Category: US Department of Homeland Security

Source: US Department of Homeland Security

Report outlines framework for a whole-of-government effort  

WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the Defense Advanced Research Projects Agency (DARPA), the Office of the Under Secretary of Defense for Research and Engineering (OUSD R&E), and the National Security Agency (NSA), published Closing the Software Understanding Gap that calls for decisive and coordinated action by the U.S. government to obtain a deep, scalable understanding of software-controlled systems. Specifically, the report calls for software-controlled systems that can be assessed to verify functionality, safety, and security across all conditions, which is currently not available.

Mission owners and operators lack adequate capabilities for software understanding because technology manufacturers build software that greatly outstrips the ability to understand it. The inadequate understanding leads to exploited software vulnerabilities because technology manufacturers create software that is not secure by design.

“Recent discoveries of adversarial state-sponsored activity in US critical infrastructure – primarily in Communications, Energy, Transportation Systems, and Water and Wastewater Systems – pose imminent threats to US national security. The software understanding gap exacerbates the risk to this threat activity,” said CISA Technical Director Chris Butera. “Mission owners and operators have an enormous and accelerating dependence on the software underwriting U.S. critical infrastructure. With our partners, we urge the USG to close this gap before other nations and urge software manufactures to align to Secure by Design principles.” 

The report highlights potential solutions to change the security posture of legacy and future software. One example is the application of mathematically rigorous techniques known as formal methods. For a long time, formally verified software has seemed hopelessly out of reach, but advances by DARPA and others over the past decade have made formal approaches more accessible for mainstream practice.

“We have the tools today to greatly reduce the number of software vulnerabilities that plague our software infrastructure,” said DARPA’s Information Innovation Office Director, Kathleen Fisher. “Rapid action to implement these tools in legacy and future systems can dramatically reduce the United States’ cyber vulnerabilities ahead of future global conflicts.”

This report also provides recommendations to obtain a deep, scalable understanding of software-controlled systems, including AI-based systems. By providing an adequate capacity for software understanding, the United States will secure an advantage in geopolitics for the foreseeable future and will help harden critical infrastructure against state-sponsored activity.

This report highlights the enduring broad government coordination required to create the capabilities to address these threats.

For more information on Secure by Design, visit Secure by Design webpage.

###

About CISA 

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on X, Facebook, LinkedIn, Instagram

Source: US Department of Homeland Security

PSA “It Only Takes 19 Seconds” Highlights How Quickly Online Conversations Can Turn Dangerous, Encourages Parents and Trusted Adults to Talk with Young People on How to Online Child Exploitation and Abus

WASHINGTON, D.C. – Today, the Department of Homeland Security (DHS), with the National Football League (NFL) and NASCAR, announced its latest Public Service Announcement (PSA) to increase public awareness of online child sexual exploitation and abuse (CSEA). Through its partnership with the Know2Protect campaign, NASCAR played the PSA at several NASCAR Cup Series races including Talladega, Homestead Miami, Martinsville and Phoenix. The PSA is also airing on the NFL Network throughout this football season to reach millions of fans of all ages across the country.

Know2Protect, a first-of-its-kind public awareness campaign to combat online CSEA, is leveraging the reach and influence of key partners across society – including professional sports leagues – to encourage parents and trusted adults to start the conversation with kids about staying safe online. The PSA, titled “It Only Takes 19 Seconds” shows an online conversation between a young person and a stranger on a gaming platform that takes a dangerous turn within just 19 seconds. The ad encourages parents and trusted adults to visit know2protect.gov to learn how to talk to kids about this threat and access free awareness resources. 

“Online child exploitation and abuse is one of the most heinous and urgent threats to our children. Preventing these horrific crimes from happening in the first place is central to the DHS mission,” said Secretary of Homeland Security Alejandro N. Mayorkas. “The Know2Protect campaign is an all-of-society effort. The best way to protect kids and families is to reach them where they are, and our partners play a critical role in sharing the campaign’s educational resources with their audiences. I am grateful to the NFL and NASCAR for uniting with us to help their fans understand how to keep kids safe online and prevent this horrific crime. I encourage everyone to visit Know2Protect.gov to learn how they can start these important conversations with their loved ones.”

“Online conversations can turn dangerous in the blink of an eye, and this latest PSA stresses the importance of preparing our kids to protect themselves,” said NFL Chief Security Officer Cathy Lanier. “We are proud to be strong supporters of this important public safety campaign and will continue to reinforce a message of vigilance during the NFL postseason.” 

“NASCAR is proud to continue its support of the US Department of Homeland Security’s Know2Protect initiative that provides valuable resources to families across the country,” said Tom Bryant, NASCAR Vice President, Racing Operations. “This program represents an important commitment to helping ensure that parents and children know how to recognize and respond to potential threats online.” 

Every year, one in five children receives an unwanted sexual solicitation online. Limited understanding of this crime, coupled with increased technology use, is placing more children at risk today than ever before. Since Know2Protect launched in April, DHS has partnered with sports leagues, technology companies, youth-serving organizations, and others across the private and public sectors to deliver the campaign’s awareness messaging and resources to their networks.

