Reposted from CISA/DHS

We’ve dedicated our November 20 CISA Live! to Making Progress on Critical Infrastructure Security and Resilience. Hosted on LinkedIn, this event will feature CISA’s Executive Assistant Director for Infrastructure Security, Dr. David Mussington, who will share key areas of progress and highlight CISA’s recent initiatives and valuable resources designed to help all Americans Resolve to be Resilient. Bring your questions, since event participants can also participate in a live question & answer session. Join us on November 20 at 11:30AM ET and feel free to share this invite and the event page with others who may be interested, too. 

See Original Post

Reposted from CISA/DHS

In case you missed it, the Department of Homeland Security (DHS) released a significant set of recommendations aimed at advancing the safe and secure deployment of Artificial Intelligence (AI) in critical infrastructure. The Roles and Responsibilities Framework for Artificial Intelligence in Critical Infrastructure (the "Framework") provides essential guidance to stakeholders across the AI supply chain, from cloud providers and developers to critical infrastructure operators and civil society. This collaborative Framework, developed with insights from the DHS Artificial Intelligence Safety and Security Board—a public-private advisory group with leaders from industry, academia, civil society, and government—marks a critical step forward in ensuring the responsible use of AI in essential services that Americans rely on every day.

Key Highlights of the Framework:

 Collaborative Guidance: The Framework includes specific actions for key stakeholders—cloud and compute providers, AI developers, critical infrastructure owners, civil society, and public sector entities—to mitigate risks, safeguard consumer rights, and promote safe and transparent AI practices.

 Comprehensive Coverage: It addresses vulnerabilities unique to AI in critical infrastructure, such as attacks using AI, attacks targeting AI systems, and design failures, while also supporting a "Secure by Design" approach for AI developers.

 Endorsement from Leadership: DHS Secretary Alejandro N. Mayorkas emphasizes the transformative potential of AI in strengthening U.S. critical infrastructure resilience, urging leaders across sectors to embrace and implement the Framework.

If widely adopted, this voluntary Framework will not only improve the safety and reliability of critical services like power, water, and telecommunications but also build trust and transparency between entities involved in AI development and deployment.

See Original Post

Reposted from CISA/DHS

The Cybersecurity and Infrastructure Security Agency (CISA) released the Venue Guide for Security Considerations. CISA is committed to partnering with venue operators in mitigating the threat of targeted violence and preparing for any potential incidents. The guide serves as a broad catalog to support safe and secure day-to day operations and event management planning and execution. Applying the guide will enable venue operators to effectively identify and manage risk. This guide aims to help venue operators enhance safety, protect assets, and create secure environments through effective security measures and best practices. The guide:

1. Provides guidance for venues, such as evaluating security measures, complexity levels, costs, options, and threats mitigated by these measures. By balancing these factors, venues can create a secure environment for operators and guests.
2. Recommends broadly applicable considerations for evaluating security practices, such as assessing measures and improving physical security compliance to ensure staff and visitor safety.
3. Offers actionable guidance for prioritizing the most effective security practices and proactively reducing the risk of major threats.
4. Provides venue operators with a tailored menu of security options, allowing them to select the most suitable and effective measures for their venue’s budget, size, location, and risk factors.

See Original Post

Reposted from EMR-ISAC InfoGram

On Nov. 7, CISA announced the kickoff of Critical Infrastructure Security and Resilience (CISR) Month. CISR Month is CISA’s annual effort to educate and engage all levels of government, infrastructure owners and operators, and the American public about the vital role critical infrastructure plays in the nation’s security and why it is important to strengthen critical infrastructure resilience. The enduring theme this year remains “Resolve to be Resilient.” Throughout November, CISA is highlighting how critical infrastructure organizations can integrate the following practices to help make our critical infrastructure secure, resilient, and able to bounce back quickly and build back stronger when disruptions occur:

Know Your Infrastructure and Dependencies.

Assess Your Risks.

Make Actionable Plans.

Measure Progress to Continuously Improve.

CISA has provided resources on its Critical Infrastructure Security and Resilience (CISR) Month webpage, which includes a toolkit and social media graphics. The toolkit includes lists with quick actions that can be taken by various stakeholders. For example, state, local, tribal, and territorial governments can help make critical infrastructure more resilient by connecting public safety officials with private sector businesses, and by conducting or participating in a training or exercise to improve security and resilience.

