Reposted from DHS

WASHINGTON – Today, the Department of Homeland Security (DHS) released the 2024 Homeland Threat Assessment (HTA), which continues to identify a high risk of foreign and domestic terrorism in 2024. The HTA provides the public and the Department’s partners with a detailed report on the most pressing threats to the United States as part of the Biden Administration’s continuing effort to assist them in preparing for, preventing, and responding to the diverse and dynamic threat environment.  

Going forward, the annual HTA will serve as the primary mechanism for sharing the terrorism threat level, which has previously been done through the National Terrorism Advisory System (NTAS). The issuance of NTAS advisories will be reserved for situations where DHS needs to alert the public about a specific or imminent terrorist threat or about a change in the terrorism threat level. This shift will provide the public and DHS partners both in-depth annual reports and urgent updates, as needed.  

“Sharing information with the public on the threats we face is a vital part of protecting our homeland from today’s evolving security challenges,” said Secretary of Homeland Security Alejandro N. Mayorkas. “The annual Homeland Threat Assessment is a publicly available resource on the most pressing challenges facing the nation. By sharing our analysis of the threat landscape, we will enable our partners across state, local, tribal, and territorial government, along with the private and non-profit sectors, to make better-informed decisions that account for these security challenges.”   

Assessments from the 2024 HTA:  

• Foreign and Domestic Terrorism: The Department expects the threat of violence from individuals radicalized in the United States to remain high, but largely unchanged, mainly seen through lone offenders or small group attacks that occur with little warning. While sustained counterterrorism pressure has significantly degraded the ability of foreign terrorist organizations to target U.S. interests, foreign terrorist groups like al-Qa’ida and ISIS are seeking to rebuild overseas, and they maintain worldwide networks of supporters that could seek to target the homeland. 
• Border and Immigration Security: The complex border and immigration security challenges we have faced over the last year are likely to continue. In addition to the immigration challenges, the trend of an increased supply of fentanyl and variations in its production during the last year that have increased the lethality of these drugs is expected to continue. 
• Foreign Misinformation: The spread of mis-, dis-, and malinformation aimed at undermining trust in government institutions, social cohesion, and democratic processes will remain a likely strategy for adverse nation-states. Foreign actors leverage cyber and Artificial Intelligence (AI) tools to bolster their malign influence campaigns by improving the translation quality of their content. 
• Economic Security: We expect adverse nation states to continue using predatory economic practices, espionage, and cyber-attacks to try harm the U.S. economy, gain advantage for foreign companies, and steal U.S. intellectual property and trade secrets. 

Examples of DHS Efforts to Combat Threats Identified in the 2024 HTA: 

