|
Volume 21 — Issue 6 | February 11, 2021 |
|
|
A NIST report in 2019 stated that the prevalence of PTSD in emergency responders is approximately three times that of the United States adult population and roughly comparable to Gulf War veterans.
Mental health resources are critical to emergency services personnel, especially when a line-of-duty death occurs.
In 2006, the National Fallen Firefighter Foundation (NFFF) began training personnel to develop a team of trained responders in each state who could respond within six hours of a line-of-duty death. This led to the Local Assistance State Team (LAST) program, whose support now includes the IC to IC Network.
NFFF created the IC to IC Network to provide assistance to incident commanders who have experienced a line-of-duty death of a firefighter under their command. This is a peer network connecting incident commanders who recently experienced a line-of-duty death with a trained peer who previously lost a firefighter under their command.
As part of the program, peer incident commanders share information with the incident commander who experienced the line-of-duty death including:
- Incident follow up and investigations.
- Providing support for the fallen firefighter’s family and co-workers.
- Funeral and memorial service arrangements
- Handling requests for information from media and community.
- Coping with the short and long-term emotional impacts of the experience.
Visit the NFFF website for more information on the LAST program and the IC to IC Network.
(Source: NFFF)
The CDC will conduct a National Forum on Covid-19 Vaccine from February 22 through February 24, 2021, as a virtual event to unite representatives from across the United States government with state, local, tribal and territorial leaders and representatives from public health, healthcare systems, national and community-based non-governmental organizations, and other partners who all have a role in supporting COVID-19 vaccination. This event will bring together practitioners with those who can champion vaccine uptake in all communities.
The overall goals of the forum are to promote the most effective strategies to:
- Build trust and confidence in COVID-19 vaccines.
- Use data to optimize vaccine implementation.
- Provide practical information for increasing vaccine access in communities nationwide, especially to those at increased risk of COVID-19 disease.
This three-day forum will include several plenary sessions open to the public, as well as Practitioner Town Halls, which will be limited in size and will provide opportunities to engage with experts on lessons learned in vaccine implementation.
This forum is free, but registration is required by February 16, 2021 at midnight EST.
In support of SLTT partners, the CDC also just released an annex to its operational guidance for the COVID-19 Vaccination Program in January 2021. The COVID-19 Vaccination Program Interim Operational Guidance for Jurisdictions Playbook is targeted to SLTT public health programs and their partners who are currently operationalizing a vaccination response to COVID-19 within their jurisdictions.
The new annex to the Playbook focuses on several areas for planning consideration, including:
-
Decision-making guidance for transitioning vaccination rollout among priority groups. Planning steps in transitioning from vaccination of initial populations to additional priority populations, in accordance with the CDC’s recommendations for who should be vaccinated first.
-
Strategies for vaccine allocation among private and public partners. Includes how SLTT vaccination programs should coordinate with the CDC’s Federal Retail Pharmacy Program for COVID-19, whose vaccine allocations are separate from jurisdictions’ weekly allocations, to effectively reach priority populations.
-
Engaging priority populations and increasing vaccine confidence. Considerations for updating communication strategies, key messages, and education and outreach activities to increase awareness in priority populations and build vaccine confidence.
(Source: CDC)
|
|
|
During the month of February, Central United States Earthquake Consortium (CUSEC) will promote earthquake awareness, including educational resources for increasing resilience of the built environment and facilitating recovery from earthquakes. CUSEC is providing webinars that are intended to educate the public, private sector, first responders, and government.
A webinar on a new technology of interest to those involved in hazard mitigation and planning will be held on February 25 from 1:30 p.m. to 3:30 p.m. CST, featuring the Rapid Visual Screening (RVS) App used to screen buildings for potential earthquake vulnerabilities. For more information and to register, visit CUSEC’s registration page for this webinar.
Also relevant to earthquake resilience is a publication released in January 2021 in support of the National Earthquake Hazards Reduction Program (NEHRP), titled Recommended Options for Improving the Built Environment for Post-Earthquake Reoccupancy and Functional Recovery Time. This report is a joint effort by the Federal Emergency Management Agency (FEMA) and the National Institute of Standards and Technology (NIST) to chart a path toward superior earthquake recovery.
NIST and FEMA were given responsibility to determine how to achieve greater community resilience in the event of an earthquake. For the last century, seismic building codes and practices have primarily focused on saving lives by reducing the likelihood of significant damage or structural collapse. Recovery of critical functions provided by buildings and infrastructure have received less attention.
The report recommendations call for members of the government, codes and standards organizations, and industry to work together in developing a national framework for setting and achieving goals based on recovery time. This involves first identifying what level of function provided by buildings and lifelines should be maintained after an earthquake, and then determining an acceptable time for them to be out of commission.
(Source: CUSEC, NIST)
The FEMA National Exercise Division is now accepting Spring 2021 exercise assistance nominations to the National Exercise Program. Spring nomination round submissions are due by April 1 and decisions will be sent by May 3.
