Category: United States Director of National Intelligence

Source: US Department of Homeland Security

WASHINGTON, D.C. – Today, the Office of the Director of National Intelligence (ODNI), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) released the following statement: 

“As each of us has indicated in prior public statements, Iran seeks to stoke discord and undermine confidence in our democratic institutions. Iran has furthermore demonstrated a longstanding interest in exploiting societal tensions through various means, including through the use of cyber operations to attempt to gain access to sensitive information related to U.S. elections. In addition to these sustained efforts to complicate the ability of any U.S. administration to pursue a foreign policy at odds with Iran’s interests, the IC has previously reported that Iran perceives this year’s elections to be particularly consequential in terms of the impact they could have on its national security interests, increasing Tehran’s inclination to try to shape the outcome. We have observed increasingly aggressive Iranian activity during this election cycle, specifically involving influence operations targeting the American public and cyber operations targeting Presidential campaigns. 

This includes the recently reported activities to compromise former President Trump’s campaign, which the IC attributes to Iran. The IC is confident that the Iranians have through social engineering and other efforts sought access to individuals with direct access to the Presidential campaigns of both political parties. Such activity, including thefts and disclosures, are intended to influence the U.S. election process. It is important to note that this approach is not new.  Iran and Russia have employed these tactics not only in the United States during this and prior federal election cycles but also in other countries around the world.  

Protecting the integrity of our elections from foreign influence or interference is our priority.  As the lead for threat response, the FBI has been tracking this activity, has been in contact with the victims, and will continue to investigate and gather information in order to pursue and disrupt the threat actors responsible. We will not tolerate foreign efforts to influence or interfere with our elections, including the targeting of American political campaigns. As an interagency we are working closely with our public and private sector partners to share information, bolster security, and identify and disrupt any threats.  Just as this activity demonstrates the Iranians’ increased intent to exploit our online platforms in support of their objectives, it also demonstrates the need to increase the resilience of those platforms. Using strong passwords and only official email accounts for official business, updating software, avoiding clicking on links or opening attachments from suspicious emails before confirming their authenticity with the sender, and turning on multi-factor authentication will drastically improve online security and safety.

The FBI and CISA encourage campaigns and election infrastructure stakeholders to report information concerning suspicious or criminal activity to their local Election Crime Coordinators via FBI field office (), by calling 1-800-CALL-FBI (1-800-225-5324), or online at ic3.gov. Cyber incidents impacting election infrastructure can also be reported to CISA by calling 1-844-Say-CISA (1-844-729-2472), emailing report@cisa.dhs.gov, or reporting online at cisa.gov/report. Election infrastructure stakeholders and the public can find additional resources about how to protect against cyber and physical threats at CISA’s #PROTECT2024 (https://www.cisa.gov/protect2024).”

###

About CISA 

Source: US Department of Homeland Security

During emergency events, the Department of Homeland Security (DHS) works with its federal, state, local, and non-governmental partners to support the needs of the people in the areas that may be impacted.

In such circumstances, U.S. Immigration and Customs Enforcement (ICE) and U.S. Customs and Border Protection (CBP) remind the public that sites that provide emergency response and relief are considered protected areas. To the fullest extent possible, ICE and CBP do not conduct immigration enforcement activities at protected areas such as along evacuation routes, sites used for sheltering or the distribution of emergency supplies, food or water, or registration sites for disaster-related assistance or the reunification of families and loved ones.

At the request of FEMA or local and state authorities, ICE and CBP may help conduct search and rescue, air traffic de-confliction and public safety missions. ICE and CBP provide emergency assistance to individuals regardless of their immigration status. DHS officials do not and will not pose as individuals providing emergency-related information as part of any enforcement activities.

DHS is committed to ensuring that every individual who seeks shelter, aid, or other assistance as a result of a natural disaster or emergency event is able to do so regardless of their immigration status.

DHS carries out its mission without discrimination on the basis of race, religion, gender, sexual orientation or gender identity, ethnicity, disability or political associations, and in compliance with law and policy.

For information about filing a complaint with the DHS Office for Civil Rights and Civil Liberties about these matters, please visit our Make a Civil Rights Complaint page.