• United States Secret Service’s National Threat Assessment Center (NTAC) provided over 280 trainings and briefings to over 28,000 participants in the past year, the most in the NTAC’s history, including to state and local law enforcement, government officials, educators, mental health professionals, faith-based leaders, and workplace security managers across the country.  
• In 2022, DHS’s Nonprofit Security Grant Program (NSGP) awarded over $250 million in funding to support target hardening and other physical security enhancements to non-profit organizations at high risk of terrorist attack.   
• DHS provides funding for state, local, tribal, and territorial governments, nonprofits, and institutions of higher education with funds to establish or enhance capabilities to prevent targeted violence and terrorism through its Targeted Violence and Terrorism Prevention (TVTP) Grant Program. On September 6, 2023, DHS awarded $20 million in funding to 34 organizations working to develop and strengthen their community’s capability to combat targeted violence and terrorism.  
• In addition to biometric and biographic screening and vetting of every individual encountered, CBP has expanded information sharing agreements with international partners to enhance their ability to prevent, detect, and investigate trafficking and other crimes. CBP’s National Targeting Center continuously works to detect individuals and travelers that threaten our country's security, while also building a network of partner nations committed to fighting global threats.  
• DHS launched the Prevention Resource Finder (PRF) website in March 2023 in collaboration with more than a dozen federal partners. The PRF is a comprehensive web repository of federal resources available to help communities understand, mitigate, and protect themselves from targeted violence and terrorism.  
• The DHS Center for Faith-Based and Neighborhood Partnerships engages a coalition of faith-based and community organizations, as well as members of the Faith-Based Security Advisory Council (FBSAC), which DHS reconstituted in July 2022, to help build the capacity of faith-based and community organizations seeking to protect their places of worship and community spaces.  
• I&A’s National Threat Evaluation and Reporting Program continues to provide tools and resources for federal, state, local, tribal, and territorial partners on preventing terrorism and targeted violence, including online suspicious activity reporting training.  
• DHS’s Transportation Security Administration (TSA) Intermodal Security Training and Exercise Program (I-STEP) and Exercise Information System (EXIS®) work with government and private sector partners – including owners and operators of critical transportation infrastructure – to enhance security and reduce risks posed by acts of terrorism.  
• Among many investments and initiatives to counter fentanyl and transnational criminal organizations, the Department's recent Operations Blue Lotus and Four Horsemen stopped nearly 10,000 pounds of fentanyl in just two months. CBP’s Operation Artemis is building on that effort by leveraging intelligence and investigative information derived from Operation Blue Lotus to target the fentanyl supply chain. Concurrently, USBP’s Operation Rolling Wave is significantly increasing inbound inspections at Southwest border checkpoints and HSI is running Blue Lotus 2.0, to continue significantly increasing resources to Ports of Entry, while increasing coordination of operations to target the fentanyl supply chain.  
• DHS’s Cybersecurity and Infrastructure Security Agency (CISA) works with government and private sector partners – including owners and operators of critical infrastructure and public gathering places – to prepare for and respond to cyberattacks, as well as enhance security and mitigate risks posed by acts of terrorism and targeted violence by providing resources addressing Active Shooters, School Safety, Bombing Prevention, and Soft Targets-Crowded Places.  
• DHS’s Center for Prevention Programs and Partnerships (CP3) educates and trains stakeholders on how to identify indicators of radicalization to violence, where to seek help, and the resources that are available to prevent targeted violence and terrorism. 
• In 2021, 2022, and 2023 DHS designated domestic violent extremism as a “National Priority Area” within its Homeland Security Grant Program (HSGP), enabling our partners to access critical funds that help prevent, prepare for, protect against, mitigate, respond to, and recover from related threats.  
• SchoolSafety.gov consolidates school safety-related resources from across the government. Through this website, the K-12 academic community can also connect with school safety officials and develop school safety plans.  

See Original Post

Reposted from CISA

The Cybersecurity and Infrastructure Security Agency (CISA) is pleased to announce the release of a new resource titled, Security Planning Workbook, which can assist critical infrastructure owners and operators with developing a foundational security plan. This workbook is designed to be flexible and scalable to suit the needs of most facilities. It is intended for any individual who is involved with an organization’s security planning efforts, including those with varying degrees of security expertise, who are charged with the safety and security of facilities and people. This product also provides descriptions of critical elements of security planning information, offers a multitude of resources, and includes fillable fields to guide stakeholder efforts.

See Original Post

Reposted from CISA

Today, the Cybersecurity and Infrastructure Security Agency (CISA) is pleased to release a new resource, Protecting Houses of Worship: Perimeter Security Considerations Infographic. This product is a companion piece to the CISA and Federal Bureau of Investigation (FBI) co-branded Protecting Places of Worship: Six Steps to Enhance Security Fact Sheet. The infographic provides Houses of Worship stakeholders with low- to no-cost protective measures to enhance physical security. It also highlights grants and resources available to assist houses of worship in conducting vulnerability assessments, developing and updating security strategies and plans, bolstering physical security, and minimizing the impact of a potential attack.

See Original Post

Reposted from CISA

• On September 28, the Cybersecurity and Infrastructure Security Agency (CISA) kicked off the 20^th Cybersecurity Awareness Month. In tandem, CISA also launched a new, enduring cybersecurity awareness program known as “Secure Our World.” The Secure Our World program promotes behavioral change in all Americans, with a particular focus on how individuals, families and small to medium-sized businesses can Secure Our World by focusing on four critical actions: using strong passwords and a password manager, turning on multifactor authentication (MFA), recognizing and reporting phishing, and updating software. It also asks technology manufacturers to Secure our Products by designing products that are cybersecure right out of the box. Secure Our World is the theme for this year’s Cybersecurity Awareness Month and will remain the enduring theme for future awareness month campaigns.

