|
Volume 22 — Issue 41 | October 13, 2022 |
|
|
Emergency responders and their vehicles and equipment are struck by oncoming traffic far too often while they are operating at roadway incidents. Each year, responders are killed while operating at emergency scenes on roadways and many of these deaths could have been prevented if passing motorists had slowed down and moved over to avoid the area.
All 50 states have “Move Over” laws that require drivers to move their vehicles over at least one lane or slow down when approaching an emergency scene on the roadway. However, one third of the public is not aware of their state’s Move Over laws, according to the National Highway Traffic Safety Administration (NHTSA).
NHTSA created a national Slow Down, Move Over awareness campaign to help states raise public awareness about their Move Over laws. The American Automobile Association (AAA) helps with these awareness efforts, as a federation of independent clubs throughout the United States. In 2013, the International Association of Chiefs of Police began observing a National “Move Over, Slow Down” Law Awareness Month in October. States conduct their own campaigns to raise awareness about their Move Over laws, and while the effort is year-round, many states conduct more focused campaigns in October.
There are many ways that emergency responders can get involved to help spread awareness about Move Over laws in their state and increase responder safety at emergency scenes on roadways.
NHTSA’s Traffic Safety Marketing provides safety messaging that can be used for both traditional and social media channels about how motorists must slow down and move over for responders. Other than general lack of awareness about Move Over laws, one reason motorists fail to slow down or move over is distracted or impaired driving. NHTSA also provides many social media materials that can be shared throughout the holiday season, focused on messaging around buzzed, impaired or drugged driving. Campaign materials and social media “playbooks” are now available or coming soon for the 2022 Pre-Holiday Season, Halloween, and Thanksgiving,
In addition to the NHTSA’s safety marketing materials for motorists, the Emergency Responder Safety Institute (ERSI) has several short public service announcement (PSA) videos about the importance of slowing down and moving over for responders, with perspectives and messaging from first responders’ own experiences.
Individuals and emergency response agencies can also get involved with the National Operations Center of Excellence’s (NOCoE’s) Crash Responder Safety Week, an initiative to raise awareness and help with networking between first responders and other professionals with a role in Traffic Incident Management (TIM). NOCoE facilitates information sharing among TIM professionals on best practices for quick and safe clearance of emergency incidents on roadways and innovative technology and practices to prevent roadway incidents. Crash Responder Safety Week will be observed this year November 14-18, with a webinar on Nov. 14 to kick off the event. You can learn more and register for the webinar on NOCoE’s website.
(Sources: NHTSA, ERSI, NOCoE)
|
|
|
The Federal Emergency Management Agency (FEMA) has released an updated version of its Emergency Operations Center How-to Quick Reference Guide. This publication supersedes the version released in August 2021.
All jurisdictions have their own unique set of hazards, vulnerabilities and capabilities; therefore each jurisdiction will have its own unique requirements for an emergency operations center (EOC). The purpose of this all-hazards how-to guide is to provide state, local, tribal and territorial (SLTT) jurisdictions with information and guidance related to setting up, operating, maintaining and deactivating an EOC that successfully meets the jurisdiction’s needs, in accordance with the National Incident Management System (NIMS) framework and principles.
The EOC How-to Quick Reference Guide covers how to:
- Conduct the preliminary hazard and vulnerability assessments and capability assessments for your jurisdiction, which will drive requirements for your EOC. Along with guidance on how to conduct these assessments, this section highlights FEMA’s Resilience Analysis and Planning Tool (RAPT), a free, public GIS mapping tool that supports visualization and analysis of data for critical emergency management decisions. RAPT was just updated last month with new resilience indicators, the latest data from the U.S Census Bureau, and improved analysis tools.
- Select the physical site of your EOC.
- Assess EOC capabilities and requirements.
- Design the EOC room to maximize operational efficiency and effectiveness.
- Plan and implement secure infrastructure for communications and information management in the EOC.
