In this Edition:
- Report a Cybersecurity Incident
- April is Emergency Communications Month
- Secure by Design and Secure by Default
- Save the Date! Webinar: Is This Thing On? Using Backup Communications Systems to Ensure Mission Readiness
- April is National Supply Chain Integrity Month
- DHS Secretary Mayorkas and CISA Leaders Meet with Agudath Israel of America
- CISA Partners with State Emergency Managers to Host Landmark Mass Casualty Recovery Event
- CISA’s Virtual Mini-Industry Day
- CISA Infrastructure Security Division (ISD) Industry Day 2023
- 2023 Chemical Security Summit
- Quarterly ChemLock Trainings
- Interagency Security Committee publishes Federal Mobile Workplace Security: An Interagency Security Committee Best Practice, 2023 edition
- Cyber Defense Education and Training (CDET) Offerings for April – May 2023
Report a Cybersecurity Incident: Report anomalous cyber activity and/or cyber incidents 24/7 to report@cisa.gov or (888) 282-0870.
Contact Us: https://www.cisa.gov/about/contact-us
April is Emergency Communications Month
This April, the Cybersecurity and Infrastructure Security Agency (CISA) is celebrating its second annual Emergency Communications Month in honor of the nation’s emergency responders and communicators. CISA will also celebrate National Public Safety Telecommunicators Week (NPSTW), which is held each year during the second week of April to honor telecommunications personnel for their commitment, service, and sacrifice.
A key part of this year’s efforts, is empowering emergency communications partners to ensure they have access to free priority communication services available through CISA. No matter the industry, it is imperative to have the means to communicate during times of importance. CISA’s Priority Services allow for communication with priority capability when networks are degraded or congested. These priority services include:
-
Government Emergency Telecommunications Service (GETS) – covering wireline communications
-
Wireless Priority Service (WPS)– covering wireless communications
-
Telecommunications Service Priority (TSP)– covering repair and installation of critical voice and data circuits or IP-based services
Visit Emergency Communications Month to learn more and Priority Communications Services to ensure you have CISA’s free priority services.
Secure by Design and Secure by Default
On April 13, CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the cybersecurity authorities of Australia, Canada, United Kingdom, Germany, Netherlands, and New Zealand (CERT NZ, NCSC-NZ) published Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default. This joint guidance encourages software manufacturers to take urgent steps necessary to ship products that are secure-by-design and -default.
This first-of-its-kind guidance is intended to catalyze progress toward further investments and cultural shifts necessary to achieve a safe and secure future. In addition to specific technical recommendations, this guidance outlines several core principles to guide software manufacturers in building software security into their design processes prior to developing, configuring, and shipping their products.
With this joint guide, the authoring agencies seek to progress an international conversation about key priorities, investments, and decisions necessary to achieve a future where technology is safe, secure, and resilient by design and default.
Additionally, CISA launched its Secure by Design, Secure by Default webpage with the latest resources, news, information on the importance of prioritize product safety in order to build a secure and resilient technology ecosystem.
|
Save the Date! Webinar: Is This Thing On? Using Backup Communications Systems to Ensure Mission Readiness
Join CISA’s Emergency Communications Division for a webinar on collaborative planning approaches and best practices for establishing and testing interoperable backup capabilities. During this webinar, learn about actions your organization can take to implement the National Emergency Communications Plan and improve the resiliency of your backup systems.
Date: April 26, 2023 Time: 1:00 pm - 2:00 pm ET
April is National Supply Chain Integrity Month
CISA is celebrating its 6th annual National Supply Chain Integrity Month. Supply chain integrity is a top priority for CISA, and this year’s theme “Recipe for Resilience,” is a call to action for stakeholders and partners to apply a comprehensive supply chain risk management (SCRM) approach to secure the nation’s critical supply chains.
