Reposted from CISA/DHS

As the nation’s cyber defense agency and the national coordinator for critical infrastructure security and resilience, the Cybersecurity and Infrastructure Security Agency (CISA) today announced a new dedicated webpage with cybersecurity resources to support communities at heightened risk of digital security threats.

Through the Joint Cyber Defense Collaborative (JCDC), CISA has partnered with civil society organizations and technology companies to better understand the cybersecurity needs of high-risk communities, the role that CISA and our technology company partners can play to support their digital security and develop a collaborative planning effort to meet these needs. High-risk communities play a critical role in advancing democratic and humanitarian causes which makes them a uniquely attractive target for Advanced Persistent Threat (APT) actors who can leverage cyber intrusions to undermine the fundamental values and interests common to free societies.

CISA provides resources specifically for high-risk communities, such as:

·        Project Upskill which offers cybersecurity guidance designed to arm individuals from high-risk organizations with simple steps to meaningfully improve their cyber hygiene. It is designed for a non-technical audience so that all individuals in a civil society organization are empowered to take action to bolster their cyber defenses.

·        Cybersecurity Resources for High-Risk Communities offers a wide selection to high-risk communities, such as Cloudflare’s Project Galileo that offers cybersecurity protection, or Google’s Advanced Protection Program that provides additional safeguards against phishing attempts and harmful downloads, or Access Now’s Digital Security Helpline for support with incident response if compromise is suspected.

·        Cyber Volunteer Resource Center is a repository of cyber volunteer programs across the country that provide free, hands-on cybersecurity support to under-resourced organizations. CISA intends to help build capacity by providing a centralized place for prospective volunteers to learn about prerequisites and application processes for joining their local cyber volunteer program, and help qualifying organizations learn how to obtain assistance. CISA also published a blog with more details on the High-Risk Communities effort. All civil society organizations are encouraged to visit the Cyber Resource Hub | CISA, intended to serve as a one-stop-shop for cybersecurity guidance.

See Original Post

Reposted from

The Cybersecurity and Infrastructure Security Agency (CISA) kicks off the third annual Emergency Communications Month to honor the nation’s emergency responders and communicators, emphasizing the importance of emergency communications and the need to work together in building resilient critical infrastructure.  This year, CISA is focusing on how the nation can be “Resilient Together,” highlighting the importance of secure, interoperable emergency communications and how the agency supports this effort in collaboration with its partners across the emergency communications ecosystem. Emergency communications is a complex ecosystem with multiple stakeholders and moving pieces. It is more resilient and secure through strong partnerships and collaboration between emergency responders, government, information technology and communications providers, non-governmental organizations, and even private citizens. All through April, CISA invites the nation to celebrate the people who operate the systems we rely on and learn more about the vital role of emergency communications. 

CISA encourages critical infrastructure organizations, state, local, tribal, and territorial government, and others to significantly bolster communications resiliency and emergency preparedness by enrolling in free priority telecommunications services. These services, which include the Government Emergency Telecommunications Service and Wireless Priority Service, enable essential personnel to communicate when networks are degraded or congested due to weather events, mass gatherings, cyber incidents, or events stemming from human error. 

See Original Post

Reposted from EMR-ISAC

Battery fires have become one of the most challenging and perplexing incidents for the fire service in recent years. With the continued growth in the use and sale of battery-powered devices, the corresponding increase in battery fires warrants a critical conversation about how the fire service can mitigate and respond to battery fire incidents.

The U.S. Fire Administration (USFA) will host a webinar on Wednesday, April 10, from 1-3 p.m., Battery Fires: Before, During, and After the Incident. The webinar is an opportunity to hear from subject matter experts from the USFA; the Fire Safety Research Institute; San Diego Fire-Rescue Department; the Bureau of Alcohol, Tobacco, Firearms, and Explosives; and the Environmental Protection Agency. The speakers will present the key concepts to consider when developing community risk reduction and response plans related to lithium-ion battery fires.

