Ransomware Recommendations Update

Our colleagues at DHS have informed us that Microsoft has provided specific risk management steps for WannaCry at the following location:  https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

WannaCry continues to pose significant risks and virtually any organization is at potential risk of attempted WannaCry propagation.

Ransomware Response Recommendations

Our colleagues at DHS recommend that if any of your water systems are victims of a ransomware attack, they should take the following steps:

  1. Please contact your FBI Field Office Cyber Task Force (fbi.gov/contact-us/field/field-offices) immediately to report a ransomware event and request assistance. These professionals work with state and local law enforcement and other federal and international partners to pursue cyber criminals globally and to assist victims of cyber-crime.
  2. Please report cyber incidents to the US-CERT (us-cert.gov/ncas) and FBI’s Internet Crime Complaint Center (www.ic3.gov).

For more information on cyber protections and the WannaCry Ransomware:

A Unique Resiliency Webinar Opportunity

Learn more about NIST-funded Center for Risk-Based Community Resilience Planning and how the Center is developing a computational environment to help define the attributes that make communities resilient.

DATE:              Thursday, April 27

TIME:               11:00AM- 1:00PM (eastern)

REGISTER:      https://www.youtube.com/watch?v=eyjzCDxcdSA&feature=youtu.be 

The webinar is immediately followed by a Q&A “chat” period.

A Resilient Community is one that is prepared for and can adapt to changing conditions and can withstand and recover rapidly from disruptions to its physical and social infrastructure.  Modeling community resilience comprehensively requires a concerted effort by experts in engineering social sciences and information sciences to explain how physical, economic and social infrastructure systems within a real community interact and affect recover efforts.

Join this information webinar to learn more about the Center’s recent activities. A Center overview will be followed by a session on the Center’s recent Special Issue of Resilient and Sustainable Infrastructure, which features six papers on the virtual community Centerville.  The modeling and analysis theory behind each paper will be explained.

DHS Hosts National Cyber Incident Response Plan Webinars

You are invited to attend any one of four webinars hosted by DHS to learn more about and share your thoughts on the newly released National Cyber Incident Response Plan (NCIRP).  This is an essential component of DHS’s mission to strengthen the security and resilience of the Nation by working to improve the ability of all to manage cyber incidents.

You do not need to register in advance, on the day of the event, just use the links provided in the information below.  Each one hour webinar session will cover the same information.

NCIRP Stakeholder Webinar #1

DATE:              Monday March 27, 2017

TIME:               3:00-4:00PM (eastern)

CONNECT:      https://share.dhs.gov/r3fctx11w2x/

DIAL:               1-800-320-4330/Passcode:  372094


NCIRP Stakeholder Webinar #2

 DATE:              Tuesday March 28, 2017

TIME:               3:00-4:00PM (eastern)

CONNECT:      https://share.dhs.gov/r8bvryj2nu9/

DIAL:               1-800-320-4330/Passcode: 372094


NCIRP Stakeholder Webinar #3

DATE:              Wednesday March 29, 2017

TIME:               3:00-4:00PM (eastern)

CONNECT:      https://share.dhs.gov/r6cmtu0qngo/

DIAL:               1-800-320-4330/Passcode 372094


NCIRP Stakeholder Webinar #4

DATE:              Thursday March 30, 2017

TIME:               3:00-4:00PM (eastern)

CONNECT:      https://share.dhs.gov/r22skziadr4/

DIAL:               1-800-320-4330/Passcode 372094

This Plan applies to cyber incidents and more specifically significant cyber incidents that are likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people.  We plan to discuss how the NCIRP can be leveraged within your communities.


  • Describes a national approach to dealing with cyber incidents, and the important role that the private sector, States, and multiple federal agencies play in responding to incidents and how the actions of all fit together for an integrated response;
  • Reflects and incorporates lessons learned from exercises and real U.S. incidents and policy updates, such as Presidential Policy Directive (PPD)-41 on Cyber Incident Coordination Policy and the National Cybersecurity Protection Act of 2014; and
  • Reinforces and describes the roles of the lead Federal agencies during a significant cyber incident

To view the final NCIRP, visit https://www.us-cert.gov/ncirp

DHS Shares Critical Infrastructure Framework

The DHS Office of Infrastructure Protection has announced publication of the Critical Infrastructure Threat Information Sharing Framework: A Reference Guide for the Critical Infrastructure Community.

The Framework is a resource for critical infrastructure owners and operators, as well as other private sector, Federal, and State, local, tribal and territorial government partners that share threat information.  The purpose of the Framework is to describe current processes used to facilitate the flow of threat information between and among all entities involved in the critical infrastructure security and resilience mission, and provide an overview of the key threat information-sharing entities which facilitate this process. The intention is to help critical infrastructure owners and operators and other entities better understand where and how to participate in receiving and sharing threat information with information-sharing hubs.

Please share this link critical-infrastructure-threat-information-sharing-framework-final-508 with your colleagues and water utilities.