Throughout April, CISA is promoting resources, tools, and information, including those developed by the public-private ICT Supply Chain Risk Management (SCRM) Task Force, to help organizations and agencies integrate SCRM into their security posture. CISA’s themes for each week include:
-
Week 1: Recipe for Resilience: Knowing the Essentials,
-
Week 2: Shop Small: Resources for Small and Medium Sized Businesses,
-
Week 3: Cooking with Quality: Vendor/Supplier Trustworthiness, and
-
Week 4: Don’t Poach Your Luck: Common Supply Chain Threats
To view, download, and share these resources, please visit: CISA.gov/supply-chain-integrity-month.
DHS Secretary Mayorkas and CISA Leaders Meet with Agudath Israel of America
On March 15, 2023, CISA Executive Assistant Director Dr. David Mussington and representatives from DHS met with Agudath Israel of America during their 2023 National Leadership Mission to Washington. Agudath Israel of America, founded in 1922, is the umbrella organization representing the Orthodox Jewish community in the United States. Their National Leadership Mission to Washington brought together 50 members of the Board of Trustees and Orthodox activists to hear remarks from DHS Secretary Mayorkas regarding DHS’ efforts to stop antisemitism. Participants and discussions included a wealth of CISA resources that can be applied to enhance the security and resilience of faith-based organizations, including translated materials and security self-assessment tools.
|
CISA Partners with State Emergency Managers to Host Landmark Mass Casualty Recovery Event
On March 16, 2023, CISA partnered with the Oregon Office of Emergency Management and the Idaho Department of Emergency Management to host the first in a nine-month series of Mass Casualty Recovery virtual seminars titled, Mass Casualty Impact and Recovery. This series brings together private sector stakeholders, many of whom experienced an active shooter incident at their location, and examines how businesses can better prepare for, respond to, and recover from active shooter and other mass casualty events.
This first 90-minute webinar included more than 550 participants, from 49 States, and 26 countries, including national business owners and operators, and government representatives sharing best practices, providing valuable lessons learned, and planning resources and tools to assist with mass casualty impact and recovery. Learn more about CISA's Active Shooter Preparedness and Recovery resources.
Date
|
Topic
|
Apr. 20
|
It’s a Crime Scene – Addressing Immediate Needs
|
May 18
|
Establishing Crisis Communications for Media Response
|
Jun. 15
|
When the Crime Tape Comes Down: Providing Immediate Crisis Support
|
Jul. 20
|
Reopening and Resuming Operations
|
Aug. 17
|
The Immediate Aftermath: What Short Term Recovery Looks Like
|
Sep. 21
|
Negotiating Mid to Long Term Recovery
|
Oct. 19
|
Post Incident Scams and Fraud
|
Nov. 16
|
Civil and Criminal Judicial Process
|
Related Press / News Articles
(article and live news cast) OR launches seminar series on mass casualty impact, recovery (koin.com)
Be Prepared: Helping businesses prepare for mass casualty events | News | currypilot.com
Be Prepared: Helping businesses prepare for mass casualty events | News | thechronicleonline.com
Be Prepared: Helping businesses prepare for mass casualty events | News | thenewsguard.com
Be Prepared: Helping businesses prepare for mass casualty events | News | cannonbeachgazette.com
CISA’s Virtual Mini-Industry Day
CISA is holding virtual mini-Industry Day events throughout this year. These events will allow CISA and industry to have meaningful discussions about cybersecurity capabilities, challenges, top priorities, requirements, and technologies as well as future business opportunities.
Checkout the CISA FY23 Virtual Industry Day upcoming events on the Doing Business with CISA webpage at CISA.gov/doing-business-cisa (dates subject to change)
Save the Date!
If you have questions about CISA partnership opportunities or would like to tell us about your capabilities, please email CISAVendorEngagement@cisa.dhs.gov.
|
CISA Infrastructure Security Division (ISD) Industry Day 2023
In its ongoing efforts to engage closely with Industry, CISA’s Industry Day Events will provide insight into CISA’s current and future challenges. These events will be an important tool to stimulate dialogue in cybersecurity and critical infrastructure-related topics impacting CISA. CISA plans to accomplish the following goals during the Industry Day events:
- Provide current information about the CISA missions and capabilities.
- Obtain a better understanding of recent industry developments related to CISA.
- Strategies to effectively communicate with industry.
- Collaborate with industry on how to better do business with CISA.
