CISA Community Bulletin April 2024

CISA in partnership with U.S. and international government agencies published a Joint Cybersecurity Advisory (CSA) on malicious activity by the People’s Republic of China (PRC) state-sponsored cyber actor, known as Volt Typhoon, to compromise critical infrastructure and associated actions that should be urgently undertaken by all organizations.

CISA and its U.S. Government partners have confirmed that PRC state-sponsored cyber actors have compromised entities across critical infrastructure sectors, including communications, energy, transportation, and water, in the United States and its territories. The data, gathered by CISA and its U.S. Government partners, suggests the PRC is preparing for destructive cyber-attacks, posing a threat to American’s safety and military readiness in the event of a major crisis or conflict with the United States.

In addition to the joint Cybersecurity Advisory, CISA and our partners also released complementary Joint Guidance to assist all organizations in effectively detecting and hunting for sophisticated techniques used by actors such as Volt Typhoon, known as “living off the land.” In recent years, there has been a strategic shift in PRC cyber threats activity from espionage to preparing for disruptive cyber-attacks against U.S. critical infrastructure. PRC cyber actors employ “living off the land” techniques to blend in with normal system and network activities, evade detection by network defenses, and minimize activity captured in common logging configurations.  

The joint CSA is based primarily on technical insights gleaned from CISA and industry response activities at victim organizations within the United States, primarily in communications, energy, transportation, and water and wastewater sectors. Our complementary Joint Guidance is derived from those insights as well as previously published products, red team assessments, and industry partners.

For more information, visit People's Republic of China Cyber Threat.

The Homeland Security Grant Program (HSGP) uses monies received through FEMA-funded awards towards the organization and support of HSIN user communities and information sharing activities. The list below includes a description of funding types and how these funds can be used to support participation in HSIN:

• HSIN Community Development
• Information Sharing and Operational Coordination Enhancement
• Training
• Limited Travel

HSIN is the Department of Homeland Security's official system for trusted information sharing of Sensitive But Unclassified information between federal, state, local, tribal, territorial, international and private sector partners. Organizations also use HSIN to plan for and communicate in real-time during major events, exercises and incidents. HSIN supports information sharing across multiple mission areas including, but not limited to, law enforcement, emergency management and emergency services, infrastructure protection, intelligence, and cybersecurity. tps://www.dhs.gov/homeland-security-information-network-hsinhttps://www.dhs.gov/homeland-security-information-network-hsin. 

HSIN provides valuable services for secure and trusted information sharing among homeland security user communities to collaborate on issues and operations. HSIN is a distribution channel for homeland security reports and information, as well as the conduit for information for the National Operations Center. HSIN serves as a central access point for homeland security data, and is the virtual hub for the National Network of Fusion Centers

To learn how the HSGP uses monies received through FEMA-funded awards, please see the information available at Homeland Security Grant Program.

For more information about HSIN and HSGP guidance for HSIN, visit: HSIN HSGP Guidance | Homeland Security (dhs.gov)

CISA, Federal Bureau of Investigation (FBI), the U.S. Election Assistance Commission (EAC), and the United States Postal Inspection Service (USPIS) published Election Mail Handling Procedures to Protect Against Hazardous Materials. This resource helps officials understand safe mail handling procedures and provides guidance on responding to potential hazardous materials exposure.  

Over the past two decades, U.S. government offices and employees have been the target of multiple incidents using letters containing hazardous materials, including suspicious letters mailed to election offices in California, Georgia, Nevada, Oregon, and Washington in 2023. Since mail is a key component of both standard office operations and mail balloting across the country, this guidance document provides information for election offices on how to identify and handle potentially suspicious mail and respond to potential hazardous materials exposure while handling suspicious mail. The guide also provides specific information on how to protect against the three hazardous powders of greatest concern, fentanyl, anthrax, and ricin, in addition to more routine mail hazards. 

“CISA is proud to stand shoulder to shoulder with state and local election officials who face a complex threat environment,” said CISA Director Jen Easterly. “Today’s guidance on safe mail handling procedures will help election officials and others on the frontlines of our democracy take steps to protect themselves and their personnel from hazards sent through the mail.  We will continue to work with our partners to ensure election officials have the information and resources they need to run a safe, secure and resilient election.” 

To learn more, visit Election Mail Handling Procedures to Protect Against Hazardous Materials on CISA.gov. 

To read the full news release article, visit CISA, FBI, EAC and USPIS Release Election Mail Handling Procedures to Protect Against Hazardous Materials | CISA

CISA's staff met with a number of mayors and city officials as they participated in the National League of Cities Congressional Cities Conference the week of March 10. Partnerships Branch Chief Bob Nadeau spoke with the IT & Communications Committee about Secure Our World, and CISA priorities election security, AI, Secure by Design, threats posed by nation state actors, and how cities can engage with regional offices for products and services to better prepare them for cyber threats.

The Partnerships team also hosted a federal office hours table for city officials to connect with the team about information on HQ and regional resources. CISA Emergency Communications Division staff was also in attendance to share information on our communications products and resources available in the regions.  

CISA Region 10 Regional Director Pat Massey spoke recently at the Big City Emergency Managers Winter meeting and engaged with emergency managers in important discussions on the current threat environment, CISA regional resources available to emergency managers, how CISA is engaging on Secure by Design principles with the IT industry and efforts to ensure election security, and protection of other critical infrastructure.

