View as a webpage / Share

Volume 23 — Issue 17 | April 27, 2023

FBI releases first report on new Law Enforcement Officer Suicide Data Collection

In June 2020, the Law Enforcement Suicide Data Collection Act became law and directed the Federal Bureau of Investigation (FBI) to establish a new program to better understand and ultimately prevent law enforcement officer suicides.

The FBI launched the Law Enforcement Officers Suicide Data Collection (LESDC) Program in January 2022 and began collecting information on law enforcement suicides via the Law Enforcement Enterprise Portal (LEEP). Law enforcement, corrections, telecommunications, and judicial system agencies provide data to the collection.

The FBI recently released its first annual report on the LESDC Program, based on the data collected from 22 agencies in 2022. The data show 32 deaths by suicide and 9 attempted suicides, totaling 41 reported incidents in 2022. The FBI acknowledges that the 2022 data collection is limited since the LESDC is in its first year and participation is voluntary.

Of the 32 suicide deaths, most involved a firearm (28 of 32 deaths). The most common location was in a residence (30 of the 41 total suicides or attempted suicides).

The report breaks down suicides and attempted suicides by years of experience:

• 0-5 years of experience – 15.
• 6-10 years of experience – 6.
• 11-20 years of experience – 9.
• 21-30 years of experience – 10.
• 31+ years of experience – 1.

Some of the potential contributing factors that were most widely reported among suicide deaths included relationship problems (26%), depression (23%), and other psychological or physical distress (19%) including burnout, post-traumatic stress disorder, and chronic illness. Among the attempted suicides, many cited relationship problems along with increased social isolation. 19% of agencies reported that there were no observed warning signs prior to the suicide.

You can access this report and learn more about this data collection on the LESDC landing page of the FBI's Crime Data Explorer website.

(Source: FBI)

Highlights

FBI releases first report on new Law Enforcement Officer Suicide Data Collection

April is Autism Awareness Month: Resources for first responders

FY 2023 SAFECOM Guidance on Emergency Communications Grants

Arson Awareness Week is May 7-13, webinar May 8

Cyber Threats

The U.S. Fire Administration operates the Emergency Management and Response – Information Sharing and Analysis Center (EMR-ISAC).

For information regarding the EMR-ISAC visit www.usfa.dhs.gov/emr-isac or contact the EMR-ISAC office at: (301) 447-1325 and/or fema-emr-isac@fema.dhs.gov.

April is Autism Awareness Month: Resources for first responders

April is Autism Awareness Month. Throughout April, the Department of Health and Human Services (HHS), Interagency Autism Coordinating Committee (IACC) and many national and international advocacy groups have been honoring the contributions and recognizing the needs of people on the autism spectrum.

Autism awareness is essential for all members of the community, but it is especially important for first responders.

The Centers for Disease Control and Prevention (CDC) reported in a March 2023 Morbidity and Mortality Weekly Report that the number of individuals diagnosed with autism increased between 2018 and 2020, from 1 in 44 children (2.3%) in 2018 to 1 in 36 children (2.8%) in 2020. This data was gathered from 11 sites within the CDC’s Autism and Developmental Disabilities Monitoring Network (ADDM). While the ADDM is not representative of the total United States population, it is the only network to track the number and characteristics of children with autism and other developmental disabilities in multiple communities throughout the United States over an extended period of time.

There is wide variation in the ways that those with autism may behave, communicate, and interact. For example, some of the things individuals on the autism spectrum may struggle with include emergency sights and sounds or being touched. For some individuals with autism, these can trigger anxiety and lead to outbursts that could look like noncompliance with the instructions of law enforcement or other first responders who are trying to help.

The CDC provides many resources to increase awareness of the unique abilities, behaviors, and needs of those on the autism spectrum. The non-profit Autism Speaks provides an extensive resource collection tailored to first responders as part of its Autism Safety Project. These resources include information and awareness training that can assist first responders in recognizing symptoms of autism and developing best practices for interacting with those who have autism during a response.

(Sources: IACC, CDC, Autism Speaks)

FY 2023 SAFECOM Guidance on Emergency Communications Grants

The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with SAFECOM and the National Council of Statewide Interoperability Coordinators (NCSWIC), recently published the Fiscal Year (FY) 2023 SAFECOM Guidance on Emergency Communications Grants (SAFECOM Guidance).

