPS and who filed an approved Form I-765, Application for Employment Authorization, under this announcement for extension and redesignation will be issued an EAD for 18 months that will be valid through November 25, 2025.

U.S. Citizenship and Immigration Services will continue to process pending applications filed under previous TPS designations for Burma. Individuals with a pending Form I-821, Application for Temporary Protected Status, or a related Form I-765, Application for Employment Authorization, as of March 25, 2024 do not need to file either application again. If USCIS approves a pending Form I-821 or Form I-765 filed under the previous designation of TPS for Burma, USCIS will grant the individual TPS through November 25, 2025, and issue an EAD valid through the same date.

Under the redesignation of Burma, eligible individuals who do not have TPS may submit an initial Form I-821, Application for Temporary Protected Status, during the initial registration period that runs from March 25, 2024, through November 25, 2025. Applicants also may apply for TPS-related EADs and for travel authorization. Applicants can request an EAD by submitting a completed Form I-765, Application for Employment Authorization, with their Form I-821, or separately later. 

The Federal Register notice explains eligibility criteria, timelines, and procedures necessary for current beneficiaries to re-register and renew EADs, and for new applicants to submit an initial application under the redesignation and apply for an EAD. 

Source: US Department of Homeland Security

The first step in this focused initiative includes an analysis of similarities and differences between the recommendations of the DHS Report on Harmonization of Cyber Incident Reporting to the Federal Government, and the cybersecurity incident reporting framework under the NIS 2 Directive in the EU

WASHINGTON – Today, the US Department of Homeland Security (DHS) and European Commission’s Directorate General for Communications, Networks, Content, and Technology (DG CONNECT) announced an initiative to compare cyber incident reporting elements that will inform cyber incident reporting requirements by the US, and European Union (EU) under the NIS 2 Directive. This transatlantic collaboration between the US and EU builds on their efforts to secure their people, critical infrastructure, and businesses against detrimental cyber activities.

The joint report developed by DHS and DG CONNECT, with support from their respective cybersecurity agencies, the Cybersecurity and Infrastructure Security Agency (CISA) and the European Agency for Cybersecurity (ENISA), provides a comparative assessment and factual overview of recommendations from the U.S. Cyber Incident Reporting Council and the 2023 DHS report on Harmonization of Cyber Incident Reporting to the Federal Government and EU’s Directive 2022/2555 on measures for high level of cybersecurity across the Union (i.e., NIS 2 Directive) by identifying the main similarities and divergences. The findings in this report will help inform DHS and DG CONNECT’s approach to evaluating cyber incident reporting processes in the future. The report identifies six main areas for comparative analysis between the DHS’s report and the EU’s Directive, including: (i) definitions and reporting thresholds, (ii) timelines, triggers and types of cyber incident reporting, (iii) contents of cyber incident reports, (iv) reporting mechanisms, (v) aggregation of incident data, and (vi) public disclosure of cyber incident information.

“Cyber incidents do not recognize borders and multinational companies are often required to report incidents across numerous jurisdictions. We are committed to harmonizing incident reporting rules domestically and with like-minded partners like the European Union whenever feasible. Our approach will allow governmental authorities to get the information they need to provide cyber defense while streamlining the process for victim organizations,” said Robert Silvers, DHS Under Secretary for Policy and Chair of the Cyber Incident Reporting Council.

“With the new NIS 2 Directive we created streamlined and future- proof European baseline cybersecurity rules, including on incident reporting, to the benefit of all stakeholders. Across the Atlantic, we seek to work together to compare relevant reporting requirements, including the form or format of information requested seeking ways to minimize the administrative burden on reporting entities,” said Roberto Viola, EC Director-General for Communications Networks, Content and Technology.

This initiative – which aligns with the 2024 Joint Statement between Secretary of Homeland Security Alejandro N. Mayorkas and European Commissioner for Internal Market Thierry Breton –marks the beginning of a process to align transatlantic cyber incident reporting where feasible. DHS & DG CONNECT invite industry from both the US and EU to share their input and reactions to our joint collaboration and approach to evaluating cyber incident reporting processes.

“This domain is critical as relevant government authorities must have access to information about cyber incidents that impact their citizens or otherwise raise safety and security concerns. Moreover, we recognize that over the next months, both the United States and the European Union will continue the work to put mandatory reporting regimes into effect, including by implementing more precise provisions on the process for incident reporting, content of the reports and timelines. It is important to stay connected on these issues and align where possible,” added Lorena Boix Alonso, EC Director for Digital Society, Trust and Cybersecurity.