Emergency managers expressed concern to RD Massey and Strategic Relations Partnerships Branch Chief Bob Nadeau, about the growing use of AI, how cyber threats could impact critical infrastructure in their communities, escalation of global conflicts and how more threats are being sent to emergency management to deal with. RD Massey provided timely information on how BCEM and their members can work with regions to prepare for incidents and increase awareness and capabilities through training, products and resources.

As new and emerging technologies continue to grow, so do the opportunities for local governments to enhance services to their communities. Artificial Intelligence (AI) is one of those new technologies that offers new opportunities for innovation but also carries potential risks. The International City/County Management Association (ICMA) is a leading association of local government professionals dedicated to creating and supporting thriving communities and seeks to identify and speed the adoption of government practices to improve the lives of residents. ICMA invited CISA Strategic Technology Branch Chief Martin Stanley to speak to its members on April 10 at its Local Government Reimagined Conference, on how to leverage AI and discuss approaches to governing, mapping, measuring, and managing benefits and risks of AI to cities, towns and counties. Through this discussion local officials will learn to identify opportunities for AI adoption; make benefit-risk determinations for AI systems; and identify, measure, and manage AI risks. This is another way that CISA is supporting efforts by local governments to improve services while balancing the risks and challenges of new technologies.

CISA partnered with the Open Source Security Foundation (OpenSSF) Securing Software Repositories Working Group to publish the Principles for Package Repository Security framework. Open source software is part of the foundation of the digital infrastructure we all rely upon and is widely used across the federal government and every critical infrastructure sector. As America’s Cyber Defense Agency, CISA works to understand and reduce cyber threats to the federal government and critical infrastructure. Ensuring secure open source software is a critical part of this effort.

CISA’s new enduring cybersecurity program, Secure Our World, encourages individuals and families; small and medium-sized businesses; and technology manufacturers, among others, to take simple steps to stay safe and secure online:

• Use strong passwords and a password manager
• Turn on multifactor authentication
• Recognize and report phishing
• Update software

To make it easy to get the word out, we released the first ever CISA Public Service Announcement and created a host of other easy to use resources, including animated videos about the four ways to stay safe online, tip sheets translated into various languages, and more!

CISA along with DHS, the Department of Justice, the Federal Bureau of Investigation, the United States Postal Inspection Service, and the Office of the Director of National Intelligence, released a new fact sheet to help state and local officials mitigate election security challenges as part of #Protect2024. This fact sheet provides state and local officials with vital information and resources to securely conduct election functions. 

Ensuring the safety of our schools lies at the heart of our CISA mission, and one of our most impactful endeavors in this regard is SchoolSafety.gov.  This platform serves as a comprehensive repository of federal and state resources, programs, tools, and actionable recommendations on a range of school safety topics. CISA works alongside the U.S. Department of Education, U.S. Department of Health and Human Services, U.S. Department of Homeland Security, and U.S. Department of Justice to carry out the work of SchoolSafety.gov and make our schools safer and more supportive for students and educators.

CISA developed the Violence Prevention Through De-escalation video to help the critical infrastructure community and public gathering locations identify concerning behaviors and mitigate the risk from incidents of targeted violence. The video provides both security and non-security professionals with principles and techniques that can augment traditional security protocols. This conflict prevention approach can help individuals who observe activities and behaviors that may be considered suspicious, or indicative of potentially violent activity, reduce the risk of a potentially volatile situation.

As the threat landscape evolves, security measures must respond in kind to address it. The recently published CISA Office for Bombing Prevention (OBP) Bomb Threat Guide was developed to help decision makers respond to bomb threats in an orderly and controlled manner.

When it comes to bomb threats, having a clear, specific and well-developed plan can save lives, protect critical infrastructure, and reduce the financial impact. Each bomb threat is unique and requires rapid evaluation to mitigate the immediate impact and manage in accordance with site needs. CISA OBP recommends owners and operators periodically review bomb threat guidance (including this product) and collaborate with first responders to establish and rehearse a bomb threat management plan that addresses each risk level appropriate for their specific site location.  

Highlights from the Bomb Threat Guide include: 

• Planning and preparation information 
• Threat assessments 
• Response options 
• Suspicious items recognition  
• Additional resources and training opportunities  

CISA’s ChemLock program recently released several new products: three customizable templates that facilities and organizations can use as part of developing and implementing a facility security plan and two new resource flyers.

• ChemLock: Chemical Inventory Template – This document serves as a template for maintaining an accurate inventory of the location, quantities, and physical states of chemicals at your facility.
• ChemLock: Personnel Background Checks Policy Template – This document includes background checks that facilities can consider conducting for personnel and serves as a template for a personnel background checks policy.
• ChemLock: Security Organization Roles and Responsibilities Template – This document includes a listing of security roles and responsibilities. It serves as a template to assist your facility in developing and maintaining a security organization.
• ChemLock On-Site Assessments and Assistance Flyer – This flyer advises facilities on the various levels of the ChemLock On-Site Assessment and Assistance services and how those levels can help to enhance a facility’s security posture in a way that works for their business model.
• ChemLock Exercises Flyer – This flyer details how both the ChemLock customized, tailored chemical security exercises and CISA facilitated exercises can help facilities test their response and security plans in a wide range of scenarios.

For more information on how to develop a facility security plan, see the ChemLock Security Plan webpage or contact the ChemLock team at ChemLock@cisa.dhs.gov.