View as a webpage / Share

Volume 22 — Issue 10 | March 10, 2022

USFA Special Announcement: Call for Wildfire Commission members, applications due March 25

The Department of Agriculture (USDA), Department of the Interior, and Department of Homeland Security through the Federal Emergency Management Agency (FEMA) are now accepting applications for members to the Wildland Fire Mitigation and Management Commission.

President Biden’s Bipartisan Infrastructure Law authorized establishment of the Wildland Fire Mitigation and Management Commission. Announced in December 2021, it will play a key role in recommending federal policies and strategies to more effectively prevent, mitigate, suppress and manage wildland fires, including the rehabilitation of affected lands. 

The commission is seeking volunteer members from diverse backgrounds, with a specific focus on members who represent non-federal interests as required by the Bipartisan Infrastructure Law. Members will commit to serve for the life of the commission, which is estimated to be a year and a half with the first meeting targeted for late spring 2022. 

The commission will prepare policy recommendations and submit them to Congress within a year of its first meeting. Members should expect to devote between 10 and 15 hours a month for commission duties which include attending meetings, strategic planning, and development of the reports. The Departments of Agriculture, the Interior and Homeland Security through FEMA will provide support and resources to assist members with coordination and facilitation of their duties through the duration of the commission.

As required by law, non-federal membership will include state, local, tribal, territory and non-government partners with experience in preventing, mitigating, and managing wildland fires and the wildland-urban interface. Preference will be given to applicants from areas of high wildfire risk and areas with a high level of wildland-urban interface. 

In addition to establishing the commission, the Bipartisan Infrastructure Law provides historic funding to address wildfire hazards, including $8.25 billion for a suite of programs aimed at reducing wildfire risks, detecting wildfires, instituting firefighter workforce reforms and building more resilient infrastructure.

Applications for membership must be submitted via the online form by 11:59 p.m. PST, March 25, 2022. To ensure the process is equitable for all applicants, those who have previously expressed interest in membership must still apply via the online form. 

For more information visit the commission website or email wildlandfirecommission@usda.gov.

(Source: USDA)

Highlights

USFA Special Announcement: Call for Wildfire Commission members, applications due March 25

National Institute of Justice funds first open-source catalog of US school shootings

CISA releases Contingency Planning Guide for Emergency Communications Funding

Webinar: Understanding Indicators of Compromise in a cyber attack

Cyber Threats

The U.S. Fire Administration operates the Emergency Management and Response – Information Sharing and Analysis Center (EMR-ISAC).

For information regarding the EMR-ISAC visit www.usfa.dhs.gov/emr-isac or contact the EMR-ISAC office at: (301) 447-1325 and/or fema-emr-isac@fema.dhs.gov.

National Institute of Justice funds first open-source catalog of US school shootings

Last month, the Office of Justice Programs’ National Institute of Justice (NIJ) published an article highlighting the creation of the first open-source catalog of U.S. school shootings.

The catalog, referred to as The American School Shooting Study (TASSS), is a groundbreaking, national database of all known shootings that resulted in at least one injury on K-12 school grounds between 1990 and 2016.

The TASSS database and associated research were developed to benefit law enforcement, school officials, and policy makers, and to serve as a foundation for future research.

Two criminology theories - the “life-course” theory and the “situational crime prevention” theory – were applied to the catalogued school shooting data. These two theories provided a framework to analyze case studies of the life courses of 252 adolescent school shooters and 102 adult school shooters. The goal of this analysis was to help law enforcement and school administrators differentiate between the kinds of school shootings that exist, ultimately leading to improved policy and response.

The research project that supported the creation of the TASSS database is summarized in a report released in August 2021, Understanding the Causes of School Violence Using Open Source Data.

This project was funded by NIJ as part of its Comprehensive School Safety Initiative, whose goals include identifying and understanding the potential root causes and consequences of school violence and its impact on school safety; and working with partners in education, law enforcement, and mental health to develop and test a comprehensive framework for school safety.

