United States Department of Homeland Security (DHS) Announces New Grant Plan to Slow Epidemic Spread of Cyber Attacks

United States Department of Homeland Security (DHS) Announces New Grant Plan to Slow Epidemic Spread of Cyber Attacks

Businesses may be able to take a little sigh of relief that some help may be coming to the persistent threat of ransomware attacks.  The DHS announced that significant funds will be provided to a number of public and private sectors to help improve the nation’s protection against data security attacks and other crises.

The Feb. 25 Announcement

On February 25, 2021, DHS announced its funding notice for several different types of cyber preparedness grants worth nearly $1.87 billion.  After noticing a rise in both the number and complexity of cyber threats faced by communities, including targeted ransomware attacks on our infrastructure, hospital, transportation systems, DHS identified five critical priority areas for attention for its fiscal 2021 grant cycle: 1) cybersecurity; 2) soft targets and crowded places; 3) intelligence and information sharing; 4) domestic violent extremism; and 5) emerging threats.  These grant programs provide funding to state, local, tribal/territorial governments, transportation authorities, nonprofit organizations, and the private sector to improve the nation’s readiness in preventing, protecting against, responding to, recovering from terrorist attacks, major disasters, and other emergencies.

The DHS announced several non-competitive grants which are to be awarded to recipients based on several factors:

  • State Homeland Security Program – The State Homeland Security Program provides $415 million to support the implementation of risk-driven, capabilities-based state homeland security strategies to address capability targets;
  • Urban Area Security Initiative – The Urban Area Security Initiative provides $615 million to enhance regional preparedness and capabilities in 31 high-threat, high-density areas; and
  • Emergency Management Performance Grant (“EMPG”) – EMPG provides more than $355 million to assist state, local, tribal, and territorial governments in enhancing and sustaining all-hazards emergency management capabilities; and
  • Intercity Passenger RailAmtrak Program – The Amtrak Program provides $10 million to Amtrak to protect critical surface transportation infrastructure and the traveling public from acts of terrorism and increase the resilience of the Amtrak rail system.

Moreover, the DHS announced several competitive grants, including:

  • Operation Stonegarden – Operation Stongarden provides $90 million to enhance cooperation and coordination among state, local, tribal, territorial, and federal law enforcement agencies to jointly enhance security along the United States land and water borders;
  • Tribal Homeland Security Grant Program – The Tribal Homeland Security Grant Program provides $15 million to eligible tribal nations to implement preparedness initiatives to help strengthen the nation against risk associated with potential terrorist attacks and other hazards;
  • The Nonprofit Security Grant Program – The Nonprofit Security Grant Program provides $180 million to support target hardening and other physical security enhancements for nonprofit organizations that are at high risk of a terrorist attack;
  • Port Security Grant Program – The Port Security Grant Program provides $100 million to help protect critical port infrastructure from terrorism, enhance maritime domain awareness, improve port-wide maritime security risk management, and maintain or re-establish maritime security mitigation protocols that support port recovery and resiliency capabilities;
  • Transit Security Grant Program – The Transit Security Grant Program provides $88 million to owners and operators of public transit systems to protect critical surface transportation and the traveling public from acts of terrorism and to increase the resilience of transit infrastructure; and
  • Intercity Bus Security Program – The Intercity Bus Security Program provides $2 million to owners and operators of intercity bus systems to protect surface transportation infrastructure and the traveling public from acts of terrorism and to increase the resilience of transit infrastructure.

Impact on Business

Private sector businesses can apply for these grants, especially if they are in the process of developing and creating cyberwarfare and other data defense tools.  Grant  information can be found here.

Beckage has responded to countless data breaches and is always comforted to see more dollars that foster collaboration between public and private sectors to help defend and protect U.S. business and more.

If you have questions about the grant dollars or how to apply, please contact a Beckage attorney at 716.898.2102.

*Attorney Advertising. Prior results do not guarantee future outcomes.

Subscribe to our Newsletter.

Cyber InsuranceDFS February 2021 Guidance To Cyber Insurers

DFS February 2021 Guidance To Cyber Insurers

On February 4, 2021, the New York State Department of Financial Services (DFS) issued specific guidance to property/casualty insurers writing cyber insurance policies, known as the Cyber Insurance Risk Framework (“Framework”). The DFS promoted itself as the first US regulator in the nation to issue a specific guidance on cyber insurance, explaining the suggestions of the Framework are based on continued dialogue with the insurance industry and experts in cyber insurance regarding the shifting landscape of cybersecurity.

With the Covid-19 pandemic forcing companies to shift to an online workforce, cybercrimes, like ransomware and malware attacks, have drastically increased in frequency, severity, and cost to victimized companies. Cybercriminals use payments extorted from ransomware to fund more frequent and sophisticated ransomware attacks, emboldening them to target other organizations and widen their campaigns. The widespread use of ransomware has pressured cyber insurers to increase rates and tighten underwriting standards for cyber insurance.

The DFS advises New York regulated property/casualty insurers offering cyber insurance to establish a formal strategy for measuring cyber insurance risks that can be approved by a board or a governing entity. The Framework acknowledges that strategies should be proportionate with each insurer’s risk based on the insurer’s size, resources, geographic distribution, market share, and industries insured.  It is important to note the Framework constitutes a list of best practices and suggested approaches and does not yet constitute rules or regulations for the insurance industry.