Virtual Industry Day scheduled presentation for Main Event on April 25th, 2023:
- The CISA Infrastructure Security Division (ISD) is a division within the Cybersecurity and Infrastructure Security Agency (CISA). ISD leads and coordinates national programs and policies on critical infrastructure issues and has established strong partnerships across government and the private sector. The division conducts and facilitates vulnerability and consequence assessments to help critical infrastructure owners and operators and State, local, tribal, and territorial partners understand and address risks. ISD provides information on emerging threats and hazards so that appropriate actions can be taken. The office also offers tools and training to partners to help them manage the risks to their assets, systems, and networks. Learn more about critical infrastructure. Chemical Security Standards. ISD oversees the Department's Chemical Facility Anti-Terrorism Standards (CFATS), which establishes risk-based performance standards for the security of the nation's high-risk chemical facilities.
Multiple Individual Breakout sessions are planned. Please check out Eventbrite registration for final dates and times:
- April 26th at 11:00 AM, 1:00 PM and 2:30 pm, EDT
- April 27th at 11:00 AM EDT
Please check out Doing Business with CISA @ https://www.cisa.gov/doing-business-cisa for more information.
REGISTRATION:
Registration is required for each attendee. Industry partners are limited to no more than three (3) individuals per company.
If you are interested in attending the Virtual Industry Day, please register at the below link no later than April 24, 2023, at 5:00 pm EDT. Reservations through any other means will not be accepted or allowed. Please register as soon as possible. A follow up email will be sent after the registration closing date to confirm your registration status as confirmed or waitlisted. CISA Infrastructure Security Division (ISD) Industry Day 2023 Tickets, Tue, Apr 25, 2023 at 1:00 PM | Eventbrite
CISA Hosts Chemical Security Summit 2023
August 29-31, 2023
Save the date! CISA will host the 2023 Chemical Security Summit virtually and in-person August 29-31, 2023, in Northern Virginia. The Summit is free to attend and open to the public.
Join participants from across a spectrum of sectors—including chemical, energy, communications, transportation, and water—to hear the latest program and regulatory updates, share perspectives and lessons learned, and engage in dialogue regarding chemical security.
- When: August 29-31, 2023
- Where: Northern Virginia and Microsoft Teams
- Venue will be announced with registration in the coming weeks
- Links for virtual attendees will be sent out closer to the Summit date
- Who should attend:
- Chemical and related industry stakeholders
- Corporate and facility security officers
- Environment, health, and safety professionals
Please note there is no fee to attend this event.
Registration, provisional agenda, and further information will be available in the coming weeks on the Chemical Security Summit webpage. For more information, please email us at ChemicalSummitReg@hq.dhs.gov.
We look forward to seeing you in person or virtually at the 2023 Chemical Security Summit.
Quarterly ChemLock Trainings
ChemLock: Introduction to Chemical Security
This course provides an introduction to identifying, assessing, evaluating, and mitigating chemical security risks. This easy-to-understand overview identifies key components and best practices of chemical security awareness and planning to help kickstart chemical security discussions at your facility.
Save the Date! This course runs one to two hours in length and is appropriate for all personnel regardless of their level of involvement with dangerous chemicals.
ChemLock: Secure Your Chemicals Security Planning
This course walks through how to create a tailored, scalable security plan that meets the business model and unique circumstances of a facility. Participants will learn the key elements of a chemical security plan and benefit from examples, lessons learned, and best practices.
Save the Date! This course runs 2-3 hours in length and is designed to help leadership, facility security personnel, and other applicable personnel understand, develop, and implement a facility security plan.
For more information or to request a specific training for your facility, please visit the ChemLock Training webpage.
New ChemLock Resources
Facilities with dangerous chemicals face a variety of potential natural and man-made threats such as cyberattacks, intruders, active assailants, explosive devices, drones, power loss, and more. CISA works with facilities to approach chemical security holistically so facility owners and operators can choose effective, cost-efficient security measures. Learn more with this new infographic: Secure Your Chemicals: Potential Threats.
