The Joint United States-Canada Electric Grid Security and Resilience Strategy (Strategy) is a collaborative effort between the Federal Governments of the United States and Canada and is intended to strengthen the security and resilience of the U.S. and Canadian electric grid from all adversarial, technological, and natural hazards and threats. The Strategy, released concurrently with this National Electric Grid Security and Resilience Action Plan (Action Plan), details bilateral goals to address the vulnerabilities of the respective and shared electric grid infrastructure of the United States and Canada, not only as an energy security concern, but for reasons of national security. The implementation of the Strategy requires continued action of a nationwide network of governments, departments and agencies (agencies), and private sector partners. This Action Plan details the activities, deliverables, and timelines that will be undertaken primarily by U.S. Federal agencies for the United States to make progress toward the Strategy’s goals.
This Joint United States-Canada Electric Grid Security and Resilience Strategy (Strategy) is a collaborative effort between the Federal Governments of the United States and Canada and is intended to strengthen the security and resilience of the U.S. and Canadian electric grid from all adversarial, technological, and natural hazards and threats. The Strategy addresses the vulnerabilities of the two countries’ respective and shared electric grid infrastructure, not only as an energy security concern, but for reasons of national security. This joint Strategy relies on the existing strong bilateral collaboration between the United States and Canada, and reflects a joint commitment to enhance a shared approach to risk management for the electric grid. It also articulates a common vision of the future electric grid that depends on effective and expanded collaboration among those who own, operate, protect, and rely on the electric grid. Because the electric grid is complex, vital to the functioning of modern society, and dependent on other infrastructure for its function, the United States and Canada developed the Strategy under the shared principle that security and resilience require increasingly collaborative efforts and shared approaches to risk management.
This Joint Analysis Report (JAR) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This document provides technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities. The U.S. Government is referring to this malicious cyber activity by RIS as GRIZZLY STEPPE.
The law enforcement community often refers to their challenge in this context as “going dark.” In essence, “going dark” refers to advancements in technology that leave law enforcement and the national security community unable to obtain certain forms of evidence. In recent years, it has become synonymous with the growing use of strong default encryption available to consumers that makes it increasingly difficult for law enforcement agencies to access both real-time communications and stored information. The FBI has been a leading critic of this trend, arguing that law enforcement may no longer be able “to access the evidence we need to prosecute crime and prevent terrorism, even with lawful authority.” As a result, the law enforcement community has historically advocated for legislation to “ensure that we can continue to obtain electronic information and evidence pursuant to the legal authority that Congress has provided to keep America safe.”
FBI Cyber Bulletin: APT Targeting U.S. Private Sector, Government Networks Using Presidential Election Lures
Likely Advanced Persistent Threat (APT) cyber actors have targeted US private sector and government networks since August 2016 with spear phishing campaigns, using newly identified exploits contained within lures related to foreign affairs and the recent US presidential election. The FBI analyzed malicious Microsoft Office documents, a zip archive, a first-stage downloader, a second-stage in-memory-only PNG wrapped malware, and a BAT-initiated PowerShell script associated with the campaigns. This FLASH provides rules and signatures to assist in network defense efforts.
AI has applications in many products, such as cars and aircraft, which are subject to regulation designed to protect the public from harm and ensure fairness in economic competition. How will the incorporation of AI into these products affect the relevant regulatory approaches? In general, the approach to regulation of AI-enabled products to protect public safety should be informed by assessment of the aspects of risk that the addition of AI may reduce alongside the aspects of risk that it may increase. If a risk falls within the bounds of an existing regulatory regime, moreover, the policy discussion should start by considering whether the existing regulations already adequately address the risk, or whether they need to be adapted to the addition of AI. Also, where regulatory responses to the addition of AI threaten to increase the cost of compliance, or slow the development or adoption of beneficial innovations, policymakers should consider how those responses could be adjusted to lower costs and barriers to innovation without adversely impacting safety or market fairness.
DHS has no indication that adversaries or criminals are planning cyber operations against US election infrastructure that would change the outcome of the coming US election. Multiple checks and redundancies in US election infrastructure—including diversity of systems, non-Internet connected voting machines, pre-election testing, and processes for media, campaign, and election officials to check, audit, and validate results—make it likely that cyber manipulation of US election systems intended to change the outcome of a national election would be detected.
FBI Cyber Bulletin: Denial of Service Attack Against DNS Host Highlights Vulnerability of Internet of Things Devices
One of the most significant cyber threats to businesses, local and federal government agencies is the Distributed-Denial-of-Service attack (DDoS). A Distributed Denial of Service attack (DDoS) occurs when an attacker commands a number of computers to send numerous requests to a target computer. The overwhelming flood of requests to the website or computer network can cause it to shut down or fail to handle the requests of legitimate users, much like a rush hour traffic jam on the freeway. This type of attack can completely disrupt an organization’s operations until the network is able to be restored. Understanding the basic concept and methods of a DDoS attack can help operators of both large and small networks mitigate the severity of the attack.