The SAFECOM Guidance is updated every year in coordination with stakeholders to help state, local, tribal, and territorial governments in obtaining federal funding for investment in emergency communications projects. The SAFECOM Guidance includes:

• Recommendations for planning, coordinating, and implementing projects.
• Emergency communications activities that can be funded through federal grants.
• Best practices, policies, and technical standards that help to improve interoperability.
• Resources to help recipients comply with technical standards and common grant requirements.

Visit CISA’s SAFECOM Funding and Sustainment page to access the FY 2023 SAFECOM Guidance, a continually updated list of relevant federal financial assistance programs, and many other resources. Contact emergency-comms-grants@cisa.dhs.gov with any questions.

(Source: CISA)

Arson Awareness Week is May 7-13, webinar May 8

Arson destroys more than buildings; arson can take lives and rob communities of their valuable assets and property, which can be economically devastating.

The United States Fire Administration (USFA) will be observing Arson Awareness Week from May 7-13, 2023. This year’s theme is “Understanding and Mitigating Youth Firesetting Issues.”

Fire misuse behaviors in children may be attributed to issues such as curiosity or experimentation, underlying struggles with impulse control, emotional regulation, social/interpersonal skills, childhood trauma, or other behavioral health conditions. Children observe adults using matches and lighters but may not be taught about important fire safety practices. They may also observe unsafe uses of fire in media, videos and gaming.

The USFA and the National Volunteer Fire Council (NVFC) will co-host a webinar on Monday, May 8, at 2 p.m. EDT to present current best practices and tips to prevent and mitigate youth firesetting in communities across the country.

Visit the USFA’s webpage for Arson Awareness Week to register for the webinar and access resources that can help fire departments, parents and caregivers prevent children from experimenting with fire.

(Source: USFA)

Cyber Incident Assistance

MS-ISAC
SOC@cisecurity.org
1-866-787-4722

IdentityTheft.gov

IC3

Cybercrime Support Network

General Information

StopRansomware.gov

CISA's Known Exploited Vulnerabilities Catalog

FTC scam list

CISA alerts

Law Enforcement Cyber Center

TLP Information

CISA announces plans to establish Logging Made Easy service

On April 20, the Cybersecurity and Infrastructure Security Agency (CISA) announced plans to develop and establish Logging Made Easy (LME) tool, a service originally developed and maintained by the United Kingdom’s National Cyber Security Centre (NCSC-UK) until March 31, 2023.

LME is an open-source log management solution for Windows-based devices which reduces a user’s log management burden by providing integrated capabilities that generate greater transparency into operating system and network security across deployed devices. LME is particularly useful for those that manage their organization’s catalog of Windows-based equipment and who lack the resources for a more robust commercial solution.

(Source: CISA)

Abuse of the Service Location Protocol may lead to DoS attacks

The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated remote attacker to register arbitrary services. This could allow an attacker to use spoofed UDP traffic to conduct a denial-of-service (DoS) attack with a significant amplification factor.

Researchers from Bitsight and Curesec have discovered a way to abuse SLP—identified as CVE-2023-29552—to conduct high amplification factor DoS attacks using spoofed source addresses.

(Source: CISA)

CISA, Cyber National Mission Force leaders share how they partner: First-ever ops revealed to industry

On April 24, CISA’s Executive Assistant Director for Cybersecurity and U.S. Cyber Command’s Cyber National Mission Force (CNMF) commander delivered a presentation at the RSA Conference on the importance of partnership in defending America’s critical infrastructure while holding malicious cyber actors accountable.

The leaders shared newly declassified details of interagency responses to cyberattacks from nation-state actors and cybercriminals, including how CNMF shares information from foreign operations to enable CISA’s domestic defensive mission. They also discussed how CISA shares information from domestic cyber incidents to enable CNMF’s operations to impose costs on foreign malicious cyber actors. They discussed case studies, including the “SolarWinds” campaign, the mitigation of Chinese hacking of Microsoft Exchange, the disruption of Iranian targeting of an election reporting website, and ongoing data-sharing from cybercriminal targeting of federal agencies and educational institutions to enable CNMF operations.

(Source: CISA)

China revises law to include certain cyberattacks as ‘acts of espionage’

The Chinese government passed an expansion of its counterespionage law on Wednesday, April 26, that would, among other things, allow people to be charged as spies if they target critical infrastructure or government bodies with cyberattacks.

