[CDP-development] FYI- CISA Bulletins (3)

ALBIN Cinnamon S * DAS Cinnamon.S.ALBIN at oregon.gov
Wed Sep 1 14:00:21 PDT 2021 

1.     The Cybersecurity and Infrastructure Security Agency, Region X (AK, ID, OR, WA) invites you to join us for a two-hour security webinar to enhance awareness of and response to an active shooter event. See attached.



2.     The DHS Intelligence Enterprise invites you to participate in our bi-weekly UNCLASSIFIED//FOR OFFICIAL USE ONLY/TLP GREEN cyber threat intelligence discussions with public and private sector security professionals. Our teleconferences feature unclassified, but sensitive as well as declassified information sharing sessions that reflect our current understanding of intelligence that is published within classified levels. Recommended participants include private and public sector cyber security and/or intelligence professionals who in the course of their work support cyber/information or critical infrastructure security, such as (but not limited to):

*       Fusion Center personnel (e.g.: emergency managers, first responders and law enforcement or public safety officials);
*       Security Operations Center personnel (public or private sector);
*       Chief Security Officers, Chief Information Officers or Chief Information Security Officers (public or private sector);

We aim to enhance security practitioners' awareness of emerging and enduring cyber threat issues by introducing finished intelligence, bulletins, alerts or articles produced by DHS, our federal government partners, academia or media outlets. Our upcoming call will highlight the following product lines and subjects:

*       CISA Alert AA21-243A ("Ransomware Awareness for Holidays and Weekends") and related current reporting;
*       DHS I&A Network Defender Bulletin previews describing Advanced Persistent Threat (APT) actor cyber activity against FSLTT governments and critical infrastructure
*       DHS I&A Cyber Mission Center Overview of Foreign Adversaries' Homeland Influence Efforts

A separate calendar invitation will not be issued for this event.

Date/Time: TOMORROW, September 2 (9-10am PDT)

Participant Dial in Number: 800-747-0367

Highest classification level: U//FOUO

Requests for Information: Participants may submit requests for information in advance that (time permitting) we will attempt to address toward the end of the call. To submit a request, please email cymcrfi at hq.dhs.gov<mailto:cymcrfi at hq.dhs.gov> and be sure to include your name, position/affiliation and contact information so that we can follow-up with you in the event we do not address your inquiry during the call.

Connect with I&A: I&A field intelligence personnel are forward deployed to every state and territory and are empowered with the mission to work with SLTT partners and execute the intelligence cycle at the local level. If you have trouble locating your respective officer, please contact the I&A Field Operations Division at DHS.INTEL.FOD.OMT at hq.dhs.gov<mailto:DHS.INTEL.FOD.OMT at hq.dhs.gov>.

CYMC on HSIN: To review previous threat call notes, access finished intelligence, review our intelligence methodology and more, visit our new Community of Interest on the Homeland Security Information Network: https://hsin.dhs.gov/dhs/cymc/<https://urldefense.us/v3/__https:/urldefense.com/v3/__https:/hsin.dhs.gov/dhs/cymc/__;!!JZ0iVwK7KX4!RWyPhwCvtPHZn14haoBhN07yg7oTVtDIqentdmlTAt377S1xOjLVRz2uhr0RVmR0R4I$__;!!BClRuOV5cvtbuNI!TAk0p7ZW9SqBGwy9Moc0WhWGnU1zHjQP-ZnFo_QJLCb2zAEgpbodoIBFjI_YYw0iBIkFug$>. Additionally, state and local partners may continue to access finished cyber intelligence via the HSIN-Intelligence (HSIN-Intel) COI.


3.       The Cybersecurity and Infrastructure Security Agency (CISA) announced a new addition to its ongoing Bad Practices initiative catalogue, single-factor authentication for remote or administrative access. - CISA Adds Single-Factor Authentication to list of Bad Practices<https://us-cert.cisa.gov/ncas/current-activity/2021/08/30/cisa-adds-single-factor-authentication-list-bad-practices>


The use of single-factor authentication for remote or administrative access to systems supporting the operation of Critical Infrastructure and National Critical Functions (NCF) is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety. This dangerous practice is especially egregious in technologies accessible from the Internet.
On the CISAgov GitHub<https://github.com/cisagov/bad-practices/discussions>, CISA opened a Bad Practices discussion page to engage with administrators and IT professionals from industry, federal government and state, local, tribal and territorial governments. The intent is to gather your perspectives and input on this initiative as well as discuss how to eradicate these practices.
In June, CISA announced this new initiative in a blog<https://www.cisa.gov/blog/2021/06/24/bad-practices> by Executive Assistant Director for Cybersecurity, Eric Goldstein, and published the first two Bad Practices, (1) use of unsupported (or end-of-life) software, and (2) use of known/fixed/default passwords and credentials. You can read more details on the dangers of these current practices on the new, whole-of-government ransomware website, Stopransomware.gov, here<https://www.cisa.gov/stopransomware/bad-practices>.

We encourage you to share this information broadly and thank you for your continued collaboration.


Theresa A. Masse
Cyber Security Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image001.png at 01D79F39.B2F82C80]











-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20210901/b3b70aa3/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 16152 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20210901/b3b70aa3/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ASWeb_19-OCT-21_R10-Invitation.pdf
Type: application/pdf
Size: 185121 bytes
Desc: ASWeb_19-OCT-21_R10-Invitation.pdf
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20210901/b3b70aa3/attachment-0001.pdf>

More information about the CDP-development mailing list