Reposted from CISA/DHS

The U.S. Department of Homeland Security (DHS) released two new resources to mitigate and understand risks posed by AI: 1) Guidelines to mitigate AI risks posed to critical infrastructure and a 2) new report that evaluates the potential for AI to be misused to enable the development or production of Chemical, Biological, Radiological, and Nuclear threats. DHS, in coordination with CISA, developed the new safety and security guidelines to address cross-sector AI risks.

WASHINGTON – Today, the Department of Homeland Security (DHS) marked the 180-day mark of President Biden’s Executive Order (EO) 14110, “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (AI)” by unveiling new resources to address threats posed by AI: (1) guidelines to mitigate AI risks to critical infrastructure and (2) a report on AI misuse in the development and production of chemical, biological, radiological, and nuclear (CBRN).

These resources build upon the Department’s broader efforts to protect the nations’ critical infrastructure and help stakeholders leverage AI, which include the recent establishment of the Artificial Intelligence Safety and Security Board. This new Board, announced last week, assembles technology and critical infrastructure executives, civil rights leaders, academics, state and local government leaders, and policymakers to advance responsible development and deployment of AI.

“AI can present transformative solutions for U.S. critical infrastructure, and it also carries the risk of making those systems vulnerable in new ways to critical failures, physical attacks, and cyber attacks. Our Department is taking steps to identify and mitigate those threats,” said Secretary of Homeland Security Alejandro N. Mayorkas. “When President Biden tasked DHS as a leader in the safe, secure, and reliable development of AI, our Department accelerated our previous efforts to lead on AI. In the 180 days since the Biden-Harris Administration’s landmark EO on AI, DHS has established a new AI Corps, developed AI pilot programs across the Department, unveiled an AI roadmap detailing DHS’s current use of AI and its plans for the future, and much more. DHS is more committed than ever to advancing the responsible use of AI for homeland security missions and promoting nationwide AI safety and security, building on the unprecedented progress made by this Administration. We will continue embracing AI’s potential while guarding against its harms.”

DHS, in coordination with its Cybersecurity and Infrastructure Security Agency (CISA), released new safety and security guidelines to address cross-sector AI risks impacting the safety and security of U.S. critical infrastructure systems. The guidelines organize its analysis around three overarching categories of system-level risk:

• Attacks Using AI:  The use of AI to enhance, plan, or scale physical attacks on, or cyber compromises of, critical infrastructure.
• Attacks Targeting AI Systems: Targeted attacks on AI systems supporting critical infrastructure.
• Failures in AI Design and Implementation: Deficiencies or inadequacies in the planning, structure, implementation, or execution of an AI tool or system leading to malfunctions or other unintended consequences that affect critical infrastructure operations.

“CISA was pleased to lead the development of ‘Mitigating AI Risk: Safety and Security Guidelines for Critical Infrastructure Owners and Operators on behalf of DHS,” said CISA Director Jen Easterly. “Based on CISA’s expertise as National Coordinator for critical infrastructure security and resilience, DHS’ Guidelines are the agency’s first-of-its-kind cross-sector analysis of AI-specific risks to critical infrastructure sectors and will serve as a key tool to help owners and operators mitigate AI risk."

To address these risks, DHS outlines a four-part mitigation strategy, building upon the National Institute of Standards and Technology’s (NIST) AI Risk Management Framework (RMF), that critical infrastructure owners and users can consider when approaching contextual and unique AI risk situations:

• Govern: Establish an organizational culture of AI risk management - Prioritize and take ownership of safety and security outcomes, embrace radical transparency, and build organizational structures that make security a top business priority.
• Map: Understand your individual AI use context and risk profile - Establish and understand the foundational context from which AI risks can be evaluated and mitigated.
• Measure: Develop systems to assess, analyze, and track AI risks - Identify repeatable methods and metrics for measuring and monitoring AI risks and impacts.
• Manage: Prioritize and act upon AI risks to safety and security - Implement and maintain identified risk management controls to maximize the benefits of AI systems while decreasing the likelihood of harmful safety and security impacts.

Countering Chemical, Biological, Radiological, and Nuclear Threats

The Department worked with its Countering Weapons of Mass Destruction Office (CWMD) to analyze the risk of AI being misused to assist in the development or production of CBRN threats, and analyze and provide recommended steps to mitigate potential threats to the homeland. This report, developed through extensive collaboration across the United States Government, academia, and industry, furthers long-term objectives around how to ensure the safe, secure, and trustworthy development and use of artificial intelligence, and guides potential interagency follow-on policy and implementation efforts.

