View as a webpage / Share

Volume 23 — Issue 15 | April 13, 2023

NWCG’s Wildland Fire Safety Training Annual Refresher updated for 2023

The National Wildfire Coordinating Group (NWCG) recently announced that the 2023 Wildland Fire Safety Training Annual Refresher (WFSTAR) Core Components are now available.

All designated NWCG positions with fireline duties and any position assigned to the fireline for non-suppression tasks must complete WFSTAR training annually to maintain currency. A complete list of positions for which this training is required is provided on the NWCG’s WFSTAR website.

WFSTAR training modules are focused on operations and decision-making issues related to fireline safety so that line-going personnel can recognize and mitigate risk, maintain safe and effective practices, and reduce accidents and near misses.

The following modules were added in 2023:

• 2022 Fire Year in Review.
• A module on Vehicle Safety Operations, with three new lessons on Hub Locking and 4WD Operation, Parked Regen for Diesel Engine, and Tire Information and Inspection.
• Two case studies supporting the “Incident Reviews and Lessons Learned” core component: the 1987 Lauder Fire in northwestern California and the 1985 Golden Gate Estates Fire in Naples, Florida.
• Working with Heavy Equipment.
• Digital Maps.

The WFSTAR modules must be delivered as instructor-led training. Some modules must be delivered in person, but others can be delivered in a virtual instructor-led format. Local agency units are responsible for scheduling WFSTAR training. Check the Wildland Fire Learning Portal (WFLP) and contact the local Training Officer in your area.

The WFSTAR modules are listed in the NWCG training catalog under course code RT-130. All available modules within WFSTAR are listed in the WFSTAR catalog, indicating the year they were added to WFSTAR and which categories and core components each module supports. All modules include lesson plans, instructional videos, and supporting resources.

WFSTAR is a year-round program. Training materials are developed throughout the year and posted on NWCG’s WFSTAR website when completed, so check back for additional resources that may be posted later in 2023.

(Source: NWCG)

Highlights

NWCG’s Wildland Fire Safety Training Annual Refresher updated for 2023

CBRNResponder: FEMA’s one-stop shop for CBRN incident management and data sharing, next nationwide drill May 1-5

DHS launches PreventionResourceFinder.gov for easier access to targeted violence and terrorism prevention resources

CISA NECP webinar: Is this thing on? Using backup communications systems to ensure mission readiness

Cyber Threats

The U.S. Fire Administration operates the Emergency Management and Response – Information Sharing and Analysis Center (EMR-ISAC).

For information regarding the EMR-ISAC visit www.usfa.dhs.gov/emr-isac or contact the EMR-ISAC office at: (301) 447-1325 and/or fema-emr-isac@fema.dhs.gov.

CBRNResponder: FEMA’s one-stop shop for CBRN incident management and data sharing, next nationwide drill May 1-5

Emergencies involving chemical, biological, or radioactive/nuclear (CBRN) materials usually require a complex incident response, whether they are intentionally or accidentally caused.

During a CBRN incident, environmental sampling, mapping, and computer modeling are often used to characterize the location and extent of a release and to predict the movement of hazardous materials in the environment. This generates a lot of data that must be analyzed quickly for decision-making and development of a common operating picture. Technology that facilitates incident management and the rapid capture and sharing of data is often needed in CBRN incidents.

The CBRNResponder Network is a secure, cloud-based platform for CBRN incident data sharing and multi-hazard event management. It is intended to serve as a hub and one-stop shop for all-hazards planning, preparedness, operational tools and resources.

CBRNResponder is sponsored by the Federal Emergency Management Agency (FEMA) and other federal partners and is free to all federal, state, local, tribal, and territorial (FSLTT) emergency response organizations. The service is intended to be used by SLTT agencies to manage their own CBRN incidents and associated data. However, the service integrates with federal assets if a Stafford Act declaration is requested.

CBRNResponder began as a tool for management of radiological and nuclear emergencies. Based on lessons learned from responder feedback after the 2011 Fukushima Dai-ichi nuclear power plant emergency, the RadResponder program was initially launched in 2013 to close capability gaps in real-time radiological data collection, management and sharing.

In 2016, RadResponder was codified in FEMA’s Nuclear/Radiological Incident Annex (NRIA) to the Response and Recovery Federal Interagency Operational Plans as the “national standard and Whole Community solution for the management of radiological data.” This means RadResponder is here to stay as a service for SLTT agencies whenever they need it.

Today’s CBRNResponder Network has expanded on the foundation established by the RadResponder program to include:

• RadResponder.
• ChemResponder.
• BioResponder.
• The Interagency Modeling and Atmospheric Assessment Center (IMAAC) Portal.

