View as a webpage / Share

Volume 23 — Issue 27 | July 6, 2023

Week of Remembrance gives wildland firefighters a time to reflect on safety lessons and honor the fallen

The annual Week of Remembrance serves as a nationwide moment to reinforce our commitment to wildland firefighter safety and honor the fallen who have made the ultimate sacrifice. The week is led by the National Wildfire Coordinating Group’s (NWCG’s) Six Minutes for Safety Subcommittee and has been observed each year between June 30 and July 6 since 2014.

The 2023 Week of Remembrance is just wrapping up. This year’s theme is “A Time to Reflect.” Here are the key takeaways from the daily case studies and associated safety lessons that were covered this week.

Day 1: Yarnell Hill Fire 10-Year Anniversary. This lesson sets the stage for the week by illustrating how learning from past mistakes or tragedies can bring positive change. The lesson honors the 19 firefighters from the Granite Mountain Hotshot Crew who died in the Yarnell Hill Fire exactly 10 years ago on this day, June 30, 2013. The State of Arizona established a Yarnell Hill Fire staff ride in 2017. The ride helps firefighters visualize and reflect on what happened so they can effectively internalize the tactical and safety lessons from this incident. The lesson recommends attending a staff ride in your area, if possible. It suggests reviewing the Yarnell Hill Fire case study and briefing video to reflect on the circumstances of this incident and the lessons that led to improved firefighter safety.

Day 2: Stockyard Fire (Michigan) – July 1, 1988. This lesson discusses the importance of preparing for the unexpected, especially when it comes to rapid changes in fire behavior.

Day 3: Esperanza Fire (California) – October 26, 2006. This lesson illustrates that wildland firefighting is inherently dangerous, and risk can never be eliminated. It discusses the importance of evaluating risk tolerance with loved ones, preplanning for a line-of-duty death or a death notification, having a critical incident response plan, and creating a support network if needed.

Day 4: Dude Fire (Arizona) – June 26, 1990. This case study illustrates how environmental conditions led to fast and erratic fire spread while communication and coordination challenges led to confusion among crews and supervisors. The safety lesson emphasizes the importance of strategic risk assessments with “Lookouts, Communication, Escape Routes, and Safety Zones.”

Day 5: Loop Fire (California) – November 1, 1966. Following this incident, the Downhill Checklist was created and is still used today. Constructing a fireline moving uphill is the best practice; building a downhill fireline is hazardous and should only be attempted when there is no tactical alternative. This lesson stresses the importance of applying all knowledge of fire behavior and firefighting principles.

Day 6: Point Fire (Idaho) – July 28, 1995. This lesson discusses the importance of standardizing Preventative Maintenance checks and fostering a culture of reporting equipment issues so that equipment is always in serviceable condition.

Day 7: South Canyon Fire (Colorado) – July 6, 1994. This lesson recognizes the anniversary of the South Canyon Fire and the Fallen 14 who died on this day in 1994. The discussion focuses on ‘the anniversary effect’, how to handle grief, connect with others, seek help, and check in with friends, family, and co-workers who may be experiencing a loss. This year’s Week of Remembrance concludes with a reminder that “it takes all of us” to get through the tough days.

Each daily lesson is accompanied by many additional resources and reference materials. You can access all daily lessons from this year’s Week of Remembrance and all past years on NWCG’s website.

(Source: NWCG)

Highlights

Week of Remembrance gives wildland firefighters a time to reflect on safety lessons and honor the fallen

REMINDER: Complete the SAFECOM Nationwide Survey by July 21

Planning tools for protecting houses of worship from targeted violence

Webinar: Modernizing the U.S. Fire Data System - An Introduction to the National Emergency Response Information System (NERIS)

Cyber Threats

The U.S. Fire Administration operates the Emergency Management and Response – Information Sharing and Analysis Center (EMR-ISAC).

For information regarding the EMR-ISAC visit www.usfa.dhs.gov/emr-isac or contact the EMR-ISAC office at: (301) 447-1325 and/or fema-emr-isac@fema.dhs.gov.

REMINDER: Complete the SAFECOM Nationwide Survey by July 21

On June 1, the Cybersecurity and Infrastructure Security Agency (CISA) launched its SAFECOM Nationwide Survey (SNS) and a related blog.

SAFECOM, an advisory group of public safety and elected officials, in conjunction with CISA, administers the survey. The last survey was conducted in 2018, providing a national snapshot of the status of emergency response provider capabilities necessary for achieving operability, interoperability, and continuity of emergency communications.

However, the emergency communications environment is constantly evolving. Due to emerging technologies, new legislation, and new policies, Congress requires a periodic assessment of nationwide capabilities.

The 2023 SNS results will help government officials and emergency responders better understand emergency communications needs so they can shape policy and funding, tailor programs and services, and build knowledge and awareness of capabilities and gaps.