Source: US Department of Homeland Security

WASHINGTON – Today, as part of their public service announcement (PSA) series to put potential election day cyber related disruptions during the 2024 election cycle into context for the American people, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) jointly released Just So You Know: Ransomware Disruptions During Voting Periods Will Not Impact the Security and Resilience of Vote Casting or Counting. FBI and CISA are issuing this PSA to inform the public that while ransomware attacks against state or local government networks or election infrastructure could cause localized delays, they will not compromise the security or accuracy of vote casting or counting processes.

To date, any successful ransomware attack on election infrastructure tracked by the FBI and CISA has remained localized and successfully managed with minimal disruption to election operations and no impact on the security or accuracy of ballot casting or tabulation processes or systems. In prior U.S. and foreign elections, malicious actors have sought to spread or amplify false or exaggerated claims about cyber incidents in an attempt to manipulate public opinion, discredit the electoral process, or undermine confidence in U.S. democratic institutions. We could see foreign actors attempt to mislead American voters about the actual impact of a ransomware event on elections in this election cycle as part of their larger foreign malign influence campaigns.

It is important for the public to know that election officials use a multi-layer approach to security that employs a variety of technological, physical, and procedural controls to prevent cyber intrusions, like ransomware, from impacting the security and resilience of vote casting and counting systems.

“While ransomware continues to be a significant cybersecurity concern, it is important to note that security measures put in place by election officials and election vendors ensure these incidents will not impact the security of the vote casting or tabulation systems and processes,” said CISA Senior Advisor Cait Conley. “We will continue to work tirelessly with our election infrastructure partners to uphold the American people’s confidence in 2024 elections and our democratic process.”

“Combatting ransomware attacks is a top priority for the FBI, especially during elections,” said FBI Cyber Division Deputy Assistant Director Cynthia Kaiser. “While the FBI will continue to leverage its tools and partnerships to combat cyber criminals, the public should be aware that ransomware is extremely unlikely to affect the integrity of voting systems or the electoral process.”

###

About CISA 

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on Twitter, Facebook, LinkedIn, Instagram. 

Source: US Department of Homeland Security

GLYNCO – On August 15, the U.S. Department of Homeland Security (DHS) hosted an awards ceremony at the Federal Law Enforcement Training Center (FLETC) Headquarters in Glynco, Georgia, where 190 employees received a Secretary’s Award in recognition of their outstanding contributions to the Department’s mission.

“Every single day, with great determination, integrity, and skill, the 268,000 men and women of the Department of Homeland Security ensure the safety and security of the American people,” said Secretary of Homeland Security Alejandro N. Mayorkas. “Thanks to these extraordinary public servants, our shores, harbors, skies, cyberspace, and borders are protected; fentanyl and other deadly drugs are prevented from entering our country; communities are able to recover and rebuild after a natural disaster; the scourges of human trafficking, forced labor, and online exploitation are mitigated; and so much more. The individuals we recognize today with our Department’s highest honor, the Secretary’s Award, reflect the very best of DHS – and in their selfless dedication to mission, the very best of public service.”

The DHS Secretary’s Awards are an annual program that recognizes the extraordinary individual and collective achievements of the workforce. The 190 awardees recognized in today’s ceremony represent FLETC, U.S. Citizenship and Immigration Services (USCIS), Transportation Security Administration (TSA), U.S. Coast Guard (USCG), Immigration and Customs Enforcement (ICE), Cybersecurity and Infrastructure Security Agency (CISA), U.S. Customs and Border Protection (CBP), Federal Emergency Management Agency (FEMA), Countering Weapons of Mass Destruction Office (CWMD) and the Management (MGMT) directorate.

“In recognizing these outstanding DHS personnel with a Secretary’s Award, we recognize all our talented personnel; the achievements of one are not possible without the contributions of others,” added Secretary Mayorkas. “We also express our appreciation to their families and loved ones; when one serves, the family serves too.”

This year’s award recipients developed and issued policy and procedures associated with a whole-scale transition to a new pay system for TSA; launched a series of coordinated and collaborative initiatives, operations and investigations targeting Transnational Criminal Organizations (TCOs) and national security threats operating and transiting through the Darien Gap region; arrested over 8,000 human smugglers, produced over 5,000 intelligence reports, and seized over $38M USD in real property; ensured over 2,300 vital alerts and warnings were provided to owners and operators of critical infrastructure to protect against cyberattacks; among many other achievements.

