View as a webpage / Share

Volume 23 — Issue 38 | September 21, 2023

NIOSH safety and health advisory for response to chemical suicide incidents

Chemical suicides involve the use of lethal toxic gases generated by intentionally mixing common household chemicals in a confined space such as a car, bathroom, or closet. The most common toxic gases produced in chemical suicide incidents are hydrogen sulfide, hydrogen cyanide, and carbon monoxide.

First responders need to understand the potential incident health and safety hazards associated with response to a chemical suicide. They also need to know the personal protective equipment (PPE) and PPE support tools recommended for response.

To address this need, the National Institute for Occupational Safety and Health (NIOSH) and the Pennsylvania Association of Hazardous Materials Technicians (PAHMT) have co-authored a safety and health advisory for first responders, Personal Protective Equipment Recommendations for Response to Chemical Suicide Incidents. This advisory provides PPE recommendations for first responders to minimize the likelihood of responder exposures, injuries, and fatalities during chemical suicide incidents.

To support the PPE recommendations, the advisory also provides response recommendations that will help agencies with planning and training for chemical suicide incidents. This additional guidance covers:

• The potential incident health and safety hazards associated with response to chemical suicides.
• The IDLH environment at a chemical suicide incident and who should be permitted to enter.
• The relevant national guidance and standards supporting the PPE recommendations.
• Other considerations for an effective and safe response, including recommendations for decontamination, clean-up operations, and training.

Agencies can use this resource to review or update their standard operating procedures and training. Access the safety and health advisory, Personal Protective Equipment Recommendations for Response to Chemical Suicide Incidents, on the NIOSH website.

(Sources: NIOSH, PAHMT)

Highlights

NIOSH safety and health advisory for response to chemical suicide incidents

IACP guidance for first responders on missing children with autism spectrum disorder

Insider Threat Awareness Month: Bystander Engagement

Virtual event: FEMA’s third annual IPAWS Users Conference, Sept. 27

Cyber Threats

The U.S. Fire Administration operates the Emergency Management and Response – Information Sharing and Analysis Center (EMR-ISAC).

For information regarding the EMR-ISAC visit www.usfa.dhs.gov/emr-isac or contact the EMR-ISAC office at: (301) 447-1325 and/or fema-emr-isac@fema.dhs.gov.

IACP guidance for first responders on missing children with autism spectrum disorder

Research suggests nearly half of children with autism spectrum disorder (ASD) go missing - a rate nearly four times higher than other children. Research has also indicated that children with ASD will often seek bodies of water, such as streams, ponds, lakes, rivers, creeks, storm-water retention basins, or swimming pools when they go missing.

Tragically, the National Center for Missing & Exploited Children® (NCMEC) and other research entities report a high mortality rate associated with missing children with ASD. Because of the high mortality rate, NCMEC recommends that law enforcement treat incidents where children on the autism spectrum go missing as critical incidents requiring an elevated response.

Finding and safely recovering a missing child on the autism spectrum can present unique challenges for families, caregivers, first responders, and search teams.

The International Association of Chiefs of Police (IACP) recently released several publications offering guidance for caregivers, law enforcement and other first responders in the event a child on the autism spectrum goes missing:

• Understanding Children on the Autism Spectrum: A Guide for First Responders
• Children on the Autism Spectrum: Search Protocols and Questionnaire for First Responders
• Tips for Caregivers Supporting Children on the Autism Spectrum

The Guide for First Responders provides recommendations for how law enforcement and other first responders can best support these children, based on what NCMEC has learned about autism spectrum disorder. The Search Protocols and Questionnaire for First Responders provides initial response guidance, considerations for search and rescue, recovery and reunification guidance, and a model questionnaire that first responders can use to gather information from families and caregivers in the event a child on the autism spectrum goes missing. Tips for Caregivers offers a comprehensive set of preparedness and response actions for parents and caregivers. It emphasizes the importance of proactively establishing a relationship with local law enforcement so that law enforcement knows the child and is familiar with the child’s needs.

This family of publications was created as part of the IACP’s Home Safe project, in partnership with NCMEC and The Arc, and with support from the Bureau of Justice Assistance (BJA). The publications can be used by all first responders for training or updating standard operating procedures, guidelines, and plans related to response to these incidents.

You can access these three publications within the BJA’s publications library.

(Sources: IACP, BJA, NCMEC, The Arc)

Insider Threat Awareness Month: Bystander Engagement

This September is the fifth annual National Insider Threat Awareness Month (NITAM) and this year’s theme is “bystander engagement.” An engaged bystander is aware of concerning behaviors that may indicate an insider threat and knows how to act on those concerns.

