View as a webpage / Share

Volume 21 — Issue 20 | May 20, 2021

COPS releases report to Congress on Law Enforcement Officer Suicide

The Community Oriented Policing Service (COPS) released a special report last month, Law Enforcement Suicide: 2020 Report to Congress. The report was requested due to concerns about the increasing number of suicides among first responders, and a need to assess the availability of existing mental health resources for law enforcement agencies specifically.

Law enforcement officers face a number of unique occupational hazards. Many of these are psychological, including higher exposure than the general population to stress and trauma. Law enforcement officers are at higher risk for conditions such as post-traumatic stress disorder, depression, anxiety, cardiovascular disease and addiction.

The purpose of the report is to help the Congress better understand what the law enforcement profession is currently doing to prevent suicide and protect law enforcement officer mental health, as well as what more can or should be done. It provides a review of peer responder programs and makes recommendations for establishing evidence-based behavioral health and suicide prevention efforts for both law enforcement and other first responders.

First, this report presents what we know about peer responder programs in law enforcement— including train-the-trainer programs—and partnerships with behavioral health clinicians designed to support law enforcement agency employees in the wake of a crisis.

Second, it assesses the availability of mental health resources for law enforcement personnel and the use of counseling and other programs focused on suicide prevention within law enforcement agencies across the country.

Finally, the report includes a look at the efforts initiated since the passage of the Law Enforcement Mental Health and Wellness Act, signed into law in January 2018. It identifies five key elements that are needed to assist the Department of Justice in its ongoing efforts to aid state and local agencies in implementing behavioral health and suicide prevention programs for first responders:

1. Increase support for peer-led prevention programs that build resiliency, educate gatekeepers, and capitalize on the strong peer networks that officers already rely on for support and advice.
2. Support efforts to maximize the availability and variety of peer support programs that are backed by clinical partners so that agency size and location is not a barrier to service access.
3. Similarly, support state and national programs for retirees.
4. Improve privilege laws at both federal and state levels so that help-seeking behavior is protected.
5. Strengthen confidentiality policies within agencies while building culturally competent programs.

(Source: COPS)

CMS waiver authorizes reimbursements to EMS agencies for treatment-in-place without transport during the COVID-19 Public Health Emergency

The Centers for Medicare and Medicaid Services (CMS) released a waiver on Medicare treatment-in-place (TIP) for ground ambulance services, effective retroactively to March 1, 2020 and remaining in effect for the duration of the COVID-19 Public Health Emergency (PHE). The authority for the waiver was given to CMS as part of the American Rescue Plan Act of 2021, signed on March 11, 2021.

The waiver provides reimbursement to ambulance services for 911 responses made to patients who were not transported to local emergency departments due to community-wide protocol designed to preserve health system capacity during the COVID-19 pandemic. In order to be eligible for these reimbursement costs from CMS, the waiver requires:

• The ground ambulance service was furnished in response to a 911 call (or the equivalent in areas without a 911 call system).
• The patient would have been transported to a destination permitted under Medicare regulations but such transport didn’t occur as a result of community-wide emergency medical service (EMS) protocols due to the COVID-19 PHE.

In addition to meeting the above requirements, EMS agencies have to do their homework to ensure that any community-wide protocols they may be operating under to encourage treatment-in-place rather than transport to a hospital are clearly documented ahead of time.

The value of TIP within the American Rescue Plan Act was scored by the Congressional Budget Office with a value of $10 million. The CMS waiver and its payments will probably not make EMS whole for the hard work and sacrifice it has delivered during the COVID-19 PHE over the last year. However, the CMS waiver is still very significant to EMS agencies for a number of reasons:

• The President of the American Ambulance Association (AAA), in a briefing last month for the 2021 EMS On the Hill Day, highlighted that the majority of patients served by EMS are on Medicare and add-ons to the Medicare payments are therefore critical to EMS agencies.
• The waiver, even if only temporary during the PHE, acknowledges that a patient has been provided with treatment without transport, which emphasizes EMS agencies’ role as more than just an ambulance transport function.
• Treatment-in-place is part of CMS’s new payment model, Emergency Triage, Treat and Transport, or ET3. This model has potential cost savings for both EMS and CMS, as well as the potential for improved services for patients.

The passing of legislation making the CMS waiver possible was the product of collaborative work between CMS and the National Association of Emergency Medical Technicians (NAEMT), AAA, the International Association of Fire Chiefs and the International Association of Fire Fighters.

(Source: EMS1.com)

Highlights

COPS releases report to Congress on Law Enforcement Officer Suicide

CMS waiver authorizes reimbursements to EMS agencies for treatment-in-place without transport during the COVID-19 Public Health Emergency

NCSC releases guidance on Insider Threat Mitigation for US Critical Infrastructure Entities

Webinars: FEMA Exercise Starter Kit for Workshop on Reconstituting Operations during the COVID-19 pandemic

Cyber Threats

The U.S. Fire Administration operates the Emergency Management and Response – Information Sharing and Analysis Center (EMR-ISAC).

For information regarding the EMR-ISAC visit www.usfa.dhs.gov/emr-isac or contact the EMR-ISAC office at: (301) 447-1325 and/or fema-emr-isac@fema.dhs.gov.

NCSC releases guidance on Insider Threat Mitigation for US Critical Infrastructure Entities

The Office of the Director of National Intelligence (ODNI), National Counterintelligence and Security Center (NCSC) released a report in March 2021, Insider Threat Mitigation for U.S. Critical Infrastructure Entities: Guidelines from an Intelligence Perspective.

The new publication focuses on the human threats to U.S. critical infrastructure, including employees at critical infrastructure organizations who may be exploited by foreign adversaries.  The 16 critical infrastructure sectors feature not only physical assets like roads and fiber, but also the intellectual capital behind them. The people involved in health care, energy research, food production, and many more areas are among the primary targets of foreign adversaries who seek to gain access to our critical resources for nefarious purposes.

Additionally, the report highlights that much of U.S. critical infrastructure is privately-owned. Therefore, securing the critical infrastructure is not solely a function of the U.S. Intelligence Community or even the federal government. Solutions must involve the private sector and other stakeholders.

To help guard against such threats, the publication recommends that critical infrastructure entities, at a minimum:

• Have an insider threat program that identifies individual anomalous behavior at an early stage and the resources to respond appropriately.
• Respond in a way that fosters trust across the organization and leverages the workforce as a partner.

The first step of successful mitigation is threat awareness. Security posture assessments can help determine if your organization performs “intelligence-like” functions -- the ability to gather and process information relevant to organizational security. Key elements of an intelligence function to enhance critical infrastructure security include:

• Creating a security intelligence program to analyze threats and vulnerabilities to personnel, physical, and information disciplines.
• Conducting trend analysis of frequent security violations and patterns of “close call” incidents.
• Developing a communications plan to educate the workforce of security concerns.
• Integrating multiple organizational disciplines (human resources, wellness, Information Technology, etc.) into security planning and operations.
• Staying current on internal and external threats (and looking over the horizon).
• Ensuring resources are available for cross-organization learning.
• Incorporating full civil liberties and privacy protections into security and intelligence-like programs.

(Source: ODNI)

Webinars: FEMA Exercise Starter Kit for Workshop on Reconstituting Operations during the COVID-19 pandemic

FEMA has developed an Exercise Starter Kit with sample documents and guidance your organization can use to conduct your own planning workshop on returning to full operations, also called “reconstitution.”

The Starter Kit is designed to achieve the following objectives:

• Assess actions needed to safely return to full operations according to appropriate time-phased guidelines.
• Determine how plans, policies and practices may need to be adapted to safeguard the workforce during reconstitution, consistent with appropriate COVID-19 guidance and recommended community mitigation measures.
• Identify potential mitigating measures or solutions to remaining risks or challenges that adversely impact our ability to perform all functions, including providing services to customers and the public.

Suggested discussion questions for the workshop build upon reconstitution planning principles and relevant White House guidance for employers included in the Guidelines for Opening Up America Again. The discussion questions focus on four discussion themes: People; facilities; messaging and communications; and resources and logistics. The desired outcome from the workshop is a roadmap for a functional reconstitution plan tailored to the organization’s unique needs.

The Exercise Starter Kit includes a sample facilitator guide and a set of PowerPoint slides for conducting the workshop and a Fact Sheet on Reconstituting Operations. The slide set is designed to be adapted and customized.

To help organizations implement their workshop, FEMA is providing a series of webinars on how to use the Starter Kits. Upcoming webinars will be held:

• Friday, May 28, 2021, 1:00 p.m. - 2:00 p.m. EST
• Monday, June 7, 2021, 9:00 a.m.- 10:00 a.m. EST

Both webinars will cover identical material. They are free and open to anyone interested.

For more information on the Exercise Starter Kit, see FEMA’s Fact Sheet. For additional related resources from FEMA, visit its resource collection for Coronavirus Emergency Management Best Practices, and FEMA’s many Exercise and Preparedness Tools offered as part of its National Exercise Program (NEP).

(Source: FEMA)

Cyber Information and Incident Assistance Links

MS-ISAC
SOC@cisecurity.org
1-866-787-4722

IdentityTheft.gov

IC3

Cybercrime Support Network

General Information
Links

FTC scam list

CISA alerts

Law Enforcement Cyber Center

TLP Information

President issues Executive Order to bolster Nation’s cybersecurity

The President of the United States, on Wednesday, May 12, signed a much-anticipated executive order aimed at strengthening the protection of computer networks and systems across the federal government and the nation. It comes as the United States grapples with multiple ongoing cybersecurity incidents.

The order had been in the works since the early days of the administration but deemed urgently needed in light of recent cybersecurity incidents. The exploited SolarWinds and Microsoft Exchange flaws and the Colonial Pipeline ransomware attack have been damaging to various agencies and U.S. critical infrastructure.

Among many inclusions, the order calls for the modernization and implementation of stronger cybersecurity standards across the federal government for information and operational technology. It aims to help move agencies to “secure cloud services and a zero-trust architecture, and mandates deployment of multifactor authentication and encryption [within] a specific time period,” a fact sheet the White House published on the order notes.

The administration also calls for the making of a standardized playbook and sets definitions for cyber incident responses that government entities will be expected to employ.

(Source: NextGov)

Montana focuses on ransomware defense, shifting to zero trust

As the recent ransomware attack against a vital oil and gas pipeline operator, Colonial Pipeline, makes clear, such attacks are not going away and are becoming more persistent and targeting higher-profile entities.

Even before the attack, the state of Montana’s Chief Information Security Officer (CISO) worried about precisely this kind of a ransomware attack targeting the state’s data and systems. Continuing to combat ransomware remains one of Montana’s top cybersecurity objectives.

In addition to taking steps to guard against ransomware, Montana is also moving toward a zero-trust cybersecurity architecture and implementing an enterprise governance, risk and compliance approach. Although there have been indications recently that state and local governments are interested in adopting a zero-trust approach to cybersecurity, it is much more widely discussed (and deployed) at the federal level right now.

Zero-trust cybersecurity departs from traditional network-centric security, in which users are trusted once they have gained access to an agency’s network. In a zero-trust architecture, which is based on data security, no user or endpoint is trusted, access controls are granular and users and devices are continuously required to authenticate themselves — enabling a motto of “never trust, always verify.”

(Source: StateTech Magazine)

Cybercriminals scanned for vulnerable Microsoft Exchange servers within five minutes of news going public

According to a review of threat data from enterprise companies that was compiled between January and March this year, threat actors began searching the web for vulnerable Microsoft Exchange Servers within five minutes of Microsoft’s security advisory going public. When critical vulnerabilities in popular software are announced to the public, a race often occurs between threat actors and IT admins, with one group looking for suitable targets and the other performing risk assessments and implementing patches. The attackers gain the upper hand when a proof-of-concept is available or when a bug is relatively easy to exploit.

The announcement of zero-day vulnerabilities can attract attackers’ scans within 15 minutes of public disclosure, says the report. Attackers were able to work faster on the Microsoft Exchange flaws than IT admin, with the first scans detected in no more than five minutes. The incident occurred on March 2 when Microsoft went public with the existence of four zero-day vulnerabilities in its Exchange Server. The flaws were targeted by the Chinese APT group Hafnium and other APTs such as Tick, Winnti Group, and LuckyMouse.

(Source: OODALoop)

Center for Internet Security (CIS) releases CIS Controls v8 to reflect evolving technology, threats

On May 18, the Center for Internet Security (CIS) announced the release of CIS Controls v8. The CIS Controls are a prioritized set of Safeguards to mitigate the most prevalent cyber-attacks against systems and networks. They are mapped to and referenced by multiple legal, regulatory, and policy frameworks, and have recently been included in state cybersecurity statutes in Ohio and Utah. The updated Controls have been enhanced to keep up with modern systems and software, and the ever-changing cyber ecosystem, and includes cloud and mobile technologies.

Physical devices, fixed boundaries, and discrete islands of security implementation are less important in the new version; this is reflected through revised terminology and grouping of Safeguards (formerly Sub-Controls), resulting in a decrease of the number of Controls from 20 to 18. The 18 top-level Controls contain 153 Safeguards that provide a prioritized path to improve an enterprise’s cybersecurity posture.

The v8 release is not just an update to the Controls; the whole ecosystem surrounding the Controls has been (or soon will be) updated as well.

CIS is home to the Multi-State Information Sharing and Analysis Center (MS-ISAC), the trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial (SLTT) government entities.

(Source: Center for Internet Security)

The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures.

Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.

Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites or the information, products or services contained therein. Reference to any specific commercial products, process or service by trade name, trademark, manufacturer or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the EMR-ISAC or the U.S. government.

Section 504 Notice:
Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.