|
Volume 21 — Issue 8 | February 25, 2021 |
|
|
During extreme weather events or natural disasters, emergency responders can be especially taxed. In the winter storms just experienced by Texas, many responders were answering calls for help while their own homes were flooding or without power.
Responder preparation ahead of a disaster will provide peace of mind so that responders can focus on the task at hand. While the severe weather in Texas was unusual and record-breaking, first responders everywhere can get called out at a moment’s notice at any hour of the day. Sometimes the emergency is a flood, hurricane or wildfire affecting your own family or home.
Ready.gov’s webpage Ready Responder offers resources and guides for both firefighters and law enforcement to help them be prepared when disasters occur. The Ready Responder Toolkit is designed to provide emergency response agencies with a series of planning tools to help prepare their personnel and their families for emergencies.
This toolkit contains sample newsletters, training activities, and several planning templates. Samples and planning templates can be used for developing both an organizational preparedness plan and an individual or family preparedness plan.
Once plans are created, don’t forget to practice them with your family and your organization.
(Source: Ready.gov)
Just as southern states are recovering from the power blackouts caused by winter storms, the National Institute of Standards and Technology (NIST) has released Version 4.0 of its Smart Grid Framework, a roadmap to strengthen the resilience of the nation’s power infrastructure through use of interoperability standards.
The Emergency Services Sector may benefit from the capabilities generated by “smart grid” interoperability.
The power grid is no longer a one-way distribution system of electricity from generator to consumer. It is now a complex system of systems, capable of two-way transmission, communication, and real-time monitoring. It utilizes a hybrid network that includes the traditional electricity infrastructure alongside utility-owned communications networks and the services of public broadband and wireless carriers.
NIST’s Framework and Roadmap for Smart Grid Interoperability Standards emphasizes the value of interoperability as the “crucial enabler” of many critical capabilities within this complex power infrastructure.
A Technical Note from NIST, just released this month, examined the benefits of utility-based interoperability investments for Hurricane Irma in 2017. The report conservatively estimated that Florida counties that made interoperability investments in their power infrastructure realized nearly $1.7 billion of operational resilience benefits in the form of avoided customer interruption costs.
Emergency communications may also reap future benefits from a modernized, interoperable power infrastructure. Earlier this month, the Cybersecurity and Infrastructure Security Agency (CISA) announced phase two of a pilot program for Next Generation Network Priority Services (NGN-PS) that will use the electric grid for emergency communications.
CISA’s pilot program will demonstrate how national security and emergency preparedness (NS/EP) communications signals can utilize the electrical power infrastructure as a backup to existing communications infrastructure, while prioritizing first responder traffic over all other traffic. The program is part of a larger effort to provide priority services for voice over Internet Protocol (VoIP)-based networks.
(Sources: NIST, CISA)
|
|
|
The Department of Homeland Security (DHS) FY2021 grant funding focuses on terror attacks and major disasters.
The grant programs provide funding to state, local, tribal and territorial governments, as well as transportation authorities, nonprofit organizations and the private sector, to improve the nation’s readiness in preventing, protecting against, responding to, recovering from and mitigating terrorist attacks, major disasters and other emergencies.
As the threats we face evolve, so too must the grant programs intended to prepare communities for those threats. To that end, DHS has identified five critical priority areas for attention in the FY2021 grant cycle: cybersecurity, soft targets and crowded places, intelligence and information sharing, domestic violent extremism, and emerging threats.
The allocations for FY2021 include both competitive and non-competitive awards.
Non-competitive grants include:
- State Homeland Security Program (SHSP).
- Urban Area Security Initiative (UASI).
- Emergency Management Performance Grant (EMPG) Program.
- Intercity Passenger Rail (IPR) Program – Amtrak.
Competitive grants include:
- Operation Stonegarden.
- Tribal Homeland Security Grant Program.
- Nonprofit Security Grant Program.
- Port Security Grant Program.
- Transit Security Grant Program.
- Intercity Bus Security Grant Program.
All preparedness funding notices can be found at www.grants.gov. Final submissions must be made through the non-disaster grants system located at https://portal.fema.gov.
Further information on DHS’s preparedness grant programs is available at www.dhs.gov and http://www.fema.gov/grants.
If you have any questions, please contact FEMA Office of External Affairs:
- Congressional Affairs at (202) 646-4500 or at FEMA-Congressional-Affairs@fema.dhs.gov
- Intergovernmental Affairs at (202) 646-3444 or at FEMA-IGA@fema.dhs.gov
- Tribal Affairs at (202) 646-3444 or at FEMA-Tribal@fema.dhs.gov
- Private Sector Engagement at (202) 646-3444 or at nbeoc@max.gov
(Source: DHS)
The Federal Bureau of Investigation Weapons of Mass Destruction Directorate (FBI WMDD) Chemical and Biological Countermeasures Unit (CBCU) developed online training based on case examples of subjects who possessed or attempted to possess chemical and biological materials for nefarious purposes.