The NFL and NASCAR—founding partners of the campaign —have used their massive platforms to shine a light on the dangers of online CSEA by airing this PSA and sharing campaign resources throughout the year. Over the summer, Homeland Security Investigations (HSI) special agents connected with hundreds of parents and children at the NFL Flag Championship Series to share tips and guidance on how to stay safe online. At the NASCAR Yellawood 500 in October, Know2Protect hosted a booth for thousands of fans at the Talladega Speedway with information on how to receive online safety trainings from their local HSI special agents. Know2Protect has also worked with NASCAR to reach its younger audiences online through the NASCAR Kids Club. As part of its outreach efforts, the campaign also shared links to the Know2Protect digital safety series, downloadable resources, and the Know2Protect.gov kids page in NASCAR Kids September newsletter reaching over 24,000 subscribers. 

Know2Protect is the first federal government campaign focused on the education and prevention of online CSEA. The campaign aims to help children and adults learn the tactics of potential perpetrators, understand how to prevent online CSEA, how to report the crime to law enforcement, and how they can support survivors. Through Project iGuardian – the campaign’s official in-person education arm – schools, community groups, corporations, and nonprofit organizations may request in-person or virtual DHS presentations for people of all ages led by HSI special agents. Project iGuardian presentations, as well as trainings led by U.S. Secret Service agents as part of the Childhood Smart Program, can be requested on the Training page of know2protect.gov. In Fiscal Year 2024, iGuardians delivered more than least 1,000 presentations reaching over 100,000 people, exceeding the commitment it set at the start of the school year in August. Educators can find Back2School tips and classroom materials to help keep kids safe online as children return to school following the holiday break by visiting the Campaign Resources and its #Back2School section. 

Early intervention is crucial. If you suspect a child might be a victim of online CSEA, call the HSI Tip Line at 1-866-347-2423 or report it to NCMEC’s CyberTipline. If you suspect a child has been abducted or faces imminent danger, contact your local police and the NCMEC tip line at 1-800-THE-LOST (1-800-843-5678).

Source: US Department of Homeland Security

Guides organizations with using new logging capabilities to detect and defend against sophisticated cyber threat actors

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA), in close coordination with the Office of Management and Budget (OMB), Office of the National Cyber Director (ONCD) and Microsoft, announces today the release of Microsoft Expanded Cloud Log Implementation Playbook. This guidance helps public and private sector organizations using Microsoft Purview Audit (Standard) to operationalize newly available cloud logs to be an actionable part of their enterprise cybersecurity operations.

The playbook provides guidance on each newly available log and how these logs can be enabled and operationalized to support threat hunting and incident-response operations. It provides organizations with scenario-based analysis on the common tactics related to identity-based compromises. It also provides best practices to navigate M365 logs and perform administrator actions to enable the logs to help cyber defenders detect malicious activity.

“CISA is pleased to provide this playbook to help organizations effectively use newly introduced Microsoft security logs to strengthen their cyber defense. We value the collaboration with our government partners and Microsoft which informed this valuable resource,” said CISA Director Jen Easterly. “Necessary security logs are critical for all organizations to protect their networks. We are pleased to see this progress and continue work to ensure greater adoption of Secure by Design principles.”

“Today’s release of the playbook is a result of close collaboration with our federal and private sector partners,” said National Cyber Director Harry Coker Jr. “The upgraded logging features available will enable network defenders to enhance their threat detection capabilities. Every organization should bolster their security and this playbook is another step in the right direction to achieve those goals.”

“With the final publication of the Enhanced Logging Playbook, we are not only providing the critical tools to detect ever-evolving cyber threats through advanced audit logs, but providing the resources necessary to help our defenders to effectively leverage these tools to protect their networks,” said Candice Ling, Senior Vice President, Microsoft Federal. “Microsoft remains committed to partnering with the federal government to prioritize security above all else.”

In 2023, Microsoft announced expanded cloud logging for public entities using Microsoft Purview Audit (Standard) regardless of Microsoft license tier. Last year, CISA announced that Federal Civilian Executive Branch agencies had expanded cloud logging capabilities. Previously, these logs were only available to Audit Premium subscription customers. 

Secure by Design is integral to helping organizations better defend their networks from malicious cyber actors. With our government and industry partners, CISA continues our work to ensure every organization has access to key security data by default and products that are secure by design.

Organizations using Microsoft E3/G3-and-above licensing are encouraged to review this guide.

###

About CISA 

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on X, Facebook, LinkedIn, Instagram. 

Source: US Department of Homeland Security

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) published today the Joint Cyber Defense Collaborative (JCDC) Artificial Intelligence (AI) Cybersecurity Collaboration Playbook. Developed alongside federal, international, and private-sector partners through JCDC, this playbook provides the AI community—including AI providers, developers, and adopters—with essential guidance on how to voluntarily share actionable incident information and it describes how proactive information sharing can enhance operational collaboration and improve resilience of AI systems.  

