CISA Releases ‘Secure Tomorrow Series’ Toolkit
April 12, 2022
The Cybersecurity and Infrastructure Security Agency (CISA) published the first iteration of the Secure Tomorrow Series Toolkit, a diverse array of interactive and thought-provoking products for critical infrastructure stakeholders on how to use strategic foresight methods to identify emerging risks and potential risk management strategies to secure their critical infrastructure systems.
Established by CISA’s National Risk Management Center (NRMC), the Secure Tomorrow Series effort is a strategic foresight capability focused on anticipating future risk drivers, critical uncertainties, and trends — such as aging infrastructure, global pandemics, and emerging technologies — to help enhance organizational resiliency. Central to the effort is the selection of topics with the potential for highly disruptive impacts on multiple National Critical Functions (NCFs) in the next 5-20 years. The three topics are anonymity and privacy, trust and social cohesion, and data storage and transmission.
The NRMC engaged with subject matter experts, thought leaders, and others from academia, think tanks, the private sector, and National Labs to refine the knowledge base for each topic and help lay the foundation for the Toolkit’s products. These products include game templates, facilitator and player guides, read-aheads, and other materials uniquely designed to allow users to self-facilitate and conduct four different strategic foresight activities relevant to their organization, region, or sector.
In a constantly changing and complex operating environment, using strategic foresight to explore alternative futures and potential drivers of change is a potent technique for improving decision-making to manage uncertainty.
- To learn more, read CISA’s blog article, Secure Tomorrow Series Toolkit: Using Strategic Foresight to Prepare for the Future.
- Download/share the Secure Tomorrow Series Toolkit.
Question of the Week
Q. Is a service member required to notify the credit union when they are no longer on active duty? When should we reinstate the original contract rate?
A. A service member is not required to notify a lender when they are no longer on active duty. If the credit union has a member to whom it has granted the 6% rate cap, it can reinstate the original contract rate when the servicemember is no longer on active duty. The credit union can rely on the member’s military orders to give it a fairly accurate idea of when the service member is going to be discharged.
National Credit Union Administration
NCUA to Begin Phase 2 of Resuming Onsite Operations: The NCUA announced that the agency will enter the second phase (Phase 2) of resuming onsite operations on April 11, 2022. Phase 2 permits NCUA staff to volunteer to work onsite, including conducting examination and supervision work at credit unions located in countries with low or moderate COVID-19 community levels, as defined by the CDC.
Consumer Financial Protection Bureau
Consumers’ Use of State Payday Loan Extended Payment Plans: The CFPB issued a report which examines state payday loan extended payment plans, an intervention allowing payday borrowers to repay their loans in no-cost installments. It finds that despite the prevalence of state laws providing for these plans, rollover and default rates consistently exceed extended payment plan usage rates. The Bureau has observed that monetary incentives encourage lenders to promote higher-cost rollovers at the expense of extended payment plans.
Proposed Rule Prohibiting the Inclusion of Adverse Information in Consumer Reporting in Case of Human Trafficking: The CFPB issued a Notice of Proposed Rulemaking to implement a recent amendment to the Fair Credit Reporting Act (FCRA), to establish a method for victims of trafficking to submit documentation to consumer reporting agencies and prohibit the consumer reporting agencies from furnishing a consumer report containing the adverse information.
Office of Foreign Assets Control
OFAC has updated the SDN list as of April 11. The last update prior to this was April 6.
Questions? Contact the Compliance Hotline: 1.800.546.4465; email@example.com.