DHS Announces New 24.1 Small Business Innovation Research Pre-Solicitation

News Release

WASHINGTON –The Department of Homeland Security (DHS) Small Business Innovation Research (SBIR) Program released six additional topics for the new SBIR 24.1 Pre-solicitation, providing small businesses a chance to review the topics and ask clarifying technical questions about topic requirements over a select period of time. SBIR provides funding and support to small businesses to develop innovative technologies and solutions that address homeland security challenges.

“The SBIR program is one of the best ways for small businesses to partner with DHS to explore innovative concepts with non-dilutive funding,” said DHS SBIR Director Dusty Lang. “Small businesses are a crucial part of the DHS mission, and this program enables the Department to interact with these entities and create an environment of innovation toward economic growth that benefits the country.”

The topics are listed below. For more information, including full descriptions, please visit SAM.gov. Technical questions should be emailed to the specific addresses listed in the 24.1 SBIR Topic Areas (Appendix A) for each topic. Small businesses have until 5:00 PM ET on December 14, 2023, to submit questions.

The DHS topics in the 24.1 SBIR Pre-Solicitation are:

DHS241-001 – Agnostic Detection of Synthetic Opioids and Other Illicit Drugs
DHS241-002 – Data Labeling and Curation at Scale (DLCS) for Machine Learning Algorithms
DHS241-003 – 911 Voice-over-IP Telephone Dispatchable Location System
DHS241-004 – Software Defined Radio for Public Safety (SDR-PS)
DHS241-005 – Video Analysis of Drug and Human Smuggling Activities
DHS241-006 – Enhancing Mobile Radiological/Nuclear (R/N) Detection Through Contextual Information

The DHS SBIR program is also launching its Phase 0 program, designed to increase outreach to small businesses that have never applied before.

“The Phase 0 program is designed to reach new potential offerors, help them understand the process, and provide fresh perspectives for DHS to partner on novel solutions for our mission needs,” said Lang.

For more information on the Phase 0 Program, visit https://www.dhs.gov/science-and-technology/sbir.

About DHS S&T

The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) mission is to enable effective, efficient, and secure operations across all homeland security missions by applying scientific, engineering, analytic, and innovative approaches to deliver timely solutions and support departmental acquisitions. Created by Congress in 2003, S&T conducts basic and applied research, development, demonstration, testing and evaluation activities relevant to support Homeland Security and first responder operations and protect critical infrastructure. For more information about S&T, visit scitech.dhs.gov.

# # #

CISA, NSA, FBI, and MS-ISAC Release Phishing Prevention Guidance

10/18/2023 08:00 AM EDT

Today, the Cybersecurity Infrastructure and Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint guide, Phishing Guidance: Stopping the Attack Cycle at Phase One. The joint guide outlines phishing techniques malicious actors commonly use and provides guidance for both network defenders and software manufacturers to reduce the impact of phishing techniques used in obtaining credentials and deploying malware.

CISA and its partners encourage network defenders and software manufacturers to implement the recommendations in the guide to reduce the frequency and impact of phishing incidents. For more information, see CISA’s Malware, Phishing, and Ransomware and Security-by-Design and -Default webpages.

DHS Announces Additional $374.9 Million in Funding to Boost State, Local Cybersecurity

DHS Announces Additional $374.9 Million in Funding to Boost State, Local Cybersecurity

First-of-Its-Kind Cybersecurity Grant Program Enters the Second Year

WASHINGTON – Today, the Department of Homeland Security announced the availability of $374.9 million in grant funding for the Fiscal Year (FY) 2023 State and Local Cybersecurity Grant Program (SLCGP). State and local governments face increasingly sophisticated cyber threats to their critical infrastructure and public safety. Now in its second year, the SLCGP is a first-of-its-kind cybersecurity grant program specifically for state, local, and territorial (SLT) governments across the country to help them strengthen their cyber resilience. Established by the State and Local Cybersecurity Improvement Act, and part of the Bipartisan Infrastructure Law, the SLCGP provides $1 billion in funding over four years to support SLT governments as they develop capabilities to detect, protect against, and respond to cyber threats. This year’s funding allotment represents a significant increase from the $185 million allotted in FY22, demonstrating the Administration and Congress’s commitment to help improve the cybersecurity of communities across the nation.

