|
Volume 23 — Issue 24 | June 15, 2023 |
|
|
Wildland firefighters rely on escape routes and safety zones so they are prepared to act quickly if a wildfire suddenly changes direction or speed, or if any situation arises during wildland firefighting operations where there is danger of entrapment.
Although wildland firefighters are trained to view escape as the first priority and deployment of a fire shelter only as a last resort, the fire shelter is still a critical piece of lifesaving equipment. Since their initial development and first use in 1977, fire shelters have saved many firefighters’ lives when they became entrapped by wildfire. These shelters have also provided added protection against falling embers, thick smoke, and heat while escaping from a fire.
The National Wildfire Coordinating Group (NWCG) has just updated its Standards for M-2002 Fire Shelters, PMS 411. This new version has been retitled and is no longer available as a PDF. It is now an interactive web portal. Much of the content remains unchanged from the previous version. The portal contains 10 sections, each explaining a different part of the fire shelter, training for its use, and the use of the fire shelter on the fireline.
The NWCG encourages new and experienced firefighters to use the new PMS 411 web portal as part of a comprehensive fire shelter training program that includes facilitated discussions and hands-on training. No one who is required to carry a fire shelter should go on the fireline without reading, understanding, and practicing the recommendations provided on this site.
The PMS 411 web portal is available on NWCG’s website. Please contact the NWCG’s Fire Shelter and Personal Protective Equipment Subcommittee with any questions.
(Source: NWCG)
|
|
|
The Office of Justice Programs’ Bureau of Justice Assistance (BJA) is now accepting nominations for the 2023 Public Safety Medal of Valor.
Every day, public safety officers risk their lives to protect America’s citizens and communities. To honor that commitment, Congress passed the Public Safety Officer Medal of Valor Act of 2001. This Act created the highest national award for valor that can be received by a public safety officer.
Each year, the Public Safety Officer Medal of Valor is awarded by the President or Vice President of the United States to a public safety officer who has exhibited exceptional courage, extraordinary decisiveness and presence of mind, and unusual swiftness of action, regardless of his or her own personal safety, in the attempt to save or protect human life.
For the purpose of this award, a public safety officer is defined as a person serving a public agency, with or without compensation, as a firefighter, law enforcement officer, or other emergency services officer. The term “law enforcement officer” includes a person who is a corrections or court officer or a civil defense officer.
This past May, the Medals of Valor for 2021-2022 were awarded during a ceremony at the White House to nine public safety officers. These included five police officers, one sheriff's deputy and three firefighters. Two of the awardees were police officers who lost their lives as they sought to protect a mother and son from an armed man threatening violence, placing themselves between the assailant and occupants of the home. These two fallen officers were honored at the beginning of this year’s ceremony. To learn more about the 2021-2022 awardees, see the video of this year’s ceremony and additional media coverage of the event.
You can learn more about this award, recipients from past years, members of the review board, and how to submit a nomination on BJA’s Public Safety Officer Medal of Valor page.
If you know of a public safety officer who meets these criteria, please consider submitting a nomination for the 2022-2023 Medal of Valor by July 31, 2023.
(Sources: BJA, CBS News)
Hazard mitigation plans are blueprints to build resilient communities. In addition, a mitigation plan approved by the Federal Emergency Management Agency (FEMA) is a condition for receiving certain types of non-emergency disaster assistance, including funding for mitigation projects.
On April 19, 2022, FEMA released an updated State Mitigation Planning Policy Guide and Local Mitigation Planning Policy Guide for hazard mitigation planning. A Spanish translation of the Local Guide was also released in April 2022. See FEMA’s Mitigation Planning Policy Updates page for an overview of the policy updates.
These updated policies are the official interpretation of the mitigation planning requirements in the Robert T. Stafford Disaster Relief and Emergency Assistance Act (Stafford Act), as amended and other federal statutes as well as in federal regulations, specifically Title 44 CFR Part 201- Mitigation Planning.
The updated state and local policies went into effect for all state and local hazard mitigation plan approvals on April 19, 2023. FEMA plans to update the Tribal Mitigation Plan Review Guide later this year. FEMA has released the following new or updated guidance for state, local, tribal, and territorial (SLTT) agencies to address these hazard mitigation planning policy updates.
