|
Volume 23 — Issue 13 | March 30, 2023 |
|
|
There was a 17.6% increase in drug overdose deaths in the United States in 2021, resulting in 98,268 deaths, including 75,785 preventable deaths attributed to opioids. For every death attributed to an opioid, there are many more non-fatal overdoses. Many of these non-fatal overdoses result in encounters from public safety workers, including from emergency medical services, law enforcement, or fire departments.
A Centers for Disease Control and Prevention (CDC) 2022 Morbidity and Mortality Weekly Report showed that across 491 counties from 21 states, the rate of non-fatal overdose encounters by emergency medical services increased from 98.1 per 10,000 in January 2018 to 179.1 per 10,000 encounters in March 2022.
Exposure to illicit opioids has been shown to lead to respiratory and central nervous system distress or loss of consciousness. There are varying local, state, and federal guidance documents for personal protective equipment (PPE) for first responders who may encounter illicit drugs while responding to calls. First responders have reported that they do not always wear all of the recommended PPE components when responding to calls where opioids may be present.
With support from an Intergovernmental Personnel Agreement from the National Institute for Occupational Safety and Health (NIOSH), the Center for Health, Work & Environment (CHWE) at the Colorado School of Public Health is planning to develop and evaluate an educational campaign directed to first responders that provides education related to occupational exposures to illicit drugs, with the overall goal of reducing occupational exposures.
As a first step to determine what first responders already know and experience on the job, CHWE will administer a survey which asks first responders to report about their experiences on the job involving potential or actual opioid exposures, how they are trained, and how they prefer to receive educational information. The results of this survey will be used in conjunction with results from focus groups to develop an educational campaign directed towards first responders to improve their knowledge and abilities around responding to calls that involve potential or actual illicit drug exposures. That campaign will be further evaluated to determine its effectiveness in improving compliance with NIOSH guidance and reducing exposures.
NIOSH and the CHWE are requesting participation from the public safety community, specifically from first responders from emergency medical services, law enforcement, or fire departments. They hope to collect data from across the United States, with the ability to examine regional differences (if any) in response patterns.
If you are interested in providing information about your experiences on the job, please consider completing this brief survey. The survey is expected to take 5-10 minutes to complete. Responses are anonymous and no personally identifying information will be collected.
Survey link: https://ucdenver.co1.qualtrics.com/jfe/form/SV_ewBhGqI5do2l1DT
Questions about this project can be directed to Carol Brown at the Center for Health, Work & Environment. She can be reached at Carol.Brown@cuanschutz.edu.
(Sources: NIOSH, CHWE)
|
|
|
Communities today face an increasingly complex set of challenges. Disruptions from a range of acute shocks, such as natural disasters, pandemics, cyberattacks, infrastructure failure and loss of key industries are becoming more frequent and intense. Additionally, communities and systems are experiencing chronic stressors such as aging infrastructure, environmental degradation, and persistent poverty, which negatively impact quality of life and wellbeing, worsen the impacts of shocks, and undermine our ability to recover and thrive.
The Federal Emergency Management Agency (FEMA) is spearheading an effort to create national resilience guidance and resources for the whole community to help everyone understand and fulfil their critical roles related to increasing national resilience.
FEMA will engage a broad range of stakeholders to develop the resilience guidance and resources. The agency is seeking input from many disciplines, sectors, levels of government, communities, and individuals on a range of topics, including:
- Actions and partnerships needed to increase national resilience.
- The roles and responsibilities of whole community stakeholders.
- Innovative approaches for successful resilience planning.
- The resources needed to help the whole community understand and execute their roles.
FEMA wants to hear from you and is holding six upcoming listening sessions, starting Thursday, April 13. Registration is required and on a first-come, first-served basis.
FEMA will draft the national disaster resilience guidance based on this stakeholder feedback. The draft guidance will be posted and distributed for national review in fall 2023 to ensure the guidance meets stakeholder needs. After the review period, the guidance will be updated to reflect comments received during the national engagement period, with a target publishing date in the spring of 2024.
See FEMA’s National Resilience Guidance page to learn more about this project, register for any of the six upcoming listening sessions, and learn about additional ways you can network with other stakeholders and contribute your input.
(Source: FEMA)
On March 20, the Department of Transportation’s (DOT’s) Pipeline and Hazardous Materials Safety Administration (PHMSA) announced more than $25 million in grant funding through its pipeline and hazardous materials safety programs.
These grants are for projects that will train first responders, strengthen safety programs, reduce environmental impacts, and educate the public on local safety initiatives.
The funding will go towards the following grants. Each grant program is listed below with its Fiscal Year (FY) 2023 application due date and estimated total program funding. Each grant is linked to its FY 2023 Notice of Funding Opportunity (NOFO) on Grants.gov.