The revised version of the 2014 law was passed by China's Standing Committee of the National People's Congress (NPC), state media outlet Xinhua reported, and will go into effect on July 1.

According to a translation of the most recent draft version of the law, “acts of espionage” now formally include “Network attacks [or] intrusions … targeting state organs, units involved with secrets, or critical information infrastructure” perpetrated or funded by spying organizations and affiliated agents.

More broadly, the espionage law also applies to “agencies, organs, individuals, or other collaborators domestically or outside” China who are involved in cyberattacks.

Since September 2022, the Chinese government has repeatedly accused the U.S. National Security Agency of hacking into the network of the government-backed Northwestern Polytechnical University, stealing data on “sensitive identities” within China.

In February, Cybersecurity and Infrastructure Security Agency chief Jen Easterly warned of “China’s massive and sophisticated hacking program,” saying the country faced cyber intrusions by the Chinese government “every day.”

(Source: The Record)

San Bernardino County sheriff's office struggling to recover from ‘malware’ incident

The San Bernardino County Sheriff’s Department’s public information officer told Recorded Future News that the Southern California department first identified a network disruption on April 7 and later confirmed that it involved malware.

A local news outlet reported on Sunday, April 23, that the department is still struggling to recover from the incident, with officers having to use radios to run license plate checks or get further information on suspects. The agency has 15 patrol stations and about 3,800 employees overall. The department initially shut down email and internet services as well as the computers used by officers in their cars.

The attack began when an officer clicked on a malicious link, according to ABC7.

The San Bernardino agency is the latest law enforcement institution to deal with a cyberattack. Last month, a ransomware group leaked data stolen from the Washington County Sheriff’s Office in northeastern Florida and two weeks ago, a New Jersey police department said it was struggling to rebound from its own ransomware attack.

Several other police departments were forced to resort to pen and paper due to cyberattacks, including offices in Ohio and New York. Even the U.S. Marshals Service was hit with a ransomware attack that exposed troves of sensitive data.

Ransomware groups have also launched several recent attacks on police departments across California, including incidents in Modesto, Oakland and San Francisco.

(Source: The Record)

PaperCut says hackers are exploiting ‘critical’ security flaws in unpatched servers

Print management software maker PaperCut says attackers are exploiting a critical-rated security vulnerability to gain access to unpatched servers on customer networks.

PaperCut offers two print management products, PaperCut NG and PaperCut MF, used by local governments, large enterprises and healthcare and education institutions. PaperCut’s website says it has over 100 million users from more than 70,000 organizations worldwide.

In an advisory last week, PaperCut said that a critical vulnerability it patched earlier in March was under active attack against machines that had yet to install the security update. The vulnerability, tracked as CVE-2023-27350, is scored 9.8 out of a possible 10 in vulnerability severity as it could allow an unauthenticated attacker to remotely execute malicious code on a server without needing credentials.

(Source: TechCrunch)

Google’s new two-factor authentication isn’t end-to-end encrypted, tests show

An examination by security researchers finds an alarming flaw in the search giant's new feature, which syncs your Authenticator app across devices.

Google’s Authenticator app provides unique codes that website logins may ask for as a second layer of security on top of passwords. On Monday, April 24, Google announced a long-awaited feature, which lets you sync Authenticator to a Google account and use it across multiple devices. That’s great news, because in the past, you could end up locked out of your account if you lost the phone with the authentication app installed.

The researchers who uncovered the problem found the app didn’t prompt or offer an option to use a passphrase to protect the “secrets.” In the security community, “secrets” is the term for credentials that work as a key to unlock an account or a tool.

The tests found the unencrypted traffic contains a “seed” that’s used to generate the two-factor authentication codes. Anyone with access to that seed can generate their own codes for your accounts and break in.

You can use Google Authenticator without tying it to your Google account or syncing it across devices, which avoids this issue. Unfortunately, that means it might be best to avoid a useful feature that users spent years clamoring for.

(Source: Gizmodo)

The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures.

Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.

Linking Policy and Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites, or the information, products or services contained therein. We provide these links and pointers solely for your information and convenience. When you select a link to an outside website, remember that you are subject to the privacy and security policies of the owners/sponsors of the outside website. To view information and resources on the policies that govern FEMA web content visit FEMA Website Information.

Section 504 Notice:
Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.