View as a webpage / Share

Volume 21 — Issue 2 | January 14, 2021

IAFF recognizes January as Fire Fighter Cancer Awareness Month

As part of Fire Fighter Cancer Awareness Month, the International Association of Fire Fighters (IAFF) and the Firefighter Cancer Support Network (FCSN) are partnering to deliver educational materials and resources to promote public and firefighter awareness. IAFF encourages all fire service personnel to utilize these materials, tools and guidance to develop life-saving protocols and promote cancer prevention in local departments.

To increase awareness of occupational cancer risk in the fire service, the IAFF provides factsheets, videos, training briefs, educational presentations, podcasts, survivor stories, and structured materials for departments to conduct a “Safety Stand Down” each week in January.

While occupational cancer risk is a reality for the fire service, prevention is entirely possible. Each “Safety Stand Down” in the month of January focuses on a specific theme. The materials cover how firefighters are exposed to carcinogens, what happens when they are exposed, how to prevent exposures, how to make culture changes in their department and how to assist those who are diagnosed with cancer.

The IAFF General President stated that the purpose of Fire Fighter Cancer Awareness Month is “to give our hard-working members the most up-to-date guidance and data that will allow them the opportunity to enjoy a long, safe career and a healthy retirement.”

(Source: IAFF)

Nashville bombing highlights critical communications services provided by FirstNet

The Christmas Day Nashville bombing resulted in communication outages in Nashville and the surrounding region. FirstNet subscribers were among those impacted by the outage.

FirstNet Authority released an update explaining the cause of the outages following the bombing. A subsequent update from FirstNet Authority explained that FirstNet deployable network assets were dispatched and became operational within four hours after backup battery power was exhausted following the outage, providing critical communications capabilities to the immediate vicinity.

FirstNet’s response to the Nashville bombing incident was just one among hundreds of responses to incidents around the country since the FirstNet program became operational. Public safety authorities made more than 450 requests for temporary network overage solutions like the Satellite Cells on Light Trucks (SatCOLTs) deployables used in the Nashville bombing, according to a section of the most recent Ericsson Mobility Report, co-authored by AT&T on FirstNet.

The Ericsson Mobility Report also summarizes the changes in network usage this year due to the pandemic and natural disasters. One significant change was a 40% increase in mobile voice traffic. But because the FirstNet network separates public safety traffic from commercial traffic - a function of one of FirstNet’s core domains outlined in its Roadmap - emergency response communications remain resilient to these shifts in public usage.

FirstNet’s services will continue to play a critical role in public safety operations as the emergency services increasingly rely on networked technologies for situational awareness, such as GIS and location services for mapping and visualization and sensor data used for environmental monitoring and responder health and safety.

For more information on FirstNet, see FirstNet Authority’s website for program information, and FirstNet.com for more information on products and offerings.

(Source: FirstNet Authority)

Highlights

IAFF recognizes January as Fire Fighter Cancer Awareness Months

Nashville bombing highlights critical communications services provided by FirstNet

NOAA updates wildfire detection and smoke forecasting tools

Emergency Services Sector cybersecurity best practices

Cyber Threats

The U.S. Fire Administration operates the Emergency Management and Response – Information Sharing and Analysis Center (EMR-ISAC).

For information regarding the EMR-ISAC visit www.usfa.dhs.gov/emr-isac or contact the EMR-ISAC office at: (301) 447-1325 and/or fema-emr-isac@fema.dhs.gov.

NOAA updates wildfire detection and smoke forecasting tools

The National Oceanic and Atmospheric Association (NOAA) has had a successful year of research and development in the area of detecting and predicting the impact of wildfires and wildfire smoke.

Mitigating the impact of wildland fires depends on early detection. The National Oceanic and Atmospheric Association (NOAA), Office of Satellite and Product Operations (OSPO) continues to improve on its Hazard Mapping System Fire and Smoke Product with the latest and best fire and smoke monitoring methods and satellite data available. The product provides near real-time maps, fire data statistics and data sets for monitoring wildfire and smoke positions; however, data can be skewed by cloud cover, terrain and light and heat emitted by factories.

In addition to early detection of wildfires, forecasting the behavior of wildfire smoke is a powerful capability for public safety and health. NOAA has recently finalized a smoke model which has this predictive capability. A product called High Resolution Rapid Refresh-Smoke (HRRR-Smoke), which became fully operational just last month, can accurately forecast the behavior of wildfire smoke and its impact on weather. The experimental version of the product played a pivotal role in mitigating the impacts of wildfires last summer.

Since being transferred to National Weather Service (NWS) operations on December 2, 2020, HRRR-Smoke now utilizes NWS’s powerful computing capabilities and a fleet of weather models to produce a new weather and smoke forecast every hour.

Both of these tools from NOAA will be useful to anyone in the Emergency Services Sector with a need to monitor and predict the impacts of wildfire smoke, including:

• Emergency managers and public health officials who need to monitor wildfire smoke and inform their public about how to mitigate the impacts, especially in light of the combined health risks of wildfire smoke exposure and COVID-19.
• Researchers who need this data to identify any possible links between wildfire smoke and the rate of hospitalizations for lung-related conditions in their area.
• Those responsible for determining safe conditions for prescribed fire as a mitigation best practice.

