|
Volume 21 — Issue 10 | March 11, 2021 |
|
|
As COVID-19 vaccine rollout continues across the country, threats to physical security could occur at any stage in the vaccine distribution process ‑ at manufacturing sites; during transportation; at clinics, pharmacies and healthcare facilities; and at Points of Distribution, or PODs.
The Cybersecurity and Infrastructure Security Agency (CISA) has just released two resources to assist vaccine facility owners and operators and POD managers to prepare for these physical security threats:
To maximize distribution efforts, many PODs will operate in publicly accessible areas such as pharmacies, community centers, stadiums, convention centers, and parking lots. For this reason, ensuring physical security at PODs will likely require additional planning, resources and coordination between POD managers and the Emergency Services Sector (ESS).
Depending on the jurisdiction, the roles of ESS organizations in supporting physical security at PODs will vary. To conserve resources, some facility operators may want to locate PODs at sites that already have some security, such as the parking lot of a hospital. However, law enforcement or private security agencies may dedicate some of their staff to PODs. EMS may provide an ambulance on site. Public works may provide traffic signs and barriers and coordinate traffic flow in and out of the sites.
These two resources from CISA can be used to facilitate pre-planning between ESS organizations and POD managers on their physical security requirements. They can also serve as reference for ESS organizations to set up and manage physical security at PODs.
(Source: CISA)
Maintaining situational awareness not only enhances real-time response efforts but also saves valuable time when a responder is injured or lost. However, this can be a significant challenge when line-of-sight is not possible. In these circumstances, assistive technology providing accurate, real-time positioning data can save lives.
The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) and NASA’s Jet Propulsion Laboratory recently completed successful field testing of a new location tracking technology to enhance situational awareness for first responders. The technology is called POINTER, which stands for Precision Outdoor and Indoor Navigation and Tracking for Emergency Responders.
POINTER is a precision positioning sensor that locates first responders via low frequency magnetic fields. Unlike some existing location-tracking technologies that use electromagnetic waves, POINTER can penetrate most natural materials like dirt, earth, water and thin metals from a standoff distance of 70 meters, determining an individual’s exact position within a structure within one meter of accuracy.
DHS S&T will continue field testing POINTER in the coming months, leading up to operational field testing with several fire response agencies throughout the country in the Spring and Summer of 2021. A commercial product is projected to be available in early 2022.
Version one will be designed for use in single family homes, warehouses and buildings that are three stories or less. Future versions of POINTER will accurately track first responders in high-rise buildings, outdoors and subterranean environments at a greater distance.
(Source: DHS S&T)
|
|
|
FEMA has introduced new educational map products designed to help coastal communities understand their unique flood risks:
According to the National Oceanic and Atmospheric Administration, in the United States between 1980 and 2019, seven of the ten most expensive disasters were caused by coastal storms. These maps explain coastal flood risk, the risk mapping, assessment and planning (MAP) process for flooding, and use of FEMA mapping data, mitigation planning, and other programs.
The Introduction to FEMA Coastal Floodplain Mapping is a FEMA tutorial focusing on coastal hazards. It identifies common features of flood maps for coastal areas and shows how to determine the flood zone and flood elevation for coastal properties. The tutorial explains how coastal risks are shown on various types of flood maps. It also outlines how coastal flood maps can be used, including identifying and prioritizing mitigation opportunities, making decisions about land use and development planning, calculating actuarial flood risk rates for structures and educating property owners about flood risks.
FEMA developed a second educational map product, Thinking Beyond Flood Maps—Using FEMA’s Coastal Data to Reduce Risk and Build Resilience, which explains how communities have used datasets and products developed by FEMA to see how diverse places from across the country have used these resources to reduce their risk.
For further assistance with flood mapping and insurance you can reach out to the FEMA Flood Map Information eXchange (FMIX). For additional guidance and resources on how to build for resilience in coastal areas, visit FEMA’s Building Science page.
(Source: FEMA)
There is a growing concern that many of the most likely terrorist threats will involve materials that are readily available in most communities around the country. To address these threats, the American College of Medical Toxicology (ACMT) and the Radiation Emergency Assistance Center/Training Site (REAC/TS) offer a course on emergency response to exposure from radioactive materials and toxic chemicals.
