|
Volume 23 — Issue 21 | May 25, 2023 |
|
In January 2023, the Department of Defense (DOD) issued a new performance specification for firefighting foams used by the military. The specification outlines the functional requirements for firefighting foams used on military bases. These foams must be able to effectively extinguish class B hydrocarbon liquid fuel fires without containing per- and polyfluoroalkyl substances (PFAS).
PFAS have been used in aqueous film-forming foams (AFFFs) for fighting liquid fuel fires since the 1970s. PFAS act as surfactants within the firefighting foam to help the foam form a more stable ‘blanket’ over the liquid fuel. This blanket functions as a vapor barrier which prevents flammable vapors from escaping from the liquid. This helps both to extinguish the fire and to prevent additional ignition of vapors. The more stable and long-lasting this foam blanket is, the more effective the foam is at containing flammable vapors and ultimately extinguishing the fire.
The use of foams that do not contain any PFAS – also called “fluorine-free foams” - raises safety concerns and operational challenges for firefighters.
Fluorine-free foams have less burn-back resistance than PFAS-containing foams. In practice, this means that while the fluorine-free foam will initially form a blanket over the liquid fuel, this foam blanket will break down much more quickly. The breakdown of the foam blanket could result in “burn back” due to the ignition of flammable vapors escaping from the liquid.
Although PFAS-containing foams are more effective than fluorine-free foams, their environmental and health risks can no longer be ignored. These are very persistent “forever chemicals” that do not degrade naturally in the environment, and which have been linked to harmful effects on humans and animals in numerous scientific studies.
Many efforts are currently underway to find effective alternatives to PFAS-containing firefighting foams. However, given the rapidly evolving legislation and the urgency of the issue, researchers are hoping to find additives to existing foam formulations that can be deployed faster in the field.
Researchers at the Johns Hopkins Applied Physics Laboratory (APL) in Laurel, Maryland, are testing and evaluating additives to enhance firefighting capabilities of commercially available PFAS-free fire suppressants for military use.
The team started with laboratory experiments at APL, characterizing chemical properties of the foams such as viscosity and surface tension. They progressed to small-scale fire tests to verify the correlation between these variables and identify the most promising combinations of foams and additives. While the additives demonstrated significant improvement in the firefighting capabilities of the PFAS-free foams, they still don’t meet military specifications for legacy AFFF yet. Johns Hopkins APL’s research is ongoing.
Visit Johns Hopkins APL’s website to learn more and stay updated on this research.
(Source: DOD, Johns Hopkins APL)
|
|
The Federal Partnership for Interoperable Communications (FPIC) just released The Who, What, When, Where, Why, and How of Encryption in P25 Public Safety Land Mobile Radio Systems.
Much emphasis on encryption arises from public concern over privacy and the duty of public safety entities to provide such privacy while also protecting sensitive information.
Additionally, public safety officials have operational security concerns. With the proliferation and online availability of radio scanners, scanner applications, frequency jammers, and radio cloning devices, how can officials protect wirelessly transmitted information about investigations and tactical operations? In the aftermath of a crime, how do officers keep operational information confidential when setting up roadblocks or establishing search areas? During a disaster, how do rescue teams share critical information free from eavesdropping, which could lead to news coverage or crowds that may disrupt a life-saving operation?
The best available solution is encryption.
This comprehensive guide provides readers new to the topic of encryption with a discussion of the basic issues related to establishing and maintaining effective encryption for Project 25 (P25) interoperable land mobile radio (LMR) communications systems. The document is an update and combination of previously published documents issued by the FPIC, SAFECOM, and the National Council of Statewide Interoperability Coordinators (NCSWIC) in 2016.
The document can be used as a guide for planning, implementing, and managing an LMR encryption strategy and presents real-world examples of why encryption is important and necessary for protecting sensitive information during critical operations. Finally, the document discusses encryption best practices for P25 LMR systems and information that should be considered when evaluating encryption solutions.
FPIC works with CISA’s Emergency Communications Preparedness Center Steering Committee, SAFECOM, the National Council of Statewide Interoperability Coordinators (NCSWIC) and other partners and representatives from federal, state, local, territorial, and tribal organizations. FPIC serves in an advisory role to address technical and operational wireless issues relative to interoperability within the public safety emergency communications community.
