|
Volume 21 — Issue 19 | May 13, 2021 |
|
|
May 2021 is the 41st annual Building Safety Month, recognized by the President of the United States in an April 30 Proclamation as a time to recognize the importance of strengthening, repairing and modernizing our buildings and infrastructure. The Presidential Proclamation encourages all citizens, government agencies, businesses, nonprofits and other interested groups to join in activities that raise awareness about building safety.
All communities need building codes to protect their citizens from disasters like fires, weather-related events and structural collapse. Building codes are society's best way of protecting homes, offices, schools, manufacturing facilities, stores and entertainment venues.
Each year in May, the International Code Council (ICC) and partners from the building construction, design and safety communities come together with corporations, government agencies, professional associations and nonprofits to promote building safety through proclamations, informational events, legislative briefings and more. This annual campaign reinforces the need for the adoption of modern, regularly updated building codes, and helps individuals, families and businesses understand what it takes to create safe and sustainable structures.
Each week this month will feature a specific topic:
- Week 1: Energy and Conservation.
- Week 2: Training the Next Generation.
- Week 3: Water safety.
- Week 4: Disaster Preparedness.
Throughout the month-long campaign, a series of free webinars are being offered. Upcoming webinars include:
The ICC promotes its social media campaign with hashtags #CODEversation and #BuildingSafety365, and offers free toolkits with promotional and educational materials, including:
- A Campaign Toolkit with templates for news releases and social media.
- A Safety Toolkit with free brochures, worksheets, tip sheets and other outreach materials for building safety issues such as winter water safety, alarm safety, electricity, permits and more.
- A Kid’s Corner, with educational materials for schools and children on building safety.
More information and resources are available on the ICC’s website.
(Source: ICC)
Those in the Emergency Services Sector responsible for hazardous materials response, emergency medical services, and inspections involving hazardous chemicals sometimes rely on databases and decision-making tools related to the toxicity of chemicals to help them make risk-based decisions about chemical safety. The ability to prevent harmful exposures, protect responders and the public and deliver life-saving emergency medical care depends on readily available, accurate and user-friendly sources of information on the toxicity of chemicals.
Individual computational models typically excel at predicting toxicity of certain types of chemicals, but no single approach provides accurate predictions for the entire chemical universe. To address this challenge, researchers at the National Toxicology Program (NTP) Interagency Center for the Evaluation of Alternative Toxicological Methods (NICEATM), part of the National Institutes of Health (NIH), National Institute of Environmental Health Sciences (NIEHS), recently led an international project to build computational models to predict whether substances might be toxic when ingested. Scientists from 35 institutions representing eight different countries developed 139 predictive models and combined the strengths of each into a consensus model to improve prediction accuracy.
The outcome of the project was the Collaborative Acute Toxicity Modeling Suite (CATMoS). CATMoS identifies chemicals that are likely to be either very toxic or nontoxic. It can predict how a chemical might be classified according to the two different hazard classification systems used to determine the messages in chemical hazard labeling. CATMoS can also generate a numerical estimate of toxicity.
The research on development and testing of CATMoS was recently published in the NIEHS’ Environmental Health Perspectives. One major benefit of CATMoS’ predictive capabilities is that it may substitute for the traditional acute systemic toxicity testing which serves as the basis for regulatory hazard classification, labeling, and risk management. Acute systemic toxicity testing methods are costly, time consuming and involve extensive testing on animals. The results of the study showed CATMoS performed accurately and robustly when compared to results from animal studies.
CATMoS’ toxicity predictions are available in the Department of Health and Human Services National Toxicology Program’s recently updated Integrated Chemical Environment (ICE) which provides data and tools to help with development or evaluation of new approaches for assessing chemical safety. It will also be available via the Environmental Protection Agency’s CompTox Chemicals Dashboard. Users who would like to generate CATMoS toxicity predictions of their own chemicals can do so by using the Open Structure-activity/property Relationship App (OPERA).
While this research project used CATMoS to predict a chemical’s toxicity when ingested, future research will focus on predicting toxicity of chemicals by inhalation.