As AI adoption accelerates, new vulnerabilities and risks will continue to emerge, reshaping the threat landscape for AI-enabled systems. The playbook will be a living document, fostering collaboration across government, industry, and international partners and adapting to meet the challenges of an evolving AI security environment. 

The AI Cybersecurity Collaboration Playbook will: 

• Guide JCDC Partners on how to voluntarily share information related to incidents and vulnerabilities associated with AI systems. 
• Clearly explain the actions CISA may take after receiving shared information. 
• Facilitate collaboration to raise awareness of AI cybersecurity risks across critical infrastructure, enhancing the security and resilience of AI technologies. 

“The development of this playbook is a major milestone in our efforts to secure AI systems through active collaboration,” said CISA Director Jen Easterly. “Led by JCDC.AI, this playbook was shaped by the insights and expertise of approximately 150 AI specialists from government, industry, and international partners who participated in two dynamic tabletop exercises. This playbook will be regularly updated to address the evolving challenges of an AI-driven future.” 

The two JCDC.AI tabletop exercises, hosted by Microsoft and Scale AI, provided real-world scenarios that helped refine the playbook and ensure it addresses the complex challenges unique to AI security. This playbook aligns with the CISA Roadmap for AI and the 2024 JCDC Priorities, which focus on building robust public-private collaboration to address emerging AI cybersecurity risks. 

“This collaboration between government and industry is essential for building a robust response to the complex and evolving landscape of AI security threats. The AI Security Incident Collaboration Playbook, combined with our continued joint efforts, will serve as a critical framework for developing agile and proactive defense strategies, ensuring the integrity and resilience of AI technologies.” – Omar Santos, Distinguished Engineer, Cisco

“Security for AI isn’t a solo mission; it’s a collective effort. Hidden Layer is proud to partner with JCDC in setting the standard for how AI developers, providers, and adopters can work together in real-time to combat an increasingly dynamic threat landscape. By bridging gaps and fostering direct collaboration across sectors, this playbook empowers each of us to contribute to a more secure AI ecosystem—one that’s built not just to respond to threats but to stay ahead of them.” – Malcolm Harkins, Chief Security & Trust Officer at Hidden Layer

“Fully harnessing the enormous potential of AI requires dedicated investment in the processes, collaboration, and tools to secure the AI infrastructure that will underpin our digital way of life. To that end, Palo Alto Networks appreciates the opportunity to contribute to the AI Cybersecurity Collaboration Playbook. Products like these underscore the critical role that forums like CISA’s JCDC can play in our collective defense.” – Daniel Kroese, VP Public Policy and Government Affairs, Palo Alto Networks

“At Protect AI, we are committed to building a safer AI-powered world and shaping the future of AI security across industries. This playbook is an essential tool for helping organizations navigate the complexities of deploying AI safely and understanding how to respond quickly to AI related incidents. We are honored to contribute to its development. We will continue supporting CISA’s efforts to ensure its evolution, empowering organizations to implement secure-by-design AI without stifling AI-driven innovation.” – Diana Kelley, CISO, Protect AI

“As AI technology evolves, so must our security practices. Stability AI’s partnership with JCDC represents our commitment to developing comprehensive safeguards that protect users while enabling technological progress.” – Ryan Holeman, CISO, Stability AI

For more information, visit CISA’s Artificial Intelligence and JCDC webpages.   

###

About CISA 

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on X, Facebook, LinkedIn, Instagram. 

Source: US Department of Homeland Security

WASHINGTON – Today, the Department of Homeland Security (DHS), on behalf of the Forced Labor Enforcement Task Force (FLETF), announced the addition of 37 entities to the Uyghur Forced Labor Prevention Act (UFLPA) Entity List, marking the largest single expansion of the list to date. Among entities added are a large supplier of critical minerals and one of the world’s largest textile manufacturers, both linked to forced labor practices in the People’s Republic of China (PRC). This addition brings the total number of entities on the UFLPA Entity List to 144, representing significant progress in three years since the law was passed. These significant efforts reflect the Biden-Harris Administration’s commitment to eliminating forced labor from our global supply chains and protecting U.S. consumers and businesses from tainted goods. 

“In adding 37 companies to the UFLPA Entities List and bringing the total to nearly 150, we again demonstrate our relentless fight against the cruelty of forced labor, our unwavering commitment to basic human rights, and our tireless defense of a free, fair, and competitive market,” said Secretary of Homeland Security Alejandro N. Mayorkas.

“With each addition to the UFLPA Entity List, we are building momentum and showing that our efforts are sustainable and enduring in eradicating forced labor in our nation’s supply chains,” said Acting Under Secretary for Policy, Robert Paschall. “This largest-ever batch of additions reinforces that we are implementing the full force of this law, making impactful updates to the UFLPA Entity List, and enhancing U.S. Customs and Border Protection’s enforcement capabilities.” 

The entities added today include globally recognized companies that mine and process Xinjiang’s critical minerals, that grow Xinjiang cotton and manufacture textiles for global export, and that manufacture inputs for solar modules with polysilicon made in Xinjiang.