This year, DHS is holding nine Secretary’s Awards ceremonies across the country, honoring over 1,700 employees, the most annual awardees ever.

Last year, Secretary Mayorkas unveiled 12 priorities for the Department, including a commitment to champion the workforce and transform the employee experience. DHS has the third largest workforce of any federal department, behind the Department of Defense and Department of Veterans Affairs. The Department is home to more than 92,000 sworn law enforcement officers, the greatest number of law enforcement officers of any department in the federal government. DHS has committed to increasing the representation of women in law enforcement or related occupations at DHS to 30% by 2030. Over 54,000 veterans, or nearly 21% of the workforce, continue serving their country by working at DHS.

DHS operational components interact more frequently on a daily basis with the American public than any other federal department, from travelers moving through air, land, and sea ports of entry, to businesses importing goods into the country, to immigrants applying for services. To learn more about the impact DHS makes every day, visit: DHS.gov/TodayDHSWill.

Last year, DHS improved the efficiency of processing noncitizens at the Southwest Border, deployed across the country to respond to natural disasters, investigated cybercrimes, created a new streamlined process for adjudicating asylum applications, safely and securely resettled nearly 90,000 evacuated Afghans in the United States, provided resources for organizations to enhance their cybersecurity resilience, established a process for Ukrainian nationals seeking refuge, secured the 2022 midterm elections, and demonstrated heroism by acting quickly and courageously to save lives in harrowing circumstances.  

For the full list of awardees, visit  2024 Secretary’s Awards | Homeland Security (dhs.gov).

###

Source: US Department of Homeland Security

WASHINGTON – Today, the Department of Homeland Security (DHS) is sharing new resources for educators, school administrators, coaches, and others who work with kids and teens to better understand the risks of online child sexual exploitation and abuse (CSEA) and help them stay safe online. For the first time, Know2Protect, DHS’s national public awareness campaign to prevent online CSEA, is providing tips and classroom materials directly targeted for educators, with the goal of raising awareness of the importance of internet safety as part of everyone’s back-to-school routine. These Know2Protect resources are part of a new Back2School campaign that is connecting with dozens of teaching groups, educational associations, youth-serving organizations, and other partners who can reach kids in schools during the academic year.

“The dangerous and too-often tragic reality is that predators target children online,” said Secretary of Homeland Security Alejandro N. Mayorkas. “Last year, there were more than 36 million reports of online child sexual exploitation worldwide. To combat this scourge, our Know2Protect campaign is equipping teachers, school administrators, and others – the trusted and well-positioned adults in whom children often confide – to help their students identify and prevent this crime. With a better understanding of online child sexual exploitation, tips for how to spot it when it occurs, and guidance on how to report incidents, we can protect our children online and save them from abuse and tragedy.”

“The Know2Protect Back2School resources are easy to understand, and they will help ensure that our Scouting parents and youth are better prepared to stay safe online,” explained Glen Pounder, Senior Vice President, and Chief Safeguarding Officer at Scouting America. “We are proud of our partnership with DHS and honored to be on the front line helping to protect children and youth online.”

“Empowering children with the knowledge to recognize and avoid the dangers of exploitation and abuse is critical in our mission to help make sure every child has a safe childhood,” said Derrick Driscoll, Chief Operating Officer of the National Center for Missing & Exploited Children. “Educational tools and resources, like DHS’s Know2Protect Back2School campaign, play a vital role in this effort. We are honored to partner with them, as together, we can make a real difference in protecting and educating our children.”

“Educators are often the first responders when it comes to dealing with the real-world impact of the horror of online child exploitation and abuse,” said American Federation of Teachers President Randi Weingarten. “They are dedicated to helping kids stay safe and to supporting them socially and emotionally when they encounter criminal activity. This back-to-school season, we are proud to be working with DHS to protect students and their families from this imminent and evolving threat.”

