Cybersecurity and Infrastructure Security Agency (CISA)

Harmonization of Cyber Incident Reporting to the Federal Government

This report outlines a series of actionable recommendations on how the federal government can streamline and harmonize the reporting of cyber incidents to better protect the nation’s critical infrastructure.

Software Supply Chain Visibility Tools (CISA)

• AppCensus (El Cerrito, California) will add to its existing platform by mapping vulnerabilities to SDK behavior and providing a means to visualize that data as well as incorporate those results into SBOM reporting and common tooling and practice for IT professionals within enterprises. (Initial Award April 2023) – Currently in Phase 1
• ChainGuard (Kirkland, Washington) - will create an SBOM composition tool by developing the conceptual schema of how to join micro-SBOMs, creating a test suite of micro-SBOMs and the super SBOMs that ought to be created, and implementing functionality that takes micro-SBOMs as input and outputs a super SBOM. (Initial Award April 2023) – Currently in Phase 1
• DeepBits (Riverside, California) - has developed an AI-powered code intelligence platform for large-scale accurate binary code identification across languages and hardware platforms. They will develop a multi-format SBOM translator and design, build, and test its SaaSBOM generation tool. (Initial Award April 2023) – Currently in Phase 1
• Manifest Cyber (Westport, Connecticut) will further mature their existing SBOM management platform by adding capabilities including support for enriching vulnerability data using the Vulnerability Exploitability eXchange (VEX) documentation, automating ticketing responses to Security Incident and Event Management (SEIM) systems, automating risk and compliance report. generation, begin building a global SBOM repository, and building support for eventual integration with commonly used asset management tools. (Initial Award April 2023) – Currently in Phase 1
• Scribe Security (Tel Aviv, Israel) - will adapt its existing platform to develop a multi-format SBOM translator using an Open Policy Agent (OPA), further develop two of its core technology tools used for the generation of SBOMs and extend its platform to provide unique vulnerability information and insights. (Initial Award April 2023) – Currently in Phase 1
• TestifySec (Jasper, Alabama) - is developing a new security platform and associated tools to provide enhanced supply chain security. These tools ensure software integrity by enabling detection of possible tampering or malicious activity through the application of “generate” and “verify” attestation processes in concert with policy compliance configuration. (Initial Award April 2023) – Currently in Phase 1
• Veramine (Bothell, Washington) - will enhance its Endpoint Detection & Response (EDR) agent by adapting and configuring the agent to collect only what would be needed to populate the SBOM and – importantly – also to centrally preserve a single copy of every binary ever loaded anywhere across the enterprise network for vulnerability analysis. (Initial Award April 2023) – Currently in Phase 1

Department of Homeland Security’s Cyber Safety Review Board to Conduct Review on Cloud Security 

Secretary of Homeland Security Alejandro N. Mayorkas announced that the Cyber Safety Review Board (CSRB) will conduct its next review on the malicious targeting of cloud computing environments.

Cyber Safety Review Board Releases Report on Activities of Global Extortion-Focused Hacker Group Lapsus$

The U.S. Department of Homeland Security (DHS) released the Cyber Safety Review Board’s (CSRB) report summarizing the findings of its review into the activities associated with a threat actor group known as Lapsus$.

DHS Announces Additional $374.9 Million in Funding to Boost State, Local Cybersecurity

The Department of Homeland Security announced the availability of $374.9 million in grant funding for the Fiscal Year (FY) 2023 State and Local Cybersecurity Grant Program (SLCGP).

Secretary Mayorkas Discusses New U.S. Efforts to Counter Spread of Digital Authoritarianism at Summit for Democracy

Secretary of Homeland Security Alejandro N. Mayorkas outlined new initiatives by the Biden-Harris Administration to counter the misuse of technology at the second Summit for Democracy in Washington, D.C.  He highlighted the Cybersecurity and Infrastructure Security Agency’s (CISA) High-Risk Community Protection initiative, which is dedicated to strengthening the cybersecurity of communities —such as civil society organizations— in the United States who are at heightened risk of cyber threat targeting and transnational repression.

Statement by Secretary Mayorkas on the President’s Fiscal Year 2024 Budget

The Biden-Harris Administration released the FY 24 President’s Budget, providing $60.4 billion in discretionary funding for DHS, and $20.1 billion for the Disaster Relief Fund.

Fact Sheet: Biden Administration’s National Security Memorandum to Counter Weapons of Mass Destruction Terrorism and Advance Nuclear and Radioactive Material Security

President Biden signed National Security Memorandum (NSM) 19 to Counter Weapons of Mass Destruction (WMD) Terrorism and Advance Nuclear and Radioactive Material Security worldwide

Statement from Secretary Mayorkas on President Biden’s National Cybersecurity Strategy

Secretary of Homeland Security Alejandro N. Mayorkas released the following statement on President Biden’s National Cybersecurity Strategy. The Department of Homeland Security and its components play a leading role in strengthening cybersecurity resilience across the nation and investigating malicious cyber activity.

The Department of Homeland Security Joins the United States Global Change Research Program (USGCRP)

Today, Secretary of Homeland Security Alejandro N. Mayorkas announced that the Department has become a member of the United States Global Change Research Program (USGCRP).