ChemResponder and BioResponder add capabilities requested by SLTT agencies to facilitate data collection and analysis for chemical and biological emergencies.

The IMAAC Portal allows any CBRNResponder user to request IMAAC plume models. IMAAC can then seamlessly push models and briefing products to users for exercises or real-world emergencies.

Today, more than 2,200 emergency response organizations and more than 13,000 responders are using the CBRNResponder Network. The network is supported by a 24/7 emergency support hotline. Live training webinars are conducted monthly, and recordings are posted to CBRNResponder’s YouTube channel and the CBRNResponder Network website.

FEMA’s CBRN Office conducts nationwide drills several times a year, providing the opportunity to practice using the network’s capabilities and features while assessing your organization’s readiness to respond to a CBRN incident in a low-pressure, non-attributional training environment.

The next nationwide drill is scheduled for May 1-5, 2023. This drill will use ChemResponder in a chemical incident scenario: Information Sharing During Rail-Tank Car Emergencies Involving Hazardous Materials. See the April 2023 CBRNResponder newsletter to learn more. This drill is open to all CBRNResponder users.

To learn more about the CBRNResponder Network, visit the website at CBRNResponder.net and see the National Introductory Training video. If you are interested in joining, please email support@cbrnresponder.net to request an account. Please share this information widely with your colleagues and partner agencies.

(Source: FEMA)

DHS launches PreventionResourceFinder.gov for easier access to targeted violence and terrorism prevention resources

The Department of Homeland Security (DHS) and its federal partners recently launched PreventionResourceFinder.gov, a new website that will help prevent targeted violence and terrorism by giving the public easier access to available grants, research, training opportunities, and other resources across 17 federal agencies.

PreventionResourceFinder.gov builds upon the White House’s National Strategy for Countering Domestic Terrorism, released in June 2021, and last year’s United We Stand Summit. Nearly 100 federal resources are featured on PreventionResourceFinder.gov at initial launch. The site will be continuously updated with new and refined content to support communities nationwide.

PreventionResourceFinder.gov is organized into five searchable categories:

• Community Support Resources.
• Evidence-Based Research.
• Grant Funding Opportunities.
• Information-Sharing Platforms.
• Training Opportunities.

Each category is further organized by the audience it is intended to reach including community partners, faith-based organizations, educators, behavioral health providers, and others. The site offers a wide array of resources including educational materials, trainings, and information on grant funding.

Learn more at www.PreventionResourceFinder.gov or email preventionresourcefinder@hq.dhs.gov with questions.

(Source: DHS)

CISA NECP webinar: Is this thing on? Using backup communications systems to ensure mission readiness

The Cybersecurity and Infrastructure Security Agency (CISA) will host a webinar on Wednesday, April 26 at 1 p.m. EDT: Is this thing on? Using backup communications systems to ensure mission readiness.

Maintaining emergency communications capabilities before, during, and after emergencies is critical for sharing life-saving information. To achieve this level of preparedness, public safety organizations need to collaborate with other partners to plan for and establish redundancies, as well as routinely assess the readiness of their primary, secondary, and backup communications capabilities.

However, the SAFECOM Nationwide Survey (SNS) found that most public safety organizations are not properly testing their backup communications systems. For out-of-the ordinary situations when multiple organizations and agencies are involved and backup systems are most likely to be needed, just 26% of organizations test their backup voice and only 15% test their backup data.

During this webinar, participants will hear from the Chairman of the Federal Communications Commission Regional Planning Committee 20 about real-world examples showcasing collaborative planning approaches and best practices for establishing and testing interoperable backup capabilities.

In addition, the presentation will review recommendations in the National Emergency Communications Plan (NECP) for achieving and maintaining resilient backup systems and provide access to resources that ensure backup system readiness.

This webinar is open to all and no advanced registration is required. Mark your calendar for Wednesday, April 26 at 1 p.m. EDT. At the scheduled time, join via CISA’s HSIN Connect room for the NECP webinar series: https://share.dhs.gov/necpwebinars. A HSIN account is not required to join; participants may enter the room as a guest. You must dial in for audio using the following information: 800-857-6546; participant passcode: 3442408.

Visit CISA’s website to learn more about this webinar and to view past and upcoming webinars in CISA’s Implementing the National Emergency Communications Plan webinar series. If you have any questions, contact necp@cisa.dhs.gov

(Source: CISA)

Cyber Incident Assistance

MS-ISAC
SOC@cisecurity.org
1-866-787-4722

IdentityTheft.gov

IC3

Cybercrime Support Network

General Information

StopRansomware.gov

CISA's Known Exploited Vulnerabilities Catalog

FTC scam list

CISA alerts

Law Enforcement Cyber Center

TLP Information

US and international partners publish secure-by-design and -default principles and approaches

On Thursday, April 13, CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the cybersecurity authorities of Australia, Canada, United Kingdom, Germany, Netherlands, and New Zealand (CERT NZ, NCSC-NZ) published Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default.