(Source: NIEHS)
|
|
|
Hurricane season has arrived, and with it comes the need to prepare communities for emergency evacuations and shelter-in-place with effective emergency operations plans, evacuation planning, emergency communication and public outreach strategies. In April 2021, the Federal Emergency Management Agency (FEMA) released Improving Public Messaging for Evacuation and Shelter-in-Place: Findings and Recommendations for Emergency Managers from Peer-Reviewed Research. The purpose of this research report is to provide emergency managers with:
- Findings on public understanding and decision-making for evacuation and shelter-in-place protective actions.
- Recommendations for improving public messaging to inform the public about risk and to increase compliance with instructions to evacuate or to shelter-in-place.
FEMA tasked Argonne National Laboratory (Argonne) with conducting a literature review of published peer-reviewed research, summarizing the research findings and developing related recommendations. Some recommendations are best implemented before an event, while some suggest ways to improve response operations. The research team looked for answers to questions related to how warning messages and information affect beliefs and behaviors, how awareness and perceptions of threats and hazards affect decision-making, and ultimately, what situational factors tend to support positive public response to evacuation and shelter-in-place guidance.
Some key recommendations to emergency managers include:
- Understand the potential impediments to action and take steps to address these barriers in advance.
- Make evacuation decisions easier by only issuing mandatory evacuation orders.
- Provide residents and tourists with multiple ways to know if they are in a zone under an evacuation order.
- Use multiple, authoritative messaging channels that include photos or links to other visual information about the hazard and encourage individuals to share this information with friends and families.
- Provide frequent updates with information that can reduce the stress of the unknown related to evacuation.
Although this literature review identified similarities and differences in attitudes and behaviors related to multiple types of hazards, the largest set of research is associated with hurricanes. The research team acknowledges more research should be conducted on little- or no-notice incidents, such as wildfires, earthquakes and tornadoes, as well as manmade emergencies such as chemical spills.
Read the full report on FEMA’s website, in its “Planning Guides” resource collection.
(Source: FEMA)
The Cybersecurity and Infrastructure Security Agency (CISA) is offering a webinar on Thursday, June 24, 2021 from 1:00 to 2:00 p.m. EDT, entitled “Building Counter-IED Capabilities with the Security and Resiliency Guide (SRG).”
CISA’s SRG was designed to help stakeholders take proactive steps to enhance their security and resiliency for potential IED incidents by providing guidance and resources consistent with broader all-hazards preparedness and risk management principles. Developed in collaboration with the FBI, the guide integrates the contributions of numerous counter-IED (C-IED) subject matter experts, stakeholders, and professional communities.
This presentation will introduce attendees to the ten SRG C-IED goals, give examples of how the document can be used to help stakeholders plan and implement C-IED activities, and cover the variety of C-IED resources available. The presentation will also discuss the five annexes to the SRG C-IED that cater to specific groups, including those in the healthcare and public health sector, lodging industry, outdoor event sponsors, sports leagues, venues and businesses (movie theatres, convention centers, etc.) where there is public assembly.
Attendees will:
- Develop a greater understanding of the IED threat, the C-IED preparedness planning process, and specific resources to improve their capabilities.
- Obtain information to support existing/new preparedness efforts, such as risk assessments, planning, equipment purchases, and staff training.
- Learn how the SRG and associated annexes can be used to improve collaboration and communication with venue counterparts, community first responders, and government agencies.
This webinar is free and offered through Adobe Connect. For more information and to register for this webinar, visit CISA’s registration page.
(Source: CISA)
|
|
CISA releases advisory on DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) released a cybersecurity advisory, “DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks.” CISA and FBI are urging critical infrastructure asset owners and operators to adopt a heightened state of awareness and implement the recommendations listed in this advisory.
Recently, DarkSide actors deployed DarkSide ransomware against a U.S. pipeline company’s information technology (IT) network. In response to the cyberattack, the company proactively disconnected certain operational technology (OT) systems to ensure the safety of the system. At this time, there are no indications that the threat actor moved laterally to OT systems.