The Guide also addresses EOC management, including how to:
- Develop EOC Standard Operating Procedures (SOPs).
- Plan for the entire preparedness cycle, train EOC staff and conduct exercises for EOC preparation, testing and assessment.
- Manage resources during an incident.
The Guide’s Annex contains an EOC Self-Assessment Tool to help state and local EOC leaders identify operational gaps and areas requiring improvement in the EOC.
The EOC How-to Quick Reference Guide is part of the Emergency Operations Center Toolkit, a collection of guidance and tools on NIMS and EOCs developed by FEMA. The Guide and related documents in the EOC Toolkit are accessible on FEMA’s NIMS Components – Guidance and Tools page, under the “Emergency Operations Centers” topic area. RAPT and its supporting documentation are also available on FEMA’s website: Resilience Analysis and Planning Tool (RAPT).
(Source: FEMA)
In October, the Cybersecurity and Infrastructure Security Agency (CISA) is observing its 19th Cybersecurity Awareness Month. This year, CISA and the National Cybersecurity Alliance (NCA) are asking all Americans to “See Yourself in Cyber”.
Throughout October, CISA and NCA are sharing information and resources to help everyone recognize and reduce the risk of cybersecurity threats. Individuals and organizations can improve their cybersecurity efforts through the following key actions:
- Recognize and Report Phishing.
- Update Your Software.
- Use Strong Passwords.
- Enable Multi-Factor Authentication.
CISA encourages everyone to visit its Cybersecurity Awareness Month webpage and NCA's Cybersecurity Awareness Month website to get more information on how to get involved, as well as tools and resources they can use to help promote cybersecurity through October. Please help share the word with your constituents, then follow CISA on social media and join the #SeeYourselfInCyber conversation.
For emergency services, CISA is offering a webinar on Wednesday, Oct. 26 at 1 p.m. EDT as part of its National Emergency Communications Plan (NECP) webinar series entitled October: Be Prepared! Cyber Incident Response Planning for Emergency Communications. Registration is not required for this webinar. Mark your calendar and join via CISA’s Adobe Connect room for NECP webinars at the scheduled time.
(Source: CISA)
FEMA's National Exercise Division is accepting Fall 2022 requests for exercise support from the National Exercise Program (NEP). The NEP offers no-cost assistance to state, local, tribal and territorial jurisdictions for exercise design, development, execution and evaluation to validate capabilities across all mission areas.
Fall round submissions are due no later than Nov. 1 and decisions will be sent by Dec. 21. To request support, please download the support request form, then email the completed form with any supporting documentation to the National Exercise Division. More information on the NEP and detailed instructions on how to submit a request for support are available on the NEP website.
For jurisdictions not ready to submit a request at this time, the NEP will hold additional exercise support rounds in Spring and Fall 2023. If you have any questions, please contact the National Exercise Division at nep@fema.dhs.gov.
(Source: FEMA)
|
|
Alert (AA22-277A): Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization
From November 2021 through January 2022, CISA responded to advanced persistent threat (APT) activity on a Defense Industrial Base (DIB) Sector organization’s enterprise network. During incident response activities, CISA uncovered that likely multiple APT groups compromised the organization’s network, and some APT actors had long-term access to the environment. APT actors used an open-source toolkit called Impacket to gain their foothold within the environment and further compromise the network, and also used a custom data exfiltration tool, CovalentStealer, to steal the victim’s sensitive data.
CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) recommend DIB sector and other critical infrastructure organizations implement the mitigations in this joint Cybersecurity Advisory (CSA) to ensure they are managing and reducing the impact of cyber threats to their networks.
(Source: CISA)
Threat Brief: Abuse of Legitimate Security Tools and Health Sector Cybersecurity
This Threat Brief from the Department of Health and Human Services (HHS) Health Sector Cybersecurity Coordination Center (HC3) reviews a set of tools used to operate, maintain and secure healthcare systems and networks that can also be turned against their own infrastructure. These tools are: Cobalt Strike, PowerShell, Mimikatz, Sysinternals, Anydesk, and Brute Ratel. Ultimately, healthcare organizations should weigh the risks and rewards of each of these tools and be aware of both the value and risk they bring with them.