The FLETF, chaired by DHS, has made significant strides in identifying and targeting nearly 150 companies benefiting from forced labor in just three years of enforcement of the UFLPA. This latest addition reflects the growing sophistication and maturity of the FLETF’s work and enhances CBP’s enforcement capabilities to protect U.S. markets. These actions are part of the FLETF’s commitment to eliminating forced labor in U.S. supply chains and holding accountable those responsible for human rights abuses against Uyghurs and other religious and ethnic minority groups in the Xinjiang Uyghur Autonomous Region (XUAR). The UFLPA has been a key instrument for the Biden-Harris administration in combating forced labor and safeguarding supply chains. Through these initiatives, the administration prioritizes ethical sourcing, reinforces workers’ rights around the globe, and empowers consumers to make informed, values-based choices, underscoring a commitment to a fairer global trade system. Taken together, the Department’s efforts are protecting American businesses from unfair competition and helping them source ethically, and ensuring that American consumers can better trust the integrity of the products they purchase.

Effective January 15, 2025, U.S. Customs and Border Protection (CBP) will apply a rebuttable presumption that goods produced by the named 37 entities will be prohibited from entering the United States as a result of the companies’ activities, either sourcing materials from the XUAR or working with the government of Xinjiang to recruit, transport, transfer, harbor, or receive Uyghurs, Kazakhs, Kyrgyz, or members of other persecuted groups out of the XUAR.

Donghai JA Solar Technology Co., Ltd.:
Donghai JA Solar Technology Co., Ltd. (“Donghai JA Solar”) is a solar energy technology company located in Jiangsu Province, China, that focuses on the research and development of solar energy products and the production of silicon rods, wafers, ingots, and solar cell modules. Donghai JA Solar also imports and exports various commodities and technologies. The United States Government has reasonable cause to believe, based on specific and articulable information, that Donghai JA Solar sources polysilicon from the XUAR. Information reviewed by the FLETF, including corporate reporting and other publicly available information, indicates that Donghai JA Solar sources polysilicon from a polysilicon producer located in the XUAR. The FLETF therefore determined that the activities of Donghai JA Solar satisfy the criteria for addition to the UFLPA Entity List described in Section 2(d)(2)(B)(v). 

Hongyuan Green Energy Co., Ltd. (also known as HY Solar; and Hoyuan Green Energy Co. Ltd., and formerly known as Wuxi Shangji CNC Co., Ltd.; Wuxi Shangji Automation Co., Ltd.; and Wuxi Shangji Grinding Machine Co., Ltd.) and Hongyuan New Materials (Baotou) Co., Ltd.: Hongyuan Green Energy Co., Ltd (“Hongyuan Green Energy”) is a vertically integrated green energy manufacturing company located in Jiangsu Province, China, with several major business segments that include high-end equipment manufacturing, new energy power stations, and the production of industrial and crystalline silicon, silicon wafers, batteries, and modules. Hongyuan New Materials (Baotou) Co., Ltd. (“Hongyuan New Materials”) is a subsidiary of Hongyuan Green Energy, located in Baotou City, in the Inner Mongolia Autonomous Region of China, which produces photovoltaic monocrystalline silicon. The United States Government has reasonable cause to believe, based on specific and articulable information, that Hongyuan Green Energy and its subsidiary, Hongyuan New Materials, source polysilicon from the XUAR. Information reviewed by the FLETF, including corporate procurement agreement announcements and other publicly available information, indicates that both Hongyuan Green Energy and Hongyuan New Materials source polysilicon from suppliers in the XUAR.  The FLETF therefore determined that the activities of Hongyuan Green Energy and Hongyuan New Materials satisfy the criteria for addition to the UFLPA Entity List described in Section 2(d)(2)(B)(v). 

26 Entities in the Cotton Sector: The FLETF has identified Huafu Fashion Co., Ltd. (“Huafu”) and 25 of its subsidiaries as entities engaged in the production and sale of cotton and cotton products. Huafu maintains a vertically integrated supply chain from cotton planting in the XUAR, processing, and yarn spinning through textiles manufacturing. Twenty-two of these subsidiaries are located in the XUAR, and three are located in Ningbo City, Zhejiang Province. The FLETF has reasonable cause to believe, based on specific and articulable information, that the entities source cotton or cotton-based products from the XUAR. This information has been corroborated by publicly available sources. Given this evidence, the FLETF determined that activities of these entities satisfy the criteria for addition to the UFLPA Entity List under Section 2(d)(2)(B)(v). The 26 entities are:   

