 July 2024 Issue
In this edition:
-
Announcements
- Exclusive Sneak Peak: Refreshed Cybersecurity Awareness Month Materials
- CISA Call for Fiscal Year 2025 Exercise Nominations
- Save the Date: 2024 National Summit on K-12 School Safety and Security – September 25-26
-
Partnerships
- Cybersecurity Best Practices: Strengthening Smart City Infrastructure Webinar, a panel discussion between the United States and the United Kingdom
-
Information Exchange
- Artificial Intelligence and the Emergency Services Sector Factsheets
- National Emergency Communications Plan Webinar
-
Education and Training and Workshops
- 2024 Chemical Security Seminars
- Quarterly ChemLock Trainings
- Upcoming Interagency Security Committee Risk Management Process & Facility Security Committee Trainings
- Cybersecurity Education & Career Development
To see the latest CISA Cybersecurity Alerts and Advisories visit Cybersecurity Alerts & Advisories | CISA
Report a Cyber Incident
CISA provides secure means for constituents and partners to report incidents, phishing attempts, malware, and vulnerabilities.
Report a Cybersecurity Incident: Report anomalous cyber activity and/or cyber incidents 24/7 to report@cisa.gov or (888) 282-0870.
Report incidents as defined by NIST Special Publication 800-61 Rev 2, to include
- Attempts to gain unauthorized access to a system or its data,
- Unwanted disruption or denial of service, or
- Abuse or misuse of a system or data in violation of policy.
Federal incident notification guidelines, including definitions and reporting timeframes can be found here.
Organizations can also report anomalous cyber activity and/or cyber incidents 24/7 to: Central@CISA.dhs.gov
To report an incident, you can call the Know2Protect Tipline at 1-833-591-KNOW (5669) or visit the NCMEC CyberTypline at https://report.cybertip.org.
 Exclusive Sneak Peak: Refreshed Cybersecurity Awareness Month Materials
You spoke and we listened! CISA is excited to announce that refreshed materials for Cybersecurity Awareness Month will be available in the coming weeks. As a reminder, Secure Our World is the enduring theme for this and all future Cybersecurity Awareness Months. What is Secure Our World? Check out our new PSA to find out!
This year’s materials reinforce four essential behaviors:
Using the updated PDF guide, sample social media posts and graphics, and email/article template, your organization can create their own Cybersecurity Awareness Month campaign. You can also use the updated virtual background and email signature template to inspire others to become a champion and spread the word.
CISA is also excited to announce several new resources that were developed this year, including a poster, animated videos, tip sheets on artificial intelligence, and an activity kit for parents and educators.
CISA Call for Fiscal Year 2025 Exercise Nominations
Exercises provide stakeholders with effective and practical mechanisms to examine plans and procedures, identify areas for improvement, and share best practices. To this end, the Cybersecurity and Infrastructure Security Agency (CISA) works with government and industry partners to plan and conduct cyber and physical security exercises to enhance the security and resilience of critical infrastructure. Each year CISA conducts an annual call for exercise nominations from across the critical infrastructure community. The call for fiscal year 2025 exercises will be open from July 1, 2024 through August 23, 2024. For more information, please contact CISA Exercises at CISA.Exercises@cisa.dhs.gov.
Save the Date: 2024 National Summit on K-12 School Safety and Security – September 25-26
 For the third year in a row, the Cybersecurity and Infrastructure Security Agency (CISA) will host the National Summit on K-12 School Safety and Security. This virtual event brings together K-12 school leaders and practitioners to discuss and share actionable recommendations that enhance safe and supportive learning environments.
The 2024 Summit will feature panel discussions, sessions and keynote speakers covering topics such as understanding and preventing youth violence, protecting K-12 networks, youth online safety, supporting student mental health, emergency planning and physical security, and restorative and intervention practices.
This free event is open to anyone with a passion for improving school safety but will be of particular interest to K-12 school and district administrators; principals and superintendents; school-based law enforcement; teachers and school staff; mental health practitioners; first responders; federal, state, local, tribal and territorial government partners; and other school safety and security professionals.