“In today’s threat environment, any locality is vulnerable to a devastating cyber attack targeted at a hospital, school, water, or other system,” said Secretary of Homeland Security Alejandro N. Mayorkas. “The Department of Homeland Security is helping to ensure that every community, regardless of size, funding, or resources, can meet these threats and keep their residents and their critical infrastructure safe and secure. These cybersecurity grants will help state, local, and territorial governments do just that, and I strongly urge communities across the country to submit an application.”

SLCGP is jointly administered by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Emergency Management Agency (FEMA). CISA provides expertise and guidance on cybersecurity issues while FEMA manages the grant award and allocation process. Award recipients may use funding for a wide range of cybersecurity improvements and capabilities, including cybersecurity planning and exercising, hiring cyber personnel, and improving the services that citizens rely on daily.

“State and local governments are facing increasingly sophisticated cyber threats to their critical infrastructure and public safety,” said  CISA Director Jen Easterly. “As the Nation’s Cyber Defense Agency, CISA is pleased to make available yet another tool that will help strengthen cyber defenses for communities across the nation and bolster our collective cybersecurity.”

“Building resilience requires more than mitigating against natural hazards,” said FEMA Administrator Deanne Criswell. “As our threat landscape continues to evolve, the funding provided through the state, local, and territorial cybersecurity grant program will increase capability to help communities better prepare and reduce cyber risks.”

State and local governments have until October 6 to apply for this FY23 grant opportunity. For more information and helpful resources on the State and Local Cybersecurity Grant Program, visit CISA’s webpage: cisa.gov/cybergrants.

# # #

Upcoming Webinar: Keeping Your Business Intelligent About AI

Presented by the National Cybersecurity Alliance

May 25, 2023, 01:00 PM (CST)

Online

In this webinar, we’ll examine the ins and outs of generative AI products like ChatGPT and discuss what your company should think about with this rapidly evolving tech. What are the glaring privacy concerns? What should be your red line for your staff? How can you best leverage it for success? We’ll explore practical solutions and balance risk versus reward. As ChatGPT would say, “don’t miss out on this lively discussion about the future of work in the age of AI!”

Featuring:

Margaret Cunningham, Data Safety, Robinhood

Register Now

DHS Issues National Terrorism Advisory System (NTAS) Bulletin

U.S. DEPARTMENT OF HOMELAND SECURITY

Office of Public Affairs

WASHINGTON – Today, Secretary of Homeland Security Alejandro N. Mayorkas issued a National Terrorism Advisory System (NTAS) Bulletin regarding the continued heightened threat environment across the United States. This is the seventh NTAS Bulletin issued by the Department of Homeland Security (DHS) since January 2021 and it replaces the current Bulletin that was set to expire at 2:00 PM ET today.

“Our homeland continues to face a heightened threat environment —as we have seen, tragically, in recent acts of targeted violence— and is driven by violent extremists seeking to further a political or social goal or act on a grievance,” said Secretary Alejandro N. Mayorkas. “To keep Americans safe, DHS is committed to working with partners across every level of government, in the private sector, and in local communities by sharing information, equipping communities with training and resources, and providing millions of dollars in grant funding for security enhancement and prevention.”

Lone offenders and small groups motivated by a range of ideological beliefs and/or personal grievances continue to pose a persistent and lethal threat to the homeland. In the coming months, DHS expects the threat environment to remain heightened and threat actors could exploit several upcoming events to justify or commit acts of violence. These targets could include public gatherings, faith-based institutions, the LGBTQI+ community, schools, racial and religious minorities, government facilities and personnel, U.S. critical infrastructure, the media, and perceived ideological opponents.

Several recent attacks, plots, and threats of violence demonstrate the continued dynamic and complex nature of the threat environment in the United States. Domestic actors and foreign terrorist organizations —who remain intent on attacking America— continue to maintain a visible presence online in attempts to motivate supporters to conduct attacks in the homeland. Threat actors have recently mobilized to violence, citing factors such as reactions to current events and adherence to violent extremist ideologies, and some domestic violent extremists who have conducted attacks have cited previous attacks and attackers as inspiration.