The ChemLock overview fact sheet is now available in Spanish, making information about ChemLock’s tools and services accessible to a broader audience. Check out ChemLock Overview Fact Sheet
La hoja informativa general de ChemLock ya está disponible en español, lo que hace que la información sobre las herramientas y servicios de ChemLock sea accesible al público más amplio. Ver Resumen de CISA ChemLock.
Interagency Security Committee publishes Federal Mobile Workplace Security: An Interagency Security Committee Best Practice, 2023 edition
The Interagency Security Committee (ISC) has published Federal Mobile Workplace Security: an Interagency Security Committee Best Practice, 2023 edition. This document offers organizations new and relevant guidance on physical and cyber security considerations for teleworking at home, in public and in alternative workplace environments, while addressing continuity planning that can be augmented by teleworking options. The COVID-19 pandemic resulted in an almost immediate move by federal employees to telework and remote work in early 2020.
The ISC, recognizing the necessity for updated and enhanced guidance, formed a new working group to review the best practices related to an increasingly mobile federal workplace. Given the ISC’s diverse membership, the working group drew upon a variety of subject matter experts to consolidate federal mobile workplace security material into a single best practices document.
This new publication, along with other ISC resources, can be found on the ISC website at: ISC Publications | CISA.edit this placeholder text.
Cyber Defense Education and Training (CDET) Offerings for April
CDET Mission
|
CDET Vision
|
Address today’s cyber workforce challenges through innovative education and training opportunities
|
Lead and influence national cyber training and education to promote and enable the cyber-ready workforce of tomorrow
|
To subscribe to the Cyber Training Bulletin, contact CDET: Education@cisa.dhs.gov
|
Highlights: What You Want to Know
§ In April and May, U.S. Executive Branch employees and contractors can participate in eleven CDM Dashboard courses, including the new CDM and Federal Mandates-Featuring how to use the CDM Dashboard to enable automated BOD-22-01 Reporting course. This course presents information regarding current federal cybersecurity directives, mandates and policies, and how they can be supported by the CDM Agency Dashboard. Featured prominently will be details on how to use the CDM Dashboard to enable automated BOD-22-01 Reporting.
|
|
Incident Response (IR): This free training series includes 100-level webinars for a general audience which are cybersecurity topic overviews that provide core guidance and best practices to make your network more resilient to attacks. It also includes 200-level Cyber Range Training courses for government employees and contractors across Federal, State, Local, Tribal, and Territorial government, educational partners, and critical infrastructure partners. These Cyber Range Trainings provide guided step-action labs to learn and practice investigation, remediation and incident response skills. Additionally, we are in the process of changing the registration period from opening one month before the course date to opening two months before the course date.
IR Training Events through May 2023
|
Date
|
Course Code
|
Registration Opens
|
Course
|
Hours
|
04/18/2023
|
IR208
|
03/20/2023
|
Indicators of Compromise
|
4
|
04/27/2023
|
IR206
|
03/27/2023
|
Preventing DNS Infrastructure Tampering
|
4
|
05/02/2023
|
IR105
|
04/03/2023
|
Preventing Web and Email Server Attacks
|
1
|
05/11/2023
|
IR210
|
04/11/2023
|
Introduction to Log Management
|
4
|
05/18/2023
|
IR110
|
04/18/2023
|
Introduction to Log Management
|
1
|
05/23/2023
|
IR204
|
04/24/2023
|
Defending Internet Accessible Systems
|
4
|
To learn more or register visit: https://www.cisa.gov/incident-response-training
|
Industrial Control Systems (ICS): We offer free, virtual ICS trainings geared toward Critical Infrastructure owners and operators. The trainings are designed to reduce cybersecurity risks to critical infrastructure and encourage cooperation between CISA and the private sector. Trainings vary in length and run from 8:00 a.m. – 5:00 p.m. MDT (10:00 a.m. – 7:00 p.m. EDT). All trainings are conducted through Online Training or CISA Virtual Learning Portal (VLP), with the exception of the three- or four-day, in-person courses at Idaho National Labs (INL) in Idaho Falls, ID.