“Research shows the connection between students’ feelings of safety and security and the ability of their brains to learn,” said Elisa Villanueva Beard, Chief Executive Officer, Teach For America, and Chair, Homeland Security Academic Partnership Council (HSAPC). “DHS’s Know2Protect campaign and the resources they are providing are important steps to raise awareness of the prevalence of online threats against our country’s most precious resource, our children, and the need for all of us to be active in the effort to address these threats. Working together, we can ensure every child can learn, lead, and thrive without fear of being targeted online.”

“Keeping students safe online can sometimes feel like an overwhelming task for educators and parents alike,” said Suzanne Walsh, President of Bennett College. “Know2Protect’s Back2School campaign brings all relevant resources into one location. These resources are easy to access and use to help adults help students.”

One in five children receives an unwanted sexual solicitation online every year, according to statistics from the Department of Justice. Educating children and teens about these risks and what to do if they are targeted by online predators is key to preventing these heinous crimes. To reach more kids and teens during the busy back-to-school season, Know2Protect is supporting teachers, coaches, and school administrators who will spend more time with kids as the school year starts. kids as the school year starts.

To reach as many students as possible, Know2Protect is connecting with dozens of youth-serving and educational associations across the country to share our Back2School resources.  Know2Protect has developed several important educational, age-appropriate, downloadable #Back2School with Know2Protect resources to help keep kids safe online:

• Resources2Educate, including our short iGuardian Training Videos, Tips2Identify Exploitation and Abuse for Educators, and other tips for kids, teens, and parents to stay safe online.
• Resources2Send Home, such as the Know2Protect First Day of School Picture Sign, a Family Online Safety Agreement, and an Internet Safety Checklist to prompt families to think about online safety at home.
• Resources2Display in Your School, such as digital and printable posters and tipsheets to display in classrooms, hallways, and more.
• Activities for the Classroom, such as 10 Minutes2Protect activities using Tips2Protect for Teens, Crossword Puzzle, Word Search, All-out Bingo, Project iGuardian Coloring Pages, and Project iGuardian Avatars.

Educators and administrators can also book a free in-person or virtual training for their school, their after-school program, a teacher/staff lunch-and-learn, or a PTA meeting. These age-appropriate educational presentations are provided by special agents from Homeland Security Investigations (HSI) and the U.S. Secret Service. To date, Know2Protect has educated over 82,900 adults and children and completed over 1,000 events and presentations to spread awareness and prevention tactics about online CSEA. To request a presentation, please visit www.know2protect.gov/training. The campaign is committed to reaching more than 100,000 people through trainings by the end of this school year.

The Back2School resources build on Know2Protect’s ongoing efforts to reach children, parents, and trusted adults where they are through innovative partnerships with technology companies, national and international sports leagues, youth-serving organizations and nonprofits, and other private sector partners. Starting in August, Project iGuardian, Know2Protect’s in-person educational arm, is teaming up with the National Association of Police Athletic/Activities Leagues (PAL), which has over 300 chapters serving two million youth annually, to provide in-person training. Lamar Advertising is featuring public service announcements from Know2Protect on digital billboards across the country. NASCAR is featuring educational content for children on its NASCAR Kids homepage and disseminating tips for partners through its online newsletter. More partner activations are set to launch in the coming days and weeks.

Know2Protect is the first federal government campaign focused on the education and prevention of online CSEA. The campaign’s mission is to mobilize young people, parents, educators, and community leaders to learn the signs of this crime, what they can do to prevent it, how to report it to law enforcement, and how they can support survivors. Since its launch in April, DHS has established partners in government, education, sports, technology, youth-serving organizations, and several other industries to meet people where they are and deliver the campaign’s preventative tips to keep kids safe.

Early intervention is crucial. If exploitation happens, approach conversations with care and empathy and report immediately to the Know2Protect Tipline at 833-591-KNOW (5669) or visit the NCMEC CyberTipline at https://report.cybertip.org. All information received via the Tipline will be reviewed by appropriate personnel and referred to HSI field offices for potential investigation.