While violence surrounding the November midterm elections was isolated, we remain vigilant that heightened political tensions in the country could contribute to individuals mobilizing to violence based on personalized grievances. Perceptions of government overreach continue to drive individuals to attempt to commit violence targeting government officials and law enforcement officers. Some domestic violent extremists have expressed grievances based on perceptions that the government is overstepping its Constitutional authorities or failing to perform its duties.

DHS works with partners across every level of government, in the private sector, and in local communities to keep Americans safe, providing resources and support, including the following:

DHS and the Federal Bureau of Investigation (FBI) continue to share timely and actionable information and intelligence with the broadest audience possible. This includes sharing information and intelligence with partners across every level of government and in the private sector. DHS conducts recurring threat briefings with private sector and state, local, tribal, territorial, and campus partners, including to inform security planning efforts. DHS remains committed to working with partners to identify and prevent all forms of terrorism and targeted violence, and to support law enforcement efforts to keep communities safe.
In July 2022, DHS reconstituted the Faith-based Security Advisory Council (FBSAC). The FBSAC serves as an advisory body with the purpose of providing guidance and recommendations to the Secretary on the development and implementation of strategies, policies, programs, and information sharing practices that will further the Department’s ability to prevent, protect against, respond to, and recover from acts of targeted violence or terrorism, major disasters, cyberattacks, or other threats or emergencies against places of worship, faith communities, and faith-based organizations.
DHS’s Office of Intelligence and Analysis (I&A), the FBI, and the National Counterterrorism Center released updated behavioral indicators of U.S. extremist mobilization to violence. Further, I&A’s National Threat Evaluation and Reporting Program continues to provide tools and resources for federal, state, local, tribal, and territorial partners on preventing terrorism and targeted violence, including online suspicious activity reporting training.
DHS’s Cybersecurity and Infrastructure Security Agency (CISA) works with government and private sector partners – including owners and operators of critical infrastructure, soft target facilities, and public gathering places – to enhance security and mitigate risks posed by acts of terrorism and targeted violence through its network of Protective Security Advisors and resources addressing Active Shooters, School Safety, Bombing Prevention, and Soft Targets-Crowded Places.
DHS’s Center for Prevention Programs and Partnerships (CP3) educates and trains stakeholders on how to identify indicators of radicalization to violence, where to seek help, and the resources that are available to prevent targeted violence and terrorism. In 2021, CP3 awarded about $20 million in grants through its Targeted Violence and Terrorism Prevention (TVTP) Grant Program.
In 2021 and 2022, DHS designated for the first time domestic violent extremism as a “National Priority Area” within its Homeland Security Grant Program (HSGP), enabling our partners to access critical funds that help prevent, prepare for, protect against, and respond to related threats.
In 2022, DHS’s Nonprofit Security Grant Program (NSGP) provided over $250 million in funding to support target hardening and other physical security enhancements to non-profit organizations at high risk of terrorist attack.
DHS remains focused on recognizing disinformation that threatens the security of the American people, including disinformation by foreign states such as Russia, China, and Iran, or other adversaries, including as transnational criminal organizations and human smuggling organizations.
SchoolSafety.gov consolidates school safety-related resources from across the government. Through this website, the K-12 academic community can also connect with school safety officials and develop school safety plans.
The DHS Center for Faith-Based and Neighborhood Partnerships continues to engage a coalition of faith-based and community organizations, including members of the Faith-based Security Advisory Council, to help build the capacity of faith-based and community organizations seeking to protect their places of worship and community spaces.

This NTAS Bulletin will expire on May 24, 2023. This NTAS Bulletin provides the public with information about the threat landscape facing the United States, how to stay safe, and resources and tools to help prevent an individual’s radicalization to violence. The public should report any suspicious activity or threats of violence to local law enforcement, FBI Field Offices, or a local Fusion Center.

Read the NTAS Bulletin HERE.

# # #

FACT SHEET: Business – Act Now to Protect Against Potential Cyberattacks

The Administration has prioritized strengthening cybersecurity defenses to prepare our Nation for threats since day one. President Biden’s Executive Order is modernizing the Federal Government defenses and improving the security of widely-used technology. The President has launched public-private action plans to shore up the cybersecurity of the electricity, pipeline, and water sectors and has directed Departments and Agencies to use all existing government authorities to mandate new cybersecurity and network defense measures. Internationally, the Administration brought together more than 30 allies and partners to cooperate to detect and disrupt ransomware threats, rallied G7 countries to hold accountable nations who harbor ransomware criminals, and took steps with partners and allies to publicly attribute malicious activity.