See Original Post

Reposted from CBS

A threatening phone call to officials at the Montreal Museum of Fine Arts forced the evacuation of visitors and staff from the building late Sunday morning, police say.  The call came in around 11:30 a.m., according to Montreal police spokesperson Jean-Pierre Brabant, who says police took the threat seriously.  Numerous officers were deployed to the museum to carry out checks and a security perimeter was quickly established around the area. Brabant says no threat has been identified, but police are continuing their investigation to find out the origin of the call. The museum was particularly busy Sunday morning, with entry being free on the first Sunday of every month.

See Original Post

Emergent Threats and Strategic Hardening Tactics

presented by Dr. Jenni Hesterman, Colonel, US Air Force (retired) 

Dr. Hesterman's presentation will give up-to-the-minute information regarding emergent terrorist and criminal threats. She will unveil the 9 things we're doing wrong in security in 2024 and offer unique hardening tactics for soft target venues and events.   

Dr. Hesterman is the principal investigator on a new project entitled Soft Target-Specific Standards: Current Challenges and Future Implications for the National Counterterrorism Innovation, Technology, and Education Center (NCITE), a DHS Security Center of Excellence at the University of Nebraska, Omaha. This research addresses the absence of specific security standards for soft targets such as cultural properties, entertainment, sports and other public venues. While general security standards provide a foundational framework, the unique characteristics and vulnerabilities of these locations and events may call for context-specific measures for the most effective protection. While onsite, Dr. Hesterman will speak with conference attendees to gather information for this work. We are excited to support NCITE's research on this topic of importance to our community! 

Dr. Jennifer Hesterman is a retired Air Force colonel who served in three Pentagon tours and in multiple command positions in the field. Her last assignment was Vice Commander at Andrews Air Force Base, Maryland, where she led installation security, including the protection of Air Force One. She is the recipient of the Legion of Merit, the Meritorious Service medal with 5 oak leaf clusters and the Global War on Terrorism Service medal.

After her military retirement in 2007, Dr. Hesterman worked as a cleared contractor in Washington, DC performing operational research on international and domestic terrorist organizations, transnational threats, organized crime, human, drug and weapon trafficking, and the terrorist and criminal exploitation of the Internet. She was recently security lead on a 3-year contract to develop an assessment tool and deploy security best practices within the Department of Transportation. In addition to providing vulnerability assessments for critical infrastructure, houses of worship, schools, shopping venues, credit unions, airports, stadiums and businesses, Dr. Hesterman designs and instructs graduate level security courses for the Defense Counterintelligence and Security Agency, Department of Defense. She advises the Homeland Security Training Institute at the College of DuPage in Chicago; the Crisis Response Journal and two DHS Security Centers of Excellence, the National Counterterrorism Innovation, Technology, and Education Center (NCITE) at University of Nebraska and Soft-target Engineering to Neutralize the Threat Reality (SENTRY) at Northeastern University. Dr. Hesterman is an expert witness and conducts forensic security vulnerability assessments to support legal proceedings.

She holds a doctoral degree from Benedictine University, Master of Science degrees from Johns Hopkins University and Air University, and a Bachelor of Science degree from Penn State University. She was a National Defense Fellow at the Center for Strategic and International Studies in Washington, D.C. where she studied the terror-crime nexus; her resulting book, Transnational Crime and the Criminal-Terrorist Nexus, won the Air Force Research Award for 2004. She is a 2006 alumnus of the Harvard Senior Executive Fellows program and was a senior fellow at the Center for Cyber and Homeland Security at George Washington University from 2016-2018.

An academic author for the Taylor & Francis Group, Dr. Hesterman’s book Soft Target Hardening: Protecting People from Attack was the ASIS Security Industry Book of the Year for 2015. The second edition was the ASIS Security Industry Book of the Year for 2019, and the Social Sciences Book of the Year for Taylor & Francis. She also authored Soft Target Crisis Management (2016) and The Terrorist-Criminal Nexus (2013), as well as 33 journal and magazine articles.