At the national level, the survey results will help SAFECOM form strategic priorities. Data collected through the SNS will be used by CISA to identify gaps and inform the Nationwide Communication Baseline Assessment. Additionally, the results will help CISA achieve the goals of the National Emergency Communications Plan, the nation’s roadmap to ensuring emergency communications interoperability at all levels of government.

For the data to be reliable, CISA needs widespread participation across the public safety community. Any organization charged with a public-safety related mission that uses emergency communications technology is encouraged to take the survey. This means law enforcement, 911, emergency medical services (EMS), fire, and emergency management agencies across various geographies and all levels of government are encouraged to participate in the survey.

The survey takes approximately 30 minutes to complete and is open through Friday, July 21, 2023.

To learn more about the survey and how to participate, visit cisa.gov/sns. For additional questions and feedback, please email sns@cisa.dhs.gov.

(Source: CISA)

Planning tools for protecting houses of worship from targeted violence

Faith-based communities must ensure the safety and security of houses of worship and related facilities while at the same time maintaining a welcoming environment for the communities they serve.

In May, CISA released a new resource for faith-based communities, Protecting Places of Worship: Six Steps to Enhance Security Against Targeted Violence.

This 2-page fact sheet outlines six steps that faith-based organizations and community leaders can take to increase their facility security and preparedness for an active shooter or other hostile event. The fact sheet also serves as a reference that links to numerous resources and programs across the Department of Homeland Security (DHS) and the Department of Justice (DOJ) tailored to faith-based organizations to help them report targeted violence, protect themselves and their facilities, obtain grant funding or technical assistance, and stay informed.

One of the six key steps in CISA’s fact sheet is “Develop and Practice a Plan.” An emergency action plan (EAP) documents the steps that personnel and volunteers will take to respond if an incident occurs. CISA links to an EAP template for an active shooter event in the fact sheet. Faith-based organizations can use this template to develop their own EAP.

Last week, the New Jersey Office of Homeland Security and Preparedness (NJOHSP) shared its own streamlined version of the EAP template for faith-based facilities, the Active Shooter and Hostile Event Emergency Action Plan template. The template includes sections covering all aspects of the facility relevant to physical security and evacuation; emergency contact information; emergency actions following the “Run-Hide-Fight” model; staging areas; communications plan and contacts; traffic management; facility manager responsibilities; and actions and points of contact for recovery after an incident.

NJOHSP’s EAP template is accompanied by an EAP Template Guide, which provides step-by-step guidance on how to fill out each section of the EAP, and assists faith-based facilities with submitting an EAP to law enforcement agencies. The reason for NJOHSP’s streamlined EAP template was new legislation in the state of New Jersey which now requires houses of worship within the state that can seat 500 or more persons to submit emergency plans to law enforcement agencies for purpose of preparing for mass casualty and active shooter events.

Even if your jurisdiction does not require your facility to submit an EAP to municipal law enforcement or emergency management, New Jersey’s EAP template and associated guide may serve as a comprehensive example for faith-based organizations to reference when developing their own plans and coordinating with local law enforcement.

Learn more about NJOHSP’s efforts and access its EAP template in its July 3 newsletter. Learn more about CISA’s efforts to support the safety and security of houses of worship and access the Protecting Places of Worship fact sheet on CISA’s website.

(Sources: CISA, NJOHSP)

Webinar: Modernizing the U.S. Fire Data System - An Introduction to the National Emergency Response Information System (NERIS)

On May 9, the U.S. Fire Administration (USFA) announced the launch of a modernization effort to develop a new, interoperable fire information and analytics platform, known as the National Emergency Response Information System (NERIS), for the American fire and emergency services.

NERIS will empower the fire and emergency services community by equipping them with an empirical basis for decision-making. It will provide the community with reliable predictive analytics to support enhanced preparedness and response to all-hazard incidents, wildland urban interface events, community risk reduction efforts, climate change threats and associated resilience and mitigation efforts, and future pandemic emergency response resource preparedness.

In collaboration with USFA, Underwriters Laboratories’ (UL’s) Fire Safety Research Institute (FSRI) will be developing NERIS, with support from the U.S. Department of Homeland Security's (DHS) Science and Technology Directorate (S&T).

The USFA, FSRI and S&T will be co-hosting a virtual discussion on NERIS on Thursday, July 13, 2023, at 12 p.m. EDT. The webinar will be an opportunity to hear first-hand from leaders about the vision, purpose, and impact of the new NERIS.

The discussion will provide information about the NERIS platform itself, the new data standard on which it will be based, and the approach to development, along with key milestones and timing. There will be a live question-and-answer session following the discussion.

Learn more and register for the July 13 webinar on FSRI’s website.

