CISA RELEASES NEW CYBER ESSENTIALS TOOLKIT

As a follow-up to the November 2019 release of Cyber Essentials, the Cybersecurity and Infrastructure Security Agency (CISA) released the first in a series of six Cyber Essentials Toolkits.


As a follow-up to the November 2019 release of Cyber Essentials, the Cybersecurity and Infrastructure Security Agency (CISA) released the first in a series of six Cyber Essentials Toolkits.

This is a starting point for small businesses and government agencies to understand and address cybersecurity risk as they do other risks. CISA’s toolkits will provide greater detail, insight and resources on each of the Cyber Essentials’ six “Essential Elements” of a Culture of Cyber Readiness.

Today’s launch highlights the first “Essential Element: Yourself, The Leader” and will be followed each month by a new toolkit to correspond with each of the six “Essential Elements.” Toolkit 1 focuses on the role of leadership in forging a culture of cyber readiness in their organization with an emphasis on strategy and investment.

“We thank all of our partners in government and the private sector who played an essential role in the development of CISA’s Cyber Essentials Toolkit,” said CISA Director Christopher Krebs. “We hope this toolkit, and the ones we are developing, fills gaps and provides executives the tools they need to raise the cybersecurity baseline of their teams and the organizations they lead.”

Developed in collaboration with small businesses and state and local governments, Cyber Essentials aims to equip smaller organizations that historically have not been a part of the national dialogue on cybersecurity with basic steps and resources to improve their cybersecurity.

Cyber Essentials includes two parts – guiding principles for leaders to develop a culture of security, and specific actions for leaders and their IT professionals to put that culture into action.

Each of the six Cyber Essentials includes a list of actionable items anyone can take to reduce cyber risks. These are: 

  • Drive cybersecurity strategy, investment, and culture; 
  • Develop heightened level of security awareness and vigilance; 
  • Protect critical assets and applications; 
  • Ensure only those who belong on your digital workplace have access; 
  • Make backups and avoid loss of info critical to operations; and 
  • Limit damage and restore normal operations quickly. 

To learn more about the Cyber Essentials Toolkits, visit www.cisa.gov/cyber-essentials.

CISA.gov (June 2020) CISA RELEASES NEW CYBER ESSENTIALS TOOLKIT

US Issues an Advisory on North Korean Cyber Threats

On Wednesday, April 15, the U.S. Departments of State, Homeland Security, and Treasury, and the Federal Bureau of Investigation issued an advisory to raise the awareness of the cyber threat posed by North Korea.


On Wednesday, April 15, the U.S. Departments of State, Homeland Security, and Treasury, and the Federal Bureau of Investigation issued an advisory to raise the awareness of the cyber threat posed by North Korea. 

The advisory highlights North Korea’s malicious cyber activities around the world, identifies U.S. government resources that provide technical and threat information, and includes recommended measures to counter the cyber threat.

North Korea’s malicious cyber activities threaten the United States and countries around the world and, in particular, pose a significant threat to the integrity and stability of the international financial system.  The United States works closely with like-minded countries to focus attention on and condemn disruptive, destructive, or otherwise destabilizing behavior in cyberspace.  

It is vital for foreign governments, network defenders, and the public to stay vigilant and to work together to mitigate the cyber threat posed by North Korea.

The DPRK’s malicious cyber activities threaten the United States and the broader international community and, in particular, pose a significant threat to the integrity and stability of the international financial system. Under the pressure of robust U.S. and UN sanctions, the DPRK has increasingly relied on illicit activities – including cybercrime – to generate revenue for its weapons of mass destruction and ballistic missile programs.

In particular, the United States is deeply concerned about North Korea’s malicious cyber activities, which the U.S. government refers to as HIDDEN COBRA. The DPRK has the capability to conduct disruptive or destructive cyber activities affecting U.S. critical infrastructure. The DPRK also uses cyber capabilities to steal from financial institutions, and has demonstrated a pattern of disruptive and harmful cyber activity that is wholly inconsistent with the growing international consensus on what constitutes responsible State behavior in cyberspace. 