Dr. Hesterman is a sought after public speaker, with over 90 keynote, guest speaking and training events in the U.S. and abroad for ASIS, FBI, DHS, DoD, state and local law enforcement, Fortune 10 companies, Major League Baseball, and numerous associations.

See Original Post

Reposted from Tim Richardson

“I’d like to propose a post!”
Yes, I said those embarrassing words in front of dozens of people at my grandparents 50th wedding anniversary.
Then there were the words I said the time that my future wife invited me to attend her final sorority party (which was our first date).
“What’s the matter, you couldn’t find a date?”
It’s a wonder she said yes when I asked her out for a second date!
The chances are high that you are also haunted by the memory of saying something really stupid.
I can think of a lot of embarrassing and utterly ridiculous things that have left my mouth. I have kept a list of my worst verbal slip ups in my mind for many years.
Sometimes the price we pay for saying or doing something stupid could simply result in momentary embarrassment. However, the stakes could be higher than that. Ill-advised words could lose a customer. Poor word choices could prevent us from closing the sale. Our insensitive words could result in damaging a friendship or alienating a family member or co-worker.
Stupid words lose elections, end marriages, stifle careers, and start wars. 
But let’s turn things around—what are the best words you’ve ever said? Words that were exactly right for the situation. Words that brought positivity, encouragement, and life. Words that began friendships and romances, stirred imaginations, and cast visions of future success.
 If you are like me, you probably have a hard time remembering your best words.
Why is it that we remember our spoken mistakes better than our spoken successes?  It’s because we tend to focus on our mistakes, the things we do poorly, like when we fall flat on our face, or say the wrong thing. It’s human nature and we all keep our mistakes and poor decisions in our memory.
I’d like to propose (not protose) that we all start keeping a list of our best words to counter the negative thoughts that lurk in our brains.
Words are important. The worst words are important to avoid saying again, learn from, and then forget.
The best words are important enough to remember, to celebrate, and repeat.

See Original Post

Reposted from Museums Association

If improving cyber security was not already a priority for cultural
institutions, it has surely jumped to the top of everyone’s to-do lists
following last year’s cyber-attack on the British Library. The fallout is still being felt as library staff try to restore online and in-person services that were curtailed by the October incident. The organization is also having to deal with a damaged reputation and the ongoing costs associated with addressing the issue. There was some good news in January when the library managed to get its main catalogue back online. It was also able to offer access to most of its special collections for the first time since the attack. *Far-reaching implications* “What happened to us in October has implications for the whole collections sector,” wrote chief executive Roly Keating in a blog on the British Library’s website. “In the months ahead, we will begin to share the lessons we’ve learned from this experience with partners and peer institutions.”
The British Library is a high-profile institution with a global reputation, but those who think that smaller organizations are less likely to suffer cyber-attacks should think again. A devastating cyber-attack on Hackney Museum in October 2020 received farless publicity. The museum was affected only because it is part of a larger organization, the London Borough of Hackney, but the attack had
far-reaching consequences that still affect all areas of its work. Rebecca Odell, project curator at Hackney Museum, says: “As museums, we create business continuity and emergency salvage plans for use if our venue burns down and collections are destroyed – and we refer to the experience of our cyber-attack as a digital building burning down. "Everything has changed, but there are no ruins that people can see to understand the trauma of what we have experienced and the years it will take to recover. Cyber-attacks change everything, except the expectations of stakeholders and the public.” *‘An everyday hazard’* Odell has a stark warning: “Unfortunately, attacks need to be considered an everyday hazard, and museums need to look beyond prevention to mitigating
the damage. We would like to see more leadership in the sector and the
creation of a template for digital salvage plans to protect collections,
assets and research.” Hackney Museum is not the only UK museum to have been hit. In the winter of2021-22, the Royal Armories was attacked, and its collections management system was down for three months. When it got back online, the museum discovered that the hackers had accessed its back-ups and deleted eight months’ worth of data. Staff are still working on recovering the lost data.
 
