|
Volume 22 — Issue 32 | August 11, 2022 |
|
|
A July 14 blog by the National Fire Protection Association (NFPA) discusses the outcomes of a recently completed NFPA project called Firefighting Foams: Fire Service Roadmap. This project was conducted by NFPA’s research arm, the Fire Protection Research Foundation. It began in 2021 and the final report was released in May 2022.
The purpose of this project was to develop a roadmap to transition the fire service from the fluorinated aqueous film-forming foams (AFFFs) currently used to extinguish flammable liquid (Class B) fires to fluorine-free foams (FFFs).
All AFFFs make use of a class of chemicals containing per- and polyfluoroalkyl substances, commonly referred to as PFAS, which act as surfactants within the firefighting foam to form a vapor barrier and enhance the foam’s fire suppression capability. The significant environmental and health risks of the PFAS in AFFFs are now well documented. Because of these risks, legislators at the federal and state levels are phasing out fluorinated firefighting foams in military, aviation, industrial, and municipal firefighting arenas.
AFFFs are going away, and alternative foams are needed. However, recent research on the efficacy of alternative fluorine-free foams by the NFPA, the Federal Aviation Administration, and the Department of Defense has shown that FFFs are not as effective as AFFFs at fighting liquid fuel fires. To use the FFFs currently on the market safely and effectively, fire departments will need to adopt different tactics and new training on how to select, use, and dispose of these new foams. Fire departments will also have to be prepared to adapt to changes in legislation and in the foam industry as fluorine-free foam products continue to improve.
The NFPA’s “Fire Service Roadmap” conducts a thorough walk through all considerations for transitioning firefighting to fluorine-free foam, supported by the latest research and a technical panel with representation from the firefighting profession, fire science and research, the fuel industry, the Environmental Protection Agency, the National Institute for Occupational Safety and Health and other stakeholders.
The report begins with an overview of each of the following topics, and the report’s annexes cover each topic in-depth:
- Understanding current regulations and knowing when to make the transition.
- Firefighting foam tutorial.
- Selection of an acceptable AFFF alternative.
- Cleaning of equipment and definition of acceptable levels.
- Disposal of current AFFF products (concentrates and solutions).
- Implementation of the selected alternative.
- Health concerns and minimizing firefighter exposures.
- Post fire / post discharge cleanup and documentation.
You can learn more about this project and the state of research on alternative firefighting foams in NFPA’s blog. You can access the NFPA’s final report, along with a project summary, report summary, and 2021 workshop proceedings on its Firefighting Foams: Fire Service Roadmap project page.
(Source: NFPA)
|
|
|
The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) launched its official podcast, Technologically Speaking, last month.
The new podcast provides a platform for sharing the “stories behind the science” - the personal accounts of the people behind S&T’s groundbreaking research and development.
First responders are the front line of defense protecting local communities, and many of S&T’s research and development projects support its First Responder Capability program. Several episodes in Season 1 of “Technologically Speaking” feature S&T programs that help to build first responder capabilities.
To date, four episodes of Season 1 have aired and are now available on S&T’s website:
- Episode 1: A Very Nasty Insecticide You Don't Want in Your Food. In this episode, S&T’s Chemical Security Analysis Center shares how S&T is harnessing the expertise of an S&T national laboratory to keep the nation’s food supply safe from intentional harm.
- Episode 2: The Bomb Squad Is Not an Afterthought. S&T’s Response and Defeat Operations Support (REDOPS) program tests and evaluates DIY technologies developed by bomb techs themselves. This episode explores the REDOPS program and how S&T makes these DIY technologies available to the greater response community.
- Episode 3: The First Responder Group Doesn't Just Do Widgets. In this episode, the lead of S&T’s entire first responder R&D portfolio, a former Seattle Police Department Captain, delves into how responders of all disciplines from across the United States inform S&T’s technology development. This episode highlights S&T’s First Responder Resource Group, an all-volunteer group of responders representing a variety of disciplines who help S&T identify capability gaps. S&T periodically re-assesses emergency response capability needs and shares the results of these national assessments through its Project Responder reports.
- Episode 4: The Three-legged Stool. S&T’s Biometrics and Identity Technology Center examines fairness in facial recognition, how far scanning technologies have come and the future of digital credentials.
You can learn more about the subjects for upcoming episodes in S&T’s news release on the podcast. Each episode is between 20-30 minutes in length and is accompanied by a complete transcript and show notes.
Season 1 podcasts will be released weekly on Wednesdays through mid-September. Be sure to subscribe to be notified when new “Technologically Speaking” episodes are available. You can also follow @DHSSciTech and #TechnologicallySpeaking on social media.
(Source: DHS S&T)
The Homeland Security Operational Analysis Center (HSOAC) released a report in June, Planning for Significant Cyber Incidents: An Introduction for Decisionmakers.
Cyber incidents are occurring with increasing frequency, and these incidents are becoming more disruptive and costlier. Some incidents exceed stakeholders' capacity to respond using everyday means.
The stakes are particularly high with respect to U.S. National Critical Functions (NCFs). Securing NCFs requires unity of effort within the federal government and effective collaboration and cooperation within state, local, tribal, and territorial governments and the private sector.
The report is intended to inform NCF stakeholders about developing actionable contingency plans. It describes contingency planning for a significant cyber incident, focusing on the importance of planning, the process of developing a plan, and options for operationalizing a plan. It summarizes the major concepts that are explored in detail in a separate guide, Planning for Significant Cyber Incidents: Cyber Incident Contingency Planning How-To Guide.
HSOAC is operated by the RAND Corporation under a contract with the Department of Homeland Security. You can access the report on the RAND Corporation’s website.
(Source: RAND Corporation)
The Emergency Responder Safety Institute (ERSI) just released a new training module: The Safety Officer’s Role in Roadway Incident Response.