• Huafu Fashion Co., Ltd. 
• Ningbo Huafu Donghao Industrial Co., Ltd. 
• Ninghai Huafu Textile Co., Ltd. 
• Zhejiang Weixin Trading Co., Ltd. 
• Aksu Huafu Color Spinning Co., Ltd. (also known as: Aksu Huafu Textiles Co., Ltd. Akesu Huafu, Aksu Huafu Dyed Melange Yarn, and Akesu Huafu Melange Yarn Co., Ltd.) 
• Aksu Biaoxin Fiber Co., Ltd. (formerly known as Aksu Shangheng Fiber Co., Ltd.) 
• Xinjiang Huafu Textile Co., Ltd. 
• Xinjiang Huafu Hengfeng Cotton Industry Co., Ltd. 
• Kuche Zongheng Cotton Industry Co., Ltd. 
• Xinjiang Huafu Hongfeng Agricultural Development Co., Ltd. 
• Shaya Yinhua Cotton Industry Co., Ltd. 
• Awati Huafu Textile Co., Ltd. 
• Xinjiang Huafu Color Spinning Group Co., Ltd.
• Xinjiang Huafu Cotton Industry Group Co., Ltd. 
• Shihezi Standard Fiber Co., Ltd. 
• Shihezi Huafu Hongfeng Cotton Industry Co., Ltd. 
• Shihezi Huafu Hongsheng Cotton Industry Co., Ltd. 
• Xinjiang Tianhong Xinba Cotton Industry Co., Ltd. (also known as Xinjiang Tianhong New Eight Cotton Industry Co., Ltd.)
• Huyanghe Huafu Hongsheng Cotton Industry Co., Ltd. 
• Xinjiang Liufu Textile Industrial Park Co., Ltd. 
• Kuitun Jinfu Textile Co., Ltd. 
• Xinjiang Tianfu Cotton Supply Chain Co., Ltd.
• Xinjiang Cotton Industry Group Yuepu Lake Cotton Industry Co., Ltd. 
• Xinjiang Cotton Industry Group Jiashi Cotton Industry Co., Ltd. 
• Xinjiang Zefu Cotton Co., Ltd. 
• Xinjiang Shengfu Cotton Industry Co., Ltd. 

Jiangsu Meike Solar Technology Co., Ltd. and Baotou Meike Silicon Energy Co., Ltd.: Jiangsu Meike Solar Technology Co., Ltd. (“Jiangsu Meike”), located in Jiangsu Province, China, manufactures silicon rods and wafers. Baotou Meike Silicon Energy Co., Ltd. (“Baotou Meike”) is a subsidiary of Jiangsu Meike located in Baotou City in the Inner Mongolia Autonomous Region of China, that manufactures silicon rods and wafers. The United States Government has reasonable cause to believe, based on specific and articulable information, that Jiangsu Meike and Baotou Meike source polysilicon from the Xinjiang Uyghur Autonomous Region. Information reviewed by the FLETF, including corporate procurement agreement disclosures and other publicly available information, indicates that Jiangsu Meike and Baotou Meike source polysilicon from polysilicon producers located in the XUAR. The FLETF therefore determined that the activities of Jiangsu Meike and Baotou Meike satisfy the criteria for addition to the UFLPA Entity List described in section 2(d)(2)(B)(v). 

Shuangliang Silicon Materials (Batou) Co., Ltd.: Shuangliang Silicon Materials (Batou) Co., Ltd. (“Shuangliang Silicon”) is a company located in Batou City, in the Inner Mongolia Autonomous Region of China, that researches, develops, processes, manufactures and sells single crystal silicon rods and wafers. The United States Government has reasonable cause to believe, based on specific and articulable information, that Shuangliang Silicon sources polysilicon from the Xinjiang Uyghur Autonomous Region. Information reviewed by the FLETF, including corporate procurement agreement announcements and other publicly available information, indicates that Shuangliang Silicon sources polysilicon from polysilicon producers located in the XUAR.  The FLETF therefore determined that the activities of Shuangliang Silicon satisfy the criteria for addition to the UFLPA Entity List described in section 2(d)(2)(B)(v). 

Xinjiang Energy (Group) Co., Ltd. and Xinjiang Energy (Group) Real Estate Co., Ltd.:
Xinjiang Energy (Group) Co., Ltd. and its subsidiary Xinjiang Energy (Group) Real Estate Co., Ltd. are located in Urumqi, XUAR. Xinjiang Energy (Group) Co., Ltd. (“Xinjiang Energy”) is principally engaged in the development and utilization of coal, wind, photovoltaic, oil and gas, and other resources. Xinjiang Energy (Group) Real Estate Co., Ltd. (“Xinjiang Energy Real Estate”) is principally engaged in real estate development and property management.  Xinjiang Energy is a wholly state-owned enterprise, funded by the People’s Government of the Xinjiang Uygur Autonomous Region (XUAR) and directly supervised by the State-owned Assets Supervision and Administration Commission (SASAC) of the XUAR. The United States Government has reasonable cause to believe, based on specific and articulable information, that Xinjiang Energy and Xinjiang Energy Real Estate work with the government of the XUAR to recruit, transport, transfer, harbor, or receive Uyghurs, Kazakhs, Kyrgyz, or members of other persecuted groups out of the Xinjiang Uyghur Autonomous Region.  Information reviewed by the FLETF, including publicly available information, indicates Xinjiang Energy and Xinjiang Energy Real Estate, as a wholly state-owned entity, and subsidiary of a state-owned entity, repeatedly participated in the transfer and receipt of ethnic minorities from the XUAR, likely Uyghurs and Kazakhs, through state-sponsored labor transfer programs in Hotan Prefecture and Barkol County. The FLETF therefore determined that the activities of Xinjiang Energy (Group) Co., Ltd. and its subsidiary Xinjiang Energy (Group) Real Estate Co., Ltd. satisfy the criteria for addition to the UFLPA Entity List described in Section 2(d)(2)(B)(ii).   