  This October and year-round, CISA challenges everyone to help secure our

  ·        Use strong passwords that are long, random, and unique to each account, and use a password manager to generate them and to save them.

  ·        Turn on multifactor authentication on all accounts that offer it. We need more than a password on our most important accounts, like email, social media, and financial accounts.

  ·        Recognize and report phishing, as we like to say, think before you click. Be cautious of unsolicited emails or texts or calls asking you for personal information, and don't click on links or open attachments from unknown sources.

  ·        Update software. In fact, enable automatic updates on software so the latest security patches keep devices we are connected to continuously up to date.

•  world by adopting four simple steps that everyone can take to stay safe online:

• Additionally, as part of the effort to Secure Our World, we offer resources and tips: 

·        For individuals and families, the Secure Our World program emphasizes the importance of securing personal accounts, offering guidance on personal device safety, safe internet browsing practices, social media usage, and protecting personal information online. 

·        Small and medium-sized businesses (SMBs) face unique challenges, so we are working to help them Secure Our World by offering tools and resources that can help keep their businesses, employees, customers and, ultimately, our communities safer.

·        Tech manufacturers can Secure Our World by implementing security features built-in by design. Default settings should have the highest security measures implemented, and individuals can manually bypass security features if they don’t want them. Users should not have to opt-in to necessary security measures to make their products safe to use. Products should be safe for end users right out of the box.

By committing to safe online behaviors, we can easily minimize or prevent cybercriminals and hackers from infiltrating our devices and online accounts.

See Original Post 

Reposted from CISA

Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Emergency Management Agency (FEMA) announced the opening of the application process for the Tribal Cybersecurity Grant Program (TCGP) to help tribal governments address cybersecurity risks and threats. The cyber grant program, established by the State and Local Cybersecurity Improvement Act as part of the Bipartisan Infrastructure Law, helps address the unique challenges tribal governments face when defending against cyber threats.    

  

Digital threats impacting Native American and Alaska Native tribes are increasing and becoming more complex. Tribal sovereignty creates unique cybersecurity challenges for these groups that often lack or can’t easily access resources needed to address them.    

  See Original Post

Reposted from CISA

Today, CISA and the National Security Agency (NSA) published Identity and Access Management: Developer and Vendor Challenges, authored by the Enduring Security Framework (ESF), a CISA- and NSA-led working panel that includes a public-private cross-sector partnership. ESF aims to address risks that threaten critical infrastructure and national security systems.

This publication, which follows ESF's Identity and Access Management Recommended Best Practices Guide for Administrators, assesses and addresses challenges developers and technology manufacturers face in identity and access management (IAM). The guidance specifically addresses technology gaps that limit the adoption and secure employment of multifactor authentication (MFA) and single sign-on (SSO) technologies within organizations.

Although the publication primarily addresses challenges facing large organizations, it also provides recommendations applicable to smaller organizations. CISA encourages cybersecurity defenders to review this guidance and to speak to their software vendors about implementing its recommendations.

See Original Post

Reposted from CISA

The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint cybersecurity advisory (CSA) to highlight the most common cybersecurity misconfigurations in large organizations, and detail the tactics, techniques, and procedures (TTPs) actors use to exploit these misconfigurations.

Through NSA and CISA Red and Blue team assessments, as well as through the activities of NSA and CISA Hunt and Incident Response teams, the agencies identified the following 10 most common network misconfigurations:

1. Default configurations of software and applications
2. Improper separation of user/administrator privilege
3. Insufficient internal network monitoring
4. Lack of network segmentation
5. Poor patch management
6. Bypass of system access controls
7. Weak or misconfigured multifactor authentication (MFA) methods
8. Insufficient access control lists (ACLs) on network shares and services
9. Poor credential hygiene
10. Unrestricted code execution

These misconfigurations illustrate (1) a trend of systemic weaknesses in many large organizations, including those with mature cyber postures, and (2) the importance of software manufacturers embracing secure-by-design principles to reduce the burden on network defenders:

• Properly trained, staffed, and funded network security teams can implement the known mitigations for these weaknesses.
• Software manufacturers must reduce the prevalence of these misconfigurations—thus strengthening the security posture for customers—by incorporating secure-by-design and -default principles and tactics into their software development practices.[1]

NSA and CISA encourage network defenders to implement the recommendations found within the Mitigations section of this advisory—including the following—to reduce the risk of malicious actors exploiting the identified misconfigurations.