Guidance for States and Territories
Guidance for Local Governments
- FEMA released the Local Mitigation Planning Handbook in May 2023. This 253-page handbook is a plain-language tool to help local governments as they develop or update a hazard mitigation plan. The Handbook is a companion to the April 2022 Local Mitigation Planning Policy Guide.
Guidance for Tribes
- FEMA is hosting a webinar, Introduction to Tribal Mitigation Planning, on June 28 from 2-3 p.m. EDT (11 a.m. – noon PDT, 10- 11 a.m. AKDT). This webinar is for tribal government officials, planners, and anyone involved in tribal mitigation planning. This webinar will give an overview of hazard mitigation planning and will serve as a primer for engagement with tribal nations related to the anticipated update to the Tribal Mitigation Plan Review Guide later this year.
Upcoming Webinars and Training
- FEMA’s National Hazard Mitigation Planning Program is hosting a webinar series called “From Policy to Action.” The first webinar in the series, Planning for Climate Resilient Communities, will take place on Wednesday, June 28 from 1-2 p.m. EDT. Sign up for email updates to receive notifications when upcoming webinars are announced.
- The American Planning Association’s Planning Information Exchange is hosting a three-part webinar series called “Multi-Hazard Mitigation for All.” The first webinar in the series, “The Only Constant is Change: Hazard Mitigation Updates,” took place on May 18. This webinar was recorded and will be available soon. Check back with the Planning Information Exchange to register for the next two webinars in the series when they are announced and to view webinar recordings when they become available.
- FEMA’s Emergency Management Institute (EMI) is in the process of updating the core training materials for state and local mitigation planning to align these courses with the updated policy information.
See FEMA’s Hazard Mitigation Planning page to learn more and access these guidance documents. Email fema-mitigation-planning@fema.dhs.gov with any questions.
(Source: FEMA)
The Public Safety Threat Alliance (PSTA), an information sharing and analysis organization (ISAO) established by Motorola Solutions and recognized by the Cybersecurity and Infrastructure Security Agency (CISA), is hosting a webinar on Thursday, June 22 at 12 p.m. CST entitled Cybersecurity Best Practices for Public Safety.
The PSTA and subject matter experts from CISA will discuss how to implement cybersecurity best practices to protect public safety networks and data to support the advancement of cybersecurity across the public safety community.
Participants will learn:
- Why the increased interdependencies between technologies and emergency services in smart cities are introducing new cyber risks.
- How to create resilience through defense in depth while accounting for both physical and cyber threats.
- How to reduce risk by implementing threat-informed Cybersecurity Performance Goals (CPGs) as a minimum set of practices.
- How the CPGs can help your agency meet the goals and objectives of the State and Local Cybersecurity Grant Program (SLCGP).
Motorola Solutions’ PSTA was launched in October 2022 as a critical cyber information and intelligence sharing hub focused on cyber threats to public safety, including threats to critical communications platforms such as land mobile radio (LMR), 911 call handling, computer-aided dispatch (CAD), and law enforcement systems and networks. The PSTA collects cyber threat information from law enforcement, private sector and other sources and fuses it into a coherent threat picture for PSTA members, providing public safety-focused actionable intelligence.
Membership in the PSTA is free for all public safety agencies. Visit motorolasolutions.com/psta to learn more and request membership for your organization.
Membership in the PSTA is not required to attend this webinar; it is free and open to anyone interested. Learn more and register here.
(Source: PSTA)
|
|
CISA issues Binding Operational Directive 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces
On June 13, CISA issued Binding Operational Directive (BOD) 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces, requiring Federal Civilian Executive Branch (FCEB) agencies to reduce risks posed by internet-exposed networked management interfaces on federal information systems. This Directive applies to dedicated device interfaces that are accessible over network protocols and are meant exclusively for authorized users to perform administrative activities on a device, a group of devices, or the network itself.
Agencies must be prepared to remove identified networked management interfaces from exposure to the internet, or protect them with Zero-Trust capabilities that implement a policy enforcement point separate from the interface itself. CISA will monitor and support agency adherence, providing additional resources as needed. FCEB agencies should contact CISA at cyberdirectives@cisa.dhs.gov for additional information.
While BOD 23-02 strictly applies to FCEB agencies, this threat extends to every sector. CISA recommends all stakeholders review and adopt this guidance.