Those interested can read the feature article and the research study on NIJ’s website.

(Source: NIJ)

CISA releases Contingency Planning Guide for Emergency Communications Funding

When disaster strikes, the need to communicate is immediate. State, local, tribal and territorial public safety agencies need reliable and interoperable communications to respond effectively.

The public safety mission requires agencies to continue the performance of essential functions and deliver critical services when events disrupt normal operations. Even if agencies’ budgets are drastically reduced, emergency services must continue.

The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with SAFECOM and the National Council of Statewide Interoperability Coordinators (NCSWIC), has published the Contingency Planning Guide for Emergency Communications Funding as a resource to help public safety agencies address these critical requirements.

This expanded guide builds on the Contingency Considerations When Facing Reductions in Emergency Communications Budgets, a fact sheet published in April 2021. The new guide provides a more comprehensive look at the considerations public safety officials must weigh when planning for or facing budget reductions.

To ensure public safety stakeholders have the information they need to make effective decisions before, during, and after budget cuts, this guide provides a series of contingency considerations to justify investment in mission-critical emergency communications components. The guide focuses on five categories impacting emergency communications: personnel, operational costs, equipment, software, and a catch-all “other.” It provides detailed considerations within each category. It features real-world examples showcasing the successful implementation of contingency planning best practices.

In addition to its focus on emergency communications funding, the guide includes an overview of the continuity planning and risk analysis processes. Numerous resources are included to assist public safety agencies in assessing and mitigating risks, which decision-makers can incorporate into contingency plans.

While suggestions in this guide might not apply to every public safety stakeholder or discipline, officials are encouraged to use this document as a resource.

Those with questions are encouraged to contact SAFECOMGovernance@cisa.dhs.gov. For more information, please visit the ‘Sustaining Public Safety Communications Systems’ section of the SAFECOM Funding Resources webpage at cisa.gov/safecom/funding.

(Source: CISA)

Webinar: Understanding Indicators of Compromise in a cyber attack

The Cybersecurity and Infrastructure Security Agency (CISA) is offering a cybersecurity awareness webinar, Understanding Indicators of Compromise on March 29, 2022, from 11:00 a.m. to 12:00 p.m. EST.

Major cyber attacks have made headlines for years and the pace of threat activity faced by government and private sector organizations is accelerating. Often, the most damaging attacks reported are traced to Advanced Persistent Threats (APTs): groups of sophisticated hackers who gain entry into an unauthorized system and remain undetected for extended periods of time, allowing them to surveil and gather information, test security, or execute malicious activity without tripping network defenses.

Indicators of Compromise (IOCs) are the digital and informational "clues" that incident responders use to detect, diagnose, halt, and remediate malicious activity in their networks. This webinar provides an overview of IOCs for incident responders and those who work with them, introduces example scenarios and how IOCs can be used to trace activity and piece together a timeline of the threat, and discusses tools and frameworks to help incident responders use IOCs to detect, analyze, respond to, and report cyber threat activity.

To register, go to the following link: https://dhsconnect.connectsolutions.com/imr108-march22/event/registration.html. You will receive a confirmation email with the Adobe Connect meeting room link and calendar invitation after your registration is approved.

This webinar is intended for a non-technical audience and beginning incident responders. The webinar is part of CISA’s Incident Response Training webinar series, which is part of CISA’s Identify, Mitigate, and Recover (IMR) incident response curriculum. For more information on the curriculum and to register for future events, visit CISA’s Incident Response Training page.

(Source: CISA)

Cyber Incident Assistance

MS-ISAC
SOC@cisecurity.org
1-866-787-4722

IdentityTheft.gov

IC3

Cybercrime Support Network

General Information

StopRansomware.gov

CISA's Known Exploited Vulnerabilities Catalog

FTC scam list

CISA alerts

Law Enforcement Cyber Center

TLP Information

FBI Flash: RagnarLocker Ransomware Indicators of Compromise

The FBI first became aware of RagnarLocker in April 2020 and subsequently produced a FLASH to disseminate known indicators of compromise (IOCs) at that time. This FLASH provides updated and additional IOCs to supplement that report. As of January 2022, the FBI has identified at least 52 entities across 10 critical infrastructure sectors affected by RagnarLocker ransomware, including entities in the critical manufacturing, energy, financial services, government, and information technology sectors. RagnarLocker ransomware actors work as part of a ransomware family, frequently changing obfuscation techniques to avoid detection and prevention.