Chemical & Radiological Agents of Opportunity for Terrorism is a free, virtual course reviewing the medical and psychological consequences of exposures. The course includes practical information regarding scene safety for such agents as high potency fentanyl analogs, inhaled irritants, and proper decontamination of a victim contaminated with radiological material.
The target audience includes state and local first responders, emergency medical technicians, paramedics, emergency nurses, emergency physicians, pharmacists, emergency response coordinators, public health officials, public health professionals, industrial hygienists and others involved with chemical terrorism preparedness and response.
This two-day course is divided into two one-day segments, Radiological Emergency Medical Management and Chemical Agents of Opportunity for Terrorism.
Continuing education credit is available for each segment of the course individually. If you register before the dates for each course segment listed below, you will be granted access to the on-demand materials. The on-demand course materials will not be available until the dates listed below.
For additional information about this training opportunity, see the American College of Medical Toxicology website or the Course Flyer. To register for either or both course segments, visit ACMT’s course event page.
(Source: American College of Medical Toxicology)
|
|
CISA announces transfer of the .gov top-level domain from US General Services Administration
On March 8, the Cybersecurity and Infrastructure Security Agency (CISA) announced it will begin overseeing the .gov top-level domain (TLD) in April 2021. .gov is one of the six original TLDs in the internet’s domain name system (DNS). The TLD is actively used by each branch of the federal government, every state in the nation, hundreds of counties and cities, and many tribes and territories as they serve the public on the internet. The DOTGOV Act of 2020 shifted responsibility for managing .gov to CISA as the nation’s civilian cybersecurity agency.
Because the TLD is central to the availability and integrity of thousands of online services relied upon by millions of users, .gov is critical infrastructure for governments throughout the country and all aspects of its administration have cybersecurity significance. Under the actions required by the Act, CISA will work to increase security and decrease complexity for its government partners.
(Source: CISA)
FBI-CISA Joint Advisory on compromise of Microsoft Exchange Server
CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory (CSA) to address recently disclosed vulnerabilities in Microsoft Exchange Server. CISA and FBI assess that adversaries could exploit these vulnerabilities to compromise networks, steal information, encrypt data for ransom, or even execute a destructive attack.
The CSA places the malicious cyber actor activity observed in the current Microsoft Exchange Server compromise into the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework.
CISA recommends organizations to review Joint CSA: AA-21-069 Compromise of Microsoft Exchange Server as well as the CISA Remediating Microsoft Exchange Vulnerabilities web page for guidance on detecting, protecting against, and remediating this malicious activity.
(Source: CISA)
US seizes more domains used in COVID-19 vaccine phishing attacks
The United States Department of Justice has seized a fifth domain name used to impersonate the official site of a biotechnology company involved in COVID-19 vaccine development. The seized domain claimed to sell the REGEN-COV2 emergency antibody-drug cocktail developed by Regeneron Pharmaceuticals.
Since December 2020, the DOJ seized four other domains used by fraudsters for various nefarious purposes, including fraud, phishing attacks, and/or infecting targets’ computers with malware. Threat actors have also targeted organizations associated with COVID-19 vaccine research and involved in the COVID-19 vaccine cold chain.
(Source: BleepingComputer)
NIST charting federal vulnerability disclosure policy
To design a software vulnerability program for the federal government, the National Institute of Standards and Technology (NIST) is reviewing work done by the Defense and Homeland Security Departments.
The Internet of Things Cybersecurity Improvement Act of 2020, passed in December, tasks the NIST director with publishing guidelines for receiving, reporting, coordinating and publishing information related to security vulnerabilities - not limited to Internet of Things (IoT) devices - in agency systems as well as the resolving those issues.
The final product NIST recommends could be a software development office at the agency level or the government could turn to contractors to facilitate reporting.
(Source: GCN)
|
|
The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures. |
|
|
Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.
Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites or the information, products or services contained therein. Reference to any specific commercial products, process or service by trade name, trademark, manufacturer or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the EMR-ISAC or the U.S. government.
Section 504 Notice:
Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.
|
|
|
|
|
