|
Volume 23 — Issue 34 | August 24, 2023 |
|
|
The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) has released an Operational Field Assessment (OFA) of a gunshot detection system developed for first responders.
First used by the military to detect incoming fire, gunshot detection systems use multiple sensor units to detect and triangulate the precise location of firearm discharges.
Over the last decade, law enforcement agencies in many large- and medium-sized cities have implemented gunshot detection systems. Most agencies employ fixed systems, where the sensors are installed indoors or at fixed outdoor locations to provide gunshot detection over a large, pre-defined area (often many square miles) to an accuracy of within a few feet.
An October 2022 Department of Justice-funded report analyzed how agencies across the country are currently using gunshot detection systems. The report concluded that more research is still needed to show whether gunshot detection systems are effective at deterring gun violence or reducing crime, but that there are proven benefits of these systems for first responders. Benefits to responders include significant reductions in response times and better situational awareness.
Gunshot detection systems are typically integrated into computer-aided dispatch (CAD) systems, enabling real-time alerting. Since many gunshots are never reported to 911, this capability enables responders to immediately dispatch to the scene regardless of whether 911 was called. Some systems will bypass the 911 system entirely and provide alerts directly to officers. This reduces response times by several vital minutes, which gives responders a better chance at neutralizing the threat and reducing casualties.
Gunshot detection systems can also provide critical situational awareness information to first responders before arrival on scene, such as precise locations where gunshots were fired and whether multiple types of gunshots were detected, suggesting multiple shooters.
The gunshot detection system evaluated by S&T in the new OFA improves on the technology currently available on the market in several ways.
First, the system is designed to be portable. While there are portable systems currently on the market, S&T’s system prioritized the ease with which the technology could be installed, moved, and set up by responders without requiring more than two officers or technical expertise.
Second, most current systems use acoustic technology to detect the sound of gunshots, but this system uses both light and sound. The system can detect the unique flash of light produced when a bullet is fired. This added light detection makes the system more accurate than systems which rely on sound alone. It is less likely to generate false positives when it detects gun-like sounds such as a vehicle misfiring or fireworks.
Six law enforcement officers from Iowa, New Hampshire, and New York served as evaluators to test and provide feedback on the gunshot detection system. These officers set up the outdoor sensors, overlayed maps and sensors using the situational awareness software, observed gunshot detection notifications on a PC and mobile device, and participated in a debrief with S&T’s National Urban Security Technology Laboratory (NUSTL) to gather feedback.
S&T released a Tech Speak Minisode featuring interviews with the evaluators about their feedback on the system earlier this year. The full results of the operational field assessment are available in the report.
(Source: DHS S&T)
|
|
|
The Federal Emergency Management Agency (FEMA), in coordination with the Federal Communications Commission (FCC), will conduct a nationwide test of the Emergency Alert System (EAS) and Wireless Emergency Alerts (WEA) this fall.
The EAS and WEA tests are both scheduled to begin at approximately 2:20 p.m. EDT on Wednesday, Oct. 4, 2023. The back-up testing date will be Wednesday, Oct. 11.
The EAS portion of the test will be sent to radios and televisions. This year, the EAS message will be disseminated as a Common Alerting Protocol (CAP) message via the Integrated Public Alert and Warning System-Open Platform for Emergency Networks (IPAWS-OPEN). Earlier this year, the FCC updated its EAS rules to take advantage of the latest technologies in order to reach more people, particularly people with disabilities. The FCC believes that requiring greater use of Common Alerting Protocol-formatted alerts will result in more understandable and informative messages. Beginning in December 2023, broadcasters will be required to implement the new CAP alert polling and prioritization rules.
The WEA portion of the test will be administered via a code sent to cell phones. The test will be initiated using FEMA’s Integrated Public Alert and Warning System (IPAWS), a centralized internet-based system administered by FEMA that enables authorities to send authenticated emergency messages to the public through multiple communications networks. WEA alerts are created and sent by authorized federal, state, local, tribal and territorial government agencies through IPAWS to participating wireless providers, which deliver the alerts to compatible handsets in geo-targeted areas.
The Oct. 4 test will be the seventh nationwide test of the EAS, which was launched in 2011. It will be the third nationwide test of the WEA, which was launched in 2012. FEMA is required by law to test IPAWS at least every three years. The last nationwide test of the EAS and WEA was conducted in August 2021, and a report on the results of the 2021 test was published by the FCC in December 2021.
Information collected from this test will be used to improve EAS and WEA capabilities and testing procedures in the future.
See FEMA’s press release and the FCC’s Public Notice to learn more about what to expect from the two tests this year.