The toolkit highlights CISA’s resources on the following topics:

Active shooter preparedness

Bombing Prevention and C-IED

Chemical security

Federal facility security

Insider threat

School safety

Resilience planning and supply chain security

UAS security

Public gatherings and physical security

Self-assessments and exercises

On Wednesday, Nov. 20 at 11:30 a.m. EDT, CISA will host a CISA Live! event, Making Progress on Critical Infrastructure Security and Resilience. CISA’s Executive Assistant Director for Infrastructure Security will share key areas of progress, highlighting CISA’s recent initiatives and valuable resources designed to help all Americans “Resolve to be Resilient.” Participants will have an opportunity to engage in a live Q&A. Visit CISA’s Critical Infrastructure Security and Resilience (CISR) Month webpage to learn more. Join the Nov. 20 CISA Live! on LinkedIn. Access this event and all past CISA Live! event recordings at https://www.cisa.gov/cisa-live. You can also follow CISA on social media to join the #BeResilient conversation. On Nov. 7, CISA announced the kickoff of Critical Infrastructure Security and Resilience (CISR) Month. CISR Month is CISA’s annual effort to educate and engage all levels of government, infrastructure owners and operators, and the American public about the vital role critical infrastructure plays in the nation’s security and why it is important to strengthen critical infrastructure resilience. The enduring theme this year remains “Resolve to be Resilient.” Throughout November, CISA is highlighting how critical infrastructure organizations can integrate the following practices to help make our critical infrastructure secure, resilient, and able to bounce back quickly and build back stronger when disruptions occur:

Know Your Infrastructure and Dependencies

Assess Your Risks

Make Actionable Plans

Measure Progress to Continuously Improve

CISA has provided resources on its Critical Infrastructure Security and Resilience (CISR) Month webpage, which includes a toolkit and social media graphics. The toolkit includes lists with quick actions that can be taken by various stakeholders. For example, state, local, tribal, and territorial governments can help make critical infrastructure more resilient by connecting public safety officials with private sector businesses, and by conducting or participating in a training or exercise to improve security and resilience.

See Original Post

Reposted from EMR-ISAC InfoGram

The Homeland Defense & Security Information Analysis Center (HDIAC) will host a webinar on Wednesday, Nov. 20 at 12 p.m. EDT, Don’t Forget to Inform the Public: Why Messaging Matters. Throughout the course of various crises, communication from government agencies and key stakeholders is critical. Unfortunately, this communication has been upended many times in a variety of ways. To alleviate public fear, some organizations have fallen into the trap of downplaying the seriousness of a catastrophic event.  In other cases, information posted on social media has been usurped by others and twisted into conspiracy theories or misinformation. This webinar will explore some historical successes and failures of public communications. A theme will emerge in which targeted communications and partnerships with organizations and individuals, heretofore ignored as a legitimate podium for public information dissemination, are critical in achieving information goals.

Key takeaways will include the following:

• The importance of messaging for managing crises.
• Maintaining public trust through messaging.
• Examples of targeted campaigns with successful results.
• Engaging with social media influencers.
• Enhancing training for public information officers.

HDIAC is a component of the U.S. Department of Defense’s (DoD's) Information Analysis Center (IAC) enterprise, serving the defense enterprise of DoD and federal government users and their supporting academia and industry partners. HDIAC regularly hosts live online technical presentations featuring a DoD research and engineering topic within one of HDIAC’s technical focus areas. These include many homeland defense topics relevant to the emergency services sector, such as medical and CBRNE defense, critical infrastructure protection, counterterrorism, environmental security, aviation security, law enforcement, building and facilities security, border security, disaster/emergency response and recovery, and cybersecurity/information management. This webinar is open to the public. Learn more and register at HDIAC.DTIC.MIL.

See Original Post

Reposted from EMR-ISAC InfoGram

Zero-days comprised the majority of the most routinely exploited vulnerabilities last year, an increase from 2022 which allowed cybercriminals to attack higher-priority targets, Five Eyes cyber officials said in a Tuesday advisory. The top five vulnerabilities exploited by attackers in 2023 were found in three vendors (Citrix, Cisco, and Fortinet) across networking devices, remote access servers and firewalls. Last year, the two pairs of CVEs in Citrix and Cisco products, respectively, comprised the four most-exploited vulnerabilities of the year.