Pipeline Safety
-
Pipeline Emergency Response Grants (PERG) – May 4, 2023, $6,463,841.
-
Competitive Academic Agreement Program Grants (CAAP) – May 19, 2023, $4,000,000.
-
Technical Assistance Grants (TAG) – May 4, 2023, $2,000,626.
-
State Damage Prevention Grants (SDP) – May 4, 2023, $1,500,000.
-
One-Call Grants – May 4, 2023, $1,058,000.
Hazardous Materials Safety
-
Hazardous Materials Instructor Training Grants (HMIT) – May 5, 2023, $4,000,000.
-
Hazardous Materials State Inspection Grants (HMSI) – June 19, 2023, $4,000,000.
-
Assistance for Local Emergency Response Training Grants (ALERT) – May 5, 2023, $1,000,000.
-
Hazardous Materials Emergency Preparedness (HMEP) Tribal Grants – May 19, 2023, $1,000,000.
-
Supplemental Public Sector Training Grants (SPST) – June 19, 2023, $1,000,000.
-
Community Safety Grants (CSG) – May 5, 2023, $1,000,000.
Learn more about PHSMA’s pipeline and hazardous materials safety grant programs at: https://www.phmsa.dot.gov/about-phmsa/working-phmsa/grants
(Sources: PHMSA, Grants.gov)
Lexipol is hosting a webinar, What Is CSST? And Why Firefighters Must Know. Lessons Learned from 2 LODDs, on Thursday, April 6, at 1 p.m. EDT.
CSST, or corrugated stainless steel tubing, is utilized in homes across the country to deliver propane and natural gas. If lightning strikes on or near a structure with CSST, it can travel through the structure's gas piping system, resulting in failure of the piping followed by a gas leak or a fire.
This sequence of events was identified as the cause for two fires that resulted in line-of-duty deaths in recent years, both in the state of Maryland. The first fire was in a residential structure on July 23, 2018, resulting in the death of Lieutenant Nathan Flynn of Howard County, Maryland. The second incident was a residential fire on August 11, 2021, in Frederick County, Maryland that resulted in the line-of-duty death of Battalion Chief Josh Laird.
The National Institute of Occupational Safety and Health (NIOSH) released a Fire Fighter Fatality Investigation and Prevention Program (FFFIPP) report on the incident that killed Lieutenant Flynn in November 2022. The NIOSH investigation into the incident that killed Battalion Chief Laird is still ongoing (FFFIPP report #2021-14).
The state of Maryland signed the Flynn and Laird Act into law in October 2022, and the Act is so named to honor these two fallen firefighters. In Maryland, the Flynn and Laird Act now requires CSST to be “arc-resistant and jacketed” when used for natural gas and propane pipes in new residential or commercial buildings, or when replacing lines in these structures.
In next week’s webinar, join the wives of these two fallen firefighters, the leadership from their fire departments, and Deputy Chief Billy Goldfeder of the Loveland-Symmes, Ohio Fire Department, to learn more about:
- Legislation that can help prevent future CSST fires.
- How to recognize a possible CSST fire and understand the associated risks.
- The dynamics of a CSST fire.
- Steps you can take to increase awareness about CSST-related fires.
This webinar is free and open to all. If you would like to attend, please visit Lexipol’s registration page for this webinar to complete the brief registration form. The webinar recording will be available to all registrants after the event.
(Sources: Lexipol, NIOSH, FirefighterCloseCalls.com, Maryland General Assembly)
|
|
CIRCIA at one year: A look behind the scenes
It has been one year since the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) was signed into law.
One of the most vital aspects of CIRCIA is that it enhances the Cybersecurity and Infrastructure Security Agency’s (CISA’s) ability to use cybersecurity incident and ransom payment information reported to the agency to spot trends in real-time, fill critical information gaps, rapidly deploy resources to help entities that are suffering from cyberattacks, and share information to warn other potential victims.
Reporting cyber incidents is so vitally important that CIRCIA established mandatory reporting requirements that will be implemented through regulation. These requirements apply to covered entities that have experienced a covered cyber incident or made a ransom payment. CISA is required by CIRCIA to publish a Notice of Proposed Rulemaking by March 2024 and open it for public comment. CISA is currently working in accordance with the timeline provided by CIRCIA to develop thoughtful regulations that will become effective after a final rule is published.
While these reporting regulations will only impact covered entities, CISA encourages all critical infrastructure owners and operators to voluntarily share information on cyber incidents, phishing attempts, malware and vulnerabilities, to help prevent other organizations from falling victim to similar incidents. It’s easy to do at cisa.gov/report.
Read the full blog article at CISA.gov.