The 2024 Summit will be held on September 25 and 26. Registration will open in late July. For more information, please visit: cisa.gov/national-school-safety-summit.
 Cybersecurity Best Practices: Strengthening Smart City Infrastructure Webinar, a Panel Discussion Between the United States and the United Kingdom
CISA’s National Risk Management Center (NRMC) will host a panel discussion webinar with the United Kingdom’s National Cyber Security Centre (NCSC), to discuss the Five Eyes (FVEY), an Anglosphere intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States, Cybersecurity Best Practices for Smart Cities, which details the technology-related threats faced by smart cities, the corresponding consequences, and best practice mitigation strategies.
For more information about the engagement, or to request an invitation, please reach out to Connected.Communities@cisa.dhs.gov.
 Artificial Intelligence and the Emergency Services Sector Factsheets
The Emergency Services Sector Management Team (ES SMT), in collaboration with the Emergency Services Sector Coordinating Council (ESSCC) and the Emergency Services Government Coordinating Council (ESGCC), have released the Artificial Intelligence and the Emergency Services Sector, Artificial Intelligence and the Emergency Services Sector - Benefits and Challenges, and Artificial Intelligence and the Emergency Services Sector - Case Studies factsheets. These three factsheets align to three webinars recently hosted by the ES SMT and discuss how artificial intelligence (AI) can be used by the Emergency Services Sector (ESS), AI issues the ESS should consider, some benefits and challenges facing the ESS from AI use, and case studies of ESS use of AI.
National Emergency Communications Plan Webinar
CISA will host a webinar on July 24th entitled, “Leveraging Survey Data for Collaborative Initiatives and National Planning.” This webinar will introduce participants to the SAFECOM Nationwide Survey (SNS), a valuable tool for shaping national emergency communications planning. The SNS provides a comprehensive view of the current state of emergency communications across the nation and identifies areas for improvement. By leveraging insights from large national surveys like the SNS, public safety and emergency communications entities can better understand the changing dynamics of emergency communications and align their strategies with broader national goals. The NECP emphasizes the critical role of strategic teambuilding in achieving resilient, secure, and interoperable emergency communications. This webinar will highlight the vital importance of stakeholder involvement in this teambuilding effort by exploring how the SNS was designed and how its findings inform national planning and support evidence-based decision-making for public safety leaders across the nation. For more information about the NECP webinar series, including a link to attend the webinar, on CISA’s website here: https://www.cisa.gov/necp-webinars.
 CISA Education and Training
CISA offers a variety of free courses and scheduled training events. For a complete list, visit the links below:
Cyber Education & Training Updates
July 2024
Highlights: What You Want to Know
CISA is excited to announce that it has published the first federally focused Zero Trust (ZT) Awareness Course. This course, Basics of Zero Trust for Federal Agencies, is a one-hour, self-paced online training, tailored for all federal employees/contractors who require/want a basic understanding of Zero Trust. If you know someone who is interested or could benefit from a ZT basics training, please visit FedVTE under "All Cybersecurity Courses" (requires login) or under "Public Content" (no login required)!
CISA has recently announced two new collaborative efforts: the CyberSkills2Work program and new micro-challenges on Try Cyber. Both efforts were designed to help individuals launch or advance cybersecurity careers. To learn more, please visit CISA’s Cybersecurity Education and Career Development Website.
For the first time, there is an opportunity to attend both of the CDM Dashboard in-person courses in succession, which focus on eight CDM Dashboard courses within a four-day period July 23-26! This is an excellent opportunity to attend in-person and receive a full week of training covering all the current CDM Dashboard capabilities. To learn more and to register, visit the CDM training page!