See Original Post

Reposted from EMR-ISAC InfoGram

On Nov. 12, the House Committee on Homeland Security has released a new Cyber Threat Snapshot examining growing threats posed by malign nation-states and criminal networks to the homeland and the data of Americans. Unfortunately, cyberattacks on critical infrastructure increased 30 percent globally last year. To undermine U.S. sovereignty, Iranian hackers used spear-phishing to target campaign networks and government officials; China allegedly backed hacking group Salt Typhoon to infiltrate candidates’ phones; and Russia used a botnet to target social media feeds in an effort to spread their malign influence. From Iran-backed intrusions into our water sector and the targeting of satellites to the Chinese Communist Party-affiliated ‘Typhoon’ intrusions into numerous facets of our critical infrastructure, nation-states see the dangerous value in disrupting, manipulating, or surveilling the operational and information technology that supports the daily lives of Americans. Cyber insecurity also impacts the health and wellness of Americans, as cybercriminals increasingly target hospitals and other healthcare entities for ransom. The intrusions into the Ascension Health hospital system and Change Healthcare, a UnitedHealth subsidiary, showcase the damage that can be done to patient care and privacy when the IT that is foundational to emergency response is undermined by cyber criminals. Read the full Nov. 12 release and Snapshot at Homeland.House.Gov.

See Original Post

Reposted from EMR-ISAC InfoGram

In episode 109 of the Center for Internet Security’s (CIS’) podcast, Cybersecurity Where You Are, CIS’ Vice President of Security Operations & Intelligence and Director of Intelligence & Incident Response examine the scariest malware of 2024. It discusses what makes certain malware strains “scarier” than others, what trends shaped the cyber threat landscape in 2024, and how malware tactics and techniques from 2024 will continue to evolve.

The podcast shares recommendations for how organizations can keep up with the changing cyber threat landscape, including how individuals and organizations can proactively defend themselves and how national strategies are shaping malware defense and incident response.

See Original Post

Reposted from Honeywell

Honeywell

Solutionsphere: Badging solutions for your Enterprise

You're invited: Solutionsphere: Badging solutions for your Enterprise

Join us for a webinar on December 11th at 12:30pm EST unveiling the next generation of workplace security solutions by Telaeris featuring XPressEntry Handheld Badge and Biometric readers. Mark Miller and Derek Masterson will share invaluable insights about how the Telaeris integration with Pro-watch Security Suites can help businesses improve workplace safety.

Don't miss out on learning how these new solutions make security scalable and adaptable in any setting.

Date Dec 11, 2024

Time 12:30 PM EST

Location Zoom Webinar

REGISTER HERE

Here is what you will learn during the webinar:

· What are the benefits of integrating biometric verification technologies into existing security protocols

· How can XPressEntry enhance access control systems to ensure comprehensive workplace security

· The benefits of integrated emergency mustering and accountability

Speakers:

Mark Miller, Business Development Manager, Telaeris

Derek Masterson, Vertical Account Manager, Honeywell

Maureen Bruen, Consultant and Business Development Manager, Honeywell

See Original Post

Reposted from Cuseum

Hey there, museum professionals, administrators and membership managers! We know you’ve got enough on your plate; from safeguarding priceless artifacts to planning the next big exhibition or patron event.

But guess what? Your organization’s digital assets and data need your attention and protection too! So, we’ve put together a simple and practical 8 step guide on how to safeguard your data just in time for October, which is Cybersecurity Awareness Month. Let’s dive in and don’t worry; we’ve got a fictional case for each step to make it extra relatable. The Museum of Ancient Wonders realized they hadn’t updated their systems or reviewed their security practices in ages (seriously, not since their "Dinosaur Dance Party" exhibit in 2015!). Their outdated systems made them vulnerable to ransomware attacks. After conducting their security practices, the museum resolved a vulnerability that could have led to a costly security disaster. Crisis averted!  Supporting Data: According to Accenture’s Cybersecurity Study, 60% of businesses do not perform regular security audits, making them prime targets for cyberattacks. Don’t let this be you! Pro Tip: Schedule an audit of your digital infrastructure at least annually to catch any vulnerabilities before the cyber-baddies do! Over at the Cosmic Catfish Zoo & Aquarium, a staff member clicked on a phishing email (oops), and suddenly their entire system was at risk! But thanks to multi-factor authentication (MFA) that was enabled on various systems (including Cuseum), the hackers couldn’t get in. Supporting Data: Did you know that 99.9% of account hacks can be prevented with MFA? Yup, according to Microsoft’s 2023 cybersecurity study, it’s one of the simplest and most effective ways to lock down your systems. Pro Tip: With MFA, your staff will need more than just a password to access systems. Think of it as adding a second lock to the museum vault; and who doesn’t love extra security?

See Original Post