Category: US Department of Homeland Security

Source: US Department of Homeland Security

During emergency events, the Department of Homeland Security (DHS) works with its federal, state, local, and non-governmental partners to support the needs of the people in the areas that may be impacted.

In such circumstances, U.S. Immigration and Customs Enforcement (ICE) and U.S. Customs and Border Protection (CBP) remind the public that sites that provide emergency response and relief are considered protected areas. To the fullest extent possible, ICE and CBP do not conduct immigration enforcement activities at protected areas such as along evacuation routes, sites used for sheltering or the distribution of emergency supplies, food or water, or registration sites for disaster-related assistance or the reunification of families and loved ones.

At the request of FEMA or local and state authorities, ICE and CBP may help conduct search and rescue, air traffic de-confliction and public safety missions. ICE and CBP provide emergency assistance to individuals regardless of their immigration status. DHS officials do not and will not pose as individuals providing emergency-related information as part of any enforcement activities.

DHS is committed to ensuring that every individual who seeks shelter, aid, or other assistance as a result of a natural disaster or emergency event is able to do so regardless of their immigration status.

DHS carries out its mission without discrimination on the basis of race, religion, gender, sexual orientation or gender identity, ethnicity, disability or political associations, and in compliance with law and policy.

For information about filing a complaint with the DHS Office for Civil Rights and Civil Liberties about these matters, please visit our Make a Civil Rights Complaint page.

Source: US Department of Homeland Security

New Resource for Federal, State, and Local Officials Provides Best Practices for Responsible AI Development in the Public Sector

WASHINGTON – Today, the Department of Homeland Security (DHS) released the “Playbook for Public Sector Artificial Intelligence Deployment,” an innovative guide designed to help government officials improve the delivery of services through the responsible and effective deployment of generative artificial intelligence (GenAI) technologies. The playbook offers actionable steps state, local and federal officials can take and examples of how DHS applied and learned these principles in its own GenAI journey. By implementing the recommended actions and best practices, organizations can build a robust foundation for AI deployment, enhance internal capabilities, and ensure responsible and effective use of AI technologies.

“The rapid evolution of GenAI presents tremendous opportunities for public sector organizations. DHS is at the forefront of federal efforts to responsibly harness the potential of AI technology,” said Secretary of Homeland Security Alejandro N. Mayorkas. “This new resource draws from our own experiences to help state and local leaders adopt AI technologies in their own work. Safely harnessing the potential of GenAI requires collaboration across government, industry, academia, and civil society, and we hope state and local leaders join our effort to foster a responsible, mission-focused culture of innovation.”

“The release of this playbook marks a significant step forward in our efforts to integrate safe and secure AI use responsibly and effectively within the public sector,” said DHS Chief Information Officer Eric Hysen. “By sharing our experiences and best practices, we aim to empower other government agencies to leverage AI in a way that enhances their missions while safeguarding the rights and privacy of the individuals they serve.”

Over the past several years, DHS has been at the forefront of integrating AI into its operations. The Department has developed and implemented numerous AI and machine learning (ML) initiatives to enhance its capabilities in areas such as cybersecurity, border security, disaster response, and immigration services. These efforts include the creation of the DHS Artificial Intelligence Task Force, the publication of the DHS Artificial Intelligence Roadmap, and the establishment of the AI Corps to attract top AI talent. DHS remains committed to advancing AI technologies in a manner that upholds the highest standards of privacy, civil rights, and civil liberties.

The playbook features detailed case studies from DHS’s own pilots, which tested GenAI applications that enhanced investigative leads, assisted local governments with hazard mitigation planning, and created innovative training opportunities for immigration officers. The cutting-edge guide makes recommendations to state and local leaders based on lessons learned from these pilots and is designed to be an accessible resource for public sector organizations at any stage of their AI journey.

The Playbook traces the steps that DHS took in our own development of GenAI applications:

• Develop Mission-Enhancing GenAI Use Cases: Approaches for aligning AI projects with organizational priorities and mission needs.
• Build Coalitions and Foster Effective Governance: Strategies for gaining buy-in within your organization from senior leadership and building cross-organizational coalitions.
• Leverage Tools and Infrastructure: Recommendations for taking advantage of existing technical tools and infrastructure to support AI development.
• Use AI Responsibly and Safely: Principles for minimizing potential harm and ensuring ethical AI use.
• Measure Progress and Defining Success: Methods for tracking the effectiveness of AI deployments through key performance indicators.
• Train Employees and Hiring Technical Talent: Approaches for upskilling current employees and attracting technical talent.
• Seek User Feedback: Best practices for engaging users and stakeholders throughout the AI development lifecycle.