CISA is thrilled to announce that Federal Cyber Defense Skilling Academy courses will be returning in FY25! While all application periods for FY24 courses are now closed, please continue to check the Skilling Academy website for updates and more information.
|
| |
|
Industrial Control Systems (ICS): We offer free, virtual ICS trainings geared toward Critical Infrastructure owners and operators. The trainings are designed to reduce cybersecurity risks to critical infrastructure and encourage cooperation between CISA and the private sector. Trainings vary in length and run from 8:00 a.m. – 5:00 p.m. MST (10:00 a.m. – 7:00 p.m. EST). All trainings are conducted through Online Training or CISA Virtual Learning Portal (VLP), with the exception of the three- or four-day, in-person courses at Idaho National Labs (INL) in Idaho Falls, ID.
|
ICS Training Events through July 2024
|
|
Date
|
Course Code
|
Course
|
Location
|
|
07/08/2024-07/26/2024
|
401
|
Industrial Control Systems Cybersecurity Evaluation (401)
|
Scheduled Online Training
|
|
07/08/2024-07/26/2024
|
300
|
Industrial Control Systems Cybersecurity (300)
|
Scheduled Online Training
|
|
07/15/2024-07/18/2024
|
301
|
Industrial Control Systems Cybersecurity & RED-BLUE Exercise (301)
|
IN-PERSON TRAINING –
4 Days
|
|
On Demand
|
100W
|
Operational Security (OPSEC) for Control Systems
|
CISA Training Virtual Learning Portal (VLP)
|
|
On Demand
|
210W-1
|
Differences in Deployments of ICS
|
CISA Training Virtual Learning Portal (VLP)
|
|
On Demand
|
210W-2
|
Influence of Common IT Components on ICS
|
CISA Training Virtual Learning Portal (VLP)
|
|
On Demand
|
210W-3
|
Common ICS Components
|
CISA Training Virtual Learning Portal (VLP)
|
|
On Demand
|
210W-4
|
Cybersecurity within IT & ICS Domains
|
CISA Training Virtual Learning Portal (VLP)
|
|
On Demand
|
210W-5
|
Cybersecurity Risk
|
CISA Training Virtual Learning Portal (VLP)
|
|
On Demand
|
210W-6
|
Current Trends (Threat)
|
CISA Training Virtual Learning Portal (VLP)
|
|
On Demand
|
210W-7
|
Current Trends (Vulnerabilities)
|
CISA Training Virtual Learning Portal (VLP)
|
|
On Demand
|
210W-8
|
Determining the Impacts of a Cybersecurity Incident
|
CISA Training Virtual Learning Portal (VLP)
|
|
On Demand
|
210W-9
|
Attack Methodologies in IT & ICS
|
CISA Training Virtual Learning Portal (VLP)
|
|
On Demand
|
210W-10
|
Mapping IT Defense-in-Depth Security Solutions to ICS - Part 1
|
CISA Training Virtual Learning Portal (VLP)
|
|
On Demand
|
210W-11
|
Mapping IT Defense-in-Depth Security Solutions to ICS - Part 2
|
CISA Training Virtual Learning Portal (VLP)
|
|
On Demand
|
FRE2115
|
Industrial Control Systems Cybersecurity Landscape for Managers
|
CISA Training Virtual Learning Portal (VLP)
|
|
To learn more or sign up, visit: https://www.cisa.gov/ics-training-calendar
|
*The following virtual courses are prerequisites to attending in-person 301 and 401 trainings hosted by CISA at the Idaho National Laboratory:
- ICS 301v: Focuses on understanding, protecting and securing ICS from cyberattacks.
ICS 401v: Focuses on analyzing and evaluating an ICS network to determine its defense status and what changes need to be made.
|
| |
|
CISA’s K – 12 Cybersecurity Education Training Assistance Program (CETAP): Through CETAP grantee, we offer K-12 teachers with cybersecurity curricula and education tools. CYBER.ORG develops and distributes cybersecurity, STEM and computer science curricula at no cost to K-12 educators across the country. Below are upcoming training events through CYBER.ORG.
|
|
|
CYBER.ORG Training Events through July 2024
|
|
|
|
Date
|
Time
|
Audience
|
Course
|
Location
|
Hours
|
|
07/30/2024
|
11:00 AM-12:30 PM CST
|
Elementary School Educators
|
Implementing the Cybersecurity Basics Course for Grades K-8!: Join us for an overview of our Cybersecurity Basics course that includes topics like digital citizenship and online safety!