Read the full Alert.

(Source: FBI Internet Crime Complaint Center – IC3)

CISA: Updated Conti Ransomware advisory

CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the United States Secret Service (USSS) have re-released an advisory on Conti ransomware. Conti cyber threat actors remain active and reported Conti ransomware attacks against U.S. and international organizations have risen to more than 1,000. 

CISA, the FBI, NSA, and the USSS encourage organizations to review AA21-265A: Conti Ransomware, which includes new indicators of compromise, for more information. See Shields Up and StopRansomware.gov for ways to respond against disruptive cyber activity.

(Source: CISA)

US government issues stark warning, calling firmware security a 'single point of failure'

A new joint draft report issued by leadership of the U.S. Department of Homeland Security (DHS) and Department of Commerce said firmware presented “a large and ever-expanding attack surface” for malicious hackers to subvert the core of modern computing.

The 96-page report, published to support the Biden Executive Order on securing America’s supply chains, warned that firmware’s privileged position in the computing stack gives stealthy attackers a major advantage.

Despite its essential role in electronic devices, the agencies insisted that firmware security “has not traditionally been a high priority for manufacturers or users and is not always well protected.” The agencies also warned of “complex supply chains” that compound the problems securing firmware deployments. Further, the process to install firmware updates is not simple, leading to skipped patches for critical-level vulnerabilities.

(Source: Security Week)

HC3: Health Sector Cybersecurity: 2021 Retrospective and 2022 Look Ahead

Cybercriminals and nation-states have engaged in cyberattacks against healthcare organizations for years. What is different about today? What will we have to be concerned with tomorrow?

In recent years and continuing today, ransomware continues to be relevant despite efforts to combat it. Data breaches are as common as ever. Vulnerabilities continue to be released; phishing and RDP continue to be compromised. Threat actors continue to evolve and become more sophisticated and effective. Distributed attack vectors are increasingly used, such as managed service provider compromises, supply chain compromises, and open-source software compromise.

Read the full Threat Brief for detailed timelines of events and incidents and recommendations for how to move forward.

(Source: HHS Health Sector Cybersecurity Coordination Center – HC3)

CISA: Maturing enterprise mobility towards zero trust architectures, request for comment

The Office of Management and Budget (OMB) issued a zero trust (ZT) strategy document in response to the Cybersecurity Executive Order on Improving the Nation’s Cybersecurity (EO 14028) that requires Federal agencies to achieve certain specific ZT goals by the end of Fiscal Year 2024. Mobile devices present unique opportunities and challenges in adopting comprehensive zero trust models.

To support federal agencies and other organizations on their journey toward zero trust, CISA has published Applying Zero Trust Principles to Enterprise Mobility. This new publication highlights the need for special consideration for mobile devices and associated enterprise security management capabilities due to their technological evolution and ubiquitous use. The paper further presents architectural frameworks, principles, and capabilities to attain a ZT level set by the adopting organization. It then maps mobile security approaches into ZT principles that an organization can use to align its current mobile security capabilities with a ZT approach.

CISA is requesting public comment to ensure the guidance enables the best visibility, flexibility, and security. The deadline for providing comment on the CISA zero trust mobility paper is April 18, 2022. Comments should be submitted to CyberLiaison@CISA.dhs.gov.

(Source: CISA)

The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures.

Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.

Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites or the information, products or services contained therein. Reference to any specific commercial products, process or service by trade name, trademark, manufacturer or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the EMR-ISAC or the U.S. government.

Section 504 Notice:
Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.