This playbook is a product of the Department’s ongoing commitment to transparency and harnessing the transformative potential of AI while ensuring the safety, security, and privacy of the American people. Most recently, DHS published its updated AI Use Case Inventory, providing public visibility into non-classified and non-sensitive uses of AI across the Department. Additionally, the Department has implemented robust training programs to educate employees on responsible AI use and has engaged with external stakeholders, including Congress and the public, to build trust and demonstrate accountability. In November 2024, DHS launched the Roles and Responsibilities Framework for Artificial Intelligence in Critical Infrastructure, a set of actionable recommendations to help promote safe and secure development and deployment of artificial intelligence across all U.S. critical infrastructure, which was written in consultation with DHS’s AI Safety and Security Board, a public-private advisory committee composed of AI leaders representing industry, academia, civil society, and the public sector. 

DHS will continue to share further lessons learned and updates as it advances its AI initiatives. To read the playbook, visit DHS Generative AI Public Sector Playbook | Homeland Security.

To learn more about the ways DHS is safely and responsibly leveraging AI to protect the homeland, visit the Artificial Intelligence at DHS webpage.

Source: US Department of Homeland Security

Guidance helps all organizations strengthen security in software development life cycle

WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) released new voluntary cybersecurity performance goals for the information technology (IT) and product design sector. The IT Sector Specific Goals (SSGs) are aligned to Secure by Design principles and will help to protect the sector from cyber incidents, identify and address vulnerabilities prior to product release, improve incident response, and significantly improve software security. CISA worked extensively with the IT Sector Coordinating Council (IT SCC) to develop these goals. Through the IT SCC, subject matter experts, associations, and other key partners provided critical, beneficial input and supported the development process.

While specific to the IT sector, the goals provide software and product developers in all critical infrastructure sectors with minimum foundational practices upon which they should focus their efforts. Recommended actions include:

• Logically separate all software development environments from each other using controls such as network segmentation and access controls.
• Regularly log, monitor, and review trust relationships used for authorization and access across software development environments.
• Require multi-factor authentication (MFA)—ideally phishing resistant MFA—to access all software development environments.
• Establish and enforce security requirements for software products used across software development environments.
• Do not store sensitive data or credentials in source code. Instead, store sensitive data and credentials in an encrypted manner, such as using a secret manager.
• Establish a software supply chain risk management program

“The IT SSGs help critical infrastructure sectors significantly strengthen cybersecurity in the design and development of software and hardware. We encourage organizations to review and implement the goals which will benefit and protect the supply chain including consumers,” said CISA Director Jen Easterly, “The industry collaboration was critical to shaping goals with highest-impact and guiding organizations to prioritize their efforts. We applaud organizations that are choosing to take ownership of the security outcomes of their customers.”

CISA encourages product developers to adopt these SSGs to significantly improve the cybersecurity posture of software products, to include those designed for critical infrastructure services, relied upon by our nation. For more information, visit Cybersecurity Performance Goals on CISA.gov. 

###

About CISA 

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on X, Facebook, LinkedIn, Instagram. 

Source: US Department of Homeland Security

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) today issued the following update on last week’s cybersecurity incident at the U.S. Department of the Treasury:

CISA is working closely with the Treasury Department and BeyondTrust to understand and mitigate the impacts of the recent cybersecurity incident.

At this time, there is no indication that any other federal agencies have been impacted by this incident. CISA continues to monitor the situation and coordinate with relevant federal authorities to ensure a comprehensive response.

The security of federal systems and the data they protect is of critical importance to our national security. We are working aggressively to safeguard against any further impacts and will provide updates, as appropriate.

###

About CISA 

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on X, Facebook, LinkedIn, Instagram. 

Source: US Department of Homeland Security

Rule will provide greater benefits and flexibilities for U.S. employers and specialty occupation workers, helping to meet U.S. labor needs

WASHINGTON – The Department of Homeland Security (DHS) announced a final rule that will significantly enhance U.S. companies’ ability to fill job vacancies in critical fields, strengthening our economy. The new rule modernizes the H-1B program by streamlining the approvals process, increasing its flexibility to better allow employers to retain talented workers, and improving the integrity and oversight of the program. The rule builds on previous efforts by the Administration to ensure the labor needs of American businesses are met, while reducing undue burdens on employers and adhering to all U.S. worker protections under the law.

“American businesses rely on the H-1B visa program for the recruitment of highly-skilled talent, benefitting communities across the country,” said Secretary of Homeland Security Alejandro N. Mayorkas. “These improvements to the program provide employers with greater flexibility to hire global talent, boost our economic competitiveness, and allow highly skilled workers to continue to advance American innovation.”