This month-long awareness campaign has its origins in a need to safeguard the security of the United States from insiders who have access to classified information. These insiders could be “insider threats” if they were to use their authorized access to classified information, either maliciously or unintentionally, to harm the country.

In October 2011, Executive Order (E.O.) 13587 directed federal departments and agencies with access to classified information to establish insider threat detection and prevention programs. In 2019, the Office of the Director of National Intelligence’s (ODNI’s) National Counterintelligence and Security Center (NCSC) and National Insider Threat Task Force partnered with the Department of Defense’s Defense Counterintelligence and Security Agency (DCSA) and Office of the Under Secretary of Defense for Intelligence and Security to establish National Insider Threat Awareness Month. Today, the campaign is led by DCSA’s Center for Development of Security Excellence (CDSE).

While the original audience for insider threat programs was the federal and national defense workforce, this audience has since expanded significantly. The Cybersecurity and Infrastructure Security Agency (CISA) recognizes that insider threats present a complex and dynamic risk within all critical infrastructure sectors.

Insider threats manifest in various ways: violence, espionage, sabotage, theft, and cyber acts. CISA defines a holistic insider threat mitigation program as one that combines physical security, personnel awareness, and information-centric principles.

As one of the 16 critical infrastructure sectors, the Emergency Services Sector (ESS) can benefit from maintaining insider threat awareness among its members. While many federal agencies and the military are focused on mitigating threats such as espionage or terrorism, the ESS may be more concerned with how insider threats could impact ESS vulnerabilities, such as an emergency services agency’s physical security, emergency communications, cybersecurity, or by threatening the safety of emergency services personnel.

CISA maintains a resource collection, Insider Threat Mitigation Resources and Tools, with guidance on assessing your organization’s readiness for potential insider threat incidents; identifying indicators of insider threats; establishing mechanisms for engaged bystanders to report potential threats, indicators, or concerns to a responsible party; and more.

Visit the CDSE’s NITAM website for official NITAM campaign materials and training resources. Visit CISA’s Insider Threat Mitigation website for additional educational materials.

(Sources: NCSC, CDSE, CISA)

Virtual event: FEMA’s third annual IPAWS Users Conference, Sept. 27

The Federal Emergency Management Agency’s (FEMA) will hold its third annual IPAWS Users Conference on Wednesday, Sept. 27, 2023, from 10 a.m. to 2:05 p.m. EDT.

The Integrated Public Alert & Warning System (IPAWS) is FEMA's national system for local alerting that provides authenticated emergency and life-saving information to the public through mobile phones using Wireless Emergency Alerts, to radio and television via the Emergency Alert System, and on the National Oceanic and Atmospheric Administration's Weather Radio.

In June 2023, FEMA released its IPAWS Best Practices guide, providing the latest guidance for jurisdictions that are IPAWS Alerting Authorities on how to use IPAWS for timely and effective alerts, warnings, and notifications to the public.

This free, virtual event is an opportunity for individual Alerting Administrators and Alert Originators to learn about how to create effective alerts and become a confident IPAWS user. Public safety officers, public information officers, vendors and developers will also benefit from the opportunity to update and refresh their knowledge.

During the event, participants will:

• Learn about the new Alerting on Behalf and Alert Escalation Process.
• Prepare for the coming National Periodic Test (WEA & EAS).
• See how the Message Design Dashboard helps you compose better alerts.
• Learn to use the IPAWS User Portal - your online IPAWS data record.
• Find out about future certifications of Alerting Authorities and Alerting Software Vendors.

Learn more about the event, access the full agenda, and register on FEMA’s website.

(Source: FEMA)

Cyber Incident Assistance

MS-ISAC
SOC@cisecurity.org
1-866-787-4722

IdentityTheft.gov

IC3

Cybercrime Support Network

General Information

StopRansomware.gov

CISA's Known Exploited Vulnerabilities Catalog

FTC scam list

CISA alerts

Law Enforcement Cyber Center

TLP Information

DHS issues recommendations to harmonize cyber incident reporting for critical infrastructure entities

On Sept. 19, the Department of Homeland Security (DHS) outlined a series of actionable recommendations on how the federal government can streamline and harmonize the reporting of cyber incidents to better protect the nation’s critical infrastructure.

The recommendations, delivered to Congress in a report, are a requirement of the landmark Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). Key recommendations include establishing model definitions, timelines, and triggers for reportable cyber incidents; creating a model cyber incident reporting form that federal agencies can adopt; and streamlining the reporting and sharing of information about cyber incidents, including the assessment of a potential single reporting web portal.

The report’s recommendations will inform CISA’s ongoing rulemaking process to implement landmark cyber incident reporting requirements applicable to covered critical infrastructure entities, as mandated under CIRCIA.