FBI Interview Notes from Hillary Clinton E-Mail Investigation for Mishandling of Classified Information
The FBI received information of an additional IP address, 184.108.40.206, which was detected in the July 2016 compromise of a state’s Board of Election Web site. Additionally, in August 2016 attempted intrusion activities into another state’s Board of Election system identified the IP address, 220.127.116.11 used in the aforementioned compromise.
The purpose of this LIR is to inform DSAC and other relevant private sector partners about new methods ATM skimming crews use to target standalone or kiosk-style ATM terminals such as those found at casinos, hotels, airports, shopping malls, gas stations, restaurants, and supermarkets. The skimming crews intercept customers’ account data through the ATMs’ external cables. The activity observed to date in the United States was discovered at convenience store locations in California, Delaware, and Pennsylvania. This LIR provides details on the methods used in these skimming attempts as well as previously reported use of internal wiretap skimming devices.
The healthcare sector has been a desirable target for hackers due to the sensitive nature of patient information contained in their systems. The stakes are very high in the healthcare industry because any disruption in operations and care can have significant repercussions for patients. As such, this industry offers an ideal victim for ransomware, and these attacks are likely to continue—disrupting employee access to important documents and patient data and hampering the ability to provide critical services—creating a public safety concern.
On July 10, 2015, the Federal Bureau of Investigation (FBI) initiated a full investigation based upon a referral received from the US Intelligence Community Inspector General (ICIG), submitted in accordance with Section 811 (c) of the Intelligence Authorization Act of 1995 and dated July 6, 2015, regarding the potential unauthorized transmission and storage of classified information on the personal e-mail server of former Secretary of State Hillary Clinton (Clinton). The FBI’s investigation focused on determining whether classified information was transmitted or stored on unclassified systems in violation of federal criminal statutes and whether classified information was compromised by unauthorized individuals, to include foreign governments or intelligence services, via cyber intrusion or other means.
EXIF (Exchangeable image File Format) is a standard format for storing and exchanging image metadata. Image metadata is included in a captured image file and provides a broad range of supplemental information. Some social networks and photo-sharing sites, such as Flickr, Google+, and Instagram, have features that share EXIF data alongside images. Others, including Facebook and Twitter, do not share EXIF data but my utilize the information internally. EXIF data is stored as tags, some of which reveal unique identifying information.
LinkedIn is a professional networking service that allows you to establish connections with co-workers, customers, business contacts, and potential employees and employers. You can post and share information about current and previous employment, education, military activities, specialties, and interests. To limit exposure of your personal information, you can manage who can view your profile and activities.
Anonymous email services can be used to send personal or work-related messages without leaving a trace of your identity. Truly anonymous email accounts require no personal information to register and retain little usage data. Anonymous email accounts should always be accessed and used in conjunction with an anonymous IP address.
As of January 2015, Facebook Mobile hosts 745 million daily mobile active users who accounts for over 60% of all mobile posts published to any online social networking service. Though privacy can still be achieved, mobile users place their personal identity data at a greater risk when compared to users logging in via desktop computer. This is in large part due to the fact that mobile devices provide Facebook with a means to access additional location information, contact lists, photos, and other forms of personal data. Use the following recommendations to best protect yourself against oversharing.
Facebook provides shortcuts to their privacy settings that help to limit what others can see in your profile. Select Privacy Checkup to change your basic privacy settings. For more extensive settings, click See More Settings. From there, navigate through the pages of the settings toolbar to control how your personal information is shared with others.
The FBI has obtained information regarding a malicious cyber group that has compromised the networks of foreign banks. The actors have exploited vulnerabilities in the internal environments of the banks and initiated unauthorized monetary transfers over an international payment messaging system. In some instances, the actors have been present on victim networks for a significant period of time. Contact law enforcement immediately regarding any activity related to the indicators of compromise (IOCs) in the attached appendix that are associated with this group.
The ‘Locky’ malware is a ransomware variant, which has extensively utilized spam campaigns to distribute malicious files that download and execute code capable of encrypting numerous critical file types on both local and networked file stores. Encrypted files are renamed with a unique hexadecimal filename and receive the “.locky” extension. Each directory containing encrypted files contains instructions on how to utilize Bitcoin in order to pay a ransom for file recovery, and the system’s computer background is also changed to contain payment instructions. Recovery of encrypted files is impossible without data backup or acquisition of the private key due to the well-implemented, strong encryption. Historically, while payment of the ransom may result in receipt of the valid private key, enabling decryption of the targeted files, the FBI does not recommended the victim pay the ransom.
As of 5 May 2016, the Islamic State of Iraq and the Levant (ISIL) Sympathizer hacking group United Cyber Caliphate (UCC) defaced a Nigerian-hosted Web site, posting an html file containing the heading “USA Online Company Data Dumped by United Cyber Caliphate,” there was no other message or threat associated with the file. The file contained approximately 1,137 entries, many of which appeared to be US-based individuals with corresponding personally identifiable information (PII) fields such as name, company, e-mail, phone, city, state, and zip code. The PII was doxed from the personnel directory of a US business, according to FBI and open source reporting.