CISA, DHS, FBI and International Partners Publish Guide for Protecting High-Risk Communities

Informs civil society organizations and individuals of cyber adversary behaviors and actions to mitigate this threat

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI), in collaboration with cyber partners from Canada, Estonia, Japan and United Kingdom, published “Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society” today which provides civil society organizations with recommended actions and mitigations to reduce their risk of cyber intrusions, particularly from state-sponsored cyber actors. It also strongly encourages software manufactures to actively implement and publicly commit to Secure by Design practices that are necessary to help protect vulnerable and high-risk communities.

The guide provides recommended mitigations for civil society organizations, which include implementing phishing-resistant multifactor authentication (MFA), using caution when sharing information on social media, prioritizing vendors that align their practices to Secure by Design principles, and ensuring awareness of social engineering tactics.

“State-sponsored actors seek to undermine fundamental democratic and humanitarian values and interests supported by civil society organizations and individuals. However, these high-risk community organizations often lack cyber threat information and security resources,” said Jen Easterly Director CISA. “With our federal and international partners, we are providing this resource to help these organizations better understand the cyber threats they face and help them improve their cyber safety.”

"The FBI and its partners are putting out this guidance so that civil society organizations have the capacity to mitigate the threats that they face in the cyber realm,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division. “We’d like to help these entities, whether they are nonprofits, think tanks, or groups working to defend human rights and advance democracy, defend themselves against malicious state-sponsored actors looking to exploit them.”

“We thank CISA and partners for close cooperation on releasing this guidance. It was confirmed in Japan that organizations and individuals such as academia, think tanks and journalists have been targeted by cyberattacks.,” said Mr. Atsuo Suzuki, Director General, Japan National Center of Incident Readiness and Strategy for Cybersecurity (NISC). “We would like to partner with co-sealing countries and organizations of this guidance to make contribution to enhancing cybersecurity.”

“Last couple of years have shown that every organisation can be targeted with malicious cyber activities. The root of this problem lies typically in lack of knowledge about cyber threats, or cyber threaths not taken as seriously as they should be. It is important to raise awareness and provide guidelines, such as the freshly published guidance for civil society organisations and individuals. I invite all organisations to make good use of the guide and to learn how to take the necessary steps to protect yourself from cyber threats,“ said Gert Auväärt, Director of Cyber Security of the Estonian State Information Authority (RIA).

“The Canadian Centre for Cyber Security, a part of CSE, welcomes this report. The best way to protect Canada and our global partners from the growing threat of foreign interference, and digital transnational repression is to raise awareness about the threat,” said Sami Khoury, Head, Canadian Centre for Cyber Security. “We all have a role to play in defending our democratic institutions, including our civil society organizations and individuals.”

“Civil society groups play a crucial role in upholding our democratic values in the UK and around the world and so it is vital they have the information they need to protect themselves online,” said Felicity Oswald, Chief Executive of the United Kingdom National Cyber Security Centre. “This new guidance, developed with international partners, will help those with limited resources ensure they have strong security measures in place to manage the greater risk of targeting that they face. We are committed to our ongoing collaboration with likeminded countries to raise the collective resilience of global democracy and safeguard civil society from cyber threats.”

"Preparing for global cyber threats requires national and international cooperation. This report is an excellent example of confidential cooperation with our international partners. This guide also supports our work to improve cyber security awareness in Finland," says Anssi Kärkkäinen, deputy director general of National Cyber Security Centre Finland (NCSC-FI)

Malicious state-sponsored actors use various tactics to gain initial access and then often install spyware on the compromised devices to conduct more extensive surveillance, such as location tracking and access to files. The guide provides a list of state-sponsored actors known to target civil society organizations primarily from Russia, China, Iran and North Korea, along with an overview of their known tactics and techniques. The overview helps organizations better understand the adversarial behavior so their leadership can make informed resourcing decisions on basic cybersecurity controls.

In addition to CISA, partnering agencies include:

Department of Homeland Security Office of Intelligence and Analysis (DHS I&A), 
Federal Bureau of Investigation (FBI), Canadian Centre for Cyber Security (CCCS), Estonian National Cyber Security Centre (NCSC-EE), National Center of Incident Readiness and Strategy for Cybersecurity (NISC) Japan, National Police Agency (NPA) Japan, Japan Computer Emergency Response Team Coordination Center (JPCERT/CC), National Cyber Security Centre – Finland (NCSC-FI), and United Kingdom National Cyber Security Centre (NCSC-UK).

For more information, see CISA’s Cybersecurity Resources for High-Risk Communities webpage.