US-CERT Shares Ways to Avoid Cyber Incidents

The Department of Homeland Security’s United States Computer Emergency Team (US-CERT) has just released a new cyber alert called, The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations (September 28, 2016).  In plain English, the document outlines consequences for three different types of attacks:

  • If your computer network infrastructure is compromised, malicious hackers or adversaries can gain full control of the network infrastructure; compromise your SCADA or business records; publish confidential information; and even prevent you from using your own data (denial of service).
  • Intruders with infrastructure privilege and access can impede productivity and severely hinder re-establishing network connectivity. Even if other compromised devices are detected, tracking back to a compromised infrastructure device is often difficult.
  • Malicious actors with persistent access to network (disgruntled employees, unhappy vendors).

In the new alert, US-CERT offers six practical ways to enhance the integrity and security of your computer infrastructure.

  1. Segregate Networks and Functions
  2. Limit Unnecessary Lateral Communications
  3. Harden Network Devices
  4. Secure Access to Infrastructure Devices
  5. Perform Out-of-Band Management
  6. Validate Integrity of Hardware and Software

The full document can be downloaded here https://www.us-cert.gov/ncas/alerts/TA16-250A and covers each of the items above in greater detail and with recommended actions.


Yahoo and Other Data Breach Victims

The Federal Trade Commission (FTC) has released a step-by-step video to users whose personal information may have been exposed in a data breach.  This video provides instruction on how to report an incident and develop a personal recovery plan after a data breach has occurred.

US-CERT encourages users to review the FTC blog and US-CERT Tips on Avoiding Social Engineering and Phishing Attacks, Safeguarding Your Data, and Protecting Your Privacy for more information.

Cyber Evaluation Tool Webinar

Editor’s Note:  This invitation comes from our colleagues at DHS ICS (Industrial Cyber Security) Workgroup.  Please share this with your water utilities.  As well, consider participating yourself so that you’ll know what tools water systems have to evaluate their cyber programs.

Do you have cybersecurity concerns?  The ICS-CERT Cyber Security Evaluation Tool (CSET) Version 8.0 tool is designed to help you quickly gain a clear cybersecurity operating picture, establish your priorities, and tighten up your organization’s cybersecurity.  The CSET tool is an easy step by step, tax software like, guide to help you best understand what you need to do and where to focus your efforts.

Join us for an introduction webinar to the updated CSET 8.0.  See the new features, learn how to use CSET to increase your cybersecurity defenses, and ask questions to the CSET development team.

DATE:              September 20, 2016

TIME:               10:00AM-Noon (eastern)

REGISTER:    https://attendee.gotowebinar.com/register/8105066833474858754


If you happen to be in Ft. Lauderdale between September 13 and15, you may also participate in the ICS Joint Workgroup Fall Meeting.  More information about this meeting may be found at this link Industrial Control Systems Joint Working Group (ICSJWG) 2016 Fall Meeting in Ft. Lauderdale, FL, September 13-15, 2016.

DHS “Partnership Bulletin”

DHS has just published a new edition of The Partnership Bulletin.  The Bulletin provides a twice monthly  snapshot of upcoming stakeholder and cross-sector training opportunities and exercises, along with major critical infrastructure events and key announcements.  Click the links below to learn more about a host of security and resilience issues.


Infrastructure Protection Training

Looking to enhance your critical infrastructure security and resilience knowledge and skills?  TEEX is offering a series of DHS/FEMA-funded trainings across the nation that can meet your needs and help qualify you for an Infrastructure Protection Certificate.

The Infrastructure Protection Certificate Program provides an understanding and local application of the homeland security infrastructure protection doctrine.  The program includes an in-depth examination of key concepts and practices in capabilities-based and community-focused planning, integrated risk management, private-public partnerships, and whole community resilience strategies.  This link provides more information about the program.  In addition, here is a list of locations for the four Certificate Program trainings:

Infrastructure Protection Courses
Course Number Course Name Date Location
AWR213 Critical Infrastructure Security & Resilience Awareness 9/6/16 Dallas, TX
MGT310 Jurisdictional Threat & Hazard Identification & Risk Assessment 9/12-13/16 El Paso, TX
AWR213 Critical Infrastructure Security & Resilience Awareness 9/14/16 Fayetteville, AR
MGT310 Jurisdictional Threat & Hazard Identification & Risk Assessment 9/20-21/16 Arlington, TX
MGT414 Advanced Critical Infrastructure Protection 9/21/16 Miami Beach, FL
MGT315 Critical Asset Risk Management 9/26-27/16 El Paso, TX
MGT310 Jurisdictional Threat & Hazard Identification & Risk Assessment 9/27-28/16 Suffolk, VA
AWR213 Critical Infrastructure Security & Resilience Awareness 10/4/16 Rancho Cucamonga, CA
MGT414 Advanced Critical Infrastructure Protection 10/4/16 Dallas, TX
AWR213 Critical Infrastructure Security & Resilience Awareness 10/5/16 Jackson, MS
MGT310 Jurisdictional Threat & Hazard Identification & Risk Assessment 10/6-7/16 Rancho Cucamonga, CA
MGT310 Jurisdictional Threat & Hazard Identification & Risk Assessment 10/11-12/16 Harlan, KY
AWR213 Critical Infrastructure Security & Resilience Awareness 10/18/16 Sevierville, TN
AWR213 Critical Infrastructure Security & Resilience Awareness 10/19/16 Gulfport, MS
MGT414 Advanced Critical Infrastructure Protection 10/19/16 Sevierville, TN
MGT310 Jurisdictional Threat & Hazard Identification & Risk Assessment 10/25-26/16 Beaumont, TX