The program offers no-cost assistance to jurisdictions for exercise design, development, execution and evaluation to validate capabilities across all mission areas. The program will hold additional exercise nomination rounds in the fall of 2021 and spring of 2022. Instructions for how to submit a nomination are on the National Exercise Program website.
FEMA is hosting two 60-minute webinars for state, local, tribal, territorial and other whole community partners to discuss the nomination process. The webinars will also cover National Exercise Program supporting activities for conducting exercises in a pandemic environment, and approved 2021-2022 Principals’ Strategic Priorities. The dates for the webinars are:
- Webinar 1: 4 p.m. EST Feb. 25
- Webinar 2: 2 p.m. EST March 11
To register for the webinars, visit the National Exercise Program webinar page. For questions, send an email to the National Exercise Division.
(Source: FEMA National Exercise Program)
|
|
Five critical questions raised by water treatment facility hack
As the investigation continues into the hacking of a water treatment facility in Oldsmar, Florida, cybersecurity experts say the incident points to the urgent need to enhance operational technology (OT) security. A hacker remotely accessed a system that controls the chemicals that are added to the water to make it safe to drink and increased the level of sodium hydroxide - lye - from 100 parts per million to 11,100 parts per million.
The hacker apparently used TeamViewer to gain remote access to the water treatment facility's network. TeamViewer has long been an attractive target for attackers, because the software can give administrators full, remote access to and control of systems. As a result, if TeamViewer is not properly secured, or a hacker manages to obtain credentials, the intruder can achieve remote control over systems.
Public sector organizations that provide critical services - which are largely unregulated for security - need some scrutiny on their IT and OT security. Here are five critical questions raised by this water treatment facility hacking incident:
- Was Use of Remote Access Appropriate?
- Did Hacker Obtain Credentials?
- What Security Steps Are Most Critical?
- Is OT Security Being Neglected?
- Should CISA Get More Involved?
Read the full article for answers to each of these questions.
(Source: Databreachtoday.com)
Scammers selling fake COVID-19 vaccination cards for just $20
According to researchers, scammers are constructing fraudulent online stores to sell fake COVID-19 vaccine cards to those who do not want to receive the vaccine. A security firm found that the decentralized nature of the United States healthcare system has allowed for this to happen, as the cards only need to carry the logo from the Centers for Disease Control and Prevention. As of right now, 13 percent of Americans say they will refuse the vaccine. Scammers have capitalized on the opportunity and have begun selling fake immunization cards for those who want to enjoy the benefits. Though selling a printed card is not necessarily illegal, the pricing, logo and cardstock of these ‘vaccination records’ demonstrate a level of intent to pass as legitimate cards from the CDC.
(Source: OODA Loop)
Microsoft to add ‘Nation-State Activity Alerts’ to Defender
Microsoft is working on adding a new security alert to the dashboard of Microsoft Defender for Office 365 that will notify companies when their employees are being targeted by nation-state threat actors. If a user is targeted or compromised in a nation-state attack, Microsoft will send them an email about the attack, along with basic advice they need to take to re-secure their inbox and devices. Microsoft said in 2019 that it usually notifies around 10,000 users per year of nation-state attacks. But the problem with this notification procedure is that it relies on users reading their email and taking action, which doesn't always happen. For organizations who are customers of Microsoft's Office 365 service, the OS maker now plans to add these notifications inside the dashboard of Microsoft Defender for Office 365, the cloud-based security platform that scans a company's Office 365 accounts for threats. This way, the notification will also appear for system administrators and security teams, who can act on it right away.
(Source: ZDNet)
SolarWinds attack reinforces importance of Principle of Least Privilege
The SolarWinds attack is historic for its multidimensional sophistication. As we continue to learn of new victims, techniques, and implications, it's important that chief information security officers (CISOs) and security professionals take stock of their defense-in-depth strategies. One critical element of the approach is the principle of least privilege (POLP). The concept of limiting access, or 'least privilege,' is simply to provide no more authorizations than necessary to perform required functions.
Here are three important lessons about how to think about and follow the principle of least privilege.
-
Work Toward Zero-Trust Maturity. Zero trust is based on the premise that no one has standing privilege, not even administrators. For it to work, users or applications submit access requests that are evaluated.
-
Consider Humans and Machines. Every organization should look to change its service account passwords. It’s so important to implement least-privilege policies for all identities, but especially for machine identities.
-
Apply POLP in Product Design and Development. When thinking about where to apply the principle of least privilege, DevOps should be high on the priority list. The SolarWinds attack started with a compromised software build process that allowed the APT to insert malicious code into an Orion software update.
(Source: Darkreading.com)
|
|
The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures. |
|
|
Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.
Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites or the information, products or services contained therein. Reference to any specific commercial products, process or service by trade name, trademark, manufacturer or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the EMR-ISAC or the U.S. government.
Section 504 Notice:
Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.
|
|
|
|
|