(Source: CISA)
CISA and partners release joint advisory on Understanding Ransomware Threat Actors: LockBit
On June 14, CISA, the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and international partners released Understanding Ransomware Threat Actors: LockBit, a joint Cybersecurity Advisory (CSA) to help organizations understand and defend against threat actors using LockBit, the most globally used and prolific Ransomware-as-a-Service (RaaS) in 2022 and 2023. This guide is a comprehensive resource detailing the observed common vulnerabilities and exposures (CVEs) exploited, as well as the tools, and tactics, techniques, and procedures (TTPs) used by LockBit affiliates. Additionally, it includes recommended mitigations to help reduce the likelihood and impact of future ransomware incidents.
LockBit has been successful through its innovation and continual development of the group’s administrative panel (i.e., a simplified, point-and-click interface making ransomware deployment accessible to those with lower degrees of technical skill), affiliate supporting functions, and constant revision of TTPs.
CISA and the authoring agencies of this joint CSA encourage the implementation of recommendations provided.
(Source: CISA)
|
|
CISA and NSA release joint guidance on hardening Baseboard Management Controllers (BMCs)
On June 14, CISA, together with the National Security Agency (NSA), released a Cybersecurity Information Sheet (CSI), highlighting threats to Baseboard Management Controller (BMC) implementations and detailing actions organizations can use to harden them.
BMCs are trusted components designed into a computer's hardware that operate separately from the operating system (OS) and firmware to allow for remote management and control, even when the system is shut down. Hardened credentials, firmware updates, and network segmentation options are often overlooked, leading to a vulnerable BMC. A vulnerable BMC broadens the attack vector by providing malicious actors the opportunity to employ tactics such as establishing a beachhead with pre-boot execution potential.
(Source: CISA)
Report details three top cyber threats for public sector
The latest Verizon Data Breach Investigations Report has found that social engineering ploys, systems intrusions and lost devices are among the top causes of cyber breaches in the public sector.
The report, released this week, examined cyber incidents impacting public and private organizations in 81 countries, with findings that reflect events from November 2021 through late October 2022. It noted that social engineering is becoming more sophisticated across countries and also that the threat of ransomware is holding steady. Public-sector entities also faced off against system intrusions, lost employee devices and bad actors tricking employees — which together were responsible for 76 percent of this sector’s breaches.
The report included data from federal, state and local government agencies, including public safety. Last year, public administration entities faced 3,273 incidents, which Verizon defines as “a security event that compromises the integrity, confidentiality or availability of an information asset.” Of those, 584 developed into full breaches, where data was disclosed.
(Source: Government Technology)
New research shows potential of electromagnetic fault injection attacks against drones
New research shows the potential of electromagnetic fault injection (EMFI) attacks against unmanned aerial vehicles, with experts showing how drones that don’t have any known vulnerabilities could be hacked.
The research was conducted by IOActive, a company specializing in cybersecurity research and assessments. The security firm previously found vulnerabilities affecting cars, ships, Boeing and other airplanes, industrial control systems, communication protocols, and operating systems.
The research is ongoing, but initial results show that EMFI techniques can be efficient for black-box hacking, where the attacker does not have internal knowledge of the targeted system.
(Source: Security Week)
An Illinois hospital is the first health care facility to link its closing to a ransomware attack
A ransomware attack hit SMP Health in 2021 and halted the hospital’s ability to submit claims to insurers, Medicare or Medicaid for months, sending it into a financial spiral.
St. Margaret’s Health in Spring Valley will close Friday, June 16. The chair of SMP Health, the hospital’s parent organization, said last month that the hospital was planning to close this year, “due to a number of factors, such as the Covid-19 pandemic, the cyberattack on the computer system of St. Margaret’s Health, and a shortage of staff, it has become impossible to sustain our ministry.”
Experts who track cyberattacks on health care said they believed Spring Valley is the first hospital to cite a cyberattack as a reason it closed. Spring Valley’s mayor said the hospital’s closing means some residents will have to travel around half an hour for emergency room services and obstetrics services.
(Source: NBC News)
|
|
The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures. |
|
|
Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.
Linking Policy and Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites, or the information, products or services contained therein. We provide these links and pointers solely for your information and convenience. When you select a link to an outside website, remember that you are subject to the privacy and security policies of the owners/sponsors of the outside website. To view information and resources on the policies that govern FEMA web content visit FEMA Website Information.
Section 504 Notice:
Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.
|
|
|
|
|