• Remove default credentials and harden configurations.
• Disable unused services and implement access controls.
• Update regularly and automate patching, prioritizing patching of known exploited vulnerabilities.[2]
• Reduce, restrict, audit, and monitor administrative accounts and privileges.

NSA and CISA urge software manufacturers to take ownership of improving security outcomes of their customers by embracing secure-by-design and-default tactics, including:

• Embedding security controls into product architecture from the start of development and throughout the entire software development lifecycle (SDLC).
• Eliminating default passwords.
• Providing high-quality audit logs to customers at no extra charge.
• Mandating MFA, ideally phishing-resistant, for privileged users and making MFA a default rather than opt-in feature.

See Original Post

Reposted from USSS

The U.S. Secret Service National Threat Assessment Center (NTAC) is pleased to offer live recurring virtual training events on violence prevention to community safety stakeholders throughout the year. In these trainings, our experts and researchers will present findings from NTAC’s research on targeted violence and discuss strategies for preventing acts of violence in our communities. More information about these trainings events is included below.

Enhancing School Safety Using Behavioral Threat Assessment

Description: In this virtual training event, NTAC researchers highlight the key findings and implications from our research on school violence prevention. In this training, you will learn about the background, thinking, and behavior of school attackers and how some schools discovered and stopped plots before violence occurred. This training will provide guidance on how schools may develop or improve existing violence prevention programs utilizing a behavioral threat assessment model.

Intended Audience: School teachers, administrators, counsellors, mental health professionals, school resource officers (SROs), law enforcement officers, and other school safety stakeholders.

Preventing Mass Attacks in Our Communities

Description: In this virtual training event, NTAC researchers discuss important findings from our research on mass attacks perpetrated in public and semi-public spaces, including businesses, restaurants, bars, retail outlets, houses of worship, schools, open spaces, and more. This training will provide guidance on how communities may develop or improve existing violence prevention programs utilizing a behavioral threat assessment model.

Intended Audience: Law enforcement, corporate security, mental health professionals, faith-based community leaders, university faculty, threat assessment team members, and other community safety stakeholders.

See Original Post

Reposted from Artnet News

After the shocking revelation this summer that more than 2,000 objects had been stolen from the British Museum, institutions across the U.K. are facing increased scrutiny in the news, with revelations that thousands of artifacts have been categorized as missing in the last five years.

In the wake of the British Museum scandal, the Daily Mail published a report claiming two of Britain’s most important museums—the Imperial War Museum and the Natural History Museum—“admitted” that more than 1,000 items of historical and scientific significance were missing.

The tabloid claimed that, in response to Freedom of Information requests filed by the reporter, 559 objects had been recorded as being lost from the Imperial War Museum since 2018. The Natural History Museum said more than 540 items had been misplaced, destroyed, or stolen.

The BBC then reported that Museum Wales data revealed that 1,921 items are missing from its collection.

However, museums are now contesting the characterization in the news that there is a broad pattern of art theft or that the institutions deserve increased scrutiny for the missing items.

Unrepresentative data

The Imperial War Museum directly challenged the characterization of its losses reported by the Daily Mail in an email. A spokesperson for the museum—which is comprised of five locations, three of which are in London—said that the data provided per the request cannot accurately be described as objects lost over the past five years.

“It is misleading to state that 559 objects have been lost over the past five years. The ‘dates recorded as lost’ in this data simply represent the date that loss records were last updated on our system and bear little or no relation to the date of actual losses,” the spokesperson said.

The information was pulled from a collections management database started in 2007; it was only considered completed in 2017.

“In reality, the vast majority of these losses date from many years or even decades ago, long before our current collections management systems were put in place,” the spokesperson said. They also characterized the missing objects as “typically low-value, mass-produced items.” This includes 156 maps, 39 photographic negatives, 23 video tapes, and 38 posters.

