Cybersecurity and Infrastructure Security Agency

🚨NEW VIDEO!! 📣 Check out the latest from our animated series. 🎺And share it with a coworker! Together, we can #SecureOurWorld 🎶 #CybersecurityAwarenessMonth

Anonymous threats of violence, including those posted to social media, can have significant impacts on K-12 schools. Our K-12 Anonymized Threat Response Guidance, released earlier this year in coordination with Federal Bureau of Investigation (FBI), can help school leaders and their law enforcement and community partners better assess and respond to these threats – thus liming the disruption and trauma they may cause and better protecting school communities. As the first part of the school year winds down, take a moment to learn more and access the guidance and toolkit: https://go.dhs.gov/UDG

ICYMI! Our Secure Cloud Business Applications (SCuBA) effort updated its M365 and Google Workspace (GWS) Secure Configuration Baselines (SCBs) and the associated assessment tool - ScubaGear 🤿. These SCBs provide easily adoptable recommendations that complement each organization’s unique requirements and risk tolerance levels. ScubaGear also includes automation features to assist organizations in rapidly assessing and protecting 🛡️ their M365 and GWS services. ScubaGear can be used by organizations beyond the federal space, including in state and local government, academia and critical infrastructure. It is provided at no cost to participating organizations. To read and download the latest guidance, visit: https://lnkd.in/egey25ZQ

In case you missed it! Check out our #12DaysOfSafeShopping tips for holiday online shopping here: https://lnkd.in/gM3_RCV5 Stay safe, shop smart and enjoy the holidays! 🎁 🎄 #SecureOurWorld

Our staff joined teams from Pacific Northwest National Laboratories (PNNL) at one of the busiest cargo terminals at the Port of Seattle, the fourth-largest container gateway in North America, to offer cybersecurity and resiliency recommendations. For more information on how we protect our nation’s critical infrastructure, visit: https://lnkd.in/eUWbJd7r

Illustration featuring a computer monitor with a shield icon and a lock, surrounded by snowflakes with text stating "Holiday Shopping Tip #12: Check your accounts frequently", and the logo of Secure Our World at the bottom.When you're busy shopping, it’s easy to miss a charge. 💰 🛒💻 Check your credit card and bank accounts regularly. 👀 If you see any unauthorized charges, reach out immediately. Get more tips here: https://lnkd.in/gM3_RCV5 #12DaysOfSafeShopping #SecureOurWorld

Last week, Deputy Associate Director of International Affairs, Kate Whitehead, joined Suzanne Spaulding (CSIS) and Phil Stupak (ONCD) to discuss critical #cybersecurity challenges and lessons learned during the French-American Foundation - United States’s 2024 Cyber Security Conference. It is important to spend some time reflecting on what we've learned from dealing with cyber threats over the last few decades, while continuing to promote effective measures to mitigate cyber risks, including cyber hygiene, #SecurebyDesign principles, and CISA’s #SecureOurWorld campaign. We can and should leverage these lessons to address current and future #cybersecurity challenges. cisa.gov/securebydesign cisa.gov/secure-our-world

📢 We issued Binding Operational Directive (BOD) 25—01: Implementing Secure Practices for Cloud Services, a critical step to strengthen cloud security across federal civilian agencies. This Directive requires agencies to: 🔹 Identify all cloud tenants within scope 🔹 Run Secure Cloud Business Applications (SCuBA) assessment tools 🔹 Remediate deviations from secure configuration baselines This Directive is in response to malicious threat actors increasingly targeting cloud environments and evolving efforts to gain initial cloud access. Help safeguard federal information systems! Take action 👉 https://go.dhs.gov/UDU

🚨 #PRC government-affiliated threat actors have been targeting commercial telecommunications infrastructure to steal customer call records and compromise the private communications of a limited number of highly targeted individuals. Our latest guidance outlines best practices to protect mobile communications, especially for highly targeted individuals in senior government or political roles. Recommendations include: ✦ Use only end-to-end encrypted communications, such as via Signal or similar apps. ✦ Enable Fast Identity Online (FIDO) phishing-resistant authentication, such as hardware security keys or passkeys, which offer the strongest protection against targeted attacks. ✦ Migrate away from Short Message Service (SMS) based MFA ✦Use a password manager to store all passwords 📲 While no solution eliminates all risks, implementing these practices strengthens protection against #cyber threats. Review and apply these best practices today: https://go.dhs.gov/URC

Thank you to the Italian Agenzia per la Cybersicurezza Nazionale for establishing the G7 Cybersecurity Working Group and hosting its second convening in Rome. This platform offers a unique forum for the community of cybersecurity agencies and centers of the G7 and the EU to engage in technical and policy discussions on cybersecurity issues of mutual interest. CISA has contributed extensively to the Workstream on AI & Cybersecurity and looks forward to continuing to shape these efforts during Canada’s G7 presidency in 2025. cisa.gov/AI