(Source: DHS)

FBI and CISA release advisory on Snatch ransomware

On Sept. 20, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released joint Cybersecurity Advisory (CSA) #StopRansomware: Snatch Ransomware, which provides indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with the Snatch ransomware variant. FBI investigations identified these IOCs and TTPs as recently as June 1, 2023.

Snatch threat actors operate a ransomware-as-a-service (RaaS) model and change their tactics according to current cybercriminal trends and successes of other ransomware operations.

(Source: CISA)

Albert Network Monitoring: Guarding state, local governments

With cyberattacks on the rise, Albert Network Monitoring stands apart as effective network protection tailormade for state and local government organizations. Why is network protection so critical for public sector organizations? Quite simply, these institutions house troves of precious personal data of the citizens who depend on their services. Think of the DMV, public hospitals, and public schools. Each of these institutions have experienced attacks by cyber threat actors intent on stealing your personal information and holding it for ransom for large sums of money – often in excess of $1 million. Between 2022 and 2023, ransomware against state and local governments increased by 51%, according to the Multi-State Information Sharing and Analysis Center (MS-ISAC). Effective network defense is critical to preventing such attacks.

(Source: Center for Internet Security)

DHS: Ransomware attackers headed for second most profitable year

Ransomware attackers remain a major threat to the United States and are on pace to have their second most profitable year ever, the Department of Homeland Security said in an annual report.

The findings were part of the department’s 2024 Homeland Threat Assessment report released last week, which outlined a range of issues related to foreign and domestic terrorism, illegal drugs, misinformation, transnational crime and activity by the governments of Russia, China and Iran.

The report — which DHS officials said will now “serve as the primary mechanism for sharing the terrorism threat level” — dedicated an entire section to cyber threats and ransomware due to the increasing toll they take on U.S. hospitals, schools and businesses.

(Source: The Record)

NIST: De-Identifying Government Datasets: Techniques and Governance

On Sept. 14, the National Institute of Standards and Technology (NIST) published Special Publication (SP) 800-188, De-Identifying Government Datasets: Techniques and Governance.

De-identification removes identifying information from a data set so that the remaining data cannot be linked to specific individuals. Government agencies can use de-identification to reduce the privacy risks associated with collecting, processing, archiving, distributing, or publishing government data. Previously, NIST published NIST Internal Report (IR) 8053, De-Identification of Personal Information, which provided a survey of de-identification and re-identification techniques. SP 800-188 provides specific guidance to government agencies that wish to use de-identification.

This final document was authored by experts at NIST and the U.S. Census Bureau and references up-to-date research and practices for both traditional de-identification approaches as well as the use of formal privacy methods, such as differential privacy to create de-identified datasets. This document also addresses other approaches for making datasets that contain sensitive information available to researchers and for public transparency. Where appropriate, this document cautions users about the inherent limitations of traditional de-identification approaches when compared to formal privacy methods, such as differential privacy.

(Source: NIST)

Caesars reportedly paid millions to stop hackers releasing its data

Caesars Entertainment reportedly paid "tens of millions of dollars" to hackers who threatened to release company data, Bloomberg has reported. The attack was reportedly perpetrated by a group called Scattered Spider (aka UNC 3944), a group skilled at using social engineering to bypass corporate network security.

Scattered Spider has reportedly been activate since May of 2022, and has largely attacked telecom and business outsourcing organizations, according to Trellix. The group is known to impersonate IT personnel and uses social engineering to persuade company officials to rum remote monitoring and other tools.

The group has been implicated in the MGM Resorts cyber outage as well, though another ransomware group called ALPHV/BlackCat also took credit. ALPHV also claims to have used social engineering to get inside, saying it took just a ten minute conversation to gain access. MGM has reportedly declined to pay the demanded ransom.

(Source: Engadget)

The InfoGram is distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures.

Fair Use Notice:
This InfoGram may contain copyrighted material that was not specifically authorized by the copyright owner. The EMR-ISAC believes this constitutes “fair use” of copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use copyrighted material contained within this document for your own purposes that go beyond “fair use,” you must obtain permission from the copyright owner.

Linking Policy and Disclaimer of Endorsement:
The appearance of external hyperlinks does not constitute endorsement of the linked websites, or the information, products or services contained therein. We provide these links and pointers solely for your information and convenience. When you select a link to an outside website, remember that you are subject to the privacy and security policies of the owners/sponsors of the outside website. To view information and resources on the policies that govern FEMA web content visit FEMA Website Information.

Section 504 Notice:
Section 504 of the Rehabilitation Act requires that FEMA grantees provide access to information for people with disabilities. If you need assistance accessing information or have any concerns about access, please contact FEMAWebTeam@fema.dhs.gov.