(Source: CISA)
|
|
Getting ahead of the ransomware epidemic: CISA’s pre-ransomware notifications help organizations stop attacks before damage occurs
CISA recently announced an important initiative, the Ransomware Vulnerability Warning Pilot, to help organizations more quickly fix vulnerabilities that are targeted by ransomware actors.
On March 21, CISA announced a related effort that is already showing impact in actually reducing the harm from ransomware intrusions: a Pre-Ransomware Notification Initiative. This effort is coordinated as part of CISA’s interagency Joint Ransomware Task Force.
This remarkable effort relies on two key elements:
- First, CISA’s Joint Cyber Defense Collaborative (JCDC) gets tips from the cybersecurity research community, infrastructure providers, and cyber threat intelligence companies about potential early-stage ransomware activity. Any organization or individual with information about early-stage ransomware activity is urged to contact CISA at Report@cisa.dhs.gov.
- Once CISA receives a notification, field personnel across the country get to work notifying the victim organization and providing specific mitigation guidance. Where a tip relates to a company outside of the United States, CISA works with international CERT partners to enable a timely notification.
For more information, visit #StopRansomware. To report early-stage ransomware activity, visit Report Ransomware.
(Source: CISA)
Untitled Goose Tool aids hunt and incident response in Azure, Azure Active Directory, and Microsoft 365 environments
On March 23, CISA released the Untitled Goose Tool to help network defenders detect potentially malicious activity in Microsoft Azure, Azure Active Directory (AAD), and Microsoft 365 (M365) environments. The Untitled Goose Tool offers novel authentication and data gathering methods for network defenders to use as they interrogate and analyze their Microsoft cloud services.
Untitled Goose Tool was developed by CISA with support from Sandia National Laboratories. Network defenders can see the Untitled Goose Tool fact sheet and visit the Untitled Goose Tool GitHub repository to get started.
(Source: CISA)
HC3: HPH mobile device security checklist
Mobile devices are prevalent in the health sector, and due to their storage and processing of private health information (PHI) as well as other sensitive data, these devices can be a critical part of healthcare operations. As such, their data and functionality must be protected. This document represents a basic checklist of recommended items for health sector mobile devices to maintain security, including data in motion and at rest, as well as the capabilities of the device itself.
Read the full report from the Department of Health and Human Services (HHS) Health Sector Cybersecurity Coordination Center (HC3).
(Source: HHS HC3)
WiFi protocol flaw allows attackers to hijack network traffic
Cybersecurity researchers have discovered a fundamental security flaw in the design of the IEEE 802.11 WiFi protocol standard, allowing attackers to trick access points into leaking network frames in plaintext form. This attack is possible using custom tools created by the researchers called MacStealer, which can test WiFi networks for client isolation bypasses and intercept traffic destined for other clients at the MAC layer.
The technical details and research are available in a USENIX Security 2023 paper, which will be presented at the upcoming BlackHat Asia conference on May 12, 2023.
The researchers warn that these attacks could be used to inject malicious content, such as JavaScript, into TCP packets. The researchers report that network device models from Lancom, Aruba, Cisco, Asus, and D-Link are known to be affected by these attacks. A full list of tested network device models that were found to be vulnerable is available via the full article and associated research report. Currently, there are no known cases of malicious use of the flaw discovered by the researchers.
(Source: Bleeping Computer)
Elon Musk and tech leaders urge pause in AI boom, citing 'profound risks'
Elon Musk, along with a number of tech executives and experts in AI, computer science and other disciplines, in an open letter published Tuesday, March 28, urged leading artificial intelligence labs to pause development of AI systems more advanced than GPT-4, citing "profound risks" to human society.
The open letter, issued by the nonprofit Future of Life Institute, counts more than 1,000 signatories, including Musk, Apple co-founder Steve Wozniak, Stability AI CEO Emad Mostaque and Sapiens author Yuval Noah Harari. It calls for an immediate halt in training of systems for at least six months, which must be public, verifiable and include all public actors.
Since the start of the year, a growing list of companies, including Google, Microsoft, Adobe, Snapchat, DuckDuckGo and Grammarly, have announced services that take advantage of generative AI skills. AI experts are spooked by where all this might be heading, and by companies rushing out products without adequate safeguards or even an understanding of the implications.
(Source: CNET)
|
|
The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures. |
|
|
Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.
Linking Policy and Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites, or the information, products or services contained therein. We provide these links and pointers solely for your information and convenience. When you select a link to an outside website, remember that you are subject to the privacy and security policies of the owners/sponsors of the outside website. To view information and resources on the policies that govern FEMA web content visit FEMA Website Information.
Section 504 Notice:
Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.
|
|
|
|
|