Several museums in the US – including MFA Boston, the Rubin Museum of Art
in New York and the Crystal Bridges Museum of American Art in Arkansas –
experienced problems recently after a cyber-attack on third-party tech
company Gallery Systems.
*Growing problem* The problem is clearly growing –and cyber-attacks are costly and time-consuming to sort out. A Financial Times report claimed the British Library will have to spend up to £7m (or 40% of its £16.4m unallocated
reserves) to recover from the cyber-attack. The British Library says media reports about the cost of recovering from the cyber-attack are inaccurate. “The final costs of recovering from the recent cyber-attack are still not confirmed,” a statement reads. “The British Library and its government sponsor, the Department for Culture, Media and Sport, remain in close and regular contact. The library always maintains its own financial reserve to help address unexpected issues and no bids for additional funding have been made at this stage.” Whatever the final costs to the British Library, it won’t be cheap.  So, what can museums and other cultural institutions do to better understand how a hack can happen, what measures they can take to reduce the chances of one occurring, and how they might recover if they do suffer one.
 
The good news is that help and advice are available. The British Library
has received support from the National Cyber Security Centre, which offers
a cybersecurity guide for charities. This aims to help smaller
organizations improve cybersecurity quickly and inexpensively. Mike Ellis, co-director of consultancy Thirty8 Digital, says backing update is crucial, although he does sound a note of caution: “Even if you’ve got a great back-up regime, and you test regularly to make sure you actually can restore, because of the nature of these attacks, you have no idea whether you’re restoring a compromised back-up,” he says. *Compromising usability* Ellis also points out that there is always going to be a compromise between usability and security. “If you’ve got full access to all websites, install whatever software you want on your computer and so on, life is easy,” he says. “But the
compromise is you’re very much more likely to bump into something nasty.
“On the other hand, if you’re locked down and can’t do any of these things, you’ll spend a lot of your life being annoyed that you can’t do what you
need to do – but at least you’re secure. Somewhere in the middle of this is
a context that balances correctly for you and your organization. But it is
always going to be a compromise.” Ellis says it is important for organizations to sort out their approaches to passwords – something that is often ignored.
 
“Few museums have a solid password strategy, in large part because it’s
quite hard to maintain passwords across staff working at several machines,
in several locations and different contexts. “The default becomes ‘just use that same old password we have for everything’ – and before you know it, you’re compromised. Some education needs to happen, as I don’t think many non-nerds understand how hackers move passwords around or publish them on the web. The negative impact of
having a single password, however strong, for all things is not well
understood.” But in a sector with limited funding that uses lots of freelance workers and volunteers, creating a robust password management strategy isn’t straightforward. Indeed, nothing associated with cybersecurity is
straightforward. Nevertheless, all cultural organizations should act now to protect themselves from attacks and plan what to do if their security is
compromised. Backing up your data All charities, regardless of their nature and size, should make regular back-ups of their important data, and should ensure that these back-ups can be restored.
 
By doing this, you are ensuring your charity can still function following
the impact of flood, fire, physical damage or theft. Furthermore, if you
have back-ups of your data that you can recover quickly, your charity will
be more resilient to cybercrime.

See Original Post

Reposted from CISA

On Wednesday, March 27, we are hosting a special CISA Live! – Celebrating Women in National Security LinkedIn Live as we close out Women’s History Month with two women making history! CISA Director Jen Easterly and Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technologies Anne Neuberger come together to highlight the achievements of women in the national security sector and share personal insights on their career paths.  Don’t miss your chance to engage in a live Q&A session with these two extraordinary leaders. This is one event you won’t want to miss!  Join us on March 27 at 12 pm ET with your questions—and feel free to share this invite with others who may be interested.

Register today! CISA Live! – Celebrating Women in National Security.

See Original Post