“The H-1B program was created by Congress in 1990, and there’s no question it needed to be modernized to support our nation’s growing economy,” said USCIS Director Ur M. Jaddou. “The changes made in today’s final rule will ensure that U.S. employers can hire the highly skilled workers they need to grow and innovate while enhancing the integrity of the program.”

H-1B nonimmigrant visa program allows U.S. employers to temporarily employ foreign workers in specialty occupations, defined by statute as occupations that require highly specialized knowledge and a bachelor’s or higher degree in the specific specialty, or its equivalent. The final rule aims to provide greater flexibilities for employers and workers by modernizing the definition and criteria for specialty occupation positions as well as for nonprofit and governmental research organizations that are exempt from the annual statutory limit on H-1B visas. These changes will help U.S. employers hire the employees they need to meet their business needs and remain competitive in the global marketplace. The rule also extends certain flexibilities for students on an F-1 visa seeking to change their status to H-1B to avoid disruptions in lawful status and employment authorization for those F-1 students. To improve program efficiency, the final rule will allow USCIS to more quickly process applications for most individuals who had previously been approved for an H1B visa. It will also allow H1B beneficiaries with a controlling interest in the petitioning organization to be eligible for H-1B status subject to reasonable conditions.

Finally, the rule strengthens program integrity by codifying USCIS’ authority to conduct inspections and impose penalties for failure to comply; requiring that the employer must establish that it has a bona fide position in a specialty occupation available for the worker as of the requested start date; clarifies that the Labor Condition Application must support and properly correspond with the H-1B petition; and requires that the petitioner have a legal presence and be subject to legal processes in court in the United States.

In order to implement this rule, a new edition of Form I-129, Petition for a Nonimmigrant Worker will be required for all petitions beginning Jan. 17, 2025, which is the rule’s effective date. Because there cannot be a grace period for accepting prior form editions, USCIS will soon publish a preview version of the new Form I-129 edition on uscis.gov.

Today’s rule builds on a previous final rule, announced in January 2024, which has already dramatically improved the H-1B registration and selection process.

Source: US Department of Homeland Security

Final Rule strengthens worker protections and program integrity, increases flexibility for workers, and improves program efficiency

WASHINGTON – The Department of Homeland Security (DHS) announced a final rule that will allow U.S. companies that need seasonal workers to more quickly and efficiently fill those jobs. The rule will modernize and improve the H-2 nonimmigrant visa programs, which allow qualified U.S. employers who are unable to hire qualified U.S. workers to petition for foreign nationals to fill temporary or seasonal agricultural and nonagricultural jobs. The final rule significantly strengthens worker protections by, among other things, imposing new consequences on companies that charge prohibited fees or violate our labor laws, and provides greater flexibility for H-2A and H-2B workers.

“The H-2 programs strengthen our nation’s economy by supporting the seasonal labor needs of employers that rely on temporary workers,” said Secretary of Homeland Security Alejandro N. Mayorkas. “By modernizing and improving this program, we increase protections for our nation’s workers, help maintain economic growth, and better meet the labor demands of American businesses.”

“Our H-2 programs are very important to the U.S. economy. Many employers across the country need additional labor on a temporary or seasonal basis, whether it’s on our farms or in other industries,” said USCIS Director Ur M. Jaddou. “This final rule makes us more efficient in helping U.S. employers fill their temporary or seasonal positions, while also making sure we’re protecting both U.S. workers and the noncitizen workers who help fuel our economy.”

The rule’s provisions span three areas:

Improving Program Efficiency

This final rule removes the requirement that USCIS may generally only approve petitions for H-2 nonimmigrant status for nationals of countries designated as eligible to participate in the H-2 programs, eliminating the need for DHS to compile and publish annual lists of designated countries.

It also simplifies the rules regarding the effect of a departure from the United States on the 3-year maximum period of stay for workers participating in the H-2 programs, by eliminating the “interrupted” stay provisions and instead providing a uniform period of absence from the United States (at least 60 days) to reset the 3-year clock.

Strengthening Worker Protections and Increasing Program Integrity

This final rule revises and clarifies provisions regarding prohibited fees by strengthening the existing bar on charging certain fees to H-2A and H-2B workers, including by imposing new consequences for companies that charge these fees and denying their H-2 petitions in certain circumstances.

The final rule also institutes certain mandatory and discretionary grounds for denying an H-2A or H-2B petition filed by a petitioner who, among other things, has been found to have committed certain labor or other legal violations or misused the H-2 programs.