The United States works closely with like-minded countries to focus attention on and condemn the DPRK’s disruptive, destructive, or otherwise destabilizing behavior in cyberspace. For example, in December 2017, Australia, Canada, New Zealand, the United States, and the United Kingdom publicly attributed the WannaCry 2.0 ransomware attack to the DPRK and denounced the DPRK’s harmful and irresponsible cyber activity. Denmark and Japan issued supporting statements for the joint denunciation of the destructive WannaCry 2.0 ransomware attack, which affected hundreds of thousands of computers around the world in May 2017. 

It is vital for the international community, network defenders, and the public to stay vigilant and to work together to mitigate the cyber threat posed by North Korea. 

The North Korean Cyber Threat Advisory can be viewed at: https://www.us-cert.gov/ncas/alerts/aa20-106a.

State.gov (April 2020) The United States Issues an Advisory on North Korean Cyber Threats

FBI Warns of Money Mule Schemes Exploiting the COVID-19 Pandemic


Fraudsters are taking advantage of the uncertainty and fear surrounding the COVID-19 pandemic to steal your money, access your personal and financial information, and use you as a money mule.

When criminals obtain money illegally, they have to find a way to move and hide the illicit funds.

They scam other people, known as money mules, into moving this illicit money for them either through funds transfers, physical movement of cash, or through various other methods. Money mules are often targeted through online job schemes or dating websites and apps.

Save 45.0% on select products from bofeifs with promo code 456BA8GH, through 4/30 while supplies last.

Acting as a money mule—allowing others to use your bank account, or conducting financial transactions on behalf of others—not only jeopardizes your financial security and compromises your personally identifiable information, but is also a crime.

Protect yourself by refusing to send or receive money on behalf of individuals and businesses for which you are not personally and professionally responsible. The FBI advises you to be on the lookout for the following:

Work-from-home schemes

Watch out for online job postings and emails from individuals promising you easy money for little to no effort. Common red flags that you may be acting as a money mule include:

  • The “employer” you communicate with uses web-based services such as Gmail, Yahoo, Hotmail, Outlook, etc.
  • You are asked to receive funds in your personal bank account and then “process” or “transfer” funds via wire transfer, ACH, mail, or money service businesses, such as Western Union or MoneyGram
  • You are asked to open bank accounts in your name for a business
  • You are told to keep a portion of the money you transfer

Individuals claiming to be located overseas asking you to send or receive money on their behalf

Watch out for emails, private messages, and phone calls from individuals you do not know who claim to be located abroad and in need of your financial support. Criminals are trying to gain access to U.S. bank accounts in order to move fraud proceeds from you and other victims to their bank accounts. Common fictitious scenarios include:

  • Individuals claiming to be U.S. service members stationed overseas asking you to send or receive money on behalf of themselves or a loved one battling COVID-19
  • Individuals claiming to be U.S. citizens working abroad asking you to send or receive money on behalf of themselves or a loved one battling COVID-19
  • Individuals claiming to be U.S. citizens quarantined abroad asking you to send or receive money on behalf of themselves or a loved one battling COVID-19
  • Individuals claiming to be in the medical equipment business asking you to send or receive money on their behalf
  • Individuals affiliated with a charitable organization asking you to send or receive money on their behalf

If you are looking for accurate and up-to-date information on COVID-19, the CDC has posted extensive guidance and information that is updated frequently.

The best sources for authoritative information on COVID-19 are http://www.cdc.gov and http://www.coronavirus.gov. You may also consult your primary care physician for guidance.

If you believe you, or someone you know, has been solicited to be a money mule, please contact your local FBI field office. To report suspicious activity, please visit the FBI’s Internet Crime Complaint Center at ic3.gov.

FBI.gov (April 2020) FBI Warns of Money Mule Schemes Exploiting the COVID-19 Pandemic

Northcom Commander Calls for 21st Century Tools to Defeat Current Threats


The U.S. Northern Command is responsible for defending the homeland and is morphing to develop 21st century tools to defend against 21st century threats

“Our adversaries have watched, learned and invested to offset our strengths while exploiting our weaknesses,” Air Force Gen. Terrence J. O’Shaughnessy told the House Armed Services Committee today. “They have demonstrated patterns of behavior that indicate their capability, capacity and intent to hold our homeland at risk below the nuclear threshold.”

The security environment is changing. “The Arctic is no longer a fortress wall, and the oceans are no longer protective moats,” the general said.