(Sources: FEMA, FCC, Radio World)
During their day-to-day work, first responders such as law enforcement officers, firefighters, and emergency medical services (EMS) providers often encounter people who use drugs, including alcohol, opioids, stimulants, and other substances.
These encounters provide opportunities to connect people to substance use services and ancillary supports. A growing number of approaches, programs, and resources are available to help first responders support people who use drugs so they can receive the assistance they may need.
Earlier this month, the Substance Use and Mental Health Services Administration (SAMHSA) published a guide, Connecting Communities to Substance Use Services - Practical Tools for First Responders.
The guide provides practical, evidenced-based information that first responder agencies, their partners, and communities can use to implement or expand practices and approaches for linking people to substance use services. It presents relevant strategies and public health approaches, resources and program models, potential challenges and other important factors to consider when implementing approaches to support people who use drugs.
This guide is part of SAMHSA’s Evidence-Based Resource Guide series. This guide and other guides in the series are accessible within SAMHSA’s Evidence-Based Practices Resource Center.
(Source: SAMHSA)
In recent years, there has been growing concern that many of the most likely terrorist threats will involve “agents of opportunity” or materials that are readily available in most communities around the country.
The American College of Medical Toxicology (ACMT), in partnership with the Region 4 Southern Regional Disaster Response System (SRDRS), is offering a free one-day course, Chemical Agents of Opportunity for Terrorism, covering the emergency medical response to exposures from toxic chemicals on Thursday, Aug. 30, 2023, from 8:45 a.m. to 4:50 p.m. EDT.
Chemical Agents of Opportunity for Terrorism is an awareness-level course addressing the medical and psychological impact of industrial chemicals used as terrorist weapons.
This course will be delivered as a live webcast. Several speakers will present on the medical and psychological consequences of exposures to a variety of chemical materials. The course will include practical information regarding scene safety for such agents as high potency fentanyl analogs and inhaled irritants.
The information presented will be of interest to state and local first responders, EMTs, paramedics, emergency nurses, emergency physicians, pharmacists, emergency response coordinators, public health officials, public health professionals, industrial hygienists and others involved with chemical terrorism preparedness and response.
The Office of Emergency Management, within the Agency for Toxic Substances and Disease Registry (ATSDR) and the National Center for Environmental Health (NCEH) at the Centers for Disease Control and Prevention (CDC), supported the delivery of this unique course to familiarize health care providers and responders with toxic exposures. Since 2005, ACMT has offered this course over 100 times to more than 10,000 attendees throughout the U.S. and internationally.
Visit ACMT’s course page to access the course agenda, speaker information, and to register.
(Source: ACMT)
|
|
CISA, NSA and NIST publish new resource for migrating to post-quantum cryptography
The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and National Institute of Standards and Technology (NIST) published a factsheet on Aug. 21, Quantum Readiness: Migration to Post-Quantum Cryptography (PQC), to inform organizations—especially those that support Critical Infrastructure—of the impacts of quantum capabilities, and to encourage the early planning for migration to post-quantum cryptographic standards by developing a Quantum-Readiness Roadmap.
Having a roadmap and inventory enables an organization to begin the quantum risk assessment processes and provides needed visibility of application and functional dependencies on public-key cryptography that exist within their operational environment.
The new resource will help organizations understand how to prepare a cryptographic inventory, engage with technology vendors, and assess their supply chain reliance on quantum-vulnerable cryptography in systems and assets. The factsheet also provides recommendations for technology vendors whose products support the use of quantum-vulnerable cryptography, including by reviewing the NIST-published draft PQC standards, ensuring products use post-quantum cryptographic algorithms, and preparing to quickly support forthcoming final NIST PQC standards.
For more information on CISA’s PQC efforts, visit Post-Quantum Cryptography Initiative; for NSA, visit Post-Quantum Cybersecurity Resources; for NIST, visit Post-Quantum Cryptography.
(Source: CISA)
|
|
NIST releases Cybersecurity Framework 2.0 draft, implementation examples and Reference Tool
NIST's Cybersecurity Framework 2.0 provides guidance to industry, government agencies, and other organizations to reduce cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization — regardless of its size, sector, or maturity — to better understand, assess, prioritize, and communicate its cybersecurity efforts. The Framework does not prescribe how outcomes should be achieved. Rather, it maps to resources that provide additional guidance on practices and controls that could be used to achieve those outcomes.
After reviewing more than a year’s worth of community feedback, NIST released a Draft of the NIST Cybersecurity Framework (CSF) 2.0 for public comment on Aug. 8. This draft represents a major update to the CSF—a resource first released in 2014. Along with the release, NIST provided a separate Discussion Draft of the Implementation Examples included in the CSF 2.0 Draft Core for public comment.
