Reposted from BOSCH

Experience unparalleled security with Automated Night Watch - a video solution that automatically detects and deters unauthorized persons or vehicles. Its multi-imager technology detects motion, alerts a pan, tilt, zoom camera, and activates a white light illuminator to deter intruders. Immediate audio intervention with recorded or live messages played through a nearby loudspeaker may deter unauthorized individuals before the authorities need to be alerted.

See Original Post

Reposted from CISA

The Cybersecurity and Infrastructure Security Agency (CISA) published a Cybersecurity Performance Goals (CPG) Adoption Report that provides key findings from analysis conducted on CPGs implemented from October 27, 2022 through August 31, 2024. In October 2022, CISA released the Cybersecurity Performance Goals (CPGs) to help organizations of all sizes and at all levels of cyber maturity become more confident in their cybersecurity posture and reduce business risk. This analysis focused on six CPGs and is based on vulnerability exposure across 7,791 critical infrastructure organizations enrolled in CISA’s Vulnerability Scanning service. Key findings include that the adoption of CPGs led to reduced access to exploitable internet services, quicker resolution of Secure Sockets Layer (SSL) vulnerabilities, and quicker remediation of critical and high severity exploited vulnerabilities. The findings reflect that CPG adoption across critical infrastructure sectors is having a moderate impact. While these trends are progress in the right direction, CISA acknowledges that there is room for improvement. As CISA continues to evolve CPG guidance, CPG adoption analytics will be more granular and apparent. Over time, advancement will allow CISA to infer adoption of more CPGs. CISA continues to encourage organizations to enroll in cyber hygiene services and implement the CPGs.

See Original Post

Reposted from FEMA/HENTF/SCRI

The Smithsonian Cultural Rescue Initiative (SCRI) and the National Museum of the American Indian (NMAI) are excited to announce a new training opportunity aimed to help cultural heritage professionals and emergency management professionals who work with cultural collections in tribal nations. Heritage Emergency and Response Training (HEART) for Native Communities builds on the existing HEART curriculum and blends the expertise of SCRI, and its home unit the Museum Conservation Institute, with the knowledge and experience of our NMAI colleagues. Training will focus on emergency preparedness and response for cultural institutions, specifically Native museums, communities, and heritage. The training will take place April 7-11, 2025, in Washington, D.C. All information about the program, including application instructions, can be found here: https://culturalrescue.si.edu/heritage-emergency-and-response-training-heart-native-communities. Applications are due by February 5, 11:59 p.m.

See Original Post

Reposted from CISA/DHS

The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the Joint Cyber Defense Collaborative (JCDC), released the JCDC AI Cybersecurity Collaboration Playbook, a key resource to guide voluntary information sharing across the Artificial Intelligence (AI) community. Designed for AI providers, developers, and adopters, the playbook addresses emerging threats to AI-enabled systems and critical infrastructure. It outlines processes for sharing information about incidents and vulnerabilities, explains CISA’s actions in response, and fosters collaboration among government, industry, and international partners. Developed with input from 150 experts during tabletop exercises hosted by Microsoft and Scale AI, the playbook is intended to facilitate operational collaboration among government, industry, and international partners. It will be regularly updated to stay aligned with the evolving threat landscape as AI adoption grows.

We encourage you to explore this valuable resource and join us in strengthening collective defenses.

See Original Post

Reposted from CISA/DHS

The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation released revised Product Security Bad Practices, a guide with practices that are deemed especially risky, particularly for software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs). This joint guide does not include every possible inadvisable cybersecurity practice, nor does it impose any implementation requirement. This revised joint guide includes feedback from public comment period in late 2024. The updates include new bad practices, additional context, and clarifications such patching for Known Exploited Vulnerabilities and software manufactures support phishing-resistant multifactor authentication. 

The bad practices in this guide are divided into three categories and focused based on threat landscape. The categories are:  

·       Product properties listed describe observable, security-related qualities of a software product. 

·       Security features listed describe the security functionalities that a product supports.  