“Over the next year our teams plan to continue our cooperation on a more technical level, including by mapping elements such as cybersecurity incident taxonomies, reporting templates, and the content of reports and formats. We will conduct an in-depth crosswalk of the DHS-developed Model Reporting Form against the NIS 2 required contents of reports to identify where there is overlap and disparities in the types of data being requested. As we continue these efforts moving forward, we must remain agile and adapt to the quickly evolving cyber threat landscape as nothing remains static in our digital world for long,” said Iranga Kahangama, DHS Assistant Secretary for Cyber, Infrastructure, Risk and Resilience.

The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), signed into law by President Biden in 2022, established the Cyber Incident Reporting Council (CIRC), led by DHS to “coordinate, deconflict, and harmonize Federal incident reporting requirements, including those issued through regulations.” The CIRC, which is chaired by DHS and includes representation from more than 30 agencies, outlined a series of actionable recommendations on how the U.S. Government can streamline and harmonize the reporting of cyber incidents to better protect the nation’s critical infrastructure. In 2023, DHS provided a report to Congress including recommendations of the Council entitled Harmonization of Cyber Incident Reporting to the Federal Government.

In January 2023, the NIS 2 Directive entered into force, giving EU Member States 21 months to transpose it into national law. The NIS 2 Directive builds on the requirements of its predecessor, Directive (EU) 2016/1148, concerning measures for a high common level of security of network and information systems across the Union (the NIS Directive), in force since 2016, but it raises the EU common level of ambition on cyber-security, through a wider scope, clearer rules and stronger supervision tools. The NIS 2 Directive harmonizes, strengthens, and streamlines security and incident reporting requirements for a larger number of entities, which are critical for the European economy and society.

The full report is available on DHS.gov.

###

Source: US Department of Homeland Security

In partnership with the City of New Orleans, with the Department of Homeland Security’s (DHS) Countering Weapons of Mass Destruction Office (CWMD), is hosting a multiday readiness event from Monday, March 18, through Friday, March 22. The purpose of this initiative is continuous collaboration, preparedness, and improvements for local, state, and federal first responders to address tactical, radiological, nuclear, and chemical scenarios and to enhance future operations.  

The City of New Orleans will remain proactive in ensuring continued public safety preparations for all major special events, such as Mardi Gras and the upcoming Super Bowl LIX, slated for Feb. 9, 2025. For instance, Mardi Gras is a designated Special Event Assessment Rating (SEAR) 2 event. SEAR ratings determine the risk level for events that may be considered potential threat targets and help to determine the security resources needed. This SEAR 2 rating allowed the City to receive additional federal support and public safety resources. 

“CWMD and DHS have a proud history of leading federal efforts – in close coordination with state and local officials – to ensure the public safety during special events, such as the Super Bowl and Mardi Gras,” said Assistant Secretary for CWMD Mary Ellen Callahan. “Providing equipment and training to state, local, tribal, and territorial law enforcement and first responders is one of CWMD’s primary functions to protect the nation from weapons of mass destruction. We truly appreciate the City of New Orleans’ inclusion in this exercise and their proactive steps to ensure their readiness for Super Bowl LIX.” 

“The City of New Orleans is proud to host our state and federal partners for these critical exercises and discussions,” said Mayor LaToya Cantrell. “As all our major cultural events continue to draw larger crowds, and as we prepare for Super Bowl LIX, it is vital that our local agencies remain in lockstep with all partners at the table. These preparations are necessary to continue to demonstrate how New Orleans is an international model for hosting and executing major events and festivals safely and successfully.” 

DHS’s CWMD spearheaded coordination efforts for this week’s initiative, working closely with approximately 13 federal, state, and local public safety agencies within New Orleans. Together, they identified operational needs, aligned strategic goals, and devised a comprehensive event for the entire region. 

To ensure seamless integration and consistency across events, DHS’s CWMD collaborated with regional partners, meticulously selecting scenarios that would test and enhance preparedness for multiple potential threats. 

The weeklong event in New Orleans will showcase the collaborative efforts from every level of the nation’s protective infrastructure, from local first responders to federal assets. It aims to bring agencies together under realistic conditions, promoting a managed, coordinated response. This achievement underscores the importance of professional relationships across agencies, collaborative support within the National Response Framework, and the diligent pursuit of bringing all stakeholders together. 

