|
Volume 21 — Issue 46 | November 18, 2021 |
|
|
For decades, firefighters have been using Aqueous Film Forming Foams (AFFFs) as the dominant Class B firefighting foams for vapor suppression and extinguishment of flammable liquid fires. AFFFs make use of a class of chemicals containing per- and polyfluoroalkyl substances, commonly referred to as PFAS, which act as surfactants within the firefighting foam, enhancing the foam’s fire suppression capability.
PFAS are often called the “forever chemicals” because they do not break down in the human body or in the environment and can accumulate over time. Exposures to this family of chemicals have been linked to cancer and other health effects.
PFAS exposure is a critical concern for long-term firefighter health. AFFFs are one of the primary ways firefighters are exposed to PFAS, although other significant pathways of exposure include turnout gear treated with PFAS to increase its water resistance, and burning materials that contain PFAS, which are present in many common textiles and household items.
A Nov. 9 blog from the Centers for Disease Control and Prevention (CDC) National Institute for Occupational Safety and Health (NIOSH) summarized the current state of the science to protect first responders from occupational PFAS exposures. This information was gathered through the CDC’s National Occupational Research Agenda (NORA) Public Safety Sector Council, which convened a meeting on May 19 to discuss the state of research and knowledge on PFAS as it affects the public safety community. Research is underway on firefighter exposure assessments and completion of toxicological profiles on selected PFAS. In addition to the summary provided in the blog, a recording of this meeting is available on the NORA Public Safety Sector Council’s YouTube channel.
Additionally, the National Fire Protection Association (NFPA) started a project earlier this year to develop a strategic roadmap to transition the fire service from use of fluorinated foam (i.e., AFFF) to fluorine-free foam technology. The NFPA’s Firefighter Foams: Fire Service Roadmap aims to enhance firefighter safety and health by developing recommendations for best practices on firefighting foam operations and handling, with consideration of all possible exposure pathways to firefighters and others.
As part of phase 2 of this project, the NFPA conducted a stakeholder workshop on Oct. 12, 13 and 14. The workshop presentation series recordings and interim workshop proceedings are available on the NFPA’s website. A final set of all workshop proceedings will be posted soon.
For more information, see the CDC NIOSH blog and the NFPA’s Firefighter Foams: Fire Service Roadmap. Additionally, you can visit the EPA’s PFAS page for the latest information on federal and state regulatory actions related to PFAS. The United States Fire Administration provides safety recommendations and a video on preventing exposure to AFFFs.
(Sources: NIOSH, NORA Public Safety Sector Council, NFPA)
|
|
|
While it has been shown that those who perpetrate acts of targeted violence have no single profile, many individuals who are planning to engage in targeted violence display a set of threatening or concerning behaviors that are observable to others. Behavioral threat assessment and management (BTAM) can determine whether, and to what extent, an individual may be moving towards an act of intended violence. BTAM is a proactive, evidence-based method of investigation, analysis, and management that focuses on an individual’s patterns of thinking and behavior.
To assist state, local, tribal, and territorial (SLTT) homeland security partners in combatting threats of targeted violence, the Department of Homeland Security, Office of Intelligence and Analysis (DHS I&A) published a new resource last month distilling the observable behaviors of BTAM into a one-page reference aid, Behavioral Approach to Violence Prevention. This reference aid graphically displays common threatening or concerning behaviors identified across a wide variety of completed and averted acts of targeted violence.
This new resource was released as part of DHS I&A’s National Threat Evaluation and Reporting (NTER) program, whose mission includes certifying federal and SLTT homeland security partners in behavioral threat assessment techniques and best practices through its Master Trainer Program (MTP). Master Trainers are equipped to empower homeland security partners in their communities to identify and assess risk and warning signs, and manage potential threats of future targeted violence, regardless of motive.
The Behavioral Approach to Violence Prevention reference aid works well as a companion document to DHS I&A’s Violence Prevention Resource Guide, published in August 2021. This Guide catalogs training, guidance documents, technical assistance and funding available to homeland security partners (federal, SLTT, and private sector) to help identify and prevent incidents of terrorism and targeted violence.
(Source: DHS)
The Federal Emergency Management Agency (FEMA) views the adoption and implementation of hazard-resistant building codes as the most effective community mitigation measure against hazard risk. However, according to FEMA’s 2020 Building Codes Save study, 65% of counties, cities, and towns across the U.S. today still have not adopted modern building codes.
Last month, FEMA launched a new Building Science Resource Library. The new library contains all available materials that focus on creating disaster-resistant communities. It comes with enhanced search capabilities, such as the ability to use any combination of filters by disaster type, document type, or audience. This new library has replaced the following hazard-specific pages; however it is still possible to select all publications specific to these hazards using the new search and filtering features:
Recent additions to the Building Science Resource Library supporting SLTT adoption of hazard-resilient, modern building codes include:
Visit FEMA’s Building Science and Hazard Mitigation Planning websites and its new Building Science Resource Library to learn more.
