|
Volume 23 — Issue 25 | June 22, 2023 |
|
|
On Tuesday, June 20, a fire at a first-floor e-bike repair shop in New York City spread to the apartments above. The Fire Department of the City of New York (FDNY) reported a total of nine victims in the early-morning fire. Four were killed, two are in critical condition, and a firefighter and EMT suffered minor injuries. The FDNY Commissioner reported the cause of the fire was lithium-ion batteries in the repair shop.
Last year, there were 220 fires in New York City started by lithium-ion batteries, with six deaths. So far this year they have caused 108 fires with 13 deaths.
Lithium-ion battery fires are such a pressing topic for today’s fire service that they were the theme of this year’s Firefighter Safety Stand Down, which took place this week.
In a June 15 podcast interview with the U.S. Fire Administration (USFA), the Chief of the FDNY discussed New York City's approach to mitigating the ongoing issue of residential building fires caused by lithium-ion batteries in micro-mobility devices. The FDNY has focused its fire safety education, investigations, and code enforcement efforts on the prevention of these fires. The FDNY Chief stressed during this interview that education and enforcement are not enough; part of the solution is new legislation at the state and federal level to ensure these high-energy consumer batteries meet safety standards and can be used safely.
The FDNY has been corresponding with the Consumer Product Safety Commission (CPSC) to form new regulations that will help to address the safety of these micro-mobility devices so that future fires can be prevented.
On June 6, the CPSC announced it will be holding a meeting to solicit public input on lithium-ion battery safety. The meeting will focus on fires occurring in e-bikes and other micro-mobility products. It will also consider fire risks that may arise in the future with the growing consumer market for products containing similar batteries.
The meeting will be held in a hybrid format on Thursday, July 27 at 10 a.m. EDT and will conclude on the same day.
During the meeting, the Commission hopes to gather information from experts in consumer battery safety and fire prevention about potential standards and designs for batteries, battery management systems, and consumer products that might limit the risk of thermal runaway and fire.
This meeting will be a valuable learning experience for anyone who wants to become more informed on the fire hazards of consumer lithium-ion batteries, particularly the larger batteries that are now widely used in e-bikes and electric scooters (sometimes called hoverboards). These larger consumer batteries are also increasingly seen in home power tools and equipment; lawn mowers; and battery backup or emergency power sources coupled with power inverters, often seen used with solar panels.
The physical location for the July 27 meeting will be CPSC’s headquarters in Bethesda, Maryland, but the meeting will also be accessible remotely to anyone who wishes to attend. All virtual attendees should register in advance via the Webex registration form for the event. Those who wish to be a panelist or who wish to present their input during the meeting, whether virtually or in person, must register in advance and submit their request by 5 p.m. EDT on Thursday, June 29, 2023.
CPSC will be accepting written comments through Monday, August 21, 2023. Instructions on how to attend this meeting and submit written comments are provided in the CPSC’s Federal Register notice.
(Sources: CPSC, USFA, CBS New York, SafetyStandDown.org)
|
|
|
Disaster and crisis situations frequently put responders in locations far from access to fuel resupply, or areas with limited fuel resources. The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) has been working on a project to address this capability gap for responders.
Earlier this month, S&T announced the completion of a series of tests and demonstrations for the H2@Rescue Emergency Relief Truck. This effort provides the homeland security and emergency management communities with a vision into what future technologies can provide.
The H2@Rescue Truck is a prototype hydrogen fuel cell/battery hybrid vehicle that can be driven to disaster recovery sites to provide on-site power for up to 72 hours without refueling.
The hydrogen fuel cell offers a practical fuel alternative to responders while operating in near silence without volatile exhaust. Hydrogen fuel cells have the potential to be a stable and easily transportable energy storage medium for use in disaster response operations. The fuel cells are both energy efficient and environmentally friendly, utilizing 80% of the created energy and producing only water and heat as the byproducts.
S&T, along with the Department of Energy, the U.S. Army Corps of Engineers, the Federal Emergency Management Agency, and Accelera by Cummins Inc. funded the design and creation of the emergency vehicle.
To learn more about this project, see S&T’s news release and its Hydrogen Fuel Cell-Powered Emergency Relief Truck Fact Sheet.
(Source: S&T)
The Federal Emergency Management Agency’s (FEMA’s) National Integration Center is seeking public feedback on the National Incident Management System (NIMS) Guideline for Mutual Aid. This national engagement period will conclude at 5 p.m. EDT on July 12, 2023.
NIMS is a key component of the national incident management capabilities and enables organizations from across the nation to work together during incidents of all kinds and sizes. Implementing NIMS nationwide is a fundamental part of building our national preparedness.
The NIMS Guideline for Mutual Aid supplements the Resource Management component of NIMS by providing guidance on different types of mutual aid agreements, the key elements of a mutual aid agreement and the key elements of mutual aid operational plans used for implementation.
National engagement provides an opportunity for interested parties to comment on the draft document, to ensure that it is relevant for all implementing partners.
Access the draft NIMS Guideline for Mutual Aid and Comment Matrix on FEMA’s website. To provide comments on the draft, complete the feedback form and submit the form to fema-nims@fema.dhs.gov no later than 5 p.m. EDT on July 12, 2023.
(Source: FEMA)
On June 15, the Journal of Emergency Medical Services (JEMS) hosted a webcast, EMS Command Challenges During Civil Unrest. The recording of this webcast is now available free on demand after completing a brief registration form.