Source: US Department of Homeland Security

CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-38189 Microsoft Project Remote Code Execution Vulnerability
• CVE-2024-38178 Microsoft Windows Scripting Engine Memory Corruption Vulnerability
• CVE-2024-38213 Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
• CVE-2024-38193 Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability
• CVE-2024-38106 Microsoft Windows Kernel Privilege Escalation Vulnerability
• CVE-2024-38107 Microsoft Windows Power Dependency Coordinator Privilege Escalation Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Source: US Department of Homeland Security

UFLPA Entity List Will Now Restrict Goods from 73 PRC-Based Companies from Entering the United States 
 

WASHINGTON – Today, the U.S. Department of Homeland Security (DHS) announced the addition of five entities based in the People’s Republic of China (PRC) to the Uyghur Forced Labor Prevention Act (UFLPA) Entity List, bringing the total entities listed to 73. These additions build on DHS’s commitment to eradicate forced labor and promote accountability for the PRC’s ongoing genocide and crimes against humanity against Uyghurs and other religious and ethnic minority groups in the Xinjiang Uyghur Autonomous Region (XUAR). 

Effective August 9, 2024, U.S. Customs and Border Protection (CBP) will apply a rebuttable presumption that goods produced by Century Sunshine Group Holdings, Ltd., Kashgar, Construction Engineering (Group) Co.; Ltd., Rare Earth Magnesium Technology Group Holdings, Ltd.; Xinjiang Habahe Ashele Copper Co., Ltd., and Xinjiang Tengxiang Magnesium Products Co., Ltd. will be prohibited from entering the United States. 

“As DHS identifies more entities across different sectors that use or facilitate forced labor, we act to keep their tainted goods out of our nation’s supply chains,” said Secretary of Homeland Security Alejandro N. Mayorkas. “Today’s announcement strengthens our enforcement of the Uyghur Forced Labor Prevention Act and helps responsible companies conduct due diligence so that, together, we can keep the products of forced labor out of our country.  We will continue to implement this law with full force in our efforts to fight the exploitation and abuse of the Uyghur people and other persecuted groups and protect a free and fair market.” 

Including the five entities identified today, the FLETF – chaired by DHS and whose member agencies also include the Office of the U.S. Trade Representative and the U.S. Departments of Commerce, Justice, Labor, State, and the Treasury – has added 73 entities to the UFLPA Entity List since the UFLPA was signed into law in December 2021. The UFLPA Entity List includes companies that are active in the apparel, agriculture, polysilicon, plastics, chemicals, batteries, household appliances, electronics, and food additives sectors, among others. Identifying these additional entities provides U.S. importers with more information to conduct due diligence and examine their supply chains for risks of forced labor to ensure compliance with the UFLPA. 

“We have shown again through today’s enforcement actions that the United States is committed to keeping goods made with forced labor out of U.S. supply chains,” said DHS Under Secretary for Policy Robert Silvers, who serves as Chair of the FLETF. “Companies must conduct due diligence and know where their products are coming from. The Forced Labor Enforcement Task Force will continue to designate entities in a variety of sectors that meet the criteria for inclusion on the UFLPA Entity List, and U.S. Customs and Border Protection will continue its vigilant enforcement at our ports.”   

The FLETF has reasonable cause to believe, based on specific and articulable information, that two entities meet the criteria for inclusion under Section 2(d)(2)(B)(ii) of the UFLPA by working with the government of the XUAR to recruit, transport, transfer, harbor or receive forced labor of Uyghurs, Kazakhs, Kyrgyz, or members of other persecuted groups out of the XUAR; two entities meet the criteria for inclusion under Section 2(d)2(B)(v) of the UFLPA, which identifies facilities and entities that source material from the XUAR or from persons working with the government of Xinjiang or the Xinjiang Production and Construction Corps for purposes of the “poverty alleviation” program or the “pairing-assistance” program or any other government labor scheme that uses forced labor; and one entity meets both criteria under Sections 2(d)(2)(B)(ii) and (v) of the UFLPA.  