We accelerated our work in November of last year as Russian President Vladimir Putin escalated his aggression ahead of his further invasion of Ukraine with extensive briefings and advisories to U.S. businesses regarding potential threats and cybersecurity protections. The U.S. Government will continue our efforts to provide resources and tools to the private sector, including via CISA’s Shields-Up campaign and we will do everything in our power to defend the Nation and respond to cyberattacks. But the reality is that much of the Nation’s critical infrastructure is owned and operated by the private sector, and the private sector must act to protect the critical services on which all Americans rely.

We urge companies to execute the following steps with urgency:

Mandate the use of multifactor authentication on your systems to make it harder for attackers to get onto your system;
Deploy modern security tools on your computers and devices to continuously look for and mitigate threats;
Check with your cybersecurity professionals to make sure that your systems are patched and protected against all known vulnerabilities, and change passwords across your networks so that previously stolen credentials are useless to malicious actors;
Back up your data and ensure you have offline backups beyond the reach of malicious actors;
Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack;
Encrypt your data so it cannot be used if it is stolen;
Educate your employees to common tactics that attackers will use over email or through websites, and encourage them to report if their computers or phones have shown unusual behavior, such as unusual crashes or operating very slowly; and
Engage proactively with your local FBI field office or CISA Regional Office to establish relationships in advance of any cyber incidents. Please encourage your IT and Security leadership to visit the websites of CISA and the FBI where they will find technical information and other useful resources.

We also must focus on bolstering America’s cybersecurity over the long term. We encourage technology and software companies to:

Build security into your products from the ground up — “bake it in, don’t bolt it on” — to protect both your intellectual property and your customers’ privacy.
Develop software only on a system that is highly secure and accessible only to those actually working on a particular project. This will make it much harder for an intruder to jump from system to system and compromise a product or steal your intellectual property.

Use modern tools to check for known and potential vulnerabilities. Developers can fix most software vulnerabilities — if they know about them. There are automated tools that can review code and find most coding errors before software ships, and before a malicious actor takes advantage of them.

Software developers are responsible for all code used in their products, including open source code. Most software is built using many different components and libraries, much of which is open source. Make sure developers know the provenance (i.e., origin) of components they are using and have a “software bill of materials” in case one of those components is later found to have a vulnerability so you can rapidly correct it.

Implement the security practices mandated in the President’s Executive Order, Improving our Nation’s Cybersecurity. Pursuant to that EO, all software the U.S. government purchases is now required to meet security standards in how it is built and deployed. We encourage you to follow those practices more broadly.

###

DHS Announces $1.6 Billion in Preparedness Grants

U.S. DEPARTMENT OF HOMELAND SECURITY

Office of Public Affairs

DHS Announces $1.6 Billion in Preparedness Grants

WASHINGTON— Secretary of Homeland Security Alejandro N. Mayorkas today announced $1.6 billion for eight Fiscal Year 2022 preparedness grant programs. Together, these programs provide critical funding to help state and local officials prepare for, prevent, protect against, and respond to acts of terrorism and other hazards. This funding is in addition to the $405.1 million announced last month for the Emergency Management Performance Grant Program.

Secretary Mayorkas issued the following statement about this year’s grant awards:

“Since the creation of the Department of Homeland Security (DHS), the threat landscape has continued to evolve. DHS has remained vigilant while adapting to protect the homeland. Through our grant programs, DHS makes critical investments to support our partners across every level of government and in the private sector as we work together to keep our communities safe.

Following the hostage situation at the Congregation Beth Israel synagogue in Colleyville, Texas, I called for an increase in funding for the Nonprofit Security Grant Program (NSGP). This program provides essential resources to help protect nonprofit organizations at risk of terrorist attacks. This year, Congress will provide a total of $250 million, an increase of $70 million from last year. This increase will allow more nonprofit organizations across the nation to make physical security enhancements to help protect against attacks. The increase also enables DHS to expand participation in this critical program and increase our support to historically marginalized communities and HBCUs in an effort to build capacity and address an evolving threat environment. In the President’s Fiscal Year 2023 Budget request to Congress, DHS has proposed an additional increase in funding for this critical program to $360 million.