Read CISA’s blog and to learn more and access the Encryption in P25 Public Safety Land Mobile Radio Systems Guide and other FPIC products.
(Source: CISA)
The Cybersecurity and Infrastructure Security Agency (CISA) will hold its 2023 Hurricane Season Preparedness Webinar on Thursday, June 1, 2023, from 11:30 a.m. to 1 p.m. EDT via DHS Connect.
This webinar will cover CISA’s role and resources available to support hurricane preparedness and response activities associated with systems that make landfall on the continental U.S. or U.S. territories. It will also feature presentations from the National Oceanic and Atmospheric Administration’s (NOAA) Liaison to the National Operations Center and the Federal Emergency Management Agency’s (FEMA) National Business Emergency Operations Center.
There will be a short question-and-answer period following the presentations.
To learn more about this event and to share this information with colleagues who may be interested in attending, see CISA’s downloadable webinar flyer, which includes information on how to participate in the webinar and the complete agenda for the event.
(Source: CISA)
The National Homeland Security Association (NHSA) will hold its annual National Homeland Security Conference from Monday, July 4 through Thursday, July 27, 2023, in Chicago, Illinois, with an early bird registration deadline of June 1, 2023.
The National Homeland Security Conference provides a direct bridge to connect and share best practices among those charged with keeping our nation safe and to see the new equipment and technology available to support their mission.
Attendees of the National Homeland Security Conference typically include homeland security professionals; emergency managers and planners; public safety representatives from every response discipline; local, state, and federal government leaders from the largest metropolitan areas in the 50 states and U.S. territories; and subject matter experts from the private sector.
The 2023 conference agenda is now available. There is something for everyone at the conference. Highlights include:
- Keynote speakers from the Department of Energy’s (DOE) Idaho National Laboratory, the U.S. Fire Administration (USFA), and the Cybersecurity and Infrastructure Security Agency (CISA)
- Several tours, including the DOE’s Argonne National Laboratory in Darien, Illinois; Chicago’s Jardine Water Purification Plant from the City of Chicago’s Department of Water Management; Chicago Unition Station – Safety and Security; Cook County Department of Emergency Management and Regional Security; City of Chicago Critical Infrastructure Boat Tour aboard the Chicago Fire Department Air-Sea Rescue Marine Unit Engine 2; and more.
- Several seminars, workshops, panel discussions, and sessions covering topics such as all-hazards preparedness; counterterrorism; cybersecurity; enhancing information and intelligence sharing; grants and program management; planning; protecting critical infrastructure and communities; public health; and more.
Visit www.nationalhomelandsecurity.org to learn more and register.
(Source: NHSA)
|
|
US and international partners release advisory warning of PRC state-sponsored cyber activity
CISA, National Security Agency (NSA), and Federal Bureau of Investigation (FBI), along with the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), the Communications Security Establishment’s Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NCSC-NZ), and the United Kingdom National Cyber Security Centre (NCSC-UK) published a Joint Cybersecurity Advisory (CSA) on May 24.
The advisory shares technical details regarding malicious activity by a People’s Republic of China (PRC) state-sponsored cyber actor. This advisory provides the cybersecurity community and critical infrastructure organizations with new insights into the specific tactics, techniques, and procedures used by PRC cyber actors to gain and maintain persistent access into critical infrastructure networks.
CISA, NSA, FBI and international partners urge U.S. and allied governments, critical infrastructure, and private sector organizations to apply the recommended mitigations to strengthen their defenses and reduce threat of compromise from PRC state-sponsored malicious cyber actors. For more information on PRC cyber threat, visit China Cyber Threat Overview and Advisories.
(Source: CISA)
|
|
CISA, FBI, NSA, MS-ISAC publish updated #StopRansomware Guide
CISA, FBI, NSA, and Multi-State Information Sharing and Analysis Center (MS-ISAC) published the #StopRansomware Guide—an updated version of the 2020 guide containing additional recommended actions, resources, and tools on May 23.
This publication was produced through the Joint Ransomware Task Force (JRTF), an interagency body established by Congress in 2022 to ensure unity of effort in combating the threat of ransomware attacks.