·       Organizational processes and policies listed describe the actions taken by a software manufacturer to ensure strong transparency in its approach to security. 

Software products and services that manufacturers should consider when applying this joint guide include on-premises software, cloud services, and software as a service. The lack of inclusion of any particular cybersecurity practice does not indicate that CISA endorses such a practice or deems such a practice to present acceptable levels of risk. Manufacturers who develop software products and services used in support of critical infrastructure or NCFs are strongly encouraged to review and implement recommended actions.  

See Original Post

Reposted from MAAM

2025 Building Museums Symposium March 5-7, 2025

Registration Is Open

Early-bird rates for conference registration begin now through February 2, 2025. Register today to get these reduced conference rates!

Building Museums™ is a national symposium on the process, promise, and pitfalls of planning and managing museum building projects.

This symposium is for architects, museum leaders, planners, project managers, technical experts, and all professionals who plan or implement new construction, renovation, preservation, or expansion projects for museums. American Institute of Architects (AIA) continuing education credits are available at this conference. Engaging sessions and speakers, pre-conference tours, receptions, and the highly acclaimed Ready, Aim, Build Workshop- geared towards museum professionals curious about starting a building project- are all available to round out the experience.

See Original Post

Reposted from AASLH

Activating Environmental Care and Strength at Museums and Historic Sites

Virtual Summit January 28-29, 2025

Environmental and climate sustainability are becoming increasingly important and urgent. This virtual summit will address how museums and historic sites are impacted by the environment and contribute to greater environmental sustainability. The summit will explore these topics from a variety of viewpoints.

Attend the summit to learn:

• Effective ways to communicate with the public about climate and the environment.
• Examples of how historic sites are becoming more sustainable.
• Tips on how to prepare your organization for a disaster and how to respond.
• Interpretation of the environment and educational programming at museums and historic sites.

Sarah Sutton, the CEO of Environment & Culture Partners and an expert on how the environment intersects with museums, will give the opening keynote. The summit will conclude with a panel discussion about how people are working to preserve the environment and historic sites and communities in Louisiana.

In addition, there will be time on both days for you to meet your peers from across the country. You’ll be able to discuss what you’ve learned and share what your museum or historic site is doing or might do to strengthen environmental sustainability.

This virtual summit is organized by the AASLH Climate and Sustainability Committee. The committee is sponsored by Lyrasis.

See Original Post

Reposted from CISA/DHS

We are pleased to share the 2024 CISA Year in Review, which invites readers to learn about CISA’s work over the past year and dive deeper into each topic through related links and videos. We are grateful to all our partners across industry, government at all levels, international partners, and beyond, whose strong collaboration contributed to a wide array of achievements across CISA’s broad cybersecurity, infrastructure security, and emergency communications missions.

Just a few of our efforts over the year include:

• Delivered almost 1,300 cyber defense alerts, advisories, and products, including 58 joint-sealed cybersecurity advisories and co-sealed products through the Joint Cyber Defense Collaborative (JCDC).
• Blocked 1.26 billion malicious connections targeting federal agencies, disrupting a significant number of attempted attacks.
• Hosted the federal government’s first tabletop exercise on AI cybersecurity incidents.
• Kept the nation’s emergency responders connected during crises with more than 31,000 new subscribers to the Government Emergency Telecommunications Service (GETS) and more than 247,000 new subscribers added to the Wireless Priority Service (WPS).
• Worked with election officials and other members of the elections subsector to protect our elections.
• Conducted 27 security exercises for K-12, with 1,441 participants, including a full-scale active shooter exercise in Fauquier County, VA with over 400 participants.
• Launched a Secure by Design pledge to gain commitments from more than 250 companies to build security into product design.
• Released the “We Can Secure Our World” public service announcement to educate and empower individuals to take proactive steps to be more secure online.
• Mitigated cyber threats from nation-state backed cyber actors from China, Russia, North Korea and Iran.
• Held Cyber Storm IX, the most extensive government-sponsored cybersecurity exercise of its kind, which brought together over 2,200 participants from 35 federal agencies, 13 states, over 100 private companies representing 12 critical infrastructure sectors, and 11 partner nations to simulate discovery of and response to a significant cyber incident impacting the Nation’s critical infrastructure.
• Completed over 9,400 stakeholder engagements with target-rich sector partners with government and private sector participants in 2024—including assessments, trainings, and sharing critical threat information.
• Conducted 3,368 Pre-Ransomware Notifications since the inception of the initiative two years ago, with 2,131 conducted this year as of November 2024.
• Used our Administrative Subpoena authorities, granted by Congress in the 2021 NDAA, to identify and drive mitigation of over 1,200 vulnerable devices used to control critical infrastructure like power plants and water utilities.
• Through our Vulnerability Disclosure Platform, legitimate security researchers enabled agency remediation of over 861 vulnerabilities this year, before they could be exploited by malicious actors and bringing the total to over 3,247 vulnerabilities since 2021.
• Made it easier to voluntarily report cyber incidents by moving our cyber incident reporting form to the agency’s new and enhanced secure CISA Services Portal, providing increased functionality, including integration with login.gov credentials.
• Developed a voluntary cyber incident reporting resource page listing the benefits of reporting along with an animation, steps to make sure you have the right information on hand, and additional resources to boost cybersecurity.
• Realized a significant milestone on the road to a permanent, unified headquarters facility when GSA awarded a fully funded, approximately $524 million building construction contract for CISA’s new headquarters on the Department of Homeland Security’s St. Elizabeth’s campus.
• Advanced Unity and Resilience this year, which contributed to our goal of a people-first culture of excellence and helped achieve our highest engagement and inclusion scores in CISA history.
• …. And so much more!

The 2024 Year in Review is in an easy-to-use, interactive web-based format that invites readers to learn about the agency’s work over the past year and dive deeper into each topic through links and videos. 

See Original Post

Reposted from CISA/DHS

The Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive (BOD) 25-01, Implementing Secure Practices for Cloud Services to safeguard federal information and information systems. This directive requires federal civilian agencies to identify specific cloud tenants, implement assessment tools, and remediate deviations from CISA’s Secure Cloud Business Applications secure configuration baselines. Recent cybersecurity incidents highlight the significant risks posed by misconfigurations and weak security controls, which attackers can use to gain unauthorized access, exfiltrate data, or disrupt services. As part of CISA and the broad U.S. government's effort to move the federal civilian enterprise to a more defensible posture, this Directive will further reduce the attack surface of the federal government networks. While this Directive only applies to federal civilian executive branch agencies, the threat to cloud environments extends to every sector. We are urging all organizations to adopt this guidance. When it comes to reducing cyber risk and ensuring resilience, we all have a role to play. 

See Original Post

Reposted from CISA/DHS

The Cybersecurity and Infrastructure Security Agency (CISA) published Mobile Communications Best Practices Guidance which provides individuals, especially highly targeted individuals, with practices they can apply to their mobile communications to protect against exploitation by People’s Republic of China (PRC)-affiliated and other cyber threat actors. “Highly targeted” individuals are senior government or senior political figures who likely possess information of interest to these threat actors. Recently, PRC-affiliated actors were identified conducting cyber espionage activity targeting commercial telecommunications infrastructure. This activity enabled the theft of customer call records and the compromise of private communications for a limited number of highly targeted individuals. Communications infrastructure organizations were encouraged to strengthen their visibility and harden their network devices. Recommended actions in the mobile communications guidance for individuals to apply include end-to-end encryption, Fast Identity Online, password manager and Telco Personal Identification Number. The guidance also recommends individuals do not use personal virtual private network and migrate away from Short Message Service-based multifactor authentication. This guidance includes specific recommendations for iPhone and Android mobile devices.  While no single solution eliminates all risks, implementing these best practices significantly enhances protection. CISA urges individuals, specifically highly targeted individuals, to immediately review and apply recommended best practices in this guidance.