As the threats to our nation continue to evolve, our grant programs must evolve with them. This year, I have designated two new national priority areas for the FY 2022 State Homeland Security Program (SHSP) and Urban Area Security Initiative (UASI) grant programs: Community Preparedness and Resilience; and Election Security.

With this year’s grant awards, DHS is prioritizing support to state, local, tribal, territorial, and campus law enforcement efforts more than ever before. Since 2007, DHS grant programs have required a minimum of 25% of funds be granted to Law Enforcement Terrorism Prevention Activities (LETPA). This year, for the first time, I am increasing funding to LETPA from a statutory minimum of 25% to 30%, resulting in a $51.5 million increase from the prior year. Through these efforts, the Department is supporting law enforcement’s ability to understand, recognize, prepare for, prevent, and respond to pre-operational activity and other crimes that are precursors or indicators of terrorist activity.”

The Fiscal Year 2022 grant guidance will continue to focus on the nation’s highest risk areas, including urban areas that face the most significant threats and national priorities. This year, the Urban Area Security Initiative will enhance regional preparedness and capabilities by funding 36 high-threat, high-density urban areas. This includes five additional urban areas who will receive funding to build and sustain capability based on an evolving threat environment. This represents Congressional intent to limit these funds to those urban areas that represent up to 85% of nationwide risk.

DHS has identified six national priority areas in the FY 2022 grant cycle: cybersecurity; soft targets and crowded places; intelligence and information sharing; domestic violent extremism; community preparedness and resilience; and election security. Grant recipients under the State Homeland Security Program and Urban Area Security Initiative will be required to dedicate a minimum of 30% of their awards across these six priority areas. Twelve percent is required through minimum spend amounts for four priority areas, and recipients have flexibility on how to allocate the remaining 18% across the six priority areas: cybersecurity (no minimum spend); soft target and crowded places (3%); information and intelligence sharing (3%); domestic violent extremism (3%); community preparedness and resilience (3%); and election security (no minimum spend). After extensive consultation with grantees leading up to this announcement, DHS is focused on balancing the need to invest in high priority areas with giving jurisdictions the flexibility to make prioritization decisions based on their own assessments of their needs.

As with previous years, new capabilities that are built using homeland security grant funding must be deployable if needed to support regional and national efforts. All capabilities being built or sustained must have a clear linkage to the core capabilities articulated in the National Preparedness Goal.

Preparedness Grant Program Allocations for Fiscal Year 2022

The following grants are non-competitive and awarded to recipients based on a number of factors:

Homeland Security Grant Program (HSGP): State Homeland Security Program—provides $415 million to support the implementation of risk-driven, capabilities-based state homeland security strategies to address capability targets. Awards are based on statutory minimums and relative risk as determined by DHS/FEMA’s risk methodology.

HSGP: Urban Area Security Initiative—provides $615 million to enhance regional preparedness and capabilities in 36 high-threat, high-density areas. Awards are based on relative risk as determined by DHS/FEMA’s risk methodology.

For both the state homeland and urban area grants, 30% of the awards must address the six priority areas of cybersecurity; soft target and crowded places; information and intelligence sharing; domestic violent extremism; community preparedness and resilience; and election security. Additionally, 30% of these grants must be dedicated to law enforcement terrorism prevention activities, and 80% of these grants must be obligated from the state to local or tribal governments within 45 calendar days of receipt.

Intercity Passenger Rail—provides $10 million to Amtrak to protect critical surface transportation infrastructure and the traveling public from acts of terrorism and increase the resilience of the Amtrak rail system. Award made per congressional direction.

Emergency Operations Center Grant Program—provides $49 million to support the construction, renovations, and enhancements to emergency operations center to the list of entities identified in the Joint Explanatory Statement accompanying the Department of Homeland Security Appropriations Act, 2022 (Pub. L. No. 117-103).

The following grants are competitive, and exact awards will be announced later this year:

HSGP: Operation Stonegarden—provides $90 million to enhance cooperation and coordination among state, local, tribal, territorial, and federal law enforcement agencies to jointly enhance security along the United States land and water borders.

Tribal Homeland Security Grant Program —provides $15 million to eligible tribal nations to implement preparedness initiatives to help strengthen the nation against risk associated with potential terrorist attacks and other hazards.