The #StopRansomware Guide is a one-stop resource to help organizations reduce the risk of ransomware incidents through best practices to detect, prevent, respond, and recover, including step-by-step approaches to address potential attacks. The update incorporates lessons learned from the past two years, including recommendations for preventing common initial access techniques, such as compromised credentials/passwords and advanced forms of social engineering; recommendations to address cloud security backups; and threat hunting tips for detection and analysis.
(Source: CISA)
NIST: Recommendations for Federal Vulnerability Disclosure Guidelines
Receiving reports on suspected security vulnerabilities in information systems is one of the best ways for developers and services to become aware of issues. Formalizing actions to accept, assess, and manage vulnerability disclosure reports can help reduce known security vulnerabilities. This document recommends guidance for establishing a federal vulnerability disclosure framework, properly handling vulnerability reports, and communicating the mitigation and/or remediation of vulnerabilities. The framework allows for local resolution support while providing federal oversight and should be applied to all software, hardware, and digital services under federal control.
Access the final Recommendations for Federal Vulnerability Disclosure Guidelines from the National Institute of Standards and Technology’s (NIST) Computer Security Resource Center.
(Source: NIST)
MS-ISAC Guide to DDoS Attacks
A Denial of Service (DoS) attack is an attempt to overwhelm and render a system unavailable to intended user(s), such as preventing their access to a website. A successful DoS attack consumes all available network, application, or system resources, usually resulting in a network slowdown, application crash, or server crash. When multiple sources coordinate in a DoS attack, it is known as a Distributed Denial of Service (DDoS) attack.
In this guide, the Multi-State Information Sharing and Analysis Center (MS-ISAC) discusses the common methods and techniques which cyber threat actors (CTAs) use to generate an effective DDoS attack. The MS-ISAC also provides recommendations for defending against a DDoS attack.
(Source: MS-ISAC)
FCC Consumer Guide - Protecting Your Personal Data
Our mobile phones know a lot about us and the data generated by our devices is increasingly being used in unexpected ways. Geolocation and other data, such as who we call, is sensitive and personal. With data breaches increasing in frequency and severity, it's important to take steps to safeguard your data.
Federal Communications Commission (FCC) rules protect customer proprietary network information (CPNI) in the carriers' possession. This information includes: the location of an active mobile device; the phone numbers called by a consumer; the frequency, duration, and timing of such calls; and any services purchased by the consumer, such as call waiting.
Under the Telecommunications Act, carriers must protect the privacy and security of their customers' service-related and billing information, and may only use, disclose, or permit access to CPNI under these conditions:
- As required by law.
- With customer approval.
- While providing the service for which the customer information was obtained.
- When providing a 911 caller's location information to a 911 call center.
Read the full consumer guide, Protecting Your Personal Data, to learn steps you can take to protect your data and to access related guidance from the FCC.
(Source: FCC)
TikTok sues Montana over state's ban of app
TikTok sued Montana in federal court on Monday over a ban of the app enacted by the state last week.
The lawsuit, filed in U.S. District Court, alleges that the ban violates the First Amendment, arguing that the measure shuts down a "forum for speech for all speakers on the app," singling out TikTok users for "disfavored treatment." Among a host of other challenges, TikTok said the ban is preempted by federal law because it is attempting to address an issue rooted in national security that is handled by the U.S. government.
The Montana ban, the first measure of its kind in the U.S., does not prevent current users from accessing the app or penalize them for doing so. Instead, the ban targets the availability of the app by threatening entities such as TikTok, Google and Apple with a $10,000 fine for each day that the platform remains accessible in app stores for users in Montana.
(Source: ABC News)
|
|
The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures. |
|
Fair Use Notice: This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.
Linking Policy and Disclaimer of Endorsement: The appearance of external hyperlinks does not constitute endorsement of the linked websites, or the information, products or services contained therein. We provide these links and pointers solely for your information and convenience. When you select a link to an outside website, remember that you are subject to the privacy and security policies of the owners/sponsors of the outside website. To view information and resources on the policies that govern FEMA web content visit FEMA Website Information.
Section 504 Notice: Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.
|
|
|
|
|