Implementing the Cybersecurity Basics Course for Grades K-8 | CYBER.org
|
Virtual
|
1.5 Hours
|
|
07/30/2024
|
1:00 PM-2:30 PM CST
|
Middle School Educators
|
Implementing Range Activities with Middle School Students!: Join us for an overview of Range Activities for middle school students!
Implementing Range Activities with Middle School Students | CYBER.org
|
Virtual
|
1.5 Hours
|
|
07/30/2024
|
3:00 PM-4:30 PM CST
|
8-12 Educators
|
Implementing the Cyber Society Course for Grades 8-12!: The Cyber Society course is designed to introduce students to how the world of cyber affects their everyday lives, with topics ranging from law and politics to artificial intelligence and media literacy.
Implementing the Cyber Society Course for Grades 8-12 | CYBER.org
|
Virtual
|
1.5 Hours
|
|
07/30/2024
|
3:00 PM-4:30 PM CST
|
8-12 Educators
|
Implementing the Intro to Cybersecurity Course for Grades 8-12!: Join us for an overview of our Intro to Cybersecurity course! The goal of this course is to introduce students to basic cybersecurity concepts and inspire interest in cybersecurity careers.
Implementing the Intro to Cybersecurity Course for Grades 8-12 | CYBER.org
|
Virtual
|
1.5 Hours
|
|
|
To learn more or sign up, visit: https://cyber.org/events
|
|
|
| |
|
|
|
|
|
Continuous Diagnostics and Mitigation (CDM): We offer instructor led, hands-on CDM Dashboard training for U.S. Executive Branch employees and contractors in our virtual cyber range training environment. These courses are intended for those at agencies participating in the CDM program who monitor, manage and/or oversee controls on their information systems (e.g., ISSOs, CDM POCs, ISSMs and those who report metrics and measures).
The CDM training goal is to provide the learner the basics of CDM and using the CDM Dashboard capabilities to help mitigate agency threats. We will also provide numerous CDM resources and external references.
All courses will be taught utilizing the latest version of the CDM Dashboard (ES-6.2) within a cyber virtual training range (CVLE). The course content focuses on the current version ES-6 of the CDM Dashboard, including the latest dashboard content pack, version 6.2. The latest CDM Dashboard capabilities will be discussed, including FISMA Automation, HVA reporting and Mobile tracking. The current CDM courses fall into the 100 level (Introductory) and 200 level (Intermediate) level offerings.
|
CDM Training Events through July 2024
|
|
Date
|
Course Code
|
Registration Opens
|
Course
|
Hours
|
|
07/11/2024
|
CDM142
|
06/11/2024
|
Asset Management with the CDM Agency Dashboard
|
4
|
|
07/16/2024
|
CDM141
|
06/17/2024
|
Introduction to the CDM Agency Dashboard
|
4
|
|
07/23/2024-07/24/2024
|
CDM111
|
06/24/2024
|
Analyzing Cyber Risk with the CDM Agency Dashboard – IN PERSON
|
14
|
|
07/25/2024-07/26/2024
|
CDM222
|
06/25/2024
|
Using the CDM Dashboard to Advance Cyber Defense – IN PERSON
|
14
|
|
To learn more or register visit: https://www.cisa.gov/resources-tools/programs/continuous-diagnostics-and-mitigation-cdm-training
|
|
|
| |
2024 Chemical Security Seminars
There is still time to register for the virtual 2024 Chemical Security Seminars on July 11 and 18, 2024, from 10 a.m.-3 p.m. ET (7 am-noon PT).
Register today for the 2024 Chemical Security Seminars!
