|An unprecedented number of anti-Semitic attacks occurred during 5781. Your Community Security Initiative can work with you to make your 5782 High Holiday services safer and more secure. Join us on Tuesday, August 10, 2021@12 noon for our webinar. Click here to make a reservation.
Program (in process)
Today, the Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) releases an cybersecurity advisory, “DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks.” CISA and FBI are urging critical infrastructure asset owners and operators to adopt a heightened state of awareness and implement the recommendations listed in this advisory.
Recently, DarkSide actors deployed DarkSide ransomware against a U.S. pipeline company’s information technology (IT) network. In response to the cyberattack, the company proactively disconnected certain operational technology (OT) systems to ensure the safety of the system. At this time, there are no indications that the threat actor moved laterally to OT systems.
This joint advisory provides technical details on DarkSide actors and some of their known tactics and preferred targets. According to open-source reporting, DarkSide actors have been targeting multiple large, high-revenue organizations. Also, the actors have previously been observed gaining initial access through phishing, exploiting remotely accessible accounts and systems and virtual desktop infrastructure.
CISA and FBI strongly recommend that critical system owners and operators prioritize reading this advisory and follow recommended mitigation and guidance to help protect against this malicious activity. In addition to the cybersecurity advisory, CISA and FBI urge critical infrastructure asset owners and operators to review the following resources for best practices on strengthening cybersecurity posture:
- Joint Ransomware Guide (CISA and Multi-State Information Sharing and Analysis Center)
- CISA Ransomware Webpage: Ransomware Guidance and Resources
- CISA Insights: Ransomware Outbreak
- CISA Pipeline Cybersecurity Initiative
- CISA Pipeline Cybersecurity Resources Library
Victims of ransomware should report it immediately to CISA, a local FBI Field Office, or a Secret Service Field Office.
Please see the offerings from NYS DHSES below. Note that most of the sessions are for current grantees.
- There will be a session on the nonprofit programs on Thursday, February 11th@ 1PM. Click here to register. Here is more information.
- The Community Security Initiative and NYS DHSES will present at Rep. Grace Meng’s Nonprofit Security Program Grant Workshop on Wednesday, February 10, 2020 from 6PM to 7:30PM. To RSVP and receive the Zoom link email: MENG.RSVP@MAIL.HOUSE.GOV.
- Organizations planning to submit a NSGP application must include an assessment. Click here to apply for a professional assessment from the Community Security Initiative at no charge to your organization.
Here is more information from NYS DHSES:
The New York State Division of Homeland Security and Emergency Services (DSHES) Grants Regional Workshops are an annual event which have historically been held at multiple locations statewide every fall. Being unable to hold these events in person for 2020, we have announced the 2020 DHSES Grants Virtual Workshops and the 2020 DHSES Grants Virtual Workshops – Nonprofit Series, which will be delivered via WebEx on multiple key dates between December 2020 and March 2021. The purpose of the Workshops is to provide critical updates on homeland security grant funding, provide technical assistance on meeting the various grant requirements and to obtain feedback as well as answer your questions on these key issues.
We have set up this page to be able to share important information and documents regarding the Virtual Workshops, including presentation recordings and slides, which will be posted following the delivery of each presentation. Please note that the Virtual Workshops are for informational purposes and may not address your questions directly, however you can always reach out to your Contract Representative for further clarification.
Grants Program Administration: Who We Are / What We Do – Delivered Friday, December 11, 2020
Target Audience: Government sector subrecipients, Nonprofit organizations
Tutorial on Minority and Women Owned Business Enterprises (MWBE) Requirements – Delivered Tuesday, January 12, 2021
Target Audience: Government sector subrecipients
Navigating E-Grants and Quarterly Reporting – Delivered Thursday, January 28, 2021
Target Audience: Government sector subrecipients, Nonprofit organizations
- Navigating E-Grants and Quarterly Reporting – Webinar Recording
- Navigating E-Grants and Quarterly Reporting Slide Deck
Any questions or comments about the content herein or the Virtual Workshops can be directed to the Grants Info box: Grant.Info@dhses.ny.gov
As cybersecurity concerns heightened, both worldwide and in the Jewish community, the Community Security Initiative and CISA offered a cybersecurity webinar on December 17, 2020. R. S. Richard Jr., CISM, CCISO, Cybersecurity Advisor, Region II of the Cybersecurity and Infrastructure Security Agency (CISA) offered explained about important cybersecurity measures that organizations should consider adopting and the resources that CISA makes available. View the video here and the presentation here.
CISA recently released its Cyber Essentials Toolkit, a set of modules designed to break down the CISA Cyber Essentials into bite-sized actions for technical staff and organizational leadership to work toward full implementation of each Cyber Essential. Each chapter focuses on recommended actions to build cyber readiness into the six interrelated aspects of an organizational culture of cyber readiness. We urge you to download and review these valuable tools.
This chapter focuses on providing leaders with an understanding of what it takes from the top to drive a culture of cyber readiness within their organizations. Topic areas include, leading investment in basic cybersecurity; determining how much of the business’ critical operations are dependent on IT; how to approach cyber as a business risk; leading the development of cybersecurity policies; and building networks of trusted sector partners and government agencies for information sharing.
This chapter focuses on an organizational approach to cybersecurity by educating employees and providing training resources that encourage cyber awareness and vigilance. Topic areas include: leveraging basic cybersecurity training; developing a culture of awareness; learning about phishing and other risks; identifying available training resources; and maintaining awareness of current cyber events.
This chapter focuses on an organizational approach to cybersecurity by securing network assets and information. Topic areas include: learning what is on your network; leveraging automatic updates; implementing secure configurations; removing unauthorized hardware and software; leveraging email and browser security setting; and creating approved software polices.
Chapter 4: Your Surroundings – The Digital Workplace
This chapter focuses on an organizational approach to cybersecurity by ensuring only those who belong on your digital workplace have access. Topic areas include: learning who is on your network; leveraging multi-factor authentication; granting appropriate access and admin permissions; leveraging unique passwords; and developing IT polices to address user statuses.
This chapter focuses on providing leaders with an understanding of what it takes to ensure their organization’s data is secure and recoverable. Topic areas include: learning what information resides on the organization’s network; learning what is happing on the network; domain name system protection; learning how the organization’s data is protected; leveraging malware protection capabilities; establishing regular automated backups and redundancies of key systems; and leveraging protections for backups.
This chapter focuses on responding to and recovering from a cyber attack. Topic areas include: developing an incident response plan and disaster recovery plan; using business impact assessments to prioritize resources and identify systems to be recovered; knowing who to call for help in the event of a cyber incident; developing an internal reporting structure to communicate to stakeholder.