(Source: FEMA)
The Chemical Security Summit, hosted by the Cybersecurity and Infrastructure Security Agency (CISA) in collaboration with the Chemical Sector Coordinating Council (SCC), will be held virtually this year as a series of seminars on Dec. 1, 8, and 15. The seminars will be hosted on Microsoft Teams Live and will feature important chemical security information for industry organizations, facility owners and operators, government officials, first responders, and law enforcement.
The Chemical Security Summit provides an opportunity for chemical representatives across the chemical and interconnected sectors, including energy, communications, transportation, and water, to learn, share perspectives, and engage in dialogue. Securing chemicals in an evolving threat environment requires cross collaboration between facility owners and operators, industry, law enforcement, community members, and all levels of government. Sessions will discuss and share the latest in chemical security best practices. Each week will focus on a different theme.
- Week 1 — Wednesday, Dec. 1: Chemical Threats and Countermeasures.
- Week 2 — Wednesday, Dec. 8: Cyber Threats and Emerging Trends.
- Week 3 — Wednesday, Dec. 15: Chemical Security Planning and Preparedness.
The virtual 2021 Chemical Security Summit is free and open to the public, but registration is required by Nov. 30, 2021. For more information and to register, see the preliminary agenda and visit CISA’s Chemical Security Summit registration page.
(Source: CISA)
|
|
CISA adds four known exploited vulnerabilities to catalog
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, which require remediation from federal civilian executive branch (FCEB) agencies by December 1, 2021. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria.
(Source: CISA)
Iranian government-sponsored APT cyber actors exploiting Microsoft Exchange and Fortinet vulnerabilities
CISA, the Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC) have released a joint Cybersecurity Advisory highlighting ongoing malicious cyber activity by an advanced persistent threat (APT) group that FBI, CISA, ACSC, and NCSC assess is associated with the government of Iran. FBI and CISA have observed this Iranian government-sponsored APT exploit Fortinet and Microsoft Exchange ProxyShell vulnerabilities to gain initial access to systems in advance of follow-on operations, which include deploying ransomware.
FBI, CISA, ACSC, and NCSC urge critical infrastructure organizations to apply the recommendations listed in the advisory to mitigate risk of compromise from Iranian government-sponsored cyber actors. CISA also recommends reviewing its Iran Cyber Threat Overview and other Iran-related Advisories.
(Source: CISA)
Bad form: FBI server sending fake emails taken offline and fixed, no data impacted
The FBI has placed the blame for a weekend fake email incident on a misconfiguration in its Law Enforcement Enterprise Portal (LEEP) that allowed emails to be sent from the ic.fbi.gov domain. The sender of the emails found they were able to send emails because the FBI was generating a client-side one-time code to sign up to a new account on LEEP, and it was sent along with an email subject and body as a POST request to the FBI's servers. Manipulating the request parameters enabled the emails to be sent, and a script was used to automate the sending process.
(Source: ZDNet)
Ohio teen linked to group accused in more than 30 nationwide bomb threats, swatting incidents
The Los Angeles Police Department says they’ve linked a Northeast Ohio teen to more than 30 nationwide bomb threats and prank calls made to emergency services, also known as swatting. Police say the group that operates on the Discord chat platform online consists of three teens between the ages of 13 and 16 residing in Medina, Ohio; Yonkers, New York and a US citizen living overseas in the country of Cyprus. The investigation shows they were allegedly using advanced software, overseas servers, and privacy tools to hide their electronic trail in two incidents in September, one incident in August and 30 other incidents dating back to July 2020.
(Source: Fox8)
Your DDR4 memory could be facing the return of some serious assaults
Researchers have developed a new fuzzing-based technique called Blacksmith that can successfully trigger the Rowhammer vulnerability against all modern DDR4 RAM modules, bypassing existing mitigations. The Rowhammer hack works by manipulating the electrical charge in modern memory chips. The repeated hammering to one row of transistors results in the flipping of values in the adjacent rows.
Earlier this year Google engineers had revealed that Rowhammer attacks were now more plausible thanks to recent improvements in the design of modern DRAM memory chips. However, reporting on the development, BleepingComputer asserts that Rowhammer may not be as much of a problem in newer DDR5 DRAM modules, which have replaced TRR with a new system dubbed refresh management.
(Source: TechRadar)
Emotet makes a comeback
The once-pervasive malware tool Emotet has risen from the ashes months after international law enforcement agencies coordinated a takedown of its botnet infrastructure. Multiple security vendor research teams have spotted the Trojan in the wild, and it appears to be reconstructing its infrastructure with the help of the TrickBot botnet, which is helping transport the malware. Emotet still comes via rigged Office or zip files, often with other malware that establishes the command-and-control conduit to the attacker.
(Source: Dark Reading)
|
|
The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures. |
|
|
Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.
Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites or the information, products or services contained therein. Reference to any specific commercial products, process or service by trade name, trademark, manufacturer or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the EMR-ISAC or the U.S. government.
Section 504 Notice:
Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.
|
|
|
|
|
