[CDP-development] FW: [TLP:AMBER+STRICT] SLTT SNAP SOC CALL on ED 25-03 - Today, Thursday April 23rd, 2026 at 3pm ET

Thu Apr 23 09:04:40 PDT 2026

Good Morning!

Forwarding this message on behalf of Leslie Kainoa.

Thanks,

Kevin Galusha, CISSP
Cybersecurity Architect
Clackamas County Technology Services
(503)723-4960
KGalusha at clackamas.us<mailto:KGalusha at clackamas.us>
www.clackamas.us<http://www.clackamas.us/>

From: Kainoa, Leslie <leslie.kainoa at cisa.dhs.gov>
Sent: Thursday, April 23, 2026 8:58 AM
To: Galusha, Kevin <KGalusha at clackamas.us>
Subject: Fw: [TLP:AMBER+STRICT] SLTT SNAP SOC CALL on ED 25-03 - Today, Thursday April 23rd, 2026 at 3pm ET

Warning: External email. Be cautious opening attachments and links.
________________________________

________________________________
Hi Kevin, can you please share with the Cyber Disruption Group? Thank you. Respectfully, Leslie From: cyberliaisonsltt at cisa.dhs.gov<mailto:cyberliaisonsltt at cisa.dhs.gov> <cyberliaisonsltt at cisa.dhs.gov<mailto:cyberliaisonsltt at cisa.dhs.gov>> Sent: Thursday, April 23, 2026 8:46 AM To: CISA.IOD.REGION_All <cisa.iod.region_all at cisa.dhs.gov<mailto:cisa.iod.region_all at cisa.dhs.gov>> Subject: [TLP:AMBER+STRI
<https://login-us.mimecast.com/u/login/?gta=apps&link=cybergraph-report/eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMjU2R0NNIn0.Wri7rWFt-ZlRb2rtXVfdY6DwHXTMRuNolvfghMa1XFNOeiu7aGY3nwTyzFVucvVkjy71FaPTwW7sUOhH-ZCGADop6QPfFqmMHJcVtL-r1WDb7uwE5TIkozkQ9L-GwD1CdldQzWudz94M2anbZTuXAQdq4UzxLp5-LKV5l1Wb944ghdNWn886_J7ryyZXFVCsqoxBtbMTdom4dnnKSgNNhV7iIjVlkJ4WeJIVB-2DhMS5CY8U181IdU2_OCYE7WFeIAdC-z32Rl543XYXMgl3HvlnrZAWuR2kzPkKObUN8a94oq5K-V1JLNVGQE37I8Zhi8x0YmlR65PypzcchI7ImA.j_7XykNV8BCxyFIr.Gac8v2BZ7ZemoYxrlHTU4Emxkihzg2UTZ4-cYLQmM2jlD_qJFgXIDGtwOQYjaARO1yTl4iSOIeHGwpaZfWDWMV3ztWKlsR3XFDA1o68HQUtermjeO5TtI77KrT175bMk_qyqXJh7yhoXS5USYv8Gyk2LfxsVUrIHZ1Y_KMMfvawwiqj_1XYBPTdbxN4XJbxEZqa9IqBhwF6D5ojnobCtadUbwmZbLRvuRro-OTJmUyw8B4xSdK5m29d2Sb4PF0b_lJCQaY1QowPWtf48qv8_KbiwgDXCrPIJmaqHcOWXjjNU2jOnxBJN6NQ5Oe7qZ4PK4B873zWGZe_gKm_QldyJNpRS6kSyNfTv5RDMQZE10GQr0CWSxD8f_tSg52R8mHU_ASgddfXajRx904opv09mQtYxxVqFLobDYQFBjR0Y_RstkUuvD91o-Obh_8XEPYmvYH_Uj9QUHFP2tdFgYofEN5aWC6nqSVG5ndqZBKq2Jvsqp4XZETGva9MC92Hu0WHszfJGyD5JInRod_ILfkK398-YtMqn4Jh361XQB6j5EVAG1XYx.gG9OClOvVDNy3BFlVWsBsw>
CGBANNERINDICATOR
Hi Kevin, can you please share with the Cyber Disruption Group?  Thank you.
Respectfully,
Leslie