This joint guidance urges software manufacturers to take urgent steps necessary to ship products that are secure-by-design and -default.  This guidance, the first of its kind, is intended to catalyze progress toward further investments and cultural shifts necessary to achieve a safe and secure future.

In addition to specific technical recommendations, this guidance outlines several core principles to guide software manufacturers in building software security into their design processes prior to developing, configuring, and shipping their products.

(Source: CISA)

FBI warns against using public USB charging ports

The FBI is warning the public against using charging stations in malls and at airports, according to a tweet from the bureau's Denver office. The public charging stations could be a conduit for bad actors to introduce malware onto personal devices, officials warn. The FBI didn't respond to ABC News' request for comment on whether there has been a rise in malicious activity related to the cyber-theft tactic known as "juice jacking." A 2021 alert posted by the Federal Communications Commission warned that using a public charger could lead to malicious software on a device without the user's knowledge.

(Source: ABC News)

CISA releases updated Zero Trust Maturity Model

On Tuesday, April 11, CISA published Zero Trust Maturity Model version 2, incorporating recommendations from a public comment period, and furthering the federal government’s continued progress toward a zero trust approach to cybersecurity in support of the National Cybersecurity Strategy. While the Zero Trust Maturity Model is specifically intended for federal agencies, all organizations should review this guidance and take steps to advance their progress toward a zero trust model.

(Source: CISA)

HC3 Threat Brief: Electronic Medical Records Still a Top Target for Cyber Threat Actors

This Threat Brief from the Department of Health and Human Services (HHS) Health Sector Cybersecurity Coordinating Council (HC3) covers electronic medical/health records (EMRs/EHRs), what they are, how they are used by the health sector, and risks and benefits of their use.

The Threat Brief provides a summary of notable data breaches and cyber incidents, trends in healthcare data breaches between 2010-2022 and an analysis of why EMRs/EHRs are valuable targets to cyber criminals.

Electronic medical/health records will continue to be a significant part of the healthcare industry. The presentation overviews the ways EMR/EHR use will likely grow in the future in various healthcare applications, such as in cloud computing, robotic process automation, telehealth, voice recognition and the Internet of Things, wearable devices, and more. The presentation concludes with recommendations for the health sector to continually strengthen their cybersecurity posture.

(Source: HHS HC3)

3CX confirms North Korean hackers behind supply chain attack

VoIP communications company 3CX confirmed on Tuesday, April 11, that a North Korean hacking group was behind last month's supply chain attack. The attackers infected 3CX systems with malware known as Taxhaul (or TxRLoader), which deployed a second-stage malware downloader named Coldcat by Mandiant.

The malware achieved persistence on compromised systems through DLL side-loading via legitimate Microsoft Windows binaries, making it harder to detect. macOS systems targeted in the attack were also backdoored with malware named Simplesea that Mandiant is still analyzing to determine if it overlaps with previously known malware families.

3CX says its 3CX Phone System is used by over 600,000 companies worldwide and over 12 million users daily, including high-profile companies and organizations like American Express, Coca-Cola, McDonald's, Air France, IKEA, the UK's National Health Service, and multiple automakers.

(Source: Bleeping Computer)

Criminal marketplace disrupted in international cyber operation

The Justice Department announced on Wednesday, April 5, a coordinated international operation against Genesis Market, a criminal online marketplace that advertised and sold packages of account access credentials.

Since its inception in March 2018, Genesis Market has offered access to data stolen from over 1.5 million compromised computers around the world containing over 80 million account access credentials. Account access credentials advertised for sale on Genesis Market included those connected to the financial sector, critical infrastructure, and federal, state, and local government agencies.

Victim credentials obtained over the course of the investigation have been provided to the website Have I Been Pwned, which is a free resource for people to quickly assess whether their access credentials have been compromised (or “pwned”) in a data breach or other activity. Victims can visit HaveIBeenPwned.com to see whether their credentials were compromised by Genesis Market.

(Source: DOJ)

The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures.

Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.

Linking Policy and Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites, or the information, products or services contained therein. We provide these links and pointers solely for your information and convenience. When you select a link to an outside website, remember that you are subject to the privacy and security policies of the owners/sponsors of the outside website. To view information and resources on the policies that govern FEMA web content visit FEMA Website Information.

Section 504 Notice:
Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.