Source: US Department of Homeland Security

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) announces today the availability of the Repository for Software Attestation and Artifacts that software producers who partner with the federal government can use to upload software attestation forms and relevant artifacts. Last week, CISA and the Office of Management and Budget (OMB) announced the secure software development attestation form, which enables software producers serving the federal government to attest to implementation of specific security practices.  

Software integrity is key to protecting federal systems from malicious cyber actors seeking to disrupt our nation’s critical functions. This new repository will help federal agencies employ software from producers that attest to using sound secure development practices.  

“Software underpins nearly every service our government delivers on behalf of the American people. This is why CISA and our partners are working to transform federal cybersecurity practices by advancing strong software development security practices for the software upon which Americans depend,” said Executive Assistant Director for Cybersecurity Eric Goldstein. “The repository for software attestation and artifacts will enable a standardized process for agencies and software producers that provides transparency on the security of software development. We look forward to further refining the process to continue elevating software security across the federal enterprise.”   

OMB Memorandum M-22-18,” Enhancing the Security of the Software Supply Chain through Secure Software Development Practices,” and OMB Memorandum M-23-16, “Update to Memorandum M-22-18,” limit agencies’ ability to use software that is not developed using secure practices. The attestation form will allow software producers to confirm that they follow those practices. 

For more information, please visit: Secure Software Development Attestation Form. 

###

About CISA 

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on Twitter, Facebook, LinkedIn, Instagram.   

Source: US Department of Homeland Security

DHS Will Launch Three Pilot Projects to Test AI Technology to Enhance Immigration Officer Training, Help Communities Build Resilience and Reduce Burden for Applying for Disaster Relief Grants, and Improve Efficiency of Law Enforcement Investigations 

WASHINGTON – Today, Secretary of Homeland Security Alejandro N. Mayorkas and Chief Information Officer and Chief Artificial Intelligence Officer Eric Hysen announced the Department of Homeland Security’s (DHS) first “Artificial Intelligence Roadmap.” The roadmap details DHS’s 2024 plans, including to test uses of the technologies that deliver meaningful benefits to the American public and advance homeland security, while ensuring that individuals’ privacy, civil rights, and civil liberties are protected.  

As part of the roadmap, DHS announced three innovative pilot projects that will deploy AI in specific mission areas.  Homeland Security Investigations (HSI) will test AI to enhance investigative processes focused on detecting fentanyl and increasing efficiency of investigations related to combatting child sexual exploitation.  The Federal Emergency Management Agency (FEMA) will deploy AI to help communities plan for and develop hazard mitigation plans to build resilience and minimize risks.  And, United States Citizenship and Immigration Services (USCIS) will use AI to improve immigration officer training.  

“The unprecedented speed and potential of AI’s development and adoption presents both enormous opportunities to advance our mission and risks we must mitigate,” said Secretary of Homeland Security Alejandro N. Mayorkas. “The DHS AI roadmap and pilots will guide our efforts this year to strengthen our national security, improve our operations, and provide more efficient services to the American people, while upholding our commitment to protect civil rights, civil liberties, and privacy. What we learn from the pilot projects will be beneficial in shaping how the Department can effectively and responsibly use AI across the homeland security enterprise moving forward.” 

The roadmap lays out DHS’s initiatives in AI, describes the potential of AI technologies across the Department, and offers clearer visibility into the Department’s approach to AI, while underscoring the Department’s commitment to responsible utilization. 

The AI roadmap outlines three lines of effort DHS is using to guide its work:  

• Responsibly leverage AI to advance Homeland Security missions while protecting individuals’ privacy, civil rights, and civil liberties – DHS is committed to ensuring that its use of AI fully respects privacy, civil liberties, and civil rights, is rigorously tested to avoid bias, disparate impact, privacy harms, and other risks, and that it is understandable to the people we serve. 
   
• Promote Nationwide AI Safety and Security – Advances in AI will revolutionize the delivery of essential goods and services upon which Americans rely. AI can create tremendous efficiencies and benefits for citizens, but it can also present new and novel risks. To protect U.S. cyber networks and critical infrastructure, DHS will help govern the safe and responsible development and use of AI. 
   
• Continue to lead in AI through strong cohesive partnerships – DHS will foster strong relationships with private sector, academia, State, Local, Territorial, and Tribal  governments, international partners, non-government organizations, research institutions, and thought leaders to accelerate the development and deployment of AI solutions tailored to the unique challenges faced by the DHS. In line with the DHS’s commitment to transparency and visibility into the Department’s vision for AI and to ensuring responsible use, DHS will continue to share information and engage with communities, advocates, and partners to demonstrate responsible AI use.  