The goal of the presentation is to inform the audience on the importance of information sharing, capacity building, and other situational awareness capabilities that exist in every state and territory. Additionally, this presentation will provide audience members relevant triggers and tripwires of the above-mentioned threats, discuss tripwire information that was provided, and how local WMD Coordinators can assist in mitigating these threats in their area of responsibility.
This training is one of many initiatives the FBI WMDD leads to prevent and neutralize WMD threats against the homeland and interests abroad. WMDD focuses on outreach, intelligence, operational response, and investigative capabilities designed to keep WMD threats from becoming a reality. Through creating an avenue of information sharing with first responders, specifically medical staff, this will allow for the potential to mitigate the use of chemical and biological agents for WMDs. This is a shared commitment between the federal government, the private sector, and members of the community, including law enforcement, hazmat, and first responders.
This presentation will occur on Wednesday, March 24, 2021 from 1:00 p.m. to 2:30 p.m. EST. Please note that Daylight Saving Time (+1 hour) is in effect during this time.
For more information about this training event, visit the FBI WMDD CBCU webpage.
To register for this training event, visit the registration page. The participant call-in number is 800-768-3395.
(Source: FBI WMDD CBCU)
|
|
Telephony Denial of Service Attacks can disrupt emergency call center operations
A Telephony Denial of Service (TDoS) attack is an attempt to make a telephone system unavailable to the intended user(s) by preventing incoming and/or outgoing calls. The objective is to keep the distraction calls active for as long as possible to overwhelm the victim’s telephone system, which may delay or block legitimate calls for service. The resulting increase in time for emergency services to respond may have dire consequences, including loss of life
Public Safety Answering Points (PSAPs) are call centers responsible for connecting callers to emergency services, such as police, firefighting, or ambulance services. PSAPs represent key infrastructure that enables emergency responders to identify and respond to critical events affecting the public.
TDoS attacks pose a genuine threat to public safety, especially if used in conjunction with a physical attack, by preventing callers from being able to request service. The public can protect themselves in the event that 911 is unavailable by identifying in advance non-emergency phone numbers and alternate ways to request emergency services in their area.
(Source: IC3.gov)
US cities disclose data breaches after vendor's ransomware attack
Automatic Funds Transfer Services (AFTS) is used by many cities and agencies in Washington and other states as a payment processor and address verification service. As the data is used for billing and verifying customers and residents is wide and varied, this attack could have a massive and widespread impact.
The attack occurred around February 3 when a cybercrime gang known as 'Cuba ransomware' stole unencrypted files and deployed the ransomware. The cyberattack has since caused significant disruption to AFTS' business operations, making their website unavailable and impacting payment processing.
Due to the large amount of potential data allegedly stolen by the Cuba Ransomware operation, cities utilizing AFTS as their payment processor or address verification service have begun disclosing potential data breaches. The potential data exposed varies depending on the city or agency, but may include names, addresses, phone numbers, license plate numbers, VIN numbers, credit card information, scanned paper checks, and billing details.
(Source: bleepingcomputer.com)
NIST offers tools to help defend against state-sponsored hackers
Nations around the world are adding cyberwarfare to their arsenal, employing highly skilled teams to launch attacks against other countries. These adversaries are also called the “advanced persistent threat,” or APT, because they possess the tools and resources to pursue their objectives repeatedly over an extended period, adapting to defenders’ efforts to resist them.
Vulnerable data includes the sensitive but unclassified information managed by government, industry and academia in support of various federal programs. Now, a finalized publication from the National Institute of Standards and Technology (NIST) provides guidance to protect such “controlled unclassified information” (CUI) from the APT. NIST’s Special Publication (SP) 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST SP 800-171, offers a set of tools designed to counter the efforts of state-sponsored hackers and complements another NIST publication aimed at protecting CUI.
(Source: NIST)
CISA, FBI share recommendations after water treatment hack
The agencies say updating to the latest operating system is important, even if it wasn’t a factor in this particular incident.
The first thing federal agencies are advising organizations to do following an intruder’s attempt to poison the water supply of a small Florida city is to update their Windows operating system.
The action is listed as the first mitigation item in a Thursday alert with observations of the incident from the FBI, the Cybersecurity and Infrastructure Security Agency, the Environmental Protection Agency, and the Multi-State Information Sharing and Analysis Center.
An operator detected the event, which occurred on Feb. 5, in time to avoid a dangerous overload of sodium hydroxide, the main ingredient in drain cleaners used in small amounts to moderate pH levels. Cybersecurity professionals say it seems to be the work of an amateur or insider, but it highlights dire weaknesses in critical infrastructure and has federal policy-makers paying attention to industrial control systems, such as those also used by electric utilities, which are often managed by local municipalities.
(Source: NextGov)
|
|
The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures. |
|
|
Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.
Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites or the information, products or services contained therein. Reference to any specific commercial products, process or service by trade name, trademark, manufacturer or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the EMR-ISAC or the U.S. government.
Section 504 Notice:
Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.
|
|
|
|
|