“The responsible use of AI holds great promise for advancing science, solving urgent and future challenges, and improving our national security, but AI also requires that we be prepared to rapidly mitigate the misuse of AI in the development of chemical and biological threats,” said Assistant Secretary for CWMD Mary Ellen Callahan. “This report highlights the emerging nature of AI technologies, their interplay with chemical and biological research and the associated risks, and provides longer-term objectives around how to ensure safe, secure, and trustworthy development and use of AI.  I am incredibly proud of our team at CMWD for this vital work which builds upon the Biden-Harris Administration’s forward-leaning Executive Order.”

See Original Post

Reposted from CISA/DHS

The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the Idaho Office of Emergency Management and the Oregon Department of Emergency Management, is holding the first event in the 2024 Public Private Partnership Security and Resilience Seminar Series, which will provide valuable information from subject matter experts sharing critical infrastructure best practices, valuable lessons, and preparedness resources.
On May 9, 2024 (12-pm ET / 9-am PT), this 90-minute virtual seminar - Introduction to Violence Prevention Strategies and Resources - will offer insights into data-informed approaches to targeted violence prevention. This seminar aims to bridge the gap between research, policy formulation, and local-level implementation of violence prevention strategies. Guest speakers for this seminar will include representatives from:

• DHS Center for Prevention Programs and Partnerships (CP3)

• DHS National Threat Evaluation and Reporting (NTER) Program Office

• U.S. Secret Service National Threat Assessment Center (NTAC)

• CISA Office of Security Programs

• Roseville Police Department in California

See Original Post

Reposted from EMR-ISAC

CISA’s Emergency Services Sector Management Team (ES SMT) is hosting a 3-part webinar series in May on artificial intelligence (AI):

• Webinar 1 - Artificial Intelligence and the Emergency Services Sector, Wednesday, May 1, 1-2 p.m. EDT. This webinar will provide an overview of AI and will discuss the development of the Emergency Services Sector (ESS) Artificial Intelligence Working Group (AIWG). ESS subject matter experts will discuss use of AI in emergency services. CISA will roll out its first AI Fact Sheet during this webinar.
• Webinar 2 - Artificial Intelligence and the Emergency Services Sector: Benefits and Challenges, Wednesday, May 8, 1-2 p.m. EDT. With the assistance of AI, first responders can perform their duties more effectively. This webinar will discuss some of the challenges that come with using these tools. CISA will roll out its second AI Fact Sheet during this webinar.
• Webinar 3 - Artificial Intelligence and the Emergency Services Sector: Case Studies, Wednesday, May 15, 1-2 p.m. EDT. The case studies that will be discussed offer current examples, per subsector, of efforts underway in developing AI tools and algorithms that may benefit the ESS. CISA will roll out its third AI Fact Sheet during this webinar.
• See Original Post

Reposted from EMR-ISAC

April is Autism Acceptance Month. Throughout April, the Department of Health and Human Services (HHS), Interagency Autism Coordinating Committee (IACC) and many national and international advocacy groups have been honoring the contributions and recognizing the needs of people on the autism spectrum.

Autism awareness is essential for all members of the community, but it is especially important for first responders. People with autism may have difficulty understanding and interpreting social cues, exhibit sensory overwhelm and sensitivities, and have unique ways of processing information. People with autism also have higher-than-average mortality rates, often from accidental death such as drowning or being hit by a car, or from medical causes, in particular epilepsy.

The 2024 Fire Department Instructor’s Conference (FDIC) International, which just wrapped up last week, featured a classroom session, Autism Awareness for First Responders. The Journal of Emergency Medical Services (JEMS) previewed this classroom session in March. The article provides tips on communication, performing a medical or trauma assessment on a patient with autism, and awareness information on wandering. Wandering, or elopement, among the autism community is of particular concern for first responders.

Additionally, the White House’s proclamation of April 2, 2024, as Autism Acceptance Day, highlighted the reauthorization of Kevin and Avonte’s Law, which was so named to honor the memory of Kevin Wills and Avonte Oquendo, two boys with autism who tragically perished after wandering away from supervised settings. This law will allow for the expansion of training for first responders and caregivers.

Kevin and Avonte’s Law provides the foundation for the International Association of Chiefs of Police (IACP) Home Safe program, which released a suite of resources in September 2023 for first responders:

• Understanding Children on the Autism Spectrum: A Guide for First Responders.
• Children on the Autism Spectrum: Search Protocols and Questionnaire for First Responders.
• Tips for Caregivers Supporting Children on the Autism Spectrum.