Xinjiang Habahe Ashele Copper Co., Ltd. is a company located in the XUAR that mines nonferrous metals, including zinc, copper and silver. Xinjiang Habahe Ashele Copper Co., Ltd. is a subsidiary of one of the world’s largest mining company, and produces approximately 10% of that company’s copper and silver. The United States Government has reasonable cause to believe, based on specific and articulable information,  that Xinjiang Habahe Ashele Copper Co., Ltd. works with the government of the XUAR to recruit, transport, transfer, harbor, or receive Uyghurs, Kazakhs, Kyrgyz, or members of other persecuted groups out of the XUAR. Information reviewed by the FLETF, including publicly available information, indicates that Xinjiang Habahe Ashele Copper Co., Ltd. works with the Habahe County government of the XUAR to recruit Kazakh workers through PRC labor programs to mine metals, such as zinc, copper, and silver in the XUAR . The FLETF therefore determined that the activities of Xinjiang Habahe Ashele Copper Co., Ltd. satisfy the criteria for addition to the UFLPA Entity List described in section 2(d)(2)(B)(ii).   

Kashgar Construction Engineering (Group) Co., Ltd. is a company based in Kashgar, Xinjiang, China, that manufactures structural components and materials for construction, and is  engaged in general construction, construction engineering and operations, and real estate development and operations. The United States Government has reasonable cause to believe, based on specific and articulable information, that Kashgar Construction Engineering (Group) Co., Ltd. works with the government of the XUAR to recruit, transport, transfer, harbor, or receive Uyghurs, Kazakhs, Kyrgyz, or members of other persecuted groups out of the XUAR. Information reviewed by the FLETF, including publicly available information, indicates that Kashgar Construction Engineering (Group) Co., Ltd. has repeatedly participated in the transfer and recruitment of ethnic minorities from Xinjiang, including Uyghurs, through Jiashi County Xinjiang government labor programs. The FLETF therefore determined that the activities of Kashgar Construction Engineering (Group) Co., Ltd. satisfy the criteria for addition to the UFLPA Entity List described in section 2(d)(2)(B)(ii).  

Century Sunshine Group Holdings, Ltd. is a company based in Hong Kong that manufactures magnesium fertilizer and magnesium alloys. The United States Government has reasonable cause to believe, based on specific and articulable information, that Century Sunshine Group Holdings, Ltd. sources material, specifically magnesium, from the XUAR. Information reviewed by the FLETF, including publicly available information, indicates that Century Sunshine Group Holdings, Ltd. has established its magnesium production base in the XUAR through its vertically-integrated subsidiaries, and sources magnesium from the XUAR. The FLETF therefore determined that the activities of Century Sunshine Group Holdings, Ltd. satisfy the criteria for addition to the UFLPA Entity List described in section 2(d)(2)(B)(v).  

Rare Earth Magnesium Technology Group Holdings, Ltd. is a company based in Hong Kong that manufactures and sells magnesium alloy products. The United States Government has reasonable cause to believe, based on specific and articulable information, that Rare Earth Magnesium Technology Group Holdings, Ltd. sources material, specifically magnesium, from the XUAR.  Information reviewed by the FLETF, including publicly available information, indicates that Rare Earth Magnesium Technology Group Holdings, Ltd., a principal subsidiary of Century Sunshine Group Holdings, Ltd., operates Century Sunshine Group Holdings, Ltd.’s magnesium product business, and sources magnesium from its magnesium production base located in the XUAR. The FLETF therefore determined that the activities of Rare Earth Magnesium Technology Group Holdings, Ltd. satisfy the criteria for addition to the UFLPA Entity List described in section 2(d)(2)(B)(v).  

Xinjiang Tengxiang Magnesium Products Co., Ltd. is a company based in Hami, Xinjiang, China, that manufactures magnesium and magnesium alloy products. The United States Government has reasonable cause to believe, based on specific and articulable information, that Xinjiang Tengxiang Magnesium Products Co., Ltd. works with the government of the XUAR to recruit, transport, transfer, harbor, or receive Uyghurs, Kazakhs, Kyrgyz, or members of other persecuted groups out of the XUAR. Information reviewed by the FLETF, including publicly available information, indicates that Xinjiang Tengxiang Magnesium Products Co., Ltd. receives Uyghurs or members of other persecuted groups that the local Yizhou District government transfer from Xinjiang. The United States Government also has reasonable cause to believe, based on specific and articulable information, that Xinjiang Tengxiang Magnesium Products Co., Ltd. sources material, specifically the raw materials required to produce magnesium, such as coal and dolomite, from the XUAR.  Information reviewed by the FLETF, including publicly available information, indicates that Xinjiang Tengxiang Magnesium Products Co., Ltd., a wholly-owned subsidiary of Rare Earth Magnesium Technology Group Holdings, Ltd. and a principal subsidiary of Century Sunshine Group Holdings, Ltd., operates a magnesium production facility in the XUAR and sources raw materials from the XUAR, including coal and dolomite, to produce magnesium. The FLETF therefore determined that the activities of Xinjiang Tengxiang Magnesium Products Co., Ltd. satisfy the criteria for addition to the UFLPA Entity List described in sections 2(d)(2)(B)(ii) and 2(d)(2)(B)(v).  