Under the rule, H-2A and H-2B workers will now have whistleblower protections comparable to the protections that are currently offered to H-1B workers.

The final rule clarifies requirements for petitioners and employers to consent to, and fully comply with, USCIS compliance reviews and inspections. It also clarifies USCIS’ authority to deny or revoke the approval of a petition if USCIS is unable to verify information related to the petition, including where such inability is due to lack of cooperation from a petitioner or an employer during a site visit or other compliance review.

Enhancing Worker Flexibility

The final rule harmonizes and adds new grace periods. Specifically, it:

• Adds a new grace period for up to 60 days following a cessation of employment, during which an H-2 worker may seek new qualifying employment or prepare for departure from the United States without violating their H-2 status or accruing unlawful presence.
• Extends the existing 30-day grace period following certain revocations to a period of up to 60 days and expands the provision to cover all revocations of H-2 petition approvals.
• Affirms that H-2A and H-2B workers are considered to be maintaining their H-2 status for a period of up to 10 days before the petition’s validity period and up to 30 days following the expiration of that period.

The final rule allows for “portability,” meaning that eligible H-2 nonimmigrants can immediately begin to work with a new employer as soon as the employer properly files an extension of stay petition, rather than requiring them to wait until the petition is approved.

The final rule clarifies that H-2 workers will not be considered to have failed to maintain their H-2 status and will not be denied H-2 classification on the sole basis of having taken certain steps toward becoming lawful permanent residents of the United States.

In order to implement this rule, a new edition of Form I-129, Petition for a Nonimmigrant Worker will be required for all petitions beginning Jan. 17, 2025, which is the rule’s effective date.

Source: US Department of Homeland Security

There are more than one million drones lawfully registered with the FAA in the United States and there are thousands of commercial, hobbyist and law enforcement drones lawfully in the sky on any given day. With the technology landscape evolving, we expect that number to increase over time.

FBI has received tips of more than 5,000 reported drone sightings in the last few weeks with approximately 100 leads generated, and the federal government is supporting state and local officials in investigating these reports. Consistent with each of our unique missions and authorities, we are quickly working to prioritize and follow these leads. We have sent advanced detection technology to the region. And we have sent trained visual observers.

Having closely examined the technical data and tips from concerned citizens, we assess that the sightings to date include a combination of lawful commercial drones, hobbyist drones, and law enforcement drones, as well as manned fixed-wing aircraft, helicopters, and stars mistakenly reported as drones. We have not identified anything anomalous and do not assess the activity to date to present a national security or public safety risk over the civilian airspace in New Jersey or other states in the northeast.

That said, we recognize the concern among many communities. We continue to support state and local authorities with advanced detection technology and support of law enforcement. We urge Congress to enact counter-UAS legislation when it reconvenes that would extend and expand existing counter-drone authorities to identify and mitigate any threat that may emerge.

Additionally, there have been a limited number of visual sightings of drones over military facilities in New Jersey and elsewhere, including within restricted air space. Such sightings near or over DoD installations are not new. DoD takes unauthorized access over its airspace seriously and coordinates closely with federal, state, and local law enforcement authorities, as appropriate. Local commanders are actively engaged to ensure there are appropriate detection and mitigation measures in place.

Source: US Department of Homeland Security

During emergency events, the Department of Homeland Security (DHS) works with its federal, state, local, and non-governmental partners to support the needs of the people in the areas that may be impacted.

In such circumstances, U.S. Immigration and Customs Enforcement (ICE) and U.S. Customs and Border Protection (CBP) remind the public that sites that provide emergency response and relief are considered protected areas. To the fullest extent possible, ICE and CBP do not conduct immigration enforcement activities at protected areas such as along evacuation routes, sites used for sheltering or the distribution of emergency supplies, food or water, or registration sites for disaster-related assistance or the reunification of families and loved ones.

At the request of FEMA or local and state authorities, ICE and CBP may help conduct search and rescue, air traffic de-confliction and public safety missions. ICE and CBP provide emergency assistance to individuals regardless of their immigration status. DHS officials do not and will not pose as individuals providing emergency-related information as part of any enforcement activities.

DHS is committed to ensuring that every individual who seeks shelter, aid, or other assistance as a result of a natural disaster or emergency event is able to do so regardless of their immigration status.

DHS carries out its mission without discrimination on the basis of race, religion, gender, sexual orientation or gender identity, ethnicity, disability or political associations, and in compliance with law and policy.

For information about filing a complaint with the DHS Office for Civil Rights and Civil Liberties about these matters, please visit our Make a Civil Rights Complaint page.