The safety officer has a critical role in promoting and implementing recommended roadway incident response safety practices in training rotations and on scene. Fire departments make almost 3 ½ times as many runs to incidents on roadway properties as they do to structure fires, yet responder safety and traffic incident management typically do not receive the same attention in training and implementation as structure fire safety practices. To better protect all personnel, safety officers can:
- Step up to be advocates in their departments for compliance with applicable standards.
- Initiate and participate in SOP/SOG writing for roadway incident responses.
- Teach recommended traffic incident management and responder safety practices.
- Purchase or advocate to purchase PPE and temporary traffic control devices to facilitate recommended practices.
- Ensure these recommended practices are followed at roadway incident responses.
- Facilitate After Action Reviews (AARs) following roadway incident responses.
- Help develop materials to educate the public about Move Over laws.
This program prepares safety officers to be advocates in their departments by reviewing recommended traffic incident management and roadway incident safety practices with recommendations for how to implement them.
This training is self-paced and estimated to take about one hour to complete. If you do not already have an account with the Responder Safety Learning Network, first create a free account. Membership is free, and members can access all available training and features. Once logged in, visit the Safety Officer’s Role in Roadway Incident Response page to take the course.
(Source: ERSI)
|
|
CISA Alert (AA22-216A): 2021 Top Malware Strains
This joint Cybersecurity Advisory (CSA) was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC).
In 2021, the top malware strains included remote access Trojans (RATs), banking Trojans, information stealers, and ransomware. Most of the top malware strains have been in use for more than five years with their respective code bases evolving into multiple variations. The most prolific malware users are cyber criminals, who use malware to deliver ransomware or facilitate theft of personal and financial information.
CISA and ACSC encourage organizations to apply the recommendations in the Mitigations sections of this joint CSA.
(Source: CISA)
#StopRansomware: Zeppelin Ransomware
CISA and the Federal Bureau of Investigation (FBI) have released a joint CSA, #StopRansomware: Zeppelin Ransomware, to provide information on Zeppelin Ransomware. Actors use Zeppelin Ransomware, a ransomware-as-a-service (RaaS), against a wide range of businesses and critical infrastructure organizations to encrypt victims’ files for financial gain.
(Source: CISA)
|
|
CISA releases toolkit of free cybersecurity resources for election community
CISA released its Protecting U.S. Elections: A CISA Cybersecurity Toolkit on August 10, a one-stop catalog of free services and tools available for state and local election officials to improve the cybersecurity and resilience of their infrastructure. As the lead federal agency responsible for election security, CISA regularly works with state and local election officials to secure their systems and offers a number of services, information products, and other resources.
This toolkit was developed through CISA’s Joint Cyber Defense Collaborative (JCDC), which worked with private and public sector organizations, including in the election community and JCDC alliance members to compile these free resources.
The toolkit is the latest resource that CISA and its partners have developed to support the election community. CISA’s website lists a number of resources and guidance on everything from cybersecurity to physical security for polling sites and election officials to combat mis-, dis-, and malinformation.
(Source: CISA)
HHS HC3 Sector Alert: Secure Message/Evernote Themed Phishing Campaign
The Department of Health and Human Services (HHS) Health Sector Cybersecurity Coordination Center (HC3) has been made aware of a malspam campaign that is currently targeting various healthcare providers. The campaign has a subject of “(Victim Organization) (Date) Business Review” and utilizes a Secure Message theme. Inside of the email is a malicious link which lures the recipient to a Victim Organization-themed Evernote site. On the site is an HTML download which has been identified as a malicious phishing Trojan. The file contains JavaScript which renders an Adobe and Microsoft themed page that attempts to harvest Outlook, IONOS, AOL, or other credentials. This campaign may have leveraged business email compromises (BECs) of HPH-related and possibly non-HPH entities.
Read the full Sector Alert on HHS HC3’s website.
(Source: HHS HC3)
Slack forces password resets after discovering software flaw
Workplace productivity software giant Slack on Friday, August 5, forced password resets for a tiny fraction of its users after the discovery of a security flaw that exposed Slack credentials.
According to official Slack documentation, the bug was discovered and fixed in Slack's Shared Invite Link functionality, a feature that lets Slack workspace owners create a link that will permit anyone to join. The feature is offered as an alternative to inviting people one-by-one via email to become workspace members.
However, for users who created and/or revoked one of these links – Slack estimates it affects approximately 0.5% of users – between April 17, 2017, and July 17, 2022, Slack exposed a hashed password over the websocket to all users of the workspace who were currently connected to Slack.
(Source: Security Week)
Luxembourg energy supplier Encevo hit by ransomware attack
A ransomware gang with direct ties to the group behind last year’s attack on Colonial Pipeline has struck again, this time hitting Luxembourg-based critical infrastructure companies – gas pipeline subsidiary Creos and electricity operator Enovos. Encevo, the parent company of both business units, said data was exfiltrated during the attack between July 22 and 23, rendering the customer portals of Creos and Enovos non-operational. The company said electricity and gas are still flowing to customers without interruption.
Threat actor ALPHV, also known as BlackCat, claimed responsibility for the attack on July 29 in a post on a leak site and threatened to publish the data it stole on Monday. ALPHV is the latest rebrand of the DarkSide ransomware group that attacked Colonial Pipeline in May 2021. It also attacked the Germany-based gas distributor Oiltanking in November 2021 and Swissport in February 2022.
(Source: Cybersecurity Dive)
|
|
The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures. |
|
|
Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.
Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites or the information, products or services contained therein. Reference to any specific commercial products, process or service by trade name, trademark, manufacturer or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the EMR-ISAC or the U.S. government.
Section 504 Notice:
Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.
|
|
|
|
|