(Sources: USFA, FSRI, S&T)

Cyber Incident Assistance

MS-ISAC
SOC@cisecurity.org
1-866-787-4722

IdentityTheft.gov

IC3

Cybercrime Support Network

General Information

StopRansomware.gov

CISA's Known Exploited Vulnerabilities Catalog

FTC scam list

CISA alerts

Law Enforcement Cyber Center

TLP Information

2023 CWE Top 25 Most Dangerous Software Weaknesses

The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2023 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses. The CWE Top 25 is calculated by analyzing public vulnerability data in the National Vulnerability Data (NVD) for root cause mappings to CWE weaknesses for the previous two calendar years. These weaknesses lead to serious vulnerabilities in software. An attacker can often exploit these vulnerabilities to take control of an affected system, steal data, or prevent applications from working.

Over the coming weeks, the CWE program will be publishing a series of further articles on the CWE Top 25 methodology, vulnerability mapping trends, and other useful information that help illustrate how vulnerability management plays an important role in Shifting the Balance of Cybersecurity Risk.

(Source: CISA)

Japan’s largest port stops operations after ransomware attack

The Port of Nagoya, the largest and busiest port in Japan, has been targeted in a ransomware attack that currently impacts the operation of container terminals.

The port accounts for roughly 10% of Japan's total trade volume. It operates 21 piers and 290 berths. It handles over two million containers and cargo tonnage of 165 million every year. The port is also used by the Toyota Motor Corporation, one of the world’s largest automakers, to export most of its cars. The port authority is working to restore the NUTS system by 6 PM today and plans to resume operations by 08:30 AM tomorrow.

Until then, all container loading and unloading operations at the terminals using trailers have been canceled, causing massive financial losses to the port and severe disruption to the circulation of goods to and from Japan.

(Source: Bleeping Computer)

Several US states investigating ‘SiegedSec’ hacking campaign

Officials in multiple states are investigating claims by a suspected politically motivated hacking group that websites connected to local governments were breached or defaced.

This week, the SiegedSec group took to Telegram to claim cyberattacks on five state-run websites:

• Nebraska Supreme Court intranet
• South Dakota Boards and Commissions
• Texas State BHEC Personal Information
• Pennsylvania Provider Self-Service
• South Carolina Criminal Justice Information Services (CJIS)

The group shared photos of the websites being defaced, as well as allegedly stolen data. No motive for the attacks was listed in the post but in previous attacks on government bodies in Texas, Kentucky and Arkansas, the group explicitly referenced political issues that prompted their attacks.

(Source: The Record)

Dallas to spend $4M on threat detection after ransomware attack

The Dallas City Council approved a contract Wednesday, June 26, to spend nearly $4 million on a network threat and anomaly system, almost two months after a ransomware incident knocked out services across the city.

Dallas officials have steadily been repairing the damage of the May 3 ransomware attack, which resulted in the shutting down of online payments, municipal court scheduling and several systems related to public-safety, including computer-aided dispatching for the city’s police and fire departments. A police evidence system was also briefly impacted, which slowed down some investigations, including one related to a mass shooting in nearby Allen, Texas.

(Source: StateScoop)

Twitter applies reading limit after users report issues with platform

Twitter has applied temporary reading limits to address “extreme levels” of data scraping and system manipulation, Elon Musk said in a post on the social media platform on Saturday.

Previously, Twitter had announced that it will require users to have an account on the social media platform to view tweets, a move that Musk on Friday called a “temporary emergency measure”. Musk had said that hundreds of organizations were scraping Twitter data “extremely aggressively”, affecting user experience. He had earlier expressed displeasure with artificial intelligence firms like OpenAI, the owner of ChatGPT, for using Twitter’s data to train their large language models.

(Source: The Guardian)

OpenAI lawsuit reignites privacy debate over data scraping

The lawsuit filed this week in California against OpenAI, the artificial intelligence (AI) company behind the wildly popular ChatGPT app, is rekindling a decade-old debate about the legal and ethical concerns about tech companies scraping as much information as possible about everything — and everyone — on the web.

As the lawsuit notes, AI companies deploy data scraping technology at a massive scale. The race between every major tech company and a growing pack of startups to develop new AI technologies, experts say, has also accelerated not just the scale of web scraping but the potential harms that come with it. Experts note that while web scraping can have benefits to society, such as business transparency and academic research, it can also come with harms, such as cybersecurity risks and scammers harvesting sensitive information for fraud.

(Source: CyberScoop)

The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures.

Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.

Linking Policy and Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites, or the information, products or services contained therein. We provide these links and pointers solely for your information and convenience. When you select a link to an outside website, remember that you are subject to the privacy and security policies of the owners/sponsors of the outside website. To view information and resources on the policies that govern FEMA web content visit FEMA Website Information.

Section 504 Notice:
Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.