Nonprofit Security Grant Program—provides $250 million to support target hardening and other physical security enhancements for nonprofit organizations that are at high risk of a terrorist attack. This year, $125 million is provided to nonprofits in UASI-designated urban areas, and $125 million is provided to nonprofits outside of UASI-designated urban areas located in any state or territory.

Port Security Grant Program—provides $100 million to help protect critical port infrastructure from terrorism, enhance maritime domain awareness, improve port-wide maritime security risk management, and maintain or re-establish maritime security mitigation protocols that support port recovery and resiliency capabilities.

Transit Security Grant Program —provides $93 million to owners and operators of public transit systems to protect critical surface transportation and the traveling public from acts of terrorism and to increase the resilience of transit infrastructure.

Intercity Bus Security Grant Program —provides $2 million to owners and operators of intercity bus systems to protect surface transportation infrastructure and the traveling public from acts of terrorism and to increase the resilience of transit infrastructure.

Before determining modifications and final allocations to the grant programs, DHS coordinated extensive engagements with local and state partners, and worked with a wide range of stakeholders. All the funding notices can be found at www.grants.gov.

FEMA has engaged in a concerted effort to expand and enhance outreach related to the NSGP to reach potential new applicants, especially in underserved communities. Funding allocations for the NSGP announcement and for technical assistance in developing grant applications can be found at Nonprofit Security Grant Program. Final submissions must be made through the non-disaster grants system located at https://portal.fema.gov.

Further information on DHS’s preparedness grant programs is available at www.dhs.gov and www.fema.gov/grants.

# # #

Free Webinar Tomorrow! Cybersecurity for Small-Medium Business

Cybersecurity for Small-Medium Business

Oct 26, 2021

Tue 1:00 PM to 2:30 PM

Online

Please join us for an informational webinar focused on Business Cybersecurity with Jeffery McKee, Protective Security Advisor and Cybersecurity Expert. This presentation will explore the cyber essentials imperative for small business owners to plan for security, emergency response, and how to report a suspected cyber-attack. It will also have a question and answer session, so bring your questions! Topics: o What is the risk to businesses and how resilient are businesses? o How can small business owners start implementing cybersecurity practices? o What CISA resources are available to businesses?

Speaker: Jeffery McKee, Protective Security Advisor Cybersecurity and Infrastructure Security Agency US Department of Homeland Security Mr. McKee serves as the Protective Security Advisor (PSA) Baton Rouge District, which encompasses the central, southwest, and northern parishes of Louisiana. Mr. McKee supports homeland security efforts, serving in an advising and reach-back capacity to state Homeland Security Advisors. He contributes to the development of the national risk picture by assisting with the identification, assessment, monitoring, and minimizing risk to critical assets at the local level. Co-sponsors: • Louisiana Business Emergency Operations Center • Lafayette Consolidated Government • Louisiana Procurement Technical Assistance Center (LA PTAC) • UL Lafayette Information Technology • InfraGard Louisiana

Fee: No Cost

DHS Announces New Cybersecurity Requirements for Critical Pipeline Owners and Operators

Release Date:

July 20, 2021

Transportation Security Administration issues second Security Directive

WASHINGTON – Today, in response to the ongoing cybersecurity threat to pipeline systems, DHS’s Transportation Security Administration (TSA) announced the issuance of a second Security Directive that requires owners and operators of TSA-designated critical pipelines that transport hazardous liquids and natural gas to implement a number of urgently needed protections against cyber intrusions.

“The lives and livelihoods of the American people depend on our collective ability to protect our Nation’s critical infrastructure from evolving threats,” said Secretary of Homeland Security Alejandro N. Mayorkas.  “Through this Security Directive, DHS can better ensure the pipeline sector takes the steps necessary to safeguard their operations from rising cyber threats, and better protect our national and economic security. Public-private partnerships are critical to the security of every community across our country and DHS will continue working closely with our private sector partners to support their operations and increase their cybersecurity resilience.”

The Department’s Cybersecurity and Infrastructure Security Agency (CISA) advised TSA on cybersecurity threats to the pipeline industry, as well as technical countermeasures to prevent those threats, during the development of this second Security Directive. This Security Directive requires owners and operators of TSA-designated critical pipelines to implement specific mitigation measures to protect against ransomware attacks and other known threats to information technology and operational technology systems, develop and implement a cybersecurity contingency and recovery plan, and conduct a cybersecurity architecture design review.