 DHS’s three new pilot programs will allow the Department to assess the efficacy of AI in improving its mission capabilities. Each pilot team is partnering with privacy, cybersecurity, and civil rights and civil liberties experts throughout their development and evaluation process. This work will inform Department-wide policies on AI governance. DHS offices and agencies submitted dozens of proposals for consideration to the Chief AI Officer, who selected three pilots that would best support evaluating the effectiveness of Large Language Models (LLM) and Generative AI technology at DHS. 

The new pilot programs announced today will:   

• Transform Security Investigative Processes, Unlock Data-Driven Insights, and Improve Mission Outcomes – HSI’s pilot project will strengthen their investigative processes by introducing a LLM-based system designed to enhance the efficiency and accuracy of summaries investigators rely upon. The LLM-based system will leverage open-source technologies to allow investigators to more quickly summarize and search for contextually relevant information within investigative reports. The pilot could lead to increases in detection of fentanyl-related networks, aid in identification of perpetrators and victims of child exploitation crimes, and surface key patterns and trends that could further HSI’s vital work. 
   
• Bolster Planning Assistance for Resilient Communities – FEMA will launch a GenAI pilot to create efficiencies for the hazard mitigation planning process for local governments, including underserved communities. Hazard mitigation plans are not only a foundational step that communities can take to build their resilience but can be lengthy to produce and challenging for communities that lack resources to do so. The pilot will specifically support State, Local, Tribal, and Territorial governments’ understanding of how to craft a plan that identifies risks and mitigation strategies as well as generate draft plan elements—from publicly-available, well-researched sources — that governments could customize to meet their needs. This pilot could lead to more communities having the ability to submit grant applications for funding to become more resilient and reduce disaster risks.  
   
• Enhance Immigration Officer Training through Generative AI – United States Citizenship and Immigration Services is developing an interactive application that uses GenAI to improve the way the agency trains immigration officer personnel. USCIS will generate dynamic, personalized training materials that adapt to officers’ specific needs and ensure the best possible knowledge and training on a wide range of current policies and laws relevant to their jobs. The goal is to help enhance trainees’ understanding and retention of crucial information, increase the accuracy of their decisionmaking process, and limit the need for retraining over time.  

The roadmap and announcement of pilot programs are the latest in the Department’s ongoing AI initiatives.  

In February, Secretary Mayorkas and CIO Hysen announced the Department’s first-ever hiring sprint to recruit 50 AI technology experts to help build teams that will help better leverage AI responsibly across strategic areas of the homeland security enterprise. These include efforts to counter fentanyl, combat child sexual exploitation and abuse, deliver immigration services, secure travel, fortify our critical infrastructure, and enhance our cybersecurity. DHS has received a strong response to date and is in the process of reviewing. interviewing, and hiring AI technologists to support mission-enhancing initiatives. The Department continues to accept applications on dhs.gov/AI. 

Last year, DHS established the Department’s first AI Task Force and named CIO Hysen its first Chief AI Officer. Informed by the Task Force’s work over the past 11 months, DHS has identified areas where AI can enhance the effectiveness of the Department’s efforts — helping pave the way for this roadmap and these new projects. The Task Force’s focus is on DHS’s entire mission space. For instance, it is working to enhance the integrity of our supply chains and the broader trade environment by helping deploy AI to improve cargo screening, the identification of imported goods produced with forced labor, and risk management. The Task Force is also charged with using AI to better detect fentanyl shipments, identify and interdict the flow of precursor chemicals around the world, and disrupt key nodes in criminal networks.  

The Department’s latest efforts follow President Biden’s Executive Order (EO) “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence,” signed in October2023. The EO directed DHS to promote the adoption of AI safety standards globally, protect U.S. networks and critical infrastructure, reduce the risks that AI can be used to create weapons of mass destruction, combat AI-related intellectual property theft, and help the United States attract and retain skilled talent, among other missions. The President has directed DHS to establish an AI Safety and Security Advisory Board to support the responsible development of AI. This Board will bring together preeminent industry experts from AI hardware and software companies, leading research labs, critical infrastructure entities, and the U.S. government. This Board will issue recommendations and best practices for an array of AI use cases to ensure AI deployments are secure and resilient. 

To read the DHS AI Roadmap, visit: AI Roadmap | Homeland Security (dhs.gov).  

To learn more about how DHS uses AI technologies to protect the homeland, visit Artificial Intelligence at DHS.