The presenter will discuss challenges faced by emergency medical services (EMS) responding to civil unrest, who are often working in a command structure that does not favor the needs and challenges of EMS. The presenter will discuss steps that can be taken by EMS providers to ensure that EMS crews and responses are a priority during civil unrest incidents. Some of these steps include the forming of task forces and strike teams, the importance of local influence in response models, and resources for EMS while operating in the hot zone of civil unrest.
This webcast provides guidance that draws on the direct experiences of emergency medical services (EMS) supervisors and officers during civil unrest incidents in recent years. These incidents include:
This webcast is presented by the chief of the Florissant Valley, Missouri, Fire Protection District with 26 years of service. He is an advisory board member for FDIC and serves as a technical committee member for NFPA 1710.
Learn more and register to access the recording of this webinar on JEMS’ website.
(Source: JEMS)
|
|
New DOJ cyber prosecution team will go after nation-state threat actors
The DOJ has created a new National Security Cyber Section, also known as NatSec Cyber, to respond to increasing cybersecurity threats from nation-state actors.
The new NatSec Cyber division will work in coordination with the DOJ Criminal Division's Computer Crimes and Intellectual Property Section (CCIPS) and the FBI's Cyber Division, to quickly respond and prosecute cyberattacks from state-backed cybercriminals, according to the agency's announcement.
"NatSec Cyber will give us the horsepower and organizational structure we need to carry out key roles of the Department in this arena," Assistant Attorney General of the Justice Department's National Security Division said in a statement announcing the new team. "This new section will allow NSD to increase the scale and speed of disruption campaigns and prosecutions of nation-state threat actors, state-sponsored cybercriminals, associated money launderers, and other cyber-enabled threats to national security."
(Source: Dark Reading)
Russian national arrested and charged with conspiring to commit Lockbit ransomware attacks against US and foreign businesses
On June 15, the Department of Justice (DOJ) announced charges against a Russian national for his involvement in deploying numerous LockBit ransomware and other cyberattacks against victim computer systems in the United States, Asia, Europe, and Africa.
According to a criminal complaint obtained in the District of New Jersey, from at least as early as August 2020 to March 2023, the Russian national allegedly participated in a conspiracy with other members of the LockBit ransomware campaign to commit wire fraud and to intentionally damage protected computers and make ransom demands through the use and deployment of ransomware. Specifically, he directly executed at least five attacks against victim computer systems in the United States and abroad.
This announcement follows LockBit-related charges in two other cases from the District of New Jersey. In November 2022, the department announced criminal charges against a dual Russian and Canadian national, who is currently in custody in Canada awaiting extradition to the United States. In May 2023, the department announced the indictment of another Russian national for his alleged participation in separate conspiracies to deploy LockBit, Babuk, and Hive ransomware variants against victims in the United States and abroad.
(Source: DOJ)
|
|
More state governments report MOVEit vulnerability exposure
Government agencies in at least five states have reported a confirmed or potential exposure to a global cyberattack by a ransomware group exploiting a recently discovered vulnerability in the popular file-transfer platform MOVEit.
In the past week, agencies in Minnesota, Illinois, Missouri, Louisiana and Oregon have disclosed that their files were breached by the ransomware group Cl0p. Millions of people have had their personal data disclosed after malicious actors associated with the group accessed the data at the agencies, including at least two motor-vehicle departments.
The fallout has also extended to the federal government. On Thursday, U.S. cybersecurity officials confirmed that federal agencies, including two within the Department of Energy, are among the victims.
While federal officials did not conclusively pin the incidents at Energy on Cl0p, the group is the only known ransomware organization known to have exploited the MOVEit vulnerability. Cl0p actors previously set a June 14 deadline for victims to pay a ransom to avoid having their stolen files published, though to date, the group does not appear to have posted any government data on its extortion site.
Since June 1, numerous universities, government agencies and multinational corporations have confirmed their exposure to the MOVEit hack. Well-known victims include the University System of Georgia, British Airways and the oil and gas giant Shell.
(Source: StateScoop)
Critical flaw found in WordPress plugin for WooCommerce used by 30,000 websites
A critical security flaw has been disclosed in the WordPress "Abandoned Cart Lite for WooCommerce" plugin that's installed on more than 30,000 websites. Tracked as CVE-2023-2986, the shortcoming has been rated 9.8 out of 10 for severity on the CVSS scoring system. It impacts all versions of the plugin, including and prior to versions 5.14.2.
The problem, at its core, is a case of authentication bypass that arises as a result of insufficient encryption protections that are applied when customers are notified when they have abandoned their shopping carts on e-commerce sites without completing the purchase. Specifically, the encryption key is hard-coded in the plugin, thereby allowing malicious actors to login as a user with an abandoned cart.
The flaw, affecting versions 2.3.7 and earlier, has been addressed in version 2.3.8, which was released on June 13, 2023.
(Source: The Hacker News)
Enphase ignores CISA request to fix remotely exploitable flaws
An American energy technology company, Enphase builds and sells solar micro-inverters, charging stations, and other energy equipment, mainly focused on residential customers.
On Tuesday, June 20, CISA published two ICS advisories to warn of vulnerabilities in Enphase products that could lead to information leaks or command execution. Both are said to be remotely exploitable with low attack complexity.
After SecurityWeek published this story and contacted Enphase for comment, the company responded late Wednesday afternoon to say it has now been in touch with CISA.
(Source: SecurityWeek)
|
|
The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures. |
|
|
Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.
Linking Policy and Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites, or the information, products or services contained therein. We provide these links and pointers solely for your information and convenience. When you select a link to an outside website, remember that you are subject to the privacy and security policies of the owners/sponsors of the outside website. To view information and resources on the policies that govern FEMA web content visit FEMA Website Information.
Section 504 Notice:
Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.
|
|
|
|
|