The bipartisan Uyghur Forced Labor Prevention Act, signed into law by President Joseph R. Biden, Jr., in December 2021, mandates that CBP apply a rebuttable presumption that goods mined, produced, or manufactured wholly or in part in the XUAR or produced by entities identified on the UFLPA Entity List are prohibited from importation into the United States unless the Commissioner of CBP determines, by clear and convincing evidence, that the goods were not produced with forced labor. CBP began enforcing the UFLPA in June 2022.  Since then, CBP has reviewed over 9,000 shipments valued at more than $3.4 billion under the UFLPA.  Additionally, Homeland Security Investigations, through the DHS Center for Countering Human Trafficking, conducts criminal investigations into those engaging in or otherwise knowingly benefitting from forced labor, and collaborates with international partners to seek justice for victims.    

Today’s announcement supports President Biden’s Memorandum on Advancing Worker Empowerment, Rights, and High Labor Standards Globally.  The memorandum represents the first whole-of-government approach to advance workers’ rights by directing federal agencies engaged abroad to advance international recognized labor rights, which includes DHS’s work implementing the UFLPA.  

This expansion of the UFLPA Entity List reflects DHS’s prioritization of efforts to combat the introduction of forced labor into U.S. supply chains. This commitment is outlined in the Department’s recent Quadrennial Homeland Security Review, which added combating crimes of exploitation, including labor exploitation, as the newest and sixth DHS mission. Last month, DHS published updates to the UFLPA strategy, which outlines how the FLETF has significantly advanced our objectives through several initiatives including strong enforcement by CBP; expansion of the UFLPA Entity List; designating new high priority sectors for enforcement; and greater collaboration with stakeholders.

You can read more about the FLETF by visiting: https://www.dhs.gov/uflpa.  

Source: US Department of Homeland Security

Helps organizations buying software understand manufacturers approach to cybersecurity

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) released today Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem which helps organizations buying software better understand their software manufacturers approach to cybersecurity and ensure that secure by design is one of their core considerations.

An organization’s acquisition staff often has a general understanding of the core cybersecurity requirements for a particular technology acquisition. However, they frequently don’t assess whether a given supplier has practices and policies in place to ensure that security is a core consideration from the earliest stages of the product development lifecycle.

This guide provides organizations with questions to ask when buying software, considerations to integrate product security into various stages of the procurement lifecycle, and resources to assess product security maturity in line with secure by design principles. Informed by the threat landscape, it provides categorized sets of actions that, if done correctly will demonstrate to the customer that the software manufacturer is taking actions that will drive down exploitable defects and misconfigurations – a safer product for the customer.

“We are glad to see leading technology vendors recognize that their products need to be more secure and voluntarily join the Secure by Design pledge. Businesses can also help move the needle by making better risk-informed decisions when purchasing software,” said CISA Director Jen Easterly. “This new guide will help software customers understand how they can use their purchasing power to procure secure products and turn Secure by Design into Secure by Demand.”

This guide is concise and usable by any customer of software during procurement discussions with third party resellers or service providers. Recommendations in this guide include obtaining the manufacturer’s software bill of materials that lists third-party software components, roadmaps that identify how they plan to eliminate classes of vulnerability in their products, and publicly available vulnerability disclosure policy, if one is operated.

This guide compliments the “Software Acquisition Guide for Government Enterprise Consumers: Software Assurance in the Cyber-Supply Chain Risk Management (C-SCRM) Lifecycle” that was recently published.