For more information on these products, see NOAA’s Hazard Mapping System Fire and Smoke Product, and NOAA’s Global Systems Laboratory High-Resolution Rapid Refresh page.

(Source: NOAA)

Emergency Services Sector cybersecurity best practices

Cybersecurity is one of the most important security considerations for Emergency Services Sector (ESS) organizations. Poor cybersecurity practices can cause severe operational problems and the needless expenditure of funds.

While prevention of sophisticated attacks requires more rigorous countermeasures, many cyberattacks can be prevented with a few simple, low cost protective actions. ESS organizations frequently use networked computers and smartphones for a variety of operational functions, such as computer-aided dispatch systems, communications backup to radio systems, and storage and connectivity to databases.

The Cybersecurity and Infrastructure Security Agency (CISA) provides official guidance to the Emergency Services Sector on these basic security measures in this Emergency Services Sector Cybersecurity Best Practices Fact Sheet (cisa.gov). Best Practices included in this CISA Fact Sheet are organized into five categories: General practices that can be implemented and included in plans and policies, social networking practices, e-mail behavior, Wi-Fi use, and Bluetooth use.

(Source: CISA)

Cyber Information and Incident Assistance Links

MS-ISAC
SOC@cisecurity.org
1-866-787-4722

IdentityTheft.gov

IC3

Cybercrime Support Network

General Information
Links

FTC scam list

CISA alerts

Law Enforcement Cyber Center

TLP Information

CISA releases summary and guidance on detection of ongoing APT compromise

CISA has released additional information and guidance on the Advanced Persistent Threat (APT) actor and mitigation steps for impacted agencies related to the SolarWinds Orion supply chain compromise. CISA released an alert summarizing the information and guidance to date, and specifying which versions of the SolarWinds Orion products are compromised. CISA will continue to update this alert with new information.

CISA released a second companion alert on January 8 with instructions on how to detect post-compromise threat activity in Microsoft Cloud environments. This alert outlines the tactics, techniques, and procedures (TTPs) used by this APT actor. These TTPs feature three key components:

• Compromising or bypassing federated identity solutions.
• Using forged authentication tokens to move laterally to Microsoft cloud environments.
• Using privileged access to a victim’s cloud environment to establish difficult-to-detect persistence mechanisms for Application Programming Interface (API)-based access.

This second alert also identifies a number of open-source tools available to investigate adversary activity in Microsoft Cloud environments related to this cyberattack.

For the full alert summarizing this threat, see CISA’s Alert AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations. For technical information on detection of this threat in Microsoft Cloud environments, see CISA’s Alert AA21-008A: Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments.

(Source: CISA)

MS-ISAC extends deadline for 2020 Nationwide Cybersecurity Review

The Multi-State Information Sharing and Analysis Center (MS-ISAC) team has announced a deadline extension to complete the 2020 Nationwide Cybersecurity Review (NCSR) until Feb. 28, 2021.

The Nationwide Cybersecurity Review is a no-cost, anonymous, annual self-assessment designed to measure capabilities and capability gaps of state, local, tribal and territorial (SLTT) governments’ cybersecurity programs. It is based on the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) and is sponsored by the Department of Homeland Security (DHS) and the MS-ISAC®.  

The target audience for the NCSR are personnel within the SLTT community who are responsible for the cybersecurity program within their organization. It is a requirement for grant recipients and sub-recipients under the State Homeland Security Program (SHSP) and Urban Area Security Initiative (UASI).

The NCSR takes approximately two to three hours to complete; however, the first time the NCSR is taken may take longer, as participants may need to gather information and consult other teams.

For more information about this program, see the MS-ISAC’s National Cybersecurity Review page.

(Source: MS-ISAC)

NSA releases cybersecurity information sheet on eliminating obsolete TLS configurations

The National Security Agency (NSA) has released a Cybersecurity Information (CSI) sheet on eliminating obsolete Transport Layer Security (TLS) configurations. The information sheet identifies strategies to detect obsolete cipher suites and key exchange mechanisms, discusses recommended TLS configurations, and provides remediation recommendations for organizations using obsolete TLS configurations.

CISA encourages administrators and users to review NSA's CSI sheet on Eliminating Obsolete TLS Protocol Configurations for more information.

(Source: CISA)

CISA Cybersecurity and Physical Security Convergence Guide for the complex threat environment

Cyber and physical assets can be targeted separately or simultaneously, resulting in compromised systems and/or infrastructure. When physical security and cybersecurity divisions operate in siloes, they lack a holistic view of security threats targeting their enterprise. As a result, successful attacks are more likely to occur and can lead to impacts such as compromise of sensitive or proprietary information, economic damage, disruption of National Critical Functions (NCFs), or loss of life.

CISA has developed the Cybersecurity and Physical Security Convergence Guide which describes the complex threat environment created by increasingly interconnected cyber-physical systems, and the impacts that this interconnectivity has on an organization’s cybersecurity and physical security functions. It also provides guidance on adopting a holistic cyber-physical security approach through a flexible framework.

(Source: CISA)

The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures.

Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.

Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites or the information, products or services contained therein. Reference to any specific commercial products, process or service by trade name, trademark, manufacturer or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the EMR-ISAC or the U.S. government.