NJOHSP Spring Interfaith Meeting Highlights Threat Environment, NJ STAT and Emergency Action Plans; Additional Funding Announced for NJ’s School Mapping Security Initiative; Latest Attempts to Bypass Biometric Authentication Methods; Western Intel Reports Chinese Hackers Spying on Critical U.S. Infrastructure

The New Jersey Office of Homeland Security and Preparedness hosted its spring Interfaith Advisory Council meeting May 24 at Monmouth University, where NJOHSP staff discussed the 2023 Threat Assessment, current cybersecurity risks, the New Jersey Statewide Threat Assessment Team and Emergency Action Plans now required for the state’s houses of worship. NJOHSP Director Laurie Doran opened the event, noting that while there are no credible or known threats to New Jersey at this time, the public should remain vigilant, especially as the warmer weather and the state’s tourist season approaches. NJOHSP's Intelligence and Operations Bureau team outlined for attendees NJ STAT, a new multiagency, multidisciplinary approach aimed at countering targeted violence by creating off ramps to mental healthcare and other services for at-risk individuals. Staff from NJOHSP’s Preparedness Division also provided an overview of Emergency Action Plan mandates, which stem from new legislation that will take effect June 1. The legislation will require places of worship capable of seating more than 500 people to prepare and maintain annually an emergency operations plan in coordination with local fire, law enforcement and emergency response agencies. 

Individuals interested in joining the IAC can apply for membership at njohsp.gov/interfaith

Gov. Phil Murphy announced May 22 that New Jersey’s school mapping project, a statewide initiative to collect and digitize blueprints of the state’s public and private schools to improve security and crisis response, will receive an additional $5.79 million in federal funding. In August 2022, after the State received an initial $6.5 million in federal funds for the project, Gov. Murphy signed legislation requiring New Jersey’s approximately 3,000 kindergarten through 12^th grade schools to submit their mapping data to local law enforcement agencies. “In the face of our country’s ongoing epidemic of gun violence, both in and out of schools, this information is unfortunately yet undeniably necessary to help ensure the safety of our students and educators,” Gov. Murphy said. “This additional investment will advance our state’s ongoing efforts to map every school throughout New Jersey to equip law enforcement personnel with the information they need to rapidly respond in the event of a crisis in order to keep our children safe.” Accurate and uniform maps help law enforcement swiftly and effectively respond to emergencies in unfamiliar environments. The New Jersey State Police used the initial funding to contract with a vendor to collect the updated school maps and upload the electronic format of that information to a database. “The allocation of additional funding toward the statewide school mapping security initiative will aid in building preparedness throughout our region by utilizing modern technology to enhance coordination and security across New Jersey’s schools,” said New Jersey Office of Homeland Security and Preparedness Director Laurie Doran. “I applaud the governor for prioritizing the safety of our school communities as NJOHSP continues to support these efforts through collaboration and information sharing.” Since 1999, there have been at least 380 school shootings throughout America – with 46 school shootings taking place last year alone.

Security researchers have discovered a new cyber attack that can defeat biometric fingerprint checks and log into and authorize payments on a user’s Android smartphone. Using a method dubbed BrutePrint, researchers exploited two zero-day vulnerabilities in the smartphone fingerprint authentication framework to bypass login attempt limits on Android devices. Fingerprint biometrics use a person’s unique fingerprint to verify their identity, which is typically more secure than traditional forms of multi-factor authentication. However, threat actors continue their efforts to spoof biometric identifiers, bypass authentication and impersonate individuals to gain unauthorized access to systems and devices. The New Jersey Cybersecurity and Communications Integration Cell recommends users keep systems up to date, maintain unique passwords for each account and enable MFA when possible. Users are further advised to refrain from posting sensitive information and images online to reduce their digital footprint.

More information can be found on the NJCCIC’s website.

On May 24, Western intelligence agencies and Microsoft confirmed that a state-sponsored Chinese hacking group is spying on a wide range of U.S. critical infrastructure organizations from telecommunications to transportation hubs, according to media reports. The hackers are also targeting the U.S. territory of Guam, home to strategically important American military bases. This is the largest known Chinese cyber-espionage campaign against American critical infrastructure, analysts said. The number of organizations affected is not yet known, but the U.S. National Security Agency is reportedly working with the FBI, Canada, New Zealand, Australia and the United Kingdom to identify potential breaches. Microsoft analysts said they are moderately confident the Chinese group, Volt Typhoon, is developing capabilities that could disrupt critical communications infrastructure between the U.S and Asia region during future crises. A Chinese foreign ministry spokesperson denied the allegations, but analysts said the activity is concerning because they are not yet certain of Volt Typhoon’s capabilities. NSA Cybersecurity Director Rob Joyce said the Chinese campaign is using "built-in network tools to evade our defenses and leaving no trace behind." Such techniques are harder to detect as they use "capabilities already built into critical infrastructure environments,” he added.