(Source: HHS HC3)
|
|
NIST: Fiscal Year 2021 Cybersecurity and Privacy Annual Report
During Fiscal Year 2021 (FY 2021) – from October 1, 2020, through September 30, 2021 – the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and privacy. This annual report highlights the FY 2021 research agenda and activities for the ITL Cybersecurity and Privacy Program, including the ongoing participation and development of international standards; the enhancement of privacy and security risk management models, including those for the protection of controlled unclassified information (CUI), systems engineering and cyber resiliency, supply chains, and mobile technologies; the continued advancement of cryptographic technologies, including updates to Federal Information Processing Standard (FIPS) Publication 140-3, Security Requirements for Cryptographic Modules, and preparation for post-quantum cryptographic methods; and improved infrastructure protection in areas such as zero trust architectures and advanced networking security.
(Source: NIST)
US airports' sites taken down in DDoS attacks by pro-Russian hackers
The pro-Russian hacktivist group 'KillNet' is claiming large-scale distributed denial-of-service (DDoS) attacks against websites of several major airports in the U.S., making them unaccessible. The DDoS attacks have overwhelmed the servers hosting these sites with garbage requests, making it impossible for travelers to connect and get updates about their scheduled flights or book airport services.
In this case, the DDoS attacks do not impact flights, but they still have an adverse effect on the function of a crucial economic sector, threatening to disrupt or delay associated services. KillNet's targeting scope expanded to include the U.S. only last week when the DDoS group attacked government websites in Colorado, Kentucky, and Mississippi, with moderate success.
(Source: Bleeping Computer)
Massive U.S. nonprofit health care system grappling with ‘IT security issue’
One of the largest nonprofit health care systems in the U.S. is dealing with a wide-ranging IT security issue forcing it to shut off systems at some facilities. CommonSpirit Health – which has more than 1,000 care sites and 140 hospitals in 21 states – said on Monday, Oct. 3, that it is “managing an IT security issue” impacting several electronic health record systems.
MercyOne Des Moines Medical Center had to divert ambulances on Monday due to the outage, and other issues were reported at CommonSpirit’s facilities in Chattanooga, Tennessee. The Omaha World-Herald reported that all CommonSpirit facilities in Omaha were impacted, including Lakeside Hospital, Creighton University Medical Center-Bergan Mercy and Immanuel Medical Center. A Washington state news outlet said St. Michael Medical Center in Silverdale, Kitsap County’s main hospital and St. Anthony Hospital in Gig Harbor have all been affected by the incident as well.
(Source: The Record)
CISA adds Fortinet bug to exploited vulnerabilities list
CISA added a recently discovered vulnerability in Fortinet appliances to its catalog of known exploited issues on Tuesday. On Monday, Fortinet confirmed reports that the vulnerability was being exploited and urged its customers to upgrade their systems as soon as possible.
The chief attack engineer at Horizon3.ai, told The Record that it’s hard to get a good idea of how common the appliances are used but said there are at least 10,000 vulnerable tools exposed to the internet. He noted that past Fortinet vulnerabilities like CVE-2018-13379 have remained some of the top exploited vulnerabilities over the years and “this one will likely be no different.” CVE-2018-13379 has been exploited by a wide range of threat actors including ransomware groups and state-backed hackers.
(Source: The Record)
|
|
The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures. |
|
|
Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.
Linking Policy and Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites, or the information, products or services contained therein. We provide these links and pointers solely for your information and convenience. When you select a link to an outside website, remember that you are subject to the privacy and security policies of the owners/sponsors of the outside website. To view information and resources on the policies that govern FEMA web content, visit FEMA Website Information.
Section 504 Notice:
Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.
|
|
|
|
|
