Reposted from EMR_ISAC

On April 16, the Department of Homeland Security (DHS) announced more than $1.8 billion in funding for eight fiscal year (FY) 2024 preparedness grant programs. These grant programs provide critical funding to help state, local, tribal and territorial (SLTT) officials prepare for, prevent, protect against and respond to acts of terrorism and disasters.

DHS continues to emphasize six national priority areas in the FY 2024 grant cycle: cybersecurity; soft targets and crowded places; intelligence and information sharing; domestic violent extremism; community preparedness and resilience; and election security.

See Original Post

Reposted from The Guardian

Firefighters at Copenhagen’s historic former stock exchange have been battling a huge blaze that has engulfed the 17th-century building’s roof, toppled its distinctive spire and threatened one of Denmark’s most valuable art collections.
“We are witnessing a terrible spectacle. The Bourse is on fire,” the Chamber of Commerce, which occupies the building next to Christiansborg Palace, the seat of the Danish parliament, wrote on X. “Everyone is asked to stay away.”
Dramatic footage showed huge plumes of black smoke rising from the Dutch Renaissance-style building, which was undergoing renovation and clad in scaffolding. Police said they had blocked off a main road and part of the city centre.
Copenhagen’s fire service said the blaze was reported at 7.30am. The extensive scaffolding around the building was making it significantly harder to tackle the flames, it said, while the Bourse’s copper roof was trapping the heat.
“The extinguishing work is very difficult,” said a fire service spokesperson, Jakob Vedsted Andersen, adding that there were substantial areas of the building that firefighters could not yet access because it was too dangerous.
Parts of the roof had collapsed and the fire had spread to several floors, Vedsted said. About 120 people were fighting the fire but only about 40% of it was under control and the operation was expected to continue for at least 24 hours, he said.
About 90 conscripts from the Royal Life Guards, an army unit, were also helping to cordon off the site and secure valuables inside, local media reported.
The Bourse, commissioned by King Christian IV and built between 1619 and 1640, was topped by a 56-metre (184ft) spire in the shape of the tails of four dragons entwined. The building housed Denmark’s stock exchange until 1974.
The dragons on the roof were seen as symbolically protecting the exchange from enemies, as well as from fire, the Chamber of Commerce said on its website. The spire also had three crowns at the top, symbolising the kingdoms of Denmark, Norway and Sweden.
Ulla Kjaer, a senior researcher at the National Museum of Denmark, described the spire as “absolutely iconic”, adding: “There is no other like it in the world.”
King Frederik said Denmark’s royal family “woke up to the sad sight” of “part of our architectural heritage” being destroyed, while the prime minister, Mette Frederiksen, said “irreplaceable cultural heritage” and “a piece of Danish history” was on fire.
The deputy prime minister, Troels Lund Poulsen, described the blaze as “our own Notre-Dame moment”, referring to the devastating blaze that destroyed the roof and spire of the medieval Paris cathedral in April 2019, five years ago almost to the day.
Denmark’s culture minister, Jakob Engel-Schmidt, said on X that 400 years of Danish cultural heritage were in flames. It was “touching to see Bourse staff, emergency services and passing Copenhageners … saving art treasures”, he said.
People were seen rushing in and out of the building carrying works of art to safety, and Danish media reported an annexe of the parliament and several ministries nearby, including the finance ministry, had been evacuated.
The head of the Chamber of Commerce was among those helping to save historic paintings from the building. The pictures were carried to the nearby parliament and the Danish National Archives, which sent 25 staff to help with the rescue operation.
“We have been able to rescue a lot,” a visibly moved Brian Mikkelsen told reporters, adding that many works had already been removed from the Bourse for the extensive renovation. The blaze was nonetheless “a national disaster”, he said.
The Bourse holds one of the country’s most valuable collections of art, including the iconic From the Copenhagen Stock Exchange, by the 19th-century Danish-Norwegian artist Peder Severin Krøyer, which was carried to safety by eight people.
Finished in 1895, the painting shows a large group of men in coat-tails standing in the exchange hall. It was paid for by the people portrayed, with those in the front having paid 550 Danish kroner to be the most visible, and cheaper rates for those at the back.
Kasper Nielsen, of the auction house Bruun Rasmussen, told local media that Krøyer’s picture was worth millions of kroner, adding: “If, God forbid, the entire Stock Exchange burns down, we are looking at the loss of top-end, inalienable cultural heritage.”
Christiansborg Palace has burned down several times. Most recently, a fire broke out in an annexe of the parliament known as Proviantgården in 1990. Police asked people to avoid the inner part of the city.
Tommy Laursen, of the Copenhagen police, said it was too early to say what caused the Bourse fire and police would not be able to enter the building for “a few days”.
French investigators believe the massive blaze at Notre-Dame – which was also undergoing major renovation at the time – was caused by either a cigarette end or an electrical short circuit.
Most of the cathedral’s lead-clad timber roof was destroyed but the vaulted stone ceiling prevented massive interior damage and allowed priceless relics and artwork to be rescued. Notre-Dame is due to reopen in December.