“They are now avenues of approach to the homeland, which highlights the increase in adversary presence in the Arctic.”

The country needs a capable, persistent defense that can deter adversaries, protect critical infrastructure, enable power projection forward and prevent homeland vulnerabilities, he said. “To deter, detect and defeat threats arrayed against the homeland today, Northcom and NORAD are transforming our commands and our way of thinking,” the general told the House committee. “We cannot defend the nation against 21st century threats with 20th century technology.” 

O’Shaughnessy called for a layered defense infused with the latest technology. The command will continue to partner with the U.S. defense and commercial industries a “to transform rapidly evolving scientific information into leading-edge digital age technology,” he said. 

The command is building a SHIELD — the Strategic Home and Integrated Ecosystem for Layered Defense — to defend the homeland.

“Our layered defense needs to establish awareness in all domains; from below the oceans to the highest levels of space, including the unseen cyber domain, which are all at risk,” he said. 

The general called for a layered sensing grid in all domains which can detect and track threats from their points of origin. “In other words, it requires the ability to identify and eliminate the archers before the arrows are released,” O’Shaughnessy said. “We need an adaptive architecture for joint all-domain command and control, capable of using a myriad of sensors across the globe into accurate decision quality threat information at the speed of relevance for effective command and control.”

Finally, the command needs the ability to deploy “defeat mechanisms capable of neutralizing advanced weapon systems in order to defend our great homeland,” he said. “We have put great effort into these areas such as Ballistic Missile Defense and the need also exists to aggressively defeat additional threats to include the ever growing cyber threat and the cruise missile threat.”

Defense.gov (March, 2020) Northcom Commander Calls for 21st Century Tools to Defeat Current Threats

Near-Peer Threats at Highest Point Since Cold War, DOD Official Says

Matthew P. Donovan, who is performing the duties of the undersecretary of defense for personnel and readiness, said the character of warfare has evolved at the same time, with grave threats now appearing in previously unknown or uncontested domains, such as cyber and space.


The United States faces an array of threats from near-peer competitors China and Russia that have not been seen since before the fall of the Berlin Wall, a DOD official said today.

Matthew P. Donovan, who is performing the duties of the undersecretary of defense for personnel and readiness, said the character of warfare has evolved at the same time, with grave threats now appearing in previously unknown or uncontested domains, such as cyber and space.

He testified before the Senate Armed Services Committee, which is considering his nomination for undersecretary of defense for personnel and readiness.

Donovan said the Defense Department must also evolve to successfully meet these threats. “We must attract and retain people with the right skills to prevail in this environment, properly manage them and meet their expectations using 21st century talent management practices, and ensure all are always treated with dignity and respect.”

The department must also provide its warriors with the cutting-edge tools of the trade that they need to be successful, state-of-the-art training technologies, and techniques to best hone their skills, he added.

Soldiers, Sailors, Airmen, Marines and DOD civilians deserve the best leadership, the best policies, the best equipment, the best education and training, and our service members and their families deserve the best health care, best support systems, and best quality of life we can possibly provide, for the sacrifices we ask them to endure, Donovan added.

One senator mentioned that a study showed only 29% of American youth are eligible to serve.

Donovan replied that he’s seen those studies. “I think it’s a problem that extends well beyond the Department of Defense. It’s a national issue.”

Part of the problem, he said, is the lack of sports and physical fitness activities among the nation’s youth.

“Kids are not getting the physical activity that they need to help prepare them for the rigors of military duty,” he said.

Shop Amazon Gift Cards. Any Occasion. No Expiration.

That said, Donovan noted that DOD isn’t yet having a problem filling its ranks with qualified and quality service members.

“But as we look toward the future, toward the imperatives of the National Defense Strategy, then we’re seeing that we’re going to need to attract those skills that are in so much demand on the outside as well,” he said, adding that a good example is cyber.

One step the department is taking is partnering with universities and industry to see if there’s some way to share the load on this, he said.

Also testifying today were: William Jordan Gillis, nominated for assistant secretary of defense for sustainment, and Victorino G. Mercado, nominated for assistant secretary of defense for strategy, plans and capabilities.

Help a veteran in need by donating here.

Defense.gov (March, 2020) Near-Peer Threats at Highest Point Since Cold War, DOD Official Says