CISA | April 22, 2022
The Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), National Cyber Security Centre New Zealand (NZ NCSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) and National Crime Agency (NCA), with contributions from industry members of the Joint Cyber Defense Collaborative, issued a joint Cybersecurity Advisory on Russian state-sponsored and criminal cyber threats to critical infrastructure that could impact organizations both within and beyond Ukraine.
It is the most comprehensive view of the cyber threat posed by Russia to critical infrastructure released by government cyber experts since the invasion of Ukraine in February.
The advisory provides technical details on malicious cyber operations by actors from the Russian Federal Security Service (FSB), Russian Foreign Intelligence Service (SVR), Russian General Staff Main Intelligence Directorate (GRU), and Russian Ministry of Defense, Central Scientific Institute of Chemistry and Mechanics. It also includes details on Russian-aligned cyber threat groups and cybercrime groups. Some of these cybercrime groups have recently publicly pledged support for the Russian government and have threatened to conduct cyber operations in retaliation for perceived cyber offensives against Russia or against countries or organizations providing materiel support to Ukraine.
The advisory recommends several immediate actions for all organizations to take to protect their networks, which include:
Prioritize patching of known exploited vulnerabilities;
Enforce multifactor authentication;
Monitor remote desktop protocol (RDP); and
Provide end-user awareness and training
We know that malicious cyber activity is part of the Russian playbook. We also know that the Russian government is exploring options for potential cyberattacks against U.S. critical infrastructure. Today’s cybersecurity advisory released jointly by CISA and our interagency and international partners reinforces the demonstrated threat and capability of Russian state-sponsored and Russian aligned cyber-criminal groups to our Homeland. We urge all organizations to review the guidance in this advisory shields-up for continually updated information on how to protect yourself and your business.”
Jen Easterly, CISA Director
"The FBI is focused on exposing and disrupting malicious cyber activity by Russia against our allies and our own networks," said Bryan Vorndran, FBI Cyber Division Assistant Director. "We are working alongside our federal and international partners to quickly share information that helps private industry as well as the public to better protect and defend their systems from these threats. We will continue to investigate these malicious threat actors through our unique authorities and hold them accountable for their actions.”
“Threats to critical infrastructure remain very real," said Rob Joyce, NSA Cybersecurity Director. "The Russia situation means you must invest and take action.”
“Recent intelligence and historic instances of destructive cyber attacks indicate now is the time for organisations to improve their cyber security posture,” said Abigail Bradshaw, Head, Australian Cyber Security Centre. “In particular, critical infrastructure organisations should act now to raise defences, not wait until being attacked. The ACSC stands ready to support its critical infrastructure partners in responding to the threats we face - by raising their awareness of the threat, sharing indicators of compromise, and providing technical mitigation advice.”
“Russia has significant cyber capabilities and a demonstrated history of using them irresponsibly, and state-sponsored malicious cyber activity is a real risk to organizations around the world,” said Sami Khoury, Head, Canadian Centre for Cyber Security. “By joining alongside our partners in releasing today’s joint advisory, the Communications Security Establishment and its Canadian Centre for Cyber Security continue to support making threat information more publicly available, while providing specific advice and guidance to help protect against these kinds of risks.”
“We are currently seeing an increased potential for cyber-attacks on critical infrastructures which may have a serious impact, even for countries and organisations not directly targeted,” said Lisa Fong, Director of New Zealand’s National Cyber Security Centre. “Organisations should take the opportunity to consider their security posture, understand their critical systems and risks – including across their supply chain – and exercise readiness. This joint advisory with our partners provides organisations with important information which will help them to build their cyber resilience by identifying and mitigating risks they face.”
“In this period of heightened cyber threat, it has never been more important to plan and invest in longer-lasting security measures,” said Lindy Cameron, NCSC CEO. “It is vital that all organisations accelerate plans to raise their overall cyber resilience, particularly those defending our most critical assets. The NCSC continues to collaborate with our international and law enforcement partners to provide organisations with timely actionable advice to give them the best chance of preventing cyber-attacks, wherever they come from.”
“Cyber attacks have evolved and increased in scale and severity over recent years, with the criminal groups behind them targeting the critical infrastructure of countries around the world,” said Rob Jones, NCA Director General for Cyber. “The NCA leads the UK law enforcement response to this threat, working with a range of international partners to investigate cyber criminals and disrupt the services they rely on. It is vital that organisations help bolster this response by enhancing cyber resilience and reporting any incidents of cyber crime to the authorities, to allow timely mitigation of further attacks.”
Because evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks, the cybersecurity authorities are providing this robust advisory with several resources and mitigations that can help the cybersecurity community protect against possible cyber threats from these adversarial groups. Executives, leaders, and network defenders are urged to implement recommendations to prepare for and mitigate the varied cyber threats listed in the Cybersecurity Advisory here.
All organizations should share information about incidents and unusual cyber activity with their respective cybersecurity authorities. When cyber incidents are reported quickly, it can contribute to stopping further attacks.
As the nation’s cyber defense agency, the Cybersecurity and Infrastructure Security Agency (CISA) leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.
Ceres | January 17, 2022
In response to the federal government's request for comments on draft regulations that would revise the federal procurement process to factor in sustainability in government purchasing, Ceres submitted recommendations that would help reduce U.S. greenhouse gas emissions (GHG) while incentivizing zero-carbon innovation. The U.S. government is the world's largest purchaser of products and services, spending around $665 billion in 2020.