This joint advisory provides technical details on DarkSide actors and some of their known tactics and preferred targets. In addition to the cybersecurity advisory, CISA and FBI urge critical infrastructure asset owners and operators to review the following resources for best practices on strengthening cybersecurity posture:
Victims of ransomware should report it immediately to the MS-ISAC Security Operations Center (SOC), CISA, a local FBI Field Office, or a Secret Service Field Office. To request incident response resources or technical assistance related to these threats, contact CISA at CISAServiceDesk@cisa.dhs.gov.
(Source: CISA)
Joint NCSC-CISA-FBI-NSA cybersecurity advisory on Russian SVR activity
CISA has joined with the United Kingdom's National Cyber Security Centre (NCSC), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA), in releasing a Joint Cybersecurity Advisory on Russian Foreign Intelligence Service (SVR) tactics, techniques, and procedures. Further TTPs associated with SVR cyber actors provides additional details on SVR activity including exploitation activity following their initial compromise of SolarWinds Orion software supply chain.
CISA has also released Fact Sheet: Russian SVR Activities Related to SolarWinds Compromise that provides summaries of three key joint publications that focus on SVR activities related to the SolarWinds Orion supply chain compromise.
CISA strongly encourages users and administrators to review the joint advisory as well as the other two advisories summarized on the fact sheet for mitigation strategies to aid organizations in securing their networks against Russian SVR activity.
(Source: CISA)
US, UK agencies warn Russian hackers are adapting based on government advisories
The Russian hacker group behind the historic SolarWinds intrusion that affected nine federal agencies keeps adjusting their tactics based on government advisories, U.S. and U.K. cybersecurity-focused agencies warn.
A joint advisory issued Friday, May 7, by the U.K.’s National Cyber Security Centre, the Cybersecurity and Infrastructure Security Agency, the National Security Agency and the FBI specifically said Russia’s Foreign Intelligence Service (SVR) changed its behavior after the release of a July 2020 advisory on the group, also known as APT29. The U.S. and U.K. attributed the SolarWinds campaign to the Russian threat actor in April. The July advisory warned they were also targeting COVID-19 vaccine development.
In general, the agencies said the adversary is leveraging the government advisories to exploit vulnerabilities—including those Microsoft has associated with Chinese hackers—and encouraged organizations to more quickly update their systems.
On the top of the advisory’s list of mitigations are familiar instructions: Organizations should patch faster and implement cybersecurity basics.
(Source: NextGov)
Cyberattacks on US police departments are a huge overlooked national security threat
Recently, the Washington D.C. Metropolitan Police Department made headlines when they announced the agency’s computer network had been hacked, with cyberattackers reportedly making off with 250 gigabytes of sensitive data, including the identity of police informants. The Babuk group claimed responsibility for the cyberattack, threatening to release the stolen data to local criminal gangs unless Metro police paid an unspecified ransom.
The hackers posted screenshots on their website, suggesting the stolen data included intelligence reports, information on gang conflicts, jail census records, and other administrative files. The group said police had until April 28 to pay an unreported ransom or “we will start to contact gangs in order to drain the informants.”
Rather than follow through with their initial threat, on April 28, the Babuk group published the personnel files of five current and former offers. Assumingly, when Metro police failed to meet hacker’s demands. The data breach is a devastating blow to Metro criminal intelligence.
Law enforcement agencies should look at cybersecurity like they do when dealing with criminal activity: prevention is ideal, but detection is a must. Two no-cost services immediately available for state, local, tribal, and territorial government agencies (SLTTs) that have proven to be extremely effective against ransomware includes implementing the CIS Controls and Benchmarks to harden systems and reducing the attack surface and implementing the Malicious Domain Blocking and Reporting (MDBR) service. The MS-ISAC blocks tens of millions of malicious domain requests each month for SLTT members.
(Sources: MS-ISAC, The Debrief)
|
|
The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures. |
|
|
Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.
Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites or the information, products or services contained therein. Reference to any specific commercial products, process or service by trade name, trademark, manufacturer or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the EMR-ISAC or the U.S. government.
Section 504 Notice:
Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.
|
|
|
|
|