“In most cases we still have duplicates or digitized versions,” they added.

Thefts and losses “are rare,” according to the spokesperson, because the museum has policies and systems to safeguard the 33.5 million items in its care including “regular audits and spot checks and restricted access” to its collection storage facilities.

“Police carry out a thorough investigation for every lost item and these investigations have never established any evidence of internal malicious activity,” they added.

Additionally, the museum’s Department of Collections Management, established in 2000, has identified ways to make improvements to its labeling and cataloging of items, the spokesperson said.

Comprehensive collection review

Museum Wales, also known as Amgueddfa Cymru, consists of seven institutions, including the National Museum Cardiff and St. Fagans National Museum of History in Cardiff. It has more than 5.3 million objects in its care but has recorded just 16 items taken from its sites since 2017. It also suggested that reporting the 1,921 figure of missing items as new thefts is misleading, and that the items were identified after a “comprehensive review” conducted last year.

“We have robust collections management procedures in place and continually review and improve these procedures on a regular basis,” Museum Wales said.

“However, whilst we have vigorous collection management and security procedures in place, due to the scale of the collection and with at least 1.3 million people visiting our seven museums per annum, some losses are unfortunately inevitable,” a spokesperson said.

Museum Wales said the 16 items that were lost since 2017 are mostly small, domestic items and that the 1,921 missing items from prior to 2017 are considered of low financial value such as agricultural or domestic items. They also include fragments related to excavations and replicas made for display.

“There are a number of coins missing from our collection including many which were transferred to the Schools Handling Collection from the 1950s onwards, when documentation was not as methodical as it is today,” the spokesperson said. “A significant proportion of these are duplicate items and we have better quality examples within our collection.”

Museum Wales noted that it reports all lost, stolen, or deaccessioned items to its board of trustees on a quarterly basis.

The Natural History Museum in London did not respond to request for comment or an information request by press time.

British Museum a unique case?

Despite the emphasis on the British Museum incident as a product of unique circumstances, the institution’s announcement garnered international attention and continues to prompt inquiries into other museums’ collections both in the U.K. and elsewhere.

The British Museum announced in a news release in August that it had fired an employee and begun legal action against that person for the missing, stolen, and damaged items.

As previously reported by Artnet News, the situation highlighted major flaws in the ways museums run their collections such as vulnerabilities with cataloguing, as well as a lack of transparency surrounding collections and accountability for items in their holdings.

“This is a highly unusual incident. I know I speak for all colleagues when I say that we take the safeguarding of all the items in our care extremely seriously. The Museum apologizes for what has happened, but we have now brought an end to this,” museum director Hartwig Fischer said in a statement at the time.

Fischer announced he would resign early, nine days after the scandal broke, and the fired employee was later identified as senior curator Peter John Higgs.

Though some objects were recovered shortly afterward, chairman George Osborne claimed the institution’s reputation had been damaged because of the thefts that occurred “over a long period of time,”  according to a BBC report, which also cited another unnamed expert who called the losses “mind-blowing.”

See Original Post

Reposted from Yahoo News

A Sacramento man was arrested on suspicion of smashing the glass windows of an antique store and stealing more than $100,000 worth of rare artifacts.

Sacramento police arrested the 50-year-old man, who faces charges in connection with the Oct. 1 burglary of Zanzibar Fair Trade on on the 1300 block of Broadway in Land Park after learning he had been arrested in connection to another incident by the Sacramento County Sheriff’s Office.

It was unclear which incident the man was first arrested for by the Sheriff’s Office, but police learned the suspect was reportedly involved in the burglary after deputies found antiques with him, police said.

“We at Zanzibar are extremely grateful for the quick, effective, and professional handling by our case detective and responding officers,” the store wrote in a social media post.

Zanzibar staff also said only 10% of their antiquities and jewelry had been returned. Anyone seeking to help the store should come by and make a purchase, the owners said.

The man was booked into jail on suspicion of burglary possession of stolen property and vandalism, police said. According to jail records, he was also booked on an unrelated felony warrant from county probation officials.

He was being held without bail and was expected to be arraigned Friday afternoon.

See Original Post