National Coordinating Center for Communications

National Cybersecurity and Communications Integration Center

Department of Homeland Security

(U//FOUO) DHS Intelligence Note: Unidentified Cyber Actor Attacks State and Local Government Networks with GrandCrab Ransomware

July 22, 2018

An unidentified cyber actor in mid-March 2018 used GrandCrab Version 2 ransomware to attack a State of Connecticut municipality network and a state judicial branch network, according to DHS reporting derived from a state law enforcement official with direct and indirect access. The municipality did not pay the ransom, resulting in the encryption of multiple servers that affected some data backups and the loss of tax payment information and assessor data. The attack against the state judicial branch resulted in the infection of numerous computers, but minimal content encryption, according to the same DHS report.

(U//FOUO) DHS NCCIC Independent Assessment of Kaspersky-Branded Products

April 23, 2018

The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) reviewed the Independent Assessment, titled Information Security Risks of Anti-Virus Software (hereafter “BRG Assessment”), prepared by Berkeley Research Group, LLC (BRG), and dated November 10, 2017. Kaspersky Lab (hereafter “Kaspersky”) submitted the BRG Assessment to DHS as an exhibit to Kaspersky’s request for DHS to initiate a review of Binding Operational Directive (BOD) 17-01. The BRG Assessment, in part, responds to the NCCIC Information Security Risk Assessment (hereafter “NCCIC Assessment”) on commercial off-the-shelf (COTS) anti-virus software and Kaspersky-branded products, dated August 29, 2017. The NCCIC Assessment was attached as Exhibit 1 to an Information Memorandum from the Assistant Secreta1Y for DHS Cybersecurity and Communications (CS&C) to the Acting Secretary of DHS, dated September 1, 2017 (hereafter “Information Memorandum”). This document is a Supplemental Information Security Risk Assessment and will similarly be attached to an Information Memorandum from the Assistant Secretary for CS&C to the Acting Secretary of DHS.

(U//FOUO) DHS NCCIC Information Security Risk Assessment of Kaspersky-Branded Products

April 22, 2018

This assessment presents the inherent information security concerns and security ramifications associated with the use of any commercial-off-the-shelf (COTS) antivirus solution in devices with access to a federal network. It also addresses specific risks presented by Kaspersky-branded products, solutions, and services (collectively, “Kaspersky-branded products”).

DHS Electromagnetic Pulse (EMP) Protection and Restoration Guidelines for Equipment and Facilities

August 13, 2017

The EMP protection guidelines presented in this report were initially developed by Dr. George H. Baker, based on his previous work where he led the Department of Defense program to develop EMP protection standards while at the Defense Nuclear Agency (DNA) and the Defense Threat Reduction Agency (DTRA). He is currently serving as a consultant to the Department of Homeland Security (DHS) and is emeritus professor of applied science at James Madison University (JMU). He presently serves on the Board of Directors of the Foundation for Resilient Societies, the Board of Advisors for the Congressional Task Force on National and Homeland Security, the JMU Research and Public Service Advisory Board, the North American Electric Reliability Corporation GMD Task Force, the EMP Coalition, and as a Senior Scientist for the Congressional EMP Commission.