ICS Training Events through May 2023
|
Date
|
Course Code
|
Course
|
Location
|
04/25/2023-04/27/2023
|
401L
|
Industrial Control Systems Evaluation Training – In-Person 3 Days
|
IN-PERSON TRAINING (3 days)
|
05/01/2023-05/19/2023
|
401v
|
Industrial Control Systems Evaluation (401v)
|
Scheduled Online Training
|
05/01/2023-05/19/2023
|
301v
|
Industrial Control Systems Cybersecurity (301v)
|
Scheduled Online Training
|
05/15/2023-05/18/2023
|
301L
|
Industrial Control Systems Cybersecurity Training – In-Person 4 Days
|
IN-PERSON TRAINING (4 days)
|
05/23/2023-05/25/2023
|
401L
|
Industrial Control Systems Evaluation Training – In-Person 3 Days
|
IN-PERSON TRAINING (3 days)
|
On Demand
|
100W
|
Operational Security (OPSEC) for Control Systems
|
CISA Training Virtual Learning Portal (VLP)
|
On Demand
|
210W-1
|
Differences in Deployments of ICS
|
CISA Training Virtual Learning Portal (VLP)
|
On Demand
|
210W-2
|
Influence of Common IT Components on ICS
|
CISA Training Virtual Learning Portal (VLP)
|
On Demand
|
210W-3
|
Common ICS Components
|
CISA Training Virtual Learning Portal (VLP)
|
On Demand
|
210W-4
|
Cybersecurity within IT & ICS Domains
|
CISA Training Virtual Learning Portal (VLP)
|
On Demand
|
210W-5
|
Cybersecurity Risk
|
CISA Training Virtual Learning Portal (VLP)
|
On Demand
|
210W-6
|
Current Trends (Threat)
|
CISA Training Virtual Learning Portal (VLP)
|
On Demand
|
210W-7
|
Current Trends (Vulnerabilities)
|
CISA Training Virtual Learning Portal (VLP)
|
On Demand
|
210W-8
|
Determining the Impacts of a Cybersecurity Incident
|
CISA Training Virtual Learning Portal (VLP)
|
On Demand
|
210W-9
|
Attack Methodologies in IT & ICS
|
CISA Training Virtual Learning Portal (VLP)
|
On Demand
|
210W-10
|
Mapping IT Defense-in-Depth Security Solutions to ICS - Part 1
|
CISA Training Virtual Learning Portal (VLP)
|
On Demand
|
210W-11
|
Mapping IT Defense-in-Depth Security Solutions to ICS - Part 2
|
CISA Training Virtual Learning Portal (VLP)
|
On Demand
|
FRE2115
|
Industrial Control Systems Cybersecurity Landscape for Managers
|
CISA Training Virtual Learning Portal (VLP)
|
To learn more or sign up, visit: https://www.cisa.gov/ics-training-calendar
|
|
*The following virtual courses are prerequisites to attending in-person 301 and 401 trainings hosted by CISA at the Idaho National Laboratory:
- ICS 301v: Focuses on understanding, protecting and securing ICS from cyberattacks.
- ICS 401v: Focuses on analyzing and evaluating an ICS network to determine its defense status and what changes need to be made.
|
CISA’s Cybersecurity Workforce Training for Underserved Communities and CyberWarrior: CISA’s non-traditional training program grantee, CyberWarrior, increases opportunity and economic mobility for people of all backgrounds through training, mentorship, and technology. Through its CyberWarrior Academy, it delivers hands-on, intensive, lab-driven technical training in cybersecurity methods and procedures.
CISA’s K – 12 Cybersecurity Education Training Assistance Program (CETAP): Through CISA’s CETAP grantee, CYBER.ORG, we offer K-12 teachers with cybersecurity curricula and education tools. CYBER.ORG develops and distributes free cybersecurity, Science, technology, engineering, and mathematics (STEM) and computer science curricula to K-12 educators across the country. Below are upcoming training events through CYBER.ORG.
|
|
The CISA Community Bulletin is a monthly publication that shares cybersecurity webinars and workshops, new publications, and best practices.
To access past editions of this CISA Community Bulletin newsletter, please visit the CISA Community Bulletin archive
|