Featuring case studies and discussions on “wicked problems,” artificial intelligence, drones and transnational threats to the chemical industry, the 2024 Seminars will have actionable insights that everyone can take back to their organizations regardless of industry or organization size.
The Seminars are free to attend and open to the public. Register for the 2024 Seminars today.
For more information and to see the agenda, visit the 2024 Chemical Security Seminars webpage. For questions or comments, please email us at Chemicalsummitreg@hq.dhs.gov.
We look forward to seeing you virtually at the 2024 Chemical Security Seminars.
|
Quarterly ChemLock Trainings
ChemLock: Introduction to Chemical Security
This course provides an introduction to identifying, assessing, evaluating, and mitigating chemical security risks. This easy-to-understand overview identifies key components and best practices of chemical security awareness and planning to help kickstart chemical security discussions at your facility.
This course runs 1-2 hours in length and is appropriate for all personnel regardless of their level of involvement with dangerous chemicals.
ChemLock: Secure Your Chemicals Security Planning
This course walks through how to create a tailored, scalable security plan that meets the business model and unique circumstances of a facility. Participants will learn the key elements of a chemical security plan and benefit from examples, lessons learned, and best practices.
This course runs 2-3 hours in length and is designed to help leadership, facility security personnel, and other applicable personnel understand, develop, and implement a facility security plan.
For more information or to request a specific training for your facility, please visit the ChemLock Training webpage.
|
Upcoming Interagency Security Committee Risk Management Process & Facility Security Committee Trainings
The Interagency Security Committee (ISC) invites you to participate in its award winning Risk Management Process (RMP) and Facility Security Committee (FSC) Training. This training provides an understanding of the ISC, the ISC Risk Management Process Standard (RMP Standard), and the roles and responsibilities of Facility Security Committees (FSC). The course fulfills the necessary training requirements for FSC membership and is valuable for executives; managers; and personnel involved in making facility funding, leasing, security, or other risk management decisions. Participants will receive continuing education units through the International Association for Continuing Education and Training upon completion of the course. The ISC offers the training at no cost to participants.
The schedule for upcoming in-person and virtual trainings is below.
In-Person Trainings:
- June 25, 2024 – Charleston, SC at 8 a.m. ET
- July 2, 2024 – Arlington, VA at 9 a.m. ET
- July 23, 2024 – Boise, ID at 8 a.m. MT
- July 25, 2024 – Seattle, WA at 8 a.m. PT
- August 15, 2024 – Atlanta, GA at 8 a.m. ET
- September 10, 2024 – Tucson, AZ at 8:30 a.m. MT
- September 12, 2024 – San Diego, CA at 8:30 a.m. PT
Virtual, Instructor-Led Trainings:
- June 4-5, 2024 – 9 a.m. CT
- July 16-17, 2024 – 9 a.m. ET,
- September 10-11, 2024 – 9 a.m. CT
To register for any of these courses, please email the ISC Training Team at rmp_fsctrng@cisa.dhs.gov or visit our website. We look forward to seeing you.
|
Cybersecurity Education & Career Development
CISA looks to enable the cyber-ready workforce of tomorrow by leading training and education of the cybersecurity workforce by providing training for federal employees, private-sector cybersecurity professionals, critical infrastructure operators, educational partners, and the general public. CISA is committed to supporting the national cyber workforce and protecting the nation's cyber infrastructure.
NICCS Education & Training Catalog: The NICCS website recently surpassed 13,000 total courses in our Education and Training Catalog. The Catalog is a repository of courses to help individuals of all skill levels find virtual and in-person cybersecurity-related courses across the nation. Use the interactive search functions and filters to find courses that can help you earn a cybersecurity certification or even assist you in transitioning to a new career!
The CISA Community Bulletin is a monthly publication that shares cybersecurity webinars and workshops, new publications, and best practices.
To access past editions of this CISA Community Bulletin newsletter, please visit the CISA Community Bulletin archive.
|