Emergency response agencies may also want to explore best practices for response to individuals with autism that are being adopted by other agencies. EMS1 recently featured two emergency medical services (EMS) agencies’ best practices. Gold Cross ambulances in Salt Lake City, Utah, introduced specialized kits for paramedics in its ambulances designed to enhance their response to patients with autism. Earlier this year, a Minnesota family with an autistic son developed ‘sensory emergency kits’ for police, fire, and other first responder personnel to help them interact with kids and adults with autism.

These publications can be used by all first responders for training or updating standard operating procedures, guidelines, and plans related to response to incidents involving individuals with autism.

See Original Post

Reposted from CISA/DHS

Ransomware continues to evolve as a scourge on critical services, businesses, and communities worldwide, causing costly incidents that are increasingly destructive and disruptive. Based on recent industry reporting, it costs businesses an average of $1.85 million to recover from a ransomware attack.³ In addition, 80% of victims who paid a ransom were targeted and victimized again by these criminals.⁴ The economic, technical, and reputational impacts of ransomware incidents, throughout the initial disruption and, at times, extended recovery, continue to pose a challenge for organizations large and small. 

To directly reduce the attack surface and impact of ransomware attacks, the Cybersecurity and Infrastructure Security Agency’s (CISA) Ransomware Vulnerability Warning Pilot (RVWP) focuses on proactive risk reduction through direct communication with federal government, state, local, tribal, territorial (SLTT) government, and critical infrastructure entities to prevent threat actors from accessing and deploying ransomware on their networks. Aligned with the Joint Ransomware Task Force, this pilot provides timely notification to critical infrastructure organizations to mitigate vulnerabilities and protect their networks and systems by using existing services, data sources, technologies, and authorities.  

A key service used for warning organizations of ransomware-related vulnerabilities is our Cyber Hygiene Vulnerability Scanning, which monitors internet connected devices for known vulnerabilities and is available to any organization. Organizations participating in this no-cost service typically reduce their risk and exposure by 40% within the first 12 months and most see improvements in the first 90 days. Because the service looks for exposed assets, whether planned or inadvertent, it identifies vulnerabilities that would otherwise go unmanaged. For its use in support of RVWP, it informs organizations of those vulnerabilities commonly associated with known ransomware exploitation.  

See Original Post

Reposted from Cultural Safeguard Alliance

We are excited to launch the Cultural Property Protection 2024 Benchmarking Survey! Developed by the Center for Audience Research & Evaluation at Crystal Bridges Museum of American Art, this survey is tailored specifically for cultural property protection and was informed by the American Alliance of Museum's surveys and general facilities reports.

The survey aims to gather crucial insights for the security, public safety, and protection departments in cultural properties. Your valuable input will be instrumental in enhancing the safeguarding of cultural assets as well as ensuring the safety and security of these institutions. Your expertise is key to preserving our cultural legacy!

In addition to participating in the survey, we hope that you will share this survey with your colleagues at other cultural property sites. The more institutions that participate, the better this information can help our field. Please limit survey responses to one per site/institution. 

The survey will close Friday, May 24th. We will take a couple of weeks to analyze the results, which will be presented at the IFCPP Conference in Chicago this June! Sometime after the conference the survey results will be available to CSA Members (free to join) on the website - www.culturalsafeguardalliance.org.

Cultural Property Protection 2024 Benchmarking Survey

The survey aims to gather crucial insights for the security, public safety, and protection departments in cultural properties. Your valuable input will be instrumental in enhancing the safeguarding of cultural assets as well as ensuring the safety and security of these institutions. Your expertise is key to preserving our cultural legacy!

survey.co1.qualtrics.com

See Original Post

Reposted from American Alliance of Museums

Reposted from Apple

See Original Post

Reposted from EMR-ISAC

Law enforcement agencies across four states were left scrambling following reports of major 911 outages that saw millions unable to contact authorities late Wednesday, April 17. Many of the outages — reported in Nebraska, Nevada, South Dakota and Texas — were restored by the late evening. So far, there's no indication that the 911 outages overnight were caused by a cyberattack or other malicious act, law enforcement officials told NBC News on Thursday.

See Original Post

Reposted from EMR-ISAC

The National Security Agency (NSA) is releasing a Cybersecurity Information Sheet (CSI) on Monday, April 15, Deploying AI Systems Securely: Best Practices for Deploying Secure and Resilient AI Systems. The CSI is intended to support National Security System owners and Defense Industrial Base companies that will be deploying and operating AI systems designed and developed by an external entity.

The CSI is the first release from NSA’s Artificial Intelligence Security Center (AISC), in partnership with the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security, the New Zealand National Cyber Security Centre (NCSC-NZ), and United Kingdom National Cyber Security Centre (NCSC-UK).

While intended for national security purposes, the guidance has application for anyone bringing AI capabilities into a managed environment, especially those in high-threat, high-value environments.

See Original Post