________________________________
From: cyberliaisonsltt at cisa.dhs.gov<mailto:cyberliaisonsltt at cisa.dhs.gov> <cyberliaisonsltt at cisa.dhs.gov<mailto:cyberliaisonsltt at cisa.dhs.gov>>
Sent: Thursday, April 23, 2026 8:46 AM
To: CISA.IOD.REGION_All <cisa.iod.region_all at cisa.dhs.gov<mailto:cisa.iod.region_all at cisa.dhs.gov>>
Subject: [TLP:AMBER+STRICT] SLTT SNAP SOC CALL on ED 25-03 - Today, Thursday April 23rd, 2026 at 3pm ET

Good Afternoon SLTT partners,

Today, CISA issued V1 ED 25-03: Identify and Mitigate Potential Compromise of Cisco Devices<https://cisa.gov/news-events/directives/v1-ed-25-03-identify-and-mitigate-potential-compromise-cisco-devices> in response to updated cyber threat intelligence indicating that Cisco Firepower and Secure Firewall products with Application Security Appliance (ASA) or Firepower Threat Defense (FTD) continue to present significant risk to SLTT networks. The V1 update expands ED 25-03's recommendations to identify public-facing Cisco Firepower and Secure Firewall devices, collect forensic data, apply vendor-provided updates, and perform a hard reset of the devices. These recommendations are in addition to the existing ED 25-03 recommendations.

Additionally, CISA will host an Emergency Directive (ED) 25-03 SNAP Call today, April 23, 2026, at 3:00 PM ET. Although EDs are directed towards federal agencies and not a requirement for the SLTT community, we would like to share critical information with you. We look forward to discussing the ED in depth with your entity and ensure the guidance is clear and actionable. Call logistics for the SNAP Call are below.

Please share this invite with your incident response teams, security operations center teams, infrastructure administrators, vulnerability management teams, and/or anyone else from your agency who should participate in the snap version of the SLTT SOC Call.

The meeting invite is attached. To add this meeting to your calendar, click on the attached Outlook calendar invite and select “Copy to my Calendar” in the top toolbar under “Appointment Series.”

*** NOTE: Third-party automated transcription, recording, and note-taking services on the call are prohibited. ***

[TLP: AMBER+STRICT]

Call Logistics:

●  Microsoft Teams Link (Audio and Visual): Join the meeting now<https://teams.microsoft.com/l/meetup-join/19%3ameeting_ZDZjYTQ1MWEtM2ExNi00NjI5LTg1ZjEtNTFmOTQxZmVkYzk4%40thread.v2/0?context=%7b%22Tid%22%3a%2269c613d2-b051-4234-8ed1-fd530b70d5d3%22%2c%22Oid%22%3a%2289609bc6-da0b-4d3a-b15d-d13c9acb68d6%22%7d>

●  Use “Raise Hand” feature to ask a question

●  Dial-In Option (Audio Only):

●  Number: 1 323-741-4166,,415495851#

●  ID: 415 495 851#

If you have any additional questions or concerns, please reach out to CyberLiaisonSLTT at cisa.dhs.gov<mailto:CyberLiaisonSLTT at cisa.dhs.gov>.

As a reminder, all organizations should report incidents and anomalous activity to CISA via secure message through the Incident Reporting System | CISA<https://us-cert.cisa.gov/forms/report>. Questions and concerns may be directed to CISA Central at Central at cisa.dhs.gov<mailto:Central at cisa.dhs.gov> or at 1-888-282-0870.

Thank you,

[Logo AI-generated content may be incorrect.]

CyberLiaison SLTT

Cybersecurity and Infrastructure Security Agency (CISA)

Cybersecurity Division | Joint Cyber Defense Collaboration (JCDC)

SLTT Partnerships | CyberLiaisonSLTT at cisa.dhs.gov<mailto:CyberLiaisonSLTT at cisa.dhs.gov>

https://www.cisa.gov/tlp<https://www.cisa.gov/tlp>

Recipients may share TLP:AMBER+STRICT information only with members of their own organization on a need-to-know basis to protect their organization and prevent further harm.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20260423/937605a3/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1776958642021-6euj3hm-inline_image_1776958641935_0.png
Type: image/png
Size: 12436 bytes
Desc: 1776958642021-6euj3hm-inline_image_1776958641935_0.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20260423/937605a3/attachment-0001.png>