Xinjiang Zijin Zinc Industry Co., Ltd. and Xinjiang Jinbao Mining Co., Ltd.:
Xinjiang Zijin Zinc Industry Co., Ltd. and Xinjiang Jinbao Mining Co., Ltd. are Zijin Mining Group Co., Ltd. subsidiaries, located in the XUAR that primarily focus on smelting and producing refined zinc and sulfuric acid and iron mining, respectively. The United States Government has reasonable cause to believe, based on specific and articulable information, that Xinjiang Zijin Zinc Industry Co., Ltd. and Xinjiang Jinbao Mining Co., Ltd. work with the government of the XUAR to recruit, transport, transfer, harbor, or receive ethnic minorities, likely Uyghurs, Kazakhs, and Kyrgyz, and/or members of other persecuted groups out of XUAR. Information reviewed by the FLETF, including publicly available information, indicates that Xinjiang Zijin Zinc Industry Co., Ltd. and Xinjiang Jinbao Mining Co., Ltd. have participated in the transfer and recruitment of ethnic minorities from the XUAR, likely including Kazakhs and Kyrgyz through poverty alleviation and recruitment programs. The FLETF therefore determined that the activities of Xinjiang Zijin Zinc Industry Co., Ltd. and Xinjiang Jinbao Mining Co., Ltd. satisfy the criteria for addition to the UFLPA Entity List described in Section 2(d)(2)(B)(ii). 

Zijin Mining Group Co., Ltd., Xinjiang Zijin Zinc Industry Co., Ltd., Xinjiang Zijin Nonferrous Metals Co., Ltd.  and Xinjiang Habahe Ashele Copper Co., Ltd.:
Zijin Mining Group Co., Ltd. is a global mining company located in Fujian Province, and three of its subsidiaries Xinjiang Zijin Zinc Industry Co., Ltd., Xinjiang Zijin Nonferrous Metals Co., Ltd., and Xinjiang Habahe Ashele Copper Co., Ltd., are located in the XUAR. Zijin Mining Group Co., Ltd. (“Zijin Mining”), is principally engaged in the exploration and extraction of metals, including zinc, copper, lead, silver, gold, iron ore, and sulfuric acid.  Zijin Mining owns and sources material from at least three mines and smelters in Xinjiang, which are operated by the company’s various subsidiaries. These include the Ashele Copper Mine operated by Xinjiang Habahe Ashele Copper Co., Ltd. (Ashele Copper), the Wulagen Lead and Zinc Mine operated by Xinjiang Zijin Zinc Co., Ltd. (Zijin Zinc), and the Xinjiang Zijin Nonferrous Zinc Smelter operated by Xinjiang Zijin Nonferrous Metals Co., Ltd. (Zijin Nonferrous). The United States Government has reasonable cause to believe, based on specific and articulable information, that Zijin Mining, Ashele Copper, Zijin Zinc, and Zijin Nonferrous source material, specifically zinc, copper, lead, silver, and sulfuric acid, from the XUAR. Information reviewed by the FLETF, including publicly available information, indicates that Zijin Mining, Ashele Copper, Zijin Zinc, and Zijin Nonferrous have established mines and production sites in the XUAR, and source zinc, copper, lead, silver, and sulfuric acid from the XUAR. The FLETF therefore determined that the activities of Zijin Mining Group Co., Ltd., Xinjiang Zijin Zinc Industry Co., Ltd., Xinjiang Zijin Nonferrous Metals Co., Ltd., and Xinjiang Habahe Ashele Copper Co., Ltd. satisfy the criteria for addition to the UFLPA Entity List described in Section 2(d)(2)(B)(v).   Xinjiang Habahe Ashele Copper Co., Ltd. (also known as Ashele Copper) is currently on the UFLPA Entity List under Section 2(d)(2)(B)(ii) and will appear on both sub-lists.

In addition to the 37 new entities, the FLETF made a technical correction to the name of an entity included in the list under Section 2(d)(2)(B)(ii), changing the listing from “Aksu Huafu Textiles Co. (including two aliases: Akesu Huafu and Aksu Huafu Dyed Melange Yarn)” to “Aksu Huafu Color Spinning Co., Ltd. (also known as Aksu Huafu Textiles Co., Ltd.; Akesu Huafu; Aksu Huafu Dyed Melange Yarn; and Akesu Huafu Melange Yarn Co., Ltd.).”

DHS will publish the revised UFLPA Entity List as an appendix to a Federal Register notice. 