This is the second Security Directive that TSA has issued to the pipeline sector this year, building upon an initial Security Directive that TSA issued in May 2021 following the ransomware attack on a major petroleum pipeline. The May 2021 Security Directive requires critical pipeline owners and operators to (1) report confirmed and potential cybersecurity incidents to CISA; (2) designate a Cybersecurity Coordinator to be available 24 hours a day, seven days a week; (3) review current practices; and, (4) identify any gaps and related remediation measures to address cyber-related risks and report the results to TSA and CISA within 30 days.

Since 2001, TSA has worked closely with pipeline owners and operators, as well as its partners across the federal government, to enhance the physical security preparedness of U.S. hazardous liquid and natural gas pipeline systems.  TSA works closely with CISA, the nation’s lead agency for protecting critical infrastructure against cybersecurity threats, to execute this mission.

United States Government Launches First One-Stop Ransomware Resource at StopRansomware.gov

Release Date:

July 14, 2021

New website provides cybersecurity resources from across the federal government

WASHINGTON – Today, as part of the ongoing response, agencies across the U.S. government announced new resources and initiatives to protect American businesses and communities from ransomware attacks. The U.S. Department of Homeland Security (DHS) and the U.S. Department of Justice (DOJ), together with federal partners, have launched a new website to combat the threat of ransomware. StopRansomware.gov establishes a one-stop hub for ransomware resources for individuals, businesses, and other organizations. The new StopRansomware.gov is a collaborative effort across the federal government and the first joint website created to help private and public organizations mitigate their ransomware risk.

“As ransomware attacks continue to rise around the world, businesses and other organizations must prioritize their cybersecurity,” said Secretary Mayorkas. “Cyber criminals have targeted critical infrastructure, small businesses, hospitals, police departments, schools, and more. These attacks directly impact Americans’ daily lives and the security of our Nation. I urge every organization across our country to use this new resource to learn how to protect themselves from ransomware and reduce their cybersecurity risk.”

“The Department of Justice is committed to protecting Americans from the rise in ransomware attacks that we have seen in recent years,” said Attorney General Garland. “Along with our partners in and outside of government, and through our Ransomware and Digital Extortion Task Force, the Department is working to bring all our tools to bear against these threats. But we cannot do it alone. It is critical for business leaders across industries to recognize the threat, prioritize efforts to harden their systems, and work with law enforcement by reporting these attacks promptly.”

StopRansomware.gov is the first central hub consolidating ransomware resources from all federal government agencies. Prior to today, individuals and organizations had to visit a variety of websites to find guidance, latest alerts, updates, and resources, increasing the likelihood of missing important information. StopRansomware.gov reduces the fragmentation of resources, which is especially detrimental for those who have become victims of an attack, by integrating federal ransomware resources into a single platform that includes clear guidance on how to report attacks, and the latest ransomware-related alerts and threats from all participating agencies. StopRansomware.gov includes resources and content from DHS’s Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Secret Service, the Department of Justice’s Federal Bureau of Investigation (FBI), the Department of Commerce’s National Institute of Standards and Technology (NIST), and the Departments of the Treasury and Health and Human Services.

Ransomware is a long-standing problem and a growing national security threat. Tackling this challenge requires collaboration across every level of government, the private sector, and our communities. Roughly $350 million in ransom was paid to malicious cyber actors in 2020, a more than 300% increase from the previous year. Further, there have already been multiple notable ransomware attacks in 2021 and despite making up roughly 75% of all ransomware cases, attacks on small businesses often go unnoticed. Like most cyber-attacks, ransomware exploits the weakest link. Many small businesses have yet to adequately protect their networks and StopRansomware.gov will help these organizations and many more to take simple steps to protect their networks and respond to ransomware incidents, while providing enterprise-level information technology (IT) teams the technical resources to reduce their ransomware risk.

DHS, DOJ, the White House, and our federal partners encourage all individuals and organizations to take the first step in protecting their cybersecurity by visiting StopRansomware.gov.

https://www.dhs.gov/news/2021/07/14/united-states-government-launches-first-one-stop-ransomware-resource