Organizations are encouraged to review both the Secure by Demand Guide and Software Acquisition Guide and implement recommended actions.

For more information, please visit Secure by Design.

###

About CISA 

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on Twitter, Facebook, LinkedIn, Instagram

Source: US Department of Homeland Security

During emergency events, the Department of Homeland Security (DHS) works with its federal, state, local, and non-governmental partners to support the needs of the people in the areas that may be impacted.

In such circumstances, U.S. Immigration and Customs Enforcement (ICE) and U.S. Customs and Border Protection (CBP) remind the public that sites that provide emergency response and relief are considered protected areas. To the fullest extent possible, ICE and CBP do not conduct immigration enforcement activities at protected areas such as along evacuation routes, sites used for sheltering or the distribution of emergency supplies, food or water, or registration sites for disaster-related assistance or the reunification of families and loved ones.

At the request of FEMA or local and state authorities, ICE and CBP may help conduct search and rescue, air traffic de-confliction and public safety missions. ICE and CBP provide emergency assistance to individuals regardless of their immigration status. DHS officials do not and will not pose as individuals providing emergency-related information as part of any enforcement activities.

DHS is committed to ensuring that every individual who seeks shelter, aid, or other assistance as a result of a natural disaster or emergency event is able to do so regardless of their immigration status.

DHS carries out its mission without discrimination on the basis of race, religion, gender, sexual orientation or gender identity, ethnicity, disability or political associations, and in compliance with law and policy.

For information about filing a complaint with the DHS Office for Civil Rights and Civil Liberties about these matters, please visit our Make a Civil Rights Complaint page.

Source: US Department of Homeland Security

WASHINGTON — Today, the Department of Homeland Security (DHS) Blue Campaign and Lyft, Inc. announced that more than one million Lyft drivers in the United States and Canada can now access a tutorial program to help them detect and prevent human trafficking. Today’s announcement builds on efforts earlier this year during Super Bowl 2024, when Lyft, Inc. provided resources to drivers in Las Vegas to help them to recognize the signs of this crime. Human trafficking can be more prevalent during large-scale events due to the sheer volume of people and anonymity that large gatherings provide.

“The Department of Homeland Security is committed to bringing a whole-of-society approach to our counter-human trafficking mission,” said Secretary of Homeland Security Alejandro N. Mayorkas. “By partnering with key private sector leaders like Lyft – whose drivers interact with millions of riders every year – we are better able to shine a light on this heinous crime; identify, protect, and support victims; and bring perpetrators to justice. I am grateful for Lyft’s continued commitment to combating the scourge of human trafficking and encourage other stakeholders to join us in this critical work.”

We are committed to working with DHS to help educate drivers about how to identify and report a possible crime if they suspect a rider is a victim or perpetrator of human trafficking,” said Ameena Gill, Vice President Safety and Customer Care at Lyft. “Our hope is that the driver community, which gives hundreds of millions of rides a year, can become an even greater force for good by helping identify these crimes and combat human trafficking.”

Over the last several months, DHS and Lyft have worked on developing this first-of-its kind tutorial for a ride-share company that features the Blue Campaign’s human trafficking resources in Lyft’s driver-only in-app Learning Center. It will help raise awareness of this crime, teach drivers the signs that indicate someone may be a victim, and offer resources for assistance, including guidance for how drivers can contact the right authorities. DHS will continue to work to provide access to resources and information to partners across the passenger transportation service industry.

Blue Campaign is a national public awareness campaign housed within the DHS Center for Countering Human Trafficking (CCHT). Established in 2010, the Blue Campaign educates the public, law enforcement, and other industry partners to recognize the indicators of human trafficking, and how to appropriately respond to possible cases. The CCHT coordinates efforts of 16 DHS offices and Components to combat human trafficking through law enforcement operations, victim protection and support, intelligence and analysis, and public education and training programs. Learn more about the CCHT’s accomplishments.

Anyone who suspects human trafficking is encouraged to report it to law enforcement – tips can be submitted anonymously online or by calling 866-347-2423. Individuals can also contact the National Human Trafficking Hotline at 888-373-7888 or humantraffickinghotline.org.