The UFLPA, signed into law by President Joseph R. Biden, Jr. in December 2021, mandates that CBP apply a rebuttable presumption that goods that are either mined, produced or manufactured wholly or in part in the XUAR or produced by entities identified on the UFLPA Entity List are prohibited from importation into the United States, unless the Commissioner of CBP determines, by clear and convincing evidence, that the goods were not produced with forced labor.  CBP began enforcing the UFLPA in June 2022.  Since then, CBP has reviewed more than 11,300 shipments valued at more than $3.67 billion under the UFLPA.   

This expansion of the UFLPA Entity List reflects DHS’ and the FLETF’s prioritization of combatting the introduction of forced labor into U.S. supply chains.     

You can read more about the FLETF by visiting: www.dhs.gov/uflpa.   

Source: US Department of Homeland Security

WASHINGTON – Today the Cybersecurity and Infrastructure Security Agency (CISA) released a new Venue Guide for Security Enhancements to help venue operators enhance safety, protect assets, and create secure environments through effective security measures and best practices.

“Venues have increasingly become targets, yet many lack the resources to secure their day-to-day operations and special events effectively,” said Dr. David Mussington, CISA’s Executive Assistant Director for Infrastructure Security. “In response, and in collaboration with industry experts and security professionals, our agency has developed this guide to empower venue operators with the tools needed to identify and manage risk effectively.”

This guide aims to help venue operators enhance safety, protect assets, and create secure environments through effective security measures and best practices by:

1. Providing guidance for venues, such as evaluating security measures, complexity levels, costs, options, and threats mitigated by these measures. By balancing these factors, venues can create a secure environment for operators and guests.
2. Recommending broadly applicable considerations for evaluating security practices, such as assessing measures and improving physical security compliance to ensure staff and visitor safety.
3. Offering actionable guidance for prioritizing the most effective security practices and proactively reducing the risk of major threats.
4. Providing venue operators with a tailored menu of security options, allowing them to select the most suitable and effective measures for their venue’s budget, size, location, and risk factors.

###

About CISA 

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on X, Facebook, LinkedIn, Instagram. 

Source: US Department of Homeland Security

Extension Allows Eligible Sudanese Nationals Who Arrived on or before August 16, 2023, to Maintain TPS and Employment Authorization Following Vetting

WASHINGTON – The Department of Homeland Security announced today the extension of Temporary Protected Status- (TPS) for Sudan for 18 months. This extension is due to ongoing armed conflict and extraordinary and temporary conditions that continue to prevent individuals from safely returning. 

After reviewing the country conditions in Sudan and consulting with interagency partners, it was determined that an 18-month TPS extension is warranted because of continued political instability that has triggered human rights abuses, including direct attacks on civilians. Militias have targeted fleeing civilians, murdering innocent people escaping conflict, and prevented remaining civilians from accessing lifesaving supplies. These conditions currently prevent Sudanese nationals and habitual residents from safely returning. Such a determination meets the statutory obligation to decide, at least 60 days before the expiration of a TPS designation, whether the conditions for designation continue to be met and merit an extension.

The extension of TPS for Sudan allows approximately 1,900 current eligible beneficiaries to re-register for TPS, if they continue to meet eligibility requirements. Re-registration is limited to individuals who previously registered for TPS under Sudan’s designation. This population includes nationals of Sudan (and individuals without nationality who last resided in Sudan) who have been continuously residing in the United States since at least August 16, 2023, with or without lawful immigration status.

Every individual processed by the Department of Homeland Security goes through rigorous national security and public safety vetting during the original application process and again during re-registration. If any individual is identified as posing a threat, they may be detained, removed, or referred to other federal agencies for further investigation or prosecution as appropriate. Individuals are barred from TPS if they have been convicted of any felony or two misdemeanors.

DHS recognizes that not all re-registrants may receive a new Employment Authorization Document (EAD) before their current EAD expires and is automatically extending for 12 months the validity of EADs previously issued under Sudan’s TPS designation.

U.S. Citizenship and Immigration Services (USCIS) will continue to process pending applications filed under the Sudan designation.  Both initial applicants and re-registering current beneficiaries who have a pending Form I-821 or Form I-765 do not need to file either application again. If USCIS approves an individual’s pending Form I-821, USCIS will grant them TPS through October 19, 2026.  Similarly, if USCIS approves a pending TPS-related Form I-765, USCIS will issue the individual a new EAD that will be valid through the same date.   

A soon-to-be-published Federal Register notice will explain the eligibility criteria, timelines, and procedures necessary for current beneficiaries to re-register and renew their EADs.

Source: US Department of Homeland Security

Extension Allows Eligible Ukrainian Nationals Who Arrived on or Before August 16, 2023, to Maintain TPS and Employment Authorization Following Vetting 

WASHINGTON – The Department of Homeland Security announced today the extension of Temporary Protected Status (TPS) for Ukraine for 18 months. The extension of TPS is due to ongoing armed conflict and extraordinary and temporary conditions in Ukraine that prevent eligible Ukrainian nationals from safely returning. 