Last year, President Joe Biden called the climate crisis a challenge that would require a "whole-of-government approach, and followed up on this statement by issuing an Executive Order and sustainability plan in December 2021. It outlined targets for federal climate-focused procurements that would significantly reduce carbon emissions from large federal vendors.
In its recommendations, Ceres is calling on the government to:
Require major suppliers demonstrate a commitment to Paris climate targets, including annually disclosing GHG emissions and a science-based plan for reducing those emissions to net zero by 2050 or sooner.
Deliver substantial reductions in the government's own GHG emissions; achieve mass commercialization of products essential to meeting Paris climate targets; and address long-standing racial and social inequities resulting from climate.
Institute a new competitive bidding process focused on high-priority, zero-carbon products to reward and incentivize technological innovations and cost reductions in these products.
Utilize federal grants and loans to reduce GHG emissions through the procurement program, with a focus on large-scale grant funding authorized by the new bipartisan infrastructure law.
"If we want to avoid the worst impacts of the climate crisis, we need to produce substantial greenhouse gas emissions reductions by 2030. With our recommendations, the new sustainability-focused federal procurement program can help to make dramatic progress on climate change, fuel bold innovation, create new green jobs, and promote environmental justice," said Steven M. Rothstein, Managing Director of the Ceres Accelerator for Capital Sustainable Markets at Ceres. "We look forward to working with the administration, investors, companies and other stakeholders to improve the program and ensure quick and successful implementation."
NSW government | April 06, 2022
The NSW government has unveiled its Digital Identity program via a new website highlighting the vision its has to make government services and everyday tasks simpler, safer and more secure.
NSW Government chief information and digital officer Greg Wells said the NSW Government was investing in the power of ideas to improve lives and ultimately, the future, and believes the NSW Government’s Digital Identity program would play a big role in delivering a modern, digital government for the customers of NSW.
From retrieving benefits through the Digital Seniors Card to easily accessing digital licences through the Service NSW app, customers are already using digital identity credentials every day to prove their eligibility or to access a service.”
Greg Wells, NSW Government chief information and digital officer
“The NSW Government’s Digital Identity program will allow NSW customers to conduct a range of new transactions online, providing greater accessibility to government services and better support for customers with disabilities, and those in rural, regional or remote areas.
“We want to safely and securely leverage technology to deliver smarter, faster and easier services for the benefit of NSW customers.”
Mr Wells said privacy and security were of the utmost importance to the NSW Government. Oversharing of personal information and identity crime cost customers and the private sector more than $3.1 billion across Australia in 2018/19 as reported by ACIC.
Wells said the NSW Government is implementing rigorous assurances to make sure customer information is safe and secure.
“The NSW Government’s Digital Identity program will provide customers with greater control of how and where their information is shared and enhanced privacy protection against identity fraud and theft associated with physical documents,” he said.
“The customer has been at the heart of every decision and will always be in control of any information they choose to share. Customers will choose to opt-in to Digital Identity programs, and ongoing consent will be required, meaning they can opt out at any time. An in-person option will always be provided via Service NSW Centres.”
The NSW and Australian Governments are working closely together to explore the adoption of a national Digital Identity ecosystem, to ensure simple and seamless services for people accessing state-based services. This will deliver significant economic benefits for Australia and NSW and ensure residents get quick and easy access to the services they need.
The NSW Government has allocated $2.1 billion to invest in digital transformation projects through its Digital Restart Fund. The fund is administered by the Department of Customer Service. It targets smart, simple technology solutions which create efficiencies for customers and businesses across the state.
GovPilot | January 15, 2022
A transition from paper to digital processes is underway in Maplewood, New Jersey where local officials have sought greater efficiency in municipal operations and constituent services. The township recently partnered with GovPilot, a Hoboken, New Jersey based provider of cloud-based government management software.
Officials from Maplewood are working with GovPilot to implement a number of digital services that aim to make operations more efficient and services more convenient for constituents. Officials are initially utilizing GovPilot for Health Inspections, Open Records Requests, Dog and Cat Licenses, Special Event Management, and non-emergency constituent concern reporting.
The township will deploy GovPilot's Report-a-Concern feature which enables residents to report non-emergency concerns such as potholes or general code violations directly via a digital form on the city website, or through an app on their phone called GovAlert. The app, available to residents on Android and iOS devices is easy to use, and routes citizen concerns directly to the relevant municipal department so that the issue can be resolved quickly.
Township Administrator Gerald Giaimis said, "I encourage residents to download the GovAlert app on their phones and help us keep Maplewood safe by instantly reporting issues that they come across so we can address them quickly. Convenient digital government services are essential to cost effective public safety and services, and we aim to be responsive to our residents."
Giaimis added, "GovPilot offers a cost-effective solution that will make Maplewood's services and operations more responsive to, and aligned with the needs of our constituents. The ability to provide digital services and operations is critical to creating an efficient, livable, and convenient community for our residents and businesses."
Michael Bonner, the founder and CEO of GovPilot said, "We are excited to work with Maplewood on its early stages of digital transformation. In partnering with local governments in New Jersey and across the country we have found that digital processes generate significant increases in efficiency and productivity that have a positive impact on local budgets, services, and constituent experience. We expect to see similar results in Maplewood."
GovPilot - named a GovTech 100 company for five consecutive years - is the leader in digital transformation for local governments. GovPilot's cloud-based platform was built with the sole purpose of enabling local governments to operate at their full potential by standardizing, digitizing, and unifying more than 100 operational and constituent service processes on one system.