Source: US Department of Homeland Security

Actions direct agencies to deploy specific security configurations to Reduce Cyber Risk 

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) today issued Binding Operational Directive (BOD) 25-01, Implementing Secure Practices for Cloud Services to safeguard federal information and information systems. This Directive requires federal civilian agencies to identify specific cloud tenants, implement assessment tools, and align cloud environments to CISA’s Secure Cloud Business Applications (SCuBA) secure configuration baselines.

Recent cybersecurity incidents highlight the significant risks posed by misconfigurations and weak security controls, which attackers can use to gain unauthorized access, exfiltrate data, or disrupt services. As part of CISA and the broad U.S. government’s effort to move the federal civilian enterprise to a more defensible posture, this Directive will further reduce the attack surface of the federal government networks.

“Malicious threat actors are increasingly targeting cloud environments and evolving their tactics to gain initial cloud access. The actions required by agencies in this Directive are an important step in reducing risk to the federal civilian enterprise,” said CISA Director Jen Easterly. “While this Directive only applies to federal civilian agencies, the threat to cloud environments extends to every sector. We urge all organizations to adopt this guidance. When it comes to reducing cyber risk and ensuring resilience, we all have a role to play.”

As federal civilian agencies implement this mandate, CISA will monitor and support agency adherence and provide additional resources as required. CISA is committed to using its cybersecurity authorities to gain greater visibility and drive timely risk reduction across federal civilian agencies.

The new Directive can be found at Binding Operational Directive (BOD) 25-01. To learn more about CISA Directives, visit Cybersecurity Directives webpage. 

###

About CISA 

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on X, Facebook, LinkedIn, Instagram.

Source: US Department of Homeland Security

Provides federal grant programs with tools and resources to support grant recipients with incorporating cybersecurity into their projects

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) and Office of the National Cyber Director (ONCD) published a guide today with tools and resources to enable grant-making agencies to incorporate cybersecurity into their grant programs and to enable grant-recipients to build cyber resilience into their grant-funded infrastructure projects. This guide is for federal grant program managers, critical infrastructure owners and operators and organizations such as state, local, tribal, and territorial governments who subaward grant program funds, and grant program recipients.

Given the importance of securing the Nation’s critical infrastructure, the Government has made a historic investment through the passage of the Infrastructure Investment and Jobs Act (IIJA), Inflation Reduction Act (IRA), and Creating Helpful Incentives to Produce Semiconductors (CHIPS) and Science Act. The United States has a unique opportunity and national security imperative to build cyber resilience into this next generation of American infrastructure.

This guide, Playbook for Strengthening Cybersecurity in Federal Grant Programs for Critical Infrastructure, helps all grant-making agencies to incorporate cybersecurity requirements into their respective grant programs. It provides tools and resources the grant program can direct applicants towards to support their ability to meet the requirements. Specifically, this guidance contains:

• Recommended actions to incorporate cybersecurity into grant programs throughout the grant management lifecycle.
• Model language for grant program managers and sub-awarding organizations to incorporate into Notices of Funding Opportunity (NOFOs) and Terms & Conditions.
• Templates for recipients to leverage when developing a Cyber Risk Assessment and Project Cybersecurity Plan.
• Comprehensive list of cybersecurity resources available to support grant recipient project execution.

“We are excited to provide this guidance to grant-making organizations, along with our teammates at the Office of the National Cyber Director,” said Jen Easterly, CISA Director. “As organizations seek to take advantage of historic infrastructure grants, it’s critical to ensure the security and resilience of this next generation of American infrastructure in every community across our nation.”

“ONCD, along with our partners at CISA, continues to advocate for cybersecurity to be incorporated into the foundation and design of the Nation’s critical infrastructure,” said Harry Coker Jr., White House National Cyber Director. “As we make investments in rebuilding and updating our infrastructure through funding such as made available from the Investing in America agenda, we have the opportunity and obligation to build in cybersecurity by design. We need infrastructure projects to be shovel ready and cyber ready. That’s why we’re proud that the guidance released today will serve as a helpful resource to help our partners and recipients build cybersecurity into infrastructure projects from the beginning.”

CISA and ONCD developed this playbook to be a minimal burden on the federal grant awarding process. The recommended guidance and actions are flexible for the recipient while providing a mechanism to support inclusion of baseline cybersecurity best practices.

Federal grant program managers administrating grants, the state governments or others sub-awarding grant program funds, and critical infrastructure owners and operators applying for federal grants are encouraged to review and incorporate this guidance.

The playbook can be found here on CISA.gov.

###

About CISA 

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on X, Facebook, LinkedIn, Instagram.