The Cyber Insurance Risk Framework encourages cyber insurers to formalize a Cyber Insurance Risk Assessment Strategy that is managed by a governing body and establishes and/or formalizes qualitative and quantitative measures and goals for cyber risk that incorporate six best practices identified by DFS:

  1. Manage and Eliminate Exposure to “Silent” Cyber Insurance Risk

Cyber insurers should determine whether they are exposed to silent or non-affirmative cyber insurance risk, an insurer’s obligation to cover cyber incident losses under a policy that does not explicitly mention cyber incidents. The Framework suggests that insurers evaluate their silent risk exposure and take steps to minimize that exposure.

2. Evaluate Systemic Risk

Cyber insurers should conduct regular systemic risk evaluations and plan for potential losses. Increased reliance on third-party vendors has caused systemic risk to grow exponentially and thus, insurers should understand the third parties used by their insureds and model the effect of catastrophic cyber events that may result in simultaneous losses.

3. Rigorously Measure Insured Risk by Using Data

Cyber insurers should use a comprehensive, data-driven approach to assess their insured’s potential gaps and cybersecurity vulnerabilities.

4. Educate Insureds and Insurance Producers

Cyber insurers should educate their insureds and insurance producers about the value of cybersecurity measures and the need for, benefits of, and limitations of cyber insurance.

5. Obtain Cybersecurity Expertise

Cyber insurers can use strategic recruiting practices to hire employees with cybersecurity experience and invest in their training and development.

6. Require Notice to Law Enforcement

In the event of a cyberattack, cyber insurance policies should require victims notify and engage law enforcement agencies to help recover lost data and funds.

This guidance brings operational and other challenges to those in the property/casualty insurance market. It also adds new potential requirements to pass along to their insureds. For example, insureds may not know that their policy will require notification of law enforcement, and they may have reasons not to notify law enforcement, but if they choose not to it can lead to a coverage dispute.

Beckage advises those in the insurance industry on risk management, cybersecurity best practices and measures, third-party vendor management, and incident response.  Beckage also works with global clients to evaluate risk management, including opportunities to obtain various cyber and tech related coverage. We can be reached 24/7 via our data breach hotline at 844.502.9363 or IR@beckage.com.

Subscribe to our newsletter. 

*Attorney advertising – prior results do not guarantee future outcomes. 

Emotet MalwareThe Emotet Attack Gets Attacked

The Emotet Attack Gets Attacked

Having responded to numerous malware and ransomware incidents, it is clear that cyber threats are persistent but not impenetrable.  The thing that pokes holes in company’s IT environments, can itself be vulnerable as a recent incident with Emotet has proven.  This recent occurrence can hopefully provide businesses with assurance that government, like private industry, is working hard to push back on cyber threats.    

What is it? 

Emotet is an extremely well-traveled bit of malware. It has been spread far and wide across the globe and led to countless data incidents via automated phishing emails.  By luring recipients to not only open a spam email, but then download an attachment or click a link, whether it be a fake invoice or COVID-19 vaccine information, Emotet tricked recipients into installing malware on their system that then opens a gateway to the botnet’s system.  And continuously, since 2014, the Emotet botnet runs more phishing campaigns, convinces more individuals to download malware masked as attachments, and opens more gateways to more Windows systems, calling out and then preserving a point of access to an unsuspecting party.  

Why is it dangerous? 

Think of every successful introduction of Emotet malware onto a computer as opening a gateway to that system.  Then think of all the gateways being amassed by the group that controls Emotet.  Now imagine that team saying to a global community of cyber attackers, “Which gateways would you like to purchase access to in order to deploy your ransomware or whatever attack you have in mind?”  The result has been, according to Ukrainian law enforcement, $2.5 billion in damages by resulting attacks.  Popular ransomware variants like Ryuk are known to be paying for that access and contributing to the resulting financial hardship.  So Emotet may not be the illegal drug, but they are the needle delivering it.   

What happened? 

The FBI, Europol, Canada’s Royal Mounted Police, the National Police of Ukraine, the UK’s National Crime Agency and other international law enforcement agencies, with the aid of private researchers, embarked on an expansive raid on Emotet, reportedly two years in the making.  Operation Ladybird, as it was known, sought to take over a command-and-control network of servers in over 90 countries.  The result?  A success.  The Emotet disruption was pulled off by replacing the machines at the center of the botnet’s infrastructure with the computers of law enforcement, allowing law enforcement to negate any further requests from the malware to the botnet and prevent any malicious activity.  The infrastructure that controls the Emotet operation is now under the control of law enforcement and now the botnet responsible for up to 30% of all malware attacks is offline, leaving those who once relied on purchasing access to those gateways for deploying cyber-attacks at a loss for access.   

The Beckage Team has extensive experience counseling clients on data security matters, breach response preparedness, and breach coach services.  We have also worked on headline-making data incidents, including those associated with malware and ransomware strains like Emotet and Ryuk. Our team can be reached anytime via our 24/7 data breach hotline at 844-502-9363 or by emailing IR@beckage.com.   

Subscribe to our newsletter.

*Attorney Advertising; prior results do not guarantee similar outcomes.