See Original Post

Reposted from National Trust for Historic Preservation

Reposted from Newswire

Reposted from CISA/DHS

The Cybersecurity and Infrastructure Security Agency (CISA) is hosting its ninth iteration of the Cyber Storm (CS IX) Cyber Exercise. It’s the nation’s largest cyber exercise designed to improve the cybersecurity posture of our nation’s critical infrastructure. Through extensive planning, this exercise strengthened cybersecurity preparedness and response capabilities through exercising policies, processes, and procedures for identifying and responding to a multi-sector significant cyber incident impacting critical infrastructure.   CS IX Cyber Exercise generates lessons learned from previous exercises and real-world incidents and presented participants with a challenging scenario to evaluate their incident response capabilities. CISA is hosting more than 2,000 players from all levels of government, the private sector, and international partners. Participants are using this unique opportunity to work together in their response to a simulated national-level cyber incident, improving coordination mechanisms and relationships.  CISA will publish a blog with additional details and results from this Cyber Storm after the event.

See Original Post

Reposted from CISA/DHS

The Cybersecurity and Infrastructure Security Agency, in partnership with National Security Agency, Federal Bureau of Investigation and international partners, released a Cybersecurity Information Sheet (CSI) today, “Deploying Artificial intelligence (AI) Systems Securely: Best Practices for Deploying Secure and Resilient AI Systems.”   This guide provides best practices to secure the deployment environment, validate and protect the AI system, and secure AI operation and maintenance The three goals of this joint guide are:  

1.     Improve the confidentiality, integrity, and availability of AI systems;  

2.     Assure that known cybersecurity vulnerabilities in AI systems are appropriately mitigated; and 

3.     Provide methodologies and controls to protect, detect and respond to malicious activity against AI systems and related data and services. 

The CSI is intended to support organizations that will be deploying and operating AI systems designed and developed by an external entity. It builds upon the previously released joint Guidelines for Secure AI System Development and Engaging with Artificial Intelligence.

See Original Post

Reposted from CISA/DHS

This is DHS I&A’s first assessment of Domestic Violent Extremist threats to
US fiber optic cable lines. This assessment seeks to provide law enforcement and public safety partners with an overview of how DVEs could adopt tactics used by criminal actors to damage US critical infrastructure to further their ideological goals. Domestic Violent Extremists (DVEs) have increasingly discussed targeting
terrestrial fiber optic cables across the United States, raising the threat to
fiber-dependent infrastructure sectors. DVEs frequently discuss that fiber optic cables are a preferred target to disrupt critical infrastructure pursuant to their ideological goals of dismantling current societal structures. The spread of the COVID-19 virus prompted increased telework that has persisted, creating dependencies on fiber optic cable networks that were highlighted within information sharing platforms utilized by some Since 2020, DHS and open-source reporting have shown an uptick in DVEs across ideologies sharing simple tactics specifically related to fiber optic cables. In 2024, a blog utilized by some anarchist violent extremists used a military target assessment method to encourage attacking fiber optics as an “easy” target while referencing past attacks. In 2023, a channel frequently used by environmental violent extremists shared five issues of a magazine that critiqued the tactics used in successful previous attacks. In 2022, the Terrorgram Collective publication discussed tactics for targeting fiber cables, including the use of fifirearms, arson, and power tools.
Several discussions in recent years among users of an online forum
frequented by DVEs describe fiber optic cables as low-cost/high-reward targets to disrupt critical infrastructure. These users indicate a preference for fiber optic
cable cuts due to the perceived simplicity and ability to avoid law enforcement
interdiction. Fiber optic cable cuts often cause cascading effects on critical
infrastructure sectors, such as communications, and delay emergency services
from responding to incidents. Across the United States, fiber optic cable cuts have disrupted 911 services and forced police stations to redirect personnel to field emergency calls through non-emergency lines. Individuals from North Carolina, who intentionally cut fiber optic cables in Connecticut, disabled communications and internet-based financial services to thousands of homes and businesses for hours.
While DVEs have focused on opportunistic or simple attacks thus far,
online narratives about fiber optic vulnerability and increased information sharing could inspire DVEs to engage in larger-scale, pre-planned fiber attacks in the Homeland. Recent attacks in France and Germany that used multiple and coordinated cuts to fiber optics surrounding a target area resulted in blackouts and communications stoppages that strained emergency services’ responses. Information shared online about fiber optic systems and media coverage of attacks could inform DVE attack planning and operations. In February 2024, an online user claiming to be a former cable worker provided a detailed description of how a coordinated group of individuals could disrupt communications for an entire city. In 2023, online discussions, in response to news media coverage of recent attacks, dissected attacks in Sacramento, California, from 2014 and examined the nature of the successful attacks to develop methods for making future attacks more severe, indicating potential pre-planning by actors.  DVEs could also draw inspiration from European attacks that disrupted citywide telecommunications and transportation. Violent extremists in France caused massive disruptions to telecommunications by targeting primary fiber optic cables in several regions. In Germany, travelers were left stranded after actors cut fiber optic lines and caused hours-long train stoppages. Possible indicators of pre-operational planning for a large-scale
fiber optic attack include unauthorized surveillance around fiber optic sites,
particularly connection locations; signs of trespassing or digging around known
fiber connection locations; and successful small-scale fiber optic cuts.

See Original Post

Reposted from  CISA

Welcome to the first issue of “New and Noteworthy,” an update on the
current efforts underway to update the National Cyber Incident
Response Plan (NCIRP) 2024. This publication will keep key partners
informed on the planning process, plan development, and stakeholder
engagement efforts in support of the NCIRP 2024. This “New and
Noteworthy” edition provides a brief overview of the NCIRP, information
about the NCIRP Core Planning Team (CPT), and related engagement
and outreach activities that have happened to ensure the NCIRP 2024
reflects input from relevant stakeholder groups and is more operational
and actionable.
Through the Joint Cyber Defense Collaborative (JCDC), the Cybersecurity and Infrastructure Security Agency (CISA) is
leading the national effort to update the NCIRP. CISA established JCDC to bring together public and private partners to
plan for, exercise, and execute joint cyber defense operations and coordinate the response to significant cybersecurity
incidents. Updating the NCIRP is foundational to the continued unity of effort that JCDC is advancing. This month’s “New
and Noteworthy” provides a brief overview of the NCIRP and the efforts underway to make it more operational and
actionable, related engagement and outreach activities, as well as an overview of the broad group of stakeholders who
represent the varied elements of national cyber response, and the ongoing joint planning to ensure the new version of the
NCIRP reflects input from relevant stakeholder groups. We call this group of stakeholders our Core Planning Team (CPT)
which is a diverse and essential group of individuals who play a crucial role in our NCIRP 2024 planning process.
NCIRP Background and Overview:
The NCIRP was initially developed and written to align with Presidential Policy Directive 41 (PPD-41) on U.S. Cyber
Incident Coordination and describes how the federal government, private sector, and SLTT government activities will
organize to manage, respond to, and mitigate the consequences of significant cyber incidents. The NCIRP leverages
principles from the National Preparedness System (NPS) to articulate how the nation responds to and recovers from
significant cyber incidents. Due to the evolving cyber threat landscape—including increasing risks to critical infrastructure
and public services—the need to update the NCIRP has never been greater.
CISA is working with JCDC participants and other partners to gather input and feedback that will be considered for the
NCIRP 2024. The NCIRP 2024 update is one of the JCDC 2024 Priorities, which calls for bringing together government
and the private sector to prepare for major cyber incidents.
Making the NCIRP More Operationally Actionable:
The NCIRP 2024 will incorporate lessons learned since the 2016 release, include contributions from public-private
partners who play a critical role in national cyber incident response, and establish a foundation for continued
improvement of the nation’s response to significant cyber incidents. The NCIRP 2024 will also address Strategic Objective
1.4 of the 2023 National Cybersecurity Strategy, which calls for updating federal incident response plans and processes.

See Original Post

Reposted from CISA

The Vehicle Incident Prevention and Mitigation Security Guide offers a recommended framework of Plan-Prevent-Protect for critical infrastructure owners and operators, as well as those responsible for pedestrian safety in proximity to those sites, against vehicle threats. Featuring an introductory overview of the vehicle incident threat environment, the Guide outlines options for planning—which includes conducting a risk assessment, creating an emergency operations plan, connecting with professional security subject matter experts, and exploring funding opportunities for mitigations. Recommendations for preventive measures include implementing safe crowd management and traffic management principles, being aware of concerning behaviors in individuals and suspicious vehicle activity, establishing a strong culture of reporting and staff training, and using a layered approach to security. Protection includes implementing appropriate and appropriately installed active and passive barriers and understanding industry standards for perimeter protection devices.

See Original Post

Reposted from CISA 

See Original Post