Public comments will be accepted on both of these drafts via cyberframework@nist.gov until Friday, November 4, 2023. Feedback will inform the development of the final CSF 2.0, which will be published in early 2024.
On Aug. 15, NIST released a new Cybersecurity Framework (CSF) 2.0 Reference Tool. NIST will continue to add additional features to the CSF 2.0 Reference Tool in the coming months. For example, Informative References will be added once CSF 2.0 is finalized in early 2024, which will help to show the connection between the CSF and other cybersecurity frameworks, standards, guidelines, and resources.
A hybrid Fall workshop will be held on September 19-20, 2023—and will include options for virtual and in-person attendance—at the NIST National Cybersecurity Center of Excellence. The workshop will serve as another opportunity for the public to provide feedback and comment.
(Source: NIST)
Two data breaches in Gadsden: Court system, EMS report that data may have been stolen
Law enforcement is investigating a data breach involving Gadsden County [Florida] court records.
A public notice from contractor EMS Management and Consultants Inc on behalf of Gadsden EMS said they learned that some patients’ information was included in a data breach that occurred in May and again in June. After an investigation "with the assistance of third-party cybersecurity specialists," the contractor, which handles billing services for Gadsden EMS, determined "an unknown actor" accessed information and "took certain data from the server." The stolen data may include name, date of transport, social security number, date of birth, encounter/transport number, billing codes and other patient information related to the ambulance transport.
It is not clear if the EMS breach is related to the Gadsden County Court cybersecurity breach.
(Source: Tallahassee Democrat via Yahoo! News)
'Play' ransomware group targeting managed service providers worldwide in new campaign
The fast-rising Play ransomware group that targeted the City of Oakland earlier this year is now hitting managed service providers (MSPs) around the globe in a cyberattack campaign to distribute ransomware to their downstream customers.
One troublesome aspect of the campaign is the threat actor's use of intermittent encryption — where only parts of a file are encrypted — to try and evade detection.
Play's targets appear to be midsized businesses in the finance, legal, software, shipping, law enforcement, and logistics sectors in the US, Australia, UK, Italy, and other countries, Adlumin said in a report this week. Researchers at Adlumin who are tracking the campaign as PlayCrypt say the attacker is also targeting state, local, and tribal entities in these countries as well.
(Source: Dark Reading)
The fallout from the MOVEit hack continues as more agencies announce breaches
It has been over two months since a Russian ransomware gang started exploiting flaws in the file transfer software MOVEit and attacked hundreds of government agencies, universities and corporations. The exploitation led to chaos as several states saw agency services knocked offline and their residents’ personal information like names, Social Security numbers and driver’s licenses exposed.
The damage has been vast. In the days following the cyberattacks, state and local agencies began notifying those affected by the breaches. In Louisiana and Oregon, more than 8 million residents’ personal DMV data was exposed. In California, the information of more than a quarter of a million retirees and beneficiaries was stolen from the state’s pension system. And just last week, Colorado and Missouri revealed breaches of their own. The Colorado Department of Health Care Policy & Financing said the data of more than 4 million patients had been exposed in the breach. The Missouri Department of Social Services did not specify how many residents could be impacted.
The issue of unsecure software is only likely to increase, especially as around a quarter of technology spending is done by departments whose primary focus is not on technology but other business processes. By utilizing software tools that help integrate multiple security products to provide a more holistic view of threats and an organization’s attack surface, agencies could begin to address vulnerabilities.
(Source: Route Fifty)
As NYC bans TikTok from city-owned devices, Seattle says it has no plans to do the same
States and cities continue to ban TikTok from government-owned devices. New York City became the latest to do so this week, issuing a directive that cited security concerns. For now, Seattle officials say they will continue using the platform.
There are growing worries in the U.S. about TikTok’s connections to Beijing, given that the app is owned by Chinese tech company ByteDance. More than 25 states have bans or partial bans in place to prevent government officials from using TikTok. The White House issued a ban directive to federal agencies earlier this year. Some colleges have banned TikTok from campus WiFi networks.
(Source: GeekWire)
|
|
The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures. |
|
|
Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.
Linking Policy and Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites, or the information, products or services contained therein. We provide these links and pointers solely for your information and convenience. When you select a link to an outside website, remember that you are subject to the privacy and security policies of the owners/sponsors of the outside website. To view information and resources on the policies that govern FEMA web content visit FEMA Website Information.
Section 504 Notice:
Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.
|
|
|
|
|
