This space will share important security and cybersecurity information from reputable sources.  ALMR takes cyber and physical security seriously to ensure continued operation of this critical system.  We encourage all ALMR users to disseminate cybersecurity information and best practices throughout your organization.

ALMR System Security:

ALMR is a closed system and provides the highest level of security to protect federal government agencies and assets operating on the system. All other agencies on the system benefit from this strict policy. In order to maintain the level of security required for federal agencies to operate on ALMR, no new products or infrastructure may be added to the system without completing the System Change Request process (see procedure 400-3), having the request reviewed from a security and technical standpoint, and obtaining approval from the Executive Council. Agencies should never purchase a product without contacting the Operations Management Office or the System Management Office first, completing the change request form, and receiving the required approval.

 


3/2/23 Cybersecurity Advisory (CSA) contains recommended actions and mitigations to protect against Royal ransomware
(PDF copy attached here)

A new variation of this ongoing and persistent threat – attached info identified through FBI response activities in 2023.

These steps can help make your agency a MUCH harder target.  Actions to take today to mitigate cyber threats from ransomware:

  • Prioritize remediating known exploited vulnerabilities.
  • Train users to recognize and report phishing attempts.
  • Enable and enforce multifactor authentication.

After gaining access to victims’ networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting the systems.  Royal actors have made ransom demands ranging from approximately $1 million to $11 million USD in Bitcoin.  In observed incidents, Royal actors do not include ransom amounts and payment instructions as part of the initial ransom note.  Instead, the note, which appears after encryption, requires victims to directly interact with the threat actor via the Tor browser, more details in attached bulletin.

 

1/4/23: Latest CISA documents on security threats. (hyperlink attached to each subject)

12/8/22: CISA Releases Phishing Susceptibility Infographic

3/24/22: Click here to view CISA security advisory

The Cybersecurity & Infrastructure Security Agency (CISA) recently shared the following statement with the public as part of the “Shields Up” campaign (hyperlink attached):

While there are no specific or credible cyber threats to the U.S. homeland at this time, Russia’s unprovoked attack on Ukraine, which has involved cyber-attacks on Ukrainian government and critical infrastructure organizations, may impact organizations both within and beyond the region. Every organization—large and small—must be prepared to respond to disruptive cyber activity.

This need for heightened cybersecurity awareness and vigilance extends to each of us apply cybersecurity best practices .

  1. Always be alert about emails from unknown senders or with unknown attachments. Do not open attachments unless you know the sender and are expecting the attachment. Even if you know the sender, if the email is suspicious, verify with the sender that it was intentionally sent to you.
  2. Use your work-provided computers and/or mobile devices for official business only.
  3. Remain up to date on security awareness training and safe computing guidelines. Continue to adhere to established security practices and policies.

You are also urged to consider your cybersecurity practices outside of work. Protect yourself, your family, and your devices with tips and resources from the National Cyber Security Alliance. (hyperlink attached)

As part of their continuing mission to reduce cybersecurity risk across U.S. critical infrastructure partners and state, local, tribal, and territorial governments, CISA has compiled a list of free cybersecurity tools and services to help organizations further advance their security capabilities. This living repository includes cybersecurity services provided by CISA, widely used open source tools, and free tools and services offered by private and public sector organizations across the cybersecurity community.  Free Cybersecurity Services and Tools | CISA

UPDATE:  You can view the most recent interview of Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency, in an interview with 60 Minutes on the challenges of cybersecurity threats to critical infrastructure, public safety, and the national security/emergency preparedness community.

U.S. officials preparing for potential Russian cyberattacks – CBS News (NOTE: This video plays on the CBS news site.)

 

9/21/22: DHS Releases Recommendations to Protect National Public Warning System from EMPs

The Department of Homeland Security (DHS) released a report of operational approaches to protect the National Public Warning System from an electromagnetic pulse (EMP). The report is a collaborative effort between the DHS Science and Technology Directorate (S&T), the Federal Emergency Management Agency (FEMA) Integrated Public Alert and Warning System (IPAWS) Program, and the Cybersecurity & Infrastructure Security Agency (CISA). The report summarizes recommendations that federal, state, local agencies, and private sector critical infrastructure owners and operators can employ to protect against the effects of an EMP event. (click link in heading to be directed to the complete report.)

Related Posts

If you enjoyed reading this, then please explore our other articles below: