View as a webpage / Share

Volume 21 — Issue 39 | September 30, 2021

POINTER location-tracking tech from DHS S&T and NASA is tested by Virginia fire department, scheduled for commercial release next year

Accurate and reliable location tracking is a top priority for the first responder community, especially for structural firefighting search and rescue operations. Maintaining situational awareness at all times is critical, and the ability to quickly locate a firefighter who might be disoriented or separated from his or her colleagues can save lives.

For the past several years, the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) and the National Aeronautics and Space Administration (NASA) Jet Propulsion Laboratory (JPL) have been researching and developing a location-tracking technology called POINTER, which stands for “Precision Outdoor and Indoor Navigation and Tracking for Emergency Responders.”

POINTER is an ideal location-tracking technology for firefighters in the built environment. The POINTER system is comprised of receivers worn by each responder, a base station providing real-time monitoring capabilities for each responders’ current position in three dimensions, and a nearby transmitter that generates a low-frequency magnetic field capable of penetrating dense materials such as wood, concrete and rebar, which spans the area in which responders are located. You can find out more about how POINTER technology works on DHS S&T’s website.

Successful field tests of POINTER announced by DHS S&T in January 2021 revealed how much POINTER technology has matured since its development began several years ago. In a 2017 prototype of POINTER, captured in this video from DHS S&T, the receiver worn by responders was about the size of a shoebox. In its current iteration, it is about the size of a cell phone, weighing just ounces and powered by a small, rechargeable lithium battery. In earlier prototypes, POINTER could track first responders to within about three meters of accuracy but can now locate them within centimeters of their actual position. The system can even detect whether the responder is standing, sitting, or lying down.

In April 2021, NASA JPL showcased POINTER technology in partnership with the California Institute of Technology (CalTech). NASA JPL’s YouTube video of this event provides an overview of POINTER’s capabilities, and a good visual demonstration of how the most current version of POINTER’s transmitters, receivers, and base station are deployed.

In a feature article on POINTER in April 2021, DHS S&T emphasized how research and development for POINTER has been done hand-in-hand with first responders throughout the entire project, through close collaboration with DHS S&T’s First Responder Resource Group and with testing by fire departments across the country. In September 2021, DHS S&T and NASA JPL conducted an operational test of POINTER with a northern Virginia fire department. News coverage and a video featuring this live test is available on FOX 5 DC.

Although POINTER technology is not yet commercially available, it is scheduled for a soft commercial release in early 2022, with a full commercial rollout of first-generation POINTER expected later in 2022. To find out more about POINTER, visit DHS S&T’s POINTER webpage.

(Sources: FOX 5 DC, DHS S&T, NASA JPL)

Highlights

POINTER location-tracking tech from DHS S&T and NASA is tested by Virginia fire department, scheduled for commercial release next year

Securing houses of worship with community partnerships, the Power of Hello and suspicious activity reporting

Guidance on preparing for the upcoming Assistance to Firefighters grant application period

CISA holds virtual Cybersecurity Summit in October

Cyber Threats

The U.S. Fire Administration operates the Emergency Management and Response – Information Sharing and Analysis Center (EMR-ISAC).

For information regarding the EMR-ISAC visit www.usfa.dhs.gov/emr-isac or contact the EMR-ISAC office at: (301) 447-1325 and/or fema-emr-isac@fema.dhs.gov.

Securing houses of worship with community partnerships, the Power of Hello and suspicious activity reporting

Keeping houses of worship facilities secure while sustaining the open and welcoming environment necessary for peaceful congregation requires a holistic approach to security.

All houses of worship support personnel can contribute greatly to enhancing security by understanding how to identify behavioral indicators of potential criminal activity and by taking precautionary actions to safely mitigate the impacts of a potential attack. With several high-profile religious holidays in the fall and winter fast approaching, now is an excellent time for local law enforcement to strengthen ties with houses of worship in their communities and foster awareness around how to recognize and lawfully report suspicious activity.

This article highlights several organizations offering free resources and support for local law enforcement to help them facilitate outreach to faith-based community groups and build awareness about how they can help thwart potential attacks and better secure their facilities.

National Faith and Blue Weekend will be observed this year from October 8-11. This initiative is organized jointly by the Department of Justice Office of Community Oriented Policing Services (COPS Office) and MovementForward, Inc.'s One Congregation One Precinct (OneCOP) initiative. Faith and Blue Weekend aims to re-calibrate police-community relations through solutions-focused activities that are organized jointly by faith-based or other community groups and law enforcement agencies. The initiative’s website offers a toolkit, which includes a script to help law enforcement connect with a local house of worship and indicate interest in jointly organizing an activity with them. It also includes tools to help with jointly planning and promoting a community event.

The Cybersecurity and Infrastructure Security Agency (CISA) has developed a 6-page guide called The Power of Hello for Houses of Worship. This is an excellent resource to educate members of houses of worship on how to identify behavioral indicators of potential criminal activity and take precautionary actions to safely mitigate the impacts of a potential attack. This resource explains how to use a simple, four-step “OHNO approach” – Observe, Initiate a Hello, Navigate the Risk, and Obtain Help. It also offers guidance targeted to houses of worship for more extensive emergency response planning. The Power of Hello for Houses of Worship is available in English and Spanish. A briefer version of The Power of Hello which simply outlines the OHNO approach is available in multiple formats, including translations in 13 different languages.

The Department of Homeland Security (DHS) has just concluded its If You See Something, Say Something® Awareness Day, also known as #SeeSayDay, which takes place every year on September 25. This annual awareness day is used to promote DHS’ year-round If You See Something, Say Something® campaign, a national campaign to raise public awareness of the indicators of terrorism and terrorism-related crime, as well as the importance of reporting suspicious activity to state and local law enforcement. If You See Something, Say Something® campaign materials have been translated into 12 languages to date.

All of these resources can be used by law enforcement at any time of the year to initiate partnerships, share information with houses of worship personnel, and guide discussions on how to better secure their facilities and congregations.

(Sources: Various)

Guidance on preparing for the upcoming Assistance to Firefighters grant application period

The Assistance to Firefighters Grant (AFG) represents one of the largest single sources of financial assistance for fire departments. Traditionally, the AFG application period opens sometime in the fall and closes a month later. Because of the narrow window of opportunity to apply for AFG funding, fire departments need to get as much work done as possible in advance before the grant period opens. This means first clearly determining your department’s funding priorities and then compiling the information that is likely going to be required for the grant application.

A recent article from Volunteer Firefighter International outlines essential information fire departments need to know to prepare a winning grant application ahead of the deadline. Key takeaways from the article include:

• Applicants need to understand and follow the requirements laid out in the Notice of Funding Opportunity (NOFO) when it becomes available. Although funding priorities vary from year to year, it can be helpful to review the NOFOs from previous years. Past NOFOs and additional guidance for applicants are available for viewing on this page of FEMA’s website. When the FY2021 NOFO is released, it will also appear here.
• Having concise and accurate numbers for a department’s statistics is key to a successful application. Departments can start now by organizing and consolidating data on their department and area of responsibility. This may include data on runs, types of calls and response capabilities, demographic and economic data about the response area, and descriptions of high threats impacting the response area. Data collection can be delegated among staff by assigning responsible parties and due dates.
• For narrative portions of the grant application, it is important to focus more on outcomes than on needs, to show how the requested items will directly benefit not just the firefighters, but also the entire community they serve. These sections require concise, focused writing and effective editing. Departments can start preparing ahead by making decisions now on who is available to do this type of writing and editing, and by selecting a set of reviewers of the draft application.

The full article from Volunteer Firefighter International offers additional information on how AFG applications are scored and many more tips for successful applications.

(Source: Volunteer Firefighter International)

CISA holds virtual Cybersecurity Summit in October

The Cybersecurity and Infrastructure Security Agency (CISA) will host its fourth annual National Cybersecurity Summit this October. Coinciding with Cybersecurity Awareness Month, the 2021 summit will be held virtually as a series of webinars each Wednesday in October, beginning Oct.6 and ending Oct. 27. The virtual Cyber Summit will be hosted on Microsoft Teams Live and can be viewed at cisa.gov/live. Registration is required but there is no cost to attend.

Last year’s event, also hosted virtually, had more than 15,000 attendees from around the world. The 2020 Cyber Summit educated external participants on the threats, roles, and actionable steps to take toward maintaining cybersecurity.  CISA has made the proceedings from last year available on its website.

This year’s virtual event will bring critical infrastructure stakeholders together in a forum for meaningful conversations and collaboration on cybersecurity, with presentations focused on vulnerability management, partnerships, cyber workforce development, and the convergence of security domains and cyber-physical risk management efforts.

Each week will feature presentations and sessions on a different theme. This year’s themes are:

• Oct. 6: Assembly Required: The Pieces of the Vulnerability Management Ecosystem.
• Oct. 13: Collaborating for the Collective Defense.
• Oct. 20: Team Awesome: The Cyber Workforce.
• Oct. 27: The Cyber/Physical Convergence.

Registration for this year’s Cybersecurity Summit is now open. Additional information will be provided in the coming weeks at CISA.gov/cybersummit2021.

(Source: CISA)

Cyber Information and Incident Assistance Links

MS-ISAC
SOC@cisecurity.org
1-866-787-4722

IdentityTheft.gov

IC3

Cybercrime Support Network

General Information
Links

FTC scam list

CISA alerts

Law Enforcement Cyber Center

TLP Information

CISA and NSA release guidance on selecting and hardening VPNs

The National Security Agency (NSA) and CISA have released the cybersecurity information sheet Selecting and Hardening Standards-based Remote Access VPN Solutions to address the potential security risks associated with using Virtual Private Networks (VPNs). Remote-access VPN servers allow off-site users to tunnel into protected networks, making these entry points vulnerable to exploitation by malicious cyber actors.

The information sheet helps organizations select standards-based (rather than proprietary) VPN solutions and provides hardening guidance to prevent compromise and respond to attacks.

(Source: CISA)

#NITAM: Mitigating non-malicious insider risk

In the wrong environment, employees can present a substantial cyber-threat to organizations, and evidence suggests this problem has grown significantly since the start of COVID-19. For example, recent data from Tessian has found there was a 47% rise in the frequency of incidents involving insider threats between 2018 and 2020. These incidents range from malicious data exfiltration to accidental data loss.

This is why this year’s National Insider Threat Awareness Month (NITAM) carries an extra sense of importance. The annual campaign aims to grow awareness and promote reporting to help mitigate insider threats, with this year’s theme focusing on ‘Insider Threat and Cultural Awareness.’ This theme emphasizes that insider threats are often not malicious, with one study by Proofpoint finding that negligent insiders account for 62% of all such incidents.

Amid this landscape, what should organizations implement to mitigate the risk of negligent insider threats? Read the full article for recommendations on mitigating non-malicious insider threats.

(Source: Infosecurity Magazine)

CISA releases new tool to help organizations guard against insider threats

CISA released an Insider Risk Mitigation Self-Assessment Tool on Sept. 28, which assists public and private sector organizations in assessing their vulnerability to an insider threat.  By answering a series of questions, users receive feedback they can use to gauge their risk posture.  The tool will also help users further understand the nature of insider threats and take steps to create their own prevention and mitigation programs.

CISA has a number of tools, training, and information on an array of threats public and private sector organizations face, including insider threats.  Information on these resources can be found at CISA.gov.

(Source: CISA)

Cyberespionage implant delivered via targeted government DNS hijacking

Threat hunters at Kaspersky have intercepted a new cyberespionage implant being delivered via targeted DNS hijacking of government zones in Eastern Europe and published a new report Wednesday with clues linking the malware to the SolarWinds attackers.

The Russian security vendor said the newly discovered malware - called Tomiris - contains technical artifacts that suggest the possibility of common authorship or shared development practices with the group that executed the SolarWinds supply chain compromise.

(Source: Security Week)

CISA warns of Hikvision camera flaw as U.S. aims to rid Chinese gear from networks

On Tuesday, Sept. 28, CISA informed organizations that some cameras made by Chinese video surveillance vendor Hikvision are affected by a critical vulnerability.

CISA’s notification is for CVE-2021-36260, a critical command injection vulnerability affecting more than 70 Hikvision camera and NVR models. The flaw can allow a remote attacker to take complete control of a targeted device without any user interaction.

One day before CISA informed organizations about the vulnerability, the FCC announced the application filing window for the “Secure and Trusted Communications Network Reimbursement Program.” The goal of this $1.9 billion program is to help small communications services providers — ones with up to 10 million customers in the U.S. — remove, replace and dispose of communication equipment and services that can pose a national security risk. The program specifically targets products from Chinese companies Huawei and ZTE, acquired before June 2020.

(Source: Security Week)

The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures.

Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.

Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites or the information, products or services contained therein. Reference to any specific commercial products, process or service by trade name, trademark, manufacturer or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the EMR-ISAC or the U.S. government.

Section 504 Notice:
Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.