After reviewing the country conditions in Ukraine and consulting with interagency partners, it was determined that an 18-month TPS extension is warranted because of conditions resulting from the expansion of the Russian military invasion into Ukraine, the largest conventional military action in Europe since World War II. Russia’s expanded military invasion has led to high numbers of civilian casualties and reports of war crimes and crimes against humanity committed by Russian military forces and officials. This invasion has caused a humanitarian crisis, with significant numbers of individuals fleeing and damage to civilian infrastructure that has left many without electricity or access to medical services. These conditions prevent Ukrainian nationals and habitual residents from safely returning. Such a determination meets the statutory obligation to decide, at least 60 days before the expiration of a TPS designation, whether the conditions for designation continue to be met and merit an extension.

The extension of TPS for Ukraine allows approximately 103,700 current eligible beneficiaries to re-register for TPS, if they continue to meet eligibility requirements. Re-registration is limited to individuals who previously registered for TPS under Ukraine’s designation. This population includes nationals of Ukraine (and individuals without nationality who last resided in Ukraine) who have been continuously residing in the United States since at least August 16, 2023, with or without lawful immigration status. 

Every individual processed by the Department of Homeland Security goes through rigorous national security and public safety vetting during the original application process and again during re-registration. If any individual is identified as posing a threat, they may be detained, removed, or referred to other federal agencies for further investigation or prosecution as appropriate. Individuals are barred from TPS if they have been convicted of any felony or two misdemeanors. 

DHS recognizes that not all re-registrants may receive a new Employment Authorization Document before their current EAD expires and is automatically extending for 12 months the validity of EADs previously issued under Ukraine’s TPS designation. 

U.S. Citizenship and Immigration Services (USCIS) will continue to process pending applications filed under the Ukraine designation. Both initial applicants and re-registering current beneficiaries who have a pending Form I-821 or Form I-765 do not need to file either application again. If USCIS approves an individual’s pending Form I-821, USCIS will grant them TPS through October 19, 2026. Similarly, if USCIS approves a pending TPS-related Form I-765, USCIS will issue the individual a new EAD that will be valid through the same date.    

A soon-to-be-published Federal Register notice will explain the eligibility criteria, timelines, and procedures necessary for current beneficiaries to re-register and renew EADs. 

Source: US Department of Homeland Security

Extension Allows Eligible Venezuelan Nationals Who Arrived on or Before July 31, 2023, to Maintain TPS and Employment Authorization Following Vetting

WASHINGTON –The Department of Homeland Security announced today the extension of Temporary Protected Status (TPS) for Venezuela for 18 months. The extension of TPS is due to extraordinary and temporary conditions that prevent eligible Venezuelan nationals from safely returning. After reviewing the country conditions in Venezuela and consulting with interagency partners, it was determined that an 18-month TPS extension is warranted based on the severe humanitarian emergency the country continues to face due to political and economic crises under the inhumane Maduro regime. These conditions have contributed to high levels of crime and violence, impacting access to food, medicine, healthcare, water, electricity, and fuel. Such a determination meets the statutory obligation to decide, at least 60 days before the expiration of a TPS designation, whether the conditions for designation continue to be met and merit an extension.

Individuals may be eligible if they have continuously resided in the United States on or before July 31, 2023. Venezuelan nationals who arrived in the United States after July 31, 2023, are not eligible for TPS. Those who do not enter through a lawful process or pathway will be subject to enforcement consequences. 

Every individual processed by the Department of Homeland Security goes through rigorous national security and public safety vetting during the original application process and again during re-registration. If any individual is identified as posing a threat, they may be detained, removed, or referred to other federal agencies for further investigation or prosecution as appropriate. Individuals are barred from TPS if they have been convicted of any felony or two misdemeanors.   The extension of TPS for Venezuelans runs from April 3, 2025, to October 2, 2026, and allows approximately 600,000 eligible current beneficiaries to retain TPS through October 2, 2026, if they re-register and continue to meet TPS eligibility requirements. Venezuelan nationals who registered for TPS under the 2021 Venezuela TPS designation are also eligible to re-register for TPS under this extension, as they meet the same eligibility requirements. Venezuelan TPS beneficiaries must timely re-register during the re-registration period that runs from the publication of Federal Register notice to September 10, 2025, to ensure they keep their TPS and work authorization. DHS recognizes that not all re-registrants may receive a new Employment Authorization Document (EAD) before their current EAD expires and is automatically extending through April 2, 2026, the validity of certain EADs previously issued.

U.S. Citizenship and Immigration Services (USCIS) will continue to process pending applications filed under previous Venezuela designations. Both initial applicants and re-registering current beneficiaries who have a pending Form I-821 or Form I-765 under Venezuela 2023 do not need to file either application again. If USCIS approves an individual’s pending Form I-821, USCIS will grant them TPS through October 2, 2026. Similarly, if USCIS approves a pending TPS-related Form I-765, USCIS will issue the individual a new EAD that will be valid through the same date. 

A soon-to-be-published Federal Register notice will explain the eligibility criteria, timelines, and procedures necessary for current beneficiaries to re-register and renew EADs. Re-registration is limited to individuals who previously registered for and were granted TPS under either the 2021 or 2023 designations for Venezuela.

Source: US Department of Homeland Security